Moving Health to the Private Cloud

Landscape

An Australian health department was eager to move to the cloud to take advantage of the scalability and elasticity provided by the public cloud infrastructure and services. Understandably, securing the privacy of patient medical data given the context and sensitivities around it was paramount.   Chamonix was engaged to provide a solution that satisfied both the flexibility of the cloud with the security of a restricted data centre.  Microsoft’s Azure Private Cloud was selected on the basis that it provides the department and its employees with access to the full suite of Azure cloud services without allowing access by the public.

Our Solution

Our team used Azure Private Cloud to effectively extend the secure internal network into Microsoft’s own data centres. Effectively, this means that only authorised members of the department’s network are able to connect to the systems or data residing in the provisioned Azure tenant.  With the Azure Private Cloud environment now established, the move highlighted the suitability of a recently developed viewer tool for a move to the cloud. The viewer tool is used to view patient data collected from various health department systems and the national My Health Record to provide for a more connected healthcare eco-system.

Working closely with the department’s internal team, we proceeded to set up the environments for the viewer tool (dev, test, pre-production and production), working around the typical problems associated with moving an application from a different environment through containerisation to ensure consistency.  Using IaC (Infrastructure as Code) – we effectively codified the process for easy deployment.

We were able to move quickly to create efficiencies in establishing a new environment this way with each component within the containers able to be scaled up or down depending on the use of those environments. Using a production environment and leveraging Azure Cloud also allowed the spin up of additional nodes. The use of Terraform for IaC allowed an easier pathway for the department, should it go on to use a different cloud platform in the future.

Technology leveraged in the overall process included:

• Azure ExpressRoute and Azure Private Link for private connections to Azure services from on-premises systems;
• Docker containers for running the various solution components consistently across the department’s Dev, Test, Pre-Prod and Prod environment;
• Azure Kubernetes Service for scaling containerised components on demand;
• Azure SQL Database and Azure Database for Postgres SQL for highly available and scalable database services;
• Azure Key Vault for secure secret and key storage;
• Azure Application Gateway and Azure Load Balancer for managing web traffic and load;
• Azure DevOps for continuous integration and deployment of containerised components;
• Azure Monitor for monitoring and logging the health and performance of solution.

As a by-product of our work, there is now an established Azure Express Route and components within the private cloud that can communicate with existing systems that are on-prem – utilising a hybrid model but with the security of a private connection.