CareMetx Reaps the Benefits of Moving Its SaaS Application to AWS

Executive Summary

Bethesda, Maryland-based CareMetx, LLC provides a full spectrum of post-commercialization hub services for specialty pharmaceutical, biotech, and device manufacturers. That includes customized reimbursement, alternative coverage solutions, and other services to support complex, often high-cost products and to help accelerate patient access to therapies.

eServices are delivered via the company’s cloud-based software-as-a-service (SaaS) solution, which can support products with FDA-mandated Risk Evaluation and Mitigation Strategy (REMS) requirements. It also meets specific HIPAA compliance requirements.

Not surprisingly, technology — and the secure, scalable infrastructure to support it — is integral to CareMetx’s growth and future success. So, when the company’s contract with its cloud hosting provider was up, it sought out a new partner that could help it achieve greater efficiencies and better support its growth going forward.

The Challenge

CareMetx chose to move to AWS Cloud services, mainly because of its options to enable automation, high availability, security, and cost savings. Unfortunately, CareMetx lacked the time and bandwidth to build out their new AWS environment, much less migrate their data to it. They were also going to need to redefine their deployment pipeline and ensure that the platform powering its services would be “cloud-friendly” in order to perform optimally in the new environment.

Complicating matters was the need for the new environment to meet stringent compliance requirements, including HIPAA, and ensure strict access policies would be enacted. What it came down to is that CareMetx needed a partner that understood the complex healthcare industry and its regulatory requirements, and was well-versed in AWS best practices. That led the company to ClearScale.

The ClearScale Solution

As an AWS Premier Consulting Partner with multiple competencies — including in healthcare, migration, and DevOps — ClearScale has both depth and breadth of experience in doing what CareMetx needed to get done.

ClearScale was tasked with helping CareMetx update and refine its existing architecture design, develop automation tools, build the entire infrastructure and deployment pipeline, and migrate the client’s environments to the AWS Cloud.

ClearScale started by splitting the environment into multiple accounts to allow for a clean, secure development and user testing experience. Compliance was easily achieved using Amazon’s HIPAA compliance tools, including its web application firewall in combination with application load balancers. Doing so enabled end-to-end encryption while allowing for scanning of incoming traffic.

CareMetx’s network design controls access for the development and systems teams using Palo Alto Network Global Connect. This is connected to an Azure AD to provide for easy VPN setup and control of groups that have access to the various environments. In addition, AWS Config was used across all accounts to ensure access control policies meet compliance requirements.

Single EC2 instances are deployed in private subnets by using EC2 Auto Recovery, and Elastic IPs are assigned to make the VPN endpoint static across subnets even during the case of an outage or hardware failure.

In addition, a number of AWS products and services, implemented using AWS best practices, were used to build the necessary infrastructure. That includes Amazon Elastic File System (Amazon EFS), which provides simple, scalable file storage for use with Amazon EC2 instances in the AWS Cloud.

AWS CodeDeploy, in conjunction with Jenkins, fully automates software deployments so that CareMetx can deploy applications across its development, test, and production environments.

Jenkins, an open-source automation server, allows CareMetx to create different deployments to accommodate customers’ needs quickly. AWS CodeDeploy is used to take deployment instructions created by Jenkins and deploy them to new EC2 instances as CareMetx environment scales to have more servers.

HashiCorp Packer automates building of AMIs and other targeted machine images from configuration files or templates. Any instances launched from the AMI will have the exact same configuration, from the operating system to the base software configuration.

AWS CloudWatch was selected and used for resources monitoring in all environments with LogicMonitor monitoring all customer-facing environments. SumoLogic was used to ship all logs to a single area for a very simple review. AWS CloudTrail was chosen to enable governance, compliance, operational auditing, and risk auditing of the AWS account. AWS Identity and Access Management (IAM) helps securely control user access to AWS resources.

AWS Systems Manager Patch Manager automates the process of patching managed instances with security-related updates. For Linux-based instances, you can also install patches for non-security updates.

Amazon RDS includes features for automating database backups. Amazon RDS creates a storage volume snapshot of your database instance, backing up the entire DB instance, not just individual databases.

Lastly, all of CareMetx’s AWS environments, base AMI Packer configurations, SumoLogic configuration, and LogicMonitor configuration, all the way down to the automation of creating new customers Route53 routes, were created using Ansible. Ansible allows CareMetx to hold state for all of their environments. Nearly everything can be managed and created directly from Ansible, and if there is something Ansible cannot deploy, CloudFormation can be used and launched from Ansible.

Architecture Diagram

The Results

The move to AWS has been a good one for CareMetx. Previously the company provisioned machines in a single data center, and it took no less than a day to spin up any machine. AWS allows them to go from a day for new machines to just minutes. With AWS, CareMetx has full control of their machines and configurations. This lets them fine-tune their environments, which generates cost savings.

The collaboration with ClearScale has yielded numerous benefits as well. CareMetx now has highly available, secure, and compliant environments in the AWS Cloud that are elastic and will scale with its customer’s needs. The company is well positioned to continue its trajectory of innovation.