Noah ES Network Diagram
- Scott Peterson
- Anders Damkjaer Nielsen
- Søren Kristensen
Diagram Section | Decription | Related Information |
|---|---|---|
1 | When a Noah ES User uses Noah ES features, they are first identified, authenticated, and authorized by Noah ES via a standard OAuth process within a standard internet browser. Noah ES users can be identified by a Noah ES-provided account, or the Noah ES account can be configured so that all or some users can use Entra ID (Azure AD) or other systems that support OpenID Connect. | Using Microsoft Azure Active Directory for Single Sign-on (SSO) |
2 | Today, an HCP will likely interact most with Noah ES via the Noah ES Client. The Client is a Windows desktop application that has been in use for the last 10 years with the on-premise Noah System 4 product that has been adapted to securely exchange data with Noah ES services. This application is very important as it provides support for most of the hearing instrument fitting and hearing loss diagnostic software created by different HIMSA member companies. These applications are known as “Modules” Modules are installed on each PC/Noah ES client. Each HIMSA Member company distributes these software applications. These applications gain access to the currently selected patient record. These applications are approved by the Hearing Care Business IT or other management staff by agreeing to install the software on the PC. The Noah ES Client also provides features like adding and searching for patients. Most importantly, All of the data stored by the Noah ES compatible applications are attached to a given patient record and easily viewable as a combined patient history. |
|
3 | Noah ES also exposes a REST-based API so that browser-based and other non-Windows applications can exchange data with a Noah ES account. Access to this API is only made available to HIMSA Member Companies. Noah Apps, using this API, do not automatically gain access to a Noah ES account. Each App must first request access and then be granted access by a Noah ES account administrator. This approval process includes approving access to different patient demographics and types of data. This approval is at the complete control of the hearing care business and can be edited or removed at any time. | |
4 | Noah ES account administrators make use of the Noah ES portal to manage users, Apps, and other account settings | |
5 | Data processing is all processed within regional Microsoft Azure data centers. Pair regions are employed for redundancy purposes. All data in transit is encrypted by use of TLS 1.3. Below is a summary of the main components: Microservices ClusteredKubernetees cluster services are used to provide all of the business rules and processing of data while interacting with the the database. The cluster is prepared to scale up resources when needed. Noah ES is set up so that a fallback cluster is ready in the rare event of a major technical issue. MS SQL DatabaseEach NoahES account has its own database. Patient data is not combined with data from another account. All databases are set up so that data at rest is encrypted. Each database is replicated in a secondary data center region and configured in a failover cluster configuration. Data backups are taken every 10 minutes for 30 days as well as weekly backups. Backups are contained within in both the primary and secondary regions. Audit Trail StorageNoah ES tracks all user activity (accessing patients, adding data, adding new users) and stores this information in storage separate from the patient database. |
|
6 | HIMSA employees do have access to Noah ES accounts to manage and attend to support issues. By default, HIMSA employees do not have access to see patient data and all management tools used are employed by APIs to the system. |
|
7 | In the rare event that a HIMSA employee needs to more access (e.g. for a technical issue) then management approval must be provided and detailed logs of the activity are recorded. If access to patient demographic or fitting/measurement is needed the Noah ES account administrator will be consulted for approval prior to the work as well. |
|
8 | Noah ES is constantly monitored for reliability. This monitoring includes the simulation of real user activity using the same software used by Noah ES users. If an important event does take place HIMSA will note it on the Noah ES status page. Noah ES accounts also have the option to subscribe to events for this service. |