TABLE OF CONTENTS

Summary and Benefits 2 Save Time, Reduce Costs 3

Solution Overview 4

A Roadmap to Success 5

Core Flexibility 6 Blueprint for 2012 7

Key Components 8

Caradigm Vergence 9 Technology Options 10

Next Steps 11

November 2012

Simple and secure

Seamless availability

Patient Data on tap

A Superior Clinical Computing Experience

Introducing Clinical Desktop

Efficient Desktop management

Zero-touch deployment and a choice of flexible Remote Desktop Services.

Security and Information Assurance

Standardised and template-driven ICT deployments and processes. Integrated

remote access, encryption and role based security.

Simplified infrastructure,

Significantly reduced costs.

Both physical and virtual PCs centrally managed with a single set of tools.

WHAT CLINICIANS NEED

“Give me something that empowers me but does not tell me what to do”

WHAT ICT TEAMS NEED

The Clinical Desktop

Clinical Desktop is an integrated healthcare solution based on tried-and-tested, off-the-shelf products.

Working closely with your clinicians and ICT department, we can help you deploy a truly flexible and mobile desktop which will reduce the time staff spend accessing systems and put data where it is needed most.

Microsoft and Caradigm are uniquely placed to help you drive efficiency, reduce costs and modernise your ICT; with a breadth of products, and a thriving specialist healthcare Partner community. Clinical Desktop is one step towards a truly dynamic infrastructure, in which investment is flexible and always matched to visible outcomes.

Quick Login Times

It takes too long to login, open applications and find patient data. I need

technology which moves at the same speed as healthcare delivery.

A Desktop that follows me

Medical staff are flexible and mobile. I need applications which match that work

style

Accuracy across systems

I need the right data at the right time, entered once and securely shared

.

The pressure to deliver more with less means that, more than ever before, NHS trusts now look to technology to achieve tangible cost savings and help provide better patient care. With a modern dynamic infrastructure at its core, Clinical Desktop helps meet both requirements.

Solutions and Suppliers Partner – Clinician - ICT Envision – Build – Deploy - Manage

Significantly reduce wasted time and associated costs using context management, single sign on and intelligent desktop delivery.

SIMPLE, MEASURABLE & SCALABLE

Many solutions claim to increase productivity, but fail to deliver this beyond a small cohort. Others require complex and challenging remodelling of care pathways and processes. As a result, the promised benefits are rarely realised. The Clinical Desktop saves clinicians valuable time by simply and reliably reducing the time it takes to login or find patient records across multiple applications and then keeping a user’s session open on any device and in any location as they move around the organisation.

VDI & RDS ON YOUR TERMS Microsoft Windows Server 2012 includes… •  Intelligent infrastructure to support mix-and-match: deliver Clinical Desktop on your virtualisation solutions of choice •  A new file system technology which supports inexpensive Direct Attached Storage, further reducing costs (75% saving over SAN)

REDUCE INFRASTRUCTURE COSTS WITH MICROSOFT WINDOWS SERVER 2012

To open three clinical applications and undertake a patient search in each. Time saved: 66% typical.

Illustration does NOT include boot time, meaning time savings can be even greater.

An end-to-end solution, off the shelf for healthcare The Clinical Desktop is uniquely placed to deliver both efficiency savings and choice. It uses a single platform to always deliver an appropriate experience via “zero touch” traditional PCs, pooled or personal virtual machines (Virtual Desktop Infrastructure - VDI), and via desktop sessions through Remote Desktop Services (RDS). There are no constraints: Clinical Desktop is available easily and cost effectively to community services and on-call duty or remote workers using the DirectAccess feature in Microsoft Windows 7 and Windows Server 2012. Microsoft Windows 8 extends this flexibility further by allowing staff to use a secure USB stick to run Windows To Go on their own devices.

DISCOVER ALL THE BENEFITS OF A SINGLE PLATFORM

Clinical Desktop is delivered via a single platform of products purpose-built for an easy-to-manage solution. You have the simplicity of a coherent infrastructure which can be further enhanced with Partner technology. The core technologies used in Clinical Desktop are:   Microsoft Windows Server 2012

  Hyper-V 3 for the most cost efficient delivery of both VDI and Server Virtualisation   RDS for full touch-enabled Windows 8 sessions   Server Manager 2012 for straightforward, wizard-driven management   DirectAccess 2012 for easy to use, secure and cost effective remote access

  Microsoft System Centre 2012   Manage users and devices together for intelligent delivery of applications, data and experience   Zero-touch Imaging, Application Virtualisation, Patch Management and more in an integrated toolset   “Single pane of glass” for monitoring services at all levels from dashboards through to components

