The Kainos Cloud capability has been helping customers undertake rapid transformation at scale for over 20 years, including landmark projects like the UK’s Government’s Register to Vote service which enabled millions of citizens to join the electoral register. In recent years the emergence of container orchestration platforms – in particular Kubernetes – has ushered in a step change for how services can be deployed to and operated at scale which has provided a significant opportunity for our customers.
Recognising this, for the last number of years Kainos has invested significantly in helping its 120 strong Cloud Engineering capability develop its Kubernetes expertise. Like other organisations, we have certified engineers demonstrating our depth of knowledge, however we’ve also got the battle-scars and learnings of actually having ran Kubernetes in production for over two years. We’ve used Kubernetes platforms to deploy services for a number of UK Government departments and pioneered techniques like GitOps and Cloud Native Development to improve efficiency and reduce the cost-base to our clients.
Read on for a case study where Kainos used Kubernetes as an enabler for creating the NHS App which transforms how 40 million people in England access healthcare services.
In September 2017, the Secretary of State (SoS) for Health made a number of public commitments at the NHS England Health & Care Innovation Expo. These commitments focused on addressing the needs of 40+ million patients and 7,500+ GP practices in England by providing digital access to core NHS Services – the ambition was to create a universal Digital Front Door for the NHS through which patient services could be delivered.
This vision sought to empower patients to:
1. Check their symptoms – find reliable NHS information on conditions, treatments and get immediate advice
2. Book appointments – search for, book and cancel appointments at their GP surgery
3. Order repeat prescriptions – see their available medications and request a new repeat prescription
4. View their medical record – secure anytime/anywhere access to their GP medical record
5. Register to be an organ donor – easily manage their preferences on the NHS Organ Donor Register
6. Choose how the NHS is able to use their data – easily manage their preferences for data usage e.g. whether their information can be used to inform research and planning.
The challenge: The scale is colossal given that over 340 million GP consultations are arranged, and 800 million repeat prescriptions are ordered each year across those 7,500+ GP practices which each use disparate IT systems offered by outside vendors. Moreover, key services on which the NHS App would be dependent – NHS Login – were also just starting in their development journey for which the NHS App would be the first service onboarded.
The ask: By the end of 2018 – just 15 months after the SoS announcement – to have built from scratch, a fully-integrated user-centric service delivered through smart-phone native apps delivering on those SoS commitments. NHS Digital appointed Kainos as the prime supplier to deliver on these commitments and build the NHS App.
The approach: Few organisations in the world are as cherished or evoke such emotion as the NHS – it was vitally important that a user-centred development approach underpin all product and service decisions to ensure the service represented all demographics and is inclusive of all sections of society – especially those that are most vulnerable. This approach of putting the users first yielded insights ensuring trailblazing work on Biometric multi-factor authentication – amongst others – to be prioritised ensuring the login process was as frictionless as possible on supported devices.
Scalability, Security and Speed
Using public cloud for hosting – one of the first instances for NHS Digital in a user-facing transactional service context – the Microsoft Azure platform was chosen owing to its flexibility, extensive service catalogue and its highly integrated multi-layered approach to securing workloads.
After significant evaluation – focusing heavily on the security of the solution – the decision was made to adopt the Azure Kubernetes Service (AKS) as the foundational platform to host the NHS App – at the time this was a relatively new service to Azure. In the spirit of true partnership Kainos and Microsoft worked closely to ensure the AKS service was made Generally Available in time to onboard the first NHS App users.
A managed Kubernetes offering like AKS provided the speed, scalability and adaptability – remember those 40m+ users – that allowed delivery to progress at pace. However, being a pioneer in such a technology brings new challenges, specifically in the case of the NHS App, in relation to security and resiliency. Using new architectural approaches, the solution was able to;
1. exceed the stringent security requirements laid down by the NHS in the handling of sensitive patient data, and
2. maintain the flexibility and availability of active-active multi-region configuration.
From before code is checked in, to when it is running within environments handling patient data, a set of overlapping security controls ensures data remains protected at all times. All transmission of this data is marshalled using end-to-end encryption techniques to the point of execution and every action upon such data is extensively audited. The NHS App platform has been built to proactively defend itself using cutting edge cyber security techniques such as anomaly detection. The extent and ease by which security controls were built into the NHS App platform was heavily streamlined by the adoption of AKS; teams could focus on these value-add activities where otherwise they might have been absorbed by cluster provisioning and maintenance tasks.
Region independence is made possible through the use of Azure CosmosDB; using this service in a multi-master write mode enables session state to be seamlessly shared across Azure cloud regions with extremely low latency which means session data can be quickly syndicated across regions with zero user-impact.
Elastic scaling is key to achieving cost-efficiency whilst retaining the ability to quickly react to user-demand – using AKS in a region independent manner we are able to scale the NHS App platform from handling hundreds of requests per second to hundreds-of-thousands within minutes. Use of a content delivery network to service static assets further helps to minimise load on the platform.
User experience and accessibility meant that multiple integrations were prioritised over multiple methods for;
• Accessing pre-existing national services for symptom checking/triage and setting organ donation/data sharing preferences.
• Accessing GP services across the 4 providers of disparate IT systems.
This meant that the NHS App would become a broker across these services and in the case of GP systems, the NHS App would be first service to universally integrate across all of the providers with all the nuances therein. As each GP system vendor used different methods, protocols, data models and authentication requirements, all this needed to be enumerated and accounted for within the NHS App.
Building on the Kubernetes foundation, cloud native tools such as Helm were utilised in a continuous delivery pipeline allowing fully integrated environments accessible on the public internet to be created – from scratch – in 42 seconds. Using this same tooling through all aspects of environment promotion the NHS App can be deployed using a zero-downtime approach thus minimising service downtime and thus user-impact.