Integration with Amazon Web Services
Slicebox supports storing of images on local filesystem or on Amazon Web Services (AWS) S3 with file system as default configuration:
-
dicom-storage.file-system.path
- directory for image storage -
dicom-storage.s3.bucket
- S3 bucket for images -
dicom-storage.s3.prefix
- prefix for S3 keys, objects on S3 will be stored under pathprefix/key
-
dicom-storage.config = ${slicebox.dicom-storage.file-system}
- use file system as storage
Slicebox S3 integration uses AWS Java SDK using TLS by default for storing of objects on S3 and enforces server side encryption on S3 (AES-256).
When running Slicebox on an AWS EC2 instance, it is recommended to use IAM roles to authorize access to the configured S3 bucket. On premises (local) Slicebox can only use S3 storage when valid AWS credentials are set - either as environment variables:
export AWS_ACCESS_KEY_ID=<your-aws-access-key-id>
export AWS_SECRET_KEY=<your-aws-secret-key>
or as Java system properties:
aws.accessKeyId=<your-aws-access-key-id>
aws.secretKey=<your-aws-secret-key>
Slicebox supports both H2 and MySQL as database engines. When running on an AWS EC2 instance it is recommended to use RDS MySql instead of the H2 DB, as any data on the ephemeral storage of an EC2 instance will be lost when it is terminated. Use slicebox.conf
to configure your database connection:, i.e. for MySQL
database.path = "jdbc:mysql://<your-rds-endpoint>:3306/<your-db-name>?sessionVariables=sql_mode='ANSI_QUOTES'"
database.user = "<your-db-user>"
database.password = "<your-db-password>"
When handling health information in the cloud, you always should use SSL/TLS encyrption for all connections. To enable SSL/TLS connection from Slicebox to an RDS MySQL DB do the following:
-
Read http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/UsingWithRDS.SSL.html
-
Download root certificate and required intermediate certificate for your AWS region (see link)
-
Import certificates with keytool to a truststore
keytool -import -alias rdsMysqlCARoot -file rds-ca-2015-root.pem -keystore sbox-truststore.jks keytool -import -alias rdsMysqlCAEuWest -file rds-ca-2015-eu-west-1.pem -keystore sbox-truststore.jks
-
Merge with
cacerts
found in thelib/security
folder of your Java installation, default password for cacerts ischangeit
keytool -importkeystore -srckeystore /usr/java/jre1.8.0_77/lib/security/cacerts -destkeystore sbox-truststore.jks -srcstorepass changeit -deststorepass mydestpassword
-
Add java options in sbt packaging
addJava "-Djavax.net.ssl.trustStore=/usr/share/slicebox/conf/sbox-truststore.jks" addJava "-Djavax.net.ssl.trustStorePassword=mydestpassword"
-
Add the following parameters to your JDBC URL
useSSL=true&verifyServerCertificate=true&requireSSL=true
, i.e.database.path = "jdbc:mysql://<your-rds-endpoint>:3306/<your-db-name>?useSSL=true&verifyServerCertificate=true&requireSSL=true&sessionVariables=sql_mode='ANSI_QUOTES'"
-
Repeat these steps when updating your java version on your server or when Amazon provides updated certificates for RDS
Slicebox is an open-source project under the Apache 2.0 license. It is an initiative of the NIMSA research group at the Sahlgrenska Academy Hospital in Gothenburg, Sweden.