Going Extreme for Health CareWhen Security, Performance, Scalability, and Availability                      all want to be...
4/02/2013SmalsPreferred ICT Partner of Social Security and Health CareInstitutions in BelgiumSmals Research TeamDedicated ...
4/02/2013   What Follows1. The Project: which challenges?2. Security: Novel Approach using threshold   encryption3. Confli...
4/02/20131. The Project: A Primary Care Safe (PCS)Mission: « Build a highly secure platform to exchangePatient Data betwee...
4/02/2013Some NFRs…The "PCS manifesto":• Security, Privacy, Confidentiality• 24/7 always-on• Generic, Multi-Purpose, Share...
4/02/2013                                Patient File  Functionality                                Medication            ...
4/02/2013Some Figures(for Flanders)• Patients: 6.5 million• Users (medical professionals): 51000• File accesses per day/us...
4/02/2013           2. PCS – Novel Security Architecture• "end-user eyes only"• "distributed trust"  Gov (ehealth)        ...
4/02/2013       Symmetric Encryption             Alice                   BobMessageSecret key       Encrypted Message     ...
4/02/2013       Assymmetric Encryption (Public Key)Public Key                               Private Key                 = ...
4/02/2013Primary Care Safe - PCS                          Dokters.OrgPCS                    Bob              11
4/02/2013         Threshold Encryption (Public Key)         • Main Idea: a minimum number (= the threshold) of           p...
4/02/2013            Primary Care Safe - PCS    Gov (ehealth)                              Dokters Org                    ...
4/02/2013          Patient File                     Medication                                     Anti-Diabetical        ...
4/02/20133. Roundup: Primary Care Safe (PCS)• Exchange Platform for Medical Data• Eventually for 6500000 patients (all of ...
4/02/2013                Availability• Exchange Platform for Medical Data• Eventually for 6500000 patients (all of  Flande...
4/02/2013                  Availability• Exchange Platform for Medical Data• Eventually for 6500000 patients (all of  Flan...
4/02/2013                     Availability   • Exchange Platform for Medical Data   • Eventually for 6500000 patients (all...
4/02/2013                     Availability   • Exchange Platform for Medical Data   • Eventually for 6500000 patients (all...
4/02/2013                     Availability   • Exchange Platform for Medical Data   • Eventually for 6500000 patients (all...
4/02/2013Challenge:             AvailabilityReconcilingthe NFRsFlexibility                                    Security    ...
4/02/20134. How to approach this?• Programming language?   Java @ Smals                                               ?• ...
4/02/2013XTP versus Traditional N-Tier Solution?                       Business Processing Tier            Web Tier       ...
4/02/2013Looking for inspiration…•   Social Media•   Stock exchange•   Investment banks•   Telecommunications•   Retail Bu...
4/02/2013Extreme Transaction Processing    « An application style aimed at supporting     the design, development, deploym...
4/02/2013       Let’s get this « XTP solution in-a-box »!  Grid Computing          Shared Nothing Architecture            ...
4/02/2013Today’s main focus: Support offered byan XTP middleware Platform• Several solutions exist    MaatG G Platform, G...
4/02/2013XTP Platform characteristics enablingExtreme Availability•   Let it crash principle•   Zero downtime failover man...
4/02/2013XTP Platform characteristics enablingExtreme Performance•   Improve response time by not moving data around     ...
4/02/2013XTP Platform characteristics enablingExtreme Scalability• Principle of horizontal scaling    Increase capacity b...
4/02/2013Concrete XTP Platform                XAP: Characteristics• Space Based Architecture    Based on Tuple Spaces    ...
4/02/2013          Space Based ArchitectureServerProgramMemory                                       34
4/02/2013                  Space Based Architecture        Server        ProgramSpace   Memory                            ...
4/02/2013                                 Space Based Architecture        Processing Unit            Server        Process...
4/02/2013                                 Space Based Architecture            Server            Server        Processing U...
4/02/2013                                 Space Based Architecture            Server            Server            Server  ...
4/02/2013                                 Space Based Architecture            Server            Server            Server  ...
4/02/2013                                 Space Based Architecture            Server            Server        Processing U...
4/02/2013                                 Space Based Architecture            Server            Server            Server  ...
4/02/2013XTP versus Traditional N-Tier Solution?                              Business                           Processin...
4/02/2013Conclusions•   XTP is not just a technology or style of programming      Impacts software architecture, developm...
4/02/2013    Q&AGoing Extreme for Health CareWhen Security, Performance, Scalability, and Availability                    ...
Upcoming SlideShare
Loading in …5
×

