athenahealth Secures + Supports IaaS for Digital Health Innovation

athenahealth provides network-enabled services for healthcare apps in the U.S. Recognized as a best-in-class platform for managing electronic health records (EHR) and healthcare practices, athenahealth adopted Puppet in 2012 and continues to leverage its powerful automation and configuration management solutions to maintain its reputation as a digital health innovator.

Benefits of Using Puppet:

87% reduced cost

to provision stack software installs (with a goal to reduce to $0 with self-service).

Reduced stack delivery time

from 1 day to 2 hours.

Improved consistency

in stacks (code, software, security settings).

Replaced Group Policy

with Puppet manifests.

Challenge: Manual Builds + Inconsistent Approaches to Security

athenahealth's manual build process was like any other: racking and stacking, manually configuring and updating. But the company’s move to a service-driven model necessitated a more sophisticated, available approach to building and managing infrastructure at scale.

Their goal? “Zero-Touch” builds, where users can select a stack build from a self-service portal, deploy with the Puppet agent and Puppet role defined and ready to install and configure the stack, and all updates performed through profile code updates.

“We’re looking very much to be able to provision quickly, tear down, redeploy,” said Shane Smith, Lead Site Reliability Engineer - IaaS Automation at athenahealth. “Speeding up that process becomes more important if you have the possibility of doing it more often.”

How athenahealth Uses Puppet to Automate Application Stack Builds

Given exacting security and compliance standards (both internal and external), athenahealth also needed to move beyond Group Policy to a more consistent security and compliance approach. Their new approach would need to work in and out of domains, help them shift toward infrastructure-as-code (IaC), and improve monitoring and alerting. The infrastructure-as-a-service (IaaS) team chose Puppet to better understand, track, enforce, and manage configurations across their more than 5000-node infrastructure.

Results: Secure, Scalable IaaS + One Step Closer to “Zero-Touch” Builds

“We have some strict security requirements ... One of our initial drivers for moving things into Puppet was to have security consistency. [S]o this is huge for us to ... be able to report on these things being compliant.”

Shane Smith, Lead Site Reliability Engineer – IaaS Automation, athenahealth

By scaling their use of Puppet automation and infrastructure as code, the athenahealth infrastructure team moved from a scripted install to an automated stack install. They also ditched Group Policy for configuration management, improving security, compliance, monitoring, and alerting. It all adds up to distinct benefits:

  • Reduced labor cost per stack install
  • Cut down delivery time
  • Dramatically increased speed to redeploy stacks from one location to another (cloud, data center, on-prem, and virtual)
  • Significantly cut down on updating time and cost
  • Improved confidence and response time in security, compliance, monitoring, alerting

athenahealth wrote their own code as part of their internal Puppet module to automate and simplify operational tasks. The WinPuppetTools code (publicly available on Github) supports migrating computer registry policy, preference settings, and audit settings into a Puppet manifest.

Presentation: Converting Group Policy Settings to Puppet Manifests

Use Puppet for Better, Safer Infrastructure, Anywhere

Better infrastructure is built with Puppet. Contact our team to learn more about use cases, demonstrations, and how Puppet accelerates digital transformation.