The Clinician's Knowledge Network (CKN) is the Qld Government's state-wide clinical information service. DotSec designed and deployed the CKN in 2007, and DotSec managed, maintained, upgraded and secured the CKN as a fully managed, secured and redundant service until July 2014.
6 years, 99.99% uptime, 17,000 registered users, 0 security incidents
The CKN allowed around 17,000 registered health professionals to access thousands of secured documents and journals, which together were made available by hundreds of service providers. During the time that DotSec hosted the CKN, the service was available with a 99.99% uptime (less than 1 hours outage per year), supported over 17,000 registered users (and thousands more users who accessed the service from within QH), and experienced absolutely no security incidents.
Secure, fully-managed and hosted services
From 2007 until 2014, DotSec continued to support the CKN as a fully managed and hosted (people call it "cloud" now) service, that included the following features:
- CKN was built on a redundant, distributed, highly available infrastructure. On average, the site was down for less than one hour per year, over a six-year period.
- The CKN could rely on an information security infrastructure that included a web-application firewall, intrusion detection and file-integrity monitoring, and an integrated Identity Management Infrastructure. As a result, the CKN experienced no (zero, none) security incidents over six years.
- The CKN was supported by full reporting and alerting services, 24x7x365. Any kind of report could be generated to reveal details regarding the site's operations, status and use.
- DotSec included software development and testing services as part of the service agreement, allowing us to upgrade and redevelop the site as requested on a number of occasions.
Features and design
The CKN was designed to meet a number of key requirements, and in particular, it was designed, implemented and maintained so that continued to meet the following requirements:
- Secure. Service-use must be restricted to authenticated users, with access control being based on user-roles and other security attributes. The underlying identity and access management infrastructure is based on the Secure Assertions Markup Language (SAML), an OASIS standard and XML dialect that support the presentation and communication of user authentication, entitlement, and attribute information".
- Affordable. The CKN was initially designed and implemented on a very modest budget. The strict budgetary constraints did not however limit the functionality of the CKN solution, and all requirements were met on time and on cost. A range of FOSS software including the full LAMP stack, and the Shibboleth federated identity management solution form the basis of the implementation, and have proved to deliver an extremely robust, performant and cost-effective platform for the past 5 years.
- Available. The CKN was designed and implemented to be highly available and robust, and DotSec continues to maintain the CKN in line with a detailed Service Level Agreement. Redundant Internet connections, redundant database instances, and service clustering and load-balancing environment ensured that CKN remained available with at least 99.99% up time. That translates to about an hour's outage every year, on average!
- Supported. DotSec provided 24x7x365 second-tier support to Queensland Health under the terms of the CKN Service Level Agreement. Support services included issue resolution with third-party providers/publishers, software development and testing services, security and maintenance services, and reporting services.
Although not visible to the users, the service was implemented with a number of key features:
- Distributed architecture. The CKN was implemented as a distributed service, hosted at a number of geographically separate sites. This design delivers cost-effectiveness, high-performance and fault-tolerance.
- Virtualised. The CKN was implemented as a collection of redundant, virtualised servers. The underlying Linux hypervisor was able to support low-cost, high-availability, load-balancing, flexibility and scalability.
- The SAML-based federated identity-management infrastructure allowed third-party providers to be quickly and securely integrated with the CKN. As of 2014, federation service providers included the EBook Library, Ovid and OCLC WorldShare".