Produced by Araxis Merge on 9/9/2019 5:41:55 PM Eastern Daylight Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.
# | Location | File | Last Modified |
---|---|---|---|
1 | Webvram-v4.zip\20190725-webvram-source.zip\Documents | WebVRAM System Design Document v1.1 DRAFT Jan 2019.docx | Tue Jul 23 23:11:38 2019 UTC |
2 | Webvram-v4.zip\20190725-webvram-source.zip\Documents | WebVRAM System Design Document v1.1 DRAFT Jan 2019.docx | Fri Sep 6 13:16:06 2019 UTC |
Description | Between Files 1 and 2 |
|
---|---|---|
Text Blocks | Lines | |
Unchanged | 3 | 1742 |
Changed | 2 | 4 |
Inserted | 0 | 0 |
Removed | 0 | 0 |
Whitespace | |
---|---|
Character case | Differences in character case are significant |
Line endings | Differences in line endings (CR and LF characters) are ignored |
CR/LF characters | Not shown in the comparison detail |
No regular expressions were active.
1 | Web VistA Remote Acc ess Manage ment (WebV RAM) | |
2 | System Des ign Docume nt - DRAFT | |
3 | ||
4 | ||
5 | ||
6 | Department of Vetera ns Affairs | |
7 | January 20 19 | |
8 | Version 1. 1 | |
9 | Revision H istory | |
10 | Date | |
11 | Version | |
12 | Descriptio n | |
13 | Author | |
14 | 1/30/2019 | |
15 | 1.1 | |
16 | Updated co ntent to r eflect use r authenti cation usi ng VistA C LAIMS inst ead of IAM 2FA | |
17 | Elliott Cl ark | |
18 | 12/12/2018 | |
19 | 1.0 | |
20 | Addition o f intergra tion of ap plication with CPRS | |
21 | WebVRAM PM O Team | |
22 | 10/26/2018 | |
23 | 0.2 | |
24 | Updates ad ded by dev elopers, D EA STAT Ag ent and bu siness sta keholder | |
25 | Chris Uyeh ara, Jeffr ey Luke, A aron Steel e | |
26 | 9/24/2018 | |
27 | 0.1 | |
28 | Initial SD D Draft | |
29 | WebVRAM PM O Team | |
30 | ||
31 | Table of C ontents | |
32 | 1.Introduc tion4 | |
33 | 1.1.Purpos e of the S DD4 | |
34 | 1.2.Identi fication4 | |
35 | 1.3.Scope5 | |
36 | 1.4.Constr aining Pol icies, Dir ectives an d Procedur es5 | |
37 | 1.5.User C haracteris tics6 | |
38 | 1.5.1.Addi ng Users t o WebVRAM6 | |
39 | 1.6.Relati onship to Other Docu ments and Plans6 | |
40 | 1.7.Defini tions, Acr onyms, and Abbreviat ions6 | |
41 | 2.Backgrou nd7 | |
42 | 2.1.Overvi ew of the System7 | |
43 | 2.2.Overvi ew of the Business P rocess7 | |
44 | 2.3.Assump tions and Constraint s7 | |
45 | 2.3.1.Desi gn Assumpt ions7 | |
46 | 2.3.2.Depe ndencies a nd Constra ints8 | |
47 | 2.4.Overvi ew of the Significan t Requirem ents8 | |
48 | 2.4.1.Over view of Si gnificant Functional Requireme nts8 | |
49 | 2.4.1.1.Bu siness Nee ds:8 | |
50 | 2.4.2.Over view of Fu nctional W orkload / Performanc e Requirem ents12 | |
51 | 2.4.3.Over view of Op erational Requiremen ts12 | |
52 | 2.4.4.Over view of th e Technica l Requirem ents13 | |
53 | 2.4.5.Over view of th e Security or Privac y Requirem ents14 | |
54 | 2.4.6.Over view of Sy stem Criti cality and High Avai lability R equirement s15 | |
55 | 2.4.7.Sing le Sign-on Requireme nt15 | |
56 | 2.4.8.Requ irement fo r Use of E nterprise Portals15 | |
57 | 2.4.9.Spec ial Device Requireme nts15 | |
58 | 2.5.Legacy System Re tirement15 | |
59 | 3.Conceptu al Design1 7 | |
60 | 3.1.Concep tual Appli cation Des ign17 | |
61 | 3.1.1.Appl ication Co ntext17 | |
62 | 3.2.Concep tual Data Design19 | |
63 | 3.2.1.Proj ect Concep tual Data Model19 | |
64 | 3.2.2.Data base Infor mation19 | |
65 | 3.3.Concep tual Infra structure Design19 | |
66 | 3.3.1.Syst em Critica lity and H igh Availa bility19 | |
67 | 3.3.2.Spec ial Techno logy19 | |
68 | 3.3.3.Tech nology Loc ations19 | |
69 | 3.3.4.Conc eptual Inf rastructur e Diagram2 1 | |
70 | 3.3.4.1.Lo cation of Environmen ts and Ext ernal Inte rfaces21 | |
71 | 3.3.4.2.Co nceptual P roduction String Dia gram21 | |
72 | 4.System A rchitectur e22 | |
73 | 4.1.Hardwa re Archite cture23 | |
74 | 4.2.Softwa re Archite cture23 | |
75 | 4.2.1.Util ized Pre-P ackaged Co mponents a nd Librari es23 | |
76 | 4.2.2.GUI Controls24 | |
77 | 4.3.Networ k Architec ture24 | |
78 | 4.4.Servic e Oriented Architect ure / ESS2 4 | |
79 | 4.5.Enterp rise Archi tecture24 | |
80 | 5.Data Des ign26 | |
81 | 5.1.1.File and Globa l Modifica tions27 | |
82 | 6.Detailed Design29 | |
83 | 6.1.Hardwa re Detaile d Design29 | |
84 | 6.2.Softwa re Detaile d Design29 | |
85 | 6.3.Commun ications D etailed De sign29 | |
86 | 7.External System In terface De sign31 | |
87 | 8.Human-Ma chine Inte rface32 | |
88 | 8.1.1.Requ irements32 | |
89 | 8.2.Naviga tion Hiera rchy32 | |
90 | 9.Security and Priva cy34 | |
91 | 9.1.Securi ty34 | |
92 | 9.2.Privac y34 | |
93 | Attachment A – Appro val Signat ures35 | |
94 | A.Appendix 36 | |
95 | A.1.Requir ements Tra ceability Matrix (RT M)36 | |
96 | A.2.Packag ing and In stallation 36 | |
97 | A.3.Design Metrics36 | |
98 | A.4.Glossa ry of Term s and Abbr eviations3 6 | |
99 | A.5.Requir ed Technic al Documen ts36 | |
100 | ||
101 | Introducti on | |
102 | In April 2 011, the E xecutive D irector of Office of Informati on Technol ogy (OIT) Field Oper ations cha llenged th e Director , Region F ield Progr am Office (FPO), wit h finding a technolo gy solutio n to solve access co ntrol comp lexities f or the Con solidated Patient Ac count Cent er (CPAC). As a resu lt, a Sing le Sign On (SSO) pro ject was c hartered t o develop a local ap plication, utilizing existing capabiliti es of the VistA CLAI MS System and Remote Procedure Call (RPC ) Broker t hat would potentiall y be migra ted to the VA enterp rise to al low remote access (r ead and wr ite), usin g a single set of cr edentials, for organ izations r equiring a ccess to i nformation resources provided by Veteran s Health I nformation Systems a nd Technol ogy Archit ecture (Vi stA). | |
103 | ||
104 | The VistA Remote Acc ess Manage ment appli cation (VR AM) was de veloped to address t hese acces s control complexiti es. VRAM h as been de ployed to CPAC users to allow remote ter minal emul ation and certain GU I applicat ion connec tivity to perform co nsolidated Medical C are Cost F und/Recove ry and oth er activit ies as par t of the C PAC missio n. The lin k to the V RAM Techni cal Servic es Project Repositor y (TSPR) i s provided here. | |
105 | ||
106 | The origin al version of VRAM w as a graph ical user interface (GUI) writ ten in DEL PHI that r equired in dividual d istributio n and inst allation o n the desk top of ind ividual us ers, which in turn r equired kn owledge of and suppo rt from lo cal IT sta ff. This thick-clie nt, distri buted appl ication su stainment model is l ess than i deal as co mpared to modern, th in client web-based applicatio ns. Addit ionally, t he version of DELPHI that VRAM was progr ammed in i s outdated and no lo nger suppo rted on th e VA TRM. Rather th an continu ing to fol low that o utdated an d costly s ustainment model, in 2014 VHA engineers developed a web-base d version of VRAM wh ich provid ed the tra ditional V RAM functi onality wh ile also e nhancing u pon its ca pabilities . Being w eb based, the applic ation is n ow central ly maintai ned requir ing no cli ent-side i nstallatio n and no l ocal IT su pport. Th e new WebV RAM applic ation prov ides the c apability to access authorized VistA acc ounts nati onwide, al lowing use rs to remo tely execu te VistA, Computeriz ed Patient Record Sy stem (CPRS ) and Fee Basis Clai ms System (FBCS) men u options in support of their business m odel and m ission, al l by simpl y clicking on a URL. | |
