QNXT® On Private Cloud

QNXT® On Private Cloud
– November 6, 2017

Cloud computing is a hot topic these days, but it’s not right for everyone. There is no doubt that cloud computing has been hyped-up in recent years. Cloud vendors are churning out management software and analysts are touting the endless advantages to creating a private cloud. 

The industry view is that IT needs to become a utility like the power company that supplies a reliable service through automation. If the promise of the cloud is fulfilled, then whenever the business needs more servers to handle an increase in load, it just happens. When a health plan needs, a new product deployed, it just happens. 

Ideal Candidate

QNXT makes an ideal candidate for residing on a private cloud. Built on an open platform with advanced service-oriented architecture (SOA), the QNXT application can scale easily to serve health plans large and small. 

Some elements that make QNXT so highly portable are:

1. That it is hypervisor (virtualization) agnostic

2. It uses Microsoft code base from the OS and the middleware layer to the database layer

Fig 1, QNXT Architecture

Physical to Virtual

Some health plans are reluctant to adopt the emerging technologies in hardware virtualization. The hesitation is due to the stigma of performance and reliability. Hardware virtualization has been in the market for a couple of decades now, thanks to those proprietary hardware manufacturers like HP, Sun Microsystems (Oracle) and others. Enterprise UNIX servers have been virtually provisioned (LPAR) to great success for various applications, and great strides in performance and reliability continue to be made.

In Figure 1 above, every server in the QNXT architecture can be built on a virtual windows server, regardless of the application type. In addition, the shared disk storage from multiple network storage devices can also be virtualized and shared across applications. High-availability, scalability, managed capacity, central management, and faster server provisioning are some of the many advantages of virtualization.

For those health plans with an existing virtualized IT environment, much of the heavy lifting of converting to a private cloud has already been done. To fully realize the savings and leverage the efficiencies to be gained, health plans should move their primary applications like QNXT to their private cloud.

How do you know if your health plan really needs a private cloud? 

What type of health plans can really benefit from a private cloud, and when does it make financial sense? These are the questions we get from our clients who are debating the move to a private cloud. Our answer is that for every health plan it is a different equation and minimum threshold of value to justify the move. Much of that decision also resides in the health plan’s business model. In some cases, the ability to quickly scale up and down your IT capabilities are considered a competitive advantage, such as in the BPO or TPA situation. In other cases, such as single state Medicaid in a state with a stable population, those IT advantages are muted.

While 100% virtualized environment is key to initiate the move to have a private QNXT cloud, there is a lot of work beyond that to create a true QNXT private cloud. So, what else is needed in addition to a completely virtualized infrastructure for QNXT application? Here are the other essentials that make up a private cloud for QNXT system.

• An elastic computing environment
• On-demand self-service
• Shared (multi-tenant) resource pools
• Network delivered services
• Chargeback capabilities or Service measurements

In most cases, building a private cloud for QNXT depends on the level of complexity and sophistication of the IT staff as well as the end-users of your organization. In most small health plans, the IT staff wears many hats and there is little need for self-provisioning, automation and the additional costs of a true private cloud. However, in large health plans, where there are business owners that are more IT savvy, the benefits of the private cloud would out-weigh the costs. End-users would appreciate the self-provisioning and the fact that it can enable their apps to be operational more quickly than if they had to go through the process, procedure and burden of requisitioning from traditional IT. One of the best benefits of building a private cloud for QNXT, is that end users would have to adhere to the policies and security requirements set up by the corporate IT minimizing the risk of a localized application with potential for variance in adhering to these policies and security requirements.

“Am I big enough?” This is another question we get from our clients considering a private cloud approach. The simple answer to this is that with the advances in technology and the saturation of virtualization knowledge in the workforce, the size of your health plan should not be a limiting factor to building a private cloud as long as this move serves your larger business objectives.

However, you need to find the right business justification. Health plans need to find the specific use case or pain point where it can save you money, time and manual labor. When you can prove that the return on investment ROI exists, and can be achieved in a reasonable timeframe by deploying your own private cloud, then it will be worthwhile.

