Weeknotes s01e09

TL,DR: ICS, Cyber Toolsets, Week2of2 Wave1 Cloud Migration, Data Centres/HIP2 prep and some headway on O365 rollout planning

[W/C 14/06/2021]

Who did you talk to outside of your organisation?

• Phoenix — initial workshop scoping call ahead of a session with our Finance colleagues to explore the art of the possible in helping them move more towards O365 and away from linked spreadsheets, macros and multiple Access databases. Hopefully we will explore opportunities with PowerApps, PowerBi etc. Looking forward to this.
• MiS —met with Danny to scope up some enabling works for an on-prem reduced Data Centre relocation in readiness for our HIP2 hospital re-build. We will be undertaking surveys of our existing data fibre network and the ducts across site. A key dependency in mapping out the physical parts of our data network infrastructure that will not be migrating to the cloud. Follow on meeting next week with Estates colleagues.
• DELL/Gyrocom — Velocloud SD WAN solution — reviewed costs capex/revenue, pilot and lead times.
• Various colleagues via N365 NHS central tenant collaboration teams channels around how other Trusts are handling security (conditional access/MFA), some teams issues, and how storage usage is monitored/viewed at an organisation level for SharePoint Online and OneDrive via the NHSmail admin portal (seems it isn’t yet).

What would you have liked to do more of?

• More time reviewing and documenting our cyber security controls and current gaps and opportunities. Spent time later in the week with Suraj on this but had limited time, will pickup again next week.

What do you wish you could have changed?

• Would liked to have gone along with Mary Macleod and Steve Wood who attended a site visit to Host-IT Data Centre in Milton Keynes. Unfortunately I couldn’t attend to due to prior commitments, very much would liked to have attended. Both came back super excited in a way only a tech geek would appreciate ☺, having seen data centre in a bomb proof subterranean location. Exploring options of offsiting Server infrastructure that cannot go to the cloud in the interim when our Primary IT data centre is decommissioned ahead of HIP2 development commencing. All options are being explored, by far the best would be if some of our larger contracted 3rd parties fast tracked their services into the cloud in line with our cloud first policy.

What challenged me?

• Some large suppliers following processes that bear little thought for the customers timescales and generally a lacking a sense of urgency. Unfortunately there is little to no comeback. I wish there was more competition out there for them not to be so complacent.

What did you learn?

• More about SD WAN and how local internet breakout works for secure services such as O365 using VMWare Velocloud at smaller satellite offices. Really looking forward to putting this technology to use, the more I hear the more I like.
• Read the newly published ICS Design Framework and how NHS trusts and foundation trusts will play a critical role in the transformation of services and outcomes within places and across and beyond systems.

What did you enjoy?

• Pcycys/Pentera — Automated Pentesting and Security Validation Software. Mentioned this last week, was pleased with what was presented. Particularly pointed out the need to validate over simulation. Will be reviewing our next steps along with NGH. What was encouraging was so many NHS organisations up and down the country have invested in this already. One of their largest orders being in Merseyside/Cheshire at an ICS level across 10 participating organisations. More needs to be happening at this level with regards to joined up approach and procurement in the cyber space.
• IT Health — another demo in the cyber space this week. This one focussed more on helping NHS organisations lighten the burden by pulling together evidence and dashboards for compliance. Particularly focussed on CareCerts and DSPT assurance as well as some really useful built in toolsets that highlight gaps that need addressing. This type of activity across the year can take a large proportion of a whole time equivalent sec ops engineer to generate, police and action. Some impressive credentials, in that they operate in over 100+ NHS organisations and have just approximately half of all NHS endpoints monitored with their toolset (1m plus endpoints). We will be undertaking a proof of concept for this in the coming weeks and hopefully making a case with NGH to progress of successful.
• End of week 2 catch-up after Wave 1 pilot migrations to Azure with the Ops Team. Reviewed progress, took stock of events and lessons learnt. The migrations on the whole went really smoothly and the team are feeling even more confident for the next wave.

What did you achieve?

• Presented our cloud journey so far to KGH’s Digital Town Hall — where are we now and what next…

Also covered a bit on working in the open, sharing opportunities of blogging and Government Design Principles and in particular #10 — Make things open; it makes things better. I first saw these principles pinned up on Andy Callow’s office walls late 2019/early 2020 when they first caught my attention.

“We should share what we’re doing whenever we can. With colleagues, with users, with the world. Share code, share designs, share ideas, share intentions, share failures. The more eyes there are on a service the better it gets - howlers are spotted, better alternatives are pointed out, the bar is raised.”

Hopefully it will encourage others from the Digital Portfolio to also start blogging and sharing more.

Presenting to large group of 60+colleagues from across the Digital Portfolio... I was definetly out of my comfort zone and I am sure I started out like a bullet train and probably needed to do a bit more scene setting to start with. I work with some amazing colleagues who gave some positive feedback which I appreciated. Was very grateful for the opportunity, especially to ian roddis.

• Spent a fair bit of time this week with Emily on developing our deployment plan for O365 across the Trust. Lot of complexities that we worked through with the Teams and started to map out the Migration Approach. Although a few setbacks in some of the O365 dependency areas, hoping these will be ironed out or have some options to review next week.
• Azure Express Route local Firewall Procurement completed and HLD signed off and returned.

What are you looking forward to next week?

• Finalise and document O365 technical migration process and approach.
• Draft N365 trust policy.
• Review and update Pathology Comms Room Project Closure technical handover documentation.
• Scoping call for Microsoft Azure Sentinel Workshop and POC.
• More cyber security tools and gaps mapping
• Reviewing and updates on some of our current cyber and infrastructure risks and some more detailed analysis of one of our platforms.
• Scoping business case for Infrastructure Refresh for this year’s capital spend.