HSCN Solution Overview Version 3.0 Published 12 April 2017 Copyright © 2017 NHS Digital Page 1 of 45 1.1. Contents 1.1 Scope of this document 3 1.2 Reader Pre-requisites 4 2 HSCN Overview 5 3 N3 Services Scope 8 4 3.1 Introduction 8 3.2 Current N3 Scope 8 HSCN Architecture 15 4.1 Introduction 15 4.2 Architecture Principles 15 4.3 Logical Network Topology 16 5 HSCN Consumer Solutions 43 6 HSCN Obligations Framework 44 7 References 45 Table of Figures Figure 1: N3 Logical Topology ............................................................................................ 9 Figure 2: Target State ......................................................................................................... 16 Figure 3: Transition State .................................................................................................. 20 Figure 4: HSCN Interconnection Routing Patterns.......................................................... 31 Figure 5: HSCN Traffic Flow Examples ............................................................................ 32 Figure 6: HSCN Advanced Network Monitoring Service ................................................. 39 Figure 7: Security Telemetry Flow .................................................................................... 41 Figure 8: Security Monitoring Points ................................................................................ 42 Copyright © 2017 NHS Digital Page 2 of 45 1.1 Scope of this document This document provides an overview of the HSCN solution. Further information about the operational design and the HSCN Capabilities that will deliver the services is detailed in the HSCN Operational Design Overview. The HSCN Solution is summarised to enable all stakeholder groups to understand: What technical services are being supplied as part of the HSCN; and How the HSCN services will replace the incumbent services. So that: The HSCN Programme Board can, on behalf of Department of Health, assure that the HSCN Solutions meets their strategic requirements; The Programme can confirm that the HSCN Solution meets requirements; Consumers understand what will be the replacement technical solution for their current service; Suppliers can understand the technical capabilities they will deliver; and The Solution Design team can develop the detailed design (e.g. level 3 and below). This document details the approach for the transition of services from N3; maintaining seamless continuity of network services and transitioning to new supplier services. The longer term strategy for network delivery and wider innovation are not included. This document includes as follows: Section 1 Document Purpose This section Section 2 HSCN Overview An overview of the HSCN and its key objectives Section 3 Current N3 Scope An overview of the current N3 services that will be transitioned to HSCN services Section 4 HSCN Architecture An overview of the HSCN Architecture that describes the scope of the services to be delivered. This includes an overview of the separate network components that connect the HSCN together. Includes descriptions of the network components. The architecture detailed in this section represents a Target State for the new service, and details a Transition State for the migration of services from the current N3 service. There are a small number of pending strategy decisions that will determine final target state. (See Section 4.3.1.3) Section 5 HSCN Consumer Services A brief description of the services that HSCN Consumers will receive. Section 6 HSCN Obligations Framework A brief description of the HSCN Obligations Framework that will govern the technical and operational inter supplier working of the HSCN Components to deliver the network services required. Copyright © 2017 NHS Digital Page 3 of 45 Section 7 References References to documents in the HSCN solution set. 1.2 Reader Pre-requisites None, though the Solution Overview should be read in conjunction with the Operational Design Overview [Ref 1]. Copyright © 2017 NHS Digital Page 4 of 45 2 HSCN Overview The stated vision of the Health and Social Care Network (HSCN) Programme is: “HSCN will enable a future where health and social care unite to transform patient care and services through the provision of greater connectivity, putting data and information at the fingertips of clinicians, health and care professionals and citizens” The HSCN programme was established by the Department of Health (DH) in July 2014 to: Manage the exit from the existing N3 contract by 31 March 2017; Provision successor services to those currently provided under the N3 contract; Manage the transition to successor services; and, Establish a network solution capable of supporting the evolving health and social care landscape. The scope of the proposed investment covers English NHS-funded healthcare providers, including public and private organisations covered within the scope of current N3 provision, and social care providers in England. The scope excludes providing network connectivity to Scotland, Northern Ireland, Wales and the Isle of Man; however connectivity between networks will be required. The user scope for N3 has developed significantly since the original N3 business case in 2004, which focused principally on healthcare organisations. With the introduction of the Health and Social Care Act 2012, health and social care is provided through a wide range of organisations, including councils, other local government bodies, and charities and voluntary organisations. HSCN will provide a reliable, efficient and flexible way for health and social care organisations to access and exchange electronic information. By reducing cost and complexity, standardising networks, enabling service sharing and extending the parameters of collaborative working in different organisations, it will save money, enable information to be reliably shared and help staff work together in more effective and efficient ways. HSCN provides the robust yet flexible foundation layer upon which transformed health and social care services can be built. It aims to support a world where anyone involved in the delivery of health and social care services can access the information and services they need to do their job from any location at any time and without the need for complex, bespoke and expensive ICT arrangements. HSCN is designed to support the aspirations set out by the Department of Health and NHS England through the Five Year Forward View and National Information Board – Personalised Health and Care 2020 as well as NHS Sustainability and Transformation Plans and Local Digital Roadmaps. These strategies cite increased levels of collaboration and integration between health and social care providers as essential to driving improvements and efficiencies. Improved information sharing and the ability to work flexibly to deliver joined up health and social care services to citizens and patients are common features across all these initiatives. The HSCN programme will put in place the underlying standards, infrastructure and services that the wider integration of health and social care. HSCN will create a marketplace for numerous suppliers to compete to deliver standardised, interoperable, better, faster and cheaper connectivity services to health and social care providers. By devolving both the responsibility and the funding for commissioning HSCN Copyright © 2017 NHS Digital Page 5 of 45 connectivity services, it will empower NHS organisations to buy what they need from the best suppliers and in collaboration with both NHS and non-NHS delivery partners. The stated spending objectives within the FBC are as follows; Support the move from N3 to a new service whilst ensuring future innovation is built in. Provide integrated connectivity to enable wider health and social care organisations to access national health IT services. Deliver a smaller service – that only provides from the centre the infrastructure needed to enable network connectivity across the health and social care system. Create a competitive marketplace for interoperable and cost effective network services. A better value for money service – utilise the purchasing power of Government to improve value for money and get the best possible price in part by disaggregating the different parts of the network components to enable a wider variety of suppliers to bid for the work. A shorter contract length that enable more regular market testing to drive down costs. The HSCN Solution needs to enable the programme’s spending objectives; foremost of which is: “Support the move from N3 to a new service whilst ensuring future innovation is built in.” It will do this by delivering the following technical solution services: Establishment of a disaggregated, multiple provider network architecture (See Section 4); Defining HSCN Obligations Framework that will require the HSCN services to meet the HSCN Obligations, Policies and Standards; Defining HSCN Obligations, Policies and Standards that enable safe, reliable and efficient interoperability; Establishing an HSCN Compliance Operating Model to allow multiple network service providers to offer HSCN Services that meet the HSCN Obligations; Enabling a more open marketplace with multi providers and increased local empowerment for consumers to choose HSCN services; Supporting the creation of virtual ‘Community of Interest’ or ‘Regional’ networks where the majority of collaboration and data sharing will take place; Establishment of a hybrid backbone architecture for Internet and national private traffic (see Section 4); Supporting early migration to the Internet as the primary data transit mechanism for health and social care information; Reducing the size and cost of a centrally provided private core network, whilst continuing to support national applications and services that need the availability and performance of a private network; Bringing Internet provision within the scope of a layered security monitoring approach; Improve the cyber defence capability by supplementing the activities carried out by the Data Security Centre – please see HSCN Operational Design Overview [Ref 1]; Delivering core supporting technology services such as DNS/NTP; and Copyright © 2017 NHS Digital Page 6 of 45 Delivering a controlled and stable transition from current N3 services to the replacement HSCN services Copyright © 2017 NHS Digital Page 7 of 45 3 N3 Services Scope 3.1 Introduction In order to fully understand the scope of the HSCN programme it is necessary to understand, at a high level, the nature of the existing N3 provision in terms of the technical capabilities that currently support the Health and Social Care connectivity needs. The boundary of scope for the HSCN Programme has been established to enable the programme’s strategic objectives (see Section 1); foremost of which is: “Support the move from N3 to a new service whilst ensuring future innovation is built in”. This Section will detail the current scope of N3 technical services. Section 4.4 includes details on which HSCN services will be used as the migration vehicle where required. 