CONNECT Linux Full Binary System Installation and Configuration Manual
Version 1.1
CONNECT Release 2.1
20 November 2009
Prepared by:
HARRIS CORPORATION
Government Communications
Systems Division
1025 West Nasa Blvd
Melbourne, FL USA 32919
REVISION HISTORY
REVISION | DATE | DESCRIPTION |
- | 17 November 2009 | Initial Release – Modified from Solaris Installation and Configuration Guide for release 2.1 |
1.1 | 20 November 2009 | Changes to section 7.1, 7.2, 7.3, 7.4, 7.5 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
TABLE OF CONTENTS
1.0 INTRODUCTION 6
1.1 Purpose 6
1.2 Scope 6
1.3 Document Description 6
2.0 REFERENCED DOCUMENTS 6
3.0 INSTALLATION CHECKLIST 6
3.1 Installation and Configuration Checklist 7
4.0 OID REQUEST SUBMITTAL PROCESS 7
5.0 TEST DEPLOYMENT FOOTPRINT 7
5.1 Hardware Requirements 7
5.2 Software Requirements 8
5.3 VLER Adapter Interface (WSDL) Ports 9
6.0 LINUX INSTALL AND CONFIGURATION INSTRUCTIONS 10
6.1 Install Prerequisite Software 10
6.1.1 Prerequisite Software Catalog 10
6.1.2 Prerequisite Software Installation 11
6.2 ENVIRONMENT CONFIGURATION 13
6.3 GLASSFISH COMPONENT INSTALL AND CONFIGURATION INSTRUCTIONS 14
6.3.1 Glassfish Component Catalog 14
6.3.2 Glassfish Component Installation 16
6.3.3 Configure Third Party Components in Glassfish 18
6.4 Install and Configure MySQL 19
6.4.1 Installation 19
6.4.2 Starting and Stopping MySQL 19
6.4.3 Configuring MySQL 20
7.0 SSL CERTIFICATE REQUEST AND INSTALLATION PROCESS 21
7.1 Generate Certificate Request 22
7.2 Download Root Certificate 23
7.3 Send Certificate Request 23
7.4 Install the Certificate 23
8.0 VLER ADAPTER CONFIGURATION 25
8.1 Configuration Settings 25
8.1.1 Metro 1.4 Installation Settings 25
8.1.2 Glassfish Application Variables 26
8.1.3 CONNECT Interfaces/Property/Configuration File Settings 27
8.2 Connection Management 28
8.2.1 adapterServicesMapping.xml File 29
8.2.2 dod_connector.properties File 29
8.3 Reidentification.xml 29
8.4 Gateway Properties 29
8.5 Adapter Properties 30
8.6 Connection EPR Properties 30
8.7 Component Proxy Spring Configuration Properties 30
8.7.1 HIEM Topic Configuration Properties 30
9.0 DEPLOYMENT 31
9.1 Deploying applications to Glassfish 31
9.1.1 CONNECT Adapter Components. 32
9.1.2 TATRC Universal Adapter Components. 32
9.1.3 Update Glassfish lib and property files 33
9.1.4 Deployment of CONNECT Components 33
9.1.5 Deployment of Universal Adapter Extensions 34
9.2 Configuration Files 34
9.2.1 Log4j 34
9.2.2 Connection Pools 34
10.0 ACRONYMS 37
LIST OF APPENDICES
LIST OF figures
Figure 8.1.2-1: Glassfish Application Variables 27
Figure A.2-1: HL7-OID Registration Home Page 40
Figure A.2-2: Complete Contact Information 41
Figure A.2-3: Select type of OID 42
Figure A.2-4: Registry Wizard 43
Figure A.2-5: HL7 OID Description 44
Figure A.2-6: OID Registration Confirmation 45
Figure A.2-7: OID Email Confirmation 46
Figure A.2-8: Searching by OID number 47
Figure A.2-9: Search by OID Description 48
LIST OF TABLES
Table 3.1-1 Installation and Configuration Checklist 7
Table 5.1-1 Hardware Requirements 8
Table 5.2-1 Software Requirements 8
Table 9.1.1-1 CONNECT Adapter Components 32
Table 9.1.2-1 TATRC Adapter Components 32
This document is the installation and configuration manual for installing the VLER adapter the Linux Operating System. This document targets the installation and configuration of the CONNECT adapter components with the TATRC extensions. Some components required during the installation and configuration of the adapter software requires privileged access to the target machine. The recommended configuration for Linux is to create a separate partition for the installation and configuration of the third-party products used by the VLER adapter. For the purposes of this installation manual, that partition is named /nhin. The privileged account can be the root or another account that has the required privilege for the successful execution of the pkgadd command. If the target machine already has GNU tar installed, no privileged access is required.
The procedures in this document are applicable to installation of the VLER adapter on the Linux Operating System.
This document includes the following sections:
Section 1.0 Introduction
Section 2.0 Referenced Documents
Section 3.0 Installation Checklist
Section 4.0 OID Request Submittal Process
Section 5.0 Test Deployment Footprint
Section 6.0 Linux Install and Configuration Instructions
Section 7.0 SSL Certificate Request and Installation Process
Section 8.0 VLER Adapter Configuration
Section 9.0 Deployment
Section 10.0 Acronyms
VLER Gateway Installation and Configuration Guide
PAWS Installation and Configuration Guide
The following is a workflow/checklist that guides the reader through the steps required to install the VLER adapter.
Item | Procedural Step |
| Install JDK 1.6.0_13. This is the version that the current National Health Information Network (NHIN) CONNECT applications were developed against and the recommended version. See section 6.1.2.1. |
| Install ANT, v1.7.1. This is available from the release package. See section 6.1.2.2. |
| Install GlassFishESB, v2.1. This is available from the release package. See section 6.1.2.3. |
| Install third-party glassfish component jars into $AS_HOME/lib. See section 6.2 |
| Install and configure Metro 1.4 This is available from the release package. See section 8.1.1. |
| Install and configure MySQL database. This is available from the release package. See section 6.4. |
| Obtain a certificate from a Certificate Authority (CA) or create a self-signed cert. See section 7.0. |
| Define environment variables used during deployment. See section 8.0. |
| Deploy CONNECT adapter components using the deployment scripts provided with the release package. See section 9.1.5 |
| Deploy TATRC extensions using the deployment scripts provided with the release package. See section 9.1.6 |
| Configure the adapter environment including updates to properties files. The properties files are used to customize installation for each specific environment. See section 8.0. |
Table 3.1-1 Installation and Configuration Checklist
Each gateway has a unique identifier known as the OID (Object Identifier) or Home Community ID. The VLER adapter will use the same OID obtained for the VLER gateway.
