Abstracting the Virtual Machine
While our existing platform is command-line driven, it does require that customers interact directly with virtual machines (on AWS EC2), which increases the overhead of auditing, access control management, and security operations. We'll be launching several new interfaces which will enable customers to more efficiently manage deployments and provide a central access point to service logs and operational metrics. More importantly, instead of worrying about the performance characteristics and capacity of individual machines, customers will be able to dial in specific performance and capacity levels at the application/service level.
Dedicated Build Endpoints
Instead of assembling a production build on the same host that is running the application, customers will be able to use separate endpoints to build application images, compile assets, and more. These endpoints will utilize powerful processors and will be billed by the minute, enabling customers with low traffic applications to use less expensive hosting plans instead of provisioning larger virtual machines for handling big builds like they do today.
Dynamic Scaling and Scheduling
Customers will be able to specify upper and lower limits on resource allocation in response to changes in network and database activity. This feature will give production apps a performance boost when needed, while avoiding the need to provision surplus capacity full-time. Another requested feature we'll be rolling out is the ability to run or pause services according to a schedule (without having to deal with an esoteric interface like cron).
Faster Underlying Machines
Based on extensive prototyping and benchmarking, we found that using a virtual machine comprised of Amazon Linux 2, NVMe block devices, and EC2 Nitro-based instances can increase overall system performance (vs. today's standard configuration) from 30% to 50% depending on the size of instance being used. The Amazon Linux 2 operating system is curated by AWS and includes a tuned LTS kernel. And just like we do currently with our Ubuntu images, this next generation configuration will be security hardened per CIS Benchmarks and audited/tested daily. So while customers will no longer have to deal with virtual machines directly, at the same time they will gain performance and security benefits by running their apps and services on this new foundation.
Direct to AWS Deployment Option
For customers who wish to deploy workloads directly to their Amazon Web Services account, this deployment option will provide the best of both worlds in terms of transparency and reduction of operational burden. It will also provide a set of compliance "guard rails" by validating AWS service configurations against HIPAA controls and security best practices (including AWS's security framework).
New Service Add-Ons
Some of the add-ons we provide today include an intrusion detection system, web application firewall, Mirth Connect data integration service, SFTP endpoints, and vulnerability scanning. We've been developing an add-ons framework that will make it easier for us to deploy new add-ons as well as providing partners with the ability to build integration points into their offerings. Some of the things we're working on include an S3 Malware Scanner and an API for logging PHI interactions. There's a lot more innovation to come in this area to bring the concept of healthcare "blocks" full circle.