Virtualization to Cloud: The Definition of a Private Cloud
Though the private cloud model is making inroads in enterprise IT, confusion still exists about what exactly constitutes a private cloud. One must first know what a private cloud is before you can determine if your health plan needs one.

Fig 2, Basic Cloud Architecture

In any data center resides servers (as well as other infrastructure like storage, network and such), virtualization software runs on those servers, and above that resides cloud application programming interface (API). The difference with a cloud is that you’re providing access to all of the resources virtually, via API (Cloud API referred in Fig 2). This API will automatically “provision” hardware resources to scale as needed.

Cloud API’s available in the market:
• Apache (Citrix) CloudStack
• Amazon Web Services & Eucalyptus
• Google Compute Engine
• Simple Cloud
• OpenStack
• VMWare vCloud Suite

What about Cloud Security?

Private means that you or your organization are the only ones who have access to the cloud. You can also have a private cloud for QNXT that isn’t in your data center that you own. The private cloud could also be hosted in a shared data center, like Amazon, Google etc. as long as you’re the only one that has access to that physical set of resources. 

Cloud security architecture is effective only if the correct defensive implementations are in place. An effective cloud security architecture should recognize the issues that will arise with the security management. It is generally recommended that information security controls be selected and implemented according and in proportion to the risks, typically by assessing the threats, vulnerabilities and impacts.

QNXT Security and Privacy

QNXT application security architecture can be configured to adopt Microsoft’s active directory authentication with trusted connection to SQL Server databases. This helps answer the security and privacy question by allowing health plans to use industry proven and trusted tools. For health plans pursuing this path, we have included some concepts below to consider.

Application Security – Cloud service providers or your IT department ensure that QNXT application is available as a software as a service (SaaS) via the cloud are secure by specifying, designing, implementing, testing and maintaining appropriate QNXT application security measures in the production environment. 

Identity management – Every enterprise will have its own identity management system to control access to information and QNXT resources. Using federation or single-sign-on (SSO) technology, the Cloud providers either integrate the customer’s identity management system into their own infrastructure or provide an identity management solution of their own, like Microsoft AD.

Availability – Cloud service providers help ensure that end-users can rely on access to their data and QNXT application with zero disruption by employing high-availability (HA) solutions.

Physical Security – This is a cloud service provider’s responsibility to physically secure data centers against unauthorized access, interference, theft, fire, natural disasters, and other defined risks.

Personnel Security – This is a shared responsibility between the health plan and cloud service provider. Various information security concerns relating to the IT and other professionals associated with cloud services are typically handled through the following:
• Security screening potential recruits
• Security awareness and training programs
• Proactive security monitoring and supervision
• Disciplinary procedures
• Contractual obligations embedded in employment contracts
• Service level agreements
• Codes of conduct, and policies

Privacy – Cloud service providers ensure that all critical data (PHI or PII) are masked or encrypted and that only authorized users have access to data in its entirety. Moreover, digital identities and credentials must also be protected as should any data that the provider collects or produces about customer, in this case health plan, activity in the cloud.

Cloud security management addresses the common security issues with security controls. These controls are put in place to safeguard any weakness in the system and reduce the effect of an attack. There are many types of controls behind the cloud security architecture, they can be categorized as follows:
• Deterrent Controls
• Preventive Controls
• Detective Controls
• Corrective Controls

Needless to say, for those health plans contemplating a private cloud approach to QNXT, whether it is hosted hardware or within their own data centers, they will be well served to perform their due diligence on security and privacy. In this case, having the right partner advising you in your own installation, or the right partner hosting your private cloud can make all the difference in the world.

So what is a health plan IT executive to do? Invest wisely in the right infrastructure technology to lower the costs of moving to a private cloud for QNXT, then run the numbers against the organization’s business goals to decide if it makes sense in your situation to make the move. If you still can’t decide, then call in a trusted partner like Catalyst Solutions to help you gain the insights needed to make the right choice clear.