Secure and Optimize eHealth Applications and Gain Reliable Delivery, Resiliency

Posted on

eHealth applications are reshaping healthcare as we know it and modernizing how healthcare providers: 

  • Compile and store computer-based patient records 
  • Schedule patients, physicians, technicians, and facilities  
  • Store and retrieve digital images 
  • Bill for services and conduct accounting 
  • Host virtual visits 

 As eHealth applications continue to reshape the way we interact with our physicians, the assurances assumed by every patient are secure access to medical records, ease of use, and uninterrupted access to critical information and care.  

Supporting these assumed assurances in a managed application environment isn’t as straight forward as ensuring access by unlocking a doctor’s office at the start of the day or providing patient confidentiality by making sure the filing cabinet is always locked.  

As in-person experiences transition to application experiences, application developers must think about how they can ensure their eHealth apps are available, scalable, secure, and performing their best. Finally, health organizations want all these attributes delivered while preserving the holy grail of application development projects — cost-effectiveness.  

Application teams are now looking toward application delivery controllers to provide features and functionality that would support all the attributes described above while meeting the needs of the business.  

What is an eHealth Application?

eHealth applications are the software and services used to manage, transmit, and record information used in the delivery of healthcare services. eHealth apps are helping to improve communication among healthcare stakeholders, enhance reporting capabilities, and secure information.  

The Role of Application Delivery Controllers (ADC) 

Application delivery controllers are the conduit that connects healthcare professionals and patients to the eHealth apps that streamline patient and doctor communications.   

ADCs, historically referred to as load balancers, are today able to do far more than load balance your traffic. Being the entry point to your application servers, ADCs now provide web application firewall (WAF), IDS/IPS, Zero-Trust architectures, authentication proxying, content switching, intelligent load balancing and application health-checking.  

Templates Ease Deployment

The thing that every engineer tasked with deploying a new product into their environments loves to hear exists — ready-to-go templates. The Progress Kemp LoadMaster load balancing solution maintains and publishes deployment templates and deployment guides for popular healthcare applications used by our customers. The published Progress healthcare deployment templates can be found by clicking here.

And given the flexibility and wide range of configuration options provided by our LoadMaster appliance, we can easily collaborate with eHealth application teams to quickly define deployment documentation and best practice architectures.  

A Case in Point

 A long-standing customer approached Progress Kemp wanting to leverage their LoadMaster load balancers to meet the load balancing requirement of their AGFA Enterprise Medical Imaging environment. Though the AGFA team required that the customer leverage intelligent load balancing, they had no deployment guides for LoadMaster. I was able to work with the AGFA team to review deployment requirements and to define a LoadMaster configuration to satisfy the need.  

After working with our customer and AGFA team on the deployment and successfully testing all functionality, I got the deployment details and LoadMaster configuration over to our Product Management team. In an expected fashion, they quickly produced documentation and deployment templates for the AGFA Enterprise Imaging Platform that are accessible by all our customers on Kemp’s support site.

This kind of engagement and support can be expected by all customers as we strive to partner with them in developing solutions that contribute to their overall success.  

Always Accessible & Always Expanding

 Now that we have ease-of-use and streamlined deployment out of the way, let’s chat about availability and scalability.   

 Due to the dynamic growth associated with eHealth applications, elastic scalability and always-on availability is key to preserving an optimal application experience.  

Likewise, an application delivery environment’s ability to scale is equally as important as its ability to gracefully fail.  

“It’s Down!” … The phrase appended to a log message that will forever haunt the dreams of network and application admins. But it’s not about how you fall but rather how you get back up! A motivational piece of advice that softens the impact of human failure, but make this the motto of your network infrastructure, and the next recovery plan you’ll be working on is your resume.  

 No, network failures are always better not noticed by your users or your superiors. This should be the motto application environments are designed with in mind.  

 That said, the Progress Kemp LoadMaster product fights the never-ending battle against network device failures by leveraging its high availability, global server load balancing (GSLB), and intelligent health-checking feature sets.  

 High availability, or HA, is the feature that enables the ability to partner two LoadMaster load balancers in an Active/Passive pair. The intent here is to ensure if an interface on the LoadMaster, the host the LoadMaster resides on, or the LoadMaster itself fails, the appliances will automatically fail services over to the standby appliance. This is done in a way and with features configured that would strive to make the failure invisible to users and preserve application access. 

