Non-functional test environment
How the non-functional test environment should be used
The non-functional test environment is available for use by suppliers to perform specific messaging integration testing.
This environment is only available by special request. Please email: platforms.supportdesk@nhs.net
What the non-functional test environments should not be used for
The non-functional test environments do not:
- replace the EMT environments as formal test and assurance environments
- provide right of access to any other environments during environment downtime or any other form of unavailability
How to connect to the environment
Before you start
You will need to:
- have a connection to the Health and Social Care Network (HSCN) - the secure NHS network (if you do not have a connection or are experiencing problems connecting, contact your network provider)
- request access to test data - email: testdata@nhs.net
- register the messaging product using a Manufacturer, product and version (MPV) form if required
- register your message handling service with the Spine by requesting an endpoint (an authorised connection to Spine) to be created unless you have an endpoint administrator in your organisation who can do this for you - please complete the endpoint admin access request form (epr) to manage your own endpoints
- register your Fully Qualified Domain Name (FQDN) with the NHS DNS team
There are no entry criteria for the non-functional test environment beyond having suitable test data available.
All endpoints and MPV requests will be processed in the integration environment and will replicate to the non-functional test environment.
Connection information
A full list of URLs and associated IP addresses are provided below to help you connect to the non-functional test environment.
Local firewall administrators should allow communication to the IP addresses as necessary using these details.
Portal URLs
The following IP addresses/ports need to be configured on the end user firewalls to form outbound firewall rules allowing endpoints to send messages from the development environments.
| Description | URL | DNS name | IP address | Port |
|---|---|---|---|---|
| Used for the SCRa service | https://nww.nft.spine2.ncrs.nhs.uk/summarycarerecord | nww.nft.spine2.ncrs.nhs.uk | 10.239.14.25 | TCP 443 |
| Used for Self Service | https://nww.nft.spine2.ncrs.nhs.uk/spineselfservice | nww.nft.spine2.ncrs.nhs.uk | 10.239.14.25 | TCP 443 |
| Used for the alert service | https://nww.nft.spine2.ncrs.nhs.uk/spinealertservice | nww.nft.spine2.ncrs.nhs.uk | 10.239.14.25 | TCP 443 |
| Used for the DSA | https://nww.nft.spine2.ncrs.nhs.uk/demographicspineapplication | nww.nft.spine2.ncrs.nhs.uk | 10.239.14.25 | TCP 443 |
| Used for the ETP ADMIN service | https://nww.nft.spine2.ncrs.nhs.uk/prescriptionsadmin | nww.nft.spine2.ncrs.nhs.uk | 10.239.14.25 | TCP 443 |
| Used for the SRS service | https://nww.nft.spine2.ncrs.nhs.uk/spinereportingservice | nww.nft.spine2.ncrs.nhs.uk | 10.239.14.25 | TCP 443 |
System URLs
These are the connection URLs for the services required to run or connect to applications. Due to the move of this environment to AWS, the IP addresses of the following are not constant. Customers will need to open their firewalls to the IP address range of 10.239.58.0/24 to ports 636 (LDAP) and 443 (sbapi and gas). If you are using hard-coded IP addresses e.g. in a hosts file, you will need modify your application to use the DNS service names.
