Delivery of a robust AWS SaaS platform from scratch in three runs

Background

Our client is an US-based healthcare IT solution provider. The partnership began in 2015. At that moment, our customer adjusted their business strategy refocusing on digital solutions to streamline patient surveying, optimize costs, and introduce modern features like AI. 

Our customer planned to create a one Experience Platform, enabling organizations with instant knowledge on what matters most to each Nperson they serve. Along with that, the company wanted to enable in-house innovation by empowering internal Research & Data Science teams with proper Data and environment.  

At that moment, GreenM  stepped in to strengthen the company R&D team with their technology expertise in data and visualizations. Together we  gathered all the data in a single source of truth for all departments enabling self-service analytics for internal users. We launched a new Real-Time Analytics portal with sophisticated security and subscriptions capabilities.  

Our Goal was to constantly improve and adapt technologies in order to scale the system from 0 to 10K users during a rapid customer growth and allow for a quick onboarding. 

Let’s review the step-by-step technology Journey to AWS in one project.

Value delivery

1

Phase 1: Initial design and implementation 

Description 

Our customer has just completed the evaluation of the new “Real-time platform” project and decided to roll it out to the market as fast as possible.  

They had an on-premises data center at that time, so Engineering had to work  closely with the IT department to secure new resources (VMs). 

The new platform roll-out required much faster ways for Engineering to provision required resources. 

We chose to go forward with AWS to facilitate a self-service paradigm for infrastructure management. 

GreenM partnered with the client to migrate part of the existing infrastructure to support the new platform into AWS and implement BI stack in the cloud. 

Challenge 

Engineering had to quickly migrate from IT dependent resource provisioning to self-service. 

Considering the tight schedule, Engineering had to maintain a balance between infrastructure governance and freedom to provision resources for engineers. 

Why Amazon 

AWS EC2 provided the required level of elasticity and self-service capabilities. 

AWS VPC with its ability to change network layout and security groups on the fly provided required balance between freedom and governance. 

Benefits

“Real-time platform” time-to-market was low- in less than 8 months all the key customers were migrated to the new environment. 

Self-service infrastructure made the Engineering team much more efficient (no idle periods caused by waiting for the IT department to provision resources).

2

Phase 2: Rapid growth. Transition to serverless approach 

Description 

“Real-time platform” proved to be quite successful and grew rapidly. 

Growth caused a new level of requirements to availability, performance and scalability. 

The engineering team had to refactor critical services to AWS Managed Service instead of EC2 instances and to implement a scalable Data Lake pipeline to support BI, Serverless Subscriptions module and migrated user-facing BI Portal to serverless managed services in AWS.

Challenge 

We had to support the rapidly growing Platform, simultaneously improving major non-functional requirements. 

Why Amazon 

AWS has all the required capabilities to make this kind of refactoring non-disruptive from Operations standpoint. 

CloudFront provides low latency HA content delivery and is utilized for all user-facing portals. 

Lambdas and ECS on Fargate were used to migrate EC2 based Web APIs to serverless 

EMR and S3 were used to deliver a scalable and reliable BI pipeline for the data lake. 

Benefits

Cost optimization was significant: lower implementation cost compared to on-premises infrastructure and cheaper infrastructure cost compared to EC2. 

Besides the switch made it easier to pass security audits with usage of HIPAA certified AWS Managed services. 

3

Phase 3: High-Availability and quick recovery 

Description 

The next step was to reinforce further the new platform availability requirements by rebuilding a single VPC account AWS infrastructure into a multi account setup and switching all the business-critical processes to the new setting with automated deployment of the platform components.  

 GreenM cooperated with the customer security and infrastructure teams to design and implement the new set up and achieve repeatable “one click” deployment to all AWS accounts for all product components including those based on AWS Lambda, ECS Fargate, EMR and EC2. 

 Challenge 

The number of components to migrate and automate deployments was big, the variety of AWS services involved and the fact that “Real-time platform’ was the first product to be migrated to the new infrastructure made this task especially complex. 

Why Amazon 

The Shared Responsibility security model enables custom security configurations allowing to meet the strictest requirements.  

AWS also has a great set of tools and services to build highly available secure systems: 

– Data Encryption (at rest and at flight) is embedded in all AWS Data services like S3, Dynamo, SQS, SNS, RDS, Elastic, etc. It is a matter of enabling a switch to use secure data encryption. 

– Robust set of network services, that makes it easy to go from secure network architecture design to its implementation. 

– Mature set of deployment automation services including CloudFormation, Secrets Manager and Parameter Store 

– And set of production monitoring and change management tools like CloudWatch and AWS Config to monitor production operations and ensure that only permitted changes are rolled out to  production 

Benefits

The new implemented infrastructure: 

– supports network segmentation between environments and products; 

– supports resource access segregation, that is especially relevant due to sensitive nature of the data; 

– serves as an infrastructure platform that minimizes security errors made by developers; 

– enables self-service infrastructure setup for developers. 

The developed continuous deployment pipeline:

– allowed automated repeatable component deployment from scratch into prepared AWS account infrastructure; 

– created a set of PowerShell scripts to automatic creation and termination of Windows EC2 instance in the Active Directory; 

– tailored security groups to suit the needs of specific components; 

– narrowed IAM policies to allow exact set of permissions required by specific component; 

– delivers a basis for further improvements and test automation. 

It’s a great opportunity for GreenM to strengthen our partners R&D Team, helping to take a strong position on the market due to the fast adoption of the latest trends. 

We will continue our partnership helping the organization to achieve new goals in extending product experience , mature it, and scale it.

GOT A HEALTH TECH
PROJECT IN MIND?

Together we can develop the great solution to maximize the return on your investment in data.

Case studies

GOT A HEALTH TECH
PROJECT IN MIND?

Together we can develop the great solution to maximize the return on your investment in data.

Copyright © 2021 GreenM, Inc. All rights reserved.

Subscribe to our health tech digest!

Insights, useful articles and business recommendations in your inbox every two weeks.

    Subscribe to our health tech digest!

    Insights, useful articles and business recommendations in your inbox every two weeks.