HSCN Solution Overview - innopsis.org€¦ · Web viewHSCN Solution Overviewv Draft . HSCN...

Copyright © 2017 NHS Digital of 45

HSCN Solution Overview


Version 34.0

Published 12 April 201711 December 2019


[1.1.] 1.1.


Contents[1.1] Scope of this document 3[1.2] Reader Pre-requisites 4

[2] HSCN Overview 5[3] N3 Services Scope 8

[3.1] Introduction 8[3.2] Current N3 Scope 8

[4] HSCN Architecture 15

[4.1] Introduction 15[4.2] Architecture Principles 15[4.3] Logical Network Topology 16

[5] HSCN Consumer Solutions 43[6] HSCN Obligations Framework 44[7] References 45

1 Scope of this document 3

1.1 Reader pre-requisites 4

2 HSCN Overview 53 Transition Network services 7

3.1 Introduction 73.2 Transition Network scope 7

4 HSCN architecture 11

4.1 Introduction 114.2 Architecture principles 114.3 Logical Network Topology 12

5 HSCN Consumer Solutions 366 HSCN Obligations Framework 37

Table of Figures

[1.1.1.1.1.1] Figure 1: N3 Logical Topology .........................................................................................9


[1.1.1.1.1.2] Figure 2: Target State .....................................................................................................16

[1.1.1.1.1.3] Figure 3: Transition State ...............................................................................................20

[1.1.1.1.1.4] Figure 4: HSCN Interconnection Routing Patterns ......................................................31

[1.1.1.1.1.5] Figure 5: HSCN Traffic Flow Examples .........................................................................32

[1.1.1.1.1.6] Figure 6: HSCN Advanced Network Monitoring Service .............................................39

[1.1.1.1.1.7] Figure 7: Security Telemetry Flow .................................................................................41

[1.1.1.1.1.8] Figure 8: Security Monitoring Points ............................................................................42


Figure 1 – Transition Network Logical Topology ................................................................8Figure 2 - Target State .........................................................................................................12Figure 3 - Transition State ..................................................................................................15Figure 4 - HSCN Interconnection Routing Patterns ..........................................................25Figure 5 - HSCN Traffic Flow Examples .............................................................................26Figure 6 - HSCN ANM/NHS Secure Boundary Service .....................................................32Figure 7 - Security Telemetry Flow ....................................................................................34Figure 8 - Security Monitoring Points ................................................................................35

1 Scope of this documentThis document provides an overview of the HSCN solution. Further information about the operational design and the HSCN Capabilities that will deliver the services is detailed in the HSCN Operational Design Overview.HSCN Operational Design Overview.

The HSCN Solution is summarised to enable all stakeholder groups to understand: What technical services are being supplied as part of the HSCN; and How the HSCN services will replace the incumbent services. So that:

So that:

The HSCN Programme Board can, on behalf of Department of Health and Social Care, assure that the HSCN SolutionsSolution meets theirthe strategic requirements;

The Programme can confirm that the HSCN Solution meets requirements; Consumers understand what will be the replacement technical solution for their current service; Suppliers can understand the technical capabilities they will deliver; and.

The Solution Design team can develop the detailed design (e.g. level 3 and below).This document details the approach for the transition of services from N3;the Transition Network (formerly known as the N3); maintaining seamless continuity of network services and transitioning to new supplier services. The longer term strategy for network delivery and wider innovation are not included.is detailed in NHS Digital’s Internet First Policies and Guidance.

This document includes as follows:

https://digital.nhs.uk/services/internet-first

https://digital.nhs.uk/binaries/content/assets/legacy/pdf/5/n/hscn_operational_design_overview_v4.0_external_for_publication.pdf


Section 1 Document Purpose This section

Section 2 HSCN Overview An overview of the HSCN and its key objectives

Section 3 Current N3Transition Network Scope

An overview of the current Transition Network (formerly N3) services that will be transitioned to HSCN services

Section 4 HSCN Architecture An overview of the HSCN Architecture that describes the scope of the services to be delivered. This includes an overview of the separate network components that connect the HSCN together. Includes descriptions of the network components.The architecture detailed in this section represents a Target State for the new service, and details a Transition State for the migration of services from the current N3Transition Network service. There are a small number of pending strategy decisions that will determine final target state. (See Section 4.3.1.3)

Section 5 HSCN Consumer Services A brief description of the services that HSCN Consumers will receive.

Section 6 HSCN Obligations Framework

A brief description of the HSCN Obligations Framework that will govern the technical and operational inter supplier working of the HSCN Components to deliver the network services required.


Section 7 References References to documents in the HSCN solution set.

[1.2] Reader Prepre-requisites None, though the Solution Overview should be read in conjunction with the Operational DesignOperational Design Overview [Ref 1]..

https://digital.nhs.uk/binaries/content/assets/legacy/pdf/5/n/hscn_operational_design_overview_v3.0_external_for_publication.pdf

Copyright © 2017 NHS Digital of

2 HSCN Overview The stated vision of the Health and Social Care Network (HSCN) Programme is:

“HSCN will enable a future where health and social care unite to transform patient care and services through the provision of greater connectivity, putting data and information at the

fingertips of clinicians, health and care professionals and citizens”The HSCN programme was established by the Department of Health (DH) in July 2014 to:

Manage the exit from the existing N3, the contract by for which ended on 31 March 2017;. The N3 contract was superseded by a two phase approach: -

o 1) The Transition Network

o 2) The Continuing Orders programme

Provision successor services to those currently provided under the N3 contract; Manage the transition to successor services; and,

Establish a network solution capable of supporting the evolving health and social care landscape. Manage the migration to successor services; and provide a transition path to fulfil NHS Digital’s Internet

First strategy

The scope of the proposed investment covers English NHS-funded healthcare providers, including public and private organisations covered within the scope of current N3 provision, and social care providers in England. The scope excludes providing network Network connectivity tofor Scotland, Northern Ireland, Wales and the Isle of Man; however connectivity between networks will to the English private network can be requiredaccommodated should they wish to continue to access the network for as long as it is available.The user scope for N3private networking has developed significantly since the original N3 business case in 2004, which focused principally on healthcare organisations. With the introduction of the Health and Social Care Act 2012, health and social care is provided through a wide range of organisations, including councils, other local government bodies, and charities and voluntary organisations who all need access to the private network.HSCN will provideprovides a reliable, efficient and flexible way for health and social care organisations to access and exchange electronic information. By reducing cost and complexity, standardising networks, enabling service sharing and extending the parameters of collaborative working in different organisations, it will savesaves money, enableenables information to be reliably shared and helphelps staff work together in more effective and efficient ways.HSCN provides the robust yet flexible foundation layer upon which transformed health and social care services can be built. It aims to support HSCN supports a world where anyone involved in the delivery of health and social care services can access the information and services they need to do their job from any location at any time and without the need for complex, bespoke and expensive ICT arrangements.HSCN is designed to support the aspirations set out by the Department of Health and NHS England through the Five Year Forward View and National Information Board – Personalised Health and Care 2020 as well as NHS Sustainability and Transformation Plans and ,Local Digital Roadmaps. and the Inernet First initiative. These strategies cite increased levels of collaboration and integration between health and social care providers as essential to driving improvements and efficiencies. Improved information sharing and the ability to work flexibly to deliver joined up health and social care services to citizens and patients are common features across all these initiatives. The HSCN programme will putputs in place the underlying standards, infrastructure and services that benefit the wider integration




of health and social care.; including, DNS Internet perimeter security and standards for Cloud connectivity. The policy regarding Cloud Services and Cloud connectivity can be found here

HSCN will createcreates a marketplace for numerous suppliers to compete to deliver standardised, interoperable, better, faster and cheaper connectivity services to health and social care providers. By devolving both the responsibility and the funding for commissioning HSCN

https://digital.nhs.uk/binaries/content/assets/website-assets/services/hscn/hscn-csp-policy-ver1.0.pdf


connectivity services, it will empowerempowers NHS organisations to buy what they need from the besttheir chosen suppliers and in collaboration with both NHS and non-NHS delivery partners.The stated spending objectives within the FBC are as follows;

Support the move from N3the TN to a new service whilst ensuring future innovation and a transition path to fulfil the Internet First initiative is built in.

Provide integrated connectivity to enable wider health and social care organisations to access national health IT services.

Deliver a smallermore efficient service – that only provides from the centre the infrastructure needed to enable network connectivity across the health and social care system.

Create a competitive marketplace for interoperable and cost effective network services. A better value for money service – utilise the purchasing power of Government to improve value

for money and get the best possible price in part by disaggregating the different parts of the network components to enable a wider variety of suppliers to bid for the work.

A shorter contract length that enable more regular market testing to drive down costs.

The HSCN Solution needs to enableenables the programme’s spending objectives; foremost of which is:“Support the move from N3the TN to a new service whilst ensuring future innovation and a transition path to fulfil the Internet First initiative is built in.”

It will dodoes this by delivering the following technical solution services:Establishment of a disaggregated, multiple provider network architecture (See Section 4);Defining HSCN Obligations FrameworkObligations Framework that will require the HSCN services to meet the HSCN Obligations, Policies and Standards;Defining HSCN Obligations, Policies and Standards that enable safe, reliable and efficient interoperability;Establishing an HSCN Compliance Operating Model to allow multiple network service providers to offer HSCN Services that meet the HSCN Obligations;Enabling a more open marketplace with multimultiple providers and increased local empowerment for consumers to choose HSCN services;Supporting the creation of virtual ‘Community of Interest’ or ‘Regional’ networks where the majority of collaboration and data sharing will take place;

Establishment of a hybrid backbone architecture for Internet and national private traffic (see Section 4);

Supporting early migration to the Internet as the primary data transit mechanism for health and social care information;

Reducing the size and cost of a centrally provided private core network, whilst continuing to support national applications and services that need the availability and performance of a private network;Bringing disaggregated Internet provision within the scope of a layered security monitoring approach; to support a longer term strategy of reducing the reliance on private networking;

Improve the cyber defence capability by the provision of active cyber defence capabilities

included within the service supplementing the activities carried out by the Data

Security Centre – please see HSCN Operational Design Overview [Ref 1];;

Delivering core supporting technology services such as DNS/NTP; and


Delivering a controlled and stable transitionmigration from current N3TN services to the replacement HSCN services


[2] N3 Services Scope [2] Transition Network services 2.1 IntroductionIn order to fully understand the scope of the HSCN programme it is necessary to understand, at a high level, the nature of the existing N3Transition Network provision in terms of the technical capabilities that currently support the Health and Social Care connectivity needs. The boundary of scope for the HSCN Programme has been established to enable the programme’s strategic objectives (see Section 1); foremost of which is:“Support the move from N3TN to a new service whilst ensuring future innovation and a transition path to fulfil the Internet First initiative is built in”..”

