{"id":16680,"date":"2016-12-14T17:53:35","date_gmt":"2016-12-14T14:53:35","guid":{"rendered":"http:\/\/www.altoros.com\/blog\/?p=16680"},"modified":"2020-02-20T01:08:56","modified_gmt":"2020-02-19T22:08:56","slug":"cloud-foundry-for-healthcare-addressing-networking-and-portability","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/","title":{"rendered":"Cloud Foundry for Healthcare: Addressing Networking and Portability"},"content":{"rendered":"<p>Earlier this year, we <a href=\"https:\/\/www.altoros.com\/blog\/building-scaled-down-highly-available-mission-critical-architecture-with-cloud-foundry\/\" target=\"_blank\" rel=\"noopener noreferrer\">wrote<\/a> about building a highly available and mission-critical architecture with Cloud Foundry\u2014implemented for a manufacturer of healthcare devices. The system is processing medical data collected from 1.5+ million patients across dozens of healthcare organizations.<\/p>\n<p>Here, we further elaborate on the details of this Cloud Foundry\u2013based healthcare system, focusing on addressing various <strong>networking\/security<\/strong> challenges and providing <strong>portability<\/strong> between OpenStack and AWS.<\/p>\n<p>&nbsp;<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#Specific_requirements\" >Specific requirements<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#Option_1_An_IoT_platform_on_OpenStack\" >Option #1. An IoT platform on OpenStack<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#Option_2_An_IoT_platform_on_AWS\" >Option #2. An IoT platform on AWS<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#Want_details_Watch_the_video\" >Want details? Watch the video!<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#Related_slides\" >Related slides<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#Further_reading\" >Further reading<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#About_the_expert\" >About the expert<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Specific_requirements\"><\/span>Specific requirements<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div id=\"attachment_16807\" style=\"width: 210px\" class=\"wp-caption alignright\"><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/10\/cloud-foundry-summit-europe-2016-Sergey-Sverchkov-IoT-Healthcare.jpg\"><img decoding=\"async\" aria-describedby=\"caption-attachment-16807\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/10\/cloud-foundry-summit-europe-2016-Sergey-Sverchkov-IoT-Healthcare-267x300.jpg\" alt=\"Sergey Sverchkov\" width=\"200\" class=\"size-medium wp-image-16807\" \/><\/a><p id=\"caption-attachment-16807\" class=\"wp-caption-text\"><small>Sergey Sverchkov<\/small><\/p><\/div>\n<p>In his session at Cloud Foundry Summit in Frankfurt, Sergey Sverchkov (Software Architect, Altoros) discussed specific requirements for the project.<\/p>\n<p>Previously, the IoT system described in this post was supplied by the manufacturer with a hardware server\u2014with no scalability or fault tolerance. There are still hundreds of such installations in various healthcare organizations. The only way to maintain the product was to send an engineer to each customer location, which led to enormous amount of maintenance work. So, the idea was to move the software to the cloud and eliminate most of the routine support activities for local on-site installations.<\/p>\n<p>To achieve the goal, the team needed to enable:<\/p>\n<ul>\n<li>Portability of the platform between OpenStack (running on the hardware) and a public cloud provider like AWS<\/li>\n<li>VPN connectivity as the primary mode of accessing the cloud to ensure security<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-Sergey-Sverchkov-implementation-requirements-v2.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-Sergey-Sverchkov-implementation-requirements-v2.jpg\" alt=\"cloud-foundry-summit-europe-2016-Sergey-Sverchkov-implementation-requirements-v2\" width=\"640\" class=\"aligncenter size-full wp-image-18246\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Option_1_An_IoT_platform_on_OpenStack\"><\/span>Option #1. An IoT platform on OpenStack<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To achieve high availability of the OpenStack deployment, three physical nodes (or blades) were allocated to OpenStack management components. OpenStack compute services responsible for running virtual machines were distributed across three availability zones. Each availability zone represented a group of three or more physical nodes.<\/p>\n<p><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/09\/cloud-foundry-summit-europe-2016-sverchkov-deployment-view-v1-e1481573802791.