1 Installing and Configuring OHIM OHMPI

This chapter provides instructions for installing and configuring the Oracle Health Sciences Information Manager (OHIM) OHMPI VM template. It also provides instructions on how to configure CONNECT software on OHIG Adapter/Gateway VMs to make use of OHMPI.

This chapter includes the following sections:

• "Understanding OHIM OHMPI Components and Templates"

• "Importing the OHIM OHMPI Template"

• "Creating the OHIM OHMPI VM"

• "Installing and Configuring the OHIM OHMPI VM"

• "Configuring CONNECT Software on OHIG Adapter VM and Gateway VM for OHMPI"

• "Validating the Configuration"

• "Avoiding a Java Security Certificate Exception"

1.1 Understanding OHIM OHMPI Components and Templates

The OHIM OHMPI template uses the "Paravirtualized" virtualization method. The template is distributed as a compressed tar file (*.tgz). The compressed tar file contains two binary files and a text file. The binary files are the disk images taken from a fully configured and functional VM. The text file is a VM configuration file.

1.1.1 OHIM OHMPI Components

The contents of the compressed tar file is listed below:

• Disk Image with Oracle Software

  /appliance.img

• Disk Image with Operating System

  /System.img

• VM Configuration File

  /vm.cfg

1.1.2 OHMPI VM Template

The VM consists of the following pre-installed software:

• Oracle Enterprise Linux 5 (as in System.img)

  http://www.oracle.com/technetwork/topics/linux/whatsnew/index.html

• OHIM specific software (as in appliance.img)

  • Apache Ant 1.8.1

    Install directory: /home/common/ant

  • Java Development Kit 1.6.0_X

    Install directory: /home/common/java/latest (symbolic link to JDK 1.6.0_X)

  • For hiauser only:

    • OHIM Ant Configuration Utility

      Install directory: /home/hiauser/config

    • Netbeans 6.9.1

      Install directory: /home/hiauser/OracleHealthcareMPIv1_1/netbeans

    • GlassFish Enterprise Server 2.1.1

      Install directory: /home/hiauser/OracleHealthcareMPIv1_1/glassfish

      Admin user

      Username: admin

      Password: adminadmin

      Admin Console

      http://<VM_IP or VM_HOST_NAME >:4848

• VM Memory Settings:

  • 2 GB (2048 MB) of RAM

    Note:

    The RAM memory setting can be changed after installation in VM Manager.

  • 16 GB of Disk Space

• Linux Users:

  • Root user

    • Username: root

    • Linux Group: root

    • Password: ovsroot

  • OHIM specific user

    • Username: hiauser

    • Linux Group: hiauser

    • Password: hiapass

  Tip:

  For security purposes, it is recommended that you change the default passwords after installation.

1.2 Importing the OHIM OHMPI Template

To import the OHIM OHMPI VM template:

1. Copy the OHIM OHMPI VM template .tgz file to the /OVS/seed_pool directory of your Oracle VM Server machine.

2. Uncompress the .tgz file:

   > tar -zxvf <FILENAME>.tgz

   This step creates a directory with the name of the template.

   Example:

   > cd /OVS/seed_pool
   > tar -zxvf /OVS/seed_pool/OVM_HIMV12_X86_OHMPI_PVM.tgz
   

   Creates the directory:

   /OVS/seed_pool/OVM_HIMV12_X86_OHMPI_PVM

   Note:

   If you are using 64 bits, you would use OVM_HIMV12_X86_64_OHMPI_PVM.

3. Log in to the Oracle VM Manager

   Note:

   The default location for the Oracle VM Manager log in screen is http://<VM_MANAGER_HOST_NAME>:8888/OVS.

4. From the Oracle VM Manager console:

   1. Click the Resources tab. The Virtual Machine Templates screen is displayed.

   2. Click the Import button. The Source screen is displayed.

   3. Choose the Select from Server Pool (Discover and register) radio button.

   4. Click Next. The General Information screen is displayed.

      Enter or select the following general information:

      - The server pool on which the virtual machine will be located.

