In the AWS Life Sciences presentation you’ll learn best practices for using AWS for pharmaceutical, genomics, and biotechnology workloads for the Life Sciences industry with a deep technical overview and demos. Topics to be covered in this presentation include architecting for validated workloads on AWS, building IoT applications for healthcare, and hybrid storage options for the Life Sciences. You will also see how cloud technology partner, Cognizant, is helping Life Science organizations architect for high availability & business continuity.
The 7 Things I Know About Cyber Security After 25 Years | April 2024
Healthcare and Life Sciences Event Agenda on AWS
1.
2. Healthcare and Life Sciences Days
New Jersey
Mark Johnston, Director of Global Business Development,
Healthcare and Life Sciences
July 26, 2016
3. 05:00 PM – 06:30 PMClosing Remarks, Q&A and Networking6
04:15 PM – 05:00 PMLeveraging Amazon Echo and AWS to build Healthcare IoT Applications5
03:30 PM – 04:15 PMCognizant: Architecting for High Availability & Business Continuity4
02:45 PM – 03:30 PMRemoving Boundaries Between On-prem and Cloud Resources for Life Science
Research Environments
3
02:30 PM – 02:45 PMBreak
01:30 PM – 02:30 PMBest practices when building a validated system on AWS for the Life Sciences2
01:00 PM – 01:30 PMIntroduction and Opening Remarks1
Agenda
6. BACKGROUND
30 years of expertise
in Pharma and IT
M2R - Pioneer application for statistical control and execution systems for
pharmaceutical industry manufacturing (acquired by Aspen Technology
Inc. (USA) in 2000)
SVS - International company (9 countries) providing Computerized System
Validation and Regulatory compliance for Pharma manufacturing (acquired
by Azbil (JAPAN) in 2012)
7. $50
wasted by Pharma
manufacturers each year
Billion
PHARMA MANUFACTURING CHALLENGES
Source: W. Nicholson Price II, Making Do in Making Drugs: Innovation Policy and Pharmaceutical Manufacturing, 55 B.C.L. Rev. 491
9. Patent expiration: price drop & new
competition
Personalized medicines, not blockbusters
Offshoring manufacturing
Margin pressure
(Economic efficiency)
…and this is not affordable anymore:
PAT & QbD
ICH Q8, Q9 & Q10
Drug Quality and Security Act (DQSA)
Data Integrity
Regulatory compliance
CHALLENGES
10. WHY CLOUD
Pharma processes are complex and consist
in the combination of CQA, CPP but also the
rest of variables that are not considered
critical, but physically they are part of the
reality.
Reality is complex.
11. WHY AWS
Versioning
Security
Encryption
Cloud Platform
Big Data Blocks
Certifications
QMS
Implementation &
GMP requirements
bigengine approaches the science
of the regulated data to the users
Qualified platform
Validatable Solution
AWS is the most suitable cloud platform for Pharma requirements
12. IoT
CLIMA
Advanced Analytics
Siloed data
70% unused
Finds inefficiencies Discovers cause
bigengine
SaaS Platform
SAP
ERP
MES
Legacy
IoT
ERP
MES
IoT
ERP
LIMS
CLIMA Users
SOLUTION
14. SOLUTION
Pharma Knowledge Discovery Platform
Big Data Analytics
Cloud Technologies
Advanced Analytics
Machine Learning
Neural Networks
Pattern recognition
Regulated Data Lake
Process normalization
Predictions
Golden Batch
PAT
CPV
15. POCs
Use Cases
VOC, EL & Cooling processes
Optimization
Defects in tablets
Causality Detection
1
2
16. USE CASE 1 - VOC, EL & Cooling processes Optimization
Solvents&RawMaterial
Reactor 1
Reactor 2
(…)
Reactor n
Emissions
Parallel processes Sequential processes
17. USE CASE 1 - VOC, EL & Cooling processes Optimization
>17%
Energy
savings
EL >20% x 1h
After a 2 months POC using bigengine, 17% energy savings in the cooling processes,
and no EL incidents (previously several per month)
0
18. USE CASE 2 - Defects in tablets - Causality Detection
Warehouse
Why?
