DISTRIBUTED DATA COLLECTION FOR REINSURANCE (RI) AND RISK ADJUSTMENT (RA): PROVISIONING. August 27, 2015 HTTPS://WWW.REGTAP.INFO/

Similar documents
Tutorial: Using HortonWorks Sandbox 2.3 on Amazon Web Services

VX 9000E WiNG Express Manager INSTALLATION GUIDE

Virtual Appliance Installation Guide

WHITE PAPER SETTING UP AND USING ESTATE MASTER ON THE CLOUD INTRODUCTION

Introduction to FileWave

AWS Quick Start Guide. Launch a Linux Virtual Machine Version

Zend Server Amazon AMI Quick Start Guide

Copyright 2015 SolarWinds Worldwide, LLC. All rights reserved worldwide. No part of this document may be reproduced by any means nor modified,

Pearl Echo Installation Checklist

Table of Contents. FleetSoft Installation Guide

Chapter 9 PUBLIC CLOUD LABORATORY. Sucha Smanchat, PhD. Faculty of Information Technology. King Mongkut s University of Technology North Bangkok

Backup & Disaster Recovery Appliance User Guide

unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 1.0 January

Getting Started with Amazon EC2 Management in Eclipse

Server Software Installation Guide

Virtual Appliance Setup Guide

BaseManager & BACnet Manager VM Server Configuration Guide

System Administration Training Guide. S100 Installation and Site Management

IaaS Configuration for Cloud Platforms

How to install/upgrade the LANDesk virtual Cloud service appliance (CSA)

ArcGIS 10.3 Server on Amazon Web Services

Alfresco Enterprise on AWS: Reference Architecture

How AWS Pricing Works

Rally Installation Guide

Overview and Deployment Guide. Sophos UTM on AWS

To begin, visit this URL:

OnCommand Performance Manager 1.1

Creating an ESS instance on the Amazon Cloud

DVS-100 Installation Guide

Uptime Infrastructure Monitor. Installation Guide

AVLOR SERVER CLOUD RECOVERY

Setup Cisco Call Manager on VMware

1. Product Information

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC

USER CONFERENCE 2011 SAN FRANCISCO APRIL Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB

F-Secure Internet Gatekeeper Virtual Appliance

REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Online Backup Client User Manual Linux

How AWS Pricing Works May 2015

Tibbr Installation Addendum for Amazon Web Services

PHD Virtual Backup for Hyper-V

ICONICS Using the Azure Cloud Connector

DVS-100 Installation Guide

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.0

Sophos Mobile Control Installation guide. Product version: 3

Web Application Firewall

SMART Vantage. Installation guide

Heroix Longitude Quick Start Guide V7.1

Virtual Data Centre. User Guide

Preparing a SQL Server for EmpowerID installation

Installing and Configuring vcloud Connector

TELNET CLIENT 5.11 SSH SUPPORT

Storage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V

IaaS Configuration for Cloud Platforms

Every Silver Lining Has a Vault in the Cloud

RecoveryVault Express Client User Manual

vcloud Director User's Guide

Avalanche Site Edition

Drobo How-To Guide. Cloud Storage Using Amazon Storage Gateway with Drobo iscsi SAN

Mediasite EX server deployment guide

Pcounter Mobile Guide

Cloud Computing. Adam Barker

Online Backup Linux Client User Manual

HOMEROOM SERVER INSTALLATION & NETWORK CONFIGURATION GUIDE

Secure Web Browsing in Public using Amazon

Online Backup Client User Manual

HP Client Automation Standard Fast Track guide

MySQL and Virtualization Guide

Getting Started Guide: Deploying Puppet Enterprise in Microsoft Azure

VCCC Appliance VMware Server Installation Guide


Cloud Director User's Guide

REDCENTRIC INFRASTRUCTURE AS A SERVICE SERVICE DEFINITION

Online Backup Client User Manual Mac OS

Online Backup Client User Manual Mac OS

Receptionist-Small Business Administrator guide

Cloud Models and Platforms

CONNECTING TO DEPARTMENT OF COMPUTER SCIENCE SERVERS BOTH FROM ON AND OFF CAMPUS USING TUNNELING, PuTTY, AND VNC Client Utilities

NETWRIX EVENT LOG MANAGER

Alfresco Enterprise on Azure: Reference Architecture. September 2014

Tivoli Endpoint Manager for Remote Control Version 8 Release 2. User s Guide

Install and configure SSH server

Common Services Platform Collector (CSPC) Self-Service - Getting Started Guide. November 2015

Content Filtering Client Policy & Reporting Administrator s Guide

enicq 5 System Administrator s Guide

DocuShare Installation Guide

How To Deploy Sangoma Sbc Vm At Amazon Cloud Service (Awes) On A Vpc (Virtual Private Cloud) On An Ec2 Instance (Virtual Cloud)

NovaBACKUP xsp Version 15.0 Upgrade Guide

Deployment Guide: Transparent Mode

RDS Migration Tool Customer FAQ Updated 7/23/2015

Cloud Computing. Chapter 1 Introducing Cloud Computing

Build Your Own Performance Test Lab in the Cloud. Leslie Segal Testware Associate, Inc.