107 | ||
108 | Purpose of the SDD | |
109 | The purpos e of this document i s to descr ibe, in su fficient d etail, how the propo sed system is to be constructe d. The Sys tem Design Document (SDD) tran slates the Requireme nt Specifi cations in to a docum ent from w hich the d evelopers can create the actua l system. It identif ies the to p-level sy stem archi tecture, a nd identif ies hardwa re, softwa re, commun ication, a nd interfa ce compone nts. | |
110 | Identifica tion | |
111 | The SDD ap plies to t he WebVRAM system an d software . Like the VistA VRA M applicat ion curren tly in pro duction, t he web-bas ed solutio n will be developed using the modular fr amework AS P.NET CORE version 2 .1 running on a full Microsoft .NET Fram ework vers ion 4.7.1, and utili zing RPC B roker 1.1. The appli cation wil l be hoste d on the V A Azure Go v Cloud pl atform. | |
112 | Other appl ication de velopment and run-ti me tools i nclude: | |
113 | Microsft ( MS) ASP.NE T CORE | |
114 | MS Windows 10 | |
115 | MS Windows 2012 R2 ( Azure Clou d Virtual Machine Op erating Sy stem) | |
116 | MS Structu red Query Language ( SQL) Serve r 2012. | |
117 | Interface Explorer v ersion 11 (IE11) | |
118 | Google Chr ome | |
119 | Microsoft Edge | |
120 | Firefox | |
121 | Micro Focu s Reflecti on termina l emulatio n (web-ses sion initi ated) | |
122 | AzureBaseR HLinux | |
123 | Scope | |
124 | This docum ent is spe cific to t he WebVRAM product – a web app lication u tilizing V istA CLAIM S, VistA a pplication s related to busines s use, and remote Vi stA system s. Feature s covered within the scope of the applic ation incl ude: | |
125 | Connection and authe ntication with the V istA CLAIM S system t hrough use of author ized user credential s | |
126 | Obtain the authorize d users Vi stA CLAIMS system Us er Profile Display a nd selecti on of auth orized acc ess to rem ote VistA systems (u ser’s cata log of aut horized si tes) | |
127 | Connectivi ty to and brokered a uthenticat ion with s elected au thorized r emote Vist A systems using RPC Broker-BSE component | |
128 | Support fo r connecti vity to re mote VistA systems a nd user ap proved Vis tA applica tions by l aunching R eflection emulation through a Secure She ll (SSH) c onnection from the I E11 and ot her client applicati on browser s. | |
129 | Perform Vi stA CLAIMS system Us er Profile account s ynchroniza tion durin g instanti ation of t he remote connection with the selected r emote Vist A system f or specifi c users th at include s: | |
130 | Creation o f accounts and/or sy nchronizat ion of acc ount crede ntials | |
131 | Synchroniz ation of P rimary and Secondary Menu assi gnments | |
132 | Synchroniz ation of S ecurity Ke ys | |
133 | Synchroniz ation of a ccount pre ferences | |
134 | Allow capt ure and pr inting of Terminal E mulation s ession con ducted | |
135 | Allow laun ching mult iple insta nces of th e WebVRAM applicatio n | |
136 | Provide ca pability o f Terminal Emulation preferenc es for out put (e.g. background color, fo nt color/s ize) | |
137 | Provide a Uniform Re source Loc ator (URL) web addre ss to init iate role- based acce ss to appl ication fe atures | |
138 | Constraini ng Policie s, Directi ves and Pr ocedures | |
139 | VIP Guide 3.2 | |
140 | National I nstitute o f Standard s and Tech nology (NI ST) Specia l Publicat ion 800-60 standards | |
141 | VA Handboo k 6102 Int ernet/Intr anet Web-s ite requir ements | |
142 | VA Handboo k 6500.3 C ertificati on & Accre ditation | |
143 | VA Directi ve and Han dbook 6500 | |
144 | VA Directi ve 6551 (E nterprise Architectu re Standar ds) | |
145 | VA Enterpr ise Design Patterns/ Cloud Comp uting and Architectu re | |
146 | User Chara cteristics | |
147 | WebVRAM ap plication access con trol is hi erarchical based on provider r ole-based credential s establis hed at the VISN and VAMC level . | |
148 | Primary We bVRAM role s include: | |
149 | Primary Ca re Physici an | |
150 | Consulting Physician | |
151 | Telehealth Services Clinicians | |
152 | Telestroke Clinician s | |
153 | Community Care Offic e Staff | |
154 | Adding Use rs to WebV RAM | |
155 | Adding use rs and cha nging user character istics wil l be a per formed by the Nation al Service Desk base d on appro val from b usiness li ne managem ent and re quired Vis tA user pr ofiles and access ke ys. | |
156 | Relationsh ip to Othe r Document s and Plan s | |
157 | The SDD su pports the requireme nts define d within t he WebVRAM Requireme nts archiv ed in Rati onal RM. I t also rel ates to th e followin g document s: | |
158 | WebVRAM In tegrated P roject Tea m (IPT) Ch arter | |
159 | WebVRAM Ch arter | |
160 | WebVRAM In stallation and User Guides | |
161 | Definition s, Acronym s, and Abb reviations | |
162 | Acronyms a re expande d within t he documen t upon fir st use. Fo r other te rms and ab breviation s, refer t o Appendix A.4. | |
163 | ||
164 | Background | |
165 | Overview o f the Syst em | |
166 | WebVRAM is a web-bas ed, cloud- hosted app lication u tilizing V A Enterpri se Archite cture and Design pri nciples wh ich facili tates cler k, provide r and clin ician acce ss to mult iple remot e VistA, C PRS, Fee B asis Claim s System ( FBCS) and related bu siness app lications without re quiring th e user to establish login auth entication and crede ntials at each VistA where Vet eran data is to be v iewed. The need for multiple V istA sessi ons, with separate u ser profil e login to each Vist A instance , is elimi nated. | |
167 | Overview o f the Busi ness Proce ss | |
168 | As physici ans and cl inicians p rovide pat ient care to Veteran s who have been trea ted at mul tiple VA l ocations, the requir ement to v iew medica l record d ata and ac cess other business- related ap plications such as F BSC and CP RS is key. This is n ecessary t o continue an approp riate trea tment plan at the VA MC or clin ic where p atient is currently being seen and/or tr eated, bas ed on diag nosis and treatment for the pa tient at e xternal VA MCs or cli nics. | |
169 | WebVRAM wi ll continu e support the abilit y to acces s disparat e VistA sy stems, wit h standard ized menus , using a single set of creden tials is a n essentia l business process. This drast ically red uces resou rces devot ed to fiel d informat ion techno logy staff account m anagement activities . The app lication w ill contin ue to prov ide timely access to required disparate VistA syst ems using standardiz ed menus, reducing t he probabi lity of pa rtial or i ncomplete access to VistA syst ems, while ensuring access to all requir ed VistA s ystems. Th e end resu lt is fast er VistA a ccess and a decrease in proces s touch-po ints for r equesting access to multiple V istA insta nces. | |
170 | ||
171 | Assumption s and Cons traints | |
172 | Consistent with the VA initiat ive to mov e all appl ications t o a cloud hosted env ironment, WebVRAM wi ll be buil t and depl oyed withi n the VA A zure Gov C loud platf orm. The f ollowing a ssumptions apply to the design of the ap plication: | |
173 | Class I pa tches are installed at remote VistA site s except w here acces s to stand ard menu o ptions app lies | |
