Document Control Document Title Infrastructure Standard Version 1.1 Owner National Infrastructure Group Author Paul McLaren, paul.mclaren@nhs.net, 0788 184 0763 Created date 5 th August 2013 Compliance See guidance in section 2 Reviewers Distribution and National Infrastructure Group, National Application Group, ehealth Leads, ehealth Architecture and Design Version Control Date Version Author Changes 05/08/2013 0.1 Paul McLaren Initial draft 26/08/2013 0.2 Paul McLaren Comments from John Light, NHS GGC 16/09/2013 0.3 Paul McLaren Updated following review by National Infrastructure Group on 30/08/2013 19/09/2013 0.4 Paul McLaren Minor updates to wording in section 2.2 13/11/2013 0.5 Paul McLaren Update following review by National Applications Group 13/01/2014 0.6 Paul McLaren Update to Infrastructure Management section. 03/02/2014 1.0 Paul McLaren Sign off by ehealth Leads Group 02/05/2014 1.1 Paul McLaren Amend regarding version of Win 7 to include both 32 and 64 bit. Page 1 of 9
Infrastructure Management (within local Boards) Governance (supported by National Infrastructure Group) 1. Overview This standard describes the hardware and software specifications for infrastructure in NHSScotland. It aims to benefits a number of audiences to ensure they are make informed decisions based on the actual availability of IT infrastructure. The standard replaces the NHS Scotland Personal Computer Standard to provide wider coverage of the infrastructure stack, covering the following infrastructure elements and describing the specification for each: User directory services, authentication by single sign on Applications browsers, productivity, email and core business functionality (excludes line of business and clinical) Client hardware, operating systems for PCs, laptop, tablet and mobile devices Server hardware, storage, operating systems, databases and web hosting Hosting data centres and computer rooms within Boards and beyond Network connectivity within premises, between locations and to other networks Adherence to the standard will support Boards in local planning, aid procurements by providing specifications and assist suppliers to provide solutions that can integrate with the NHSScotland infrastructure, therefore leading to more effective solution delivery. It should also be noted that NHSScotland seeks to ensure that single supplier dependencies are minimised and that lock-in to additional products is avoided to limit exposure to hidden TCO increases. The standard will is also supported by roadmaps documenting the lifecycles of each of the elements within the standard, supporting transition and providing advance notification of product end of life. 2. Compliance For Boards: The standard provides Boards with a specification to which infrastructure within their Board should comply. For Suppliers: Page 2 of 9
The standard provides suppliers with a specification to which their solutions must comply. Suppliers should ensure their solutions can be deployed, function and integrate where required with all the relevant specifications detailed in the standard. For non-compliant solutions which require specifications out-with those in the standard then appropriate consultation should be undertaken with infrastructure teams at a local, regional or national level to consider the implications of the increased support and both cost and risk implications the non standard product(s) introduce. Page 3 of 9
3. Specification The following tables detail the specification for each section of the infrastructure stack. Where a product is specified it should be assumed that product or equivalent is acceptable for Boards to have available. User Recommended specifications for directory services and authentication. Directory Services Authentication Microsoft Active Directory managed by Health Board Integral to application or Microsoft Active Directory managed by Health Board Single Sign Imprivata e Sign v4.5 minimum. Applications Recommended specifications for browsers, productivity and core business functionality (excludes line of business and clinical). Application Delivery Methods of application delivery are, in order of preference: i. compliance with the Web Browser specification. ii. iii. packaged applications for deployment by Health Board client management tools delivery of application by desktop virtualisation or thin client technologies Web Browser Installing or running of applications should not require elevated rights for the logged on user HTML5 compliant, solutions should be tested on IE8 and IE9 as a minimum For alternative browsers testing should be project specific (ie solution must run on an ipad or similar) Page 4 of 9
Web Components Productivity Security Client Management Java SE 7.x minimum Microsoft Office 2007 Open source alternative with Health Board agreement Adobe Acrobat Reader version 9 minimum Health Board specified solutions offering following: Anti-virus active and managed by local Health Board Client Firewall optional Anti-malware optional Encryption per the Mobile Data Protection Standard (ref 1) USB port control optional Preboot authentication - optional Faulty and end of life hard disks to be retained on site by Health Board Health Boards specified solution offering following: Hardware asset management Imaging Endpoint location information Remote support Application deployment Operating system patch deployment Application patch deployment Software asset management and licence metering Local Session Data Screensaver Session data created by applications should not retained on endpoint (e.g. local copies of databases and similar) NHSScotland approved security screensavers in addition to any local images Client Recommended specifications for hardware, operating systems for PCs, laptop, tablet and mobile devices. Page 5 of 9