KeyControl Installation on Amazon Web Services


Sharp Remote Device Manager (SRDM) Server Software Setup Guide

Using. Microsoft Virtual PC. Page 1

Transcription:

DISTRIBUTED DATA COLLECTION FOR REINSURANCE (RI) AND RISK ADJUSTMENT (RA): PROVISIONING August 27, 2015

Session Guidelines This is a 90-minute webinar session. For questions regarding the Distributed Data Collection (DDC) program, please contact your Financial Management (FM) Service Representative directly and copy the Centers for Medicare & Medicaid Services (CMS) Help Desk (CMS_FEPS@cms.hhs.gov). For questions regarding logistics and registration, contact the Registrar at: (800) 257-9520. 2

Intended Audience Issuers [(Amazon Web Services (AWS) & On-Premise)] Third Party Administrators (TPAs) and Support Vendors 3

Purpose This DDC session will: Provide issuers with cost benefits of AWS servers and On-Premise servers Provide issuers and TPAs guidance on On-Premise EDGE server set-up Focus on the key technical steps required for On- Premise EDGE server set-up 4

AWS Infrastructure Overview 5

Amazon EDGE Server Below is an overview of key features of the Amazon EDGE server: Considerations Server Set-up Hardware Requirements Software Requirements Security Infrastructure Scalability Amazon EDGE Automated None Operating System included in Amazon server purchase Shared Responsibility between Amazon and issuers Leverages Amazon s existing infrastructure Additional capacity available 6

Amazon EDGE Server Infrastructure Amazon Simple Storage Service (S3) provides a highly durable and available store for a variety of content, ranging from web applications to media files. Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. Amazon Identity and Access Management (IAM) enables secure control access to AWS services and resources for users. The Amazon EDGE server will be loaded with Linux, Java, MySQL, and the EDGE server application, as part of the CMS provisioning process. 7

CMS & Amazon EDGE Server CMS provides a script to deploy the infrastructure into the issuer s AWS space. CMS will host a shared location from where EDGE will download the initial software and updates. The AWS EDGE Server Infrastructure will be available in the REGTAP Library at https://www.regtap.info/ The AWS EDGE Server Infrastructure will be available in the REGTAP Library at https://www.regtap.info/ 8

Amazon EDGE Server Infrastructure The Amazon EDGE server will be provisioned in the AWS Cloud Environment in one (1) of the United States (U.S.) East & West Regions. AWS offers an agile and cost-effective way to process your data for RA and RI. Issuers will incur costs during uptime - whenever the server is up and running, and when data is transferred in and out of the storage. To meet Health Insurance Portability and Accountability Act (HIPAA) requirements and as required by the Amazon Business Associate Agreement (BAA), a dedicated environment will be provided with security and privacy safeguards. Amazon has confirmed that all data remains within the U.S. Access is controlled by the host (TPA/Issuer) and permissions are managed by the host. The host can restrict access to the server as required. 9

Amazon EDGE Server Requirements Hardware/Internet Requirements: Issuers will be able to use existing workstations to access AWS. Issuers must have reliable internet connectivity to access AWS. There are no specific IP address requirements for the Amazon EDGE server. Software Requirements: The following software is required for the Amazon EDGE server EDGE server software - includes Red Hat Linux, MySQL, and Java. PuTTY - an open source Secure Shell (SSH) and telnet client. Third party certificates will need to be purchased. All browsers may be utilized to access the Amazon web console. 10

Amazon EDGE Server Administration An Amazon account will accommodate up to 25 EDGE server instances, which means multiple issuers can be supported in a single account. Issuers are responsible for firewall, Network Address Translation (NAT), and all other network configurations to support the Amazon EDGE server. IP Tables will be initially configured to allow traffic on port 22. Configuration of the initial AWS Virtual Private Cloud (VPC), the network layer, will be provided during provisioning. Issuers may add additional firewall rules, NATs or network configuration. 11

