Final report bme design ii a scientific framework for investigating redcap infrastructure and dependencies

In this context, Research Electronic Data Capture REDCap emerges as a transformative platform that addresses these challenges by providing researchers with a versatile, online environmen

HA NOI UNIVERSITY OF SCIENCE AND TECHNOLOGY SCHOOL OF ELECTRICAL & ELECTRONIC ENGINEERING

FINAL REPORT

BME DESIGN II

A Scientific Framework for Investigating REDCap Infrastructure and Dependencies

Nguyen Thanh Long 20224386 Advanced Biomedical

Engineering – K67 Tran Thi Thuc Giang 20224390 Advanced Biomedical

Engineering – K67 Tran Thu Giang 20224395 Advanced Biomedical

Engineering – K67

INSTRUCTOR Prof Vu Duy Hai

HANOI, 01/2025

1 Members information 2

2 Preface 4

3 Introduction 5

4 REDCap Infrastructure requirements and dependencies 6

4.1 REDCap Infrastructure: Best practices 6

4.2 General suggestion 7

4.3 Web server 7

4.4 Database server 8

4.5 PHP Build 8

4.6 REDCap Authentication 9

5 Recommended configuration 9

6 Conclusion and future prospects 12

7 References 13

1 Members information

Student 1: Nguyen Thanh Long

Student ID: 20224386

Class: Advanced Biomedical Engineering – K67

Email: long.nt224386@sis.hust.edu.vn

Cellphone: 0396656999

Avatar:

Student 2: Tran Thi Thuc Giang

Student ID: 20224390

Class: Advanced Biomedical Engineering – K67

Email: giang.ttt224390@sis.hust.edu.vn

Cellphone: 0789018161

Avatar:

Student 3: Tran Thu Giang

Student ID: 20224395

Class: Advanced Biomedical Engineering – K67

Email: giang.tt224395@sis.hust.edu.vn

Cellphone: 0978392698

Avatar:

The rapid advancements in medical research and technology have brought forth an era where data plays an increasingly critical role With the proliferation of clinical trials, longitudinal studies, and observational research, the need for efficient, secure, and user-friendly tools to manage research data has become paramount In this

context, Research Electronic Data Capture (REDCap) emerges as a transformative

platform that addresses these challenges by providing researchers with a versatile, online environment for data collection and management

This report aims to explore the functionality, infrastructure requirements, benefits

and impact of REDCap as a tool for medical research Developed by Vanderbilt University in 2004 and now adopted globally, REDCap is tailored to meet the

demands of the research community Its intuitive interface, secure infrastructure, and customizable features empower investigators to design studies, manage data, and conduct surveys without requiring advanced technical expertise Moreover, its compliance with regulatory standards ensures that sensitive medical data is handled with the highest level of integrity

Through this report, we seek to provide insights into how REDCap facilitates

streamlined data workflows, enhances collaboration among multidisciplinary teams, and supports the generation of reliable research outcomes We also delve into its practical applications across diverse medical disciplines, its adaptability to different study designs, and its potential to transform how data-driven decisions are made in healthcare

We highly appreciated Prof Vu Duy Hai for helping with our project, who provide knowledge about how to do a project, biomedical engineering knowledge, how to and finally, the inspiration for our team to complete this project

Despite our efforts, it is hard to avoid errors in this project Please give our team your additional suggestions to improve this project

Sincerely thanks!

I Introduction

REDCap (Research Electronic Data Capture) is a robust, web-based platform that

has revolutionized the management of research data, particularly in the fields of clinical and medical research Originally developed at Vanderbilt University and now

adopted by numerous academic and research institutions worldwide, REDCap offers

an advanced, secure, and user-friendly environment designed to streamline the data collection, management, and analysis processes Its versatile framework allows for the creation of both simple and highly complex data collection forms and surveys, all while ensuring high standards of security and regulatory compliance

Figure 1: REDCap official website

The primary aim of this report is to provide a comprehensive examination of

REDCap’s functionality and its significant role in modern research methodologies.

