Databricks, profile picture
Uploaded byDatabricks
PDF, PPTX1,021 views

HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwani and Christian Nuss

The document discusses the HIPAA compliant deployment of Apache Spark on AWS by Collective Health, which aims to provide healthcare benefits through a data-driven approach. It highlights challenges such as regulatory compliance and the need for secure data access in cloud environments, alongside solutions like Amazon EMR and Terraform for infrastructure management. Key takeaways include the extensive customizations needed for EMR and the value of using Terraform to simplify configurations and enhance repeatability.

Data & Analytics
Related topics:
Apache Spark

Embed presentation

Download as PDF, PPTX
HIPAA Compliant Deployment of Apache Spark on AWS Nitin Panjwani, Christian Nuss Collective Health #Ent8SAIS
2 What do we do Collective Health provides a platform for employers to provide healthcare benefits to their workforce. Objective Data Driven approach to reduce the cost for the employer and provide a high quality service to members. #Ent8SAIS About Collective Health
About Collective Health #Ent8SAIS 3
Data Footprints #Ent8SAIS 4
• Diverse user backgrounds: SQL, Python, Java • Big Benchmark Data • Shared Notebooks (Zeppelin) for Big Data • Advanced ML models – Risk scores: regression models – Classifiers to find members on our proprietary recommendation engine #Ent8SAIS 5 Analytics Platform Requirements
Our Compliance Landscape #Ent8SAIS 6 HIPAA and PHI • Health Insurance Portability and Accountability Act Safeguards • Protected Health Information (PHI) SOC 2 • Service Organization Control Type 2 Ensures • Privacy • Security • Availability • Integrity • Confidentiality
• Encryption • Authentication • Authorization • Identity 7#Ent8SAIS • Access Logging • Auditability • Scalability • Repeatability Our Requirements HIPAA and SOC 2
8#Ent8SAIS Data Science Challenges • Access to data is not easily available due to regulatory compliance • Systems in cloud should have access to data • We need Cloud version of Jupyter/Zeppelin • Bringing in new technologies is not easy – Framework should be compliant • Data footprint should be auditable
What is Amazon EMR? Elastic MapReduce "Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances." "You can also run other popular distributed frameworks such as Apache Spark, HBase, Presto, and Flink." 9#Ent8SAIS
What does EMR do? 10#Ent8SAIS Infrastructure Management Software Installation Configuration Management Monitoring & Administration
EMR Services 11#Ent8SAIS Flink Ganglia Hadoop HBase HCatalog Hive Hue Livy Mahout MXNet Oozie Phoenix Pig Presto Spark Sqoop Tez Zeppelin ZooKeeper
EMR Services 12#Ent8SAIS Flink Ganglia Hadoop HBase HCatalog Hive Hue Livy Mahout MXNet Oozie Phoenix Pig Presto Spark Sqoop Tez Zeppelin ZooKeeper
Customizing EMR 13#Ent8SAIS General Settings Bootstrap Actions Configurations Start-Up Steps
Customizing EMR General Settings 14#Ent8SAIS • Security Groups • IAM Roles • Logging • Encryption • Monitoring • Auto-Scaling
Customizing EMR Bootstrap Actions 15#Ent8SAIS • Shell scripts in S3 • Runs on all nodes • Runs prior to EMR installs Examples: • Set up SSO on Zeppelin • Additional Python or Java packages • Custom monitoring
Customizing EMR Configurations 16#Ent8SAIS • JSON Format • Overrides defaults • Difficult to understand and verify Examples: • Spark Defaults • Yarn Container Limits • Add TLS to Zeppelin Web UI • Verbose Logging https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-5x.html
Customizing EMR Start-Up Steps 17#Ent8SAIS • Hadoop JAR • AWS "script-runner.jar" • Runs any job once cluster is ready Examples: • Test connectivity • Set Zeppelin Interpreter settings • Run any arbitrary script against a running cluster
PSA: Ephemeral Infrastructure 18 • Most changes require the cluster to recreate • Treat EMR clusters as immutable • HDFS data is not durable • Cluster changes take 5-10 minutes #Ent8SAIS
19#Ent8SAIS General Settings Bootstrap Actions Configurations Start-Up Steps UI or API Script JSON Hadoop JAR EMR Customizations Complex and Fragmented
Our Solution 20#Ent8SAIS Amazon EMR
