Blog: Applications
Cloud-based LIMS - Questions you Need to Ask Prospective Providers
11th May 2023
There is such a variety of information available about cloud-based LIMS (Laboratory Information Management System) solutions that it is time we tried to fill in the gaps and move away from the marketing hype. The trouble is that the devil is so often in the detail and, as Erasmus said back around 1500, “In the land of the blind the one-eyed man is king”. We hope this article will clarify some possible misconceptions, open a few eyes, and arm you with the questions you and your IT team should be asking about cloud-based LIMS.
On the face of it moving your LIMS from a local computer, based near your laboratory, to the cloud seems straight forward. An easy solution to reduce your infrastructure costs and offload your IT management overheads. And it can be. However, for it to be a positive experience you need to go into it armed with the right information.
There are positives to moving to the cloud. You can rent the computer resources and expand these virtual machines as you need. Need more memory or processing power? No problem. Need more regular backups or to retain the backups longer? Not an issue. Nearly everything in this virtual world can be expanded, mirrored, duplicated or load balanced to suit your needs. Having the LIMS vendor manage the system for you can also be a positive, they will arrange the architecture and the hardware to suit your needs. However, all this will come with restrictions and rules.
If the LIMS is hosted in a multi-tenant environment maintenance and any updates will likely be done automatically. Often called SaaS (Software as a Service), this model can work if all tenants use the same LIMS software and are happy to have new features and error fixes provided when the supplier says they will be provided. This may be fine for some, but if your LIMS needs to be validated, or you do not want to upgrade, this can be a problem. Multi-tenant environments can also be a security concern, especially where external instruments or systems need to be integrated. IT teams are, rightly, wary of opening network connections into multi-tenant systems, seeing them as a potential security risk that could affect all tenants through, for example, ransomware attacks. If you already have a computer running a critical instrument system in the lab, but your IT department does not allow it onto the company network, it is for a similar reason. Because laboratories work in a complex informatics environment multi-tenant environments don’t always work.
An alternative is that corporate policy pushes for all applications to run within a corporate cloud. Some organizations do this to reap the benefits of the cloud while still maintaining absolute control of the virtual hardware, as well as deciding when applications and operating systems can be updated, and exactly what can be connected and how. Corporate cloud solutions can work well where you have a strong IT team wanting to reap the rewards of scaling up, and who have the experience to do it.
There is also a middle way, often referred to as a hosted LIMS solution. Each customer has their own virtual environment consisting of a LIMS application server and a DB server. Each is isolated from all other users, therefore all operating system and security patch updates can be scheduled to suit the customer. Each customer’s configuration can be optimized to suit their specific requirements, and the LIMS software can be updated whenever they need to take advantage of new features or error fixes. Security concerns about connecting external instruments and systems through the firewall are reduced as each virtual environment only serves one customer, reducing concerns about taking out other systems in the event of a software virus or ransomware attack. The hosted LIMS solution can be thought of as a mini data center, with virtual hardware and application software personalized to the customer’s exact needs.
In practice the hosted LIMS solution approach is gaining momentum over SaaS or Corporate Cloud approaches. Vendors like Autoscribe provide cloud hosting services so that it can tailor each LIMS to meet customer’s unique configuration and interfacing needs. Each system hosted by Autoscribe exists within its own virtual environment. A dedicated instance per customer system provides several key advantages:
- Each customer’s system is independent. It may be fully tailored to meet their unique functional requirements.
- System maintenance periods may be timed for mutual convenience. No customer is forced to upgrade just because other customers are doing so.
- Your LIMS data is kept securely in its own database, within your virtual environment and within a highly secure data center, ensuring the highest level of security.
- Customers can fully test and validate configuration changes, upgrades, or enhancements prior to deploying them on their live system.
- There is no potential for cross-organizational data access as databases and database servers are not shared.
Questions To Ask
What questions should you be asking about your hosted LIMS solution? Here are some useful starter questions for potential providers.
- Do they use secure fault-tolerant data centers? Invariably the answer will be yes. Most will provide the service from a secure, fault tolerant data center. However, what do we mean by that? Data centers are tiered 1 to 4. Tiers 3 & 4 are the most fault tolerant with dual power supplies, air-conditioning and networks running to the building, as well as to each cabinet. Tier 4 is the gold standard with around 99.995% up-time (equivalent to around 26.3minutes a year downtime), while Tier 3 is slightly less robust with 99.982% up-time, still an excellent standard for most businesses.
- To what standard is the service managed? Normally they will be working to Service Organization Control (SOC) 2 Type 2. SOC is a way of ensuring that an organization is following defined best practices, and that operational procedures concerning the controls and processes are in place around the service. Adherence is confirmed through an auditing process. Security and access controls are a key aspect of SOC 2. SOC 2 Type 1 reports provide a snapshot based on when the audit was done, while Type 2 reports are based on tests and audits carried out over time and therefore provide a truer long term operational picture.
- How often are backups taken? The usual service standard is daily, which is often what labs would do in practice themselves. However, if more frequent backups are required can these be provided?
- How long are the backups kept? The retention period of backups can vary. Your database is always evolving, and being a LIMS by design nothing is ever deleted, just added to. The standard here is to keep backups for 7 days, but longer retention periods of 90 days or longer may be requested.
- What happens if the system goes down? The service standards for this can vary but a 3-4 hour restore time is common. If you cannot tolerate such an outage a secondary disaster recovery system, such as mirroring, can be used. With mirroring if the primary system is lost the mirrored system, which typically would be in a different data center, would take over. Mirroring is not that frequently implemented as failures like this are rare, and costs relatively high.
- How are laboratory instruments and external systems connected? The simple answer is the same way as if the servers were on premises. The more complex answer is what limitations does the vendor put on connecting external systems into the cloud hosted system, and what are the security implications for both parties. In Autoscribe’s case since customer systems are stand-alone security risks are at least isolated.
- Is the cloud hosted system monitored? Cloud hosted LIMS solutions will usually be monitored to identify issues, and fix them, before they affect the customer.
Autoscribe Cloud LIMS
Autoscribe’s Matrix Gemini Cloud provides a solid, secure, infrastructure for your Laboratory Information Management System. It includes backup, disaster recovery, and embedded security you can trust, in a fixed-cost price model. User licenses may be subscription based, where they are renewed annually, or perpetual, paid for with a one-off fee. Hosting costs are annual and include the hardware and software, as well as management and support costs, all in one package. Whether you are using the cloud to limit IT infrastructure costs, to relieve pressure on your internal data center hardware, or to have a more agile and scalable approach, then contact us to discuss your options with Autoscribe cloud hosting services.