# Configure RZN AS2 Connection Veeva Safety supports electronic reporting to the Federal Service on Surveillance in Healthcare and Social Development (RZN) Gateway through AS2 (system-to-system) communication. You must set up an _AS2 Connection_ and a corresponding _Transmission Profile_ for users to report cases to the RZN and receive gateway responses. ## Prerequisites In addition to enabling _AS2 Connections_, you must [activate the RZN _Agency_ as a Standard Organization][0]. ### Prerequisite: Activate RZN as a Standard Organization {#activate-rzn} The RZN is a standard _Agency_ provided with Safety. However, in certain Vaults, your Admin must activate the _Agency_ record. Complete the following steps if the RZN is inactive in your Vault: 1. Navigate to **Business Admin > Objects > Organizations**. 2. Open the **Federal Service on Surveillance in Healthcare and Social Development (Russia)** _Agency_ record. 3. From the **All Actions** menu, select **Change State to Active**.

Note: The Change State to Active user action appears only if configured by your Admin. Enable Regulatory Agencies as Standard Organizations provides instructions.

## Configure an RZN Account Before you can configure the Safety _AS2 Connection_, you must have an active RZN AS2 account. ### Public and Private Certificates As part of the RZN registration process, you must obtain a public and private certificate pair and send the public certificate to the RZN. Your Admin can create these certificates within Vault. ## Create an RZN Transmission Profile {#create-an-rzn-transmission-profile} You must create a _Transmission Profile_ of the type **AS2 Gateway** for the RZN. Manage Transmission Profiles provides instructions on setting up _Transmission Profiles_. ## Add a Safety Rule Set Safety comes preconfigured with the RZN as a standard _Organization_. To define _Case_ criteria for _Submissions_ to the RZN Gateway, add a _Safety Rule Set_ to the _Organization_ record by completing the following steps: 1. Navigate to **Business Admin > Objects > Organizations**. 2. On the **Organizations** page, select **Federal Service on Surveillance in Healthcare and Social Development (Russia)**. 3. On the **Federal Service on Surveillance in Healthcare and Social Development (Russia)** page, select **Edit**. 4. Under **Details**, in the **Submission Rules** field, select a standard _Safety Rule Set_ from the dropdown. 5. Select **Save**.

Note: Standard Reporting Rule Sets provides more information about the available Safety Rule Sets. If you require Safety Rule Sets beyond the standard ones supplied, your Admin can create and configure additional rule sets.

**Result** Vault can now auto-generate _Submission_ records for ICSR _Submissions_ to the RZN based on the _Safety Rule Set_ you selected. ## Configure a Safety AS2 Connection 1. Navigate to **Admin > Connections**, then select **Create**. 2. For the **Connection Type**, select **AS2**, then select **Continue**. 3. Complete the applicable fields. 4. Select **Save**. ### AS2 Connection Fields {#as2-connection-fields} With the exception of _Transfer Connection_ fields and fields populated by Vault, complete all fields in the following sections: * AS2 Details Fields * AS2 Partner Details Fields * AS2 Sponsor Details Fields #### AS2 Details Fields {#details-fields}

Field	Description
Name	Enter a name for the AS2 Connection. This name must be unique in your Vault.
API Name	Enter an API Name for the AS2 Connection. This name must be unique in your Vault.
Description	Enter a description for the AS2 Connection.
Contact Email	Enter the Sender's Email.
AS2 Vault Gateway State	Vault populates this field with the current state of the AS2 Vault Gateway, which consists of one (1) of the following options: Unregistered: The Sync to Gateway action has not yet been run for this AS2 Connection. Registered: The AS2 Connection is synchronized with the Gateway. Out of Sync: Changes have been made to the AS2 Connection or its Connection Allowed List since the last time the Sync to Gateway action was run. From the All Actions menu, select Sync To Gateway to resync the AS2 Connection with the Gateway.
AS2 Encryption	The algorithm Vault uses to encrypt outbound AS2 messages and decrypt inbound messages. Vault supports the following algorithms: Triple DES (3DES) AES-256-GCM AES-256-CBC For the RZN, select Triple DES (3DES).
AS2 MDN Setting	Whether the Message Delivery Notification (MDN) can be exchanged synchronously (Sync) or asynchronously (Async). For the RZN, select Async.
AS2 Signature	The method Vault uses to sign outbound AS2 messages. Vault supports the following signing methods: SHA-1 SHA-256 For the RZN, select SHA-1.
AS2 Additional ACK Stages	If required, select one (1) or more of the following options: HTTP Handshake: Used primarily for asynchronous requests. PRE-ACK: Used mainly for FDA VAERS, but can be used with synchronous or asynchronous requests. Note: We do not recommend using any additional ACK stages.
AS2 Partner Sends ACK on MDN URL	The default setting for this field is No, as Vault expects an AS2 partner to send the ACK using a different URL than that used to send the MDN. For the RZN, which does send the ACK using the same URL as the MDN, select Yes. For more information about AS2 gateway communications, see Send a Gateway Transmission.
AS2 Compression Settings	For the RZN, select Uncompressed.

