How to manage multiple customers with Orthanc

Hi all,

we are just starting the evaluation of Orthanc Server as a solution for viewing DICOM images in our application.
We currently have this scenario: many different customers have different instances of our own application and they all want to view DICOM images.
We integrate OHIF viewer together with Orthanc API in our codebase, so each application is able to view DICOM images and anonymize them.

Our issue now is: how could we separate different images for different customers (i.e. allowing each customer to only work on its own images).
Do we need multiple different instances of Orthanc running (one instance per customer) or there are best practices for sharing single instance between different customers?
I read that we can secure Orthanc (creating ACLs that allow different rights to different users) but I don’t understand if it is possible to let each user access his own uploaded files.

Can you give me some hints?

Thanks a lot.

Stefano

Hello,

The best architecture depends on your commercial application. A professional assistance could help you in this choice:
https://book.orthanc-server.com/users/support.html#finding-professional-assistance

It is certainly possible to deploy one Orthanc per customer, and this is probably the most natural solution.

However, you could as well decide to build an higher-level application on the top of the REST API of one single instance of Orthanc if you want to centralize all the DICOM instances inside one single database. It would be up to this higher-level application to manage whether one particular customer can access one particular study or patient.

The topic of ACL (access-control lists) is discussed in the Orthanc Book:
https://book.orthanc-server.com/users/lua.html#filtering-incoming-rest-requests
https://book.orthanc-server.com/plugins/python.html#python-authorization

https://book.orthanc-server.com/plugins/authorization.html

Sébastien-

Ok, thanks a lot for your support and quick answer.

If I understand correctly, installing multiple Orthanc services on a single Windows machine it’s not easy at the moment… do you know if there’s some kind of defined procedure/ set of steps to follow?
Can you confirm that having multiple instances on a Linux machine is a much simpler task?

Thanks a lot for your time.

Stefano

You can run multiple instances of Orthanc on the same computer as easily on Microsoft Windows and on GNU/Linux.

Just set different TCP ports, different AET and different index/storage directories for the multiple Orthanc in their associated configuration files:
https://book.orthanc-server.com/users/configuration.html

In both case, the difficulty lies in the installation of multiple services (Windows Services, or systemd/init.d on GNU/Linux) that are responsible for the automated starting/shutdown of each Orthanc server. It is up to your dev/ops teams to deal with it. Orchestration technologies such as Kubernetes are precisely designed for such scenarios (which implies using GNU/Linux).

Sébastien-

There are third party solutions built on top of Orthanc that allow doing what you are looking to do with a single instance of Orthanc. My company is a provider of one such solution. www.ethosmed.com

Hi Stefano,

Don’t hesitate to contact Osimis (osimis.io) if you decide to go for the higher-level application on the top of the REST API of one single instance of Orthanc. Indeed, they have such a product on the shelf and knowing them very well, I’m sure they will give you some very good advice :wink:

strongly, strongly recommend containers

and deploy on either virtual computers, e.g. AWS EC2, Azure VMs, GCP Computeor serverless, e.g. AWS Fargate, Azure Container Instances, Google Cloud Run