MedicAlert, Advanced Technology Group

Non-profit healthcare leader MedicAlert has introduced a new offering, E-HealthKEY, which enables customers to keep an up-to-date record of their medicines and doctors with them at all times and stored to an online repository. In order to accomplish this, MedicAlert required a highly flexible, adaptive system that would interoperate with partners and client applications. They chose to move to a loosely coupled services-based system. However, before they could deploy this medical repository system or launch the E-HealthKEY product itself, they first had to ensure the operational health and security of the distributed, loosely coupled system. Project goals were manageability, security and visibility into the inner-workings of their services network.

The challenges of taking a business-driving system based on Web services are many. MedicAlert needed to meet the service level agreements they’d established internally and agreed to with partners. They needed to mediate unexpected conditions quickly, before they could impact business. They needed insight into the distributed system. And, due to the sensitive nature of the information passing through the system, they needed to ensure security across the distributed components of the application. This called for a services-based infrastructure to be implemented to handle management and security requirements in advance of taking the application into production.

The MedicAlert repository uses Web service interfaces to support standard Electronic Health Records (EHRs) for patient record interoperability. A new service from MedicAlert, the E-HealthKEY, stores critical medical information to a USB memory stick, which customers attach to a keychain to ensure that a complete personal health record is with them at all times. Customers can view and update their personal medical information via the MedicAlert web portal or the E-HealthKey, which seamlessly sync with one another. Because the system is built on Web services, it is easy to update, adapt and grow. MedicAlert uses AmberPoint runtime governance software to manage the system and secure the endpoints across the system, meeting MedicAlerts requirements for visibility into the system, ability to set, adhere to and manage service level agreements, and providing comprehensive exception handling abilities.

Seeking greater agility and flexibility from their systems, which must interoperate with partners’ and customers’ applications, MedicAlert has implemented a services-based system that comprises approximately twenty .NET Web services. Microsoft BizTalk Server 2004 is the Process Integration and Rules Engine, while Forum Systems is used for perimeter security. MedicAlert uses AmberPoint to ensure the operational health and address "last-mile" security requirements for their distributed services.

Goals for the project:

• Deliver a valuable new life-saving service to clients
• Build and deploy a reliable services-based system
• Ensure the operational health of the services-based system
• Meet internal and external service level agreements
• Secure the system for privacy of transactions and updates via encryption and decryption of messages, for example.
• Detect, diagnose and correct any faults discovered in the services network

The solution immediately met the projected goals. They have delivered a valuable new service in time and under budget. Rather than building its own management infrastructure, MedicAlert chose to implement AmberPoint SOA runtime governance software. As a result, they were able to take the system into production an estimated 75% faster than they would have otherwise. The services-based system has achieved 100% availability since going into production.

MedicAlert was seeking greater agility and flexibility from their information systems, which must interoperate with partners’ and customers’ applications. When looking at how best to deliver the E-HeathKEY offering, they realized the cross-platform interoperability that they’d require. They decided to build a services-based system for this new product offering, building a collection of 20 services on the Microsoft .NET Framework.

Business mandates included:

• Flexibility
• Agility
• Cross-platform interoperability
• Ability to meet internal and external service level objectives
• Privacy of data

To achieve the goals of the project MedicAlert implemented a services based system that comprised of approximately twenty .NET Web services. Microsoft BizTalk Server 2004 was the Process Integration and Rules Engine, while Forum Systems was used for perimeter security. And AmberPoint was chosen to ensure the operational health and address "last-mile" security requirements for the distributed services.

AmberPoint monitors system traffic to provide detailed performance metrics in real time. MedicAlert teams are able to see the performance of service and other system components from a single AmberPoint console, and can then manage governance and security policies running on all their servers.

MedicAlert also uses AmberPoint to detect, diagnose and remedy system errors. By monitoring the messages flowing across the system, AmberPoint can flag unexpected conditions, such as service level violations or the number of decryptions that faulted. It alerts the appropriate personnel and can automatically remedy issues through such actions as failing over to a back-up service.

AmberPoint also provides service virtualization, which allows MedicAlert to aggregate internal services into a single unified interface for use by outside parties. Additionally, AmberPoint enables MedicAlert to perform online upgrades seamlessly.

Finally, MedicAlert uses AmberPoint to encrypt and decrypt messages, ensuring that unauthorized users are unable to access or tamper with customer information. By using AmberPoint’s plug-in agents that transparently reside in the same container as the managed services MedicAlert never exposes unencrypted messages on the network. MedicAlert uses Forum Systems for message validation and protection of Web services against external attack, such as denial of service attack. The combination of AmberPoint and Forum Systems provides an implementation that addresses both perimeter and endpoint security.

Internal users were involved in the QA process. A beta release of the product involved the first external users to testing and debugging the system.

One of the greatest challenges for deploying services-based applications is ensuring the operational health of the system. MedicAlert used AmberPoint runtime governance software to gain visibility into the system and actively control the performance and availability of the services network. Because AmberPoint is an abstracted management layer, it adapts to changes (new services, changing service interdependencies, etc.) without requiring changes to the coding of the Web services themselves. This greatly simplifies the management challenge.

Maintained and eventually met initial goals for the project.

Emphasizes the use of middleware, integration and messaging technologies within an application architecture. Relevant tools can include transaction managers, object request brokers, RPC-based schemes, XML-based technologies, object transaction monitors, Web services, application integration tools, message-oriented middleware (MOM) alternatives, and publish and subscribe systems. Also emphasizes the use of middleware to link multiple packaged and/or packaged and internally developed applications, and multivendor DBMS systems to allow seamless integration between dissimilar systems.

Microsoft Visual Studio 2003, Visio, SharePoint Portal, etc.

Yes. During the complete life cycle of the project. Followed some of the Test Driven Methodologies.

A combination of both; formal life cycles were used for the entire project but less formal processes were used for smaller sub-projects. Tried to find the right balance of formality. (This is not easy to do)

Formal life cycles used a tailored version of RUP. Less formal life cycles used Agile methodologies

No

Web services in general are deceptively easy to develop and deploy. Not until well after several prototypes did we realize what web services really were, how to develop them, how to deploy them, version them, secure etc. Making sure the right code is implemented in the right place was a learning process.

We are mainly a Microsoft shop so selected MSFT Visual Studio 2003, SQL Server 2000 on Windows Server 2003. We chose and continue to choose Microsoft development tools because they provide the most productive environment available today. There are a lot of cool things in the new suite of Microsoft products and having fun while your code is a huge plus.

• Development in Microsoft .NET
• Other offices, partners and customers using Java
• Forum Systems Sentry for perimeter security and message validation
• Microsoft BizTalk Server 2004 for Business Process Integration

Ease of implementation, ability to run natively in .NET, cross platform interoperability.

8

Rapid and very cyclical.

Yes. There are two technical leads that understand web services very well. All other developers had to come up to speed on new technologies, standards, etc.

Yes.

Of course; hind-site is always 20-20. :) More asynchronous messaging.