Enterprise Refactoring with Apache

Enterprise Refactoring with Apache Evolving VistA Open Architecture Edward Ost 9/6/2013

Agenda Enterprise Refactoring Strategy Apache Solution Architecture Refactoring Use Cases HL7 Event Subscription Security Value Added Mediation Q&A

Enterprise Refactoring Strategy

Refactoring Definition Refactoring is a disciplined technique for restructuring an existing body of code, altering its internal structure without changing its external behavior. Its heart is a series of small behavior preserving transformations. Each transformation (called a 'refactoring') does little, but a sequence of transformations can produce a significant restructuring. Since each refactoring is small, it's less likely to go wrong. The system is also kept fully working after each small refactoring, reducing the chances that a system can get seriously broken during the restructuring. Martin Fowler

Refactoring Benefits Refactoring is undertaken in order to improve some of the nonfunctional attributes of the software. Advantages include improved code readability and reduced complexity to improve the maintainability of the source code, as well as a more expressive internal architecture or object model to improve extensibility. Wikipedia Refactoring provides the stability necessary for change

Refactoring in an OSEHRA Context Refactoring assures stakeholder investments will be preserved Refactor to ease the introduction of new features without disrupting existing functionality Refactoring combined with Continuous Integration and Test Driven SOA allow teams to work in parallel Refactoring enables market driven innovation while providing structure and stability necessary for community

Enterprise Architecture Alignment

Definition of Layers Overview of the VA Target Enterprise Application Architecture (EAA) Lorraine Landfried DCIO PD, January, 2012 v1 Layer System Management Security & Privacy Virtual Stack Transformation Physical Stack 1 Service Contracts Vulnerability Detection SOA Services Layer Service Facade Legacy Systems 2 Network Latency Standard Headers Enterprise Standard Message Layer Message Adapters Legacy Point-to-Point Communication 3 Application Firewalls Encryption Virtual Interface Layer Message Adapters Physical Interface Layer 4 Performance Mgmt Security Domains COTS Software Environment Service Facades Physical COTS Environment 5 Performance Mgmt Security Domains Virtual Enterprise Software Environment Configuration Physical Middleware Environment 6 Data Replication Data Access Controls Virtual Data Layer SQL Physical Data Layer 7 System Monitoring Audit Logs Virtual Management Environment Provisioning System Management and Control 8 Software Distribution Encryption-Anti Virus Virtual Hardware / OS Environment Provisioning Physical Hardware / OS Environment Only a small part of the stack is built by traditional application development groups Security will be implemented by multiple groups in accordance with security policies and procedures

OpenMash Layer Mapping Layer System Management MedSphere Scheduling Client Security & Privacy Virtual Stack Transformation Physical Stack 1 Service Contracts Vulnerability Detection SOA Services Layer Service Facade Legacy Systems 2 Network Latency Standard Headers Enterprise Standard Message Layer Message Adapters Legacy Point-to-Point Communication 3 Application Firewalls Encryption Virtual Interface Layer Message Adapters Physical Interface Layer 4 Performance Mgmt Security Domains COTS Software Environment Service Facades Physical COTS Environment 5 Performance Mgmt Security Domains Virtual Enterprise Software Environment Configuration Physical Middleware Environment 6 Data Replication Data Access Controls Virtual Data Layer SQL Physical Data Layer 7 System Monitoring Audit Logs Virtual Management Environment Provisioning System Management and Control 8 Software Distribution Encryption-Anti Virus Virtual Hardware / OS Environment Provisioning Physical Hardware / OS Environment oauth Syncope WS-Security Google Calendar API, CIA, MDWS RPC, CIA, HL7, ical, CalDav GAE, GCE 9 Talend 2011

VistA Evolution 1.0 Draft Infrastructure IEHR ESB VistA Service Backplane VistA Core The preferred method for exposing the notification to the ESB is via HL7 message queued for transmission as the event occurs. Event Driven Architecture (EDA) Callbacks Pub-sub

VistA Evolution 1.0 Draft API List Allergies Patient Selection (Scheduling API) Authorization Subscription Utility (ASU) Postings (Crisis notes, Warnings, Adverse reactions, Directives) Bar Code Medication Administration (BCMA) Clinical Reminders Computerized Patient Record System (CPRS) Order Management Modules Discharge summary Health Level Seven (HL7) Kernel Mailman Medication List Notes/Clinical Documentation Problem List (under CPRS) Remote Data View Remote Procedure Call (RPC) Broker Sign In (from Kernel) Text Integration Utility (TIU) VA FileMan Virtual Patient Record VistA Data Extraction Framework (VDEF) VistA Imaging VistALink