174 | Required l ocal Secur ity Keys a re identif ied and in corporated into User Account P rofiles | |
175 | Design Ass umptions | |
176 | The follow ing assump tions infl uenced the design of this syst em. | |
177 | WebVRAM wi ll utilize the VistA CLAIMS sy stem for u ser authen tication f or purpose s of acces sing the a pplication and relat ed VistA i nstances. | |
178 | VA Securit y protocol s and requ irements w ill be app lied to th e design, deployment and opera tions of t he applica tion and i ts support ing networ k topology . | |
179 | ||
180 | Dependenci es and Con straints | |
181 | SSH commun ications p rotocol is required at regiona l VistA sy stems or i ndividual VistA inst ances wher e the appl ication is intended to be used | |
182 | VistA site s must sup port use o f RPC Brok er v1.1 co mponents | |
183 | Successful us of Web VRAM to ac cess remot e VistA sy stems requ ires: | |
184 | Remote Vis tA system to be acce ssible via VA WAN re sources | |
185 | Implementa tion of Lo cal Securi ty Keys mu st be comm unicated a nd incorpo rated into VistA CLA IMS User A ccess Prof ile where impact to assigned m enus or op tions exis t | |
186 | Remote Vis tA system configurat ion change s impactin g connecti vity (i.e. port, pro tocol, ini tial logon prompt) m ust be com municated and incorp orated int o VistA CL AIMS syste ms list | |
187 | Remote app lication e ntry must be configu red in the remote Vi stA system | |
188 | Synchroniz ation of U ser Accoun t Profile required f or WebVRAM to functi on | |
189 | Synchroniz ation of U ser Accoun t credenti als requir ed for Vis tA GUI App lication u sage by We bVRAM user s | |
190 | ||
191 | Overview o f the Sign ificant Re quirements | |
192 | Flexibilit y – The pr oduct desi gned must support to the exten t possible ancillary component replaceme nts, add-o n, or exte nsion nece ssary for future enh ancement o r requirem ents. | |
193 | Multiple I nstantiati on – The p roduct mus t be capab le of bein g launched as multip le instanc es within a user’s M icrosoft W indows Ope rating Sys tem (OS) s ession. | |
194 | Performanc e – The pr oduct must be capabl e of estab lishing br okered con nection to remote Vi stA system s within t he timeout threshold s for RPC Broker tok en lifespa n (20s). | |
195 | Overview o f Signific ant Functi onal Requi rements | |
196 | The follow ing is an overview o f the majo r function al require ments for the system . The goal is not to include t he full se t of requi rements in this docu ment or to replace t he functio nal requir ements doc uments, bu t to ident ify the ma jor functi ons to be performed and the fe w major re quirements that driv e the desi gn that is described in the se ctions bel ow. The co mplete set of requir ements con stituting the WebVRA M Backlog is located in the pr oject’s Ra tional rep ository. | |
197 | ||
198 | ||
199 | ||
200 | ||
201 | ||
202 | Business N eeds: | |
203 | ReqPro Tag | |
204 | BN/OWNR Nu mber | |
205 | Business N eed (BN)/O wner (OWNR ) Requirem ent | |
206 | BN 3 | |
207 | 2278 | |
208 | Provide a user inter face for a discrete VistA sess ion within one WebVR AM instanc e. Sessio n is defin ed as a si ngle acces s to a Vis ta System. | |
209 | OWNR 3.1 | |
210 | 11755 | |
211 | Allow user to open m ultiple in stances of WebVRAM i n order to authentic ate and co nnect/open multiple different VistA site s or multi ple instan ces of the same Vist A site. | |
212 | BN 4 | |
213 | 2279 | |
214 | Provide th e ability to automat e launch o f the appl ication in multiple system env ironments. | |
215 | OWNR 4.1 | |
216 | 11756 | |
217 | Provide th e ability to automat e launch o f the inte rface with in a virtu al machine environme nt (e.g., VMware vie w). | |
218 | OWNR 4.2 | |
219 | 11759 | |
220 | Provide th e ability to automat e launch o f the inte rface with in a termi nal servic es/Citrix environmen t. | |
221 | OWNR 4.3 | |
222 | 11760 | |
223 | Provide th e ability to automat e launch o f the inte rface with in a local workstati on install ation envi ronment (e .g., lapto p). | |
224 | OWNR 4.4 | |
225 | 11761 | |
226 | Provide th e ability to automat e connecti on of user s to VistA system(s) via termi nal emulat ion. | |
227 | BN 5 | |
228 | ARCH 2280 | |
229 | Provide th e ability to automat e connecti on of the user to a broker sys tem framew ork. | |
230 | OWNR 5.1 | |
231 | 11762 | |
232 | Provide th e ability for the ap plication to connect to remote VistA via RPC Broke r (Broker Security E nhancement ) and File Man Delphi Component (FMDC) us ing its ow n entry in the remot e applicat ion file o n the targ et site. | |
233 | BN 6 | |
234 | 2912 | |
235 | Provide th e ability to automat e VistA ac count and menu acces s. | |
236 | OWNR 6.1 | |
237 | 11764 | |
238 | Provide th e ability to automat e authenti cation of user VistA access. | |
239 | OWNR 6.2 | |
240 | 11765 | |
241 | Provide th e ability to automat e creation of a Vist A account for a spec ific user in each of the local VistA sit es based o n VistA si tes assign ed to that user on t he VistA C LAIMS syst em. | |
242 | OWNR 6.3 | |
243 | 11766 | |
244 | Provide th e ability to automat e VistA ac count and menu acces s to prima ry VistA m enus. | |
245 | OWNR 6.4 | |
246 | 11767 | |
247 | Provide th e ability for the us er to be a utomatical ly assigne d to a pri mary menu when conne cted to Vi stA system (s). | |
248 | OWNR 6.5 | |
249 | 11768 | |
250 | Provide th e ability for the us er to auto matically access sec ondary Vis tA menus. | |
251 | OWNR 6.6 | |
252 | 11769 | |
253 | Provide th e ability for the us er to be a utomatical ly assigne d to secon dary menu when conne cted to Vi stA system (s). | |
254 | OWNR 6.7 | |
255 | 11770 | |
256 | Provide th e ability to for use rs to acce ss VistA o ptions req uiring sec urity keys assignmen ts. | |
257 | OWNR 6.8 | |
258 | 11771 | |
259 | Provide th e ability for the us er to be a utomatical ly assigne d to assoc iated secu rity keys for primar y/secondar y menus. | |
260 | BN 7 | |
261 | 2913 | |
262 | Provide th e ability to configu re and set preferenc es for ter minal emul ation | |
263 | OWNR 7.1 | |
264 | 11772 | |
265 | Provide th e ability for the us er to revi ew VistA t ransaction history. | |
266 | Provide te rminal emu lator func tionality such as a VT320 term inal emula tor, prefe rably Micr o Focus Re flection, once WebVR AM connect s user to local Vist A site. T he desire is to have all termi nal emulat or (Reflec tion) func tionality but at a m inimum the se functio ns: Print ing, displ ay control , logging, hot key s et up, mac ro capabil ity, toolb ar customi zation, an d exportin g/importin g settings . | |
267 | OWNR 7.2 | |
268 | 11773 | |
269 | Provide th e ability for the us er to save setting c hanges to the termin al emulato r. | |
270 | OWNR 7.3 | |
271 | 11774 | |
272 | Provide th e ability for the us er to set preference s for font size/colo r, backgro und color, and adjus t scroll b uffer. | |
273 | OWNR 7.4 | |
274 | 11775 | |
275 | Provide th e ability to enable the user t o perform edit opera tions for assigned V istA optio ns. | |
276 | BN 8 | |
277 | 2914 | |
278 | Provide th e ability for the us er to conf igure emul ator prefe rences. | |
279 | OWNR 8.1 | |
