VistA Service BackplaneEvolving VistA Open Architecture

Edward Ost

05/09/2023

Agenda

➜ Open Healthcare Platform

➜ VA Enterprise Architecture Alignment

➜ OSEHRA Reference Architecture• Building upon VistA Evolution Plan

➜ Use Case Elaboration

© Talend 2013

Enterprise Transformation Strategy➜ Apache OSS assures open architecture

➜ OSEHRA healthcare sponsors assures open marketplace

➜ Virtualized OSS integration layer and align refactoring to EA

© Talend 2013

Harness the power of the community with OSEHRA, Apache, and OIT EA

OSEHRA Roles

➜ VistA centric Platform

➜ Balanced Community• Top-down governance – VA EA alignment• Bottom-up collaboration - community driven projects

➜ Stewardship

➜ Market facilitator

© Talend 2013

Virtualize VistA with Apache

© Talend 2013

Harness and Focus the Community

➜ The community needs a reference implementation and a reference architectures to drive adoption.

➜ The middleware for OSEHRA needs to be open source in order to maximize its reach and enable community and market dynamics.

➜ No runtime is specified for the VSB, just that it is Java based. Suggest that VSB should use Apache OSS.

➜ The VistA Service Assembler (VSA) team has done the background work and prototyping for tools which can use Maven, Eclipse, and Spring XML to configure Camel endpoints.

© Talend 2013

Collaboration Vehicles

➜ Policy Proposals• Develop OSEHRA Reference Architecture• Develop OSEHRA Reference Implementation• Align RA and RI with VA EA

➜ Community Activities• Use Case Identification and Elaboration• Create projects for subsystems in OSEHRA GIT• VistA Service Backplane Reference Implementation• Components: VistA M Platform, EWD, Apache

© Talend 2013

VA Enterprise Architecture Alignment

© Talend 2013

Refactoring Benefits

Refactoring is undertaken in order to improve some of the nonfunctional attributes of the software. Advantages include improved code readability and reduced complexity to improve the maintainability of the source code, as well as a more expressive internal architecture or object model to improve extensibility.

Wikipedia

© Talend 2013

Refactoring provides the stability necessary for innovation

Service Taxonomy

© Talend 2013

The term “Service” is overloaded.Services exist at multiple levels of abstraction

Component API

Basic Service

Managed Service

Business Activity

Business ProcessFallacies of Distributed Computing➜ The network is reliable.➜ Latency is zero.➜ Bandwidth is infinite.➜ The network is secure.➜ Topology doesn't change.➜ There is one administrator.➜ Transport cost is zero.➜ The network is homogeneous.

Vist

A Se

rvic

e Ba

ckpl

ane

Architecture – Layered Integration

➜ Process• Human-in-the-loop, long running, asynchronous• Orchestrates Business Activities

➜ Mediation• Choreograph Managed Services into Business Activities• Transform Events into Command Messages• Correlate Events with Business Process

➜ Managed Services• Adapt Basic Services to provide consistent integration semantics for

security, reliable messaging, and other cross-cutting concerns• Enrich data messages into Events with Process Id for correlation• Correlate requests-replies from Basic Services

➜ Basic Services• Stateless business logic and data services

© Talend 2013

VA Enterprise Architecture Alignment12

© Talend 2011

8

7

6

5

4

Layer

2

1

3

Virtual Hardware / OS Environment Physical Hardware / OS EnvironmentProvisioning

Virtual Management Environment System Management and ControlProvisioning

Virtual Data Layer Physical Data LayerSQL

Encryption-Anti Virus

Audit Logs

Data Access Controls

Software Distribution

System Monitoring

Data Replication

Virtual Enterprise Software Environment Physical Middleware EnvironmentConfigurationSecurity DomainsPerformance Mgmt

COTS Software Environment Physical COTS EnvironmentService FacadesSecurity DomainsPerformance Mgmt

System Management

Security &Privacy Virtual Stack Physical StackTransformation

Enterprise Standard Message Layer Legacy Point-to-Point CommunicationMessage Adapters

SOA Services Layer Service Facade Legacy Systems

Standard Headers

Vulnerability Detection

Network Latency

Service Contracts

Virtual Interface Layer Physical Interface LayerMessage AdaptersEncryptionApplication Firewalls

RPC, CIA, HL7, iCal, CalDav

Google Calendar API, CIA, MDWS

oAuthSyncope

WS-SecurityGAE, GCE

MedSphere Scheduling Client

Reference Architecture

© Talend 2013

M Platform(Caché or open source platform (ie. GT.M), 130+ instances in production in VA)

VA VistA Evolution

© Talend 2013

VistA M Routine Calling Adapter (VMRCA)

Enterprise Service Bus (ESB)

Registry and Repository(Websphere)

Core ESB(Websphere)

VistA SOA Service Registry Entries

VistA SOA Service Proxies

VistA Service Backplane (VSB) - Regional

SOA Service Descriptors

VistA SOA Services

All Other Packages

VistA M Routine Calling Service (VMRCS)

VistAManaged Services

Basic Services

Component API

Derived fromVistA Service Assembler (VSA)Conceptual and Technical OverviewKeith Cox & Travis HiltonESS AWGOSEHRA AWG 8/27

M Platform(Caché or open source platform (ie. GT.M), 130+ instances in production in VA)

VA VistA Evolution

© Talend 2013

VistA M Routine Calling Adapter (VMRCA)

Enterprise Service Bus (ESB)

Registry and Repository(Websphere)

Core ESB(Websphere)

VistA SOA Service Registry Entries

VistA SOA Service Proxies

VistA Service Backplane (VSB) - Regional

SOA Service Descriptors

VistA SOA Services

All Other Packages

VistA M Routine Calling Service (VMRCS)Site

Specific

Generated by VistA Service

Assembler (VSA) Wizard

VistA

M Platform(Caché or open source platform (ie. GT.M), 130+ instances in production in VA)

