Healthcare industry is rapidly embracing EHRs, enabling providers to improve patient engagement and deliver better patient outcomes. Healthcare organizations have more opportunities than ever to leverage big data, generated as a result of advances in healthcare research, adoption of wearable technologies and mobile health applications. To retain the competitive edge, organizations are keen to shorten their development and release cycles and get features faster in the hands of their users. Quite a few technology trends are coming together to enable this engineering mindset change. At the architecture level, microservices is a move towards lighter software components that interact using well-understood service notions. The ability to spin up and swap out infrastructure that hosts a microservice is provided by cloud computing and the notion of pushing tested and versioned builds out in a controlled manner into a fully automated infrastructure is advocated by the DevOps movement. Due to various reasons, containers are becoming preferred deployment vehicle for these microservices. The reasons include faster spin up, lesser dependencies, better serializability allowing for infrastructure scriptability, source control management, etc. The move towards container-based deployment is playing a key role in improving infrastructure efficiency. This document introduces the concepts of containers and Docker and some of the ways to get started with the technology.

1. This document is confidential and contains proprietary information, including trade secrets of CitiusTech. Neither the document nor any of the information
contained in it may be reproduced or disclosed to any unauthorized person under any circumstances without the express written permission of CitiusTech.
Driving Innovation in Healthcare with
Containers and Docker
17 July, 2017 | Author: Khushboo Shah, Sr. Solution Architect, CitiusTech
CitiusTech Thought
Leadership

2. 2
Driving Innovation in Healthcare with Containers and Docker
Healthcare industry is rapidly embracing EHRs, enabling providers to improve patient engagement and
deliver better patient outcomes. Healthcare organizations have more opportunities than ever to
leverage big data, generated as a result of advances in healthcare research, adoption of wearable
technologies and mobile health applications.
To retain the competitive edge, organizations are keen to shorten their development and release
cycles and get features faster in the hands of their users. Quite a few technology trends are coming
together to enable this engineering mindset change. At the architecture level, microservices is a move
towards lighter software components that interact using well-understood service notions. The ability
to spin up and swap out infrastructure that hosts a microservice is provided by cloud computing and
the notion of pushing tested and versioned builds out in a controlled manner into a fully automated
infrastructure is advocated by the DevOps movement.
Due to various reasons, containers are becoming preferred deployment vehicle for these
microservices. The reasons include faster spin up, lesser dependencies, better serializability allowing
for infrastructure scriptability, source control management, etc. The move towards container-based
deployment is playing a key role in improving infrastructure efficiency.
This document introduces the concepts of containers and Docker and some of the ways to get started
with the technology.

3. 3
Agenda
 A brief journey of virtualization
 Introduction to containers
 What is Docker?
 Getting started with Docker in healthcare
 Managing container chaos with orchestration
 Docker orchestration tools
 Managing Docker security
 Managing Docker performance
 References

4. 4
A Brief Journey of Virtualization
Isolated application per
physical server
Isolated application per virtual
machine (VM), multiple VMs
on single physical server
Isolated application per container,
multiple containers on single VM or
single physical server
Days/ weeks/ months Hours Minutes
High (hardware, OS, software
license, etc.)
Medium (Guest OS, Software
License, etc.)
Low (software license, etc.)
Low (software license, etc.) Medium (hardware
maintenance, host OS and
guest OS patches, etc.)
Low (hardware maintenance, OS
patches, etc.)
Addition of server hardware
or new servers
Allocation of more resources
to VM or addition of new VM
Allocation of resources to container
or addition of new container
Possibility of lower CPU
utilization, due to over
planning for capacity
Possibility of better CPU
utilization compared to
physical servers
Possibility of better CPU utilization
compared to VMs and physical
servers
No virtualization Hardware virtualization OS virtualization
Today2000sEarly 1990s
Hosting
Time to op.
CAPEX
OPEX
Scalability
Utilization
Virtualization

5. 5
Introduction: Containers
 Containers are independent processes
that run in isolation from each other in
the OS user space and also share the OS
kernel with other containers
 OS like Linux provide features such as
‘cgroups’ and ‘kernel namespaces’
allowing to limit and prioritize OS
resources and create the processes in
isolation
 Unlike VMs which run their own OS,
containers share OS. Hence, it is
virtualization at OS level.
 Popular implementation of containers
include:
• Docker
• Windows server containers
Key Benefits of Containers
Increase server consolidation
Average size of the containers is generally a few
megabytes, whereas the size of VMs is in
gigabytes. Hence, more containers can be
deployed on the single server.
Drive data center efficiency
Containers running on same OS consume less
CPU as compared to VMs, since the containers
share the OS kernel. Therefore, a single server
can handle more compute workload and
reduce the need for more physical servers.
Optimize scaling
Since containers can be provisioned in a few
minutes, a spike in the application usage can be
managed easily.
Accelerate application development
They enable ease of development, testing and
deployment as the same container can be run
in different environments.