280 | 11776 | |
281 | Provide th e ability for the us er to save preferenc es in an e xternal co nfiguratio n file. | |
282 | OWNR 8.2 | |
283 | 11777 | |
284 | Provide th e ability for the us er to save local con figuration file on a local or network pa th as dete rmined by the system administr ator. | |
285 | OWNR 8.3 | |
286 | 11778 | |
287 | Provide th e ability for the us er to conf igure host mapping i n an exter nal config uration fi le. | |
288 | OWNR 8.4 | |
289 | 11779 | |
290 | Provide th e ability for the us er to conf igure macr os in an e xternal co nfiguratio n file. | |
291 | OWNR 8.5 | |
292 | 11780 | |
293 | Provide th e ability for the us er to conf igure soft keys in an external configurat ion file. | |
294 | BN 9 | |
295 | 2915 | |
296 | Provide th e ability to for the user to a ccess Vist A GUI appl ications a fter acqui ring appli cation acc ess to Vis tA site us ing WebVRA M SSO. | |
297 | OWNR 9.1 | |
298 | 11781 | |
299 | Provide th e ability for the us er to acce ss externa l VistA GU I applicat ions at a remote sit e. (e.g., Reflection , Insuranc e Capture Buffer [IC B], Comput erized Pat ient Recor d System [ CPRS], Fee Basis Cla ims System (FBSC), A udit Compl iance Modu le (ACM), Certified Case Manag er [CCM], and simila r business applicati ons.) | |
300 | BN 10 | |
301 | 2916 | |
302 | Provide th e ability to automat ically syn chronize a ccess cred entials af ter the us er invokes the WebVR AM SSO app lication t o access V istA site. | |
303 | OWNR 10.1 | |
304 | 11782 | |
305 | Provide th e ability to automat ically syn chronize u ser access credentia ls after u sing WebVR AM SSO app lication t o access V istA site by using a validatin g security key such as the DVB A WebVRAM AV PUSH ke y to synch ronize Acc ess and Ve rify codes . | |
306 | ||
307 | Push value From CLAI Ms to visi ted site: | |
308 | 201-PRIMAR Y MENU OPT ION | |
309 | 203 – SECO NDARY MENU OPTIONS | |
310 | 51 - KEYS | |
311 | 101.13 – C PRS TAB | |
312 | 20.2 - SIG NATURE BLO CK PRINTED NAME | |
313 | 20.3 - SIG NATURE BLO CK TITLE | |
314 | 20.4 - ELE CTRONIC SI GNATURE CO DE | |
315 | 200.04 - M ULTIPLE SI GN-ON | |
316 | 200.18 - A UTO SIGN-O N | |
317 | 9.2 - TERM INATION DA TE (set to T+30) | |
318 | 2 – ACCESS CODE | |
319 | 11 – VERIF Y CODE | |
320 | 8 – TITLE | |
321 | 41 – ALLOW ED TO USE SPOOLER | |
322 | USER TITLE | |
323 | SERVICE/SE CTION | |
324 | ||
325 | Delete at visited si te: | |
326 | 7 - DISUSE R | |
327 | ||
328 | Push if vi sited site value < 9 00 | |
329 | 200.1 – TI MED READ* | |
330 | * If the e xisting vi sited site value < 9 00, the va lue is set to 900, o therwise n o action i s taken. | |
331 | BN 11 | |
332 | 2917 | |
333 | Provide th e ability to automat ically all ow synchro nization o f user acc ess creden tials only when a Vi stA CLAIMS account k ey has bee n assigned . | |
334 | OWNR 11.1 | |
335 | 11783 | |
336 | Provide th e ability to automat ically all ow synchro nization o f user acc ount crede ntials onl y when the DVBAWebVR AM AV PUSH key is pr esent. | |
337 | BN 12 | |
338 | 2918 | |
339 | Provide th e ability to automat ically all ow user ac count sync hronizatio n to occur for assig ned menus and keys. | |
340 | OWNR 12.1 | |
341 | 11784 | |
342 | Provide th e ability for the ap plication to recogni ze a menu option as a mechanis m to allow user to a uthenticat e to a loc al VistA s ite as a W ebVRAM use r and allo w all menu s to pass/ synchroniz e (e.g. KP A WebVRAM GUI). | |
343 | BN 13 | |
344 | 2919 | |
345 | Provide th e ability to restric t user acc ount synch ronization for assig ned menus and keys, where a Pr imary Menu is not pr esent. | |
346 | OWNR 13.1 | |
347 | 11785 | |
348 | Provide th e ability to restric t passing all user M enus and K eys, where NO Primar y Menu is present in KPA WebVR AM GUI. | |
349 | BN 14 | |
350 | 2920 | |
351 | Provide th e ability for change s to VistA CLAIMS us er profile to be syn chronized to remote VistA syst ems. | |
352 | OWNR 14.1 | |
353 | 11786 | |
354 | Provide th e ability to allow m enu change s used to validate c hanges on the VistA CLAIMS ser ver, to be included on the rem ote site. | |
355 | BN 15 | |
356 | 2921 | |
357 | Provide th e ability to validat e user acc ess based on VistA C LAIMS serv er setting s. | |
358 | OWNR15.1 | |
359 | 11787 | |
360 | Provide th e ability to recogni ze disuser flag set on VistA C LAIMS serv er to deny access to WebVRAM us er. | |
361 | ||
362 | Overview o f Function al Workloa d / Perfor mance Requ irements | |
363 | ||
364 | ID | |
365 | Requiremen t | |
366 | ||
367 | If definin g transact ion as the connectio n initiall y to the V istA CLAIM S server a nd then co nnection b etween Vis tA CLAIMS server and the targe t VistA sy stem, a hi gh estimat e would be 150,000 p er hour (w ith initia l 5500 use rs connect ing/workin g in four VistA site s). | |
368 | ||
369 | A summary of the pro ject’s com pliance wi th Enterpr ise System Engineeri ng, IT Inf rastructur e Standard s, and det ails of th e Technica l Analysis Review pr ocess will be archiv ed in the RiskVision repositor y using GR C tool as Assessment and Autho rization ( A&A) docum entation i s complete d and the VA Authori ty to Oper ate (ATO) process is pursued. | |
370 | ||
371 | ||
372 | Overview o f Operatio nal Requir ements | |
373 | ID | |
374 | Requiremen t | |
375 | NONF2811 | |
376 | All data/c onfigurati on paramet ers shall be stored on the Vis tA CLAIMS/ Remote Vis tA systems . | |
377 | “ | |
378 | System res ponse time s and page load time s shall de pend on th e host Vis tA system’ s existing response time. | |
379 | “ | |
380 | Maintenanc e, includi ng mainten ance of ex ternally d eveloped s oftware in corporated into the WebVRAM ap plication, shall be scheduled during off peak hour s or in co njunction with VistA CLAIMS ma intenance schedules. | |
381 | NONF2001 | |
382 | The WebVRA M applicat ion will i ntegrate w ith any an d all Vist A instance s across t he VA ente rprise to support th e user sto ries under SUB-EPIC BN 6-2912 in Rationa l. Integra tion is to be accomp lished usi ng (Domain System Na me) DSNs a nd Port nu mbers asso ciated wit h each Vis tA instanc e. | |
383 | ||
384 | ||
385 | The applic ation will integrate with the VistA CLAI MS service , in suppo rt of the user stori es under S UB-EPIC: N ONF2811-F in Rationa l, to prov ide user a uthenticat ion, based on user c redentials and perso n class, t o confirm a user’s a bility to login and access Vis tA data on their loc al VistA i nstance as well as V istA data on remote instances spawned by the WebVR AM applica tion throu gh Reflect ion sessio ns. | |
386 | ||
387 | The WebVRA M product will be de veloped as a web-bas ed applica tion, host ed in a VA Cloud env ironment. | |
388 | ||
389 | Product de velopment will occur in a set of VA Clou d environm ents to al low for in itial Unit Testing, End-to-End Integrati on Testing , Quality Assurance Testing, R egression Testing, a nd Pre-pro duction st aging and testing. | |
390 | ||
