Skip to main content

Deployment environments

Find out how to connect to the deployment environments, services available, build version, maintenance slots and scheduled changes.
Page contents

How the deployment environments should be used

The deployment environments are used to test applications in-situ before live deployments, to help suppliers and NHS organisations develop local site processes, procedures and create a local change process. The deployment environments are also used for user acceptance testing (UAT) with NHS organisations.

The e-RS DEP1 environment provides e-RS services using the Spine Core deployment environment for messaging.

What the deployment environments should not be used for

The deployment environments do not:

  • replace the development environments as proof of concept or early deployment test environments
  • provide right of access to any other environments during environment downtime or any other form of unavailability

How to connect to the environment

Before you start

You will need to: 

  1. have a connection to the Health and Social Care Network (HSCN)  - the secure NHS network (if you do not have a connection or are experiencing problems connecting, contact your network provider)
  2. request access to test data (email: testdata@nhs.net)
  3. request smartcards if required - you must have a valid smartcard to user certain services, including the Care Identity Service (CIS) - if you do not have a valid smartcard please email: platforms.supportdesk@nhs.net
  4. before requesting access to the deployment environment, the product should have successfully completed the integration test phase
  5. register the messaging product using a Manufacturer, product and version (MPV) form if required
  6. register your message handling service with the Spine by requesting an endpoint (an authorised connection to Spine) to be created unless you have an endpoint administrator in your organisation who can do this for you - please complete the endpoint admin access request form (epr) (opens in a new window) to manage your own endpoints
  7. register your Fully Qualified Domain Name (FQDN) with the NHS DNS team
  8. download Identity Agent Client software

More detailed guidance of the connection process

Additional guidance to support the connection process.

Further assistance

Contact us for further assistance. Email: platforms.supportdesk@nhs.net.

Connection information

A full list of URLs and associated IP addresses are provided below to help you connect to the deployment environments. 

Local firewall administrators should allow communuication to the IP addressess as necessary using these details.

Portal URLs

These are the connectiion URLs for the Care Identity Service (CIS) portal and associated applications. 

Description URL DNS name IP address Port
Used for the SCRa service https://nww.dep.spine2.ncrs.nhs.uk/summarycarerecord  nww.dep.spine2.ncrs.nhs.uk 10.239.14.23 TCP 443
Used for self service https://nww.dep.spine2.ncrs.nhs.uk/spineselfservice nww.dep.spine2.ncrs.nhs.uk 10.239.14.23 TCP 443
Used for the Alert service https://nww.dep.spine2.ncrs.nhs.uk/spinealertservice nww.dep.spine2.ncrs.nhs.uk 10.239.14.23 TCP 443
Used for the DSA service https://nww.dep.spine2.ncrs.nhs.uk/demographicspineapplication nww.dep.spine2.ncrs.nhs.uk 10.239.14.23 TCP 443
Used for the ETP ADMIN service https://nww.dep.spine2.ncrs.nhs.uk/prescriptionsadmin nww.dep.spine2.ncrs.nhs.uk 10.239.14.23 TCP 443
Used for the SRS service https://nww.dep.spine2.ncrs.nhs.uk/spinereportingservice nww.dep.spine2.ncrs.nhs.uk 10.239.14.23 TCP 443
Used for the MOLES service https://nww.dep.spine2.ncrs.nhs.uk/moles nww.dep.spine2.ncrs.nhs.uk 10.239.14.23 TCP 443
Central portal page  with links to  Spine Core and CIS applications https://portal.vn1.national.ncrs.nhs.uk portal.vn1.national.ncrs.nhs.uk 10.196.94.128 TCP 443

System URLs

These are the connection details for the services required to run or connect to applications.

Description URL DNS name IP address Port

This is the LDAPS protocol service to the directory.