      Server Pool Name: <SERVER_POOL_NAME>

      - The operating system of the Virtual Machine Operating System:

      Oracle Enterprise Linux 5

      - The Oracle VM template to be imported.

      Virtual Machine Template Name: <VM_TEMPLATE_NAME>

      - The username used to log in to the Virtual Machine.

      Virtual Machine System Username: root

      - The password used to log in to the Virtual Machine.

      Virtual Machine System Password: ovsroot

   5. Click Next. The Confirm Information screen is displayed.

   6. Click Confirm. The Virtual Machine Template screen is displayed with a message to confirm the VM template has been imported.

5. Click the Resources tab to see the list of available VM templates.

6. To make the Virtual Machine template available for use, select the Virtual Machine template and click Approve, moving the VM template from the "Pending" state to the "Active" state.

   The VM template is imported and ready for use in Oracle VM Manager.

1.3 Creating the OHIM OHMPI VM

To create the OHIM OHMPI VM from the VM template:

1. Create a new VM using the OHMPI VM template just installed by following the instructions in the VM Manager 2.2 User's Guide (refer to Section 6.3.1, "Creating Virtual Machine from a Template").

2. To power on the Virtual Machine select the Virtual Machines tab, select the Virtual Machine Name, and click Power On.

3. In the VM Manager Console ensure that the OHMPI VM is now in the running state (Status=Running).

1.4 Installing and Configuring the OHIM OHMPI VM

This section provides instructions for configuring the OHIM Policy Engine VM.

• "How to VNC into a VM"

• "Configuring the VM Network Settings"

• "Configuring Assigning Authority Patient Feed - Application Server"

• "Configuring the OHIM OHMPI Oracle Database"

• "Installing and Configuring OHIM OHMPI"

1.4.1 How to VNC into a VM

To VNC into a VM:

Note:

To enable the VNC Port link in the VM Manager follow the instructions in "Installing OVM Console" at http://oss.oracle.com/oraclevm/manager/RPMS/README-console.

Expand the details of the VM by clicking the + on Show. You can VNC into the box from the VM Manager by clicking on the VNC Port link under the VM details, or you can use a VNC client to log in using the address:

<VM_SERVER_HOST_NAME>:<VM_VNC_PORT>

1.4.2 Configuring the VM Network Settings

To configure the VM to use static IP:

Note:

The VM is configured by default to use DHCP to assign an IP address.

If you are using DHCP addressing you can skip the following steps.

1. To configure the VM to use static IP, log in as the root user (default password: ovsroot) and set the IP using the following steps:

   1. Select System, Administration, and then Network.

   2. Choose Devices, click Edit, select the Statically Set IP Address radio button, and then enter the following values:

      - Address: <VM_IP>

      - Subnet mask: <SUBNET_MASK>

      - Default Gateway address: <DEFAULT_GATEWAY_ADDRESS>

      - From the Ethernet Device panel, select the Hardware Device tab, and then click the Probe button that corresponds to "Bind to MAC address".

      This sets the correct MAC address for this machine.

      Note:

      Make certain that you a record the MAC address.

   3. Click OK.

   4. Choose File and then click Save.

   5. Click the DNS tab and then enter the following values:

      - Hostname: <VM_HOST_NAME>

      - Primary DNS: <PRIMARY_DNS>

      - Secondary DNS: <SECONDARY_DNS>

      - Tertiary DNS: <TERTIARY_DNS>

      - DNS search path: <VM_NAME_SUFFIX>

   6. Choose Next and then click Save.

   7. Choose the Hosts tab, click New, and then enter the following values:

      - Address: <VM_IP>

      - Hostname: <VM_HOST_NAME>

      - Aliases: <VM_NAME_PREFIX> hostname

   8. Click OK.

   9. Choose File and then click Save.

   10. Restart Network Services from a terminal window.

       > service network restart

   11. Check the output for <VM_IP>.

       > ifconfig

   12. Check the output for <VM_HOST_NAME>.

       > hostname

   13. Check the success of:

       > ping <VM_IP>

   14. Check the success of:

       > ping <VM_HOST_NAME>

Note:

(Optional) In order to preserve the static IP address when the OVM is powered off, follow below steps, but only if the line

vif = ['mac=AA:BB:CC:DD:AA:CC,bridge=xenbr0']

does not match what you have in the vm.cfg file (see below).

1. Power off the Virtual Machine by selecting the Virtual Machines tab in the VM Manager, choose the Virtual Machine Name, and click Power Off.

2. Edit the vm.cfg file that is found on the VM Server under /OVS/seed_pool/<template_name> by replacing the line:

   vif = ['bridge=xenbr0,type=netfront']

   with the MAC corresponding to that virtual machine:

   vif = ['mac=AA:BB:CC:DD:AA:CC,bridge=xenbr0']

   where AA:BB:CC:DD:AA:CC is the MAC corresponding to the created OVM noted above.

1.4.3 Configuring Assigning Authority Patient Feed - Application Server

1. Edit the properties file $AS_HOME/domains/domain1/config/ohmpi/patient-feed.properties as needed. See Table 1-1, "List of Properites in the patient-feed.properties File" for a list of the patient-feed.properties properties.

2. Ensure that the "assigning-auth-oid" value that you enter here matches with the one that is configured in the Secure Health Email Server and the OHIG Gateway. To do this:

   1. If the Secure Health Email Server is not yet configured, look at the property "james_init.assigningAuthorityId" in the ~hiauser/config/config.properties file as this is used during the configuration initial set up. Otherwise, if it is already configured, look at the "assigningAuthorityId" in /home/common/james/apps/james/SAR-INF/config.xml file.

   2. Also look at the corresponding OHIG Gateway property which is "assigningAuthorityId" in /home/hiauser/SUNWappserver/domains/domain1/config/nhin/adapter.properties file.

   Table 1-1 List of Properites in the patient-feed.properties File

   Property Name	Description	Example
   enable-aa-patient-feed	"true" enables sending Assigning Authority patient feed to RLS, "false" disables it. In order for Secure Health Email to work, feed must be enabled.	true
   registry-endpoint	The URL of RLS or XDS.b Doc Registry Web service endpoint URL.	http://<RLS_HOST>:8080/axis2/services/xdsregistryb
   assigning-auth-oid	The Assigning Authority OID that OHMPI uses while sending a patient feed to RLS.	1.3.6.1.4.1.21367.2010.1.2.300
   assigning-auth-name	The Assigning Authority Name.	OHMPI Assigning Auth
   pix/device/universalID	The Object ID (OID) of the PIX V3 Device UniversalID.	1.3.6.1.4.1.21367.13.10.380
   pix/device/namespaceID	The PIX V3 Device Namespace.	PIX_X_REF_MGR_Oracle
   pix/organization/universalID	The OID of the PIX V3 Organization UniversalID.	1.3.6.1.4.1.21367.13.50.5380
   pix/organization/namespaceID	The PIX V3 Organization NamespaceID.	Oracle

   
   

1.4.4 Configuring the OHIM OHMPI Oracle Database

To configure your Oracle Database to be used with OHMPI:

1. Log in to the VM as hiauser (default password: hiapass).

2. Copy the file from ~hiauser/config/scripts/hia11_ohmpi_db.tgz to the host where you have a SQL Plus client present in the PATH and Bash or Sh shell is available. Uncompress the contents (for example, tar -zxvf hia11_ohmpi_db.tgz)

3. Login to the host having SQL Plus, and change the directory to where you copied/extracted the files in the previous step.