391 | The cloud hosting en vironments for WebVR AM develop ment, test ing and pr oduction u se will in clude a mi nimum of 3 distinct environmen ts, with a dequate Vi rtual Mach ine config uration, s torage cap acity, and processor speed and capacity, to develo p, thoroug hly test a nd deploy WebVRAM so ftware bui lds betwee n environm ents and f inally int o producti on for nat ional prod uct releas e. Namely, a Develop ment/QA Te sting Envi ronment, a n Integrat ion Enviro nment for end-to-end and integ rated feat ure set te sting, and a Product ion Enviro nment to h ouse the r un-time ap plication for use ac ross the V A Enterpri se. | |
392 | ||
393 | The applic ation will integrate with the FBCS appli cation. | |
394 | ||
395 | The VA Ent erprise Cl oud (VAEC) service w ill be use d to confi gure Azure Cloud env ironments which will provide t he applica tion trans action and traffic e lastic loa d balancin g. | |
396 | ||
397 | The applic ation and Azure host ing enviro nments wil l meet all VHA Secur ity, Priva cy and Ide ntity Mana gement req uirements including VA Handboo k 6500 (Ap pendix D) as outline d in the A ssessment and Author ization pr ocess. | |
398 | ||
399 | The applic ation will use only TRM approv ed technol ogy as man dated by t he VA Offi ce of Info rmation an d Technolo gy (OIT) a nd Design, Engineeri ng and Arc hitecture (DEA) over sight enti ties. | |
400 | BN 2277 | |
401 | Testing of the appli cation wil l be perfo rmed on wo rkstations running t he Windows 10 Operat ing System to valida te various browser c lient’s co mpatibilit y with tha t operatin g system. | |
402 | Overview o f the Tech nical Requ irements | |
403 | ||
404 | Usability- User Inter face Requi rements | |
405 | N/ A | |
406 | User accep tance test ing person nel shall include us ers from t he CPAC bu siness sta ff, Telehe alth Servi ces, Teles troke Divi sion and C ongression al Budget Office tha t are able to confir m acceptab le changes to their workflow. Typical u ser tasks include: | |
407 | Entering A ccess & Ve rify codes (differen t from Ref lection, m ust use ta b or mouse as oppose d to the E nter key t hat users may be mor e used to) | |
408 | Changing A ccess and Verify cod es (check box to all ow change) | |
409 | Setting up electroni c signatur e (done on VistA CLA IMS server ) | |
410 | Selecting site to co nnect to | |
411 | Disconnect ing from a site | |
412 | Importing hot keys, macros, an d tool bar s (tentati ve) | |
413 | Verifying the user c an get int o related GUI Applic ation with WebVRAM co des | |
414 | Total time for numbe rs 1-5 tak es approxi mately 5 m inutes. Nu mber 6 wil l be deter mined if n eeded, wit h job aids provided. Typical t asks remai n the same . Users c ontinue to get to CP RS, VistA, ICB the s ame way. T he initial log in is the only difference . Same ter minal emul ation as u sers curre ntly use. | |
415 | Total trai ning time is estimat ed to be 6 0 minutes per group. The plan is to trai n users in groups as they rece ive theirW ebVRAM acc ess and ve rify codes and log i n for the first time . Training is in con junction w ith the ro ll out. | |
416 | ||
417 | Documentat ion Requir ements | |
418 | N/ A | |
419 | Updates sh all be mad e, as nece ssary, to the applic able user manuals an d Operatio ns and Mai ntenance ( O&M) manua ls related to theWeb VRAM appli cation. U ser manual s and O&M manuals wi ll be prod uced and m anaged wit h a change managemen t process. If no Use r or O&M d ocumentati on exists, it shall be produce d. | |
420 | N/ A | |
421 | A User Gui de & Job a ids have b een develo ped and wi ll be deli vered to a ll levels of staff u sers. | |
422 | N/ A | |
423 | Frequently Asked Que stions doc ument targ eted to lo cal VistA site manag ement will explain h owWebVRAM users will appear on the targe t VistA sy stems. | |
424 | ||
425 | Implementa tion Requi rements | |
426 | N/ A | |
427 | An impleme ntation pl an shall b e develope d to addre ss transit ion and ro llout ofWe bVRAM to u sers. | |
428 | N/ A | |
429 | The Nation al Service Desk shal l be infor med for is sues speci fic toWebV RAM client . | |
430 | N/ A | |
431 | The IT sol ution shal l be desig ned to com ply with t he applica ble approv ed Enterpr ise Servic e Level Ag reements ( SLA). | |
432 | N/ A | |
433 | The implem entation u pdate shal l be decid ed by CPAC , if relev ant. | |
434 | ||
435 | Data Prote ction/Back -up/Archiv e Requirem ents | |
436 | NONF1615 | |
437 | A back-up plan shall be provid ed and man aged by Vi stA CLAIMS and host VistA syst ems for wh en the sys tem is bro ught off-l ine for ma intenance or technic al issues/ problems. | |
438 | NONF1616 | |
439 | Data prote ction meas ures, such as back-u p interval s and redu ndancy sha ll be mana ged by Vis tA CLAIMS and host V istA syste ms. | |
440 | ||
441 | Overview o f the Secu rity or Pr ivacy Requ irements | |
442 | ||
443 | ID | |
444 | Security Requiremen t | |
445 | NONF1617 | |
446 | Organizati ons usingW ebVRAM wil l ensure t he propose d solution meets all VHA Secur ity, Priva cy and Ide ntity Mana gement req uirements including VA Handboo k 6500. | |
447 | The WebVRA M system w ill reside in the Az ure cloud hosting en vironment and will i nherit all security A&A featur es already applied t o meet the GovCloud and Virtua l Private Network re quirements for FISMA High cont rols and c ompliance within tha t environm ent. WebVR AM will fa cilitate m ultiple SS H VistA se ssions for viewing V eteran dat a. As such , the appl ication wi ll apply a ll inherit ed Azure c loud hosti ng VA netw ork and fi rewall sec urity requ irements f or display ing Person ally Ident ifiable In formation (PII) and Personal H ealth Info rmation (P HI) as vie wed within the frame work of Vi stA sessio ns. PII bu t no PHI d ata will b e persiste d in the W ebVRAM Cac he at the terminatio n of each user sessi on. Contro ls applica ble to the applicati on are rec orded in R iskVision. | |
448 | ||
449 | Overview o f System C riticality and High Availabili ty Require ments | |
450 | The system will oper ate within the exist ing availa bility of VistA or V istA CLAIM S systems which is 2 4/7/365, 9 9.5% of th e time. | |
451 | Single Sig n-on Requi rement | |
452 | WebVRAM wi ll integra te with Vi stA CLAIMS system to obtain cr edentials of authori zed applic ation user s. Once au thenticate d, the use r’s “singl e sing-on” to the We bVRAM appl ication wi ll be the only requi rement to access mul tiple Vist A instance s, the FBC S applicat ion and to launch CP RS without additiona l requirin g addition al login e vents. | |
453 | Requiremen t for Use of Enterpr ise Portal s | |
454 | WebVRAM re quires use of portal s assigned as part o f the VA A zure Gov C loud hosti ng framewo rk with co nnections to: | |
455 | VA Identit y Access M anagement Service | |
456 | VistA CLAI MS system | |
457 | VistA Fee Basis Clai ms System (FBCS) | |
458 | VistA Comp uterized P atient Rec ord System (CPRS) | |
459 | VistA inst ances thro ughout the VA Enterp rise | |
460 | Special De vice Requi rements | |
461 | None. | |
462 | Legacy Sys tem Retire ment | |
463 | The Legacy VRAM syst em is in p lace and i s intended to remain in produc tion until the WebVR AM roll ou t can repl ace its fu nctionalit y national ly. | |
464 | ||
465 | ||
466 | Legacy Sys tem or Leg acy System Component | |
467 | Retired or Workload Reduced | |
468 | If Workloa d Reduced - How Much | |
469 | VRAM | |
470 | Reduced | |
471 | Specific t o VISN/VAM C | |
