TL, DR: Edging closer to Office365 and Azure Data Centre Migrations. Emerging Innovation and Technology on the NHSmail Roadmap and Cyber Security development.
[W/C: 11/10/2021 ]
Have not weeknoted for a little while so may reference bits covering the last few weeks. Warning maybe longer weeknote than normal…
Who did you talk to outside your organisation?
- Spoke with Mark Ward (NHSmail/Office365 TDA) at NHS Digital following some queries around managing SharePoint permissions centrally as we move deeper into our SharePoint Online migration. Some interesting things coming out over the coming months so was good to catch-up. The “All user" group permission per organisation on the central NHS shared tenant will be a much awaited and massive step forward, which hopefully will be with us this calendar year. It will enable us to be able to apply permissions at an all user level which is especially useful for SharePoint / FileShare migration as well as establishing a SharePoint based Intranet. Will be an enabler for an org wide teams channel for communication.
- Caught up with Virgin Media around the final stages of our Azure Express Route configuration. This has been on hold since early August due to delays on getting new Firewalls delivered. Our underlay IPVPN fibres have been installed for a while, the final step is to configure the cloud connect overlay which taps directly into Azure Data Centres and thus establishing an Azure Express Route. Azure Express Route configured and service key generated for Virgin to progress the overlay. Process will take 10 days in total so should be all ready just in time for when the Firewalls arrive at the end of this month 4 to 5 months since they were ordered!
- Had a planning session with Phoenix (Cloud partner) and Grant our Infrastructure Manager to run through our upcoming Cloud Migration wave 2, currently scheduled for mid-November on the tail of the Azure Express Route being made operational. Grant has done a good job in getting this stage prepped and ahead of the game with regards to engagement with system leads.
- Brief catch-up with Danny at MiS around progress on the internal network fibre survey they are undertaking for the Trust. A lengthy peice of work to track, trace, label and mark out routes including some really old ducts across the hospital site. Outputs will mean we know where each fibre cable is, where the termination points are, and the routes each fibre takes from point to point. This is key information in helping us to plan HIP2 IT enabling works. Demolition works will impact up to 70% of our local fibre network. Therefore new ducts and fibres will need to be laid once a new local data centre location is established.
What would you have liked to do more of?
Caught up with Mandy Sterling our IT Procurement Lead on Monday regarding some projects that we need Procurement support on. Woodsend (new site) infrastructure and HIP2 (Hospital Rebuild) IT enabling works. Loads to do and getting indicative costs for a new on-prem data centre and the associated periphery infrastructure. Looking to feed costs into an outline business case. Have a regroup in 4 weeks with a view to have most of it ready. With a week off in between this will be a challenge given the multifaceted tasks and requirements gathering required. Spent time arranging key supplier meetings with Mandy for when I am back from leave to progress. Also produced outline of what our new Data Centre requirements will look like ( much reduced space than our existing one due to our focus on moving what we can to the cloud).
What do you wish you could have changed?
This week was the annual CAN (Cyber Associates Network) conference, which was a virtual 2 day event this year. I wish I had carved out the 2 days to attend properly. I was only able to drop in and out on day 1. However, I really enjoyed listening to Phil Huggins interim national CISO, NHSx, welcome address. Not what I was expecting, was a breath of fresh air to the world of Cyber Security in the NHS.
What challenged me?
- Office 365 Desktop User Experience: We have had some difficult conversations over the last few months about the desktop user experience and the items we want to tie down and clean up to help our users with their transition to the world of Office 365, one drive and SharePoint. Layered on top of this is the issue that not all user experiences will be the same due to only a limited number of thick client user licences. Locking the desktop down to prevent local build up of files and folders has had mixed reviews within the team and I think we agreed that applying local profile quotas would be the best approach which makes the local windows experience usable as intended as well as ensuring users don’t build up large local filestores on desktop PCs. The experience has shown me that we have missed opportunities in the past during Windows upgrade projects and in the main because we have been up against the clock. In addition to this more locked down control on removable media as the use case is taken away by the use of OneDrive and SharePoint. We are working through what this could look like and unfortunately is likely to have a release date post One Drive migrations which is not ideal, but is our way forward given timescales to achieve these outcomes and resource constraints.
- O365 Application Dependency: Over the last 3 to 4 months we have worked to redevelop an in-house application to remove the dependency and now ready to go in the next couple of weeks and along with our PAS dependency issue resolved we were gearing up to an Apps for Enterprise rollout into clinical areas. However this in-house system is currently being used as a backup system for discharge due to issues upstream with another system which is awaiting a fix from the supplier. We have the dilemma of some more in-house development work (up to 12 weeks) or wait for a supplier fix dependent or whichever comes first. Impact meaning a delay on rolling out in some key clinical/patient facing areas, or additional licencing. Emily Wright O365 PM is working hard with the teams involved to workout our next steps. The project team remain determined and steadfast to overcome the challenge. No doubt somethings will go into the lessons learnt log.
