Skip to main content

InterSystems Health Connect Cloud Reference Information

This section describes how to perform various activities that are part of the day-to-day operations of Health Connect Cloud, organized by page. Use the links in the Deployments section of the main menu in the Cloud Services Portal to navigate from page to page.

For a high-level overview of setting up Health Connect Cloud, see Introducing InterSystems Health Connect Cloud.

Note:

Some of the functionality described in this section may not be available to all users, depending on their role on the development team. For more information, see Tenants PageOpens in a new tab.

Overview Page

The Overview page contains several sections, which may or may not appear based on your configuration.

Deployment Details

In the Deployment Details section of the Overview page for your deployment, you can view the details of your deployment, including:

  • Deployment size

  • Number of cores

  • Amount of RAM

  • Creation and expiration dates

  • Deployment ID

  • Cloud provider and region

  • Service Level and Service Level Urgency

  • High Availability State

  • Underlying InterSystems IRIS platform and version

Health Connect® Cloud Details

The Health Connect® Cloud Details section of the Overview page displays the directory name to be used by Interoperability Productions Opens in a new tab that need to store files on the file system. If you have a High Availability configuration, files in this directory are copied automatically from the primary mirror member to the backup mirror member.

This section also displays the CIDR block for the private network used for this deployment, as well as the Virtual IP address of the deployment. This CIDR block defines the range of IP addresses used for the internal Health Connect Cloud components. The Virtual IP address is a static address within the CIDR block that you use to communicate with this Health Connect Cloud deployment. If you have a High Availability configuration, this Virtual IP address will continue to work no matter which mirror member is the primary member.

High Availability

If you have a High Availability configuration, the High Availability section of the Overview page displays whether or not your mirror is healthy, shows you the current state of each mirror member, and identifies which mirror member is the primary member and which mirror member is the backup member.

System Management Page

From the System Management page for your deployment, you can launch the Health Connect System Management Portal, which allows you to create and manage Interoperability Productions Opens in a new tab to connect systems that use different communication protocols and message formats. Use a username and password that you or a team member has created on the Connect Users page.

If you deployed a Message Bank server while deploying Health Connect Cloud, you can also launch its Management Portal using the same username and password.

If you do not see a production or Message Bank you recently created, you might need to log out of the Management Portal and log back in.

For complete information on using the System Management Portal, see the Health Connect documentation setOpens in a new tab. For information on the Message Bank feature, see Message Bank OverviewOpens in a new tab. Note that some Health Connect and Message Bank functionality is not available to Health Connect Cloud users, as these aspects of the service are managed for you by InterSystems.

Connect Users Page

You should create user accounts on the Connect Users page for anyone who needs to log into the System Management Portal. A list of existing users appears at the top of the page. The same username and password also can be used to access the Message Bank Management Portal, if you have deployed one. The System Management Portal and the Message Bank Management Portal can be launched from the System Management page.

To create a user :

  1. On the Connect Users page for your deployment, click Create User.

  2. On the Create User dialog, type a Username and Email, and click Create.

    The user now appears in the list of users. However the user must create a permanent password to be able to log in to the System Management Portal or the Message Bank Management Portal, as described in the following steps.

  3. Have the user check their email account for a temporary password. (The trailing period is not part of the password.)

  4. Have the user click the Password Management Page link, and log in with the username and temporary password.

  5. When prompted to change their password, the user should type a permanent password, confirm the password, and click Send.

    The user is redirected to the System Management Portal.

  6. Make sure the user can log in to the System Management Portal with their username and permanent password.

If you ever need to reset a user’s password, click the Password Management Page link, and then click Forgot Your Password? A reset password message will be sent to the user’s email address.

To remove a user’s access at any point, click the Delete User icon in the Actions column for that user.

Productions Page

The Productions page allows you to see all of the interoperability productions you have created and their current Production State (for example, Stopped or Running). In general terms, a production accepts messages from one or more external systems, transforms or processes the messages as required, and then sends them to one or more other external systems.

