In order to be able to deploy your applications to environments on MedStack Control, you'll need to ensure your applications:
- Have been containerized and capable of running in a Docker environment.
- Have container images stored in a private registry.
- Are built upon a Linux-based framework.
Not containerized yet?
To get started with containerization and running on Docker, we recommend reviewing Docker's quickstart guide.
Designing modular applications that hinge at the application layer make for the easiest migration to MedStack Control. We recommend you:
Build your applications using Docker Compose.
The MedStack Control interface is a translation of the way Docker Compose builds applications with inputs for services, configs, secrets, and volumes.
Design your applications to run in a way that is independent of orchestration technologies.
MedStack Control leverages Docker's orchestration layer, Docker Swarm, to run your containerized applications at scale. This layer is configured for privacy compliance by design. As such, Docker environment settings are not accessible. As a developer, you'll be able to SSH into containers, communicate over the Docker network, and perform actions within the capabilities of the containers.
It's important to understand the chain of responsibility when running your applications on MedStack Control. MedStack's products and services fit between the cloud provider's services and your application stack. In MedStack Control, the many systems and services that power your application in the cloud are provisioned and maintained with compliance by design. We achieve this by implementing security protocols and reliability measures that ensure the integrity, confidentiality, and availability of your applications and the data they handle.
The application layer covers the responsibilities for the whole application stack and design of custom services and dependencies that run within Docker environments provisioned via MedStack Control. Some of these responsibilities include:
- Application development
- Selecting and maintaining code repositories and container image registries
- Managing a CI/CD process
- Scheduling deployments and planning service periods with application users
- Troubleshooting Docker services
- Monitoring resources utilization
The MedStack layer covers the responsibilities for the compliance of systems and services. Some of these responsibilities include:
- Managing a security information and event management system (SIEM)
- Managing an activity log for security information and system events
- Managing the monitoring system of cloud resources and managed services
- Establishing a backup and restore system for Docker and for databases
- Change management of cloud resources and Docker services
- Enforcing platform access by two-factor authentication (2FA)
- Implementing role-based access control (RBAC)
- Automatic renewal of SSL certificates
- Managing the configuration and orchestration of Docker
- Enforcing encryption in transit both inside and outside the cloud environment
- Enforcing encryption at rest inside the cloud environment
- Managing an intrusion detection system (IDS)
- Segregating, provisioning, and maintaining single tenant environments
- Enforcing firewall rules on cloud environments
The cloud provider layer covers the responsibilities for infrastructure and physical safeguards of data. Some of the cloud provider responsibilities include:
- Secure disposal of physical resources including hard drives, solid state drives, memory, and CPUs among others
- Security protocols around access to physical machines
- IP spoofing and DDOS mitigation on virtual networks
Updated about 1 year ago
Learn about our system design or setup your team to get started in MedStack Control.