Weight & Disp. Mixing Granulation
DryingCompressionCoatingPackaging
19. USE CASE 2 - Defects in tablets - Causality Detection
Root causes Defects
In course: 2 root causes detected so far,
60% reduction in defects (from 10% to 4%, still optimizing)
60%
reduction
2
detected
21. 05:00 PM – 06:30 PMClosing Remarks, Q&A and Networking6
04:15 PM – 05:00 PMLeveraging Amazon Echo and AWS to build Healthcare IoT Applications5
03:30 PM – 04:15 PMCognizant: Architecting for High Availability & Business Continuity4
02:45 PM – 03:30 PMRemoving Boundaries Between On-prem and Cloud Resources for Life Science
Research Environments
3
02:30 PM – 02:45 PMBreak
01:30 PM – 02:30 PMBest practices when building a validated system on AWS for the Life Sciences2
01:00 PM – 01:30 PMIntroduction and Opening Remarks1
Agenda
22. Best practices when building a validated system on
AWS for the Life Sciences
Scott Paddock
AWS Security Solutions Architect
Ezra Jennings
Audit Ingestion and DevSecOps
at Medidata Solutions
23. Agenda
• DevSecOps Primer
• Observed industry cloud techniques with AWS
• Tools, processes and frameworks to assist
• A word on Validation
• [Add]
25. DevOps Toolchain
Plan
Configure
Verify
Preprod
Monitor
Create
Release
Define and plan; business value, application requirements and metrics
Building, coding and configuration
Ensuring quality; acceptance, regression testing
Infrastructure and application
Approval/certification, triggered releases, release staging and holding
Process, application and infrastructure
Release coordination, promotion, scheduling, rollback and recovery
26. DevOps Principles
• Collaborate with all stakeholders
• Codify everything
• Test everything
• Automate everything
• Measure and monitor everything
• Deliver business value with continual feedback
Manual Hacking
27. Drivers for DevSecOps
Embedding Security into DevOps was not successful
because…
• Compliance checklists didn’t take us far before we
stopped scaling…
• We couldn’t keep up with deployments without
automation…
• Standard Security Operations did not work…
• And we needed far more data than we expected to help
the business make decisions…
28. DevSecOps: Security as Code
Establishing these principles…
• Customer focused mindset
• Scale, scale, scale
• Objective criteria
• Proactive hunting
• Continuous detection and response
29. DevOps Toolchain
Plan
Configure
Verify
Preprod
Monitor
Create
Release
Define and plan; business value, application requirements, security, compliance
and metrics
Build, code and configuration
Ensuring quality; acceptance, regression, security and compliance testing
Infrastructure and application
Approval/certification, triggered releases, release staging and holding
Process, application, infrastructure, security and compliance
Release coordination, promotion, scheduling, rollback and recovery
33. AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Customers
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall
Customer content
Client-side encryption implementation, Server-side encryption,
Network Traffic Protection
A Word on Security
Security
in the
cloud
Security
of the
cloud
34. Consult internally before implementing
The following slides are practices we
have seen used in industry. As security
and industry compliance is determined by
the customer before implementing
please:
• Consult with your internal best
practices
• Consult with with your Cloud Center of
Excellence
• Consult with your Information Security
group
• Consult with your Compliance
organization
• Do your due diligence
35. General Strategies
AWS
CodeCommit
AWS
CodeDeploy
AWS
CodePipeline
Consult with compliance and security organizations before implementing
• Decouple protected/sensitive data from
the processing or orchestration
• Track where your protected/sensitive data
flows
• Do not check the protected data into
your source or artifact repository!
• Use indirection when orchestrating your
protected/sensitive data flow
• Separate protected/sensitive and general
workflow logical boundaries
36. Separate Virtual Private Cloud (VPC) Strategy
Amazon
EC2
Amazon
EMR
Amazon
S3
Protected/Sensitive Data VPC
Amazon
EC2
General VPC
AWS Directory
Service
AWS
Device Farm
P/S
Consult with compliance and security organizations before implementing
40. AWS and Validated Systems
• Major companies run GxP on AWS today
• We have GxP resources available to help you migrate
GxP systems to the AWS Cloud
• Exciting developments with Lachman Consulting
41. About Medidata
• SaaS Platform for clinical development, analytics and benchmarking in life
sciences
• Started in 1999
• Over 9,000 trials in more than 130 countries
• Serve CROs and contracting partners (pharmaceutical companies)
• We’re hiring: http://www.mdsol.com/en/careers
42. What are Audits?
• A record of actions that create, modify or delete clinically relevant data
• Crucial for asserting confidentiality, integrity and authenticity of this data.
• I’ll talk about how auditing is difficult, and how AWS makes DevSecOps for
auditing solutions a lot easier.
