Thursday, July 24, 2014

Heading to NYC to discuss consumer health information exchange with @Medyears

Today I am on a flying visit to New York City to discuss a consumer-mediated Health Information Initiative Workshop in Philadelphia. We are planning this for early September.

The objective is to drive adoption of BlueButton and give patients easier access to their health data.

If we run this as a Hybrid HealthCa.mp event who is interested in getting involved?

More information to follow soon as we finalize details…

[tag health cloud BigData MongoDB MongoDBWorld NoSQL]

Mark Scrimshire
Health & Cloud Technology Consultant

Mark is available for challenging assignments at the intersection of Health and Technology using Big Data, Mobile and Cloud Technologies. If you need help to move, or create, your health applications in the cloud let’s talk.
Blog: http://2.healthca.mp/1b61Q7M
email: mark
Stay up-to-date: Twitter @ekivemark
Disclosure: I began as a Patient Engagement Advisor and am now CTO to Personiform, Inc. and their Medyear.com platform. Medyear is a powerful free tool that helps you collect, organize and securely share health information, however you want. Manage your own health records today. Medyear: The Power Grid for your Health.



via WordPress http://2.healthca.mp/1rOSdSP

Tuesday, July 22, 2014

#Health Articles saved on Delicious by @ekivemark

It’s Tuesday, July 22, 2014 at 09:03AM
and time to bring you some Delicious #Health posts




via WordPress http://2.healthca.mp/1ry1MYS

Monday, July 21, 2014

Building a Healthcare Big Data Platform in the Cloud with @Datastax

On August 7th I will be presenting on a Webinar with Datastax about building a Cloud-based Big Data platform for the Healthcare software division of Fortune 50 company using Datastax.

You can sign up for the webinar here: http://2.healthca.mp/1rE211V

This webinar will bring the presentation I delivered to a group in Boston, in May 2014, to a wider audience. I hope you can join me.



via WordPress http://2.healthca.mp/1pvOQhf

Tuesday, July 15, 2014

#Health Articles saved on Delicious by @ekivemark

It’s Tuesday, July 15, 2014 at 09:02AM
and time to bring you some Delicious #Health posts




via WordPress http://2.healthca.mp/1ylYKrk

Thursday, July 10, 2014

@MapR – Securing Hadoop – Great tech session from Keys Botzum.

I am at the Hadoop-DC Meetup group to learn about how MapR has secured Hadoop. See this link for more information about the Hadoop Meetup:

http://2.healthca.mp/1y0yd2q

Keys Botzum is a SR Principal Technologist with MapR to lead the session.

MapR is a complete distribution of Hadoop.

MapR’s focus with Hadoop is:
- Performance
- Multi-Tenant
- Security

MapR – 80% of accounts triple their installation size in 12 months.

Why Security for Hadoop?

Historically Hadoop was processing public internet data. This is now switching to enterprises that are processing sensitive data. eg. Financial and Health records.

Traditional firms want to create a data lake of confidential operational data.

Typical weaknesses for Hadoop

  • Client Operating system is trusted to identify user (Weak Authentication)
  • Anyone that can reach a node is trusted.
  • Hive ran as a system user.
  • Traffic is not encrypted

MapR 3.1 Securing Hadoop

  • Leverage the work done in the Open Source community
  • Encrypt network traffic
  • Authorization
  • Support but DO NOT REQUIRE Kerberos

Customers made it clear that Kerberos was too hard to deploy.
Authorization is based on AUTHENTICATED Entities.

Design decisions

MapR native security is modeled on Kerberos but it is not Kerberos
1. Password based authentication
2. Can integrate with Kerberos if already implemented

Shared Secrets managed at the cluster level
Two shared Keys: container location DB and Server key

CLDB tickets are permanent
Server keys are ephemeral and issued for users.
Clients authenticate to trusted servers using the ticket.

maprlogin uses SSL to connect to CLDB.
after login with userid/password drops ticket as file to /tmp and all utilities look for that. It is set so only user can use the ticket.

