Upload
katrina-barrett
View
214
Download
0
Tags:
Embed Size (px)
Citation preview
Data Sharing & Standards Division
eCare Technical Workshop
Inverness
23rd November 2005
23rd Novemeber 2005 eCare Technical Workshop 2
Data Sharing & Standards Division
Agenda
• Introduction• Architecture Overview & Technical Context• Current Release Features & Demos• Next Release Features• Hosting Options• Partner Perspective• Q & A
23rd Novemeber 2005 eCare Technical Workshop 3
Data Sharing & Standards Division
Agenda
• Introduction• Architecture Overview & Technical Context• Current Release Features & Demos• Next Release Features• Hosting Options• Partner Perspective• Q & A
23rd Novemeber 2005 eCare Technical Workshop 4
Data Sharing & Standards Division
Agenda
• Introduction• Architecture Overview & Technical Context• Current Release Features & Demos• Next Release Features• Hosting Options• Partner Perspective• Q & A
23rd Novemeber 2005 eCare Technical Workshop 5
Data Sharing & Standards Division
eCare Safe Haven
Agency Network
Messaging Zone
Framework Zone
Message
MessagingBusiness Logic
Data
DatabasesIndexes
SQL
Adaptor
IntegrationMessaging
SOAP
Agency System
System Business Logic and Data
The Messaging Service provides Agency Applications with an interface to the eCare Framework
eCare Safe Haven or DMZ is a secure perimeter network that connects the Agency networks with the network in which the eCare Framework’s hardware is located.
The Multi Agency Store is the repository used to store consented data for the purpose of information being shared between different agencies
An Adaptor is a software component that enables communications between agency systems and the eCare Framework […] the Adaptor can be a logical software component built into an agency system or on a separate physical machine
Agency Systems are MIS applications within the varying agencies that perform client/patient/person processing functions
23rd Novemeber 2005 eCare Technical Workshop 6
Data Sharing & Standards Division
Indexing & Matching• Systems must have a person record prior to sharing or viewing of data in the MAS
• Systems must create an index entry in the MAS from a matching solution employing a national process as per the eCare Matching Overview strategy document
• eCare maintains a multi-agency index of all connected systems person reference numbers; systems have no access to this index which contains no shared data
• Systems must have an index entry to receive MAS notifications
• This index permits systems to view data regardless of consent or disclosure authority. The ability to lock a person record in the MAS from viewing is a separate – and currently unrelated – function.
23rd Novemeber 2005 eCare Technical Workshop 7
Data Sharing & Standards Division
Consent & Disclosure Authority
• Conditions for data sharing are:
– Either the Subject (or a proxy for the Subject) has given informed consent to the sharing of data or a competent professional within the disclosing agency has taken a considered decision to override the absence of consent; and
– It is necessary and relevant to share the data.
23rd Novemeber 2005 eCare Technical Workshop 8
Data Sharing & Standards Division
Consent• Consent is collected once per person in the MAS
– A subset of data is stored
– A full history of changes is maintained
– All systems with an index entry are notified when the status changes
– Does not physically enable data sharing
23rd Novemeber 2005 eCare Technical Workshop 9
Data Sharing & Standards Division
consent process (cross-partnership)
MAS notifies each system with an Index entry that
consent has changed
Systems update their own consent status
MSG: CONSENT_STATUS
RefNoConsent Data
SYSTEM-A
MAS
MAS maintains a history of all consent
MSG: NOTIFICATION
SYSTEM-N
23rd Novemeber 2005 eCare Technical Workshop 10
Data Sharing & Standards Division
Disclosure Authority• Authority is stored once per system per person in the MAS
– A full history of changes is maintained
– All systems with an index entry are notified when the status changes
– Physically enables data sharing – no system can send data to the MAS without authority
– Does not restrict viewing data from the MAS – all systems with an index entry can retrieve data
