A virtual private network (VPN) allows the secure connection of private networks over a shared network (the internet), enabling organisations to send data between each other emulating the properties of a private network link.
VPN services for NHS network traffic were introduced on the N3 from 2005 onwards. N3 became the Transition Network in April 2017. VPNs were primarily used to securely connect GP branch sites to their main site. They allow remote users access to clinical systems and other sensitive information hosted at the main site (figure 1). VPNs were an optional component and made available to support compliance with British Medical Association (BMA) guidance.
HSCN features comprehensive security monitoring and analysis functionality, providing a central capability to detect irregular traffic volumes or flows, in near real time. HSCN consumers will benefit from this capability as potential problems can be detected and resolved promptly.
Whilst these capabilities undoubtedly enhance network security, like N3 previously, HSCN should not be considered a 'secure' network. Further information can be found on the Improving cyber security web page.
The incumbent supplier (Transition Network service provider or TN-SP) will not support VPNs with endpoints on different suppliers’ networks; however, the incumbent supplier will provide a redacted configuration taken from the existing router, which allows the consumer network service provider (CNSP) to configure connectivity in the same way as the existing VPN.
Example of Transition Network one-to-many VPN
Figure 1: existing Transition Network VPN solution.
When a VPN is created the traffic running through the tunnel will be encrypted as an additional measure of security.
HSCN supports the use of VPN services as an optional service. Where a supplier is providing VPN services they should consult the government Communications-Electronics Security Group (CESG) guidelines at: