This is the html version of the file https://developer.connectopensource.org/download/attachments/22708231/VLER+ADAPTER+Linux+Installation+and+Configuration+Guide.ngzip.
Google automatically generates html versions of documents as we crawl the web.
Microsoft Word - CONNECT_Solaris_Release_2_1_System_Installation_and_Configuration_Full_Binary_070709.docx

 

CONNECT Linux Full Binary System Installation and Configuration Manual
 

Version 1.1
CONNECT Release 2.1
20 November 2009
 

 

Prepared by:

HARRIS CORPORATION

Government Communications

Systems Division

1025 West Nasa Blvd

Melbourne, FL USA 32919


REVISION HISTORY
 

REVISION

DATE

DESCRIPTION

-

17 November 2009

Initial Release – Modified from Solaris Installation and Configuration Guide for release 2.1

1.1

20 November 2009

Changes to section 7.1, 7.2, 7.3, 7.4, 7.5

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


TABLE OF CONTENTS

1.0 INTRODUCTION              6

1.1 Purpose              6

1.2 Scope              6

1.3 Document Description              6

2.0 REFERENCED DOCUMENTS              6

3.0 INSTALLATION CHECKLIST              6

3.1 Installation and Configuration Checklist              7

4.0 OID REQUEST SUBMITTAL PROCESS              7

5.0 TEST DEPLOYMENT FOOTPRINT              7

5.1 Hardware Requirements              7

5.2 Software Requirements              8

5.3 VLER Adapter Interface (WSDL) Ports              9

6.0 LINUX INSTALL AND CONFIGURATION INSTRUCTIONS              10

6.1 Install Prerequisite Software              10

6.1.1 Prerequisite Software Catalog              10

6.1.2 Prerequisite Software Installation              11

6.2 ENVIRONMENT CONFIGURATION              13

6.3 GLASSFISH COMPONENT INSTALL AND CONFIGURATION INSTRUCTIONS              14

6.3.1 Glassfish Component Catalog              14

6.3.2 Glassfish Component Installation              16

6.3.3 Configure Third Party Components in Glassfish              18

6.4 Install and Configure MySQL              19

6.4.1 Installation              19

6.4.2 Starting and Stopping MySQL              19

6.4.3 Configuring MySQL              20

7.0 SSL CERTIFICATE REQUEST AND INSTALLATION PROCESS              21

7.1 Generate Certificate Request              22

7.2 Download Root Certificate              23

7.3 Send Certificate Request              23

7.4 Install the Certificate              23

8.0 VLER ADAPTER CONFIGURATION              25

8.1 Configuration Settings              25

8.1.1 Metro 1.4 Installation Settings              25

8.1.2 Glassfish Application Variables              26

8.1.3 CONNECT Interfaces/Property/Configuration File Settings              27

8.2 Connection Management              28

8.2.1 adapterServicesMapping.xml File              29

8.2.2 dod_connector.properties File              29

8.3 Reidentification.xml              29

8.4 Gateway Properties              29

8.5 Adapter Properties              30

8.6 Connection EPR Properties              30

8.7 Component Proxy Spring Configuration Properties              30

8.7.1 HIEM Topic Configuration Properties              30

9.0 DEPLOYMENT              31

9.1 Deploying applications to Glassfish              31

9.1.1 CONNECT Adapter Components.              32

9.1.2 TATRC Universal Adapter Components.              32

9.1.3 Update Glassfish lib and property files              33

9.1.4 Deployment of CONNECT Components              33

9.1.5 Deployment of Universal Adapter Extensions              34

9.2 Configuration Files              34

9.2.1 Log4j              34

9.2.2 Connection Pools              34

10.0 ACRONYMS              37

 

LIST OF APPENDICES

APPENDIX A              40

LIST OF figures

Figure 8.1.2-1: Glassfish Application Variables              27

Figure A.2-1: HL7-OID Registration Home Page              40

Figure A.2-2: Complete Contact Information              41

Figure A.2-3: Select type of OID              42

Figure A.2-4: Registry Wizard              43

Figure A.2-5: HL7 OID Description              44

Figure A.2-6: OID Registration Confirmation              45

Figure A.2-7: OID Email Confirmation              46

Figure A.2-8: Searching by OID number              47

Figure A.2-9: Search by OID Description              48

 

 

LIST OF TABLES

Table 3.1-1              Installation and Configuration Checklist              7

Table 5.1-1              Hardware Requirements              8

Table 5.2-1              Software Requirements              8

Table 5.3-1              WSDL Ports              9

Table 9.1.1-1              CONNECT Adapter Components              32

Table 9.1.2-1              TATRC Adapter Components              32


 


1.0 INTRODUCTION

1.1 Purpose

This document is the installation and configuration manual for installing the VLER adapter the Linux Operating System.  This document targets the installation and configuration of the CONNECT adapter components with the TATRC extensions. Some components required during the installation and configuration of the adapter software requires privileged access to the target machine. The recommended configuration for Linux is to create a separate partition for the installation and configuration of the third-party products used by the VLER adapter. For the purposes of this installation manual, that partition is named /nhin. The privileged account can be the root or another account that has the required privilege for the successful execution of the pkgadd command. If the target machine already has GNU tar installed, no privileged access is required.

1.2 Scope

The procedures in this document are applicable to installation of the VLER adapter on the Linux Operating System.

1.3 Document Description

This document includes the following sections:

       Section 1.0 Introduction

       Section 2.0 Referenced Documents

       Section 3.0 Installation Checklist

       Section 4.0 OID Request Submittal Process

       Section 5.0 Test Deployment Footprint

       Section 6.0 Linux Install and Configuration Instructions

       Section 7.0 SSL Certificate Request and Installation Process

       Section 8.0 VLER Adapter Configuration

       Section 9.0 Deployment

       Section 10.0 Acronyms

 

2.0 REFERENCED DOCUMENTS

       VLER Gateway Installation and Configuration Guide

       PAWS Installation and Configuration Guide

3.0 INSTALLATION CHECKLIST

The following is a workflow/checklist that guides the reader through the steps required to install the VLER adapter.

3.1 Installation and Configuration Checklist

 

Item

Procedural Step

 

Install JDK 1.6.0_13. This is the version that the current National Health Information Network (NHIN) CONNECT applications were developed against and the recommended version. See section 6.1.2.1.

 

Install ANT, v1.7.1. This is available from the release package.  See section 6.1.2.2.

 

Install GlassFishESB, v2.1. This is available from the release package.  See section 6.1.2.3.

 

Install third-party glassfish component jars into $AS_HOME/lib.  See section 6.2

 

Install and configure Metro 1.4 This is available from the release package. See section 8.1.1.

 

Install and configure MySQL database. This is available from the release package.  See section 6.4.

 

Obtain a certificate from a Certificate Authority (CA) or create a self-signed cert. See section 7.0.

 

Define environment variables used during deployment.  See section 8.0.

 

Deploy CONNECT adapter components using the deployment scripts provided with the release package.  See section 9.1.5

 

Deploy TATRC extensions using the deployment scripts provided with the release package.  See section 9.1.6

 

Configure the adapter environment including updates to properties files. The properties files are used to customize installation for each specific environment. See section 8.0.

