Live HSCN

Once your HSCN service is live and you’ve successfully migrated, or you have determined that your Transition Network (TN) connection is no longer required, it is your responsibility as the consumer to cease your previous service(s). You are also responsible for ceasing any associated overlay services, such as managed voice or video services, once they have been replaced.

This is done by raising a BT Continuing Orders cease notice to terminate legacy services. To request a cease to your existing services you can:

• raise a request on the BT Continuing Orders portal via the BT customer relationship manager 
• send an email to the BT Continuing Orders team confirming the service identification number (SIN) to be ceased to btgeneralenquirieshelpdesk@bt.com - the SIN is a unique ID used to identify legacy Continuing Order services on the TN 
• contact the BT Continuing Orders Helpdesk on: 0800 085 0503 (option 3, then option 2)

Further guidance on ceasing legacy Continuing Orders services can be found on the ceasing your TN services page.

The HSCN IP addressing policy outlines how Internet Protocol (IP) addressing is used across the network for HSCN consumers.

Consumers moving from TN have the option of using either minimal Réseaux IP Européens (RIPE) addressing or migrating their existing addressing structure via the Transitional Assistance for Continuing Orders (TACO) process. TACO are a BT Transition Network service provider team. They support consumers migrating from the TN to HSCN.

All new consumers must use minimal RIPE addressing that covers connectivity only.

All consumers must inform the NHS Digital Internet Protocol Address Management (IPAM) team via the HSCN Portal. To do so you will need to request ‘IPAM Delegate’ access under your parent Organisation Data Service (ODS) Code via enquiries@nhsdigital.nhs.uk.

Once you have IPAM delegate access you have two choices:

1. Migrate circuit: for TN hosted sites, this informs the IPAM Team of what IP addresses the consumer wishes to use or abandon.
2. New circuit: for new circuits, this provides minimal RIPE addressing to cover connectivity only, as per the IPAM policy.

In both cases you must provide:

• the supplier name (CN-SP)
• the supplier circuit ID – a unique service code replacing the previous BT N3 Service Identification Number (SIN)
• the date of migration to HSCN
• whether the circuit is a single or resilient link (for new circuits only)

NHS Digital strongly advise you to look at your IP subnet estate well in advance of migration to ensure that all information is up to date and correct. Further information on the HSCN IPAM policy and guidance documents can be found on the HSCN IP address management page.

HSCN/TN/nhs.uk logical DNS configuration

This diagram shows the logical DNS configuration used across HSCN/TN.

2019 technical refresh

The TN has completed a technical refresh programme to ensure the core components of the network and key supporting infrastructure (including nhs.uk DNS) continue to perform well during the migration to HSCN.

To facilitate closure of the TN, NHS Digital are running a procurement for a new DNS service. The provider will use NHS Digital IP addresses and all organisations must transition to the new resolution IP addresses.

As part of the DNS refresh, two new resolution IP addresses have been implemented alongside the legacy IP addresses. The new NHS Digital RIPE IP addresses of 155.231.231.1 and 155.231.231.2 will run concurrently alongside the legacy, BT RIPE IP addresses 194.72.7.137 and 194.72.7.142 IP.

The historical IP configurations will continue to use the current internal DNS servers shown as their 'local' servers for DNS queries. They are at the following network IP addresses: cns0.nhs.uk (194.72.7.137) and cns1.nhs.uk (194.72.7.142). 

These IP addresses are owned and managed by BT and will eventually be decommissioned when the BT TN DNS service is replaced by an alternate service provider.

NHS Digital recommend that you carry out local risk assessments and testing of the new IP addresses to ensure that they can resolve DNS requests against the new IP address configurations. In preparation for the migration to an alternate service provider all organisations using the existing BT TN DNS service must reconfigure their service to use the new NHS Digital RIPE IP addresses by 31 December 2019.

Firewall rules in place to allow port 53 queries to only connect to the legacy IP addresses should be updated.

For further information on the technical refresh please contact us by email at dnsteam@nhs.net.

DNS change request process

NHS Digital own and administer nhs.uk DNS for the NHS in England.

NSS in Scotland administers the scot.nhs.uk (sub) domain.

NHS Wales Informatics Service manages the wales.nhs.uk/cymru.nhs.uk sub-domain.

HSCNI manages the n-i.nhs.uk sub-domain.

The TN provider will continue to manage the 'live' DNS service for the foreseeable future.

DNS change requests, to change either zone data files or individual DNS records, must be made directly to these bodies. The HSCN/TN service provider cannot accept DNS change requests from end-users.

Find England DNS change request forms and contact information.

For further details please see HSCN/Transition Network DNS.

A change schedule is published by the NHS Digital Service Management team on a weekly basis. The change schedule covers all internal and external changes that may affect HSCN. CN-SPs can request access to this information and, in the event that a change affects consumers, it is the CN-SP’s responsibility to inform you.

The HSCN Internet Access Form replaces the Data Security Centre (DSC) HSCN ANM Firewall Change Request Form. 

The form can be used if:

• your CNSP has advised the port you are trying to access is not an allowed any/any port and you still require access
• your CNSP has advised you are trying to access something that has been blacklisted but you still require access - these requests will only be approved in exceptional and business critical circumstances
• you had access to a site on the Transition Network (previously N3) but you do not have the same access on HSCN

Once completed, the form should be sent to the NHS Digital National Service Desk (NSD) via your local IT support route. When they get the form the NHS Digital DSC will assess the request and either, instruct Capita to make the necessary changes and confirm this to you or respond to advise that the request cannot be authorised. 

Download the the HSCN Internet Access Form

For further details and guidance on using this form please see HSCN internet access issues guidance.

You can contact the NHS Digital National Service Desk by:

Telephone: 0300 303 5035

E-mail: ssd.nationalservicedesk@nhs.net

Previous chapter: HSCN consumer handbook: roles and responsibilities

Next chapter: HSCN consumer handbook: incident handling