Healthcare and Life Sciences Event Agenda on AWS

Healthcare and Life Sciences Days
New Jersey
Mark Johnston, Director of Global Business Development,
Healthcare and Life Sciences
July 26, 2016

05:00 PM – 06:30 PMClosing Remarks, Q&A and Networking6
04:15 PM – 05:00 PMLeveraging Amazon Echo and AWS to build Healthcare IoT Applications5
03:30 PM – 04:15 PMCognizant: Architecting for High Availability & Business Continuity4
02:45 PM – 03:30 PMRemoving Boundaries Between On-prem and Cloud Resources for Life Science
Research Environments
3
02:30 PM – 02:45 PMBreak
01:30 PM – 02:30 PMBest practices when building a validated system on AWS for the Life Sciences2
01:00 PM – 01:30 PMIntroduction and Opening Remarks1
Agenda

Making Pharma Manufacturing More Efficient

Pere
Chairman
Pep
CEO
Toni, PhD
Chief Scientist Officer
30 years, 3 companies
ADVISORY BOARD
FROM:
BACKGROUND

BACKGROUND
30 years of expertise
in Pharma and IT
M2R - Pioneer application for statistical control and execution systems for
pharmaceutical industry manufacturing (acquired by Aspen Technology
Inc. (USA) in 2000)
SVS - International company (9 countries) providing Computerized System
Validation and Regulatory compliance for Pharma manufacturing (acquired
by Azbil (JAPAN) in 2012)

$50
wasted by Pharma
manufacturers each year
Billion
PHARMA MANUFACTURING CHALLENGES
Source: W. Nicholson Price II, Making Do in Making Drugs: Innovation Policy and Pharmaceutical Manufacturing, 55 B.C.L. Rev. 491

70% of manufacturing data
is unused
CHALLENGES
Source: Gartner

Patent expiration: price drop & new
competition
Personalized medicines, not blockbusters
Offshoring manufacturing
Margin pressure
(Economic efficiency)
…and this is not affordable anymore:
PAT & QbD
ICH Q8, Q9 & Q10
Drug Quality and Security Act (DQSA)
Data Integrity
Regulatory compliance
CHALLENGES

WHY CLOUD
Pharma processes are complex and consist
in the combination of CQA, CPP but also the
rest of variables that are not considered
critical, but physically they are part of the
reality.
Reality is complex.

WHY AWS
Versioning
Security
Encryption
Cloud Platform
Big Data Blocks
Certifications
QMS
Implementation &
GMP requirements
bigengine approaches the science
of the regulated data to the users
Qualified platform
Validatable Solution
AWS is the most suitable cloud platform for Pharma requirements

IoT
CLIMA
Advanced Analytics
Siloed data
70% unused
Finds inefficiencies Discovers cause
bigengine
SaaS Platform
SAP
ERP
MES
Legacy
IoT
ERP
MES
IoT
ERP
LIMS
CLIMA Users
SOLUTION

Increases Efficiency
& Quality
Lowers
Risk
SOLUTION

SOLUTION
Pharma Knowledge Discovery Platform
Big Data Analytics
Cloud Technologies
Advanced Analytics
Machine Learning
Neural Networks
Pattern recognition
Regulated Data Lake
Process normalization
Predictions
Golden Batch
PAT
CPV

POCs
Use Cases
VOC, EL & Cooling processes
Optimization
Defects in tablets
Causality Detection
1
2

USE CASE 1 - VOC, EL & Cooling processes Optimization
Solvents&RawMaterial
Reactor 1
Reactor 2
(…)
Reactor n
Emissions
Parallel processes Sequential processes

USE CASE 1 - VOC, EL & Cooling processes Optimization
>17%
Energy
savings
EL >20% x 1h
After a 2 months POC using bigengine, 17% energy savings in the cooling processes,
and no EL incidents (previously several per month)
0

USE CASE 2 - Defects in tablets - Causality Detection
Warehouse
Why?
Weight & Disp. Mixing Granulation
DryingCompressionCoatingPackaging

USE CASE 2 - Defects in tablets - Causality Detection
Root causes Defects
In course: 2 root causes detected so far,
60% reduction in defects (from 10% to 4%, still optimizing)
60%
reduction
2
detected

Best practices when building a validated system on
AWS for the Life Sciences
Scott Paddock
AWS Security Solutions Architect
Ezra Jennings
Audit Ingestion and DevSecOps
at Medidata Solutions

Agenda
• DevSecOps Primer
• Observed industry cloud techniques with AWS
• Tools, processes and frameworks to assist
• A word on Validation
• [Add]

DevOps Level Set
Development
Quality
Assurance
Operations
DevOps

DevOps Toolchain
Plan
Configure
Verify
Preprod
Monitor
Create
Release
Define and plan; business value, application requirements and metrics
Building, coding and configuration
Ensuring quality; acceptance, regression testing
Infrastructure and application
Approval/certification, triggered releases, release staging and holding
Process, application and infrastructure
Release coordination, promotion, scheduling, rollback and recovery

