Difference between revisions of "Astronaut CPRS client package"
Perspectoff (talk | contribs) (→Using Astronaut with OpenVistA-CIS) |
Perspectoff (talk | contribs) (→Securing the SSH conection) |
||
Line 56: | Line 56: | ||
* See [[Changing the Astronaut SSH password|Changing the Astronaut SSH password]] for a quick way to secure the SSH connection (by changing the default password). | * See [[Changing the Astronaut SSH password|Changing the Astronaut SSH password]] for a quick way to secure the SSH connection (by changing the default password). | ||
− | * Read [http://ubuntuguide.org/wiki/Ubuntu:All#SSH Ubuntu SSH] basics for information about SSH and [http://ubuntuguide.org/wiki/Ubuntu:All#Setup_an_SSH_server generating/using an SSH keypair] | + | === Use an SSH keypair instead of password authentication === |
− | + | * Read [http://unixwiz.net/techtips/putty-openssh.html this turotial] on using a keypair between PuTTY and OpenSSH. | |
+ | * Read [http://ubuntuguide.org/wiki/Ubuntu:All#SSH Ubuntu SSH] basics for information about SSH and [http://ubuntuguide.org/wiki/Ubuntu:All#Setup_an_SSH_server generating/using an SSH keypair]. | ||
+ | * | ||
=== Changing the SSH port === | === Changing the SSH port === | ||
This is an optional step for more security and for networks where there are multiple servers on the network using SSH connections. (In some networking configurations it is difficult for a router to know to which SSH server it should forward port 22 traffic). This method involves changing the port for the SSH (tunnel) traffic. | This is an optional step for more security and for networks where there are multiple servers on the network using SSH connections. (In some networking configurations it is difficult for a router to know to which SSH server it should forward port 22 traffic). This method involves changing the port for the SSH (tunnel) traffic. |
Revision as of 21:25, 2 March 2010
TMG-CPRS client, like the original CPRS client, is designed to run in a Windows environment. The Astronaut client package, then, is best installed on a Windows-based computer (or in a virtual machine running a Windows OS). The clients are meant to connect to a VistA server through a networking paradigm.
Make sure you have a VistA server installed separately (on a physical server or in a virtual machine) to which the CPRS (and other) clients can connect.
Astronaut clients can work with either the Astronaut WorldVistA server or the Astronaut OpenVistA server. (The only exception is the OpenVista-CIS Stub, which starts the OpenVista-CIS client for use with the Astronaut OpenVistA server only.)
Contents
Installation
- Download the Astronaut CPRS client onto your Windows machine and install it. During installation, enter the IP address (or hostname URL) and port (9260 by default) of the server you installed in the preceding steps.
- The SSH tunneling utility PuTTY is installed with the CPRS client. It will start automatically on the first run. Do not close PuTTY; merely minimize it (to the desktop taskbar).
- Start the CPRS client:
- Windows menu -> All Programs -> Astronaut -> TMG-CPRS
- Use the default login intially:
Access Code: sys.admin Verify Code: vista!123
You can watch a YouTube video of TMG-CPRS here.
When done with your CPRS session, you can close the PuTTY SSH tunnel. Subsequently, however, you must restart the PuTTY SSH tunnel (and then minimize it) prior to making a new CPRS (or other) connection:
- Windows menu -> All Programs -> Astronaut -> Astronaut SSH
You can then restart CPRS again:
- Windows menu -> All Programs -> Astronaut -> TMG-CPRS
Changing Astronaut client settings
There are several settings in the Astronaut Client package that can be changed.
Changing environment variables
The Astronaut Client installer sets several Windows environment variables. These are used by the PuTTY SSH client, for example, to establish a secure SSH tunnel to the server. These environment variables must be changed from time to time, in case your network or other installation parameters change.
To access the environment variables, follow these steps.
