Keeping healthcare legacy applications safe and secure

Keeping healthcare legacy applications safe and secure


Business critical application won’t run on the latest operating systems

Most healthcare organisations have specialist applications that have been built to perform specific business functions; however, these legacy applications were very often developed more than 15-20 years ago and built to run on operating systems or through browsers that are no longer supported, opening up organisations to a range of potential security, technical and operational challenges.

This was highlighted dramatically, when the WannaCry ransomware cryptoworm utilised a vulnerability in the Microsoft Windows operating system to attack hundreds of thousands of computers around the globe, including those within the National Health Service (NHS).
Organisations running unsupported versions of Windows were particularly at risk, as many, including Windows Server 2003 and Windows XP, hadn’t been patched for a number of years, since support was ended.

That’s exactly the situation that faced our customer, which has been providing health care and not-for-profit health plans since the end of World War 2. It currently provides healthcare services to around 12 million people across multiple states in the US.

The Analytics and Business Intelligence team, which is responsible for reporting profit and loss for the regions outside California, was using the Alliance ADS cost accounting system to aggregate business cost reporting. The vendor, Vizient hadn’t updated Alliance to run on the latest versions of Windows Server, so there was an imminent danger of the tool no longer working with the organisation’s computing environment, as well as exposing it to a range of possible security threats.

Despite emergency security patches issued by Microsoft for a number of its legacy operating systems, WannaCry highlighted a major risk faced by organisations running business critical applications on unsupported systems. It also showed that, without further support from either Microsoft or Vizient, it would be too costly, both from a financial and reputational point of view, for our customer to run the Alliance application.


‘Containerize’ the Alliance application

Having looked at a range of options, the organisation found a solution that allowed its Analytics and Business Intelligence team to continue using the Alliance application, without impacting the business, whilst reducing costs and the security risks – the innovative ‘Compatibility Container’ system from Cloudhouse.

Cloudhouse’s Containers resolve the problems around running 32-bit Windows XP and 7, Windows Server 2003 and 2008, and Internet Explorer-based applications on modern, secure and supported operating systems and platforms – in this case, Microsoft Windows Server 2012 R2.

The Containers make this possible with the unique redirection, isolation and compatibility engine included in the Container – unlike traditional application virtualization or layering solutions, which are focused on solving packaging and delivery.

The ‘Auto Packager’ creates the Containers for applications using install capture and run-time analysis, and redirections can then be set up. Redirections are applied to the application’s file and registry to enable them to run on the latest versions of operating systems.

For our customer, this meant ‘containerizing’ the Alliance application, which tricked it into thinking it was still running on Windows Server 2003. The server virtualization approach, provided by an outside vendor, then allowed the team to run Alliance on Windows Server 2012.


Continue running legacy applications safely and cost effectively

Working with Cloudhouse has allowed the Alliance application to run unchanged on the latest Windows platform, as well as on future update releases. The application can also take advantage of all of the latest features, support and security that Microsoft Windows Server 2012 has to offer.

This means that the customer no longer has to pay for costly extended support, but also that the organisation is no longer exposed to the potential security risks posed by the unsupported application and operating system.

In addition, working with Cloudhouse has created a more predictable, more reliable, and easier to recover environment. At the same time, it has also helped the organisation to fast-track two IT strategic priorities — modernizing the IT infrastructure and accelerating development.

The programme manager in the Analytics and Business Intelligence team explains: “If we hadn’t figured out how to make the Alliance cost accounting system run on Windows Server 2012, we would have been in a bad situation, as our team was dependent on it, but we were very exposed from a security perspective. Many other application teams within the organisation are now looking at this approach to free themselves from being captive to costly and obsolete platforms like Windows 2003.”



  • Reduce risk and cost

Running unsupported platforms exposes organizations to significant security and compliance risks, not to mention higher operational costs. Because operating systems like Microsoft Windows Server 2003 and Windows XP are no longer actively patched or supported, they are especially vulnerable to malware, ransomware, and other security risks.

With Cloudhouse, the IT team can retire older platforms and consolidate all applications onto Windows 10 or Windows 2016 for VDI. Applications that require Internet Explorer – even as far back as version 6 – can also be packaged securely and deployed on the latest platform.

Using a Container approach also helps eliminate costly Customer Support Agreements and further reduces operating costs by consolidating server infrastructure.

  • Assured application compatibility

With Cloudhouse’s unique application and runtime isolation, applications with conflicting requirements or outdated run times can run safely on the latest platforms without conflict. Legacy applications work as though they are installed natively, so users don’t have to change how they work.

The Container overcomes frequently encountered incompatibilities between locally installed browser releases, application libraries and operating systems so that the user can just “click and run” irrespective of desktop configuration. Unlike other application virtualization technologies, the open nature of Cloudhouse Containers means that complex integrations between the legacy application and other systems are completely preserved.

  • Rapid application deployment and ease of management

Deploying applications onto new operating systems almost always requires repackaging and retesting the application, which can take teams hours or days. However, Cloudhouse’s Containers only need to be ‘containerized’ once. Their redirection and isolation engine ensures that applications can then be deployed to the latest, supported Windows operating systems, no matter whether they’re running on-premise or in the cloud.

Containers are managed and deployed through the company’s existing management tools and processes, so they don’t have to invest in training, or infrastructure changes.

Additional Resources

Saving Critical Applications From End-Of-Life
Saving Critical Applications From End-Of-Life

Read a blog from Cloudhouse CEO Mat Clothier describing the opportunities and challenges for businesses becoming cloud optimised. Businesses with critical applications, he says, are entrenched in legacy operating systems and will be scratching their heads wondering how they migrate those applications into the cloud.