hscn solution overview - innopsis · web viewbringing disaggregated internet provision within the...

HSCN Solution Overview

HSCN Solution Overviewv Draft / Approved

HSCN Solution Overview

Version 4.0

Published 11 December 2019

Contents

1Scope of this document3

1.1Reader pre-requisites4

2HSCN Overview5

3Transition Network services7

3.1Introduction7

3.2Transition Network scope7

4HSCN architecture11

4.1Introduction11

4.2Architecture principles11

4.3Logical Network Topology12

5HSCN Consumer Solutions36

6HSCN Obligations Framework37

Table of Figures

Figure 1 – Transition Network Logical Topology8

Figure 2 - Target State12

Figure 3 - Transition State15

Figure 4 - HSCN Interconnection Routing Patterns25

Figure 5 - HSCN Traffic Flow Examples26

Figure 6 - HSCN ANM/NHS Secure Boundary Service32

Figure 7 - Security Telemetry Flow34

Figure 8 - Security Monitoring Points35

1 Scope of this document

This document provides an overview of the HSCN solution.

Further information about the operational design and the HSCN Capabilities that will deliver the services is detailed in the HSCN Operational Design Overview.

The HSCN Solution is summarised to enable all stakeholder groups to understand:

· What technical services are being supplied as part of the HSCN; and

· How the HSCN services will replace the incumbent services.

So that:

· The HSCN Programme Board can, on behalf of Department of Health and Social Care, assure that the HSCN Solution meets the strategic requirements;

· The Programme can confirm that the HSCN Solution meets requirements;

· Consumers understand what will be the replacement technical solution for their current service;

· Suppliers can understand the technical capabilities they will deliver.

This document details the approach for the transition of services from the Transition Network (formerly known as the N3); maintaining seamless continuity of network services and transitioning to new supplier services. The longer term strategy for network delivery is detailed in NHS Digital’s Internet First Policies and Guidance.

This document includes as follows:

Section 1

Document Purpose

This section

Section 2

HSCN Overview

An overview of the HSCN and its key objectives

Section 3

Transition Network Scope

An overview of the current Transition Network (formerly N3) services that will be transitioned to HSCN services

Section 4

HSCN Architecture

An overview of the HSCN Architecture that describes the scope of the services to be delivered. This includes an overview of the separate network components that connect the HSCN together.

Includes descriptions of the network components.

The architecture detailed in this section represents a Target State for the new service, and details a Transition State for the migration of services from the current Transition Network service. There are a small number of pending strategy decisions that will determine final target state. (See Section 4.3.1)

Section 5

HSCN Consumer Services

A brief description of the services that HSCN Consumers will receive.

Section 6

HSCN Obligations Framework

A brief description of the HSCN Obligations Framework that will govern the technical and operational inter supplier working of the HSCN Components to deliver the network services required.

1.1 Reader pre-requisites

None, though the Solution Overview should be read in conjunction with the Operational Design Overview.

2 HSCN Overview

The stated vision of the Health and Social Care Network (HSCN) Programme is:

“HSCN will enable a future where health and social care unite to transform patient care and services through the provision of greater connectivity, putting data and information at the fingertips of clinicians, health and care professionals and citizens”

The HSCN programme was established by the Department of Health (DH) in July 2014 to:

· Manage the exit from the N3, the contract for which ended on 31 March 2017. The N3 contract was superseded by a two phase approach: -

· 1) The Transition Network

· 2) The Continuing Orders programme

· Provision successor services to those currently provided under the N3 contract;

· Establish a network solution capable of supporting the evolving health and social care landscape.

· Manage the migration to successor services; and provide a transition path to fulfil NHS Digital’s Internet First strategy

The scope of the investment covers English NHS-funded healthcare providers, including public and private organisations covered within the scope of N3 provision, and social care providers in England. Network connectivity for Scotland, Northern Ireland, Wales and the Isle of Man to the English private network can be accommodated should they wish to continue to access the network for as long as it is available.

The user scope for private networking has developed significantly since the original N3 business case in 2004, which focused principally on healthcare organisations. With the introduction of the Health and Social Care Act 2012, health and social care is provided through a wide range of organisations, including councils, other local government bodies, and charities and voluntary organisations who all need access to the private network.

HSCN provides a reliable, efficient and flexible way for health and social care organisations to access and exchange electronic information. By reducing cost and complexity, standardising networks, enabling service sharing and extending the parameters of collaborative working in different organisations, it saves money, enables information to be reliably shared and helps staff work together in more effective and efficient ways.

HSCN provides the robust yet flexible foundation layer upon which transformed health and social care services can be built. HSCN supports a world where anyone involved in the delivery of health and social care services can access the information and services they need to do their job from any location at any time and without the need for complex, bespoke and expensive ICT arrangements.

HSCN is designed to support the aspirations set out by the Department of Health and NHS England through the Five Year Forward View and National Information Board – Personalised Health and Care 2020 as well as NHS Sustainability and Transformation Plans,Local Digital Roadmaps and the Inernet First initiative. These strategies cite increased levels of collaboration and integration between health and social care providers as essential to driving improvements and efficiencies. Improved information sharing and the ability to work flexibly to deliver joined up health and social care services to citizens and patients are common features across all these initiatives. The HSCN programme puts in place the underlying standards, infrastructure and services that benefit the wider integration of health and social care; including, DNS Internet perimeter security and standards for Cloud connectivity. The policy regarding Cloud Services and Cloud connectivity can be found here

HSCN creates a marketplace for numerous suppliers to compete to deliver standardised, interoperable, better, faster and cheaper connectivity services to health and social care providers. By devolving both the responsibility and the funding for commissioning HSCN connectivity services, it empowers NHS organisations to buy what they need from their chosen suppliers and in collaboration with both NHS and non-NHS delivery partners.

The stated spending objectives within the FBC are as follows;

· Support the move from the TN to a new service whilst ensuring future innovation and a transition path to fulfil the Internet First initiative is built in Provide integrated connectivity to enable wider health and social care organisations to access national health IT services.

· Deliver a more efficient service – that only provides from the centre the infrastructure needed to enable network connectivity across the health and social care system.

· Create a competitive marketplace for interoperable and cost effective network services.

· A better value for money service – utilise the purchasing power of Government to improve value for money and get the best possible price in part by disaggregating the different parts of the network components to enable a wider variety of suppliers to bid for the work.

· A shorter contract length that enable more regular market testing to drive down costs.

