1 Installing and Configuring HIM Health Record Locator

This chapter provides the instructions to install and configure the Health Record Locator VM template. Also, it provides the instructions on how to configure CONNECT software on HIG Adapter/Gateway VMs to make use of HIEOS registry-based Health Record Locator.

This chapter includes the following sections:

• "Understanding HIM Health Record Locator Components and Templates"

• "Importing the HIM Health Record Locator Template"

• "Creating the HIM Health Record Locator VM"

• "Configuring the HIM Health Record Locator VM"

• "Configuring Document Repository"

• "Installing Patches and Self-signed Certificates on HIG Adapter VM (if not done already)"

• "Installing Patches and Self-signed Certificates on HIG Gateway VM (if not done already)"

• "Configuring CONNECT Software on HIG Adapter VM for Health Record Locator"

1.1 Understanding HIM Health Record Locator Components and Templates

The HIM Policy Monitor template uses the "Paravirtualized" virtualization method. The template is distributed as a compressed tar file (*.tgz). The compressed tar file contains two binary files and a text file. The binary files are the disk images taken from a fully configured and functional VM. The text file is a VM configuration file.

1.1.1 HIM Health Record Locator Components

The contents of the compressed tar file is listed below:

• Disk Image with Oracle Software

  /appliance.img

• Disk Image with Operating System

  /System.img

• VM Configuration File

  /vm.cfg

1.1.2 Health Record Locator VM Template

The VM consists of the following pre-installed software:

• Oracle Enterprise Linux 5 (as in System.img)

  http://www.oracle.com/technetwork/topics/linux/whatsnew/index.html

• HIM specific software (as in appliance.img)

  • Apache Ant 1.8.1

    Install directory: /home/common/ant

  • Java Development Kit 1.6.0_X

    Install directory: /home/common/java/latest (symbolic link to JDK 1.6.0_X)

  • For hiauser only:

    • HIM Ant Configuration Utility

      Install directory: /home/hiauser/config

    • Netbeans 6.7.1

      Install directory: /home/hiauser/netbeans-6.7.1

    • Glassfish Enterprise Server 2.1.1

      Install directory: /home/hiauser/SUNWappserver

      Admin user

      - Username: admin

      - Password: adminadmin

      Admin Console

      - http://<VM_IP or VM_HOST_NAME >:4848

• VM Memory Settings:

  • 2 GB (2048 MB) of RAM

    
    

    Note: The RAM memory setting can be changed after installation in VM Manager.

    
    

  • 16 GB of Disk Space

• Linux Users:

  • Root user

    • Username: root

    • Linux Group: root

    • Password: ovsroot

  • HIM specific user

    • Username: hiauser

    • Linux Group: hiauser

    • Password: hiapass

  
  

  Tip: For security purposes, it is recommended that you change the default passwords after installation.

  
  

1.2 Importing the HIM Health Record Locator Template

To import the HIM Health Record Locator VM template:

1. Copy the HIM Health Record Locator VM template .tgz file to the /OVS/seed_pool directory of your Oracle VM Server machine.

2. Uncompress the .tgz file:

   > tar -zxvf <FILENAME>.tgz

   This step creates a directory with the name of the template.

   Example:

   > cd /OVS/seed_pool
   > tar -zxvf /OVS/seed_pool/OVM_HIAV1_X86_HEALTHRECORDLOCATOR_PVM.tgz
   

   Creates the directory:

   /OVS/seed_pool/OVM_HIAV1_X86_HEALTHRECORDLOCATOR_PVM

3. Log in to the Oracle VM Manager

   
   

   Note: The default location for the Oracle VM Manager log in screen is http://<VM_MANAGER_HOST_NAME>:8888/OVS.

   
   

4. From the Oracle VM Manager console:

   1. Click the Resources tab. The Virtual Machine Templates screen is displayed.

   2. Click the Import button. The Source screen is displayed.

   3. Choose the Select from Server Pool (Discover and register) radio button.

   4. Click Next. The General Information screen is displayed.

      Enter or select the following general information:

      - The server pool on which the virtual machine will be located.

      Server Pool Name: <SERVER_POOL_NAME>

      - The operating system of the Virtual Machine Operating System:

      Oracle Enterprise Linux 5

      - The Oracle VM template to be imported.

      Virtual Machine Template Name: <VM_TEMPLATE_NAME>

      - The username used to log in to the Virtual Machine.

      Virtual Machine System Username: root

      - The password used to log in to the Virtual Machine.

      Virtual Machine System Password: ovsroot

   5. Click Next. The Confirm Information screen is displayed.

   6. Click Confirm. The Virtual Machine Template screen is displayed with a message to confirm the VM template has been imported.

5. Click the Resources tab to see the list of available VM templates.

6. To make the Virtual Machine template available for use, select the Virtual Machine template and click Approve, moving the VM template from the "Pending" state to the "Active" state.

