Configure HealthShare Health Connect Cloud Productions
Interoperability productions enable you to connect other systems to Health Connect Cloud so that you can transform and route messages between them. Generally speaking, productions consist of three types of business hosts:
-
Business Services — Business services have inbound adapters that accept incoming messages from an external system.
-
Business Processes — Business processes take messages from a business service and process them (for example, transforming them from one format to another) and then pass them to a business operation.
-
Business Operations — Business operations have outbound adapters that send outgoing messages to an external system.
In Health Connect Cloud, you can create a new production on the Productions page and then configure it in the Management Portal, by going to Interoperability > Configure > Production.
For general information on productions, see Introduction to Interoperability ProductionsOpens in a new tab.
For guidelines on how to configure Health Connect Cloud productions in some common specific scenarios, see the following sections.
Configure a Production to Use SFTP
Create Authorization Credentials
Before configuring a production to use SFTP, create the authorization credentials that will be used in your productions. This task creates SFTP passphrase credentials that correspond to the file transfer user you created for your tenant on the Files pageOpens in a new tab of the Cloud Services Portal.
-
In the Health Connect Cloud Management Portal, select Interoperability > Configure > Credentials.
-
In the right panel of the Credentials Viewer page, enter an ID that will be used in your production configuration.
-
Enter the User Name of the file transfer user from your tenant’s Files page.
-
Click Save.
Configure a Production to Use SFTP
After you have set up SFTP for your tenant on the Files pageOpens in a new tab of the Cloud Services Portal, you can configure a production to ingest files from a folder in your S3 bucket or output files to a folder in your S3 bucket. A business service can watch an input folder for incoming files, such as HL7 or X12 messages, and pass them to a business process for transformation or other processing. A business process can also pass outgoing files to a business operation, which can in turn deposit them in an output folder.
This section applies to business services (inbound adapters) and business operations (outbound adapters) that are of Input Type or Output Type FTP.
-
In the Management Portal, select Interoperability > Configure > Production.
-
Select your business service or business operation.
-
Click the Settings tab.
-
Configure the Basic Settings and SFTP Settings, as described below.
-
Click Apply when you are done to save your settings.
Basic Settings Section
-
File Path — Enter a file path, as listed in the Paths column for your file transfer user on your tenant’s Files page.
-
FTP Server — Enter the server listed on your tenant’s Files page under SFTP Connection Instructions.
The server will look something like: s-abc.server.transfer.us-east-1.amazonaws.com.
-
FTP Port — Type the port number 22.
SFTP Section
-
SFTP Authentication Methods — Type the letter k, indicating that the adapter will use public/private key authentication.
-
SFTP Public Key File — Enter the path to the public key file on your server, for example, /connect/ftp/xyz-sftp-public-key.txt, where xyz is the name of your file transfer user.
-
SFTP Private Key File — Enter the path to the private key file on your server, for example, /connect/ftp/xyz-sftp-private-key.txt, where xyz is the name of your file transfer user.
-
SFTP Passphrase Credentials — Select the credentials you created in Create Authorization Credentials.
See Upload SFTP Keys to ServerOpens in a new tab for information on uploading public and private key files.
Configure a Production to Use a Firewall Rule
This section describes the settings required to configure a business service to use a firewall rule that you have defined on the Firewall page of your deployment.
-
In the Management Portal, select Interoperability > Configure > Production.
-
Select your business service.
-
Click the Settings tab.
-
Configure the Basic Settings and Connection Settings, as described below.
-
Click Apply when you are done to save your settings.
Basic Settings Section
-
IP Port — Enter a port within the port range of your firewall rule.
Connection Settings Section
-
SSL Configuration — Enter an SSL/TLS configuration to be used to secure traffic when using an external firewall rule.
For business services, select a server SSL/TLS configuration.
-
Local Interface — Leave blank.
The IP Port is bound to the correct Local Interface automatically.
Connect to the Business Service
To connect to a business service from the external system, use the IP Port you specified in the business service settings. Connect to the Virtual IP Address listed on the Overview page if using a private firewall rule. Connect to the External IP listed on the Overview page if using an external firewall rule.
To quickly test connectivity from the other system to a business service, use the command nc -vv <Health Connect Cloud IP address> <port number> on Linux or tnc <Health Connect Cloud IP address> -Port <port number> on Windows.
The following examples show how to test connectivity to the Virtual IP Address 192.168.22.254 over the private network on port 5000.
Linux
nc -vv 192.168.22.254 5000
Connection to 192.168.22.254 5000 port [tcp/*] succeeded!
Windows:
tnc 192.168.22.254 -Port 5000
ComputerName : 192.168.22.254
RemoteAddress : 192.168.22.254
RemotePort : 5000
InterfaceAlias : Ethernet 2
SourceAddress : <Source IP address>
TcpTestSucceeded : True
Configure a Production to Use SSL
This section describes how to configure a business service or business operation to use an SSL/TLS Configuration that you have defined on the SSL/TLS Configurations page of your deployment.
-
In the Management Portal, select Interoperability > Configure > Production.
-
Select your business service or business operation.
-
Click the Settings tab.
-
In the Connection Settings section, in the SSL Configuration field, select an SSL/TLS configuration.
For business services, select a server SSL/TLS configuration.
For business operations, select a client SSL/TLS configuration.
-
Click Apply when you are done to save your settings.
Configure a Production to Send SSL Certificate Expiration Alerts
If you want to receive an alert when an SSL certificate is near its expiration date, you can configure the ZMSP.HCC.CertCheckService business service to send email notifications a specified number of days before the certificate expires. The business service can be configured once and used to monitor all SSL configurations on a system or it can be configured individually for each production. To configure the business service for a production:
-
Configure alert processingOpens in a new tab for your production. For example, you can use a simple email alert processorOpens in a new tab.
-
Add the ZSMP.HCC.CertCheckService business service to your production.
-
Configure the Scope setting for the new business service. You can set it to:
-
Server — the business service will check all enabled SSL configurations available on a system.
-
Namespace — the business service will only collect active values for the SSLConfig parameter in the currently running production.
-
-
Configure the ExpiryDays setting. This setting determines the number of days before a certificate’s expiration date that the alert should be triggered. The alert will continue to be triggered each time the business service is run until the certificate is updated. This setting must be between 7 and 30.
-
Set CallInterval to the frequency (in seconds) that the service should be called. For example, set it to 86400, so that the business service will run daily.