OSEHRA Reference Implementation

© Talend 2013

VistA M Routine Calling Adapter (VMRCA)

VSB - Apache Camel, CXF, Karaf, ActiveMQ

SOA Service Descriptors (CXF, Camel)

VistA SOA Services

All Other Packages

VMRCS – NodeJS (EWD), Backbone.js

VistA

Camel & CXF XML +

metadata

ESB(Websphere)

VSB Integration Routes

© Talend 2013

Splitter Transform Aggregator MessageCorrelation

Enrichment

Event

ValidateEndpoint CommandMessage

RoutingSlip

NormalizeRecipientList

RPCHTTPS / EWD

HL7

SOAPJMS

Message AdaptorsSecurity

Publish-SubscribeRouting

VSB

Eclipse STP/WTPREST & Web Services

Apache MavenBuild & Deploy

Apache CXFREST & Web Services

Apache CamelMediation

Apache ActiveMQMessage Broker

Apache KarafOSGi

Eclipse EquinoxOSGi

Development - VSA Runtime - VSB

Apache Integration

Apache Integration

Extensible Camel Adaptor Framework

© Talend 2013

RPC HL7RESTSOAPJMS

Extensible Component Framework

Refactoring to VSB

➜ Refactor existing functionality (e.g. Ray Group / PWC)➜ Expose interfaces and Component API’s➜ Delegate responsibility to the VSB

• Security• Reliable Delivery• Composition• Transformation

➜ Service Enable legacy technologies• First class transport adaptors for performance (RPC)• Standards based external transport (SOAP, JMS, MLLP)• Standards based data protocols (HL7, iCal)

© Talend 2013

Virtualizing the integration layer minimizes disruption

Responsibility Driven Design – VSB

➜ Adapts interfaces to standards & specifications➜ Message Exchange Patterns: req-reply and pub-sub➜ Event driven loose coupling with callback support➜ Value added mediation➜ Manage both consumers and providers➜ Standard invocation framework for composition➜ Integration with other Services (OSEHRA)

21

© Talend 2011

Use Cases

© Talend 2013

Scenario Template

➜ Goal: provide sufficient descriptive and prescriptive advice and examples for implementing integration use cases with OSEHRA platform to enable healthcare stakeholders to build application specific services that are reliable, secure, flexible, extensible, and easily composed.

➜ Sufficient to exercise essential complexity, bound risk, and focus collaboration

➜ Not exhaustive, not comprehensive➜ Informed by and illustrates reference architecture

© Talend 2013

Reference Architecture Principles

➜ Standards Based• HL7• SOAP• REST• JMS

➜ Separation of Concerns➜ Support for REST and message centric architectures➜ Event Driven➜ Policy-centric Management

© Talend 2013

Scenario Artifacts

➜ Iterative and Incremental➜ Use case description, wiki➜ Sequence diagram, wiki➜ Design Analysis, wiki ➜ Example, working code in OSEHRA Git➜ Test Driven, integration test routes as requirements in

OSEHRA Git➜ YouTube, walkthrough

© Talend 2013

Breadth

Dept

h

Integration Use Cases1. Non-invasive mediation2. Transport Mediation3. Reliable Delivery4. Federated Query5. Federated Identity6. Federated Security7. Transport Security8. Message Security

© Talend 2013

9. RPC Composition10. Composite Services with Camel11. Event Enablement12. Subscription Management13. Monitor and Manage14. High Availability

Basic Mediation

Non-Invasive Mediatio

n

Transport Mediatio

n

Reliable Delivery

© Talend 2013

Composition

Federated Query

RPC Compositio

n

Composite Service

© Talend 2013

Security

Federated Query

Federated Identity

Federated

Security

Transport Security

Message Security

© Talend 2013

Event Driven

Event Enablement

Subscription Managemen

t

© Talend 2013

Enterprise

Monitor ManageHigh

Availability

© Talend 2013

Non-Invasive Refactoring

© Talend 2013

Transport Security

© Talend 2013

Service Backplane

Legend

Federated Query

© Talend 2013

Service Backplane

Legend

Federated Identity

➜ Identity Management➜ Credentials➜ Message➜ Transport

© Talend 2013

Common Identity

© Talend 2013

Value Added Mediation – Security

➜ Security Profile Alternatives• Transport layer security (SSL V3.0 and TLS V1.0)• SessionId and SSO at App transport layer for Server / Service• Per-message message-level security using WS-Security• Per-session message-level security using WS-Security• SecureConversation Message Layer for User or Service with

SAML x.509➜ Security Gateway Solution Pattern

• Connect to ESB using Transport Security• Delegate message level security to ESB

Sample Basic Security Profile

Encryption Server Auth App Auth User Auth Data Authz

Human to App N/A OS Login OS Logic App Login App Logic

App to ESB Transport(HTTPS, JMS/SSL)

HTTPS SAML N/A N/A

ESB to VSBTransport (HTTPS, JMS/SSL)

HTTPS SAML N/A N/A

VSB to VMRCS

Transport (HTTPS) HTTPS Trusted

Basic Auth N/A VSB Transform

VMRCS to VMRCA N/A N/A VistA or

M Kernel N/A VistA

© Talend 2013

* Not applicable for securing sensitive data at rest

Current Status

Contributing camel-rpc to OSEHRA• Publicly available on Github• Move to OSEHRA Git• Harden implementation and unit test cases with community

input

Federated Query Scenario

➜ Explore re-using elements of BGS Security framework➜ Standard build and CI environment➜ Standard server configuration© Talend 2013