By Arjun Chakraborty, Sr. Solutions Architect at AWS
By Jonathan Victor, CIO at Insurity
The increasing frequency and severity of natural disasters worldwide have brought a higher level of focus on the availability of insurance carriers’ IT systems, particularly those related to claims management.
In the aftermath of a large-scale disaster—such as a Gulf Coast hurricane or California wildfire—the number of claims will jump significantly. Insurance carriers’ claims systems must be highly available (HA) and ready to scale to accommodate the needs of affected policyholders; and then scale back down afterwards, as well.
Not being able to process claims rapidly and accurately, or provide access to much-needed insurance resources, because of IT systems failure would undoubtedly cause insurance carriers to lose the trust of their policyholders and suffer significant reputational damage.
Most insurers (and regulators) understand these risks and are moving to adopt core systems that are resilient, highly available, and built to scale up and down as needed.
Independent software vendors (ISVs) servicing the insurance industry can take advantage of Amazon Web Services (AWS) infrastructure and services to architect solutions that meet these needs, without requiring large up-front capital expenditures.
Insurity ClaimsXPress is a claims management system built on AWS that provides a redundant, secure, multi-region architecture. In this post, we will outline how Insurity has architected their ClaimsXPress solution on AWS to deliver an enterprise-grade software-as-a-service (SaaS) solution for the commercial insurance market.
As a leading provider of cloud-based solutions and data analytics for the world’s largest insurers, brokers, and managing general agents (MGAs), Insurity empowers clients to focus on their core businesses, optimize their operations, and deliver superior customer experiences.
ClaimsXPress Cloud Architecture Overview
ClaimsXPress is architected for scalability, security, and reliability. Each insurance carrier has its own instance of ClaimsXPress running within a multi-tenant SaaS environment on AWS.
Insurity architected an isolated, virtual private cloud (VPC) for the ClaimsXPress production environment. This is separate from test environment VPCs that clients use to validate workflows and test new system releases.
Security is a top priority for Insurity, and all data is encrypted both at rest and in transit. Insurity leverages Amazon Elastic Block Store (Amazon EBS) block-level encryption, and encrypts traffic within the VPC using the VNS3 encryption platform. External traffic uses 256-bit SSL-based encryption.
The diagram in Figure 1 below outlines the redundant nature of the Insurity cloud. Intra-region redundancy is derived by deploying resources in multiple Availability Zones (AZs) to insulate end users from an issue occurring in any single zone.
Insurity also architected a multi-region redundancy strategy to provide an additional layer of reliability by replicating workloads to a geographically separate AWS region. When combined, these strategies enable Insurity to deliver four nines of availability to SaaS clients.
Figure 1 – Insurity enterprise disaster recovery architecture.
Key Application and Cloud Architecture Components
ClaimsXPress employs a three-tier web application architecture with encryption for internal network traffic, external web traffic, and file transfer.
All traffic passes through a network controller from Cohesive Networks (also an APN Technology Partner), and this provides a secure firewall and an encrypted overlay network. These controllers are deployed as Amazon Machine Images (AMIs) from AWS Marketplace in two AZs in an active-active mode.
Web and application servers are deployed in HA mode across two AZs with enough spare capacity to withstand the loss of one. A SQL Server-based database is deployed across two AZs so that changes are replicated synchronously, and to another region asynchronously, leveraging Microsoft SQL Always On availability groups.
An NFS-based file server is deployed to store documents associated with claims. The file server uses a Windows file server cluster and is deployed across two AZs. It uses Windows Distributed File System (DFS) to replicate files over to the disaster recovery (DR) region.
Amazon EBS volumes and Amazon Elastic Compute Cloud (EC2) instances are backed-up, encrypted, and stored with a regulatory-compliant lifecycle policy, leveraging Amazon Simple Storage Service (Amazon S3) archive functionality. These backups are also replicated to the DR region, where a new environment can be spun using AWS Command Line Interface (CLI) scripts.
AppDynamics, another APN Technology Partner, is used for application performance monitoring to provide Insurity’s Cloud Operation team with transparency and deep stack analytics on application usage and performance.
Insurity approaches redundancy from both intra-region and cross-region perspectives. Within each AWS region, Insurity deploys applications across multiple AZs, building resiliency and providing protection from infrastructure failures within the primary production VPC.
