← Back to Projects

BlueCross BlueShield Tennessee Member Portal

Enterprise member benefits system built with Next.js frontend and Java REST services, deployed via Azure DevOps to RedHat OpenShift using modern DevOps practices.

Problem

Migrate an existing legacy patient portal from Java JSP Portlets on HCL/IBM WebSphere Portal to a modern, scalable architecture while ensuring HIPAA compliance and zero downtime. Introduce CIAM capabilities for secure user authentication and authorization for data access and consent management.

Solution

Built a modern Next.js SPA with Server-Side Rendering for optimal performance, backed by scalable Java REST services. Implemented fully automated CI/CD pipeline using Azure DevOps, Tekton, Helm Charts, and ArgoCD for GitOps-based deployments to RedHat OpenShift.

Role & Ownership

Lead Full-Stack Developer & DevOps Engineer

  • Architected Next.js frontend application with App Router
  • Designed and implemented Java REST API services
  • Built complete CI/CD pipeline from source control to production
  • Established GitOps workflow using ArgoCD and Helm
  • Led migration from legacy system with zero downtime

Architecture

  • Next.js App Router with TypeScript for type-safe frontend
  • Java Spring Boot REST services with microservices architecture
  • SQL Server for patient data with row-level security
  • RedHat OpenShift container platform for orchestration
  • Azure DevOps for source control, work tracking, and CI/CD
  • Tekton pipelines for container builds and testing
  • Helm charts for Kubernetes resource management
  • ArgoCD for GitOps-based continuous deployment

Technical Challenges & Tradeoffs

Complex deployment pipeline coordination

Designed and implemented a multi-stage GitOps pipeline as a greenfield initiative, requiring cross-team coordination with security, infrastructure, and platform teams. Orchestrated Azure Pipelines to trigger builds on Git commits, OpenShift Tekton to build and scan containers, Helm charts to package releases, and ArgoCD to monitor and deploy automatically. Configured secure integration across Azure DevOps, Git Enterprise, OpenShift, and container registry systems with encrypted secrets management, audit logging, and automated security scanning at every stage.

Existing systems did not contain CIAM capabilities requiring entire application restructure as part of migration efforts

CIAM was placed at the forefront of the new architecture. This decision allowed for data processing and access to be managed external to the applications. By doing so, it enabled application development to be more focused on the core business logic that application required. More importantly, it allowed for more accurate logic migrations from existing applications to new applications while ensuring compliance with data access and consent management policies. It also provided a closer 1:1 mapping to existing systems so logic comparison and testing could be more easily accomplished and reduce defects during migration.

Multiple existing features were behind third-party vendor solutions that were entering end of contract periods during development efforts.

Micro-frontends were developed to enable in-house development of replacement features. Developing in-house placed an initial burden on the team to support more things as part of Production Support, but by designing across microfrontends for those features, provided a path for future vendor tools to replace the functionality and thus eliminate the overhead.

Tech Familiarization and Adoption

New technologies such as Next.js, OpenShift, Tekton, Helm, and ArgoCD were unfamiliar to many team members. Conducted knowledge sharing sessions, created documentation, and provided hands-on workshops to accelerate learning and adoption across the team.

Deployment & CI/CD

Azure DevOps manages source control and work items with Azure Pipeline YAML for CI/CD orchestration. Code commits trigger automated testing and push to Git Enterprise. OpenShift Tekton pipelines build Docker images, run security scans, and upload to secure container registry. Helm charts are updated with version tags and stored in Git. ArgoCD continuously monitors Helm chart repository and automatically syncs changes to OpenShift cluster, ensuring desired state matches Git repository (GitOps pattern).

Outcomes

  • Successful migration from legacy portal to modern architecture with minimal downtime (Certain cut-over and architecture changes required brief maintenance windows)
  • New deployment systems to enable multiple releases per week (were biweekly) with automated testing and security scans
  • Reduced lead time for changes from weeks to days by enabling local development and automated deployments
  • Complete integration of new CIAM system for secure user management
  • Enhanced team collaboration and efficiency with automated workflows

Lessons Learned

  • Documentation analysis played a crucial role in understanding legacy system functionality, especially when original developers were unavailable. Investing time in thorough documentation review helped identify key features and workflows that needed to be replicated in the new system.
  • Maintaining as close to a 1:1 mapping of existing functionality during migration efforts simplified testing and validation. This approach enabled quick identification of discrepancies between old and new systems, facilitating smoother transitions and reducing time to resolve defects.
  • Early adoption and review by operations and production support teams ensured that new deployment and features aligned with operational requirements. Their insights helped shape deployment strategies and monitoring practices, leading to more reliable releases and quicker issue resolution post-deployment.
  • Cross-functional collaboration between developers, DevOps engineers, QA, and business stakeholders was key to aligning technical solutions with business needs and ensuring successful delivery.