  Microsoft Windows 8   Best touch experience on the market today with the widest choice of devices and OEM partners   Windows To Go turns any user’s home device into a trusted, PC on the clinical network   Any application that runs on Windows 7 will run on Windows 8

  Microsoft’s own SPINE Identity Agent, supporting native 32/64 bit Windows 7 and 8 RDS and VDI   Caradigm Vergence

  Full Context Management with Single Sign-on (SSO) to clinical applications   Auditing across systems of access to patient records   Fast login times, ‘follow-me’ desktop with self-service and smart card enabled

The Clinical Desktop is about delivering benefits for the whole trust, from Clinical staff using the desktop and experiencing productivity gains, through to IT professionals managing the system with a small set of complementary and familiar tools

FLEXIBLE DELIVERY

These wide ranging benefits can be delivered in a single project. Given the scope of the work required to realise the maximum benefits, however, discrete projects can be delivered incrementally over time, with investment pegged to success. These stages are underpinned by our tried-and-tested Infrastructure Optimisaton model (below), with underlying core infrastructure best practice complementing the productivity gains from the full ‘follow-me’ Clinical Desktop.

Even small initial projects will yield quick wins. Subsequent goals often include modernised desktop management, flexible working support, and migration of applications to Windows 7 and Windows 8 if necessary. A truly optimised and dynamic infrastructure can follow by incorporating automation of processes (Forefront Identity Manager integrated with ESR) and full roaming mobility (Caradigm Vergence)

Stage 1: Basic

Designed to deliver immediate benefits, this stage delivers the Vergence role-based launchpad. A core set of clinical applications now have context management and SSO, plus a comprehensive privacy auditor. Discovery and remediation is undertaken on key platform components (Active Directory, skill sets, processes).

Stage 2: Standardised

Designed to provide a firm foundation for future benefits. Work is focused around clinical pathways, flexible working and apps. Key components are delivered via System Centre 2012, zero touch operating system deployment and client management incorporating App-V 5 (Application Virtualisation) and UE-V (User Experience Virtualisation).

Stage 3: Rationalised

The Clinical Desktop is delivered on the firm foundations put in place earlier. The follow-me desktop experience is realised by incorporating VDI, RDS and Vergence. Remote access services are delivered through DirectAccess and Windows To Go.

TIME LINE

Each Trust has different challenges, software, processes and infrastructure which makes delivery times highly variable. However, our experience of working with trusts across the UK and with our expert Partner community, we find the timescales below are typical. It should be a priority to establish accurate estimates on project startup.

Stage 4: Dynamic

Automation of all supporting processes plus provision of self-service facilities. System Centre Identity Manager is used to onboard and manage staff - integrated into ESR.

Self-service provided for applications, password re-sets and distribution lists. Vergence manages smart cards.

3 months •  Stage 1: The Vergence toolbar •  Core Set of Clinical Applications

12 months •  Stage 2: Optimised core infrastructure, clinical pathways •  Windows 8 or 7 with application compatibility completed. Roll-out of traditional PCs and

laptops together with new types of devices

18 months

•  Stage 3: Clinical Desktop with ‘follow-me’ capability Delivered through VDI and RDS and extended for remote use through DirectAccess

•  Full Single Sign on and Context Management. •  Stage 4: with full automation and self-service

At the core: flexible, scalable, reliable technology Microsoft’s Core Infrastructure is unique in the industry. Our experience of consumer, enterprise, client and datacentre means that clinicians, community staff and administrators can benefit from a consistent experience across technologies

Microsoft Windows Server 2012 is at the core of the Clinical Desktop Solution, with RDS and VDI delivering class leading performance and unrivalled cost benefits. Coupled with App-V 5, UE-V and Caradigm Vergence Context Management, a truly mobile and flexible clinical experience can be delivered, regardless of location.

VDI AND RDS IN WINDOWS SERVER 2012

  Quick and easy setup with QuickDeploy   Simplified administration of sessions and virtual machines from a single console   Intelligent patching and scanning through task randomisation

  High scalability with Hyper-V and improved system performance with FairShare   Deploy lower cost desktops with User Disks   Support for lower cost storage such as SMB file shares and DAS

  RemoteFX can leverage hardware and software GPUs   Rich Multimedia and 3D graphics even on low bandwidth WAN   Support for USB redirection and multi-touch remoting

Rich experience everywhere

Efficient management

Best value for virtual desktops

£

A single end to end platform ensures that SSO, Context and Mobility are easily achievable using best-practice deployment. The 2012 Blueprint ensures that implementation avoids common pitfalls.