VistA Evolution 1.0 Draft API Categories Pure Medical Domain API Allergies Authorization Subscription Utility (ASU) Bar Code Medication Administration (BCMA) Computerized Patient Record System (CPRS) Order Management Modules Discharge summary Health Level Seven (HL7) Medication List Postings (Crisis notes, Warnings, Adverse reactions, Directives) Virtual Patient Record Problem List (under CPRS) Pure IT Domain API Kernel Mailman Remote Procedure Call (RPC) Broker Sign In (from Kernel) Text Integration Utility (TIU) VA FileMan VistALink Application Extension Notes/Clinical Documentation Patient Selection (Scheduling API) Remote Data View VistA Data Extraction Framework (VDEF) VistA Imaging

VistA Evolution Enterprise Service Bus (ESB) Registry and Repository (Websphere) VistA SOA Service Registry Entries Core ESB (Websphere) VistA SOA Service Proxies Derived from VistA Service Assembler (VSA) Conceptual and Technical Overview Keith Cox & Travis Hilton ESS AWG OSEHRA AWG 8/27 VistA VistA Service Backplane (VSB) - Regional SOA Service Descriptors VistA SOA Services Generated by VistA Service Assembler (VSA) Wizard M Platform (Caché or open source platform (ie. GT.M), 130+ instances in production in VA) VistA M Routine Calling Service (VMRCS) VistA M Routine Calling Adapter (VMRCA) Site Specific All Other Packages

VistA Service Backplane (VSB) Refactor existing functionality (e.g. Ray Group) Expose interfaces and API s Delegate responsibility to the Bus Security Reliable Delivery Composition Transformation Service Enable legacy technologies First class transport adaptors for performance (RPC) Standards based external transport (SOAP, JMS, MLLP) Standards based data protocols (HL7, ical) Virtualizing the integration layer minimizes disruption

Responsibility Driven Design VSB Adapts interfaces to standards & specifications Message Exchange Patterns: request-reply and pub-sub Event driven loose coupling with callback support Value added mediation Manages both consumers and providers Standard invocation framework for composition Integration with other Services (OSEHRA) 15 Talend 2011

Apache Solution Architecture

Apache Integration Development Runtime Eclipse STP/WTP REST & Web Services Apache CXF REST & Web Services Apache ActiveMQ Message Broker Apache Maven Build & Deploy Apache Camel Mediation Apache Karaf OSGi Eclipse Equinox OSGi Apache Integration with Talend

Service Backplane versus ESB An ESB provides dedicated integration nodes as separate processes. The purpose of the service backplane is to allow a flexible architecture that deploys mediation modules in either the server, the client, or dedicated integration nodes in a single managed environment. A service backplane can refactor a client-server architecture to a more distributed data service architecture.

Service Taxonomy Business Process Business Activity Managed Service Basic Service Component API Service Distributed Computing Challenges IPC overhead Network topology Security constraints Transaction Support Reliable Delivery The term Service is overloaded. Services exist at multiple levels of abstraction

Architecture Layered Integration Process Human-in-the-loop, long running, asynchronous Orchestrates Business Activities Mediation Choreograph Managed Services into Business Activities Transform Events into Command Messages Correlate Events with Business Process Managed Services Adapt Basic Services to provide consistent integration semantics for security, reliable messaging, and other cross-cutting concerns Enrich data messages into Events with Process Id for correlation Correlate requests-replies from Basic Services Basic Services Stateless business logic and data services

VistA Evolution Enterprise Service Bus (ESB) Registry and Repository (Websphere) VistA SOA Service Registry Entries Core ESB (Websphere) VistA SOA Service Proxies VistA VistA Service Backplane (VSB) - Regional Managed Services SOA Service Descriptors VistA SOA Services M Platform (Caché or open source platform (ie. GT.M), 130+ instances in production in VA) Basic Services VistA M Routine Calling Service (VMRCS) VistA M Routine Calling Adapter (VMRCA) Component API All Other Packages

HL7 Event Subscription

Basic VistA Data Services VMRCS composes M routines into Basic Data Services May compose multiple routines previously exposed as RPC Avoid IPC overhead Avoid overly fine-grained Basic Services Single M Platform security context per call M security delegated to VMRCA Responsible for System level security VMRCS is responsible for Basic Data Service Enablement