The HSCN Solution enables the programme’s spending objectives; foremost of which is:

“Support the move from the TN to a new service whilst ensuring future innovation and a transition path to fulfil the Internet First initiative is built in.”

It does this by delivering the following technical solution services:

Establishment of a disaggregated, multiple provider network architecture (See Section 4);

Defining HSCN Obligations Framework that will require the HSCN services to meet the HSCN Obligations, Policies and Standards;

Defining HSCN Obligations, Policies and Standards that enable safe, reliable and efficient interoperability;

Establishing an HSCN Compliance Operating Model to allow multiple network service providers to offer HSCN Services that meet the HSCN Obligations;

Enabling a more open marketplace with multiple providers and increased local empowerment for consumers to choose HSCN services;

Supporting the creation of virtual ‘Community of Interest’ or ‘Regional’ networks where the majority of collaboration and data sharing will take place;

Reducing the size and cost of a centrally provided private core network, whilst continuing to support national applications and services that need the availability and performance of a private network;

Bringing disaggregated Internet provision within the scope of a layered security monitoring approach to support a longer term strategy of reducing the reliance on private networking;

Improve the cyber defence capability by the provision of active cyber defence capabilities included within the service supplementing the activities carried out by the Data Security Centre – please see HSCN Operational Design Overview;

Delivering a controlled and stable migration from TN services to the replacement HSCN services

3 Transition Network services

3.1 Introduction

In order to fully understand the scope of the HSCN programme it is necessary to understand, at a high level, the nature of the existing Transition Network provision in terms of the technical capabilities that currently support the Health and Social Care connectivity needs.

The boundary of scope for the HSCN Programme has been established to enable the programme’s strategic objectives (see Section 1); foremost of which is:

“Support the move from TN to a new service whilst ensuring future innovation and a transition path to fulfil the Internet First initiative is built in.”

This section will detail the scope of the Transition Network technical services.

3.2 Transition Network scope

N3 provided a high quality, fully managed, Wide Area Network (WAN) and had over 40,000 direct, virtual and aggregated connections. These services consisted of direct access connections, VPN connectivity and connections that linked to N3 via an Aggregator.

April 2017 saw the expiry of N3 contract, which was replaced by the BT Transition Network and the Continuing Orders programme.

The Transition Network service is managed as a run-down solution as clients and services are migrated off of TN. For example, Legacy Access circuits are ceased and re-provided as HSCN Access Connectivity from CN-SPs. Therefore, the size of the Transition Network is reducing over time.

The Transition Network contract allows the migration to HSCN to be planned in a controlled manner that supports continuity of service for Legacy N3 connections.

This section summarises the current scope of the Transition Network service.

3.2.1 Transition Network (TN)

The Transition Network (TN) supports the Legacy N3 products and services during their migration to HSCN and provides:

· Core Network functionality supporting the management and routing of network traffic within the TN, connecting Points of Presence (PoPs) and supporting external Gateways

· Access PoPs that support the remaining Legacy N3 Access Services

· Head End services, Broadband, Video Conferencing (VC) and Virtual Private Network (VPN), that support the remaining Legacy N3 Services

· Enhanced Internet Gateway (EIG) consisting of an Internet Gateway, Enhanced Monitoring Service (EMS) and Advanced Behavioural Analysis Suite (ABAS)

· Security Management Services

· Connectivity to the Transition Network is available to HSCN users via the Peering Exchange. This allows HSCN users access to any Legacy N3 applications and services that remain on the TN.

The figure below demonstrates how the Transition Nework provides optimal use of existing assets to provide continuity of service during migration to HSCN:

Figure 1 – Transition Network Logical Topology

The Transition Network is available 24hrs a day, 7 days a week for 365 days per year. The service is delivered in accordance with NHS Digital Policy and Standards.

The design and key aims of the Transition Network are to provide a stable and flexible infrastructure to maintain support for remaining N3 applications and services and to support the legacy N3 clients during migration to HSCN.

3.2.2 Transition Network components

The transition Network is made up of two main layers

· The Core

· The Access Layer

The Transition Network hosts the Legacy N3 components whilst facilitating their migration to either HSCN or the internet.

3.2.2.1 Transition Network core

The core layer is responsible for providing interconnections between:

· The Points of Presence (PoPs) in the Access Layer

· Gateways to the internet and a Multi-Protocol Label Switching (MPLS) service

· Connectivity for Legacy N3 Services, including Legacy Data Centre services

· The Core Network, Peering Connection Service and the HSCN Peering Exchange Network

3.2.2.2 .TN Access Layer

The Access Layer includes a number of chargeable PoPs that provide Network access to the TN. Each PoP is resiliently connected to the core via ethernet.

Each PoP provides support for ethernet and private circuit based Legacy N3 Access Service.

The Access Layer also acts as the bearer interface for legacy VPN services and legacy Broadband services.

PoPs are subject to continual review with the objective of decommissioning PoPs when no Legacy N3 Access Services remain connected to them or under the specific retirement conditions.

3.2.2.3 Head End services

· Broadband: This allows TN End Users of the broadband Legacy N3 Services to continue to utilise their existing links to connect to the TN Service whilst they migrate to HSCN.

· This VPN Head End allows all TN Consumers of a VPN Legacy N3 Service to continue to utilise the service until migration to HSCN. This VPN Head End consists of a managed central infrastructure. The central infrastructure and associated internet connectivity provide the remote access services, including Firewalls, switch, routers, VPN concentrators and authentication services.

· Enhanced Internet Gateway: The Internet Gateway service provides TN End Users with continued outward bound connectivity to the internet and includes a firewall and URL filtering service

· Video Conferencing Head End: This service allows TN consumers continued use of the legacy Video Conferencing service until migration to HSCN. It provides:

· Secure connection to the Video Conferencing management service.

· Managed Video Conferencing Bridge. The managed bridge is inside the TN with connectivity to both the TN and the internet. This provides an online tool for booking and scheduling meetings along with a central directory of all registered video conferencing units

· Central ISDN Breakout. This feature enables communications with other Video Conferencing users still on ISDN.

· HSCN Peering Connectivity Services: The HSCN Peering Exchange Network is independently contracted by the NHS Digital, who contract with the Peering Service Provider for use of this service.

3.2.2.4 Legacy services

Legacy services consist of services that were resident on the N3 and are in the process of being migrated either to HSCN or are being transitioned to the internet (including Cloud Services). These include several Clinical Services applications.