23rd Novemeber 2005 eCare Technical Workshop 11
Data Sharing & Standards Division
disclosure process
MSG: AUTHORITY_STATUS
RefNoAuthority Data
SYSTEM-A
MAS
MSG: NOTIFICATION
SYSTEM-N
MAS notifies system admin thatauthority has
changedMAS maintains a history of all authority
23rd Novemeber 2005 eCare Technical Workshop 12
Data Sharing & Standards Division
Agenda
• Introduction• Architecture Overview & Technical Context• Current Release Features & Demos• Next Release Features• Hosting Options• Partner Perspective• Q & A
23rd Novemeber 2005 eCare Technical Workshop 13
Data Sharing & Standards Division
What is the eCare Framework
Agency Application
MessagingServices
Adaptor
eCare DMZ
Agency
MatchingMAS
Matching Services
Auto Matcher
Manual Matcher
NHS
CHI Services
23rd Novemeber 2005 eCare Technical Workshop 14
Data Sharing & Standards Division
What are web services
• Standards based
• Simple Object Access Protocol 1.1 (SOAP)
• Web Service Definition Language (WSDL)
23rd Novemeber 2005 eCare Technical Workshop 15
Data Sharing & Standards Division
Security
• Encryption– SSL Encryption
• Authentication– WS-Security (Username Token)
• Authorisation– WS-Security / Policy
23rd Novemeber 2005 eCare Technical Workshop 16
Data Sharing & Standards Division
WS-Security• Oasis standard• Supported by :
– IBM– Microsoft (WSE) – Sun– Oracle– Bea
• Message level security• http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-soap-message-security-1.0.pdf
23rd Novemeber 2005 eCare Technical Workshop 17
Data Sharing & Standards Division
Services Documentation Set
• Messaging Integration Guide
• Messaging Admin Guide
• Matching Integration Guide
• Matching Admin Guide
• Viewer Tool Guide
• + Other National Documentation Set….
23rd Novemeber 2005 eCare Technical Workshop 18
Data Sharing & Standards Division
Application Design Decisions
• Interoperability
• Service Granularity
• Authentication and Authorisation
• Data Changes
• Unique Message Requests
• Error Feedback
23rd Novemeber 2005 eCare Technical Workshop 19
Data Sharing & Standards Division
Interoperability
• Apply best practise
• Validate against WS-I Basic Profile
WS-I is an open industry organisation chartered to promote Web services interoperability across platforms, operating systems, and programming languages.
23rd Novemeber 2005 eCare Technical Workshop 20
Data Sharing & Standards Division
Service Granularity• Document Message Pattern• Coarse grained messages
– Simplify message sequencing– Reduce network performance overhead– Simplify transaction management
23rd Novemeber 2005 eCare Technical Workshop 21
Data Sharing & Standards Division
Service Granularity…
• Standard message formats
Messages::eCareMessageContainer
Messages::eCareMessagePayload
1
1
+LocalUniqueMessageId : string+AuditReference : string
Messages::eCareMessageHeader1
1
23rd Novemeber 2005 eCare Technical Workshop 22
Data Sharing & Standards Division
Authentication & Authorisation
• Authenticate host application not user
• Implemented through WS-Security
• Support Role based authorisation (Policy)
23rd Novemeber 2005 eCare Technical Workshop 23
Data Sharing & Standards Division
Unique Message Request
• All messages must include a unique identifier
• Validated on every service request
23rd Novemeber 2005 eCare Technical Workshop 24
Data Sharing & Standards Division
Error Feedback
• Soap Fault
• Client Details – XML formatted error messages & codes
• ClientUtilities DLL (for .Net)
23rd Novemeber 2005 eCare Technical Workshop 25
Data Sharing & Standards Division
Web Services Supported
• Focuses on – Core Demographics– Disclosure Authority– Matching– Processes– Events – Status Episodes
23rd Novemeber 2005 eCare Technical Workshop 26
Data Sharing & Standards Division
MatchingProcess
Matching MAS
Messaging
eCare DMZ
Host Application
Agency Boundary
AutoMatcher
NHS Boundary
Adaptor
ManualMatcher
CHI
7. Index Created
1. New Service User
8. Match Notification
3. New MatchRequest
2. Poll for new service users
4. Store Request
5. Attempt Match
6. SearchCHI
23rd Novemeber 2005 eCare Technical Workshop 27
Data Sharing & Standards Division
Web Services Supported…
• Matching Service– NewMatchRequest
• Index Service– IsMatched– Not AddIndex etc.
