Produced by Araxis Merge on 7/13/2017 3:41:41 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
| # | Location | File | Last Modified |
|---|---|---|---|
| 1 | Genisis_v3.zip\Release 3_Docs | Genisis2_VIP_Release 3_Technical Manual_06162017.docx | Wed Jun 28 20:38:06 2017 UTC |
| 2 | Genisis_v3.zip\Release 3_Docs | Genisis2_VIP_Release 3_Technical Manual_06162017.docx | Wed Jul 12 21:41:34 2017 UTC |
| Description | Between Files 1 and 2 |
|
|---|---|---|
| Text Blocks | Lines | |
| Unchanged | 1 | 182 |
| Changed | 0 | 0 |
| Inserted | 0 | 0 |
| Removed | 0 | 0 |
| Whitespace | |
|---|---|
| Character case | Differences in character case are significant |
| Line endings | Differences in line endings (CR and LF characters) are ignored |
| CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
| 1 | Technical Manual | |
| 2 | Genomic In formation System for Integrate d Science 2 | |
| 3 | (Genisis2) Technical Services | |
| 4 | Release 3 | |
| 5 | ||
| 6 | June 2017 | |
| 7 | Document V ersion 3.0 | |
| 8 | Department of Vetera ns Affairs | |
| 9 | ||
| 10 | Document R evision Hi story | |
| 11 | Date | |
| 12 | Revision | |
| 13 | Descriptio n | |
| 14 | Author | |
| 15 | 02/10/2017 | |
| 16 | 1.0 | |
| 17 | Release 1 | |
| 18 | Booz Allen Hamilton | |
| 19 | 05/12/2017 | |
| 20 | 2.0 | |
| 21 | Release 2 | |
| 22 | Booz Allen Hamilton | |
| 23 | 06/16/2017 | |
| 24 | 3.0 | |
| 25 | Release 3 | |
| 26 | Booz Allen Hamilton | |
| 27 | ||
| 28 | ||
| 29 | Table of C ontents | |
| 30 | 1.Overall Architectu re1 | |
| 31 | 2.Webserve r1 | |
| 32 | 3.Applicat ion Server 1 | |
| 33 | 3.1.Java C ode1 | |
| 34 | 3.2.Activi ti Workflo w Engine2 | |
| 35 | 4.Database Server2 | |
| 36 | 5.Authenti cation and Authoriza tion2 | |
| 37 | 5.1.Identi ty Managem ent3 | |
| 38 | 5.2.Access Control3 | |
| 39 | 6.API Docu mentation – 3.04 | |
| 40 | ||
| 41 | Overall Ar chitecture | |
| 42 | Figure 1 r epresents the Genisi s2 server architectu re. It con sists of t he followi ng compone nts: | |
| 43 | Apache Web server run ning on RH EL | |
| 44 | Apache Web server and Wildfly A pplication Server ru nning on R HEL | |
| 45 | Microsoft SQL Server Database running on Microsoft Windows 2 008 R2. | |
| 46 | ||
| 47 | ||
| 48 | Figure 1: Genisis2 S erver Arch itecture | |
| 49 | ||
| 50 | Webserver | |
| 51 | The Webser ver consis ts of Apac he running on Red Ha t Enterpri se Linux ( RHEL). It employs An gular JS a s the User Interface (UI) fram ework. | |
| 52 | ||
| 53 | Applicatio n Server | |
| 54 | The Applic ation Serv er runs on Red Hat E nterprise Linux (RHE L). It sup ports two main compo nents: the Applicati on Code in Java and the Activi ti Workflo w engine. | |
| 55 | ||
| 56 | Java Code | |
| 57 | The Java c ode handle s the appl ication lo gic and se rves as th e backend engine tha t the webs erver call s using th e Applicat ion Progra mming Inte rface (API ). It also manages t he user in teractions of the wo rkflow man agement. T his Java C ode also u ses the Sp ring frame work and m anages the Object-Re lational m apping nee ded for th e applicat ion. | |
| 58 | ||
| 59 | Activiti W orkflow En gine | |
| 60 | The Activi ti Workflo w Engine i s the Java Business Process Ma nagement e ngine that captures the workfl ow logic a nd execute s it. The Activiti W orkflow en gine manag es its dat abase entr ies in a s eparate da tabase hos ted in the common da tabase ser ver instan ce of Micr osoft SQL server. C hanges to the workfl ow can be made in th is engine and subseq uently dep loyed. | |
| 61 | ||
| 62 | Database S erver | |
| 63 | The Databa se server is a Micro soft Windo ws 2008 R2 server an d hosts Mi crosoft SQ L server 2 012 databa se engine. This data base holds and manag es all of the data r elated to the applic ation. The Activiti Workflow e ngine has a separate database in the sam e instance and manag es workflo w related data in it . | |
| 64 | ||
| 65 | Authentica tion and A uthorizati on | |
| 66 | Figure 2 i llustrates the Genis is2 securi ty archite cture. | |