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/09\/cloud-foundry-summit-europe-2016-sverchkov-deployment-view-v1-e1481573802791.jpg\" alt=\"cloud-foundry-summit-europe-2016-sverchkov-deployment-view-v1\" width=\"640\" class=\"aligncenter size-full wp-image-16707\" \/><\/a><\/p>\n<blockquote><p><em>&#8220;This creates redundancy for virtual machines launched by OpenStack. It also allows us to distribute virtual machines evenly in each availability zone.&#8221; \u2014Sergey Sverchkov, Altoros<\/em><\/p><\/blockquote>\n<p>&#8220;This approach to deployment means that we can scale OpenStack\u2019s computing and storage capacity simply by adding new blades or chassis,&#8221; he added.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Network model for the OpenStack deployment<\/strong><\/p>\n<p>To secure the private cloud, the Cisco ASA 5545 hardware was used as a firewall for the OpenStack deployment. It supports:<\/p>\n<ul>\n<li>More than 2,000 concurrent VPN tunnels with a total bandwidth of 400 Mbit\/s<\/li>\n<li>Up to  300 VLANs<\/li>\n<li>Site-to-site and personalized administrative VPN connections<\/li>\n<\/ul>\n<p>The Cisco hardware can be also clustered in the Active-Standby mode to achieve high availability on the firewall level.<\/p>\n<p>Here are some examples of network configuration:<\/p>\n<ul>\n<li>Administrative network 10.30.0.0\/24, native VLAN<\/li>\n<li>\u201cPublic\u201d cloud network 172.30.0.0\/24, VLAN 101<\/li>\n<li>OpenStack management network 192.168.100.0\/24, VLAN 102<\/li>\n<li>OpenStack storage network 192.168.200.0\/24, VLAN 103<\/li>\n<li>Networks for VMs 192.168.[111-120].0\/24, VLAN 110-120<\/li>\n<\/ul>\n<p>The administrative network is used to connect to the management interfaces of the physical nodes, firewall, and switch and configure the hardware remotely. The \u201cpublic\u201d cloud network is the network exposed to clients that access the cloud through VPN. There are also two internal OpenStack networks for storage and management traffic, as well as six subnets for the virtual machines.<\/p>\n<p>Cisco ASA monitors access and routing between the administrative and \u201cpublic\u201d networks.<\/p>\n<blockquote><p><em>&#8220;Also, Cisco ASA controls what VPN can access what network, and even specific addresses. This means that for site-to-site connectivity from the customer network, we expose only the addresses of services that should be available to the customer.&#8221; \u2014Sergey Sverchkov, Altoros<\/em><\/p><\/blockquote>\n<p><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/09\/cloud-foundry-summit-europe-2016-sverchkov-physical-networking-v1.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/09\/cloud-foundry-summit-europe-2016-sverchkov-physical-networking-v1.jpg\" alt=\"cloud-foundry-summit-europe-2016-sverchkov-physical-networking-v1\" width=\"640\" class=\"aligncenter size-full wp-image-16709\" \/><\/a><\/p>\n<p>The firewall has one external and two internal interfaces. The external interface is configured with a public IP address provided by the data center. Two internal interfaces represent the administrative and \u201cpublic\u201d networks.<\/p>\n<p>In our case, the firewall monitors traffic from the outside world to the cloud. It also controls how any service or virtual machine can connect to the Internet.<\/p>\n<p>The Cisco switch has an address in the management network. All virtual LANs are also configured on the switch to provide communication between OpenStack nodes and virtual machines.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>VPN model for the OpenStack deployment<\/strong><\/p>\n<p>For connecting to the private OpenStack cloud, a single VPN endpoint was provided. There are also two main types of VPN: personal VPN accounts for administrators and site-to-site connections between networks.<\/p>\n<p>The summary of other cloud resources is given in the table below.<\/p>\n<p><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-platform-on-openstack-resources.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-platform-on-openstack-resources.png\" alt=\"cloud-platform-on-openstack-resources\" width=\"640\" class=\"aligncenter size-full wp-image-18233\" \/><\/a><\/p>\n<p>The main domain is private\u2014for example, <em>cloud1.cloudprovider.corp<\/em>, where  <em>cloud1<\/em>  is the designator of the cloud location or region, and <em>cloudprovider.corp<\/em> serves as an internal domain.<\/p>\n<p><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/09\/cloud-foundry-summit-europe-2016-sverchkov-vpn-model-v1.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/09\/cloud-foundry-summit-europe-2016-sverchkov-vpn-model-v1.jpg\" alt=\"cloud-foundry-summit-europe-2016-sverchkov-vpn-model-v1\" width=\"640\" class=\"aligncenter size-full wp-image-16705\" \/><\/a><\/p>\n<p>In the case of the Cisco AnyConnect VPN connection, which is represented by the purple circle in the image above, both the internal and \u201cpublic\u201d networks of the cloud are exposed to administrators. It allows them to manage and configure the physical nodes, network switches, firewall, and OpenStack deployment remotely.