This Sectionsection will detail the current scope of N3 the Transition Network technical services. Section 4.4 includes details on which HSCN services will be used as the migration vehicle where required.

[2.1] Current Transition Network scope

1.1 N3 Scope N3 providesprovided a high quality, fully managed, Wide Area Network (WAN) and hashad over 40,000 direct, virtual and aggregated connections. These services consistconsisted of direct access connections, VPN connectivity and connections that linklinked to N3 via an Aggregator.

The NHS relies on reliable network connections to support national systems such as GP clinical systems, regional systems such as digital imaging and local systems such as patient administration. Health and social care delivery now involves the private sector, local government and allied professions such as opticians, dentists and pharmacists; and is further expanding with AQP providing NHS services and increasing integration with social care. A number of these services are already delivered over N3.

There are Gateways to other Government networks (e.g. Janet and MoD) and the Internet.

April 2017 saw the expiry of N3 contract, which was replaced by the BT Transition Network and the Continuing Orders programme.

The Transition Network service is managed as a run-down solution as clients and services are migrated off of TN. For example, Legacy Access circuits are ceased and re-provided as HSCN Access Connectivity from CN-SPs. Therefore, the size of the Transition Network is reducing over time.

The Transition Network contract allows the migration to HSCN to be planned in a controlled manner that supports continuity of service for Legacy N3 connections.

This Sectionsection summarises the current scope of the N3 service, and as such what is required to be transitioned to a new HSCN service. Figure below is an abstraction of the Transition Network service.

2.1.1 Transition Network (TN)

The Transition Network (TN) supports the Legacy N3 network and how it products and services during their migration to HSCN and provides network connectivity:


Core Network functionality supporting the management and routing of network traffic within the TN, connecting Points of Presence (PoPs) and supporting external Gateways

Access PoPs that support the remaining Legacy N3 Access Services Head End services in various ways, Broadband, Video Conferencing (VC) and Virtual Private Network

(VPN), that support the remaining Legacy N3 Services Enhanced Internet Gateway (EIG) consisting of an Internet Gateway, Enhanced Monitoring Service

(EMS) and Advanced Behavioural Analysis Suite (ABAS) Security Management Services Connectivity to the Transition Network is available to a number of customers across Health and Social

Care. It also illustrates the HSCN users via the Peering Exchange. This allows HSCN users access to any Legacy N3 applications and services, plus the variety and complexity in which those services are consumed: that remain on the TN.


Third Party

Suppliers

The figure below demonstrates how the Transition Nework provides optimal use of existing assets to provide continuity of service during migration to HSCN:


Figure 1 - N31 – Transition Network Logical Topology

ItThe Transition Network is available 24hrs a day, 7 days a week for 365 days per year. The service is delivered in accordance with NHS Digital Policy and Standards.NHS Digital Policy and Standards.

The original design and key aims of the network were Transition Network are to provide a stable and flexible infrastructure to maintain support the work of the National Programme for IT (NPfIT)remaining N3 applications and services. The nature of the services and applications supported by the network has changed over this period, and requires revision under HSCN.

[3.2.1] Supply Model

N3 is an ‘integrator’ model where the supplier (BT) acts as an intermediary between the requirements of network users and the range of telecoms services available from sub- contractors and takes responsibility for service delivery. There is no customer choice on the supply chain.

The to support the legacy N3 Service is structured as a combination of Foundation

and Catalogue Services. Foundation Services are:

Predominantly over-arching management services;

Paid for centrally; and

https://digital.nhs.uk/about-nhs-digital/our-work/nhs-digital-data-and-technology-standards


Include: helpdesk; end-to-end service level reporting; network management; access control management; technical management e.g. IP Addressing allocations and management; problem management; fault resolution; technical design; catalogue management; user


groups; customer satisfaction surveys; specialist customer engagement staff; liaison with other national health informatics suppliers etc.

Catalogue Services:

Services availableclients during migration to order by service consumers from BT.HSCN.

Funded by DH and/or customer organisation. Allocation of DH funding against N3 Catalogue Services was originally governed by the N3 National Allocation Algorithm (NAA) and whilst this is principally still the case, allocation has developed into a more flexible arrangement by custom and practice to allow local top ups for additional services.

Consist of a multiplicity of options – there are a large number of standard Catalogue Services (“standard reference configurations”) in regular day-to-day use. Customers can also bespoke their requirements from these standards.

Are reassessed, and where appropriate refreshed every two years with revised pricing to reflect the market value at the time of call off and changes in technology available.

Provide only Wide Area Network access and capacity and overlay services. Provision of LAN (Local Area Network) connectivity within a site, clinical applications and any hardware and software associated with the applications is outside of the scope of N3.

[3.2.2] Network components

N3 Components DescriptionN3 Core The main distribution layer network providing the NHS private

network servicesN3 Connectivity as follows:

A range of varied customer connections to support connectivity and data sharing across all parties involved in health delivery. These are based primarily on Ethernet and DSL services.

National Application Data Centre Connections

Data centre connections that host national applications e.g. Spine, NHSMail. Under the service control of NHS Digital.

Third Party Application Data CentreConnections

Data centre connections procured and funded by third parties who offer application services to health customers

NHS N3 Customer AccessConnections

NHS customer site access connectivity e.g. hospitals, clinics, GP Practice medical centres

Non-NHS N3 Customer Access Connections

Non-NHS customer site access connectivity e.g. Local Authority Social Care sites, third party service providers

N3 COINs Community of Internet Networks that provide closed user group private network to a set of sites with one gateway connection into N3 Core. These mostly consist of NHS end customer sites but can include third party connections and non-NHS sites.

Third Party COINs As above, but not delivered by N3 and so the only N3 service provided is the gateway connection into the N3 Core managed as a single N3 Connectivity service


Aggregators Commercial third parties who provide aggregated connectivity for a large number of other parties such as pharmacies

National Gateways N3 supports a number of National Gateways to external networks

N3 DNS / NTP services Technology services to support interoperability for applications that transit the network

N3 Overlays Value added application services that transit over the network. These are generally funded by customers, with a number of exceptions where procured for national NHS services or as part of GP ICT services

VPN services – internal network site to site VPNs

VPN services that provide a regional or organisation specific closed user group virtual private network over N3 for a set of end sites.

For example, small VPN services linking one main site to 2-5 other sites, used to support link branch GP Practices sites to the main site, or larger VPN services for COINS.

Remote Access – include external token VPNs

VPN to Remote access gateway and VPN extensions and VPN tokens to support remote access by users to their N3 connected sites from internet and mobile locations.

Includes an option for non-NHS users to remotely access N3 services from their third party networks. Note this service shares internet service components with the Internet Gateway.

Wi-Fi / LAN / Firewall

Local site network services for managed LAN / Wi-Fi and firewalls. Note that this has largely been taken up for services commissioned by NHS England at a national level and are not rolled out to larger parts of the NHS.

Voice Voice service for IP Telephony

Video Conferencing

Video conferencing services

MeetMe, WebEx Collaboration tools for end users

Mobile Health Worker

Devices and remote access network integration to support users working with mobile devices and remotely from N3 connected sites

[3.2.2.1] N3 Core

N3 is delivered as 5 Core Points of Presence (Core PoPs) that are connected as an ‘inner core’ network. These are connected to 59 Access Points of Presence (Access PoPs) in England to underpin the national connectivity of N3 and collectively form the N3 Core Network. The current core of the network is commercially provisioned to provide a capacity limit of 30GB for NHS traffic and it is one of the largest VPN networks in Europe.

Routing over the N3 network provides access to the range of supported types of consumer as follows:


[2.1.1.1.1.1] NHS CustomersFor NHS Customers this means connectivity to the Internet, national systems (e.g. Spine / GPSoC) and any agreed other services available over N3 (third party application providers e.g. Burnbank, or shared patient systems (e.g. NHS Acute trust results service available to GPs) and interconnects for data sharing with external government entities (e.g. Janet, SWAN). NHS Customers are unconstrained by the network, all services are accessible.

[2.1.1.1.1.2] Third PartiesFor Third Parties (e.g. external user of NHS systems like Hospices or private commissioned out of hours services, suppliers of 3rd party applications such as Burnbank) access is provided but restricted to the business needs of that customer to what they need to consume or provide. No internet access is provided for these customers.

N3 operates as a hub and spoke network model delivered by one prime supplier; routing all traffic nationally to the access layer and between access PoPs over an inner core network. This does not natively support flexible inter-organisation connectivity routes; the current governance arrangements constrain multi party connectivity with a requirement to raise Change Requests to enable routing between endpoints.

[3.2.2.2] N3 Connectivity

N3 has circa 14,000 end customer connectivity orders that are live as direct access connections (access circuits connected to access PoPs on the N3 Core). Of these, there are approximately 8750 broadband access services, and 5000 ethernet access services.

The vast majority of the sites connect to N3 Access POPs using a range of connectivity options ranging from xDSL (Digital Subscriber Links) for small sites to high capacity Ethernet connections for large sites. Strategic data centres connect directly to N3 Core PoPs.

[2.1.1.1.1.3] National Application Data Centre ConnectionsData centre connections that host national applications e.g. Spine, GPSoC. These are included in the provision of 30GB capacity on the N3 Core.

[2.1.1.1.1.4] Third Party Application Data Centre ConnectionsData centre connections procured and funded by third parties who offer application services to health customers. Note that these services self-fund extra capacity on the N3 Core above the centrally funded 30GB. This extra capacity is currently 6GB.

[2.1.1.1.1.5] NHS N3 Customer Access ConnectionsThere are approximately 8,000 GP site connections. The remainder are connecting sites for other NHS organisations (Acute, Mental Health and Community services).