This section describes the recommended minimum hardware component infrastructure including processor performance, disk space, and Random Access Memory (RAM) for the application server platform. This is provisional information subject to change based on continued development.
The Connect software requires two machines, each with the following minimum specifications:
Item | Version 2.0 |
Processor | Minimum i586 or equivalent |
RAM | Minimum of 2 GB |
Hard Disk Size | Application Dependent on the deployment configuration. For sizing purposes, assume 100K per CCD record, 1K per audit log record. |
Hard Disk Speed | Minimum of 7200 RPM and 10000 RPM preferred. |
Network Interface | 100MB Ethernet acceptable; 1GB Ethernet desirable |
Table 5.1-1 Hardware Requirements
This section describes any dependent software products.
Item | Description | Applies to Gateway Version | Platform |
Operating System | Operating system supported by Glassfish v2 and GlassFishESB v2.1. For additional information, refer to the specific installation instructions for Linux. | All | Server |
Java-JRE/JDK | Java Software Development Kit (SDK) 1.6 Update 13 | All | Server |
Application Server | Glassfish v2.1 (9.1.1) build b60e-fcs [This is bundled with the GlassFishESB] | All | Server |
Enterprise Service Bus (ESB) | GlassFishESB v2.1 build 20090201 | All | Server |
Communication Stack | Metro v1.4 | All | Server |
Network Protocol | TCP/IP | All | Server/Client |
Relational Database | MySQL 5.0 | 1.0 | Server |
Table 5.2-1 Software Requirements
The table below identifies all of the currently public Web Service Definition Language (WSDL) Interfaces supported by the VLER Adapter. This table includes the name of the WSDL, the services it handles, the port number, whether or not it is configurable, and whether or not it is Secure Sockets Layer (SSL). All ports in the VLER environment are configurable via either the Glassfish or Http Binding Component port settings.
WSDL | Services | Port | SSL |
AdapterAuditLogQuery | Audit Log Query | HttpDefaultPort | No |
AdapterDocQuery | Document Query | HttpDefaultPort | No |
AdapterDocRetrieve | Document Retrieve | HttpDefaultPort | No |
AdapterReidentification | Subject Discovery -Reidentification | HttpDefaultPort | No |
AdapterSubjectDiscovery | Subject Discovery - Announce and Revoke | HttpDefaultPort | No |
AdapterSubscriptionManagement | HIEM - Subscribe and Unsubscribe | HttpDefaultPort | No |
AdapterNotificationConsumer | HIEM - Notify | HttpDefaultPort | No |
EntityAuditLogQuery | Audit Log Query | HttpDefaultPort | No |
EntityDocQuery | Document Query | HttpDefaultPort | No |
EntityDocRetrieve | Document Retrieve | HttpDefaultPort | No |
EntitySubjectDiscovery | Subject Discovery - Announce, Revoke, and Reidentification | HttpDefaultPort | No |
EntitySubscriptionManagement | HIEM – Subscribe and Unsubscribe | HttpDefaultPort | No |
EntityNotificationConsumer | HIEM - Notify | HttpDefaultPort | No |
EntitySubscriptionManagement | HIEM - Subscribe and Unsubscribe | HttpDefaultPort | No |
EntityNotificationConsumer | HIEM - Notify | HttpDefaultPort | No |
This section describes installing prerequisite software as well as required third party glassfish components required for NHIN CONNECT adapter and gateway server installation. The components described in this section are provided with the release, or may be obtained from their original sources as described in the catalog sections.
The following sections assume the install media is available on the file system.
Set the INSTALL_DIR environment variable to the location of the install media.
shell> INSTALL_DIR=<location of install media on file system>
shell> export INSTALL_DIR
The following commands will extract binaries in the $HOME directory.
shell> cd $HOME
shell> gunzip < $INSTALL_DIR/NHIN_CONNECT_2.1_Thirdparty_rhel5_0707.tar.gz | tar xvf –
shell> gunzip < $INSTALL_DIR/NHIN_CONNECT_2.1_Gateway_rhel5_0707.tar.gz | tar xvf –
shell> gunzip < $INSTALL_DIR/NHIN_CONNECT_2.1_TATRC_rhel5_1115.tar.gz | tar xvf –
This section lists the third party components that are to be added to Glassfish. This catalog is included here for a reference only. These components are included with the release and installation instructions follow.
jdk:
Vendor/Publisher: Sun
Version: 1.6.0_13
URL: http://java.sun.com/products/archive/j2se/6u13/index.html
Components:
jdk-6u13-linux-i586.bin
ant:
Vendor/Publisher: Apache
Version: 1.7.1
URL: http://archive.apache.org/dist/ant/binaries/apache-ant.1.7.1-bin.tar.gz
Components:
apache-ant-1.7.1.bin.tar.gz
GlassFishESB:
Vendor/Publisher: Sun
Version: 2.1
URL: https://open-esb.dev.jva.net/Downloads.net
Components:
glassfishesb-v2.1-full-installer-linux.sh
Verify execute privilege is set on the self-extracting binary file. The default location for installation of the JDK is /nhin.
shell> cd /nhin
shell> chmod +x $HOME/Thirdparty/jdk-6u13-linux-i586.bin
shell> $HOME/Thirdparty/jdk-6u13-linux-i586.bin
The following steps are executed as a privileged user.
shell> cd /nhin
shell> gunzip < $HOME/Thirdparty/apache-ant-1.7.1-bin.tar.gz | tar xvf –
Glassfish install dir: /nhin/GlassFishESBv21/glassfish
Username: admin
Password: adminadmin
jms.port: 8686
admin.port: 4848
http.port: 8080
https.port: 8181
JDK: /nhin/jdk1.6.0_13
Netbeans: Not installed
You may use the default values, or enter custom values.
