athenahealth Secures + Supports IaaS for Digital Health Innovationathenahealth provides network-enabled services for healthcare apps in the U.S. Recognized as a best-in-class platform for managing electronic health records (EHR) and healthcare practices, athenahealth adopted Puppet in 2012 and continues to leverage its powerful automation and configuration management solutions to maintain its reputation as a digital health innovator.Benefits of Using Puppet: 87% reduced cost to provision stack software installs (with a goal to reduce to $0 with self-service). Reduced stack delivery time from 1 day to 2 hours. Improved consistency in stacks (code, software, security settings). Replaced Group Policy with Puppet manifests.Challenge: Manual Builds + Inconsistent Approaches to Securityathenahealth's manual build process was like any other: racking and stacking, manually configuring and updating. But the company’s move to a service-driven model necessitated a more sophisticated, available approach to building and managing infrastructure at scale.Their goal? “Zero-Touch” builds, where users can select a stack build from a self-service portal, deploy with the Puppet agent and Puppet role defined and ready to install and configure the stack, and all updates performed through profile code updates.“We’re looking very much to be able to provision quickly, tear down, redeploy,” said Shane Smith, Lead Site Reliability Engineer - IaaS Automation at athenahealth. “Speeding up that process becomes more important if you have the possibility of doing it more often.”How athenahealth Uses Puppet to Automate Application Stack BuildsGiven exacting security and compliance standards (both internal and external), athenahealth also needed to move beyond Group Policy to a more consistent security and compliance approach. Their new approach would need to work in and out of domains, help them shift toward infrastructure-as-code (IaC), and improve monitoring and alerting. The infrastructure-as-a-service (IaaS) team chose Puppet to better understand, track, enforce, and manage configurations across their more than 5000-node infrastructure.Results: Secure, Scalable IaaS + One Step Closer to “Zero-Touch” Builds“We have some strict security requirements ... One of our initial drivers for moving things into Puppet was to have security consistency. [S]o this is huge for us to ... be able to report on these things being compliant.”Shane Smith, Lead Site Reliability Engineer – IaaS Automation, athenahealthBy scaling their use of Puppet automation and infrastructure as code, the athenahealth infrastructure team moved from a scripted install to an automated stack install. They also ditched Group Policy for configuration management, improving security, compliance, monitoring, and alerting. It all adds up to distinct benefits:Reduced labor cost per stack installCut down delivery timeDramatically increased speed to redeploy stacks from one location to another (cloud, data center, on-prem, and virtual)Significantly cut down on updating time and costImproved confidence and response time in security, compliance, monitoring, alertingathenahealth wrote their own code as part of their internal Puppet module to automate and simplify operational tasks. The WinPuppetTools code (publicly available on Github) supports migrating computer registry policy, preference settings, and audit settings into a Puppet manifest.Presentation: Converting Group Policy Settings to Puppet ManifestsUse Puppet for Better, Safer Infrastructure, AnywhereBetter infrastructure is built with Puppet. Contact our team to learn more about use cases, demonstrations, and how Puppet accelerates digital transformation.CONTACT PUPPET