4 HSCN architecture

4.1 Introduction

The Architecture detailed in this section represents a Target State to migrate Transition Network services and provide a transition path to fulfil the Internet First initiative to reduce the reliance on private networking and move to a wholly internet based provision.

The Architecture delivers a range of new technical components to migrate Transition Network services.

This section details the new HSCN Components and the approach for migrating Transition Network services to this new architecture.

4.2 Architecture principles

The following principles underpin the network architecture:

· The HSCN architecture will be "open" to all Health and Social Care users and their partners with a valid need to connect without favour and on an equal access basis;

· The HSCN architecture will not constrain or mandate the number of network service providers in any way, subject to network service providers compliance to the HSCN Obligations;

· No HSCN service provider shall be able to technically constrain or block any other HSCN service provider;

· The HSCN will incentivise the use of the internet in preference to private networks, except where business requirements dictate otherwise;

· HSCN will provide the capability to support fixed, mobile and remote access by its users;

· HSCN will support IP based applications and services (e.g. multi-media voice, video and data);

· Designs will include adherence to GDS Network Principles;

· HSCN will be available 24hrs a day, 7 days a week for 365 days per year; and

· HSCN will provide security controls at the network layer to protect its own security, integrity and availability as a transport mechanism.

4.3 Logical Network Topology

4.3.1 HSCN Target State

The following diagram outlines the HSCN topology for the migration of N3 services:

Figure 2 - Target State

4.3.1.1 HSCN Components

The HSCN consists of the following Components:

· A number of Consumer Networks (CNs) that provide WAN routing between HSCN endpoints and access connectivity for end sites [note diagram has only 4 for illustration purposes]:

· HSCN Access Connectivity for individual sites/organisations (e.g. NHS Hospitals, Primary Care, Community & Mental Health, Clinical Commissioning Groups (CCG), Care Homes, 3rd Parties) to the Consumer Network (CN).

· These services are offered to HSCN Consumers directly including the end to end service through the Peering Exchange Network and other HSCN end points. The HSCN Consumer is required to complete an appropriate HSCN Connection Agreement in order to receive this service.

· Provide aggregation and virtual routing of HSCN traffic flows between CN end points, including as examples:

· To/from national applications

· Public routing to/from the Internet via provision of Internet Service Provider gateway (HSCN-ISP)

· Inter-site routing (application access, point to point data sharing).

· A Consumer Network Service Provider (CN-SP) can deliver the HSCN network services once they have achieved HSCN Compliance The CN-SPs provide the end to end service for HSCN Consumers including security, technical, delivery and service management responsibilities.

· CN-SPs may offer a range of network services from basic access circuits to full network provision (e.g. private WAN services, Voice over IP, Video Conferencing and Cloud services).

· Peering Exchange Network (PN):

· Support all routing across the HSCN disaggregated networks including as examples:


· Inter Consumer Network routing.

· Flexible and rapid path to connectivity / interconnectivity

· Level playing field across the disaggregated supply of CNs

· Simplified end-to-end Service Assurance & fault diagnosis

· The PN services will be delivered by the Peering Exchange Network Service Provider (PN-SP) on the behalf of NHS Digital.

· Data Security Centre:

· Provides a monitoring and alerting capability, collecting and centrally collating information from all parts of the HSCN Components. The information is used to support central security oversight of HSCN.

· Provide cyber threat management to support the protection of the HSCN service overall from threats originating both externally and internally.

· Manage the following components:

· Network Analytics Service (NAS) - ingesting network telemetry data to perform proactive and reactive analysis on the data in order to identify any malicious activity taking place over HSCN.

· Advanced Network Monitoring/NHS Secure Boundary Service– filtering of outbound and returned internet traffic to manage cyber threats.

4.3.1.2 Business Application Services

The HSCN supports the delivery of key Business Application Services to provide value added business applications that exploit the IP network e.g. Voice / Collaboration / Video / Secure Remote Access. Network transit for these services is over HSCN; but the services in themselves are not part of HSCN supply chain.

These services are not shown on the diagram, as they are not part of HSCN delivered Components and Technology Services; but are included here as a description to illustrate the applications and services that exploit the network.

Delivering these services is not subject to the HSCN Obligations; therefore they may be provided by any supplier and are not restricted to suppliers who have achieved HSCN Compliance. They can be purchased off relevant Lots on frameworks such as the CCS Network Services Agreement (RM3808) or as direct contracts.

CN-SPs may offer these services to HSCN Consumers blended with HSCN services and with a service wrap that supports seamless service management. For example, CN-SPs may offer HSCN connectivity with consumer procured services such as voice and remote access; with one helpdesk provided for all delivery.

The HSCN service provides interoperability guidance to allow HSCN Consumers to purchase these applications that will be compatible to run over the HSCN. Guidance documentation and consumer support services will be provided to support implementation.

Business Application Services may be delivered over the internet direct and not connected to HSCN. This approach follows the Internet First Initiative.These applications will still be subject to Information Governance standards for data handling and security. Each party needs to be aware of their responsibility as either a data controller or data processor if appropriate. HSCN Consumers can access these via the Internet outbound service provided under HSCN (referred to as the Advanced Network Monitoring/NHS Secure Boundary Service).

4.4

Copyright © 2019 Health and Social Care Information Centre.Page 2 of 37

4.4.1 HSCN Transition State

The following diagram outlines the HSCN topology for the migration of Transition Network and legacy N3 services:

Figure 3 - Transition State

The following components are included in scope of the HSCN delivery in order to support transition.

4.4.1.1 Legacy Access Circuits

The Legacy Access Circuits, as shown in the diagram, are the existing N3 Connectivity for customers that were on the N3 network and are now connected to the Transition Network, which are managed as Continued Orders by BT. Note this includes single site connections, COIN gateway connections, Aggregators, Third Party Data Centre connections, the National Gateways and National Application data centre connections.

These circuits are currently connected to the Transition Network and were in place at the start of HSCN delivery as Continuing Orders, and are migrating to HSCN connectivity provided by a CN-SP as part of the HSCN migration programme.

These circuits, for the period of migration, will not be part of HSCN programme delivery, and will remain contracted between the owning customer and the current supplier as Continuing Orders. New circuits on the Transition Network can no longer be provisioned. New circuits must be provisioned on HSCN.

The migration approach to cease these circuits and provide the required HSCN connectivity to HSCN Consumers is further detailed by the HSCN programme on the HSCN website.

4.4.1.2 Legacy Overlay services

Legacy Overlay services will continue for consumers; operating over their Legacy Access Circuits and the Transition Network.

