Skip to content

epic-expert

Epic EMR healthcare software, infrastructure deployment on Azure, ODB/Citrix/Hyperspace architecture, and operational patterns

active
IDE:
codex
Version:
1.0.0
Owner:epic-platform-sre
epic
emr
healthcare
ehr
odb
citrix
hyperspace
azure
epic-systems

Epic Expert Skill

You are an expert in Epic Systems' electronic health record (EHR/EMR) software with deep knowledge of Epic infrastructure deployment on Azure, component architecture, operational patterns, and healthcare-specific compliance requirements.

Core Competencies

Epic Systems Fundamentals

Epic is the leading electronic health record (EHR) system used by healthcare organizations:

  • Market Position: Used by >50% of US hospitals, >250M patient records
  • Architecture: Client-server model with web and thick client access
  • Database: InterSystems Caché/IRIS (high-performance NoSQL/object database)
  • Integration: HL7, FHIR, DICOM for healthcare data exchange
  • Modules: Modular design with 30+ applications (clinical, revenue cycle, population health)
  • Certifications: ONC certified, HIPAA compliant, SOC 2 Type II

Epic on Azure: Large-scale deployment of Epic software on Microsoft Azure cloud infrastructure

Epic Component Architecture

┌─────────────────────────────────────────────────────────────────┐
│                     Epic on Azure Architecture                    │
├─────────────────────────────────────────────────────────────────┤
│                                                                   │
│  ┌────────────────┐        ┌──────────────────┐                │
│  │  End Users     │───────▶│  Citrix VDAs    │                │
│  │ (Clinicians,   │  HTTPS  │  (Virtual       │                │
│  │  Admins, etc.) │         │   Desktops)     │                │
│  └────────────────┘         └────────┬─────────┘                │
│                                      │                           │
│                    ┌─────────────────▼──────────────────┐       │
│                    │   Application Tier                  │       │
│                    │  - Hyperspace (thick client)        │       │
│                    │  - MyChart (patient portal)         │       │
│                    │  - Interconnect (middleware)        │       │
│                    │  - EpicCare Link (integration)      │       │
│                    └─────────────────┬──────────────────┘       │
│                                      │                           │
│                    ┌─────────────────▼──────────────────┐       │
│                    │   Database Tier                     │       │
│                    │  - ODB (Operational Database)       │       │
│                    │    * InterSystems IRIS/Caché       │       │
│                    │    * Master patient index          │       │
│                    │    * Clinical data storage         │       │
│                    │  - Analytics databases              │       │
│                    └─────────────────────────────────────┘       │
│                                                                   │
│  ┌──────────────────────────────────────────────────────────┐   │
│  │  Supporting Services                                      │   │
│  │  - Print Server (clinical documents)                     │   │
│  │  - Digital Signing Server (e-prescriptions)              │   │
│  │  - BI RESTful (business intelligence APIs)               │   │
│  │  - Kuiper (Epic monitoring/alerting)                     │   │
│  │  - System Pulse (Epic telemetry)                         │   │
│  └──────────────────────────────────────────────────────────┘   │
│                                                                   │
│  ┌──────────────────────────────────────────────────────────┐   │
│  │  Azure Integration Services                               │   │
│  │  - Azure Files (shared storage: /epicfiles)              │   │
│  │  - Azure Backup (VM snapshots, database backups)         │   │
│  │  - Azure Monitor + Dynatrace (observability)             │   │
│  │  - Active Directory (SSO, RBAC)                          │   │
│  └──────────────────────────────────────────────────────────┘   │
└─────────────────────────────────────────────────────────────────┘

Epic Major Components

1. ODB (Operational Database)

InterSystems IRIS/Caché - High-performance database engine:

Key Characteristics:

  • Database Type: Object database with SQL, NoSQL, and multi-model support
  • Performance: Sub-millisecond response times, millions of transactions/day
  • Availability: Active-passive clustering, synchronous mirroring
  • Storage: Tiered storage (SSD for hot data, HDD for warm/cold)
  • Platform: RHEL 9 on Azure Standard_E-series VMs (memory-optimized)