NOTE: Although the installer claims to run silently, an installation error invokes a dialog window which requires an X server to display. Viewing the logs and correcting the errors will ultimately allow the installer to complete silently, but it is recommended that you set the DISPLAY environment variable to an available X server.
shell> export DISPLAY=x.x.x.x:0.0
shell> cd $HOME/Thirdparty
shell> chmod +x glassfishesb-v2.1-full-installer-linux.sh
shell> ./glassfishesb-v2.1-full-installer-linux.sh –silent –state nhin-glassfish-state.xml
3. Update the permissions and access to the GlassFishESB directory structure to support runtime access from non-privileged users.
shell> chmod -R go+rx /nhin/GlassFishESBv21
shell> chmod –R go+w /nhin/GlassFishESBv21/glassfish/domains
4. Verify the permissions on the following directories are 777, if they aren’t issue a “chmod 777 <directory name> on each of those directories:
/nhin/GlassFishESBv21/jbi
/nhin/GlassFishESBv21/lib
/nhin/GlassFishESBv21/addons
/nhin/GlassFishESBv21/databases
/nhin/GlassFishESBv21/config
/nhin/GlassFishESBv21/domains
shell> groupadd glassfish
shell> useradd –g glassfish glassfish
shell> chgrp –R glassfish /nhin
shell> chown –R glassfish /nhin
You may add password protection to the glassfish user with the following command:
shell> passwd glassfish
6. Add GlassFish to the init startup/shutdown process.
Copy the startup/shutdown script to /etc/init.d and make it executable
shell> cp $HOME/TATRC_Extensions/glassfish-init /etc/init.d/glassfish
shell> chmod +x /etc/init.d/glassfish
Add the GlassFish startup/shutdown script to the automatic startup/shutdown configuration
shell> chkconfig --add glassfish
shell> chkconfig --level 345 glassfish on
7. Update the domain.xml file.
Update /nhin/GlassFishESBv21/domains/domain1/config/domain.xml file with memory management lines with the following jvm-options:
-Xmx1024m
-XX:MaxPermSize=256m
-XX:PermSize=256m
-Dlog4j.configuration=file:/nhin/Properties/log4j.properties
Additional logging can be enabled by adding the following JVM options to the domain.xml:
-Dcom.sun.xml.ws.transport.http.HttpAdapter.dump=true
-Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true
-Djavax.enterprise.resource.xml.webservices.security.level=FINE
-Djavax.enterprise.resource.webservices.jaxws=FINE
Copy the NHIN profile script to the default profile directory. Exit the shell and login again.
shell> cp $HOME/TATRC_Extensions/nhin-profile.sh /etc/profile.d/
shell> chmod 755 /etc/profile.d/nhin-profile.sh
shell> exit
Start the Glassfish application server using the init startup/shutdown script. Monitor the server.log in /nhin/GlassFishESBv21/domains/domain1/logs for status.
shell> /etc/init.d/glassfish start
shell> tail –f /nhin/GlassFishESBv21/domains/domain1/logs/server.log
Verify that glassfish started successfully (log will say “Application server startup complete”. This can also be verified by connecting to the web server endpoints (admin, http & https) with a web browser.
After verifying that glassfish started successfully, shutdown glassfish with the following command and continue with the installation:
shell> /etc/init.d/glassfish stop
This section describes installing required third party glassfish components required for NHIN CONNECT adapter and gateway server installation.
This section lists the third party components that are to be added to Glassfish.
This catalog is included here for a reference only. These components are included with the release and installation instructions follow.
Log4j:
Vendor/Publisher: Apache
Version: 1.2.15
URL: http://logging.apache.org/log4j/1.2/download.html
Components:
log4j-1.2.15.jar
Apache Commons Logging:
Vendor/Publisher: Apache
Version: 1.1.1
URL: http://commons.apache.org/downloads/download_logging.cgi
Components:
commons-logging-1.1.1.jar
Hibernate Relational Persistence for Java:
Vendor/Publisher: Hibernate
Version: 3.2.5 ga
URL: http://sourceforge.net/project/showfiles.php?group_id=40712
Components:
antlr-2.7.6.jar
asm-attrs.jar
asm.jar
cglib-2.1.3.jar
commons-collections-2.1.jar
dom4j-1.6.1.jar
ehcache-1.2.3.jar
hibernate3.jar
jdbc2_0-stdext.jar
jta.jar
c3p0-0.9.1.2.jar
Metro:
Vendor/Publisher: Sun Microsystems
Version: 1.4
URL: NHIN Wiki
Components:
webservices-api.jar
webservices-rt.jar
webservices-tools.jar
MySQL Connector / J (Data base drivers to connect to MySQL DB using Java): Vendor/Publisher: Sun Microsystems
Version: 5.0
URL: http://dev.mysql.com/downloads/connector/j/5.0.html
Components:
mysql-connector-java-5.0.8-bin.jar
XStream:
Vendor/Publisher: XStream
Version: 1.4
URL: http://xstream.codehaus.org/download.html
Components:
cglib-license.txt
cglib-nodep-2.1_3.jar
commons-lan-license.txt
dom4j-1.6.1.jar
dom4j-license.txt
jdom-1.0.jar
jdom-license.txt
jettison-1.0-RC2.jar
jettison-license.txt
joda-time-1.5.1.jar
joda-time-license.txt
junit-license.txt
oro-license.txt
stax-1.2.0.jar
stax-api-1.0.1.jar
wootstox-license.txt
wstx-asl-3.2.3.jar
xml-writer-0.2.jar
xom-1.1.jar
xom-license.txt
xpp3_min-1.1.4c.jar
xpp3-license.txt
xstream-1.3.jar
xstream-benchmark-1.3.jar
JDK 1.3 Components were included in the XStream download but should NOT be copied:
xalan-2.7.0.jar
xalan-license.txt
xercesImpl-2.8.1.jar
xerces-license.txt
xml-apis-1.3.0.4.jar
Spring Framework:
Vendor/Publisher: SpringSource
Version: 2.5.6
URL: http://www.springsource.com/download.html
Components:
spring.jar
spring-sources.jar
NOTE: For this installation do not use the tar command, and ensure you download the .zip file. At the time of writing these instructions, the tar.gz file found on the apache download site, has issues with Linux tar and GNU tar.
The following steps are executed as a privileged user.
shell> cd /nhin
shell> unzip $HOME/Thirdparty/apache-log4j-1.2.15
NOTE: For this installation do not use the tar command, and ensure you download the .zip file. At the time of writing these instructions, the tar.gz file found on the apache download site, has issues with Linux tar and GNU tar.