These services will not be directly replaced by HSCN services, but as Business Application Services.

Support and guidance for migration as part of the transition will be provided by the HSCN programme in the HSCN website.

HSCN Solution Overviewv Draft

·

Page 16 of 37 Copyright © 2019 Health and Social Care Information Centre

4.4.1.3 N3 Component Migration

The Transition State emphasises the need for seamless migration of key N3 Components initially to the Transition Network and then subsequently to the new HSCN services. Note that this migration is to support the key strategic objective of continuity of service for N3 customers migrating to HSCN services.

N3 Component

Transition State

Migration to Target State - Migration Viewpoint for consumers to access HSCN services and support the rundown of the Transition Network

Future Strategy Decisions required to complete the migration to Target State

N3 Core

Has been replaced by the HSCN Transition Network service

Will continue to be run-down as services are migrated away from direct connections.

During the rundown of the Transition Network all connected services will be migrated with legacy N3 circuits being replaced by HSCN Connectivity via either direct consumer procurement, an HSCN orchestrated procurement or a CCN of the current service. Once all are migrated to a future service or no longer need to be provided this service will be ceased.

N3 Connectivity

National Application Data Centre connections

Are part of the Legacy Access Circuits, remaining connected to the Transition Network

Data Centres connected to the Transition Network are either being migrated to HSCN or the Internet, depending upon their strategic initiatives

Future decisions required for the appropriate hosting policy for each application; - generally, the following methods will be actioned:

· Service migrated to publically addressable location that canbe accessed direct from the Internet, including Cloud Services.

· Services will be migrated to a CN-SP provided service utilising Peering Exchange Network to route between connected CNs.

The decision on the new connectivity for these services isowned by the appropriate owning delivery programme in NHS Digital.

Third Party Application Data Centre Connections

Are part of the Legacy Access Circuits, remaining connected to the Transition Network.

Two options:

· Migrate to a CN-SP provided service utilising Peering Exchange Network for private routing to multiple consumers and to/from the Transition Network.

· Service migrated to publically addressable location that be accessed direct from the Internet, including Cloud Services.

Note it is the responsibility of the customer of this connectivity to do the migration. However, the Transition Plan supports the decision making process.

· Service migrated to publically addressable location that could be connected to a new hybrid backbone service if required or over the internet. Note that use of the backbone for this purpose would need to be locally funded.

NHS N3 Customer Access Connections


Migrate to a CN-SP provided service utilising Peering Exchange Network for routing to multiple consumers and to/from the Transition Network.

n/a

Third Party N3 Customer Access Connections

Are part of the Legacy Access Circuits, remain connected to the Transition Network.


n/a

Aggregators



n/a

N3 COINs

The resilient gateway of the COIN is one of the Legacy Access Circuits, remaining connected to the Transition Network.

Migrate to a CN-SP provided service for the gateway connection, utilising Peering Exchange Network for routing to multiple consumers and to/from the Transition Network.

At the contract end of the current COIN provision, the HSCN consumer may procure a similar service from an HSCN CN-SP as a virtual COIN and as a managed HSCN service.

Alternatively if a private COIN is no longer required consumers could migrate to more standard options for HSCN Access Connectivity from a CN-SP.

n/a

Third Party COINs

The resilient gateway of the COIN is one of the Legacy Access Circuits, remaining connected to the Transition Network.

As per N3 COINS

n/a

National Gateways

Remain connected to the Transition Network

The following gateways will remain in place until all Legacy Access Circuits that use them are migrated to HSCN Access Connectivity:

· Internet Gateway - Consumers of HSCN Access Connectivity must use CN-SP ISP services and cease routing over this Gateway.

· PSTN/Mobile Gateway – Consumers will need to migrate to new voice services (see below).

The other gateways to external networks are being re-procured and migrated to a CN-SP provided service and contracted for directly by the customer of the service.

Note the Transition Plan will consider the approach for each Gateway and work with the customer of this service to aid their decision making on what service to migrate to, should it be a continuing requirement. Note that these gateways will utilise Peering Exchange Network to support access for all HSCN Consumers.

Note: Gateways to be provided by CN-SPs as standard may be required e.g. mobile gateways.

Future decisions required for the appropriate gateway connectivity model may be required if as part of the review the assumed CN connectivity model is not deemed secure enough.

N3 Technology Services

N3 DNS / NTP services

DNS & NTP services weremigrated to HSCN during the transition phase

NTP will be retired in favour of using reliable sources hosted on the Internet. A replacement DNS service currently in progress

Procurement approach for the Authoritative Technology Services is underway.

N3 Overlays

N3 Overlays - general

Customer direct contracted Legacy Overlay services will continue for the contracted term or until they migrate off the Transition Network

There is no continued support for Overlay Services currently connected to the Transition Network - Consumer should ensure that alternative/replacement overlay services are provisioned as part of their HSCN migration. Under normal conditions any existing Transition Network overlay services will cease to function/be supported once migration is complete.

There are considerations during the transition state for a number of these services:

· Services that previously depended on N3 central infrastructure continue under the Transition Network, but the service will only be supported for the term of the TN. Customers will need to migrate to a new service during this period. NHS Digital is working with the current supplier on the continuation lifespan of these services under the Transition Network.

· There are a number of services that depend on configuration and setup of the original network Customer Premises Equipment (CPE) - e.g. local N3 provided router. It is not possible to configure new HSCN CPEs to interface with the Overlay service and so migration is required before or during the HSCN Access Connectivity migration.

Migration options:

· Third Party Suppliers to offer new complementary Business Application Services for consumers that will operate over HSCN. Note that the HSCN CN-SPs are able to do this.

· Legacy Overlays may continue to operate over HSCN services (CN-SP) for a limited time under extenuating circumstances. However, this is an exception rather that the norm.

n/a

VPN services – internal end site to end site VPN

Must be ceased prior to or during migration to HSCN.

VPN services rely on an Transition Network central PKI infrastructure for the certificates; and also establish the IPSEC tunnel via CPE configuration to support the VPNs between end sites.

Under the existing deployed VPN solutions, Transition Network manages both ends of the VPN tunnel as configuration on the legacy N3supplied Customer Premises Equipment (CPE).

Consumers need to migrate to new Closed User Group VPN services offered as part of CN-SP solutions delivered to customers, in order to simplify the management of this service with their new supplier. All sites which form part of the VPN service need to migrate in a tranche. Consumers need to consider periods where the VPN service is not available in this scenario with some phased cutover plans.