Deployment Pattern:

  • Single-instance for non-prod (test, dev)
  • Active-passive mirroring for production
  • Separate ODB instances per environment
  • Shared Azure Files mount (/epicfiles)

Ansible Role: ohemr-ansible-role-odb

  • Pre-install: LVM setup, AD join, DNS configuration
  • Install: IRIS tarball deployment, instance creation
  • Post-install: Pulse/Kuiper integration, dataset instantiation
  • Day 2: Health checks, snapshots, backups, performance tuning

Common Operations:

# ODB Playbook Execution
- pb_odb.yml # Full ODB deployment
- pb_odb_snapshot.yml # Create ODB VM snapshot
- pb_odb_snap_refresh.yml # Refresh test ODB from prod snapshot
- pb_odb_ssh.yml # Configure SSH/SFTP access

2. Citrix VDA (Virtual Desktop Agent)

Citrix Virtual Apps and Desktops - End-user access layer:

Key Characteristics:

  • Purpose: Deliver Hyperspace (Epic thick client) to clinicians
  • Technology: Citrix VDA on Windows Server 2022
  • Scale: 100s-1000s of VDA VMs in production
  • Management: Citrix DaaS (Desktop-as-a-Service) on Azure
  • Auto-scaling: Dynamic provisioning based on user demand

Deployment Pattern:

  • Machine Catalog: Group of identical VDA VMs
  • Delivery Group: Published apps/desktops for user groups
  • Azure Managed Disks: Persistent or non-persistent (MCS)
  • Citrix Cloud Connectors: On-premises → Azure bridge

Ansible Role: ohemr-ansible-role-citrix-vda

  • Base image build: Windows Server 2022 + VDA software
  • Domain join: Active Directory integration
  • Hyperspace install: Epic thick client deployment
  • Configuration: Group policies, user profiles, printer mappings

Common Operations:

# Citrix VDA Playbook Execution
- pb_citrix_vda.yml # VDA provisioning and configuration

Citrix Provisioning:

  • MCS (Machine Creation Services): Clone VMs from master image
  • PVS (Provisioning Services): Stream OS from central server (less common)
  • Persistent Disks: User data survives VM reset
  • Non-Persistent: Fresh VM every login (faster, less storage)

3. Hyperspace

Epic Hyperspace - Clinical thick client application:

Key Characteristics:

  • Technology: Windows desktop application (.NET, C++)
  • Delivery: Citrix Virtual Apps (published app) or full desktop
  • Database Connection: Direct TCP/IP to ODB (port 1972)
  • Authentication: SAML SSO via Azure AD → Epic Identity Provider
  • Caching: Local cache for performance, synchronized with ODB

Modules Available in Hyperspace:

  • EpicCare Ambulatory: Outpatient clinic workflows
  • EpicCare Inpatient: Hospital inpatient workflows
  • OpTime: Operating room scheduling
  • Radiant: Radiology (PACS integration)
  • Beacon: Oncology
  • Stork: Obstetrics
  • Orders: Medication ordering (CPOE)
  • Results Review: Lab/radiology results

Ansible Role: ohemr-ansible-role-hyperspace

  • Installation: Deploy Hyperspace client to VDA image
  • Configuration: INI files, connection strings, cache settings
  • Updates: Patch management (monthly Epic releases)

4. Interconnect

Epic Interconnect - Integration middleware:

Key Characteristics:

  • Purpose: HL7 v2, HL7 v3, FHIR, DICOM message routing
  • Technology: Java-based message broker
  • Deployment: RHEL 9 VMs, clustered for HA
  • Connectivity: Bidirectional interfaces with 100+ external systems
  • Message Volume: Millions of messages/day (ADT, ORM, ORU, etc.)

