Subnets

Mirth® Connect by NextGen Healthcare Amazon Web Services (AWS) Preferred Deployment

Network Address Translation (NAT) Gateway

NAT Gateways can be public or private. In this case, you will need the NAT Gateway to provide outbound access to Mirth® Connect by NextGen Healthcare and the ECS cluster service. Because of this, the NAT gateway must be placed in a public subnet, configured for public connectivity, and allocated to an elastic IP. Parent topic: Networking

Mirth® Connect by NextGen Healthcare Amazon Web Services (AWS) Preferred Deployment

Example: ECS Fargate/EC2 Deployment

Here is one example of what a Mirth® Connect network might look like: VPC with CIDR 10.0.0.0/16 (65,536 IPs) Internet Gateway attached to the VPC Public Subnets Load Balancer Subnet 1 Availability zone: A CIDR block: 10.0.2.0/25 (123 IPs) Route table routes: 10.0.0.0/16 - local 0.0.0.0/0 - Internet gateway Load Balancer Subnet 2 Availability Zone - B CIDR block: 10.0.2.128/25 (123 IPs) Route table routes: 10.0.0.0/16 - local 0.0.0.0/0 - Internet gateway NAT Gateway Subnet CIDR block: 10.0.3.0/25 (123 IPs) Route table routes: 10.0.0.0/16 - local 0.0.0.0/0 - Internet gateway NAT Gateway Subnet: Nat Gateway Subnet Connectivity Type: Public Ip: Allocated Elastic IP Route Tables Public Route Table Route: 0.0.0.0/0 to internet gateway Nat Gateway Route Table Route: 0.0.0.0/0 to NAT gateway Private Subnets Connect Subnet 1 Availability zone: A CIDR block: 10.0.0.0/25 (123 IPs) Route table routes: 10.0.0.0/16 - local 0.0.0.0/0 - NAT gateway Connect Subnet 2 Availability zone: B CIDR block: 10.

Mirth® Connect by NextGen Healthcare Amazon Web Services (AWS) Preferred Deployment

Load Balancer

AWS has several load balancers available, but most Mirth® Connect by NextGen Healthcare users employ a Network Load Balancer since it operates at Open Systems Interconnection (OSI) layer 4, enabling it to route TCP traffic. The load balancer is used to send internet traffic to the Mirth® Connect by NextGen Healthcare cluster, therefore, it must be placed in one or more public subnets. The load balancer also needs a listener routing traffic to a target group for each port that is open to the internet. Parent topic: Networking

Mirth® Connect by NextGen Healthcare Amazon Web Services (AWS) Preferred Deployment

Internet Gateway

You will need an internet gateway attached to your Virtual Private Cloud (VPC) to allow your resources to be reached over the internet. Resources in a subnet with a route table containing an internet gateway become publicly accessible. Parent topic: Networking

Mirth® Connect by NextGen Healthcare Amazon Web Services (AWS) Preferred Deployment

Virtual Private Cloud (VPC)

We recommend putting the Mirth® Connect by NextGen Healthcare infrastructure in its own VPC to make for easy, logical separation of the infrastructure. If that isn't possible because you have reached the cap on your VPCs for your AWS account, you can request more from Amazon. If you cannot do that for any other reasons, be sure to follow the subnet recommendations. Parent topic: Networking

Mirth® Connect by NextGen Healthcare Amazon Web Services (AWS) Preferred Deployment

Networking

Provided in this section is a list of recommendations for creating security measures for your cloud resources. In general, all resources are not publicly accessible and any administration is done using a load balancer, routing traffic to one or more Mirth® Connect by NextGen Healthcare instances. Virtual Private Cloud (VPC) Subnets Load Balancer Internet Gateway Network Address Translation (NAT) Gateway Subnet Groups Security Groups Example: ECS Fargate/EC2 Deployment Opening More Ports

Subnets

Private

Public

Recommendations

Network Address Translation (NAT) Gateway

Example: ECS Fargate/EC2 Deployment

Load Balancer

Internet Gateway

Virtual Private Cloud (VPC)

Networking

Network Address Translation (NAT) Gateway

Example: ECS Fargate/EC2 Deployment

Load Balancer

Internet Gateway

Virtual Private Cloud (VPC)

Networking