3.2 Current N3 Scope N3 provides a high quality, fully managed, Wide Area Network (WAN) and has over 40,000 direct, virtual and aggregated connections. These services consist of direct access connections, VPN connectivity and connections that link to N3 via an Aggregator. The NHS relies on reliable network connections to support national systems such as GP clinical systems, regional systems such as digital imaging and local systems such as patient administration. Health and social care delivery now involves the private sector, local government and allied professions such as opticians, dentists and pharmacists; and is further expanding with AQP providing NHS services and increasing integration with social care. A number of these services are already delivered over N3. There are Gateways to other Government networks (e.g. Janet and MoD) and the Internet. This Section summarises the current scope of the N3 service, and as such what is required to be transitioned to a new HSCN service. Figure below is an abstraction of the N3 network and how it provides network connectivity services in various ways to a number of customers across Health and Social Care. It also illustrates the services, plus the variety and complexity in which those services are consumed: Copyright © 2017 NHS Digital Page 8 of 45 PSTN / Mobile SWAN Remote Access GCSx Internet IoM Janet National Applications DC N3 Core MoD KEY Inner Core Access PoPs N3 Access PoPs Third Party Data Centres Wales N3 Core PoPs Access PoPs Pharmacy Gateways to other networks Aggregator External Networks Access Layer Independent Health Providers DSL PoPs Third Party Suppliers Hospital Broadband Aggregation Independent Health Providers COIN Data centre services – connect directly to N3 Core Non-NHS services e.g. Third Party Suppliers or Independent Health Providers NHS Trust sites e.g. acute hospitals or mental health services GP Practice Local Government External partners e.g. pharmacists / optiicians Hospital Third Party Suppliers Community Clinic GP Practice Community Clinic Local Government GP Practice NHS CCG sites e.g. GP Practice medical centres or community clinics Local Government sites e.g. Social Care services Third Party Suppliers Figure 1 - N3 Logical Topology It is available 24hrs a day, 7 days a week for 365 days per year. The service is delivered in accordance with NHS Digital Policy and Standards. The original design and key aims of the network were to provide a stable and flexible infrastructure to support the work of the National Programme for IT (NPfIT) applications and services. The nature of the services and applications supported by the network has changed over this period, and requires revision under HSCN. 3.2.1 Supply Model N3 is an ‘integrator’ model where the supplier (BT) acts as an intermediary between the requirements of network users and the range of telecoms services available from subcontractors and takes responsibility for service delivery. There is no customer choice on the supply chain. The N3 Service is structured as a combination of Foundation and Catalogue Services. Foundation Services are: Predominantly over-arching management services; Paid for centrally; and Include: helpdesk; end-to-end service level reporting; network management; access control management; technical management e.g. IP Addressing allocations and management; problem management; fault resolution; technical design; catalogue management; user Copyright © 2017 NHS Digital Page 9 of 45 groups; customer satisfaction surveys; specialist customer engagement staff; liaison with other national health informatics suppliers etc. Catalogue Services: Services available to order by service consumers from BT. Funded by DH and/or customer organisation. Allocation of DH funding against N3 Catalogue Services was originally governed by the N3 National Allocation Algorithm (NAA) and whilst this is principally still the case, allocation has developed into a more flexible arrangement by custom and practice to allow local top ups for additional services. Consist of a multiplicity of options – there are a large number of standard Catalogue Services (“standard reference configurations”) in regular day-to-day use. Customers can also bespoke their requirements from these standards. Are reassessed, and where appropriate refreshed every two years with revised pricing to reflect the market value at the time of call off and changes in technology available. Provide only Wide Area Network access and capacity and overlay services. Provision of LAN (Local Area Network) connectivity within a site, clinical applications and any hardware and software associated with the applications is outside of the scope of N3. 3.2.2 Network components N3 Components N3 Core N3 Connectivity as follows: Description The main distribution layer network providing the NHS private network services A range of varied customer connections to support connectivity and data sharing across all parties involved in health delivery. These are based primarily on Ethernet and DSL services. Data centre connections that host national applications e.g. Spine, NHSMail. Under the service control of NHS Digital. National Application Data Centre Connections Third Party Application Data Centre Connections NHS N3 Customer Access Connections Non-NHS N3 Customer Access Connections N3 COINs Third Party COINs As above, but not delivered by N3 and so the only N3 service provided is the gateway connection into the N3 Core managed as a single N3 Connectivity service Copyright © 2017 NHS Digital Data centre connections procured and funded by third parties who offer application services to health customers NHS customer site access connectivity e.g. hospitals, clinics, GP Practice medical centres Non-NHS customer site access connectivity e.g. Local Authority Social Care sites, third party service providers Community of Internet Networks that provide closed user group private network to a set of sites with one gateway connection into N3 Core. These mostly consist of NHS end customer sites but can include third party connections and non-NHS sites. Page 10 of 45 Aggregators Commercial third parties who provide aggregated connectivity for a large number of other parties such as pharmacies National Gateways N3 supports a number of National Gateways to external networks N3 DNS / NTP services Technology services to support interoperability for applications that transit the network N3 Overlays Value added application services that transit over the network. These are generally funded by customers, with a number of exceptions where procured for national NHS services or as part of GP ICT services VPN services that provide a regional or organisation specific closed user group virtual private network over N3 for a set of end sites. VPN services – internal network site to site VPNs For example, small VPN services linking one main site to 2-5 other sites, used to support link branch GP Practices sites to the main site, or larger VPN services for COINS. Remote Access – include external token VPNs VPN to Remote access gateway and VPN extensions and VPN tokens to support remote access by users to their N3 connected sites from internet and mobile locations. Includes an option for non-NHS users to remotely access N3 services from their third party networks. Note this service shares internet service components with the Internet Gateway. Wi-Fi / LAN / Firewall Local site network services for managed LAN / Wi-Fi and firewalls. Note that this has largely been taken up for services commissioned by NHS England at a national level and are not rolled out to larger parts of the NHS. Voice Voice service for IP Telephony Video Conferencing MeetMe, WebEx Video conferencing services Mobile Health Worker Devices and remote access network integration to support users working with mobile devices and remotely from N3 connected sites Collaboration tools for end users 3.2.2.1 N3 Core N3 is delivered as 5 Core Points of Presence (Core PoPs) that are connected as an ‘inner core’ network. These are connected to 59 Access Points of Presence (Access PoPs) in England to underpin the national connectivity of N3 and collectively form the N3 Core Network. The current core of the network is commercially provisioned to provide a capacity limit of 30GB for NHS traffic and it is one of the largest VPN networks in Europe. Routing over the N3 network provides access to the range of supported types of consumer as follows: Copyright © 2017 NHS Digital Page 11 of 45 NHS Customers For NHS Customers this means connectivity to the Internet, national systems (e.g. Spine / GPSoC) and any agreed other services available over N3 (third party application providers e.g. Burnbank, or shared patient systems (e.g. NHS Acute trust results service available to GPs) and interconnects for data sharing with external government entities (e.g. Janet, SWAN). NHS Customers are unconstrained by the network, all services are accessible. Third Parties For Third Parties (e.g. external user of NHS systems like Hospices or private commissioned out of hours services, suppliers of 3rd party applications such as Burnbank) access is provided but restricted to the business needs of that customer to what they need to consume or provide. No internet access is provided for these customers. N3 operates as a hub and spoke network model delivered by one prime supplier; routing all traffic nationally to the access layer and between access PoPs over an inner core network. This does not natively support flexible inter-organisation connectivity routes; the current governance arrangements constrain multi party connectivity with a requirement to raise Change Requests to enable routing between endpoints. 