Amazon EDGE Server Administration (Continued) For the Amazon EDGE server solution, Lightweight Directory Access Protocol (LDAP) is being replaced by Identity and Access Management (IAM). Issuers should have resources versed in Linux OS and MySQL who will be responsible for the management of the MySQL database. This will include patching MySQL and resolving issues related to general database maintenance. 12

Amazon EDGE Server Cost Considerations 13

Amazon EDGE Server Cost The monthly cost of the Amazon EDGE server will be unique to each issuer. Base price provides a secured data facility, storage that is 99.999% available, space for server, a firewall to protect the environment and VPC. Additional charges will be incurred for support, storage, and puts/gets (# of files sent in and out of the S3 bucket 1 st million of each free per month), a data transfer charge coming and going out of Amazon cloud (transfers within are free). 14

Server Size Estimation For the Amazon EDGE server, these guidelines were used in developing server size estimates: Size Server Size Estimation Number of Enrollees Claims Processing Throughout per Hour Small 1,000,000 500,000 Medium 5,000,000 1,000,000 Large 20,000,000 2,000,000 15

Amazon EDGE Server Estimates Below is a table for estimating Amazon EDGE server cost, based on the current model. Estimated AWS Server Cost per Month (based on Red Hat Enterprise Linux OS) Server Size AWS Instance (based on 1 Instance) vcpu RAM *Estimated Total Monthly Cost Small C3.xlarge 4 7 $300 to $600 Medium C3.2xlarge 8 15 $600 to $1000 Large C3.4xlarge 16 30 $1000 to $2000 *A $2/hour fee is charged in addition to standard processing fees for each dedicated instance. For more accurate calculations specific to your organization, reference the AWS Simple Monthly calculator at http://calculator.s3.amazonaws.com/index.html 16

Overview of the Amazon EDGE Server Provisioning Process 17

Amazon EDGE Set-up Summary Issuers may perform Step 1 at any time. The EDGE server is protected by a short lived access key. Issuers should not generate access keys until notified by CMS. Issuers may perform Steps 2 and 3 at any time. Job Aids can be found on www.regtap.info with more information on these processes. 18

Create an Amazon Web Services Account The initial step for establishing an Amazon EDGE server is to create an AWS Account. This step may be performed at any time. Issuers will be required to enter credit card information to set up payment. Issuers will not be billed at this point in time and will only be billed if they choose to purchase additional AWS support or functionality. Issuers may contact Amazon to set up alternative payment options. Issuers will select their level of support during initial account setup. Issuers may elect to change their level of support at any time through their Amazon account. 19

AWS EDGE Server Provisioning Overview Once an Amazon EDGE server request has been approved by CMS, the EDGE server is automatically provisioned. The provisioning process is triggered by CMS approving the registration request submitted through the EDGE Registration Site. The request status updates to designate that provisioning has occurred and is successful. Once provisioning is complete, the Issuer Submitter s request status is updated in the EDGE Registration Site and the user is able to log in to AWS and begin processing files. 20

AWS EDGE Server Provisioning Successful When a request is approved by CMS, the Issuer Submitter s request status is updated to a Pending Provisioning status. This indicates the request is ready for provisioning. 21

AWS EDGE Server Provisioning Successful The Request displays with a status of Provisioning in Progress. When provisioning is complete, the status will update to Provisioned. This indicates that the Amazon EDGE server has connected with the Phone Home service for the first time. 22

AWS EDGE Server Provisioning Failed In the event the provisioning script does not complete successfully, the Issuer Submitter s request status will update to Provisioning Failed. The Issuer Submitter will then need to contact their Financial Management (FM) Service Representative. 23

Downloading and Configuring PuTTY 24

Download PuTTY and Save your Private Key Step 1: Download PuTTY from www.putty.org. Step 2: Open and run the puttygen.exe. Step 3: Click Load and then select the Key Pair file. Step 4: Click OK to generate the file in.ppk format. Step 5: Save private key button without a passphrase. (You may save the key with a passphrase if desired). 25

Run and Configure PuTTY Step 1: Go to the AWS console, click Services, click All AWS Services, and then click EC2. Step 2: Click Instances. Step 3: Find and select your EDGE server instance from the list. The correct server instance should have an Instance State set to running, and can be identified by the Issuer Health Insurance Oversight System (HIOS) ID in the Name column on the right. 26

Run and Configure PuTTY Step 4: Locate and copy your server s public IP address. (Will be used later in the process). Step 5: Locate and run the PuTTY.exe file downloaded to your computer. Step 6: After running the PuTTY.exe, the PuTTY configuration window will be displayed. 27

