Oracle® Health Sciences Information Manager Policy Monitor Installation and Configuration Guide Release 1.1 E21367-01 |
|
Previous |
Next |
This chapter provides information about the HIM Policy Monitor components and templates. It then leads you through the steps to import the Policy Monitor template, create a Policy Monitor VM, and then configure a Policy Monitor VM.
The Policy Monitor implements an Audit Record Repository (ARR) as required by the ATNA profile. The following links provide some context as to what "ARR" represents in this guide. Before beginning to set up your HIM Policy Monitor VM, we recommend you review these links.
Audit Trail and Node Authentication (ATNA) Integration Profile
which is built on top of the following:
Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications
The Syslog Protocol
Transmission of Syslog Messages over Transport Layer Security (TLS)
Transmission of Syslog Messages over User Datagram Protocol (UDP)
Note: The above links open documents that deal with the Internet Protocol Suite, specifically "Internet Official Protocol Standards" (STD1) as related to ARR. They provide critical technical information about secure transmission of data over the internet, including node authentication and an audit trail. It is recommended that you read them.The Policy Monitor is called the Audit Record Repository Server in Oracle Healthcare Master Person Index Working With IHE Profiles (Part Number E18591-01). |
This chapter includes the following sections:
The HIM Policy Monitor template uses the "Paravirtualized" virtualization method. The template is distributed as a compressed tar file (*.tgz
). The compressed tar file contains two binary files and a text file. The binary files are the disk images taken from a fully configured and functional VM. The text file is a VM configuration file.
The contents of the compressed tar file is listed below:
Disk Image with Oracle Software
/appliance.img
Disk Image with Operating System
/System.img
VM Configuration File
/vm.cfg
The VM consists of the following pre-installed software:
Oracle Enterprise Linux 5 (as in System.img
)
http://www.oracle.com/technetwork/topics/linux/whatsnew/index.html
HIM specific software (as in appliance.img
)
Apache Ant 1.8.1
Install directory: /home/common/ant
Java Development Kit 1.6.0_21
Install directory: /home/common/java/latest
(symbolic link to JDK 1.6.0_21)
For hiauser only:
HIM Policy Monitor 1.0
Install directory: /home/hiauser/arr
VM Memory Settings:
2 GB (2048 MB) of RAM
Note: The RAM memory setting can be changed after installation in VM Manager. |
16 GB of Disk Space
Linux Users:
Root user
Username: root
Linux Group: root
Password: ovsroot
HIM specific user
Username: hiauser
Linux Group: hiauser
Password: hiapass
Tip: For security purposes, it is recommended that you change the default passwords after installation. |
To import the HIM Policy Monitor VM template:
Copy the HIM Policy Monitor VM template .tgz
file to the /OVS/seed_pool
directory of your Oracle VM Server machine.
Uncompress the .tgz
file:
> tar -zxvf
<FILENAME>
.tgz
This step creates a directory with the name of the template.
Example:
> cd /OVS/seed_pool > tar -zxvf /OVS/seed_pool/OVM_HIAV1_X86_POLICYMONITOR_PVM.tgz
Creates the directory:
/OVS/seed_pool/OVM_HIAV1_X86_POLICYMONITOR_PVM
Log in to the Oracle VM Manager
Note: The default location for the Oracle VM Manager log in screen ishttp://<VM_MANAGER_HOST_NAME>:8888/OVS . |
From the Oracle VM Manager console:
Click the Resources tab. The Virtual Machine Templates screen is displayed.
Click the Import button. The Source screen is displayed.
Choose the Select from Server Pool (Discover and register) radio button.
Click Next. The General Information screen is displayed.
Enter or select the following general information:
- The server pool on which the virtual machine will be located.
Server Pool Name: <SERVER_POOL_NAME
>
- The operating system of the Virtual Machine Operating System:
Oracle Enterprise Linux 5
- The Oracle VM template to be imported.
Virtual Machine Template Name: <VM_TEMPLATE_NAME>
- The username used to log in to the Virtual Machine.
Virtual Machine System Username: root
- The password used to log in to the Virtual Machine.
Virtual Machine System Password: ovsroot
Click Next. The Confirm Information screen is displayed.
Click Confirm. The Virtual Machine Template screen is displayed with a message to confirm the VM template has been imported.
Click the Resources tab to see the list of available VM templates.
To make the Virtual Machine template available for use, select the Virtual Machine template and click Approve, moving the VM template from the "Pending" state to the "Active" state.
The VM template is imported and ready for use in Oracle VM Manager.
To create the HIM Policy Monitor VM from the VM template:
Create a new VM using the Policy Monitor VM template just installed by following the instructions in the VM Manager 2.2 User's Guide (refer to Section 6.3.1, "Creating Virtual Machine from a Template").
To power on the Virtual Machine select the Virtual Machines tab, select the Virtual Machine Name, and click Power On.
In the VM Manager Console ensure that the Policy Monitor VM is now in the running state (Status=Running).
This section provides instructions for configuring the HIM Policy Monitor VM.
To VNC into a VM:
Note: To enable the VNC Port link in the VM Manager follow the instructions in "Installing OVM Console" athttp://oss.oracle.com/oraclevm/manager/RPMS/README-console . |
Expand the details of the VM by clicking the + on Show. You can VNC into the box from the VM Manager by clicking on the VNC Port link under the VM details, or you can use a VNC client to log in using the address:
<VM_SERVER_HOST_NAME>:<VM_VNC_PORT>
To configure the VM to use static IP:
Note: The VM is configured by default to use DHCP to assign an IP address. |
If you are using DHCP addressing you can skip the following steps.