You can also use the Productions page to:

For general information on productions, see Introduction to Interoperability ProductionsOpens in a new tab. For configuration information specifically relevant to Health Connect Cloud productions, see Configure Health Connect Cloud Productions.

Create a Production

When you create an interoperability production, the Cloud Services Portal also creates a namespaceOpens in a new tab for the production, which includes a database for the code and data for that production. After creating a production, you can configure and manageOpens in a new tab it using the Management Portal. For information on launching the Management Portal, see System Management.

A Health Connect Cloud deployment also includes a namespace called REPO, which can be used to store code that is shared between all of your productions. If you need to create custom code and make it automatically available to all productions, add the code to the HCC packageOpens in a new tab in the REPO namespace. In InterSystems terminology, the code in the REPO namespace is mapped to each production namespaceOpens in a new tab by means of a concept known as a %ALL namespace. Custom code is not necessarily required to develop a production. For more information on developing productions, see the Health Connect documentation setOpens in a new tab.

If your Health Connect Cloud deployment was created with the High Availability configuration, the databases for your interoperability productions (as well as the REPO database) are automatically mirrored to the backup server.

If your Health Connect Cloud deployment was created with a Message Bank, all of the messages processed by each production, as well as any event log entries, are stored in the Default Message Bank. For details on creating additional Message Banks, see Create a Message Bank.

To create a production:

  1. On the Productions page, under Create Interoperability Production, type the desired name of your production.

  2. Click Create Production.

After you create a production, it shows up in the Productions list at the top of the page with a Production State of Stopped. When the creation process is finished, the Production State changes to Running. The Production Started column shows the time the production was started, in GMT. You may need to click Refresh to update the status.

Delete a Production

To delete an interoperability production:

  1. On the Productions page, click the Delete Production icon in the Actions column for that production.

  2. In the Delete Production dialog box, type Permanently Delete, and click Delete.

The production is removed from the Productions list at the top of the page.

SSL/TLS Configurations Page

Transport Layer Security (TLS) provides strong protection for communication between pairs of entities. It allows you to perform authentication, data integrity protection, and data encryption. TLS is the successor to the secure sockets layer (SSL).

Health Connect Cloud supports the ability to store an SSL/TLS configuration and specify an associated name. When you need a an SSL/TLS connection (for example, to connect to Health Connect Cloud via a TCP adapter in a production), you provide the applicable configuration name, and Health Connect Cloud automatically handles the connection. For information on using SSL/TLS configurations in an production, see Configure a Production to Use SSL.

The SSL/TLS Configurations page allows you to see all of the SSL/TLS Configurations you have created, whether they are enabled or not, and the type of each connection (Client or Server).

You can also use the SSL/TLS Configurations page to:

Create a SSL/TLS Configuration

To create a new SSL/TLS Configuration:

  1. On the SSL/TLS Configurations page, under Create SSL/TLS Configuration, type the desired name of your SSL/TLS Configuration.

    Only alphanumeric characters are allowed. No spaces or special characters.

  2. Type an optional Description.

  3. If desired, check Enabled to enable the configuration after creating it.

    You can enable or disable it later by editing the configuration.

  4. Choose a Type for the configuration.

    Client means that this configuration is used when Health Connect Cloud initiates a connection to another system, for example, in an outbound TCP adapter in a production’s business operation.

    Server means that this configuration used when another systems initiates a connection to Health Connect Cloud, for example, in an inbound TCP adapter in a production’s business service.

  5. Choose the desired Certificate Verification for this configuration.

    If this is a Client configuration:

    • None means that the server does not need to provide a certificate and the client performs no verification.

    • Required means that the server must provide a certificate and the client verifies the certificate with the Certificate Authority that issued the certificate.

    If this is a Server configuration:

    • None means that the client neither requires or requests a certificate.