<\/p>\n<p>Should there be any network overlaps in customer connections, the system utilizes the Network Address Translation (NAT) technology, using a special network range defined by RFC 6598.<\/p>\n<p>While administrators can access the two cloud networks without restriction, site-to-site  VPN connections get access only to DNS servers and Cloud Foundry endpoints.<\/p>\n<p><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/vpn-network-for-openstack-deployment.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/vpn-network-for-openstack-deployment.png\" alt=\"vpn-network-for-openstack-deployment\" width=\"640\" class=\"aligncenter size-full wp-image-18130\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><strong>DNS resolution, domains, and routes<\/strong><\/p>\n<p>For resolving domain names, two approaches were designed:<\/p>\n<ul>\n<li>Configuring DNS zone forwarding to DNS servers in the cloud:\n<ul style=\"list-style-type:none\">\n<li style=\"margin-top:6px;\">Set up DNS zone forwarding in a customer network<br \/>\nZone: <em>*.cloud1.cloudprovider.corp<\/em><br \/>\n\u2013 no NAT<br \/>\nDNS servers: 172.30.0.253, 172.30.0.254<br \/>\n\u2013 with NAT<br \/>\nDNS servers: 100.64.30.253, 100.64.30.254<\/li>\n<\/ul>\n<\/li>\n<p><\/p>\n<li>Using public DNS records for resolving private IP addresses:\n<ul style=\"list-style-type:none\">\n<li style=\"margin-top:6px;\">Create A-records at a public domain owned by the health cloud provider (subdomains)<br \/>\nName: <em>*.vpn-cloud1.cloudprovider.com<\/em><br \/>\nAddresses: 100.64.30.80, 100.65.30.81<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>To support private and public domains for applications in Cloud Foundry, it is necessary to register shared domains and then include additional routes.<\/p>\n<ol>\n<li>\n<p>Create shared domain(s):<\/p>\n<pre>$ cf domains\r\nGetting domains in as admin...\r\nname                                status   type\r\ncf.cloud1.cloudprovider.corp        shared\r\nvpn-cloud1.cloudprovider.com        shared\r\ntcp-cf.cloud1.cloudprovider.corp    shared   tcp<\/pre>\n<\/li>\n<li>\n<p>Map additional  route(s) to an application:<\/p>\n<pre>$cf map-route deviceserver vpn-cloud1.cloudprovider.com --hostname deviceserver<\/pre>\n<\/li>\n<\/ol>\n<p>In our example, the main domain in Cloud Foundry was <em>cf.cloud1.cloudprovider.corp<\/em>, and we created an additional domain\u2014<em>vpn-cloud1.cloudprovider.com<\/em>\u2014for a public resolution process.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Device connectivity to the OpenStack cloud<\/strong><\/p>\n<p>Devices that communicate with the cloud were using the WebSocket, TCP, and HTTP protocols. The diagram below demonstrates two customer networks with overlapping ranges. To expose the cloud services, it was important to set up NAT rules.<\/p>\n<p><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/09\/cloud-foundry-summit-europe-2016-sverchkov-openstack-device-connectivity-v1-e1481573895845.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/09\/cloud-foundry-summit-europe-2016-sverchkov-openstack-device-connectivity-v1-e1481573895845.jpg\" alt=\"cloud-foundry-summit-europe-2016-sverchkov-openstack-device-connectivity-v1\" width=\"640\" class=\"aligncenter size-full wp-image-16703\" \/><\/a><\/p>\n<p>Devices that communicate via TCP and WebSocket establish persistent connectivity. The Cisco firewall supports hundreds of thousands of such connections and encryption bandwidth of up to 400 Mbit per second.<\/p>\n<p>The TCP routers are used to connect TCP devices, and regular Cloud Foundry routers maintain connections of devices with the WebSocket protocol. So, these devices pose no issues: one just needs to adjust router settings (the number of open files and sockets, types of VM instances, etc.).<\/p>\n<p>Still, some legacy HTTP devices may use a mode when a server can initiate an HTTP request to the device. With two remote networks (as shown in the image above), there are two HTTP devices that have the same internal network address. Cisco ASA cannot route such requests without knowing which VPN to use.<\/p>\n<p>To solve this problem, proxy servers are allocated inside the cloud within the network range 100.64.100.0\/24. Each combination of a proxy VM, VPN connection, and HTTP device in the customer\u2019s network should be unique.<\/p>\n<p>In this particular case, the Cisco firewall routes requests through the correct VPN. The routing table in Cisco ASA is virtual. It is updated on sending HTTP requests back and forth. This unique yet simple implementation approach is based on the standard IPv4 protocol and does not use expensive networking hardware with a customized TCP stack (for example, Cisco application-centric infrastructure).