Options, appraisal and decision – NHS locations network requirements

When looking at the requirements for NHS locations, the team assessed the following options:

1. Direct network link installation.
2. Subcontract all the IT support and Infrastructure to Midlands and Lancashire CSU.
3. Implement a hybrid model using the CSU network, but providing the systems and services from Mid Cheshire.

The first option which was considered was to put in a direct network into all the locations which had a community presence.

This option would have addressed the challenges of providing a network connection for staff across a wide range of locations. Implementing our network would mean connectivity via Wi-Fi and fixed PC locations could be provided, and all systems and service which were required could be accessed with sufficient bandwidth.

However, this option was quickly discounted on cost. To put fibre circuits into over 20 sites came at a significant cost. The way that fibre circuits are costed by suppliers is based on the physical length of the fibre cable, which would all need to be from the main site.

The community and GP locations where we needed a connection varied in distance from our main site. On average the circuit costs were around £10,000 per connection. In addition to the fibre costs, the locations would also need switch cabinets, cabling and switches, which again would come at an additional cost.

The costs would reduce if an MPLS model was adopted, but due to the sites already having a MPLS network in them it was unnecessary to have two networks in one location.

The trust also considered using the CSU to provide all network/IT services to staff, as they were already doing this on behalf of East Cheshire.

The CSU had the network connections into all the buildings the trust needed, but the cost for this support was significant. The CSU costs were expensive and came with several restrictions:

• the CSU would only support the Microsoft Windows environment and not offer any application support, meaning Mid Cheshire would still need to provide IT staff to support
• the CSU wouldn’t provide the hardware, and replacement hardware would need to be funded by Mid Cheshire and provided to the CSU. This would cause issues as Mid Cheshire ordered different equipment to the CSU, so PC image setup was a problem
• staff may also get confused on who to contact for support if applications were supported by one organisation, but Windows and the network was supported by another service desk
• Mid Cheshire IT staff wouldn’t have the ability to remotely access devices to help support users

There was no physical link back to the host organisation, so access to trust systems for risk reporting, intranet and HR became a challenge as not all services were available over the Health and Social Care Network (HSCN).

Based on 400 staff initially (350 at point of TUPE and an additional flex of 50), an estimated cost of £500,000 per year was quoted. This was not affordable for Mid Cheshire.

The final option which was explored was a hybrid model. With help from a network specialist 3rd party, the CSU and Mid Cheshire worked together to look at if there was a technical solution, where IT and telephony services could be provided by Mid Cheshire, but the network infrastructure maintained the same at the sites.

The technology which was to be adopted was called Virtual Route Forwarding (VRF). In essence this allows 2 network configurations to be provided on one switch, providing total network separation.

A link would be put in from one of the main sites on the CSU’s network to Mid Cheshire. A VRF network overlay would then be created at all sites where we required Mid Cheshire staff to operate on. This then allowed us to configure at port level on the switch at each location which network the device would connect to (Mid Cheshire network or the CSU network).

This network separation allowed both the Mid Cheshire services and the CSU services to be provided from the same switch without any cross contamination of networks. Any sites which were configured on the Mid Cheshire VRF, the network traffic then flowed through the MPLS network and over the fixed fibre link to the Mid Cheshire network.

Wireless connectivity

The VRF configuration facilitated the ability to present the Mid Cheshire network out at any CSU site. However, the CSU already had hardware in place to provide the wireless networks at their sites. The CSU did have both corporate and guest network access at their sites.

However, the VRF didn’t extend to the wireless so Mid Cheshire staff were not allowed to use the corporate SSID which was presented where the bandwidth provision was sufficient. The reasons for this were due to network routing, and security setup differences. The CSU and Mid Cheshire did not want to mix their IT environments.

The guest network which was provided by the CSU did allow Mid Cheshire staff to connect and use a Virtual Private Network (VPN) connection to access the Mid Cheshire network, however the guest network connection only had a 100MB link to the internet, and the provision of the SSID was across over 50 sites in Cheshire for patients and guests to use. The link wasn’t suitable for Mid Cheshire to run a clinical service on.

Due to the physical network being in place, work was done to anchor their wireless controller to Mid Cheshire’s. This then allowed the publishing of the Mid Cheshire SSID across all the CSU sites, without having to deploy any additional hardware.