We're excited to announce Harmony 0.12, a release focused on enabling secure communication between distributed Harmony gateways, strengthening operational reliability, and extending healthcare data workflows. This version introduces data mesh networking with JWT-based authentication, HTTP/3 connectivity with automatic protocol selection across mesh instances, a new provider resolution system for configuration sync, and powerful enhancements to DICOM workflows including C-STORE support and DICOM-to-DICOMweb bridging.

For organisations operating distributed Harmony gateways across multiple sites or teams, Harmony 0.12 delivers essential capabilities for secure inter-gateway communication, consistent configuration management, and reliable DICOM data exchange. Whether you're building cross-team API boundaries, connecting partner systems with strong authentication, or managing complex distributed healthcare data pipelines, this release provides the infrastructure and visibility needed for sophisticated interoperability scenarios.

Data Mesh Architecture: Secure Gateway-to-Gateway Communication

Harmony 0.12 introduces a data mesh architecture that enables multiple Harmony gateways to communicate securely as a coordinated network. Rather than exposing every gateway publicly or relying on fragile shared credentials, the mesh provides explicit ingress and egress routing with automatic JWT-based authentication between mesh members.

This solves a real operational challenge: as organisations deploy distributed gateways across sites or teams, managing authentication and routing between them becomes complex. The mesh architecture handles this systematically—gateways within the mesh authenticate to each other automatically, routes are declared explicitly, and the control surface remains auditable.

Key mesh capabilities:

Ingress and egress routing: Define how your gateway receives requests from and sends requests to other mesh members
JWT-based authentication: Automatic token generation and validation between mesh participants using shared secrets or Runbeam-managed keys
Provider support: Choose between local providers (HS256/RS256 keys) or runbeam providers (cloud-managed authentication)
Flexible endpoint modes: Configure endpoints as public (open to any client) or mesh-only (restricted to authenticated mesh members)

Practical use cases for mesh networking:

Cross-team API access: Expose integration APIs to other teams within your organisation without public internet exposure
Partner integrations: Connect to partner systems with strong authentication boundaries and explicit routing
Distributed data pipelines: Build pipelines that span multiple gateways and sites with coordinated transformation and routing
Multi-site healthcare networks: Coordinate data flows between hospital locations with centralised policy and authentication

The mesh is designed to be incremental—you can enable it endpoint-by-endpoint as needed, and existing configurations continue to work unchanged.

HTTP/3 Connectivity and Automatic Protocol Selection: Modern Networking for the HTTP Adapter

Harmony 0.12 adds native TLS support for the HTTP adapter with automatic protocol negotiation, including support for HTTP/3 and QUIC. This is essential for organisations deploying gateways in modern cloud and containerised environments where encrypted communication and next-generation protocols are the baseline requirement.

Modern protocol support includes:

TLS 1.3 with automatic ALPN negotiation for HTTP/1.1, HTTP/2, and HTTP/3
HTTP/3 with QUIC: Next-generation protocol with reduced latency, improved performance over unreliable networks, and independent stream multiplexing
PEM-format certificates and keys for straightforward configuration
HTTP → HTTPS redirect via force_https for transparent migration of existing traffic
Automatic protocol negotiation: Intelligent negotiation ensures clients use the most efficient protocol available

For distributed gateway deployments, HTTP/3 provides significant benefits: reduced connection establishment time, better performance over high-latency or lossy networks, and independent stream handling preventing head-of-line blocking. Certificate management is straightforward—configure certificate and key paths in your HTTP adapter configuration, and Harmony handles the TLS handshake and protocol negotiation automatically.

Automatic HTTP/3 Selection Across Harmony Mesh Instances

Beyond HTTP/3 support on individual endpoints, Harmony 0.12 introduces automatic HTTP/3 selection for ingress and egress communication between known mesh members. When gateways communicate with other known Harmony instances in the mesh, Harmony automatically negotiates HTTP/3 where both endpoints support it, falling back to HTTP/2 or HTTP/1.1 as needed.