3.2.2.2 N3 Connectivity N3 has circa 14,000 end customer connectivity orders that are live as direct access connections (access circuits connected to access PoPs on the N3 Core). Of these, there are approximately 8750 broadband access services, and 5000 ethernet access services. The vast majority of the sites connect to N3 Access POPs using a range of connectivity options ranging from xDSL (Digital Subscriber Links) for small sites to high capacity Ethernet connections for large sites. Strategic data centres connect directly to N3 Core PoPs. National Application Data Centre Connections Data centre connections that host national applications e.g. Spine, GPSoC. These are included in the provision of 30GB capacity on the N3 Core. Third Party Application Data Centre Connections Data centre connections procured and funded by third parties who offer application services to health customers. Note that these services self-fund extra capacity on the N3 Core above the centrally funded 30GB. This extra capacity is currently 6GB. NHS N3 Customer Access Connections There are approximately 8,000 GP site connections. The remainder are connecting sites for other NHS organisations (Acute, Mental Health and Community services). Non-NHS N3 Customer Access Connections There are a number of non-NHS access connections. For example, Local Authority sites (social care) or independent sector organisations such as third party ICT suppliers, independent health providers or pharmacies. These services have a controlled access to N3 services and are self-funded. Community of Interest Networks (COINs) Copyright © 2017 NHS Digital Page 12 of 45 A number of NHS Organisations have formed Community of Interest Networks (COIN) to meet both local and national requirements. COINs are bespoke builds, initiated from templates that are based on standard reference configuration designs and are connected into the core with geographic diversity by resilient gateway connections. There are approximately 70 N3 COINs. Of the 14,000 connection orders circa 3,600 are internal N3 CoIN connections that provide regional networks and are not directly connected to the N3 Core. Each CoIN has a resilient access connection onto the N3 Access Layer shared by all the locally connected sites. There are a number of independently provided regional COINS delivered under local contracts that are not part of N3 services, but who also have a resilient access connection to N3 Core. Aggregators These are commercial organisations who are accredited to aggregate N3 connectivity for other external parties. The connected organisations share a gateway connection to N3 Core, securely managed and controlled by the Aggregator. The connected organisations therefore do not have a direct access connection into N3. Examples of the services that are onward provided by the aggregated connectivity include: Pharmacies Opticians Third party suppliers of services to NHS customers. National Gateways N3 provides a number of National Gateways to other networks. The gateways are summarised below: Internet Gateway – for all outbound internet traffic PSTN/Mobile – for linking telephony services and mobile access into N3 Remote access – to support users connecting via VPN to services on N3 from public networks Government Connect Secure Extranet (GCSx) – for routing to other government networks Ministry of Defence (MOD) – specific gateway to the MoD network Joint Academic Network (Janet) – academic connection Scotland (SWAN) Wales Northern Ireland Isle of Man 3.2.2.3 N3 DNS/NTP N3 provides the authoritative Domain Name Service (DNS) and Network Time Protocol (NTP) services. 3.2.2.4 N3 Overlays The N3 network supports a number of application overlays: Voice services; Copyright © 2017 NHS Digital Page 13 of 45 Video and conferencing; Remote access services – VPN services to support customers remotely accessing their own networks from the internet. These are indirect connections onto N3 via the internet; and Mobile services – services to support remote access via mobile networks e.g. secure desktops with 3G services and VPN access over N3. These are indirect connections onto N3 via the mobile gateway service. Copyright © 2017 NHS Digital Page 14 of 45 4 HSCN Architecture 4.1 Introduction The Architecture detailed in this section represents a Target State to migrate the N3 service, beyond which we are not intending to document further transitions because these are subject to pending strategy decisions. The Architecture will deliver a range of new technical components to migrate N3 services. This Section details the new HSCN Components and the transition approach for migrating N3 services to this new architecture. 4.2 Architecture Principles The following principles underpin the network architecture: The HSCN architecture will be "open" to all Health and Social Care users and their partners with a valid need to connect without favour and on an equal access basis; The HSCN architecture will not constrain or mandate the number of network service providers in any way, subject to network service providers compliance to the HSCN Obligations; No HSCN service provider shall be able to technically constrain or block any other HSCN service provider; The HSCN will utilise public networks in preference to private networks, except where business requirements dictate otherwise; Private backbone services will be as small as possible, consistent with the business needs for a backbone, with the capability to reduce further as business needs evolve over time; HSCN will provide the capability to support fixed, mobile and remote access by its users; HSCN will support IP based applications and services (e.g. multi-media voice, video and data); Designs will include adherence to GDS Network Principles [Ref 5]; HSCN will be available 24hrs a day, 7 days a week for 365 days per year; and HSCN will provide security controls at the network layer to protect its own security, integrity and availability as a transport mechanism. Copyright © 2017 NHS Digital Page 15 of 45 4.3 Logical Network Topology 4.3.1 HSCN Target State The following diagram outlines the HSCN topology for the migration of N3 services: Access Connectivity DC Consumer Network 2 Consumer Network 1 Authoritative Technology Services HSCN ISP HSCN ISP Public routing DC Peering Exchange Data Security Centre Network Analytics HSCN ISP HSCN ISP Advanced Network Monitoring Internet External Network Gateway Consumer Network 3 Consumer Network 4 DC Access Connectivity HSCN Components Figure 2 - Target State 4.3.1.1 HSCN Components The HSCN will consist of the following Components: A number of Consumer Networks (CNs) that provide WAN routing between HSCN endpoints and access connectivity for end sites [note diagram has only 4 for illustration purposes]: o HSCN Access Connectivity for individual sites/organisations (e.g. NHS Hospitals, Primary Care, Community & Mental Health, Clinical Commissioning Groups (CCG), Care Homes, 3rd Parties) to the Consumer Network. o These services will be offered to HSCN Consumers directly including the end to end service to the Peering Exchange Network and other Copyright © 2017 NHS Digital Page 16 of 45 o o o HSCN end points on the Consumer Network. The HSCN Consumer will be required to complete an HSCN Connection Agreement in order to receive this service. Provide aggregation and virtual routing of HSCN traffic flows between CN end points, including as examples: To/from national applications Public routing to/from the Internet via provision of Internet Service Provider gateway (HSCN-ISP) Inter-site routing (application access, point to point data sharing). The CN services will be delivered by multiple network services providers that achieve HSCN Compliance [See Section 6]. These suppliers will be known as HSCN Consumer Network Service Providers (CN-SPs). The CN-SPs will provide the end to end service for HSCN Consumers including security, technical, delivery and service management responsibilities. CN-SPs may offer a range of network services from basic access circuits to full network provision (e.g. private WAN services). A Peering Exchange Network (PN): o Support all routing across the HSCN disaggregated networks including as examples: To/from national applications Inter Consumer Network routing. o Flexible and rapid path to connectivity / interconnectivity o Level playing field across the disaggregated supply of CNs o Simplified end-to-end Service Assurance & fault diagnosis o The PN services will be delivered by the Peering Exchange Network Service Provider (PN-SP). The Data Security Centre will: o Provide a monitoring and alerting capability, collecting and centrally collating information from all parts of the HSCN Components. The information will be used to support central security oversight of HSCN. o Provide cyber threat management to support the protection of the HSCN service overall from threats originating both externally and internally. o Manage the following components: Network Analytics Service (NAS) - ingesting network telemetry data to perform proactive and reactive analysis on the data in order to identify any malicious activity taking place over HSCN. Advanced Network Monitoring – filtering of outbound and returned HTTP Internet traffic to manage cyber threats. Authoritative Technology Services that provide the support for DNS and NTP to be consumed by other HSCN Components and applications that transit HSCN. Copyright © 2017 NHS Digital Page 17 of 45 4.3.1.2 Business Application Services The HSCN will support the delivery of key Business Application Services to provide value added business applications that exploit the IP network e.g. Voice / Collaboration / Video / Secure Remote Access. Network transit for these services will be over HSCN; but the services in themselves are not part of HSCN supply chain. These services are not shown on the diagram, as they are not part of HSCN delivered Components and Technology Services; but are included here as a description to illustrate the applications and services that will exploit the network. Note that these non-HSCN services may be used as transition vehicles for N3 Overlay Services such as voice and video. Please see Section 4.3.2.3. Delivering these services will not be subject to the HSCN Obligations; therefore may be provided by any supplier and are not restricted to suppliers who have achieved HSCN Compliance. They will be purchased off relevant Lots on frameworks such as the CCS Network Services Agreement (RM1045) or as direct contracts. For example, using