The following steps are executed as a privileged user.
shell> cd /nhin
shell> unzip $HOME/Thirdparty/commons-logging-1.1.1-bin
The following steps are executed as a privileged user.
shell> cd /nhin
shell> unzip $HOME/Thirdparty/c3p0-0.9.1.2.bin
This is using the GNU tar installed into /usr/local.
The following steps are executed as a privileged user.
shell> cd /nhin
shell> gunzip < $HOME/Thirdparty/hibernate-3.2.5.ga.tar.gz | tar xvf -
The installation of copyv3 is only required when running with the default security certificates provided with Glassfish. If you are using certificates and Assigning Authority, this step can be omitted.
The following steps require that JAVA_HOME, ANT_HOME and AS_HOME are set to their appropriate values. JAVA_HOME/bin and ANT_HOME/bin should also be in the PATH.
shell> cd /nhin
shell> unzip $HOME/Thirdparty/copyv3
shell> cd copyv3
shell> ant
After the installation is completed you should be returned to the command prompt. We have experienced the cert installation hang while attempting to start the Appserver; and this requires an interrupt.
Verify the installation was successful by checking the certificate fingerprints.
shell> cd $AS_HOME/domains/domain1/config
shell> keytool -list -keystore cacerts.jks -alias wssip -storepass changeit
shell> keytool –list -keystore keystore.jks -alias xws-security-server storepass changeit
Note: If the certificates were installed correctly, you will see something similar to the following responses:
Certificate fingerprint (MD5): 1A:0E:E9:69:7D:D0:80:AD:5C:85:47:91:EB:0D:11:B1 Certificate fingerprint (MD5): 1A:0E:E9:69:7D:D0:80:AD:5C:85:47:91:EB:0D:11:B1
If the certificates were not installed correctly, you will see something similar to the following responses:
keytool error: java.lang.Exception: Alias <wssip> does not exist
keytool error: java.lang.Exception: Alias <xws-security-server> does not exist
Grant access to the CONNECT certificates using the following command:
shell> chmod go+rw *.jks
The following steps require that JAVA_HOME and AS_HOME are set to their appropriate values. JAVA_HOME/bin should also be in the PATH.
shell> cd /nhin
shell> cp $HOME/Thirdparty/metro-1_4-installer-nightly_02_05_09.jar .
shell> java –jar metro-1_4-installer-nightly_02_05_09.jar –console
At the prompt asking whether to accept the license enter A.
shell> cd metro
shell> ant –f metro-on-glassfish.xml install
The following steps are executed as a privileged user.
shell> cd /nhin
shell> gunzip < $HOME/Thirdparty/mysql-connector-java-5.0.8.tar.gz | tar xvf –
The following steps are executed as a privileged user.
shell> cd /nhin
shell> unzip $HOME/Thirdparty/xstream-distribution-1.3.1-bin
The following steps are executed as a privileged user.
shell> cd /nhin
shell> unzip $HOME/Thirdparty/spring-framework-2.5.6.SEC01-with-docs
The successful execution of the NHIN CONNECT Gateway requires some of the third party products to be placed in the GlassFishESB/glassfish/lib directory. A script is provided in the release to perform the copy. The Glassfish application server must be stopped during the copy. The application server will then resolve the required references on restart.
shell> /etc/init.d/glassfish stop
shell> $HOME/Thirdparty/NHIN_CONNECT_Copy3rdPartyToGFLib.sh
shell> /etc/init.d/glassfish start
Monitor the $AS_HOME/domains/domain1/logs/server.log for the Application server startup complete or JBI framework startup complete message prior to proceeding.
The message you get will depend on whether the http binding component is running or not.
The Gateway and the reference implementation of the Adapter both use MySQL when a database is necessary. The programmatic access to this database was done using Hibernate. When doing the initial installation of the Gateway and Adapter, it is recommended that MySQL be installed and that the system be verified. After it has been created and verified, other relational databases can be used in place of MySQL by altering the appropriate entries in the hibernate configuration files for those projects which are accessing the database. Directions for configuring hibernate to use other databases is not defined in this document. Set up the database using the following sequence of steps.
Change the current user to root and add a user and group for mysqld.
shell> groupadd mysql
shell> useradd –g mysql mysql
shell> cd /nhin
shell> gunzip < $HOME/Thirdparty/mysql-5.0.77-linux-i686.tar.gz | tar xvf –
The tar command will create the directory “mysql-5.0.77-linux-i686”.
This directory is owned by root and needs to be owned by mysql. This can be done by executing the following commands as root in the installation directory. Create MySQL data directory and Change the owner ship to mysql user from root.
shell> cd mysql-5.0.77-linux-i686
shell> chown –R mysql .
shell> chgrp –R mysql .
shell> scripts/mysql_install_db –u mysql
Create a symbolic link to the installed directory “/nhin/mysql-5.0.77-linux-i686” in /usr/local where the startup/shutdown script looks for MySQL.
shell> cd /usr/local
shell> ln –s /nhin/mysql-5.0.77-linux-i686 mysql
Copy the startup/shutdown script to /etc/init.d and make it executable
shell> cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql
shell> chmod +x /etc/init.d/mysql
Add the MySQL startup/shutdown script to the automatic startup/shutdown configuration
shell> chkconfig --add mysql
shell> chkconfig --level 345 mysql on
Start MySQL using the automatic startup/shutdown script
shell> /etc/init.d/mysql start
Verify the installation after starting the Server by executing the following command:
shell> /usr/loca/mysql/bin/mysqladmin version
This command will show the complete version history of the MySQL installation and its Linux Socket file path etc.
To stop MySQL Server, execute the command below:
NOTE: This command is being specified for INFORMATIONAL purposes only. Do NOT execute it at this time.
shell> /etc/init.d/mysql stop
Set up the password for MySQL root user using the command below:
shell> /usr/local/mysql/bin/mysqladmin –u root password NHIE-Gateway
To configure the database schemas and tables associated with the NHIN-CONNECT Gateway, a script is provided named “nhincdb.sql” file under Thirdparty folder.