What is Terraform? 21#Ent8SAIS Infrastructure As Code State Reproducible Infrastructure
22#Ent8SAIS What is Terraform? Declarative Configuration Files resource "aws_s3_bucket" "bucket" { bucket = "${var.cluster_name}-${terraform.env}" acl = "private" } resource "aws_emr_cluster" "cluster" { name = "${var.cluster_name}" release_label = "emr-5.13.0" applications = ["Spark", "Zeppelin", ...] … log_uri = "s3n://${aws_s3_bucket.bucket.id}/logs" … master_instance_type = "c4.large" core_instance_type = "c4.large" core_instance_count = 3 }
23#Ent8SAIS What is Terraform? API Calls, Codified! $> terraform apply aws_s3_bucket.bucket: Creating... … bucket: "" => "cnuss-test-us-west-1-default" … aws_s3_bucket.bucket: Creation complete after 3s (ID: cnuss-test-us-west-1-default) aws_emr_cluster.cluster: Creating... … aws_emr_cluster.cluster: Creation complete after 4m23s (ID: j-3CUR3J8Y6NYE9) Apply complete! Resources: 2 added, 0 changed, 0 destroyed. https://github.com/hashicorp/terraform
24#Ent8SAIS What is Terraform? Changes, As Code! resource "aws_s3_bucket" "bucket" { bucket = "${var.cluster_name}-${terraform.env}" acl = "private" versioning { enabled = true } } resource "aws_emr_cluster" "cluster" { name = "${var.cluster_name}" release_label = "emr-5.13.0" applications = ["Spark", "Zeppelin", ...] … log_uri = "s3n://${aws_s3_bucket.bucket.id}/logs" … master_instance_type = "c4.large" core_instance_type = "c4.large" core_instance_count = 3 }
25#Ent8SAIS What is Terraform? Stateful $> terraform apply aws_s3_bucket.bucket: Refreshing state... (ID: cnuss-test-us-west-1-default) aws_emr_cluster.cluster: Refreshing state... (ID: j-3CUR3J8Y6NYE9) aws_s3_bucket.bucket: Modifying... (ID: cnuss-test-us-west-1-default) versioning.0.enabled: "false" => "true" aws_s3_bucket.bucket: Modifications complete after 2s (ID: cnuss-test-us-west-1-default) Apply complete! Resources: 0 added, 1 changed, 0 destroyed. https://github.com/hashicorp/terraform
26#Ent8SAIS What is Terraform? Also, dangerous… $> terraform destroy Terraform will perform the following actions: - aws_emr_cluster.cluster - aws_s3_bucket.bucket aws_emr_cluster.cluster: Destroying... (ID: j-3CUR3J8Y6NYE9) aws_emr_cluster.cluster: Destruction complete after 1m48s (ID: j-3CUR3J8Y6NYE9) aws_s3_bucket.bucket: Destroying... (ID: cnuss-test-us-west-1-default) aws_s3_bucket.bucket: Destruction complete after 0s Destroy complete! Resources: 1 destroyed. https://github.com/hashicorp/terraform
Typical Terraform Workflow 27#Ent8SAIS State File Check-In Notify Run Change Read/Write
EMR + Terraform Our Customizations 28#Ent8SAIS • TLS Everywhere (HDFS, Zeppelin) • All Logs to S3 for Log Analysis • S3 Encryption and Versioning • Zeppelin + SSO + 2FA • Custom Monitoring Agents Installed • Autoscaling • Terraform Code in GitHub, Jenkins runs Terraform
Next Steps • Identity and logging of spark-submit commands • Expose spark-submit to other applications and engineers • Jupyter Access to Spark • Use EMRFS instead of HDFS (waiting on Terraform) • Additional Monitoring and Autoscaling 29#Ent8SAIS
https://eng.collectivehealth.com Sample Code / Starter Kit 30#Ent8SAIS https://twitter.com/hashtag/Ent8SAIS https://linkedin.com/in/christiannuss
Key Takeaways • Big Data Analytics in Healthcare is very challenging • EMR "out-of-the-box" requires extensive customizations to comply with regulations – Need to add encryption, logging, identity • Terraform(API for infra) adds value – Simplifies confusing configuration options – Repeatability – All configuration is code 31#Ent8SAIS
Our Results So Far... • Developed demographic factors – Variation in average per capita cost due to age and gender • Geo cost variation factors based on MSA – Variations in the average per capita cost due to cost and use of medical practice by metropolitan statistical areas (MSAs) • Industry factors – Variations due to industry • Cost variations by clinical conditions • Disease prevalence • Risk Scores (regression model)
Thank You! Q&A? 33#Ent8SAIS Christian Nuss Senior SRE Collective Health github.com/cnuss https://collectivehealth.com/jobsNitin Panjwani Principal Data Scientist Collective Health linkedin.com/in/npanj

