Connect to a Path to Live environment

How to connect to Opentest

Opentest is a standalone environment, separate from the other Path to Live environments.

Requests for access and a connection pack should be made to [email protected].

How to connect to e-RS Train2

The e-RS Train2 environment is a standalone, internet-facing environment that allows organisations to perform most e-RS referral and provider functions for training purposes. It is a closed environment which does not have any connections to Spine. Spine functionality is simulated in the environment.

Requests for access should be made to [email protected].

How to connect to other Path to Live environments

There are several steps you need to follow to connect to the Path to Live environments:

Development - for early phase testing

Integration - for integration testing

Deployment - for user acceptance testing

Training - for training users in Spine and e-RS applications and processes

The following diagram describes the steps you will need to take to connect if you have not already got a connection.

Flow diagram explaining the steps involved with connecting to an environment (the steps are described as text beneath the image)

Each step is explained below in full:

Health and Social Care Network (HSCN) connection

To connect to any of the Path to Live environments, except Opentest, you will need to have an HSCN connection (this replaced N3). Contact a Consumer Network Service Provider (CN-SP) if you do not already have one - further information can be found on the HSCN pages. NHS Digital are unable to advise which CN-SP would be the most suitable for your needs.

If you already have a connection you must check that the Virtual Internet Protocol (VIP) addresses and Uniform Resource Locators (URLs) used to connect to a test environment are correctly configured on your firewall. These settings are provided on the relevant environment pages.

It is the responsibility of the CN-SP to maintain your connectivity to a service. You should contact your CN-SP in the first instance if you have any problems with your connection.

Test data requirements

You will need to request organisation data, user data and smartcards as well as PDS patient data if your testing requires this.

Please contact the test data team to discuss your requirements.

Email [email protected].

Endpoint request

Register your Message Handler Server (MHS)

You will need to register your MHS with the Spine (referred to as endpoint registration or EPR). Spine endpoints need to be created to send messages between your MHS and Spine.

To register your MHS with the Spine, complete the combined Endpoint and Service Registration form (opens in a new window).

This form is used to request the necessary certificates, Party Key and/or Accredited System ID (ASID) creation. It also includes options to create or renew certificates used for messaging and/or to request changes to an existing registration. Please make it clear, in the comments field, if this endpoint is required to be internet facing.

Certificate only

You will need to provide your Fully Qualified Domain Name (FQDN). The FQDN should conform to the DNS Naming Schema for Spine endpoint sites. You will also need to provide a certificate signing request (CSR) where the Common Name (CN) is the FQDN. All other fields in the CSR can be blank and the email field must be blank. Please note FQDNs MUST be in the .nhs.uk domain

Service registration

You will need to provide information relating to your MHS. The information needed will depend on whether your request is for a new registration or an amendment to an existing registration. It may include:

test ODS code provided following your request for test data
ODS organisation name
MHS name
details of your messaging product
source IP address
URL binding(s)
existing Party Key / ASID details (if you are amending an existing registration)

You will receive registration details and/or an End Point Certificate.

If you need assistance or will be creating endpoints on a regular basis, email [email protected].

Having a valid product

You may need to register your messaging product. The Spine Endpoint Registration System maintains a database of supplier’s products and product versions together with the set of message interactions they have been accredited to send or receive. This simplifies the endpoint registration process because once a product has been registered any endpoints registered as using the product automatically inherit the registered set of message interactions associated with the product.

The MPV form is used to register the initial product details and is termed the Manufacturer Product Version (MPV) registration. The form can only be used for setting up new product versions. It is not possible to make changes to the message set definition for existing products.

You will need to provide the message sets that are used by your product and confirm that the product meets the entry criteria for the required environment. These criteria are outlined in the entry criteria below.

DNS registration

You will need to register your DNS name with the DNS team (opens in a new window) and provide your inbound IP address and associated FQDN. Please note FQDNs MUST be in the .nhs.uk domain

The FQDN must conform to the DNS Naming Schema for Spine endpoint sites.

Download Identity Agent (IA) Client

Download and install the Identity Agent Client software on to the PCs that will be used in testing.

Change your registry settings to point to the specific environment you are connecting to. Registry setting files can be obtained from the relevant Environment pages.

