AWS gave us all the right tools and a powerful ecosystem, but we still needed to develop a lot of custom processes and had to support GxP compliance. Kindly Ops readily understood our mission and priorities, and had a firm grasp on what it would take to build what we needed on AWS.
Andrew Clark Manager, Software Engineering, Gritstone Oncology

Gritstone Oncology is advancing the field of immuno-oncology to fight cancer in patients with the most difficult-to-treat tumors. The company’s potent, next-generation, personalized immunotherapies harness the power of the patient’s own immune system to effectively destroy tumor cells through the recognition of tumor-specific neoantigens.

Gritstone’s process for personalized cancer treatment involves two steps. First, a clinical biopsy is taken and sent to Gritstone. The company analyzes the biopsy, applying next-generation sequencing and a deep learning model trained on large-scale data from human tumors to characterize the tumor and select the neoantigens for generating a tumor- and patient-specific immunotherapy. Next, selected neoantigens are sent to Gritstone’s manufacturing facility, where they are synthesized to build a personalized neoantigen cassette for administration to the patient via a simple intramuscular injection.

To support its research and clinical operations, Gritstone needs a high-performance computing infrastructure capable of providing both the flexibility that its scientists need to perform their research and the control needed for clinical use. These seemingly opposite requirements have traditionally mandated separate infrastructures within a company’s own data centers.

As a start-up, Gritstone knew that a cloud-computing architecture based on Amazon Web Services (AWS)—rather than acquiring and managing an on-premises computing environment— would help it ramp up its research more quickly and thus accelerate time to clinic. Plus, the company knew that a cloud environment would provide virtually unlimited scalability, so that progress would not be impeded by a lack of computing resources.

“Gritstone evaluated the major cloud providers and genomics platforms available to us,” recalls Andrew Clark, manager, software engineering at Gritstone Oncology. “None of the available third-party platforms for genomics analysis were optimal for us. All required adaptation for our protocols and committing to a proprietary architecture up front. We ultimately decided that, to have full control over our own destiny, we would need to build and quickly enable our own cloud environment.”

Clark, who had previous experience with AWS, knew that Gritstone could use it to provide a familiar environment for computational biologists—namely, a clustered computing environment with batch-based job scheduling, low-latency, high-speed interconnects, and large shared storage volumes. He also knew that AWS would provide the flexibility to start with existing software packages and adapt them to the company’s needs. Where Gritstone needed assurance, however, was that AWS could give it the controls it would ultimately need for clinical operations, including the ability to account for all configuration changes. “Essentially, we had to be able to build a GxP-compliant analysis system in the cloud, as immutable infrastructure,” says Clark.

To support its program, Gritstone worked with Kindly Ops, an AWS Partner Network (APN) Advanced Consulting Partner that specializes in DevOps and compliance for the health-care and life-sciences industries.

“AWS gave us all the right tools and a powerful ecosystem, but we still needed to develop a lot of custom processes — and had to support GxP compliance,” says Clark. “Kindly Ops readily understood our mission and priorities, and had a firm grasp on what it would take to build what we needed on AWS.”

Elliot Murphy, CEO of Kindly Ops, led the assessment. “We assured Gritstone that AWS could meet their immediate research needs, and that they would have a smooth transition when it came to clinical delivery,” he says. “Ninety-nine percent of our health-care and life-sciences customers are choosing AWS over other cloud platforms because it provides a more complete offering for their compliance-critical environments.”

Following the assessment, Clark and Murphy worked together to build an integrated DevOps infrastructure on AWS. Today, that infrastructure looks like this:

• The entire environment is defined using Amazon Virtual Private Cloud (Amazon VPC), which enables Gritstone to provision a logically isolated section of the AWS cloud where it can launch AWS resources in a defined virtual network. Virtual private gateways are used to connect securely between VPCs and the on-premises network in the company’s office and wet lab where DNA sequencers are operated. Amazon Route 53 (Route 53) is used to provision internal VPC end points.

• Compute pipelines run on Amazon Elastic Compute Cloud (Amazon EC2) clusters, storage for which is provided by Amazon Elastic File System (Amazon EFS) and Amazon Simple Storage Service (Amazon S3).

• On-demand compute power is provided using Amazon EC2 instances of various sizes. A Nextflow-driven shared job queue dispatches jobs and handles data flow, providing a logical orchestration engine for the analysis pipelines. The optimal quantity and type of compute resources (e.g., CPU- or memory-optimized instances) are dynamically provisioned, based on the volume and specific resource requirements of the pipeline jobs submitted.

AWS CloudFormation automates the provisioning of core infrastructure for each analysis environment. Jenkins pipelines that employ Packer and Chef Solo are used to automate the building of Amazon Machine Images (AMIs) and Docker container images. “We establish our baseline server environment in AMIs,” explains Clark. “For toolkits that are particularly challenging to integrate we capture those in Docker images.”

AWS Organizations and AWS Identity and Access Management (IAM) are used to provide granular access control and enable the separation of development, test, research and production environments. Confidence regarding security posture is enhanced through the use of AWS CloudTrail, which generates logs that are analyzed by security information and event management tools like Sumo Logic and DataDog.

Gritstone’s use of AWS is enabling the company to safely and securely scale its life-sciences computing workloads, for both research and clinical operations. Specific benefits include:

GxP compliance. With help from Kindly Ops, Gritstone is bringing best DevOps practices to bear in the analysis of health-care data in a clinical and manufacturing environment. More information on AWS and GxP compliance can be found in Considerations for Using AWS Products in GxP Systems, an AWS whitepaper.

Integrated cloud platform for research and clinical operations. Through the use of AWS, especially services like AWS Organizations and AWS IAM, Gritstone is able to support all phases of the life-sciences product life cycle with an integrated infrastructure — from research to clinical delivery.

Unlimited scalability. With a cloud solution based on AWS, Gritstone can quickly and easily scale its compute resources as needed, paying only for what it uses. This not only prevents researchers from having to wait before their jobs are run, but also enables those jobs to finish faster than if researchers had to share limited on-premises resources. Similarly, when the company transitions to clinical delivery, Gritstone can just as easily scale its infrastructure to handle any number of patients.

Specialized, high-performance computing resources. With AWS, Gritstone has access to a broad number of Amazon EC2 instance types, enabling the company to choose what works best for any given computational workload — with virtually no limit to the computing resources at the company’s disposal. For example, the company is using the GPU-powered g3.4xlarge EC2 instance for deep learning applications.

High availability. Gritstone runs all computing in a single availability zone so it can employ placement groups for higher-performance networking. For disaster recovery, it can instantly spin up a new environment in a different availability zone or region using a CloudFormation script.

Strong security. Specialized AWS services—such as AWS Organizations and AWS IAM—give Gritstone all the capabilities it needs to ensure security when working with sensitive medical data. “Security is a key reason why we steered Gritstone to AWS,” says Murphy. “Beyond the capabilities provided by AWS itself, Gritstone can rest confident knowing that there are hundreds of AWS security engineers working in the background on their behalf.”

Today, some 18 months after Gritstone first engaged with Kindly Ops to validate its AWS approach, the company is confident that it chose the right cloud provider — and the right partner. “Kindly Ops’ assistance has been invaluable this past 18 months, enabling us to harness the immense power of the AWS platform to meet our specific business needs — both now and in the future,” says Clark.

Kindly Ops

Kindly Ops, an AWS Partner Network (APN) Advanced Consulting Partner, specializes in DevOps, cloud security, and compliance automation for the health-care and life-sciences industries.

For more information, contact Kindly Ops through its listing on the APN Partner Solution Finder or on their website.   

Learn more about High Performance Computing (HPC)