RM1045 Lot 5 – IP Telephony Services to replace N3 Voice orders, or RM1045 Lot 8 – Videoconferencing services to replace N3 Video Conferencing orders. CN-SPs may offer these services to HSCN Consumers blended with HSCN services and with a service wrap that supports seamless service management. For example, CN-SPs may offer HSCN connectivity with consumer procured services such as voice and remote access; with one helpdesk provided for all delivery. The HSCN service will provide interoperability guidance to allow HSCN Consumers to purchase these applications that will be compatible to run over the HSCN. Guidance documentation and consumer support services will be provided to support implementation. Business Application Services may be delivered over the Internet direct and not connect HSCN. These applications will still be subject to Information Governance standards for data handling and security. HSCN Consumers can access these via the Internet outbound service provided under HSCN. 4.3.1.3 Future considerations The requirement for private and public backbone services is part of future strategy work that will be undertaken by the HSCN Authority during the period of transition. A new hybrid backbone service may be required for connecting critical hosted services to HSCN Consumers. This includes, as an example, National Applications (Spine / eRS) connected to N3 as National Application Data Centre Connections. Note that the main consideration in this process will be to support an “internet first” strategy. The hybrid backbone is currently envisaged to provide the following: - Direct connectivity for National Application Data Centre Connections that supports private and public routing to National Applications as required. The services will include appropriate cyber security capability to protect the National Applications estate. Copyright © 2017 NHS Digital Page 18 of 45 - Provide hosting access points for other services (current Third Party Application Data Centre Connections), where it is deemed that direct CN hosting and CN inter connectivity or direct internet provision does not support the security or performance levels required. Copyright © 2017 NHS Digital Page 19 of 45 HSCN Solution Overview v Draft 4.3.2 HSCN Transition State The following diagram outlines the HSCN topology for the migration of N3 services: Access Connectivity DC Consumer Network 2 Consumer Network 1 DC HSCN ISP HSCN ISP Public routing COIN Authoritative Network Services Aggregator Peering Exchange Transition Network Customer Access Connections Data Security Centre Network Analytics HSCN ISP Gateway Advanced Network Monitoring HSCN ISP Internet External Network Gateway External Network Consumer Network 3 Consumer Network 4 DC Access Connectivity Legacy Access Circuits HSCN Components Figure 3 - Transition State The following components will be included in scope of the HSCN delivery in order to support transition. 4.3.2.1 Transition Network A private backbone service will be delivered, known as the Transition Network. This service will provide the following: Core Network – main core network to route traffic between access services Access Services - For the period of migration provide end connections from legacy access circuits [See Section 4.3.2.2]. Head End Services for Broadband, VPN, Video Conferencing Provision of an Internet Gateway for legacy users. Provide the initial Authoritative Technology Services such as DNS, NTP. Provide connection to the Peering Exchange Network to support routing to/from other HSCN end points on CNs. This network will be centrally managed and supplied as part of the HSCN Programme, delivered by the HSCN Transition Network Service Provider (TN-SP). Page 20 of 45 Copyright © 2017 Health and Social Care Information Centre HSCN Solution Overview v Draft This service will be managed as a run-down solution as services are migrated from direct connectivity to connectivity onto new HSCN Components. For example as Legacy Access circuits are ceased and re-provided as HSCN Access Connectivity from CN-SPs. Therefore, the size of the Transition Network will reduce over time and will be procured for a period to allow the migration to be planned in a controlled manner that supports continuity of service for current N3 connections. The HSCN Programme will manage a Transition Plan that ensures the migration of all services connected to the Transition Network are transitioned to new connectivity by the expiry of the Transition Network service to enable a smooth exit. During the period of the run down an assessment of the requirement for private and public backbone services and the most suitable architecture for this will be undertaken. Depending on the outcome of this, a new procurement may commence to fully replace the Transition Network with a new hybrid backbone service for hosting services. (See Section 4.3.1.3) 4.3.2.2 Legacy Access Circuits The Legacy Access Circuits, as shown in the diagram, are the existing N3 Connectivity for customers on the N3 network which will be managed as Continued Orders by BT post the end of the N3 contract period. Note this includes single site connections, COIN gateway connections, Aggregators, Third Party Data Centre connections, the National Gateways and National Application data centre connections as per Section 3.2.2. These are the circuits which will be in place at the start of HSCN delivery as continued orders, but will migrate to HSCN connectivity provided by a CN-SP as part of the HSCN migration programme. These circuits, for the period of migration, will not be part of HSCN programme delivery, and will remain contracted between the owning customer and the current supplier as Continued Orders. At the point at which the HSCN Authority deems appropriate, it can stop taking any further Orders for N3 Connectivity and, in any event, this will occur at the cessation of the N3 Agreement. At this point, new circuits will no longer be provisioned. The migration approach to cease these circuits and provide the required HSCN connectivity to HSCN Consumers is summarised in Section 4.3.2.2 and will be further detailed by the HSCN programme on the HSCN website [Ref 9]. 4.3.2.3 Legacy Overlay services Legacy Overlay services will continue as orders for consumers; operating over their Legacy Access Circuits and the Transition Network. Page 21 of 45 Copyright © 2017 Health and Social Care Information Centre HSCN Solution Overview v Draft These services will not be directly replaced by HSCN services, but as Business Application Services detailed in Section 4.3.1.2. Support and guidance for migration as part of the transition will be provided by the HSCN programme in the HSCN website [Ref 9]. Page 22 of 45 Copyright © 2017 Health and Social Care Information Centre HSCN Solution Overview v Draft 4.3.2.4 N3 Component Migration The Transition State emphasises the need for seamless migration of key N3 Components (as described in Section 3.2.2) to the new HSCN services. Note that this migration is to support the key strategic objective of continuity of service for N3 customers migrating to HSCN services. N3 Component Transition State – at N3 expiry N3 Core Will be replaced by the HSCN Transition Network service N3 Connectivity National Application Data Centre connections Are part of the Legacy Access Circuits, remaining connected to the Transition Network Migration to Target State - Migration Viewpoint for consumers to access HSCN services and support the rundown of the Transition Network Will be run-down as services are migrated away from direct connections. Future Strategy Decisions required to complete the migration to Target State During the rundown of the Transition Network all connected services will be migrated with N3 circuits being replaced by HSCN Connectivity via either direct consumer procurement, an HSCN orchestrated procurement or a CCN of the current service. Once all are migrated to a future service or no longer need to be provided this service will be ceased. n/a Future decisions required for the appropriate hosting policy for each application; - generally, the following methods will be actioned: Service migrated to publically addressable location that could connect to a new hybrid backbone service or accessed direct from the Internet. Services will be migrated to a CN-SP provided service utilising Peering Exchange Network to route between connected CNs. Provision of a new reduced private backbone service connected to all CNs if this is required. The decision on the new connectivity for these services will be owned by the appropriate owning delivery programme in NHS Digital. (See Section 4.3.1.3) Page 23 of 45 Copyright © 2017 Health and Social Care Information Centre HSCN Solution Overview v N3 Component Transition State – at N3 expiry Third Party Application Data Centre Connections Are part of the Legacy Access Circuits, remaining connected to the Transition Network. Migration to Target State - Migration Viewpoint for consumers to access HSCN services and support the rundown of the Transition Network Two options: Migrate to a CN-SP provided service utilising Peering Exchange Network for private routing to multiple consumers and to/from the Transition Network. Third party supplier migrates service to be publically addressable; and procures their own ISP hosting service and HSCN Consumers access this via the internet over the CN-SP ISP connections. Note it is the responsibility of the customer of this connectivity to do the migration. However, the Transition Plan will support the decision making process. Draft Future Strategy Decisions required to complete the migration to Target State Future decisions required for the delivery of applications may be needed where the customer and third party supplier of the service does not feel that the provided CN-SP connectivity or migration to the internet will meet security or performance levels required. The following are being considered: Provision of a new reduced private backbone service connected to all CNs that could be used to host third party services if this is required. Note that use of the backbone for this purpose would need to be locally funded. Service migrated to publically addressable location that could be connected to a new hybrid backbone service if required or over the internet. Note that use of the backbone for this purpose would need to be locally funded. Note that current assumption is that the CN-SP provided service