DevOps Principles
• Collaborate with all stakeholders
• Codify everything
• Test everything
• Automate everything
• Measure and monitor everything
• Deliver business value with continual feedback
Manual Hacking

Drivers for DevSecOps
Embedding Security into DevOps was not successful
because…
• Compliance checklists didn’t take us far before we
stopped scaling…
• We couldn’t keep up with deployments without
automation…
• Standard Security Operations did not work…
• And we needed far more data than we expected to help
the business make decisions…

DevSecOps: Security as Code
Establishing these principles…
• Customer focused mindset
• Scale, scale, scale
• Objective criteria
• Proactive hunting
• Continuous detection and response

DevOps Toolchain
Plan
Configure
Verify
Preprod
Monitor
Create
Release
Define and plan; business value, application requirements, security, compliance
and metrics
Build, code and configuration
Ensuring quality; acceptance, regression, security and compliance testing
Infrastructure and application
Approval/certification, triggered releases, release staging and holding
Process, application, infrastructure, security and compliance
Release coordination, promotion, scheduling, rollback and recovery

Observed industry cloud techniques with AWS

AWS as components
http://icon-park.com/icon/light-orange-lego-brick-vector-data-for-free/

AWS Foundation Services
Compute Storage Database Networking
AWS Global
Infrastructure Regions
Availability Zones
Edge Locations
Customers
Platform, Applications, Identity & Access Management
Operating System, Network & Firewall
Customer content
Client-side encryption implementation, Server-side encryption,
Network Traffic Protection
A Word on Security
Security
in the
cloud
Security
of the
cloud

Consult internally before implementing
The following slides are practices we
have seen used in industry. As security
and industry compliance is determined by
the customer before implementing
please:
• Consult with your internal best
practices
• Consult with with your Cloud Center of
Excellence
• Consult with your Information Security
group
• Consult with your Compliance
organization
• Do your due diligence

General Strategies
AWS
CodeCommit
AWS
CodeDeploy
AWS
CodePipeline
Consult with compliance and security organizations before implementing
• Decouple protected/sensitive data from
the processing or orchestration
• Track where your protected/sensitive data
flows
• Do not check the protected data into
your source or artifact repository!
• Use indirection when orchestrating your
protected/sensitive data flow
• Separate protected/sensitive and general
workflow logical boundaries

Separate Virtual Private Cloud (VPC) Strategy
Amazon
EC2
Amazon
EMR
Amazon
S3
Protected/Sensitive Data VPC
Amazon
EC2
General VPC
AWS Directory
Service
AWS
Device Farm
P/S

AWS Service
Amazon
EC2
Amazon
EMR
Amazon
Glacier
Amazon
S3
Amazon
DynamoDB
Amazon
RDS (MySQL
and Oracle)
Amazon
Redshift
Amazon
EBS
Elastic Load
Balancing
Amazon ECS AWS Elastic
Beanstalk
AWS
CodeCommit
AWS
CodeDeploy
AWS
CodePipeline
SQS
SNS
AWS Config
AWS
Device Farm
AWS HIPAA Eligible Services
(as of 4/21)
AWS Non-HIPAA Eligible Services

Indirection Strategy
Data Processing
SystemInbound
Data Store
(S3)
HTTPS
Send
SQS
SNS
Claims
P/S Data

A Word On Validation
Workflows or Systems

AWS and Validated Systems
• Major companies run GxP on AWS today
• We have GxP resources available to help you migrate
GxP systems to the AWS Cloud
• Exciting developments with Lachman Consulting

About Medidata
• SaaS Platform for clinical development, analytics and benchmarking in life
sciences
• Started in 1999
• Over 9,000 trials in more than 130 countries
• Serve CROs and contracting partners (pharmaceutical companies)
• We’re hiring: http://www.mdsol.com/en/careers

What are Audits?
• A record of actions that create, modify or delete clinically relevant data
• Crucial for asserting confidentiality, integrity and authenticity of this data.
• I’ll talk about how auditing is difficult, and how AWS makes DevSecOps for
auditing solutions a lot easier.

Audits MUST BE…
• Captured transactionally with patient data points (as well as other clinically
relevant data)
• Persisted
• Immutable
• Consistent
• Retrievable
• Secure
• (should be) Cheap to store

Audits are Voluminous
• Medidata persists eight billion clinical records from more than two million
patients across more than 9,000 studies
• More than one half million patient data points are added daily
• Regulatorily required to capture audits transactionally with these data points
(as well as other clinically relevant data)
• ~600 audits per second … And growing!