23rd Novemeber 2005 eCare Technical Workshop 28
Data Sharing & Standards Division
MASNew Match Request
Match
Req
uest
Matching DB
Matching Tool
Get Pending Match Request
Cre
ate
Ind
ex
Successful Match
Adaptor
Matching Process
23rd Novemeber 2005 eCare Technical Workshop 29
Data Sharing & Standards Division
Web Services Supported…
• Notifications Service– GetNotifications– AcknowledgeNotifications
23rd Novemeber 2005 eCare Technical Workshop 30
Data Sharing & Standards Division
MASNew Match RequestAdaptor
Matching ProcessIndex
Created
Get Notifications
Acknowledge Notifications
23rd Novemeber 2005 eCare Technical Workshop 31
Data Sharing & Standards Division
Matching Demo…
• Automatic Matcher
• Manual Matcher
• CHI Simulator
23rd Novemeber 2005 eCare Technical Workshop 32
Data Sharing & Standards DivisionData Sharing
MAS
Messaging
eCare DMZ
Host Application
Agency Boundary
Adaptor Viewer
1. Service UserInteraction
2. Store DisclosureAuthorisation
3. Store Service User Data
5. View SharedData
Host Application
Agency Boundary
Adaptor
4. Other Agencies Share Data
Adaptor monitorsChanges
23rd Novemeber 2005 eCare Technical Workshop 33
Data Sharing & Standards Division
Web Services Supported…• Disclosure Service
– StoreDisclosureAuthority– StorePartnershipConsent
• Person Service (Person, Associate & Professional)
– StorePerson• Must be matched first• CurrentData
– GetPerson• Current Data Only
– GetPersonByMasId• Person Status
23rd Novemeber 2005 eCare Technical Workshop 34
Data Sharing & Standards Division
Web Services Supported…• Organisation Service
– StoreOrganisation– GetOrganisation
• StatusEpisode Service– StoreStatusEpisode– GetStatusEpisodeForSubject– GetStatusEpisode
• Process Service– StoreProcess– GetProcessesForSubject– GetProcess
• Event Service– StoreEvent– GetEventsForSubject– GetEvent
23rd Novemeber 2005 eCare Technical Workshop 35
Data Sharing & Standards Division
Web Services Supported…
• Viewer Service– GetPersonView– GetPersonViewXML
23rd Novemeber 2005 eCare Technical Workshop 36
Data Sharing & Standards Division
Extensions• Supported by
– Processes– Events– Status Episodes
• Allows custom data to be stored– E.g. Referral Process:
• Reason• Received Date• ConcernFactorCV
23rd Novemeber 2005 eCare Technical Workshop 37
Data Sharing & Standards Division
Viewer
• What is the Viewer and what can you do?– Access MAS Data– No searching– Embed in web page– .Net User Control (Web Page)– No inherent authentication / authorisation
23rd Novemeber 2005 eCare Technical Workshop 38
Data Sharing & Standards Division
Web Service / Embedded Viewer Demo…
23rd Novemeber 2005 eCare Technical Workshop 39
Data Sharing & Standards Division
Viewer Usage
• ASP.Net page
• Parameterised reference data
• Access Rights – tab visibility
• Configurable Tabs text / CSS
23rd Novemeber 2005 eCare Technical Workshop 40
Data Sharing & Standards Division
Version 0.7 Viewer Demo
23rd Novemeber 2005 eCare Technical Workshop 41
Data Sharing & Standards Division
eCart Demo eCart eCare
eCart User Interface
eCart Application
eCart Data
Directory Service
eCare Messaging Service
MAS
23rd Novemeber 2005 eCare Technical Workshop 42
Data Sharing & Standards Division
Agenda
• Introduction• Architecture Overview & Technical Context• Current Release Features & Demos• Next Release Features• Hosting Options• Partner Perspective• Q & A
23rd Novemeber 2005 eCare Technical Workshop 43
Data Sharing & Standards Division
Forms Web Services
• Two Phases– 0.7: Store and Retrieve Completed Form– 0.8(?): Retrieve full Form definition
23rd Novemeber 2005 eCare Technical Workshop 44
Data Sharing & Standards Division
Storing a Form
• Form Definition must exist in MAS (Excel Tool)
• Forms belong to a process
• Agencies can collaborate on a single form
• Pessimistic locking is implemented
• Form ‘updates’ do not overwrite old forms (FormState)
23rd Novemeber 2005 eCare Technical Workshop 45
Data Sharing & Standards Division
Storing a Form
• New Form– Execute StoreForm web service
• Update Form– GetForm (with lock)– StoreForm
23rd Novemeber 2005 eCare Technical Workshop 46
Data Sharing & Standards Division
eCareStoreForm (New)
System A
Store Form
System B
Get Form
(for e
dit)
Store
Form
Get Form (for edit)
Error!
