This document is written for IT staff / system engineers of data providers and therefore assumes technical knowledge. It acts as a guide through the on-boarding process of HD4DP v2 and covers installation of the server, user configuration, network configuration and remote access.
The order of steps in this document should be respected during execution.
HD4DP v2 consists of a modular application stack, which allows healthdata.be to seamlessly upgrade individual elements.
An HD4DP v2 deployment comprises of following components:
- Form.io component
- Nextgen Connect
As it is the case in HD4DP 1.0, an Encryption Module with a connection to the eHealthBox is still required for HD4DP v2 and must be provided by the data provider.
The HD4DP server needs to be accessible via domain names in DNS, and must have a static IP in your private network.
The application stack of HD4DP v2 requires four domain names pointing to the IP of the locally installed HD4DP v2 server. Use the following names in your DNS:
The following connections should be possible in the firewall flow:
- To and from (a) machine(s) in your IT department on port 22 for initial configuration and local support.
- To and from the Encryption Module server. The protocol and ports depend on your local EM implementation. Contact your EM vendor if more information is necessary.
- Reachable by your staff who uses HD4DP, on ports 80 and 443 for HTTP(s) traffic.
- To and from the LDAP server (this is not mandatory if you are not using LDAP to authenticate) (port 389 by default)
The healthdata.be proxy server is used as a gateway to the internet for the security of HD4DP servers. The configuration of this proxy server will be provided to you by healthdata.be at a later date.
To install the application stack of HD4DP v2, healthdata.be requires a fresh installed operating system, specifically Ubuntu Server 18.04 LTS.
Please use these instructions even if you have previous experience with installing this operating system, as its configuration is specific for healthdata.be.
These instructions assume that the network configuration described in the previous section is completed.
HD4DP v2 requires a (virtual) machine running Ubuntu Server 18.04 LTS.
We assume knowledge of loading a .iso file onto a (virtual) machine. Healthdata.be can’t provide instructions for this, as the environment of your center is unknown. Should you have any trouble, however, please contact Healthdata.be support so that we can help out.
Please find the installation steps below.
- Download the .iso file from the link below.
Download Ubuntu Server 18.04 LTS
- Create a new (virtual) machine with Linux Ubuntu 64 bit as the OS family
- When prompted, select the .iso file downloaded in step 1.
- After some time, you will be prompted to select a system language. Select English.
- “Keyboard configuration”
Select your preferred keyboard layout and press enter
- “Network Connections”
Highlight the network interface and press enter. Navigate as follows:
Edit IPv4 -> Manual -> enter the network details -> save -> Done
- Proxy IP -> Leave default/empty.
- “Configure Ubuntu Archive Mirror” -> leave default
- “File system Setup” -> Use An Entire Disk
- Proceed until “Confirm destructive action” -> press continue. The installation process starts, this can take several minutes.
- In the meantime, create the user for Healthdata.
username = healthdata,
Password = choose a secure password and communicate it to healthdata.be.
- Mark “Install OpenSSH server”. This will be used for remote access. “Import SSH Identity” -> no -> done
- “Featured Server Snaps” -> Select nothing and press Done.
- Wait until installation is finished.
Connecting to the server
Log into the machine with the healthdata.be user created in the previous section.
Instructions (from a Windows machine):
- Install the tool Putty and open the application.
- On the configuration screen, enter the following (replace cursive text with the appropriate values)
- Host Name: healthdata@server_private_ip
- Port: 22
- Connection type: SSH
- Click Open. Enter the password (you will not see text as you type, you can paste into putty by right-clicking in the terminal).
- You should now be logged in and see a prompt “healthdata@server_name:~$”
Administrator account for internal use
An administrator account for internal use can be created on the HD4DP v2 server.
The configuration of remote access (described below) should not happen on this account, but on the Healthdata.be account.
The internal account can later be used to install and configure OS monitoring software and antivirus software by the internal IT team. For more information, see the section on Antivirus and Monitoring.
(Text with a gray background should be entered as a command in the terminal of the server)
Create the user:
sudo adduser <username>
Add the user to the sudo group
sudo usermod -aG sudo <username>
Installation and configuration of the software stack
Healthdata.be support will instruct you when to execute the next step, which is to enable remote access so that Healthdata.be can execute the software installation and configuration.
The configuration of the HD4DP v2 server is administered by healthdata.be and does not require backups.
HD4DP v2 regularly dumps its databases automatically to the /backup directory on the server. A network storage should be mounted at this location.
Please fill out the infrastructure sheet with the required credentials, domain name/url, protocol… to connect to the network drive. The connection will then be configured by healthdata.be.
Patching and Updates
Healthdata.be configures HD4DP v2 servers to automatically receive recommended security updates. The choice for Ubuntu 18.04 is motivated by the long-term support for this version. Security flaws are rare in this distribution, and security updates are quick and often don’t require a system reboot.
If the IT department of your organization prefers to manage patches, this is possible but not encouraged. Please use the account for internal use created in Section 3 for this purpose.
Antivirus and Monitoring
Most data providers will want to manage their own antivirus and OS monitoring on all machines in their network. Installation of such software on the HD4DP v2 server is allowed, but healthdata.be should be informed about all extra software installed on the server. Additionally, healthdata.be will not provide support for the installation of this software.