…and Growing!
• GADGET trial with GlaxoSmithKline
• Patients wore Vital Connect Health Patch (http://www.vitalconnect.com/)
• ECG, skin temperature, etc.
• 1 week
• ~350 GB of audit data
• ~300 million data points (and their audits)
• More data than many years-long trials collect over their lifetimes

Solution: MAudit
• Audit ingestion and validation service
• Scalable
• Centralized
• Durable
• Highly Available
• Secure
• Fault Tolerant
• Built on AWS Infrastructure

Audit
Producers
MAudit
Servers
(EC2)
Glacier
Kinesis

MAudit and DevSecOps at AWS
• S3: Programmatically defined persistence, with security and infinite scaling
• Autoscaling Groups: Codified app server scaling
• VPC: Virtual Private Cloud
• Kinesis: Codified, scalable streaming of data
• IAM: Programmatically defined access controls
• EMR: Queries on large numbers of files
• CloudFormation: Specifying all of the above in code
• ECS: Scalable containers

Avere + AWS
Removing Boundaries Between On-
premise and Cloud Resources for Life
Science Research Environments
July 2016
Greg Mazzu – Sr. Systems Engineer

Tiered File System
Our Team
File system people
Our Product
NAS purpose-built for
hybrid cloud
Our Technology
Performance and capacity
separation, optimization

Avere Hybrid NAS
• Offered as hardware appliance (FXT) or software (vFXT – AWS AMI)
• FXT composed of fast media (RAM, SSD or SAS, and EBS SSD)
• Purpose built Tiered File System (TFS)
• Automatic local caching of “hot” data
• Local termination of read, write and metadata operations
• Data access via NAS protocols: NFS & SMB
• Non-disruptive migration of workloads and data from on-premise to S3
• Secure end-to-end encryption to the cloud
• All objects encrypted for data at rest
• SSL encryption for data in flight
• Scale out cluster from 3 to 50 nodes
• Increases performance and cache
• Space efficient cloud snap shots
• Enterprise grade highly available cluster
53
Avere FXT Edge Filer
Clusters 3-50 nodes
(3 shown)
Proprietary and Confidential

Avere Hybrid Cloud
– Removing Legacy Boundaries between Compute and Storage
Cloud
Compute
On-premise
Compute
Cloud
Storage
On-premise
Storage
NAS
Object
Bucket 1 Bucket 2
Bucket n
Virtual Compute Farm
Virtual FXT
File Storage for
Private Object
NAS Optimization
Cloud NAS
Physical FXT

Customer Example 1
- AWS Cloud Compute for Genomics-driven Cancer Drug Discovery
Customer Situation
• H3 wanted to leverage AWS’s compute for bioinformatics apps. H3’s initial trial, even with high-speed
access over a private network, gave users a 15ms latency between on-premise storage in Cambridge and
the nearest cloud compute infrastructure. This latency rendered the use case unusable.
Goal
• H3 wanted to take full advantage of a zero capital, linearly
scalable compute infrastructure to accelerate pipelines -
and ultimately reduce time to discovery.

AWS Cloud Compute for Genomics-driven Cancer Drug Discovery

Technology Spotlight - Tiered File System
Vertical Tiering
• Auto promotion/demotion
• Based on activity/algorithms
• 16KB block-level tiering
• Hot data on RAM
• Warm data on SSD/SAS
• Cold data on nearline NAS or object
• Cost savings
- More than 90% of data typically cold
RAM
Nearline NAS/Object
1 2 3
RAM RAM
SSD/SAS SSD/SAS SSD/SAS
Edge
Core
Up to 50
FXT nodes
RAM
SSD/SAS
…
…
Up to 50
Core Filers
Nearline NAS/Object…
Horizontal Clustering
• Massive scaling: 50 FXT nodes/cluster, 50 Core filers/cluster
• Scale Read IOPS: 100k IOPS per node, 5M IOPS per cluster
• Scale Getattr IOPS: 400k IOPS per node, 20M IOPS per cluster
• Scale Throughput: 4GB/s per node, 200GB/s per cluster
• Replicate hot blocks & stripe large files
• High availability (HA) failover

AWS Cloud Compute for Genomics-driven Cancer Drug Discovery
AWS Products and Services
• Amazon EC2
• Hosts Avere’s vFXT’s
• Hosts H3 bioinformatics apps
• Amazon EBS
• Avere vFXT SSD caching layer
• Amazon Workspaces
• AWS Direct Connect
Avere Products and Services
• vFXT
• 3-node r3.2xlarge cluster running on EC2 caching data
for H3 bioinformatics apps
• NAS acceleration and optimization
• vFXT caches on-premise NAS into Amazon AWS
• EC2 hosts see fast access and low latency to the data
Key Results
• Reduced latency by >15X – enabling the use case
• Massive scale – finish genomic analysis faster
• Saved money – turn on EC2 only as needed
• H3 can focus on science not IT

Customer Example 2
- Secure Access for Genomics on the AWS Cloud
Customer Situation
• ITMI was creating and receiving large amounts of genome data they wanted to place in AWS. This would
allow researchers to pull whole genome data sets into a cache for processing on their HPC compute
architecture.
Goal
• Inova needed a solution for high-performance access to
Amazon S3.
Cloud
Storage

InovaAmazon Web Services
HIPAA Compliant
SecureAccess for Genomics on the AWS Cloud