| 67 | ||
| 68 | Figure 2: Genisis2 S ecurity Ar chitecture | |
| 69 | ||
| 70 | User Names and Passw ords are c ontrolled by central ized VA LD AP access control pr ocesses. P assword Ex piry and o ther admin istrative processes are contro lled by th e VA LDAP group. | |
| 71 | Genisis2 u ses integr ated PIV/W indows Aut henticatio n that the VA LDAP s erver supp orts. When a user lo gs into th e VA Netwo rk using t heir PIV c ard, they are authen ticated in itially. G enisis2 us es browser -based Win dows Authe ntication to authent icate the login of t his user a nd then us es Genisis 2 Roles to allow acc ess to par ts of the Genisis2 a pplication . If a use r does not have a ro le within Genisis2, they canno t proceed beyond the login pag e. Genisis 2 user typ es are man aged by th e Genisis2 applicati on to prov ide each u ser with c ertain fun ctionality , dependin g upon the ir role. F or example , a user i s recogniz ed as a Re questor, D ata Destin ation Mana ger, Data Source Man ager, or G enisis2 Sy stem Admin istrator, and are af forded dif ferent lev els of fun ctionality within th e applicat ion. | |
| 72 | ||
| 73 | Identity M anagement | |
| 74 | Genisis2 s upports th e followin g user typ es: | |
| 75 | Requestor | |
| 76 | Data Desti nation Man ager | |
| 77 | Data Sourc e Manager | |
| 78 | Genisis2 S ystem Admi nistrator (planned f or a futur e release) | |
| 79 | The Reques tor has th e minimum set of act ivities th ey can acc ess and pe rform in t he applica tion. For example, t he Request or can gen erate and track thei r own data requests. | |
| 80 | The Data D estination Manager h as all the capabilit ies of a R equestor, but can re view and a pprove req uests, rev iew and ap prove data results, and track requests m ore broadl y. | |
| 81 | The Data S ource Mana ger addres ses any qu estions ab out the da ta that th ey may hav e with the Requestor (through the Data D estination Manager a nd not dir ectly), pr epares and places th e data in a Source l anding zon e database , and noti fies the D ata Destin ation Mana ger of its location. | |
| 82 | The Data D estination Manager w ill then c opy the da ta over fr om the Sou rce landin g zone dat abase to t he Destina tion landi ng zone da tabase, ex tract the data to a flat file, and perfo rm any add itional cl eanup that may be re quired. Pe rsonally I dentifiabl e Informat ion (PII) and Protec ted Health Informati on (PHI) i nformation is then r emoved fro m this dat a and copi ed over to the speci fic Study Mart set u p for the Requestor. | |
| 83 | The Genisi s2 System Administra tor is a s uper user that has a ccess to a ll of the functions that the R equestor a nd the Dat a Destinat ion Manage r have; an d in addit ion, the G enisis2 Sy stem Admin istrator c an Create, Modify, o r Delete u sers. The Genisis2 S ystem Admi nistrator is respons ible for c reating a user accou nt within Genisis2 a nd assigni ng one of the roles. The Genis is2 applic ation then coordinat es with th e VA LDAP server to create and store the role info rmation. | |
| 84 | ||
| 85 | Access Con trol | |
| 86 | AS indicat ed in Sect ion 5, Use r Names an d Password s are cont rolled by centralize d VA LDAP access con trol proce sses. Pass word Expir y and othe r administ rative pro cesses are controlle d by VA LD AP group. | |
| 87 | Genisis2 u ses browse r-based Wi ndows auth entication for usern ame and pa ssword aut henticatio n. Genisis 2 manages user types and provi des the us er with ac cess to sp ecific fun ctionality as descri bed in Sec tion 5.1. | |
| 88 | ||
| 89 | API Docume ntation | |
| 90 | The API fo r Genisis2 uses REST ful calls to perform create, r etrieve, u pdate, and delete (C RUD) opera tions on t he backend services for the Ge nisis2 app lication. The Genisi s2 API doc ument cont ains an ov erview of the standa rd convent ions used in the API , as well as a detai led overvi ew of each API endpo int with s ample call s and resp onses. | |
| 91 |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.