Oracle® Health Sciences Information Manager Policy Monitor Installation and Configuration Guide Release 3.0 E61289-01 |
|
|
PDF · Mobi · ePub |
This chapter provides information about the OHIM Policy Monitor components and templates.
The Policy Monitor implements an Audit Record Repository (ARR) as required by the ATNA profile. The following links provide some context as to what "ARR" represents in this guide. Before setting up your OHIM Policy Monitor, Oracle recommends you review these links.
Audit Trail and Node Authentication (ATNA) Integration Profile
which is built on top of the following:
Security Audit and Access Accountability Message XML Data Definitions for Healthcare Applications
The Syslog Protocol
Transmission of Syslog Messages over Transport Layer Security (TLS)
Transmission of Syslog Messages over User Datagram Protocol (UDP)
Note:
The above links open documents that deal with the Internet Protocol suite, specifically Internet Official Protocol Standards (STD1) as related to ARR. They provide critical technical information about secure transmission of data over the internet, including node authentication and an audit trail. It is recommended that you read them.The Policy Monitor is called the Audit Record Repository Server in Oracle Healthcare Master Person Index Working With IHE Profiles (Part Number E18591-01).
This chapter includes the following sections:
Section 2.2, "Configuring Oracle Health Sciences Information Manager Policy Monitor"
Section 2.3, "Starting the Oracle Health Sciences Information Manager Policy Monitor"
Execute the following commands to install the Policy Monitor:
$ tar -zxvf ohim_hpm_installer.tgz
$ cd ohim_hpm_installer
$ java -jar ohim_hpm_installer.jar
To follow the prompts, see Appendix A, "Running the Oracle Health Sciences Information Manager Policy Monitor Installer".
This section is applicable only if you are migrating from 2.0 or 2.0.1.
On Source database:
From Policy Monitor DB user, export the table data (not the table structures) into a dump file.
Note down the value of SEQ_COUNT column of the SEQ_GEN sequence from the SEQUENCE table.
On Target database:
Create the tables using the create tables
command. See Appendix B.
Import the data using the dump file that was generated in step 1a into Policy Monitor DB user.
Update the SEQ_COUNT column value of the SEQ_GEN sequence with the value in step 2b.
From this release of OHIM Policy Monitor, you are not required to manually edit the file. You will be prompted through the script. Execute the following code to configure the OHIM Health Policy Monitor properties.
> cd <arr_install_dir>/bin
> ant -f arr.xml create-arr-properties-file
[input] Choose target database [input] Enter oracle_host [input] Enter oracle_port [input] Enter oracle_sid [input] Enter oracle_username [input] Enter oracle_password [input] Enter arr_port [input] Enter property_file_name
To edit a password in a properties file:
> ant -f arr.xml update-config-properties-file-password
To edit a property in a properties file:
> ant -f arr.xml update-config-properties-file-property
For more information, see Appendix E, "Password Encoding".
Note:
To open ports below 1024 require root permissions.Perform the following steps to setup the network:
Open incoming ports to let external connections to UDP and TLS port.
# cd /etc/sysconfig/
# vi iptables
Add the following lines:
-A RH-Firewall-1-INPUT -m state --state NEW -m udp -p udp --dport 514 -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 6514 -j ACCEPT
Restart the service.
# service iptables restart
Flushing firewall rules: [OK]
Note:
Before proceeding to the next step, ensure that the host name does not return a fully qualified name for the machine. Check the following commands before proceeding:Check that the following command returns a non-fully qualified name:
> hostname
Check that the following command returns a fully qualified name:
> hostname -f
Check that the following command returns the domain:
> hostname -d
Perform the following steps to create and import self-signed certificates:
> cd <arr_install_dir>/bin
Execute create-and-import-selfsigned-certs.sh
to install the self-signed certificate.
> sh create-and-import-selfsigned-certs.sh
This performs the following:
creates the keystore for the private internal key
exports the certificate that authenticates the internal key
imports the trusted certificates into the truststore
provides these certificates to the server to use for authentication purposes
Note:
Before proceeding to the next step, copy the certificate of the host computer<HOSTNAME.cer>
to <arr_install_dir>/bin/keystore
folder.To install a host machine's certificate, run the script import-hostname-cert.sh
:
> sh import-hostname-cert.sh
Enter the host name of the machine whose certificate is being imported into the truststore: <HOSTNAME>
.
To avoid a java.security.cert.CertificateException
, you must ensure that your OHIM host names are not fully qualified.
To Make the Host Name Not Fully Qualified
Set the OHIM host names to be not fully qualified.
Add aliases for all hosts.
Regenerate and reimport the certificates.
Restart all the servers.
Test that you do not have a Java security certificate exception.
Start the server using the following command:
> cd <arr_install_dir>/bin
To start in UDP mode:
> arr.sh -propertyfile <ARR_PROPERTIES_FILE> -command start-udp-server
To start in TLS mode:
> arr.sh -propertyfile <ARR_PROPERTIES_FILE> -command start-tls-server
To start in TCP mode:
> arr.sh -propertyfile <ARR_PROPERTIES_FILE> -command start-tcp-server