<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Option_2_An_IoT_platform_on_AWS\"><\/span>Option #2. An IoT platform on AWS<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The next step was to enable the porting of the implementation from OpenStack to AWS. For the AWS deployment, a virtual private cloud (VPC) was used. Similar to OpenStack, network overlaps were handled by using a separate VPC network from the NAT range.<\/p>\n<p>Since Amazon&#8217;s native VPN Gateway was not able to support all the required settings for healthcare use cases, Cisco ASA was brought into the mix as a virtual firewall. Its implementation functions similarly to that of a hardware firewall. So, the team just had to adapt their implementation of the OpenStack deployment to provide device connectivity. This proves that the designed architecture can be fairly easily moved between AWS and OpenStack infrastructures.<\/p>\n<p><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/10\/cloud-foundry-summit-europe-2016-Sergey-Sverchkov-AWS.jpg\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/10\/cloud-foundry-summit-europe-2016-Sergey-Sverchkov-AWS.jpg\" alt=\"cloud foundry summit europe 2016 Sergey Sverchkov AWS\" width=\"640\" class=\"aligncenter size-full wp-image-16824\" \/><\/a><\/p>\n<p>When building such a complex, portable cloud platform, an organization have to take care of many things. Private networks routing, encrypting and storing customer data separately, and running the pool of shared applications for customer multitenancy in Cloud Foundry are only some examples of the problems to be solved.<\/p>\n<p>Of course, in case of AWS, we don\u2019t have to worry about physical servers, network switches, routers, and redundant power supplies. But it is a quite common situation when Amazon notifies us about a virtual machine being decommissioned and we need to recreate it without downtime to the system.<\/p>\n<p>For sure, tackling all these aspects has its challenges. However, with a well-thought-out system design and right tools, the goal is achievable. In return, you get something very important: control over deployment, security, as well as more flexibility in meeting specific regional\/local requirements.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Want_details_Watch_the_video\"><\/span>Want details? Watch the video!<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<table width=\"100%\">\n<tbody>\n<tr>\n<td class=\"video-details-td\">\n<div style=\"float:right; width:50%; padding-left:15px; font-size:14px;\">\n<strong>Table of contents<\/strong><\/p>\n<ol>\n<li style=\"margin-bottom: 8px;\">What are the implementation requirements for IoT in healthcare? (1:06)<\/li>\n<li style=\"margin-bottom: 8px;\">What technologies are used in the stack? (5:45)<\/li>\n<li style=\"margin-bottom: 8px;\">What does the deployment view for OpenStack look like? (12:22)<\/li>\n<li style=\"margin-bottom: 8px;\">What does the physical diagram for the OpenStack network look like? (18:45)<\/li>\n<li style=\"margin-bottom: 8px;\">What is the distribution of Cloud Foundry components and back-end services on OpenStack nodes? (23:50)<\/li>\n<li style=\"margin-bottom: 8px;\">What is outside the cloud in the OpenStack deployment? (28:15)<\/li>\n<li style=\"margin-bottom: 8px;\">How does the network model change with a VPN connection? (31:45)<\/li>\n<li style=\"margin-bottom: 8px;\">How does device connectivity work in the OpenStack deployment? (39:35)<\/li>\n<li style=\"margin-bottom: 8px;\">How does the deployment change in Amazon Web Services? (43:25)<\/li>\n<\/ol>\n<\/div>\n<div class=\"video-container\"><iframe loading=\"lazy\" title=\"Building an IoT Cloud for the Healthcare Industry: How to Solve Networking\" width=\"1200\" height=\"675\" src=\"https:\/\/www.youtube.com\/embed\/3YW9CDYmPZs?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Related_slides\"><\/span>Related slides<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><center><iframe loading=\"lazy\" src=\"\/\/www.slideshare.net\/slideshow\/embed_code\/key\/d5zoS3mOWX2Zql\" width=\"595\" height=\"485\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\" style=\"border:1px solid #CCC; border-width:1px; margin-bottom:5px; max-width: 100%;\" allowfullscreen><\/iframe><\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Further_reading\"><\/span>Further reading<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/building-scaled-down-highly-available-mission-critical-architecture-with-cloud-foundry\/\">Building Scaled-Down, HA, Mission-Critical Architecture with Cloud Foundry<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/bringing-healthcare-home-with-the-iot\/\">Bringing Healthcare