[2.1.1.1.1.6] Non-NHS N3 Customer Access ConnectionsThere are a number of non-NHS access connections. For example, Local Authority sites (social care) or independent sector organisations such as third party ICT suppliers, independent health providers or pharmacies.

These services have a controlled access to N3 services and are self-funded.

[2.1.1.1.1.7] Community of Interest Networks (COINs)


A number of NHS Organisations have formed Community of Interest Networks (COIN) to meet both local and national requirements. COINs are bespoke builds, initiated from templates that are based on standard reference configuration designs and are connected into the core with geographic diversity by resilient gateway connections. There are approximately 70 N3 COINs. Of the 14,000 connection orders circa 3,600 are internal N3 CoIN connections that provide regional networks and are not directly connected to the N3 Core. Each CoIN has a resilient access connection onto the N3 Access Layer shared by all the locally connected sites.

There are a number of independently provided regional COINS delivered under local contracts that are not part of N3 services, but who also have a resilient access connection to N3 Core.

[2.1.1.1.1.8] AggregatorsThese are commercial organisations who are accredited to aggregate N3 connectivity for other external parties. The connected organisations share a gateway connection to N3 Core, securely managed and controlled by the Aggregator. The connected organisations therefore do not have a direct access connection into N3.

Examples of the services that are onward provided by the aggregated connectivity include:

Pharmacies Opticians Third party suppliers of services to NHS customers.

[2.1.1.1.1.9] National GatewaysN3 provides a number of National Gateways to other networks. The gateways are summarised below:

Internet Gateway – for all outbound internet traffic PSTN/Mobile – for linking telephony services and mobile access into N3 Remote access – to support users connecting via VPN to services on N3 from public

networks Government Connect Secure Extranet (GCSx) – for routing to other government

networks Ministry of Defence (MOD) – specific gateway to the MoD network

[2.1.2] Joint AcademicTransition Network components

The transition Network is made up of two main layers

The Core The Access Layer

The Transition Network hosts the Legacy N3 components whilst facilitating their migration to either HSCN or the internet.

2.1.1.1 Transition Network (Janet) – academic connectioncore

Scotland (SWAN) Wales Northern Ireland

IsleThe core layer is responsible for providing interconnections between:


The Points of Man[3.2.2.3] N3 DNS/NTP

N3 provides Presence (PoPs) in the authoritative Domain Name Service (DNS)Access Layer Gateways to the internet and Network Time a Multi-Protocol (NTP)Label Switching (MPLS) service Connectivity for Legacy N3 Services, including Legacy Data Centre services.

[3.2.2.4] N3 Overlays

The N3 network supportsCore Network, Peering Connection Service and the HSCN Peering Exchange Network

2.1.1.2 . TN Access Layer

The Access Layer includes a number of application overlays:chargeable PoPs that provide Network access to the TN. Each PoP is resiliently connected to the core via ethernet.

Each PoP provides support for ethernet and private circuit based Legacy N3 Access Service.

The Voice services;


Video and conferencing; Remote access services – VPN services to support customers remotely accessing

their own networks from the internet. These are indirect connections onto N3 via the internet; and

Mobile services – services to support remote access via mobile networks e.g. secure desktops with 3G services and VPN access over N3. These are indirect connections onto N3 via the mobile gateway service.


[3] HSCN Architecture Access Layer also acts as the bearer interface for legacy VPN services and legacy Broadband services.

PoPs are subject to continual review with the objective of decommissioning PoPs when no Legacy N3 Access Services remain connected to them or under the specific retirement conditions.

2.1.1.3 Head End services

Broadband: This allows TN End Users of the broadband Legacy N3 Services to continue to utilise their existing links to connect to the TN Service whilst they migrate to HSCN.

This VPN Head End allows all TN Consumers of a VPN Legacy N3 Service to continue to utilise the service until migration to HSCN. This VPN Head End consists of a managed central infrastructure. The central infrastructure and associated internet connectivity provide the remote access services, including Firewalls, switch, routers, VPN concentrators and authentication services.

Enhanced Internet Gateway: The Internet Gateway service provides TN End Users with continued outward bound connectivity to the internet and includes a firewall and URL filtering service

Video Conferencing Head End: This service allows TN consumers continued use of the legacy Video Conferencing service until migration to HSCN. It provides:

o Secure connection to the Video Conferencing management service. o Managed Video Conferencing Bridge. The managed bridge is inside the TN with connectivity to

both the TN and the internet. This provides an online tool for booking and scheduling meetings along with a central directory of all registered video conferencing units

o Central ISDN Breakout. This feature enables communications with other Video Conferencing users still on ISDN.

HSCN Peering Connectivity Services: The HSCN Peering Exchange Network is independently contracted by the NHS Digital, who contract with the Peering Service Provider for use of this service.

2.1.1.4 Legacy services

Legacy services consist of services that were resident on the N3 and are in the process of being migrated either to HSCN or are being transitioned to the internet (including Cloud Services). These include several Clinical Services applications.


3 HSCN architecture 3.1 IntroductionThe Architecture detailed in this section represents a Target State to migrate the N3 service, beyond which we are not intending to document further transitions because these are subject to pending strategy decisionsTransition Network services and provide a transition path to fulfil the Internet First initiative to reduce the reliance on private networking and move to a wholly internet based provision.

The Architecture will deliverdelivers a range of new technical components to migrate N3Transition Network services.

This Sectionsection details the new HSCN Components and the transition approach for migrating N3Transition Network services to this new architecture.

[2.2] Architecture Principlesprinciples The following principles underpin the network architecture:

The HSCN architecture will be "open" to all Health and Social Care users and their partners with a valid need to connect without favour and on an equal access basis;

The HSCN architecture will not constrain or mandate the number of network service providers in any way, subject to network service providers compliance to the HSCN Obligations;

No HSCN service provider shall be able to technically constrain or block any other HSCN service provider;

The HSCN will utilise public networksincentivise the use of the internet in preference to private networks, except where business requirements dictate otherwise;

Private backbone services will be as small as possible, consistent with the business needs for a backbone, with the capability to reduce further as business needs evolve over time;

HSCN will provide the capability to support fixed, mobile and remote access by its users; HSCN will support IP based applications and services (e.g. multi-media voice, video and data); Designs will include adherence to GDS Network Principles [Ref 5];; HSCN will be available 24hrs a day, 7 days a week for 365 days per year; and HSCN will provide security controls at the network layer to protect its own security, integrity and

availability as a transport mechanism.


3.2 Logical Network Topology

[2.2.1] HSCN Target StateThe following diagram outlines the HSCN topology for the migration of N3 services:


3.2.1.1 HSCN Components

Figure 22 - Target State

[4.3.1.1] HSCN Components

[2.2.1.1] HSCN Components

The HSCN will consistconsists of the following Components:

A number of Consumer Networks (CNs) that provide WAN routing between HSCN endpoints and access connectivity for end sites [note diagram has only 4 for illustration purposes]:

o HSCN Access Connectivity for individual sites/organisations (e.g. NHS Hospitals, Primary Care, Community & Mental Health, Clinical Commissioning Groups (CCG), Care Homes, 3rd Parties) to the Consumer Network. (CN).

o These services will beare offered to HSCN Consumers directly including the end to end service tothrough the Peering Exchange Network and other


o HSCN end points on the Consumer Network.. The HSCN Consumer will beis required to complete an appropriate HSCN Connection Agreement in order to receive this service.

o Provide aggregation and virtual routing of HSCN traffic flows between CN end points, including as examples:

To/from national applications Public routing to/from the Internet via provision of Internet Service

Provider gateway (HSCN-ISP) Inter-site routing (application access, point to point data sharing).

o The CN services will be delivered by multiple A Consumer Network Service Provider (CN-SP) can deliver the HSCN network services providers that achieveonce they have achieved HSCN Compliance [See Section 6]. These suppliers will be known as HSCN Consumer Network Service Providers (CN The CN-SPs). The CN-SPs will provide the end to end service for HSCN Consumers including security, technical, delivery and service management responsibilities.

o CN-SPs may offer a range of network services from basic access circuits to full network provision (e.g. private WAN services)., Voice over IP, Video Conferencing and Cloud services).

A Peering Exchange Network (PN):o Support all routing across the HSCN disaggregated networks including as examples:

To/from national applications Inter Consumer Network routing. Flexible and rapid path to connectivity / interconnectivity Level playing field across the disaggregated supply of CNs Simplified end-to-end Service Assurance & fault diagnosis The PN services will be delivered by the Peering Exchange Network Service

Provider (PN-SP).) on the behalf of NHS Digital.

The Data Security Centre will:o ProvideProvides a monitoring and alerting capability, collecting and centrally collating

information from all parts of the HSCN Components. The information will beis used to support central security oversight of HSCN.

o Provide cyber threat management to support the protection of the HSCN service overall from threats originating both externally and internally.

o Manage the following components: Network Analytics Service (NAS) - ingesting network telemetry data to perform

proactive and reactive analysis on the data in order to identify any malicious activity taking place over HSCN.

Advanced Network Monitoring /NHS Secure Boundary Service– filtering of outbound and returned HTTP Internetinternet traffic to manage cyber threats.

Authoritative Technology Services that provide the support for DNS and NTP to be consumed by other HSCN Components and applications that transit HSCN.

3.2.1.2 Business Application Services

The HSCN will supportsupports the delivery of key Business Application Services to provide value added business applications that exploit the IP network e.g. Voice / Collaboration / Video / Secure Remote Access. Network transit for these services will beis over HSCN; but the services in themselves are not part of HSCN supply chain.

These services are not shown on the diagram, as they are not part of HSCN delivered Components and Technology Services; but are included here as a description to illustrate the applications and services that will exploit the network.

Note that these non-HSCN services may be used as transition vehicles for N3 Overlay Services such as voice and video. Please see Section 4.3.2.3.

Delivering these services willis not be subject to the HSCN Obligations; therefore they may be provided by any supplier and are not restricted to suppliers who have achieved HSCN Compliance. They willcan be purchased off relevant Lots on frameworks such as the CCS Network Services Agreement (RM1045RM3808) or as direct contracts. For example, using RM1045 Lot 5 – IP Telephony Services to replace N3 Voice orders, or RM1045 Lot 8 – Video- conferencing services to replace N3 Video Conferencing orders.

