By Vani Eswarappa, Sr. Solutions Architect – AWS
An important focus for Amazon Web Services (AWS) and Red Hat is supporting IT modernization for U.S. Health and Human Services (HHS) state government agencies.
HHS modernization efforts include moving to the cloud, connecting disparate datasets, and embracing shared services across multiple agencies.
The Red Hat and AWS cloud-based platform provides scalability, on-demand access to resources, and self-service functionalities to users. It also provides cost benefits and accelerated support services while optimizing resource utilization. The AWS platform provides security for storage and handling of healthcare-related sensitive data.
Red Hat is an AWS ISV Partner with the Containers Competency that helps customers get the most of the AWS Cloud by guiding them along their modernization journeys.
This post highlights how the strategic alignment of Red Hat and AWS supports the demand for healthcare integration and IT modernization in HHS state agencies. I will explore how to integrate and modernize HHS applications on AWS, and ensure they run in a resilient and scalable way to deliver high service quality and business value.
The mission of HHS is to enhance the health and well-being of all Americans. To meet these goals, HHS runs more than 100 programs offering protection for all U.S. citizens. HHS provides essential human services, especially for those who are least able to help themselves.
Government agencies are encouraged to cross-collaborate and share information on a structured basis. Legacy applications for Child Welfare, Child Support, SNAP and TANF, Eligibility Enrollment, and Health Benefit Exchange data is stored in disparate systems. This makes cross-platform collaboration challenging. There are often duplicate data and services, which result in complex systems that are expensive to maintain and operate.
To address these challenges, there is demand for a platform that provides a common IT interface between agencies. It needs a flexible, modular architecture that adapts to future requirements and can make changes quickly and consistently.
Figure 1 – Healthcare silos lead to duplicate data and services and expensive complexity.
The State of Maryland leaders chose Red Hat and AWS to provide many of the shared services tools. These support their core systems automation (Ansible, for example) and integration technologies (Red Hat Fuse and AMQ) to address cross-platform integration challenges.
The following section shows a high-level reference architecture that any healthcare entity can adopt. It can solve challenges related to cross-program collaboration and reduce complexity associated with disparate systems owned by multiple agencies.
This shared data service platform consists of several Red Hat solutions running on AWS designed to address specific enterprise use cases:
- Red Hat Enterprise Linux: An enterprise open source operating system (OS) that supports running traditional, on-premises applications in the cloud.
- Red Hat OpenShift Container Platform: An enterprise-grade platform with no vendor lock-in, offering a complete set of services to enhance the management and developer experience for deploying enterprise applications on Kubernetes.
- Red Hat Fuse: A distributed, cloud-native integration platform provides an API-centric, container-based architecture that decouples services to create, expand, and deploy independently.
- Red Hat AMQ Broker: Supports streaming messaging architecture offering low latency, fault tolerance, and resilient message delivery. It is highly scalable and provides better performance, high throughput, and durable messaging platform to streaming applications.
- Red Hat 3Scale: An API management and security platform makes it easier to share, secure, distribute, control, and monetize APIs on an infrastructure platform built for performance and future growth. Red Hat 3Scale provides centralized control on APIs including analytics, access control, developer workflows, and more.
- Red Hat JBoss Enterprise Application Platform (EAP): An application development platform with robust security, performance, and scalability across agencies’ on-site, virtual, and cloud environments.
- Red Hat Ansible Automation: A solution that simplifies, centralizes, and automates management across the state’s IT infrastructure for greater productivity. It provides role-based access control, job scheduling, integrated notifications, and user-friendly graphical inventory management.
Figure 2 – Cloud-native Medicaid and Human Services enterprise platform.
The above Red Hat solutions are deployed on an OpenShift container platform. OpenShift is an enterprise-ready Kubernetes container platform with many open-source services integrated into the platform to offer a well-rounded platform experience out of the box for developers.
OpenShift Master nodes host the API server for cluster administration and management, Controllers, and etcd components of Kubernetes. OpenShift infrastructure nodes provide a built-in OpenShift container registry and an OpenShift router layer for routing traffic and monitoring OpenShift clusters.
Red Hat solutions—Red Hat Fuse, AMQ broker, 3Scale, and Red Hat Enterprise Application Platform—are deployed as Kubernetes pods on worker nodes. These pods can scale automatically, maintain the desired number of services, and provide better performance to the users of the platform.