Home with the IoT<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/iot-in-healthcare-the-internet-of-caring-things\/\">IoT in Healthcare: \u201cThe Internet of Caring Things\u201d<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/ge-predix-and-the-dds-standard-transform-healthcare-control-robots\/\">GE Predix and the DDS Standard Transform Healthcare, Control Robots<\/a><\/li>\n<\/ul>\n<hr\/>\n<h3><span class=\"ez-toc-section\" id=\"About_the_expert\"><\/span>About the expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<div>\n<div style=\"float: right;\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/05\/Sergey-Sverchkov-Software-Architect-Altoros-bio.png\" alt=\"Sergey Sverchkov, Software Architect, Altoros bio\" width=\"120\" class=\"aligncenter size-full wp-image-14256\" \/><\/div>\n<div style=\"width: 600px;\"><small><strong>Sergey Sverchkov<\/strong> is a highly skilled Project Manager and Software Architect with 15+ years of experience under the belt. He has in-depth expertise in cloud, virtualization technologies, IaaS, and PaaS solutions, including but not limited to AWS, OpenStack, VMware, GCE, and Cloud Foundry. Sergey is an expert in NoSQL data stores, as well as integration, analysis, and processing big data.<\/small><\/div>\n<\/div>\n<hr\/>\n<p><center><small>The post is written by <a href=\"https:\/\/www.altoros.com\/blog\/author\/viktoryia-fedzkovich\/\">Victoria Fedzkovich<\/a>, <a href=\"https:\/\/www.altoros.com\/blog\/author\/s-sverchkov\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sergei Sverchkov<\/a>, <a href=\"https:\/\/www.altoros.com\/blog\/author\/carlo\/\" >Carlo Gutierrez<\/a>, and <a href=\"https:\/\/www.altoros.com\/blog\/author\/alex\/\" >Alex Khizhniak<\/a>.<\/small><\/center><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Earlier this year, we wrote about building a highly available and mission-critical architecture with Cloud Foundry\u2014implemented for a manufacturer of healthcare devices. The system is processing medical data collected from 1.5+ million patients across dozens of healthcare organizations.<\/p>\n<p>Here, we further elaborate on the details of this Cloud Foundry\u2013based healthcare system, [&#8230;]<\/p>\n","protected":false},"author":5,"featured_media":18159,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[7],"tags":[208,873,914,117,206],"class_list":["post-16680","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-opinion","tag-cf-summit","tag-cloud-native","tag-healthcare","tag-iot","tag-oss-cloud-foundry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cloud Foundry for Healthcare: Addressing Networking and Portability | Altoros<\/title>\n<meta name=\"description\" content=\"An IoT system based on Cloud Foundry serves 100,000+ medical devices across dozens of hospitals\/labs. Describing its networking\/security model, this post reveals how the system was made portable between OpenStack and AWS.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cloud Foundry for Healthcare: Addressing Networking and Portability | Altoros\" \/>\n<meta property=\"og:description\" content=\"Earlier this year, we wrote about building a highly available and mission-critical architecture with Cloud Foundry\u2014implemented for a manufacturer of healthcare devices. The system is processing medical data collected from 1.5+ million patients across dozens of healthcare organizations. Here, we further elaborate on the details of this Cloud Foundry\u2013based healthcare system, [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2016-12-14T14:53:35+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-19T22:08:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-sverchkov-v8.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"360\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"Alex Khizhniak\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Alex Khizhniak\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/\",\"name\":\"Cloud Foundry for Healthcare: Addressing Networking and Portability | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-sverchkov-v8.gif\",\"datePublished\":\"2016-12-14T14:53:35+00:00\",\"dateModified\":\"2020-02-19T22:08:56+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/3d914db6ad1b2908c32c0dc5dcabc420\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-sverchkov-v8.gif\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-sverchkov-v8.gif\",\"width\":640,\"height\":360},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cloud Foundry for Healthcare: Addressing Networking and Portability\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/3d914db6ad1b2908c32c0dc5dcabc420\",\"name\":\"Alex Khizhniak\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/06\/druzya-edit1-150x150.jpg\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/06\/druzya-edit1-150x150.jpg\",\"caption\":\"Alex