StoreProcess
23rd Novemeber 2005 eCare Technical Workshop 47
Data Sharing & Standards Division
Webservice Validation
• Question mapping – based on Question Code
• Definitions validated – e.g. CVs, Validation Types etc.
• Mandatory fields not validated – change?
• Calculations not validated
• Locking validated
23rd Novemeber 2005 eCare Technical Workshop 48
Data Sharing & Standards Division
Entities
• Form (Form State)
• Form Sections (Multiple Occurrences)
• Form Question Grouping (Multiple Occurrences)
• Responses
23rd Novemeber 2005 eCare Technical Workshop 49
Data Sharing & Standards Division
Other Forms Services
• GetFormsForProcess
• GetForm
• UnlockForm
• LinkFormToProcess
23rd Novemeber 2005 eCare Technical Workshop 50
Data Sharing & Standards Division
0.7 Enhancements
• Logical sorted results (e.g. Processes)• Improved database indexing• Support multiple Person Roles (single
operation)• Some new CVs• Various Viewer improvements (cosmetic)• Matching Simulator improvements
23rd Novemeber 2005 eCare Technical Workshop 51
Data Sharing & Standards Division
Agenda
• Introduction• Architecture Overview & Technical Context• Current Release Features & Demos• Next Release Features• Hosting Options• Partner Perspective• Q & A
23rd Novemeber 2005 eCare Technical Workshop 52
Data Sharing & Standards Division
Conceptual ImplementationeCare Partnership Boundary
Education BoundaryEducation BoundarySocial Care BoundaryHealth Care Boundary
Health CareApplication
eCare Adaptor
eCare Framework
MAS Index
Security Messaging
Social Care Application
eCare Adaptor
Education Application
eCare Adaptor
Other Application
eCare Adaptor
Matching
CHI
Agency Boundary
Agency Application
eCare Adaptor
Viewer Web Server
eCARTWeb Server
eCARTDatabase
Server
eCARTAdaptor
Optional Components
MatchingClients
CHI XMLGateway
Only in Health
23rd Novemeber 2005 eCare Technical Workshop 53
Data Sharing & Standards Division
Agency Responsibilities:• Agency Applications (or eCART)
• eCare Viewer (Optional)
• Application Adaptors
• Matching Tools
• eCare Connectivity
• Security
23rd Novemeber 2005 eCare Technical Workshop 54
Data Sharing & Standards Division
Partnership Responsibilities
• eCare Safe Haven– MAS Database– Application Servers– Secure Infrastructure
• Administration / Maintenance
• Disaster Recovery
• Resiliency
23rd Novemeber 2005 eCare Technical Workshop 55
Data Sharing & Standards Division
Technologies
• Microsoft Technology stack
• Windows 2003
• SQL Server 2000
• Microsoft .Net 1.1 Framework
23rd Novemeber 2005 eCare Technical Workshop 56
Data Sharing & Standards Division
The Options….