Integration Patterns:

  • Inbound: Lab results (ORU), orders (ORM), ADT (patient movements)
  • Outbound: Orders to pharmacy, imaging orders to PACS
  • FHIR APIs: RESTful access for mobile apps, patient portals
  • EDI: Claims submission (837), remittance (835)

Ansible Role: ohemr-ansible-role-interconnect

  • Installation: Java runtime, Interconnect software
  • Configuration: Interface definitions, message queues
  • Monitoring: Message throughput, error rates, queue depth

5. Supporting Services

Print Server:

  • Windows Server with Epic Print Service
  • Clinical document printing (prescriptions, encounter summaries)
  • HL7 print messages from ODB
  • Ansible Role: ohemr-ansible-role-print-server

Digital Signing Server:

  • Electronic prescription signing (DEA compliance)
  • Integration with e-prescribing networks (Surescripts)
  • Ansible Role: ohemr-ansible-role-digital-signing-server

Kuiper (Epic monitoring):

  • Real-time Epic application health monitoring
  • Alert on database performance, interface failures
  • Dashboard for Epic administrators
  • Ansible Role: ohemr-ansible-role-kuiper

System Pulse (Epic telemetry):

  • Performance metrics to Epic Systems (vendor)
  • Proactive issue detection by Epic
  • Configuration in ODB role

Epic on Azure 8-Subscription Model

Epic infrastructure spans 8 Azure subscriptions for isolation and governance:

Epic Azure Subscriptions:
├── OptumHealthEMR-sub-epic-test-001         # Test environment
│   └── Use: Functional testing, Epic upgrades, training
├── OptumHealthEMR-sub-epic-npd-001          # Non-production development
│   └── Use: Dev/build environments, CI/CD pipelines
├── OptumHealthEMR-sub-epic-pro-001          # Production (CRITICAL)
│   └── Use: Live clinical systems, patient data (PHI)
├── OptumHealthEMR-sub-epic-shared-001       # Shared services
│   └── Use: Jump boxes, bastion hosts, shared tools
├── OptumHealthEMR-sub-epic-conn-pro-001     # Connectivity
│   └── Use: ExpressRoute, VPN, network hubs
├── OptumHealthEMR-sub-epic-citrix-shared-001 # Citrix infrastructure
│   └── Use: Citrix Cloud Connectors, Citrix Delivery Controllers
├── OptumHealthEMR-sub-epic-workloads-dev-001 # Dev workloads
│   └── Use: Developer VMs, test environments
└── OptumHealthEMR-sub-epic-workloads-dev-002 # Additional dev capacity
    └── Use: Overflow dev resources

Key Architectural Decisions:

  • Production isolation: epic-pro-001 has strict RBAC, no direct internet egress
  • Network centralization: epic-conn-pro-001 manages ExpressRoute, VPN, Azure Firewall
  • Citrix separation: epic-citrix-shared-001 isolates VDAs from app/data tiers
  • Cross-subscription networking: VNet peering between subscriptions

Azure Resource Organization

Production Subscription Resource Groups:

rg-ohemr-prod-eus2-compute      # ODB VMs, app servers
rg-ohemr-prod-eus2-network      # VNets, NSGs, load balancers
rg-ohemr-prod-eus2-storage      # Azure Files shares, managed disks
rg-ohemr-prod-eus2-monitoring   # Log Analytics, dashboards
rg-ohemr-prod-eus2-backup       # Recovery Services Vault
rg-ohemr-prod-eus2-security     # Key Vault, private endpoints

Naming Conventions:

# VMs
vm-ohemr-prod-eus2-odb01          # Production ODB VM
vm-ohemr-test-eus2-odb01          # Test ODB VM
vm-ohemr-prod-eus2-interconn01    # Interconnect middleware
vm-ohemr-prod-eus2-vda01          # Citrix VDA (numbering for scale)

# Storage
stohemrepicfiles                  # Azure Files storage account
fileshare-epic-prod               # Production file share (/epicfiles)
fileshare-epic-nonprod            # Non-prod file share

# Networking
vnet-ohemr-prod-eus2              # Production VNet (10.100.0.0/16)
snet-ohemr-prod-eus2-data         # ODB subnet (10.100.1.0/24)
snet-ohemr-prod-eus2-app          # App tier subnet (10.100.2.0/24)
snet-ohemr-prod-eus2-vda          # Citrix VDA subnet (10.100.3.0/24)
nsg-ohemr-prod-eus2-odb           # ODB NSG (port 1972, 57772, SSH)

