SESA NVH2020 Hearten – KMS to the Cloud integration

Riccardo Pelliccioli

Giovanni Salvia

5 February 2015

Scope and Challanges

The main scope for the Cloud Platform is to be continuously reachable and available for the authorized persons

independently from their geolocalization, time zone and source.

To achieve this we must keep in our minds the following aspects:

Global Reachability - the platform must be accessible from the public network (Internet)

Security - just authorized people must gain the access from different PoA (Point of Access) to the platform

in a secure way (encryption)

Scalability - the platform must be able to start little and grow up in a short timeframe without service

interruption

Resiliency - the platform must provide and maintain an acceptable level of service in the face of faults

and challenges to normal operation

High Availability - every platform component must be redundant

Monitoring - the platform monitoring (fault and resource) will permit an optimized usage and will shorten

the timeframe of intervention in case of needs

Data Center Localization

The platform will be hosted in one of our

partner (that is one of the biggest European

and International players) Data Center in

Roubaix or Strasbourg

Global Network Connectivity

2000Gpbs Europe Network

500Gbps America Network

Asia Network (Work in Progress)

Hearten Infrastructure

The target Platform to deliver the Hearten Project and Infrastructure will be a Dedicated Cloud Platform. This

means we’ll have:

Dedicated Compute Resource - all the workloads will be delivered on-top of a dedicated cluster built on

standard virtualization technologies such as VMWare vSphere

Dedicated Storage Resurce - the vSphere cluster will use one or more dedicated and Redunant Data

Stores connected through a dedicated network (NAS/SAN)

Public Network - the platform will have a RIPE/28 - 16 IPs reserved Public IPv4 Addresses (5 address will

be reserved for management purpose) and 1.5Gbps of Guaranteed bandwidth

Private Network - the platform will have a dedicated Distributed Virtual Switch with one VLAN (across the

cluster) with up to 10Gbps internal connectivity (between Hearten virtual servers and components)

Scalability - it will be possible to add/remove resources (ex. Compute nodes, disk capacity) at any time

without service interruption

Hearten Startup Infrastructure

2 x Hypervisor Hosts

2 x 64bit Intel/AMD CPUs (16 Cores total)

64 GB Ram

2 x 10GbE Network

2 x 300GB Disk

Redundant connectivity to the hosts

vSphere main features

High Availability

vMotion and Storage vMotion

DRS

1 x Distributed Virtual Switch

Thin Provisioning

Hearten Infrastructure Security

An important aspect for the platform due of the sensitiviness of the managed data is the security; security will be achieved through

the following technologies

Data flow

All the data between devices and cloid platform will be exchanged in encrypted connections (ex: SSL, TLS, etc TBD with the

team)

Just allowed devices/person will be accepted

Web Access

The web and portal access will be available through https connection only (SSL/TLSv1); http connections will be redirected

to https

Just authorized and registered users will have access to the portal through authentication

Administrative Access

VPN access through named user (ex: SSL VPN, OpenVPN, RADIUS, LDAP, etc)

Physical Access

The fisical access to the Data Center is under Provider rules and responsability (details are available in case of needs)

Hearten Platform – High Level Design – 10.000 FT

3 Layers Architecture

Access Layer

Data interception

Frontend for the users (Doctors, patients, etc.)

Frontend for the admins

Processing Layer

Statistical Engine

Integration

Data Layer

Pre-processed data

Post-processed data

Data Indexing

Hearten Platform – Low Level Design - Draft

Internet Network

Pubilc Network

Virtualization Layer

Access Layer

Processing Layer

Data Layer

Physical Layer

Hypervisor

KVM

Low Level Management

Hearten Platform – Data Flow and External Interaction/Integration

Data Flow

Outgoing/Incoming

Web Portal for Users

Web Portal for Admins

mHealth App

Outgoing

SMS Notifications

Internal

DB/Indexing

Server

Client

Timing

Q&A

riccardo.pelliccioli@sesanv.comgiovanni.salvia@sesanv.com