• Local Implementation– Partnership jointly responsible for eCare Safe
Haven implementation and on going support
• Managed Service– Centrally managed eCare Safe Haven
23rd Novemeber 2005 eCare Technical Workshop 57
Data Sharing & Standards Division
Option 1 – Local Hosting
23rd Novemeber 2005 eCare Technical Workshop 58
Data Sharing & Standards Division
Basic Connectivity
Network Intrusion Protection System
Connection Networks
WAN Router
eCare Firewall 100 Mbps LAN Switch with VLAN
capability
eCare Data
eCareManagement
eCare Applications
(if any)
eCare Messaging
Agency B
Agency A
23rd Novemeber 2005 eCare Technical Workshop 59
Data Sharing & Standards Division
ServersSmall Scale Solution
Large Scale Solution
DatabaseServer
Management Server
Application Server(if any)
MessagingServer
eCare Management LAN
eCare LAN
DatabaseServer
Management Server
Application Server(if any)
MessagingServer
eCare Management LAN
eCare LAN
MessagingServer
DatabaseServer
Network Load Balanced A-P Clustered
23rd Novemeber 2005 eCare Technical Workshop 60
Data Sharing & Standards Division
Security
eCare ‘Safe Haven’ or DMZ
Agencies
Health Care Social Care Education etc.
eCare Data
Firewall
Multi-Agency Store
Index
Matching Data
Message Logs &
Audit Data
eCare Applications(none currently)
eCare Messaging(Web Services)
External Zone
Exposed Zone
Internal Zone
Outer Perimeter
Inner Perimeter
FirewallFirewallFirewallFirewall
Framework Defences
Framework Defences(e.g. IDS, DOS, Content Inspection, Anti-Virus, etc)
23rd Novemeber 2005 eCare Technical Workshop 61
Data Sharing & Standards Division
GSX
Local Authority LAN
Health Board LAN
NHSnet
eCare DMZ
Option 2 – Hosted Service
23rd Novemeber 2005 eCare Technical Workshop 62
Data Sharing & Standards DivisionOption 2 – Hosted Service
Local Partnership B
Local Partnership A
NHSNet
Local Authority Health Board
GSx
Local Authority Health Board
Managed Service
Firewalls
Switch
Routers
CJG
23rd Novemeber 2005 eCare Technical Workshop 63
Data Sharing & Standards Division
Managed Service – Re-use of infrastructure and associated costs– Improved Scalability – Improved Resiliency– Disaster recovery capabilities– Potentially higher service levels (24x7 support)– Improved Security– Risk Management– Reduced learning curve– Support staff training overheads– Simplifies future national connectivity– Partners focus on local integration issues
23rd Novemeber 2005 eCare Technical Workshop 64
Data Sharing & Standards Division
Local Implementation
– Locally controlled / Managed– Minimises dependency on other partnerships
23rd Novemeber 2005 eCare Technical Workshop 65
Data Sharing & Standards Division
Connectivity Options
• Nick Blundell – Cable & Wireless
• James MacGregor – Atos Origin
23rd Novemeber 2005 eCare Technical Workshop 66
Data Sharing & Standards Division
eCare presentation, Inverness 23-Nov-05
Collaboration across GSX
enabling shared eCare Service
1. Using GSX for council access
2. Using Closed-User Groups
C&W Personnel:
Nick Blundell, Client Manager
07795 254571
Paul Hulme, Solutions Consultant
07715494995
23rd Novemeber 2005 eCare Technical Workshop 67
Data Sharing & Standards Division
Background
GSI Central Government – RESTRICTED-HIGH
xGSI Central Government – CONFIDENTIAL-HIGH
GSX Local Authorities – RESTRICTED
GSE Public Sector Supplier (& List-X) Extranet - Up to CONFIDENTIAL
GSiThe Framework
23rd Novemeber 2005 eCare Technical Workshop 68
Data Sharing & Standards Division
Existing Scottish Infrastructure
West DC
East DC
DundeeCouncil
LocalAuthority 3
INTERNET
GSX MPLS VPN
Comhairle NanEilean Sar
Barnodos
OrkneyCouncil
ShetlandCouncil
NHSnetFirewall