4. Update create_mpi_user_tables.sh for the below variables.

   baseScriptsDir: Current directory

   DB_ADMIN_ID: Root or Id in your Oracle DB having access to create table spaces and users

   DB_ADMIN_PASS: Password for above Id

   DB_HOST: Database host

   DB_PORT: Database port

   DB_SID: Database SID

   MPI_USER: MPI user name

   MPI_USER_PASS: Password for mpi user

5. To make sure that sqlplus is available in the path, run the script create_mpi_user_tables.sh as follows:

   >bash create_mpi_user_tables.sh

1.4.5 Installing Self-signed Certificates on OHIG Adapter VM (if not done already)

1. Log in to the Adapter VM as hiauser (password: hiapass)

2. Stop the application server using the following commands:

   1. > cd /home/hiauser/SUNWappserver/bin

   2. > asadmin stop-domain domain1

3. Navigate to the directory /home/hiauser/config/scripts using the following command:

   > cd /home/hiauser/config/scripts

4. Run the script create-and-import-selfsigned-certs.sh to install the self-signed certificate. It does the following things:

   • Creates the keystore for the private internal key

   • Exports the certificate that will authenticate the internal key

   • Imports the trusted certificates into the truststore

   • Provides these certificates to appserver to use for authentication purposes

   > sh create-and-import-selfsigned-certs.sh

5. Install the certificates from the other components that will communicate with the Adapter (Gateway, OHMPI, Record Locator, Policy Engine, and so on). Copy the certificate of the component VM <VM_HOSTNAME.cer> to the /home/hiauser/SUNWappserver/domains/domain1/config folder. Navigate to and run the scripts /home/hiauser/config/scripts/import-others-cert.sh. When prompted by the scripts, enter the VM hostname (it should match with the cert file you copied to the config folder without ".cer" suffix).

   >bash import-others-cert.sh

1.4.6 Installing Self-signed certificates on OHIG Gateway VM (if not done already)

1. Log in to the Gateway VM as hiauser (password: hiapass)

2. Stop the application server using the following commands:

   1. > cd /home/hiauser/SUNWappserver/bin

   2. > asadmin stop-domain domain1

3. Navigate to the directory /home/hiauser/config/scripts using the following command:

   > cd /home/hiauser/config/scripts

4. Run the script create-and-import-selfsigned-certs.sh to install the self-signed certificate. It does the following things:

   • Creates the keystore for the private internal key

   • Exports the certificate that will authenticate the internal key

   • Imports the trusted certificates into the truststore

   • Provides these certificates to appserver to use for authentication purposes

   > sh create-and-import-selfsigned-certs.sh

5. Install the Adapter VM certificate. Copy the certificate of Adapter VM <ADAPTER_ VM_HOSTNAME.cer> to the /home/hiauser/SUNWappserver/domains/domain1/config folder. Navigate to and run the scripts /home/hiauser/config/scripts/import-others-cert.sh. When prompted by the scripts, enter the Adapter VM hostname (it should match with the cert file you copied to the config folder without ".cer" suffix).

   >bash import-others-cert.sh

1.4.7 Installing and Configuring OHIM OHMPI

Note:

You need to setup your Oracle Database as described in previous section before proceeding with this section.

1. Log in to the OHIM OHMPI VM as hiauser (default password: hiapass).

   Note:

   When hiauser is used to login, proper environment variables and aliases are set.

2. Navigate to the /home/hiauser/config/scripts/ folder. Modify update_mpi_gf_resources.sh, set AS_HOME to the target GlassFish installation directory.

   Run update_mpi_gf_resources.sh.

   >bash update_mpi_gf_resources.sh

   It will ask you for following input:

   • Please enter Oracle database host: Enter the mpi database host

   • Please enter Oracle database port: Enter the database port number

   • Please enter Oracle database SID: Enter the oracle SID (for example, orcl)

   • Please enter Oracle database SID: Enter the mpi user created in section 1.4.4 (see "Configuring the OHIM OHMPI Oracle Database")

   • Please enter password for mpi database user: Enter the password for the mpi user

   • Confirm password: Confirm the password

   This script will update domain.xml and set the database connection property.