Table 3.1-1              Installation and Configuration Checklist

4.0 OID REQUEST SUBMITTAL PROCESS

Each gateway has a unique identifier known as the OID (Object Identifier) or Home Community ID. The VLER adapter will use the same OID obtained for the VLER gateway.

5.0 TEST DEPLOYMENT FOOTPRINT

5.1 Hardware Requirements

This section describes the recommended minimum hardware component infrastructure including processor performance, disk space, and Random Access Memory (RAM) for the application server platform. This is provisional information subject to change based on continued development.

 

The Connect software requires two machines, each with the following minimum specifications:

Item

Version 2.0

Processor

Minimum i586 or equivalent

RAM

Minimum of 2 GB

Hard Disk Size

Application Dependent on the deployment configuration. For sizing purposes, assume 100K per CCD record, 1K per audit log record.

Hard Disk Speed

Minimum of 7200 RPM and 10000 RPM preferred.

Network Interface

100MB Ethernet acceptable; 1GB Ethernet desirable

Table 5.1-1              Hardware Requirements

5.2 Software Requirements

This section describes any dependent software products.

 

Item

Description

Applies to Gateway Version

Platform

Operating System

Operating system supported by Glassfish v2 and GlassFishESB v2.1. For additional information, refer to the specific installation instructions for Linux.

All

Server

Java-JRE/JDK

Java Software Development Kit (SDK) 1.6 Update 13

All

Server

Application Server

Glassfish v2.1 (9.1.1) build b60e-fcs [This is bundled with the GlassFishESB]

All

Server

Enterprise Service Bus (ESB)

GlassFishESB v2.1 build 20090201

All

Server

Communication Stack

Metro v1.4

All

Server

Network Protocol

TCP/IP

All

Server/Client

Relational Database

MySQL 5.0

1.0

Server

Table 5.2-1              Software Requirements

5.3 VLER Adapter Interface (WSDL) Ports

The table below identifies all of the currently public Web Service Definition Language (WSDL) Interfaces supported by the VLER Adapter. This table includes the name of the WSDL, the services it handles, the port number, whether or not it is configurable, and whether or not it is Secure Sockets Layer (SSL).  All ports in the VLER environment are configurable via either the Glassfish or Http Binding Component port settings.

WSDL

Services

Port

SSL

AdapterAuditLogQuery 

Audit Log Query

HttpDefaultPort

No

AdapterDocQuery

Document Query

HttpDefaultPort

No

AdapterDocRetrieve

Document Retrieve

HttpDefaultPort

No

AdapterReidentification

Subject Discovery -Reidentification

HttpDefaultPort

No

AdapterSubjectDiscovery

Subject Discovery - Announce and Revoke

HttpDefaultPort

No

AdapterSubscriptionManagement

HIEM - Subscribe and Unsubscribe

HttpDefaultPort

No

AdapterNotificationConsumer

HIEM - Notify

HttpDefaultPort

No

EntityAuditLogQuery 

Audit Log Query

HttpDefaultPort

No

EntityDocQuery

Document Query

HttpDefaultPort

No

EntityDocRetrieve

Document Retrieve

HttpDefaultPort

No

EntitySubjectDiscovery

Subject Discovery - Announce, Revoke, and Reidentification

HttpDefaultPort

No

EntitySubscriptionManagement 

HIEM – Subscribe and Unsubscribe

HttpDefaultPort

No

EntityNotificationConsumer

HIEM - Notify

HttpDefaultPort

No

EntitySubscriptionManagement 

HIEM - Subscribe and Unsubscribe

HttpDefaultPort

No

EntityNotificationConsumer

HIEM - Notify

HttpDefaultPort

No

Table 5.3-1              WSDL Ports

 

6.0 LINUX INSTALL AND CONFIGURATION INSTRUCTIONS

This section describes installing prerequisite software as well as required third party glassfish components required for NHIN CONNECT adapter and gateway server installation. The components described in this section are provided with the release, or may be obtained from their original sources as described in the catalog sections.

 

The following sections assume the install media is available on the file system.

Set the INSTALL_DIR environment variable to the location of the install media.

 

shell> INSTALL_DIR=<location of install media on file system>

shell> export INSTALL_DIR

 

The following commands will extract binaries in the $HOME directory.

 

shell> cd $HOME

shell> gunzip < $INSTALL_DIR/NHIN_CONNECT_2.1_Thirdparty_rhel5_0707.tar.gz | tar xvf –

shell> gunzip < $INSTALL_DIR/NHIN_CONNECT_2.1_Gateway_rhel5_0707.tar.gz | tar xvf –

shell> gunzip < $INSTALL_DIR/NHIN_CONNECT_2.1_TATRC_rhel5_1115.tar.gz | tar xvf –

 

6.1 Install Prerequisite Software

6.1.1 Prerequisite Software Catalog

This section lists the third party components that are to be added to Glassfish. This catalog is included here for a reference only. These components are included with the release and installation instructions follow.

 

 

jdk:

Vendor/Publisher: Sun
Version: 1.6.0_13

URL: http://java.sun.com/products/archive/j2se/6u13/index.html

Components:

       jdk-6u13-linux-i586.bin

 

 

ant:

Vendor/Publisher: Apache
Version: 1.7.1

URL: http://archive.apache.org/dist/ant/binaries/apache-ant.1.7.1-bin.tar.gz

Components:

       apache-ant-1.7.1.bin.tar.gz

 

 

GlassFishESB:

Vendor/Publisher: Sun
Version: 2.1

URL: https://open-esb.dev.jva.net/Downloads.net

Components:

       glassfishesb-v2.1-full-installer-linux.sh

 

6.1.2 Prerequisite Software Installation

6.1.2.1 JDK Installation

Verify execute privilege is set on the self-extracting binary file. The default location for installation of the JDK is /nhin.

shell> cd /nhin

shell> chmod +x $HOME/Thirdparty/jdk-6u13-linux-i586.bin

shell> $HOME/Thirdparty/jdk-6u13-linux-i586.bin

 

6.1.2.2 ANT Installation

The following steps are executed as a privileged user.

shell> cd /nhin

shell> gunzip <  $HOME/Thirdparty/apache-ant-1.7.1-bin.tar.gz | tar xvf –

 

6.1.2.3 GlassFishESB Installation

  1. Create/Modify a state file for silent installation.  The state file (nhin-glassfish-state.xml) included in the release package contains default settings:

 

       Glassfish install dir:  /nhin/GlassFishESBv21/glassfish

       Username: admin

       Password: adminadmin

       jms.port: 8686

       admin.port: 4848

       http.port: 8080

       https.port: 8181

       JDK: /nhin/jdk1.6.0_13

       Netbeans: Not installed

You may use the default values, or enter custom values.

 

  1. Verify execute privilege is set on the self-extracting binary file and run the GlassFishESB installer silently.

 

NOTE: Although the installer claims to run silently, an installation error invokes a dialog window which requires an X server to display.  Viewing the logs and correcting the errors will ultimately allow the installer to complete silently, but it is recommended that you set the DISPLAY environment variable to an available X server.