The platform's features, such as customizable data entry forms, longitudinal study management, and automated workflows, offer researchers the tools needed to efficiently design and manage studies REDCap's ability to accommodate both small-scale pilot studies and large-small-scale multi-site clinical trials further underscores its scalability, making it an indispensable tool across a broad range of research contexts Additionally, this report discusses the platform’s integration with other research tools and systems, its adaptability to specific study requirements, and its support for complex datasets involving diverse variables and longitudinal data In particular,

REDCap’s compliance with international data protection regulations, including

HIPAA and GDPR, ensures that it is a secure and reliable choice for handling sensitive medical and patient data The system’s ability to maintain data integrity, ensure real-time monitoring, and facilitate seamless data sharing between institutions adds significant value to the research process, enhancing the reproducibility and transparency of scientific findings

In-depth analysis also highlights how REDCap contributes to improving research

efficiency by reducing administrative workload, mitigating data entry errors, and enhancing the accuracy of study results Through its intuitive design and extensive

customization options, REDCap empowers researchers to focus on scientific inquiry

rather than administrative tasks This report will explore how the platform is transforming the landscape of medical research, supporting a diverse array of research designs, and advancing the field by providing a secure, efficient, and scalable solution to data management challenges

II REDCap Infrastructure requirements

and dependencies

1 REDCap Infrastructure: Best practices

Best practices in the configuration and deployment of web servers and database servers emphasize the importance of maintaining these servers as separate entities to enhance security and functionality Specifically, it is recommended that the database server be securely positioned behind a firewall to prevent unauthorized access and safeguard sensitive data The placement of the web server, however, can vary depending on institutional policies and operational requirements It may be located either behind the firewall or within a demilitarized zone (DMZ) Many institutions choose to host REDCap web servers behind a firewall due to compliance with organizational security policies, which mandate restricted external access However,

in some cases, institutions such as Vanderbilt University place their web servers in the DMZ, allowing unrestricted accessibility from the broader internet This placement ensures that the web server is accessible to users worldwide, but it also necessitates stringent security measures A critical requirement for web servers, regardless of their location, is the implementation of Secure Sockets Layer (SSL) encryption, facilitated by an SSL certificate, to ensure secure and encrypted communication between the end-user and the web application

In addition to server placement and security considerations, robust data backup protocols are essential for institutions hosting REDCap Most institutions perform backups of their REDCap database on a daily or semi-daily basis, often utilizing tools

such as mysqldump or other database management software to ensure data integrity

and recoverability When a web server is hosted in the DMZ, it is strongly recommended that REDCap documents not be stored locally on the web server due to potential security vulnerabilities Instead, these documents should be stored on a separate server positioned behind a firewall, similar to the database server's configuration Recommended storage options include traditional file servers, Network Attached Storage (NAS), or Network File Systems (NFS), which offer reliable storage solutions while minimizing exposure to unauthorized access Secure communication to REDCap from these storage systems can be facilitated using the WebDAV protocol with SSL support The WebDAV option can be enabled within the REDCap Control Center, providing an additional layer of secure document transfer and storage

Conversely, when the web server is located behind a firewall and is not accessible directly from the internet (i.e., it is not situated in the DMZ), the security risks associated with local document storage are significantly reduced In such cases, it is generally acceptable to store REDCap documents directly on the local web server or

on a file system mounted to the web server This configuration may simplify system management while still adhering to institutional security standards, provided that the firewall and other security mechanisms adequately protect the server and its associated resources

2 General suggestion

2.1 REDCap Configuration and Setup Requirements

REDCap is designed to be highly configurable, allowing institutions within a consortium to implement it with minimal infrastructure and setup requirements The application is compatible with multiple operating systems, including Linux, Unix, Windows, and macOS, ensuring flexibility in deployment environments Essential components for running REDCap include a web server, database server, and optional

file server The web server requires software such as Microsoft IIS or Apache, along with PHP 7.2.5 or higher (including support for PHP 8) A database server is necessary, utilizing MySQL 5.5.5+ or MariaDB 5.5+ to store REDCap data, and a MySQL client tool (e.g., phpMyAdmin or MySQL Workbench) is required for installation and upgrades Additionally, an SMTP email server must be configured

to enable REDCap's email functionality While the SMTP server can reside on the

same web server, it is preferable to use an institutional SMTP server or a separate

dedicated server In scenarios where the web server is located in the DMZ and accessible via the internet, it is strongly recommended to use a separate file server behind a firewall for storing uploaded files securely Communication between the file server and REDCap should utilize secure protocols such as WebDAV with SSL support, adhering to institutional policies where applicable