    • Request means that the client may or may not provide a certificate and the server verifies the certificate only if provided.

    • Required means that the client must provide a certificate and the server verifies the certificate with the Certificate Authority that issued the certificate.

  6. Upload the file containing the trusted Certificate Authority certificate(s).

  7. Upload the file containing configuration certificate.

  8. Upload the file containing associated private key.

  9. Select the Private Key Type.

  10. Type the Private Key Password.

  11. Select the Minimum Protocol Version supported by this configuration.

  12. Select the Maximum Protocol Version supported by this configuration.

  13. If desired, edit the Enabled Cipherlist.

    The default set of cipher suites is:

    • ALL — Includes all cipher suites except the eNULL ciphers

    • !aNULL — Excludes ciphers that do not offer authentication

    • !eNULL — Excludes ciphers that do not offer encryption

    • !EXP — Excludes export-approved algorithms (both 40- and 56-bit)

    • !SSLv2 — Excludes SSL v2.0 cipher suites

  14. For Server configurations only, select the size of Diffie-Hellman key (if using).

  15. For Server configurations only, optionally enable and configure OSCP Stapling.

    OCSP (Online Certificate Status Protocol) is an internet protocol that checks the validity status of a certificate in real-time.

  16. Click Create Configuration.

For more information on the fields on this page, see About ConfigurationsOpens in a new tab.

After you create a configuration, it shows up in the SSL/TLS Configurations list at the top of the page.

Edit a SSL/TLS Configuration

To edit a SSL/TLS Configuration:

  1. On the SSL/TLS Configurations page, click the Edit Configuration icon in the Actions column for that SSL/TLS Configuration.

  2. In the dialog box, edit any of the fields, and click Submit.

See Create a SSL/TLS Configuration for information on each field.

Delete a SSL/TLS Configuration

To delete a SSL/TLS Configuration:

  1. On the SSL/TLS Configurations page, click the Delete Configuration icon in the Actions column for that SSL/TLS Configuration.

  2. In the Delete Configuration dialog box, type Permanently Delete, and click Delete.

The configuration is removed from the SSL/TLS Configurations list at the top of the page.

SSL Certificate Expiration Alerts

The ZMSP.HCC.CertCheckService business service allows you to configure email notifications to be sent when the certifications for your SSL configuration are about to expire. The business service can be configured once and used to monitor all SSL configurations on a system or it can be configured individually for each production. To configure the business service for a production:

  1. Configure alert processing for your production. For example, you can use a simple email alert processor.

  2. Add the ZSMP.HCC.CertCheckService business service to your production.

  3. Configure the Scope setting for the new business service. You can set it to:

    • Server — the business service will check all enabled SSL configurations available on a system.

    • Namespace — the business service will only collect active values for the SSLConfig parameter in the currently running production.

  4. Configure the ExpiryDays setting. This setting determines the number of days before a certificate’s expiration date that the alert should be triggered. The alert will continue to be triggered each time the business service is run until the certificate is updated. This setting must be between 7 and 30.

  5. Set CallInterval to the frequency (in seconds) that the service should be called. For example, set it to 86400, so that the business service will run daily.

SQL Gateways Page

A SQL Gateway provides access from Health Connect Cloud to external databases via JDBC and ODBC.

Health Connect Cloud maintains a list of SQL Gateway configurations, which are logical names for connections to external databases. Each SQL Gateway configuration consists of a configuration name, information on connecting to the data source, and a username and password to use when establishing the connection.

The SQL Gateways page allows you to see all of the SQL Gateway configurations you have created, the driver used, the server URL, and username used to connect to the external database.

You can also use the SQL Gateways page to:

Create a SQL Gateway Configuration

To create a new SQL Gateway configuration:

  1. On the SQL Gateways page, under Create SQL Gateway Configuration, type the Configuration Name of your SQL Gateway configuration.

    Only alphanumeric characters are allowed. No spaces or special characters.