From the MySQL directory, create a database connection and create the schemas:
shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway
mysql>CREATE DATABASE nhincdb;
mysql>\q
shell> /usr/local/mysql/bin/mysql -uroot -pNHIE-Gateway nhincdb < $HOME/Thirdparty/dropall.sql
shell> bin/mysql -uroot -pNHIE-Gateway nhincdb < $HOME/Thirdparty/nhincdb.sql
This will create Gateway Schemas as listed below:
i) aggregator
ii) assigningauthoritydb
iii) auditrepo
iv) docrepository
v) patientcorrelationdb
vi) subscriptionrepository
Try and log into the database as the nhincuser to verify it got created successfully
shell> /usr/local/mysql/bin/mysql –unhincuser –pnhincpass
If this command fails then issues the following commands:
shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway
mysql> CREATE USER ‘nhincuser’@’localhost’ IDENTIFIED BY ‘nhincpass’;
mysql> GRANT ALL PRIVILEGES ON *.* TO ‘nhincuser’@’localhost’ WITH GRANT OPTION;
mysql> quit
Try to log in as nhincuser again:
shell> /usr/local/mysql/bin/mysql –unhincuser –pnhincpass
This section outlines how to add 2-way SSL to an existing working system, such as the NHIN CONNECT Gateway.
To use 2-way SSL, there are two components needed. First, the server must present a certificate identifying itself to the consumer of its services. This server certificate must match (the server portion of the URL or the service must be the same as the name on the certificate) and must be trusted (accomplished by having the issuer of the certificate as a trusted root certificate authority on the client). Second, the client must send a certificate to the server to identify itself. This client certificate must be trusted by the server (by having the trusted root certificate on the server) (there does not appear to be any validation of the client cert to ensure that it came from a certain address).
Glassfish comes with a default keystore to use for presenting the server certificate. Instead of using the default keystore, a new keystore will be created, which will hold a certificate issued by the trusted root authority - NHIN-CN. Glassfish also comes with a default trust store used to validate remote certificates - in this case, to determine if it trusts the client cert.
NOTE: This section only applies to the NHIN CONNECT Gateway machine. This section is not applicable to the NHIN CONNECT Adapter machine.
shell> keytool - genkeypair -keyalg RSA -keysize 2048 -keystore myserver.jks -keypass xxxxxxxx -storepass xxxxxxxx -validity 365 -alias myserver -dname "EmailAddress=yourName@yourOrg.com, cn=myserver.fedsconnect.org, OU=Testing, O=YourOrganization, L=YourCity, S=YourState, C=US"
Note on parameters:
-keystore: This is the name of the java keystore that will be created. This can be
modified if desired.
-keypass -storepass: This sets the passwords for the store and the request. Replace
xxxxxxxx with your password. The keystore and store passwords should be the same.
-dname:
EmailAddress: Email address for the point of contact for your network.
CN: This domain must match the domain of the address of the services. Replace testgateway.fedsconnect.org with the name of your gateway.
OU: Organizational Unit aspect of the name.
O: Replace YourOrganization with the name of your organization.
L: Replace YourCity with the city your server is hosted in.
S: Replace YourState with the state your server is hosted in.
4. Create a request for the certificate by running the following command (the request must be made from the server that will use the request):
shell> keytool -certreq -alias myserver -sigalg SHA1withRSA keystore myserver.jks -storepass xxxxxxxx -file myserver.fedsconnect.org.csr
Note on the parameters:
-alias: This sets a name that will refer to this cert. This can be change if desired.
-keystore: This must be the same name as the keystore created above.
-storepass: This must be the same as the password specified when creating the keystore
-file: This is the filename of the certificate request. This can be changed if desired.
NOTE: Use of the –file option has caused some certificate requests to have imbedded
CR/LF. If the certificate authority reports this anomaly in your request, remove the –file
option and grab the output and paste into a file manually.
Download the Root Certificate from the Certificate Authority used to sign your certs. This document will use myca.arm to represent the filename used for your root certificate.
Upload the generated certificate request (*.csr) to the certificate authority.
Update the keystore with the response. This will update the server certificate in the keystore. Save these files to your working "certificate request" directory.
• Import the certificate authority certificate into the keystore. This is the certificate that was downloaded in step 6.3 above.
shell> keytool -import -v -trustcacerts -alias myca -file myca.arm keystore myserver.jks
When prompted, enter the password for your keystore.
Note on the parameters:
-alias: This is how the alias for the certificate authority. This can be modified if desired.
-file: This points to the certificate authority file (*.arm) file. -keystore: This must point to the keystore used in the request.
When prompted with “Trust this certificate? [no]:” enter yes.
• Import the server certificate into the keystore.
shell> keytool -import -v -alias myserver -file myservercert.arm -keystore myserver.jks
When prompted, enter the password for your keystore.
Note on the parameters:
-alias: This must match the alias given during the creation of the request
-file: This points to the certificate request response file (*.arm) file. This is the file received from the certificate authority.
-keystore: This must point to the keystore used in the request.
Locate the trusted root authority store. By default, this store will be located in: <glassfish>/domains/<domain directory>/config/cacerts.jks. It is advisable to backup the cacerts.jks file at this time.
Import the trusted root certificate into the trusted root authority store.
shell> keytool -import -v -trustcacerts -alias myca -file myca.arm keystore <path>/cacerts.jks
When prompted with “Trust this certification? [no]” enter yes.
Note on the parameters:
-alias: This is how the alias for the certificate authority. This can be modified if desired.
-file: This points to the certificate authority file (*.arm) file. It is not expected that this will
vary.
-keystore: This must point to the certificate authority store. You will be prompted for a
password. The default glassfish password is “changeit”. If you have changed this value,
use the updated value instead.
• Validate the certificates were imported correctly by viewing the store. You will be prompted for the passwords after each execution of the keytool utility.
shell> keytool -list -v -alias myserver -keystore myserver.jks
shell> keytool -list -v -alias myca -keystore myserver.jks
shell> keytool -list -v -alias myca -keystore <path>/cacerts.jks
This should output each of the certificates. If the certificate was not imported, there will be an error from the keytool.
Copy the keystore (myserver.jks) to the domain's config directory
(<glassfish>/domains/<domain directory>/config/).
Open the domain configuration file for editing. (<glassfish>/domains/<domain directory>/config/domain.xml). (Alternately, these changes can be made by using the admin console)
Update the domain configuration to point to the new keystore and supply the password (the password option is not in the original configuration). To do this, replace:
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvmoptions>
to
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/myserver.jks</jvmoptions> <jvm-options>-Djavax.net.ssl.keyStorePassword=xxxxxxxx</jvm-options>
Replace xxxxxxxx with the password you created above.
