View
328
Download
2
Tags:
Embed Size (px)
Citation preview
DISCLAIMER: The views and opinions expressed in this presentation are those of the author and do not necessarily represent official policy or position of HIMSS.
The Cloud as a Platform for Better Health
Presented by: Jinesh Varia
02/23/2012
The Cloud
Each day, AWS adds the
equivalent server capacity to power Amazon when it was a global, $2.76B enterprise
(circa 2000)
Growth of our storage service
Q4 2006 Q4 2007 Q4 2008 Q4 2009 Q4 2010 Q4 2011
Peak Requests:500,000+
per second
Total Number of Objects Stored in Amazon S3
2.9 Billion 14 Billion 40 Billion102 Billion
762 Billion
262 Billion
Customers in 190 Countries
Why are people so excited about the cloud?
Helps you focus on your application
“IT spends 80% of its time and resources keeping the lights on”
Contract negotiation
Large Capital Expenditures
Patching SoftwareOut of Datacenter Space
Prices too high for IT products
Slow IT DeploymentsScaling down as needed
Underutilized IT Assets
Scaling up quickly
Managing physical growth
On-Premise Infrastructure is Costly & Complex
No Up-Front Capital Expense
Pay Only for What You Use
Self-Service Infrastructure
Easily Scale Up and Down
Improve Agility & Time-to-Market
Low Cost
Cloud Computing Benefits Are Real
Deploy
The AWS Cloud
ComputeAmazon EC2Auto Scaling
NetworkAmazon VPC
ELB, DirectConnectAmazon Route 53
AWS Global Physical Infrastructure (Geographical Regions, Availability Zones, Edge Locations)
StorageAmazon S3
Amazon EBS
Your Application
DatabaseAmazon RDS
Amazon DynamoDBAmazon ElastiCache
Libraries and SDKs.NET/Java etc.
Web InterfaceManagement Console
ToolsAWS Toolkit Eclipse, VS
Command Line Interface
Auth, Authorization, Federation
AWS IAM, MFA
MonitoringAmazon CloudWatch
Deployment and AutomationAWS Elastic BeanstalkAWS CloudFormation
Low-level building blocks
High-level building blocks
Tools to access services
Cross Service features
Content DeliveryAmazon
CloudFront
EmailAmazon SES
TransferImport/Export
Storage Gateway
Parallel Processing
Amazon Elastic MapReduce
MessagingAmazon SNSAmazon SQS
Global Infrastructure
US West(Northern California)
US East(Northern Virginia)
EU(Ireland)
Asia Pacific
(Singapore)
Asia Pacific(Tokyo)
AWS RegionsAWS Edge Locations
GovCloud(US ITAR Region)
US West(Oregon)
South America(Sao Paulo)
Cloud Benefits
Zero upfront investment
On-demand provisioning
Instant scalability
Auto scaling and elasticity
Pay as you go
Removes undifferentiated heavy lifting
Developer productivity
Automation
CloudStrategy
New applications
Build a Cloud-Ready
Design
Existing Applications
Planned Phased migration
Enterprise Cloud Strategy
Health 2.0 Startup or
SMB Firmor
Large Enterprise
Flexibility
Choice of location (Region) Choice of development and system management tools
Choice of programming language – Java, Ruby, Python, Perl, .NET..
Programmable Infrastructure
Choice of Operating SystemsLinux, Windows, Suse, RedHat….
Choice of Databases (Commercial)Oracle, SQL Server, MySQL, PostGres…
Purchasing Options On-Demand, Reserved, Spot, Invoice, Credit Card
Choice of as much or as littleAnd only pay only what you use
The Cloud as a Platform
The Cloud as a PlatformFor Collaboration – Data
Data Collaboration
• Storage Services• Amazon S3• Amazon EBS• Amazon DynamoDB
• Transfer Services• AWS Import/Export• AWS Storage Gateway
• Identity and Access Management
• Federation• Encryption features
• Amazon S3 Server Side Encryption
• Client side encryption• Key Management (Partners)
BioSense 2.0 protects the health of the American people by providing timely insight into the health of communities, regions, and the nation by offering a variety of features to improve data collection, standardization, storage, analysis, and collaboration.
