A peek into the existing quality control labs shows that analytical systems are usually configured such that data storage, measurements, and system maintenance are all carried out with the help of a local PC. This PC might be linked to an LIMS or ERP system for sending results to central decision points. However, based on the complexity of the analytical technique adopted, (several) highly trained users are needed for configuration and maintenance (Figure 1).
Figure 1. Overview of know-how needed to maintain and operate analytical instruments for quality control in a laboratory environment.
This is also true for visible near-infrared (Vis-NIR) spectroscopy systems where users who create prediction models and libraries may be different from users performing routine analysis. Due to its simplicity, routine analysis using Vis-NIR spectroscopy can be conducted by untrained users; however, prediction model and library development necessitate special training.
Yet, it is not necessary that the latter must be performed on the local PC, but can be accomplished more safely and efficiently with the help of a client-server setup. Moreover, such a setup decreases costs, specifically when used for outsourcing more challenging tasks.
Basics of a Client-Server System
Prior to an in-depth analysis, the most fundamental setup for a client-server system in a quality control environment is illustrated in Figure 2
Figure 2. General setup of a client-server system for quality control. The setup consists of three elements: server client, routine client, and server database.
As depicted in Figure 2, the objective of the server client is to configure and specify the access rights of the routine client. As it is, the routine client is used for measurements and instrument calibrations. The server database functions as a central storage for all data and settings.
In accordance with this general layout, three distinct scenarios (Figure 3) are outlined below. For each scenario, the benefits over a non-client-server setup (Figure 1) are detailed.
Figure 3. Client-server setups described in this article. Setup I and II differ in the number of clients. Setup III differs in the installation location of the individual elements of a typical client-server setup.
Setup 1: Single Client
The single client-server setup provides the possibility to enhance productivity using convenient monitoring of instrument performance and easy access to analytical results without hindering the routine analysis operations. Permanent, not locally restricted, monitoring of analytical and instrumental performance offers peace of mind and makes proactive maintenance simple to prevent downtimes, thus enabling cost savings.
Figure 4. Simple client-server setup with only one spectrometer system offering significant advantages over a local installation.
Such a setup is illustrated by Figure 4 in more detail, where data collected at the time of routine analysis in the laboratory (routine-client) are automatically stored on the server database. Although database access is regulated it is flexible (for example, from the office) and allows convenient creation and update of prediction models/libraries with the help of the Server Client.
Furthermore, the server-client user can monitor the system fitness, and in an ideal scenario, the client-server software automatically warns about potential errors or problems. In addition, it would be possible to regulate data access in a more efficient manner using a single centralized database.
Apart from enhancing operational security, data security is optimized when a client-server system is used. This arises as a result of the presence of a server database that acts as an automatic backup drive, which prevents data loss during a total breakdown of the local operating system and also allows operation to be quickly resumed.
Advantages in a nutshell
- Simultaneous data access
- Convenient monitoring of instrument and analytical performance
- No interference with routine operation
Setup 2: Multiple Clients
One more advantage becomes apparent when a number of installations are maintained in a client-server network rather than a standalone setup. As it is possible to execute changes for multiple instruments in just a single step, redundant actions are considerably reduced. In addition to the probability for more efficient instrument maintenance, human errors are reduced due to simplified workflows. The process of a prediction model update for multiple instruments is excellently illustrated in Figure 5.
Figure 5. Update of multiple instruments in a single step using a client-server setup.
Advantages in a nutshell
- Reduction of redundant steps
- Convenient monitoring of multiple instruments
- Easy update of multiple instruments in a single step
Setup 3: Outsourcing
Another advantageous feature of the client-server system is the possibility to outsource complicated tasks. For users who are specifically interested in the optimized data security aspects of a client-server setup, it is possible to outsource only the IT infrastructure. In this case, suppliers who offer the IT infrastructure have no access to the collected data. For customers who opt for more extended support, it is possible to outsource both prediction model development and instrument health monitoring. A full care service offer from Metrohm is depicted in Figure 6.
Figure 6. Full care service reducing the total workload of customers.
Advantages in a nutshell
- Optimized use of human resources
- Simplified service
- Improved prediction model
Boundary Conditions Client-Server
It is essential to consider different data security aspects to implement the outsourcing scenario setup 3. Moreover, it is necessary for the associated partner to ensure that the confidentiality of all client data is guaranteed at all times. An example is detailed below based on Metrohm’s approach with Metrohm’s client-server software Vision Air.
