Live HSCN

Once your HSCN service is live and you’ve successfully migrated, or you have determined that your Transition Network (TN) connection is no longer required, it is your responsibility as the consumer to cease your previous service(s). You are also responsible for ceasing any associated overlay services, such as managed voice or video services, once they have been replaced.

This is done by raising a BT Continuing Orders cease notice to terminate legacy services. To request a cease to your existing services you can:

• raise a request on the BT Continuing Orders portal via the BT customer relationship manager 
• send an email to the BT Continuing Orders team confirming the service identification number (SIN) to be ceased to btgeneralenquirieshelpdesk@bt.com - the SIN is a unique ID used to identify legacy Continuing Order services on the TN 
• contact the BT Continuing Orders Helpdesk on: 0800 085 0503 (option 3, then option 2)

Further guidance on ceasing legacy Continuing Orders services can be found on the ceasing your TN services page.

The HSCN IP addressing policy outlines how Internet Protocol (IP) addressing is used across the network for HSCN consumers.

Consumers moving from TN have the option of using either minimal Réseaux IP Européens (RIPE) addressing or migrating their existing addressing structure via the Transitional Assistance for Continuing Orders (TACO) process. TACO are a BT Transition Network service provider team. They support consumers migrating from the TN to HSCN.

All new consumers must use minimal RIPE addressing that covers connectivity only.

All consumers must inform the NHS Digital Internet Protocol Address Management (IPAM) team via the HSCN Portal. To do so you will need to request ‘IPAM Delegate’ access under your parent Organisation Data Service (ODS) Code via enquiries@nhsdigital.nhs.uk.

Once you have IPAM delegate access you have two choices:

1. Migrate circuit: for TN hosted sites, this informs the IPAM Team of what IP addresses the consumer wishes to use or abandon.
2. New circuit: for new circuits, this provides minimal RIPE addressing to cover connectivity only, as per the IPAM policy.

In both cases you must provide:

• the supplier name (CN-SP)
• the supplier circuit ID – a unique service code replacing the previous BT N3 Service Identification Number (SIN)
• the date of migration to HSCN
• whether the circuit is a single or resilient link (for new circuits only)

NHS Digital strongly advise you to look at your IP subnet estate well in advance of migration to ensure that all information is up to date and correct. Further information on the HSCN IPAM policy and guidance documents can be found on the HSCN IP address management page.

HSCN/TN/nhs.uk logical DNS configuration

This diagram shows the logical DNS configuration used across HSCN/TN.

2020 technical refresh

DNS migration

NHS Digital will migrate the DNS service from the Transition Network between June and August 2020. It is expected that the transition will be seamless to users.

The replacement HSCN DNS service will continue to use the existing NHS Digital-owned IP addresses of 155.231.231.2 and 155.231.231.1.

For a short period, in order to support organisations that have not yet migrated their DNS services, the legacy BT-owned IP addresses 194.72.7.137 and 194.72.7.142 will be temporarily supported.

Organisations should continue to plan their migration to the new NHS Digital-owned IP addresses.

You must ensure that firewall rules are in place to allow port 53 (TCP/UDP) queries to the new NHS Digital-owned addresses and ensure that they can resolve DNS requests against the new IP addresses.

NHS Digital have modified the DNS A records for cns0.nhs.uk and cns1.nhs.uk such that they resolve to the new 155.231.231.x addresses instead of the legacy 194.72.7.x addresses.

Further guidance on IP configurations and the legacy DNS service can be found on the NHS Digital Website.

For further details please see HSCN/Transition Network DNS.

Where firewall rules are in place to allow port 53 queries to only connect to the legacy IP addresses, these rules should be updated.NHS Digital recommend that you carry out local risk assessments and testing of the new IP addresses to ensure that they can resolve DNS requests against the new IP address configurations.In readiness for the migration to an alternate service provider all organisations using the existing BT TN DNS service must reconfigure their service to use the new NHS Digital RIPE IP Addresses as soon as possible and no later than 31 March 2020.

As part of this migration NHS Digital will modify the DNS A records for cns0.nhs.uk and cns1.nhs.uk such that they resolve to the new 155.231.231.x addresses instead of the legacy 194.72.7.x addresses. This will not affect DNS Resolution for sites continuing to use the legacy addresses.

For further information on the technical refresh please contact us by email at dnsteam@nhs.net

DNS change request process

NHS Digital own and administer nhs.uk DNS for the NHS in England.

NSS in Scotland administers the scot.nhs.uk (sub) domain.

NHS Wales Informatics Service manages the wales.nhs.uk/cymru.nhs.uk sub-domain.

HSCNI manages the n-i.nhs.uk sub-domain.

The TN provider will continue to manage the 'live' DNS service for the foreseeable future.

DNS change requests, to change either zone data files or individual DNS records, must be made directly to these bodies. The HSCN/TN service provider cannot accept DNS change requests from end-users.

Find England DNS change request forms and contact information.

For further details please see HSCN/Transition Network DNS.

NTP service replacement

The Network Time Protocol (NTP) service for the TN and HSCN will cease when the TN ceases and is not being replaced as a central service.  

In readiness for your migration to a local NTP source you must reconfigure your service to use alternative source addresses no later than 31 March 2020.

The NHS Network Time Protocol guidance page provides guidance and standards that NHS organisations should use when implementing a replacement NTP service.

A change schedule is published by the NHS Digital Service Management team on a weekly basis. The change schedule covers all internal and external changes that may affect HSCN. CN-SPs can request access to this information and, in the event that a change affects consumers, it is the CN-SP’s responsibility to inform you.

The HSCN Internet Access Form replaces the Data Security Centre (DSC) HSCN ANM Firewall Change Request Form. 

The form can be used if:

• your CNSP has advised the port you are trying to access is not an allowed any/any port and you still require access
• your CNSP has advised you are trying to access something that has been placed on the deny list, but you still require access - these requests will only be approved in exceptional and business critical circumstances
• you had access to a site on the Transition Network (previously N3) but you do not have the same access on HSCN

Once completed, the form should be sent to the NHS Digital National Service Desk (NSD) via your local IT support route. When they get the form the NHS Digital DSC will assess the request and either, instruct Capita to make the necessary changes and confirm this to you or respond to advise that the request cannot be authorised. 

Download the the HSCN Internet Access Form

For further details and guidance on using this form please see HSCN internet access issues guidance.

You can contact the NHS Digital National Service Desk by:

Telephone: 0300 303 5035

E-mail: ssd.nationalservicedesk@nhs.net

Previous chapter: HSCN consumer handbook: roles and responsibilities

Next chapter: HSCN consumer handbook: incident handling