Technology Spotlight - Global Namespace
• Simplified management of heterogeneous core filers
• Single mount point on Avere FXT cluster
• Single namespace *and* accelerated performance
• Junctions (e.g. /sw) for improved namespace organization
/
/sw
/src
/hw
/camaro /audi/archive
/mktg
/assets
Client View of Namespace
Legacy NAS (NetApp, EMC Isilon)
Private Object
Public Object
Avere FXT 5000
Core Filers
/src
/camaro
/audi
/assets
/archive

Secure Access for Genomics on the AWS Cloud
• Amazon S3
• Object store repository behind Avere’s vFXT
• AWS Direct Connect
• FXT 3850’s
• On-premise 4-node cluster to create a GNS in front of
existing NetApp and SGI
• FlashCloud
• S3 buckets part of Inova’s Global Namespace
• FlashMove
• Migrates data to S3 storing multi-PB’s of genomic data
Key Results
• High-performance NFS data access
• Genomic analysis results in hours not days
• Avoided $10M purchase of on-premise storage
• Improved patient care
• Improved prediction

Customer Example 3
- on-premise and AWS Cloud Availability of Sequencing Results
Customer Situation
• Regeneron had 11 Illumina sequencers running 99% uptime. Regeneron stores the data on-premise and
then transfers a copy of the data to an AWS-based DNAnexus analytics instance.
Goal
• Reduce the amount of time to get the data to AWS thus
increasing the number of sequencing runs

On-premise and AWS Cloud Availability of Sequencing Results
64
Proprietary & Confidential
Running about ~1,000 jobs per year

Technology Spotlight - FlashMove and FlashMirror
/
/sw
/src
/hw
/camaro /audi/archive
/mktg
/assets
Client View of Namespace
Private Object
Public Object
Avere FXT 5000
Core Filers
/src
/camaro
/audi
/assets
/archive
FlashMove®
• Non-disruptively move data (e.g. /audi) between core filers
FlashMirror®
• Mirror write data (e.g. /src) to two locations for DR
Logical path
unchanged /audi
FlashMove
X
/src’
FlashMirror
Client Write
Legacy NAS (NetApp, EMC Isilon)

on-premise and AWS Cloud Availability of Sequencing Results
• Amazon EC2
• Hosts Avere’s vFXT’s
• Hosts DNAnexus
• Amazon EBS
• Avere vFXT SSD caching layer
• Amazon S3
• Object store repository behind Avere’s vFXT
• FXT 4850’s
• On-premise 3-node cluster creates a GNS in front of existing
Hitachi NAS (HNAS)
• vFXT
• 3-node cluster running on EC2 r3.8xlarge instances caches results
from FXT and updates S3
• FlashMirror
• Simultaneously writes all Illumina results to Avere vFXT’s running on
AWS and HNAS
• vFXT provides fast access to data for DNAnexus analysis
Key Results
• Catch and store an on-premise copy of raw data from the sequencers quickly
• Simultaneously move data quickly to Amazon S3 which allowed much faster launch of analysis pipeline using
DNAnexus - turn raw sequencing data into results
• Added 50% more sequencing runs per year (~1K to 1.5K) – no additional sequencers needed to be purchased
• ROI on implementation was ~1 month

67Proprietary & Confidential
Avere Hybrid Cloud NAS – Overall Benefits
Faster Time to
Market Lower Cost Simplicity Flexibility
• Performance
scaling
• Multi-site
collaboration
• Access unlimited
cloud resources
• Hybrid storage
with auto-tiering
• All-Flash tier for
speed
• HDD for low cost
and high density
• NAS familiarity
• Fit with existing
applications
• Powerful GUI and
storage analytics
• Integrate on-
premise & cloud
resources
• Protect on-
premise
investments
• Transition to cloud
at convenient
pace

Thank you!
www.averesystems.com
sales@averesystems.com
888-88-AVERE

AWS Positioned NAS File Systems
– Avere provides what Enterprise Customers Demand
Features
Avere vFXT
on AWS
Lustre - Intel Cloud
Edition on AWS
Amazon
EFS
NFS ✔ ✔ ✔
SMB2 ✔ ✖ ✖
Multi-protocol volumes ✔ ✖ ✖
Cloud Storage Support (S3) ✔ Migration from only ✖
on-premise Storage Support ✔ ✖ ✖
Cloud Compute Support (EC2) ✔ ✔ ✔
Performance Scaling (Max Perf.) 50 nodes max ✔ ✔
Tiering (EBS + S3) ✔ ✖ ✖
Migration on-premise to S3 (CloudMove) ✔ ✖ ✖
Tiering (EBS + S3 + SIA) ✔ ✖ ✖
Clustered High Availability Failover ✔ ✔ ✔
Snapshots ✔ ✔ ✖
Mirroring/DR ✔ ✔ ✖
GNS/Single Storage Pool ✔ ✔ ✖
Encryption ✔ ✖ ✖
Compression ✔ ✖ ✖
Analytics ✔ ✖ ✖
69 Proprietary and Confidential

