MACPAC is a federal legislative branch agency tasked with reviewing state and federal Medicaid and Children's Health Insurance Program (CHIP) access and payment policies and making recommendations to Congress. By March 15 and again by June 15 each year, the agency produces a comprehensive report for Congress that compiles results from Medicaid and CHIP data sources for the 50 states and territories. The CIO of MACPAC wanted a secure, cost-effective, high performance platform that met their needs to crunch this large amount of health data. In this session, learn how MACPAC and 8KMiles helped set up the agency’s Big Data/HPC analytics platform on AWS using SAS analytics software.
6. MACPAC’s AWS Datacenter
• AWS to replace an onsite or hosted
datacenter
• Single primary region with cold recovery on
the the other coast
• Multiple AZs for redundancy
• Separate VPCs for security “air gaps”
7. MACPAC: the “perfect” cloud customer
•
•
•
•
Predicable work cycles
Two intense work periods (annual)
Growing with an undefined future
Potential need for more computing
resources
• Very cost conscious
• No legacy infrastructure
8. What we achieved in the cloud
• > 40% reduction in capital expenses
– With additional savings in rent, utilities, and labor
•
•
•
•
Cost spread over typical equipment lifespan
On demand storage and archiving
Zero over provisioning
Ability to expand and contract resources at will
15. Security Requirements
• Multi-user controlled environment
• Isolated environment with strong controls
• No sensitive and personal data sitting at
periphery
• Data encrypted at rest and in transit
17. Access Control Using Security Groups
AD-1
AD-2
Accept AD related requests from ‘Infra’ group
AD Security Group
Client Instances
Accept DNS queries from AD group
Infra Security Group
DNS-1
DNS-2
DNS SecurityGroup
Accept DNS queries from ‘Infra’ group
21. SAS Requirements
• Very IO intensive
• Sequential read and writes
o 35-70mb/sec per core of IO desired
o GOAL: 4 core system = ~200mb /sec IO
22. Base AWS Structure
• M3 extra large running RHEL x64 for cluster
o 1 TB EBS RAID 10 for primary data (4, 500gb drives)
o 1 TB EBS RAID 0 for temp work space (4, 256gb drives)
o 1 TB EBS LUKS encrypted RAID 0 for ETL (4, 256gb drives)
34. I am pretty sure I can make the dial go higher
Ram Disks
Block sizes
Larger stripes
Application tuning
Etc…
35. WARNING!
• Be sure to touch all sectors of a new disk per
AWS guidance prior to testing and production
Command for Unix environments
$ dd if=/dev/md0 of=/dev/null
36. You are not alone…
•
•
•
•
Guidance from software vendors
AWS professional services
Use an iterative process (Fail quickly)
Third party partners (8kMiles)
so get going!
37. What did we learn?
•
•
•
•
Make a decision
Start at zero…
Spend time really thinking about security
And then crank it up where you need it
“Try again. Fail again. Fail better.”
Samuel Beckett, Worstward Ho (1983)
38. References
• Amazon EBS Volume Performance
– http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSPerfor
mance.html
• AWS Microsoft Platform Security
– http://media.amazonwebservices.com/AWS_Microsoft_Platform_Se
curity.pdf
• Benchmarking SAS I/O: Verifying I/O
Performance Using fio
– http://support.sas.com/resources/papers/proceedings13/4792013.pdf
• This is Spinal Tap (Movie, 1984, Rob Reiner - Director)
39. Special Thanks to: 8kMiles, AWS, and SAS
And thank you for your time today.