   The VM template is imported and ready for use in Oracle VM Manager.

1.3 Creating the HIM Health Record Locator VM

To create the HIM Health Record Locator VM from the VM template:

1. Create a new VM using the Health Record Locator VM template just installed by following the instructions in the VM Manager 2.2 User's Guide (refer to Section 6.3.1, "Creating Virtual Machine from a Template").

2. To power on the Virtual Machine select the Virtual Machines tab, select the Virtual Machine Name, and click Power On.

3. In the VM Manager Console ensure that the Health Record Locator VM is now in the running state (Status=Running).

1.4 Configuring the HIM Health Record Locator VM

This section provides instructions for configuring the HIM Health Record Locator VM.

• "How to VNC into a VM"

• "Configuring the VM Network Settings"

• "Configuring the HIM Health Record Application's Oracle Database"

• "Installing and Configuring HIM Health Record Application"

1.4.1 How to VNC into a VM

To VNC into a VM:

Note: To enable the VNC Port link in the VM Manager follow the instructions in "Installing OVM Console" at http://oss.oracle.com/oraclevm/manager/RPMS/README-console.

Expand the details of the VM by clicking the + on Show. You can VNC into the box from the VM Manager by clicking on the VNC Port link under the VM details, or you can use a VNC client to log in using the address:

<VM_SERVER_HOST_NAME>:<VM_VNC_PORT>

1.4.2 Configuring the VM Network Settings

To configure the VM to use static IP:

Note: The VM is configured by default to use DHCP to assign an IP address.

If you are using DHCP addressing you can skip the following steps.

1. To configure the VM to use static IP, log in as the root user (default password: ovsroot) and set the IP using the following steps:

   1. Select System, Administration, and then Network.

   2. Choose Devices, click Edit, select the Statically Set IP Address radio button, and then enter the following values:

      - Address: <VM_IP>

      - Subnet mask: <SUBNET_MASK>

      - Default Gateway address: <DEFAULT_GATEWAY_ADDRESS>

   3. Click OK.

   4. Choose File and then click Save.

   5. Click the DNS tab and then enter the following values:

      - Hostname: <VM_HOST_NAME>

      - Primary DNS: <PRIMARY_DNS>

      - Secondary DNS: <SECONDARY_DNS>

      - Tertiary DNS: <TERTIARY_DNS>

      - DNS search path: <VM_NAME_SUFFIX>

   6. Choose Next and click Save.

   7. Choose the Hosts tab, click New, and then enter the following values:

      - Address: <VM_IP>

      - Hostname: <VM_HOST_NAME>

      - Aliases: <VM_NAME_PREFIX> hostname

   8. Click Okay.

   9. Choose File and then click Save.

   10. Restart Network Services from a terminal window.

       > service network restart

   11. Check the output for <VM_IP>.

       > ifconfig

   12. Check the output for <VM_HOST_NAME>.

       > hostname

   13. Check the success of:

       > ping <VM_IP>

   14. Check the success of:

       > ping <VM_HOST_NAME>

1.4.3 Configuring the HIM Health Record Application's Oracle Database

To configure your Oracle Database to be used with Health Record Locator:

1. Log in to the VM as hiauser (default password: hiapass).

2. Copy the file from ~hiauser/config/oracle_db/rls_oracle_db_scripts.zip to the host where you have a SQL Plus client present in the PATH and Bash or Sh shell is available. Unzip the contents.

3. Login to the host having SQL Plus, and change the directory to where you copied/extracted the files in the previous step.

4. Update the SQL script create_tblspc_users.sql with your Oracle DB specific Tablespace information and new passwords for the users ADT, OMAR, and LOG that will be created.

5. Update the script create_tblspc_users.sh for the below variables.

   oracleDBScriptsDir: The current directory.

   DB_ADMIN_ID: The root or Id in your Oracle DB having access to create table spaces and users.

   DB_ADMIN_PASS: The password for above Id.

   DB_HOST: The database host.

   DB_PORT: The database port.

   DB_SID: The database SID.

   ADT_USER_PASS: The ADT user password as selected in previous step.

   OMAR_USER_PASS: The OMAR user password as selected in previous step.

   LOG_USER_PASS: The LOG user password as selected in previous step.

6. Make sure that SQL Plus is available in the PATH, then run the script create_tblspc_users.sh as follows:

   >bash create_tblspc_users.sh

7. (Optional) Follow this step only if you want to load test data and verify the configuration:

   Make sure that SQL Plus is available in the PATH, then run the script loadTestData.sh as follows.