Hardware r3.2xl r3.8xl FXT 5200 FXT 5400 FXT 5600
DRAM (GB) 61 244 128 256 384
SSD (TB)
1TB or 4TB Persistent
SSD
- 4.8 9.8
SAS (TB) - - 7.2 - -
Network High 10GbE 4x10GbE, 4x1GbE
Performance
5600
5400
5200r3.2xl
AWS
r3.8xl
AWS
Protocols
• To Client: NFSv3 (TCP/UDP), SMB1, SMB2
• To Core Filer: NFSv3 (TCP), S3 API
Clustering
• Cluster from 3 to 50 FXT nodes for perf. and cap. scaling
• HA failover, mirrored writes, redundant network ports &
power
Management
• GUI, analytics, email alerts, SNMP, XML-RPC interface, KMIP
Licensed Software
• FlashCloudTM for Amazon S3, Google (Standard, DRA, and
Nearline), IBM-Cleversafe, HGST-Amplidata, SwiftStack
• NAS Core for on-premise NAS filers (e.g. NetApp, EMC Isilon)
• FlashMove® for data mobility
• FlashMirror® for disaster recovery
Virtual FXT Physical FXT

Avere Cloud Snapshots
- Simplicity of NAS, Resiliency of Cloud
Clients
Archive Management
NAS Simplicity
• Familiar NAS-style snapshots
• Space-efficient – block sharing and
compression
• Scheduled or manual snapshot creation
• Bucket-level granularity, 1024 snapshots
per bucket
• Point-in-time object consistency
• File-level recovery (.snapshot directory)
Cloud Resiliency
• AWS S3, Google, IBM-Cleversafe,
HGST-Amplidata & SwiftStack supported
• All snapshot data stored in cloud
• Survive multi-disk, multi-controller, and
complete site failures
• Recover data from complete failure of
customer data center/FXT cluster
• Alternative to expensive and complex
mirroring and other DR methods
Avere FXT
Cluster
Active Snap Snap
Snap
Snap

Avere GUI
• Powerful Analytics
• Visibility into entire NAS
environment
• Current and historical stats
- Ops / Second
- Throughput
- Latency
• Drill down
- Conditions
- Alerts
- VServers
- Core filers
- FXT nodes
- Clients
- Hot files
- CacheSee next slide

Cache Usage
• Per-filer or per-node data
• Available space
- Read and write
• Used space
- Read and write
• Free space
- Read and write
• Note: Data pulled from
Avere Maximus cluster

Who Uses Avere in Life Science/Healthcare and other Verticals?
74
• Movie studios for the top-20 blockbusters of 2015 for special effects
• 3 out of 6 Super Major Oil & Gas Companies
• 2 of the Forbes top 5 biotech companies for genomic analysis
• Leading hedge funds for financial simulations
• 8 of the top 9 technology companies are customers or partners
• 3+ government agencies, including CDC, Library of Congress, and NASA
Proprietary and Confidential

Architecting for High Availability & Business Continuity
AWS LS Event New Jersey

Agenda
77
Architecting for High Availability & Business Continuity
• Designing for High Availability (HA)
• Designing based on application RTO and RPO

Designing Continuity Options
78
High Availability (HA)
• Ensuring the applications downtime
is minimized as much as possible
without the need for Human
intervention
• Elimination of single points of failure
• Reliable crossover
• Detection of failures as they occur
• Minimal interruption
Disaster Recovery
Backup and Restore
• Backup environment and restore from
backup
• Longest recovery time
Pilot Light
• Minimal version of an environment
created and paused
• Faster recovery time than backup and
restore
Warm Standby
• Scaled -down version of a fully
functional environment always
running
• Further decreases the recovery time
because some services are always
running

Example 1 –High Availability, Multi-AZ deployment
79
Background:
The application, Trackwise, is an enterprise quality management software (EQMS) solution
that optimizes quality, ensures compliance, reduces risk, and lowers costs for world-class
clients across a range of industries. This organization wanted to host this GXP application in
the AWS cloud and contains the following:
• Application and web servers hosted on AWS EC2
• Oracle server hosted using AWS RDS
• EBS Volumes for persistent storage
Objective:
Create a HA environment using multi-AZ in a validated environment for Production and QA
and create IQ/OQ templates and SOP’s.

Example 1 – AWS Products and Services Used
80
Elastic Load Balancing (ELB)
• Distribute incoming traffic across EC2 instances in a single Availability Zone or
multiple Availability Zones.
Amazon Elastic Block Store (EBS)
• Persistent block level storage volumes for use with Amazon EC2 instances in the
AWS Cloud.
Amazon Relational Database Service (RDS)
• Cost-efficient, resizable capacity for an industry-standard relational database and
manages common database administration tasks.
Amazon Simple Storage Service S3
• Secure, durable, highly-scalable Object cloud storage
Auto Scaling
• Maintain application availability and allows you to scale your Amazon EC2 capacity
up or down automatically according to conditions you define.