 

shell> export DISPLAY=x.x.x.x:0.0

shell> cd $HOME/Thirdparty

shell> chmod +x glassfishesb-v2.1-full-installer-linux.sh

shell> ./glassfishesb-v2.1-full-installer-linux.sh –silent –state nhin-glassfish-state.xml

 

3.       Update the permissions and access to the GlassFishESB directory structure to support runtime access from non-privileged users.

shell> chmod -R go+rx /nhin/GlassFishESBv21

shell> chmod –R go+w /nhin/GlassFishESBv21/glassfish/domains

 

4.       Verify the permissions on the following directories are 777, if they aren’t issue a “chmod 777 <directory name> on each of those directories:

       /nhin/GlassFishESBv21/jbi

       /nhin/GlassFishESBv21/lib

       /nhin/GlassFishESBv21/addons

       /nhin/GlassFishESBv21/databases

       /nhin/GlassFishESBv21/config

       /nhin/GlassFishESBv21/domains

 

  1. Create glassfish group and user

 

shell> groupadd glassfish

shell> useradd –g glassfish glassfish

shell> chgrp –R glassfish /nhin

shell> chown –R glassfish /nhin

 

You may add password protection to the glassfish user with the following command:

 

shell> passwd glassfish

 

6.       Add GlassFish to the init startup/shutdown process.

 

Copy the startup/shutdown script to /etc/init.d and make it executable

 

shell> cp $HOME/TATRC_Extensions/glassfish-init /etc/init.d/glassfish

shell> chmod +x /etc/init.d/glassfish

 

Add the GlassFish startup/shutdown script to the automatic startup/shutdown configuration

 

shell> chkconfig --add glassfish

shell> chkconfig --level 345 glassfish on

 

7.       Update the domain.xml file. 

 

Update /nhin/GlassFishESBv21/domains/domain1/config/domain.xml file with memory management lines with the following jvm-options:

 

-Xmx1024m

-XX:MaxPermSize=256m

-XX:PermSize=256m

 

-Dlog4j.configuration=file:/nhin/Properties/log4j.properties

 

Additional logging can be enabled by adding the following JVM options to the domain.xml:

 

-Dcom.sun.xml.ws.transport.http.HttpAdapter.dump=true

-Dcom.sun.xml.ws.transport.http.client.HttpTransportPipe.dump=true

-Djavax.enterprise.resource.xml.webservices.security.level=FINE

-Djavax.enterprise.resource.webservices.jaxws=FINE

6.2 ENVIRONMENT CONFIGURATION

Copy the NHIN profile script to the default profile directory.  Exit the shell and login again.

 

shell> cp $HOME/TATRC_Extensions/nhin-profile.sh /etc/profile.d/

shell> chmod 755 /etc/profile.d/nhin-profile.sh

shell> exit

 

Start the Glassfish application server using the init startup/shutdown script. Monitor the server.log in /nhin/GlassFishESBv21/domains/domain1/logs for status. 

 

shell> /etc/init.d/glassfish start

shell> tail –f /nhin/GlassFishESBv21/domains/domain1/logs/server.log

 

Verify that glassfish started successfully (log will say “Application server startup complete”.   This can also be verified by connecting to the web server endpoints (admin, http & https) with a web browser.

After verifying that glassfish started successfully, shutdown glassfish with the following command and continue with the installation:

shell> /etc/init.d/glassfish stop

 

6.3 GLASSFISH COMPONENT INSTALL AND CONFIGURATION INSTRUCTIONS

This section describes installing required third party glassfish components required for NHIN CONNECT adapter and gateway server installation.

6.3.1 Glassfish Component Catalog

This section lists the third party components that are to be added to Glassfish.

This catalog is included here for a reference only. These components are included with the release and installation instructions follow.

 

Log4j:

Vendor/Publisher: Apache
Version: 1.2.15

URL: http://logging.apache.org/log4j/1.2/download.html

Components:

       log4j-1.2.15.jar

 

Apache Commons Logging:

Vendor/Publisher: Apache

Version: 1.1.1

URL: http://commons.apache.org/downloads/download_logging.cgi

Components:

       commons-logging-1.1.1.jar

 

Hibernate Relational Persistence for Java:

Vendor/Publisher: Hibernate

Version: 3.2.5 ga

URL: http://sourceforge.net/project/showfiles.php?group_id=40712

Components:

       antlr-2.7.6.jar

       asm-attrs.jar

       asm.jar

       cglib-2.1.3.jar

       commons-collections-2.1.jar

       dom4j-1.6.1.jar

       ehcache-1.2.3.jar

       hibernate3.jar

       jdbc2_0-stdext.jar

       jta.jar

       c3p0-0.9.1.2.jar

 

Metro:

Vendor/Publisher: Sun Microsystems

Version: 1.4

URL: NHIN Wiki

Components:

       webservices-api.jar

       webservices-rt.jar

       webservices-tools.jar

 

MySQL Connector / J (Data base drivers to connect to MySQL DB using Java): Vendor/Publisher: Sun Microsystems

Version: 5.0

URL: http://dev.mysql.com/downloads/connector/j/5.0.html

Components:

       mysql-connector-java-5.0.8-bin.jar

 

XStream:

Vendor/Publisher: XStream

Version: 1.4

URL: http://xstream.codehaus.org/download.html

Components:

       cglib-license.txt

       cglib-nodep-2.1_3.jar

       commons-lan-license.txt

       dom4j-1.6.1.jar

       dom4j-license.txt

       jdom-1.0.jar

       jdom-license.txt

       jettison-1.0-RC2.jar

       jettison-license.txt

       joda-time-1.5.1.jar

       joda-time-license.txt

       junit-license.txt

       oro-license.txt

       stax-1.2.0.jar

       stax-api-1.0.1.jar

       wootstox-license.txt

       wstx-asl-3.2.3.jar

       xml-writer-0.2.jar

       xom-1.1.jar

       xom-license.txt

       xpp3_min-1.1.4c.jar

       xpp3-license.txt

       xstream-1.3.jar

       xstream-benchmark-1.3.jar

 

JDK 1.3 Components were included in the XStream download but should NOT be copied:

       xalan-2.7.0.jar

       xalan-license.txt

       xercesImpl-2.8.1.jar

       xerces-license.txt

       xml-apis-1.3.0.4.jar

 

Spring Framework:

Vendor/Publisher: SpringSource

Version: 2.5.6

URL: http://www.springsource.com/download.html

 

Components:

       spring.jar

       spring-sources.jar

6.3.2 Glassfish Component Installation

6.3.2.1 Installation of Log4j

NOTE: For this installation do not use the tar command, and ensure you download the .zip file.  At the time of writing these instructions, the tar.gz file found on the apache download site, has issues with Linux tar and GNU tar.

The following steps are executed as a privileged user.

shell> cd /nhin

shell> unzip $HOME/Thirdparty/apache-log4j-1.2.15

6.3.2.2 Installation of Commons Logging

NOTE: For this installation do not use the tar command, and ensure you download the .zip file.  At the time of writing these instructions, the tar.gz file found on the apache download site, has issues with Linux tar and GNU tar.

The following steps are executed as a privileged user.

shell> cd /nhin

shell> unzip $HOME/Thirdparty/commons-logging-1.1.1-bin

6.3.2.3 Installation of c3p0

The following steps are executed as a privileged user.

shell> cd /nhin

shell> unzip $HOME/Thirdparty/c3p0-0.9.1.2.bin

6.3.2.4 Installation of Hibernate

This is using the GNU tar installed into /usr/local.

