Customer Success Story CAK
16-07-2024Business challenges
The Netherlands offers excellent social services and healthcare for all its residents. The Central Administration Office (shortened in Dutch to CAK), is an organization operating under the Ministry of Health and Well-being. It is responsible for collecting mandatory financial contributions from all Dutch citizens. They collaborate closely with the Dutch Tax Administration. To handle their financial and administrative tasks, the CAK relies on Oracle Health Insurance (OHI) as their primary application.
Why CAK chose Oracle
CAK faced a choice due to the age of its on-premise hardware: an investment in new on-premise hardware, or a transition to a cloud platform. A choice that in the CAK's case was about technical perspective and the need for improvements in various areas for the OHI landscape. At the same time as making a decision for a renewed platform, an alternative solution for the CAK's on-premise VMware landscape was also considered. The scalability, performance and cost-effectiveness of Oracle Cloud VMware Solution (OCVS) proved to be the best technical solution. But also the governing body's long relationship with Oracle reinforced the decision to switch to a new landscape.
Result
The CAK has decided to move the OHI landscape based on the above reasons to the Oracle Cloud Infrastructure (PaaS/IaaS) platform and simultaneously upgrade the OHI application to the most recent supported release. With all the security demands set by the Dutch government, as the CAK is part of the Dutch government, MCX and Oracle joined forces to help the CAK to move their OHI applications to the Oracle Cloud Infrastructure.
Building the Oracle Cloud tenant from scratch gave the opportunity to implement the best practice Terraform-based landing zone that is certified by the Center of Internet Security (CIS). Using a hub-spoke implementation in VCNs and putting the correct security lists in place we made sure that segmentation was in place. For the migration of the application and stable connection a FastConnect was implemented from the CAK datacenter to the Oracle Cloud in the Amsterdam region. For the activities of MCX there is a site-to-site VPN configured for management purposes. Both connections are connected to the Dynamic Routing Gateway in the Oracle Cloud tenant.
As the OHI application is a core application within the CAK there was a decision made to use Exadata Database Machine X3 to host the OHI databases. On the Exadata platform we configured four virtual machine clusters. One cluster for the segmented parts of the infrastructure (Development, Test, Acceptance and Production).
Within every cluster there is a Container database with several pluggable databases to serve multiple environments within a segment. All the webservers, running the OHI application based on WebLogic and Forms, are installed on a compute instance running Oracle Linux with separate attached block volumes.
Within all the segmented parts of the infrastructure, a load balancer is present to handle the request and the SSL termination. Those load balancers are configured with multiple back-end sets to make sure the application can be accessed on multiple ports. Application-users are not able to reach the webserver directly from their client.
Within the Oracle Cloud Infrastructure, all the storage and databases are encrypted using Customer-Managed Keys via the hardware security module (HSM) provided by OCI Dedicated Key Management Service (KSM). All the segmented database clusters have their own master key as well as the different storage types used for the webservers.
As a backup solution for the database clusters, Object Storage is used to store the backups. The bucket where the backups are stored is immutable with a retention period of 29 days, which is in line with the 30-day retention policy. This backup solution is also utilized for cloning tasks in the development, test, and acceptance environments. The application backup is stored on the File System Service in Oracle Cloud and uses snapshots to restore specific files from particular points in time. This allows for the restoration of specific custom forms when needed.
The project was a success
With the completion of the migration to OCI and the upgrade of OHI, important steps have been taken in terms of stability and perspective. Since life cycle management is part of OCI's DNA, management has become easier for all parties involved. in conclusion it was a very successful project!