Small site VPN: Need to migrate to a new CN-SP service as one cutover.

COIN VPNs: move as part of a migration of the full COIN.

Alternatively, Consumers need to consider delivering a VPN service via use of local equipment such as firewalls connected to either end of a Legacy Access Circuit and a new HSCN Access Connectivity service.

n/a

Remote Access

Service (RAS) – including external token VPNs

Continue to work over Legacy Access Circuits and Transition Network for as long as the existing Tokens are valid.

Note that current Remote Access Tokens expire after 3 years (see back on token for expiry date of token)

Note that the existing Remote Access service continues to operate post migration to HSCN. However they will only operate whilethe token itself is valid. Once the token expires a replacement token will NOT be provided.

The central RAS service itself is dependent on central TN infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service.

It is recommended that HSCN Consumers migrate to a replacement remote access service as soon as possible, post migrating to new HSCN Access Connectivity.

Users will need to be migrated to new RAS software for use on their devices.

The current Remote Access service also works with the Extended VPN service; please see section on VPN services. Use of these by a customer for remote access needs to be considered as part of the same migration.

n/a

Wi-Fi / LAN / Firewall

Local services and no dependency on HSCN

These are standalone services offered independent of the TN by the supplier. The services continue to operate post migration to HSCN.

The consumer will need to discuss with the supplier how reconfiguration, cut-over, ongoing remote support will be maintained, including any potential requirement for small local changes to LAN/Firewalls to interface to HSCN Access Connectivity at the point of migration.

n/a

Voice

No longer supported once the Consumer migrates to HSCN

The Voice service is dependent on routing via the central TN infrastructure. Access to the Voice service is no longer available once a Consumer has migrated to HSCN and therefore, a replacement Voice service needs to be procured prior to HSCN migration.

n/a

Video Conferencing

No longer supported once the Consumer migrates to HSCN

The Video Conferencing service is dependent on central TN infrastructure that will not be migrated to HSCN connectivity over a CN-SP and so will be discontinued in parallel with the Transition Network service. Access to the TN Video service is no longer available once a Consumer has migrated to HSCN and therefore, a replacement Video service needs to be procured prior to HSCN migration.

n/a

MeetMe / Webex

These services have been migrated to BT CN-SP as part of the NHSmail migration programme.

These services continue to operate and have been migrated from the Transition Network to the BT CN-SP network. Skype for Busines along with Microsoft Teams has also been introduced as a viable alternative.

n/a

Mobile Health Worker

Continue to work over Legacy Access Circuits and Transition Network, while the Consumer’s Remote Access service is available

Transition to new services as Remote Access is also migrated.

The service relies on the Remote Access Service.

n/a

HSCN Solution Overview v Draft

Page 22 of 37 Copyright © 2019 Health and Social Care Information Centre

4.4.2 HSCN Traffic Flows

HSCN traverses the TN, via peering, with equivalent traffic flow functionality to a disaggregated delivery model that maintains the connectivity and routing across Health and Social Care services, supporting choice in supplier and technology for the HSCN consumer and allowing them to build flexible virtual cross-organisational networks to support all their business flows.

The HSCN Access Connectivity will be provided with HSCN specific traffic flows across the Consumer Network. This will enable enterprise business flows, including to national services and the internet.

Three open traffic flows will be supported by CN-SPs as standard:

· Routing to the internet direct from the CN-SP ISP services (via the ANM/Secure Boundary) – known as HSCN-ISP Flow; and

· Routing to other HSCN end points; end points on the same CN, and end points on other CNs and the Transition Network via Peering Exchange Network – known as HSCN-Standard Flow.

· Routing to the Public Sector Network (PSN) from the CN-SP – known as the PSN Flow.

Other virtual closed user group mechanisms (inc. Routing and VRFs) can be supplied on CNs to support regional private sharing of data if required. These are not pre-built for consumers, and so will require design and extra implementation to support requirements. These can be used for community of interest data sharing between partner organisations.

Note all diagrams in this section include Transition State flows for completeness.

The following diagram shows the interconnection routing flows:

· Red represents public traffic to the Internet – HSCN-ISP Flow

· Green represents private traffic routed to services on the Transition Network – using HSCN-Standard Flow

· Blue represents routing of traffic to other HSCN Consumers on the same CN or other CNs – using HSCN- Standard Flow.

Figure 4 - HSCN Interconnection Routing Patterns

As an illustration, the following example business flows that will be supported by each CN are as follows:

Figure 5 - HSCN Traffic Flow Examples

Business Flow

Examples in diagram

Routing approach

HSCN National Applications flow

Acute PDS Trace to Spine PDS service

HSCN national traffic flows across the CN and routed onward to the HSCN CN that hosts the data centre where Spine is located. Uses HCSN-Standard Flow via Peering Exchange Network.

HSCN CN routes to the Spine connected data centre (PDS Service).

Internet Access

NHS Choices website access

HSCN public traffic flow across the CN and routed onward to NHS Digital’s Advanced Network Monitoring/NHS Secure Boundary Service via the CN-SP ISP where it then breaks out to the internet ‘proper’. Uses HCSN-ISP Flow.

CN-SPs provide internet breakouts as a separate ISP service to end consumers.

Cross and Inter CN data sharing – data flows that are not closely coupled services

Referral for specialist services (e.g. to specialist hospitals)

The HSCN flows traffic in an open network to other connected HSCN endpoints as standard functionality. Data flows between organisations that are not grouped together as a closed user group will use the HCSN-Standard Flow.

This will be supported by cross CN flows to all HSCN endpoints and inter CN routing over Peering Exchange Network.

Note it is also expected that most of these flows over time will be managed at an application level for example, via eRS or other interoperability options.

Health and social care data sharing – shared commissioned services for closely coupled health communities

GP access to Acute Radiology service

NHS-Social Care Admission / Discharge / Withdrawal

Community Health Application

User defined application sharing requirement. Utilises consumer defined closed user group routing (or VRF) for greater security and consumer control. These flows are typically regional data sharing and often delivered via COINs in current models.

Procured by the health economy from their HSCN CN-SP.

These are closed user group services for a group of Health and Social care end organisations.

For this to be delivered efficiently the organisations in the user group should be connected to the same CN, but they could also be extended across CNs if required.

4.4.3 HSCN Component Characteristics

4.4.3.1 Consumer Networks (CNs)

A number of HSCN Consumer Networks (CNs) support HSCN Access Connectivity and routing across HSCN. These are delivered by CN-SPs on their existing network acting as aggregator, contact point, control and administration between services supplied to HSCN Consumers.