The following steps are executed as a privileged user.

shell> cd /nhin

shell> gunzip < $HOME/Thirdparty/hibernate-3.2.5.ga.tar.gz | tar xvf -

6.3.2.5 Installation of copyv3

The installation of copyv3 is only required when running with the default security certificates provided with Glassfish. If you are using certificates and Assigning Authority, this step can be omitted.

The following steps require that JAVA_HOME, ANT_HOME and AS_HOME are set to their appropriate values.   JAVA_HOME/bin and ANT_HOME/bin should also be in the PATH.

shell> cd /nhin

shell> unzip $HOME/Thirdparty/copyv3

shell> cd copyv3

shell> ant

 

After the installation is completed you should be returned to the command prompt.  We have experienced the cert installation hang while attempting to start the Appserver; and this requires an interrupt.

Verify the installation was successful by checking the certificate fingerprints.

shell> cd $AS_HOME/domains/domain1/config

shell> keytool -list -keystore cacerts.jks -alias wssip -storepass changeit

shell> keytool –list -keystore keystore.jks -alias xws-security-server storepass changeit

 

Note: If the certificates were installed correctly, you will see something similar to the following responses:

 

Certificate fingerprint (MD5): 1A:0E:E9:69:7D:D0:80:AD:5C:85:47:91:EB:0D:11:B1 Certificate fingerprint (MD5): 1A:0E:E9:69:7D:D0:80:AD:5C:85:47:91:EB:0D:11:B1

 

If the certificates were not installed correctly, you will see something similar to the following responses:

 

keytool error: java.lang.Exception: Alias <wssip> does not exist

keytool error: java.lang.Exception: Alias <xws-security-server> does not exist

 

Grant access to the CONNECT certificates using the following command:

 

shell> chmod go+rw *.jks

6.3.2.6 Installation of Metro

 

The following steps require that JAVA_HOME and AS_HOME are set to their appropriate values.   JAVA_HOME/bin should also be in the PATH.

shell> cd /nhin

shell> cp $HOME/Thirdparty/metro-1_4-installer-nightly_02_05_09.jar .

shell> java –jar metro-1_4-installer-nightly_02_05_09.jar –console

 

At the prompt asking whether to accept the license enter A.

 

shell> cd metro

shell> ant –f metro-on-glassfish.xml install

6.3.2.7 Installation of Connector/J for MySQL

The following steps are executed as a privileged user.

shell> cd /nhin

shell> gunzip < $HOME/Thirdparty/mysql-connector-java-5.0.8.tar.gz | tar xvf –

6.3.2.8 Installation of XStream

The following steps are executed as a privileged user.


shell> cd /nhin

shell> unzip $HOME/Thirdparty/xstream-distribution-1.3.1-bin

6.3.2.9 Installation of Spring Framework

The following steps are executed as a privileged user.

 

shell> cd /nhin

shell> unzip $HOME/Thirdparty/spring-framework-2.5.6.SEC01-with-docs

6.3.3 Configure Third Party Components in Glassfish

The successful execution of the NHIN CONNECT Gateway requires some of the third party products to be placed in the GlassFishESB/glassfish/lib directory. A script is provided in the release to perform the copy. The Glassfish application server must be stopped during the copy. The application server will then resolve the required references on restart.

shell> /etc/init.d/glassfish stop

shell> $HOME/Thirdparty/NHIN_CONNECT_Copy3rdPartyToGFLib.sh

shell> /etc/init.d/glassfish start

 

Monitor the $AS_HOME/domains/domain1/logs/server.log for the Application server startup complete or JBI framework startup complete message prior to proceeding.

The message you get will depend on whether the http binding component is running or not.

6.4 Install and Configure MySQL

The Gateway and the reference implementation of the Adapter both use MySQL when a database is necessary.  The programmatic access to this database was done using Hibernate.  When doing the initial installation of the Gateway and Adapter, it is recommended that MySQL be installed and that the system be verified.  After it has been created and verified, other relational databases can be used in place of MySQL by altering the appropriate entries in the hibernate configuration files for those projects which are accessing the database.  Directions for configuring hibernate to use other databases is not defined in this document.  Set up the database using the following sequence of steps.

 

6.4.1 Installation

Change the current user to root and add a user and group for mysqld.

 

shell> groupadd mysql

shell> useradd –g mysql mysql

shell> cd /nhin

shell> gunzip < $HOME/Thirdparty/mysql-5.0.77-linux-i686.tar.gz | tar xvf –

 

The tar command will create the directory “mysql-5.0.77-linux-i686”.

This directory is owned by root and needs to be owned by mysql.  This can be done by executing the following commands as root in the installation directory. Create MySQL data directory and Change the owner ship to mysql user from root.

 

shell> cd mysql-5.0.77-linux-i686

shell> chown –R mysql .
shell> chgrp –R mysql .

shell> scripts/mysql_install_db –u mysql

6.4.2 Starting and Stopping MySQL

Create a symbolic link to the installed directory “/nhin/mysql-5.0.77-linux-i686” in /usr/local where the startup/shutdown script looks for MySQL.

 

shell> cd /usr/local

shell> ln –s /nhin/mysql-5.0.77-linux-i686 mysql

 

Copy the startup/shutdown script to /etc/init.d and make it executable

 

shell> cp /usr/local/mysql/support-files/mysql.server /etc/init.d/mysql

shell> chmod +x /etc/init.d/mysql

 

Add the MySQL startup/shutdown script to the automatic startup/shutdown configuration

 

shell> chkconfig --add mysql

shell> chkconfig --level 345 mysql on

 

Start MySQL using the automatic startup/shutdown script

 

shell> /etc/init.d/mysql start

 

Verify the installation after starting the Server by executing the following command:

 

shell> /usr/loca/mysql/bin/mysqladmin version

 

This command will show the complete version history of the MySQL installation and its Linux Socket file path etc.

 

To stop MySQL Server, execute the command below:

NOTE: This command is being specified for INFORMATIONAL purposes only. Do NOT execute it at this time.

 

shell> /etc/init.d/mysql stop

6.4.3 Configuring MySQL

Set up the password for MySQL root user using the command below:

 

shell> /usr/local/mysql/bin/mysqladmin –u root password NHIE-Gateway

 

To configure the database schemas and tables associated with the NHIN-CONNECT Gateway, a script is provided named “nhincdb.sql” file under Thirdparty folder.

