How Care Communication Platform Myo Moved to Amazon EKS
Guest post by Josip Medic, Software Engineer, Myo
Here at myo, we believe passionately in the principle of automatization in every stage of the business development process. That’s why, in 2019, we decided to make the much-needed transition to Amazon Elastic Kubernetes Service (Amazon EKS) on AWS.
As a startup – and particularly one in the tech market – quick scale is completely imperative for growth. Not only do we want to offer a first-rate service, but the nature of our clients – residents in care, their families, and their caregivers – gives us particular motivation to ensure that our servers operate at the best levels, day and night.
We know that when it comes to tech solutions, there’s no one-size-fits-all approach – each business has its unique wants and needs. However, as a tech company with both global ambitions and a social justice agenda, we’re at that tricky intersection of delivering both a first-class app whilst also ensuring personalized, humanized customer service. From the outset, it’s therefore been imperative that every area of our business caters to our unique clients. Our systems and operations must deliver secure and direct communication. And we must continue to fulfill our mission of empowering care providers to communicate securely and directly with relatives via a world-leading mobile app. That’s where AWS comes in.
It seems hard now to remember a time before AWS. But it did exist. And only in looking back can we now truly evaluate the real measure of AWS’ capabilities. When we first launched, we were using an independent cloud provider, which was both based in Germany and had all of its infrastructure in Germany. This afforded us limited possibilities: we only had the ability to have one server instance – nothing similar to cluster models that have now come to dominate the market. While we were just servicing one care home (with one corresponding database), presented no real issue; we had one server, with once backend service and one Postgres database. But this was never going to be sustainable long-term.
It wasn’t long before we had eight customers, meaning oversight of eight backend servers and eight Postgres databases being handled manually. In real terms, with each backend server having only one running instance, there was no fall-back option to take over when issues arose. In addition to that, because our product depends on media sharing, we were storing that shared media across multiple sites on the one server instance. This caused numerous pain-points, not least friction: maintenance of multiple resources, production deployment taking a number of hours, and roll-backs that were often impossible to execute.
Thus, when considering switching from our previous cloud service provider, it was essential for us to have a backend operating system where rolling updates could take place automatically, accompanied by successful deployment and release cycles. Having read widely and conducted extensive research about the possible options out there in the market, it quickly became clear that Amazon EKS was the product for us.
Kubernetes is defined as “an open-source container-orchestration system for automating application deployment, scaling, and management.” It gives ‘namespaces’ which – by definition – divide cluster resources between multiple users. This was crucial for us in giving full separation between deployed customer (care homes) services. In short, that was enough to satisfy all our needs. From that point onwards, the transition was seamless, and we never looked back. Since then, AWS has brought four key pillars to our operations: streamlining the backend server, ensuring product stability and fault tolerance, delivering continuous integration and delivery (CI/CD), and safeguarding our infrastructure & delivery security.
Indeed, with the EKS Kubernetes cluster on AWS we have ultimately been able to streamline our backend server. Whereas we previously had one backend deployed for one server, the AWS system has enabled us to add the Spring Boot 2 Framework and Kotlin programming language to our backend services, with the frontend app written in Vue.js. As such, our backend and frontend now employ docker to build images which are later deployed on the Amazon EKS cluster and our DB stack is achieved through Amazon RDS Postgres, while Amazon Kinesis and Amazon Redshift allow for rigorous analytics. We then chose bitbucket, pipelined as our CI/CD tool. There was the option of Amazon ECS service (a fully managed container orchestration service); while that system requires no deep knowledge about infrastructure, we still opted for EKS because it’s feature-rich and gives greater freedom and autonomy.
Switching to AWS has also helped us deliver on the product stability and fault tolerance goals. We now have at least two deployed pods per customer service, which gives us a reliable way to automatically route all traffic to working services alone. If any pods fail, Kubernetes automatically spawn another pod in order to satisfy the wanted replicas defined in the deployments script. What’s more is that the Helm Kubernetes Package Manager has provided an elegant way to maintain all resources installed on the cluster. Each release candidate or release version is packaged using docker and the helm package, which is stored in our private repository and then later used in installations or rolling updates on Kubernetes via Helm. Altogether, this offers a platform for continuous integration and continuous delivery.
Infrastructure and Security on AWS
Now, turning to the benefits of AWS for infrastructure and security. Operating in the caretech space, we know our clients truly count on us to deliver first-class service. At the heart of this is data security. In our ambition to be one of the leading voices for caretech globally, we have placed this goal at the heart of our brand and business values, seeking to offer a platform where stakeholders know that their sensitive data is safe with us. Once again, AWS has ensured that we can deliver the additional need of having secured and decoupled customer data, rooted to our Head Office operations in Germany. Specifically: our backend service is written to be a multi-tenant but, given the healthcare domain’s legal requirements, it was vital that we pursue a path which ensures that each care/nursing home has their own database.
Specifically, with the focus of our business heavily weighted towards media sharing between users, it’s been important for us to have the ability – via IAM users – to achieve granular access to Amazon S3 buckets. This means only one user that is assigned to our customer has access to customer S3 bucket. Every AWS Service (RDS, S3 storage, etc.) is therefore encrypted and secured. Additionally, Kubernetes nodes are accessed externally via an Application Load Balancer where the Kubernetes node is automatically registered if it is spawned through auto-scaling groups and launch configurations. ALB is using TLS certificates that are registered in our AWS Cert Manager. Each of these setups on AWS helped us to ensure data protection/security and to gain full customer trust.
Josip Medic, a software engineer at Myo shared his thoughts on the move, saying. “This technology stack genuinely helps realise our aims: speeding communications between loves-ones and their relatives in care. Indeed, our set-up enables care home employees to document and share content about the everyday caregiving via text, voice messages, photos or videos. The speed of this channel means caregivers have more time for those for whom they care, and relatives can more readily partake in the daily life of their loved ones. With staff and relatives brought into one single communication channel, we deliver secure and direct communication. With the product compatible on both iOS and Android, we therefore bring all stakeholders in the care ecosystem closer together.”
As we look to the future, we’ll continue to raise our voice as serious advocates of EKS & AWS in the hope that we can encourage other organizations to make the same, invaluable change that is helping us to take our organization to the next level.
Further benefits of the AWS operating system:
EKS – Managed Kubernetes service
AWS RDS Service – gives a simple way to have managed Postgres instances with replicas in multiple availability zones
AWS S3 – simple storage service which gives scalability, security, data availability and performance
Plain EC2 instances
IAM (Identity and Access Management) – enables myo to manage access to AWS services and resources securely per customer
ALB (Application load balancer)
Route 53 – for scalable and readily available Domain Name System
Server locations in Frankfurt, German
EU-US Privacy Shield
All of these services have led to the infrastructure state we have now.