More Related Content

PPTX
Security Walls in Linux Environment: Practice, Experience, and Results
byIgor Beliaiev
 
PPTX
[Wroclaw #7] Security test automation
byOWASP
 
PDF
Dynamic Database Credentials: Security Contingency Planning
bySean Chittenden
 
PDF
Breach > ATT&CK > Osquery: Cross-platform Endpoint Monitoring with Osquery
byUptycs
 
PPTX
SANS @Night Talk: SQL Injection Exploited
byMicah Hoffman
 
PDF
Exploring, understanding and monitoring macOS activity with osquery
byZachary Wasserman
 
PPTX
Securing Hadoop with OSSEC
byVic Hargrave
 
PPTX
Vault - Secret and Key Management
byAnthony Ikeda
 
Security Walls in Linux Environment: Practice, Experience, and Results
byIgor Beliaiev
 
[Wroclaw #7] Security test automation
byOWASP
 
Dynamic Database Credentials: Security Contingency Planning
bySean Chittenden
 
Breach > ATT&CK > Osquery: Cross-platform Endpoint Monitoring with Osquery
byUptycs
 
SANS @Night Talk: SQL Injection Exploited
byMicah Hoffman
 
Exploring, understanding and monitoring macOS activity with osquery
byZachary Wasserman
 
Securing Hadoop with OSSEC
byVic Hargrave
 
Vault - Secret and Key Management
byAnthony Ikeda
 

What's hot

PDF
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
byJeff Horwitz
 
PPTX
Elk ruminating on logs
byMathew Beane
 
PDF
Présentation et démo ELK/SIEM/Wazuh
byclevernetsystemsgeneva
 
PDF
Watch How The Giants Fall: Learning from Bug Bounty Results
byjtmelton
 
PDF
Testing at Stream-Scale
byAll Things Open
 
PPTX
Syntribos API Security Test Automation
byMatthew Valdes
 
PDF
HashiCorp's Vault - The Examples
byMichał Czeraszkiewicz
 
PDF
State of Solr Security 2016: Presented by Ishan Chattopadhyaya, Lucidworks
byLucidworks
 
PPTX
Fosdem17 honeypot your database server
byGeorgi Kodinov
 
PPTX
Boston elasticsearch meetup October 2012
byimotov
 
PPTX
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
byBlueHat Security Conference
 
PPTX
Invoke-Obfuscation DerbyCon 2016
byDaniel Bohannon
 
PDF
Introducing Gridiron Security and Compliance Management Platform and Enclave ...
byAptible
 
PPTX
BGOUG 2014 Decrease Your MySQL Attack Surface
byGeorgi Kodinov
 
PDF
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
byDevOpsDays Riga
 
PPTX
Hug #9 who's keeping your secrets
byCameron More
 
PPTX
Hashicorp Vault ppt
byShrey Agarwal
 
PDF
Using Vault to decouple MySQL Secrets
byDerek Downey
 
PPTX
Red Team vs Blue Team on AWS - RSA 2018
by2nd Sight Lab
 
PPTX
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
byScott Sutherland
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
byJeff Horwitz
 
Elk ruminating on logs
byMathew Beane
 
Présentation et démo ELK/SIEM/Wazuh
byclevernetsystemsgeneva
 
Watch How The Giants Fall: Learning from Bug Bounty Results
byjtmelton
 
Testing at Stream-Scale
byAll Things Open
 
Syntribos API Security Test Automation
byMatthew Valdes
 
HashiCorp's Vault - The Examples
byMichał Czeraszkiewicz
 
State of Solr Security 2016: Presented by Ishan Chattopadhyaya, Lucidworks
byLucidworks
 
