Minimum System Requirements for Compucare (on Azure)

Created by Stuart Hymers, Modified on Mon, 23 Sep at 3:11 PM by Sam Cybulska

Contents


Overview

This article provides information on the minimum workstation and network/connectivity specifications to ensure optimal running of Compucare on Azure.


Hosting of Compucare

Compucare's database will be hosted and managed by Streets Heaver from our Azure environment in UK South, with real-time replication of the database to UK West for auto-failover purposes. Initially, Compucare's associated APIs, portals and services will be hosted and managed by Streets Heaver from our Data Centre at our head office in Lincoln. These will be transitioned to Azure over time.

The diagram below shows a high level topology for Compucare's hosting environments and how these are connected to the client's network:

More details on the hosting of Compucare and the technology in place can be found here: White Paper for Adoption of Compucare (on Azure)


Minimum Client PCs/Workstations

For the Compucare application itself, this will be initially downloaded from Compucare.streets-heaver.com which provides a downloadable self-updating Compucare client for the user to launch via an icon on their desktop.

The minimum hardware specification for PCs/workstations running Compucare are as follows:


User Access via Client EntraID (AAD)

Compucare is licenced by a total (maximum) number of purchased Named User Licences. Access to the application is via SSO using the client's Entra ID (formerly Azure Active Directory (AAD)). The client will have full control of the Named Users that they assign or unassign for access to the Compucare application, up to that maximum level (before additional named user licences need to be purchased).

To enable SSO for Compucare, the client will need an admin to grant consent for the Compucare 8 app registration (owned by Streets Heaver) into their Azure tenant. In particular, the following tenant permissions should be granted:

Compucare - delegated user permissions:

  • openid
  • User.Read
  • User.ReadBasic.All

Report Generator - delegated user permissions:

  • People.Read
  • Presence.ReadWrite
  • User.Read
  • User.ReadBasic.All

Further details of Compucare's authentication with the client's AAD can be found within the Authentication Overview here: Overview of Azure SQL Databases and MS Entra ID (ex AAD) Authentication.


Azure Enterprise Application - Consents

ApplicationAzure Enterprise Application Id Consent URL
Compucaref66e76f8-c125-4364-bc75-a5ccaf9cb340https://compucare-consent.streets-heaver.com
Compucare Client Consolecdf3f8be-3c73-4f69-a0da-7690107708bdhttps://compucare-consent.streets-heaver.com
Compucare 845404467-1a84-4afd-8a21-36d3b94b0e4bhttps://compucare-consent.streets-heaver.com
Compucare Clinician1c297e4a-4dc4-4a7a-a03f-3e7ae4f18e49
Compucare Ward
bebb9cb0-74bb-4f0b-8826-df6f54eea28d 

Report Generator
835fd79b-9087-406b-889e-8167cfbf864d 
https://reports-consent.streets-heaver.com
Report Generator API43e92ffc-e310-41d7-b9eb-b1ae93127b50https://reports-consent.streets-heaver.com



Compucare 8 APIb196010e-0b1d-4964-be33-e797fa29a66ahttps://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=b196010e-0b1d-4964-be33-e797fa29a66a&redirect_uri=https://compucare-consent.streets-heaver.com&state=4&scope=.default&nonce=abcde&prompt=consent

Clinician App

7381cc0d-bab3-4f1e-9b93-ff3e39b06239



https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=7381cc0d-bab3-4f1e-9b93-ff3e39b06239&redirect_uri=https://compucare-consent.streets-heaver.com&state=4&scope=.default&nonce=abcde&prompt=consent


Azure Enterprise Application & Security Groups

  1. It is recommended all Enterprise Applications are configured as "Assignment Required"
  2. Each Enterprise Application have users assigned via Groups, example typical groups would be as follows and would be split between Live and Test access:
    1. ReportGenerator_[organisation]_Live
    2. ReportGenerator_[organisation]_Test
    3. Compucare_[organisation]_Live
    4. Compucare_[organisation]_Test



Firewall/Network Requirements

Outbound exceptions to the Streets Heaver domains:

Outbound exception to the database servers (this will change based on the Azure estate):

  • sql-compucare-test-uks-001.database.windows.net 
  • compucare-prod-failover-group-001.database.windows.net 


Streets Heaver Firewall Configuration for Azure SQL Database - we whitelist the client's external IP to their Compucare SQL database, providing an additional layer of protection. All access to the SQL database will only be granted via a whitelist of IPs provided by the client. The expectation is all traffic will be routed via a client's VPN to Azure SQL.


Connectivity Requirements for Compucare

  • A single user at home/work - recommended 10 Mbps min download speed.
  • Latency:
    • <100 = Good
    • 100 - 200 = Acceptable
    • >200 = Poor
  • For an organisation tunnelling all home/office workers - recommended 50 Mbps min download speed (per 500 named user connections to Compucare). This is subject to load and volume of traffic and use of the system, i.e. heavy use on attachments and blob data.
  • For clients who do NOT currently have a VPN for all connections via a static IP/range, you can setup and use Azure VPN Gateway - using a minimum of Gateway Type of VpnGw1AZ, using P2S tunnels.
  • It is essential that remote installations and places of work, e.g. mobile clinics and transient workers verify a stable internet connection via the VPN and this is verified prior to going live.  
  • Split Tunnelling is Recommended
    • Compucare updates are approx. 250mb and can occur daily, to all users - in which case its advisable to consider this when setting up connectivity and the VPN traffic. As a minimum ONLY SQL traffic needs to go via the VPN.


Connectivity Requirements for Interfacing:

For HL7 based integration an IPsec VPN will need to be established between the client's network or third party system's network and the Streets Heaver Data Centre.  Both parties will then agree and establish the IPs and Ports for their respective integration engines to both listen on and send to, in order to establish bi-directional messaging between systems.


e-RS Portal Accessibility

For accessing the e-RS Portal you have 2 options:

In the short term, we will continue to facilitate the traditional Citrix connection for those few users required to use the Portal.


PXP Payment Gateway

Compucare 8 needs to have the correct workstation setup to be able to communicate with the PEDs.


Anti-Virus Exclusions

  • %LocalAppData%\Compucare_8\*.*
  • %LocalAppData%\Compucare_8Pre\*.*
  • %LocalAppData%\Temp\*.*
  • %LocalAppData%\CompucareInstaller_*

Or whitelist based on the Signed Certificate thumbprint.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article