From the MySQL directory, create a database connection and create the schemas:

 

shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway

mysql>CREATE DATABASE nhincdb;

mysql>\q

 

shell> /usr/local/mysql/bin/mysql -uroot -pNHIE-Gateway nhincdb < $HOME/Thirdparty/dropall.sql

shell> bin/mysql -uroot -pNHIE-Gateway nhincdb < $HOME/Thirdparty/nhincdb.sql

 

This will create Gateway Schemas as listed below:

i) aggregator

ii) assigningauthoritydb
iii) auditrepo
iv) docrepository
v) patientcorrelationdb
vi) subscriptionrepository
 

Try and log into the database as the nhincuser to verify it got created successfully

 

shell> /usr/local/mysql/bin/mysql –unhincuser –pnhincpass
 

If this command fails then issues the following commands:
 

shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway
mysql> CREATE USER ‘nhincuser’@’localhost’ IDENTIFIED BY ‘nhincpass’;
mysql> GRANT ALL PRIVILEGES ON *.* TO ‘nhincuser’@’localhost’ WITH GRANT OPTION; 
mysql> quit
 

Try to log in as nhincuser again:
 

shell> /usr/local/mysql/bin/mysql –unhincuser –pnhincpass


7.0 SSL CERTIFICATE REQUEST AND INSTALLATION PROCESS

This section outlines how to add 2-way SSL to an existing working system, such as the NHIN CONNECT Gateway.

To use 2-way SSL, there are two components needed.  First, the server must present a certificate identifying itself to the consumer of its services.  This server certificate must match (the server portion of the URL or the service must be the same as the name on the certificate) and must be trusted (accomplished by having the issuer of the certificate as a trusted root certificate authority on the client).   Second, the client must send a certificate to the server to identify itself. This client certificate must be trusted by the server (by having the trusted root certificate on the server) (there does not appear to be any validation of the client cert to ensure that it came from a certain address).

Glassfish comes with a default keystore to use for presenting the server certificate.  Instead of using the default keystore, a new keystore will be created, which will hold a certificate issued by the trusted root authority - NHIN-CN. Glassfish also comes with a default trust store used to validate remote certificates - in this case, to determine if it trusts the client cert.  

NOTE: This section only applies to the NHIN CONNECT Gateway machine. This section is not applicable to the NHIN CONNECT Adapter machine. 

7.1 Generate Certificate Request

  1. Create a new working "certificate request" directory (i.e.,
    /nhin/GlassFishESB/certificaterequests).
  2. Open a command prompt to the "certificate request" directory.
  3. Create the new keystore by running the following command:

 

shell> keytool - genkeypair -keyalg RSA -keysize 2048 -keystore myserver.jks -keypass xxxxxxxx -storepass xxxxxxxx -validity 365 -alias myserver -dname "EmailAddress=yourName@yourOrg.com, cn=myserver.fedsconnect.org, OU=Testing, O=YourOrganization, L=YourCity, S=YourState, C=US"

 

Note on parameters:

 

-keystore: This is the name of the java keystore that will be created.  This can be
modified if desired.
-keypass -storepass: This sets the passwords for the store and the request.  Replace
xxxxxxxx with your password. The keystore and store passwords should be the same.
-dname:

       EmailAddress: Email address for the point of contact for your network. 

       CN: This domain must match the domain of the address of the services. Replace testgateway.fedsconnect.org with the name of your gateway. 

       OU: Organizational Unit aspect of the name. 

       O: Replace YourOrganization with the name of your organization.

       L: Replace YourCity with the city your server is hosted in. 

       S: Replace YourState with the state your server is hosted in. 

 

4.                   Create a request for the certificate by running the following command (the request must be made from the server that will use the request):

shell> keytool -certreq -alias myserver -sigalg SHA1withRSA  keystore myserver.jks -storepass xxxxxxxx -file myserver.fedsconnect.org.csr

 

Note on the parameters:


-alias: This sets a name that will refer to this cert.  This can be change if desired.
-keystore: This must be the same name as the keystore created above.
-storepass: This must be the same as the password specified when creating the keystore
-file: This is the filename of the certificate request.  This can be changed if desired.
NOTE: Use of the –file option has caused some certificate requests to have imbedded
CR/LF. If the certificate authority reports this anomaly in your request, remove the –file
option and grab the output and paste into a file manually.

7.2 Download Root Certificate

Download the Root Certificate from the Certificate Authority used to sign your certs.  This document will use myca.arm to represent the filename used for your root certificate.

 

7.3 Send Certificate Request

Upload the generated certificate request (*.csr) to the certificate authority.

7.4 Install the Certificate

Update the keystore with the response.  This will update the server certificate in the keystore. Save these files to your working "certificate request" directory.

              Import the certificate authority certificate into the keystore. This is the certificate that was downloaded in step 6.3 above.

shell> keytool -import -v -trustcacerts -alias myca -file myca.arm keystore myserver.jks

When prompted, enter the password for your keystore.

Note on the parameters:
-alias: This is how the alias for the certificate authority.  This can be modified if desired.
-file: This points to the certificate authority file (*.arm) file.  -keystore: This must point to the keystore used in the request.
 

When prompted with “Trust this certificate? [no]:” enter yes.
 

              Import the server certificate into the keystore.

shell> keytool -import -v -alias myserver -file myservercert.arm -keystore myserver.jks

When prompted, enter the password for your keystore.
 

Note on the parameters:
-alias: This must match the alias given during the creation of the request
-file: This points to the certificate request response file (*.arm) file. This is the file received from the certificate authority.
 

-keystore: This must point to the keystore used in the request.

       Locate the trusted root authority store.  By default, this store will be located in:  <glassfish>/domains/<domain directory>/config/cacerts.jks. It is advisable to backup the cacerts.jks file at this time.

       Import the trusted root certificate into the trusted root authority store.

 

shell> keytool -import -v -trustcacerts -alias myca -file myca.arm keystore <path>/cacerts.jks

When prompted with “Trust this certification? [no]” enter yes.
 

Note on the parameters:
-alias: This is how the alias for the certificate authority.  This can be modified if desired.
-file: This points to the certificate authority file (*.arm) file.  It is not expected that this will
vary.
-keystore: This must point to the certificate authority store. You will be prompted for a
password. The default glassfish password is “changeit”. If you have changed this value,
use the updated value instead.
 

• Validate the certificates were imported correctly by viewing the store. You will be prompted for the passwords after each execution of the keytool utility.

shell> keytool -list -v -alias myserver -keystore myserver.jks

shell> keytool -list -v -alias myca -keystore myserver.jks

shell> keytool -list -v -alias myca -keystore <path>/cacerts.jks

This should output each of the certificates.  If the certificate was not imported, there will be an error from the keytool.

       Copy the keystore (myserver.jks) to the domain's config directory
(<glassfish>/domains/<domain directory>/config/).
 

       Open the domain configuration file for editing. (<glassfish>/domains/<domain directory>/config/domain.xml). (Alternately, these changes can be made by using the admin console)

       Update the domain configuration to point to the new keystore and supply the password (the password option is not in the original configuration).  To do this, replace:

 

<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/keystore.jks</jvmoptions>

to

<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/myserver.jks</jvmoptions> <jvm-options>-Djavax.net.ssl.keyStorePassword=xxxxxxxx</jvm-options>

       Replace xxxxxxxx with the password you created above. 

       Update the domain configuration to use the new server certificate.  To do this, replace all instances of "s1as" with the updated certificate alias ("myserver"). In our default server, there were 12 instances of the certificate alias to update. 

       Enable two-way SSL. This is done by adding the following:

 

<jvm-options>-Dcom.sun.jbi.httpbc.enableClientAuth=true</jvm-options>

8.0 VLER ADAPTER CONFIGURATION

Configuration settings for the Gateway are predominately platform independent. Any platform specific items are explicitly stated.

