Weeknotes s01e26

TL, DR: Azure Express Route… so close! Our Digital Design Principles — Doing things once. NHSmail service just got way better..Microsoft InTune is now available.

[W/C 25/10/2021]

Had a week on leave last week for some family time out with a few days away. Came back to a long, and at times fast paced week.Last weeknotes can be seen here. Here is how this week went…

Who did you talk to outside your organisation?

  • Myself and Mandy caught up with our account manager at Virgin Media to progress some indicative quotes for moving some of our circuits to a new on-prem data centre. Ended up picking up some staff benefit offers that Virgin are offering their corporate customers Virgin Affinity.
  • Maintel/Extreme Roadmap regroup meeting with Mary and Steve. Covered off projects in flight and those in the pipeline and some that are incoming.
  • Cisco/Maintel — presentation of Cisco Viptela SD WAN offering. Maintel were keen to present an alternative SD WAN offering than the DELL VMware Velocloud solution we have been looking at this year.
  • Revisited our server licencing model and requirements for Azure with Phoenix. Microsoft licencing is its own industry and requires specialist knowledge due to some of the complexities. Worked through how our current on prem Microsoft Windows server data centre licencing translates in Azure and what this means in terms of potential shortfalls once we start migrating our on prem VMware virtual servers into Azure.

What would you have liked to do more of?

Currently working on some procurement specifications which need some detailed technical scoping and some undisturbed time to get through. When you get into that space where you have a flow going and then a forced break due to meetings.

What do you wish you could have changed?

  • Due to some collapsed ducts at Woodsend some civils works are needed. Work has been paused since August trying to get a position statement from the supplier as well as wayleave permission to carry out the remedial works. Anticipated date for delivery is March 2022! This is staggering considering when the order was placed for this simple DIA circuit in June 21. We need a better way of standing up new sites. I am convinced that the way forward for pop up small sites is SD WAN with broadband commodity underlay service which typically has lead times of inside 4 weeks. May actually consider this as a short term work around…
  • Missed the KGH Reach EDI Network meeting, was looking forward to joining, was unfortunately unable to attend.

What challenged me?

  • One of our suppliers continues to disappoint to almost expected outcomes. With us still not having a bug fix for an upstream system that prevents an office 365 AfE dependent legacy application from being removed. We are now expecting a bug fix release in the next couple of weeks, if that proves to be the case we may yet be able to salvage our time frames for Office 365 deployment.
  • Virgin Media dropped the ball around our Azure Express Route local Routers and IP Configs and thus left us scraping to claw back valuable time lost. We had been told it was all sorted in August. Unfortunately it now adds pressure on completing the Firewall implementation planned for the coming two weeks. Pressure is mounting on ensuring we hit delivery of the Express Routes in time to commence live service/server migration waves into the cloud starting from mid November.
  • After having our initial batch of local admin delegate permissions enabled for our users One drives a number of weeks back without any mention of costs, we put in a final request to undertake the final batch of users so that we can complete the final rounds of the migration this coming week. Unfortunately requesting administrative permissions for user One Drive migrations has become a chargeable service from Accenture and was disappointingly confirmed by the NHS Digital team this week.
  • Finding out that the Group will be losing one of its best from the Digital Portfolio. Has made such a massive impact within the time spent in the organisation.

What did you enjoy?

  • Coming back from Annual Leave and the Office 365 project team have pressed on with progressing One drive migrations. We are now in full flow big bang this week and next week across the organisation.
  • FileShare migrations to SharePoint Online also in full flight and making excellent progress.
  • Emily Wright did a great job presenting an update on Office 365 at the Exec Group briefing this week after an introduction by Debbie (CEO — Kettering General Hospital) around the work going on around delivering Office 365 across the Trust.
  • Caught up with Andy Callow after a long while, was an engaging chat around Enterprise Architecture and Cyber Security going forward across the Group. Really keen to get cracking on tackling some of those items of in the Digital Strategy with a Group focus across both Hospital Trusts and to do it once for both. Especially items like single sign on and a joined up view on Cloud.
  • Interesting discussions with Grant (KGH IT Infrastructure Manager) around a variety of topics. One in particular was sparked off by a discussion around costs of hosting the new iGrow system in our own Azure tenant Vs our more traditional model of on-prem virtual servers. Cloud hosted vs on prem is not a straight forward like for like comparison. The cloud brings so many options around BC/DR/HA/Security that come with a proportionate increase in costs. The big question as always is how critical is this new information/system asset? — Business Impact Analysis to work out RPO/RTO to scope the resilience requirements. This is not a new question, but becomes more prevalent in the cloud environment to ensure costs do not spiral out of control. Typical on prem infrastructure is scaled up front at the start of a capital hardware refresh cycle to be able to cope with anticipated capacity and demand for the period up front. This inherently allows resource wastage whilst infrastructure lays under utilised for years before its actually used or in some cases never. With cloud we need to get better at scoping requirements that can flex in the cloud when needed. It reminded me that although we may be under taking an ambitious migration to Azure, our journey has only just begun.
  • We also discussed doing things once across the Group (One of our design principles for Digital) approach for cloud to start thinking about how we could approach this in the new Group setting given that we have gone a fair distance at Kettering Hospital, how do we leverage that learning and infrastructure to benefit our users and patients at Northampton Hospital also. Hoping to follow up with counterparts at Northampton to follow up on this.

