Embed Size (px)
Citation preview
MEDITECH Technical Systems Update: 2014 Limited Collector’s Boxed Set
Jim FitzgeraldEVP & CSO
Rob BrunoAssociate CTOSenior Technical Principal
Matt DonahueCTODirector of Technology Development
Joe KellyDirector of Technical Consulting
Samuel MataSenior Engineer, Cloud Services
Mark MiddletonVice-President, Cloud Services
Presenting:
Join
ed b
yo
ur T
ech
nic
al P
anel
:
Disclaimer:
“Always in motion, the future is.”-Yoda
Agenda
• Days of Future Past: Surfing the Platforms
• Things You May Remember
• Building MEDITECH Platform 2 ¾
• Portals, File Systems, and NTFS, oh my!
• Building Industry Platform 3
• Important Considerations for Strategic Technology Planning
Surfing the PlatformsArchitectural Elements Platform 1 Platform 2 Platform 3
Industry Descriptor Mainframe Era Client/Server Era Web Era
MEDITECH Era MIIS/MAGIC C/S 5.x-6.X #Web
Access Terminals PC’s with Fat Clients, CITRIX, WTS, VDI
Browser
Network Serial to DevicesNetworks for CPU’s
LAN, WLAN, WAN, Internet via Access Tech
Any IP Network
Compute DG Nova, DEC VAX, Motorola 88K,DEC Alpha
Intel Proprietary Intel and ?
Storage Direct or SCSI SCSI or SAN Flash and Whatever
Backup Tape Tape, VTL, Replicas Replicas
Archiving Protect Main Storage Protect Backup Reduce Main Storage
Security Application Application, O/S Defense-in-depth
Recovery Days Hours Instantaneous
Platform 1: Mainframe/Mini Computing• Terminals, PCs as Terminals,
Terminal Servers• Simple Bridged or Switched
Networks• Applications Security• No integration to PC NOS
Environment (e.g. Novell, Banyan, MSFT)
• Ghost Jobs ran on the same CPU instead of Background Jobs on a server-class “Super-Client”
• MAGIC Network Protocol 1984~2003
• TCP/IP beginning 1994• Single-threading with ring
buffer management for efficiency
• Apps and OS bundled• Printing is a “black art”
Compute Platform Turf Wars I
“Just run at that wall, it’s OK”ArchitecturalElements
Platform 1 Platform 1 3/4 Platform 2
Industry Descriptor Mainframe Era N/A Client/Server Era
MEDITECH Era MIIS/MAGIC MAGIC -C/S + Hybrids C/S 5.x-6.X
Access Terminals Terminals, PC’s as Terminals, PC’s
PC’s with Fat Clients, CITRIX, WTS, VDI
Network Serial to DevicesNetworks for CPU’sModems
Good LAN, Slow WAN, Jittery Remote Access
LAN, WLAN, WAN, Internet via AccessTech
Compute Proprietary with Choice
MAGIC OSAL, Wintel Intel Proprietary
Storage Direct or SCSI SCSI, Some SAN SCSI or SAN
Backup Tape Tape, Tape Libraries Tape, VTL, Replicas
Archiving Protect Main Storage Protect Main Storage Protect Backup
Security Application Application, O/S Application, O/S
Recovery Days Hours-Days Hours
Platform 1 ¾ or OSAL ArchitectureTechnology Level Architecture
Application Layer Magic Programs
Management Layer Magic O/S
Abstraction Layer Magic OSAL
Driver Management Windows 2000
Driver Layer Windows 2000 Intel, Winsock (TCP/IP) Storage Drivers;
Magic LAN Drivers
Platform 2: Client/Server Computing• PC Fat Clients• Networks Segmented at
Layer 3, vLANs• Applications Security
begins to integrate to PC NOS Security (A/D)
• Background Jobs on a server-class “Super-Client”
• Big SANs, many disks• TCP/IP Winsock• Single-threading and
multi-threading• Apps and OS separate,
complicating recovery• Printing still the domain of
the fearless• Backups “tricky”
Living Life Between GenerationsArchitectural Elements Platform 2 Platform 2 3/4 Platform 3
Industry Descriptor Client/Server Era Client/Server and Web Hybrid
Web Era
MEDITECH Era C/S 5.x-6.X C/S 5.x-6.X+ #Web
#Web
Access Fat Clients, CITRIX, WTS, VDI
Fat Clients, CITRIX, WTS, VDI, HTML 5
HTML 5 Browser
Network LAN, WLAN, WAN, Internet via Access Tech
VNET, LAN, WLAN, WAN, Internet
Massively virtual local interconnects + Internet + Internet II
Compute Intel Proprietary Intel with Virtual Assist Intel with Virtual AssistAMD with Virtual Assist