3. This step produces a self-signed certificate for use during initial installation and testing. Use appropriate signed certificates for production use.

   Note:

   Before proceeding to the next step, make sure that the hostname does not return a fully configured name for the Virtual Machine. Please check the following commands before proceeding:

   > hostname (should return just the hostname)

   > hostname -f (should return a fully configured hostname)

   > hostname -d (should return the domain)

   Navigate to and run the scripts ~hiauser/config/scripts/create-and-import-selfsigned-certs.sh.

   >bash create-and-import-selfsigned-certs.sh

   The script specifically does following things:

   • Creates the keystore for the private internal key

   • Exports the certificate that will authenticate the internal key

   • Imports the trusted certificates into the truststore

   • Provides these certificates to appserver to use for authentication purposes

4. Install the Adapter VM certificate. Copy the certificate of Adapter VM <ADAPTER_VM_HOSTNAME.cer> to the /home/hiauser/OracleHealthcareMPIv1_1/glassfish/domains/domain1/config folder. Navigate to and run the scripts /home/hiauser/config/scripts/import-others-cert.sh. When prompted by the scripts, enter the Adapter VM hostname (it should match with cert file you copied to the config folder without ".cer" suffix).

   >bash import-others-cert.sh

5. Start the application server using the following commands

   1. > cd /home/hiauser/OracleHealthcareMPIv1_1/glassfish/bin

   2. > asadmin start-domain domain1

6. Login to OHMPI Master Index Data Manager (MIDM) web application.

   http://<ohmpi_host_url>:8080/PatientMIDM

   A default user with MasterIndex.Admin,Administrator group privileges has already been created in the GlassFish File realm.

   • User: mdm

   • Password: mdm

   You can use the above to log in to, or modify, the MIDM before use. Consult the GlassFish Admin guide for usage.

7. Create the following patients in the MIDM by clicking on the Source Record tab and choosing Add.

   System: SelfTest System 1

   LocalID: D123401

   FirstName: Gallow

   LastName: Younger

   SSN: 999-99-9999

   Gender: Male

   Date of Birth: 06/27/1999

   Address Type: street address line

   Address Line1: 123 Main street

   City: LEESBURG

   State Code: VA

   Postal Code: 20176

   System: SelfTest System 1

   LocalID: D123407

   FirstName: Jordy

   LastName: LaForge

   SSN: 999-99-9999

   Gender: Female

   Date of Birth: 11/14/1923

   Address Type: delivery address line

   Address Line1: 5804 Post Corners Trl

   City: Centerville

   State Code: VA

   Postal Code: 20120

   System: SelfTest System 1

   LocalID: D123409

   FirstName: Audrey

   LastName: Kim

   SSN: 999-99-9999

   Gender: Female

   Date of Birth: 03/14/1980

   Address Type: street address line

   Address Line1: 14701 Demming Drive

   City: Gainsville

   State Code: VA

   Postal Code: 20155

   System: SelfTest System 1

   LocalID: D123402

   FirstName: Anna

   LastName: Schnur

   SSN: 999-99-9999

   Gender: Female

   Date of Birth: 08/13/1956

   Address Type: street address line

   Address Line1: 312 HILL ROAD

   City: HILLSBRO

   State Code: MO

   Postal Code: 37660

   Note that the EUID returned on each of the above patients and update the PatientID in the NHINC and RLS databases. Follow the instructions below:

   To update the NHINC database with new patient ids:

   1. Copy the file from ~hiauser/config/scripts/hia11_ohmpi_nhinc_db.tgz to the host where you have a SQL Plus client present in the PATH and Bash or Sh shell is available. Uncompress the contents (for example, tar -zxvf hia11_ohmpi_nhinc_db.tgz).