43. Audits MUST BE…
• Captured transactionally with patient data points (as well as other clinically
relevant data)
• Persisted
• Immutable
• Consistent
• Retrievable
• Secure
• (should be) Cheap to store
44. Audits are Voluminous
• Medidata persists eight billion clinical records from more than two million
patients across more than 9,000 studies
• More than one half million patient data points are added daily
• Regulatorily required to capture audits transactionally with these data points
(as well as other clinically relevant data)
• ~600 audits per second … And growing!
45. …and Growing!
• GADGET trial with GlaxoSmithKline
• Patients wore Vital Connect Health Patch (http://www.vitalconnect.com/)
• ECG, skin temperature, etc.
• 1 week
• ~350 GB of audit data
• ~300 million data points (and their audits)
• More data than many years-long trials collect over their lifetimes
46. Solution: MAudit
• Audit ingestion and validation service
• Scalable
• Centralized
• Durable
• Highly Available
• Secure
• Fault Tolerant
• Built on AWS Infrastructure
48. MAudit and DevSecOps at AWS
• S3: Programmatically defined persistence, with security and infinite scaling
• Autoscaling Groups: Codified app server scaling
• VPC: Virtual Private Cloud
• Kinesis: Codified, scalable streaming of data
• IAM: Programmatically defined access controls
• EMR: Queries on large numbers of files
• CloudFormation: Specifying all of the above in code
• ECS: Scalable containers
50. 05:00 PM – 06:30 PMClosing Remarks, Q&A and Networking6
04:15 PM – 05:00 PMLeveraging Amazon Echo and AWS to build Healthcare IoT Applications5
03:30 PM – 04:15 PMCognizant: Architecting for High Availability & Business Continuity4
02:45 PM – 03:30 PMRemoving Boundaries Between On-prem and Cloud Resources for Life Science
Research Environments
3
02:30 PM – 02:45 PMBreak
01:30 PM – 02:30 PMBest practices when building a validated system on AWS for the Life Sciences2
01:00 PM – 01:30 PMIntroduction and Opening Remarks1
Agenda
51. Avere + AWS
Removing Boundaries Between On-
premise and Cloud Resources for Life
Science Research Environments
July 2016
Greg Mazzu – Sr. Systems Engineer
52. Tiered File System
Our Team
File system people
Our Product
NAS purpose-built for
hybrid cloud
Our Technology
Performance and capacity
separation, optimization
53. Avere Hybrid NAS
• Offered as hardware appliance (FXT) or software (vFXT – AWS AMI)
• FXT composed of fast media (RAM, SSD or SAS, and EBS SSD)
• Purpose built Tiered File System (TFS)
• Automatic local caching of “hot” data
• Local termination of read, write and metadata operations
• Data access via NAS protocols: NFS & SMB
• Non-disruptive migration of workloads and data from on-premise to S3
• Secure end-to-end encryption to the cloud
• All objects encrypted for data at rest
• SSL encryption for data in flight
• Scale out cluster from 3 to 50 nodes
• Increases performance and cache
• Space efficient cloud snap shots
• Enterprise grade highly available cluster
53
Avere FXT Edge Filer
Clusters 3-50 nodes
(3 shown)
Proprietary and Confidential
54. Avere Hybrid Cloud
– Removing Legacy Boundaries between Compute and Storage
Cloud
Compute
On-premise
Compute
Cloud
Storage
On-premise
Storage
NAS
Object
Bucket 1 Bucket 2
Bucket n
Virtual Compute Farm
Virtual FXT
File Storage for
Private Object
NAS Optimization
Cloud NAS
Physical FXT
55. Customer Example 1
- AWS Cloud Compute for Genomics-driven Cancer Drug Discovery
Customer Situation
• H3 wanted to leverage AWS’s compute for bioinformatics apps. H3’s initial trial, even with high-speed
access over a private network, gave users a 15ms latency between on-premise storage in Cambridge and
the nearest cloud compute infrastructure. This latency rendered the use case unusable.
Goal
• H3 wanted to take full advantage of a zero capital, linearly
scalable compute infrastructure to accelerate pipelines -
and ultimately reduce time to discovery.
