Mirth Newsletter

Security and Availability

Security
The healthcare industry takes issues of security and privacy very seriously. Whether talking about HIPAA, SOX, FIPS, or CMS requirements, health IT professionals must consider security at every turn. Mirth has designed their Appliances with security in mind, so you will have that much less to worry about.

Starting with a hardened OS configuration, selected value-added services are layered on top of the open-source Mirth software, following industry best practices for configuration and management. But we don’t stop with just a secure build. The selection of appliance features provide many more options for securing your message stream when compared to the standard open-source Mirth software. If you download Mirth yourself it does not have native support for encrypted connectors, but the total solution provided with Mirth Appliances provides three separate options for securing your channels: SFTP, SSL, and VPN.
SSL
The SSL tunneling service can be configured to add a secure sockets layer (SSL) to any listener-based Mirth channel. SSL is the industry standard for securing web-based traffic. Online retailers depend on it to protect credit card data as it traverses the Internet, and banks trust it to secure access to online banking and bill payment services. With Mirth Appliances, you can add SSL to outgoing connections, or receive connections from remote sources over SSL. The SSL service works in conjunction with HTML, SOAP, LLP, or TCP connectors to add a layer of security to your Mirth channels. For convenience, each Mirth appliance comes configured with a local certificate authority, giving you total control over how your system presents itself to the world. Additionally, you can upload SSL certificates from trusted third-part certificate authorities, such as VeriSign or GeoTrust.
SFTP
The SFTP service allows remote users to make secure connections to the appliance for data exchange. Based on the industry standard SSH protocol, SFTP provides a combination of username/password and certificate based authentication to ensure that only trusted users are connecting to your system. Once connected, all message traffic is protected with strong encryption and deposited into isolated file system “jails” unique to each user. Files deposited in the SFTP folders can be used to trigger Mirth channels with file system-based connectors.
VPN
If you need to create a connection to secure all traffic between two points, then the VPN service will make that job easy. The Mirth Appliance comes with a flexible virtual private network (VPN) service that allows you to create multiple secure connections directly to your appliance. The service is client-based, and works over most firewalls, even when NAT is enabled. When you create the user account, a unique digital certificate is created and securely delivered to the user along with platform-specific client software and easy to follow installation instructions. Of course, you can revoke the certificate and delete the user at any time. Once connected over the VPN, the remote user will be able to securely access any channel or service of the appliance. Use VPNs to encrypt all message traffic or even for secure remote management of the appliance or Mirth software.
Availability
Mirth doesn’t think that high-availability is just for the data center. All Mirth Appliances support fail-over clustering, even the entry-level Pico. Easily configure a two-node cluster and protect your critical systems from unexpected hardware or software failure. When clustering is enabled, all Mirth channels are synchronized from the primary to the standby node. Any time a change is made, the new channel is automatically copied and deployed to the backup appliance. If the primary node fails, no matter if it is a hardware problem, loss of connectivity, or non-responsive application; the standby node will become active within seconds.

Protect your critical message flow by getting a Mirth Appliance cluster. No additional software or license is needed, and no specific network hardware is required. Just get two matching appliances and you can have your high-availability cluster running within minutes.