CN-SPs may offer these services to HSCN Consumers blended with HSCN services and with a service wrap that supports seamless service management. For example, CN-SPs may offer HSCN connectivity with consumer procured services such as voice and remote access; with one helpdesk provided for all delivery.

The HSCN service will provideprovides interoperability guidance to allow HSCN Consumers to purchase these applications that will be compatible to run over the HSCN. Guidance documentation and consumer support services will be provided to support implementation.

Business Application Services may be delivered over the Internetinternet direct and not connectconnected to HSCN. This approach follows the Internet First Initiative.These applications will still be subject to Information Governance standards for data handling and security. Each party needs to be aware of their responsibility as either a data controller or data processor if appropriate. HSCN Consumers can access these via the Internet outbound service provided under HSCN. (referred to as the Advanced Network Monitoring/NHS Secure Boundary Service).

[4.3.1.2] Future considerations

The requirement for private and public backbone services is part of future strategy work that will be undertaken by the HSCN Authority during the period of transition.

Copyright © 2019 Health and Social Care Information Centre. of 134

A new hybrid backbone service may be required for connecting critical hosted services to HSCN Consumers. This includes, as an example, National Applications (Spine / eRS) connected to N3 as National Application Data Centre Connections. Note that the main consideration in this process will be to support an “internet first” strategy.


The hybrid backbone is currently envisaged to provide the following:

- Direct connectivity for National Application Data Centre Connections that supports private and public routing to National Applications as required. The services will include appropriate cyber security capability to protect the National Applications estate.


- Provide hosting access points for other services (current Third Party Application Data Centre Connections), where it is deemed that direct CN hosting and CN inter connectivity or direct internet provision does not support the security or performance levels required.



v Draft

Page 20 of Copyright © 2017 Health and Social Care Information Centre

[2.2.2] HSCN Transition StateThe following diagram outlines the HSCN topology for the migration of Transition Network and legacy N3 services:

Access Connectivity

Consumer Network 1

Consumer Network 2

COIN

Customer Access

Connections

Authoritative Network Services

Transition Network

Peering Exchange

HSCN ISP HSCN ISP

Public routing

Data Security Centre

Advanced Network

Monitoring

Aggregator

External Network

Gateway

External Network

Gateway Consumer Network 3

HSCN ISP HSCN ISP

Consumer Network 4

Internet

[2.2.2.1] Legacy Access Circuits

Networ

DC

DC


v Draft


Figure 33 - Transition State

Access Connectivity

HSCN Components

The following components will beare included in scope of the HSCN delivery in order to support transition.

[4.3.1.3] Transition Network

A private backbone service will be delivered, known as the Transition Network.

This service will provide the following:

Core Network – main core network to route traffic between access services Access Services - For the period of migration provide end connections

from legacy access circuits [See Section 4.3.2.2]. Head End Services for Broadband, VPN, Video Conferencing Provision of an Internet Gateway for legacy users. Provide the initial Authoritative Technology Services such as DNS, NTP.

Provide connection to the Peering Exchange Network to support routing to/from other HSCN end points on CNs.

This network will be centrally managed and supplied as part of the HSCN Programme, delivered by the HSCN Transition Network Service Provider (TN-SP).

DC

HSCN Solution Overview v Draft


This service will be managed as a run-down solution as services are migrated from direct connectivity to connectivity onto new HSCN Components. For example as Legacy Access circuits are ceased and re-provided as HSCN Access Connectivity from CN-SPs. Therefore, the size of the Transition Network will reduce over time and will be procured for a period to allow the migration to be planned in a controlled manner that supports continuity of service for current N3 connections.

The HSCN Programme will manage a Transition Plan that ensures the migration of all services connected to the Transition Network are transitioned to new connectivity by the expiry of the Transition Network service to enable a smooth exit.

During the period of the run down an assessment of the requirement for private and public backbone services and the most suitable architecture for this will be undertaken. Depending on the outcome of this, a new procurement may commence to fully replace the Transition Network with a new hybrid backbone service for hosting services. (See Section 4.3.1.3)



The Legacy Access Circuits, as shown in the diagram, are the existing N3 Connectivity for customers that were on the N3 network and are now connected to the Transition Network, which will beare managed as Continued Orders by BT post the end of the N3 contract period. Note this includes single site connections, COIN gateway connections, Aggregators, Third Party Data Centre connections, the National Gateways and National Application data centre connections as per Section 3.2.2..

These are the circuits which will beare currently connected to the Transition Network and were in place at the start of HSCN delivery as continued orders, but will migrateContinuing Orders, and are migrating to HSCN connectivity provided by a CN-SP as part of the HSCN migration programme.

These circuits, for the period of migration, will not be part of HSCN programme delivery, and will remain contracted between the owning customer and the current supplier as ContinuedContinuing Orders. At the point at which the HSCN Authority deems appropriate, it can stop taking any further Orders for N3 Connectivity and, in any event, this will occur at the cessation of the N3 Agreement. At this point, new New circuits will on the Transition Network can no longer be provisioned. New circuits must be provisioned on HSCN.

The migration approach to cease these circuits and provide the required HSCN connectivity to HSCN Consumers is summarised in Section 4.3.2.2 and will be further detailed by the HSCN programme on the HSCN website [Ref 9]..



[2.2.2.3] Legacy Overlay services

Legacy Overlay services will continue as orders for consumers; operating over their Legacy Access Circuits and the Transition Network.



These services will not be directly replaced by HSCN services, but as Business Application Services detailed in Section 4.3.1.2.Support and guidance for migration as part of the transition will be provided by the HSCN programme in the HSCN website [Ref 9]..

HSCN Solution Overview v Draf

t


3.2.1.3[2.2.2.4] N3 Component Migration

The Transition State emphasises the need for seamless migration of key N3 Components (as described in Section 3.2.2)initially to the Transition Network and then subsequently to the new HSCN services. Note that this migration is to support the key strategic objective of continuity of service for N3 customers migrating to HSCN services.

N3 Component Transition State – at N3 expiry

Migration to Target State - Migration Viewpoi

Future Strategy Decisions required


t


nt for consumers to access HSCN services and support the run

to complete the migration to Target State


t


down of the Transition Network

N3 Core Will

beHas

been

replac

Will continue to be run-down as se

During the rundown of the Transition Networ


t


ed by the HSCN Transition Network service

rvices are migrated away from direct connections.

k all connected services will be migrated withlegacy N3 circuits being replaced by HSCN Connectivity via


t


either direct consumer procurement, an HSCN orchestrated procurement or a CCN of the current


t


service. Once all are migrated to a future service or no longer need to be provided this


t


service will be ceased.

N3 ConnectivityNational Application Data Centre connections A

re part of the Le

n/aData Centres connected to

Future decisions re


t


gacy Access Circuits, remaining connected to

the Transition Network are either being migrated to HSCN or the Internet, d

quired for the appropriate hosting policy for


t


the Transition Network

epending upon their strategic initiatives

each application; - generally, the following


t


methods will be actioned:


t



t


Provision of a new reduced private backbone service connected to all CNs if this isrequired.The

decision

on

the

new

connec


t


tivity

for

these

services

isowned

by

the

app


t


ropriate

owning

delivery

programme

in

NHS

Dig


t


ital.

Third Party Application Data Centre Connections Are

part

of

the

Legacy

Access

Circuit

Two options: M

Ser

Note it is the responsibility of the custom


t


s,

remaining

connected

to

the

Transition

Netw

er of this connectivity to do the migration. However, the Transition Plan sup


t


ork.

ports the decision making process.


t



t


NHS N3 Customer Access Connections Are

part

of

the

Legacy

Access

Circ

Migrate to a CN-SP provided service utilising Peering Ex

n/a


t


uits,

remaining

connected

to

the

Transition

N

change Network for routing to multiple consumers and to/from the Transiti


t


etwork.

on Network.

Third Party N3 Customer Access Connections Are

part

of

the

Legacy

Access

Circu

Migrate to a CN-SP provided service utilising Peering Exc

n/a


t


its,

remain

connected

to

the

Transition

Netwo

hange Network for routing to multiple consumers and to/from the Transitio


t


rk.

n Network.

Aggregators Are

part

of

the

Legacy

Access

Circui

Migrate to a CN-SP provided service utilising Peering Exch

n/a


t


ts,

remaining

connected

to

the

Transition

Net

ange Network for routing to multiple consumers and to/from the Transition


t


work.

Network.

N3 COINs The

resilient

gateway

of

the

COIN

is

Migrate to a CN-SP provided service for the gateway connect

n/a


t


one

of

the

Legacy

Access

Circuits,

remaining

ion, utilising Peering Exchange Network for routing to multiple consumers a


t


connected

to

the

Transition

Network.

nd to/from the Transition Network.

At the contract end of the current COI


t


N provision, the HSCN consumer may procure a similar service from an


t


HSCN CN-SP as a virtual COIN and as a managed HSCN service.

Altern


t


atively if a private COIN is no longer required consumers could migrate to


t


more standard options for HSCN Access Connectivity from a CN-SP.


t


Third Party COINs The

resilient

gateway

of

the

COIN

is

one

of

As per N3 COINS

n/a


t


the

Legacy

Access

Circuits,

remaining

connec


t


ted

to

the

Transition

Network.

National Gateways Remain

connect

The following gatewa

The

decision


t


ed

to

the

Transition

Network

ys will remain in place until all Legacy Access Circuits that use them are m

on

the

new

connectivity

for

these

services

w


t


igrated to HSCN Access Connectivity:

- Inte

- PS

The other gateways to e

ill

be

owned

by

the

appropriate

owning

deliv


t


xternal networks are being re-procured and migrated to a CN-SP pro

ery

programme

in

NHS

Digital.Future

decisions


t


vided service and contracted for directly by the customer of the service.

N

required

for

the

appropriate

gateway

connect


t


ote the Transition Plan will consider the approach for each Gateway an

ivity

model

may

be

required

if

as

part

of

t


t


d work with the customer of this service to aid their decision making on what se

he

review

the

assumed

CN

connectivity

model


t


rvice to migrate to, should it be a continuing requirement. Note that these gat

is

not

deemed

secure

enough.


t


eways will utilise Peering Exchange Network to support access for all H


t


SCN Consumers.