57. Technology Spotlight - Tiered File System
Vertical Tiering
• Auto promotion/demotion
• Based on activity/algorithms
• 16KB block-level tiering
• Hot data on RAM
• Warm data on SSD/SAS
• Cold data on nearline NAS or object
• Cost savings
- More than 90% of data typically cold
RAM
Nearline NAS/Object
1 2 3
RAM RAM
SSD/SAS SSD/SAS SSD/SAS
Edge
Core
Up to 50
FXT nodes
RAM
SSD/SAS
…
…
Up to 50
Core Filers
Nearline NAS/Object…
Horizontal Clustering
• Massive scaling: 50 FXT nodes/cluster, 50 Core filers/cluster
• Scale Read IOPS: 100k IOPS per node, 5M IOPS per cluster
• Scale Getattr IOPS: 400k IOPS per node, 20M IOPS per cluster
• Scale Throughput: 4GB/s per node, 200GB/s per cluster
• Replicate hot blocks & stripe large files
• High availability (HA) failover
58. AWS Cloud Compute for Genomics-driven Cancer Drug Discovery
AWS Products and Services
• Amazon EC2
• Hosts Avere’s vFXT’s
• Hosts H3 bioinformatics apps
• Amazon EBS
• Avere vFXT SSD caching layer
• Amazon Workspaces
• AWS Direct Connect
Avere Products and Services
• vFXT
• 3-node r3.2xlarge cluster running on EC2 caching data
for H3 bioinformatics apps
• NAS acceleration and optimization
• vFXT caches on-premise NAS into Amazon AWS
• EC2 hosts see fast access and low latency to the data
Key Results
• Reduced latency by >15X – enabling the use case
• Massive scale – finish genomic analysis faster
• Saved money – turn on EC2 only as needed
• H3 can focus on science not IT
59. Customer Example 2
- Secure Access for Genomics on the AWS Cloud
Customer Situation
• ITMI was creating and receiving large amounts of genome data they wanted to place in AWS. This would
allow researchers to pull whole genome data sets into a cache for processing on their HPC compute
architecture.
Goal
• Inova needed a solution for high-performance access to
Amazon S3.
Cloud
Storage
61. Technology Spotlight - Global Namespace
• Simplified management of heterogeneous core filers
• Single mount point on Avere FXT cluster
• Single namespace *and* accelerated performance
• Junctions (e.g. /sw) for improved namespace organization
/
/sw
/src
/hw
/camaro /audi/archive
/mktg
/assets
Client View of Namespace
Legacy NAS (NetApp, EMC Isilon)
Private Object
Public Object
Avere FXT 5000
Core Filers
/src
/camaro
/audi
/assets
/archive
62. Secure Access for Genomics on the AWS Cloud
AWS Products and Services
• Amazon S3
• Object store repository behind Avere’s vFXT
• AWS Direct Connect
Avere Products and Services
• FXT 3850’s
• On-premise 4-node cluster to create a GNS in front of
existing NetApp and SGI
• FlashCloud
• S3 buckets part of Inova’s Global Namespace
• FlashMove
• Migrates data to S3 storing multi-PB’s of genomic data
Key Results
• High-performance NFS data access
• Genomic analysis results in hours not days
• Avoided $10M purchase of on-premise storage
• Improved patient care
• Improved prediction
63. Customer Example 3
- on-premise and AWS Cloud Availability of Sequencing Results
Customer Situation
• Regeneron had 11 Illumina sequencers running 99% uptime. Regeneron stores the data on-premise and
then transfers a copy of the data to an AWS-based DNAnexus analytics instance.
Goal
• Reduce the amount of time to get the data to AWS thus
increasing the number of sequencing runs
64. On-premise and AWS Cloud Availability of Sequencing Results
64
Proprietary & Confidential
Running about ~1,000 jobs per year
65. Technology Spotlight - FlashMove and FlashMirror
/
/sw
/src
/hw
/camaro /audi/archive
/mktg
/assets
Client View of Namespace
Private Object
Public Object
Avere FXT 5000
Core Filers
/src
/camaro
/audi
/assets
/archive
