Secure, adaptable IT in an unpredictable world - the rise of software defined

The Rise of Software Defined

Secure, adaptable IT in an unpredictable world

The world is changing. Along with an unpredictable political landscape, the business world faces GDPR compliance, multi-generational workforces, new business models, security challenges and even state sponsored cyber-attacks.

IT has always had to adapt to changes. Flexibility was introduced 10-15 years ago through virtualisation – itself not a new concept. The introduction and mainstream adoption of cloud services allowed businesses to adapt to the changing business models, flexing capacity where required. However, the constant that didn’t change was the network, both inside the Data Centre, at the edge and the WAN.

This is now also changing with a shift to Software Defined Networking (SDN). The physical network is being abstracted from the logical – policies control how the network is configured based on the particular requirements at that point in time, not based on a fixed ruleset that was entered into a switch at the point of installation.

Going software defined presents a number of advantages to an organisation.

This new form of network is:

Programmable – Allowing the network to be programmed via API, applications can reconfigure the network automatically based on requirements.

When a developer needs a new software stack in an organisation’s cloud environment, typically it would require a change request to the networking team to configure VLANs, open ports on firewalls etc. In a Software Defined Networking environment, the orchestration tools or the application will tell the network what needs to be done, removing the human input and speeding up the delivery time.

Adaptable – The network can review what is using capacity and change how it operates, which is useful in a number of scenarios.

In the Data Centre, the network will identify the type of server (physical or virtual) being connected and the application deployed. Pre-configured policies will automatically control how and with what the server communicates. This removes the need for firewalls between layers within the Data Centre, and more importantly, the need for manual intervention to reconfigure switch ports and firewall rulesets.

Software Defined WAN enables organisations to be flexible in the carriers they utilise. Traffic can be routed over the best link dependent on the traffic type. Highly sensitive traffic can be sent over the high cost MPLS or point to point link, while less critical or less sensitive traffic is sent over Internet based connections. Sites can be added quickly and efficiently, with policies being consistently applied both in the LAN and out onto the WAN.

Simple – Once the SDN has been implemented, the complexities of traditional networks with long configurations, rulesets, VLANs etc. are removed. Network reconfigurations and manual intervention are only required when something totally new is introduced, and that again would be configured once and then propagated across the organisation. In a traditional environment, each switch may need configuration changes, and each firewall a ruleset change.

Secure – Humans are the weakest link – we make mistakes. Removing as much human interaction as possible with the day to day changes of the network removes the ability for mistakes to be introduced. Old unused firewall rules that allowed inbound open ports to a particular IP address will not exist, as rules will only be in place when the service is there that needs it. When a new server is added to the network with a reused IP address, a security hole will not be introduced. In the same manner, connectivity between two servers or a client’s server will only exist while those devices are on the network.

Assured – Because the networks are now API driven and APIs are often two way, more information is readily available on how the environments are performing. It is now possible to prove the network is delivering as intended, and where problems do exist it is quick and easy to identify what and where those problems are and remediate.

Cloud Ready – Extending the software defined environment into both the private and public clouds ensures that an organisation can truly operate in a multi cloud world, defining policies that will apply in their own private cloud or data centre as they will in a public cloud such as Azure, AWS or Google.

Software Defined Networking is not only a suitable platform for large enterprises. A true software defined architecture provides flexibility, control and simplicity, which makes it a valuable and beneficial solution for any organisation ready to embrace change.


How NHS Trusts’ WiFi budgets are future-proofing their infrastructure

Beyond Compliance: How NHS Trusts’ WiFi Budgets Are Future-Proofing Their Infrastructure

Patient WiFi can be far more than just WiFi for patients

With the directive to rollout mandatory patient WiFi, NHS Digital offered general guidance on what must be achieved, but no official direction on how to achieve it. By leaving Trusts to solve the problem independently, IT infrastructure experts expected many to take a short sighted “box ticking” view, extending 3rd party patient WiFi contracts, and adding an overlay with the aim of simply becoming compliant.

Instead, the rollout has seen many Trusts maximising the opportunity by investing the cash injection in their infrastructure and achieving further reaching, longer term benefits than they, or the industry, ever expected. With careful planning, the mandatory WiFi infrastructure has been shared as a secure, medical grade multi-purpose wireless network. Improving services and reducing costs, this forward-thinking budget utilisation is offering better outcomes for both patients and staff, adding operational and financial value to the NHS.

Achieving Compliance – Keeping it Simple

NHS Digital’s aim with this rollout is comprehensive – to achieve regulatory compliance, every Trust must deliver a secure, stable and reliable infrastructure. The solutions must include authentication, guest access, logical traffic separation, an assured level of service availability and security, protected access to related network infrastructure, automated enrolment, an acceptable use policy, robust registration, content filtering and provision of remote monitoring to manage usage. Login must be through a branded portal, and mandatory usage reports must be delivered to NHS Digital on a regular basis.

While this may sound burdensome, CAE have created several propositions to simplify the rollout within a Trust environment. They are quick and easy to deploy and integrate, minimising disruption and automating data capture and reporting. The solutions identify necessary hardware, software and licenses, and offer ongoing 24/7 support once the infrastructure is in place.

Achieving More – Maximising the Budget

Trusts are aiming to utilise the new infrastructure to positively impact patient care. Realising that the project can provide more than just effective public access to WiFi, Trusts are using the infrastructure as a platform upon which to deliver innovation.