Provide HSCN Access Connectivity as a range of blended services providing varied bandwidth requirements, availability and resilience options to individual sites (e.g. NHS Hospitals, Primary Care, Community & Mental Health, CCG, Care Homes, and 3rd Parties etc).

HSCN Consumer Network service providors (CN-SP) for all their HSCN network services – are the direct service provider to HSCN Consumers and work with other suppliers (TN-SP and PN-SP) to manage the service end to end. HSCN CN is supplier agnostic in concept, by enabling and utilising an open market.

CNs provide the routing between sites connected to that CN and onward forwarding of traffic to the internet, Cloud Service Providers, Transition Network, 3rd parties and other CNs via the Peering Exchange Network.

The CNs support a range of connectivity and routing patterns, to allow regional virtual private networks combined with the HSCN traffic flows [Section 4.3.3].

Network Service Providers areable to offer CN-SP services after gaining the required HSCN Compliance.

Characteristics:

Access Connectivity

A variety of access configurations including:

· Resilient Diverse – diversely routed access circuits connecting to two CN PoPs

· Resilient – diversely routed access circuits to one CN PoP

· Non Resilient – single access circuit connecting to one CN PoP

Blended access technology offered included but not limited to the following:

· ADSL2

· Fibre to the Cabinet (FTTC)

· Fibre to the Premises (FTTP)

· Ethernet (offering a range of bandwidths; 10Mbps, 25Mbps, 60Mbps and 100Mbps Committed Data Rate (CDR) to meet Organisation requirements

· Flex Ethernet – (offering a range of bandwidths; 200Mbps, 300Mbps, 500Mbps,1Gbps, 10Gbps)

· 3G and 4G Wireless Mobile Connections

Gateway to PSTN / National Cellular networks managed as network-to-network interfaces. Note that these are to be provided for the delivery of voice business applications (see Section 4.3.5) and are not mandatory.

Regional Data Centre gateway connectivity for third parties hosting applications consumed by HSCN Consumers including Business Application Services (See Section 4.3.5).

Dual-stack Architecture is mandatory to support transition to IPv6.

Core network

Open traffic flows for HSCN connected services that are fully resilient and diversely routed

Dispersed PoPs

Dual-stack Architecture is mandatory to support transition to IPv6

Resilient connection to the HSCN Peering Exchange Network

Routing

Examples of potential routing options:

· Closed user group virtual networks for logical grouping of sites and user organisations based on function (e.g. Primary Care), organisational (CCG and commissioned services), regional or a combination of these.

· Simple HSCN connectivity for consumers who are agnostic of regional sharing and requiring only the HSCN-Standard Flow to other HSCN end points, to national applications and HSCN-ISP Flow to the internet.

ISP Services

ISP services that meet the security monitoring required in the HSCN Obligations Framework:

· Provision of security monitoring and management services to provide resistance to malicious attack and monitor usage.

· Routing of all public traffic to/from the Internet via HSCN ANM/NHS Secure Boundary.

HSCN Technical & Security Obligations

Compliance to HSCN Technical and Security Obligations as per the HSCN Obligations Framework. Included, but not limited to:

· IP Addressing

· DNS

· QOS

· Security / IG

· Network Monitoring and Security management - including monitoring the internal CN providing outputs to the Network Analytics Service to support network monitoring across HSCN.

HSCN Service Obligations

Compliance to HSCN Service Obligations as per the HSCN Obligations Framework. Included, but not limited to:

Management capability for end to end performance issues (consumers and other HSCN Network Service Providers)

Service performance reporting.

4.4.3.2 Peering Exchange Network (PN)

Supports all routing across the HSCN disaggregated networks including as examples:


· Inter Consumer Network routing.

The PN services are delivered by the Peering Exchange Network Service Provider (PN-SP).

Characteristics:

Interconnectivity

Provides two Peering Exchange locations at geographically diverse Carrier Neutral Provider locations in London and Manchester.

A highly available solution that provides an uncontended interconnection between all HSCN CN-SPs and the TN-SP.

Interconnectivity between all HSCN CN-SPs will be open and unrestricted.

The peering exchange uses route servers to provide appropriate routing capabilities for the scale of the network.

The peering exchange will be capable as an option of hosting multiple logical networks such as VPN and VRF technologies.

Connections for CN-SPs and the TN-SP

Provide resilient connection of up to 30 CN-SPs initially.

Provide two connection options at 1Gbps and 10Gbps, with future plans for 40 and 100Gbps interfaces.

Shall provide published and guaranteed service levels for CN-SP requested capacity including provision of all required interfaces.

Manage the on-boarding and disconnection of Consumer Network Service Providers, including on-site engineering in the peering exchange facilities.

Each Consumer Network Service Provider connected to the peering service shall be provided with its own exclusive interface at both peering exchange locations.

Service

Operate a 24x7x365 network operations centre to monitor and manage the peering exchange service.

The peering exchange will have monitoring and maintenance tools that are accessible to NHS Digital and CN-SPs such as utilisation monitoring and a looking glass service.

Comply with the necessary HSCN Obligations.

The peering service will be subject to and maintain adherence to NHS Digital IA requirements including physical and logical security controls to secure the peering exchange infrastructure and management tools as amended from time to time by change control. ISO27001 compliance is mandatory requirement.

4.4.3.3 Transition Network (TN)

The Transition Network interconnects multiple HSCN Consumer Networks (CNs) to existing legacy services via the Peering Exchange Network.

The HSCN Transition Network maintains the legacy N3 services to provide continuation of national services and regional traffic during HSCN migration. This is a short term service provision under new terms and conditions. The service will diminish through its life with activity to remove traffic from this service, including, but not limited to:

· Routing of regional traffic over HSCN Consumer Networks between sites and not direct over the Transition Network, by migrating access circuits to HSCN Access Connectivity.

· Routing of outbound internet traffic by delivery of CN-SP ISP service – all HSCN Access Connectivity will route public traffic to the internet via these services and not traverse the Transition Network.

Note: Options for services to be routed over the Transition Network will be restricted to continuation of connectivity of Legacy Access Circuits prior to migration. Specifically:

· There are no new direct Access Connectivity connections onto the TN. All endpoint routing comes via a Consumer Network.

· There are no new Business Application Services routed over the Transition Network except where they are required to route to customers still connected via Legacy Access Circuits.