Entry criteria to the Path to Live environments

Development

Only test data is required to use the development environments:

Integration

There are a number of requirements before a product can be accepted into the integration environments:

95% or more (or other apporved percentage) pass from Systems Test
no outstanding severity 1 or severity 2 defects
system test report available (approval may also be a requirement)
release documentation available
TKW visual validator message completed and validation report submitted
design and System Test ATP awarded - established system of choice (ESP) and GP system of choice (GPSoC) only
a test readiness review has taken place (LSP only)

Deployment

In the deployment environments:

test data is required
the messaging production must have successfully passed the integration phase of testing
the product may also be in the production environment

Training

In the training environments:

test data is required
the messaging production must have successfully passed the integration phase of testing
the product may also be in the production environment

Opentest

In the opentest environment:

only test data is required
there are no Care Identity Service (CIS) NHS e-Referral Service (e-RS) instances

Non-functional test

In the non-functional test environment:

only test data is required
there are no Care Identity service (CIS) NHS e-Referral Service (e-RS) instances

Internet facing Spine Core Path to Live Environments

All Spine core messaging services are now available from the internet via the internet gateway service. There are some applications that are not internet facing, these are

SCRa
DSA
Any CIS application

The Message Exchange for Social care and Health (MESH) service is also available over the internet, please see the next section for details.

Please note this information is relevant to the Spine Core Path to Live environments of Development, Integration, Deployment and Training and does not include Opentest, which is only internet facing. In order to use the internet facing Spine core messaging services, you need to have an internet facing endpoint created (see step above) and use a different set of messaging URLs available.

Environment	URL	Service
PTL DEP	msg.depspineservices.nhs.uk	Messaging
PTL DEV	msg.devspineservices.nhs.uk	Messaging
PTL INT	msg.intspineservices.nhs.uk	Messaging
PTL TRAIN	msg.trainspineservices.nhs.uk	Messaging
PTL DEP	proxy.depspineservices.nhs.uk	Proxy SSP
PTL DEV	proxy.devspineservices.nhs.uk	Proxy SSP
PTL INT	proxy.intspineservices.nhs.uk	Proxy SSP
PTL TRAIN	proxy.trainspineservices.nhs.uk	Proxy SSP
PTL DEP	simple-sync.depspineservices.nhs.uk	SMSP
PTL DEV	simple-sync.devspineservices.nhs.uk	SMSP
PTL INT	simple-sync.intspineservices.nhs.uk	SMSP
PTL TRAIN	simple-sync.trainspineservices.nhs.uk	SMSP

Please note you will not be able to use your HSCN endpoint over the internet and vice versa. Existing Endpoints can be switched between internet and HSCN access as desired but must be used as they are setup. Your must also connect to internet facing URL from UK based IP address.

MESH Exchange for Social Care and Health (MESH)

Guidance on what information is required to create a MESH mailbox is available.

There are a number of methods of connecting to MESH that are available to users in the PTL environments. Each method has slightly different connection requirements and these are listed below

MESH client over HSCN

Mailbox created at a testing organisation you have been assigned/have.
Download the predefined MESH client keystore and password from the appropriate environment page on this website. This keystore contains all the required certificates for MESH in the PTL environments. The keystore passwords are provided below
Messaging URL is msg.[env].spine2.ncrs.nhs.uk/messageexchange

Note: In Live, users will need to create the keystore and password

MESH Client over the internet

As above except they would point to the msg.[env]spineservices.nhs.uk URL

Please note there are restrictions on using the MESH client over the internet. This requires a SHA2 keystore and the source address must be a UK IP address.

MESH UI

Mailbox created at a testing organisation you have been assigned.
Smartcard or 2FA. If accessing the UI from HSCN, a NHS smartcard must be used. The role on the card is not important, you just must have card. If accessing UI over the internet you need to user 2FA. Please note that MESH UI over the internet is not available in the PTL environments.
They will also need to be setup in Moles for access to the their mailbox

MESH API over the internet

Mailbox created at a testing organisation you have been assigned.
Endpoint cert from the appropriate PTL environment. You will need to provide a Fully Qualified Domain Name (FQDN). The FQDN should conform to the DNS Naming Schema for Spine endpoint sites (see DNS registration above). You will also need to provide a certificate signing request (CSR) where the Common Name (CN) is the FQDN. All other fields in the CSR can be blank and the email field must be blank. Please note FQDNs MUST be in the .nhs.uk domain.
Shared key. Please mail the helpdesk for this information
Point to msg.[env]spineservices.nhs.uk URL.
You will need to download and install the Spine root and SubCA certificates from the appropriate environment webpages.

Please note there are restrictions on using the MESH client over the internet. This requires a SHA2 keystore and the source address must be a UK IP address. and is only available in the Integration environment.

MESH API over HSCN

As above but point to msg.[env].spine2.ncrs.nh.uk URL

Detailed Mesh API Guidance can be found here

Keystore Passwords

Spine2Int - Integration

Spine2Dev - Development

Spine2Dep - Deployment

Spine2Train - Train

MESH Help

MESH Guidance hub has the current installation and user guides.

MESH API guidance is available.

Please note the installation guides ask you use the certificate enrolment tool to create a certificate and keystore. This is not required in PTL. Please use the predefined keystores that are available for the environments pages on this website.

Testing Organisations

For users of MESH a mailbox will be required. For testing purposes these should be at testing organisations you own. If you do not have any testing organisations, please contact out test data team ([email protected]) to organise one.