Fosdem17 honeypot your database server
byGeorgi Kodinov
 
Boston elasticsearch meetup October 2012
byimotov
 
BlueHat v17 || Detecting Compromise on Windows Endpoints with Osquery
byBlueHat Security Conference
 
Invoke-Obfuscation DerbyCon 2016
byDaniel Bohannon
 
Introducing Gridiron Security and Compliance Management Platform and Enclave ...
byAptible
 
BGOUG 2014 Decrease Your MySQL Attack Surface
byGeorgi Kodinov
 
DevOpsDaysRiga 2018: Andrew Martin - Continuous Kubernetes Security
byDevOpsDays Riga
 
Hug #9 who's keeping your secrets
byCameron More
 
Hashicorp Vault ppt
byShrey Agarwal
 
Using Vault to decouple MySQL Secrets
byDerek Downey
 
Red Team vs Blue Team on AWS - RSA 2018
by2nd Sight Lab
 
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
byScott Sutherland
 

Similar to HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwani and Christian Nuss

PDF
Bursting on-premise analytic workloads to Amazon EMR using Alluxio
byAlluxio, Inc.
 
PPTX
EMR Training
byvishal192091
 
PDF
Amazon Elastic Map Reduce: the concepts
byJulien SIMON
 
PDF
AWS EMR (Elastic Map Reduce) explained
byHarsha KM
 
PPTX
How to run your Hadoop Cluster in 10 minutes
byVladimir Simek
 
PDF
AWS Certified Solutions Architect Associate Notes.pdf
byfayoyiwababajide
 
PPT
Richard Cole of Amazon Gives Lightning Tallk at BigDataCamp
byBigDataCamp
 
PDF
Amazon EMR Masterclass
byIan Massingham
 
PPTX
BigData- On - AWS Cloud -1
byMilind gunjan
 
PDF
WhizCard-CLF-C01-06-09-2022.pdf
by2BA19CS016BharatiJad
 
PPTX
Cost Optimization for Apache Hadoop/Spark Workloads with Amazon EMR
byProvectus
 
PDF
AWS Certified Solutions Architect Associate Exam Guide 1st Edition 2024_KIRAN...
byKiran Kumar Malik
 
PDF
Introductory Overview to Managing AWS with Terraform
byMichael Heyns
 
PDF
[Jun AWS 201] Technical Workshop
byAmazon Web Services Korea
 
PDF
AWS Training.pdf
bySpiritsoftsTraining
 
PDF
AWS Training.pdf
bySpiritsoftsTraining
 
PDF
Amazon elastic map reduce
byTrieu Dao Minh
 
PPTX
Lightening the burden of cloud resources administration: from VMs to Functions
byEUBrasilCloudFORUM .
 
PPTX
Big Data and Hadoop in Cloud - Leveraging Amazon EMR
byVijay Rayapati
 
PDF
EFS_Integration.pdf
bySuman Debnath
 
Bursting on-premise analytic workloads to Amazon EMR using Alluxio
byAlluxio, Inc.
 
EMR Training
byvishal192091
 
Amazon Elastic Map Reduce: the concepts
byJulien SIMON
 
AWS EMR (Elastic Map Reduce) explained
byHarsha KM
 
How to run your Hadoop Cluster in 10 minutes
byVladimir Simek
 
AWS Certified Solutions Architect Associate Notes.pdf
byfayoyiwababajide
 
Richard Cole of Amazon Gives Lightning Tallk at BigDataCamp
byBigDataCamp
 
Amazon EMR Masterclass
byIan Massingham
 
BigData- On - AWS Cloud -1
byMilind gunjan
 
WhizCard-CLF-C01-06-09-2022.pdf
by2BA19CS016BharatiJad
 
Cost Optimization for Apache Hadoop/Spark Workloads with Amazon EMR
byProvectus
 
AWS Certified Solutions Architect Associate Exam Guide 1st Edition 2024_KIRAN...
byKiran Kumar Malik
 
Introductory Overview to Managing AWS with Terraform
byMichael Heyns
 
[Jun AWS 201] Technical Workshop
byAmazon Web Services Korea
 
AWS Training.pdf
bySpiritsoftsTraining
 
AWS Training.pdf
bySpiritsoftsTraining
 
Amazon elastic map reduce
byTrieu Dao Minh
 
Lightening the burden of cloud resources administration: from VMs to Functions
byEUBrasilCloudFORUM .
 