20111116devoxxgoingextremeforhealthcare 111124045944-phpapp01

700 views

Published on

Dirk Deridder and Koen Vanderkimpen, research consultants at Smals, explained at Devoxx 2011 how non-functional requirements like Security, Performance, Flexibility, Availability and Scalability are seemingly impossible to conceal. EXtreme Transaction Processing technologies offer an alternative road. Both researchers share their lessons learned from a reallife project on Belgian primary care safe, aimed at storing sensitive healthcare information for 6 million citizens through Smals' patent-pending threshold encryption technology.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
700
On SlideShare
0
From Embeds
0
Number of Embeds
69
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

20111116devoxxgoingextremeforhealthcare 111124045944-phpapp01

  1. 1. Going Extreme for Health CareWhen Security, Performance, Scalability, and Availability all want to be the star of the show Koen Vanderkimpen @koenvdk Dirk Deridder @dirkderidder
  2. 2. 4/02/2013SmalsPreferred ICT Partner of Social Security and Health CareInstitutions in BelgiumSmals Research TeamDedicated to introducing innovative IT in e-GovernmentAnd solving clients more abstract problemsDirk Deridder1 year @ Smals, specializing in dynamic programminglanguages, software architecture, Agile and XTPKoen Vanderkimpen1.5 years @ Smals, specializing in OO, software develop-ment, version control; implemented first demo of the PCS 2
  3. 3. 4/02/2013 What Follows1. The Project: which challenges?2. Security: Novel Approach using threshold encryption3. Conflicting Challenges in a High-Risk Project4. Extreme Transaction Processing5. Conclusions6. Questions 3
  4. 4. 4/02/20131. The Project: A Primary Care Safe (PCS)Mission: « Build a highly secure platform to exchangePatient Data between Healthcare actors within Flanders/Be/EU/… » 4
  5. 5. 4/02/2013Some NFRs…The "PCS manifesto":• Security, Privacy, Confidentiality• 24/7 always-on• Generic, Multi-Purpose, Shared  Thoroughly Patient-Centric Vision• Ready for Growing Data & Usage• Performant (4s response time) 5
  6. 6. 4/02/2013 Patient File Functionality Medication Anti-Diabetical Anti-Aids • PUT Other (a file, or part of it) Parameters • GET Blood Pressure • DELETE Heart Condition Pulse Allergies(Fine-Grained DataModel) Journal(Versioning) Entries Entry1 … Entry2 … 6
  7. 7. 4/02/2013Some Figures(for Flanders)• Patients: 6.5 million• Users (medical professionals): 51000• File accesses per day/user: 7.2• Starting file size: 50K (towards 5M)What if?• All of Belgium joins in?• Patients get access?• Mobile usage develops? 7
  8. 8. 4/02/2013 2. PCS – Novel Security Architecture• "end-user eyes only"• "distributed trust" Gov (ehealth) Dokters Org PCS host & control control (Only Encrypted Messages) File Alice Bob 8
  9. 9. 4/02/2013 Symmetric Encryption Alice BobMessageSecret key Encrypted Message 9
  10. 10. 4/02/2013 Assymmetric Encryption (Public Key)Public Key Private Key = + 10
  11. 11. 4/02/2013Primary Care Safe - PCS Dokters.OrgPCS Bob 11
  12. 12. 4/02/2013 Threshold Encryption (Public Key) • Main Idea: a minimum number (= the threshold) of people needed to decrypt Bob 1 Alice Partial Decryption 1 2Public Key Marc 2 Combination 12
  13. 13. 4/02/2013 Primary Care Safe - PCS Gov (ehealth) Dokters Org PCS 21 1 2Patent Pending! 1 2 Dr. Bob 13
  14. 14. 4/02/2013 Patient File Medication Anti-Diabetical Anti-Aids OtherFine- ParametersGrained Blood PressureAccess Heart ConditionControl Pulse Allergies Journal Entries Entry1 … Entry2 … 14
  15. 15. 4/02/20133. Roundup: Primary Care Safe (PCS)• Exchange Platform for Medical Data• Eventually for 6500000 patients (all of Flanders) – A few 1000 to start Growing data (e.g. lifetime biometrics)• For many different applications• Provided by the Government• Security + Fine-grained Access 15
  16. 16. 4/02/2013 Availability• Exchange Platform for Medical Data• Eventually for 6500000 patients (all of Flanders) – A few 1000 to start Growing data (e.g. lifetime biometrics)• For many different applications• Provided by the Government• Security + Fine-grained Access 16