Deployment Patterns

Epic ODB Deployment

Prerequisites:

  • RHEL 9 VM (Standard_E8ds_v5 or larger)
  • Managed disks attached (data, journals, temp)
  • Azure Files share mounted (/epicfiles)
  • AD join completed (ms.ds.uhc.com)
  • DNS configured (internal DNS servers)
  • Vault secrets available (AD join password, IRIS license key)

Playbook Execution:

# Full ODB deployment
ansible-playbook playbooks/epic-on-azure/pb_odb.yml \
  -i inventory/azure_rm_prod.yml \
  -l vm-ohemr-prod-eus2-odb01 \
  -e odb_instance_names='["tst","prd"]' \
  -e odb_src_base="/epicfiles/nonprodfiles/build" \
  -e odb_ad_env="prd" \
  -e odb_ad_region="USCentral"

Role Tasks (ohemr-ansible-role-odb):

  1. Pre-install (tasks/pre_install.yml):

    • Partition OS disk, create LVM volumes
    • Mount data volumes (/ensemble, /journal, /temp)
    • Configure DNS, NTP, timezone
    • Join Active Directory domain
    • Create Linux user accounts, SSH groups
    • Install CA certificate for SSH
  2. Install (tasks/install.yml):

    • Extract IRIS tarball to /usr/irissys
    • Run InstaServer script (IRIS instance creation)
    • Configure IRIS networking (SuperServer port 1972)
    • Install Epic RPC broker
    • Apply IRIS license key
  3. Post-install (tasks/post_install.yml):

    • Instantiate Epic datasets (if odb_instantiate_datasets: true)
    • Configure System Pulse integration
    • Configure Kuiper monitoring
    • Set up cron jobs (backups, maintenance tasks)
    • Validate IRIS instance status

Epic Citrix VDA Deployment

Prerequisites:

  • Windows Server 2022 VM (Standard_D4s_v5 or larger)
  • Managed disk (OS + user profile disk)
  • Domain joined (Active Directory)
  • Citrix VDA software downloaded
  • Hyperspace installer available

Playbook Execution:

# Build Citrix VDA image
ansible-playbook playbooks/epic-on-azure/pb_citrix_vda.yml \
  -i inventory/azure_rm_citrix.yml \
  -l vm-ohemr-citrix-shared-eus2-vda-master \
  -e var_file_path="/path/to/citrix_vars.yml" \
  -e ansible_password="{{ vault_locadm_password }}"

Role Tasks (ohemr-ansible-role-citrix-vda):

  1. Prerequisites:

    • Install .NET Framework 4.8
    • Install Visual C++ Redistributables
    • Configure Windows Firewall rules
  2. VDA Installation:

    • Install Citrix Virtual Delivery Agent
    • Configure Citrix Cloud Connector settings
    • Register VDA with Citrix Cloud
  3. Hyperspace Installation:

    • Extract Hyperspace installer
    • Run silent install with INI file
    • Configure Hyperspace connection to ODB
  4. Post-configuration:

    • Apply Group Policy Objects (GPOs)
    • Configure user profile management (Citrix UPM)
    • Install printer drivers (clinical label printers)
    • Seal image for MCS provisioning

Epic Snapshot and Refresh Workflow

Use Case: Refresh test ODB with production data for Epic upgrades/testing

Workflow:

  1. Create Production ODB Snapshot:

    ansible-playbook playbooks/epic-on-azure/pb_odb_snapshot.yml \
      -i inventory/azure_rm_prod.yml \
      -l vm-ohemr-prod-eus2-odb01 \
      -e snapshot_name="odb-prod-$(date +%Y%m%d)"
    
  2. Stop Test ODB Instance:

    ⚠️ Privileged operationsudo su - epicadm escalates to the Epic admin account. Requires explicit user confirmation; never run autonomously.

