|
| 1 | +# Navigating the Healthcare Multiverse |
| 2 | + |
| 3 | +> How Roche United Cloud and Edge with a Platform Engineering Saga |
| 4 | +
|
| 5 | +## What is a lab? |
| 6 | + |
| 7 | +When you give a blood sample or anything to analyze, the sample is sent through a pipeline |
| 8 | +of machines. The reality in the lab is fragmented, it's not an orchestrated pipeline. Machines have |
| 9 | +different form factors, cables are dangling, it doesn't nicely fit together. |
| 10 | + |
| 11 | +### The problem |
| 12 | + |
| 13 | +How can we fix the chaos at the edge? How do we provide reliable computing? |
| 14 | + |
| 15 | +> Diversivied assets are great for your portfolio, not for your finances. |
| 16 | +
|
| 17 | +The stack must be easy enough for field service representatives to install them and flexible enough |
| 18 | +for developers to make their lives easier. |
| 19 | + |
| 20 | +## The idea |
| 21 | + |
| 22 | +Roche instruments are installed in a lab, Roche ships edge compute infrastructure that can talk to the |
| 23 | +lab machines. |
| 24 | + |
| 25 | +### Phase 1 - Assembling the toolkit |
| 26 | + |
| 27 | +You want to manage applications around the world consistently. Back in the days, there was really only a single |
| 28 | +solution, Rancher. Here's the challenge: you don't get inbound connectivity to hospitals, you're lucky if you |
| 29 | +get decent outbound connectivity. |
| 30 | + |
| 31 | +As an operating system, Roche picked Debian based flavors. It's easy and security, no need to make it more complex. |
| 32 | + |
| 33 | +How do you scale GitOps in this scenario? They used a templating engine based on jinja2 to render configuration per |
| 34 | +distribution. They have an entire KubeCon talk about this, but I'm not going deeper into this. |
| 35 | + |
| 36 | +The next challenge is data resilience. How do you make sure you operate while keeping patient data local? |
| 37 | + |
| 38 | +Here comes their 3 tier architecture. Global infrastructure manages regional control planes, regional control |
| 39 | +planes manage edge infrastructure. |
| 40 | + |
| 41 | +### The evolution |
| 42 | + |
| 43 | +The first evolution was building a fleet manager. Rancher was not really handling edge behaviour where laptops |
| 44 | +are being closed and cables are being disconnected. So Roche started building out an in-house fleet management console. |
| 45 | + |
| 46 | +The single IP address was becoming a bottleneck. To solve this, they leveraged Cilium mTLS tunnel to connect |
| 47 | +their edge compute to compute in the cloud. From the location in the cloud, they can connect to anywhere. |
| 48 | + |
| 49 | +As an operating system, they moved to Talos to reduce the bundle size they were shipping to the customers. |
| 50 | + |
| 51 | +## Links |
| 52 | + |
| 53 | +- <https://github.com/danacr/kubernetes-the-fun-way> |
| 54 | +- <https://developers.cloudflare.com/reference-architecture/diagrams/network/bring-your-own-ip-space-to-cloudflare/> |
| 55 | +- <https://docs.cilium.io/en/latest/network/servicemesh/mutual-authentication/mutual-authentication/> |
| 56 | +- <https://github.com/Roche/foxops> |
0 commit comments