HeaithBoard 1
HealthBoard 2
Existingcollaboration
ISCJIS -District Courts,SCRO, SCRA,Crown Office
GRoS - Births,Deaths andMarriagesEmailingpartners -
Police, NHS,DWP, HMRCSharing datapeer to peer -Caird network
SCRO -CriminalHistories
23rd Novemeber 2005 eCare Technical Workshop 69
Data Sharing & Standards Division
eCare collaboration in Scotland
West DC
East DC
LocalAuthority A
LocalAuthority C
INTERNET
GSX MPLS VPN
LocalAuthority B
eCare CUGBarnodos
Other nongovt partner A
Other nongovt partner
B
NHSnet
FirewallHealth
Board 1
HealthBoard 2
eCare Framework 57.65.10.21Firewall
Firewall
23rd Novemeber 2005 eCare Technical Workshop 70
Data Sharing & Standards Division
Collaboration using the Critical National Infrastructure
ADVANTAGES• Available immediately at no extra cost (except for
new joiners or increases in bandwidth)
• Accredited by government to carry Restricted data (NHS Confidential)
• Many to many connectivity, not just eCare
• Closed user group is a community within the secure infrastructure with its own 51.63 IP schema
• All councils comply to best practise manual of protective security
• Working within centrally organised security
• Purchase off GSi Framework
• Allows voluntary sector to join
DISADVANTAGES
• Singular cost comparison with point to point leaseline
23rd Novemeber 2005 eCare Technical Workshop 71
Data Sharing & Standards Division
Closed-User Group working over GSi
GSi tariff CHARGES• Establish CUG (reserve MPLS VPN):
– Setup £10,250 (one-off) – payable by CUG owner/sponsor• Attach each GSI/xGSI site to CUG:
– Setup £2,050 per site (one-off) – payable by connecting department• Terminate CUG VPN on existing GSI/xGSI router (additional LAN interface):
– Install £971, Rental £1,025/annum – payable by connecting department• Connect non-GSi organisations to CUG:
– Applicable circuit charge (install/rental) – payable by CUG owner/sponsor
23rd Novemeber 2005 eCare Technical Workshop 72
Data Sharing & Standards Division
Closed-User Group working over GSi
Security Assurance considerations• CUGs are separate MPLS VPNs procured using the GSi framework• The network infrastructure used for CUGs is the same as that used for GSI –
CESG Fast-track approved to EAL2 (Restricted)• CUGs are outside the jurisdiction of NISCC – effectively a private WAN• GSI/xGSI organisations joining CUGs must ensure continued compliance with
Code of Connection• If non-GSi organisations are being connected by the CUG sponsor it is
recommended that there are minimum security assurance standards mandated on the outside body.
23rd Novemeber 2005 eCare Technical Workshop 73
Data Sharing & Standards Division
NHSNet / N3• Managed service to support NHSNet & N3• Provides Health Board connectivity• National policy to migrate to N3• N3 – Higher bandwidth• N3 not implemented everywhere (yet) • No closed user groups (ISSG)• SSL Encryption• Initial investment connecting to N3
23rd Novemeber 2005 eCare Technical Workshop 74
Data Sharing & Standards Division
GSx
Managed Service
N3
Health Board 3
HTTPS
Adaptor
NHSNet
Health Board 1
HTTPS
Adaptor
Health Board 2
HTTPs
Adaptor
MessagingFramework
NHSNet / N3
23rd Novemeber 2005 eCare Technical Workshop 75
Data Sharing & Standards Division
Agenda
• Introduction• Architecture Overview & Technical Context• Current Release Features & Demos• Next Release Features• Hosting Options• Partner Perspective• Q & A
23rd Novemeber 2005 eCare Technical Workshop 76
Data Sharing & Standards Division
Agenda
• Introduction• Architecture Overview & Technical Context• Current Release Features & Demos• Next Release Features• Hosting Options• Partner Perspective• Q & A