    # SSH to test ODB, stop IRIS instance
    ssh vm-ohemr-test-eus2-odb01
    sudo su - epicadm
    iris stop IRIS
    
  3. Refresh Test ODB from Snapshot:

    ansible-playbook playbooks/epic-on-azure/pb_odb_snap_refresh.yml \
      -i inventory/azure_rm_test.yml \
      -l vm-ohemr-test-eus2-odb01 \
      -e source_snapshot="odb-prod-20260112" \
      -e odb_instance_name="tst"
    
  4. Validate Test ODB:

    ansible-playbook playbooks/epic-on-azure/pb_odb.yml \
      -i inventory/azure_rm_test.yml \
      -l vm-ohemr-test-eus2-odb01 \
      -e operation="validate" \
      --tags odb:validate
    

Automated via AWX Workflow:

  • Manual approval gate before production snapshot
  • Automatic test environment refresh
  • Post-refresh validation checks
  • Notification to Epic build team on completion

Day 2 Operations

Health Checks and Monitoring

ODB Health Checks:

# Run daily via AWX schedule
- playbook: playbooks/epic-on-azure/pb_odb_day2.yml
  extra_vars:
    operation: health_check
  checks:
    - IRIS instance status (iris list)
    - Database integrity (^DBSIZE, ^DBREST)
    - Journal file space (% full)
    - Lock table usage
    - Temp file space
    - Network connectivity (SuperServer port 1972)
    - Kuiper agent status

Dynatrace Monitoring:

# Install Dynatrace OneAgent on Epic VMs
- playbook: playbooks/epic-on-azure/pb_dynatrace_oneagent_linux_install.yml
  targets:
    - ODB VMs
    - Interconnect VMs
    - Print servers
  metrics:
    - CPU, memory, disk I/O
    - Network latency
    - Process monitoring (IRIS, Java)
    - Log analysis (syslog, IRIS messages.log)

Citrix Monitoring:

  • Citrix Director (Citrix Cloud)
  • VDA session counts, logon times
  • User experience metrics
  • Application crash reports

Backup and Recovery

Azure Backup:

# Configure Azure Backup for ODB VMs
- role: utilities
  tasks_from: azure/backup_plugin.yml
  vars:
    backup_policy_name: 'epic-odb-daily'
    retention_daily: 30
    retention_weekly: 12
    retention_monthly: 12
    backup_time: '02:00' # 2 AM local time

IRIS Database Backups:

# Full backup via IRIS backup API
iris backup full \
  --instance IRIS \
  --output /epicfiles/backups/IRIS-full-$(date +%Y%m%d).cbk \
  --concurrent 4

# Incremental backup
iris backup incremental \
  --instance IRIS \
  --output /epicfiles/backups/IRIS-incr-$(date +%Y%m%d-%H%M).cbk

Backup Strategy:

  • Azure Backup: Daily VM snapshots (application-consistent with VSS)
  • IRIS Full Backup: Weekly (Sunday 2 AM)
  • IRIS Incremental Backup: Hourly
  • Azure Files Snapshots: 4x daily
  • Retention: 30 days daily, 12 weeks weekly, 12 months monthly

Patching and Updates

Epic Release Cadence:

  • Major Releases: Annual (November/February)
  • Service Packs: Quarterly
  • Hotfixes: As needed (critical bugs, security)

Patching Workflow:

  1. Test Environment Patching (Week 1):

    • Refresh test ODB from prod snapshot
    • Apply Epic patches to test
    • Run Epic test scripts (QSST)
    • User acceptance testing
  2. Production Patching (Week 3-4):

    • Change request approval
    • Scheduled downtime window (Saturday 2-6 AM)
    • Apply patches to production ODB
    • Smoke testing (critical workflows)
    • Monitor for 48 hours

OS Patching:

# Linux patching (RHEL 9)
ansible-playbook playbooks/epic-on-azure/pb_linux_apply_updates.yml \
  -i inventory/azure_rm_prod.yml \
  -l odb_servers \
  -e update_type="security"  # or "all"

Windows Patching:

  • Citrix VDA master image patched monthly
  • New machine catalog provisioned from updated image
  • Gradual rollout (10% → 50% → 100%)

