Eclipse Open Healthcare Framework (OHF) Bridge
Configuring the OHF Bridge
Configuring the Bridge
If you're running the Bridge locally (and not using the IBM Public Demo), then you'll want to make
some configuration changes. The Bridge has a few configuration points that control not only its
actions but the actions of the IHE and HL7v2 components as well, including security certificates and logging.
bridge.properties
The bridge.properties file (stored in the [tomcat home]/conf directory for those using Tomcat) controls
the file paths and settings for Bridge, IHE, and HL7v2 components. It contains several properties,
most of which will be unchanged but some that you can control. The properties include:
- rhio.config.file - Path to the RHIO Configuration File. See below for more details.
- log.config.file - Path to the log4j configuration file.
- hl7.definitions and hl7.qbp.q23 - Path to the HL7 definitions files (do not change)
- cda.base.file - Path to a generic CDA document that OHF uses for wrapping submitted documents
- document.entry.base and submission.set.base - Path to a generic DocumentEntry and SubmissionSet XDS metadata files
- javax.net.ssl.keyStore - Path to a Java JKS keystore containing the client private key for mutual TLS authentication
- javax.net.ssl.keyStorePassword - Password to the client private keystore
- javax.net.ssl.trustStore - Path to a Java JKS keystore containing a list of trusted (server-side) public keys for mutual TLS authentication
- javax.net.ssl.trustStorePassword - Password to the public truststore
RHIO/Server Configuration
One of the features of the Bridge is the ability to aggregate the configuration settings for
various IHE-based infrastructure that make up a RHIO. More specifically, it is a configuration
file that stores a list of IHE XDS registries, repositories, and PIX/PDQ servers, and their
associated configuration information (URLs, domain information, etc) and allows the caller of the
Bridge to identify which RHIO they want to access by name and need not manage the configurations
on the client side.
The RHIO configuration is an XML file pointed to be the log.config.file property
in the bridge.properties file. A sample RHIO config can be
viewed here.
- <rhio> Options
Each RHIO is assigned a name, a registryID, a
repositoryID, a pixID, and an auditID.
<rhio>
<name>RHIO NAME</name>
<publicHealthcareAffinityDomain>false</publicHealthcareAffinityDomain>
<config>
<registryId>REGISTRY NAME</registryId>
<repositoryId>REPOSITORY NAME</repositoryId>
<pixId>PIX NAME</pixId>
<auditId>AUDIT NAME</auditId>
</config>
</rhio>
The names entered into the ID fields point to a respective <registry>, <repository>,
<pix>, or <audit> entry in the configuration file.
- <registry> Options
An IHE XDS registry is given an ID and can point to four separate SOAP endpoints:
A secure and unsecure stored query receiver and secured and unsecure SQL query receiver. Each
of these settings is optional (you can have zero or one of each defined). Additionally, if an
XDS registry is tied to a PIX feed receiver, you can specify a secure and unsecure
MLLP host. Note that secure URLs should always be prefixed with https://. A sample
registry configuration:
<registry>
<id>REGISTRY NAME</id>
<noneStoredQueriesUrl>
<unsecured>http://lswin10.dfw.ibm.com:9080/ihii/registry/soap</unsecured>
<secured>https://lswin10.dfw.ibm.com:9044/ihii/registry/soap</secured>
</noneStoredQueriesUrl>
<storedQueriesUrl>
<unsecured>http://lswin10.dfw.ibm.com:9080/XDSRegistryWS/services/XDSRegistry</unsecured>
<secured>https://lswin10.dfw.ibm.com:9044/XDSRegistryWS/services/XDSRegistry</secured>
</storedQueriesUrl>
<mllp>
<unsecured>mllp://lswin10.dfw.ibm.com:3777</unsecured>
<secured>mllps://lswin10.dfw.ibm.com:3778</secured>
</mllp>
</registry>
- <repository> Options
An IHE XDS repository configuration has an ID and can point to two
SOAP endpoints: A secure and an unsecure receiver for accepting
XDS submissions. You can have zero or one of each URL.