Big Data and Hadoop in Cloud - Leveraging Amazon EMR
byVijay Rayapati
 
EFS_Integration.pdf
bySuman Debnath
 

More from Databricks

PPTX
DW Migration Webinar-March 2022.pptx
byDatabricks
 
PPTX
Data Lakehouse Symposium | Day 1 | Part 1
byDatabricks
 
PPT
Data Lakehouse Symposium | Day 1 | Part 2
byDatabricks
 
PPTX
Data Lakehouse Symposium | Day 2
byDatabricks
 
PPTX
Data Lakehouse Symposium | Day 4
byDatabricks
 
PDF
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
byDatabricks
 
PDF
Democratizing Data Quality Through a Centralized Platform
byDatabricks
 
PDF
Learn to Use Databricks for Data Science
byDatabricks
 
PDF
Why APM Is Not the Same As ML Monitoring
byDatabricks
 
PDF
The Function, the Context, and the Data—Enabling ML Ops at Stitch Fix
byDatabricks
 
PDF
Stage Level Scheduling Improving Big Data and AI Integration
byDatabricks
 
PDF
Simplify Data Conversion from Spark to TensorFlow and PyTorch
byDatabricks
 
PDF
Scaling your Data Pipelines with Apache Spark on Kubernetes
byDatabricks
 
PDF
Scaling and Unifying SciKit Learn and Apache Spark Pipelines
byDatabricks
 
PDF
Sawtooth Windows for Feature Aggregations
byDatabricks
 
PDF
Redis + Apache Spark = Swiss Army Knife Meets Kitchen Sink
byDatabricks
 
PDF
Re-imagine Data Monitoring with whylogs and Spark
byDatabricks
 
PDF
Raven: End-to-end Optimization of ML Prediction Queries
byDatabricks
 
PDF
Processing Large Datasets for ADAS Applications using Apache Spark
byDatabricks
 
PDF
Massive Data Processing in Adobe Using Delta Lake
byDatabricks
 
DW Migration Webinar-March 2022.pptx
byDatabricks
 
Data Lakehouse Symposium | Day 1 | Part 1
byDatabricks
 
Data Lakehouse Symposium | Day 1 | Part 2
byDatabricks
 
Data Lakehouse Symposium | Day 2
byDatabricks
 
Data Lakehouse Symposium | Day 4
byDatabricks
 
5 Critical Steps to Clean Your Data Swamp When Migrating Off of Hadoop
byDatabricks
 
Democratizing Data Quality Through a Centralized Platform
byDatabricks
 
Learn to Use Databricks for Data Science
byDatabricks
 
Why APM Is Not the Same As ML Monitoring
byDatabricks
 
The Function, the Context, and the Data—Enabling ML Ops at Stitch Fix
byDatabricks
 
Stage Level Scheduling Improving Big Data and AI Integration
byDatabricks
 
Simplify Data Conversion from Spark to TensorFlow and PyTorch
byDatabricks
 
Scaling your Data Pipelines with Apache Spark on Kubernetes
byDatabricks
 
Scaling and Unifying SciKit Learn and Apache Spark Pipelines
byDatabricks
 
Sawtooth Windows for Feature Aggregations
byDatabricks
 
Redis + Apache Spark = Swiss Army Knife Meets Kitchen Sink
byDatabricks
 
Re-imagine Data Monitoring with whylogs and Spark
byDatabricks
 
Raven: End-to-end Optimization of ML Prediction Queries
byDatabricks
 
Processing Large Datasets for ADAS Applications using Apache Spark
byDatabricks
 
Massive Data Processing in Adobe Using Delta Lake
byDatabricks
 

Recently uploaded

PDF
2= https___10-0-0-0-1.ph_.pdf10.0.0.0.1,
byPanel Router
 
PPTX
Anjna_DFT_PPTeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.pptx
byBENGUERBAYacine
 
PPT
Data Structures in java programing and ICT.ppt
byCarlos701746
 
PDF
From Microsoft SCOM to Dashboards | Grafana, SquaredUp, Power BI, Azure Workb...
byNiCE IT Management Solutions GmbH
 
PPTX
2B.Carbon-Neutral Technologies and Negative Emission Strategies for Net-Zero ...
byrameshkumar01430
 