Storage SCSI or SAN Tiered Hybrid SAN Flash and Whatever
Backup Tape, VTL, Replicas VTL & Replicas Replicas Only
Archiving Protect Backup Protect Backup & Reduce Main Storage
Reduce Main Storage
Security Application, O/S Application, O/S, Firewall, AV
Defense-in-depth
Recovery Days Hours Instantaneous
Platform 2 ¾: Virtualize Me!• Thin, Fat, and Zero Clients• VMware everywhere!• Mix of NPR, CS, MAT, #Web• Heavier use of Data Repository• NTFS FAL Corruption risk• Networks Segmented at Layer 3,
vLANs• Applications Security integrated
to PC NOS Security (A/D)• More “stuff” in DMZ• Background Jobs and
Communication Servers• Flash-tiered SAN• TCP/IP Winsock• Multi-threading• Apps , OS, and Hypervisor
separate, complicating recovery• Printing a bit better• Backups “very tricky” – ISB, IDR,
MBI/MBF + Legacy• Many, many choices
Impact of “5 Platforms” – PollHow many are on:
• Platform 1 –
• Platform 1 ¾ (OSAL) –
• Platform 2 (C/S 5 Only, no VM)–
• Platform 2 ¾ (C/S 5&6, #Web, VM) –
• Platform 3 – Check back in 2018
Compute Platform Turf Wars II
Platform 3: Web & Hybrid Cloud - General
Acknowledgements: Sam Johnston, Wikipedia
Where Do Apps Live?
Installed base of enterprise applications© Gartner 2012 Courtesy of VMware
In 2014, more apps are OS-neutral or browser-based than all Windows-bound apps collectively. Hence Office 365 for iPad, on which this Presentation was 50% composed. More to the point, MEDITECH #Web.
Platform 3: Web & MEDITECH Private Cloud• HTML 5 Browser Client• VM’s everywhere!• Mix of NPR, CS, MAT, #Web and
associated platforms• Traditional Tier 3 Technology replaced
with browser rendering (MEDITECH Web Applications Servers)
• Legacy Client service through real-time web rendering
• Heavier use of Data Repository• Network Virtualization ~2016• Applications Security integrated to
Web Credentialing Service• Non-Windows Web and Database
Servers appear• Block and Object Stores• Multi-threading• Apps , OS, and Hypervisor separate,
complicating recovery• Printing a bit better• Backups “very tricky” – ISB, IDR,
MBI/MBF + Legacy + New• Many, many choicesClient
LayerAccessandSecurityLayer
Web/ProxyServer
Web/ProxyServer
SessionMgmtLayer
Web AppServers(RenderingLayer)
LegacyInfrastructureLayer
Today’s Reality – Platform 2 3/4• How did we get here?
– Y2K, HIPAA, ACA/ARRA – constant diversion to compliance issues
– MEDITECH community has embraced new technology unevenly
• The technical infrastructure must support hybrid MEDITECH implementations that include NPR, FS, MAT and #Web
• Majority of Apps use 5.X/6.X Client/Server Architecture relying heavily on Clients for compute and presentation
• Stringent network latency requirements drive a mixture of Applications Presentation (XenApp), Virtual Desktops (Horizon, Xen), and MEDITECH Applications Servers
• Ever-increasing write workloads on SAN's from clinical innovation and compliance logging offset somewhat by emergence of flash tiering
Etiology – FAL/NTFS Corruption Issues• Millions of small files managed by
NTFS for MEDITECH FS and MAT
• Inadvertent result – Windows FAL (File Access List) – which has a fixed limit – becomes fragmented and maxed out
• End product – file (read database)corruption which can only be reversed by massive recopying of data
• Several sites experience multi-day downtimes
Windows 2008 based error Log Name: Application Source: ESE Event ID: 482 Task Category: General Level: Error Description: Information Store (8580) DBNAme: An attempt to write to the file "F:\Data\DBName.EDB" at offset 315530739712 (0x0000004977190000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 665 (0x00000299): "The requested operation could not be completed due to a file system limitation ". The write operation will fail with error -1022 (0xfffffc02). If this error persists then the file may be damaged and may need to be restored from a previous backup.