Run and Configure PuTTY Step 7: Select the Connection type SSH and enter ec2- user@<ip address> into the Host Name (or IP address) field. 28

Run and Configure PuTTY Step 8: Click the SSH dropdown from the Category list on the left side of the PuTTY configuration window and select Auth. Step 9: Click Browse on the Authentication Options window. 29

Run and Configure PuTTY Step 10: Locate the PuTTY Private Key (created and saved earlier in the process) and click Open. Step 11: Once the PuTTY Private Key file is located, click Open in the PuTTY configuration window. 30

Connect and Confirm AWS EDGE Server Functionality To log into the server the first time, enter the password: edgeserver (Enter as one (1) word with no spaces). You will be prompted to enter a new password for future logins. Note: The cursor will not move when typing in password characters (passwords only). After entering your new password, the PuTTY session will close automatically. Log back into your server using your new password. Once you log back in, enter edge version and press enter. 31

Turn off your AWS EDGE Server To avoid continuous usage charges, remember to turn off your server instance when not in use. To turn off your server: 1. Click Instances on the left hand side of the screen. 2. Click Actions. 3. Scroll down and click Stop. IMPORTANT: To stop the server, do not select Terminate. Selecting Terminate will shut down the server and you will no longer have access to the server once it is terminated. 32

Turn off your AWS EDGE Server You will receive a notification message asking you to confirm. Click Yes, Stop in the window. 33

Overview of On-Premise EDGE Server 34

On-Premise EDGE Server CMS is offering an On-Premise EDGE server to issuers. Issuers will be able to install and run the EDGE server software in a location that best fits their operational run model. The On-Premise EDGE server can run on physical hardware, on a virtual server farm, or in another cloud provider s space. 35

On-Premise EDGE Server Below is an overview of key features of the On-Premise EDGE server: Considerations Server Set-up Hardware Requirements Software Requirements Security Infrastructure On-Premise EDGE Server Manual Physical or Virtual Server Issuer purchases Operating System license Issuer-Owned Issuer provided based on CMS specifications Scalability Installation Dependent on issuer capability Network Connectivity Issuer opens port 443 and 22 Issuer installs Operating System and initiates a CMS script to install the EDGE server application (includes MySQL and Java) 36

On-Premise EDGE Server Administration and Costs 37

On-Premise EDGE Server Cost Considerations Issuers should consider the following when estimating costs for their On-Premise EDGE server: Hardware: Software: Obtaining physical server / Setting up virtual server NOTE: CMS cannot provide any recommendations on hypervisor and virtual machine configurations (e.g. dedicated CPU, dedicated RAM, etc.) Red Hat Enterprise Linux version 6.5 Staff Resources for: Operations, security, maintenance, support DBA Administration 38

On-Premise EDGE Server Administration On-Premise EDGE Server Administration Issuers may elect to manage their server by using an inhouse team of System Administrators or outsource the management of the server to a centrally located data center, while retaining full access and control of the data. Issuers should have resources versed in Red Hat Enterprise Linux Operating System and MySQL administration, who will be responsible for the management of the MySQL database. Resources will need to perform MySQL patching and resolve issues related to general database maintenance. 39

On-Premise EDGE Server Administration (Continued) Issuers are responsible for firewall, NAT, and all other network configurations to support the On- Premise EDGE server. If IP Tables are configured, the EDGE server application will require, at a minimum: ports 443 and 22. Issuers may add additional firewall rules, NATs or network configurations. 40

Install & Deploy On-Premise EDGE Server Application CMS will review and approve the On-Premise EDGE server request. Once the request has been approved, the issuer will receive a link to download a zip file containing a bootstrap script to run and install the application. Running the script will be a manual process initiated by the issuer. The application will be pulled from a Simple Storage Service (S3) bucket from the CMS/AWS environment. The issuer will be given a property file and will run the script with the property file location as a parameter. 41

On-Premise EDGE Server Infrastructure & Configuration 42

On-Premise EDGE Server Infrastructure Issuers have the option of choosing between a physical or virtual server. Under the current design, issuers are restricted to one (1) server per Issuer ID in HIOS, unless they virtualize their physical box. A virtual cloud provider, other than Amazon, may be used. Issuers have the option of using a hypervisor (e.g. VMWare, Xen, Microsoft) for virtualization. Enrollment, supplemental, medical and pharmacy files will be directly uploaded to the local directory on the EDGE server. 43

On-Premise EDGE Server Ecosystem CMS will host a shared location from which the EDGE server will download the initial software and updates. Documentation for the On-Premise EDGE server Ecosystem will be available in the REGTAP Library at https://www.regtap.info/ 44