472 | Conceptual Design | |
473 | Conceptual Applicati on Design | |
474 | WebVRAM ap plication is intende d to inter face with the VistA CLAIMS syt em to init ially auth enticate u sers again st existin g accounts within th e VA netwo rk. | |
475 | Architectu re and des ign of rem ote VistA systems an d the Vist A CLAIMS A uthenticat ion Server VistA Ins tance is n ot describ ed within this docum ent. For m ore inform ation on t hose syste ms, it is recommende d the inde pendent sy stem’s res pective do cumentatio n library be referen ced. | |
476 | Applicatio n Context | |
477 | The WebVRA M solution is depend ent on ext ernal Vist A systems (via the V istA CLAIM S system) and associ ated GUIs as shown i n Figure 1 . | |
478 | ||
479 | Figure 1: WebVRAM Hi gh Level A pplication Design | |
480 | ||
481 | ||
482 | ||
483 | WebVRAM Co ntext Desc ription: | |
484 | ||
485 | ID | |
486 | Name | |
487 | Descriptio n | |
488 | Interface Name | |
489 | Interface System | |
490 | TBD | |
491 | WebVRAM | |
492 | Web based applicatio n to provi de multi-V istA acces s via sing le sign on | |
493 | All interf aces liste d below | |
494 | All system s listed b elow | |
495 | TBD | |
496 | VistA/Vist A CLAIMS | |
497 | Multiple V istA sessi ons for vi ewing pati ent medica l records | |
498 | VistA CLAI MS | |
499 | WebVRAM | |
500 | TBD | |
501 | Fee Basis Claims Sys tem (FBCS) | |
502 | VA system for approv al of pati ent care s ervices | |
503 | FBCS | |
504 | WebVRAM | |
505 | TBD | |
506 | Computeriz ed Patient Record Sy stem (CPRS ) | |
507 | VA Electro nic Health Record GU I | |
508 | CPRS | |
509 | WebVRAM | |
510 | Interfaces External to Office of Informa tion and T echnology (OIT): | |
511 | ||
512 | ID | |
513 | Interface Name | |
514 | Related Ob ject | |
515 | Input Mess ages | |
516 | Output Mes sages | |
517 | External P arty | |
518 | N/A | |
519 | N/A | |
520 | N/A | |
521 | N/A | |
522 | N/A | |
523 | N/A | |
524 | Interfaces Internal to OIT: | |
525 | ||
526 | ID | |
527 | Interface Name | |
528 | Related Ob ject | |
529 | Input Mess ages | |
530 | Output Mes sages | |
531 | Other CBP Party | |
532 | TBD | |
533 | VistA CLAI MS | |
534 | VistA Kern el, Web AP I to RPC B roker | |
535 | User Profi le | |
536 | Single Use Token | |
537 | Authentica tion Verif y | |
538 | User Profi le & Token | |
539 | N/A | |
540 | TBD | |
541 | VistA Test Instance | |
542 | VistA Cach é Database | |
543 | SSH Connec tion | |
544 | User Profi le and Per missions | |
545 | Access/Ver ify Codes | |
546 | Keystroke sequences | |
547 | N/A | |
548 | TBD | |
549 | FBCS | |
550 | VistA Kern el, Web AP I to RPC B roker | |
551 | FBCS Menu | |
552 | Approved p atient sta tus | |
553 | N/A | |
554 | TBD | |
555 | CPRS | |
556 | VistA Kern el, Web AP I to RPC B roker | |
557 | Clinician CPRS GUI O ptions | |
558 | Patient Me dical Reco rd | |
559 | N/A | |
560 | Externally Shared Da ta Stores: | |
561 | ||
562 | ID | |
563 | Name | |
564 | Data Store d | |
565 | Owner | |
566 | Access | |
567 | N/A | |
568 | N/A | |
569 | N/A | |
570 | N/A | |
571 | N/A | |
572 | ||
573 | ||
574 | Conceptual Data Desi gn | |
575 | Project Co nceptual D ata Model | |
576 | The WebVRA M applicat ion facili tates mult iple VistA sessions for design ated users through V A Single S ing On Int ernal (SSO i) methodo logy. No d ata is per sisted nor stored as part of t he transac tion suppo rt provide d by the a pplication . SQL data bases are required t o support the applic ation audi t logs and objects, but the da ta flow is simplisti c and exec utable dri ven. | |
577 | ||
578 | Database I nformation | |
579 | The table below iden tifies all databases that will be create d, replace d, interfa ced with, or whose s tructure w ill be mod ified as p art of thi s effort. | |
580 | Database N ame | |
581 | ||
582 | Descriptio n | |
583 | ||
584 | Type | |
585 | ||
586 | Steward | |
587 | WebVRAM De v/Test SQL | |
588 | Azure SQL Virtual Ma chine (VM) database that will house appl ication ex ecution da ta | |
589 | Create | |
590 | Azure Clou d Environm ent | |
591 | WebVRAM Pr e-Prod SQL | |
592 | Azure SQL VM databas e that wil l house ap plication execution data | |
593 | Create | |
594 | Azure Clou d Environm ent | |
595 | WebVRAM Pr od SQL | |
596 | Azure SQL VM databas e that wil l house ap plication execution data | |
597 | Create | |
598 | Azure Clou d Environm ent | |
599 | ||
600 | Conceptual Infrastru cture Desi gn | |
601 | The applic ation will be hosted as a Clas s I applic ation in t he VA Azur e Gov Clou d environm ent. | |
602 | System Cri ticality a nd High Av ailability | |
603 | The WebVRA M applicat ion infras tructure i s intended to meet c riticality requireme nts to ens ure high a vailabilit y of 99.5% uptime no t to inclu de regular ly schedul ed hardwar e and soft ware maint enance thr ough an en forceable SLA with t he Azure c loud servi ce provide r. The clo ud provide r will als o meet an SLA disast er recover y requirem ent to not lose more than two hours of d ata due to a failure as its Re covery Poi nt Objecti ve, and a recovery f rom any fa ilure in f our hours or less as its Recov ery Time O bjective. The WebVRA M cloud pr ovider wil l allocate the appro priate res ources to maintain t he 99% upt ime SLA in cluding wo rkload dis tribution for web se rvice avai lability a nd manage multiple a lternate s ite gatewa ys for geo graphic fa ilover inh erent to l arge cloud provider designs. | |
604 | Special Te chnology | |
605 | No special technolog y is used as part of this syst em. | |
606 | Technology Locations | |
607 | This secti on describ es the var ious techn ology comp onents tha t will be used. | |
608 | ||
609 | Technology Component | |
610 | Location | |
611 | Usage | |
612 | Developmen t/Test Env ironment | |
613 | Azure Clou d VM | |
614 | Initial De velopment Environmen t and Inte gration En vironment used for U nit and QA testing e stablished to allow maximum ac cessibilit y to devel opers and testing re sources. | |
615 | Pre-Produc tion Envir onment | |
616 | Azure Clou d VM | |
617 | Environmen t used to stage and perform in tegration testing (e nd to end) , user acc eptance te sting and final prod uction-rea dy testing of the ap plication prior to p roduction deployment . | |
618 | Production Environme nt | |
619 | Azure Clou d VM | |
620 | Vendor hos ted, produ ction depl oyment env ironment. | |
621 | VistA CLAI MS System | |
622 | Various VA Regional Locations | |
623 | VistA syst em used in connectio n with RPC Broker v1 .1 to supp ort access to multip le VistA s ystems dur ing a sing le user se ssion. | |
624 | ||
625 | ||
626 | Conceptual Infrastru cture Diag ram | |
627 | Location o f Environm ents and E xternal In terfaces | |
628 | WebVRAM wi ll utilize an interf ace to the se enterpr ise servic es: | |
629 | VistA CLAI MS – Multi ple simult aneous Vis tA logins/ sessions; VA ES | |
630 | VistA Test Instances – Minimum of 2 Vist A Test Ins tances in the Azure Cloud for developmen t and SQA testing. P re-product ion VistA Test Insta nces locat ed at Init ial Operat ing Capabi lity (IOC) Testing s ites as de termined b y business need. All VistA Ins tances for productio n use acro ss the VA enterprise . | |