This is a service used by other services accessing the SPINE for directory lookups.

ldaps://ldap.vn1.national.ncrs.nhs.uk /<LDAP QUERY>

<LDAP QUERY> - The query to the directory may be contained within the URL

 ldap.vn1.national.ncrs.nhs.uk 10.196.94.129 TCP 636
This name exists for Smart Card authentications from the PC and is not a user service

Client Side GAC URL:

https://gas.vn1.national.ncrs.nhs.uk /login/authactivate

https://gas.vn1.national.ncrs.nhs.uk /login/authlogout

Server side GAS URL:

https://gas.vn1.national.ncrs.nhs.uk /login/authvalidate

 gas.vn1.national.ncrs.nhs.uk 10.196.94.131 TCP 443

Used to access ID server and is not a user based service. These URLs will only be used by application developers and are included here for completeness

(this URL is case sensitive)

Naming service:

https://sbapi.vn1.national.ncrs.nhs.uk /amserver/namingservice

Role assertion:

https://sbapi.vn1.national.ncrs.nhs.uk /saml/RoleAssertion

 sbapi.vn1.national.ncrs.nhs.uk 10.196.94.132 TCP 443

Messaging URLs

These are the messaging URLs for all Spine services.

Spine party key

A party key is a unique reference for a particular organisation and set of contract properties. Several party keys can exist at the same organisation and will start with the Organisation Data Service (ODS) code.

For the deployment environment, the party key is: YES-0000806.

All messaging properties should be obtained from this party key using the Lightweight Directory Access Protocol (LDAP) service URL listed below. 

Description URL DNS name IP address Port

Used for all domain synchronous messaging

This is also the service entry point for NN4B messages

 https://msg.dep.spine2.ncrs.nhs.uk/sync-service msg.dep.spine2.ncrs.nhs.uk 10.239.14.28 TCP 443
Used for all domain reliable messaging https://msg.dep.spine2.ncrs.nhs.uk/reliablemessaging/reliablerequest msg.dep.spine2.ncrs.nhs.uk 10.239.14.28 TCP 443
Used for all domain unreliable messaging https://msg.dep.spine2.ncrs.nhs.uk/reliablemessaging/queryrequest msg.dep.spine2.ncrs.nhs.uk 10.239.14.28 TCP 443
Used for all domain intermediary messaging https://msg.dep.spine2.ncrs.nhs.uk/reliablemessaging/intermediary msg.dep.spine2.ncrs.nhs.uk 10.239.14.28 TCP 443

Used to access the gazetteer postcode look up service

Gazetteer is a web service so will be called by other applications using this URL. This is not a user service.

 https://msg.dep.spine2.ncrs.nhs.uk/addressfinder/query msg.dep.spine2.ncrs.nhs.uk 10.239.14.28 TCP 443

Used for all SMSP messaging.

Now uses TLS1.2

 https://simple-sync.dep.spine2.ncrs.nhs.uk/smsp/pds simple-sync.dep.spine2.ncrs.nhs.uk 10.239.14.38 TCP 443
Used for all SMSP messaging.
Now uses TLS1.2		 https://proxy.dep.spine2.ncrs.nhs.uk/[provider service root url]/[fhir request] proxy.dep.spine2.ncrs.nhs.uk 10.239.6.33 TCP 443

Outbound Network Address Translation (NAT) addresses

Local firewall administrators should allow communication from these IP addresses.

Description URL DNS name IP address Port

All messages will be sent out as coming from msg-out.dep.spine2.ncrs.nhs.uk

Nothing will ever be sent to this domain name. This is included for clarity and firewall rules only		 No URL msg-out.dep.spine2.ncrs.nhs.uk 10.239.14.103 TCP 443

Outbound token events to registered listeners will be sent from this address

Nothing will ever be sent to this domain name. This is included for clarity and firewall rules only

CIS will respond on the port number specified by the client request		 No URL Not applicable 10.196.94.127 Any

Spine application URLs

This is a full list of URLs for the applications in the deployment environments.