  17. 17. 4/02/2013 Availability• Exchange Platform for Medical Data• Eventually for 6500000 patients (all of Flanders) – A few 1000 to start Growing data (e.g. lifetime biometrics)• For many different applications• Provided by the Government• Security + Fine-grained Access Scalability 17
  18. 18. 4/02/2013 Availability • Exchange Platform for Medical Data • Eventually for 6500000 patients (all ofFlexibility Flanders) – A few 1000 to start Growing data (e.g. lifetime biometrics) • For many different applications • Provided by the Government • Security + Fine-grained Access Scalability 18
  19. 19. 4/02/2013 Availability • Exchange Platform for Medical Data • Eventually for 6500000 patients (allSecurityFlexibility of Flanders) – A few 1000 to start Growing data (e.g. lifetime biometrics) • For many different applications • Provided by the Government • Security + Fine-grained Access Scalability 19
  20. 20. 4/02/2013 Availability • Exchange Platform for Medical Data • Eventually for 6500000 patients (allSecurityFlexibility of Flanders) – A few 1000 to start Growing data (e.g. lifetime biometrics) • For many different applications • Provided by the Government • Security + Fine-grained Access Scalability Performance 20
  21. 21. 4/02/2013Challenge: AvailabilityReconcilingthe NFRsFlexibility Security Scalability Performance 21
  22. 22. 4/02/20134. How to approach this?• Programming language?  Java @ Smals ?• Software Architecture?  N-Tier & SOA @ Smals Will this work• Development approach?  EUP @ SmalsSure, but more geared towards « conventional » projects Actually we weren’t « sure » so we investigated further … 22
  23. 23. 4/02/2013XTP versus Traditional N-Tier Solution? Business Processing Tier Web Tier Database Tier Load Balancer Messaging Tier 23
  24. 24. 4/02/2013Looking for inspiration…• Social Media• Stock exchange• Investment banks• Telecommunications• Retail Business• Web-commerce• Internet media • Large number of users• Factory automation • High volume of requests • Very demanding availability (24/7)• Aerospace industry • Peak loads are a moving target• Online gaming • Challenging performance expectation• Big Data analysis •…• … Some of our NFR’s are « easy » compared to their day-2-day operation 24
  25. 25. 4/02/2013Extreme Transaction Processing « An application style aimed at supporting the design, development, deployment, management and maintenance of distributed TP applications characterized by exceptionally demanding performance, scalability, availability, security, manageability, and dependability requirements » Everything we need « in a box »? 25
  26. 26. 4/02/2013 Let’s get this « XTP solution in-a-box »! Grid Computing Shared Nothing Architecture Task Execution AmbientTalk Hypertable Cassandra Node.js Akka DevOps Voldemort Partitioning Terracotta NoSQL CouchDB Big XTP Box Bang! Actor Model Async Flows Map/Reduce MongoDB Scala Hadoop Erlang MemcacheDBSpace Based Architecture Master/Worker BigTable In-memory DB … Event Driven Architecture 26
  27. 27. 4/02/2013Today’s main focus: Support offered byan XTP middleware Platform• Several solutions exist  MaatG G Platform, GigaSpaces XAP, Appistry, Tibco ActiveSpaces, Paremus Service Fabric, …• Currently establishing a position as CEAP’s / EAP’s  Good match with « cloud » requirements  Fine-grained elastic scalability,  Continuous availability & Non-stop operations  Consistent performance  Still require additional work on multitenancy, billing, self provisioning, …  Not intrinsic to XTP (can be enablers)  Traditional application servers will not meet future needs to move to the cloud  « … dinosaurs tiptoeing through a meteor storm… » [M. Gualtieri, Forrester 2011] 27
  28. 28. 4/02/2013XTP Platform characteristics enablingExtreme Availability• Let it crash principle• Zero downtime failover management  Automated failover without side-effects  E.g., handover from primary to backup with no manual intervention, even between datacenters  Automated self-healing without side-effects  E.g., creation of new backup nodes after failover with no manual intervention  Automated replication management  E.g., keeping primaries/backups consistent, redo queues, …• Transparent for client applications  The client is unaware of « who » handles the request and is only interested in getting a result  Shield-off all complexity involved in guaranteeing high availability• Application virtualisation and overall automation are key! 30
