Skip to content
pankaj-cgi edited this page May 24, 2022 · 3 revisions

MOH HNS ESB (HNSecure)

Overview

Health Net Secure (HNS) is designed to provide a secure method for accessing the Ministry of Health's HL7v2 messaging services. It consists of 2 major components, a client and an ESB server.

HNS-Client

The HNS-Client is an optional component, it replaces the old HNClient and is intended to be a stop-gap solution for transitioning existing client applications to the new HNS-ESB without any modification to the client application. HNS-Client runs in the background on a clients server, and will allow client applications to send messages to it via the same connection protocol as the old HNClient (HL7XFER). The modern client incorporates a number of improvements including modern encryption protocols, and improves on a number of “pain points” experienced by current users of the HNClient such as encryption key management.

HNS-ESB

The HNS-ESB exposes Ministry of Health HL7v2 services via an API Gateway. It is used to audit, and securely route any type of HL7v2 messages to their appropriate message service provider, such as RAPID or Pharmanet. This application acts as a single point of access for the HNClient-v2 application and it is not backwards compatible with the old HNClient.

The application performs an authorization check against the JWT that must be passed in the Authorization header and also does light message validation before routing the message to a final destination.

hnclientv2

High-Level Architecture

The following diagram shows a conceptual view of the new HNS architecture, and which components will be modified as part of the HNI Modernization project. image2021-2-26_13-0-27

Technology Overview

Component Technology Additional Notes
API Application Framework Spring Boot JDK 11
HL7v2 Messaging Framework HAPI  
Code Repository GitHub https://github.com/bcgov/moh-hni-esbhttps://github.com/bcgov/moh-hnclient-v2
Container Environment Platform OpenShift Container Platform (OCP)  
Database PostgreSQL Uses Patroni Clustering for HA. https://developer.gov.bc.ca/Patroni-Cluster-Setup-in-Openshift-4
Dependency Manager Maven For API
Container Platform Docker  
Pipeline Orchestration Github Actions & Argo CD https://github.com/bcgov/moh-hni-esb/actions & https://argocd-shared.apps.silver.devops.gov.bc.ca/applications/
Manifest repository Github https://github.com/bcgov-c/tenant-gitops-c5839f
Auth Provider Keycloak MoH Keycloak
Secure Key/Password Storage SVN https://subversion.hlth.gov.bc.ca/svn/HNSecure/branches/HNIModernization. We will move to Vault for secret management: https://developer.gov.bc.ca/BC-Government-Vault-Secrets-Management
API Gateway KONG CE https://developer.gov.bc.ca/API-Gateway-(powered-by-Kong-CE)