US East (N. Virginia)
Availability Zone: us-east-1b
security group
Private Subnet
Web/App Server:
EC2 Instance
EBS Volumes
Private Subnet
Availability Zone: us-east-1c
security group
Private Subnet
Web/App Server:
EC2 Instance
EBS Volumes
Private Subnet
Users/Apps
Customer Gateway
Glacier
Identity and Access
Management (IAM)
CloudWatch:
Collect
Metrics
Internet gateway
VPN connection
Amazon S3
Oracle RDS Master
RDS Standby Instance
EBS Snapshots
CloudTrail:
Event Logging
TrackWise Multi-AZ Architecture on AWS
Archives to
Glacier
Virtual Private Gateway
Cloud
Formation
security group
Crystal RAS Server Crystal RAS Server
RDSDBSnapshotsand
automatedbackups
security group
security group security group
Synchronous Replication

Example 1 – Key Takeaways for HA
82
Redundancy at every layer
• Multi Availability Zones
• Elastic load balancers
• Auto scaling
• Muti-AZ RDS for database

Example 2 – Choosing the right design HA or DR model
83
Background: Considering the GXP requirements the Trackwise application needed to be in multiple
VPC’s, validated and non-validated. Each VPC had different RTO and RPO requirements. The
Training, Dev and sandbox did not require validated VPC’s and had an RTO and RPO of 4hrs.
Objective:
Create DR site that meets the Maximum 4hr RTO and RPO

Example 2 – Products and Services Used
84
AMI
• A template for the root volume for the instance (for example, an operating system, an application server, and
applications)
• A block device mapping that specifies the volumes to attach to the instance when it's launched
Snap Shots
• After writing data to an EBS volume, you can periodically create a snapshot of the volume to use as a baseline
for new volumes or for data backup.
Amazon S3
• Secure, durable, highly-scalable Object cloud storage
Elastic Load Balancing
• Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2
instances in the cloud
• Using Route 53 DNS failover, you can run applications in multiple AWS regions and designate alternate load
balancers for failover across regions.

US East (N. Virginia)
security group
Dev Private Subnet
Web/App Server:
EC2 Instance
EBS Volumes
Patheon Users/Apps
Customer Gateway
Glacier
CloudWatch:
Collect
Metrics
VPN connection
Amazon S3
Oracle RDS Dev
Instance:
recovered
CloudTrail:
Event Logging
TrackWise
Dev DR /Non validated Environment on
AWS
Archives to
Glacier
Virtual Private Gateway
Cloud
Formation
Crystal RAS
Server
QA security group
Crystal RAS , Utilities/Integration
Server
Web/App Servers EBS Volumes
Dev Private Subnet
Oracle RDS Dev
Instance: Single
AZ deployment
Private subnet
QA security group
US West (Oregon)
DR Site
Private subnet

Key Takeaways for Continuity
86
Designing for appropriate RTO and RPO
• Amazon Route 53
• Elastic Load Balancing
• AMI”S
• Snapshots
• Replication of database

Tools to Achieve Continuity
87
Amazon Route 53
• Route 53 effectively connects user requests to infrastructure running in AWS – such as Amazon EC2 instances,
Elastic Load Balancing load balancers, or Amazon S3 buckets – and can also be used to route users to
infrastructure outside of AWS
AWS CloudFormation
• Enables you to use a template file to create and delete a collection of resources together as a single unit (a
stack).
Amazon RDS
• Amazon RDS creates a storage volume snapshot of your DB instance, backing up the entire DB instance
Elastic Load Balancing
• Elastic Load Balancing automatically distributes incoming application traffic across multiple Amazon EC2
instances in the cloud
• Using Route 53 DNS failover, you can run applications in multiple AWS regions and designate alternate load
balancers for failover across regions.

Tools to Achieve Continuity
88
Amazon RDS
• When you provision a Multi-AZ DB Instance, Amazon RDS synchronously replicates the data to a standby
instance in a different Availability Zone (AZ).
• Amazon RDS uses the MySQL, MariaDB, and PostgreSQL (version 9.3.5 and later) DB engines' built-in
replication functionality to create a special type of DB instance called a Read Replica
Elastic IP’s
Static IP addresses designed for dynamic cloud computing.
Auto Scaling
• Scale your Amazon EC2 capacity up or down automatically according to conditions you define
Amazon CloudWatch
Collect and monitor log files, set alarms, and automatically react to changes in your AWS resources
Directory Service
• Provides multiple ways to use Microsoft Active Directory with other AWS services.