- NHSmail MFA: There is strong guidance from multiple areas including NHSD to switch on MFA for all users. This is very much in line with zero trust architecture principles. The mindset of everything in your own corporate network considered secure needs to go as this is very much old school thinking. Migrating to our local fileshares and user shares and in the future our intranet to SharePoint Online, the data security considerations need to also flex accordingly to keep that now highly available data safe and secure. So how to switch on MFA in a world where clinicians are already challenged with long login times and multiple logins? The right and now solution we need is single sign on and password less technology. For me I think the longer term solution is pushing our suppliers to adopt the NHSmail login with the use of the APIs that are already available, thus reducing the number of passwords via same login by design and coupled with fido2 password-less authentication we would have a workable solution for our high foot fall clinical areas. Question is can we wait? I think not in the short term with our strong shift to cloud based services. Aiming to look at authenticator apps to see how they could help us with NHSmail MFA authentication in the next few weeks.
- Back on site: Have done a few days onsite over the last couple of months which has given me a real contrast compared to remote working. Really grateful that I am able to do most of what I do remotely. By far I am more productive working remotely and feel better about the outcomes achieved. Onsite still has its pros in that your able to connect and interact to colleagues better than over a video call, I do miss that so always a bit nostalgic when back onsite. So when onsite it is usually focused on a limited set of outcomes for that day. The drive in from Birmingham is not as bad as it used to be and a long enough stretch to listen to a growing library of audio books in the car, currently listening to “Think Again" by Adam Grant and got a few chapters in.
- Some reflection following on from a sprint planning meeting earlier in the week and the Group Digital Townhall later in the week. Our teams are asking for some project management/Agile training, in the backdrop of how the majority felt which was Busy, overwhelmed, tired and exhausted. I have some personal thoughts on this. But one for another blog post maybe…
What did you enjoy?
- We had a O365 Comms/Intranet regroup this week following a light bulb moment last week to publish our Comms, training and updates on the actual platform users will be using going forward, eg SharePoint Online as opposed to our rather battered and old looking on-prem intranet which is hard to navigate. This was received well and with some excitement from the team. There some current challenges with “All user" permissions (mentioned above) not being there yet to enable us to restrict to just KGH users. However, this just means our content would be viewable to the wider NHS on the central tenant. Nothing contentious that we would not respond to a FOI with and also in line with working in the open that may help others across the NHS who are working to the same goals. So really looking forward to launch this in the next couple of weeks before we start deployment of the Office 365 thick client (Apps for Enterprise) into clinical areas.
- Had a few short sessions with Tendai with regards to PowerBI over the last few weeks and again this week around our PLICS tender to discuss a PowerBI query response. As usual Tendai’s enthusiasm is contagious when it comes to Data Intelligence, and his ability to turn the technical into meaningful conversation for the layman to understand. It’s made it really obvious to me that we need a standardised approach for 3rd party hosted systems where we are looking at PowerBi for reporting, especially from a licencing perspective. Would love to work together with Tendai on producing a standard to feed into new procurement specifications. Also looking forward to following up conversations on how we can automate our highly manual cyber security dashboard using PowerBI. Currently Suraj Palmer-shah spends a couple of days each month pulling this data from various security systems and is even more keen after seeing Tendai talk about what his team have been working on in the health Intelligence area with PowerBI dashboards on this week’s Group Digital Town Hall.
- Hearing about the Trust taking up British Computer Society (BCS) — The Chartered Institute for IT’s Corporate Membership and the benefits to staff for professional development. Official launch coming up next month, interest registered almost immediately after receiving info. Really grateful for this opportunity, it’s been on my list to do for a while.
- Had an impromptu call from Andy Callow at the start of the week, a pleasant and welcome surprise. Always great to catch-up was left feeling valued and looking forward to some exciting times ahead for the Group.
- Spoke with Riner Rani on Friday about her experience in one of the clinical areas trying out some new visual tech with some of the clinicians and Mary. I shared information about Hololens2 — immersive technology being piloted for clinical use and on the NHSmail Roadmap for general release soon. Mentioned Hololens2 pilot at another Trust in a previous post read about it here. Later through the power of the Twitterverse it looks like there is still time to also participate in a pilot also. Thank you John McGhie NHS Digital, one to follow up!
- Had a 1to1 with Ian, and for a change a face to face walk and talk onsite. Have found these sessions really useful from a personal development perspective. He has an innate ability to shine that mirror back at you at just the right angle to reflect the light you need to see.
- Attended our monthly Cyber Security Group meeting, was impressed with the level of granularity the team were going into with regards to reporting on patching to make sure we patch thoroughly and not get hidden behind metrics in relation to our server estate. We have some work to do, no doubt but the maturity of approach in some areas was good to see. Also we got a key decision to progress with updating our password policy for AD, we are looking to implement the same password policy as NHSmail which follows NCSC best practice. Change less frequently, longer, more memorable. This will need some carefully worded Comms and change management.
