N3 is the NHS broadband network that links hospitals, medical centres and GPs in England and Scotland and currently has over 50,000 connections to it nationwide. In 2004 BT won the contract to provide the network and became an N3 service provider (N3SP). It was immediately tasked with specifying and installing the system that would offer this important institution a network solution of the highest possible quality.
The N3 network has developed over time and in 2007 it became voice enabled. 6-Layer QoS, a digital network management solution was rolled out, prioritising important data applications, voice and multimedia traffic allowing N3 to provide voice enhancements to the NHS. It provides a local gateway service, which enables free calls between voice users, reduced rate tariffs and access to mobile networks at nationally negotiated rates.
N3SPs deliver bespoke networking solutions and services for the individual needs of different NHS organisations. An example of this is the Community of Interest Networks (COIN), which geographically link adjacent surgeries, medical centres and hospitals over N3. The result is that over 30 per cent of the NHS estate is benefiting from integrated patient care and operational efficiency. Doctors and medical staff can share information and data quickly because COIN sites are securely interconnected with national computer centres. With budgets being cut, trusts are also able to save money by running all their voice, video and data calls over a COIN.
N3SPs are supplier agnostic and ensure best value for money for the NHS by using a number of different suppliers to provide discrete segments of network services. They pull all of the different services together and manage them on behalf of the NHS, providing one single system.
All the N3 core network infrastructure equipment is located in BT exchanges at various sites around the country, which nearly all have multi-user areas (MUA). This situation led to the identification of a variety of security issues, as operatives from a range of different companies had access to the equipment there. Cabinet keys were stored in a combination safe located within the BT exchange, and personnel could obtain the keys by calling the N3 helpdesk and asking for the combination of the safe. It was evident that a much more secure method of cabinet access control, environmental monitoring and an automated management system was needed.
The Programme Governance Board (PGB) assigned Leroi McLawrence, as BT’s senior project manager. He was given the task of overhauling the existing security process with a view to protecting the N3 network from malicious or accidental damage. He explains, ‘While the loss of a communications network to a commercial company might mean that they suffer an hour’s loss of business, that amount of time is critical in the healthcare sector as it could mean the difference between life and death. Commercially, too, there are punitive SLA penalties.’
This was an untenable situation and, after conducting an audit, BT concluded that something had to be done to address vulnerability and failings of the cabinet security processes and reduce or eliminate the risk at 63 PoP sites, 44 LTAP sites and seven COIN sites across England and Scotland.’
As with any data network there is always a risk that information which flows through it could be intercepted. However, there are number of security processes that significantly reduce the chances of this happening, including the physical and organisational security of the core network. To achieve this, one of the first things that the project manager did was to agree a “security statement of requirement” with the Global Service Security Department (GSSD).
Nine of the leading manufacturers in this area were asked to tender for the Access Control and Environmental Monitoring (ACEM) system. Describing the process, McLawrence comments; ‘After the initial evaluation of the tender responses, our technical team requested each company to install their proposed solution at a secured location. This enabled a thorough evaluation and testing facility and put them through their paces of each system to be carried out.’
Once this exercise was completed it was clear that Cannon Technologies ACME system provided the best and most cost effective security solution. Their solution provided the scalability and flexibility required, while their electronic, locally and remotely managed, keypad lock systems can be fitted not only to the Cannon cabinets, but uniquely it can be retrofitted to other manufacturer cabinets such as those already in the N3 estate.
This resulted in GSSD and BT Locate subsequently standardising on the Cannon ServerSmart cabinets for servicing N3 cabinet requirements.
“The ServerSmart cabinet provides the perfect environment for the universal housing of 19 inch servers,” explains Colin Wade, Cannon Technologies’ commercial sales director. ‘Available in a range of heights, widths and depths, it also has exceptional cooling ability for high power densities, a choice of door styles for rear access and adjustable 19 inch mounting posts, allowing universal server mounting. ServerSmart’s doors also have the unique ability to open to 180º when bayed, and 270º at end of bay or when used in a standalone formation.’
All cabinets provided for N3 came with the CannonGuard access control and security controller already installed, thus resulting in simple plug and play installation and much simplified commissioning and integration testing.
Guard of Honour
CannonGuard comprises a suite of hardware modules and software that provides local and remote control of racks, cabinets, hot and cold aisles, cages, data rooms or outside enclosures. The system is based on 'plug and play' modules that can be used stand alone or daisy chained together into a high security, resilient system. It enables remote control from multiple locations concurrently, with full event recording and a rolling 24 hour audit trail.
The CannonGuard software was modified to meet the particular requirements of BT’s secure network, as was a site network management system module which utilise 1U of cabinet space within one individual cabinet and co-ordinates the monitoring of up to 15 cabinets in a site.
In their Place
While most installations of this type could be carried out by trained BT engineers, the project manager decided to ask Cannon Technologies if it would tender for the installation and maintenance element of the project too, believing that the expertise and cost saving it could offer would save significant sums. And make for a smoother installation process.
He says, “We discussed the logistics and prices associated with this and came to a mutually beneficial arrangement. As project leader it was up to me to coordinate the installation and act as first point of contact for the Cannon operatives. Effectively, the Cannon implementation team reported directly to me as project manager on all implementation issues.”
Mark Hirst, T4 data centre product manager at Cannon technologies, was closely involved with this element of the project and comments, ‘Between two and five cabinets were installed at each of the 114 sites a total of over 540 units. Depending on number of cabinets to be managed at each site, this required at least one local control unit, individual door sensors and one environmental monitoring sensor installed.’
The CannonGuard units in the cabinets are connected to the N3 network via an Ethernet port to allow complete remote management of each site. This ensures only authorised personnel can access the cabinets following a request and authorisation from the N3 operational support helpdesk, which can carry out access code changes remotely.
Alarms are now generated if unauthorised entry is attempted or an unusual condition or problem is detected, such as if the humidity level within the MUA rises above a pre-defined threshold. This allows the N3 operational support helpdesk to carry out an investigation and follow up any breach of agreed procedures. The enhanced security provides full verification of personnel accessing N3 cabinets and clear audit trail, which as well as complying with service level agreements (SLAs), removes most of the security risks related to N3 cabinets.
It was agreed that the secure system would be delivered and installed over a six month timeframe. Hirst says, ‘From a logistical point of view this was an incredibly challenging task which involved close collaboration between our on-site teams and Leroi. I’m please to say, however, that not only did we meet this deadline, we actually completed it in five months.’
Commenting on this process, McLawrence adds, ‘There’s no doubt that this was a remarkable achievement. Apart from minor issues such as gaining access to certain parts of the sites, I am amazed at how well it went I can’t praise Cannon Technologies enough for making this happen on time and on budget.’
N3 has received nine awards for what it brings to the NHS. In 2008 it won the e-Government excellence: Innovation in Strategy on a National Level Award. In the same year it took the plaudits in the Government Computing Awards for Innovation for Best Project Government to Government and in 2009 it won the Good Communication award for IT Partnership demonstrating an effective partnership approach to delivering IT related services and, in turn, better value to citizens. More recently it was the winner of the 2011 e-Government excellence: Team category for collaborative working and connecting healthcare,
For Leroi McLawrence the completion of the cabinet security project marked a major milestone as it was his last job prior to retiring from BT. He concludes, ‘I’m very proud that I was able to finish my time at BT by successfully completing this project for the NHS. The fact that it went so well was in no small part due to Cannon Technologies’ technological excellence and the skill their team applied in the installation of the products and the technical support provided by the N3 core delivery team.’
For a copy of the article featured in NCN Magazine please click here: Cannon Technologies - BT NHS Case Study