This capability transforms inter-gateway communication:

Optimized mesh traffic: Mesh egress connections automatically use HTTP/3 when communicating with other Harmony instances, reducing latency and improving throughput
Automatic fallback: If HTTP/3 negotiation fails, connections seamlessly fall back to HTTP/2 or HTTP/1.1 without application intervention
Zero configuration: Once you've defined mesh peers, HTTP/3 selection happens automatically—no additional configuration needed
Multi-instance coordination: Works across distributed Harmony deployments, enabling efficient communication between gateways in different locations or organisations

For organisations operating mesh networks spanning multiple sites, data centres, or cloud regions, automatic HTTP/3 selection significantly improves gateway-to-gateway communication performance. High-latency intercontinental connections benefit from reduced round-trip times, lossy network conditions experience improved reliability through independent stream handling, and overall mesh throughput increases without operational overhead.

HTTP/3 Security: Encrypted Communication Without VPN Overhead

Beyond performance, HTTP/3 with TLS 1.3 provides security properties that eliminate the need for traditional VPN infrastructure in many deployment scenarios. Each connection is fully encrypted end-to-end, with perfect forward secrecy ensuring that even if long-term keys are compromised, past sessions remain secure. Combined with Harmony's JWT-based mesh authentication, this creates a modern security model:

Native encryption: TLS 1.3 provides industry-standard encryption at the transport layer, no VPN tunnel required
Perfect forward secrecy: Session keys are ephemeral—compromising one session doesn't compromise others
Zero-knowledge architecture: Harmony gateways authenticate to each other directly without a central trusted intermediary
Mesh-based trust: Rather than trusting a global VPN network, you trust only the specific mesh peers you've explicitly configured

This approach is particularly valuable for organisations deploying gateways across multiple cloud providers, on-premises locations, or partner networks. Instead of maintaining expensive VPN infrastructure with complex configurations, you define explicit mesh relationships using JWT secrets and let HTTP/3 handle encrypted transport. The result is simpler infrastructure, faster troubleshooting, and security boundaries that align with your operational structure.

Provider Resolution System: Coordinated Configuration Across Gateways

Harmony 0.12 introduces a provider architecture for resource resolution and configuration synchronisation. This lays critical groundwork for operating multiple gateways with consistent, cloud-managed configuration.

Two provider modes are now available:

local provider: For standalone or on-premises deployments where configuration is managed locally
runbeam provider: For cloud-managed configuration, enabling Runbeam to push updates, transformations, and policies to connected gateways

The provider system includes configurable polling intervals, automatic downloads of referenced transformation specifications, and seamless synchronisation of configuration changes across your gateway fleet. This is the foundation for Runbeam's configuration management capabilities, where you'll be able to define transformations and policies once and deploy them consistently to all gateways.

Advanced DICOM Capabilities: C-STORE Support and DICOMweb Bridging

Healthcare organisations using Harmony as part of DICOM imaging workflows get significant improvements in 0.12. The DICOM implementation now supports C-STORE operations for sending datasets to remote systems, and introduces a powerful DICOM-to-DICOMweb bridge enabling incoming DICOM connections to route to DICOMweb-based backends.

DICOM enhancements in 0.12:

C-STORE support: Send DICOM instances to remote PACS systems, imaging archives, and other DICOM storage destinations
DICOM-to-DICOMweb bridge: Accept incoming DICOM connections (C-STORE from imaging devices) and automatically bridge them to modern DICOMweb backends, enabling legacy devices to communicate with web-based imaging platforms
Automatic format translation: Seamlessly convert DICOM binary protocol to DICOMweb JSON/multipart representations
PDU size negotiation fixes: More reliable handling of DICOM protocol negotiation with diverse equipment
Improved protocol stability: Better error handling and association management for complex DICOM workflows
Enhanced error reporting: Clearer diagnostics when DICOM operations fail

The DICOM-to-DICOMweb bridge solves a critical interoperability challenge: legacy imaging devices and PACS systems speaking classic DICOM protocols can now connect to modern DICOMweb-based imaging platforms and cloud services. Imaging devices send DICOM data using standard C-STORE operations—exactly as they would to a traditional PACS—and Harmony transparently bridges that traffic to DICOMweb backends via REST APIs. This eliminates the need for separate protocol adapters or complex gateway configurations.

For organisations implementing DICOM gateways or imaging integration workflows, these capabilities complete the DIMSE picture. Combined with the existing C-ECHO, C-FIND, C-GET, and C-MOVE operations, Harmony now provides comprehensive capabilities for sophisticated DICOM workflows—receiving images from legacy devices, querying repositories, retrieving studies, sending data onward to storage systems, and bridging to modern cloud-based imaging platforms.