VSB Integration Routes ESB (Websphere) Message Adaptors Security Publish-Subscribe Routing Event VSB SOAP JMS Endpoint Validate Command Message Enrichment Routing Slip Splitter Recipient Normalize Transform Aggregator List Message Correlation RPC HTTPS / EWD HL7

Extensible Camel Adaptor Framework Extensible Component Framework RPC ical HL7

Camel HL7 MLLP transport HL7 data format HL7 v2 Messages HAPI Library <bean id="hl7codec" class="org.apache.camel.component.hl7.hl7mllpcodec"> <property name="charset" value="iso-8859-1"/> </bean> <bean id="patientlookupservice" class="com.mycompany.healthcare.service.patientlookupservice"/> <endpoint id="hl7listener" uri="mina2:tcp://localhost:8888?sync=true&codec=#hl7codec"/> from("hl7listener").to("patientlookupservice");

Subscription Mediation for Data Security Integration Server Clustered Message Broker Clustered Subscriber Route Instance Subscription Mediation Logic AMQ Topic Camel vm: Topic Subscriber Filter CXF Invocation BC Builds RouteBuilder Subscription Mediation Logic Enterprise Filter Provider Filter Subscriber Filter Enteprise Transform Provider Transform Subscriber Transform

Security Mediation

Security Entity and Session Scope Security Entity System / Server Application / Consumer User Authentication / Authorization Session / Message Transport / Message Mixing these potentially requires multiplexing which message level secured entity is being used across a transport session

Credentials - why SAML x.509? TLS with mutual Auth? Subject tied to Connection certificate of the intermediary instead of initiator WS-Security Binary Security Token? Subject tied to signing Certificate of the intermediary instead of initiator WS-Security Username Token? Username Token identifies the subject and is independent of the SOAP message Clear Password within the token and the ID store SAML Assertion Assertion provides subject independent of SOAP message signature or transport Assertion signed by issuer ties assertions to intermediary s request

Value Added Mediation Security Security Profile Alternatives Transport layer security (SSL V3.0 and TLS V1.0) SessionId and SSO at App transport layer for Server / Service Per-message message-level security using WS-Security Per-session message-level security using WS-Security SecureConversation Message Layer for User or Service with SAML x.509 Security Gateway Solution Pattern Connect to ESB using Transport Security Delegate message level security to ESB

Sample Basic Security Profile Encryption Server Auth App Auth User Auth Data Authz Human to App App to ESB ESB to VSB VSB to VMRCS VMRCS to VMRCA N/A OS Login OS Logic App Login App Logic Transport (HTTPS, JMS/SSL) Transport (HTTPS, JMS/SSL) Transport (HTTPS) N/A HTTPS SAML N/A N/A HTTPS SAML N/A N/A HTTPS N/A Trusted Basic Auth VistA or M Kernel N/A N/A VSB Transform VistA * Not applicable for securing sensitive data at rest

WS-Security Scenarios

STS Server Roles Identity Provider (IP-STS) Authenticates a client locally, e.g. Windows or LDAP. Creates a assertions based on local identity May add additional assertions Relying Party STS(RP-STS). RP-STS does not authenticate the client WS-Trust between IP-STS and RP-STS RP-STS relies on token provided by IP-STS PDP authorizes client assertions

WebApp Security Service consumers such as web portals can use SAML assertions for SSO subject propagation Must be careful to distinguish between Transport Session and Message level security

Bus Security ESB must preserve and present the original Client subject to the Server

Federated Claim Transformation Timestamp Message ID SAML Assertion Digital Signature WS-* Interceptor Pairs Client CXF SOAP/HTTPS CXF Proxy Server Keystore / Truststore Mutual Auth Keystore / Truststore WSDL WS-Trust WS-Policy Enterprise Boundary RST / RSTR ESB STS IP-STS WS-Trust STS RP-STS WS-Trust RST / RSTR Timestamp Message ID SAML Assertion Digital Signature Proxy Client CXF WS-* Interceptor Pairs SOAP/HTTPS CXF WSDL Server Mutual Auth Keystore / Truststore Keystore / Truststore IP-STS and RP-STS share common Claims which are translated into local privileges by RP-STS WS-Policy

Value Added Mediation

Pass-through Mediation

VistA HA Legend Service Backplane

Federated Query Legend Service Backplane

Summary

Questions Edward Ost eost@talend.com 301-666-1039