Applications

Area URL
Summary Care Record (SCR) https://nww.dep.spine2.ncrs.nhs.uk/summarycarerecord/
SCR 1-Click http://nww.dep.spine2.ncrs.nhs.uk/oneclickscr/LSPValidator.jsp
SAML https://sbapi.vn1.national.ncrs.nhs.uk/saml/RoleAssertion
EPS Prescription Tracker https://nww.dep.spine2.ncrs.nhs.uk/prescriptionsadmin/
Care ID Service (Smartcard Management) https://wfe.dep.iam.spine2.ncrs.nhs.uk/urswebapp/
End Point Registration Service (EPR) https://wfe.dep.iam.spine2.ncrs.nhs.uk/eprwebapp/
Spine Reporting Service https://wfe.dep.iam.spine2.ncrs.nhs.uk/eprwebapp/
Demographic Spine Application (DSA) https://nww.dep.spine2.ncrs.nhs.uk/demographicspineapplication/
Data Access Service (DAS)- R15 https://susportal.ref01.sus.ncrs.nhs.uk/Ardentia/portal/jsp/index.jsp

Data Access Service

 https://susportal.hscic01.sus.ncrs.nhs.uk/Ardentia/portal/jsp/index.jsp
NDS Admin Portal https://susportal.ota.national.ncrs.nhs.uk/Ardentia/portal/jsp/index.jsp
TES Alert Viewer https://nww.dep.spine2.ncrs.nhs.uk/spinealertservice/
SUS: Business Intelligence https://susportal.ota.national.ncrs.nhs.uk/susportal/

NHS e-Referral Service (e-RS)

Area URL IP address
e-RS Dep1 Professional Web App https://nww.dep1.ers.ncrs.nhs.uk 155.231.120.180
e-RS Dep1 Patient Web App https://nww.pwa.dep1.ers.ncrs.nhs.uk 155.231.120.181
e-RS Dep2 Professional Web App https://nww.dep2.ers.ncrs.nhs.uk 155.231.120.190
e-RS Dep2 Patient Web App https://nww.pwa.dep2.ers.ncrs.nhs.uk 155.231.120.191

Deployment NHS e-Referral Service (e-RS) URLs

Party key

The party key for e-RS in the Dep1 environment is: YEO-11809150.

Accredited System ID (ASID) 

The ASID is: 606179841014. An ASID is a unique reference for a particular system. Different systems may have different ASIDs.  

The following IP addresses and URLs are used to access e-RS services.

Description URL DNS name IP address Port
Professional webapp https://nww.dep1.ers.ncrs.nhs.uk  nww.dep1.ers.ncrs.nhs.uk  155.231.120.180 TCP 443
Patient webapp https://nww.pwa.dep1.ers.ncrs.nhs.uk nww.pwa.dep1.ers.ncrs.nhs.uk 155.231.120.181 TCP 443
e-RS API https://api.dep1.ers.ncrs.nhs.uk api.dep1.ers.ncrs.nhs.uk 155.231.120.183 TCP 443
Messaging endpoint https://mhsin.dep1.ers.ncrs.nhs.uk mhsin.dep1.ers.ncrs.nhs.uk 155.231.120.182 TCP 443

RootCA and SubCA Certificates 

In order to establish connection to the deployment environments, a chain of trust must be set up using the RootCA and SubCA certificates.

  1. Copy the required RootCA or SubCA certificate. If you are using a existing certificate, please use the Root and Sub CA certificates that are valid till 8 January 2020.  The new certificates should only be used with certificates created after the 6 November 2019. If you will be using both existing and new certificates you will need to install both sets of certificates.
  2. Open Notepad or similar and paste the certificate - save the file locally with a suitable file name
  3. Locate the locally saved text file and change the file extension from .txt to .der
  4. Import the certificate into the local trusted certificate store - use the documentation from your software supplier as this may vary between applications

Please note that the: 

  • RootCA should be placed in 'Trusted Root Certification Authorities' 
  • SubCA should be placed in 'Intermediate Certification Authorities'

RootCA (NHS PTL Root Authority)