FlashMove®
• Non-disruptively move data (e.g. /audi) between core filers
FlashMirror®
• Mirror write data (e.g. /src) to two locations for DR
Logical path
unchanged /audi
FlashMove
X
/src’
FlashMirror
Client Write
Legacy NAS (NetApp, EMC Isilon)
66. on-premise and AWS Cloud Availability of Sequencing Results
AWS Products and Services
• Amazon EC2
• Hosts Avere’s vFXT’s
• Hosts DNAnexus
• Amazon EBS
• Avere vFXT SSD caching layer
• Amazon S3
• Object store repository behind Avere’s vFXT
Avere Products and Services
• FXT 4850’s
• On-premise 3-node cluster creates a GNS in front of existing
Hitachi NAS (HNAS)
• vFXT
• 3-node cluster running on EC2 r3.8xlarge instances caches results
from FXT and updates S3
• FlashMirror
• Simultaneously writes all Illumina results to Avere vFXT’s running on
AWS and HNAS
• vFXT provides fast access to data for DNAnexus analysis
Key Results
• Catch and store an on-premise copy of raw data from the sequencers quickly
• Simultaneously move data quickly to Amazon S3 which allowed much faster launch of analysis pipeline using
DNAnexus - turn raw sequencing data into results
• Added 50% more sequencing runs per year (~1K to 1.5K) – no additional sequencers needed to be purchased
• ROI on implementation was ~1 month
67. 67Proprietary & Confidential
Avere Hybrid Cloud NAS – Overall Benefits
Faster Time to
Market Lower Cost Simplicity Flexibility
• Performance
scaling
• Multi-site
collaboration
• Access unlimited
cloud resources
• Hybrid storage
with auto-tiering
• All-Flash tier for
speed
• HDD for low cost
and high density
• NAS familiarity
• Fit with existing
applications
• Powerful GUI and
storage analytics
• Integrate on-
premise & cloud
resources
• Protect on-
premise
investments
• Transition to cloud
at convenient
pace
69. AWS Positioned NAS File Systems
– Avere provides what Enterprise Customers Demand
Features
Avere vFXT
on AWS
Lustre - Intel Cloud
Edition on AWS
Amazon
EFS
NFS ✔ ✔ ✔
SMB2 ✔ ✖ ✖
Multi-protocol volumes ✔ ✖ ✖
Cloud Storage Support (S3) ✔ Migration from only ✖
on-premise Storage Support ✔ ✖ ✖
Cloud Compute Support (EC2) ✔ ✔ ✔
Performance Scaling (Max Perf.) 50 nodes max ✔ ✔
Tiering (EBS + S3) ✔ ✖ ✖
Migration on-premise to S3 (CloudMove) ✔ ✖ ✖
Tiering (EBS + S3 + SIA) ✔ ✖ ✖
Clustered High Availability Failover ✔ ✔ ✔
Snapshots ✔ ✔ ✖
Mirroring/DR ✔ ✔ ✖
GNS/Single Storage Pool ✔ ✔ ✖
Encryption ✔ ✖ ✖
Compression ✔ ✖ ✖
Analytics ✔ ✖ ✖
69 Proprietary and Confidential
70. Hardware r3.2xl r3.8xl FXT 5200 FXT 5400 FXT 5600
DRAM (GB) 61 244 128 256 384
SSD (TB)
1TB or 4TB Persistent
SSD
- 4.8 9.8
SAS (TB) - - 7.2 - -
Network High 10GbE 4x10GbE, 4x1GbE
Performance
5600
5400
5200r3.2xl
AWS
r3.8xl
AWS
Protocols
• To Client: NFSv3 (TCP/UDP), SMB1, SMB2
• To Core Filer: NFSv3 (TCP), S3 API
Clustering
• Cluster from 3 to 50 FXT nodes for perf. and cap. scaling
• HA failover, mirrored writes, redundant network ports &
power
Management
• GUI, analytics, email alerts, SNMP, XML-RPC interface, KMIP
Licensed Software
• FlashCloudTM for Amazon S3, Google (Standard, DRA, and
Nearline), IBM-Cleversafe, HGST-Amplidata, SwiftStack
• NAS Core for on-premise NAS filers (e.g. NetApp, EMC Isilon)
• FlashMove® for data mobility
• FlashMirror® for disaster recovery
Virtual FXT Physical FXT
71. Avere Cloud Snapshots
- Simplicity of NAS, Resiliency of Cloud
Clients
Archive Management
NAS Simplicity
• Familiar NAS-style snapshots
• Space-efficient – block sharing and
compression
• Scheduled or manual snapshot creation
• Bucket-level granularity, 1024 snapshots
per bucket
• Point-in-time object consistency
• File-level recovery (.snapshot directory)
