CloudHesive’s strategic relationship with a healthcare technology services company
Healthcare technology services company provides real-time analytics software and custom pharmacy networks to help health plans and employers manage their pharmacy benefits and lower their costs.
The Challenge
This success is based on the customer’s ability to provide a reliable, responsive services between their partners, utilizing Direct Connect. The commercial agreement with the partner had specific requirements in it as it relates to availability and responsiveness as well as technical requirements around IP Space, which required implementing virtual network appliances on EC2. It was important for the customer to consult with someone who knows how to implement architecturally complex, resilient, multi AZ and multi region workloads on AWS as well as a depth of knowledge around software defined networking or SDN (NAT, Routing, Protocols, etc.). They not only required an Active-Active, 100% uptime solution with low latency but also ongoing, proactive monitoring and response in the event that automated controls failed. Because of this factor the customer knew they needed to outsource the management of such a complex environment. CloudHesive’s experience in monitoring, response, Kubernetes and infrastructure as code also played a role.
The customer also required secure functionality to provide protected data so their application could share information with other pharmacies. The secure access of their proprietary tools for insurance education and scanning insurance cards that will gather plan information and can then confidently recommend the best medication or service.
The Solution
CloudHesive worked with the customer to set up a single virtual appliance in one region to provision an IP to the customer’s partner as a proof of concept. After validating the proof of concept, CloudHesive updated the configuration to be High Availability with a total of 8 CSR appliances across two regions, us-east-1 and us-east-2, with isolation between workloads (production, non production, etc.). CloudHesive then set up the customer’s AWS account structure including Transit Network connectivity that utilizes Transit Gateways, Cisco Cloud Service Routers (on EC2), and Direct Connect to enable communication between their EKS clusters and their client’s distributed datacenter environment.
The traffic is sent from the EKS clusters through the shared Transit Gateway in the shared Transit Network account to a pair of Cisco CSRs. This provided network address translation (NAT) of the private IP addresses of the workloads to a static public IP that is allowed through the client’s firewall. The traffic then flows through the Direct Connect Connection and reaches the Prime Network. Since the client’s network only accepted traffic from allowed public IP addresses, the CSR provided a static public IP address that would otherwise not be available for use.
After the architecture was completed, the workload was implemented, validated and scale tested, validating the design and as built architecture. From that point failover testing was performed, validating the ability to operate in a distinct region. Monitoring thresholds were set, runbooks/playbooks produced and a tabletop exercise performed utilizing the output from the monitors to simulate component, Availability Zone and Regional failures. At that point the solution was commissioned for go-live and launched.
The Results
The solution that CloudHesive built for the customer was able to archive the desired availability and response time, in both automatic recovery mechanisms and manual recovery mechanisms in which integration with 4 or more third parties was required. On an ongoing basis the approach has been validated through continuous testing of the monitors, runbooks and playbooks as well as response to multiple failures of production components (EC2 instances, Availability Zones, Regions, Applications and Integrations). Their application now can securely share data with pharmacies and can ensure that the best medication/plan is being offered to end users. This will undoubtedly increase customer satisfaction as well as client usability.
Technologies Leveraged
VPC, EC2, EBS, Transit Gateway, Direct Connect, ENI, EIP