What did you achieve?

  • Myself and Grant (Infrastructure Manager) had a few cloud and infrastructure project sessions this week with Karen our newly assigned Project Manager for the Cloud Data Centre Migration Programme. We went through the migration waves, introduced to the Phoenix project manager on the cloud standup this week and went through the project RAID log to update. Finished the week with running through licencing requirements with Phoenix for when we start migrating servers into the cloud to make sure we remain covered.
  • HIP2 Enabling works IT/Estates project team catchup this week. I ran through progress made so far and an update on timelines to be able to feed costs into the HIP2 enabling works outline business case. Have started to build up the requirements. The power requirements for our new data centre are quite important as they drive the scale of other elements such as cooling etc. Have set an ambitious timescale of 4 weeks to get most of the costs collated given that we will have to soft market test some of the costs.
  • New SharePoint Online page on its way to being progressed for all Office 365 communications and training, looking forward to seeing what this looks like next week. This followed on from light bulb moment discussions a couple of weeks back.
  • Our Virgin Cloud Connect Overlay service is ready now ready to use with the Virgin side of the configuration completed on time. Next steps to complete Azure configuration for the Express Route once the IPVPN circuits are fully operational with Firewalls installed. Hoping we can complete this in the coming two weeks.
  • Ran through some architectural detail of the iGrow (Paediatric Growth Chart Application) that will link to our EPR system. Some questions that will be ironed out next week around around the number of test environments needed given that this is a smaller system than most which trend towards two test environments.

What did you learn?

  • We had a Group Digital Town Hall this week with the focus being on next steps towards achieving theme 8 of the Group Digital Strategy — “Collaborating for a shared purpose
  • Attended the NHSmail Microsoft InTune webinar delivered by NHS Digital. We registered our interests a while back and we have been slotted in for onboarding in February 2022. Some pre-reqs to sort and staff to get up to speed ahead of that date. The session was informative and paved the way forward to some exciting times with some long awaited features. With InTune comes Azure AD connected windows 10 machines. Provision, manage and login from anywhere..

“NHSmail Intune is a new, cloud-based centralised mobile device management (MDM) service. The NHSmail Intune solution will centralise device management under the NHSmail shared tenant, while maintaining a high degree of customisation, oversight and local autonomy for organisations.”

Really looking forward to getting our teams to onboarding this service and delivering these benefits to our users. When I think of the use cases for our clinicians who are mobile across both Trust’s and collaborative working the possibilities are numerous. Making ease of access from anywhere easier and single sign on for NHSmail services.

  • Also attended the weekly NHSmail Webinar. FIDO2 for MFA is now in general release from next week.

“FIDO2 provides NHSmail users with an additional option for multi-factor authentication (MFA). FIDO2 authentication enables password-only logins to be replaced with secure and fast login experiences, leveraging common devices, to authenticate across websites and applications in both mobile and desktop environments.”

  • Started to review requirements for a new office site for hotdesking for back office staff to enable some demolition works for HIP2. The brief didn’t make sense to me, in that it will be WiFi enabled only and for staff to bring along their laptops. Sounds a lot like working from home with the office costs.. have been asked to scope up for up to 50 users. Have requested some costs for network circuits and broadband. Will endeavour to scope up the details after a site visit next week.

What are you looking forward to next week?

  • Running through our HIP2/Data Centre requirements with our EPR provider for scoping migration from our current Data Centre and the associated costs to feed into the HIP2 business case.
  • Scoping costs with BT for HIP2.
  • Continue working on High Level Design Requirements for the HIP2 enabling on-prem Data Centre.
  • Progressing Licencing for Office 365, Cloud based Windows Servers and hopefully based licencing

Last weeknotes can be seen here.