Security and Compliance

HIPAA Compliance

Epic infrastructure must comply with HIPAA Security Rule:

Administrative Safeguards:

  • RBAC for AWX (team-based job template access)
  • Audit logging (Azure Monitor, AWX job history)
  • Risk assessments (quarterly)
  • Training requirements (annual HIPAA training)

Physical Safeguards:

  • Azure data center certifications (SOC 2, ISO 27001)
  • Restricted physical access (Azure responsibility)

Technical Safeguards:

  • Encryption at rest: Azure Disk Encryption (ADE), Azure Files encryption
  • Encryption in transit: TLS 1.2+ (all communication), HTTPS/SSH only
  • Access controls: Azure AD SSO, MFA required
  • Audit logs: Azure Monitor, Sentinel SIEM
  • Integrity controls: Dynatrace file integrity monitoring

Active Directory Integration

ODB AD Join:

# AD join during ODB deployment
- role: ohemr-ansible-role-odb
  vars:
    odb_ad_domain_fqdn: 'ms.ds.uhc.com'
    odb_ad_ou: 'OU=Epic,OU=Azure,OU=Public-Cloud-VMs,...'
    odb_ad_env: 'prd' # or "npd"
    odb_ad_region: 'USCentral'
    odb_ad_pwd: "{{ lookup('hashi_vault', 'secret=kv/epic/ad-join-password') }}"

SSSD Configuration:

  • Kerberos authentication
  • LDAP user/group lookup
  • SSH key distribution from AD
  • Sudo rules from AD groups

Secrets Management

HashiCorp Vault:

# Retrieve secrets from Vault
- name: Get AD join password
  community.hashi_vault.vault_kv2_get:
    url: 'https://vault.uhg.com:443'
    path: 'epic/ad-join'
    namespace: 'aide-0085665'
    engine_mount_point: 'kv'
  register: vault_secret
  no_log: true

CyberArk:

# Retrieve service account password from CyberArk
- name: Get Cyberark secret
  include_role:
    name: utilities
    tasks_from: cyberark/get_cyberark_secrets.yml
  vars:
    cyberark_object_name: 'Directory-ms.ds.uhc.com-svcepicutilpkey'

Azure Key Vault:

  • Credential Input Sources in AWX
  • Fetch secrets at job runtime
  • No secrets in AWX database or Git

Troubleshooting

Common ODB Issues

1. IRIS instance won't start:

# Check IRIS messages log
tail -100 /usr/irissys/mgr/messages.log

# Common causes:
# - Insufficient memory (check /var/log/messages for OOM killer)
# - Disk full (check df -h /ensemble, /journal)
# - Lock file corruption (rm /usr/irissys/mgr/iris.lck)
# - License expired (iris stop IRIS; iris start IRIS)

2. Database performance degradation:

# Check IRIS metrics via Management Portal
<odb-hostname>:57772/csp/sys/UtilHome.csp

# Key metrics:
# - Global buffer hit ratio (should be >95%)
# - Lock table usage (should be <80%)
# - Journal file space (should be <90% full)
# - Temp file space (should be <90% full)

# Run database integrity check
iris integrity check IRIS

3. Interconnect messages stuck:

# SSH to Interconnect server
ssh vm-ohemr-prod-eus2-interconn01

# Check message queue depth
/epic/interconnect/bin/mqstatus.sh

# Restart stuck interface
/epic/interconnect/bin/interface.sh stop <interface-name>
/epic/interconnect/bin/interface.sh start <interface-name>

Common Citrix Issues

1. VDA registration fails:

# Check Citrix VDA service status
Get-Service -Name "BrokerAgent" | Select-Object Status, StartType

# Check Citrix Cloud Connector connectivity
Test-NetConnection -ComputerName "citrix-cloud-connector.domain.com" -Port 443

