Dirk Deridder and Koen Vanderkimpen, research consultants at Smals, explained at Devoxx 2011 how non-functional requirements like Security, Performance, Flexibility, Availability and Scalability are seemingly impossible to conceal. EXtreme Transaction Processing technologies offer an alternative road. Both researchers share their lessons learned from a reallife project on Belgian primary care safe, aimed at storing sensitive healthcare information for 6 million citizens through Smals' patent-pending threshold encryption technology.
1. Going Extreme for Health Care
When Security, Performance, Scalability, and Availability
all want to be the star of the show
Koen Vanderkimpen
@koenvdk
Dirk Deridder
@dirkderidder
2. 4/02/2013
Smals
Preferred ICT Partner of Social Security and Health Care
Institutions in Belgium
Smals Research Team
Dedicated to introducing innovative IT in e-Government
And solving clients' more abstract problems
Dirk Deridder
1 year @ Smals, specializing in dynamic programming
languages, software architecture, Agile and XTP
Koen Vanderkimpen
1.5 years @ Smals, specializing in OO, software develop-
ment, version control; implemented first demo of the PCS
2
3. 4/02/2013
What Follows
1. The Project: which challenges?
2. Security: Novel Approach using threshold
encryption
3. Conflicting Challenges in a High-Risk Project
4. Extreme Transaction Processing
5. Conclusions
6. Questions
3
4. 4/02/2013
1. The Project: A Primary Care Safe (PCS)
Mission:
« Build a highly secure platform to exchange
Patient Data between Healthcare actors within
Flanders/Be/EU/… »
4
5. 4/02/2013
Some NFR's…
The "PCS manifesto":
• Security, Privacy, Confidentiality
• 24/7 always-on
• Generic, Multi-Purpose, Shared
Thoroughly Patient-Centric Vision
• Ready for Growing Data & Usage
• Performant (4s response time)
5
6. 4/02/2013
Patient File
Functionality Medication
Anti-Diabetical
Anti-Aids
• PUT Other
(a file, or part of it) Parameters
• GET
Blood Pressure
• DELETE
Heart Condition
Pulse
Allergies
(Fine-Grained DataModel)
Journal
(Versioning) Entries
Entry1
…
Entry2
…
6
7. 4/02/2013
Some Figures
(for Flanders)
• Patients: 6.5 million
• Users (medical professionals): 51000
• File accesses per day/user: 7.2
• Starting file size: 50K (towards 5M)
What if?
• All of Belgium joins in?
• Patients get access?
• Mobile usage develops?
7
8. 4/02/2013
2. PCS – Novel Security Architecture
• "end-user eyes only"
• "distributed trust"
Gov (ehealth) Dokters Org
PCS
host & control control
(Only Encrypted Messages)
File
Alice Bob 8
9. 4/02/2013
Symmetric Encryption
Alice Bob
Message
Secret key Encrypted Message
9
12. 4/02/2013
Threshold Encryption (Public Key)
• Main Idea: a minimum number (= the threshold) of
people needed to decrypt
Bob
1
Alice
Partial Decryption
1
2
Public Key
Marc 2 Combination
12
13. 4/02/2013
Primary Care Safe - PCS
Gov (ehealth) Dokters Org
PCS
2
1
1 2
Patent Pending!
1
2
Dr. Bob 13
15. 4/02/2013
3. Roundup: Primary Care Safe (PCS)
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of
Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
15
16. 4/02/2013
Availability
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of
Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
16
17. 4/02/2013
Availability
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of
Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
Scalability
17
18. 4/02/2013
Availability
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (all of
Flexibility
Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
Scalability
18
19. 4/02/2013
Availability
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (allSecurity
Flexibility of
Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
Scalability
19
20. 4/02/2013
Availability
• Exchange Platform for Medical Data
• Eventually for 6500000 patients (allSecurity
Flexibility of
Flanders) – A few 1000 to start
Growing data (e.g. lifetime biometrics)
• For many different applications
• Provided by the Government
• Security + Fine-grained Access
Scalability Performance
20
22. 4/02/2013
4. How to approach this?
• Programming language?
Java @ Smals
?
• Software Architecture?
N-Tier & SOA @ Smals
Will this work
• Development approach?
EUP @ Smals
Sure, but more geared towards
« conventional » projects
Actually we weren’t « sure »
so we investigated further … 22
23. 4/02/2013
XTP versus Traditional N-Tier Solution?
Business Processing Tier
Web Tier
Database Tier
Load
Balancer
Messaging Tier
23
24. 4/02/2013
Looking for inspiration…
• Social Media
• Stock exchange
• Investment banks
• Telecommunications
• Retail Business
• Web-commerce
• Internet media • Large number of users
• Factory automation • High volume of requests
• Very demanding availability (24/7)
• Aerospace industry • Peak loads are a moving target
• Online gaming • Challenging performance expectation
• Big Data analysis •…
• …
Some of our NFR’s are « easy »
compared to their day-2-day operation 24
25. 4/02/2013
Extreme Transaction Processing
« An application style aimed at supporting
the design, development, deployment,
management and maintenance of
distributed TP applications
characterized by exceptionally demanding
performance, scalability, availability,
security, manageability,
and dependability requirements »
Everything we need « in a box »? 25
26. 4/02/2013
Let’s get this « XTP solution in-a-box »!
Grid Computing Shared Nothing Architecture
Task Execution AmbientTalk
Hypertable Cassandra
Node.js
Akka DevOps Voldemort
Partitioning Terracotta
NoSQL
CouchDB Big XTP Box Bang!