All too often, Trusts invest in business cases requiring faith in untested and overly complex combinations of vendors and technology to deliver promised benefits. The 2012 Blueprint for Clinical Desktop is based on Microsoft’s tried-and-tested Optimised Desktop Platform, now further updated with the many improvements in Microsoft Windows 8 and Windows Server 2012. Drawing on our unparalleled experience in private and public sector applications across the globe, the Blueprint offers you peace of mind that our Partners have ample experience when implementing the solution. The role of each component is shown below, and you can discover the value to your operation of key components in more detail on the next page.

THE MICROSOFT IDENTITY AGENT A one-stop single-vendor platform reduces project complexity and risk. Microsoft has released its own version of the SPINE Identity Agent to provide peace of mind that the solution is fully tested from end-to-end.

While the process of using the NHS login remains unchanged, Microsoft has re-written the Agent from the ground up using a newly published API. This means that we can now support access to SPINE and LSP services using Windows 7 and 8, in either 32 or 64 bit versions, running in VDI, Windows Server 2008 R2 and Windows Server 2012.

Currently being tested in conjunction with Connecting For Health, version 1 is available on request. Future versions will include provision for session persistence when accessing SPINE services.

Key Components

Remote Access

Any modern solution should enable flexible working at its core, without compromising security, usability, manageability or affordability. DirectAccess 2012 builds on the successes gained in the Windows 7 version and adds wizard-driven deployment, RRAS policy integration and native IPv4 support. Users can now benefit from full domain participation remotely just as they do on the trust’s network, while security is assured without the need for complex and expensive token-based VPNs. Couple this with Windows To Go for end-to-end enforcement of Information Assurance polices.

Devices

Total device support enables unparalleled choice. Re-use existing hardware, further sweating your assets, whilst gaining access to Windows 7 and 8 experiences using THIN-PC. Allow mobility with the most exciting laptops, ultrabooks and tablets from a vast array of vendors, without the need for multiple infrastructures to manage them. Using Windows To Go, enable flexible remote working for community services and on-call staff without the need for laptops. Manage them using existing skill sets without the need for re-training - simply add the Vergence client to software in use today. Use Windows 8 Virtual Smart Card to remove the need for smart card readers on tablets and laptops.

Connectivity Services

With Windows Server 2012, Microsoft has delivered rich, out-of-the-box functionality that previously required Partner implementation. RDS and VDI are now wizard-driven and simple to deploy. The connection broker is fault-tolerant and scalable, with one broker for either RDS or VDI. Remote FX 2 offloads processing to the client and uses the local GPU, enabling full touch experiences. RDP has been replaced with intelligent switching between UDP and TCP for WAN and WiFi support, plus optimised screen refreshing for remote access.

Delivery Services

Three key technologies are used to deliver services to VDI, RDS and traditional PCs seamlessly and efficiently – which then follow clinicians as they move around. •  Caradigm Vergence – Logon and Authentication, Context Management, Auditing,

Smart Cards •  App-v 5 streams applications, rather than installing them, thereby providing the

mechanism for applications to follow users and eliminating the need to install every application on each machine. It also reduces testing through isolation. From one place, applications can be streamed to PC/laptop, RDS and VDI. Cached mode enables offline working and compatibility across Windows 7 and 8 without re-work.

•  UE-V offers massive time savings by removing the processing of profiles and personalisation from logon/off. Template personalisation allows for custom ‘look and feel’ on a per-application basis. UE-V also allows you to roll back changes and roam between machines, RDS, VDI, Windows 7 and 8.

Platform Services

Every solution requires firm foundations. Starting with an optimised Active Directory and leveraging the processing improvements in Windows Server 2012 Group Policy, user and computer objects can be configured for flexible work styles. System Centre 2012 manages configuration, monitoring, maintenance and onboarding of staff. Self-service password resets, application software and distribution list/group membership are facilitated through the service portal. Microsoft SQL Server 2012 provides best of breed data storage, while Hyper-V v3 provides the most cost-effective foundation for virtualising the entire infrastructure.

Clinical Desktop is a layered architecture with each layer providing a set of discrete but complementary services based on commercial off-the-shelf packages.

Caradigm Vergence Self Service Enterprise SSO, Context Management and Follow-me using Caradigm Vergence

Vergence: Driving the ‘Follow-me’ Experience

The process of unified logon (using smart cards if required), patient context management with SSO across applications and rapid mobility of sessions is delivered through Vergence and RDS/VDI delivered through a windows 7 virtualised session.