Cloud Resiliency
• AWS S3, Google, IBM-Cleversafe,
HGST-Amplidata & SwiftStack supported
• All snapshot data stored in cloud
• Survive multi-disk, multi-controller, and
complete site failures
• Recover data from complete failure of
customer data center/FXT cluster
• Alternative to expensive and complex
mirroring and other DR methods
Avere FXT
Cluster
Active Snap Snap
Snap
Snap
72. Avere GUI
• Powerful Analytics
• Visibility into entire NAS
environment
• Current and historical stats
- Ops / Second
- Throughput
- Latency
• Drill down
- Conditions
- Alerts
- VServers
- Core filers
- FXT nodes
- Clients
- Hot files
- CacheSee next slide
73. Cache Usage
• Per-filer or per-node data
• Available space
- Read and write
• Used space
- Read and write
• Free space
- Read and write
• Note: Data pulled from
Avere Maximus cluster
74. Who Uses Avere in Life Science/Healthcare and other Verticals?
74
• Movie studios for the top-20 blockbusters of 2015 for special effects
• 3 out of 6 Super Major Oil & Gas Companies
• 2 of the Forbes top 5 biotech companies for genomic analysis
• Leading hedge funds for financial simulations
• 8 of the top 9 technology companies are customers or partners
• 3+ government agencies, including CDC, Library of Congress, and NASA
Proprietary and Confidential
75. 05:00 PM – 06:30 PMClosing Remarks, Q&A and Networking6
04:15 PM – 05:00 PMLeveraging Amazon Echo and AWS to build Healthcare IoT Applications5
03:30 PM – 04:15 PMCognizant: Architecting for High Availability & Business Continuity4
02:45 PM – 03:30 PMRemoving Boundaries Between On-prem and Cloud Resources for Life Science
Research Environments
3
02:30 PM – 02:45 PMBreak
01:30 PM – 02:30 PMBest practices when building a validated system on AWS for the Life Sciences2
01:00 PM – 01:30 PMIntroduction and Opening Remarks1
Agenda
77. Agenda
77
Architecting for High Availability & Business Continuity
• Designing for High Availability (HA)
• Designing based on application RTO and RPO
78. Designing Continuity Options
78
High Availability (HA)
• Ensuring the applications downtime
is minimized as much as possible
without the need for Human
intervention
• Elimination of single points of failure
• Reliable crossover
• Detection of failures as they occur
• Minimal interruption
Disaster Recovery
Backup and Restore
• Backup environment and restore from
backup
• Longest recovery time
Pilot Light
• Minimal version of an environment
created and paused
• Faster recovery time than backup and
restore
Warm Standby
• Scaled -down version of a fully
functional environment always
running
• Further decreases the recovery time
because some services are always
running
79. Example 1 –High Availability, Multi-AZ deployment
79
Background:
The application, Trackwise, is an enterprise quality management software (EQMS) solution
that optimizes quality, ensures compliance, reduces risk, and lowers costs for world-class
clients across a range of industries. This organization wanted to host this GXP application in
the AWS cloud and contains the following:
• Application and web servers hosted on AWS EC2
• Oracle server hosted using AWS RDS
• EBS Volumes for persistent storage
Objective:
Create a HA environment using multi-AZ in a validated environment for Production and QA
and create IQ/OQ templates and SOP’s.
80. Example 1 – AWS Products and Services Used
80
Elastic Load Balancing (ELB)
• Distribute incoming traffic across EC2 instances in a single Availability Zone or
multiple Availability Zones.
Amazon Elastic Block Store (EBS)
• Persistent block level storage volumes for use with Amazon EC2 instances in the
AWS Cloud.
Amazon Relational Database Service (RDS)
• Cost-efficient, resizable capacity for an industry-standard relational database and
manages common database administration tasks.
Amazon Simple Storage Service S3
• Secure, durable, highly-scalable Object cloud storage
Auto Scaling
• Maintain application availability and allows you to scale your Amazon EC2 capacity
up or down automatically according to conditions you define.
81. US East (N. Virginia)
Availability Zone: us-east-1b
security group
Private Subnet
Web/App Server:
EC2 Instance
EBS Volumes
Private Subnet
Availability Zone: us-east-1c
security group
Private Subnet
Web/App Server:
EC2 Instance
EBS Volumes
Private Subnet
Users/Apps
Customer Gateway
Glacier
Identity and Access
Management (IAM)
CloudWatch:
Collect
Metrics
Elastic Load Balancing (ELB)
Internet gateway
VPN connection
Amazon S3
Oracle RDS Master
RDS Standby Instance
EBS Snapshots
CloudTrail:
Event Logging
TrackWise Multi-AZ Architecture on AWS
Archives to
Glacier
Virtual Private Gateway
Cloud
Formation
security group
Crystal RAS Server Crystal RAS Server
RDSDBSnapshotsand
automatedbackups
security group
security group security group
Synchronous Replication
82. Example 1 – Key Takeaways for HA
82
Redundancy at every layer
• Multi Availability Zones
• Elastic load balancers
• Auto scaling
• EBS Volumes for persistent storage
• Muti-AZ RDS for database
83. Example 2 – Choosing the right design HA or DR model
83
Background: Considering the GXP requirements the Trackwise application needed to be in multiple
VPC’s, validated and non-validated. Each VPC had different RTO and RPO requirements. The
Training, Dev and sandbox did not require validated VPC’s and had an RTO and RPO of 4hrs.