6. 6
Introduction to Docker
Docker is a full featured platform that can
be used to package applications and their
dependencies into an image and run them
as isolated containers.
Docker provides the necessary tooling to
create and manage the lifecycle of
containers.
Source: https://docs.docker.com/engine/docker-overview/#docker-architecture
Why Docker?
Improve developer productivity
Docker helps in easily automating the repetitive
task of setting up and configuring development
environment, allowing developers to focus on rapid
application development.
Streamline software delivery
Docker enables introduction of continuous
integration, delivery and deployment pipelines for
microservices-based architectures.
Enable IT optimization
Docker helps in reducing costs by:
 Improving the workload density.
 Scaling up by spinning up more containers
when demand increases or back down when
demand reduces using efficient
orchestration mechanisms.
Enable enterprise digital transformation
Docker helps in:
 Accelerating enterprise innovation by
releasing new apps and features frequently.
 Running the containerized apps on-premise,
on-cloud or in hybrid environments.
Docker Architecture
Docker uses a client-server architecture.
The Docker client talks to the Docker
daemon, which does the heavy lifting of
building, running, and distributing
Docker containers.
Introduction: Docker

7. 7
Getting Started with Docker in Healthcare (1/3)
Use cases Description
Microservices
Architecture
 While developing new applications, healthcare organizations can identify
business domains to develop microservices-based architecture.
 In a typical care-giver setting, microservices architecture could be
developed for managing workflows around patients, encounters,
appointment and scheduling.
 FHIR is the next generation healthcare interoperability standard to digitize
the exchange of patient health information across heterogenous systems.
Building microservices based on FHIR resources specification, an
organization could easily establish interoperability with growing list of
healthcare applications.
 Docker containers are suitable for deploying microservices architecture
pattern. Each microservice can be hosted as an isolated docker container.
 Deploying updates and defect fixes to a service is as easy as destroying
the particular container and recreating it with the modified configuration,
without affecting uptime of other services.

8. 8
Getting Started with Docker in Healthcare (2/3)
Use cases Description
Application
modernization
 Healthcare organizations can also become cloud-ready by moving their
existing applications to a container framework, allowing them to leverage
the benefits offered by cloud.
 Docker provides a framework to host monolithic applications as well as
microservices applications on Linux and Windows platforms.
 Docker simplifies the process of creating and managing containers on
premise, on cloud or on hybrid environments.
Multi-tenant
SaaS applications
 As healthcare organizations develop innovative use-cases to provide
better patient care based on big data, predictive analytics and machine
learning, Software as a Service (SaaS) becomes a preferred approach to
offer services to providers and patients.
 Docker containers run as an isolated process. That makes it an attractive
deployment option to partition a single tenant version of an application
(with appropriate architectural considerations) into a multi-tenant version
of the application and even host it as a SaaS.

9. 9
Getting Started with Docker in Healthcare (3/3)
Use cases Description
Cost
Optimization
 Organizations have now started tapping the potential of clinical and
technological research. Healthcare IT teams are trying to optimize cost
and efficiency of the infrastructure required to support increasing
workloads and computational needs for implementing algorithms such as
tumor detection or predicting the length of stay.
 Docker is lightweight and fast. Deploying algorithms in Docker containers
allows healthcare organizations to host multiple containers on a single
machine and make efficient use of the computation capacity with fewer
servers or resources.

