Skip to main content

Configure InterSystems IRIS Managed Cloud Service Productions

Interoperability productions enable you to connect other systems to InterSystems IRIS Managed Cloud Service so that you can transform and route messages between them. Generally speaking, productions consist of three types of business hosts:

  • Business Services — Business services have inbound adapters that accept incoming messages from an external system.

  • Business Processes — Business processes take messages from a business service and process them (for example, transforming them from one format to another) and then pass them to a business operation.

  • Business Operations — Business operations have outbound adapters that send outgoing messages to an external system.

In InterSystems IRIS Managed Cloud Service, you can create a new production on the Productions page and then configure it in the Management Portal, by going to Interoperability > Configure > Production.

For general information on productions, see Introduction to Interoperability ProductionsOpens in a new tab.

For guidelines on how to configure InterSystems IRIS Managed Cloud Service productions in some common specific scenarios, see the following sections.

Configure a Production to Use SFTP

Create Authorization Credentials

Before configuring a production to use SFTP, create the authorization credentials that will be used in your productions. This task creates SFTP passphrase credentials that correspond to the file transfer user you created for your tenant on the Files pageOpens in a new tab of the Cloud Services Portal.

  1. In the InterSystems IRIS Managed Cloud Service Management Portal, select Interoperability > Configure > Credentials.

  2. In the right panel of the Credentials Viewer page, enter an ID that will be used in your production configuration.

  3. Enter the User Name of the file transfer user from your tenant’s Files page.

  4. Click Save.

Configure a Production to Use SFTP

After you have set up SFTP for your tenant on the Files pageOpens in a new tab of the Cloud Services Portal, you can configure a production to ingest files from a folder in your S3 bucket or output files to a folder in your S3 bucket. A business service can watch an input folder for incoming files, such as HL7 or X12 messages, and pass them to a business process for transformation or other processing. A business process can also pass outgoing files to a business operation, which can in turn deposit them in an output folder.

This section applies to business services (inbound adapters) and business operations (outbound adapters) that are of Input Type or Output Type FTP.

  1. In the Management Portal, select Interoperability > Configure > Production.

  2. Select your business service or business operation.

  3. Click the Settings tab.

  4. Configure the Basic Settings and SFTP Settings, as described below.

  5. Click Apply when you are done to save your settings.

Basic Settings Section

  • File Path — Enter a file path, as listed in the Paths column for your file transfer user on your tenant’s Files page.

  • FTP Server — Enter the server listed on your tenant’s Files page under SFTP Connection Instructions.

    The server will look something like: s-abc.server.transfer.us-east-1.amazonaws.com.

  • FTP Port — Type the port number 22.

SFTP Section

  • SFTP Authentication Methods — Type the letter k, indicating that the adapter will use public/private key authentication.

  • SFTP Public Key File — Enter the path to the public key file on your server, for example, /connect/ftp/xyz-sftp-public-key.txt, where xyz is the name of your file transfer user.

  • SFTP Private Key File — Enter the path to the private key file on your server, for example, /connect/ftp/xyz-sftp-private-key.txt, where xyz is the name of your file transfer user.

  • SFTP Passphrase Credentials — Select the credentials you created in Create Authorization Credentials.

See Upload SFTP Keys to ServerOpens in a new tab for information on uploading public and private key files.

Configure a Production to Use a Firewall Rule

This section describes the settings required to configure a business service to use a firewall rule that you have defined on the Firewall page of your deployment.

  1. In the Management Portal, select Interoperability > Configure > Production.

  2. Select your business service.

  3. Click the Settings tab.

  4. Configure the Basic Settings and Connection Settings, as described below.

  5. Click Apply when you are done to save your settings.

Basic Settings Section

  • IP Port — Enter a port within the port range of your firewall rule.

Connection Settings Section

  • SSL Configuration — Enter an SSL/TLS configuration to be used to secure traffic when using an external firewall rule.

    For business services, select a server SSL/TLS configuration.

  • Local Interface — Use <IP Address> (IPv4 eth0) for private firewall rules. Use <IP Address> (IPv4 eth1) for external firewall rules. This binds the IP Port to the correct Local Interface.

    Make sure <IP Address> is within the CIDR block allowed by your firewall rule.

    For private firewall rules, if you see multiple choices matching the pattern <IP Address> (IPv4 eth0), select the one with 254 in the last octet of the IP address.

    Note:

    If you see an error similar to ERROR #5002: ObjectScript error: <PROTECT>zGetInterfacesInfo+2^%SYSTEM.INetInfo.1 in the Local Interface field, contact us using iService for assistance. (For more information, see Getting HelpOpens in a new tab.)

Connect to the Business Service

To connect to a business service from the external system, use the IP Port you specified in the business service settings. Connect to the Virtual IP Address listed on the Overview page if using a private firewall rule. Connect to the External IP listed on the Overview page if using an external firewall rule.

To quickly test connectivity from the other system to a business service, use the command nc -vv <InterSystems IRIS Managed Cloud Service IP address> <port number> on Linux or tnc <InterSystems IRIS Managed Cloud Service IP address> -Port <port number> on Windows.

The following examples show how to test connectivity to the Virtual IP Address 192.168.22.254 over the private network on port 5000.

Linux

nc -vv 192.168.22.254 5000
Connection to 192.168.22.254 5000 port [tcp/*] succeeded!

Windows:

tnc 192.168.22.254 -Port 5000


ComputerName     : 192.168.22.254
RemoteAddress    : 192.168.22.254
RemotePort       : 5000
InterfaceAlias   : Ethernet 2
SourceAddress    : <Source IP address>
TcpTestSucceeded : True

Configure a Production to Use SSL

This section describes how to configure a business service or business operation to use an SSL/TLS Configuration that you have defined on the SSL/TLS Configurations page of your deployment.

  1. In the Management Portal, select Interoperability > Configure > Production.

  2. Select your business service or business operation.

  3. Click the Settings tab.

  4. In the Connection Settings section, in the SSL Configuration field, select an SSL/TLS configuration.

    For business services, select a server SSL/TLS configuration.

    For business operations, select a client SSL/TLS configuration.

  5. Click Apply when you are done to save your settings.

FeedbackOpens in a new tab