# Re-register VDA
& "C:\Program Files\Citrix\Virtual Delivery Agent\BrokerAgent.exe" -register

2. Hyperspace fails to launch:

# Check Hyperspace logs
Get-Content "C:\ProgramData\Epic\Hyperspace\Logs\*.log" -Tail 50

# Common causes:
# - ODB connectivity (test: telnet vm-ohemr-prod-eus2-odb01 1972)
# - Citrix license expired (check Citrix Licensing console)
# - User profile corruption (delete C:\Users\<user>\AppData\Local\Epic)

3. Slow logon times:

  • Check Citrix Director for logon breakdown
  • Common bottlenecks: GPO processing, profile load, Dynatrace agent
  • Optimize: Reduce GPOs, use UPM profile streaming, tune Dynatrace

Best Practices

ODB Management

  1. Capacity Planning: Monitor IRIS database size growth, plan disk expansion 6 months ahead
  2. Journal Management: Monitor journal file usage, alert at 75% full
  3. Lock Table Tuning: Increase lock table size if usage consistently >70%
  4. Backup Validation: Test restore quarterly, validate backup integrity weekly
  5. Performance Baselines: Establish baselines for response times, monitor for degradation

Citrix Management

  1. Image Management: Version control VDA master images, document changes
  2. Scaling Strategy: Use Citrix Autoscale, scale VDAs based on user sessions
  3. User Experience: Monitor logon times, session responsiveness, application launch times
  4. Cost Optimization: Deallocate VDAs during off-hours, right-size VM SKUs

Ansible Best Practices

  1. Idempotency: Ensure playbooks can run repeatedly without side effects
  2. Tagging: Use tags for selective execution (--tags odb:install,odb:configure)
  3. Secrets: Never commit secrets to Git, use Vault/CyberArk/Key Vault
  4. Testing: Test playbooks in dev/test before production
  5. Documentation: Document playbook purpose, variables, dependencies

When to Apply This Skill

Use epic-expert skill when working with:

  • ✅ Epic EMR infrastructure deployment and operations
  • ✅ ODB (InterSystems IRIS/Caché) database management
  • ✅ Citrix VDA and Hyperspace deployment
  • ✅ Epic component architecture (Interconnect, print servers, etc.)
  • ✅ Azure integration for Epic (8-subscription model, Azure Files, networking)
  • ✅ Ansible roles for Epic components (ohemr-ansible-role-*)
  • ✅ Day 2 operations (health checks, backups, patching, monitoring)
  • ✅ HIPAA compliance and healthcare-specific requirements
  • ✅ Troubleshooting Epic performance and availability issues
  • ✅ Epic snapshot/refresh workflows for testing

Resources

Related Assets

Epic Onboarding Guide Agent

active

Comprehensive onboarding guide generator for new engineers joining the Epic on Azure platform team. Creates personalized onboarding plans covering infrastructure, tooling, processes, and team workflows specific to the OptumHealth EMR environment.

vscode
onboarding
epic
platform
azure
training
+2

Owner: platform-automation

azure-expert

active

Azure cloud infrastructure, Epic multi-subscription architecture, resource management, and Optum Azure patterns

codex
azure
cloud
infrastructure
epic
optum
+3

Owner: epic-platform-sre

terraform-expert

active

Enterprise Infrastructure-as-Code with Terraform, Azure provider, private registry modules, and Optum Epic patterns

codex
terraform
iac
azure
infrastructure
epic
+1

Owner: epic-platform-sre

Ansible Playbook Creation Assistant

experimental

Interactive guide for creating new Ansible playbooks that execute in AWX, following Epic on Azure patterns for role integration, vault secrets, and testing workflows.

claude
codex
vscode
ansible
playbook
creation
epic
awx
+1

Owner: epic-platform-sre

Ansible Requirements.yml Management Assistant

experimental

Guide for managing role versions in requirements.yml, coordinating role releases, semantic versioning, and integrating role updates with AWX workflows.

claude
codex
vscode
ansible
requirements
versioning
roles
epic
+1

Owner: epic-platform-sre

Ansible Role Creation Assistant

experimental

Interactive guide for creating new Ansible roles following Epic on Azure standards, including proper structure, Molecule testing, and requirements.yml integration.

claude
codex
vscode
ansible
role
creation
epic
development
+1

Owner: epic-platform-sre