  2. Choose a Driver to use for the connection.

  3. In the Server box, type the URL of the server to use for this connection.

  4. In the Port box, type the port number to connect to on the server.

  5. In the Database box, type the name of the external database.

  6. In the User box, type the username to use to connect to the external database.

  7. In the Password box, type the password to use to connect to the external database.

  8. Click Create Configuration.

After you create a configuration, it shows up in the SQL Gateway Configurations list at the top of the page.

Test a SQL Gateway Configuration

To test a SQL Gateway configuration:

On the SQL Gateways page, click the Test Configuration icon in the Actions column for that configuration.

You should see the message “Successfully connected to remote server.”

If you see the message “There was an issue testing configuration. Please double check configuration parameters.” then edit the SQL Gateway configuration and try again.

Edit a SQL Gateway Configuration

To edit a SQL Gateway configuration:

  1. On the SQL Gateways page, click the Edit Configuration icon in the Actions column for that configuration.

  2. In the dialog box, edit any of the fields, and click Save.

See Create a SQL Gateway Configuration for information on each field.

Delete a SQL Gateway Configuration

To delete a SQL Gateway configuration:

  1. On the SQL Gateways page, click the Delete Configuration icon in the Actions column for that configuration.

  2. In the Delete Configuration dialog box, type Permanently Delete, and click Delete.

The configuration is removed from the SQL Gateway Configurations list at the top of the page.

Firewall Page

The Firewall page allows you to manage the Health Connect Cloud firewall, allowing traffic from other systems to reach your Health Connect Cloud deployment.

Private rules allow traffic to the deployment over the private network. To connect to Health Connect Cloud over the private network, use InterSystems Network ConnectOpens in a new tab to connect a VPN gateway device to your deployment.

External rules allow other systems to communicate with your deployment over the internet using a secure connection, for example, one that uses a Health Connect Cloud SSL/TLS configuration.

The Firewall page lists all of the private rules and external rules you have created. Each rule includes the protocol used to connect to the deployment, the destination port numbers or port ranges to connect to (lowest port number 1025/highest number 65535), and the CIDR block that defines the source IP addresses that are allowed to connect.

For information on using firewall rules with productions you have created, see Configuring a Production to Use a Firewall Rule.

Manage Private Firewall Rules

Before creating a private firewall rule, you must create a InterSystems Network ConnectOpens in a new tab deployment to create a VPN hub and then connect a VPN gateway device and your Health Connect Cloud deployment.

Note:

Make sure that your VPN gateway device advertises its routes over BGP before you create a private firewall rule to ensure that the routes are propagated to the deployment. Routes are synchronized only when a firewall rule is created.

To add a private firewall rule to Health Connect Cloud:

  1. On the Firewall page, in the Private Rules section, click Create Rule.

  2. In the Add Firewall Rule dialog box:

    1. In the Type box, select Custom.

    2. In the Protocol box, select either TCP or UDP, depending the type of traffic to allow using this rule.

    3. In the Port Range box, type the port number(s) or range(s) to use for this rule.

      Port numbers must be 1025 or greater. Use a hyphen to specify a contiguous range of port numbers (for example, 1040-1050). Use commas to separate multiple non-contiguous port numbers (for example, 1040, 1050, 1060). When using commas, do not specify more than 50 port numbers at a time.

    4. In the CIDR Block box, type the CIDR block that defines the source IP addresses allowed using this rule.

      Public CIDR blocks are not permitted in private firewall rules.

    5. In the Description box, type the purpose of this rule.

    6. Click Add.

Note:

You can have a maximum of 240 private firewall rules.

To delete a private firewall rule, click the Delete Configuration icon in the Actions column for that rule.

Manage External Firewall Rules

Before creating the first external firewall rule, you must enable external connections:

  1. On the Firewall page, in the External Rules section, slide the Enable External Connections slider to the right.

    You are redirected to the list of deployments while the Health Connect Cloud deployment is updated. This may take a few minutes.