Other, more advanced services being added include:

  • Wayfinding Applications: Patients and relatives can be directed with maps around the hospital – in any language – reducing stress and anxiety. By guiding patients efficiently around the building, Trusts benefit from a reduction in missed appointments (DNAs) and late arrivals.
  • RFID Equipment Tracking: RFID tagging increases operational efficiency and reduces costs due to loss and theft by locating medical equipment. Porters and ward staff are able to quickly locate the closest resource required providing increased efficiency on the wards.
  • Reduced Paperwork: By offering staff real time mobile access to patient records and allowing them to use mobile devices to update those records on ward rounds, both paperwork and errors can be minimised.
  • Efficient Resource Allocation: Real-time analytics and insights including patient waiting times, repeat visits and congested areas allow Trusts to more effectively allocate staff and equipment for improved service delivery and patient care.
  • Staff Security: In secure mental health settings, RFID lanyards have been issued for staff safety. Once an alarm button is pressed, the staff member’s location can be accurately established – a huge improvement on broader bleeper tracking.
  • Improved Communication and Feedback: Relevant clinical messages can be sent to target groups or individuals, and location data can be utilised, so patients can be asked for feedback – such as the NHS Friends and Family Test – as they are leaving the premises.
  • Improved Patient Satisfaction: Whilst the WiFi rollout itself improves patient happiness and wellbeing by allowing contact with loved ones, Trusts are using the network to offer patients improved entertainment options and access to relevant educational health information and services, freeing up clinical time and reducing costs.

With NHS Digital’s 5 Year Forward View detailing plans for paperless patient records by 2020, other expected future requirements include greater use of e-prescribing, increased e-referrals for hospital appointments, online GP appointment booking and accessible online medical notes for every NHS user in England.

Careful investment in infrastructure now offers not only complete, current regulatory compliance, but is also an easy way to support and benefit the Trust over the coming years.

Experts in secure and NHS compliant WiFi infrastructure planning, installation, maintenance and support, CAE offers free WiFi audits to NHS Trusts.

For more information, contact CAE.


Govroam - Public Sector collaboration at its best

Govroam – Public Sector Collaboration At Its Best?

Govroam is being heralded as a key component of future collaboration within the public sector – and collaboration at the planning stage makes it even more valuable.

With the increase in mobile working among public sector employees, reliable connectivity and the ability to remotely access resources has become a critical issue. A prevalence of sensitive and confidential data in the sector can make secure connectivity from outside the “home” network a massive headache for IT departments.

At best, the answer has been time consuming guest access for visiting staff, at worst hours of duplicated work for doctors, social workers and multi-disciplinary teams who move between buildings without access to the records and resources they rely on.

To overcome this problem, many hospitals, local government offices, libraries and other public buildings are signing up to govroam.

Reliable, Accessible Public Sector Wi-Fi

Govroam is the national roaming service that gives public sector staff free connectivity at any participating site across the UK. Offering completely seamless “zero touch” access to wi-fi, govroam automatically connects users to a participating network with a single standard login, without the need to register at each new site.

Secure and compliant, govroam uses end to end encryption, and private user credentials are only accessed by their home organisation for authentication, ensuring appropriate security levels are maintained.

The immediate benefits of this are obvious – clinicians moving between sites maintain access to patient records, social workers save travel time by not having to return to the office to type up notes, and everyone attending a multi-disciplinary meeting has live access to their own organisation’s network resources.

Govroam could transform the way public sector professionals work together. It can facilitate health and social care integration and enable efficient shared estates. It saves time, increases productivity and cuts costs, while encouraging a collaborative culture within public sector organisations by using shared spaces and resources instead of organisationally siloed working.

The Benefits of Community Collaboration

As part of the rollout, govroam comes with a free app which highlights the organisations that have govroam enabled, helping users to identify the nearest connected locations. The data map reveals much more than this – a quick glance shows that coverage is high in certain apparent govroam “hotspots” across the UK, for very good reason.

Govroam works best if deployed across the public sector in regions, rather than single organisations signing up for it. Deploying govroam in a single building with no participating neighbours limits its value and usage, and the map suggests that signing up as an entire community, such as an STP region or Local Authority is the most successful way to implement it.  In order to improve collaboration, govroam is relying on community collaboration to get off the ground, and it often takes one organisation with the understanding and foresight to take the lead and push the local project through.

Getting Connected

Most IT department can see the immediate benefits of govroam, even for themselves. Removing the time consuming challenge of securely authenticating and connecting visiting staff in a GDPR compliant way, costs are also reduced due to less reliance on 4G dongles for mobile connectivity. And govroam will become a critical part of any disaster recovery plan, allowing staff to use alternative sites to access their networks for business continuity.

For over-stretched IT departments, many of whom don’t have the time or capability to configure and implement  govroam but could benefit from its widespread network, CAE’s Connect is an all-in-one professional services package to get you connected in just 5 days.

‘CAE ASCERTAINED THE RADIUS CONFIGURATION CHANGES REQUIRED ON OUR INFRASTRUCTURE TO PUBLISH THE GOVROAM SSID ACROSS OUR ESTATE. OUR ABILITY TO HOST OTHER SERVICE USERS ON OUR SITES HAS BEEN A GREAT ENABLER FOR INCREASED COLLABORATION ACROSS THE REGION.’

Richard Wakefield – CTO,  Salford Royal NHS Foundation Trust