#### AS2 Partner Details Fields {#partner-fields}

Field	Description
AS2 Partner ID	Enter one of the following RZN identification codes: For a production account, enter `AS2RZN` For a test account, enter `AS2RZN` Whether you are submitting Study or postmarket Cases, enter one (1) of these values. This value cannot include spaces. Instead, use a hyphen (`-`) or an underscore (`_`). You can specify the destination gateway endpoint in the Transmission Profile.
AS2 Partner URL	Enter one (1) of the following destination RZN Gateway URLs: For a production account, enter `http://as2.roszdravnadzor.ru/as2` For a test account, enter `http://test-as2.roszdravnadzor.ru:80/as2`
AS2 Partner Certificate Expiry	Vault populates this field when your Admin uploads the partner certificate.
AS2 Partner Certificate Serial Number	When you upload a new partner certificate for this connection, Vault sets this field to the Serial Number of the certificate in decimal format.

#### AS2 Sponsor Details Fields {#sponsor-fields}

Field	Description
AS2 Vault ID	Enter the sponsor ID registered with the RZN. This value is the same as the customer's Routing ID you provided when setting up your RZN account. This value cannot include spaces. Instead, use a hyphen (`-`) or an underscore (`_`).
AS2 Vault URL	Enter the AS2 URL of your Vault in the following format, replacing `<SponsorName><Partner><Environment>` with the corresponding values of your Vault: `https://<SponsorName><Partner><Environment>.gateway.veevavaultsafety.com:4080` The following example demonstrates how to form the AS2 Vault URL for a Vault with the following values: `<SponsorName>` = vern `<Partner>` = rzn `<Environment>` = validation AS2 Vault URL = `https://vernrznvalidation.gateway.veevavaultsafety.com:4080` Informing the Partner of your AS2 Vault URL When informing the partner of the URL they need to use for this AS2 Connection, use the value you entered in this field appended with `/api/v1/inbound/transmission` In the example shown above, this is `https://vernrznvalidation.gateway.veevavaultsafety.com:4080/api/v1/inbound/transmission`
AS2 Vault Certificate Expiry	Vault populates this field when your Admin uploads the sponsor certificate.
AS2 Vault Certificate Serial Number	When you upload a new sponsor certificate for this connection, Vault sets this field to the Serial Number of the certificate.
AS2 Vault Domain / IP Configuration	Select the method the partner uses to interface with the AS2 Connection. AS2 Vault URL: Domain Name (typical): A standard domain name that resolves to dynamic IP addresses. AS2 Vault URL: Domain Name bound to static IP addresses: A standard domain name that resolves to static IP addresses. AS2 Vault URL: IP URL (uncommon): A non-standard IP address domain name that resolves to an IP address. For the RZN, select AS2 Vault URL: Domain Name (typical).

#### Transfer Connection Fields {#transfer-fields} Leave the fields in this section blank. ### Upload the Partner and Sponsor Certificates {#upload-certificates} Safety uses partner and sponsor certificates to communicate securely with the partner. You will have received the partner certificate as part of creating your account with the partner. Complete the following steps to create and upload these certificates: * Upload the partner certificate for the connection. * Create a sponsor certificate for the connection. ### Add Connection Allowed IPs Specify one (1) or more Allowed Connections for the _AS2 Connection_. These are Internet Protocol (IP) addresses that Vault will allow to connect with this _AS2 Connection_. Perform the following steps for each Allowed Connection you want to add to the _AS2 Connection_: 1. Navigate to **Admin > Connections > [Connection] > Connection Allowed Lists**, then select **Create**. 2. On the **Create Connection Allowed List** window, complete the following information: * **Name**: Enter a name for the Allowed Connection. * (Optional) **Description**: Enter a description for the Allowed Connection. * **IP**: Enter the address of the Allowed Connection. \ Ensure the format of the **IP** address is `XX.XX.XX.XX` or `XX.XX.XX.XX/{subnet mask}` where the `{subnet mask} `is a number between 24 and 32. 3. Repeat the above steps for each Allowed Connection. 4. When you have added all the Allowed Connections, select **Save**.

Note: By default, Vaults are limited to 512 Allowed Connections. If your organization requires more, contact your Veeva Representative.

### Synchronize the Connection {#sync-as2-connection} Once you have entered all the details of the _AS2 Connection_, the Connection must be synchronized with the Gateway. From the **All Actions** menu, select **Sync Connection to Gateway**. When Vault successfully completes this action, the Connection's [AS2 Vault Gateway State](#as2-vault-gateway-state) changes to **Registered** and Vault can send and receive messages using this Connection.

Note: If the Sync Connection to Gateway action is not successful, ensure each field value on the AS2 Connection is correct before retrying the action again. If the issue persists, troubleshoot the connection.

If you make any changes to the **Connection** object or its Connection Allowed List, the **AS2 Vault Gateway State** changes to **Registered - Out of Sync**. Vault cannot send or receive any messages using this Connection while it is in the **Registered - Out of Sync** state. You will need to repeat the **All Actions > Sync to Gateway** action to restore the Connection to the **Registered** state. **Result** The RZN _AS2 Connection_ is active and available to use to submit case reports to the RZN. ## Configure Transmission Lifecycles and Workflows We recommend that you configure _Transmission_ lifecycles and workflows to align with your organization's standard operating procedures. The following items are best practices and recommendations: * Configure a _Case Transmission Error_ workflow to handle _Transmission_ errors. * Configure a workflow to prevent a _Transmission_ record from entering a _Ready for Submission_ state until a _Transmission Profile_ is specified. About Object Lifecycles and About Object Workflows provide more information about configuring lifecycles and workflows. [0]: #activate-rzn [1]: #create-an-rzn-transmission-profile