Actor Model
Async Flows Map/Reduce
MongoDB
Scala Hadoop Erlang
MemcacheDB
Space Based Architecture Master/Worker
BigTable
In-memory DB …
Event Driven Architecture 26
27. 4/02/2013
Today’s main focus: Support offered by
an XTP middleware Platform
• Several solutions exist
MaatG G Platform, GigaSpaces XAP, Appistry, Tibco
ActiveSpaces, Paremus Service Fabric, …
• Currently establishing a position as CEAP’s / EAP’s
Good match with « cloud » requirements
Fine-grained elastic scalability,
Continuous availability & Non-stop operations
Consistent performance
Still require additional work on multitenancy, billing, self
provisioning, …
Not intrinsic to XTP (can be enablers)
Traditional application servers will not meet future needs to
move to the cloud
« … dinosaurs tiptoeing through a meteor storm… »
[M. Gualtieri, Forrester 2011]
27
28. 4/02/2013
XTP Platform characteristics enabling
Extreme Availability
• Let it crash principle
• Zero downtime failover management
Automated failover without side-effects
E.g., handover from primary to backup with no manual intervention,
even between datacenters
Automated self-healing without side-effects
E.g., creation of new backup nodes after failover with no manual
intervention
Automated replication management
E.g., keeping primaries/backups consistent, redo queues, …
• Transparent for client applications
The client is unaware of « who » handles the request and is only
interested in getting a result
Shield-off all complexity involved in guaranteeing high availability
• Application virtualisation and overall automation are key!
30
29. 4/02/2013
XTP Platform characteristics enabling
Extreme Performance
• Improve response time by not moving data around
Focus on data/processing affinity
Routing of requests to the location of the data
Do not separate tiers physically
Work with an in-memory data grid
Cf. caching, but not as an after-the-fact optimisation strategy
Persistency as a service, not involved in servicing live requests
• Increase throughput
Asynchronous processing flows
Give back control asap
Make requests self-contained so they can
served by any « workers » that are available
Work with a processing grid
Execute (parts of) requests in « parallel »
Avoid relying on external systems
Enforce strict internal / external SLA’s
31
30. 4/02/2013
XTP Platform characteristics enabling
Extreme Scalability
• Principle of horizontal scaling
Increase capacity by adding resources « on the fly » in an
automated fashion
Elastic scaling, so capacity can be taken away easily
Location-unaware applications
Transparent for client applications as well
Capacity planning vs capacity management
• Application virtualisation and overall automation
are key!
VERTICAL
SCALING
HORIZONTAL SCALING
32
31. 4/02/2013
Concrete XTP Platform
XAP: Characteristics
• Space Based Architecture
Based on Tuple Spaces [Gelernter & Carriero]
Cf JavaSpaces, but a lot more
Technology arena: Java, Jini, JMS, Spring, Hibernate,
…
Data + Processing+ Messaging Grids
• SLA-driven application containers
• Excellent enabler for implementing XTP
architectures
Allowing you to focus on the « difficult part » by
taking care of the « hard part »
33
32. 4/02/2013
Space Based Architecture
Server
Program
Memory
34
33. 4/02/2013
Space Based Architecture
Server
Program
Space Memory
35
34. 4/02/2013
Space Based Architecture
Processing Unit
Server Processing Unit
Program Program
Space Memory Memory
36
35. 4/02/2013
Space Based Architecture
Server Server
Processing Unit
Server Processing Unit
Program Program
Space Memory Memory
37
36. 4/02/2013
Space Based Architecture
Server Server Server
Processing Unit
Server Processing Unit Processing Unit
Program Program Program
Space Memory Memory Memory
38
37. 4/02/2013
Space Based Architecture
Server Server Server
Processing Unit
Server Processing Unit Processing Unit
Program Program Program
Space Memory Memory Memory
39
38. 4/02/2013
Space Based Architecture
Server Server
Processing Unit
Server Processing Unit Processing Unit
Program Program Program
Space Memory Memory Memory
40
39. 4/02/2013
Space Based Architecture
Server Server Server
Processing Unit
Server Processing Unit Processing Unit
Program Program Program
Space Memory Memory Memory
Lots of flexibility and support « out of the box »
for realizing an(y) XTP solution 41
40. 4/02/2013
XTP versus Traditional N-Tier Solution?
Business
Processing Units
Web (Data + Processing + Messaging)
Processing
Units
A B C
Database
Load
Balancer
A B C
A B C
42
41. 4/02/2013
Conclusions
• XTP is not just a technology or style of programming
Impacts software architecture, development process, …
An integrated approach / vision is required!
Having an XTP platform is only a first step
Think outside the traditional box
• Demands disciplined application of development practices
Not only functional testing: NFR’s !
Automation is fundamental
• Updating applications with no downtime is an additional
challenge
Requires « next-release strategy »
XTP platforms provide « patterns » to handle this
• Problems can still happen, be prepared!
Cf. Recent Amazon / Microsoft /… outages (if the best fail, expect…)
• ROI analysis is absolutely necessary
Not every application calls for a platinum-approach
But it never hurts to think about it !
Maximum ROI = Availability + Scalability + Performance
44
42. 4/02/2013
Q&A
Going Extreme for Health Care
When Security, Performance, Scalability, and Availability
all want to be the star of the show
Koen Vanderkimpen
@koenvdk
Dirk Deridder
@dirkderidder