will be sufficient for these services, and it is unlikely that these services will require a hybrid backbone service. (See Section 4.3.1.3). NHS N3 Customer Access Connections Third Party N3 Customer Access Connections Aggregators Page 24 of 45 Are part of the Legacy Access Circuits, remaining connected to the Transition Network. Migrate to a CN-SP provided service utilising Peering Exchange Network for routing to multiple consumers and to/from the Transition Network. n/a Are part of the Legacy Access Circuits, remain connected to the Transition Network. Migrate to a CN-SP provided service utilising Peering Exchange Network for routing to multiple consumers and to/from the Transition Network. n/a Are part of the Legacy Access Circuits, remaining connected to the Transition Network. Migrate to a CN-SP provided service utilising Peering Exchange Network for routing to multiple consumers and to/from the Transition Network. n/a Copyright © 2017 Health and Social Care Information Centre HSCN Solution Overview v N3 Component Transition State – at N3 expiry N3 COINs The resilient gateway of the COIN is one of the Legacy Access Circuits, remaining connected to the Transition Network. Migration to Target State - Migration Viewpoint for consumers to access HSCN services and support the rundown of the Transition Network Migrate to a CN-SP provided service for the gateway connection, utilising Peering Exchange Network for routing to multiple consumers and to/from the Transition Network. Draft Future Strategy Decisions required to complete the migration to Target State n/a At the contract end of the current COIN provision, the HSCN consumer may procure a similar service from an HSCN CN-SP as a virtual COIN as a managed HSCN service. Alternatively if a private COIN is no longer required consumers could migrate to more standard options for HSCN Access Connectivity from a CN-SP. Third Party COINs The resilient gateway of the COIN is one of the Legacy Access Circuits, remaining connected to the Transition Network. As per N3 COINS n/a National Gateways Remain connected to the Transition Network The following gateways will remain in place until all Legacy Access Circuits that use them are migrated to HSCN Access Connectivity: Internet Gateway - Consumers of HSCN Access Connectivity must use CN-SP ISP services and cease routing over this Gateway. PSTN/Mobile Gateway – Consumers will need to migrate to new voice services (see below). Future decisions required for the appropriate gateway connectivity model may be required if as part of the review the assumed CN connectivity model is not deemed secure enough. The other gateways to external networks will be re-procured and migrated to a CN-SP provided service and contracted for directly by the customer of the service. Gateways connected to a new private backbone or direct into the Peering Exchange Service might then be provisioned. However, it is currently assumed that CN gateways will be the preferred delivery model. Note the Transition Plan will consider the approach for each Gateway and work with the customer of this service to aid their decision making on what service to migrate to, should it be a continuing requirement. Note that these gateways will utilise Peering Exchange Network to support access for all HSCN Consumers. Note: Gateways to be provided by CN-SPs as standard may be required e.g. mobile gateways. N3 Technology Services Page 25 of 45 Copyright © 2017 Health and Social Care Information Centre HSCN Solution Overview v N3 Component Transition State – at N3 expiry N3 DNS / NTP services Transition Network provides the authoritative service N3 Overlays N3 Overlays general Customer direct contracted Legacy Overlay services will, in general, continue for the contracted term and work over Legacy Access Circuits and the Transition Network. Draft Migration to Target State - Migration Viewpoint for consumers to access HSCN services and support the rundown of the Transition Network A new provider for new Authoritative Technology Services will be determined at a later date – cutover to the new service when available. Future Strategy Decisions required to complete the migration to Target State Procurement approach for the Authoritative Technology Services to be determined. Continued support for current Overlay Services - Obligations will be included that will require HSCN Network Service Providers to support the routing and connectivity across HSCN components to Legacy Overlay services that remain hosted on the Transition Network to support migration. n/a There are considerations during the transition state for a number of these services: A number of the services depend on N3 central infrastructure that will continue under the Transition Network, but the service will only be supported for the term of the TN. Customers will need to migrate to a new service during this period. NHS Digital is working with the current supplier on the continuation lifespan of these services under the Transition Network. A number of the services depend on configuration and setup of the network Customer Premises Equipment (CPE) - e.g. local N3 router. It may not be possible to configure new HSCN CPEs to interface with the Overlay service and so migration will be required before or with the HSCN Access Connectivity migration. Migration options: Page 26 of 45 Third Party Suppliers to offer new complementary Business Application Services for consumers that will operate over HSCN. Note that the HSCN CN-SPs will be able to do this. Legacy Overlays could be migrated to operate over HSCN services (CNSP) under change control between the current supplier and the customer. Note this may not be possible and further design work will be required to confirm that phased transition is possible or a one-time cutover to a new services is required. Copyright © 2017 Health and Social Care Information Centre HSCN Solution Overview v N3 Component Transition State – at N3 expiry VPN services – internal end site to end site VPN Continue to work over Legacy Access Circuits and Transition Network. Migration to Target State - Migration Viewpoint for consumers to access HSCN services and support the rundown of the Transition Network VPN services rely on an N3 central PKI infrastructure for the certificates; and also establish the IPSEC tunnel via CPE configuration to support the VPNs between end sites. Draft Future Strategy Decisions required to complete the migration to Target State n/a Under the existing deployed VPN solutions, N3 manage both ends of the VPN tunnel as configuration on the N3 supplied Customer Premises Equipment (CPE). HSCN programme has explored with the current supplier if the VPNs can be extended over third party managed CPEs to enable phased migration, and conclusion is that this will not be possible. Therefore, Consumers should consider migrating to new Closed User Group VPN services offered as part of CN-SP solutions delivered to customers, in order to simplify the management of this service with their new supplier. All sites which form part of the VPN service need to migrate in a tranche. Consumers need to consider periods where the VPN service is not available in this scenario with some phased cutover plans. Small site VPN: Consider migration to a new CN-SP service as one cutover. COIN VPNs: would move as part of a migration of the full COIN. Alternatively, Consumers need to consider delivering a VPN service via use of local equipment such as firewalls connected to either end of a Legacy Access Circuit and a new HSCN Access Connectivity service. Page 27 of 45 Copyright © 2017 Health and Social Care Information Centre HSCN Solution Overview v N3 Component Transition State – at N3 expiry Remote Access Service (RAS) – including external token VPNs Continue to work over Legacy Access Circuits and Transition Network. Note that current Remote Access Tokens expire after 3 years (see back on token for expiry date of token). New tokens will be able to be ordered from the current supplier via RM1045 while this service is still in use connected to the Transition Network. Migration to Target State - Migration Viewpoint for consumers to access HSCN services and support the rundown of the Transition Network Note that the existing Remote Access service is expected to continue to operate post migration to HSCN. However this will need to be tested by the customer and their supplier as part of migration. Draft Future Strategy Decisions required to complete the migration to Target State n/a The central RAS service itself is dependent on central N3 infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service. Therefore, it is recommended that HSCN Consumers migrate to a new remote access service that is available on HSCN as soon as possible, post migrating to new HSCN Access Connectivity. These new Remote Access Services will be connected to a CN-SP. These Remote Access Services will be Business Application Services as per Section 4.3.5. The new Service will be setup and connected through to sites on HSCN and can include routing to Legacy Access Circuit sites. Consideration should be given to moving to a new service connected to HSCN as soon as available. CN-SPs are expected to offer RAS services as part of their overall commercial offerings to HSCN Consumers. Users will need to be migrated to new RAS software for use on their devices. The current Remote Access service also works with the Extended VPN service; please see section on VPN services. Use of these by a customer for remote access needs to be considered as part of the same migration. Wi-Fi / LAN / Firewall Local services and no dependency on HSCN These are standalone services offered independent of the N3 network by the supplier. The services are expected to continue to operate post migration to HSCN. n/a The consumer will need to discuss with the supplier how reconfiguration, cutover, ongoing remote support will be maintained, including any potential requirement for small local changes to LAN/Firewalls to interface to HSCN Access Connectivity at the point of migration. Page 28 of 45 Copyright © 2017 Health and Social Care Information Centre HSCN Solution Overview v N3 Component Transition State – at N3 expiry Voice Continue to work over Legacy Access Circuits and Transition Network Migration to Target State - Migration Viewpoint for consumers to access HSCN services and support the rundown of the Transition Network The Voice service is dependent on central