Operational Improvements: Better Diagnostics and Safer Operations

Beyond headline features, Harmony 0.12 includes refinements aimed at faster troubleshooting and safer operations:

Domain mapping: Support for domain mapping to the new Ingress property, allowing filtering requests by url (not just IP/port)
Graceful config reload: Invalid configurations no longer crash the gateway—they're rejected cleanly, allowing operators to fix and retry
Configuration identifiers: New id field on proxies and services for clearer operational telemetry and issue tracking
CLI version flag: Use --version or -v to check the running Harmony version
Better startup error messages: Configuration errors now produce clearer diagnostics, helping operators identify issues faster

These improvements reduce the friction of operating Harmony in production environments, especially for teams managing multiple gateways where quick diagnostics and safe failure modes are essential.

Quick Example: Setting Up a Mesh with JWT Authentication

Below is a minimal example showing how to define a mesh and configure a mesh-only ingress endpoint:

# Mesh file (mesh.toml or included in main config, depending on how you load it)
 
[mesh.partner-mesh]
type = "http"
provider = "local"
jwt_secret = "your-secure-shared-secret-32-chars-min"
ingress = ["api-ingress"]
egress  = ["partner-egress"]
 
# Pipeline file (pipelines/api.toml)
 
[pipelines.api]
networks  = ["public"]
endpoints = ["api-endpoint"]
backends  = ["partner-backend"]
 
[endpoints.api-endpoint]
service = "http"
 
[backends.partner-backend]
service = "http"
connection.host = "partner.example.com"
 
[pipelines.api.mesh.ingress.api-ingress]
type = "http"
urls = ["https://api.example.com"]
mode = "mesh"  # require valid mesh auth for this ingress
 
[pipelines.api.mesh.egress.partner-egress]
type    = "http"
backend = "partner-backend"
# (optionally) mode = "mesh"

In this setup, the api-ingress endpoint only accepts requests from authenticated mesh members, while partner-egress routes outgoing traffic to the partner backend. The mesh handles JWT token generation and validation automatically—no additional authentication code needed.

Upgrade Notes

Mesh is opt-in: Existing configurations continue to work unchanged. Enable mesh features incrementally as needed.
TLS is optional: HTTP endpoints continue to work as before. Add TLS configuration when your deployment requires encrypted communication.
Provider configuration is forward-compatible: The local provider works with existing standalone deployments, and you can switch to runbeam provider when ready for cloud-managed configuration.

What's Next

We're building toward a more seamless operational experience for organisations running distributed Harmony infrastructure:

Runbeam dashboard integration: Manage mesh members, view mesh traffic patterns, and track inter-gateway communication from the Runbeam console
Enhanced mesh observability: Detailed metrics and logs for mesh communication, authentication flows, and routing decisions
Additional protocol adapters: Expanding protocol support for emerging integration scenarios
Advanced transformation tooling: Runbeam-managed transformation specifications with versioning and deployment tracking

Get Started with Harmony 0.12

Harmony 0.12 is available now on GitHub. Pre-built binaries are available for macOS (Apple Silicon and Intel), Linux (x86_64 and ARM64), and Windows platforms.

You can see the full CHANGELOG here.

To adopt Harmony 0.12, you can upgrade incrementally:

Start with TLS: Add HTTPS/TLS configuration to existing HTTP endpoints for modern networking
Introduce mesh selectively: Enable mesh for a single integration boundary, then expand to other gateways
Prepare for cloud configuration: If you're planning to adopt Runbeam Cloud, the provider system is ready for integration

For detailed configuration examples, troubleshooting guides, and best practices for mesh networking, visit the Harmony documentation.

This release represents another step forward in Harmony's evolution as a comprehensive secure data integration platform. The combination of secure mesh networking, native TLS, cloud-aligned configuration management, and expanded DICOM capabilities makes Harmony 0.12 a significant upgrade for organisations operating sophisticated distributed integration infrastructure.

Ready to enable secure mesh communication across your gateways? Download Harmony 0.12, explore the mesh configuration guides, and discover how distributed gateway networks can simplify your integration operations.

Building secure, observable healthcare interoperability with Harmony 0.12.

Harmony 0.12: Data mesh networking, HTTP/3 connectivity, and advanced DICOM bridging