Note: Gateways to be provided by CN-SPs as standa


t


rd may be required e.g. mobile gateways.


t


N3 Technology Services (See Section 4.3.1.3)

N3 DNS / NTP services DNS

&

NTP

services

werem

NTP will be retired in favour of using relia

Procurement

approach

for


t


igrated

to

HSCN

during

the

transition

phase

ble sources hosted on the Internet. A replacement DNS service currently in

the

Authoritative

Technology

Services

is

unde


t


progress

rway.

HSCN Solution Overviewv Draft


N3 Component Transition State – at N3 expiry Migration to Target State - Migration Viewpoint for consumers to access HSCN services and support the rundown of the Transition Network

Future Strategy Decisions required to complete the migration to Target State

Third Party Application Data Centre Connections

Are part of the Legacy Access Circuits, remaining connected to the Transition Network.

Two options: Migrate to a CN-SP provided service utilising Peering Exchange

Network for private routing to multiple consumers and to/from the Transition Network.

Third party supplier migrates service to be publically addressable; and procures their own ISP hosting service and HSCN Consumers access this via the internet over the CN-SP ISP connections.

Note it is the responsibility of the customer of this connectivity to do the migration. However, the Transition Plan will support the decision making process.

Future decisions required for the delivery of applications may be needed where the customer and third party supplier of the service does not feel that the provided CN-SP connectivity or migration to the internet will meet security or performance levels required. The following are being considered:

Provision of a new reduced private backbone service connected to all CNs that could be used to host third party services if this is required. Note that use of the backbone for this purpose would need to be locally funded.

Service migrated to publically addressable location that could be connected to a new hybrid backbone service if required or over the internet. Note that use of the backbone for this purpose would need to be locally funded.

Note that current assumption is that the CN-SP provided service will be sufficient for these services, and it is unlikely that these services will require a hybrid backbone service.

(See Section 4.3.1.3).

NHS N3CustomerAccess Connections

Are part of the Legacy Access Circuits, remaining connected to the Transition Network.

Migrate to a CN-SP provided service utilising Peering Exchange Network for routing to multiple consumers and to/from the Transition Network.

n/a

Third Party N3 CustomerAccess Connections

Are part of the Legacy Access Circuits, remain connected to the Transition Network.


n/a

Aggregators Are part of the Legacy Access Circuits, remaining connected to the Transition Network.


n/a

HSCN Solution Overviewv Draft




N3 COINs The resilient gateway of the COIN is one of the Legacy Access Circuits, remaining connected to the Transition Network.

Migrate to a CN-SP provided service for the gateway connection, utilising Peering Exchange Network for routing to multiple consumers and to/from the Transition Network.

At the contract end of the current COIN provision, the HSCN consumer may procure a similar service from an HSCN CN-SP as a virtual COIN as a managed HSCN service.

Alternatively if a private COIN is no longer required consumers could migrate to more standard options for HSCN Access Connectivity from a CN-SP.

n/a

Third Party COINs

The resilient gateway of the COIN is one of the Legacy Access Circuits, remaining connected to the Transition Network.

As per N3 COINS n/a

National Gateways

Remain connected to the Transition Network

The following gateways will remain in place until all Legacy Access Circuits that use them are migrated to HSCN Access Connectivity:

- Internet Gateway - Consumers of HSCN Access Connectivity must use CN-SP ISP services and cease routing over this Gateway.

- PSTN/Mobile Gateway – Consumers will need to migrate to new voice services (see below).

The other gateways to external networks will be re-procured and migrated to a CN-SP provided service and contracted for directly by the customer of the service.

Note the Transition Plan will consider the approach for each Gateway and work with the customer of this service to aid their decision making on what service to migrate to, should it be a continuing requirement. Note that these gateways will utilise Peering Exchange Network to support access for all HSCN Consumers.

Note: Gateways to be provided by CN-SPs as standard may be required e.g. mobile gateways.

Future decisions required for the appropriate gateway connectivity model may be required if as part of the review the assumed CN connectivity model is not deemed secure enough.

Gateways connected to a new private backbone or direct into the Peering Exchange Service might then be provisioned. However, it is currently assumed that CN gateways will be the preferred delivery model.

N3 Technology Services




N3 DNS / NTPservices

Transition Network provides the authoritative service

A new provider for new Authoritative Technology Services will be determined at a later date – cutover to the new service when available.

Procurement approach for the Authoritative Technology Services to be determined.



N3 OverlaysN3 Overlays - general

Customer direct contracted Legacy Overlay services will, in general, continue for the contracted term and work over Legacy Access Circuits andor until they migrate off the Transition Network.

ContinuedThere is no continued support for current Overlay Services - Obligations will be included that will require HSCN Network Service Providerscurrently connected to support the routing and connectivity across HSCN components to Legacy Overlay services that remain hosted on the Transition Network to support - Consumer should ensure that alternative/replacement overlay services are provisioned as part of their HSCN migration. Under normal conditions any existing Transition Network overlay services will cease to function/be supported once migration is complete.

There are considerations during the transition state for a number of these services:

A number of the services dependServices that previously depended on N3 central infrastructure that will continue under the Transition Network, but the service will only be supported for the term of the TN. Customers will need to migrate to a new service during this period. NHS Digital is working with the current supplier on the continuation lifespan of these services under the Transition Network.

AThere are a number of the services that depend on configuration and setup of the original network Customer Premises Equipment (CPE) - e.g. local N3 provided router. It mayis not be possible to configure new HSCN CPEs to interface with the Overlay service and so migration will beis required before or withduring the HSCN Access Connectivity migration.

Migration options:

Third Party Suppliers to offer new complementary Business Application Services for consumers that will operate over HSCN. Note that the HSCN CN-SPs will beare able to do this.

Legacy Overlays could be migratedmay continue to operate over HSCN services (CN- SP) for a limited time under change control between the current supplier and the customer. Noteextenuating circumstances. However, this may not be possible and further design work will be required to confirmis an exception rather that phased transition is possible or a one-time cutover to a new services is required.the norm.

n/a



VPN services – internal end site to end site VPN

Must be ceased prior to or during migration to HSCN.

VPN services rely on an Transition Network central PKI infrastructure for the certificates; and also establish the IPSEC tunnel via CPE configuration to support the VPNs between end sites.

Under the existing deployed VPN solutions, Transition Network manages both ends of the VPN tunnel as configuration on the legacy N3supplied Customer Premises Equipment (CPE).

Consumers need to migrate to new Closed User Group VPN services offered as part of CN-SP solutions delivered to customers, in order to simplify the management of this service with their new supplier. All sites which form part of the VPN service need to migrate in a tranche. Consumers need to consider periods where the VPN service is not available in this scenario with some phased cutover plans.

Small site VPN: Need to migrate to a new CN-SP service as one cutover.

COIN VPNs: move as part of a migration of the full COIN.

Alternatively, Consumers need to consider delivering a VPN service via use of local equipment such as firewalls connected to either end of a Legacy Access Circuit and a new HSCN Access Connectivity service.

n/a

Remote AccessService (RAS) – including external token VPNs

Continue to work over Legacy Access Circuits and Transition Network for as long as the existing Tokens are valid.

Note that current Remote Access Tokens expire after 3 years (see back on token for expiry date of token)

Note that the existing Remote Access service continues to operate post migration to HSCN. However they will only operate whilethe token itself is valid. Once the token expires a replacement token will NOT be provided.

The central RAS service itself is dependent on central TN infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service.

It is recommended that HSCN Consumers migrate to a replacement remote access service as soon as possible, post migrating to new HSCN Access Connectivity.

Users will need to be migrated to new RAS software for use on their devices.

The current Remote Access service also works with the Extended VPN service; please see section on VPN services. Use of these by a customer for remote access needs to be considered as part of the same migration.

n/a




Local services and no dependency on HSCN

These are standalone services offered independent of the TN by the supplier. The services continue to operate post migration to HSCN.

The consumer will need to discuss with the supplier how reconfiguration, cut-over, ongoing remote support will be maintained, including any potential requirement for small local changes to LAN/Firewalls to interface to HSCN Access Connectivity at the point of migration.

n/a

Voice No longer supported once the Consumer migrates to HSCN

The Voice service is dependent on routing via the central TN infrastructure. Access to the Voice service is no longer available once a Consumer has migrated to HSCN and therefore, a replacement Voice service needs to be procured prior to HSCN migration.

n/a

Video Conferencing

No longer supported once the Consumer migrates to HSCN

The Video Conferencing service is dependent on central TN infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service. Access to the TN Video service is no longer available once a Consumer has migrated to HSCN and therefore, a replacement Video service needs to be procured prior to HSCN migration.

n/a

MeetMe / Webex

These services have been migrated to BT CN-SP as part of the NHSmail migration programme.

These services continue to operate and have been migrated from the Transition Network to the BT CN-SP network. Skype for Busines along with Microsoft Teams has also been introduced as a viable alternative.

n/a

Mobile Health Worker

Continue to work over Legacy Access Circuits and Transition Network, while the Consumer’s Remote Access service is available

Transition to new services as Remote Access is also migrated.The service relies on the Remote Access Service.

n/a





VPN services – internal end site to end site VPN

Continue to work over Legacy Access Circuits and Transition Network.

VPN services rely on an N3 central PKI infrastructure for the certificates; and also establish the IPSEC tunnel via CPE configuration to support the VPNs between end sites.

Under the existing deployed VPN solutions, N3 manage both ends of the VPN tunnel as configuration on the N3 supplied Customer Premises Equipment (CPE).

HSCN programme has explored with the current supplier if the VPNs can be extended over third party managed CPEs to enable phased migration, and conclusion is that this will not be possible.

Therefore, Consumers should consider migrating to new Closed User Group VPN services offered as part of CN-SP solutions delivered to customers, in order to simplify the management of this service with their new supplier. All sites which form part of the VPN service need to migrate in a tranche.Consumers need to consider periods where the VPN service is not available in this scenario with some phased cutover plans.

