Get to know this exceptional case of migration to the cloud with MicroProfile and Jakarta EE in the Brazilian medical industry. It involves several challenges such as the fifth-largest population and largest territory in the world; complexity; and diversity, both geographic and economic. We discuss how MicroProfile projects such as Health Check, JWT Authentication, Metrics, OpenAPI, Rest Client, and Config contributed to the success of the project; what benefits they saw; the challenges they faced; and how they solved them.
2. @GuimaraesSv @CesarHgt @tomitribe
SPEAKERS
Rafael Guimarães
● Software Engineer
● GBR Systems.
● +27 experience in Medical and Judicial
areas in Brazil.
● University faculty professor.
● Focused on distributed software
architectures.
César Hernández
● Senior Software Engineer at Tomitribe
● Oracle Java Champion and
Groundbreaker Ambassador
● Duke’s Choice Award 2016, 2017
● Oracle Certified Professional
● +14 experience with Java EE
● Apache TomEE and Eclipse Committer,
Microprofile Contributor.
● Open Source advocate, writer, teacher
and public speaker
3. @GuimaraesSv @CesarHgt @tomitribe
Agenda
● Brazilian health care system Overview
● Base System
● Boosting Brazilian healthcare systems with Jakarta EE, Eclipse
MicroProfile and Apache TomEE
● Contribution to the COVID-19 Response
● Lessons Learned
5. @GuimaraesSv @CesarHgt @tomitribe
5 major regions
26 states / 5570 cities
1 federal district
Brazilian health care system Overview
211M
People
521kDoctors
152kHealth Service
Providers
6th largest population
(behind China, India, United
States, Indonesia, Pakistan)
source:
http://cnes.datasus.gov.br
http://fiscalizacao.cfm.org.br/
https://population.un.org/wpp/Download/Standard/Population/
5th largest country
(behind Russia, Canada,
China, United States)
6. @GuimaraesSv @CesarHgt @tomitribe
Brazilian health care system Overview
15,8
Million people
North
16
Million people
Midwest
Million people
53
Northeast
80,3
27,3
Southeast
Million people
Million people
South
source:
http://cnes.datasus.gov.br
http://fiscalizacao.cfm.org.br/
https://population.un.org/wpp/Download/Standard/Population/
8. @GuimaraesSv @CesarHgt @tomitribe
Brazilian health care system Overview
Public health
103billions/year
reaching
75%of the population
Supplementary health
90,5billions/year
reaching
25%of the population
9. @GuimaraesSv @CesarHgt @tomitribe
Medical Practice!
Brazilian health care system - Actors
Medicine
Council
Government Health Departments
Control
Regulation
Policies
Sanitary Surveillance
Licences
Records
Professional Discipline
Ethical Judgment
Licence to work
Keep Records
Inspections
Complains
Guiding
Integrations
Information Sharing
Medicine
Schools
&
Residency
Programs
Learning, Training, Specializing
Counselors
&
Inspectors
Health Service
Providers
Doctors
Patients
10. @GuimaraesSv @CesarHgt @tomitribe
Brazilian health care system - Challenges
● Large and Complex
○ Inequalities
○ Difficult governance
○ 30 different Medical Specialties, 20 types of Health Service Providers
○ High frequency of Policy and Rule changes
● Difficult medicine practice
○ Poor infrastructure - high risk
○ Proliferation of medical schools - bad quality professionals
● Incomplete institutional information exchange
○ Diversity of technologies, legacy systems and standards
11. @GuimaraesSv @CesarHgt @tomitribe
Brazilian health care system - Challenges
● How to make good quality inspection reports, with agility, especially
considering the high amount of laws, recommendations, policies and
standards? And to create good statistics of those reports ?
● How to access legacy system data of other government departments without
bureaucracy, to check licences, records and information integrity ? Is the data
safe, monitored, fast, reliable ?
● What could be done to facilitate interaction between the doctors and the
council?
12. @GuimaraesSv @CesarHgt @tomitribe
Brazilian health care system - Challenges
● Which service providers or doctors are working irregularly?
● What about medical advertising, are doctors respecting each other? Are their
advertisements deceiving patients to patients ? (Or even lying !?!)
● What if a patient goes to a clinic doing an endoscopic procedure, which
needs sedation, and he has a bad reaction to the anesthetic, and ends up
dying?
○ Did the life support equipment work properly ? Did the doctor do the
procedure correctly?
○ What is the real cause? Should the council revoke the doctor's work
license?
