EHR Healthcare is a leading provider of electronic health record software to the medical industry.
EHR Healthcare provides their software as a service to multi- national medical offices, hospitals, and insurance providers.
Solution concept - Due to rapid changes in the healthcare and insurance industry, EHR Healthcare's business has been growing exponentially year over year.
They need to be able to scale their environment, adapt their disaster recovery plan, and roll out new continuous deployment capabilities to update their software at a fast pace.
Google Cloud has been chosen to replace their current colocation facilities.
Existing technical environment - EHR's software is currently hosted in multiple colocation facilities.
The lease on one of the data centers is about to expire.
Customer-facing applications are web-based, and many have recently been containerized to run on a group of Kubernetes clusters.
Data is stored in a mixture of relational and NoSQL databases (MySQL, MS SQL Server, Redis, and MongoDB)
EHR is hosting several legacy file- and API-based integrations with insurance providers on-premises.
These systems are scheduled to be replaced over the next several years.
There is no plan to upgrade or move these systems at the current time.
Users are managed via Microsoft Active Directory.
Monitoring is currently being done via various open source tools.
Alerts are sent via email and are often ignored.
Business requirements - On-board new insurance providers as quickly as possible.
Provide a minimum 99.9% availability for all customer-facing systems.
Provide centralized visibility and proactive action on system performance and usage.
Increase ability to provide insights into healthcare trends.
Reduce latency to all customers.
Maintain regulatory compliance.
Decrease infrastructure administration costs.
Make predictions and generate reports on industry trends based on provider data.
Technical requirements - Maintain legacy interfaces to insurance providers with connectivity to both on-premises systems and cloud providers.
Provide a consistent way to manage customer-facing applications that are container-based.
Provide a secure and high-performance connection between on-premises systems and Google Cloud.
Provide consistent logging, log retention, monitoring, and alerting capabilities.
Maintain and manage multiple container-based environments.
Dynamically scale and provision new environments.
Create interfaces to ingest and process data from new providers.
Executive statement -
Click on the arrows to vote for the correct answer
A. B. C. D.AB.
The question asks for the best solution to enable EHR Healthcare to scale their environment, adapt their disaster recovery plan, and roll out new continuous deployment capabilities for their electronic health record software running on Google Cloud. The solution should also address business and technical requirements, such as maintaining legacy interfaces, providing centralized visibility, ensuring regulatory compliance, and reducing infrastructure administration costs.
Option A suggests enabling Binary Authorization on GKE and signing containers as part of a CI/CD pipeline. Binary Authorization is a feature of Google Kubernetes Engine (GKE) that helps enforce deploy-time security controls on container images by verifying digital signatures of container images before deployment. By signing containers as part of a CI/CD pipeline, EHR Healthcare can ensure that only authorized containers are deployed in production, which can prevent malicious or unauthorized containers from being deployed. This solution can help increase security, which is important for maintaining regulatory compliance. However, it does not address all the requirements, such as maintaining legacy interfaces or providing centralized visibility.
Option B suggests configuring Jenkins to utilize Kritis to cryptographically sign a container as part of a CI/CD pipeline. Kritis is an open-source policy engine for Kubernetes that can be used to enforce deploy-time policies for container images. By using Kritis to sign containers, EHR Healthcare can ensure that only signed and verified containers are deployed in production, which can increase security and prevent unauthorized containers from being deployed. This solution is similar to Option A but uses Jenkins and Kritis instead of Binary Authorization. Like Option A, it addresses some of the requirements but not all of them.
Option C suggests configuring Container Registry to only allow trusted service accounts to create and deploy containers from the registry. Container Registry is a private container image registry that allows users to store, manage, and deploy Docker container images. By only allowing trusted service accounts to create and deploy containers from the registry, EHR Healthcare can limit the risk of unauthorized access or malicious activity. This solution can help increase security and reduce the risk of data breaches or other security incidents. However, it does not address all the requirements, such as maintaining legacy interfaces or providing centralized visibility.
Option D suggests configuring Container Registry to use vulnerability scanning to confirm that there are no vulnerabilities before deploying the workload. Vulnerability scanning is a feature of Container Registry that can automatically scan container images for known vulnerabilities and provide information about the severity of the vulnerabilities. By using vulnerability scanning, EHR Healthcare can ensure that only containers with no known vulnerabilities are deployed in production, which can increase security and reduce the risk of data breaches or other security incidents. This solution is similar to Option A and B, but it focuses on vulnerability scanning instead of digital signatures. Like the other options, it addresses some of the requirements but not all of them.
Overall, all of the options provide some benefits but none of them address all the requirements. Therefore, a combination of multiple options may be necessary to achieve the desired results. For example, EHR Healthcare could use Binary Authorization or Kritis to enforce deploy-time security controls, Container Registry to store and manage container images, and vulnerability scanning to detect and prevent vulnerabilities. Additionally, EHR Healthcare may need to consider other solutions to address specific requirements, such as using a centralized logging and monitoring system to provide visibility and proactive action on system performance and usage.