<repository>
<id>REPOSITORY NAME</id>
<url>
<unsecured>http://lswin10.dfw.ibm.com:9080/IHIIRepository/SubmissionSetReceiver</unsecured>
<secured>https://lswin10.dfw.ibm.com:9044/IHIIRepository/SubmissionSetReceiver</secured>
</url>
</repository>
- <pix> and <pixProperties> Options
An IHE PIX server configuration contains an ID and two MLLP URLs for
sending PIX messages. You can have zero or one of each URL. Additionally,
there are a series of settings (each pointing to a <pixProperties> field) that
define settings for various PIX settings, such as the domain information. For more
information about these settings, please see the IHE PIX profiles.
<pix>
<id>PIX NAME</id>
<mllp>
<unsecured>mllp://ibmod235.dal-ebis.ihost.com:3600</unsecured>
<secured>mllps://ibmod235.dal-ebis.ihost.com:3700</secured>
</mllp>
<pixServerPropertiesId>IBM PAT_IDENTITY_X_REF_MGR_IBM1</pixServerPropertiesId>
<pixSourcePropertiesId>OTHER_KIOSK</pixSourcePropertiesId>
<pixConsumerPropertiesId>OHFConsumer1</pixConsumerPropertiesId>
<pdqServerPropertiesId>OTHER_KIOSK</pdqServerPropertiesId>
<pdqConsumerPropertiesId>OHFConsumer1</pdqConsumerPropertiesId>
</pix>
<pixProperties>
<id>IBM PAT_IDENTITY_X_REF_MGR_IBM1</id>
<facility>IBM</facility>
<application>PAT_IDENTITY_X_REF_MGR_IBM1</application>
<assigningAuthorityNamespaceId>HIMSS2005</assigningAuthorityNamespaceId>
<assigningAuthorityUniversalId>1.3.6.1.4.1.21367.2005.1.1</assigningAuthorityUniversalId>
<assigningAuthorityUniversalIdType>ISO</assigningAuthorityUniversalIdType>
</pixProperties>
- <audit> Options
An IHE ATNA Audit repository represents a receiver of syslog messages
over UDP for tracking audit trails on transactions. Each audit configuration
consists of an ID and a URL to an audit trail receiver.
<audit>
<id>AUDIT NAME</id>
<url>
<unsecured>udp://ibmod235.dal-ebis.ihost.com:514</unsecured>
</url>
</audit>
Configuring the Bridge
If you're running the Bridge locally (and not using the IBM Public Demo), then you'll want to make some configuration changes. The Bridge has a few configuration points that control not only its actions but the actions of the IHE and HL7v2 components as well, including security certificates and logging.
bridge.properties
The bridge.properties file (stored in the [tomcat home]/conf directory for those using Tomcat) controls
the file paths and settings for Bridge, IHE, and HL7v2 components. It contains several properties,
most of which will be unchanged but some that you can control. The properties include:
- rhio.config.file - Path to the RHIO Configuration File. See below for more details.
- log.config.file - Path to the log4j configuration file.
- hl7.definitions and hl7.qbp.q23 - Path to the HL7 definitions files (do not change)
- cda.base.file - Path to a generic CDA document that OHF uses for wrapping submitted documents
- document.entry.base and submission.set.base - Path to a generic DocumentEntry and SubmissionSet XDS metadata files
- javax.net.ssl.keyStore - Path to a Java JKS keystore containing the client private key for mutual TLS authentication
- javax.net.ssl.keyStorePassword - Password to the client private keystore
- javax.net.ssl.trustStore - Path to a Java JKS keystore containing a list of trusted (server-side) public keys for mutual TLS authentication
- javax.net.ssl.trustStorePassword - Password to the public truststore
RHIO/Server Configuration
One of the features of the Bridge is the ability to aggregate the configuration settings for
various IHE-based infrastructure that make up a RHIO. More specifically, it is a configuration
file that stores a list of IHE XDS registries, repositories, and PIX/PDQ servers, and their
associated configuration information (URLs, domain information, etc) and allows the caller of the
Bridge to identify which RHIO they want to access by name and need not manage the configurations
on the client side.
The RHIO configuration is an XML file pointed to be the log.config.file property
in the bridge.properties file. A sample RHIO config can be
viewed here.