N3 infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service. Migration to a new service will be required during this period. Draft Future Strategy Decisions required to complete the migration to Target State n/a Many of the existing deployed Voice services rely on N3 provided equipment deployed locally and CPE configuration. HSCN has engaged with the supplier to establish what needs to be undertaken in order for these services to continue to operate post migration to HSCN Access Connectivity to support a phased migration to a new service. Video Conferencing Continue to work over Legacy Access Circuits and Transition Network The Video Conferencing service is dependent on central N3 infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service. Migration to a new service will be required during this period. n/a These services are independent of the CPE configuration, and so are expected to continue to operate post migration to HSCN. Consumers will need to develop their own migration plan away from this service; however, it can be undertaken separately to the network transfer. Consumer needs to ensure QOS applied. MeetMe / Webex Continue to work over Legacy Access Circuits and Transition Network Will continue to work over the full HSCN routing and connectivity services. Note that the existing N3 MeetMe and WebEx services are assumed to work with HSCN connected sites and users. However this will need to be tested by the customer and their supplier. n/a The N3 Meetme / Webex services are hosted on the internet and so will continue to work at the end of the Transition Network term. They do not rely on central N3 infrastructure or CPE configuration. Consumers will be able to migrate to new supplier offerings on contract expiry which will be from numerous suppliers. As an example, Unified Communications services are available already as Core and Additional / Topup Services on NHSMail2. Mobile Health Worker Page 29 of 45 Continue to work over Legacy Access Circuits and Transition Network Transition to new services as Remote Access is also migrated. The service relies on the Remote Access Service. n/a Copyright © 2017 Health and Social Care Information Centre 4.3.3 HSCN Traffic Flows HSCN will transition the N3 equivalent traffic flows functionality to a disaggregated delivery model that maintains the connectivity and routing across Health and Social Care services, supporting choice in supplier and technology for the HSCN consumer and allowing them to build flexible virtual cross-organisational networks to support all their business flows. The HSCN Access Connectivity will be provided with HSCN specific traffic flows across the Consumer Network. This will enable enterprise business flows, including to national services and the internet. Two open traffic flows will be supported by CN-SPs as standard: Routing to the internet direct from the CN-SP ISP services – known as HSCN-ISP Flow; and Routing to other HSCN end points; end points on the same CN, and end points on other CNs and the Transition Network via Peering Exchange Network – known as HSCN-Standard Flow. Other virtual closed user group routes can be supplied on CNs to support regional private sharing of data if required. These are not pre-built for consumers, and so will require design and extra implementation to support requirements. These can be used for community of interest data sharing between partner organisations. Note all diagrams in this section include Transition State flows for completeness. The following diagram shows the interconnection routing flows: Red represents public traffic to the Internet – HSCN-ISP Flow Green represents private traffic routed to services on the Transition Network – using HSCNStandard Flow Blue represents routing of traffic to other HSCN Consumers on the same CN or other CNs – using HSCN- Standard Flow. Copyright ©2017 Health and Social Care Information Centre Page 30 of 45 The Health and Social Care Information Centre is a non-departmental body created by statute, also known as NHS Digital. HSCN Solution Overview v Draft / Approved HSCN Interconnection Routing Patterns Internet -S CN P ISP CN (1) Network Services Provider Core Network HSCN Consumer Internet -S CN Transition Network P ISP Peering Exchange CN (2) Network Services Provider Core Network HSCN Consumer Internet -S CN P ISP CN (3) Network Services Provider Core Network HSCN Consumer Figure 4 - HSCN Interconnection Routing Patterns Copyright ©2017 Health and Social Care Information Centre Page 31 of 45 HSCN Solution Overview v Draft / Approved As an illustration, the following example business flows that will be supported by each CN are as follows: NHS National Apps Key Information Flows Community Health Application Admission Discharge Withdrawal GP Access to Radiology Results Acute PDS Trace Internet Access Referral for specialist services Internet Router Transition Network GP Practice Router Router Peering Exchange Router Router CN (n) Router Acute Hospital Router Router Router Router CN (1) Router GP Router Router Router Router Router Community Hospital External non HSCN COIN Local Authority – Social Services Dept Router Health Clinic – Shared by: GP Practice, Community Hospital Acute Hospital Figure 5 - HSCN Traffic Flow Examples Business Flow Examples in diagram Routing approach HSCN National Applications flow Acute PDS Trace to Spine PDS service HSCN national traffic flow across the CN and routed onward to the HSCN Transition Network. Uses HCSN-Standard Flow via Peering Exchange Network. HSCN Transition Network routes to the Spine connected data centre (PDS Service). Internet Access NHS Choices website access HSCN public traffic flow across the CN and routed onward to the CN-SP ISP. Uses HCSN-ISP Flow. CN-SPs provide internet breakouts as a separate ISP service to end consumers. Copyright ©2017 Health and Social Care Information Centre Page 32 of 45 HSCN Solution Overview Cross and Inter CN data sharing – data flows that are not closely coupled services Referral for specialist services (e.g. to specialist hospitals) v Draft / Approved The HSCN will flow traffic in an open network to other connected HSCN endpoints as standard functionality. Data flows between organisations that are not grouped together as a closed user group will use the HCSN-Standard Flow. This will be supported by cross CN flows to all HSCN endpoints and inter CN routing over Peering Exchange Network. Note it is also expected that most of these flows over time will be managed at an application level for example, via eRS or other interoperability options. Health and social care data sharing – shared commissioned services for closely coupled health communities GP access to Acute Radiology service NHS-Social Care Admission / Discharge / Withdrawal Community Health Application User defined application sharing requirement. Utilises consumer defined closed user group routing for greater security and consumer control. These flows are typically regional data sharing and often delivered via COINs in current models. Procured by the health economy from their HSCN CN-SP. These are closed user group services for a group of Health and Social care end organisations. For this to be delivered efficiently the organisations in the user group should be connected to the same CN, but they could also be extended across CNs if required. 4.3.4 HSCN Component Characteristics 4.3.4.1 Consumer Networks (CNs) A number of HSCN Consumer Networks (CNs) will support HSCN Access Connectivity and routing across HSCN. These will be delivered by CN-SPs on their public network acting as aggregator, contact point, control and administration between services supplied to HSCN Consumers. Provide HSCN Access Connectivity as a range of blended services providing varied bandwidth requirements, availability and resilience options to individual sites (e.g. NHS Hospitals, Primary Care, Community & Mental Health, CCG, Care Homes, and 3rd Parties etc). HSCN Consumer service provision for all their HSCN network services – will be the direct service provider to HSCN Consumers and work with other suppliers (TN-SP and PN-SP) to manage the service end to end. HSCN CN will be supplier agnostic in concept, by enabling and utilising an open market. CNs will provide the routing between sites connected to that CN and onward forwarding of traffic to the Internet, Transition Network, 3rd parties and other CNs via Peering Exchange Network. The CNs will support a range of connectivity and routing patterns, to allow regional virtual private networks combined with the HSCN traffic flows [Section 4.3.1]. Network Service Providers will be able to offer CN-SP services by gaining HSCN Compliance. Characteristics: Copyright ©2017 Health and Social Care Information Centre Page 33 of 45 HSCN Solution Overview Access Connectivity v Draft / Approved A variety of access configurations including: o Resilient Diverse – diversely routed access circuits connecting to two CN PoPs o Resilient – diversely routed access circuits to one CN PoP o Non Resilient – single access circuit connecting to one CN PoP Blended access technology offered included but not limited to the following: ADSL2 Fibre to the Cabinet (FTTC) Fibre to the Premises (FTTP) Ethernet (offering a range of bandwidths; 10Mbps, 25Mbps, 60Mbps and 100Mbps Committed Data Rate (CDR) to meet Organisation requirements Flex Ethernet – (offering a range of bandwidths; 200Mbps, 300Mbps, 500Mbps,1Gbps, 10Gbps) 3G and 4G Wireless Mobile Connections Gateway to PSTN / National Cellular networks managed as network-tonetwork interfaces. Note that these are to be provided for the delivery of voice business applications (see Section 4.3.5) and are not mandatory. Regional Data Centre gateway connectivity for third parties hosting applications consumed by HSCN Consumers including Business Application Services (See Section 4.3.5). Dual-stack Architecture is mandatory to support transition to IPv6. Core network Open traffic flows for HSCN connected services that are fully resilient and diversely routed Dispersed PoPs Dual-stack Architecture is mandatory to support transition to IPv6 Resilient connection to the HSCN Peering Exchange Network Routing Examples of potential routing options: ISP Services Closed user group virtual networks for logical grouping of sites and user organisations based on function (e.g. Primary Care), organisational (CCG and commissioned services), regional or a combination of these. Simple HSCN connectivity for consumers who are agnostic of regional sharing and requiring only the HSC-Standard Flow to other HSCN end points and to services connected to the TN (e.g. national applications), and HSCN-ISP Flow to the internet. ISP services that meet the security monitoring required in the HSCN Obligations Framework: Provision of security monitoring and management services to provide Copyright ©2017 Health and Social Care Information Centre Page 34 of 45 HSCN Solution Overview HSCN Technical & Security Obligations HSCN Service Obligations v Draft / Approved resistance to malicious attack and monitor usage. Routing of all public traffic to/from the Internet via HSCN Advanced Network Monitoring Service. Compliance to HSCN Technical and Security Obligations as per the HSCN Obligations Framework [Ref 8]. Included, but not limited to: IP Addressing DNS NTP QOS Security / IG Network Monitoring and Security management - including monitoring the internal CN providing outputs to the Network Analytics Service to support network monitoring across HSCN. Compliance to HSCN Service Obligations as per the HSCN Obligations Framework [Ref 8]. Included, but not limited to: Management capability for end to end performance issues (consumers and other HSCN Network Service Providers) Service performance reporting. 