Insurity has architected ClaimsXPress to the N+1 standard to eliminate any single point of failure within the application stack. This application and cloud architectures enable Insurity to deliver a highly available solution for its customers—commercial insurers.
For disaster recovery, Insurity runs a secondary VPC in a separate geographic region, and replicates data between the primary and secondary VPC using the AWS network backbone.
Insurity delivers a recovery time objective (RTO) of less than four hours, and a recovery point objective (RPO) of less than five minutes. This is possible because of the solution’s enterprise DR architecture, which leverages a combination of Microsoft SQL Always On, Microsoft DFS replication, and AMI backups.
Leveraging APN Technology Partner Solutions
Insurity uses several APN Technology Partner solutions to complement the native capabilities of AWS to assist with management and monitoring.
APN Partner solutions leveraged for ClaimsXPress include:
- AppDynamics for application performance and end-user experience monitoring.
- CloudCheckr for validation of security configurations on all public-facing endpoints in the AWS environment, such as Amazon EC2 instances, Elastic Load Balancing, and Amazon S3 buckets; and for sending alarms when services are experiencing events.
- Splunk for SIEM monitoring all of the Amazon CloudWatch and AWS CloudTrail Logs. VictorOps is also used for alert consolidation and escalation.
AWS is a critical technology partner for Insurity, which has historically had a much greater span of control over the success of ClaimsXPress implementations when clients run in the cloud vs. being deployed within client infrastructures.
This success comes down to Insurity owning the end-to-end user experience on the ClaimsXPress cloud platform, and being able to explicitly select best-in-class native capabilities from AWS to deliver a highly available, secure, and resilient solution.
Customer Use Case: Pacific Claims Management on AWS
Pacific Claims Management (PCM) is a licensed third-party administrator (TPA) that provides claims administration and management services to public and private sector self-insured employers in the state of California.
The task of administering workers’ compensation claims, for example, is complicated for employers, particularly self-insured businesses that are responsible for administering the claims themselves. Delays or errors made while administering a claim can negatively impact a worker’s recovery, as well as the employer’s bottom line. This increases frustration and dissatisfaction for all parties involved.
As a TPA, Pacific Claims Management removes the complexity of claims administration. They have adopted ClaimsXPress to move away from managing infrastructure, and to keep pace with changes needed to keep their software current.
Updating a claims system is cumbersome given the number of schedules, regulations, and additional information that must be regularly updated and changed, potentially in every state in which the company writes policies.
With ClaimsXPress, PCM has been able to do away with a lot of day-to-day concerns around availability and change management and spend more time driving effective client solutions.
Each ClaimsXPress client production environment which runs on AWS is architected for scalability, security, and reliability. PCM’s architecture is an instance of ClaimsXPress running in a multi-tenant environment on AWS within an isolated Insurity VPC.
Data is encrypted at-rest using Amazon EBS block-level encryption, in flight within the VPC using the VNS3 encryption platform, and in-transit to the desktop using 256-bit SSL-based encryption. All data is replicated to a DR instance, and for increased redundancy PCM’s production environment is deployed across two AZs.
Since moving to ClaimsXPress, PCM has been able to focus on what’s important: building customer relationships and helping clients improve their approach to claims management. It’s also given PCM the flexibility needed to respond rapidly to changes in the workers’ compensation industry in California.
Insurance is a business built on trust, which can disappear quickly when claims are poorly managed.
Insurance carriers need to know their claims management systems will function properly in a variety of situations—from day-to-day operations, through the management of large-scale catastrophes and the multitude of claims that result from them.
Leveraging AWS infrastructure and solutions from other APN Technology Partners, Insurity has built a claims management solution that meets insurers’ needs, even under the most demanding conditions.
Taking advantage of both native AWS services and best-in-class technology partners, and through intra- and cross-region redundancy, Insurity’s ClaimsXPress solution has achieved some of the highest degrees of availability, security, and resiliency in the industry.
Insurity – APN Partner Spotlight
Insurity is an AWS Competency Partner. They are a leading provider of cloud-based solutions and data analytics for the world’s largest insurers, brokers, and managing general agents (MGAs).
*Already worked with Insurity? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.
from AWS Partner Network (APN) Blog: https://aws.amazon.com/blogs/apn/how-insurity-architected-claimsxpress-for-high-availability-and-resiliency-on-aws/