Operating System: Windows 7 32 bit and 64 bit Processor: Windows 7 compliant minimum Memory: Windows 7 compliant minimum+, recommended 2Gb Disk: Minimum to meet local requirements, additional spare Desktop/Laptop space varies locally Screen Resolution: native to monitor with minimum 1024x768 24 bit minimum upto 32 bit colour quality Keyboard: Standard UK QWERTY Mouse: 2 button only, scroll wheel optional USB Ports: Availability of spare ports and type optional Tablet and Mobile Device ios: Apple ipad 2 and iphone 5 running ios 6.1.3 minimum Android: Samsung Galaxy te and Samsung Galaxy S3 running Android version 4.1.2 minimum Windows: Dell Latitude 10 Standard ST2 Tablet running Windows 8 Pro 32 bit Server Recommended specifications for hardware, storage, operating systems, databases and web hosting. Hardware As specified by Health Board, either physical or virtual instance Virtualisation VMWare 4.x minimum Storage Operating System Database Web Hosting Backup As specified by Health Board, either physically attached or SAN Windows Server 2008 R2 Red Hat Enterprise Linux SQL Server 2008 minimum Oracle products per the NHS Scotland EWA (ref 4) IIS 7.0 minimum Apache Tomcat version 6.0.37 minimum As specified by Health Board, in line with existing Health Board solution and backup policies. Page 6 of 9
Hosting Recommended specifications for data centres and computer rooms within Health Boards and beyond. General Rack Environment Power Access As specified by Health Board but recommended TIA-942 / Uptime Institute Tier-2 availability minimum (with aspects of Tier-3 such as dual PSU s in all servers, storage and networking devices). Compliance with EU Code of Conduct for Data Centre Energy Efficiency (ref 3) Availability in agreement with local Health Board, specification to Electronic Industries Alliance standard 19 rack mount. As specified by local Health Board but recommended: N+1 cooling capacity, minimum dual units Hot/Cold aisle configuration, maximising power utilisation efficiency. Target PUE <1.5 As specified by local Health Board but recommended: Dual incoming supplies N+N capacity Dual UPS N+N capacity Each supply has own distribution board Each rack is supplied with 32A Commando connection from each supply Physical site and equipment access in line with Health Board arrangements Remote support in line with Health Board arrangements and security policies. Network Recommended specifications for connectivity within premises, between locations and to other networks. Local Area 100Mb/s minimum to wired client devices. Wireless Local Area Availability optional Page 7 of 9
Wide Area Security Video Services NHSScotland sites are connected by N3 and COINs. Site bandwidth varies from 512kb/s to 1Gb/s (10Gb/s for some COIN backbones) with QoS for selected national applications. Asynchronous and synchronous technologies are in use. Firewalls in place between internal networks and all external environments, including N3, direct ISP Internet, and partner organisations such as councils, and other public sector. Configurations changes in agreement with local Health Board. Compliance with NHSScotland Video Conferencing Standard (ref 2) Infrastructure Management The following should be noted: Health Boards manage and operate their ehealth infrastructure services locally to ITIL aligned processes. Suppliers and their services desks should equally be ITIL aligned. Change control or similar requests may require approval by a Board Design Authority or CAB. Suppliers should provide sufficient advance notice for planned works so Health Board approval can be agreed. Changes should not be scheduled for a Friday unless specifically agreed. Governance Where there is a requirement for approval and sign off various groups and Management Boards exist within NHSScotland. The process to be followed for approval will vary dependent on the financial levels and operational impact of the request. ehealth Governance has the following structure for infrastructure decision making and sign off: ehealth Strategy Board ehealth Programme Board ehealth Leads Group National Infrastructure Group (acting on behalf of the Infrastructure Portfolio Management Group) Health Board ehealth/infrastructure Management A number of other advisory groups exist (Information Governance, Security etc) that may provide input if required. Page 8 of 9
Review This standard will be reviewed annually, indicated by the published date. Individual sections may be reviewed out of sequence as required. References 1. Mobile Data Protection Standard: http://www.sehd.scot.nhs.uk/mels/cel2012_25.pdf 2. Video Conferencing Standard: http://www.ehealth.scot.nhs.uk/wpcontent/documents/video-conferencing-standard-v1.0.pdf 3. Data Centre Code of Conduct: http://iet.jrc.ec.europa.eu/energyefficiency/sites/energyefficiency/files/introductory_gu ide_v2.0.2.r.pdf 4. NHSScotland Oracle Enterprise Wide Agreement (EWA) products available on this agreement available on request. Page 9 of 9