Sections in This Article
About Custom AS2 Connections
Note Vault Safety AS2 Connections are replacing Vault Safety Gateways. AS2 Connections provide significant technical improvements including Admin management of Internet Protocol (IP) lists, more concise outbound IP lists, and improved Certificate Management. Though Gateways are still supported, we recommend replacing any Custom AS2 Gateways in your Vault with an equivalent Custom AS2 Connection. See Replace a Gateway Connection with an AS2 Connection for instructions on how to do this.
To configure Vault Safety to communicate with another organization through an AS2 Connection, you must set up a Transmission Profile and an AS2 Connection. Create a Transmission Profile and AS2 Connection for each organization that you want to exchange information with. You need only one (1) profile and connection per trading partner, which includes both sending and receiving transmissions.
Vault Safety supports both synchronous and asynchronous AS2 interchange. Set up your AS2 Connection to match the external gateway with which you want to communicate.
Note If you are configuring a CRO Vault, which multiple sponsor organizations can access, consider setting up multiple AS2 Connections for sponsor Transmissions to a common destination. A unique AS2 Connection for each sponsor enforces organization-specific Transmission security.
Prerequisites
Your environment must meet the following requirements before you set up an AS2 Connection:
- You must contact Veeva Support to enable configurable AS2 Gateways in your Vault.
- You must have your own public and private certificate pair set up for communication with the destination gateway.
- You must have the public certificate and URL for the destination gateway.
-
You must configure contact details for the Sender User.
Typically, the Sender User is the Head of Safety for the organization sending a transmission. Manage Users provides more information on setting up user contact details.
Create an AS2 Transmission Profile
You must first create a Transmission Profile of the type AS2 Gateway. Manage Transmission Profiles provides instructions on setting up Transmission Profiles.
Configure a Vault Safety AS2 Connection
- Go to Admin > Connections, then select Create.
- For the Connection Type, select AS2, then select Continue.
- Complete the AS2 Connection Fields.
- Select Save.
AS2 Connection Fields
Fields marked with a (*) are required.
| Field | Description |
|---|---|
| Name* |
Enter a name for the AS2 Connection. This name must be unique in your Vault. |
| API Name* |
Enter an API Name for the AS2 Connection. This name must be unique in your Vault. |
| Description | Enter a description for the AS2 Connection. |
| Contact Email* | Enter the Sender’s Email |
| AS2 Additional ACK Stages |
Select from the following options:
|
| AS2 Compress Before Sign |
Select Yes if the system should compress messages before applying the Signing Algorithm.
Select No if the system should compress messages after applying the Signing Algorithm. |
| AS2 Encryption |
Select the algorithm the system uses to encrypt outbound AS2 messages and decrypt inbound messages. The system supports the following algorithms:
|
| AS2 MDN Setting | Select whether the Message Delivery Notification (MDN) can be exchanged synchronously (Sync) or asynchronously (Async). |
| AS2 Partner Certificate Expiry | The system automatically populates this field when an Admin uploads the Partner Certificate. |
| AS2 Partner ID | Enter the Partner ID. |
| AS2 Partner URL | Enter the Partner URL. |
| AS2 Signature |
Select the method the system uses to sign outbound AS2 messages. The system supports the following signing methods:
|
| AS2 Vault Certificate Expiry | The system automatically populates this field when an Admin uploads the Sponsor Certificate. |
| AS2 Vault Gateway State |
The system populates this field with the current state of the AS2 Vault Gateway.
|
| AS2 Vault ID | Enter the AS2 ID of your Vault. |
| AS2 Vault URL |
Enter the AS2 URL of your Vault in the following format, replacing <DOMAIN> with your unique domain name (for example, https://<DOMAIN>.gateway.veevavaultsafety.com:4080 Note When setting up your AS2 account with the recipient Agency or Partner, use the AS2 Vault URL you entered in this field, appended with the API path |
Upload the Partner and Sponsor Certificates
Vault Safety uses the Partner and Sponsor certificates to communicate securely with the Partner.
- Partner certificate: You will have received the Partner certificate as part of creating your account with the Partner.
- If you need help generating a Sponsor certificate, contact Veeva Managed Services.
Upload Partner Certificate
- From the All Actions menu, select Upload Partner Certificate.
- Select Choose, then select the Partner’s Public Certificate.
Accepted formats: PKCS7 (.p7bor.p7c), DER (.ceror.der) and PEM (.cer,.crt, or.pem)
Note: Vault checks the expiry date of the certificate. If the certificate is no longer valid, you cannot save the record. - Select Continue.
Upload Sponsor Certificate
- From the All Actions menu, select Upload Sponsor Certificate.
- Select Choose, then select the Sponsor’s Public Certificate.
Accepted formats: PKCS12 (.pfxor.p12)
Note: Vault will check the expiry date of the certificate. If the certificate is no longer valid, you cannot save the record. - Select Continue.
Add Allowed Connections
Specify one (1) or more Allowed Connections for the AS2 Connection. These are Internet Protocol (IP) addresses that the system will allow to connect with this AS2 Connection. Perform the following steps for each Allowed Connection you want to add to the AS2 Connection.
- Go to the Connection Allowed Lists section, then select Create.
- Enter the Name, (optional) Description, and IP address of the Allowed Connection.
Ensure the format of the IP address isXX.XX.XX.XXorXX.XX.XX.XX/{subnet mask}where the{subnet mask}is a number between 24 and 32. - Repeat steps 1 and 2 for each Allowed Connection.
- When you have added all the Allowed Connections, select Save.
Note By default, Vaults are limited to 512 Allowed Connections. If your organization requires more, contact Veeva Managed Services.
Synchronize the Connection
Once you have entered all the details of the AS2 Connection, the Connection must be synchronized with the Gateway.
From the All Actions menu, select Sync Connection to Gateway.
When the system successfully completes this action, the Connection’s AS2 Vault Gateway State changes to Registered and the system can send and receive messages using this Connection.
Note If the Sync Connection to Gateway action is not successful, ensure the value of each of the AS2 Connection fields is correct before retrying the action again. If the issue perists, contact Veeva Managed Services.
If you make any changes to the Connection object or its Connection Allowed List, the AS2 Vault Gateway State changes to Registered - Out of Sync. The system cannot send or receive any messages using this Connection while it is in the Out of Sync state. You will need to repeat the All Actions > Sync to Gateway action to restore the Connection to the Registered state.
Result
The AS2 Connection is active and available to use to exchange data with external organizations.
Note For partner gateways that transmit MDNs asynchronously, the partner gateway should send the MDN to the URL included in the header of the Vault Safety Transmission.
Configure Transmission Lifecycles and Workflows
We recommend that you configure Transmission lifecycles and workflows to align with your organization’s standard operating procedures. The following items are best practices and recommendations:
- Configure a Case Transmission Error workflow to handle transmission errors.
- Configure a workflow to prevent a Transmission record from entering a Ready for Submission state until a Transmission Profile is specified.
About Object Lifecycles and About Object Workflows provide more information about configuring lifecycles and workflows.