- So one not from this week, but I am still enjoying 2 weeks on.. my new home office with a sit-stand desk and more even more screen real-estate and finally a new mesh WiFi. Will take a leaf out of Ian’s book and will blog about this one…
What did you achieve?
- We have made some significant progress on our Office 365 programme. We are third of the way through the number of FileShare migrations to SharePoint online we have within scope of the project. We also hit 300 pilot migrations for user shared drives into OneDrive using the SharePoint migration tool. The technical process was refined and some significant challenges worked through to make it as seemless as possible for the user. It has been a success! Looking forward to the actual migrations planned for early November over a 2 week period. This will drive and enable our users to use the office 365 more natively online. Comms and training are also going well. Emily, Liz and Kerry doing a fab job on this front.
- Finished the draft infrastructure Architecture topology design for iGrow (Paediatric Growth Charts system) phase 1. Enjoyed working across multi-diciplines to understand the requirements and how they would effectively glue together to deliver the new service. Learnt a bit more about our integration service from Alex Nash, integration specialist and also more about how we would stand this up in our new Azure Cloud environment. Reviewed iGrow specification and security assessment.
- We applied for Microsoft Azure Sentinel AMP funding a few weeks back which has since been approved and kicked off the first session with Phoenix our cloud partner to stand up the POC this week.
- Myself and Grant had an introduction meeting with Karen Naylor who has been assigned to the Cloud Migration Programme to assist with Project Management from an internal perspective as we are about to enter a really busy period of migrations from November 2021 to March 2022. Went through the schedules, Teams channel, Kanban.
- Submitted 2 of 3 Cyber bids via the NHSx Tech Fund. These had regional support from NHSE&I and NHSD cyber leads. We are currently rethinking our 3rd bid which will be around securing connected medical and IOT devices. A focus area for this year’s DSPT’s (Data Security Protection Toolkit) submission. Tech Fund is all capital unfortunately and makes it quite restrictive in a modern revenue subscription based world. We have been as creative as possible, hoping our bids make it through!
What did you learn?
- Few weeks back we had two afternoons of Building Cultural Bridges training delivered by our Equality, Diversity and Inclusion (EDI) Team and arranged by my boss ian roddis, Digital Director at KGH. This had quite a profound impact on me, and especially as it came after reading about White Fragility by Robin DiAngelo. I found there were a lot of issues from my own personal experience of racism that I had just ignored the impact it had on me at a sub conscious level. I was brought up to ignore it/be thick skinned and in part that was healthy, the viewpoint was yes racism exists, accept that as a coloured person you will have to work harder to excel and get on with it and don’t give it any energy. Now in most this has served me quite well, however Ive never reflected on how some of the more subtle aspects have impacted my behaviour. The EDI team are doing some great work and challenging behaviours like I don’t see colour everyone is the same, and making people see that this in itself is racism. I am a brown coloured British Sikh, I have a rich culture and history from which I come from.
- Joined the NHSmail weekly webinar. In addition to the NHSmail Teams channels relating to NHSmail/office 365 I have continued to find these webinars a really useful source of information over the last few months. The interaction is always good and attended by 100+ attendees weekly across the wider NHS covering a range of updates, issues and knowledge sharing.
- Loads of interesting items on the NHSmail Roadmap, some of which are now in general release such as PST injection service which will enable us to solve an age old problem of our users wanting archive but still using old unsupported PST files to do so. The injection service will search and move the contents from local file shares into the Exchange Online archive.
- InTune (Mobile Device Management) is also now moving into general release and ready for us to migrate to and finally move away from Blackberry. We just need to register our interest to progress. With iOS, Android and now Windows supported also.
- “All user (ODS code)” permissions in SharePoint to allow a range of organisation wide application uses in the world of Office 365. Coming in the next couple of months.
- AD password sync almost there too, which will enable the local AD and NHSmail password to sync and be one less password to remember. Hoping that this will bring the ability for users to self reset using the NHSmail portal.
- Also looking forward to longer term plans for computers being able to join NHSmail Azure AD and authenticate securely via the cloud.
- Fido2 tokens for password-less logins for clinical users coming soon, really looking forward to seeing these work in clinical areas. For more info on Fido2 see here.
- Was confirmed last week that Windows 11 upgrades are fully licenced under our current NHS wide Windows 10 Enterprise Agreement and was available this week under the Volume Licencing Centre (VLC) to download. No excuses this time for leaving upgrades to the last minute. We have 4 years until Windows 10 is finally retired.
What are you looking forward to next week?
Generally felt good at the end of this week and generally positive about the progress made the outlook ahead. Really looking forward to a week off and time away to celebrate my daughter’s birthday and time with family.