PDF
The Gemini Advantage: A Strategic Overview of Google’s Multimodal AI Ecosystem
byRohit Garg
 
DOCX
Leadership as a Catalyst How Nutrition Leadership Influences Health Financing...
byGetachewKebede3
 
PDF
Calculating qualified non-mutagenic impurity levels Harmonization.pdf
byFbioTeixeiradaSilva
 
PPTX
Data_Analysis_Plan-corrected-Biostatistics.pptx
byFahmida Swati
 
PPTX
MC25104 - Data structures and algorithms using python Python_OOP_Theory_and_P...
byjanaki raman
 
PDF
System Center 2025 Migration: Preparing for a Smooth Transition
byNiCE IT Management Solutions GmbH
 
PPTX
Approach to Intra-Hepatic Cholestasis.pptx
byA Vijula Anbazhagan
 
PPT
Acids and alkalis ppt.ppt SVfhasvas jhsvdhsvduisa
byleonciaamolato001
 
PDF
OLAP (Online Analytical Processing) is a technology used for quickly analyzin...
bykibreabtsigabu16
 
PDF
Approaches to Ransomware Protection with NetApp Monitoring
byNiCE IT Management Solutions GmbH
 
PDF
Power BI Template Design Instructions.pdf
bycbendezupublico
 
PPTX
Engineering Project Proposal by Slidesgo.pptx
bythub2306144
 
PPTX
Chapter 4, Blocksmbjkhnl;m',\;lkjhcgjvbkln;m.pptx
byfrsatabdullah1
 
PDF
MATERI HUAWEI AI ALL yang di upload langsung oleh dosen perguruan tinggi.pdf
byscopptelkom25
 
PDF
Glass Facade Treatments and designs in architecture
bymusicianjatin123
 
2= https___10-0-0-0-1.ph_.pdf10.0.0.0.1,
byPanel Router
 
Anjna_DFT_PPTeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.pptx
byBENGUERBAYacine
 
Data Structures in java programing and ICT.ppt
byCarlos701746
 
From Microsoft SCOM to Dashboards | Grafana, SquaredUp, Power BI, Azure Workb...
byNiCE IT Management Solutions GmbH
 
2B.Carbon-Neutral Technologies and Negative Emission Strategies for Net-Zero ...
byrameshkumar01430
 
The Gemini Advantage: A Strategic Overview of Google’s Multimodal AI Ecosystem
byRohit Garg
 
Leadership as a Catalyst How Nutrition Leadership Influences Health Financing...
byGetachewKebede3
 
Calculating qualified non-mutagenic impurity levels Harmonization.pdf
byFbioTeixeiradaSilva
 
Data_Analysis_Plan-corrected-Biostatistics.pptx
byFahmida Swati
 
MC25104 - Data structures and algorithms using python Python_OOP_Theory_and_P...
byjanaki raman
 
System Center 2025 Migration: Preparing for a Smooth Transition
byNiCE IT Management Solutions GmbH
 
Approach to Intra-Hepatic Cholestasis.pptx
byA Vijula Anbazhagan
 
Acids and alkalis ppt.ppt SVfhasvas jhsvdhsvduisa
byleonciaamolato001
 
OLAP (Online Analytical Processing) is a technology used for quickly analyzin...
bykibreabtsigabu16
 
Approaches to Ransomware Protection with NetApp Monitoring
byNiCE IT Management Solutions GmbH
 
Power BI Template Design Instructions.pdf
bycbendezupublico
 
Engineering Project Proposal by Slidesgo.pptx
bythub2306144
 
Chapter 4, Blocksmbjkhnl;m',\;lkjhcgjvbkln;m.pptx
byfrsatabdullah1
 
MATERI HUAWEI AI ALL yang di upload langsung oleh dosen perguruan tinggi.pdf
byscopptelkom25
 
Glass Facade Treatments and designs in architecture
bymusicianjatin123
 

HIPAA Compliant Deployment of Apache Spark on AWS for Healthcare Nitin Panjwani and Christian Nuss

