Enterprise Veteran Self-Service Portal Platform (EVSS)

EVSS is integrated with the http://va.gov platform API. Access is provided over mutual TLS authentication. A self signed root certificate managed by the http://vets.gov team is used to sign environment-specific client certificates for the development and staging environments. The production integration requires a VA trusted CA verification.

Integration Endpoints

All integration endpoints must be validated with tls 1.2 using the following ssl settings

{
  version: :TLSv1_2,
  verify: true,
  client_cert: OpenSSL::X509::Certificate.new File.read(ENV['EVSS_CERT_FILE_PATH']),
  client_key: OpenSSL::PKey::RSA.new File.read(ENV['EVSS_CERT_KEY_PATH']),
  ca_file: ENV['EVSS_ROOT_CERT_FILE_PATH']
}
CODE

GI Bill Status Service

  • Integration Type: REST

  • Endpoint: ${ENV[EVSS_BASE_URL]}/wss-education-services-web/rest/education/chapter33/v1

  • Error Indicator:

    • StatsD: api.external_http_request.EVSS/GiBillStatus

    • Prometheus:

    api_external_http_request{service:EVSS/GiBillStatus}
api_external_http_request_success_total{service:EVSS/GiBillStatus}
api_external_http_request_failure_total{service:EVSS/GiBillStatus}
    CODE

Disability Claim Service

  • Integration Type: REST

  • Endpoint: ${ENV[EVSS_BASE_URL]}/wss-claims-services-web-3.0/rest

  • Error Indicator:

    • StatsD: api.external_http_request.EVSS/Claims

    • Prometheus:

    api_external_http_request{service:EVSS/Claims}
api_external_http_request_success_total{service:EVSS/Claims}
api_external_http_request_failure_total{service:EVSS/Claims}
    CODE

Document Service

  • Integration Type: REST

  • Endpoint: ${ENV[EVSS_BASE_URL]}/wss-document-services-web-3.0/rest

  • Error Indicator:

    • StatsD: api.external_http_request.EVSS/Documents

    • Prometheus:

    api_external_http_request{service:EVSS/Documents}
api_external_http_request_success_total{service:EVSS/Documents}
api_external_http_request_failure_total{service:EVSS/Documents}
    CODE

Common Service

  • Integration Type: REST

  • Endpoint: ${ENV[EVSS_BASE_URL]}/wss-common-services-web-11.0/rest

  • Error Indicator:

    • StatsD: api.external_http_request.EVSS/Common

    • Prometheus:

    api_external_http_request{service:EVSS/Common}
api_external_http_request_success_total{service:EVSS/Common}
api_external_http_request_failure_total{service:EVSS/Common}
    CODE

Trust Chains

int.ebenefits.va.gov

 0 s:/C=US/ST=Texas/L=Austin/O=US Department of Veterans Affairs/OU=AITC/CN=int.ebenefits.va.gov/emailAddress=CDCOWebLogicAdministrators@va.gov
   i:/DC=gov/DC=va/CN=VA Internal Subordinate CA 1
 1 s:/DC=gov/DC=va/CN=VA Internal Subordinate CA 1
   i:/DC=gov/DC=va/CN=VA Internal Root CA
 2 s:/DC=gov/DC=va/CN=VA Internal Root CA
   i:/DC=gov/DC=va/CN=VA Internal Root CA
CODE

pint.ebenefits.va.gov

 0 s:/C=US/ST=Texas/L=Austin/O=U.S. Department of Veterans Affairs/OU=AITC/CN=pint.ebenefits.va.gov/emailAddress=cdcoweblogicadministrators@va.gov
   i:/DC=gov/DC=va/CN=VA Internal Subordinate CA 1
 1 s:/DC=gov/DC=va/CN=VA Internal Subordinate CA 1
   i:/DC=gov/DC=va/CN=VA Internal Root CA
 2 s:/DC=gov/DC=va/CN=VA Internal Root CA
   i:/DC=gov/DC=va/CN=VA Internal Root CA
CODE

www.ebenefits.va.gov

 0 s:/C=US/ST=Texas/L=Austin/O=U.S. Department of Veterans Affairs/OU=AITC/CN=www.ebenefits.va.gov/emailAddress=cdcoweblogicadministrators@va.gov
   i:/DC=gov/DC=va/CN=VA Internal Subordinate CA 1
 1 s:/DC=gov/DC=va/CN=VA Internal Subordinate CA 1
   i:/DC=gov/DC=va/CN=VA Internal Root CA
 2 s:/DC=gov/DC=va/CN=VA Internal Root CA
   i:/DC=gov/DC=va/CN=VA Internal Root CA
CODE

Client Certificate Verification

Per communication with Dharanendra Rai on 9/2017, EVSS does not examine the subject of the client certificate; it only verifies that the client certificate has a trusted VA Issuer.

Required Configuration

Requests to EVSS go through the forward proxy. Settings for each environment can be found in the devops repo.

Legacy Information (2017)

The following environmental parameter must be set to establish basic connectivity

  • EVSS_BASE_URL

This parameter is set via the ansible role vets-api-common.

The following environmental parameters must be set to establish the certificates

  • EVSS_CERT_FILE_PATH

  • EVSS_CERT_KEY_PATH

  • EVSS_ROOT_CERT_FILE_PATH

These parameters are set via the ansible role evss-config.

Outage Status and Maintenance Windows

Service Level Agreement

Escalation Procedure

Contacts

Role

Name

Email

Phone

Slack

ISO

Joseph Faccioli

joseph.facciolli@va.gov

215.842.2000x2012 - cell 215.983.5299

PO

Amy Howe

SO

Gerry Lowe

EVSS Contractor PM

Courtney Rive

courtney.rive@va.gov

504-259-5411

EVSS CA PM

Dale Beehler

Dale.Beehler@va.gov

Slack Channels

  • #evss-dev - for generic EVSS questions

  • #evss-prod - for questions relating to EVSS production

Contact History

Client certificate expiry 9/2017

Brett.Kippes2@va.gov -> Frederik.Durand@va.gov -> Dharanendra.Rai@va.govVimal.Mathew@va.gov Dharan was able to confirm production cert verification