2 Setting Up Oracle Health Sciences Information Gateway CONNECT Gateway and Adapter

This chapter provides general directions for setting up OHIG CONNECT. It contains the following topics:

• Prerequisites

• Setting up the Network

• Exchanging Certificates

• Installing Oracle Health Sciences Information Gateway CONNECT Gateway and Adapter

• Validating Oracle Health Sciences Information Gateway CONNECT using Universal Client

• Validating Oracle Health Sciences Information Gateway CONNECT using Soap UI Validation Suite

2.1 Prerequisites

2.1.1 Prerequisites for Installing Common Oracle Health Sciences Information Gateway CONNECT

Perform the following steps for a common install of OHIG CONNECT:

1. Extract the installer .tgz file by executing the following commands:

   $ tar -zxvf ohig_connect_installer.tgz
   $ cd ohig_connect_installer
   

2. Create database tables by executing the following commands:

   $ cd <install_dir>/addons/connect/oracle_db
   $ sqlplus
   SQL*Plus: Release 11.1.0.6.0 - Production on Thu Jul 19 12:34:18 2012
   Enter user-name: sys as sysdba
   Enter password:
   SQL> @nhincdb_oracle.sql;
   Commit complete.
   SQL> quit
   

2.1.2 Prerequisites for WebLogic Oracle Health Sciences Information Gateway CONNECT Install

2.1.2.1 Setting up Java Secure Socket Extension (JSSE) Compatible Demo Trust and Identity Keystores

2.1.2.1.1 Creating Java Secure Socket Extension (JSSE) Compatible Keystores from DemoTrust.jks and DemoIdentity.jks

Example Environment Variables

MW_HOME=/home/hiauser/Oracle/Middleware
JAVA_HOME=/home/common/java/jdk1.7.0
JAVA_VENDOR=Sun
WL_SERVER_DIR=$MW_HOME/wlserver_10.3
WL_DOMAIN_DIR=$MW_HOME/user_projects/domains/domain1

Execute the following commands:

1. List the original demo truststore:

   $ keytool -list -keystore $WL_SERVER_DIR/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrase -v
   

2. List the original demo identity keystore:

   $ keytool -list -keystore $WL_SERVER_DIR/server/lib/DemoIdentity.jks -storepass DemoIdentityKeyStorePassPhrase -v
   

3. Create Java Secure Socket Extension (JSSE) compatible demo truststore:

   $ keytool -importkeystore -srckeystore $WL_SERVER_DIR/server/lib/DemoTrust.jks -destkeystore $WL_SERVER_DIR/server/lib/DemoTrustChangeit.jks -srcstoretype JKS -deststoretype JKS -srcstorepass DemoTrustKeyStorePassPhrase -deststorepass changeit
   

4. Create JSSE compatible demo identity keystore:

   $ keytool -importkeystore -srckeystore $WL_SERVER_DIR/server/lib/DemoIdentity.jks -destkeystore $WL_SERVER_DIR/server/lib/DemoIdentityChangeit.jks -srcstoretype JKS -deststoretype JKS -srcstorepass DemoIdentityKeyStorePassPhrase -deststorepass changeit -srcalias demoidentity -destalias demoidentity -srckeypass DemoIdentityPassPhrase -destkeypass changeit -noprompt
   

5. List JSSE compatible demo truststore:

   $ keytool -list -keystore $WL_SERVER_DIR/server/lib/DemoTrustChangeit.jks -storepass changeit -v
   

6. List JSSE compatible demo identity keystore:

   $ keytool -list -keystore $WL_SERVER_DIR/server/lib/DemoIdentityChangeit.jks -storepass changeit -v
   

2.1.2.1.2 Configuring Custom WebLogic Trust and Identity Keystores

1. Update WebLogic security through the console:

   1. Log into http://localhost:7001/console/.

   2. Navigate to Home > Summary of Environment > Summary of Servers > AdminServer.

   3. Under the General tab, enter the following values in the respective fields:

      Listener Port Enabled =true

      Listener Port =7001

      SSL Listener Port Enabled =true

      SSL Listener Port =7002

   4. Under the Configuration/Keystores tab, enter the following values in the respective fields:

      Custom Identity and Custom Trust =true

      Keystores =Custom Identity and Custom Trust

      Custom Identity Keystore =/home/hiauser/Oracle/Middleware/wlserver_10.3/server/lib/DemoIdentityChangeit.jks