Update the domain configuration to use the new server certificate. To do this, replace all instances of "s1as" with the updated certificate alias ("myserver"). In our default server, there were 12 instances of the certificate alias to update.
Enable two-way SSL. This is done by adding the following:
<jvm-options>-Dcom.sun.jbi.httpbc.enableClientAuth=true</jvm-options>
Configuration settings for the Gateway are predominately platform independent. Any platform specific items are explicitly stated.
Update $AS_HOME/domains/domain1/config/domain.xml file. Add the following lines to deal with the certificate and other items in domain.xml toward the end of the file within the existing block of <jvm-options> tags:
<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/gateway.jks</jvmoptions>
<jvm-options>-Djavax.net.ssl.keyStorePassword=XXXXX</jvm-options>
<jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvmoptions> <jvm-options>-Djavax.net.ssl.trustStorePassword=changeit</jvm-options>
<jvm-options>-DSERVER_KEY_ALIAS=gateway</jvm-options>
<jvm-options>-DCLIENT_KEY_ALIAS=gateway</jvm-options>
NOTE: The KeyStore password will be the same keystore password generated in the certificate request.
NhincHttpPort is used to identify the default Glassfish Http port so Composite Applications can communicate with EJBs. This value is customizable. The recommended setting is 8080. It must match the default http port selected when installing glassfish.
The value can be set through the Glassfish Admin Console. To set, you will need to first log on to the glassfish admin console. Open the URL http://localhost:4848/login.jsf. The default user name is admin and the default password is admin/adminadmin. If you customized any of these settings in your installation, use your custom settings instead.
During some installations of Glassfish, the sun-http-binding component initializes in the stopped state. The sun-http-binding component needs to be running to assign the Application Variable.
Figure 8.1.2-1: Glassfish Application Variables
These property files contain the main settings for the adapter. Follow the steps outlined below to install these property files.
The default shell profile “nhin-profile.sh” contains the NHINC_PROPERTIES_DIR environment variable which points to the CONNECT properties location.
NOTE: There is a known problem with Unix deployments. Sometimes the environment variable as applied as a location relative to $AS_HOME/domains/domain1/config rather than an absolute filesystem location. The following commands will allow the applications to find the properties files in either case.
shell> mkdir $AS_HOME /domains/domain1/config/nhin
shell> mkdir /nhin/Properties
shell> ln –s /nhin/Properties $AS_HOME /domains/domain1/config/nhin/Properties
shell> NHINC_PROPERTIES_DIR=/nhin/Properties
shell> export NHINC_PROPERTIES_DIR
Extract the properties files from the release package.
shell> cd $NHINC_PROPERTIES_DIR
shell> gunzip < $HOME/$INSTALL_DIR/NHIN_CONNECT_2.1_Properties_rhel5_0707.tar.gz | xvf –
shell> chmod go+w *
Customize the properties files to the appropriate settings for the adapter.
Add the repository properties files from the TATRC extensions
shell>cp $HOME/TATRC_Extensions/repository.properties $NHINC_PROPERTIES_DIR
All the required schemas and wsdls are bundled in the binary distribution.
NhincHL7JaxbLib.jar
NhincSAMLCallbackLib.jar
The adapter must be configured to connect to the VLER Gateway for outbound requests and the PAWS server for inbound requests.
The adapterServicesMapping.xml file contains the URLs and service endpoints required for communication between internal components as well as the VLER Gateway.
The dod_connector.properties file contains the URLs and service endpoints required for communication between the common access layer of the adapter and the PAWS server.
Both these configuration files are located in the $NHINC_PROPERTIES_DIR.
shell>cp $HOME/TATRC_Extensions/adapterServicesMapping.xml $NHINC_PROPERTIES_DIR
shell>cp $HOME/TATRC_Extensions/dod_connector.properties $NHINC_PROPERTIES_DIR
The properties in the adapterServicesMapping.xml file used to configure the VLER adapter for communicating with the Gateway are:
• EnterpriseDocumentQuery: This is currently to: http://gateway:8080/NhinConnect/NhincDocQuery. This should be set to the gateway web service endpoint for accepting document query requests from the adapter.
• EnterpriseDocumentRetrieve: This is currently to: http://gateway:8080/NhinConnect/NhincDocRetrieve. This should be set to the gateway web service endpoint for accepting document retrieve requests from the adapter.
The properties in the dod_connector.properties file are used to configure the VLER adapter for communicating with the PAWS server. There are 2 properties for each data domain that need to be changed:
• <domain>.endpointURL: This is currently set to http://seraph.cde.tatrc.org/PAWSAA/<service> This should be set to the corresponding PAWS service endpoint in current environment.
• <domain>.wsdl: This is currently set to http://seraph.cde.tatrc.org/PAWSAA/<service>?WSDL This should be set to the corresponding PAWS service endpoint in current environment.
This file is used on the adapter to keep the mappings between a patient pseudonym and its corresponding real patient identifier.
The reidentification.xml file is located in the $NHINC_PROPERTIES_DIR defined earlier in this section.
The gateway properties are defined in the following file:
$NHINC_PROPERTIES_DIR/gateway.properties
This file does not require modification on the adapter server.
The adapter.properties file is used to hold reference adapter specific properties. This file should be located in: $NHINC_PROPERTIES_DIR.
• XDSbHomeCommunityId: This setting specifies the home community ID for the
document registry/repository associated with this adapter
• EntityNotificationConsumerURL: This is the URL for the Gateway’s Entity HIEM Notify service.
• assigningAuthorityId: This is the local assigning authority id.
The connectionEPR.properties is used with the new Connection Manager and is not required for the adapter server.
The connectionEPR properties are defined in the following file:
$NHINC_PROPERTIES_DIR/connectionEPR.properties
There is a collection of configuration files that are used by Spring to determine how the messaging proxy projects communicate. These files are located in $NHINC_PROPERTIES_DIR and follow the following naming convention: <Component Name>ProxyConfig.xml. Below is an example of one of these files. In order to switch out implementations just replace with class name specified with the desired implementation class.