Considerations when creating architecture
89
• Leveraging AWS tools together you can achieve additional functionality and a low cost
automated DR solutions to meet any RTO and RPO requirements.
• Achieve cost savings by designing a solution based on specific application requirements.
• Design to prevent any single point of failure.
• Leverage all AWS service to optimize your business continuity

Leveraging Amazon Echo and AWS to build IoT
Applications
Chris McCurdy
AWS Healthcare and Life Sciences Specialist Solutions Architect

Agenda
• What is IoT
• Build an example of an AWS IoT system

What is IoT?
The internet of things (IoT) is the network of physical objects—devices,
vehicles, buildings and other items—embedded with electronics, software,
sensors, and network connectivity that enables these objects to collect and
exchange data.
https://en.wikipedia.org/wiki/Internet_of_things
Why AWS IoT?
AWS IoT can support billions of devices and trillions of messages, and can
process and route those messages to AWS endpoints and to other devices
reliably and securely. With AWS IoT, your applications can keep track of and
communicate with all your devices, all the time, even when they aren’t
connected.

Grove IoT Kit from Seeed Studio
http://www.seeedstudio.com/wiki/images/d/d0/Aws_kit_edison.JPG

Use-Case: Medication Status
Scenario:
Button is pressed by a technician to dispense medication
Requirements:
• Simple example (one of many ways)
• Data stored in queriable repository
• Notification via SMS if medication is not distributed for a day
• Accessible from Amazon Echo/Alexa
AWS

Medication Status architecture
IoT MQTT
protocol
IoT
certificate
IoT
rule
IoT
topic
Amazon
Kinesis
AWS
Lambda Amazon
DynamoDB
Amazon
SNS
Alexa
Medication Status
monitoring device
Medication Status Backend
Node.js
AWS
Lambda
AWS
Lambda

Elephant in the room
http://nos.twnsnd.co/post/104252656546/elephants-tea-party-robur-tea-room-24-march
Amazon
Kinesis
AWS
Lambda
Amazon
DynamoDB
Amazon
SNS
Alexa
AWS IoT
HIPAA Eligible Not HIPAA Eligible

What does AWS IoT Consist of?
Device Gateway
The managed backbone of communication between
connected devices and the cloud which supports
the pub/sub messaging pattern, enabling scalable, low-
latency, and low-overhead communication.
IoT Rule Engine
The AWS IoT Rules Engine enables continuous processing
of inbound data from devices connected to the AWS IoT
service in a SQL-like syntax.

What doe AWS IoT Consist of? (Part 2)
Device Registry
Allows you to organize and track devices using a logical
handle.
Device Shadow
Used to store and retrieve current state information for a
thing whether it is connected to the internet or not.

HTTPS, WebSockets and MQTTS
Supported Protocols
HTTPS, Websockets, Secure MQTT
What is MQTT?
A lightweight pub/sub protocol, designed to minimize network bandwidth and device
resource requirements. MQTT supports TLS for encryption.
MQTTS vs HTTPS:
• 93x faster throughput
• 11.89x less battery to send
• 170.9x less battery to receive
• 50% less power to keep connected
• 8x less network overhead
Source: http://stephendnicholas.com/archives/1217

Installing the SDKs
Install jsupm_grove and AWS IoT SDK
$ npm install jsupm_grove@0.4.0
$ npm install aws-iot-device-sdk

Creating a certificate (option 1)
IoT
certificate

Certificate Signing Request
Dear Certificate Authority,
I’d really like a certificate for %NAME%, as identified by
the key pair with public key %PUB_KEY%. If you could sign
a certificate for me with those parameters, it’d be super
spiffy.
Signed (Cryptographically),
- The holder of the private key

Create a certificate from the CSR (option 2)
$ aws iot create-certificate-from-csr
--certificate-signing-request file://Thing.csr
--set-as-active
--certificate-pem-outfile certificate.pem
{
"certificateArn":
"arn:aws:iot:us-east-
1:123456972007:cert/b5a396e…SNIP…400877b",
"certificatePem":
"…SNIP…",
"certificateId":
"b5a396e…SNIP…400877b"
}
IoT
certificate

Private Key Protection
Protect from Software Threats
• chroot
• Security Enhanced Linux (SELinux)
• One-Time Programmable (OTP) Fuses
Protect from Hardware Threats
• Trusted Platform Modules
• Smartcards
• Locks and Boxes
• FIPS-style hardware

Medication Status architecture (AWS side)
IoT MQTT
protocol
IoT
certificate
IoT
rule
IoT
topic
Amazon
Kinesis
AWS
Lambda Amazon
DynamoDB
Amazon
SNS
Alexa
Medication Status
monitoring device
Node.js
AWS
Lambda
AWS
Lambda

Creating Things
$ aws iot create-thing
--thing-name medication_button_12016de3
{
"thingArn": "arn:aws:iot:us-east-
1:789539825478:thing/medication_button_12016de3",
"thingName": “medication_button_12016de3"
}
IoT
thing

Create Policies
IoT
policy
$ aws iot create-policy
--policy-name medication_button_policy
--policy-document file://iot.policy.js
{
…
}