      Custom Identity Keystore Type =JKS

      Custom Identity Keystore Passphrase =changeit

      Custom Trust Keystore =/home/hiauser/Oracle/Middleware/wlserver_10.3/server/lib/DemoTrustChangeit.jks

      Custom Trust Keystore Type =JKS

      Custom Trust Keystore Passphrase =changeit

   5. Under the Configuration/SSL tab, enter the following values in the respective fields:

      Private Key Location =from Custom Identity Keystore

      Private Key Alias =demoidentity

      Private Key Passphrase =changeit

      Certificate Location =from Custom Identity Keystore

      Trusted Certificate Authorities =from Custom Trust Keystore

   6. Under the Advanced tab, enter the following values in the respective fields:

      Select Hostname Verification =None

      Note:

      This setting is not recommended for the production environment.

2. Install shared libraries:

   • jsf-1.2.war

   • jstl-1.1.2.war

   Shared libraries can be found in /home/hiauser/Oracle/Middleware/wlserver_10.3/common/deployable-libraries.

   Note:

   The following is required for OHIG CONNECT Universal Client GUI:

   jsf-1.2.war
   jstl-1.1.2.war
   

3. Edit WebLogic installation information:

   Note:

   This script should be used to start WebLogic before and after deploying OHIG CONNECT.

   $ cd <install_dir>/addons/connect/scripts
   $ vi connect-start-weblogic.sh
   

4. Use the OHIG CONNECT WebLogic Start Script:

   $ sh ./connect-start-weblogic.sh
   

2.1.3 Prerequisites for Testing Oracle Health Sciences Information Gateway CONNECT

1. Update firewall settings. For more information on updating firewall settings, refer to Setting up the Network.

2. Exchange certificates between gateway and adapter machines. For more information on exchanging information, refer to Exchanging Certificates.

3. Load sample documents.

   $ cd <install_dir>/addons/connect/oracle_db $sqlplus
   SQL*Plus: Release 11.1.0.6.0 - Production on Thu Jul 19 12:34:18 2012
   Enter user-name: sys as sysdba
   Enter password:
   SQL> DROP TABLE nhincuser.document;
   Table dropped.
   SQL> quit
   $ imp nhincuser/nhincpass file=populateTestData_oracle.dmp log=output.log full=yes
   Import terminated successfully without warnings.
   

2.2 Setting up the Network

This section provides information for the GlassFish network setup and the WebLogic network setup.

2.2.1 Setting up the GlassFish Network

Perform the following steps to setup the GlassFish network:

1. Allow external connections to http port and SSL http port by opening incoming ports:

   # cd /etc/sysconfig/# vi iptables
   

2. Add the following lines:

   -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
   -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 8181 -j ACCEPT
   

3. Restart the service.

   # service iptables restart
   Flushing firewall rules: [OK ]
   

2.2.2 Setting up the WebLogic Network

Perform the following steps to setup the WebLogic network:

1. Allow external connections to http port and SSL http port by opening incoming ports:

   # cd /etc/sysconfig/# vi iptables
   

2. Add the following lines:

   -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7001 -j ACCEPT
   -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 7002 -j ACCEPT
   

3. Restart the service:

   # service iptables restart
   Flushing firewall rules: [OK ]
   

2.3 Exchanging Certificates

2.3.1 Exchanging GlassFish Certificates

Perform the following steps to exchange GlassFish certificates:

Example Environment Variables

JAVA_HOME=/home/common/java/jdk1.7.0
ANT_HOME=/home/common/ant/apache-ant-1.8.2
AS_HOME=/home/hiauser/SUNWappserver
JAVA_VENDOR=Sun
 
AS_SERVER_DIR=$AS_HOME
AS_DOMAIN_DIR=$AS_HOME/domains/domain1

1. Export the demo identity certificate:

   $ keytool -export -keystore $AS_DOMAIN_DIR/config/identity.jks -storepass changeit -alias identity -file <machine1_host_name>.cer
   

2. Copy the demo identity certificate remotely:

   $ scp -rp <machine1_host_name>.cer hiauser@<machine2_host_name>:/home/hiauser/downloads/certs
   

3. Copy the trusted identity certificate locally:

   $ scp hiauser@<machine2_host_name>:/home/hiauser/SUNWappserver/domains/domain1/config/<machine2_host_name>.cer .
   