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">
<!-- Web-service MPI implementation -->
<bean id="mpi" class="gov.hhs.fha.nhinc.mpi.proxy.AdapterMpiWebServiceProxy"/>
</beans>
This properties file contains information needed to process HIEM topics. This file needs to be located in $NHINC_PROPERTIES_DIR and is called hiemTopicConfiguration.xml. Below is an example of the contents within this file.
<topicConfigurations> <topicConfiguration>
<topic><![CDATA[ <wsnt:Topic xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:nhin="http://www.hhs.gov/healthit/nhin" Dialect="http://doc.oasis-open.org/wsn/t1/TopicExpression/Simple" >nhin:SomeOtherTopic1</wsnt:Topic> ]]></topic>
<isSupported>true</isSupported>
<isPatientCentric>false</isPatientCentric>
<isPatientRequired>false</isPatientRequired>
<patientIdentifierSubscribeLocation>test subscribe
location</patientIdentifierSubscribeLocation> <patientIdentifierNotifyLocation>test notify location 1</patientIdentifierNotifyLocation> <patientIdentifierFormat>HL7Encoded</patientIdentifierFormat>
</topicConfiguration>
</topicConfigurations>
The VLER Adapter release package contains the components required for operation as a DoD Adapter to NHIN Gateway. This section includes instructions for adapter configuration.
The CONNECT Adapter and Gateway components are included in NHIN_CONNECT_2.1_Gateway_rhel5_0707.tar.gz. Extracting the contents will create the NHINC_Binaries directory which contains all the components. This was done in section 6.
The TATRC Universal Adapter extensions are included in NHIN_CONNECT_2.1_TATRC_rhel5_1115.tar.gz. Extracting the contents will create the TATRC_Extensions directory which contains all the components. This was done in section 6.
This section describes how deploy the VLER adapter applications to the Glassfish servers.
The following applications must be deployed for the server to act as an Adapter:
Filename | Application Type |
AdapterReidentficationEJB.jar | EJB |
AdapterPoliceyEngineTransformEJB.jar | EJB |
AdapterPIPEJB.jar | EJB |
AdapterPEPEJB.jar | EJB |
AdapterPolicyEngineOrchestratorEJB.jar | EJB |
AdapterMpiEJB.jar | EJB |
MpiManagerEJB.jar | EJB |
MpiEJB.jar | EJB |
AdapterCA.zip | CA |
DocumentRepositoryEJB.jar | EJB |
Table 9.1.1-1 CONNECT Adapter Components
Each of the applications above may be deployed via the Glassfish admin console or by using the deployment scripts.
The following applications are extensions to the CONNECT Adapter:
Filename | Application Type |
AdapterDocumentAssemblyProxyEJB.jar | EJB |
BOSServiceEndpointProviderEJB.jar | EJB |
DocumentAssemblyManagerEJB.jar | EJB |
DocumentManagerEJB.jar | EJB |
DocumentRepositoryEJB.jar (replaces CONNECT component) | EJB |
NHINAdapterServiceEJB.jar | EJB |
Table 9.1.2-1 TATRC Adapter Components
Each of the applications above may be deployed via the Glassfish admin console or by using the deployment scripts.
shell>cp $HOME/NHINC_Binaries/NhincSAMLCallbackLib.jar $AS_HOME/lib
shell>cp $HOME/NHINC_Binaries/NhincHL7JaxbLib.jar $AS_HOME/lib
For Adapter installation with TATRIC extensions, the TATRC version of the HL7 JAXB libraries must replace the CONNECT version.
shell>cp $HOME/TATRC_Extensions/NhincHL7JaxbLib.jar $AS_HOME/lib
Verify that these jars in $AS_HOME/lib are owned by the user account that will be starting and stopping glassfish. If not, perform the following steps:
shell>su
<root>chown <currentuser> $AS_HOME/lib/NhincSAMLCallbackLib.jar
<root>chgrp <currentuser> $AS_HOME/lib/NhincSAMLCallbackLib.jar
<root>chown <currentuser> $AS_HOME/lib/NhincHL7JaxbLib.jar
<root>chgrp <currentuser> $AS_HOME/lib/NhincHL7JaxbLib.jar
Restart the Glassfish application server.
shell>
shell>cd $AS_HOME/bin
shell>./asadmin stop-domain domain1
shell>./asadmin start-domain domain1
Deployment of the CONNECT components require the Glassfish Application Server to be running. Monitoring the server.log file is recommended to verify successful deployment. During the deployment, there will be several expected WARNING messages in the server.log. These are a few of the expected warnings.
<timestamp>|WARNING|sun-appserver2.1|…datatypes-base.xsd…warning: p-props-correct
2.2: maxOccurs must be greater than or equal to 1.|#]
<timestamp>|WARNING|sun-appserver2.1|…FromXmlParser.endElement(): Found unrecognized end element </sxed:editor>, namespace=http://…SUNExtension/Editor|#]
Monitor $AS_HOME/domains/domain1/logs/server.log for JBI framework startup complete message.
shell>$HOME/NHINC_Binaries/DeployConnectAdapter.sh
Monitor $AS_HOME/domains/domain1/logs/server.log for any exceptions
The TATRC Extensions require additional database schemas. The document assembly and template schemas can be installed by running the following scripts:
shell>cd $HOME/TATRC_Extensions
shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway < docrepository_dll.sql
shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway < docassembly_dll.sql
shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway < templatedb_dll.sql
Deployment of the TATRC Universal Adapter components requires the Glassfish Application Server to be running. Monitoring the server.log file is recommended to verify successful deployment.
shell>$HOME/NHINC_Extensions/DeployTATRCExtensions.sh
Monitor $AS_HOME/domains/domain1/logs/server.log for any exceptions.
This section describes the configuration files that are needed by Glassfish in order to run the NHIN Applications.
Edit $AS_HOME/domains/domain1/domain.xml.
Add a new <jvm-options> tag with the following value item to ensure that log4j.properties file is referenced by Glassfish.
-Dlog4j.configuration=file/nhin/Properties/log4j.properties
To help limit the amount of log messages generated by c3p0 during access to the MySQL database, edit the $NHINC_PROPERTIES_DIR/log4j.properties file to add the following line:
log4j.appender.com.mchange.v2.c3p0=WARN
Edit $AS_HOME/domains/domain1/domain.xml.
Add <jdbc-resource> tags, enter the following configuration item to ensure that MySQL connections are managed by Glassfish through connection pools.