Maprlogin can renew a ticket – great for keeping a script alive.

User information comes from Operating System. MapR uses PAM and Linux password APIs.
If your linux authentication works then Mapr works.

Client then uses encrypted RPC with user authenticaion ticket/key.

The ticket has data encrypted with a secret key obtained during authentication.
The server decrypts the data to prove it is a valid ticket.

MapR user identity is independent of the host or operating system.
The login process verifies the user and generates the ticket which is then what is used to validate access to a cluster.

Servers have to authenticate to the CLDB using a secret key you as a sysadmin placed there.

[Ed: what stops someone snooping the secret server key?]

Apache – Java uses SASL – Pluggable authentication.
MapR created a pluggable MaprSASL to perform this authentication.

Any user can submit jobs but they can only administer their own submitted jobs.

The Job Tracker creates a user ticket when a job is run. This prevents a ticket expiring between submission and running.

MapR also supports exposing the file system via NFS.

MapR can’t re-write NFS protocol so best practice is to create a MapR NFS server outside the cluster and compress and loop back data.

MapRLogin doesn’t support 2 factor authentication but it could be upgraded to provide this.

Clusters

Bulk fileserver data transfers are not encrypted by default – it is an optional setting – due to performance concerns.

All MapR Servers authenticate to each other.
Most communications paths are encrypted.
Self-signed wildcard certificates are created for HTTPS traffic. You can replace with your own certificate if desired.

Cryptography

Cryptography uses current NIST standards – AES-256 in GCM Mode.
- Utilizes hardware encryption when it is available (auto-detection)

Security

Hard to follow security is inherently insecure

Beyond the MapR core

  • Hive
  • Pig
  • Mahout
  • Sqoop

Most are libraries and just work with Mapr secured servers.

Hive Server 2 supports password authentication (but doesn’t do SSL without extra configuration).

MapR Tables is their re-written HBase. it works natively with MapR security. To use HBase instead you have to secure with Kerberos.

MapR Tables Authorization.

Sqrrl/Accumulo provides boolean logic constraints.

MapR has used the same logic. They also added logic at Table, Column and Column-family (and support the NOT (!) operator).

Accumulo goes to cell-level security.

MapR comes in different versions: M3, M5, M7.

MapR tables come in M7.

Security is in all versions.

Encryption is supported for data at rest.
MapR is a block addressable device. So you can add encryption using open source or commercial tools – like Gazzang.
Or you can use encrypted drives eg. FIPS140-2 encrypted drives.

MapR will incorporate encryption in to the core product in a future release.



via WordPress http://2.healthca.mp/1y0yd2n

#mapr at #hadoop DC meetup

I am at the 1776 Campus in Washington DC for a session on MapR with the Hadoop DC meetup group

Mark Scrimshire
Health and Cloud Technologist
http://ekivemark.com
I/S/T: @ekivemark
C:+1.703.623.2789



via WordPress http://2.healthca.mp/1oo3Iwx

Tuesday, July 08, 2014

#Health Articles saved on Delicious by @ekivemark

It’s Tuesday, July 08, 2014 at 09:03AM
and time to bring you some Delicious #Health posts




via WordPress http://2.healthca.mp/1qRyO5M

Tuesday, July 01, 2014

#Health Articles saved on Delicious by @ekivemark

It’s Tuesday, July 01, 2014 at 09:03AM
and time to bring you some Delicious #Health posts

  • Is the Electronic Health Record Defunct? | The Health Care Blog July 1, 2014
    "...current EHR system designs are data-centric and not care or process-centric." Instead we need: Ease of use. Flexibility. workflow. user-configurable. easily shareable. Realtime. Change is coming and it must put the patient at the center and make it easy for their support team to work with them as partners.
  • How Steve Jobs mentored a physician and changed health care July 1, 2014
    Patients need to be at the center along side their doctor. Together - Partners. "...Patients want doctors who know them as individuals, use medical technology thoughtfully, and a system that is highly reliable, safe, and focused on them to stay well or get them better. Doctors want patients who are partners in their care, technology that enables them to […]
  • Healthcare Infographic - Does it Indicate Future HIM Issues? June 25, 2014
    Great info graphic about health information management and the cost of medical coding



via WordPress http://2.healthca.mp/1oktNPO

Wednesday, June 25, 2014

#mongodbworld Elliott Horowitz talking about the future roadmap for @mongoDB

The Future of MongoDB. Beyond the next release.