4. Import the trusted identity certificate:

   $ keytool -import -keystore $AS_DOMAIN_DIR/config/cacerts.jks -storepass changeit -alias <machine2_host_name> -file <machine2_host_name>.cer -trustcacertsTrust this certificate? [no]: yes 
   

5. List the truststore:

   $ keytool -list -keystore $AS_DOMAIN_DIR/config/cacerts.jks -storepass changeit -v
   

2.3.2 Exchanging WebLogic Certificates

Perform the following steps to exchange WebLogic certificates:

Example Environment Variables

MW_HOME=/home/hiauser/Oracle/Middleware
JAVA_HOME=/home/common/java/jdk1.7.0
JAVA_VENDOR=Sun
 
WL_SERVER_DIR=$MW_HOME/wlserver_10.3
WL_DOMAIN_DIR=$MW_HOME/user_projects/domains/domain1

1. Export the demo identity certificate:

   $ keytool -export -keystore $WL_SERVER_DIR/server/lib/DemoIdentityChangeit.jks -storepass changeit -alias demoidentity -file <machine1_host_name>.cer
   

2. Copy the demo identity certificate remotely:

   $ scp -rp <machine1_host_name>.cer hiauser@<machine2_host_name>:/home/hiauser/downloads/certs
   

3. Copy the trusted identity certificate locally:

   $ scp hiauser@<machine2_host_name>:/home/hiauser/Oracle/Middleware/wlserver_10.3/server/lib/<machine2_host_name>.cer .
   

4. Import the trusted identity certificate:

   $ keytool -import -keystore $WL_SERVER_DIR/server/lib/DemoTrustChangeit.jks -storepass changeit -alias <machine2_host_name> -file <machine2_host_name>.cer -trustcacerts
   

5. List the truststore:

   $ keytool -list -keystore $WL_SERVER_DIR/server/lib/DemoTrustChangeit.jks -storepass changeit -v
   

2.4 Installing Oracle Health Sciences Information Gateway CONNECT Gateway and Adapter

Execute the following commands to install the CONNECT Gateway and Adapter:

$ tar -zxvf ohig_connect_installer.tgz
$ cd ohig_connect_installer
$ java -jar ohig_connect_installer.jar

To follow prompts, refer to Appendix A, "Running Oracle Health Sciences Information Gateway CONNECT Installer".

2.5 Validating Oracle Health Sciences Information Gateway CONNECT using Universal Client

The OHIG CONNECT adapter comes with an internal implementation of MPI, Document Registry, and Document Repository services that are enabled by default. These services are available for testing purposes only.

To validate the CONNECT software on the OHIG Gateway and Adapter, perform the following steps:

1. Start the application server on both the gateway and adapter.

2. Validate the installation using the sample universal client distributed with the adapter:

   1. Launch the application by navigating to the following URL:

      http://<adapter_host_ip >:7001/CONNECTUniversalClientGUI/

   2. Search for patient with last name "Younger".

   3. If the installation is correct, this returns a page with the Patient ID for the patient.

   4. Click PatientId for additional details on the patient.

   5. The Document tab is now enabled and you can search for patient documents by date range. Search for date range 08/01/2000 to 08/01/2010.

2.6 Validating Oracle Health Sciences Information Gateway CONNECT using Soap UI Validation Suite

2.6.1 Running Validation Suite Tests

Perform the following steps to run validation suite tests:

1. Setup soapUI:

   $ cp <install_dir>/addons/connect/oracle_db/ojdbc6.jar to <soapui_install_dir>/bin/ext
   

2. Load soapUI tests:

   $ cd <config_nhin_dir>/ValidationSuite
    
   1-InternalSelfTest_g0-soapui-project.xml
   1-InternalSelfTest_g1-soapui-project.xml
   2-EndToEndSelfTest_g0-soapui-project.xml
   2-EndToEndSelfTest_g1-soapui-project.xml
   4-ConnectionManagerTest-soapui-project.xml
   

   Note:

   If running from an alternate machine, copy the /<config_nhin_dir> directory and edit the *.xml wsdl paths to reflect the new location.

3. Tar nhin directory:

   $ cd <domain_config_dir>
   $ tar cvf nhin.tar nhin 
   

4. Copy the remote file:

   $ scp hiauser@<remote_host>:<domain_config_dir>/nhin.tar .