Weeknotes s01e20

TL,DR: New Product Demos, Infrastructure Strategy, Improving our Cyber Security, OneDrive Migration and the End User Experience

[W/C: 06/09/2021]

To see last week click here.

Who did you talk to outside your organisation?

• iGrow — Meeting with the supplier to discuss the technical requirements for a paediatric growth charts software that can integrate with our patient administration system (PAS). The supplier loosely presented cloud and on-prem solutions, although it was likely that in either case a local HL7 messaging interface server was required to be able to communicate with PAS. In our case even on prem servers would be hosted in our Azure as PaaS. Unfortunately there was no infrastructure architect topology or design for us to review to be able to assess which configuration gave us the greatest benefits. Agreed to regroup once available.
• Wellsky (EPMA) — Earlier in the week we had an EPMA product demo from SystemC following their recent acquisition of Wellsky (well-known specialised EPMA solution provider) and integration into their own EPR.
• Phoenix — Weekly Cloud Standup.
• Extreme Networks — Trust Strategy Session around networks, some of the challenges facing us and the upcoming hospital rebuild. Followed on by an afternoon technical NAC (Network Access Control) solution workshop led by Suraj Palmer-shah our cyber lead and Emily Wright who has been supporting the discovery elements of replacing our current NAC solution.

Network Access Control — controlling access at device level to only allow network access where they meet security and compliance posture checking policies

• ULH NHS Trust — had an email exchange with their Head of Technical Services around our experience of implementing a NAC solution. It’s not an easy solution to deploy in an acute Trust. It took us almost 12 months to deploy area by area which we completed about 5 years ago and now we are looking to refresh our current toolset as mentioned above.
• Maintel — Azure Express Route Firewall Low level technical design kick off meeting with Maintel technical team, PM and our local networking team. Pushed to get this into the diaries to try and build the implementation momentum so that we have everything lined up for when the Firewalls are finally delivered. Session was lacking the drive I was expecting where questions I was expected to be asked had to be coaxed out. Hoping it was just a quiet sense of confidence they were displaying as they seemed happy enough to produce a first draft of the low level design for review by the end of next week with the information they had.
• Virgin Media — caught up with Account Director to understand when our Azure Express Route fibre installation will be signed off following the BT open reach works that took place on Monday for our fibre connectivity. Also to find out what the next steps and timelines are for setting up our cloud connect overlay service to Azure Data Centres.
• Simpsons/Phoenix — recap and overview of our Data Warehouse cloud infrastructure. To better understand which cloud servers have been stood up and how their networking routes data for the current data uploads from servers on prem. Our Data Warehouse runs from a separate subscription on our tenant, so that we can track costs. However there are some pros and cons doing it this way. Requested a more detailed network architecture diagram to overlay on top of the application topology especially as there seems to be some anomalies with the current configuration which we may need to adjust. Will look to regroup again next week.
• Sandwell and West Birmingham Hospitals NHS Trust —myself and Suraj Palmer-shah spoke with Head of Infrastructure and Cyber lead over their recent Pentera (Automated Security Validation / Pen-testing) Deployment. It was particularly interesting to hear about the way in which they leveraged their ICS to negotiate a better price point. The toolset it’s self unsurprisingly received the same acholades for what it delivers as we have also heard from other organisations using the cyber toolset. Felt good to reach others across the wider NHS working in this space and particularly creating a space to discuss and learn from each others experiences.

https://www.pentera.io/what-is-asv/

What would you have liked to do more of?

Reached out to NHSEI to make contact with regional cyber leads in order to progress our Cyber Security Funding Bids. Was good to have made initial contact and found a way to progress. Myself and Suraj didn’t get enough time together this week to be able to pull together the bid info in enough detail to be able to give them the information they would need to be able to extend their support in bid submission which is now mandatory prior to submission. Submission is via the new NHSX Unified Tech Fund portal.

What do you wish you could have changed?

Would liked to have carved out more time to discuss/review our Comms plan. There has been steady stream of office 365 communication. However I think we need to take extra steps to make sure everyone is on the same page and we have the buy in from areas impacted. Time has been challenging given looming deadlines and diary constraints. For me from a technical perspective the biggest challenge is under writing the migration approach with user Comms at the right touch points. Given some of those technical approaches have only just been finalised it’s time to get the targeted comms right. We have a comms workshop approaching in the coming weeks and a shorter session next week to discuss how we get the message delivered at an Exec Team level around the benefits and timelines of Office 365.

What challenged me?