   DB_HOST: Database host

   DB_PORT: Database port

   DB_SID: Database SID

   ADT_USER_PASS: ADT user password

   OMAR_USER_PASS: OMAR user password

   To make sure that sqlplus is available in the path, run the script loadTestData.sh as follows:

   >bash loadTestData.sh

1.4.4 Installing and Configuring HIM Health Record Application

Note: You need to setup your Oracle Database as described in the previous section before proceeding with this section.

To install and configure the HIM Health Record application:

1. Log in to the HIM Health Record Locator VM as hiauser (default password: hiapass).

   
   

   Note: When hiauser is used to login, proper environment variables and aliases are set.

   
   

2. Navigate to and run the script ~hiauser/config/scripts/update_gf_resources.sh. Follow the prompts to enter the Oracle DB host, port, SID, and passwords for ADT, OMAR, and LOG users. The script will update domain.xml.

   >bash update_gf_resources.sh

3. Update the config file $AS_HOME/domains/domain1/applications/j2ee-modules/xref/config/xconfig.xml to point for the ATNA server location as needed.

   Make sure to restart the GlassFish Server if the configuration file is updated by issuing "stop" and "start" commands.

   Example:

   Enable ATNA Server audit logging.    ...        <Property name="ATNAPerformAudit">true</Property>        <Property name="ATNAsyslogProtocol">udp</Property>        <Property name="ATNAsyslogHost">atna_audit_server_host</Property>        <Property name="ATNAsyslogPort">514</Property>    ...
   

4. This step produces a self-signed certificate for use during the initial installation and testing. Use appropriate signed certificates for production use.

   
   

   Note: Before proceeding to the next step, configure a fully-qualified-hostname for the Virtual Machine. Navigate to and run the scripts ~hiauser/config/scripts/create-and-import-selfsigned-certs.sh. >bash create-and-import-selfsigned-certs.sh

   
   

   The scripts specifically do the following things:

   • Creates the keystore for the private internal key

   • Exports the certificate that will authenticate the internal key

   • Imports the trusted certificates into the truststore

   • Provides these certificates to appserver to use for authentication purposes

5. Install Adapter VM's certificate by copying the certificate of Adapter VM <ADAPTER_VM_HOSTNAME.cer> to the /home/hiauser/SUNWappserver/domains/domain1/config folder. Navigate to and run the scripts ~hiauser/config/scripts/import-others-cert.sh. When prompted by the scripts, enter the Adapter VM's hostname (it should match with the cert file you copied to the config folder without the ".cer" suffix).

   >bash import-others-cert.sh

6. Start the application server using the command "start".

7. The XDS.b Registry services are available at the following URLs:

   http://<health_record_locator_host_url>:8080/axis2/services/xdsregistryb ( synchronous, non TLS)

   https://<health_record_locator_host_url>:8181/axis2/services/xdsregistryb ( synchronous, TLS)

   http://<health_record_locator_host_url>:8080/axis2/services/xdsregistrybas ( asynchronous, non TLS)

   https://<health_record_locator_host_url>:8181/axis2/services/xdsregistrybas ( asynchronous, TLS)

1.5 Configuring Document Repository

Refer to your Document Repository documentation to configure it to point to Health Record Location services.

Use the following Health Record Location services URLs to configure the Document Repository:

http://<health_record_locator_host_url>:8080/axis2/services/xdsregistryb ( synchronous, non TLS)

https://<health_record_locator_host_url>:8181/axis2/services/xdsregistryb ( synchronous, TLS)

http://<health_record_locator_host_url>:8080/axis2/services/xdsregistrybas ( asynchronous, non TLS)

https://<health_record_locator_host_url>:8181/axis2/services/xdsregistrybas ( asynchronous, TLS)

1.6 Installing Patches and Self-signed Certificates on HIG Adapter VM (if not done already)

1. Log in to the Adapter VM as hiauser (password: hiapass)

2. Get the /home/hiauser/config/hig_patch001.tgz file from Health Record Locator VM or Policy Engine VM using hiauser (password: hiapass).

3. Stop the application server using the following commands:

   1. > cd /home/hiauser/SUNWappserver/bin

   2. > asadmin stop-domain domain1

4. Navigate to the directory /home/hiauser/config using the following command:

   > cd /home/hiauser/config

5. Uncompress the .tgz file:

   > tar -zxvf <FILE_PATH>/hig_patch001.tgz

   This creates the directory: /home/hiauser/config/hig_patch001.

   
   

   Note: FILE_PATH should be replaced with the absolute path where you downloaded the hig_patch001.tgz file.

   
   

6. Navigate to the directory /home/hiauser/config/hig_patch001 using the following command:

   > cd /home/hiauser/config/hig_patch001

7. Run the script install-adapter-patches.sh to install the patches into the CONNECT software on HIG Adapter VM:

   > sh install-adapter-patches.sh

   
   

   Note: Before proceeding to the next step, configure a fully-qualified-hostname for the Virtual Machine.