 Global server load balancing, or GSLB, enables customers to leverage the LoadMaster to provide site-to-site redundancy and/or load balancing. The feature set can be configured to support disaster recovery architectures or to ensure connections are distributed across sites in a manner that fits customer needs whether it be even distribution or location-based proximity scheduling. 

 GSLB can also be levered in a single site scenario to distribute connections across the LoadMaster to meet the needs of an environment that needs to be able to scale quickly and easily.  

Intelligent health-checking is an essential part of application delivery. Having a health-checking policy that accurately assesses an application’s ability to service user traffic is key to ensuring failed servers are removed from rotation. Additionally, being able to easily define complex health checks by way of a user-friendly interface is a must-have. LoadMaster provides the ability to define detailed and accurate health checks for applications that communicate over various protocols.  

Optimizing User Experience

 Optimizing user experience is defined uniquely by each application you are defining virtual services for. Therefore, it is important to ensure the application delivery controller you select has built-in features and abilities that will permit you to optimize user experience for your eHealth apps.  

 Features such as content switching enable you to define modify, add, delete, replace, and routing policies for HTTP traffic to supplement application server complexity or inabilities.   

 Caching and compression are key features that enable an ADC to provide performance optimizations to user traffic while distributing requests evenly across application servers. 

 Rate limiting is another method of optimizing experience especially useful within environments that have a hard time scaling to meet the need of a growing user base. The ability to granularly restrict access based on max connections, connections per second, request per second, or bandwidth enables administrators to ensure no one user will overwhelm an application in turn blocking access to other users. Truthfully, I am not doing LoadMaster’s Rate Limiting feature justice — so for more detail on the granularity available check out the Rate Limiting feature description.  

Securing eHealth Application Access

Ensuring eHealth applications are delivered with security is paramount to the design process.  

Network and application security is architected much like a good water filter is. Layers of elements are stacked on top of each other, each layer deployed with the intent to block access to the next, clearing the water of impurities and readying it for consumption. Completing this analogy: in network security devices, the purified water is your users. 

The security features available within an ADC are additional layers of security that serve a specific purpose like the layers of elements inside of a water filter.  

Firstly, Kemp’s Edge Security Pack (ESP) feature enables administrators to ensure no unauthenticated request ever touches your eHealth application servers. All requests must authenticate at the LoadMaster, which is integrated with your authentication provider of choice before it is allowed to be distributed across your back-end servers. Furthermore, ESP provides the ability to limit access to specific hostnames and paths, to develop custom login forms, and to define access based on user group.  

Secondly, LoadMaster provides the ability to leverage content switching and access control lists to limit access based on usernames, source IPs, HTTP request types, and more. Having the ability to implement such granularity within your application virtual services provides you with a level of control that is required when delivering mission-critical eHealth applications.    

Lastly, LoadMaster has a built in Web Application Firewall. Kemp’s Web Application Firewall (WAF) is powered by OWASP Mod Security and adds a layer of security to your application access that provides you with automatically updated rulesets, IP reputation lists, and the ability to block requests from specific countries. Furthermore, WAF has built-in features like anomaly scoring, paranoia levels, and control mechanisms to enable you to easily tune the feature to avoid false positives.  

All these layers work together to promote optimal protection for your eHealth Applications and can be leveraged together to define Zero-Trust access. In fact, we have published a Zero-Trust access gateway that provides our customers with the ability to script out Zero-Trust deployments on their LoadMaster configurations.  

Embrace Load Balancing. Your eHealth Apps Will Thank You

A fully-featured, easy to use, and cost-effective ADC like LoadMaster should be deployed within every eHealth application architecture to ensure optimal user experience. Choosing one that ensures always-on accessibility, elastic scalability, optimized user experience, and secure access is essential to delivering reliable and resilient eHealth application access.  

Posted on

Frank Cotto

Frank Cotto is a Solutions Architect with Progress Software. Frank started his career in customer support with Kemp Technologies where he transitioned into Enterprise Engineering and later sales engineering. Frank works closely with customers, partners, and product management to architect solutions, evangelize Progress product use cases, and provide key insights around market needs. Today, Frank supports Progress's application experience product suite consisting of industry leading application delivery controllers, network detection & response solutions, and infrastructure, network, & application monitoring solutions.