Red Hat uses OpenShift on AWS to deploy their shared data platform. The scalable infrastructure of AWS allows agencies to host their growing workloads in a cost-effective way.
AWS offers out-of-the box features to ensure performance, reliability, scalability, and security with fine-grained access management required for managing sensitive healthcare information in distributed teams.
AWS services for shared data platform provides:
- AWS Direct Connect provides low latency and a secure and private connection to AWS required for connecting the agency’s network to their Amazon Virtual Private Cloud (Amazon VPC).
- AWS Virtual Private Network (VPN) provides encrypted tunnels between the agency’s network to Amazon VPC for accessing sensitive data of citizens.
- Amazon Route 53 provides a highly available and scalable DNS service to route end user traffic to infrastructure running on AWS.
- Amazon Elastic Cloud Compute (Amazon EC2) provides on-demand scalability of virtual servers required for hosting the OpenShift container platform. Amazon EC2 allows applications to quickly scale capacity, both up and down, as applications computing requirements change, allowing you to pay for what you use.
- Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale relational databases in the cloud.
- Amazon Elastic Block Store (Amazon EBS), Amazon Elastic File System (Amazon EFS), and Amazon Simple Storage Service (Amazon S3) offer on-demand storage for the applications to store sensitive data securely and protect data using encryption both at rest and in transit.
Security and Compliance Services
- AWS Identity and Access Management (IAM) enables customers to provide fine-grained access control to AWS services and resources securely.
- AWS Key Management Service (KMS) allows customers to create, import, rotate, delete, and manage permission on keys used for encrypting data at rest.
- AWS Certificate Manager helps to securely manage customers’ TLS certificates for use with both AWS services and the customers’ applications.
- AWS Config provides auditing capability to evaluate the AWS resource configuration, continuously monitor, and alert customers.
- AWS WAF is a web application firewall that helps protect agencies’ web applications or APIs against common web exploits and bots that may compromise application security or consume excessive resources.
Figure 3 – Shared data platform on AWS.
Red Hat has helped 10 states that have undergone this transformation by integrating multiple agency data in a shared platform. The solution is modular, secure, and MITA and FHIR compliant.
The first agency to adopt the shared data platform built on AWS using Red Hat solutions was the Maryland Department of Human Services (DHS).
DHS designed and built the Maryland Total Human-services Integrated Network (MD THINK) to deliver integrated health and human services programs to the state’s most vulnerable residents. DHS designed and launched MD THINK as a multi-agency platform in three months. The Maryland Office for Refugees and Asylees (MORA) now supports 15,000 citizens using the platform’s capabilities.
The new platform makes it easier for residents to access state services online, without having to travel to a local office or healthcare facility. It provides a single view of citizens across dozens of social services, and breaks down data barriers between agencies so that state and healthcare caseworkers can reduce the processing times from months to days.
Reduced Operational Costs
Uniting development and management on a single platform with an infrastructure-as-a-service (IaaS) model means project costs can be shared across multiple agencies. This reduces management and other staffing time and costs. This flexible, modular approach allows components to be modified without replacing the entire system, saving considerable labor costs and effort.
Standardized Security to Protect Sensitive Data
Protecting sensitive health records and citizens’ personal data is critical to the success of healthcare systems. The shared data services platform takes advantage of military-grade security capabilities embedded in Red Hat’s enterprise open-source technology. This ensures data is shared and accessed only by authorized parties and protected from cybersecurity threats. With this support, HHS can comply with state and federal data regulations.
Government agencies need to modernize and transform services to more quickly adapt to evolving mission needs and meet the expectations of their stakeholders. Together, Red Hat and AWS enable agencies to benefit from open-source innovation while mitigating risk.
Red Hat and AWS provide the tools and technologies that let government agencies modernize and prepare their IT environments for digital transformation. Agencies can choose where to transform and where to use existing investments with a hybrid platform that supports both legacy and new applications and services.
Red Hat products are tested, certified, and supported on AWS to help public sector organizations meet their missions securely with more efficiency, agility, and speed.
Red Hat – AWS Partner Spotlight
Red Hat is an AWS Competency Partner that helps customers get the most of the AWS Cloud by guiding them along their modernization journeys.
*Already worked with Red Hat? Rate the Partner
*To review an AWS Partner, you must be a customer that has worked with them directly on a project.