Generally, a statement of confidentiality must be available to gain a common understanding in relation to data handling. For instance, Metrohm does not disclose or reveal information (spectral data, sample data, processes, trade or service mark, methods, know-how, and other proprietary information) received by it or accessed by it through the Vision Air client-server solution to any third party. Moreover, it does make use of that information other than for offering support to the customer.
Apart from this common agreement between involved parties, it is essential for the communicated data to be defined and to establish security measurements that restrict external access.
Data Communication and External Access
Data transferred between a Vision Air client and a Vision Air server are measurements (spectra, results, and reference values), events (user authentication, instrument events) and instrument health information (diagnostic test, low flux test, photometric tests).
The entire connection and communication between the server/server-clients (Vision Air Manager Network) and the clients (Vision Air Routine) are encrypted. Keys and certificates are embedded into the application and communication between the server (Vision Air Manager Network) and the clients (Vision Air Routine) takes place in accordance with the Windows Communication Foundation (WCF) encrypted with AES-256 and signed using an SSL Certificate. This technology is applied in an analogous manner for https and is considered to be totally safe.
Figure 7. Schematic representation of data security achieved by the Metrohm Client-Server solution: (a) Process for request of data transfer between client and server. (b) Data transfer client to server and encryption process. Both processes (a) and (b) take place in the same way for data transfer server to client.
Advantages in a nutshell
- Fast and easy data transfer
- Secured data transfer
Security Data Manipulation
Each of the system configurations developed in Vision Air Manager and uploaded to individual Vision Air Routine clients is signed with an individual code, thus assuring non-modification and authenticity. Even the results collected using Vision Air Routine are signed and the result gets highlighted as soon as it is successfully transferred to the database. There will be a loss of signature if both configurations developed by the Vision Air Manager and results collected in Vision Air Routine are manipulated.
Server Access
Apart from software-related security aspects, it is necessary to also address hardware-related aspects to maintain data integrity and data security. For instance, the single-point access to the Metrohm server room is limited to authenticated staff and secured using video cameras that monitor room access.
Automatic backup, safety personnel, and 24/7 surveillance are added measures to guarantee customer data security. Power failure can be compensated for by additional power sources that are available. Access to Vision Air Manager Network and any data stored on those servers is restricted to the IT team from Metrohm and particular members of the Competence Center spectroscopy.
Every day servers are backed up once and data is retained for 28 days. Routine tests of all backup systems are performed to guarantee data recoverability.
Offline Mode and Data Recovery
Last but not least, it is very important that routine analysis stays feasible in the event of loss of network connectivity or a break-down of both client and server.
Vision Air Routine’s integrated offline mode allows measurements even if there is an interruption in Internet connection. The collected data is stored not only in the local database but also in the Metrohm Server database, where the customer is free to specify which data is uploaded to the Metrohm Server:
- There is no impact of the interruption in network connectivity between the client (Vision Air Routine) and the server (Vision Air Manager Network) on the local operation of the NIR instrument, and measurement can proceed unaffectedly with the current configuration data. Potential new configuration data prepared on the server waits for the download until network connectivity is re-established.
- There is no effect of a server breakdown on the local operation of the NIR instrument, and measurement can proceed unaffectedly with the current configuration data. The server is restored based on the disaster recovery plan. New data to be uploaded to the server is locally cached and uploaded as soon as network connectivity is re-established.
- In the event of a client breakdown where it is not possible to locally store the backups, the connection with the server will enable downloading of the latest configuration. Therefore, measurements can still be carried out.
Summary
This article highlights the capability of a client-server system, demonstrating the possibility to minimize costs while enhancing data security. Simultaneous operation and access to data while stored in a secured database are the basis for this capability. Moreover, it is possible to ensure consistent and faster updates of multiple instruments in a single workflow.
This article also described the security aspects of such a client-server system when critical tasks are outsourced, offering the potential to simplify operation and enhance productivity. This is especially true for NIR spectroscopy, where support for prediction model or library development is commonplace. Lastly, security implementation prerequisites for a service-oriented client-server setup are outlined based on Metrohm’s client-server spectroscopy software Vision Air.
This information has been sourced, reviewed and adapted from materials provided by Metrohm AG.
For more information on this source, please visit Metrohm AG.