On-Premise EDGE Server Configuration The following table provides examples of hardware server configuration specifications based on organization size. Table 1: Server Configuration *Based on INTEL CPUs NULL Small Medium Large Number of Enrollees 1,000,000 5,000,000 20,000,000 *Claims Processing Throughput per hour 500,000 1,000,000 2,000,000 Processor 2 x 4-Core 2 x 8-Core 4 x 8-Core Memory 8 GB 16 GB 64 GB Recommend Storage 1.4 TB RAID 5 (OS and Data) 200 GB RAID 0 or 1 (OS) 6 TB RAID 5 (Data) 200 GB RAID 0 or 1 (OS) 10 TB RAID 5 (Data) 45

Overview of the On-Premise EDGE Server Set-up Process 46

On-Premise EDGE Server Set-up Summary Issuers can perform Steps 1 4 at any time. 47

Step 1: Obtain a Physical Server / Set-up Virtual Server Install and configure an On-Premise EDGE server Issuers choose a physical or virtual server Install and configure Red Hat Enterprise Linux version 6.5 (64 bit) NOTE: Issuers can install and configure other software required by the enterprise (this could include, but is not limited to, antivirus, IDS/IPS, monitoring agents, backup agents, syslog agents etc.) 48

Step 1: Obtain a Physical Server / Set-up Virtual Server (Continued) Configure firewall rules The On-Premise EDGE server will need to be able to communicate via HTTPS (port 443). Verify access to AWS public site via the internet. Issuers can run CMS-provided server hardening scripts or harden the server according to their own organization s standards. NOTE: The EDGE server application has been tested with CMS-provided hardening scripts. 49

Step 2: Register to Request an On- Premise EDGE Server The second step for establishing an On-Premise EDGE server is requesting the server from CMS. Issuers will access the EDGE server registration site by logging into HIOS. Only issuers with valid HIOS accounts can access the EDGE server registration site. Issuers will indicate if the server will be self-hosted or TPA-hosted. An attestation will need to be signed to complete the process. A request will be sent to CMS to obtain a script so that an issuer may provision their On-Premise EDGE server. Issuers will be provided a link and instructions to download and install the EDGE server application. 50

Step 3: Install & Deploy On-Premise EDGE Server Application CMS will review and approve the On-Premise EDGE server request. Once the request has been approved, the issuer will receive a link to download a zip file containing a bootstrap script to run and install the application. Running the script is a manual process initiated by the issuer. The application includes MySQL 5.5 and Java 1.7. The issuer will be given a properties file or a key and will run the script with the key or file location as a parameter. Security certificates may be required. 51

Step 3: Install & Deploy On-Premise EDGE Server Application (Continued) The deployment script will check the CMS/AWS S3 bucket for updates. The CMS S3 bucket is a read-only storage location within the CMS security boundary and includes application updates (application, database, reference tables and OS). Access is restricted to only registered EDGE servers. 52

Step 3: Install & Deploy On-Premise EDGE Server Application (Continued) The application will be downloaded and installed to the On-Premise EDGE server automatically. The bootstrap script will pull the application from the S3 bucket and issuers will run a script that will pull and install the application from the S3 bucket. Issuers can edit the properties file and set a flag to receive updates automatically. By default this will be turned off except for application updates. 53

Step 4: Confirm Installation The last step for issuers to complete is to confirm successful installation of the On-Premise EDGE server. After installation is confirmed, issuers will be able to: Issuers will use PuTTY to log onto their EDGE server to confirm versions. Perform security scans of the On-Premise EDGE server. Set up the administrator rights and user access to the server. 54

Questions? To submit questions by phone: Dial 14 on your phone s keypad Dial 13 to exit the phone queue 55

Resources

Resources Resource Center for Consumer Information and Insurance Oversight (CCIIO) Registration for Technical Assistance Portal (REGTAP) Registration Inquiry Tracking and Management System (ITMS) Resource Library Frequently Asked Questions (FAQs) Link/Contact Information http://cms.gov/cciio/ https://www.regtap.info/ 57

Inquiry Tracking and Management System (ITMS) ITMS is available at https://www.regtap.info. Users can submit questions after the User Group by selecting Submit an Inquiry from My Dashboard. Note: Enter only one (1) question per submission. 58

FAQ Database on REGTAP The FAQ Database allows users to search FAQs by FAQ ID, Keyword/Phrase, Program Area, Primary and Secondary categories, and Publish Date. FAQ Database is available at https://www.regtap.info 59

Closing Remarks

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information