Attach Thing and Policy
IoT
certificate
IoT
policy
IoT Thing

Creating Kinesis Role and Stream
$ aws kinesis create-stream
–-stream-name medication_status_stream
–-shard-count 2
Amazon
Kinesis
• Streams are made of Shards
• Each Shard ingests data up to
1MB/sec, and up to 1000 TPS
• Each Shard emits up to 2 MB/sec
• All data is stored for 24 hours – 7
days
• Scale Kinesis streams by splitting or
merging Shards
• Replay data inside of 24Hr -7days
Window

Define IoT Kinesis Policy and Role
IoT
rule
IoT Kinesis Policy
IoT Kinesis Trust Policy

Add IoT Kinesis Policy and Role
IoT
rule

Create IoT Rule
IoT
rule
IoT
topic
Amazon
Kinesis

Creating DynamoDB table
Amazon
DynamoDB
ClientID (S-Hash) LastSubmittedDate (N-
Range)
fa99489c-dae3-4a7a-b43c-ee696a883d28 201606261540
74dab686-e04c-4201-8c12-406af33dbdc2 201604051330

Creating DynamoDB table
Amazon
DynamoDB
Throughput
• Provisioned at the table level
• Write capacity units (WCUs) are measured in 1KB per second
• Read capacity units (RCUs) are measured in 4KB per second
• RCUs measure strictly consistent reads
• Eventually consistent reads cost ½ of constant reads
• Read and write throughput limits are independent
• Increase as necessary, decrease at most 4 times per UTC day

Creating Lambda to Load Dynamo
Amazon
Kinesis
AWS
Lambda
Amazon
DynamoDB

Lambda Role Policies
Lambda Role Policy Lambda Role Trust Policy
Amazon
Kinesis
AWS
Lambda
Amazon
DynamoDB

Creating Lambda Role and Policies
$ aws iam create-policy --policy-name lambda_medication_status_policy --policy-
document file://lambda_medication.policy.js
{
"Policy": {
"PolicyName": "lambda-medication-status",
…
"Arn": "arn:aws:iam::789539825478:policy/lambda_medication_status",
}
$ aws iam create-role --role-name medication_status_role --assume-role-policy-
document file://lambda_medication_status_trust.policy.js
{
"Role": {
...
"Arn": "arn:aws:iam::789539825478:role/medication_status_role"
}
}
$ aws iam attach-role-policy --role-name medication-status-role--policy-arn
arn:aws:iam::789539825478:policy/lambda-lambda-medication-status
$
Amazon
Kinesis
AWS
Lambda
Amazon
DynamoDB

Deploying the Medication Status Lambda
Amazon
Kinesis
AWS
Lambda
Amazon
DynamoDB
Resource Sizing
• AWS Lambda offers 23 "power levels"
• Higher levels offer more memory and more CPU
power
• 128MB, lowest CPU power
• 1.5GB, highest CPU power
• Compute price scales with the power level
• Duration ranging from 100ms to 5 minutes

Attaching Lambda to Kinesis
$ aws lambda create-event-source-mapping
--event-source-arn arn:aws:kinesis:us-east-
1:789539825478:stream/medication_status_stream
--function-name MedicationStatus
--starting-position LATEST
Amazon
Kinesis
AWS
Lambda

Medication Status architecture (AWS side)
IoT MQTT
protocol
IoT
certificate IoT
rule
IoT
topic
Amazon
Kinesis
AWS
Lambda
Amazon
DynamoDB
Amazon
SNS
Alexa
Medication Status
monitoring device
Node.js
AWS
Lambda
AWS
Lambda

Adding SNS Subscriptions
Amazon
SNS

Create Medication Status Monitor Lambda
AWS
Lambda
Amazon
DynamoDB

Deploying Medication Status Monitor Lambda
$ aws lambda create-function
--function-name MedicationStatusMonitor
--runtime python2.7
--role arn:aws:iam::789539825478:role/medication_status_role
--handler medication_sns_lambda.lambda_handler
--timeout 3
--memory-size 128
--zip-file fileb://medication_sns_lambda.zip
{
"FunctionName": ”MedicationStatusMonitor ",
…
}
AWS
Lambda

Adding Polling Lambda Function
AWS
Lambda

Hi Alexa! Please ask Medication Status, did
device 31 dispense medication today?
Alexa

Create Utterances and Intents
Alexa
Utterance
Intents

Create Invocation/Lambda
AWS
Lambda
Alexa

Deploying Medication Status Monitor Lambda
AWS
Lambda
Alexa

Improvements
• CloudWatch Monitors on all resources
• IoT Shadow
• Viewing Metrics with QuickSight / Elastic Search +
Kibana
• Flush out Alexa Medication Status Monitor python code
Other Use Cases
• Light/Motion Monitor

Healthcare and Life Sciences Event Agenda on AWS

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Healthcare and Life Sciences Event Agenda on AWS

Similar to Healthcare and Life Sciences Event Agenda on AWS (20)

More from Amazon Web Services

More from Amazon Web Services (20)

Recently uploaded

Recently uploaded (20)

Healthcare and Life Sciences Event Agenda on AWS