   2. Update script nhinc3_upd_nhinc_patients.sh with variable "oracleDBScriptsDir" pointing to the path where the above file was extracted.

   3. Run the script nhinc3_upd_nhinc_patients.sh.

      > bash nhinc3_upd_nhinc_patients.sh

   4. The script will prompt for OHIG Oracle database host, port, SID, and NHINCUSER database user password.

   5. When prompted, enter new patient Ids for the patients D123401/Gallow Younger, D123407/Jordy LaForge, D123409/Audrey Kim, and D123402/Anna Schnur.

   To update the RLS database with new patient ids:

   1. Copy the file from ohmpi VM, ~hiauser/config/scripts/hia11_ohmpi_rls_db.tgz to the host where you have a SQL Plus client present in the PATH and Bash or Sh shell is available. Uncompress the contents (for example, tar -zxvf hia11_ohmpi_rls_db.tgz).

   2. Update script nhinc3_upd_rls_patients.sh with variable "oracleDBScriptsDir" pointing to the path where the above file was extracted.

   3. Run the script nhinc3_upd_rls_patients.sh.

      > bash nhinc3_upd_rls_patients.sh

   4. The script will prompt for RLS Oracle database host, port, SID, and ADT and OMAR database users passwords.

   5. When propmpted enter new patient Ids for patients D123401/Gallow Younger, D123407/Jordy LaForge, D123409/Audrey Kim and D123402/Anna Schnur.

1.5 Configuring CONNECT Software on OHIG Adapter VM and Gateway VM for OHMPI

1. Log in to the OHIG Adapter VM using hiauser (password: hiapass).

   Note:

   Follow the same steps for OHIG Gateway VM.

2. Update the NHIN configuration file at ~hiauser/SUNWappserver/domains/domain1/config/nhin/internalConnectionInfo.xml.

   Locate or add the service muralmpi under your local Gateway's OID. Set the endpoint to point to the OHMPI just configured as shown below:

   <service>

   <name>muralmpi</name>

   <description>Mural MPI Database</description>

   <endpointURL>http://<OHMPI_HOST>:8080/PatientEJBService/PatientEJB</endpointURL>

   </service>

3. Modify the adaptercomponentmpiservice end point to use the MuralMPIEJB Adapter end point by changing the following:

   <service>

   <name>adaptercomponentmpiservice</name>

   <description>Master Patient Index Component</description>

   <endpointURL>http://<ADAPTER_HOST>:8080/CONNECTAdapter/AdapterComponentMpiService</endpointURL>

   </service>

   to

   <service>

   <name>adaptercomponentmpiservice</name>

   <description>Master Patient Index Component</description>

   <endpointURL>http://<ADPATER_HOST>:8080/NhinConnect/AdapterComponentMpiService</endpointURL>

   </service>

1.6 Validating the Configuration

Using the sample universal client distributed with the Gateway:

1. Launch the application by navigating to the following URL:

   http://<GATEWAY_VM_IP>:8080/UniversalClientGUI/

2. Search for the patient with the last name Younger.

3. If the installation is correct, this returns a page with the PatientId for the patient.

   Note:

   This patient ID now comes from OHMPI.

4. Click on the PatientId hyperlink for additional details on the patient.

   The Document tab is now enabled and you can search for patient documents by date range.

5. Search for date range 08/01/2000 to 08/01/2010.

6. Click on the document URL to retrieve the document.

1.7 Avoiding a Java Security Certificate Exception

To avoid a java.security.cert.CertificateException you need to ensure that your OHIG/OHIM hostnames are not fully qualified.

To Make the Hostname Not Fully Qualified

1. Set the OHIM and OHIG hostnames to be not fully qualified.

2. Add aliases for all hosts.

3. Regenerate and re-import the certificates.

4. Restart all the servers.

5. Test that you do not have a Java security certificate exception.