• Attended a Breast Surgery Clinical Collaboration meeting. These meetings have recently been re-envigourated, although they still feel weighed down. The way some of our systems work seem convoluted and we need to be pushing back harder with vendors to find solutions to make them work better for our clinicians. Another session next week to work through some of the issues identified.
• Later in the week Maintel confirmed that current delivery times look like they have slipped by two weeks and our current delivery day is the end of October. This literally cuts our Firewall implementation time to two weeks if we still plan on getting two cloud migration waves in before Christmas. Should I be surprised? Still looking for that silver lining…

What did you learn?

• Office 2010: The 1st November 2021 is the pending date for where connectivity between Office 2010 and O365 will be coming to an end. Due to the large number of endpoints still using Outlook 2010 specifically to connect to the NHS’ many Microsoft 365 tenants, Microsoft and NHSD have agreed a specific extension to the November 1st 2021 date. Therefore, all NHS trusts in England, Scotland, Wales will be added to an allow list for connectivity until May 1st 2022. This is pretty significant as most Trusts are still either in the throws of migration or have yet to start and would have left a very large number of staff from being able to work using NHSmail. Although not great Cyber Security news, it is a much needed reprieve to give organisations the time to migrate.
• Read about a new release of OWASP principles. We have started to ask new suppliers for assurance that their web apps mitigate against the risks identified under OWASP.

• Microsoft Hololens Pilot: Read a really interesting post on how Hololens2 is bring used for clinical use in a breast care unit - “Torbay and South Devon NHS Foundation Trust (TSDFT), along with a small group of other hospital Trusts have worked with NHS Digital as a national pilot centre for trialling the ground-breaking Microsoft HoloLens 2 and Dynamics 365 Remote Assist.” Great to see this being used and looks like it’s right on track according to the NHSmail Roadmap — Q3 2021

“the digital technology will support nurse-led dressing clinics. Clinical specialist nurses will be able to send a high-resolution video feed to consultants, in real time, to get immediate feedback and advice on a patient’s needs. Additionally, consultants are able to add digital markers and annotations live on to the video, to guide the nurse’s view where useful.”

Amazing immersive tech actually being used in a clinical setting! Hoping to learn more about pilot outcomes in the months to come.

What did you enjoy?

One Drive and Desktop Landscape Workshop. For months it felt like a nut we couldn’t crack due to legacy configurational complexities and it was not through the lack of trying. This was the main highlight of this week. An overdue and long awaited session which was well attended and was face to face on site. Was an engaging session with loads of ideas that we played out, took a few u turns and explored different avenues until we got to the point where we had thrashed out a migration approach that could work and also left the end user with a workable experience. Some challenges around timescales presented themselves and the number of reboots required for some users before a group policy applies to remove current filestore folder redirection prior to OneDrive migration. Bhavesh is going to be reviewing some further testing to see if we can make this slicker. Next steps to document, test and pilot. I enjoyed workshoping and facilitating techies solutionising whilst playing out the pros and cons. I must admit I love that space where your coordinating and facilitating SME’s with different technical backgrounds coming together, bouncing ideas to produce a valuable user output. This is the kind of space where some out of the box innovation is done. Follow on session next week to check on actions and progress.

Local home drive migration to OneDrive

What did you achieve?

• HIP2 — IT Enablers Workshop. Ran this session to mainly get everyone up to speed with the Hospital’s Re-Build programme and the impact of this to the IT Infrastructure, including relocation of some Data Centre Services. We ran through some of the options. At the end we agreed that we will need a location capable of accommodating up to 8 racks of data centre space onsite. Location options will have to be reviewed with Estate colleagues taking into account internal fibre network diversity for the core network and access to external network and telecoms services. Further workshops will be needed to start building up this programme of work. Fibre survey results are due in early October which will help inform a number of key decisions.
• One Drive migration process drafted and walked through. Some more testing and refining now.
• Submission of Azure Sentinel SOW to secure 10k Microsoft funding for a full deployment POC. Will hopefully hear back later this month.
• Reviewed and updated cyber security and infrastructure requirements section of a procurement tender I ran out of time on last week for Patient Level Information and Costing System that we are due to go out soon.

What are you looking forward to next week?

• Building Cultural Bridges training — Two half day sessions, the first virtual and the second face to face off-site.
• Follow on design discussion with Maintel/Virgin around Azure Express Route Firewalls and networking.
• Follow on OneDrive migration workshop discussion onsite.

Last week’s weeknotes can be seen here.