  • 1.
    HIPAA Compliant Deployment ofApache Spark on AWS Nitin Panjwani, Christian Nuss Collective Health #Ent8SAIS
  • 2.
    2 What do wedo Collective Health provides a platform for employers to provide healthcare benefits to their workforce. Objective Data Driven approach to reduce the cost for the employer and provide a high quality service to members. #Ent8SAIS About Collective Health
  • 3.
  • 4.
  • 5.
    • Diverse userbackgrounds: SQL, Python, Java • Big Benchmark Data • Shared Notebooks (Zeppelin) for Big Data • Advanced ML models – Risk scores: regression models – Classifiers to find members on our proprietary recommendation engine #Ent8SAIS 5 Analytics Platform Requirements
  • 6.
    Our Compliance Landscape #Ent8SAIS6 HIPAA and PHI • Health Insurance Portability and Accountability Act Safeguards • Protected Health Information (PHI) SOC 2 • Service Organization Control Type 2 Ensures • Privacy • Security • Availability • Integrity • Confidentiality
  • 7.
    • Encryption • Authentication •Authorization • Identity 7#Ent8SAIS • Access Logging • Auditability • Scalability • Repeatability Our Requirements HIPAA and SOC 2
  • 8.
    8#Ent8SAIS Data Science Challenges •Access to data is not easily available due to regulatory compliance • Systems in cloud should have access to data • We need Cloud version of Jupyter/Zeppelin • Bringing in new technologies is not easy – Framework should be compliant • Data footprint should be auditable
  • 9.
    What is AmazonEMR? Elastic MapReduce "Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances." "You can also run other popular distributed frameworks such as Apache Spark, HBase, Presto, and Flink." 9#Ent8SAIS
  • 10.
    What does EMRdo? 10#Ent8SAIS Infrastructure Management Software Installation Configuration Management Monitoring & Administration
  • 11.
    EMR Services 11#Ent8SAIS Flink GangliaHadoop HBase HCatalog Hive Hue Livy Mahout MXNet Oozie Phoenix Pig Presto Spark Sqoop Tez Zeppelin ZooKeeper
  • 12.
    EMR Services 12#Ent8SAIS Flink GangliaHadoop HBase HCatalog Hive Hue Livy Mahout MXNet Oozie Phoenix Pig Presto Spark Sqoop Tez Zeppelin ZooKeeper
  • 13.
  • 14.
    Customizing EMR General Settings 14#Ent8SAIS •Security Groups • IAM Roles • Logging • Encryption • Monitoring • Auto-Scaling
  • 15.
    Customizing EMR Bootstrap Actions 15#Ent8SAIS •Shell scripts in S3 • Runs on all nodes • Runs prior to EMR installs Examples: • Set up SSO on Zeppelin • Additional Python or Java packages • Custom monitoring
  • 16.
    Customizing EMR Configurations 16#Ent8SAIS • JSONFormat • Overrides defaults • Difficult to understand and verify Examples: • Spark Defaults • Yarn Container Limits • Add TLS to Zeppelin Web UI • Verbose Logging https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-5x.html
  • 17.
    Customizing EMR Start-Up Steps 17#Ent8SAIS •Hadoop JAR • AWS "script-runner.jar" • Runs any job once cluster is ready Examples: • Test connectivity • Set Zeppelin Interpreter settings • Run any arbitrary script against a running cluster
  • 18.
    PSA: Ephemeral Infrastructure 18 •Most changes require the cluster to recreate • Treat EMR clusters as immutable • HDFS data is not durable • Cluster changes take 5-10 minutes #Ent8SAIS
  • 19.
    19#Ent8SAIS General Settings Bootstrap Actions Configurations Start-Up Steps UI or APIScript JSON Hadoop JAR EMR Customizations Complex and Fragmented
  • 20.
  • 21.
    What is Terraform? 21#Ent8SAIS Infrastructure AsCode State Reproducible Infrastructure
  • 22.
    22#Ent8SAIS What is Terraform? DeclarativeConfiguration Files resource "aws_s3_bucket" "bucket" { bucket = "${var.cluster_name}-${terraform.env}" acl = "private" } resource "aws_emr_cluster" "cluster" { name = "${var.cluster_name}" release_label = "emr-5.13.0" applications = ["Spark", "Zeppelin", ...] … log_uri = "s3n://${aws_s3_bucket.bucket.id}/logs" … master_instance_type = "c4.large" core_instance_type = "c4.large" core_instance_count = 3 }