· Internet traffic is only be routed over the HSCN Transition Network to support customers connected via Legacy Access Circuits.

Further detail on the operations of this service is included in the HSCN Operational Design Overview.

Characteristics:

Connectivity

The Legacy Access Circuits will continue to connect to the HSCN Transition Network before migration to HSCN Access Connectivity. The number of these connections will diminish as migration to HSCN proceeds.

Resilient Connection to the Peering Exchange Network.

Core Network

Right Sized Links between PoPs (depending on solution design, traffic analysis and ongoing requirements).

HSCN Obligations

HSCN Obligations compliance where appropriate is included in the direct contract for this service, for example:

· IP Addressing

· DNS

· QOS

· Security / IG

· CN will need to comply with NHS Legacy IP Addressing

· Network Monitoring and Security management - including monitoring the internal network of this component and providing outputs to the Network Analytics Service to support network monitoring across HSCN.

4.4.3.4 Data Security Centre

Cyber Security is provided via a layered security approach with oversight by the Data Security Centre service consisting of the following:

· CN-SP Security Management;

· Network Analytics Service (NAS);

· Advanced Network Monitoring (ANM)/NHS Secure Boundary Service (NHSBSS);

· Firewall protection controls, including; IP Blacklist implementation and NHS Digital provided blocked addresses.


Network Analytics Service (NAS)

The Network Analytics Service (NAS) supplements the Data Security Centre service by ingesting network telemetry data in near real time and performing proactive and reactive analysis on the data in order to identify any malicious activity taking place over HSCN. The NAS will identify the organisational source of any malicious activity in order that corrective action can take place.


ANM/NHS Secure Boundary Service

HSCN Consumer Network Service Providers will direct all Internet bound traffic towards the ANM/NHS Secure Boundary Service. Outbound and returning inbound HTTP internet traffic will be subjected to the ANM/NHS Secure Boundary Service’s processes.

The ANM/NHS Secure Boundary Service identifies and blocks known malicious activity and resources, including:

· Malware;

· Zero day malware;

· Worms;

· Viruses;

· IP Addresses and URLs; and

· botnet traffic.

The ANM/NHS Secure Boundary Service provides NHS Digital with logging and reporting, with events and reports to be specified by NHS Digital.

Figure 6 - HSCN ANM/NHS Secure Boundary Service

Data Security Centre

The Network Analytics Service (NAS) and the ANM/NHS Secure Boundary Service reporting feeds into the NHS Digital’s Data Security Centre service.

The Data Security Centre service ensures that Cyber Threats and Incident Management is undertaken with the correct people, process and technology.

Data Security Centre Capabilities include: -

· Incident Management (Internal)

· Investigation of SIEM alerts

· Management of NHS Digital Security Policy

· Monitoring of NHS Digital Physical Security

· Support into NHS Digital CareCERT for:

· National Broadcast Functionality

· Threat Analysis & Triage

· Health & Care System Incident Management.

Data Security Centre supports CareCERT by supplementing the following functionality: -

· Provides incident response expertise for the management of cyber security incidents and threats across the health and care system.

· Broadcasts potential cyber threats and suggests remedial actions to over 10,000 contacts in health and care, helping organisations protect themselves.

· Is a central source of security intelligence for health and care, working with cross government partners such as GovCertUK and CERT-UK.

· Supports the analysis of emerging and future threats through unique analysis tools and reporting.

· Provides insight for decision makers to help shape departmental strategy.

· Is a trusted source of security best practice and guidance.

4.4.4 HSCN Technology Services

Each of the HSCN Components includes, as appropriate, Technology Services to support the requirements of data exchange between end points and across the HSCN, and are key enablers to the delivery of applications and systems.

Interoperability Services

Use of services and standards for configuration are required for interoperability, and the implementation requirements are included in the HSCN Obligations to deliver a consistent end to end service for the following:

· Domain Name Service (DNS)

· IPAM (IP Address Management)

· Quality of Service (QoS).

A project is currently underway to deliver a replacement Authoritative DNS service for HSCN and the wider NHS and will be determined at a later date. The initial services are provided as part of HSCN.

Note that the HSCN Obligations include adherence to HSCN Policies and Standards for these services e.g. the NHS IP Addressing Policy. The HSCN Authority IP Address Management service allocates IP Addresses to the HSCN Consumer. The CN-SP will set up IP addresses for their connected customers, supported by IP Address Management processes.

Security and Network Monitoring

In addition, the HSCN Obligations include technical obligations to support network monitoring and monitoring of cyber incidents.

Cyber incidents will be managed by the Data Security Centre.

The CN-SPs capture IPFIX telemetry data at points within their network capable of representing each consumer’s CPE device. Regardless of where the IPFIX data is collected it must be possible to determine the organisational source of the data upon analysis. As the telemetry data is collected it is ‘exported’ to the NAS where the data will be aggregated, analysed and reported upon.

The following diagram details the security telemetry flow on the HSCN Service:

Figure 7 - Security Telemetry Flow

Obligations have been made on service providers delivering HSCN service to ensure that the specified information flows (e.g. IPFix) representative of the CPE boundary points are provided to the NAS.

The NAS service aggregates the telemetry data, perform a deduplication process and then analyse the information based upon analysis rules created by the Security Cell team.

Figure 8 - Security Monitoring Points

In addition, the service providers deliver security and network monitoring on their internal networks.

Note the security controls delivered as part of the Data Security Centre service or as security HSCN Obligations on the Network Service Providers does not provide end to end security of applications and devices. As a set of security principles:

· HSCN does not provide security controls at higher layers on behalf of connected users or connected end-systems (i.e. to organisations, applications or data centres); the customer and application provider should instead ensure appropriate security controls are in place to protect those users, systems and data.

· Confidentiality should be provided entirely within connected end-systems, not by the HSCN network.

HSCN should not be used as the sole authentication/authorisation control to grant access to data and services.

HSCN does not prevent data from being conveyed to and processed on an inappropriate end-user device. The suitability of different HSCN-connected devices (desktops, laptops, tablets, smartphones, etc.) to handle different data sets is a matter for end systems (users and application providers), not for HSCN.

5 HSCN Consumer Solutions

Consumer Network Service Providers may choose to offer a range of options to HSCN consumers that encompass the end to end access and distribution layer service.

· Managed – Fully end to end service for HSCN Access Connectivity from consumer premises to an HSCN CN end points, with HSCN routing across the enterprise including the routing required to connect across the CN to National Applications (on the HSCN Transition Network) and the Internet.