8.1 Configuration Settings

8.1.1 Metro 1.4 Installation Settings

Update $AS_HOME/domains/domain1/config/domain.xml file. Add the following lines to deal with the certificate and other items in domain.xml toward the end of the file within the existing block of <jvm-options> tags:

<jvm-options>-Djavax.net.ssl.keyStore=${com.sun.aas.instanceRoot}/config/gateway.jks</jvmoptions>

 

<jvm-options>-Djavax.net.ssl.keyStorePassword=XXXXX</jvm-options>

<jvm-options>-Djavax.net.ssl.trustStore=${com.sun.aas.instanceRoot}/config/cacerts.jks</jvmoptions> <jvm-options>-Djavax.net.ssl.trustStorePassword=changeit</jvm-options>

<jvm-options>-DSERVER_KEY_ALIAS=gateway</jvm-options>

<jvm-options>-DCLIENT_KEY_ALIAS=gateway</jvm-options> 

NOTE: The KeyStore password will be the same keystore password generated in the certificate request.

8.1.2 Glassfish Application Variables

NhincHttpPort is used to identify the default Glassfish Http port so Composite Applications can communicate with EJBs. This value is customizable. The recommended setting is 8080.  It must match the default http port selected when installing glassfish. 

The value can be set through the Glassfish Admin Console. To set, you will need to first log on to the glassfish admin console. Open the URL http://localhost:4848/login.jsf. The default user name is admin and the default password is admin/adminadmin. If you customized any of these settings in your installation, use your custom settings instead. 

During some installations of Glassfish, the sun-http-binding component initializes in the stopped state. The sun-http-binding component needs to be running to assign the Application Variable.

  1. From the main page, select JBI  Components  sun-http-binding
  2. Verify that the sun-http-binding component is started. If not, select the Start button on the sun-http-binding – Binding Component General Properties page.
  3. From the sun-http-binding page, select Application  Variables
  4. Click the “Add Variable” button. Variable type is Number, and the desired value (8080 is recommended). The variable name is NhincHttpPort.

 

 

Figure 8.1.2-1: Glassfish Application Variables

8.1.3 CONNECT Interfaces/Property/Configuration File Settings

8.1.3.1 CONNECT Properties

These property files contain the main settings for the adapter. Follow the steps outlined below to install these property files.

 

The default shell profile “nhin-profile.sh” contains the NHINC_PROPERTIES_DIR environment variable which points to the CONNECT properties location.

 

NOTE: There is a known problem with Unix deployments.  Sometimes the environment variable as applied as a location relative to $AS_HOME/domains/domain1/config rather than an absolute filesystem location.  The following commands will allow the applications to find the properties files in either case.

 

shell> mkdir $AS_HOME /domains/domain1/config/nhin

shell> mkdir /nhin/Properties

shell> ln –s /nhin/Properties $AS_HOME /domains/domain1/config/nhin/Properties

shell> NHINC_PROPERTIES_DIR=/nhin/Properties

shell> export NHINC_PROPERTIES_DIR

 

Extract the properties files from the release package.

 

shell> cd $NHINC_PROPERTIES_DIR

shell> gunzip < $HOME/$INSTALL_DIR/NHIN_CONNECT_2.1_Properties_rhel5_0707.tar.gz | xvf –

shell> chmod go+w *

 

 

Customize the properties files to the appropriate settings for the adapter.

 

  1. Set the localHomeCommunityId to the OID from Appendix A. 
  2. Set the locaHomeCommunityDescription to a textual description of your environment.
  3. Set the localDeviceId to the local Assigning Authority OID.

 

Add the repository properties files from the TATRC extensions

 

shell>cp $HOME/TATRC_Extensions/repository.properties $NHINC_PROPERTIES_DIR

 

8.1.3.2 CONNECT Interfaces

 

All the required schemas and wsdls are bundled in the binary distribution.

8.1.3.3 NHIN CONNECT Gateway Components

       NhincHL7JaxbLib.jar

       NhincSAMLCallbackLib.jar

8.2 Connection Management

The adapter must be configured to connect to the VLER Gateway for outbound requests and the PAWS server for inbound requests.

The adapterServicesMapping.xml file contains the URLs and service endpoints required for communication between internal components as well as the VLER Gateway.

The dod_connector.properties file contains the URLs and service endpoints required for communication between the common access layer of the adapter and the PAWS server.

Both these configuration files are located in the $NHINC_PROPERTIES_DIR. 

 

shell>cp $HOME/TATRC_Extensions/adapterServicesMapping.xml $NHINC_PROPERTIES_DIR

shell>cp $HOME/TATRC_Extensions/dod_connector.properties $NHINC_PROPERTIES_DIR

8.2.1 adapterServicesMapping.xml File

The properties in the adapterServicesMapping.xml file used to configure the VLER adapter for communicating with the Gateway are:

              EnterpriseDocumentQuery: This is currently to: http://gateway:8080/NhinConnect/NhincDocQuery.  This should be set to the gateway web service endpoint for accepting document query requests from the adapter.

 

              EnterpriseDocumentRetrieve: This is currently to: http://gateway:8080/NhinConnect/NhincDocRetrieve.  This should be set to the gateway web service endpoint for accepting document retrieve requests from the adapter.

 

8.2.2 dod_connector.properties File

The properties in the dod_connector.properties file are used to configure the VLER adapter for communicating with the PAWS server.  There are 2 properties for each data domain that need to be changed:

              <domain>.endpointURL: This is currently set to http://seraph.cde.tatrc.org/PAWSAA/<service> This should be set to the corresponding PAWS service endpoint in current environment.

 

              <domain>.wsdl: This is currently set to http://seraph.cde.tatrc.org/PAWSAA/<service>?WSDL This should be set to the corresponding PAWS service endpoint in current environment.

 

 

8.3 Reidentification.xml

This file is used on the adapter to keep the mappings between a patient pseudonym and its corresponding real patient identifier. 

The reidentification.xml file is located in the $NHINC_PROPERTIES_DIR defined earlier in this section.

 

8.4 Gateway Properties

The gateway properties are defined in the following file: 

$NHINC_PROPERTIES_DIR/gateway.properties

This file does not require modification on the adapter server.

8.5 Adapter Properties

The adapter.properties file is used to hold reference adapter specific properties. This file should be located in: $NHINC_PROPERTIES_DIR.

              XDSbHomeCommunityId: This setting specifies the home community ID for the
document registry/repository associated with this adapter

              EntityNotificationConsumerURL: This is the URL for the Gateway’s Entity HIEM Notify service.

              assigningAuthorityId: This is the local assigning authority id.

 

8.6 Connection EPR Properties

The connectionEPR.properties is used with the new Connection Manager and is not required for the adapter server.

 

The connectionEPR properties are defined in the following file: 

$NHINC_PROPERTIES_DIR/connectionEPR.properties

 

8.7 Component Proxy Spring Configuration Properties

There is a collection of configuration files that are used by Spring to determine how the messaging proxy projects communicate.  These files are located in $NHINC_PROPERTIES_DIR and follow the following naming convention: <Component Name>ProxyConfig.xml.  Below is an example of one of these files.  In order to switch out implementations just replace with class name specified with the desired implementation class.