4.3.4.2 Peering Exchange Network (PN) Support all routing across the HSCN disaggregated networks including as examples: To/from national applications Inter Consumer Network routing. The PN services will be delivered by the Peering Exchange Network Service Provider (PN-SP). Characteristics: Interconnectivity Provides two Peering Exchange locations at geographically diverse Carrier Neutral Provider locations in London and Manchester. A highly available solution that provides an uncontended interconnection between all HSCN CN-SPs and the TN-SP. Interconnectivity between all HSCN NSPs will be open and unrestricted. The peering exchange provides appropriate routing capabilities for the scale of the network. The peering exchange will be capable as an option of hosting multiple logical networks such as VPN and VRF technologies. The service will be capable of dual stack support for IPv4 and IPv6 IP addressing and routing. The service will adhere to the NHS Digital IP Addressing Policy. Note that at the start of the service only IPv4 will be configured. Copyright ©2017 Health and Social Care Information Centre Page 35 of 45 HSCN Solution Overview Connections for CN-SPs and the TN-SP v Draft / Approved Provide resilient connection of up to 30 NSPs initially. Provide two connection options at 1Gbps and 10Gbps, with future plans for 40 and 100Gbps interfaces. Shall provide published and guaranteed service levels for NSP requested capacity including provision of all required interfaces. Manage the on-boarding and disconnection of Network Service Providers, including on-site engineering in the peering exchange facilities. Each Network Service Provider connected to the peering service shall be provided with its own exclusive interface at both peering exchange locations. Service Operate a 24x7x365 network operations centre to monitor and manage the peering exchange service. The peering exchange will have monitoring and maintenance tools that are accessible to NHS Digital and NSPs such as utilisation monitoring and a looking glass service. Comply with the necessary HSCN Obligations, including all aspects CAS(T) for the peering exchange service. The peering service will be subject to and maintain adherence to NHS Digital IA requirements including physical and logical security controls to secure the peering exchange infrastructure and management tools as amended from time to time by change control. ISO27001 compliance is mandatory requirement. 4.3.4.3 Transition Network (TN) The Transition Network will interconnect multiple HSCN Consumer Networks (CNs) to existing legacy connections via the Peering Exchange Network. The HSCN Transition Network will be a transition of the current N3 services to maintain existing routing to national services and regional traffic. This will be a short term service provision under new terms and conditions that will enable all legacy traffic to migrate to the new HSCN services whilst maintaining continuity of service. The service will diminish through its life with activity to remove traffic from this service, for example through, but not limited to: Routing of regional traffic over HSCN Consumer Networks between sites and not direct over the Transition Network, by migrating access circuits to HSCN Access Connectivity. Routing of outbound internet traffic by delivery of CN-SP ISP service – all HSCN Access Connectivity will route public traffic to the internet via these services and not traverse the Transition Network. Removal of national data centre services. Note the exact approach for the migration of these services is still to be determined but could be via internet enablement of health applications or migration to new HSCN Access Connectivity from a CN-SP, and so removal from Transition Network connectivity (see Section 4.3.1.3 and Section 4.3.2.3). Note: Options for services to be routed over the Transition Network will be restricted to continuation of connectivity of Legacy Access Circuits prior to migration. Specifically: Copyright ©2017 Health and Social Care Information Centre Page 36 of 45 HSCN Solution Overview v Draft / Approved There will be no new direct HSCN Access Connectivity connections onto the TN. All endpoint routing comes via a Consumer Network. There will be no new Business Application Services (see section 4.3.5) routed over the Transition Network except where they are required to route to customers connected via Legacy Access Circuits. Internet traffic will only be routed over the HSCN Transition Network to support customers connected via Legacy Access Circuits. The Transition Network will include the Authoritative Technology Services operating as the master version of the following HSCN Technology Services (see Section 4.3.5 for the future of these services): DNS NTP Other HSCN Components will be built to the management / policies specified by this service and use the technical DNS and NTP delivered service as the master. Further detail on the operations of this service is included in the HSCN Operational Design Overview [Ref 1]. Characteristics: Connectivity The Legacy Access Circuits will continue to connect to the HSCN Transition Network before migration to HSCN Access Connectivity. The number of these connections will diminish as migration to HSCN proceeds. Resilient Connection to the Peering Exchange Network. Core Network Right Sized Links between PoPs (depending on solution design, traffic analysis and ongoing requirements). Core technology services Core technology services will form part of the provision of this service and be accessed and used by the other technical components: HSCN Obligations o DNS o NTP HSCN Obligations compliance where appropriate will be included in the direct contract for this service, for example: o o o o o o o IP Addressing DNS NTP QOS Security / IG CN will need to comply with NHS Legacy IP Addressing Network Monitoring and Security management - including monitoring the internal network of this component and providing outputs to the Network Analytics Service to support network monitoring across HSCN. Copyright ©2017 Health and Social Care Information Centre Page 37 of 45 HSCN Solution Overview v Draft / Approved 4.3.4.4 Data Security Centre Cyber Security will be provided via a layered security approach with oversight by the Data Security Centre service consisting of the following: CN-SP Security Management; Network Analytics Service (NAS); Advanced Network Monitoring (ANM); DNS protection controls, including; URL Blacklist implementation and DNS Sinkhole Firewall protection controls, including; IP Blacklist implementation and NHS Digital provided blocked addresses. Further detail on the operations of this service is included in the HSCN Operational Design Overview [Ref 1]. Network Analytics Service (NAS) The Network Analytics Service (NAS) will supplement the Data Security Centre service by ingesting network telemetry data in near real time and performing proactive and reactive analysis on the data in order to identify any malicious activity taking place over HSCN. The NAS will identify the organisational source of any malicious activity in order that corrective action can take place. Further detail on the operations of this service is included in the HSCN Operational Design Overview [Ref 1]. Advanced Network Monitoring (ANM) HSCN Consumer Network Service Providers will direct all Internet bound traffic towards the Advanced Network Monitoring service. Outbound and inbound HTTP Internet traffic will be subjected to the ANM processes. ANM service shall identify and block known malicious activity and resources, including: Malware; Zero day malware; Worms; Viruses; IP Addresses and URLs; and botnet traffic. The ANM shall provide NHS Digital with logging and reporting with events and reports to be specified by NHS Digital. Copyright ©2017 Health and Social Care Information Centre Page 38 of 45 HSCN Solution Overview v Draft / Approved Advanced Network Monitoring via Cloud based Service ANM Connectivity: Service Providers point their Internet bound traffic to a predefined IP Address over the Internet via a VPN. Cloud based Advanced Network Monitoring supplier decrypts the VPN, applies the filtering rules and forwards the traffic to the Internet DC L4 Consumer Network Service Provider 2 L4 FW Consumer Network Service Provider 1 FW Access Connectivity HSCN ISP VPN HSCN ISP VPN Advanced Network Monitoring Peering Exchange Transition Network Internet HSCN ISP VPN HSCN ISP VPN External Network Consumer Network Service Provider 4 FW Consumer Network Service Provider 3 L4 FW L4 Gateway Access Connectivity HSCN & Transition Network Internet Figure 6 - HSCN Advanced Network Monitoring Service Data Security Centre The Network Analytics Service (NAS) and the Advanced Network Monitoring reporting will feed into the NHS Digital’s Data Security Centre service. The Data Security Centre service will ensure that Cyber Threats and Incident Management is undertaken with the correct people, process and technology. Data Security Centre Capabilities include: Incident Management (Internal) Investigation of SIEM alerts Management of NHS Digital Security Policy Monitoring of NHS Digital Physical Security Support into NHS Digital CareCERT for: National Broadcast Functionality Threat Analysis & Triage Health & Care System Incident Management. Data Security Centre supports CareCERT by supplementing the following functionality: Provides incident response expertise for the management of cyber security incidents and threats across the health and care system. Broadcasts potential cyber threats and suggests remedial actions to over 10,000 contacts in health and care, helping organisations protect themselves. Is a central source of security intelligence for health and care, working with cross government partners such as GovCertUK and CERT-UK. Supports the analysis of emerging and future threats through unique analysis tools and reporting. Copyright ©2017 Health and Social Care Information Centre Page 39 of 45 HSCN Solution Overview v Draft / Approved Provides insight for decision makers to help shape departmental strategy. Is a trusted source of security best practice and guidance. 