○
14. @GuimaraesSv @CesarHgt @tomitribe
About GBR
● Founded in 2008
● Consulting, Software Engineering & Architecture, Training
● Applications:
○ support Inspectors and Counselors in their principal job -
Professional Discipline, Guiding, Inspections
○ online services that control the Doctors and Service Providers
in their “life cycle” within Councils
○ to do quality auditing and certification of medical schools
15. @GuimaraesSv @CesarHgt @tomitribe
Base system
Federal Council - National Inspections Platform
● support Inspectors and Counselors in their principal job -
Professional Discipline, Guiding, Inspections
● Modules:
○ Inspections Control and Scheduling
○ Inspection execution - checklists, images,
notifications, dynamic forms.
○ Reports, Statistics
16. @GuimaraesSv @CesarHgt @tomitribe
Base system
Regional Council - Online Services
● Support Doctors and Health Service Providers (as
Technical Director) in their “life cycle” within Council - from
start of Medicine Practice to retirement.
● More than 40 types of services:
○ First Registration, Transfers States, Secondary
Licence, Fee payment, Certificates, Profile
update, Renew Licence, etc.
○ Tools for back office employees
17. @GuimaraesSv @CesarHgt @tomitribe
Base system
Federal Council - Accreditation Platform SAEME
● Support Counselors and the Education Medical
Association to do quality auditing and certification
of medical schools
● Covers whole process of auditing and evaluation
● Recognized by World Federation for Medical
Education
18. @GuimaraesSv @CesarHgt @tomitribe
Base system
Server
● JAVA EE 6
● Jboss7
● Tomcat 6, 7
Client
● Adobe Flex
● Adobe Air
● Angular JS 1
Data Integration
● Kettle
ON-PREMISSE!
19. @GuimaraesSv @CesarHgt @tomitribe
About GBR coverage
Federal Medical
Council Nationwide
Regional
Medical Councils
National Inspection
Platform
CFM
Accreditation of
Medical Schools -
SAEME
South
Regional Santa Catarina
CRMSC
South
Regional Rio Grande do Sul
CREMERS
27. @GuimaraesSv @CesarHgt @tomitribe
Eclipse MicroProfile
● An open-source community specification
● Focus on Enterprise Java microservices
● Generates: SPEC, API, and TCK.
● https://microprofile.io
● Implemented by different vendors.
28. @GuimaraesSv @CesarHgt @tomitribe
Eclipse MicroProfile
MicroProfile 3.3
JAX-RS 2.1JSON-P 1.1CDI 2.0
Config
Fault
Tolerance
JWT
Propagation
HealthMetrics
Open
Tracing
Open API Rest Client
JSON-B 1.0
31. @GuimaraesSv @CesarHgt @tomitribe
Apache TomEE
TomEE JAX-RS Microprofile
Java Server Pages
(JSP)
Java Server Faces
(JSF)
Java Transaction
API (JTA)
Bean Validation
Enterprise
JavaBeansJavaMail API
Java API for
RESTful Web
Services (JAX-RS)
Java Persistence
API (JPA)
Contexts and
Dependency
Injection (CDI)
Java Servlets
Java
Authentication and
Authorization
Service (JAAS)
Java Authorization
Contract for
Containers (JACC)
http://tomee.apache.org/comparison.html
33. @GuimaraesSv @CesarHgt @tomitribe
Migration scenarios
• The javax.* namespace
egrep -lRZ 'javax' . | xargs -0 -l sed -i -e 's/javax/jakarta/g'
branch / Jakarta 8 & MicroProfile 3
Service #
master / Jakarta 9.x & MicroProfile 4?
34. @GuimaraesSv @CesarHgt @tomitribe
Migration scenarios
• Bytecode level
• No branches. No forks. No merge-conflict hell. Just two separate binaries
from the same source;
masterService #
Jakarta 9.x & MicroProfile 4?