- <rhio> Options
Each RHIO is assigned a name, a registryID, a repositoryID, a pixID, and an auditID.<rhio> <name>RHIO NAME</name> <publicHealthcareAffinityDomain>false</publicHealthcareAffinityDomain> <config> <registryId>REGISTRY NAME</registryId> <repositoryId>REPOSITORY NAME</repositoryId> <pixId>PIX NAME</pixId> <auditId>AUDIT NAME</auditId> </config> </rhio>The names entered into the ID fields point to a respective <registry>, <repository>, <pix>, or <audit> entry in the configuration file. - <registry> Options
An IHE XDS registry is given an ID and can point to four separate SOAP endpoints: A secure and unsecure stored query receiver and secured and unsecure SQL query receiver. Each of these settings is optional (you can have zero or one of each defined). Additionally, if an XDS registry is tied to a PIX feed receiver, you can specify a secure and unsecure MLLP host. Note that secure URLs should always be prefixed with https://. A sample registry configuration:<registry> <id>REGISTRY NAME</id> <noneStoredQueriesUrl> <unsecured>http://lswin10.dfw.ibm.com:9080/ihii/registry/soap</unsecured> <secured>https://lswin10.dfw.ibm.com:9044/ihii/registry/soap</secured> </noneStoredQueriesUrl> <storedQueriesUrl> <unsecured>http://lswin10.dfw.ibm.com:9080/XDSRegistryWS/services/XDSRegistry</unsecured> <secured>https://lswin10.dfw.ibm.com:9044/XDSRegistryWS/services/XDSRegistry</secured> </storedQueriesUrl> <mllp> <unsecured>mllp://lswin10.dfw.ibm.com:3777</unsecured> <secured>mllps://lswin10.dfw.ibm.com:3778</secured> </mllp> </registry>
- <repository> Options
An IHE XDS repository configuration has an ID and can point to two SOAP endpoints: A secure and an unsecure receiver for accepting XDS submissions. You can have zero or one of each URL.<repository> <id>REPOSITORY NAME</id> <url> <unsecured>http://lswin10.dfw.ibm.com:9080/IHIIRepository/SubmissionSetReceiver</unsecured> <secured>https://lswin10.dfw.ibm.com:9044/IHIIRepository/SubmissionSetReceiver</secured> </url> </repository>
- <pix> and <pixProperties> Options
An IHE PIX server configuration contains an ID and two MLLP URLs for sending PIX messages. You can have zero or one of each URL. Additionally, there are a series of settings (each pointing to a <pixProperties> field) that define settings for various PIX settings, such as the domain information. For more information about these settings, please see the IHE PIX profiles.<pix> <id>PIX NAME</id> <mllp> <unsecured>mllp://ibmod235.dal-ebis.ihost.com:3600</unsecured> <secured>mllps://ibmod235.dal-ebis.ihost.com:3700</secured> </mllp> <pixServerPropertiesId>IBM PAT_IDENTITY_X_REF_MGR_IBM1</pixServerPropertiesId> <pixSourcePropertiesId>OTHER_KIOSK</pixSourcePropertiesId> <pixConsumerPropertiesId>OHFConsumer1</pixConsumerPropertiesId> <pdqServerPropertiesId>OTHER_KIOSK</pdqServerPropertiesId> <pdqConsumerPropertiesId>OHFConsumer1</pdqConsumerPropertiesId> </pix>
<pixProperties> <id>IBM PAT_IDENTITY_X_REF_MGR_IBM1</id> <facility>IBM</facility> <application>PAT_IDENTITY_X_REF_MGR_IBM1</application> <assigningAuthorityNamespaceId>HIMSS2005</assigningAuthorityNamespaceId> <assigningAuthorityUniversalId>1.3.6.1.4.1.21367.2005.1.1</assigningAuthorityUniversalId> <assigningAuthorityUniversalIdType>ISO</assigningAuthorityUniversalIdType> </pixProperties>
- <audit> Options
An IHE ATNA Audit repository represents a receiver of syslog messages over UDP for tracking audit trails on transactions. Each audit configuration consists of an ID and a URL to an audit trail receiver.<audit> <id>AUDIT NAME</id> <url> <unsecured>udp://ibmod235.dal-ebis.ihost.com:514</unsecured> </url> </audit>