Objective:
Create DR site that meets the Maximum 4hr RTO and RPO
84. Example 2 – Products and Services Used
84
AMI
• A template for the root volume for the instance (for example, an operating system, an application server, and
applications)
• A block device mapping that specifies the volumes to attach to the instance when it's launched
Snap Shots
• After writing data to an EBS volume, you can periodically create a snapshot of the volume to use as a baseline
for new volumes or for data backup.
Amazon S3
• Secure, durable, highly-scalable Object cloud storage
Elastic Load Balancing
• Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2
instances in the cloud
• Using Route 53 DNS failover, you can run applications in multiple AWS regions and designate alternate load
balancers for failover across regions.
85. US East (N. Virginia)
security group
Dev Private Subnet
Web/App Server:
EC2 Instance
EBS Volumes
Patheon Users/Apps
Customer Gateway
Glacier
CloudWatch:
Collect
Metrics
Elastic Load Balancing (ELB)
VPN connection
Amazon S3
Oracle RDS Dev
Instance:
recovered
CloudTrail:
Event Logging
TrackWise
Dev DR /Non validated Environment on
AWS
Archives to
Glacier
Virtual Private Gateway
Cloud
Formation
Crystal RAS
Server
QA security group
Crystal RAS , Utilities/Integration
Server
Web/App Servers EBS Volumes
Dev Private Subnet
Oracle RDS Dev
Instance: Single
AZ deployment
Private subnet
QA security group
US West (Oregon)
DR Site
Private subnet
86. Key Takeaways for Continuity
86
Designing for appropriate RTO and RPO
• Amazon Route 53
• Elastic Load Balancing
• AMI”S
• EBS Volumes for persistent storage
• Snapshots
• Replication of database
87. Tools to Achieve Continuity
87
Amazon Route 53
• Route 53 effectively connects user requests to infrastructure running in AWS – such as Amazon EC2 instances,
Elastic Load Balancing load balancers, or Amazon S3 buckets – and can also be used to route users to
infrastructure outside of AWS
AWS CloudFormation
• Enables you to use a template file to create and delete a collection of resources together as a single unit (a
stack).
Amazon RDS
• Amazon RDS creates a storage volume snapshot of your DB instance, backing up the entire DB instance
Elastic Load Balancing
• Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2
instances in the cloud
• Using Route 53 DNS failover, you can run applications in multiple AWS regions and designate alternate load
balancers for failover across regions.
88. Tools to Achieve Continuity
88
Amazon RDS
• When you provision a Multi-AZ DB Instance, Amazon RDS synchronously replicates the data to a standby
instance in a different Availability Zone (AZ).
• Amazon RDS uses the MySQL, MariaDB, and PostgreSQL (version 9.3.5 and later) DB engines' built-in
replication functionality to create a special type of DB instance called a Read Replica
Elastic IP’s
Static IP addresses designed for dynamic cloud computing.
Auto Scaling
• Scale your Amazon EC2 capacity up or down automatically according to conditions you define
Amazon CloudWatch
Collect and monitor log files, set alarms, and automatically react to changes in your AWS resources
Directory Service
• Provides multiple ways to use Microsoft Active Directory with other AWS services.
89. Considerations when creating architecture
89
• Leveraging AWS tools together you can achieve additional functionality and a low cost
automated DR solutions to meet any RTO and RPO requirements.
• Achieve cost savings by designing a solution based on specific application requirements.
• Design to prevent any single point of failure.
• Leverage all AWS service to optimize your business continuity
91. 05:00 PM – 06:30 PMClosing Remarks, Q&A and Networking6
04:15 PM – 05:00 PMLeveraging Amazon Echo and AWS to build Healthcare IoT Applications5
03:30 PM – 04:15 PMCognizant: Architecting for High Availability & Business Continuity4
02:45 PM – 03:30 PMRemoving Boundaries Between On-prem and Cloud Resources for Life Science
Research Environments
3
02:30 PM – 02:45 PMBreak
01:30 PM – 02:30 PMBest practices when building a validated system on AWS for the Life Sciences2
01:00 PM – 01:30 PMIntroduction and Opening Remarks1
Agenda
92. Leveraging Amazon Echo and AWS to build IoT
Applications
Chris McCurdy
AWS Healthcare and Life Sciences Specialist Solutions Architect
94. What is IoT?
The internet of things (IoT) is the network of physical objects—devices,
vehicles, buildings and other items—embedded with electronics, software,
sensors, and network connectivity that enables these objects to collect and
exchange data.
https://en.wikipedia.org/wiki/Internet_of_things
Why AWS IoT?