Khizhniak\"},\"description\":\"Alex Khizhniak is Director of Technical Content Strategy at Altoros and a cofounder of a local Java User Group. Managing distributed teams since 2004, he has gained experience as a journalist, an editor-in-chief, a technical writer, a technology evangelist, a project manager, and a product owner. Alex is obsessed with AI\/ML, data science, data integration, ETL\/DWH, data quality, databases (SQL\/NoSQL), big data, IoT, and BI. The articles and industry reports he created or helped to publish reached out to 3,000,000+ tech-savvy readers. Some of the pieces were covered on TechRepublic, ebizQ, NetworkWorld, CIO.com, etc. Find him on Twitter at @alxkh.\",\"sameAs\":[\"https:\/\/x.com\/https:\/\/twitter.com\/alxkh\"],\"url\":\"https:\/\/www.altoros.com\/blog\/author\/alex\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cloud Foundry for Healthcare: Addressing Networking and Portability | Altoros","description":"An IoT system based on Cloud Foundry serves 100,000+ medical devices across dozens of hospitals\/labs. Describing its networking\/security model, this post reveals how the system was made portable between OpenStack and AWS.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/","og_locale":"en_US","og_type":"article","og_title":"Cloud Foundry for Healthcare: Addressing Networking and Portability | Altoros","og_description":"Earlier this year, we wrote about building a highly available and mission-critical architecture with Cloud Foundry\u2014implemented for a manufacturer of healthcare devices. The system is processing medical data collected from 1.5+ million patients across dozens of healthcare organizations. Here, we further elaborate on the details of this Cloud Foundry\u2013based healthcare system, [...]","og_url":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/","og_site_name":"Altoros","article_published_time":"2016-12-14T14:53:35+00:00","article_modified_time":"2020-02-19T22:08:56+00:00","og_image":[{"width":640,"height":360,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-sverchkov-v8.gif","type":"image\/gif"}],"author":"Alex Khizhniak","twitter_misc":{"Written by":"Alex Khizhniak","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/","url":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/","name":"Cloud Foundry for Healthcare: Addressing Networking and Portability | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-sverchkov-v8.gif","datePublished":"2016-12-14T14:53:35+00:00","dateModified":"2020-02-19T22:08:56+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/3d914db6ad1b2908c32c0dc5dcabc420"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-sverchkov-v8.gif","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/cloud-foundry-summit-europe-2016-sverchkov-v8.gif","width":640,"height":360},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/cloud-foundry-for-healthcare-addressing-networking-and-portability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Cloud Foundry for Healthcare: Addressing Networking and Portability"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/3d914db6ad1b2908c32c0dc5dcabc420","name":"Alex Khizhniak","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/06\/druzya-edit1-150x150.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/06\/druzya-edit1-150x150.jpg","caption":"Alex Khizhniak"},"description":"Alex Khizhniak is Director of Technical Content Strategy at Altoros and a cofounder of a local Java User Group. Managing distributed teams since 2004, he has gained experience as a journalist, an editor-in-chief, a technical writer, a technology evangelist, a project manager, and a product owner. Alex is obsessed with AI\/ML, data science, data integration, ETL\/DWH, data quality, databases (SQL\/NoSQL), big data, IoT, and BI. The articles and industry reports he created or helped to publish reached out to 3,000,000+ tech-savvy readers. Some of the pieces were covered on TechRepublic, ebizQ, NetworkWorld, CIO.com, etc. Find him on Twitter at @alxkh.","sameAs":["https:\/\/x.com\/https:\/\/twitter.com\/alxkh"],"url":"https:\/\/www.altoros.com\/blog\/author\/alex\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/16680","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=16680"}],"version-history":[{"count":123,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/16680\/revisions"}],"predecessor-version":[{"id":51027,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/16680\/revisions\/51027"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/18159"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=16680"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=16680"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=16680"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}