Configuring the Edge Proxy Server

Vocera's Edge proxy server is the intermediate point between a user's Internet connected mobile device and the Vocera Platform server.

A proxy server is a dedicated machine that behaves as a secure intermediary between an endpoint and another server from which a user is requesting service. Edge facilitates secure messaging used in the Vocera Platform appliance by intercepting XMPP requests and then verifying their fulfillment. Edge communicates with a network switch to pass on XMPP requests to the Vocera Platform server.

Shown below is a diagram of how the Edge proxy server fits into a typical networking infrastructure model. The Edge server positions itself between networks in the demilitarized zone and securely facilitates external facing services of the Vocera Platform, such as XMPP requesting, to the Internet. The following explains how to access the Edge server configuration menu and how Edge should be configured into the Vocera Platform appliance.

Minimum Requirements

The Vocera Edge server requires the following components at the minimum in order to properly function inside the facility:

Multiple Edge proxy servers may be configured for a single facility. A multiple proxy environment enables a high level of availability for users accessing Vocera Vina from outside of the hospital network. Should a Vocera Vina XMPP client fail to connect to an Edge server while in a multiple proxy environment, another connection attempt will automatically be made to a different Edge server in the network until a successful connection is established. The facility's IT support must configure their own DNS entries for all Edge servers in deployment.

Vocera provides an 'administrator' account that is shared with the facility to allow access to the Edge appliance for future configuration updates since remote access is not available. After the initial 'administrator' log in, the default password (given by Vocera) must be changed and securely stored for future use, either by the facility's IT personnel in a safe location or by Vocera via Salesforce. The login using 'administrator' will directly launch the configuration menu; command line access will not be accessible from this account. The new Edge appliance password storage location is at the discretion of the Implementation Specialist. It is imperative that the default password is changed so that the network security Edge provides is not compromised. An internal administrative account is available for initial configuration and is never shared with the facility. This administrative account supersedes the facility-level 'administrator' account with unique privileges, including command line access.

To open the configuration menu, navigate to the Edge appliance within a VMware client or be physically present at the machine and log into the 'administrator' account. If the Vocera administrative account is being used, run 'sudo xmpp-proxy-setup' at the command line interface.

The configuration menu has five options that must be configured to work with the appliance: Network, XMPP, Route, NTP, and Timezone. On the keyboard, use the up/down arrow keys to navigate around the options and the left/right arrow keys to choose between Select and Exit, and the Enter key to select an available option.

Warning: The Edge appliance may not, under any circumstances, be accessed across the network for the purpose of maintenance. For security reasons, Edge may only be accessed directly via the console. The 'administrator' account must be used by the facility's IT personnel for configuration updates after the initial setup is completed.

Network

Select Networkto edit Edge's network configuration. This information establishes the identity of the Edge server within the network.

Enter the network information for the Edge server into the appropriate fields and select Submit when done.

Note: The Edge server uses Network Protocol Time which involves referencing a host name. A DNS server must be configured in order to properly resolve host names.

XMPP

Select XMPP to edit the IP address of the client server. This address allows the Edge server to communicate with the client network.

Enter the desired IP address in the available field. Select Submit when done.

Route

Select Route to configure the IP address if the facility uses a dual firewall connection. This enables communication with a network switch if one is in use.

Enter the desired IP address in the available field. Select Submit when done.

NTP

Select NTP to edit the Network Time Protocol (NTP) server addresses. The NTP ensures the server's timestamp remains calibrated within milliseconds within the Coordinated Universal Time (UTC).

Enter the desired NTP server(s) in the available fields. Select Submit when done.

Timezone

Select Timezoneto edit the Edge time zone configuration.

Select the time zone region where your facility resides. If your specific city is not in the available list, please select the nearest present city. Select Submit when done.