Más contenido relacionado La actualidad más candente (20) Similar a HLC308_Refactoring to the Cloud (20) Más de Amazon Web Services (20) HLC308_Refactoring to the Cloud1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AWS re:INVENT
Refactoring to the Cloud
H e a l t h c a r e P a y e r s a n d S e r v e r l e s s B a t c h P r o c e s s i n g E n g i n e s
H L C 3 0 8
N o v e m b e r 2 7 , 2 0 1 7
T i m M i c k o l & J o h n S t a e l e n s
2. 22
Our Cause
To serve as a catalyst to transform health care,
creating a person-focused and economically
sustainable system.
3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CURRENT ARCHITECTURE
4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CURRENT ARCHITECTURE CHARACTERISTICS
• Mishmash of domains in a monolithic data model
• Knotted workflows with time-sensitive dependencies
• Too many interfaces and too little abstraction
• Opaque scattered business logic
• Difficult to change and test
• Laden with tech debt, dead ends, cruft
• Painful and costly to support
5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
NO LIFT & SHIFT
• Leave technical debt behind
• Bridge bi-modal IT model
• Continuously replicate selected on-premises data
• Reasonable legacy migration runway
• De-emphasize legacy, favor evolution in the cloud
• Disrupt, but do so gently...
6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EMERGENT ARCHITECTURE CHARACTERISTICS
• Pub/sub-enterprise integration pattern
• RESTful APIs in a microservices ecosystem
• Domain-driven design
• Event sourcing
• Serverless computing
• Managed services
• Unlocking innovation
7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EMERGENT ARCHITECTURE
8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HIPAA & PHI
• Ensure the confidentiality, integrity, and availability of
all e-PHI we create, receive, maintain, or transmit
• Identify and protect against reasonably anticipated
threats to the security or integrity of the information
• Protect against reasonably anticipated, impermissible
uses, or disclosures
• Ensure compliance by our workforce
9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SATISFYING SECURITY REQUIREMENTS
10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
INFOSEC & APPSEC
• Engaged office of CISO early and often
• All PHI & PII encrypted in flight & at rest
• Submitted to multiple architecture security audits
• Internal – office of CISO
• Third party – AWS Well Architected Review
• All services HIPAA Eligible and covered by BAA
https://aws.amazon.com/compliance/hipaa-eligible-services-reference/
11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
IAC IS GOODNESS
• Ideation rapidly becomes concrete
• Explicitly self-describing systems
• Cost optimization can be automated
• Created many new Ansible roles
• Ansible roles become reusable enterprise resources
• Immutable components stood-up, torn-down easily,
rapidly
12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CONVERT ORACLE SCHEMA TO MYSQL w/SCT
13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SCT: SCHEMA CONVERSION TOOL
• Intuitive UI
• Become rapidly proficient
• Create conversion mapping rules
• Used for initial conversion, DDL generation
• Great conversion reporting feature
• Create table-mapping.json for input to IaC
14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CONTINUOUS REPLICATION VIA DMS
15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DMS COMPONENTS
• Replication subnet groups
• KMS Customer Managed
• SSL certificates
• Replication Instance
• Source and target database endpoints
• Migration task(s)
• All provisioned via IaC
16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
DMS MIGRATION CONSIDERATIONS
• Full load or CDC only or both
• Read the documentation carefully, ask questions!
• Experiment with settings (scores of them!)
• Use Amazon CloudWatch for granular instrumentation
• Iterate and tune for performance and transactional
integrity
• Tune your choice of instance class
17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
CUD STREAMING VIA LAMBDA AND SNS
18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
RDS AURORA MYSQL TO LAMBDA
CALL mysql.lambda_async (
lambda_function_ARN,
lambda_function_input )
19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
SUBSCRIPTION OPTIONS
20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EVENT PUBLICATION SEQUENCE
>> On-premises database transaction
>> DMS replication transaction
>> Aurora MySQL triggers
>> Stored procedure wrapper
>> mysql.lambda_async()
>> Lambda function
>> SNS
21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
ASYNC PUBLISH ERROR HANDLING
22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EVENT SOURCING
“Event Sourcing ensures that all changes to application
state are stored as a sequence of events. Not just can we
query these events, we can also use the event log to
reconstruct past states, and as a foundation to
automatically adjust the state to cope with retroactive
changes.”
– Martin Fowler
23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
EVENT
{
“id”: “b2a26034-a7c1-11e7-abc4-cec278b6b50a”,
“when”: “2020-01-31T21:00:00.000Z”,
“action”: “create”
}
24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
AD HOC QUERIES & EVENT REPLAY VIA API
25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
INDIVIDUAL EVENT SOURCING
26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
REPLAY TO SINGLE SUBSCRIBER (DESIRED)*
*SQS directly to Lambda is not currently supported
27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
REPLAY TO SINGLE SUBSCRIBER (CURRENT)
28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
HERE WE GO, READY TO REFACTOR IN FLIGHT
• Defined interfaces
• New integrations consume events, including our solutions
• Runway of new customers lined up
• Monolith deconstructed into two applications (so far)
• Microservice architecture foundation
• Event sourcing implementation
29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
LESSONS LEARNED
• Prototype, POC fast and dirty in a sandbox
• Start IaC development early
• Start SSL configuration early (firewalls and security
groups and packet sniffing)
• Understand your IAM requirements
• Pair development – faster development, fewer mistakes
• Engage your AWS Solution Architect
• If you want it, ask your AWS TAM for PFR
30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
REFERENCES
AWS Well Architected
AWS HIPAA Eligible
Download SCT
Set CloudWatch Alarms for Amazon SQS
Martin Fowler on Event Sourcing
Martin Fowler on CQRS
Martin on DDD Bounded Context
Glad to be here
31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
Thank you!
Y e n , R o n , R o b , S c o t t , E r i c , J a m e s , K i r k , B r i a n , S c o t t , B r e n t , D a n i e l l e ,
T a m m y , B r a d . . .
G L A D T O B E H E R E