   
   

   The following step produces a self-signed certificate for use during the initial installation and testing. Use appropriate signed certificates for production use.

8. Run the script create-and-import-selfsigned-certs.sh to install the self-signed certificate. It does the following things:

   • Creates the keystore for the private internal key

   • Exports the certificate that will authenticate the internal key

   • Imports the trusted certificates into the truststore

   • Provides these certificates to appserver to use for authentication purposes

   > sh create-and-import-selfsigned-certs.sh

1.7 Installing Patches and Self-signed Certificates on HIG Gateway VM (if not done already)

1. Log in to the Gateway VM as hiauser (password: hiapass)

2. Get the /home/hiauser/config/hig_patch001.tgz file from Health Record Locator VM or Policy Engine VM using hiauser (password: hiapass).

3. Stop the application server using the following commands:

   1. > cd /home/hiauser/SUNWappserver/bin

   2. > asadmin stop-domain domain1

4. Navigate to the directory /home/hiauser/config using the following command:

   > cd /home/hiauser/config

5. Uncompress the .tgz file:

   > tar -zxvf <FILE_PATH>/hig_patch001.tgz

   This creates the directory: /home/hiauser/config/hig_patch001.

   
   

   Note: FILE_PATH should be replaced with the absolute path where you downloaded the hig_patch001.tgz file.

   
   

6. Navigate to the directory /home/hiauser/config/hig_patch001 using the following command:

   > cd /home/hiauser/config/hig_patch001

7. Run the script install-gateway-patches.sh to install the patches into the CONNECT software on HIG Gateway VM:

   > sh install-gateway-patches.sh

   
   

   Note: Before proceeding to the next step, configure a fully-qualified-hostname for the Virtual Machine.

   
   

   The following step produces a self-signed certificate for use during the initial installation and testing. Use appropriate signed certificates for production use.

8. Run the script create-and-import-selfsigned-certs.sh to install the self-signed certificate. It does the following things:

   • Creates the keystore for the private internal key

   • Exports the certificate that will authenticate the internal key

   • Imports the trusted certificates into the truststore

   • Provides these certificates to appserver to use for authentication purposes

   > sh create-and-import-selfsigned-certs.sh

1.8 Configuring CONNECT Software on HIG Adapter VM for Health Record Locator

1. Login to HIG Adapter VM using hiauser (password: hiapass).

2. Update the NHIN confile file at ~hiauser/SUNWappserver/domains/domain1/config/nhin/internalConnectionInfo.xml as below for services "adapterxdsbdocregistry" and "adapterxdsbdocregistrysoap12".

   You can refer to and re-use the sample one in HIM Health Record Locator VM at ~hiauser/config/nhinAdapter/internalConnectionInfo.xml

        <service>                        <name>adapterxdsbdocregistry</name>                               <description>Adapter Document Query</description>
   
   <endpointURL>http://localhost:8080/CONNECTAdapterDocRegSoap12/AdapterDocRegistry2Soap12Service</endpointURL>             </service>
   

   1. Add the <service> element if it is not present or modify it if present for service "adapterxdsbdocregistrysoap12".

   2. Make sure <endpointURL> is pointing to Registry service URL.

           <service>
                                    <name>adapterxdsbdocregistrysoap12</name>
                                    <description>Adapter Document Registry Soap12</description>
                                    <endpointURL>http://$REG_HOST:8080/axis2/services/xdsregistryb</endpointURL>
                    </service>
      

      The below two service configurations are shown here as reference to connect to the Repository. Consult your Document Repository configuration document for details.

      
      

      Note: The below reference updates the endpoint for services "adapterxdsbdocrepository" and "adapterxdsbdocrepositorysoap12".

      
      

   3. Change the <endpointURL> for the service "adapterxdsbdocrepository" as below.

           <service>                        <name>adapterxdsbdocrepository</name>                             <description>Adapter Document Retrieve</description>
      
      <endpointURL>http://localhost:8080/CONNECTAdapterDocReposSoap12/AdapterDocRepository2Soap12Service</endpointURL>
      

   4. Change <endpointURL> for service "adapterxdsbdocrepositorysoap12" to point to Repository service URL.

           <service>                        <name>adapterxdsbdocrepositorysoap12</name>                               <description>Adapter Document Retrieve
      Soap12</description>
                                    <endpointURL>http://$REP_HOST:8080/axis2/services/xdsrepositoryb</endpointURL>
                    </service>
      

3. Add the below property to $AS_HOME/domains/domain1/config/nhin/repository.properties:

   convertPnR2SOR=true

4. Stop the application server using the following commands:

   1. > cd /home/hiauser/SUNWappserver/bin

   2. > asadmin stop-domain domain1

5. Start the application server using the following commands:

   1. > cd /home/hiauser/SUNWappserver/bin

   2. > asadmin start-domain domain1