-----BEGIN CERTIFICATE-----

MIIDgjCCAmqgAwIBAgIEXR9LkDANBgkqhkiG9w0BAQsFADA8MQwwCgYDVQQKEwNu

aHMxCzAJBgNVBAsTAkNBMR8wHQYDVQQDExZOSFMgUFRMIFJvb3QgQXV0aG9yaXR5

MB4XDTE5MDcwNTEyMzcyOFoXDTM5MDcwNTEzMDcyOFowPDEMMAoGA1UEChMDbmhz

MQswCQYDVQQLEwJDQTEfMB0GA1UEAxMWTkhTIFBUTCBSb290IEF1dGhvcml0eTCC

ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJkUOEvituvw0SSmU4adXDnP

SXiaLsQb8CPZwLylSYqumfIzSjsxkktJsekegF6ybtGRMPWW+zBXMI15C3cT+tn8

gpCNYyn1P8/+oNgxtqTLYjxackfU6S8AL+6d39grDd6PlI5ILvCZko82m23cUx2y

2aRnpAIBgDk518tWLTZbMuM14bza/QvYVeX5DqW9gsz947opb6FYRe3MjeHiQmxq

GvWfPY/yb/cggo5y8m2fTQa6dencHeFwnmwbX6nwbrFx8UXzflD0Yke4i5Z2NN4C

xmgAqtxSu5Bz9f7ZQLPPBT5FL+pvxkAu4cEHma4JDD3KayhxzxigKbQcnQpXWEcC

AwEAAaOBizCBiDArBgNVHRAEJDAigA8yMDE5MDcwNTEyMzcyOFqBDzIwMzkwNzA1

MTMwNzI4WjALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUz4gDrKnt3tEACoCAAEC4

A4jIkFIwHQYDVR0OBBYEFM+IA6yp7d7RAAqAgABAuAOIyJBSMAwGA1UdEwQFMAMB

Af8wDQYJKoZIhvcNAQELBQADggEBAJU06JOPpBMgj/Owzd2aDDIlzEjHDyBx0UOa

xcIeeAT/ByYkTuPees9b5vsPmUwVuNzKscChQ9tvuugPPoTu9gXQfLldKTLlPqOf

+VCghQhM4H+i9+JyK7iKYN7xdVJLjH0AIgpNLwNN/2pnZ+69dOU4G7W0+NYT4e/w

wDcJSq0fi8dwixDTYU8DkFCfEyahEqeuNPp9X3ddWZryq3XjbR3n0YA1sUmnuwiT

ruMNXR0m34pt0nFLQFz57+dLWhAsB5xQdLPc1AuWwK/R8jnHh3+Q/RXOnXG4NNmn

RKYUDjLpFTnWmiZfGyX6edIrjN72M3Guu5cAs0pD/2d6QFsp1Dg=

-----END CERTIFICATE-----

SubCA (NHS DEP Level1C)

-----BEGIN CERTIFICATE-----

MIIDiDCCAnCgAwIBAgIEXa2KeTANBgkqhkiG9w0BAQsFADA8MQwwCgYDVQQKEwNu

aHMxCzAJBgNVBAsTAkNBMR8wHQYDVQQDExZOSFMgUFRMIFJvb3QgQXV0aG9yaXR5

MB4XDTE5MTAyOTE0NDM0MVoXDTI5MTAyOTE1MTM0MVowNjEMMAoGA1UEChMDbmhz

MQswCQYDVQQLEwJDQTEZMBcGA1UEAxMQTkhTIERFUCBMZXZlbCAxQzCCASIwDQYJ

KoZIhvcNAQEBBQADggEPADCCAQoCggEBALtHSWj/wTR08maM2m8UhQ6NKV4XwgPD

RelSE0DUfe5UB+Sa1tFODd47cGgRWqkHGUOEsiujfHhQitQIaQD4lvCcPdwZIRrP

WiSIKFQiJtuFFCtOvfIQFTqBAxhUPI8R/AdNuNS43zwcdXCRnNq86e8FY8JafXrH

dWukASTyH7CvlJwaKtVipnWgVJ6fFfan77Q9dMgJcrJTZkUDATpAE25EwupcfthU

9Kig5JU0FZ9fz3GAXDzDDWaXbzevYvt5QLsczh9b8nyilF3PQm9l2mjUcY18rj0A

boge9K7Q7reQjFa6NIbFL86eXrA8o5aMbcgRyEY0fUkADBqVwW8QezMCAwEAAaOB

lzCBlDA3BgNVHR8EMDAuMCygKqAohiZodHRwOi8vY3JsLm5ocy51ay9wdGwvcm9v

dGNhL2FybGExLmNybDALBgNVHQ8EBAMCAQYwHwYDVR0jBBgwFoAUz4gDrKnt3tEA

CoCAAEC4A4jIkFIwHQYDVR0OBBYEFGVuJdpgsijOo+SQn4gbV4nd5yA9MAwGA1Ud

EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAErhqxNGnl4Jary8uBMQUpVPhCtI