Jakarta 8 & MicroProfile 3
35. @GuimaraesSv @CesarHgt @tomitribe
Jakarta EE 9 Server Up and Running
Get the Binary :)
1. Download apache-tomee-9.0.0-M3-microprofile.zip from
https://tomee.apache.org
2. unzip apache-tomee-9.0.0-M3-microprofile.zip
3. chmod +x apache-tomee-microprofile-9.0.0-M3/bin/catalina.sh
4. ./apache-tomee-microprofile-9.0.0-M3/bin/catalina.sh run
36. @GuimaraesSv @CesarHgt @tomitribe
Build and run
1. wget https://github.com/apache/tomee/archive/tomee-project-8.0.4.zip
2. unzip tomee-project-8.0.4.zip
3. cd tomee-tomee-project-8.0.4/examples/mp-custom-healthcheck
4. idea . #Or your favorite IDE
5. mvn verify
6. Inspec mp-custom-healthcheck-jakartaee9-8.0.4.war
7. target/mp-custom-healthcheck-jakartaee9-8.0.4.war
<TomEE9M3_HOME>/webapps
Jakarta and MicroProfile Project
37. @GuimaraesSv @CesarHgt @tomitribe
Jakarta EE 9 Up and Running
Test the application
curl -X POST http://localhost:8080/moviefun-rest-jakartaee9-8.0.4/rest/load
curl -s http://localhost:8080/moviefun-rest-jakartaee9-8.0.4/rest/movies/ | jq
open https://tomee.apache.org/tomee-9.0/examples/moviefun-rest.html
39. @GuimaraesSv @CesarHgt @tomitribe
Telemedicine Support - Doctor's Prescriptions System
● 5 days development
○ REST API
● Some integrations
○ Doctor's space login, Federal Companies Database, Pharmacies Database, Google
Authenticator (two factor auth)
● Sensitive data protection
○ Attribute Converter
Medical Practice!
Digital Prescription Digital Prescription
Doctor Patient Pharmacy
Receive / Validate
Emit
42. @GuimaraesSv @CesarHgt @tomitribe
Telemedicine Support - Doctor's Prescriptions System
● Almost 580K prescriptions in south of Brazil installations-- since Mar/ 2020.
Santa Catarina State Rio Grande do Sul State
47. @GuimaraesSv @CesarHgt @tomitribe
Before
● Manual process and lack of coverage
● Disperse monitoring
● Hard to trace
● “It’s slow”, “a glitch”, “restarts”
● Reactive most of the time
Health Check + Metrics
48. @GuimaraesSv @CesarHgt @tomitribe
After
● JSON base alerts are now centralized and provide unified notifications
● Custom rules base on standard status
● Proactiveness since the last 3 months
● Improves user satisfaction
Health Check + Metrics
51. @GuimaraesSv @CesarHgt @tomitribe
JWT Authentication
Before:
● Basic HTTP Auth with session management
● Challenges for microservices
○ New stateless security requirement
○ Authentication and Authorization between microservices
○ Overhead and single point of failure
52. @GuimaraesSv @CesarHgt @tomitribe
JWT Authentication
After:
● OAuth 2.0 JWT
○ Stateless security
○ Authentication and Authorization between microservices
○ State was kept on the server and pointer on the client side
56. @GuimaraesSv @CesarHgt @tomitribe
Rest Client
Before
● JAX-RS Client
● No type-safe
● Service needed to be understood
● Request needed to be built by hand every time
● Not the best reusability of the code
57. @GuimaraesSv @CesarHgt @tomitribe
Rest Client
After
● Type-safe approach
● Usage of interfaces to call the services
● Header propagation and handling made easy
● Smooth JWT propagation
58. @GuimaraesSv @CesarHgt @tomitribe
@Dependent
@RegisterRestClient
public interface SerproSearchClient {
@POST
@Consumes(MediaType.APPLICATION_JSON)
public Response getToken(String body);
@GET
public Response searchCompany(@HeaderParam("Authorization") String key,
@HeaderParam("Accept") String accept);
}
Microprofile RestClient
59. @GuimaraesSv @CesarHgt @tomitribe
Microprofile RestClientimport org.eclipse.microprofile.rest.client.inject.RegisterRestClient;
import javax.enterprise.context.Dependent;
import javax.ws.rs.*;
import javax.ws.rs.core.MediaType;
import java.util.List;
@RegisterRestClient
@Path("api/doctors")
public interface DoctorResourceClient {
@GET
@Path("{id}")
@Produces(MediaType.APPLICATION_JSON)
Doctor find(@PathParam("id") Long id);
@GET
List<Doctor> getDoctors();
@POST
@Consumes("application/json")
Doctor addDoctor(Doctor doctor);
60. @GuimaraesSv @CesarHgt @tomitribe
Microprofile RestClientimport org.superbiz.moviefun.mpclient.DoctorResourceClient;
@Inject
@RestClient
private DoctorResourceClient doctorResourceClient;
public void printAllDoctors(){
List<Doctor> doctors = doctorResourceClient.getDoctors();
for (Doctor doctor : doctor) {
LOGGER.info(doctor.toString());
}
}
public void addNewDoctor() {
Doctor newDoctor = new Doctor ("7","Doctor 007.");
doctorResourceClient.addDoctor(newDoctor);
}
61. @GuimaraesSv @CesarHgt @tomitribe
Before
● Legacy system was not well document
● Documentation not fully aligned with master code
○ Duplication of code
○ Design first approach not trustable
OpenAPI