Windows 7
See this tutorial for step-by-step instructions on editing the environment variables in Windows 7. In short,
- Start Menu -> Control Panel -> Settings -> Advanced system settings -> Advanced -> Environment variables
There is also an Astronaut utility that brings up the environment variables:
- Start Menu -> Programs -> Astronaut -> Sessions -> Client Variables -> Environment Variables
A list of the environment variables is displayed, each of which can be changed. For example, if the IP address of the VistA server has changed, you can change the ASTRO_SSH_HOST environment variable that the PuTTY SSH client uses to connect to it. Example:
- -> ASTRO_SSH_HOST -> Edit -> Variable Value: 192.168.56.101
- Note: in this example I am changing the IP address to that of an Astronaut VistA server which I installed within a Virtualbox virtual machine on my computer. (I also have a standalone VistA server on my network, so I change this variable frequently, depending on the IP address or URL of the VistA server I am using at the time.) Obviously, use the IP address (which is displayed at the conclusion of the Astronaut VistA server installation process) or URL of your own server installation.
Securing your installation
Securing the SSH conection
The PuTTY SSH connection is the entry point to your server. You ought to make this connection secure. Read OpenSSH security for more suggestions.
- Change the %ASTRO_SSH_CLIENT_PASS% (either the environment variable or explicitly in the Astronaut SSH shortcuts) to something other than not#1sostrong. This must then also be changed at the VistA server.
- You can also change the %ASTRO_SSH_clientID% and %ASTRO_PORT% for extra security, but this is an exercise beyond this guide.
Changing the SSH password on the server
- See Changing the Astronaut SSH password for a quick way to secure the SSH connection (by changing the default password).
Use an SSH keypair instead of password authentication
- Read this turotial on using a keypair between PuTTY and OpenSSH.
- Read Ubuntu SSH basics for information about SSH and generating/using an SSH keypair.
Changing the SSH port
This is an optional step for more security and for networks where there are multiple servers on the network using SSH connections. (In some networking configurations it is difficult for a router to know to which SSH server it should forward port 22 traffic). This method involves changing the port for the SSH (tunnel) traffic.
Securing your administrator password
- You should immediately change the administrator (sys.admin) password (i.e. Verify Code) from the installation default (vista!123), otherwise anyone reading these instructions would know the password of your installation. Duh. You can change this by a variety of methods.
- Login to the VistA server (in Linux) directly. You will be prompted to change the password the first time. If not, use the command:
sudo passwd sys.admin
- Login to TMG-CPRS or VistAConfig. The option to change the password at login appears:
- Change Verify Code: (ticked)
- In reality, you should change all the passwords of the sample users with which Astronaut VistA comes pre-populated, but since these passwords aren't displayed or published (in general), this is not as high a risk nor as immediate a priority.
Installing in a protected environment
You may wish to install the Astronaut client package on a Windows computer whose access is restricted to certain administrators. The method involves installing Astronaut to the
C:\Documents and Settings\All Users\Application Data\VistA
folder on your Windows machine. This folder is generally not protected (or restricted to administrators) and can then be accessed by all users.
Environment variables may not be able to be changed on the computer by anyone other than an administrator. When installing without administrator privileges, the startup shortcuts must be changed so that environment variables are not used.