To configure the VM to use static IP, log in as the root user (default password: ovsroot
) and set the IP using the following steps:
Select System, Administration, and then Network.
Choose Devices, click Edit, select the Statically Set IP Address radio button, and then enter the following values:
- Address: <VM_IP>
- Subnet mask: <SUBNET_MASK>
- Default Gateway address: <DEFAULT_GATEWAY_ADDRESS>
Click OK.
Choose File and then click Save.
Click the DNS tab and then enter the following values:
- Hostname: <VM_HOST_NAME>
- Primary DNS: <PRIMARY_DNS>
- Secondary DNS: <SECONDARY_DNS>
- Tertiary DNS: <TERTIARY_DNS>
- DNS search path: <VM_NAME_SUFFIX>
Choose Next and click Save.
Choose the Hosts tab, click New, and then enter the following values:
- Address: <VM_IP>
- Hostname: <VM_HOST_NAME>
- Aliases: <VM_NAME_PREFIX>
hostname
Click Okay.
Choose File and then click Save.
Restart Network Services from a terminal window.
> service network restart
Check the output for <VM_IP>
.
> ifconfig
Check the output for <VM_HOST_NAME>
.
> hostname
Check the success of:
> ping
<VM_IP>
Check the success of:
> ping
<VM_HOST_NAME>
To prepare the Policy Monitor database tables for Oracle:
Copy the files under /home/hiauser/arr/database/oracle
to a machine with Oracle SQL*Plus installed.
To create the Policy Monitor database user load the script create-user-oracle.sql
into the database.
Example:
> sqlplus system@<SID> SQL> @create-user-oracle.sql
To create the Policy Monitor database tables:
> cd /home/hiauser/arr/bin
Run the script create-arr-properties-file.sh
to create the properties file used to configure the Policy Monitor application, selecting [oracle] as your target database.
Example:
> sh create-arr-properties-file.sh – The dialect of your database installation: Choose target database: oracle – The hostname of your Oracle Database Enter oracle_host:<ORACLE_HOST>
– The Oracle TNS Listener port of your Oracle Database Enter oracle_port:<ORACLE_PORT>
– The Oracle System ID (SID) of your Oracle Database Enter oracle_sid:<ORACLE_SID>
– The Oracle Database username Enter oracle_username:<ORACLE_USERNAME>
– The Oracle Database password Enter oracle_password:<ORACLE_PASSWORD>
– The port of the syslog server Enter arr_port:<ARR_PORT>
– The output properties file name Enter properties_file_name:<ARR_PROPERTIES>
Run the script arr.sh
using command create-tables
.
Example:
> arr.sh -propertyfile <ARR_PROPERTIES>
-command create-tables
To configure the HIM Policy Monitor VM:
Log in to the VM as hiauser
(default password: hiapass
).
Navigate to the directory: /home/hiauser/arr/bin
.
Edit the file <ARR_PROPERTIES_FILE>
.
Enable remote syslog access by reconfiguring firewall.
Note: Opening ports below 1024 require root permissions. |
To permit connections on a port from other systems:
* Enable a TCP connection
Select System, Administration, Security Level, and Firewall.
Click Other ports, and Add.
Enter <ARR_PORT>
in the Port(s) field, and specify tcp
as the Protocol.
Click OK.
* Enable a UDP connection
Select System, Administration, Security Level, and Firewall.
Click Other ports, and Add.
Enter <ARR_PORT>
in the Port(s) field, and specify udp
as the Protocol.
Click OK.
Note: Before proceeding to the next step, configure a fully-qualified-hostname for the Virtual Machine. |
Run the script create-and-import-selfsigned-certs.sh
to install the self-signed certificate. It does the following things:
Creates the keystore for the private internal key
Exports the certificate that will authenticate the internal key
Imports the trusted certificates into the truststore
Provides these certificates to the Policy Monitor to use for authentication purposes
> sh create-and-import-selfsigned-certs.sh
Note: Before proceeding to the next step, copy the certificate of the host computer<HOSTNAME.cer> to /home/hiauser/arr/bin/keystore folder. |
To install a host machine's certificate, run the script import-hostname-cert.sh
:
> sh import-hostname-cert.sh
Enter the hostname of the machine whose certificate is being imported into the truststore: <HOSTNAME>
.
Start the server using the following commands:
> cd /home/hiauser/arr/bin
To start in UDP mode:
> arr.sh -propertyfile
<ARR_PROPERTIES_FILE>
-command start-udp-server
To start in TLS mode:
> arr.sh -propertyfile
<ARR_PROPERTIES_FILE>
-command start-tls-server
To validate the Policy Monitor software on the VM after it is configured:
Ensure that the Policy Monitor Server is up and running.
Validate the configuration using the test client distributed with the VM:
> cd /home/hiauser/arr/bin
To send a message in UDP mode:
> arr.sh -propertyfile
<ARR_PROPERTIES_FILE>
-command send-udp-msg -arr.input_file ../docs/test_syslog_msg.txt
To send a message in TLS mode:
> arr.sh -propertyfile
<ARR_PROPERTIES_FILE>
-command send-tls-msg -arr.input_file ../docs/test_syslog_msg.txt
Login to your database and confirm that the test record has been stored in the ARR_SYS_MSG table (for additional information, see "Overview of Policy Monitor Database").