10. 10
Provisioning Containers
To optimize the infrastructure utilization, the
orchestration tools help in provisioning, scheduling
and starting containers in a cluster based on
resource requirement constraints and host affinity
Infrastructure as Code
To enable editing, sharing and versioning of the
configurations for repeatable deployments, the
orchestration tools can load the application
configuration from schema defined using YAML or
JSON formats
Monitoring Health
To track the health of the containers and the hosts
in the cluster, the orchestration tools periodically
perform health checks and handle the container
crashes and host failures gracefully
Upgrading and Rollback
To enable rolling out updates with minimal
downtime, the orchestration tools ensure the
availability of healthy updated containers to replace
the old containers and also allow easy rollback in
case of any issues
Auto-Scaling for Performance
To ensure optimal performance, high availability
and security, the orchestration tools provide ease
of configuration to spin-up or destroy containers
based on the resource usage
Service Discovery
To ensure that the different services within the
application and discover and communicate with
each other dynamically, the orchestration tools
provide various ways for service discovery
Managing Container Chaos with Orchestration
A container runtime by itself can manage the container on the single host. With increasing number of containers
and deployments spread out across multiple hosts, container management becomes a complex activity.
Container orchestration automates all the aspects of distributed application development lifecycle from initial
placement, scheduling, deployment, updates, health monitoring, auto-scaling and failover
Key Features of Container Orchestration Tools

11. 11
Docker Machine
Docker machine provides an efficient
way to provision hosts in remote or
local environment with an already
running docker engine.
Using ’docker-machine’ commands,
one can easily start, manage and stop a
managed host, upgrade the Docker
client and daemon, and also configure
a Docker client to talk to the host.
Docker Swarm
Docker engine can be run in swarm
mode to natively manage a cluster of
docker engines.
The swarm consists of ‘manager’
nodes and ‘worker’ nodes. The
manager node performs the task of
orchestration and cluster
management, whereas the worker
nodes execute the tasks received from
manager node.
Docker Orchestration Tools
Docker Compose
Docker Compose is a tool to setup the
configuration for the application’s
services using a ‘docker-compose.yml’
file.
Docker Compose has commands to
manage the entire lifecycle of the
application from starting the services,
linking the services, to monitoring the
services.
Docker ‘network’ is a command to
manage networking with Docker
containers. It can be used to create,
inspect, list, remove, prune, connect,
and disconnect networks across data
centers.
Docker Network

12. 12
Managing Docker Security
Security Threat Solution Mitigations
Kernel Vulnerabilities:
If the host kernel has any
vulnerabilities present, malicious
code could harm other containers.
It may also bring the whole host
down.
OS Hardening  Host OS patching and hardening continues
to be required. Standard security best
practices need to be followed
Untrusted Container Images:
Downloading and running
containers with images from
untrusted, unknown, untested
sources could expose internal
systems to vulnerabilities including
malware.
Download only from
Trusted source
 As a best practice, download images from
trusted image repository (either inhouse or
private Docker Hub)
 Verify the authenticity of the image
Lack of Container Governance -
Containers can proliferate
throughout the infrastructure.
Without proper tracking and
maintenance, containers become
out of date, missing critical security
patches or upgrades.
Implement secure
containers
 Appoint a container security team within IT
to manage and patch running container
instances
 Do not allow developers to upload and run
unchecked containers into shared
production systems
 Do not run software or scripts as root
within a container

13. 13
Managing Docker Performance
Performance Threat Solution Solution Details
Docker Features:
Docker uses AUFS (Advanced Multi-layered
Unification Filesystem) CoW (copy on
write) feature which can cause major
performance issues especially while
modifying a small part of a large file.
Volume
mounting
Mount frequently updated files as a separate
volume. This will be much faster. Avoid AUFS
CoW altogether.
OLTP Databases:
Fitting relational OLTP databases into
Docker containers can be counter-
productive.
Data modelling
for scalability
Pre-plan in advance for partitioning the
database to the level of expected scalability.
Monopolize Access:
If one container can monopolize access to
certain resources–including memory, it can
starve out other containers on the host.
Limiting host
resources to
containers
It is recommended to run Docker containers
by specifying limit on resources such as
memory and CPU.
Docker performance equals or exceeds virtual machines. Docker containers introduce negligible
overhead for CPU and memory performance. Details can be read in an IBM research paper here.

14. 14
References
 Docker introduction | SlideShare
 Docker overview
 Proven real world uses of Docker
 What is all the container hype?
 Linux containers - Docker

15. 15
Thank You
Authors:
Khushboo Shah
Sr. Solution Architect
thoughtleaders@citiustech.com
About CitiusTech
2,700+
Healthcare IT professionals worldwide
1,200+
Healthcare software engineering
700+
HL7 certified professionals
40%+
CAGR over last 5 years
80+
Healthcare customers
 Healthcare technology companies
 Hospitals, IDNs & medical groups
 Payers and health plans
 ACO, MCO, HIE, HIX, NHIN and RHIO
 Pharma & Life Sciences companies