Change Astronaut SSH shortcut
The "Astronaut SSH" shortcut that is used to invoke the PuTTY SSH client uses a command line:
"C:\Program Files\VistA\Putty\putty.exe" -ssh -l %ASTRO_SSH_clientID% -pw %ASTRO_SSH_CLIENT_PASS% -L %ASTRO_PORT%:127.0.0.1:%ASTRO_PORT% %ASTRO_SSH_HOST%
The individual environment variables must be specified if you do not have privileges to specify environment variables. For example:
- %ASTRO_SSH_clientID% -> client9260 (this is the default value)
- %ASTRO_SSH_CLIENT_PASS% -> not#1sostrong (this is the default value)
- %ASTRO_PORT% -> 9260
- %ASTRO_SSH_HOST% -> 192.168.56.101 (use the IP address or URL of the installed VistA server)
The revised Astronaut SSH shortcut would therefore be:
"C:\Program Files\VistA\Putty\putty.exe" -ssh -l client9260 -pw not#1sostrong -L 9260:127.0.0.1:9260 192.168.56.101
Change TMG-CPRS shortcut
The "TMG-CPRS" shortcut that is used to invoke the CPRS client uses a command line:
"C:\Program Files\VistA\tmg-cprs\CPRSChart.exe" S=%ASTRO_LOCAL_HOST% P=9260 CCOW=DISABLE SPOOF-VER=%ASTRO_CPRS_SPOOF%
The individual environment variables must be specified if you do not have privileges to specify environment variables. For example:
- %ASTRO_LOCAL_HOST% -> 127.0.0.1
- %ASTRO_CPRS_SPOOF% -> 1.0.26.66 (this is the default)
The revised TMG-CPRS shortcut would therefore be:
"C:\Program Files\VistA\tmg-cprs\CPRSChart.exe" S=127.0.0.1 P=9260 CCOW=DISABLE SPOOF-VER=1.0.26.66
Change Text client shortcut
The "Text client" shortcut that is used to invoke the Text client uses a command line:
"C:\Program Files\VistA\Putty\putty.exe" -P 22 %ASTRO_SSH_HOST% -l %ASTRO_textID% -pw %ASTRO_TEXT_PASS%
The individual environment variables must be specified if you do not have privileges to specify environment variables. For example:
- %ASTRO_textID% -> text9260 (this is the default value)
- %ASTRO_TEXT_PASS% -> not#1sostrong (this is the default value)
- %ASTRO_SSH_HOST% -> 192.168.56.101 (use the IP address or URL of the installed VistA server)
The revised Text client shortcut would therefore be:
"C:\Program Files\VistA\Putty\putty.exe" -P 22 192.168.56.101 -l text9260 -pw not#1sostrong
Change VistA Config shortcut
The "VistA Config" shortcut that is used to invoke the VistA user configuration utility uses a command line:
"C:\Program Files\VistA\GUI_Config\GUI_Config.exe" S=%ASTRO_LOCAL_HOST% P=%ASTRO_PORT% CCOW=DISABLE
The individual environment variables must be specified if you do not have privileges to specify environment variables. For example:
- %ASTRO_LOCAL_HOST% -> 127.0.0.1
- %ASTRO_PORT% -> 9260
The revised VistA Config shortcut would therefore be:
"C:\Program Files\VistA\GUI_Config\GUI_Config.exe" S=127.0.0.1 P=9260 CCOW=DISABLE
Change CPRS Query Tool shortcut
The "CPRS Query Tool" shortcut that is used to invoke the CPRS Query Tool uses a command line:
"C:\Program Files\VistA\CPRS_Query_Tool\CPRSQuery.exe" S=%ASTRO_LOCAL_HOST% P=%ASTRO_PORT% CCOW=DISABLE
The individual environment variables must be specified if you do not have privileges to specify environment variables. For example:
- %ASTRO_LOCAL_HOST% -> 127.0.0.1
- %ASTRO_PORT% -> 9260
The revised CPRS Query Tool shortcut would therefore be:
"C:\Program Files\VistA\CPRS_Query_Tool\CPRSQuery.exe" S=127.0.0.1 P=9260 CCOW=DISABLE
Change other client module shortcuts
Don't forget to change the shortcuts for the other modules in a similar fashion:
- Group Notes
- GUI Mail
- Shift Handoff Tool
- Admin
- Vitals
- Vitals Manager
Installing to a USB flashdrive
A USB flashdrive is meant to be moved from one computer to the next, so environment variables will not be constant.
Using Astronaut with OpenVistA-CIS
If you have installed the Medsphere OpenVista-CIS client (for Windows) for use with the Astronaut OpenVistA server, then the Astronaut CPRS client package (for Windows) provides a convenient shortcut to start the OpenVistA-CIS client.
- Astronaut -> OpenVistA CIS stub
For this to work, the PuTTY SSH connection to the server must already have been established (using the Astronaut SSH shortcut, as in the preceding sections).