j3irHSj1nAcAzYH8jmC2DZgRIaNG3ShkxWAxc/pjWbx0YcyUrCAEOq00WdGcoz2Q

HUnr1lbgl1avz/PMyKufo5YisR8FumzCDSQVGuLpx9sFusvv62VlZQ99u8fSYJ+l

V4JtH+pAbGxg8qrDe63xATQ3PYi6W3ljMxxdrrvJXlbqpqG6xML2w0YIJFLdvIlq

oVff5GKH/z0l44zq5i7zggOtYi+/MKOudvhr9dtgR58Ul+jJ7WO5Blcfjjh+00AE

oc2qDRFYT3HFBPNllnp9V4lGBu3WlCIg9soWzfu/U4lU+REyH4PjPF+5H7s=

-----END CERTIFICATE-----

Message Exchange for Social Care and Health (MESH) keystore files to download

The following MESH keystore needs to be downloaded and installed as part of the MESH client installation. 

Environment Primary URL Keystore Path Keystore
Deployment https://msg.dep.spine2.ncrs.nhs.uk C:\MESH-APP-HOME\Keystore\meshdep.keystore meshDEP

Full details can be found in the MESH client installation pack. The environment specific information required is listed below. The password should have been provided when the MESH mailbox was first requested.

If you have any questions, email: platforms.supportdesk@nhs.net

Registry settings required to connect to the spine deployment environments 

In order to access the Spine Deployment environment, changes are required to the user's computer registry.  The exact changes depend on the version of the Identity Agent (IA) Client being used, and whether the operating system is 32-bit or 64-bit. 

  1. Copy the relevant text to a Notepad file and save it to your desktop
  2. Rename the file, changing the file extension from .txt to .reg
  3. Double-click on the file to run it

N.B. You will need administrator access to change registry settings on your computer. If you do not have this you should contact your local support team to run the file for you.

Registry File HSCIC Identity Agent 2 (64-bit) Spine deployment

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\HSCIC\Identity Agent]

"ActivatePOSTURL"="https://gas.vn1.national.ncrs.nhs.uk/login/authactivate"

"LaunchAppsPath"="https://portal.vn1.national.ncrs.nhs.uk"

"MobilityPersistence_Available"="False"

"SessionLockPersistence_Enabled"="False"

Registry File HSCIC Identity Agent 2 (32-bit) Spine deployment

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\HSCIC\Identity Agent]

"ActivatePOSTURL"="https://gas.vn1.national.ncrs.nhs.uk/login/authactivate"

"LaunchAppsPath"="https://portal.vn1.national.ncrs.nhs.uk"

"MobilityPersistence_Available"="False"

"SessionLockPersistence_Enabled"="False"

Registry File HSCIC Identity Agent 1 (64-bit) Spine deployment

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\HSCIC\Identity Agent]

"ActivatePOSTURL"="https://gas.vn1.national.ncrs.nhs.uk/login/authactivate"

"RoleSelectionGETPOSTURL"="https://sbapi.vn1.national.ncrs.nhs.uk/saml/RoleSelectionGP.jsp"

"LogoffPOSTURL"="https://gas.vn1.national.ncrs.nhs.uk/login/authlogout"

"LaunchAppsPath"="https://portal.vn1.national.ncrs.nhs.uk"

Registry File HSCIC Identity Agent 1 (32-bit) Spine deployment

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\HSCIC\Identity Agent]

"ActivatePOSTURL"="https://gas.vn1.national.ncrs.nhs.uk/login/authactivate"

"RoleSelectionGETPOSTURL"="https://sbapi.vn1.national.ncrs.nhs.uk/saml/RoleSelectionGP.jsp"

"LogoffPOSTURL"="https://gas.vn1.national.ncrs.nhs.uk/login/authlogout"

"LaunchAppsPath"="https://portal.vn1.national.ncrs.nhs.uk"