Elliot Horowitz recapped:

Mongo 2.8 later in 2014.
- Improved Concurrency
- Storage Engine API

MongoDB 3.0 and Beyond

Partitioned Joins

Why no joins – Less need in a document relational model.
Also don’t want features that create surprise when scaling horizontally.

Multi-Document Transactions

Approach the same way as Partitioned Joins. Plan ahead on joins across collections to see that everything is on the same shard.

Schema Validation

For example add a Query document for a collection. Validate on submission against the Query document.

Multi-Master Databases

Incrementing counters for example can work in a multi-master environment

Filtered Replica Sets

eg. a Retailer might want data in every store.

Filtering means that only a section of the data is replicated. Eg. The UK Data Center gets UK data from a Global Data Center.

Storage Engines

The ability to tailor storage to performance needs. I think Health care will be big on having encryption as a storage engine.

Resource Management

Providing the ability to manage operations across different types of machines. This may be built in to future versions of MMS.

Adaptive Provisioning

MMS should be able to automatically adjust cluster size. This looks like some of the Object Rocket features will be embedded in to the core MongoDB offering.

Queryable Backups

MMS – Providing the ability to find a restore one or more documents without having to restore the entire database.
Connect the backup to a Mongod daemon and it would then be available to query.

Database as a Service Software

MMS will provide this capability for internal or external / cloud use.

[tag health cloud BigData MongoDB MongoDBWorld NoSQL]

Mark Scrimshire
Health & Cloud Technology Consultant

Mark is available for challenging assignments at the intersection of Health and Technology using Big Data, Mobile and Cloud Technologies. If you need help to move, or create, your health applications in the cloud let’s talk.
Blog: http://2.healthca.mp/1b61Q7M
email: mark@ekivemark.com
Stay up-to-date: Twitter @ekivemark
Disclosure: I began as a Patient Engagement Advisor and am now CTO to Personiform, Inc. and their Medyear.com platform. Medyear is a powerful free tool that helps you collect, organize and securely share health information, however you want. Manage your own health records today. Medyear: The Power Grid for your Health.



via WordPress http://2.healthca.mp/1qbCijp

#Mongodbworld Elliott Horowitz and Kenny Gorman of @ObjectRocket from @Rackspace

The final Keynotes:

Kenny Gorman talking about Object Rocket and MongoDB as a Service.

Architecting and deploying scalable cloud databases takes time and expertise. It is still not easy.

Kenny gives a great demo of Python using ObjectRocket

Python: Import ObjectRocket

ObjectRocket pre-provisions infrastrucure and a create adds a pre-provisioned MongoDB in to your account.

One line of code can pre-provision and launch a multiple server MongoDB configuration. Pretty impressive!

So you have your infrastructure… What’s next

Scaling…

You may need to scale rapidly. For Example, Gaming can be unpredictable.

Shard early, Shard Often. Plan ahead.

ObjectRocket provides Auto Sharding based on utilization eg. Disk space.

It also offer AutoKey to automatically apply keys.

Fragmentation

AutoCompaction. Handles compressing all the secondaries.

ObjectRocket is providing Free Backups via MongoDump.

http://2.healthca.mp/1lqnrhP

Keynote from Kenny Gorman (ObjectRocket by Rackspace)

Remarks from from Kenny Gorman, Chief Architect, ObjectRocket by Rackspace.



via WordPress http://2.healthca.mp/1lqntWY