2.2 Web Server Specifications and Recommendations

The web server hosting REDCap should meet specific hardware requirements to

ensure optimal performance and scalability A minimum of four CPUs/cores, 8-12

GB of RAM, and 100 GB of hard drive space are recommended For institutions anticipating substantial traffic surges, such as during the launch of high-demand surveys, load balancing using two or three servers is advisable While load balancing improves system reliability and performance under heavy loads, it introduces additional complexities For instance, the "Easy Upgrade" feature cannot be used with load-balanced setups, requiring administrators to manually synchronize

REDCap versions across all servers before completing upgrades Additionally, in

load-balanced configurations, uploaded files cannot be stored locally on web servers; instead, they must reside on mapped drives, NFS mounts, or external servers using

protocols such as WebDAV or Amazon S3 Administrators should adjust these settings in the File Settings section of the REDCap Control Center For Windows-based systems, it is essential to configure the REDCap cron job within the Windows

Task Scheduler to "Run a new instance in parallel," ensuring efficient background task execution

2.3 Database Server Specifications and Configuration

The database server supporting REDCap must also meet robust hardware

requirements to handle database transactions efficiently Recommended specifications include 4-8 CPUs/cores, 12-16 GB of RAM, and at least 100 GB of storage For optimal performance, it is advisable to deploy the database server on a separate machine from the web server Key MySQL or MariaDB configuration settings can further enhance performance For instance, setting

innodb_buffer_pool_size to approximately 70-80% of the available RAM (8-9 GB for a 12 GB RAM server) and defining innodb_buffer_pool_instances to a higher

value if the buffer pool exceeds 4 GB are best practices Additionally, setting

max_connections to at least 400 and increasing this value as needed, with

proportional adjustments to server RAM, ensures adequate support for concurrent users Administrators may also consider adjusting settings like

innodb_flush_log_at_trx_commit and sync_binlog for write-intensive tasks,

though these changes should first be tested on a staging server to verify their impact

2.4 PHP Configuration for REDCap

PHP serves as the backbone of REDCap's web application functionality, providing the necessary tools to interact with MySQL databases Four primary PHP build types are available, depending on the deployment environment: Thread-Safe (TS) for

single-process servers like Apache with mod_php, Non-Thread-Safe (NTS) for FastCGI web servers (e.g., IIS or Apache with mod_fastcgi), x86 for 32-bit systems,

and x64 for 64-bit systems As of PHP 8.3.0, Windows 8 or Windows Server 2012 is required, while earlier versions (from 7.2.0) require Windows 2008 R2 or Windows

7 Administrators should ensure that the appropriate Visual C++ Redistributable package for Visual Studio 2022 is installed, as it is essential for all PHP versions Properly configuring PHP with the required drivers and extensions ensures that REDCap operates reliably and efficiently

2.4 Authentication Methods in REDCap

Authentication in REDCap is critical for verifying the identity of users accessing the

system The platform supports multiple authentication methods, including LDAP, Shibboleth, OpenID, Google OAuth2, and an internal based method The table-based approach is often the most straightforward, as it requires no external services and relies solely on username/password pairs stored within a database table For organizations with existing authentication infrastructure, integrating methods like LDAP or Shibboleth provides seamless user access while leveraging institutional

identity management systems REDCap also allows administrators to combine

LDAP with table-based authentication, providing flexibility in meeting diverse user requirements

2.5 Security Measures in REDCap

REDCap incorporates robust security measures to protect sensitive data stored in its

backend database and to guard against malicious activities All incoming data is rigorously filtered, sanitized, and escaped, ensuring that user-submitted information

through HTTP POST requests or query strings does not compromise system

integrity Additional safeguards include rate limiting, which restricts the number of web requests from a single IP address to a predefined threshold per minute If the threshold is exceeded, the offending IP address is permanently banned from

accessing the system This rate-limiting mechanism is customizable via the REDCap