  • 23.
    23#Ent8SAIS What is Terraform? APICalls, Codified! $> terraform apply aws_s3_bucket.bucket: Creating... … bucket: "" => "cnuss-test-us-west-1-default" … aws_s3_bucket.bucket: Creation complete after 3s (ID: cnuss-test-us-west-1-default) aws_emr_cluster.cluster: Creating... … aws_emr_cluster.cluster: Creation complete after 4m23s (ID: j-3CUR3J8Y6NYE9) Apply complete! Resources: 2 added, 0 changed, 0 destroyed. https://github.com/hashicorp/terraform
  • 24.
    24#Ent8SAIS What is Terraform? Changes,As Code! resource "aws_s3_bucket" "bucket" { bucket = "${var.cluster_name}-${terraform.env}" acl = "private" versioning { enabled = true } } resource "aws_emr_cluster" "cluster" { name = "${var.cluster_name}" release_label = "emr-5.13.0" applications = ["Spark", "Zeppelin", ...] … log_uri = "s3n://${aws_s3_bucket.bucket.id}/logs" … master_instance_type = "c4.large" core_instance_type = "c4.large" core_instance_count = 3 }
  • 25.
    25#Ent8SAIS What is Terraform? Stateful $>terraform apply aws_s3_bucket.bucket: Refreshing state... (ID: cnuss-test-us-west-1-default) aws_emr_cluster.cluster: Refreshing state... (ID: j-3CUR3J8Y6NYE9) aws_s3_bucket.bucket: Modifying... (ID: cnuss-test-us-west-1-default) versioning.0.enabled: "false" => "true" aws_s3_bucket.bucket: Modifications complete after 2s (ID: cnuss-test-us-west-1-default) Apply complete! Resources: 0 added, 1 changed, 0 destroyed. https://github.com/hashicorp/terraform
  • 26.
    26#Ent8SAIS What is Terraform? Also,dangerous… $> terraform destroy Terraform will perform the following actions: - aws_emr_cluster.cluster - aws_s3_bucket.bucket aws_emr_cluster.cluster: Destroying... (ID: j-3CUR3J8Y6NYE9) aws_emr_cluster.cluster: Destruction complete after 1m48s (ID: j-3CUR3J8Y6NYE9) aws_s3_bucket.bucket: Destroying... (ID: cnuss-test-us-west-1-default) aws_s3_bucket.bucket: Destruction complete after 0s Destroy complete! Resources: 1 destroyed. https://github.com/hashicorp/terraform
  • 27.
    Typical Terraform Workflow 27#Ent8SAIS StateFile Check-In Notify Run Change Read/Write
  • 28.
    EMR + Terraform OurCustomizations 28#Ent8SAIS • TLS Everywhere (HDFS, Zeppelin) • All Logs to S3 for Log Analysis • S3 Encryption and Versioning • Zeppelin + SSO + 2FA • Custom Monitoring Agents Installed • Autoscaling • Terraform Code in GitHub, Jenkins runs Terraform
  • 29.
    Next Steps • Identityand logging of spark-submit commands • Expose spark-submit to other applications and engineers • Jupyter Access to Spark • Use EMRFS instead of HDFS (waiting on Terraform) • Additional Monitoring and Autoscaling 29#Ent8SAIS
  • 30.
    https://eng.collectivehealth.com Sample Code /Starter Kit 30#Ent8SAIS https://twitter.com/hashtag/Ent8SAIS https://linkedin.com/in/christiannuss
  • 31.
    Key Takeaways • BigData Analytics in Healthcare is very challenging • EMR "out-of-the-box" requires extensive customizations to comply with regulations – Need to add encryption, logging, identity • Terraform(API for infra) adds value – Simplifies confusing configuration options – Repeatability – All configuration is code 31#Ent8SAIS
  • 32.
    Our Results SoFar... • Developed demographic factors – Variation in average per capita cost due to age and gender • Geo cost variation factors based on MSA – Variations in the average per capita cost due to cost and use of medical practice by metropolitan statistical areas (MSAs) • Industry factors – Variations due to industry • Cost variations by clinical conditions • Disease prevalence • Risk Scores (regression model)
  • 33.
    Thank You! Q&A? 33#Ent8SAIS Christian Nuss SeniorSRE Collective Health github.com/cnuss https://collectivehealth.com/jobsNitin Panjwani Principal Data Scientist Collective Health linkedin.com/in/npanj