Each shared device used to access Clinical Desktop is configured as a Vergence Kiosk in Active Directory. A nurse or clinician simply logs on to Vergence using a smartcard and/or password. Once the user’s credentials are checked and their role retrieved, Vergence authenticates them to Active Directory followed by a managed start-up of either the virtual desktop or remote desktop session. The desktop is then delivered to the Kiosk, enabling the user to then access patient records through the context-driven Launchpad.

When a nurse or clinician needs to be mobile, they simply login to another Kiosk. Vergence then returns the original machine to a usable state, retrieves the previous session and presents it to the user.

1.  Device Configured for Kiosk use to Login to Vergence. Clinician swipes or taps smartcard to Login 2.  Vergence checks the smart card for credentials and matches them to a role 3.  Vergence authenticates Clinician to Active Directory (SSO) 4.  Vergence opens up VDI or RDS session (SSO) 5.  Clinician uses session and finds patient. Launchpad used for patient context across applications 6.  Clinician either uses another Kiosk or moves onto a tablet. Logs into Vergence once more 7.  Vergence returns the device used in step 1 to the login prompt. Session is recovered and delivered to the new

desktop as it was left in step 5

About Caradigm Formed by GE Healthcare and Microsoft Corp. in June 2012, Caradigm is a 50-50 joint venture focused on enabling health systems and payers to drive continuous improvements in care. Caradigm software is designed to make it easier for healthcare professionals across care settings to use data to gain critical insights, collaborate with each other and with patients, and to develop and implement innovative care solutions. Amalga, eHealth Information Exchange and Vergence – and applications built by partners to extend these products – give clinicians, administrators and finance teams timely access to key information, helping them to take steps to solve some of healthcare's biggest problems, including chronic disease management, preventable hospital readmissions and hospital acquired conditions, and to advance integrated, accountable care. For more information about the company, visit www.caradigm.com

Solve local challenges with a range of additional solutions from our Partners, all complementary to the Blueprint

Specific problems can be solved using technology from our accredited Partners, which is complementary to the Blueprint. There are certain situations where a trust may wish to use additional technologies to complement the solution, either due to specific challenges or where investments have already been made in bespoke technologies.

These two situations are not uncommon and the Blueprint is designed to be sufficiently flexible to accommodate them.

These options are provided by trusted Microsoft Gold Partners as described below. They have influence over product design and access to resources to ensure they are able to use any new technology at an early stage.

APPSENSE

This technology is an enhancement to UE-V. It provides fine grained management of all profile personalisation, together with complete history and recall. Similar to UE-V, it removes the need for heavy lifting on logon and logoff. Additionally, it can support profiles from Vista and XP, enabling long co-existence when migrating from XP to Windows 7 and 8.

Coupled with RDS technology, it can assist with Licence Optimisation, too.

RES

Similar in many ways to Appsense, this technology assists with profile management, roaming and licence management

CITRIX XEN DESKTOP

Widely regarded as the premium session-based virtualisation platform, fully complementing Microsoft’s RDS and VDI solutions.

ICA, the Citrix protocol for delivery of sessions to client machines, has benefited from many years of investment and can be deployed to mitigate virtually all networking challenges.

With support for iOS, OSX, Android and Linux, ICA can be deployed across any number of devices or types of devices, and is also used in thin-client terminals.

QUEST V-WORKSPACE

Similar in many ways to Citrix, this technology complements the Microsoft virtualisation stack and includes similar capabilities around networking and multi vendor OS support.

Advice and Guidance on when to use

We recommend working with both your account team and chosen Partner/Supplier to deliver Clinical Desktop. Be sure to articulate challenges specific to your situation and any investments in other technology. The team will then undertake a joint review detailing recommendations and risks.

Study the Microsoft Enterprise Roadmap, then work with your account team to undertake an Infrastructure Optimisation exercise to discover potential efficiency gains and savings which may remove the need for multiple vendors and products.

Next Steps

Working in partnership with your Microsoft Account Team is the fastest way to start deploying the Clinical Desktop

CONTACT THE HEALTH TEAM TO GET STARTED

Health-UK-Contact@microsoft.com

Demonstration

•  On Trust premises or at a Microsoft office

•  Latest devices including Windows To Go and Windows 8

•  Reference site visits

Discovery

•  Infrastructure Modelling using market leading tools

•  Short, medium and long term deliverables

•  Proof of Concept

•  Centre of Excellence

Delivery

•  Licensing modelled to your environment

•  Business Case development

•  Infrastructure Partner selection to suit your needs