Facts:1. Authorization to Operate (ATO) from CDC2. FISMA- Moderate3. CDC use NIST Standards for Certification &
Accreditation Process (NIST SP 800-18, NIST SP 800-37, NIST SP 800-53)
4. Launched on 15 Nov 20115. In AWS GovCloud Region (US-Persons only)
State Health Department
Hospital
HIE
Health System
State Health Dept. Cloud
HospitalHIE
Health System
State Lockers
DataWarehouse
BioSenseEssense
State/Local User/ Admin
Authorized Collaborator
CDC User
Data Exchange and Integration
The Cloud as a PlatformFor Collaboration – Data
The Cloud as a PlatformFor Collaboration – DataFor Clinical Research
Clinically Actionable / Evidenced Based
Information at the Point of Care
MomentPatientSpecific
InformationMolecular
Clinical
Disease Treatments
Disease
Molecular
GlobalClinically
ActionableInformation
They create a patient specific storydesigned to support treatment decision
Patient Specific PhysicianEducation
Patient Specific Education at Point Of Care Moment
25
• 8 Algorithms• 54K molecular data
points• Asynchronous
analysis
• Four content stores• 30M+ records• Textual search
engine
Personalized Medicine Service
OncInsights Report
• Interactive
• Explore Evidence
• Easy to Navigate
Clinical Knowledge SystemAlignment of molecularly identified therapeutic candidates …With clinically relevant knowledge in the disease context
• Scientific Literature
• Clinical Trials
• Compendium Support
The Cloud as a PlatformFor Collaboration – DataFor Clinical Research
The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data Protection
Data Protection and Disaster Recovery
Continuous Online Data Backup
Regions and Availability Zones
Customer Decides Where Applications and Data Reside
Dedicated Instances
On-demandInstances
• Pay as you go
• Starts from 0.02/Hour
ReservedInstances
• Onetime upfront + Pay as you go
• $56 for 1 year term and then $0.01/Hour
SpotInstances
• Requested Bid Price and Pay as you go
• $0.005 /Hour as of today at 9 AM
Dedicated Instances
• Standard and Reserved
• Single Tenant Instances
• $10/Region + 0.105/Hour
For Spiky Workloads
For Steady State
Workloads
For Time-insensitive workloads
For Regulatory and Compliant
Workloads
The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data Protection
The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data ProtectionFor Corporate Apps
DirectConnectLocationCorporate
Data Center
Amazon Virtual Private
Cloud
10G
Extend your existing datacenter
Amazon VPC
AWS Region
Public Subnet
Private Subnet
Corporate data center
Corporate Headquarters
Availability Zone 1
Availability Zone 2
Branch Offices
VPN GatewayCustomer Gateway
Internet Gateway
Router
DirectConnectLocation
Amazon S3 Amazon SimpleDB Amazon SES Amazon SQSNew Enterprise IT Network architecture
10G
Cloud-based NLP Service
A Strategy for Deploying Secure Cloud-Based Natural Language ProcessingSystems for Applied Research Involving Clinical TextDavid Carrell
Built on Security Standards
Certifications
SOC1 Type 2(SAS-70)
ISO 27001
PCI DSS 2.0 for EC2, S3, EBS, VPC, RDS, ELB, IAM
FISMA Moderate Compliant Controls
Enables HIPAA & ITAR Compliant Architecture
Physical Security
Datacenters in nondescript facilities
Physical access strictly controlled
Must pass two-factor authentication at least twice for floor access
Physical access logged and audited
HW, SW, Network
Systematic change management
Phased updates deployment
Safe storage decommission
Automated monitoring and self-audit
Advanced network protection
AWS Security and Compliance Center: http://aws.amazon.com/security
SOC1 Type 2 AuditISO 27001/2 CertificationPCI DSS 2.0 Level 1-5HIPAA/SOX ComplianceFISMA A&A ModerateFEDRamp/GSA ATO
Enforce IAM policiesUse MFA, VPC, Leverage S3
bucket policies, EC2 Security groups, EFS in EC2 Etc..
Encrypt data in transitEncrypt data at rest
Protect your AWS CredentialsRotate your keys
Secure your application
Security is a Shared Responsibility
Application Security
Services Security
Infrastructure Security
How we secure our infrastructure
What security options and features are available to you?
How can you secure your application and what is your responsibility?
Security and Compliance Assessment
You own the data, not AWS. You choose which geographic location to
store the data. It doesn’t move from AWS region unless you decide to move it.
You have the flexibility to decide when and how you will encrypt your data while it is in transit and while it is at rest based on sensitivity of your data
You can download or delete your data whenever you like.
You can set highly granular permissions to manage access of a user within your organization to specific service operations, data, and resources in the cloud for greater security control.
Involve your Security and Compliance Teams early in the process
The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data ProtectionFor Corporate Apps
The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data ProtectionFor Corporate Apps For Platforms
The Cloud as a PlatformFor Collaboration – DataFor Clinical ResearchFor Data ProtectionFor Corporate Apps For Platforms
The Cloud as a PlatformFor Better Health