Action Plan – FAL/NTFS Corruption Issues• “First do no harm…”
• MEDITECH Introduces Condusiv V-Locity 2013
– Based on Diskeeper Defragmentation
– Adds Write Caching for VM's in Vlocity
– Testing hopeful – early results mixed
• PPI Testing Raxco
– MEDITECH passes exclusion list to Raxco API
• MEDITECH MTSM Tool for remediation
• MEDITECH Medium-Term Plan
– "Containerize" FS and MAT (make more like NPR – expected spring 2015)
• MEDITECH Long-Term Plan
– Platform 3
Security Considerations• Many sites only have Firewall, AV, and AD
• Some are prepared for exposure to the Web
– IDS/IPS
– Router GL, Exclusion Lists, ACL’s
• Virtual Security tools may help those who have not budgeted for adequate physical security (IDS/IPS, App Filters, Security Brokers)
• Use the tools you already own – establish process.
• Must budget for audits and remediation.
• Consider Session 1099 at 2:30
Progress/Plans - High Availability• MEDITECH Testing MS-Clusters with
PPI– Requires immediate writes to SAN– Increases IOPS 40-100% (more flash,
more physical disks needed to support)
– The only technique that will support offline patching.
• MEDITECH Testing VPLEX with EMC – Early testing successful with short-
distance clusters– Long distance geo-clusters not
working due to latency restrictions– Requires immediate writes to SAN– Requires Bridgehead for
backup/recovery
• Stratus is still out there
Progress/Plans - Patient Portal• Minimizing cost:
– All VM’s
– Expose to internal and external networks
– Rely on security mechanisms in software
• Minimizing risk:– Dedicated physical system(s) or VM Cluster
in DMZ
– IDS/IPS + Firewall DMZ ports
– Reverse Proxies and/or Security Brokers
– No Multiplexing!
Progress/Plans – Private Cloud Disaster Recovery
• SRM (VMware Site Recovery Manager) rollout and testing underway with several MEDITECH sites and MEDITECH-approved technologies:– Alder Hey Children’s Hospital (UK):
EMC RecoverPoint CRR with Bridgehead Bookmarks– Central California Children’s Hospital
NetApp Mirroring with Bridgehead IDR Snaps– Phoebe Putney Health System
3Par Mirroring with Bridgehead IDR Snaps– The Valley Hospital, NJ
IBM SVC Mirroring with Bridgehead IDR Snaps
• N.B. Automation has some limits…..
Progress/Plans – Cloud Disaster Recovery
• Mixture of replication technologies allows full enterprise recovery of Salinas Valley Memorial Health System in remote cloud:(see session 1093)– Data Domain De-duplicated IDR Replication (MEDITECH)– VSphere Replication (Microsoft, CITRIX, others)– NetApp Replication (McKesson PACS)
• PPI moving towards EA testing of RecoverPoint CRR Service in a Cloud Target environment
Worth Considering
• Making your MEDITECH backup your enterprise backup
• Vendor-neutral archiving that goes beyond imaging
• Converged network cores for Virtual Infrastructure
• IDS/IPS and other Security Investments (see session 1099)
• Mobile Device Management
• Hybrid Cloud Solutions
Worth Delaying
• Network Virtualization
• Brussels Sprouts
• All-flash arrays
• EPIC (indefinitely!)
Queue up at Platform 3….
And enjoy the ride…
Technical PanelRob BrunoAssociate CTOSeniorTechnical Principal
Matt DonahueCTODirector of Technology Development
Joe KellyDirector of Technical Consulting
Samuel MataSenior Engineer, Cloud Services
Mark MiddletonVice-President, Cloud Services
Open Discussion/Q&A
Other MUSE Sessions by PPI1094 - Virtual Desktop Infrastructure – Lessons Learned for a Successful Deployment
Presenters: Matt Donahue, Leo Maguire, Samuel Mata, Park Place International,
and Annette Ballard, Murray-Calloway County Hospital, Murray, Kentucky
Wednesday May 28 at 11:00 am
1093 –Cloud-Based Disaster Recovery – Improving Cost and Performance
Presenters: Mark Middleton, Park Place International, Audrey Parks, Salinas Valley Memorial Healthcare System
Wednesday May 28 at 3:30 pm
1099 - Revisiting Network and Security Architecture in the Virtual Era
Presenters: Jim Fitzgerald and Jay Bazzinotti, Park Place International
Thursday May 29 at 2:30 pm
1095 - Build a Reliable Infrastructure for Patient Care
Presenters: Matt Donahue, Park Place International and Michael Martz, Meadville Medical Center, Meadville, Pennsylvania
Friday May 30 at 9:30 am
Additional Resources
• PPI Blog “Sustaining Healthcare IT”– http://parkplaceintl.com/blog/
• MEDITECH Connect– http://meditechconnect.com/group/park-place-international
• Contact [email protected]
–
Thank You!
