Skip to main content

Configure Health Connect Cloud Productions

Interoperability productions enable you to connect other systems to Health Connect Cloud so that you can transform and route messages between them. Generally speaking, productions consist of three types of business hosts:

  • Business Services — Business services have inbound adapters that accept incoming messages from an external system.

  • Business Processes — Business processes take messages from a business service and process them (for example, transforming them from one format to another) and then pass them to a business operation.

  • Business Operations — Business operations have outbound adapters that send outgoing messages to an external system.

In Health Connect Cloud, you can create a new production on the Productions page and then configure it in the Management Portal, by going to Interoperability > Configure > Production.

For general information on productions, see Introduction to Interoperability ProductionsOpens in a new tab.

For guidelines on how to configure Health Connect Cloud productions in some common specific scenarios, see the following sections.

Configure a Production to Use SFTP

Create Authorization Credentials

Before configuring a production to use SFTP, create the authorization credentials that will be used in your productions. This task creates SFTP passphrase credentials that correspond to the file transfer user you created for your tenant on the Files page of the Cloud Services Portal.

  1. In the Health Connect Cloud Management Portal, select Interoperability > Configure > Credentials.

  2. In the right panel of the Credentials Viewer page, enter an ID that will be used in your production configuration.

  3. Enter the User Name of the file transfer user from your tenant’s Files page.

  4. Click Save.

Configure a Production to Use SFTP

After you have set up SFTP for your tenant on the Files page of the Cloud Services Portal, you can configure a production to ingest files from a folder in your S3 bucket or output files to a folder in your S3 bucket. A business service can watch an input folder for incoming files, such as HL7 or X12 messages, and pass them to a business process for transformation or other processing. A business process can also pass outgoing files to a business operation, which can in turn deposit them in an output folder.

This section applies to business services (inbound adapters) and business operations (outbound adapters) that are of Input Type or Output Type FTP.

  1. In the Management Portal, select Interoperability > Configure > Production.

  2. Select your business service or business operation.

  3. Click the Settings tab.

  4. Configure the Basic Settings and SFTP Settings, as described below.

  5. Click Apply when you are done to save your settings.

Basic Settings Section

  • File Path — Enter a file path, as listed in the Paths column for your file transfer user on your tenant’s Files page.

  • FTP Server — Enter the server listed on your tenant’s Files page under SFTP Connection Instructions.

    The server will look something like: s-abc.server.transfer.us-east-1.amazonaws.com.

  • FTP Port — Type the port number 22.

SFTP Section

  • SFTP Authentication Methods — Type the letter k, indicating that the adapter will use public/private key authentication.

  • SFTP Public Key File — Enter the path to the public key file on your server, for example, /connect/ftp/xyz-sftp-public-key.txt, where xyz is the name of your file transfer user.

  • SFTP Private Key File — Enter the path to the private key file on your server, for example, /connect/ftp/xyz-sftp-private-key.txt, where xyz is the name of your file transfer user.

  • SFTP Passphrase Credentials — Select the credentials you created in Create Authorization Credentials.

See Upload SFTP Keys to Server for information on uploading public and private key files.

Configure a Production to Use a Firewall Rule

This section describes the settings required to configure a business service to use a firewall rule that you have defined on the Firewall page of your deployment.

  1. In the Management Portal, select Interoperability > Configure > Production.

  2. Select your business service.

  3. Click the Settings tab.

  4. Configure the Basic Settings and Connection Settings, as described below.

  5. Click Apply when you are done to save your settings.

Basic Settings Section

  • IP Port — Enter a port within the port range of your firewall rule.

Connection Settings Section

  • SSL Configuration — Enter an SSL/TLS configuration to be used to secure traffic when using an external firewall rule.

    For business services, select a server SSL/TLS configuration.

  • Local Interface — Use <IP Address> (IPv4 eth0) for private firewall rules. Use <IP Address> (IPv4 eth1) for external firewall rules. This binds the IP Port to the correct Local Interface.

    Make sure <IP Address> is within the CIDR block allowed by your firewall rule.

    For private firewall rules, if you see multiple choices matching the pattern <IP Address> (IPv4 eth0), select the one with 254 in the last octet of the IP address.

    Note:

    If you see an error similar to ERROR #5002: ObjectScript error: <PROTECT>zGetInterfacesInfo+2^%SYSTEM.INetInfo.1 in the Local Interface field, contact usOpens in a new tab for assistance.

Connect to the Business Service

To connect to a business service from the external system, use the IP Port you specified in the business service settings. Connect to the Virtual IP Address listed on the Overview page if using a private firewall rule. Connect to the External IP listed on the Overview page if using an external firewall rule.

To quickly test connectivity from the other system to a business service, use the command nc -vv <Health Connect Cloud IP address> <port number> on Linux or tnc <Health Connect Cloud IP address> -Port <port number> on Windows.

The following examples show how to test connectivity to the Virtual IP Address 192.168.22.254 over the private network on port 5000.

Linux

nc -vv 192.168.22.254 5000
Connection to 192.168.22.254 5000 port [tcp/*] succeeded!

Windows:

tnc 192.168.22.254 -Port 5000


ComputerName     : 192.168.22.254
RemoteAddress    : 192.168.22.254
RemotePort       : 5000
InterfaceAlias   : Ethernet 2
SourceAddress    : <Source IP address>
TcpTestSucceeded : True

Configure a Production to Use SSL

This section describes how to configure a business service or business operation to use an SSL/TLS Configuration that you have defined on the SSL/TLS Configurations page of your deployment.

  1. In the Management Portal, select Interoperability > Configure > Production.

  2. Select your business service or business operation.

  3. Click the Settings tab.

  4. In the Connection Settings section, in the SSL Configuration field, select an SSL/TLS configuration.

    For business services, select a server SSL/TLS configuration.

    For business operations, select a client SSL/TLS configuration.

  5. Click Apply when you are done to save your settings.

Configure a Production to Send SSL Certificate Expiration Alerts

If you want to receive an alert when an SSL certificate is near its expiration date, you can configure the ZMSP.HCC.CertCheckService business service to send email notifications a specified number of days before the certificate expires. The business service can be configured once and used to monitor all SSL configurations on a system or it can be configured individually for each production. To configure the business service for a production:

  1. Configure alert processing for your production. For example, you can use a simple email alert processor.

  2. Add the ZSMP.HCC.CertCheckService business service to your production.

  3. Configure the Scope setting for the new business service. You can set it to:

    • Server — the business service will check all enabled SSL configurations available on a system.

    • Namespace — the business service will only collect active values for the SSLConfig parameter in the currently running production.

  4. Configure the ExpiryDays setting. This setting determines the number of days before a certificate’s expiration date that the alert should be triggered. The alert will continue to be triggered each time the business service is run until the certificate is updated. This setting must be between 7 and 30.

  5. Set CallInterval to the frequency (in seconds) that the service should be called. For example, set it to 86400, so that the business service will run daily.

FeedbackOpens in a new tab