Small site VPN: Consider migration to a new CN-SP service as one cutover.

COIN VPNs: would move as part of a migration of the full COIN.

Alternatively, Consumers need to consider delivering a VPN service via use of local equipment such as firewalls connected to either end of a Legacy Access Circuit and a new HSCN Access Connectivity service.

n/a





Remote Access Service (RAS)– including external token VPNs

Continue to work over Legacy Access Circuits and Transition Network.

Note that current Remote Access Tokens expire after 3 years (see back on token for expiry date oftoken). New tokens will be able to be ordered from the current supplier via RM1045 while this service is still in use connected to the Transition Network.

Note that the existing Remote Access service is expected to continue to operate post migration to HSCN. However this will need to be tested by the customer and their supplier as part of migration.

The central RAS service itself is dependent on central N3 infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service.

Therefore, it is recommended that HSCN Consumers migrate to a new remote access service that is available on HSCN as soon as possible, post migrating to new HSCN Access Connectivity. These new Remote Access Services will be connected to a CN-SP. These Remote Access Services will be Business Application Services as per Section 4.3.5. The new Service will be setup and connected through to sites on HSCN and can include routing to Legacy Access Circuit sites. Consideration should be given to moving to a new service connected to HSCN as soon as available. CN-SPs are expected to offer RAS services as part of their overall commercial offerings to HSCN Consumers.

Users will need to be migrated to new RAS software for use on their devices.

The current Remote Access service also works with the Extended VPN service; please see section on VPN services. Use of these by a customer for remote access needs to be considered as part of the same migration.

n/a




Local services and no dependency on HSCN

These are standalone services offered independent of the N3 network by the supplier. The services are expected to continue to operate post migration to HSCN.

The consumer will need to discuss with the supplier how reconfiguration, cutover, ongoing remote support will be maintained, including any potential requirement for small local changes to LAN/Firewalls to interface to HSCN Access Connectivity at the point of migration.

n/a





Voice Continue to work over Legacy Access Circuits and Transition Network

The Voice service is dependent on central N3 infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service. Migration to a new service will be required during this period.

Many of the existing deployed Voice services rely on N3 provided equipment deployed locally and CPE configuration. HSCN has engaged with the supplier to establish what needs to be undertaken in order for these services to continue to operate post migration to HSCN Access Connectivity to support a phased migration to a new service.

n/a

Video Conferencing

Continue to work over Legacy Access Circuits and Transition Network

The Video Conferencing service is dependent on central N3 infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service. Migration to a new service will be required during this period.

These services are independent of the CPE configuration, and so are expected to continue to operate post migration to HSCN.

Consumers will need to develop their own migration plan away from this service; however, it can be undertaken separately to the network transfer. Consumer needs to ensure QOS applied.

n/a



MeetMe / Webex

Continue to work over Legacy Access Circuits and Transition Network

Will continue to work over the full HSCN routing and connectivity services. Note that the existing N3 MeetMe and WebEx services are assumed to work with HSCN connected sites and users. However this will need to be tested by the customer and their supplier.

The N3 Meetme / Webex services are hosted on the internet and so will continue to work at the end of the Transition Network term. They do not rely on central N3 infrastructure or CPE configuration.

Consumers will be able to migrate to new supplier offerings on contract expiry which will be from numerous suppliers. As an example, Unified Communications services are available already as Core and Additional / Top- up Services on NHSMail2.

n/a

Mobile HealthWorker

Continue to work over Legacy AccessCircuits and Transition Network

Transition to new services as Remote Access is also migrated.The service relies on the Remote Access Service.

n/a


The Health and Social Care Information Centre is a non-departmental body created by statute, also known as NHS Digital.

[2.2.3] HSCN Traffic FlowsHSCN will transitiontraverses the N3TN, via peering, with equivalent traffic flowsflow functionality to a disaggregated delivery model that maintains the connectivity and routing across Health and Social Care services, supporting choice in supplier and technology for the HSCN consumer and allowing them to build flexible virtual cross-organisational networks to support all their business flows. The HSCN Access Connectivity will be provided with HSCN specific traffic flows across the Consumer Network. This will enable enterprise business flows, including to national services and the internet.TwoThree open traffic flows will be supported by CN-SPs as standard:

Routing to the internet direct from the CN-SP ISP services (via the ANM/Secure Boundary) – known as HSCN-ISP Flow; and

Routing to other HSCN end points; end points on the same CN, and end points on other CNs and

the Transition Network via Peering Exchange Network – known as HSCN-Standard Flow. Routing to the Public Sector Network (PSN) from the CN-SP – known as the PSN Flow.

Other virtual closed user group routesmechanisms (inc. Routing and VRFs) can be supplied on CNs to support regional private sharing of data if required. These are not pre-built for consumers, and so will require design and extra implementation to support requirements. These can be used for community of interest data sharing between partner organisations.Note all diagrams in this section include Transition State flows for completeness. The following diagram shows the interconnection routing flows:

Red represents public traffic to the Internet – HSCN-ISP Flow Green represents private traffic routed to services on the Transition Network – using HSCN-

Standard Flow Blue represents routing of traffic to other HSCN Consumers on the same CN or other CNs – using

HSCN- Standard Flow.


v Draft / Approved


Page 32 of

Figure 44 - HSCN Interconnection Routing Patterns

HSCN Solution Overview v Draft / Approved


Page 33 of

As an illustration, the following example business flows that will be supported by each CN are as follows:

NHS National Apps

Health Clinic – Shared by: GP Practice, Community Hospital

Acute Hospital



Page 34 of

Figure 55 - HSCN Traffic Flow Examples

Business Flow

Examples in diagram

Routing approach

HSCN National Applications flow

Acute PDS Trace to Spine PDS service

HSCN national traffic flowflows across the CN and routed onward to the HSCN Transition Network.CN that hosts the data centre where Spine is located. Uses HCSN-Standard Flow via Peering Exchange Network.

HSCN Transition NetworkCN routes to the Spine connected data centre (PDS Service).

Internet Access

NHS Choices website access

HSCN public traffic flow across the CN and routed onward to NHS Digital’s Advanced Network Monitoring/NHS Secure Boundary Service via the CN-SP ISP. where it then breaks out to the internet ‘proper’. Uses HCSN-ISP Flow.

CN-SPs provide internet breakouts as a separate ISP service to end consumers.



Page 35 of

Cross and Inter CN data sharing – data flows that are not closely coupled services

Referral for specialist services (e.g. to specialist hospitals)

The HSCN flows traffic in an open network to other connected HSCN endpoints as standard functionality. Data flows between organisations that are not grouped together as a closed user group will use the HCSN-Standard Flow.

This will be supported by cross CN flows to all HSCN endpoints and inter CN routing over Peering Exchange Network.

Note it is also expected that most of these flows over time will be managed at an application level for example, via eRS or other interoperability options.

Health and social care data sharing – shared commissioned services for closely coupled health communities

GP access to Acute Radiology service

NHS-Social Care Admission / Discharge / Withdrawal

Community Health Application

User defined application sharing requirement. Utilises consumer defined closed user group routing (or VRF) for greater security and consumer control. These flows are typically regional data sharing and often delivered via COINs in current models.

Procured by the health economy from their HSCN CN-SP.

These are closed user group services for a group of Health and Social care end organisations.

For this to be delivered efficiently the organisations in the user group should be connected to the same CN, but they could also be extended across CNs if required.



Page 36 of

Cross and Inter CN data sharing – data flows that are not closely coupled services

Referral for specialist services (e.g. to specialist hospitals)

The HSCN will flow traffic in an open network to other connected HSCN endpoints as standard functionality. Data flows between organisations that are not grouped together as a closed user group will use the HCSN-Standard Flow.

This will be supported by cross CN flows to all HSCN endpoints and inter CN routing over Peering Exchange Network.

Note it is also expected that most of these flows over time will be managed at an application level for example, via eRS or other interoperability options.

Health and social care data sharing – shared commissioned services for closely coupled health communities

GP access to Acute Radiology service

NHS-Social Care Admission / Discharge / Withdrawal

Community Health Application

User defined application sharing requirement. Utilises consumer defined closed user group routing for greater security and consumer control. These flows are typically regional data sharing and often delivered via COINs in current models.

Procured by the health economy from their HSCN CN-SP.

These are closed user group services for a group of Health and Social care end organisations.

For this to be delivered efficiently the organisations in the user group should be connected to the same CN, but they could also be extended across CNs if required.

[2.2.4] HSCN Component Characteristics3.2.1.4[2.2.4.1] Consumer Networks (CNs)

A number of HSCN Consumer Networks (CNs) will support HSCN Access Connectivity and routing across HSCN. These will beare delivered by CN-SPs on their publicexisting network acting as aggregator, contact point, control and administration between services supplied to HSCN Consumers.

Provide HSCN Access Connectivity as a range of blended services providing varied bandwidth requirements, availability and resilience options to individual sites (e.g. NHS Hospitals, Primary Care, Community & Mental Health, CCG, Care Homes, and 3rd Parties etc).

HSCN Consumer Network service provisionprovidors (CN-SP) for all their HSCN network services – will beare the direct service provider to HSCN Consumers and work with other suppliers (TN-SP and PN-SP) to manage the service end to end. HSCN CN will beis supplier agnostic in concept, by enabling and utilising an open market.

CNs will provide the routing between sites connected to that CN and onward forwarding of traffic to the Internetinternet, Cloud Service Providers, Transition Network, 3rd parties and other CNs via the Peering Exchange Network.

The CNs will support a range of connectivity and routing patterns, to allow regional virtual private networks combined with the HSCN traffic flows [Section 4.3.1].3].



Page 37 of

Network Service Providers will be ableareable to offer CN-SP services byafter gaining the required HSCN Compliance.

