Secure installation and configuration

Installation overview

Use the information in this chapter to ensure the Healthcare Data Repository application is installed and configured securely. For information about installing and configuring the Healthcare Data Repository application, see the Installation Guide.

Secure Socket Layer (SSL)

To encrypt the transmission of data between the application server and the applications that consume HDR APIs, you must enable the Secure Socket Layer (SSL) port on the HDR managed server and obtain an X.509 certificate using your company certificate store or a third party to configure the HDR managed server SSL certificates.

Configure strong database passwords

When you install the Healthcare Data Repository application, a system database administrator user is created. Only a system database administrator can perform the installation. Ensure all your database schema passwords for HDR, ETS and HDR_CONFIG users are strong passwords.

Close all unused ports

Keep only the minimum number of ports open. You should close all ports not in use.

The Healthcare Data Repository application uses the following ports:

WebLogic admin server SSL port for users who administer the HDR application.
WebLogic managed server SSL port for accessing the HDR.

Disable all unused services

Disable all unknown, unused services running on the HDR WebLogic instance.

Post-installation configuration

Restrict access to Healthcare Data Repository server machines

Allow only administrator and system accounts access to the Healthcare Data Repository application server and database server machines.

Limit the number of users with access to the server machines. Disable or delete any unnecessary users.

Configure strong user passwords

Configure password options to require a secure level of complexity. For example, a minimum required password length of 8 characters requires users to create more secure and complex passwords than a minimum required password length of 6 characters.