  2. When the status for your deployment changes from UPDATING back to COMPLETE, click the card and navigate back to the Firewall page.

To add an external firewall rule to Health Connect Cloud:

  1. On the Firewall page, in the External Rules section, click Create Rule.

  2. In the Add Firewall Rule dialog box:

    1. In the Type box, select Custom.

    2. In the Protocol box, select either TCP or UDP, depending the type of traffic to allow using this rule.

    3. In the Port Range box, type the port number(s) or range(s) to use for this rule.

      Port numbers must be 1025 or greater. Use a hyphen to specify a contiguous range of port numbers (for example, 1040-1050). Use commas to separate multiple non-contiguous port numbers (for example, 1040, 1050, 1060). When using commas, do not specify more than 50 port numbers at a time.

    4. In the CIDR Block box, type the CIDR block that defines the source IP addresses allowed using this rule.

      Private CIDR blocks are not permitted in external firewall rules.

    5. In the Description box, type the purpose of this rule.

    6. Click Add.

Note:

You can have a maximum of 240 external firewall rules.

To delete an external firewall rule, click the Delete Configuration icon in the Actions column for that rule.

If you are no longer using any external firewall rules, slide the Enable External Connections slider to the left to disable all external connections to Health Connect Cloud. Any existing external rules are hidden on the Firewall page, but they are not deleted and will be displayed again if you re-enable external connections. Note that the external IP address of the HCC deployment may change when external connections are re-enabled.

Message Banks Page

The Message Banks page allows you to see all of the Message BanksOpens in a new tab you have created and their current Production State (for example, Stopped or Running). In general terms, a Message Bank is a specialized kind of productionOpens in a new tab that archives messages, event log entries, and search table entries from multiple client productions.

You can also use the Message Banks page to:

Note:

The Message Banks link appears in the Deployments section of the main menu in the Cloud Services Portal only if your Health Connect Cloud deployment was created with the Message Bank option

Create a Message Bank

If your Health Connect Cloud deployment was created with the Message Bank option, all messages and other data processed by the connected productions are stored in the default Message Bank. This Message Bank has a namespaceOpens in a new tab of BANK.

To create a new Message Bank:

  1. On the Message Banks page, under Create Message Bank, type the desired name of your Message Bank.

  2. Click Create Message Bank.

After you create a production, it shows up in the Message Banks list at the top of the page with a Production State of Stopped. When the creation process is finished, the Production State changes to Running. The Production Started column shows the time the production was started, in GMT. You may need to click Refresh to update the status.

You can then launch the Management Portal for the Message Bank from the System Management page and connect your productions to the new Message Bank. For more details, see Configuring the Enterprise Message BankOpens in a new tab.

Delete a Message Bank

To delete a message bank:

  1. On the Message Banks page, click the Delete Message Bank icon in the Actions column for that Message Bank.

  2. In the Delete Message Bank dialog box, type Permanently Delete, and click Delete.

The Message Bank is removed from the Message Banks list at the top of the page.

Documentation

If you have any questions on how to use Health Connect Cloud, on the main menu, click Documentation.

For documentation on all of the InterSystems cloud services, click your name at the top right of the Cloud Services Portal, and then click Documentation.

If you would like to submit any feedback to help InterSystems improve any of the InterSystems cloud services, click your name at the top right of the Cloud Services Portal, and then click Submit Feedback. While we cannot respond to all feedback we receive, we welcome your opinion and will take it into consideration when determining future directions and enhancements.

Common Cloud Services Portal Functionality

For information on common Cloud Services Portal functionality that is not specific to InterSystems Health Connect Cloud, see Cloud Services Portal Reference InformationOpens in a new tab. This document includes material describing the top-level pages in the main menu:

Next sectionConfigure Health Connect Cloud Productions
Previous sectionIntroducing InterSystems Health Connect Cloud
FeedbackOpens in a new tab