• No results found

Health Identity Programme

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Health Identity Programme"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

Health Identity Programme

Architectural Decisions Document

Version 1.2 - Project Phase: Patient Index and NHI Synchronisation Release

SSR Gateway Retirement Options

Version 1.2

Date 22-Jun-12

Owner Pat Ryan

(2)

Table of contents

1. INTRODUCTION ... 3 1.1 PURPOSE ... 3 1.2 BACKGROUND ... 3 1.3 SOLUTION OVERVIEW ... 3 1.4 ARCHITECTURAL DECISIONS... 3

1.4.1 Transport Protocol Version ... 3

2 PROPOSED SOLUTION ... 4 2.1 CURRENT STATE ... 4 2.2 INTERMEDIATE STATE... 5 2.3 FINAL STATE ... 6 3 APPLICABLE STANDARDS ... 7 APPENDIX A: GLOSSARY ... 8

APPENDIX B: DOCUMENT CONTROL ... 8

B.1:VERSION HISTORY ... 8

B.2:RELATED DOCUMENTS ... 8

C.3:DOCUMENT DISTRIBUTION ... 8 Confidentiality:

The information contained in this document is proprietary to the Ministry of Health. This document must not be used, reproduced, or disclosed to others except employees of the recipient of this document who have the need to know for the purposes of this assignment. Prior to such disclosure, the recipient of this document must obtain the agreement of such employees or other parties to receive and use such information as proprietary and confidential and subject to non-disclosure on the same conditions as set out above.

The recipient by retaining and using this document agrees to the above restrictions and shall protect the document and information contained in it from loss, theft and misuse.

(3)

1. Introduction

1.1 Purpose

This document outlines a proposed approach to retiring the SSR Gateway.

1.2 Background

The SSR Gateway/ SSR Client provide RSA encryption and decryption of HL7 messages to the NHI system hosted by the Ministry. Encryption of request messages is performed by the SSR Client component using a client X509 certificate. The SSR Gateway performs decryption of the request and load-balancing across the NHI servers. The HL7 interface is due to be retired and replaced by web services as part of the HIP programme of work. A stage in this programme of work is to place an F5 between DHB consumers and the NHI servers. This creates an opportunity to retire the SSR Gateway/ SSR Client prior to the full retirement of the HL7 interface. Since the SSR has been operationally troublesome, early retirement is seen as beneficial.

The new National Health Index system will only be available on first release to those customers using a Connected Health compliant network. It is recommended that 128 bit encryption of network traffic is also implemented. This is in line with the Health Security Information Framework and recommended technical standards.

Note – the term SSL used in this document may refer to SSL 3.0 or a version of TLS, depending on the outcome of the architectural decision described in section 1.4.1 Transport Protocol Version

1.3 Solution Overview

The Ministry exposes an SSL port for incoming HL7 messages in parallel with the current TCP port used by the SSR Client

DHB’s who wish to retire their SSR Client component redirect applications generating HL7 messages from the SSR Client to a proxy server which supports SSL and forwards the incoming HL7 messages over SSL to the Ministry’s SSL port

When all DHB’s have migrated to the SSL service, the SSR gateway will be retired. The proposed solution is shown schematically below:

DHB

Sector User

SSR Client HL7/TCP MoH F5 LTM HL7/TCP

x

CH

HL7/SSL SSL Proxy

Figure 1 - solution overview

1.4 Architectural Decisions

1.4.1 Transport Protocol Version

Decision Name Transport Protocol Version Need for decision

point

There are multiple versions of SSL and its successor TLS. Later versions should be more secure but may not be supported by all clients. The F5 may support protocol negotiation to fall back to the highest mutually supported protocol. Need to agree a minimum acceptable standard

(4)

Chosen option To be discussed with Ministry and sector architects

2 Proposed Solution

2.1 Current State

The diagram below provides a high-level overview of the relevant portions of the current SSR architecture

Connected

Health

MoH SSR Server

SSR Server

decryption NZHISDMZ DHB

Sector User

SSR Client

HL7/TCP

Client

Cert

SSR/TCP Load balancing RSA encrypted HL7 message over SSL

Figure 2 - current SSR architecture

The request message processing steps are outlined below:

1. Sector users send HL7 messages over TCP to the SSR client component

2. Encryption of request messages is performed by the SSR Client component using a client X509 certificate

3. The SSR server decrypts the message using the client’s public key, and load balances the decrypted message to the NHI front end servers (not shown)

(5)

2.2 Intermediate State

In the intermediary state the Ministry will operate both TCP and SSL interfaces to the NHI, allowing DHB’s to choose when to migrate to the new SSL interface

Connected Health MoH NZHISDMZ DHB 1 Sector User HL7/TCP SSL transport security SSL appliance SSR Server SSR Server decryption DHB 2