631 | VistA FBCS – Approve d patient care verif ication; V istA Netwo rk | |
632 | VistA CPRS – Veteran Electroni c Health R ecord; Vis tA Network | |
633 | Conceptual Productio n String D iagram | |
634 | Figure 2 s hows the c onfigurati on of a si ngle produ ction stri ng to the extent tha t it is kn own. A ful l producti on aspect of the app lication w ill involv e multiple users and VistA ses sions thro ugh severa l cloud Su bnets. | |
635 | ||
636 | Figure 2: WebVRAM Si ngle Produ ction Stri ng | |
637 | ||
638 | ||
639 | System Arc hitecture | |
640 | Figure 3 p rovides a high level architect ural view of the Web VRAM solut ion. Figur e 4 shows the archit ecture lay ers for th e applicat ion. | |
641 | ||
642 | Figure 3: WebVRAM Ar chitecture | |
643 | ||
644 | ||
645 | ||
646 | ||
647 | ||
648 | ||
649 | ||
650 | ||
651 | ||
652 | ||
653 | ||
654 | ||
655 | ||
656 | ||
657 | Figure 4: WebVRAM Ar chitecture Layers | |
658 | ||
659 | ||
660 | Hardware A rchitectur e | |
661 | The WebVRA M solution has three Environme nts: DEV/T EST (Devel opment and Unit/QA T esting), P REPROD (Pr e-producti on staging ) and PROD (Producti on environ ment for e nterprise releases). Each envi ronment is hosted in the VA Az ure cloud. | |
662 | Software A rchitectur e | |
663 | Software a rchitectur e for the applicatio n consists of the in ternal com ponents, G UI interfa ce, extern al systems interface s and majo r event se quences sh own in Fig ure 5. The subsectio ns that fo llow furth er describ e componen ts and the ir relatio nships. | |
664 | ||
665 | Utilized P re-Package d Componen ts and Lib raries | |
666 | RPC-BSE v1 .1 | |
667 | The RPC Br oker compo nent estab lishes a c ommon and consistent foundatio n for Vist A client/s erver appl ications. It acts as a bridge connecting client ap plications on workst ations to the M-base d data and business rules on M servers t hrough TCP connectio ns. This c omponent i s VA-owned , currentl y managed by Infrast ructure an d Security Services (ISS) Deve lopment. | |
668 | ASP.NET Co re v2.1 | |
669 | The ASP.NE T Core ope n-source f ramework p rovides th e cross-pl atform, hi gh-perform ance tools to build the cloud- based WebV RAM applic ation. It provides t he ability to run th e applicat ion on Win dows, macO S and Linu x. | |
670 | Microsoft .NET Frame work v4.7 | |
671 | The Micros oft .NET F ramework i s a softwa re framewo rk that op erates pri marily on Windows. I t will be utilized a s the fram ework on w hich ASP.N ET Core wi ll run. | |
672 | GUI Contro ls | |
673 | WebVRAM wi ll apply G UI control s inherent in the AS P.NET CORE modular f ramework t o provide desktop ri ch-client applicatio n. Control s utilized for this applicatio n include: | |
674 | Grids (Dat aGrid, Piv ot Grid Pr eview) | |
675 | Layout (Av atar, Card , Dialog, ListView, Tooltip) | |
676 | Notificati ons (Confi gurable) | |
677 | Navigation (Content Menu, Cont ext Menu, Sidebar, T abs, Toolb ar, Tree V iew) | |
678 | File Forma t Library (MS Office Documents , PDF) | |
679 | Editors (C onfigurabl e) | |
680 | ||
681 | Network Ar chitecture | |
682 | WebVRAM ap plies to a ll VA netw ork standa rds, polic ies and pr otocols in keeping w ith VA Gov cloud net work requi rements as outlined in the arc hitecture overviews in Section 4 above. | |
683 | Service Or iented Arc hitecture / ESS | |
684 | WebVRAM do es not emp loy SOA. | |
685 | ||
686 | Enterprise Architect ure | |
687 | WebVRAM e mploys VA Enterprise Architect ure standa rds in des ign and ar chitecture and will specifical ly impleme nt the fol lowing One -VA Techni cal Refere nce Model (TRM) appr oved compo nents. | |
688 | ASP.NET Co re – TRM a pproved wi th constra ints throu gh calenda r year 201 9. Constra ints inclu de: | |
689 | National I nstitute o f Standard s and Tech nology (NI ST) identi fied secur ity vulner abilities – all vers ions must remain pro perly patc hed | |
690 | ISO and OI T permissi on must be obtained to downloa d/use the software, including virus and malware sc ans prior to install ation. | |
691 | VA Enterpr ise Cloud (VAEC) app roval to u se must be obtained, while ens uring Pers onally Ide ntifiable Informatio n (PII) an d VA sensi tive data are not co mpromised. | |
692 | VistA Appl ications a nd Kernel Services | |
693 | VistA CLAI MS System | |
694 | FBCS Admin | |
695 | CPRS | |
696 | RPC Broker | |
697 | ||
698 | Data Desig n | |
699 | WebVRAM pr ovides sup port for t ransaction al exchang e of VistA data, for viewing b y clerks, patient p roviders a nd clinici ans. Orche stration o f data pre sentation through si multaneous multiple VistA inst ances, sel ected and initiated by the end user is t he service that WebV RAM provid es. Due to the “view -only” nat ure of the data tran sacted, no data pati ent is per sisted or stored by the applic ation as p art of thi s service offering. | |
700 | The VistA CLAIMS Vis tA data an d files re trieved fo r WebVRAM use includ e: | |
701 | 200 – NEW PERSON | |
702 | 19 – OPTIO N | |
703 | 19.1 – SEC URITY KEY | |
704 | 396.8 – CA PRI PRIMAR Y MENU OPT IONS | |
705 | 396.97 – C APRI SITE LIST | |
706 | 100100.034 2 - VRAM A UTHORIZED SITES | |
707 | 100100.034 4 - VRAM F ORBIDDEN K EYS | |
708 | 100100.034 1 - VRAM P RIMARY MEN US | |
709 | 100100.034 5 - VRAM U SER | |
710 | 100100.034 3 - VRAM U SER SITES | |
711 | Once a Vis tA site is selected by the use r, the Web VRAM appli cation est ablishes c onnection with the t arget Vist A system a nd creates or synchr onizes the existing record wit hin File 2 00 pertain ing to the visiting user modif ying the f ollowing f ields, whi ch include s assignme nt of CPRS basic COR tabs if a ppropriate : | |
712 | PRIMARY ME NU OPTION | |
713 | SECONDARY MENU OPTIO NS | |
714 | KEY | |
715 | DATE VERIF Y CODE LAS T CHANGED | |
716 | MULTIPLE S IGN-ON | |
717 | AUTO SIGN- ON | |
718 | DISUER | |
719 | ELECTRONIC SIGNATURE CODE | |
720 | SIGNATURE BLOCK TITL E | |
721 | SIGNATURE BLOCK PRIN TED NAME | |
722 | TERMINATIO N DATE | |
723 | ||
724 | The operat ion above is perform ed when th e WebVRAM applicatio n encounte rs the Web VRAM AV PU SH securit y key. Thi s key has been estab lished to delineate when accou nt synchro nization i s to occur with the target Rem ote VistA system. Th e key has been estab lished on the VistA CLAIMS ser ver and di rectly ass ociated wi th User Ac cess Profi le. The We bVRAM appl ication ch ecks the u ser accoun t for the security k ey. If ass igned WebV RAM passes the users Access an d Verify c odes from the VistA CLAIMS NEW PERSON FI LE to the remote sit e NEW PERS ON FILE. T his will a llow the u ser to aut henticate directly i nto the re mote site and facili tate the u se of Vist A GUI Appl ications t hat cannot be automa ted or emu lated thro ugh WebVRA M. | |
725 | ||
726 | File and G lobal Modi fications | |
727 | The table below desc ribes File Man file e dits (File 200) and direct glo bal (VA 20 0) edits p erformed b y the WebV RAM client on visite d systems as part of the synch ronization process. | |
728 | ||
729 | Field Numb er-Name | |
730 | Method | |
731 | Source | |
732 | Action | |
733 | 201-PRIMAR Y MENU OPT ION | |
734 | FileMan | |
735 | CLAIMS Ser ver | |
736 | Push value to visite d site | |
737 | 203-SECOND ARY MENUS OPTIONS | |
738 | FileMan | |
