In this session, hear how Cambia Health Solutions, a not-for-profit total health solutions company, created a self-service data model to convert a large-scale, on-premises batch processing model to a cloud-based, real-time pub-sub and RESTful API model. Learn how Cambia leveraged AWS services like Amazon Aurora, AWS Database Migration Service (AWS DMS), AWS Lambda, and AWS messaging services to create an architecture that provides a reasonable runway for legacy customers to convert from old mode to new mode and, at the same time, offer a fast track for onboarding new customers.

1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS re:INVENT
Refactoring to the Cloud
H e a l t h c a r e P a y e r s a n d S e r v e r l e s s B a t c h P r o c e s s i n g E n g i n e s
H L C 3 0 8
N o v e m b e r 2 7 , 2 0 1 7
T i m M i c k o l & J o h n S t a e l e n s

2. 22
Our Cause
To serve as a catalyst to transform health care,
creating a person-focused and economically
sustainable system.

3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CURRENT ARCHITECTURE

4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CURRENT ARCHITECTURE CHARACTERISTICS
• Mishmash of domains in a monolithic data model
• Knotted workflows with time-sensitive dependencies
• Too many interfaces and too little abstraction
• Opaque scattered business logic
• Difficult to change and test
• Laden with tech debt, dead ends, cruft
• Painful and costly to support

5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
NO LIFT & SHIFT
• Leave technical debt behind
• Bridge bi-modal IT model
• Continuously replicate selected on-premises data
• Reasonable legacy migration runway
• De-emphasize legacy, favor evolution in the cloud
• Disrupt, but do so gently...

6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EMERGENT ARCHITECTURE CHARACTERISTICS
• Pub/sub-enterprise integration pattern
• RESTful APIs in a microservices ecosystem
• Domain-driven design
• Event sourcing
• Serverless computing
• Managed services
• Unlocking innovation

7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EMERGENT ARCHITECTURE

8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HIPAA & PHI
• Ensure the confidentiality, integrity, and availability of
all e-PHI we create, receive, maintain, or transmit
• Identify and protect against reasonably anticipated
threats to the security or integrity of the information
• Protect against reasonably anticipated, impermissible
uses, or disclosures
• Ensure compliance by our workforce

9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SATISFYING SECURITY REQUIREMENTS

10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
INFOSEC & APPSEC
• Engaged office of CISO early and often
• All PHI & PII encrypted in flight & at rest
• Submitted to multiple architecture security audits
• Internal – office of CISO
• Third party – AWS Well Architected Review
• All services HIPAA Eligible and covered by BAA
https://aws.amazon.com/compliance/hipaa-eligible-services-reference/

11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
IAC IS GOODNESS
• Ideation rapidly becomes concrete
• Explicitly self-describing systems
• Cost optimization can be automated
• Created many new Ansible roles
• Ansible roles become reusable enterprise resources
• Immutable components stood-up, torn-down easily,
rapidly

12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CONVERT ORACLE SCHEMA TO MYSQL w/SCT

13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SCT: SCHEMA CONVERSION TOOL
• Intuitive UI
• Become rapidly proficient
• Create conversion mapping rules
• Used for initial conversion, DDL generation
• Great conversion reporting feature
• Create table-mapping.json for input to IaC

14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CONTINUOUS REPLICATION VIA DMS

15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DMS COMPONENTS
• Replication subnet groups
• KMS Customer Managed
• SSL certificates
• Replication Instance
• Source and target database endpoints
• Migration task(s)
• All provisioned via IaC

16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DMS MIGRATION CONSIDERATIONS
• Full load or CDC only or both
• Read the documentation carefully, ask questions!
• Experiment with settings (scores of them!)
• Use Amazon CloudWatch for granular instrumentation
• Iterate and tune for performance and transactional
integrity
• Tune your choice of instance class

17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CUD STREAMING VIA LAMBDA AND SNS

18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS AURORA MYSQL TO LAMBDA
CALL mysql.lambda_async (
lambda_function_ARN,
lambda_function_input )

19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SUBSCRIPTION OPTIONS

20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EVENT PUBLICATION SEQUENCE
>> On-premises database transaction
>> DMS replication transaction
>> Aurora MySQL triggers
>> Stored procedure wrapper
>> mysql.lambda_async()
>> Lambda function
>> SNS

21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
ASYNC PUBLISH ERROR HANDLING

22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EVENT SOURCING
“Event Sourcing ensures that all changes to application
state are stored as a sequence of events. Not just can we
query these events, we can also use the event log to
reconstruct past states, and as a foundation to
automatically adjust the state to cope with retroactive
changes.”
– Martin Fowler

23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EVENT
{
“id”: “b2a26034-a7c1-11e7-abc4-cec278b6b50a”,
“when”: “2020-01-31T21:00:00.000Z”,
“action”: “create”
}

24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AD HOC QUERIES & EVENT REPLAY VIA API

25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
INDIVIDUAL EVENT SOURCING

26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
REPLAY TO SINGLE SUBSCRIBER (DESIRED)*
*SQS directly to Lambda is not currently supported

27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
REPLAY TO SINGLE SUBSCRIBER (CURRENT)

28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HERE WE GO, READY TO REFACTOR IN FLIGHT
• Defined interfaces
• New integrations consume events, including our solutions
• Runway of new customers lined up
• Monolith deconstructed into two applications (so far)
• Microservice architecture foundation
• Event sourcing implementation

29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
LESSONS LEARNED
• Prototype, POC fast and dirty in a sandbox
• Start IaC development early
• Start SSL configuration early (firewalls and security
groups and packet sniffing)
• Understand your IAM requirements
• Pair development – faster development, fewer mistakes
• Engage your AWS Solution Architect
• If you want it, ask your AWS TAM for PFR

30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
REFERENCES
AWS Well Architected
AWS HIPAA Eligible
Download SCT
Set CloudWatch Alarms for Amazon SQS
Martin Fowler on Event Sourcing
Martin Fowler on CQRS
Martin on DDD Bounded Context
Glad to be here

31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!
Y e n , R o n , R o b , S c o t t , E r i c , J a m e s , K i r k , B r i a n , S c o t t , B r e n t , D a n i e l l e ,
T a m m y , B r a d . . .
G L A D T O B E H E R E