Characteristics:



Page 38 of

Access Connectivity

A variety of access configurations including:o Resilient Diverse – diversely routed access circuits

connecting to two CN PoPso Resilient – diversely routed access circuits to one CN PoPo Non Resilient – single access circuit connecting to one

CN PoPBlended access technology offered included but not limited to the following:

ADSL2 Fibre to the Cabinet (FTTC) Fibre to the Premises (FTTP) Ethernet (offering a range of bandwidths; 10Mbps,

25Mbps, 60Mbps and 100Mbps Committed Data Rate (CDR) to meet Organisation requirements

Flex Ethernet – (offering a range of bandwidths; 200Mbps, 300Mbps, 500Mbps,1Gbps, 10Gbps)

3G and 4G Wireless Mobile ConnectionsGateway to PSTN / National Cellular networks managed as network-to- network interfaces. Note that these are to be provided for the delivery of voice business applications (see Section 4.3.5) and are not mandatory.Regional Data Centre gateway connectivity for third parties hosting

applications consumed by HSCN Consumers including Business Application Services (See Section 4.3.5).

Dual-stack Architecture is mandatory to support transition to IPv6.

Core network Open traffic flows for HSCN connected services that are fully resilient and diversely routed

Dispersed PoPs

Dual-stack Architecture is mandatory to support transition to IPv6 Resilient connection to the HSCN Peering Exchange Network

Routing Examples of potential routing options: Closed user group virtual networks for logical grouping of sites

and user organisations based on function (e.g. Primary Care), organisational (CCG and commissioned services), regional or a combination of these.

Simple HSCN connectivity for consumers who are agnostic of regional sharing and requiring only the HSCHSCN-Standard Flow to other HSCN end points and, to services connected to the TN (e.g. national

applications), and HSCN-ISP Flow to the internet.

ISP Services ISP services that meet the security monitoring required in the HSCN



Page 39 of

Obligations Framework:

Provision of security monitoring and management services to provide resistance to malicious attack and monitor usage.

Routing of all public traffic to/from the Internet via HSCN ANM/NHS Secure Boundary.

HSCN Technical & Security Obligations

Compliance to HSCN Technical and Security Obligations as per the HSCN Obligations Framework. Included, but not limited to:

IP Addressing DNS QOS Security / IG Network Monitoring and Security management - including monitoring

the internal CN providing outputs to the Network Analytics Service to support network monitoring across HSCN.

HSCN Service Obligations

Compliance to HSCN Service Obligations as per the HSCN Obligations Framework. Included, but not limited to:

Management capability for end to end performance issues (consumers and other HSCN Network Service Providers)

Service performance reporting.



Page 40 of

resistance to malicious attack and monitor usage. Routing of all public traffic to/from the Internet via HSCN

Advanced Network Monitoring Service.HSCN Technical & Security Obligations

Compliance to HSCN Technical and Security Obligations as per the HSCN Obligations Framework [Ref 8]. Included, but not limited to:

IP Addressing DNS NTP QOS Security / IG Network Monitoring and Security management - including monitoring

the internal CN providing outputs to the Network Analytics Service to support network monitoring across HSCN.

HSCN Service Obligations

Compliance to HSCN Service Obligations as per the HSCN Obligations Framework [Ref 8]. Included, but not limited to:

Management capability for end to end performance issues (consumers and other HSCN Network Service Providers)

Service performance reporting.

3.2.1.5[2.2.4.2] Peering Exchange Network (PN)

SupportSupports all routing across the HSCN disaggregated networks including as examples: To/from national applications Inter Consumer Network routing.

The PN services will beare delivered by the Peering Exchange Network Service Provider (PN-SP).

Characteristics:

Interconnectivity

Provides two Peering Exchange locations at geographically diverse Carrier Neutral Provider locations in London and Manchester.A highly available solution that provides an uncontended interconnection between all HSCN CN-SPs and the TN-SP.Interconnectivity between all HSCN NSPsCN-SPs will be open and unrestricted.The peering exchange provides appropriateuses route servers to provideappropriate routing capabilities for the scale of the network.The peering exchange will be capable as an option of hosting



Page 41 of

multiple logical networks such as VPN and VRF technologies.The service will be capable of dual stack support for IPv4 and IPv6 IP addressing and routing. The service will adhere to the NHS Digital IP Addressing Policy. Note that at the start of the service only IPv4 will be configured.

Connections for CN-SPs and the TN-SP

Provide resilient connection of up to 30 CN-SPs initially.

Provide two connection options at 1Gbps and 10Gbps, with future plans for 40 and 100Gbps interfaces.

Shall provide published and guaranteed service levels for CN-SP requested capacity including provision of all required interfaces.

Manage the on-boarding and disconnection of Consumer Network Service Providers, including on-site engineering in the peering exchange facilities.

Each Consumer Network Service Provider connected to the peering service shall be provided with its own exclusive interface at both peering exchange locations.

Service Operate a 24x7x365 network operations centre to monitor and manage the peering exchange service.

The peering exchange will have monitoring and maintenance tools that are accessible to NHS Digital and CN-SPs such as utilisation monitoring and a looking glass service.

Comply with the necessary HSCN Obligations.

The peering service will be subject to and maintain adherence to NHS Digital IA requirements including physical and logical security controls to secure the peering exchange infrastructure and management tools as amended from time to time by change control. ISO27001 compliance is mandatory requirement.



Page 42 of

Connections for CN-SPs and the TN-SP

Provide resilient connection of up to 30 NSPs initially.

Provide two connection options at 1Gbps and 10Gbps, with future plans for 40 and 100Gbps interfaces.

Shall provide published and guaranteed service levels for NSP requested capacity including provision of all required interfaces.

Manage the on-boarding and disconnection of Network Service Providers, including on-site engineering in the peering exchange facilities.

Each Network Service Provider connected to the peering service shall be provided with its own exclusive interface at both peering exchange locations.

Service Operate a 24x7x365 network operations centre to monitor and manage the peering exchange service.

The peering exchange will have monitoring and maintenance tools that are accessible to NHS Digital and NSPs such as utilisation monitoring and a looking glass service.

Comply with the necessary HSCN Obligations, including all aspects CAS(T) for the peering exchange service.

The peering service will be subject to and maintain adherence to NHS Digital IA requirements including physical and logical security controls to secure the peering exchange infrastructure and management tools as amended from time to time by change control. ISO27001 compliance is mandatory requirement.

3.2.1.6[2.2.4.3] Transition Network (TN)

The Transition Network will interconnectinterconnects multiple HSCN Consumer Networks (CNs) to existing legacy connectionsservices via the Peering Exchange Network.

The HSCN Transition Network will be a transition ofmaintains the currentlegacy N3 services to maintain existing routing toprovide continuation of national services and regional traffic. during HSCN migration. This will beis a short term service provision under new terms and conditions that will enable all legacy traffic to migrate to the new HSCN services whilst maintaining continuity of service.. The service will diminish through its life with activity to remove traffic from this service, for example throughincluding, but not limited to:

Routing of regional traffic over HSCN Consumer Networks between sites and not direct over the Transition Network, by migrating access circuits to HSCN Access Connectivity.

Routing of outbound internet traffic by delivery of CN-SP ISP service – all HSCN Access Connectivity will route public traffic to the internet via these services and not traverse the Transition Network.Removal of national data centre services. Note the exact approach for the migration of these services is still to be determined but could be via internet enablement of health applications or migration to new HSCN Access Connectivity from a CN-SP, and so removal from Transition Network connectivity (see Section 4.3.1.3 and Section 4.3.2.3).

Dawn Carder, 14/11/19,

Remove and replace with ISO certifications.



Page 43 of

Note: Options for services to be routed over the Transition Network will be restricted to continuation of connectivity of Legacy Access Circuits prior to migration. Specifically:



Page 44 of

There will beare no new direct HSCN Access Connectivity connections onto the TN. All endpoint routing comes via a Consumer Network.

There will beare no new Business Application Services (see section 4.3.5) routed over the Transition Network except where they are required to route to customers still connected via Legacy Access Circuits.

Internet traffic willis only be routed over the HSCN Transition Network to support customers connected via Legacy Access Circuits.

The Transition Network will include the Authoritative Technology Services operating as the master version of the following HSCN Technology Services (see Section 4.3.5 for the future of these services):

DNS NTP

Other HSCN Components will be built to the management / policies specified by this service and use the technical DNS and NTP delivered service as the master.

Further detail on the operations of this service is included in the HSCN Operational Design Overview [Ref 1].. Characteristics:

Connectivity The Legacy Access Circuits will continue to connect to the HSCN Transition Network before migration to HSCN Access Connectivity. The number of these connections will diminish as migration to HSCN proceeds.Resilient Connection to the Peering Exchange Network.

Core Network Right Sized Links between PoPs (depending on solution design, traffic analysis and ongoing requirements).

Core technology services

Core technology services will form part of the provision of this service and be accessed and used by the other technical components:

o DNSo NTP

HSCN Obligations

HSCN Obligations compliance where appropriate will beis included in the direct contract for this service, for example:

o IP Addressingo DNS

o NTPo QOSo Security / IGo CN will need to comply with NHS Legacy IP Addressing

o Network Monitoring and Security management - including monitoring the internal network of this component and providing outputs to the Network



Page 45 of

Analytics Service too support network monitoring across HSCN.



Page 46 of

[2.2.4.4] Data Security Centre

Cyber Security will beis provided via a layered security approach with oversight by the Data Security Centre service consisting of the following: -

CN-SP Security Management; Network Analytics Service (NAS); Advanced Network Monitoring (ANM) or)/NHS Secure Boundary(SecBo Service (NHSBSS);

DNS protection controls, including; URL Blacklist implementation and DNS Sinkhole Firewall protection controls, including; IP Blacklist implementation and NHS Digital provided

blocked addresses.

Further detail on the operations of this service is included in the HSCN Operational Design Overview [Ref 1]..

Network Analytics Service (NAS)The Network Analytics Service (NAS) will supplementsupplements the Data Security Centre service by ingesting network telemetry data in near real time and performing proactive and reactive analysis on the data in order to identify any malicious activity taking place over HSCN. The NAS will identify the organisational source of any malicious activity in order that corrective action can take place.Further detail on the operations of this service is included in the HSCN Operational Design Overview [Ref 1]..

Advanced Network Monitoring (ANM) or/NHS Secure Boundary (SecBo)Service

HSCN Consumer Network Service Providers will direct all Internet bound traffic towards the Advanced Network Monitoring service.ANM/NHS Secure Boundary Service. Outbound and returning inbound HTTP Internetinternet traffic will be subjected to the ANM or Secure Boundary processes.