| Description | URL | DNS name | IP address | Port |
|---|---|---|---|---|
| This is the LDAPS protocol service to the directory. This is a service used by other services accessing the SPINE for directory lookups. |
ldaps://ldap.nis1.national.ncrs.nhs.uk/<LDAP QUERY> <LDAP QUERY> - The query to the directory may be contained within the URL |
ldap.nis1.national.ncrs.nhs.uk |
TCP 636 | |
| This name exists for Smart Card authentications from the PC and is not a user service. | Client Side GAC URL: https://gas.nis1.national.ncrs.nhs.uk/login/authactivate https://gas.nis1.national.ncrs.nhs.uk/login/authlogout Server Side GAS URL: https://gas.nis1.national.ncrs.nhs.uk/login/authvalidate |
gas.nis1.national.ncrs.nhs.uk |
TCP 443 | |
| Used to access ID server and is not a user-based service. These URLs will only be used by application developers and are included here for completeness. (This URL is Case Sensitive) |
Naming Service: https://sbapi.nis1.national.ncrs.nhs.uk/amserver/namingservice Role Assertion: https://sbapi.nis1.national.ncrs.nhs.uk/saml/RoleAssertion |
sbapi.nis1.national.ncrs.nhs.uk |
TCP 443 |
Messaging URLs
The Party Key for Spine is YES-0000806
| Description | URL | DNS name | IP address | Port |
|---|---|---|---|---|
| Used for ALL domain Synchronous Messaging This is also the service entry point for NN4B messages. |
https://msg.nft.spine2.ncrs.nhs.uk/sync-service | msg.nft.spine2.ncrs.nhs.uk | 10.239.14.30 | TCP 443 |
| Used for ALL domain Reliable Messaging. | https://msg.nft.spine2.ncrs.nhs.uk/reliablemessaging/reliablerequest | msg.nft.spine2.ncrs.nhs.uk | 10.239.14.30 | TCP 443 |
| Used for ALL domain Unreliable Messaging. | https://msg.nft.spine2.ncrs.nhs.uk/reliablemessaging/queryrequest | msg.nft.spine2.ncrs.nhs.uk | 10.239.14.30 | TCP 443 |
| Used for ALL domain Intermediary Messaging | https://msg.nft.spine2.ncrs.nhs.uk/reliablemessaging/intermediary | msg.nft.spine2.ncrs.nhs.uk | 10.239.14.30 | TCP 443 |
| Used to access the gazetteer postcode look up service. Gazetteer is a web service so will be called by other applications using this URL. This is not a user service. |
https://msg.nft.spine2.ncrs.nhs.uk/addressfinder/query | msg.nft.spine2.ncrs.nhs.uk | 10.239.14.30 | TCP 443 |
| Used for all SMSP messaging. Now uses TLS1.2 | https://simple-sync.nft.spine2.ncrs.nhs.uk/smsp/pds | simple-sync.nft.spine2.ncrs.nhs.uk | 10.239.14.40 | TCP 443 |
| Used for all SMSP messaging. Now uses TLS1.2 | https://proxy.nft.spine2.ncrs.nhs.uk/[provider service root url]/[fhir request] | proxy.nft.spine2.ncrs.nhs.uk | 10.239.14.35 | TCP 443 |
Outbound NAT addresses
The following IP addresses/ports need to be configured on the end user firewalls to form inbound firewall rules allowing endpoints to receive messages from development environments.
| Description | URL | DNS name | IP address | Port |
|---|---|---|---|---|
| All Messages will be sent out as coming from msg-out.dev.spine2.ncrs.nhs.uk. Nothing will ever be sent to this domain name. This is included for clarity and firewall rules only. |
No URL | msg-out.nft.spine2.ncrs.nhs.uk | 10.239.14.105 | TCP 443 |
| Outbound token events to registered listeners will be sent from this address. Nothing will ever be sent to this domain name. This is included for clarity and firewall rules only. CIS will respond on the port number specified by the client request. |
No URL | Not applicable | 10.196.94.115 | TCP 443 |
RootCA and SubCA certificates
Use the RootCA and SubCA certificates in the integration environment to establish a chain of trust.
Services available in the NFT environment
Spine Core Messaging and Spine Core applications
The Spine Core service provides a messaging service that allows certified endpoint message handling systems to query and update data held in the national demographic and prescriptions systems. There are no Spine core applications for example, Summary Care Record application (SCRa) or Demographic Spine Application (DSA) available in the non-functional test environment.
Spine Mini Service Provider
The Spine Mini Service Provider provides customers an interface to submit a limited number of demographic messages in a simple format.
Spine Secure Proxy
The Spine Secure Proxy provides an access control layer required by certain programs where patient data may be made accessible to certified users and systems.
Last edited: 5 May 2021 2:04 pm