Registry File BT Identity Agent IA13 Spine deployment

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Gemplus\GAC] "Activate.URL"="https://gas.vn1.national.ncrs.nhs.uk/login/authactivate" "Logout.URL"="https://gas.vn1.national.ncrs.nhs.uk/login/authlogout" "Authentication.StartBrowser.Url"="https://sbapi.vn1.national.ncrs.nhs.uk/saml/RoleSelectionWT.jsp?token=<SSO_TICKET>" "Device.id"="1ef2f9cc" "UpdateWatcher.enable"=dword:00000000 "Device.id.URL"="https://sbapi.vn1.national.ncrs.nhs.uk/ssb/DeviceIDLogger?ipaddress=<IP_ADR>&latestdeviceid=<DEVICE_ID>&storeddeviceid=<OLD_DEVICE_ID>&token=<SSO_TICKET>" "Authentication.StartBrowser.Url"="https://sbapi.vn1.national.ncrs.nhs.uk/saml/RoleSelectionWT.jsp?token=<SSO_TICKET>" "RoleSelection.URL"="https://sbapi.vn1.national.ncrs.nhs.uk/saml/RoleSelectionGP.jsp?token=<SSO_TICKET>&selectedRoleUid=<ROLE_UID>&ssbMode=<MODE>&gacVersion=<GAC_VERSION>&fallbackStatus=<FALLBACK>" "Portal.URL"="https://portal.vn1.national.ncrs.nhs.uk"

Services available in the deployment environment

Spine Core Messaging and Spine Core applications 

The Spine Core service provides a messaging service that allows certified endpoint message handling systems to query and update data held in the national demographic and prescriptions systems. 

The Spine Core systems also supports the e-RS national systems by providing a messaging interface between e-RS and referrers and providers. Also included in the Spine Core service are the Graphic User Interface (GUI) based Summary Care Record application (SCRa) and Demographic Spine Application (DSA). These allow Spine Core data to be manipulated without a messaging interface.

Spine Mini Service Provider 

The Spine Mini Service Provider provides customers an interface to submit a limited number of demographic messages in a simple format.

Spine Secure Proxy

The Spine Secure Proxy provides a simpler interface to local systems for demographic messaging, allowing quick recovery of details without the requirements of full integration. Messaging functionality is limited to retrievals and simple trace. Updates are not supported. 

Message Exchange for Social Care and Health (MESH)

The Message Exchange for Social Care and Health (MESH) provides a workflow based data transfer service that allows registered users to exchange data between secure mailboxes. It is used to support services such as the transfer of Pathology data between labs and hospitals and electronic discharge notes to community medical teams for patients leaving hospital care.

Care Identity Service (CIS)

The Care Identity Service (CIS) controls user access to data held in the national systems. Users access is via a smartcard and uses Role Based Access Control. Both smartcards and Access control are managed within the CIS application. Certification and management of message handling systems is also managed within the CIS application.

NHS e-Referral Service (e-RS) 

The NHS e-Referral Service (e-RS) combines electronic booking with a choice of place, date and time for first hospital or clinic appointments. Patients can choose their initial hospital or clinic appointment, book it in the GP surgery at the point of referral, or later at home on the phone or online. 

NHS e-Referral Service Application Programming Interface (e-RS API)

The NHS e-Referral Service Application Programming Interface (e-RS API) service allows patient systems to perform clinical actions within the e-RS application via an external API interface.

Smartcard services

You will need a valid smartcard to use certain services including the Care Identity Service (CIS).

If you do not have a valid smartcard, email platforms.supportdesk@nhs.net

Environment build versions

Current versions of the national system applications deployed in each Path to Live environment.

Maintenance slots and scheduled changes

Although these are the scheduled maintenance slots, check the Forward Change Schedule for activity taking place outside of the scheduled maintenance slots. 

Maintenance slots 

Spine Core

Thursday 8pm to Friday 6am (weekly)

Spine CIS

Wednesday 8pm to Thursday 6am (weekly)

e-RS

Wednesday 8pm to Thursday 6am (following live e-RS release)

Last edited: 5 May 2021 1:35 pm