<jdbc-resource
enabled="true"
jndi-name="jdbc/dasDS"
object-type="user"
pool-name="docassemblyPool"/>
<jdbc-resource
enabled="true"
jndi-name="jdbc/templateDS"
object-type="user"
pool-name="templatedbPool"/>
Add <jdbc-connection-pool> tags which describe the connection pools referenced in the <jdbc-resource> tags.
<jdbc-connection-pool
allow-non-component-callers="true"
associate-with-thread="false"
connection-creation-retry-attempts="0"
connection-creation-retry-interval-in-seconds="10"
connection-leak-reclaim="false"
connection-leak-timeout-in-seconds="0"
connection-validation-method="auto-commit"
datasource-classname="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource"
fail-all-connections="true"
idle-timeout-in-seconds="300"
is-connection-validation-required="true"
is-isolation-level-guaranteed="false"
lazy-connection-association="false"
lazy-connection-enlistment="false"
match-connections="false"
max-connection-usage-count="0"
max-pool-size="5"
max-wait-time-in-millis="600000"
name="docassemblyPool"
non-transactional-connections="true"
pool-resize-quantity="1"
res-type="javax.sql.ConnectionPoolDataSource"
statement-timeout-in-seconds="-1"
steady-pool-size="3"
validate-atmost-once-period-in-seconds="0"
wrap-jdbc-objects="false">
<description>Connection pool for docassembly schema</description>
<property name="MaxRows" value="-1"/>
<property name="DriverClass" value="com.mysql.jdbc.Driver"/>
<property name="PortNumber" value="3306"/>
<property name="Password" value="nhincpass"/>
<property name="LoginTimeout" value="0"/>
<property name="User" value="nhincuser"/>
<property name="URL" value="jdbc:mysql://localhost:3306/docassembly"/>
<property name="ServerName" value="localhost"/>
</jdbc-connection-pool>
<jdbc-connection-pool
allow-non-component-callers="true"
associate-with-thread="false"
connection-creation-retry-attempts="0"
connection-creation-retry-interval-in-seconds="10"
connection-leak-reclaim="false"
connection-leak-timeout-in-seconds="0"
connection-validation-method="auto-commit"
datasource-classname="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource"
fail-all-connections="true"
idle-timeout-in-seconds="300"
is-connection-validation-required="true"
is-isolation-level-guaranteed="false"
lazy-connection-association="false"
lazy-connection-enlistment="false"
match-connections="false"
max-connection-usage-count="0"
max-pool-size="5"
max-wait-time-in-millis="600000"
name="templatedbPool"
non-transactional-connections="true"
pool-resize-quantity="1"
res-type="javax.sql.ConnectionPoolDataSource"
statement-timeout-in-seconds="-1"
steady-pool-size="3"
validate-atmost-once-period-in-seconds="0"
wrap-jdbc-objects="false">
<description>Connection pool for templates schema</description>
<property name="MaxRows" value="-1"/>
<property name="DriverClass" value="com.mysql.jdbc.Driver"/>
<property name="PortNumber" value="3306"/>
<property name="Password" value="nhincpass"/>
<property name="LoginTimeout" value="0"/>
<property name="User" value="nhincuser"/>
<property name="URL" value="jdbc:mysql://localhost:3306/templatedb"/>
<property name="ServerName" value="localhost"/>
</jdbc-connection-pool>
Add <resource-ref> tags to the <server> node, enter the following reference tags to ensure that the connection resources are available to the adapter components.
< resource-ref
enabled="true"
ref="jdbc/dasDS"/>
< resource-ref
enabled="true"
ref="jdbc/templateDS"/>
This completes the installation and configuration of the VLER Adapter.
CA | Certificate Authority |
DOD | Department of Defense |
ESB | Enterprise Service Bus |
NHIN | Nationwide Health Information Network |
OID | Object Identifier or Home Community ID |
POC | Point of Contact |
RAM | Random Access Memory |
SDK | Software Development Kit |
SSL | Secure Sockets Layer |
WSDL | Web Service Definition Language |
6
VLER Adapter Linux Installation and Configuration Guide
11/20/2009
A. Object Identifier or Home Community ID (OID) REQUEST SUBMITTAL PROCESS
Before you can request the OID, there are a few questions that you should answer. These answers will be requested during the OID request process.
Your Main Point of Contact (POC): (This can be a project manager or a Technical point of contact)
Your POC’s office address:
Your POC’s phone number:
Your POC’s fax number:
Your POC’s Title:
Organization’s url:
A.2 Submitting the Request
1. Login into: http://www.hl7.org/oid/index.cfm
Figure A.2-1: HL7-OID Registration Home Page
2. Select the “Click to Obtain or Register an OID” Hyperlink.
Figure A.2-2: Complete Contact Information
3. Complete the form as shown above including the information collected from Section A.1 of this document
Figure A.2-3: Select type of OID
4. Leave the default as shown and select the “Next” button.
Figure A.2-4: New or Existing OID Designation.
5. Select the first radio button and then select the “Next” button.
Figure A.2-5: HL7 OID Description
6. Add the Submitter contact information, enter the name of the server and provide a minor description.
Figure A.2-6: OID Registration Confirmation
7. An acknowledgement of the submittal is displayed on the screen with the OID that as been generated. Please make note of the OID. Select the “Back” button to return to the first screen.
Figure A.2-7: OID Email Confirmation
8. An email detailing the request will also be sent to the Submitter and the Responsible Body.
Searching for an OID on the site
Figure A.2-8: Searching by OID number
1. The user can search by the OID number. The OID number that was generated or registered on this site is entered in the left panel in the “Enter the OID:” box and then the “Find OID” is selected. The right hand panel will display a drop down with results that match the criteria entered. The user can then select from the drop down the desired results and the “Submit” button for the details.
a. Please note that if the OID that you seek is not in the drop down, it may not have been registered or obtained from this site.
Figure A.2-9: Search by OID Description
2. The user can search by the OID description. The OID description that was entered during the generation process on this site is entered in the left panel in the “Enter a string to search the OID description:” box, and then the “Find OID” is selected. The right hand panel will display a drop down with results that match the criteria entered. The user can then select from the drop down the desired results and the “Submit” button for the details.
6
VLER Adapter Linux Installation and Configuration Guide
11/20/2009