  29. 29. 4/02/2013XTP Platform characteristics enablingExtreme Performance• Improve response time by not moving data around  Focus on data/processing affinity  Routing of requests to the location of the data  Do not separate tiers physically  Work with an in-memory data grid  Cf. caching, but not as an after-the-fact optimisation strategy  Persistency as a service, not involved in servicing live requests• Increase throughput  Asynchronous processing flows  Give back control asap  Make requests self-contained so they can served by any « workers » that are available  Work with a processing grid  Execute (parts of) requests in « parallel »  Avoid relying on external systems  Enforce strict internal / external SLA’s 31
  30. 30. 4/02/2013XTP Platform characteristics enablingExtreme Scalability• Principle of horizontal scaling  Increase capacity by adding resources « on the fly » in an automated fashion  Elastic scaling, so capacity can be taken away easily  Location-unaware applications  Transparent for client applications as well  Capacity planning vs capacity management• Application virtualisation and overall automation are key! VERTICAL SCALING HORIZONTAL SCALING 32
  31. 31. 4/02/2013Concrete XTP Platform XAP: Characteristics• Space Based Architecture  Based on Tuple Spaces [Gelernter & Carriero]  Cf JavaSpaces, but a lot more  Technology arena: Java, Jini, JMS, Spring, Hibernate, …  Data + Processing+ Messaging Grids• SLA-driven application containers• Excellent enabler for implementing XTP architectures  Allowing you to focus on the « difficult part » by taking care of the « hard part » 33
  32. 32. 4/02/2013 Space Based ArchitectureServerProgramMemory 34
  33. 33. 4/02/2013 Space Based Architecture Server ProgramSpace Memory 35
  34. 34. 4/02/2013 Space Based Architecture Processing Unit Server Processing Unit Program ProgramSpace Memory Memory 36
  35. 35. 4/02/2013 Space Based Architecture Server Server Processing Unit Server Processing Unit Program ProgramSpace Memory Memory 37
  36. 36. 4/02/2013 Space Based Architecture Server Server Server Processing Unit Server Processing Unit Processing Unit Program Program ProgramSpace Memory Memory Memory 38
  37. 37. 4/02/2013 Space Based Architecture Server Server Server Processing Unit Server Processing Unit Processing Unit Program Program ProgramSpace Memory Memory Memory 39
  38. 38. 4/02/2013 Space Based Architecture Server Server Processing Unit Server Processing Unit Processing Unit Program Program ProgramSpace Memory Memory Memory 40
  39. 39. 4/02/2013 Space Based Architecture Server Server Server Processing Unit Server Processing Unit Processing Unit Program Program ProgramSpace Memory Memory Memory Lots of flexibility and support « out of the box » for realizing an(y) XTP solution 41
  40. 40. 4/02/2013XTP versus Traditional N-Tier Solution? Business Processing Units Web (Data + Processing + Messaging) Processing Units A B C Database Load Balancer A B C A B C 42
  41. 41. 4/02/2013Conclusions• XTP is not just a technology or style of programming  Impacts software architecture, development process, …  An integrated approach / vision is required!  Having an XTP platform is only a first step  Think outside the traditional box• Demands disciplined application of development practices  Not only functional testing: NFR’s !  Automation is fundamental• Updating applications with no downtime is an additional challenge  Requires « next-release strategy »  XTP platforms provide « patterns » to handle this• Problems can still happen, be prepared!  Cf. Recent Amazon / Microsoft /… outages (if the best fail, expect…)• ROI analysis is absolutely necessary  Not every application calls for a platinum-approach  But it never hurts to think about it !  Maximum ROI = Availability + Scalability + Performance 44
  42. 42. 4/02/2013 Q&AGoing Extreme for Health CareWhen Security, Performance, Scalability, and Availability all want to be the star of the show Koen Vanderkimpen @koenvdk Dirk Deridder @dirkderidder

×