739 | CLAIMS Ser ver | |
740 | Push value to visite d site | |
741 | 51-KEYS | |
742 | FileMan | |
743 | CLAIMS Ser ver | |
744 | Push value to visite d site | |
745 | 101.13-CPR S TAB | |
746 | FileMan | |
747 | CLAIMS Ser ver | |
748 | Push value to visite d site | |
749 | 20.2-SIGNA TURE BLOCK TITLE | |
750 | FileMan | |
751 | CLAIMS Ser ver | |
752 | Push value to visite d site | |
753 | 20.3-SIGNA TURE BLOCK PRINTED N AME | |
754 | FileMan | |
755 | CLAIMS Ser ver | |
756 | Push value to visite d site | |
757 | 20.4-ELECT RONIC SIGN ATURE CODE | |
758 | FileMan | |
759 | CLAIMS Ser ver | |
760 | Push value to visite d site | |
761 | 200.04-MUL TIPLE SIGN -ON | |
762 | FileMan | |
763 | CLAIMS Ser ver | |
764 | Push value to visite d site | |
765 | 200.18-AUT O SIGN-ON | |
766 | FileMan | |
767 | CLAIMS Ser ver | |
768 | Push value to visite d site | |
769 | 7-DISUSER | |
770 | FileMan | |
771 | N/A | |
772 | Delete at visited si te | |
773 | 9.2-TERMIN ATION DATE | |
774 | FileMan | |
775 | CLAIMS Ser ver | |
776 | Push value to visite d site | |
777 | 2-ACCESS C ODE | |
778 | Direct Glo bal | |
779 | CLAIMS Ser ver | |
780 | Push value to visite d site | |
781 | 11-VERIFY CODE | |
782 | Direct Glo bal | |
783 | CLAIMS Ser ver | |
784 | Push value to visite d site | |
785 | ||
786 | ||
787 | Detailed D esign | |
788 | This secti on describ es the pro posed desi gn in deta il. Update s will be made as ne cessary. W ebVRAM is a web-base d applicat ion hosted in the cl oud. | |
789 | Hardware D etailed De sign | |
790 | WebVRAM wi ll be host ed in the Azure Gov Cloud envi ronment wi thin defin ed zones o f developm ent and op eration. F igure 5 pr ovides a n otional vi ew of hard ware desig n. | |
791 | ||
792 | Figure 5: WebVRAM Ph ysical Inf rastructur e | |
793 | ||
794 | ||
795 | Software D etailed De sign | |
796 | Communicat ions Detai led Design | |
797 | This secti on is curr ently unde r developm ent in dis cussions w ith the VA EC and wil l provide details ab out the co mmunicatio n requirem ents to bu ild and/or procure t he communi cations co mponents f or the sys tem. It wi ll include the follo wing infor mation in the detail ed designs (as appro priate): | |
798 | Details of servers a nd clients to be inc luded on e ach area n etwork. | |
799 | Specificat ions for b us timing requiremen ts and bus control. | |
800 | Format(s) for data b eing excha nged betwe en compone nts. | |
801 | Diagrams s howing con nectivity between co mponents, data flow (if applic able), and distances between c omponents. | |
802 | Local Area Network ( LAN) topol ogy. | |
803 | External S ystem Inte rface Desi gn | |
804 | WebVRAM wi ll interfa ce with th e VistA CL AIMS Syste m and Vist A Systems as describ ed previou sly. Requi red Integr ation Agre ements (IA s) and Mem orandums o f Understa nding (MOU s) will be establish ed for the WebVRAM a pplication connectio ns to thes e services and syste ms, as det ermined by the Syste m Owners a nd Project Managers for each s ystem. RPC Broker co nnections will be ut ilized for each inte rface conn ection. | |
805 | Human-Mach ine Interf ace | |
806 | Requiremen ts | |
807 | The requir ements for the WebVR AM GUI app ly to the following user stand ards: | |
808 | Ease of Us e | |
809 | Consistenc y | |
810 | Invocation Feedback | |
811 | Aesthetics | |
812 | Keyboard I nputs (Key board, Mou se) | |
813 | GUI Output s (Data Di splay, Que ry Results ) | |
814 | ||
815 | Navigation Hierarchy | |
816 | As depicte d in Figur e 6, WebVR AM navigat ion hierar chy provid es a pathw ay for vie wing patie nt data at multiple VistA inst ances to s upport reg ional and hub user n eeds. | |
817 | ||
818 | Figure 6: Navigation Hierarchy | |
819 | ||
820 | Security a nd Privacy | |
821 | Security | |
822 | When compl eted as pa rt of the ATO proces s, the Web VRAM A&A d ocuments c an be foun d at RiskV ision usin g GRC tool . | |
823 | https:// URL /spc/index .jsp | |
824 | Privacy | |
825 | The WebVRA M Privacy Impact Ass essment (P IA) docume ntation wi ll be comp leted as p art of the ATO proce ss and can be found at RiskVis ion using GRC tool. | |
826 | https:// URL /spc/index .jsp | |
827 | ||
828 | Attachment A – Appro val Signat ures | |
829 | This secti on is used to docume nt the app roval of t he System Design Doc ument. The review sh ould be co nducted fa ce to face where sig natures ca n be obtai ned ‘live’ during th e review. If unable to conduct a face-to -face meet ing then i t should b e held via LiveMeeti ng and con currence c aptured du ring the m eeting. Th e Scribe s hould add /es/name b y each pos ition cite d. Example provided below. | |
830 | The Chair of the gov erning Int egrated Pr oject Team (IPT), Bu siness Spo nsor, IT P rogram Man ager, and Project Ma nager are required t o sign. | |
831 | ||
832 | __________ __________ __________ __________ __________ __________ __________ ________ | |
833 | Signed:Dat e: | |
834 | Curtis Cla y, OIT Pro ject Manag er | |
835 | ||
836 | ||
837 | __________ __________ __________ __________ __________ __________ __________ ________ | |
838 | Signed:Dat e: | |
839 | Kevin Galp in, M.D., Business S ponsor | |
840 | ||
841 | ||
842 | __________ __________ __________ __________ __________ __________ __________ ________ | |
843 | Signed:Dat e: | |
844 | Scott Mads en, OIT Pr ogram Mana ger | |
845 | ||
846 | Appendix | |
847 | Requiremen ts Traceab ility Matr ix (RTM) | |
848 | The RTM is produced as a Trace ability Re port from Rational f or each re lease vers ion prior to Release Agent rev iew. | |
849 | Packaging and Instal lation | |
850 | There are no special considera tions for software p ackaging a nd install ation. The web appli cation pac kage once promoted t o the PROD environme nt is live for user access acr oss the en terprise. | |
851 | Design Met rics | |
852 | The design activity will maint ain compli ance with IT Infrast ructure St andards an d complian ce with En terprise S ystem Engi neering, A ssessment & Authoriz ation and other VA s ecurity st andards. | |
853 | Glossary o f Terms an d Abbrevia tions | |
854 | ||
855 | Term | |
856 | Meaning | |
857 | App | |
858 | Applicatio n | |
859 | VistA CLAI MS System | |
860 | The VistA Instance m anaged by the VHA OH I, OIA, He alth Infor mation Acc ess that s upports ot her nation al-level a ccess syst ems such a s CAPRI an d VistAWeb ; hosted b y OIT at t he Falling Waters, V A data cen ter. | |
861 | VIP | |
862 | Veteran-Fo cused Inte gration Pr ocess | |
863 | VA System Identifier (VASI) | |
864 | Link to We bVRAM VASI | |
865 | Required T echnical D ocuments | |
866 | Upon compl etion, the following documents will be u ploaded to the WebVR AM Rationa l reposito ry to supp ort proper approval: | |
867 | Version De scription Document ( VDD) | |
868 | Production Operation s Manual w ith RACI | |
869 | Deployment and Insta llation, B ack-out, a nd Rollbac k Plan | |
870 | User Guide | |
871 | Authority to Operate (ATO) and associate d document ation | |
872 | Section 50 8 Validati on Status | |
873 | Interconne ction Secu rity Agree ment/Memor andum of U nderstandi ng (ISA/MO U) |
Araxis Merge (but not the data content of this report) is Copyright © 1993-2016 Araxis Ltd (www.araxis.com). All rights reserved.