· Gateway - HSCN gateway connections to other external networks/aggregators that are controlled connections. These are a specific form of access connectivity that includes managed secure boundaries between an external network and the HSCN.

Elaborated example patterns of service offerings will be provided by the HSCN Programme on the HSCN website.

HSCN Consumers will be able to source services in several distinct ways; please see HSCN Operational Design Overview for further details.

Services must only be procured from HSCN Compliant CN-SPs.

6 HSCN Obligations Framework

The interoperation of the HSCN Components is underpinned by a set of HSCN Obligations to support end to end operations.

CN-SPs are assured against a set of obligations that ensures they work to requirements for interoperability. Where required, HSCN Policies and Standards will be developed to provide definitive detail on implementation. HSCN Compliance will be awarded to CN-SPs by undertaking the assurance process detailed in the HSCN Compliance Operating Model which can be found at https://www.digital.nhs.uk/health-social-care-network/connectivity-suppliers.

The HSCN Obligations that apply to the CN-SPs can be found at https://www.digital.nhs.uk/health-social-care-network/connectivity-suppliers. The HSCN Obligations will include, but be not limited to:

· Operations and Governance – operating procedures and controls, including

· Network Service Provision such as collaborative working and CN-SP Deed signature

· Governance Regime including as governance forums and reporting

· Compliance Process including assessment, evidence and renewal

· Connection Agreement

· Technical and Security – These include, but will not be limited to:

· DNS

· QoS - requirements for Quality of Service and end-to-end assurance as appropriate

· IPAM - to work within (or address) known constraints and limitations, such as IP addressing

· Routing protocols and principles

· Network monitoring

· Security - controls and integrated monitoring

· Provide security controls at the network layer of each of the technical components to protect its own security, integrity and availability as a transport mechanism.

· Service Management – These include, but will not be limited to Service Intervention in relation to:

· Service Integration;

· Service Standards;

· Incident Management;

· Change Management;

· Release Management;

· Service Improvement;

· Network Monitoring; and

· Performance Management.

Copyright ©2019 Health and Social Care Information CentrePage 24 of 37

The Health and Social Care Information Centre is a non-departmental body created by statute, also known as NHS Digital.

Copyright ©2019 Health and Social Care Information CentrePage 25 of 37

Consumer Network 1Consumer Network 3Consumer Network 4Consumer Network 2DCHSCN ComponentsAccess ConnectivityAccess ConnectivityGatewayCUG NetworkANM/Secure BoundaryInternetHSCN ISPHSCN ISPHSCN ISPHSCN ISPPeeringExchangeDCCloudServiceNetwork AnalyticsDCInternet

�

Consumer Network 1

Consumer Network 1Consumer Network 3Consumer Network 4Consumer Network 2DCTransition NetworkCOINAggregatorHSCN ComponentsLegacy Access CircuitsDCAccess ConnectivityAccess ConnectivityAuthoritativeNetwork ServicesGatewayExternal NetworkCustomerAccessConnectionsDCGatewayExternal NetworkANM/Secure BoundaryInternetPeeringExchangeHSCN ISPHSCN ISPHSCN ISPHSCN ISPPublic routingData Security CentreNetwork Analytics

�

Consumer Network 1

HSCN Interconnection Routing Patterns CN (3)Consumer Network Service Provider Core NetworkCN (2)Consumer Network Service Provider Core NetworkCN (1)Consumer Network Service Provider Core NetworkHSCN ConsumerHSCN ConsumerHSCN ConsumerInternetTransition NetworkPeering ExchangeANM/Secure Boundary

�

�

HSCN Interconnection Routing Patterns

Transition NetworkCN (1)RouterRouterRouterRouterRouterRouterRouterRouterData Centre AppsPrivate Community of Interest NetworkRouterRouterRouterRouterRouterCommunity HospitalAcute HospitalGP PracticeHealth Clinic –�Shared by: GP Practice, Community HospitalLocal Authority –�Social Services DeptAcute HospitalRouterCN (n)RouterGPRouterCommunity Health ApplicationKey Information FlowsAdmission Discharge WithdrawalGP Access to Radiology ResultsAcute PDS TraceInternet AccessReferral for specialist servicesRouterPeeringExchangeInternetANM/Secure BoundaryChoices

�

�

�

�

�

�

�

�

�

�

�

�

�

�

�

�

�

N3

Distribution LayerNetwork

Distribution LayerNetwork

HSCN Transtion Network

HSCN Interconnection Routing Patterns

National Apps

Other Networks

Gateways

Consumer Network Service Provider 1

DC

Consumer Network Service Provider 1

HSCN Network Service Provider 1

Consumer Network Service Provider 1Consumer Network Service Provider 3Consumer Network Service Provider 4Consumer Network Service Provider 2DCTransition NetworkHSCN & Transition NetworkAccess ConnectivityAccess ConnectivityGatewayExternal NetworkANM/Secure BoundaryInternetPeeringExchangeHSCN ISPVPNHSCN ISPVPNHSCN ISPVPNHSCN ISPVPNInternetInternet Security Connectivity: -Service Providers point their Internet bound traffic to a predefined IP Address over the Internet via a IPSec VPN.Cloud based Internet Security supplier decrypts the VPN, applies the filtering rules and forwards the traffic to the InternetInternet Security via Cloud based Service

�

HSCN Network

Service Provider

IPFix

Exporter

HSCN NAS

Telemetry Analysis Application

Collector

Exported Statistics

Example Key Fields

Source IP Address

Destination IP Address

Source Port Number

Destination Port Number

Layer 3 Protocol Type

ToS Byte Value

IFIndex Value

2016-07-07 15.00.00 bin

Raw Files

Aggregator

Output Data

For

Analysis

Database

User

Interface

Telemetry Analysis Application Logical Components

·Exporter -The device that collects the traffic passing

through it and exports the information to the analysis

system

·Collector –The part of the analysis system that collects the

telemetry data from all exporters

·Aggregator –The part of the system that processes the

collected statistics according to a set of criteria and keeps

the obtained results (for example in a database)

·Raw Files–The binary files in which the analysis system

keeps all the collected telemetry data

·Database –The part of the analysis system that stores the

information obtained from the raw files and processes it

according to the predefined requirements

·User Interface–The application used to view the

processed information

Processed Data

�

�

�

�

HSCN Network Service Provider

IPFixExporter

HSCN NAS

Telemetry Analysis Application

hscn solution overview - innopsis · web viewbringing disaggregated internet provision within the...

Documents