Weeknotes s02e02
TL,DR: Revenue business cases. NHSmail Intune and exploring identity management integration with our own Azure tenant. Dealing with Technical debt.
[W/C 10/01/2022]
Click here for previous weeknotes s02e01.
Who did you talk to outside your organisation?
Spoke with various suppliers this week following on some conversations from last week to obtain indicative costs for preliminary revenue business cases for the approaching financial year 2022/23.
Met with Matt Brownhill and Zahir Iqbal, Technical Architects from NHS Digital’s NHSmail architecture function. This was an initial engagement meeting to talk through what we are working on locally at KGH as well as our Group aspirations for both Azure Cloud and Office 365/NHSmail. Key items discussed were identity management using the NHSmail login in the context of our users using it as the unified method of authentication across the Group and enabling local Azure based services
Discussed how the NHSmail login could be used as the unified method for users to authenticate to log on to local network via Same Sign On which is due for release in the coming month or so. Went on to discuss InTune which currently only configured to support iOS and android devices. Control of Windows based devices is hopefully being released as a part of phase2.
What would you have liked to do more of?
Submitted a high level outline business case for Single Sign On. This was a last minute dash to ensure we hit the deadline for initial 2022/23 revenue business cases. I drew upon previous experience and knowledge to pull it together although I would have preferred to have the time to have detailed discussions with suppliers and other NHS organisations about their implementations to build a more accurate picture. This will be next on my to do list before a detailed business case is needed closer to the end of this financial year. Keen to produce the tech roadmap plan for how we achieve the goals laid out in our Digital Strategy to reduce the number of logins for our end users. At present the longer term vision we are exploring is to be able to use NHSmail authentication wherever we can by engineering the integration into existing and new solutions and thus reducing the volume of disparate logins. However, this is going to be a slower burn goal given the complexities and volume of systems. For the more here and now we will need an off the shelf SSO solution. Looking forward to getting this off the ground.
What do you wish you could have changed?
Although expected pressures for this week around completion of revenue business cases, found myself still wishing we had more time by the middle of the week. It also meant other work was more pressured.
What challenged me?
Technical debt, risk and compliance. Was reminded that we still have issues ongoing from a legacy change that was not backed out correctly and has been a compliance risk ever since. There is a 3rd party service provider involved who has not been able to provide a full service since and we are fast approaching the renewal point. The supplier so far has been really helpful.
Also we still have some legacy O/S’s that we that we really need to get rid of. This is an auto fail for Cyber Essentials Plus accreditation which we are working towards. We are considering options to move to Azure because of the additional layers of security available.
Meeting with some of the operational teams it was clear that resolution to some of these risks/issues have been outstanding for a while due to competing work pressures. It reminded me of how important it is to continually review risks, their mitigations/controls, maintaining visibility and the prioritisation of work loads to effectively manage risks.
The resulting technical debt is not something that is well tracked in general, but its impact is often on operational staff having to juggle priorities and quite often impacting on new work coming through the doors and improvements.
What did you enjoy?
Had a good end of week catch-up with Natasha. Discussed work in flight as well as some new bits coming up. Also discussed how we model cloud costs for new systems which will go straight to cloud. I think our best approach given our level of maturity in this space in the NHS is to build in 3 years upfront costs for reserved instance into the business case and charge this upfront with a transfer of funds to our Microsoft account which then enables costs to billed seamlessly over a 3 year period. This is not as agile as I think it should be in the cloud, but the alternative at present is getting into complex local cross charging mechanisms that serve no one. Would be interesting to know how others are doing this in the NHS.
What did you achieve?
- Review of our Cloud revenue business case for which our last update was presented July 2021 and confirm it still stood firm as an outline for 22/23. We are still in mid-flight with Server migrations to Azure and therefore still proving our forecast as we are making efficiencies in some areas and leveling up in other areas with additional cloud features. We will have a more accurate feel for forecast later in March for our cloud consumption rate. Other areas where it’s still early days is AVD which I am hoping will have more of a shape in the coming months part of which is Microsoft funded via their AMP programme.
- High-level revenue business cases for Pentera AI based Pen Testing and Single Sign On submitted.
- High-level revenue business case for Office 365 submitted. This involved mapping out our licence requirements for the 2022/23 taking into account some of the AfE dependencies we will still have to mitigate as this position has changed from 9 months ago. We also expanded the scope of the existing business case for to include implementation costs for Intune, SCCM as well as some additional licences and AD Manager to help us manage our AD estate more effectively and get it ready for a new Intranet rollout based on SharePoint Online.
- First kick-off meeting to discuss piloting Microsoft Intune. KGH was onboarded to the NHSmail Intune service in November 2021. Hoping to run a pilot and create our deployment plan between now and the end of the financial year. The actual deployment will be dependent on business case approval as we have 2000+ iOS/Android devices that will require a complete rebuild and re-deployment, with a large contingent being into clinical/patient facing areas. Phase 2 of our deployment will focus on windows based devices, subject to the NHSmail team releasing this functionality later this year. Will be glad to say farewell to our current MDM solution.
- Office 365: Caught up with Emily and was great to hear about the progress the project team are making on upgrading Office 2010 users to Office 365 AfE. With change freeze behind us the team resumed making progress this week. Also plans are in motion for the upgrading users who only have E3/R licence assigned eg. Office 365 online. The end user experience will be very different to an AfE licenced user. therefore we will be undertaking a pilot in the Treatment Centre to measure the impact on the end users, which will enable us to adjust our communications and training strategy as appropriate before we begin a wider rollout for E3/R users. Local network file shares continue to be migrated to SharePoint Online, with completion in sight over the coming weeks. Comms and training seems to be going well also.
What did you learn?
Did some pre-reading for TOGAF training next week.
What are you looking forward to next week?
- TOGAF — Enterprise Architecture methodology and Framework for Practitioners — Level 1 and 2 Training Course. Has been in the diary for a while and really looking forward to attending and going on towards certification. Hoping that I can bring some detailed learning about architecture design principles and design governance back into the architecture function within the Group which I believe we should grow.
