athenahealth Secures + Supports IaaS for Digital Health Innovation
athenahealth provides network-enabled services for healthcare apps in the U.S. Recognized as a best-in-class platform for managing electronic health records (EHR) and healthcare practices, athenahealth adopted Puppet in 2012 and continues to leverage its powerful automation and configuration management solutions to maintain its reputation as a digital health innovator.
Benefits of Using Puppet:
87% reduced cost
to provision stack software installs (with a goal to reduce to $0 with self-service).
Reduced stack delivery time
from 1 day to 2 hours.
Improved consistency
in stacks (code, software, security settings).
Replaced Group Policy
with Puppet manifests.
Challenge: Manual Builds + Inconsistent Approaches to Security
athenahealth's manual build process was like any other: racking and stacking, manually configuring and updating. But the company’s move to a service-driven model necessitated a more sophisticated, available approach to building and managing infrastructure at scale.
Their goal? “Zero-Touch” builds, where users can select a stack build from a self-service portal, deploy with the Puppet agent and Puppet role defined and ready to install and configure the stack, and all updates performed through profile code updates.
“We’re looking very much to be able to provision quickly, tear down, redeploy,” said Shane Smith, Lead Site Reliability Engineer - IaaS Automation at athenahealth. “Speeding up that process becomes more important if you have the possibility of doing it more often.”
How athenahealth Uses Puppet to Automate Application Stack Builds
Given exacting security and compliance standards (both internal and external), athenahealth also needed to move beyond Group Policy to a more consistent security and compliance approach. Their new approach would need to work in and out of domains, help them shift toward infrastructure-as-code (IaC), and improve monitoring and alerting. The infrastructure-as-a-service (IaaS) team chose Puppet to better understand, track, enforce, and manage configurations across their more than 5000-node infrastructure.
Results: Secure, Scalable IaaS + One Step Closer to “Zero-Touch” Builds
“We have some strict security requirements ... One of our initial drivers for moving things into Puppet was to have security consistency. [S]o this is huge for us to ... be able to report on these things being compliant.”
Shane Smith, Lead Site Reliability Engineer – IaaS Automation, athenahealth
By scaling their use of Puppet automation and infrastructure as code, the athenahealth infrastructure team moved from a scripted install to an automated stack install. They also ditched Group Policy for configuration management, improving security, compliance, monitoring, and alerting. It all adds up to distinct benefits:
- Reduced labor cost per stack install
- Cut down delivery time
- Dramatically increased speed to redeploy stacks from one location to another (cloud, data center, on-prem, and virtual)
- Significantly cut down on updating time and cost
- Improved confidence and response time in security, compliance, monitoring, alerting
athenahealth wrote their own code as part of their internal Puppet module to automate and simplify operational tasks. The WinPuppetTools code (publicly available on Github) supports migrating computer registry policy, preference settings, and audit settings into a Puppet manifest.
Presentation: Converting Group Policy Settings to Puppet Manifests
Use Puppet for Better, Safer Infrastructure, Anywhere
Better infrastructure is built with Puppet. Contact our team to learn more about use cases, demonstrations, and how Puppet accelerates digital transformation.