4.3.5 HSCN Technology Services Each of the HSCN Components will include, as appropriate, Technology Services to support the requirements of data exchange between end points and across the HSCN, and are key enablers to the delivery of applications and systems. Interoperability Services Use of services and standards for configuration are required for interoperability, and the implementation requirements are included in the HSCN Obligations to deliver a consistent end to end service for the following: - Domain Name Service (DNS) - Network Time Protocol (NTP) - IPAM (IP Address Management) - Quality of Service (QoS). The new provider to deliver Authoritative DNS and NTP services for HSCN will be determined at a later date. The initial services will be provided as part of the Transition Network for use by CNSPs. Note that the HSCN Obligations include adherence to HSCN Policies and Standards for these services e.g. the NHS IP Addressing Policy. The HSCN Authority IP Address Management service will allocate IP Addresses to the HSCN Consumer. The CN-SP will set-up IP addresses for their connected customers, supported by IP Address Management processes. Security and Network Monitoring In addition, the HSCN Obligations include technical obligations to support network monitoring and monitoring of cyber incidents. Cyber incidents will be managed by the Data Security Centre. The CN-SPs will capture IPFIX telemetry data at points within their network capable of representing each consumer’s CPE device. Regardless of where the IPFIX data is collected it must be possible to determine the organisational source of the data upon analysis. As the telemetry data is collected it will be ‘exported’ to the NAS where the data will be aggregated, analysed and reported upon. The following diagram details the security telemetry flow on the HSCN Service: Copyright ©2017 Health and Social Care Information Centre Page 40 of 45 HSCN Solution Overview v Draft / Approved Figure 7 - Security Telemetry Flow Obligations have been made on service providers delivering HSCN service to ensure that the specified information flows (e.g. IPFix) representative of the CPE boundary points are provided to the NAS. The NAS service will aggregate the telemetry data, perform a deduplication process and then analyse the information based upon analysis rules created by the Security Cell team. Copyright ©2017 Health and Social Care Information Centre Page 41 of 45 HSCN Solution Overview v Draft / Approved HSCN NAS Telemetry Analysis Application IPFix Exporter Collector Exported Statistics HSCN Network Service Provider Example Key Fields Raw Files 2016-07-07 15.00.00 bin Source IP Address Destination IP Address Source Port Number Destination Port Number Layer 3 Protocol Type ToS Byte Value IFIndex Value Telemetry Analysis Application Logical Components Exporter - The device that collects the traffic passing through it and exports the information to the analysis system Collector – The part of the analysis system that collects the telemetry data from all exporters Aggregator – The part of the system that processes the collected statistics according to a set of criteria and keeps the obtained results (for example in a database) Raw Files – The binary files in which the analysis system keeps all the collected telemetry data Database – The part of the analysis system that stores the information obtained from the raw files and processes it according to the predefined requirements User Interface – The application used to view the processed information Aggregator Database Processed Data Output Data For Analysis User Interface Figure 8 - Security Monitoring Points In addition, the service providers will deliver security and network monitoring on their internal networks. Note the security controls delivered as part of the Data Security Centre service or as security HSCN Obligations on the Network Service Providers does not provide end to end security of applications and devices. Further guidance on the scope of the security controls provided will be supplied so that HSCN Consumers and application providers can understand the security boundary that HSCN provides. As a set of security principles: o HSCN will not provide security controls at higher layers on behalf of connected users or connected end-systems (i.e. to organisations, applications or data centres); the customer and application provider should instead ensure appropriate security controls are in place to protect those users, systems and data. o Confidentiality should be provided entirely within connected end-systems, not by the HSCN network. HSCN should not be used as the sole authentication/authorisation control to grant access to data and services. HSCN will not prevent data from being conveyed to and processed on an inappropriate end-user device. The suitability of different HSCN-connected devices (desktops, laptops, tablets, smartphones, etc.) to handle different data sets is a matter for end systems (users and application providers), not for HSCN. Copyright ©2017 Health and Social Care Information Centre Page 42 of 45 HSCN Solution Overview v Draft / Approved HSCN Consumer Solutions 5 Consumer Network Service Providers may choose to offer a range of options to HSCN consumers that encompass the end to end access and distribution layer service. Managed – Fully end to end service for HSCN Access Connectivity from consumer premises to an HSCN CN end points, with HSCN routing across the enterprise including the routing required to connect across the CN to National Applications (on the HSCN Transition Network) and the Internet. Un-managed – Wires only Access Connectivity from consumer premises to an HSCN CN; with managed HSCN routing service across the enterprise including the routing required to connect across the CN to National Applications (on the HSCN Transition Network) and the Internet. Gateway - HSCN gateway connections to other external networks/aggregators that are controlled connections. These are a specific form of access connectivity that includes managed secure boundaries between an external network and the HSCN. Elaborated example patterns of service offerings will be provided by the HSCN Programme on the HSCN website [Ref 9]. HSCN Consumers will be able to source services in several distinct ways; please see HSCN Operational Design Overview [Ref 1] for further details. Services must only be procured from HSCN Compliant CN-SPs. Note that a number of specialised Gateway services will need to be provided on CNs by CN-SPs to support delivery of Business Application Services: Third Party Data Centre hosting gateways Voice gateways for PSTN/Mobile networks. Copyright ©2017 Health and Social Care Information Centre Page 43 of 45 HSCN Solution Overview v Draft / Approved HSCN Obligations Framework 6 The interoperation of the HSCN Components will be underpinned by a set of HSCN Obligations to support end to end operations. CN-SPs will be assured against a set of obligations that ensures they work to requirements for interoperability. Where required, HSCN Policies and Standards will be developed to provide definitive detail on implementation. HSCN Compliance will be awarded to CN-SPs by undertaking the assurance process detailed in the HSCN Compliance Operating Model which can be found at https://www.digital.nhs.uk/health-social-care-network/connectivity-suppliers [Ref 4]. The HSCN Obligations that apply to the CN-SPs can be found at https://www.digital.nhs.uk/healthsocial-care-network/connectivity-suppliers. The HSCN Obligations will include, but be not limited to: Operations and Governance – operating procedures and controls, including o o o o Network Service Provision such as collaborative working and CN-SP Deed signature Governance Regime including as governance forums and reporting Compliance Process including assessment, evidence and renewal Connection Agreement Technical and Security – These include, but will not be limited to: DNS NTP QoS - requirements for Quality of Service and end-to-end assurance as appropriate IPAM - to work within (or address) known constraints and limitations, such as IP addressing Routing protocols and principles Network monitoring Security - controls and integrated monitoring o Provide security controls at the network layer of each of the technical components to protect its own security, integrity and availability as a transport mechanism. Service Management – These include, but will not be limited to: Service Integration; Service Standards; Incident Management; Change Management; Release Management; Service Improvement; Network Monitoring; and Performance Management. Copyright ©2017 Health and Social Care Information Centre Page 44 of 45 HSCN Solution Overview 7 v Draft / Approved References No 1 2 3 4 Description HSCN Operational Design Overview No longer used No longer used HSCN Compliance Operating Model 5 GDS Network Principles 6 7 8 No longer used No longer used HSCN Obligations Framework 9 HSCN Website ID TBD https://digital.nhs.uk/media/914/HSCN-ComplianceOperating-Model-v10/pdf/HSCN_Compliance_Operating_Model_v1_0 https://www.gov.uk/government/publications/networkprinciples/network-principles Published 7 July 2015 https://digital.nhs.uk/media/918/HSCN-ObligationsFramework-v40/xls/HSCN_Obligations_Framework_v4-01 https://digital.nhs.uk/health-social-care-network Copyright ©2017 Health and Social Care Information Centre Page 45 of 45
© Copyright 2026 Paperzz