AWS IoT can support billions of devices and trillions of messages, and can
process and route those messages to AWS endpoints and to other devices
reliably and securely. With AWS IoT, your applications can keep track of and
communicate with all your devices, all the time, even when they aren’t
connected.
95. Grove IoT Kit from Seeed Studio
http://www.seeedstudio.com/wiki/images/d/d0/Aws_kit_edison.JPG
96. Use-Case: Medication Status
Scenario:
Button is pressed by a technician to dispense medication
Requirements:
• Simple example (one of many ways)
• Data stored in queriable repository
• Notification via SMS if medication is not distributed for a day
• Accessible from Amazon Echo/Alexa
AWS
98. Elephant in the room
http://nos.twnsnd.co/post/104252656546/elephants-tea-party-robur-tea-room-24-march
Amazon
Kinesis
AWS
Lambda
Amazon
DynamoDB
Amazon
SNS
Alexa
AWS IoT
HIPAA Eligible Not HIPAA Eligible
99. What does AWS IoT Consist of?
Device Gateway
The managed backbone of communication between
connected devices and the cloud which supports
the pub/sub messaging pattern, enabling scalable, low-
latency, and low-overhead communication.
IoT Rule Engine
The AWS IoT Rules Engine enables continuous processing
of inbound data from devices connected to the AWS IoT
service in a SQL-like syntax.
100. What doe AWS IoT Consist of? (Part 2)
Device Registry
Allows you to organize and track devices using a logical
handle.
Device Shadow
Used to store and retrieve current state information for a
thing whether it is connected to the internet or not.
101. HTTPS, WebSockets and MQTTS
Supported Protocols
HTTPS, Websockets, Secure MQTT
What is MQTT?
A lightweight pub/sub protocol, designed to minimize network bandwidth and device
resource requirements. MQTT supports TLS for encryption.
MQTTS vs HTTPS:
• 93x faster throughput
• 11.89x less battery to send
• 170.9x less battery to receive
• 50% less power to keep connected
• 8x less network overhead
Source: http://stephendnicholas.com/archives/1217
102. Installing the SDKs
Install jsupm_grove and AWS IoT SDK
$ npm install jsupm_grove@0.4.0
$ npm install aws-iot-device-sdk
105. Certificate Signing Request
Dear Certificate Authority,
I’d really like a certificate for %NAME%, as identified by
the key pair with public key %PUB_KEY%. If you could sign
a certificate for me with those parameters, it’d be super
spiffy.
Signed (Cryptographically),
- The holder of the private key
114. Creating Kinesis Role and Stream
$ aws kinesis create-stream
–-stream-name medication_status_stream
–-shard-count 2
Amazon
Kinesis
• Streams are made of Shards
• Each Shard ingests data up to
1MB/sec, and up to 1000 TPS
• Each Shard emits up to 2 MB/sec
• All data is stored for 24 hours – 7
days
• Scale Kinesis streams by splitting or
merging Shards
• Replay data inside of 24Hr -7days
Window
115. Define IoT Kinesis Policy and Role
IoT
rule
IoT Kinesis Policy
IoT Kinesis Trust Policy
119. Creating DynamoDB table
Amazon
DynamoDB
Throughput
• Provisioned at the table level
• Write capacity units (WCUs) are measured in 1KB per second
• Read capacity units (RCUs) are measured in 4KB per second
• RCUs measure strictly consistent reads
• Eventually consistent reads cost ½ of constant reads
• Read and write throughput limits are independent
• Increase as necessary, decrease at most 4 times per UTC day
120. Creating Lambda to Load Dynamo
Amazon
Kinesis
AWS
Lambda
Amazon
DynamoDB
123. Deploying the Medication Status Lambda
Amazon
Kinesis
AWS
Lambda
Amazon
DynamoDB
Resource Sizing
• AWS Lambda offers 23 "power levels"
• Higher levels offer more memory and more CPU
power
• 128MB, lowest CPU power
• 1.5GB, highest CPU power
• Compute price scales with the power level
• Duration ranging from 100ms to 5 minutes