Customer Spotlight: SafeHealth
SAFE Health is a Digital Health and Connected Diagnostics Marketplace Platform that is operated in partnership with the Mayo Clinic. With SAFE, organizations can launch digital health apps in weeks – helping to triage low-acuity health issues through digital diagnostics, provider teleconferencing, integrated prescription delivery, and more.
The SAFE app can be white-labeled and customized extensively to integrate the insurance, provider, diagnostic, and pharmaceutical preferences of their customers.
To protect patient privacy, SAFE is built on a zero-trust architecture, exacting strict controls on each workload and enforcing the principle of least privilege for each engineer contributing to the application.
Before moving to Control Plane in 2021, SAFE’s infrastructure was built on AWS EKS (Elastic Kubernetes Service), using KNative to provide the efficiency benefits of serverless without the limitations of Lambda. SAFE also maintained an event plane using NATS.io through NGS, a machine learning layer, and several databases (S3, NoSQL, Big Query, etc.).
This infrastructure was implemented on a single region of AWS, but Dimy Jeannot, SAFE’s CTO, knew that as the company grew, they would need to expand to multiple regions very soon. Implementing Istio as a service mesh for multiple Kubernetes clusters was the obvious way to address the challenge, but finding DevOps engineers who were versed not only in Kubernetes but also in the high- order thinking that Istio required was a huge obstacle. SAFE recruited nationwide but struggled to find even one or two of the 10-15 highly-specialized engineers Jeannot knew would be required to build and manage a multi-region infrastructure.
In the process of addressing this issue, Jeannot spoke to Jim Nasr, the former Chief Software Architect of the Centers for Disease Control and the current CEO of Acoer. Acoer had been using Control Plane for several months, and Nasr suggested that it might be a great solution for SAFE as well. By that point, Jeannot had found a single DevOps engineer, but by moving to Control Plane was able to avoid the time and expense of 10+ additional hires. Safe Health worked with APrime, a Control Plane implementation partner who assisted in a smooth transition to the Control Plane Platform.
SAFE Health’s team of 80 engineers ran 9 environments in AWS delivering reliable service to their customers. As of today, all but one of those environments has been moved to Control Plane.
Jeannot was surprised by how smoothly the migration went. Normally, moving production environments is a long and frustrating ordeal but the move to Control Plane has been shockingly non-eventful.
Most of the benefits of the migration to Control Plane have accrued to internal operational improvements – the ability to do more faster at less cost – but what SAFE’s customers may notice is the increased pace of innovation and responsiveness enabled by new engineers focused on customer problems who might otherwise be dedicated to infrastructure.
For the SAFE Health engineering team, the results of using Control Plane have been immediate and dramatic. Not only has SAFE been able to continue its meteoric growth without hiring an army of DevOps engineers and SREs, but they have also been able to decrease their cloud costs by 75%.
Where these savings come from is both simple and complicated. On the one hand, the cost of compute on Control Plane is less for SAFE because the company uses Control Plane’s proprietary Capacity AI technology to scale workloads to zero when not in use or near-zero for workloads they cannot afford to cold-start. On the other hand, much of the company’s AWS cost was incurred not by compute (which could be scaled to some degree) but by VPNs, gateways, load balancers, and other services which they could neither scale nor turn off when not in use. Many of these services are available as part of the Control Plane platform for no additional cost.
One of the primary benefits of the move to Control Plane, is that an environment (a Global Virtual Cloud, or GVC) can be provisioned with any number of regions without increasing the complexity of the environment. This flexibility to add and subtract regions helps SAFE not only by ensuring consistently low latency across customer locations, but also by giving SAFE control over jurisdiction (where compute takes place and where data is stored) - an important regulatory issue in the healthcare industry.
Control Plane also accommodates SAFE’s zero-trust policy by enabling developer and workload permissions to be managed granularly. As an example, SAFE uses Synadia NGS (managed NATS.io) as its “nervous system” and would ordinarily have to embed credentials in each workload that communicates with the NGS service. However, using Control Plane’s Universal Cloud Identity, SAFE can associate one or more identities in Control Plane to their NGS account which enables workloads to communicate natively. This not only reduces the burden on SAFE developers but also enables top-down administrative control over the permissions of each developer and each workload.
SAFE Health has utilized Control Plane to enable its expansion to a multi-region infrastructure, which has translated to faster innovation and direct customer value.