<beans xmlns="http://www.springframework.org/schema/beans"           xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd">

<!-- Web-service MPI implementation -->

    <bean id="mpi" class="gov.hhs.fha.nhinc.mpi.proxy.AdapterMpiWebServiceProxy"/> 

</beans>

8.7.1 HIEM Topic Configuration Properties

This properties file contains information needed to process HIEM topics.  This file needs to be located in $NHINC_PROPERTIES_DIR and is called hiemTopicConfiguration.xml.  Below is an example of the contents within this file.

<topicConfigurations> <topicConfiguration>

<topic><![CDATA[ <wsnt:Topic xmlns:wsnt="http://docs.oasis-open.org/wsn/b-2" xmlns:nhin="http://www.hhs.gov/healthit/nhin" Dialect="http://doc.oasis-open.org/wsn/t1/TopicExpression/Simple" >nhin:SomeOtherTopic1</wsnt:Topic> ]]></topic>

<isSupported>true</isSupported>
  <isPatientCentric>false</isPatientCentric>
  <isPatientRequired>false</isPatientRequired>
  <patientIdentifierSubscribeLocation>test subscribe
 

location</patientIdentifierSubscribeLocation>   <patientIdentifierNotifyLocation>test notify location 1</patientIdentifierNotifyLocation>   <patientIdentifierFormat>HL7Encoded</patientIdentifierFormat>

</topicConfiguration>

</topicConfigurations>

 

9.0 DEPLOYMENT

The VLER Adapter release package contains the components required for operation as a DoD Adapter to NHIN Gateway. This section includes instructions for adapter configuration.

The CONNECT Adapter and Gateway components are included in NHIN_CONNECT_2.1_Gateway_rhel5_0707.tar.gz.  Extracting the contents will create the NHINC_Binaries directory which contains all the components.  This was done in section 6.

 

The TATRC Universal Adapter extensions are included in NHIN_CONNECT_2.1_TATRC_rhel5_1115.tar.gz.  Extracting the contents will create the TATRC_Extensions directory which contains all the components.  This was done in section 6.

9.1 Deploying applications to Glassfish 

This section describes how deploy the VLER adapter applications to the Glassfish servers.

 

9.1.1 CONNECT Adapter Components.

The following applications must be deployed for the server to act as an Adapter:

Filename

Application Type

AdapterReidentficationEJB.jar

EJB

AdapterPoliceyEngineTransformEJB.jar

EJB

AdapterPIPEJB.jar

EJB

AdapterPEPEJB.jar

EJB

AdapterPolicyEngineOrchestratorEJB.jar

EJB

AdapterMpiEJB.jar

EJB

MpiManagerEJB.jar

EJB

MpiEJB.jar

EJB

AdapterCA.zip

CA

DocumentRepositoryEJB.jar

EJB

Table 9.1.1-1              CONNECT Adapter Components

Each of the applications above may be deployed via the Glassfish admin console or by using the deployment scripts.

 

9.1.2 TATRC Universal Adapter Components.

The following applications are extensions to the CONNECT Adapter:

Filename

Application Type

AdapterDocumentAssemblyProxyEJB.jar

EJB

BOSServiceEndpointProviderEJB.jar

EJB

DocumentAssemblyManagerEJB.jar

EJB

DocumentManagerEJB.jar

EJB

DocumentRepositoryEJB.jar (replaces CONNECT component)

EJB

NHINAdapterServiceEJB.jar

EJB

Table 9.1.2-1              TATRC Adapter Components

 

Each of the applications above may be deployed via the Glassfish admin console or by using the deployment scripts. 

 

9.1.3 Update Glassfish lib and property files

 

shell>cp $HOME/NHINC_Binaries/NhincSAMLCallbackLib.jar $AS_HOME/lib

shell>cp $HOME/NHINC_Binaries/NhincHL7JaxbLib.jar $AS_HOME/lib

 

For Adapter installation with TATRIC extensions, the TATRC version of the HL7 JAXB libraries must replace the CONNECT version.

 

shell>cp $HOME/TATRC_Extensions/NhincHL7JaxbLib.jar $AS_HOME/lib

 

Verify that these jars in $AS_HOME/lib are owned by the user account that will be starting and stopping glassfish.  If not, perform the following steps:

 

shell>su
<root>chown <currentuser> $AS_HOME/lib/NhincSAMLCallbackLib.jar
<root>chgrp <currentuser> $AS_HOME/lib/NhincSAMLCallbackLib.jar
<root>chown <currentuser> $AS_HOME/lib/NhincHL7JaxbLib.jar
<root>chgrp <currentuser> $AS_HOME/lib/NhincHL7JaxbLib.jar
 

Restart the Glassfish application server.

shell>

shell>cd $AS_HOME/bin

shell>./asadmin stop-domain domain1

shell>./asadmin start-domain domain1

9.1.4 Deployment of CONNECT Components

Deployment of the CONNECT components require the Glassfish Application Server to be running. Monitoring the server.log file is recommended to verify successful deployment. During the deployment, there will be several expected WARNING messages in the server.log. These are a few of the expected warnings.

 

<timestamp>|WARNING|sun-appserver2.1|…datatypes-base.xsd…warning: p-props-correct

2.2: maxOccurs must be greater than or equal to 1.|#]

<timestamp>|WARNING|sun-appserver2.1|…FromXmlParser.endElement(): Found unrecognized end element </sxed:editor>, namespace=http://…SUNExtension/Editor|#]

Monitor $AS_HOME/domains/domain1/logs/server.log for JBI framework startup complete message.

shell>$HOME/NHINC_Binaries/DeployConnectAdapter.sh

Monitor $AS_HOME/domains/domain1/logs/server.log for any exceptions

9.1.5 Deployment of Universal Adapter Extensions

9.1.5.1 Database Extensions

The TATRC Extensions require additional database schemas.  The document assembly and template schemas can be installed by running the following scripts:

shell>cd $HOME/TATRC_Extensions

shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway < docrepository_dll.sql

shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway < docassembly_dll.sql

shell> /usr/local/mysql/bin/mysql –uroot –pNHIE-Gateway < templatedb_dll.sql

 

9.1.5.2 Binary Extensions

Deployment of the TATRC Universal Adapter components requires the Glassfish Application Server to be running. Monitoring the server.log file is recommended to verify successful deployment.

 

shell>$HOME/NHINC_Extensions/DeployTATRCExtensions.sh

Monitor $AS_HOME/domains/domain1/logs/server.log for any exceptions.

 

9.2 Configuration Files

This section describes the configuration files that are needed by Glassfish in order to run the NHIN Applications.

9.2.1 Log4j

Edit $AS_HOME/domains/domain1/domain.xml.

Add a new <jvm-options> tag with the following value item to ensure that log4j.properties file is referenced by Glassfish.

 

-Dlog4j.configuration=file/nhin/Properties/log4j.properties

 

To help limit the amount of log messages generated by c3p0 during access to the MySQL database, edit the $NHINC_PROPERTIES_DIR/log4j.properties file to add the following line:

log4j.appender.com.mchange.v2.c3p0=WARN

 

9.2.2 Connection Pools

Edit $AS_HOME/domains/domain1/domain.xml.