ANM or/NHS Secure Boundary service shall identifyService’s processes.

The ANM/NHS Secure Boundary Service identifies and blockblocks known malicious activity and resources, including: -

Malware; Zero day malware; Worms; Viruses; IP Addresses and URLs; and botnet traffic.

The ANM or/NHS Secure Boundary shall provideService provides NHS Digital with logging and reporting, with events and reports to be specified by NHS Digital.



Page 47 of

Advanced Network Monitoring via Cloud based Service

Figure 6 - HSCN ANM or/NHS Secure Boundary Connectivity: -

Service Providers point their Internet bound traffic to a predefined IP Address over the Internet via a VPN.

Cloud based Advanced Network Monitoring supplier decrypts the VPN, applies the filtering rules and forwards the traffic to the Internet

Consumer Network Service Provider

1

Access Connectivity

Consumer Network Service

Provider 2

HSCN ISP VPN

HSCN ISP VPN

Internet

Transition Network

Peering Exchange

Advanced Network

Monitoring

Dawn Carder, 14/11/19,

Is this right?



Page 48 of

External Network

Gateway Consumer Network Service Provider

3

HSCN ISP VPN

Consumer Network Service Provider

4

HSCN ISP VPN

Access Connectivity

HSCN & Transition Network

Internet

Figure 6 - HSCN Advanced Network Monitoring Service

Data Security CentreThe Network Analytics Service (NAS) and the Advanced Network MonitoringANM/NHS Secure Boundary Service reporting will feedfeeds into the NHS Digital’s Data Security Centre service. The Data Security Centre service will ensureensures that Cyber Threats and Incident Management is undertaken with the correct people, process and technology. Data Security Centre Capabilities include: -

Incident Management (Internal) Investigation of SIEM alerts Management of NHS Digital Security Policy Monitoring of NHS Digital Physical Security Support into NHS Digital CareCERT for:

National Broadcast Functionality Threat Analysis & Triage Health & Care System Incident Management.

Data Security Centre supports CareCERT by supplementing the following functionality: - Provides incident response expertise for the management of cyber security incidents and threats

across the health and care system. Broadcasts potential cyber threats and suggests remedial actions to over 10,000 contacts in

health and care, helping organisations protect themselves. Is a central source of security intelligence for health and care, working with cross government

partners such as GovCertUK and CERT-UK. Supports the analysis of emerging and future threats through unique analysis tools and

reporting.



Page 49 of

Provides insight for decision makers to help shape departmental strategy. Is a trusted source of security best practice and guidance.

3.2.2[2.2.5] HSCN Technology ServicesEach of the HSCN Components will includeincludes, as appropriate, Technology Services to support the requirements of data exchange between end points and across the HSCN, and are key enablers to the delivery of applications and systems.Interoperability ServicesUse of services and standards for configuration are required for interoperability, and the implementation requirements are included in the HSCN Obligations to deliver a consistent end to end service for the following:

- Domain Name Service (DNS)- Network Time Protocol (NTP)

- IPAM (IP Address Management)- Quality of Service (QoS).

The new provider

A project is currently underway to deliver a replacement Authoritative DNS and NTP servicesservice for HSCN and the wider NHS and will be determined at a later date. The initial services will beare provided as part of the Transition Network for use by CN- SPsHSCN.Note that the HSCN Obligations include adherence to HSCN Policies and Standards for these services e.g. the NHS IP Addressing Policy.NHS IP Addressing Policy. The HSCN Authority IP Address Management service will allocateallocates IP Addresses to the HSCN Consumer. The CN-SP will setup IP addresses for their connected customers, supported by IP Address Management processes.Security and Network MonitoringIn addition, the HSCN Obligations include technical obligations to support network monitoring and monitoring of cyber incidents. Cyber incidents will be managed by the Data Security Centre.

The CN-SPs will capture IPFIX telemetry data at points within their network capable of representing each consumer’s CPE device. Regardless of where the IPFIX data is collected it must be possible to determine the organisational source of the data upon analysis. As the

telemetry data is collected it will beis ‘exported’ to the NAS where the data will be aggregated, analysed and reported upon.The following diagram details the security telemetry flow on the HSCN Service:

https://digital.nhs.uk/services/health-and-social-care-network/hscn-technical-guidance/hscn-ip-address-management/hscn-internet-protocol-ip-addressing-policy



Page 50 of



Page 51 of

Figure 77 - Security Telemetry Flow

Obligations have been made on service providers delivering HSCN service to ensure that the specified information flows (e.g. IPFix) representative of the CPE boundary points are provided to the NAS.The NAS service will aggregateaggregates the telemetry data, perform a deduplication process and then analyse the information based upon analysis rules created by the Security Cell team.



Page 52 of

IPFix Exporter

HSCN Network Service Provider

Telemetry Analysis Application Logical Components

Exporter - The device that collects the traffic passing through it and exports the information to the analysis system

Collector – The part of the analysis system that collects the telemetry data from all exporters

Aggregator – The part of the system that processes the collected statistics according to a set of criteria and keeps the obtained results (for example in a database)

Raw Files – The binary files in which the analysis system keeps all the collected telemetry data

Database – The part of the analysis system that stores the information obtained from the raw files and processes itaccording to the predefined requirements

User Interface – The application used to view the processed information



Page 53 of

Figure 88 - Security Monitoring Points

In addition, the service providers will deliver security and network monitoring on their internal networks.Note the security controls delivered as part of the Data Security Centre service or as security HSCN Obligations on the Network Service Providers does not provide end to end security of applications and devices. Further guidance on the scope of the security controls provided will be supplied so that HSCN Consumers and application providers can understand the security boundary that HSCN provides. As a set of security principles:

o HSCN willdoes not provide security controls at higher layers on behalf of connected users or connected end-systems (i.e. to organisations, applications or data centres); the customer and application provider should instead ensure appropriate security controls are in place to protect those users, systems and data.

o Confidentiality should be provided entirely within connected end-systems, not by the HSCN network.HSCN should not be used as the sole authentication/authorisation control to grant access to data and services.HSCN willdoes not prevent data from being conveyed to and processed on an inappropriate end-user device. The suitability of different HSCN-connected devices (desktops, laptops, tablets, smartphones, etc.) to handle different data sets is a matter for end systems (users and application providers), not for HSCN.



Page 54 of

4[3] HSCN Consumer SolutionsConsumer Network Service Providers may choose to offer a range of options to HSCN consumers that encompass the end to end access and distribution layer service.

Managed – Fully end to end service for HSCN Access Connectivity from consumer premises to an HSCN CN end points, with HSCN routing across the enterprise including the routing required to connect across the CN to National Applications (on the HSCN Transition Network) and the Internet.

Un-managed – Wires only Access Connectivity from consumer premises to an HSCN CN; with managed HSCN routing service across the enterprise including the routing required to connect across the CN to National Applications (on the HSCN Transition Network) and the Internet.

Gateway - HSCN gateway connections to other external networks/aggregators that are controlled connections. These are a specific form of access connectivity that includes managed secure boundaries between an external network and the HSCN.

Elaborated example patterns of service offerings will be provided by the HSCN Programme on the HSCN website [Ref 9]..

HSCN Consumers will be able to source services in several distinct ways; please see HSCN Operational Design Overview [Ref 1] for further details.Services must only be procured from HSCN Compliant CN-SPs.

Note that a number of specialised Gateway services will need to be provided on CNs by CN-SPs to support delivery of Business Application Services:

Third Party Data Centre hosting gateways Voice gateways for PSTN/Mobile networks.



Page 55 of

5[4] HSCN Obligations FrameworkThe interoperation of the HSCN Components will beis underpinned by a set of HSCN Obligations to support end to end operations.

CN-SPs will beare assured against a set of obligations that ensures they work to requirements for interoperability. Where required, HSCN Policies and Standards will be developed to provide definitive detail on implementation. HSCN Compliance will be awarded to CN-SPs by undertaking the assurance process detailed in the HSCN Compliance Operating Model which can be found at https://www.digital.nhs.uk/health-social-care-network/connectivity-suppliers [Ref 4].https://www.digital.nhs.uk/health-social-care-network/connectivity-suppliers.

The HSCN Obligations that apply to the CN-SPs can be found at https://www.digital.nhs.uk/health- social-care-network/connectivity-suppliers.https://www.digital.nhs.uk/health-social-care-network/connectivity-suppliers. The HSCN Obligations will include, but be not limited to:

Operations and Governance – operating procedures and controls, including

o Network Service Provision such as collaborative working and CN-SP Deed signature o Governance Regime including as governance forums and reportingo Compliance Process including assessment, evidence and renewalo Connection Agreement

Technical and Security – These include, but will not be limited to: DNS

NTP QoS - requirements for Quality of Service and end-to-end assurance as appropriate IPAM - to work within (or address) known constraints and limitations, such as IP

addressing Routing protocols and principles Network monitoring Security - controls and integrated monitoring

o o Provide security controls at the network layer of each of the technical components to protect its own security, integrity and availability as a transport mechanism.

Service Management – These include, but will not be limited to: Service Intervention in relation to:

Service Integration; Service Standards; Incident Management; Change Management; Release Management; Service Improvement; Network Monitoring; and Performance Management.

[4] References No Description ID1 HSCN Operational Design Overview TBD2 No longer used3 No longer used4 HSCN Compliance Operating Model https://digital.nhs.uk/media/914/HSCN-Compliance-

Operating-Model-v1-0/pdf/HSCN_Compliance_Operating_Model_v1_0

5 GDS Network Principles https://www.gov.uk/government/publications/network- principles/network-principlesPublished 7 July 2015

6 No longer used7 No longer used8 HSCN Obligations Framework https://digital.nhs.uk/media/918/HSCN-Obligations-

Framework-v4-0/xls/HSCN_Obligations_Framework_v4-01

9 HSCN Website https://digital.nhs.uk/health-social-care-network

Copyright ©2019 Health and Social Care Information Centre Page 56 of 134


HSCN Solution Overview - innopsis.org€¦ · Web viewHSCN Solution Overviewv Draft . HSCN...

Documents

Transcript of HSCN Solution Overview - innopsis.org€¦ · Web viewHSCN Solution Overviewv Draft . HSCN...