Description of changes:
- The Hub PRODUCTION environment is transitioning from the legacy Entrust-based certificates to the new CA structure managed by DirectTrust. These certificates are used to establish secure connectivity to Participant gateways, and also to (optionally) re-sign message headers when required to facilitate interoperability
- The timeout settings are being updated to prevent situations where a message never times out, causing the failed message to take a significant amount of time to stop processing and throw an error.
Scope:
CERTIFICATE CHANGE
- On Thu 10/21 the change was deployed to ONE of the eHealth Exchange Hub server instances in the PRODUCTION environment. After the deployment eHx staff monitored closely to determine if any Participants are experiencing issues when initiating or responding to this one migrated instance.
- On Fri 10/22, eHx staff was alerted to a participant impacted by the 10/21 certificate change as the participant did not trust the new DirectTrust CA used by the Hub. To remedy the connectivity issue, the Hub certificate change was reverted on ONE of the eHealth Exchange Hub server instances so that inbound requests to the single Hub instance could connect using the Hub’s legacy Entrust certificate. Since this time, eHx staff has worked with the impacted participant to correct the CA trust issue in advance of the 10/28 Hub maintenance window.
- On Thu 10/28 the change will be deployed to ALL of the remaining eHealth Exchange Hub server instances in the PRODUCTION environment.
TIMEOUT UPDATE
- These changes will be applied to the eHealth Exchange Hub PRODUCTION environment as outlined above.
Impact:
*** You should have already added the DirectTrust trust bundles (namely the EMR Direct and MaxMD root and intermediary certificates) into your trust stores and related network appliances such as traffic shapers, load balancers, gateways, firewalls, routers, etc. If you do not yet accept the new DirectTrust trust bundles in both your VALIDATION and PRODUCTION environments, then this Hub maintenance activity will be a breaking change.
We do not anticipate any other service interruptions during the maintenance event; Real-time routing of messages through the Hub will be unaffected.
Support:
eHealth Exchange staff will monitor administrator@ehealthexchange.org during the upgrade window to address any questions or concerns.
ADDITIONAL INFORMATION AND REMINDERS:
The eHealth Exchange Hub team has implemented a recurring weekly scheduled maintenance window each Thursday evening at 5:00pm ET for all non-urgent events. The duration of each maintenance event will be determined by the respective changes for each event, and details will be communicated out to all Participants at least 48 hours prior to the event. If there are no changes for any given week then the maintenance event will not occur and no notice will be sent. Also please note that Operating System and similar updates that do not require a service outage, and do not require changes to the application layer, will be performed during this scheduled maintenance window without specific notice due to their frequent and routine nature.