Add <jdbc-resource> tags, enter the following configuration item to ensure that MySQL connections are managed by Glassfish through connection pools.

 

<jdbc-resource

enabled="true"

jndi-name="jdbc/dasDS"

object-type="user"

pool-name="docassemblyPool"/>

<jdbc-resource

enabled="true"

jndi-name="jdbc/templateDS"

object-type="user"

pool-name="templatedbPool"/>

Add <jdbc-connection-pool> tags which describe the connection pools referenced in the <jdbc-resource> tags.

 

 

<jdbc-connection-pool

allow-non-component-callers="true"

associate-with-thread="false"

connection-creation-retry-attempts="0"

connection-creation-retry-interval-in-seconds="10"

connection-leak-reclaim="false"

connection-leak-timeout-in-seconds="0"

connection-validation-method="auto-commit"

datasource-classname="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource"

fail-all-connections="true"

idle-timeout-in-seconds="300"

is-connection-validation-required="true"

is-isolation-level-guaranteed="false"

lazy-connection-association="false"

lazy-connection-enlistment="false"

match-connections="false"

max-connection-usage-count="0"

max-pool-size="5"

max-wait-time-in-millis="600000"

name="docassemblyPool"

non-transactional-connections="true"

pool-resize-quantity="1"

res-type="javax.sql.ConnectionPoolDataSource"

statement-timeout-in-seconds="-1"

steady-pool-size="3"

validate-atmost-once-period-in-seconds="0"

wrap-jdbc-objects="false">


                    <description>Connection pool for docassembly schema</description>

<property name="MaxRows" value="-1"/>

<property name="DriverClass" value="com.mysql.jdbc.Driver"/>

<property name="PortNumber" value="3306"/>

<property name="Password" value="nhincpass"/>

<property name="LoginTimeout" value="0"/>

<property name="User" value="nhincuser"/>

<property name="URL" value="jdbc:mysql://localhost:3306/docassembly"/>

<property name="ServerName" value="localhost"/>
</jdbc-connection-pool>

<jdbc-connection-pool

allow-non-component-callers="true"

associate-with-thread="false"

connection-creation-retry-attempts="0"

connection-creation-retry-interval-in-seconds="10"

connection-leak-reclaim="false"

connection-leak-timeout-in-seconds="0"

connection-validation-method="auto-commit"

datasource-classname="com.mysql.jdbc.jdbc2.optional.MysqlConnectionPoolDataSource"

fail-all-connections="true"

idle-timeout-in-seconds="300"

is-connection-validation-required="true"

is-isolation-level-guaranteed="false"

lazy-connection-association="false"

lazy-connection-enlistment="false"

match-connections="false"

max-connection-usage-count="0"

max-pool-size="5"

max-wait-time-in-millis="600000"

name="templatedbPool"

non-transactional-connections="true"

pool-resize-quantity="1"

res-type="javax.sql.ConnectionPoolDataSource"

statement-timeout-in-seconds="-1"

steady-pool-size="3"

validate-atmost-once-period-in-seconds="0"

wrap-jdbc-objects="false">

 

<description>Connection pool for templates schema</description>

 

<property name="MaxRows" value="-1"/>

<property name="DriverClass" value="com.mysql.jdbc.Driver"/>

<property name="PortNumber" value="3306"/>

<property name="Password" value="nhincpass"/>

<property name="LoginTimeout" value="0"/>

<property name="User" value="nhincuser"/>

<property name="URL" value="jdbc:mysql://localhost:3306/templatedb"/>

<property name="ServerName" value="localhost"/>
 </jdbc-connection-pool>

Add <resource-ref> tags to the <server> node, enter the following reference tags to ensure that the connection resources are available to the adapter components.

 

< resource-ref

enabled="true"

ref="jdbc/dasDS"/>

< resource-ref

enabled="true"

ref="jdbc/templateDS"/>

This completes the installation and configuration of the VLER Adapter.

10.0 ACRONYMS
 

CA

Certificate Authority

DOD

Department of Defense

ESB

Enterprise Service Bus

NHIN

Nationwide Health Information Network

OID

Object Identifier or Home Community ID

POC

Point of Contact

RAM

Random Access Memory

SDK

Software Development Kit

SSL

Secure Sockets Layer

WSDL

Web Service Definition Language

 

6

VLER Adapter Linux Installation and Configuration Guide

11/20/2009

 


APPENDIX A

A. Object Identifier or Home Community ID (OID) REQUEST SUBMITTAL PROCESS

A.1 Getting Started

Before you can request the OID, there are a few questions that you should answer.  These answers will be requested during the OID request process.

       Your Main Point of Contact (POC):  (This can be a project manager or a Technical point of contact)

       Your POC’s office address:

       Your POC’s phone number:

       Your POC’s fax number:

       Your POC’s Title:

       Organization’s url:

 

A.2 Submitting the Request

1. Login into: http://www.hl7.org/oid/index.cfm

 

Figure A.2-1: HL7-OID Registration Home Page

2. Select the “Click to Obtain or Register an OID” Hyperlink.

 

 

Figure A.2-2: Complete Contact Information

3. Complete the form as shown above including the information collected from Section A.1 of this document

  1. The POC from section A.1 is your Contact Person and Responsible Body.  It may also be the Submitter but the individuals do not have to be the same person.
  2. Please make sure to add “http://” prior to the url information otherwise the OID request will error.
  3. Resp Body Type select “Government body” from the drop down.
  4. Once all the pertinent information is entered select the “Continue” button.

 

 

Figure A.2-3: Select type of OID

4. Leave the default as shown and select the “Next” button.

Figure A.2-4: New or Existing OID Designation.

 

5. Select the first radio button and then select the “Next” button.

 

 

Figure A.2-4: Registry Wizard

 

 

Figure A.2-5: HL7 OID Description

6. Add the Submitter contact information, enter the name of the server and provide a minor description.

  1. Please note that the user can search by “Object Description” to locate the OID information. So you may want to provide a description that is significant to your organization.
  2. Type of OID= 3.
  3. Select the “Request my OID” button.

 

 

Figure A.2-6: OID Registration Confirmation

7. An acknowledgement of the submittal is displayed on the screen with the OID that as been generated.  Please make note of the OID.  Select the “Back” button to return to the first screen.

 

Figure A.2-7: OID Email Confirmation

8. An email detailing the request will also be sent to the Submitter and the Responsible Body.

Searching for an OID on the site

 

Figure A.2-8: Searching by OID number

1. The user can search by the OID number.  The OID number that was generated or registered on this site is entered in the left panel in the “Enter the OID:” box and then the “Find OID” is selected. The right hand panel will display a drop down with results that match the criteria entered.  The user can then select from the drop down the desired results and the “Submit” button for the details.  

a.               Please note that if the OID that you seek is not in the drop down, it may not have been registered or obtained from this site.

 

Figure A.2-9: Search by OID Description

2. The user can search by the OID description.                The OID description that was entered during the generation process on this site is entered in the left panel in the “Enter a string to search the OID description:” box, and then the “Find OID” is selected.  The right hand panel will display a drop down with results that match the criteria entered.  The user can then select from the drop down the desired results and the “Submit” button for the details.

6

VLER Adapter Linux Installation and Configuration Guide

11/20/2009