Sector User SSR Client HL7/TCP Client Cert SSR/TCP Load balancing RSA encrypted HL7 message over SSL F5 SSL Termination Load balancing F5 LTM HL7/SSL Server Cert

(6)

2.3 Final State

Connected

Health

MoH F5 SSL Termination NZHISDMZ DHB

Sector User

HL7/TCP HL7/SSL Load balancing SSL transport security F5 LTM SSL appliance

Server

Cert

Figure 4 - final state

The request message processing steps are outlined below:

1. Sector users send HL7 messages over TCP to an SSL proxy

2. The SSL proxy negotiates a one-way SSL session with the Ministry’s F5 LTM

3. The F5 terminates the SSL connection and forwards unencrypted TCP traffic to the NHI servers

(7)

3 Applicable Standards

Standard Requirement Reference Section

NZISM

Agencies should not use versions of

SSL prior to version 3.0.

[NZISM] 16.4

NZS

8153:2002

Any identifiable patient data being

transmitted via external networks

shall be a minimum of 128 bit

encrypted

[NZS 8153] 15.1.6 (c)

HISO

10029.1

When personal health information is

exchanged over a network, it is

protected from interception, incorrect

routing and loss. When personal

health information is exchanged on

physical media, it is protected from

unauthorised access, misuse or

corruption.

(8)

Appendix A: Glossary

Item Description

SSL Secure Socket Layer TLS Transport Layer Security

X509 Cryptography standard for a public key infrastructure

HL7 Health Level Seven International - standards authority for interoperability of health information technology

F5 Network appliance vendor

LTM Local Traffic Manager – a load balancing appliance made by F5

RSA Cryptography algorithm for public-key encryption

Appendix B: Document Control

Document Location

Template Location Template Version

B.1: Version History

Date Ver. Description of Changes Author(s)

27-Mar-12 0.1 Initial Draft Pat Ryan

11-Apr-12 1.0 Updated following review Pat Ryan

13-April-12 1.1 Minor changes Pat Ryan

11-May-12 1.2 Mofified security statement following feedback from Tony

Pat Ryan

B.2: Related Documents

Ref Title Version Author Location

[NZISM] NEW ZEALAND INFORMATION SECURITY MANUAL

1.01 GCSB NZISM

[NZS 8153]

NZS 8153:2002 New Zealand Standard Health Records

MoH

[HISO 10029.1]

Health Information Security Framework

Essentials and Recommendations

HISO 10029.1

C.3: Document Distribution

Business

Unit

Position Name Action

SDG Team Leader, Solution Architecture Pat Ryan Author

(9)

TSG Senior Systems Administrator Craig Hallam Review

Figure

Figure 1 - solution overview
Figure 2 - current SSR architecture
Figure 3 - intermediate state
Figure 4 - final state

References

Download now ( PDF - 9 Page - 386.00 KB )

Related documents

The default administrator password must be changed upon first use. Until the password changes, access is signficantly limited.

SSL/TLS 1.2 Yes Built with Open SSL v1.0.2u, SSL/TLS 1.2 enables secure Web sessions between a PDU and a remote user; SSL provides security with authentication (connecting client

How to configure SSL proxying in Zorp 3 F5

Select the untrusted_ca_files attribute, click Edit, then select CA that will be used to sign the generated certificates for untrusted peers (for example,..

DPtech ADX Application Delivery Platform Series

• DPtech ADX series platform provide link, server and global load balancing and support DDoS security protection and application acceleration ( e.g., TCP optimization,

IPv4 Shortage Multiple SSL Certificates on a single IP address

Server, Database & Network Security SSL Certificates Managed SSL Developer Solutions Code Signing Embedded SSL Secure Email.. Digital IDs for Individuals Digital IDs

Deployment Guide July-2014 rev. a. Deploying Array Networks APV Series Application Delivery Controllers with Oracle WebLogic 12c

Array Networks APV Series application delivery controllers provide Layer 4 server load balancing, high availability, SSL acceleration and offloading, DDoS protection, and

Incorporación de la gestión del riesgo de desastres a la educación gerencial: el caso de Mona School of Business & Management

The purpose of this paper is to provide a background to and guide for mainstreaming Disaster Risk Man- agement (DRM) into higher education and training institutions in Small

Decrypt Inbound SSL Traffic for Passive Security Device (D-H)

To inspect inbound traffic to an internal SSL server, you export a copy of the server's SSL certificate and private key and upload them to the SSL Visibility Appliance.. You

Surrogate modelling for the prediction of spatial fields based on simultaneous dimensionality reduction of high-dimensional input/output spaces

In this paper, we propose a method for simultaneously reducing the dimensionality of very high-dimensional input and output spaces in Gaussian process emulators for stochastic