Contents
- Overview
- Hosting of Compucare
- Minimum Client PCs/Workstations
- User Access via Client EntraID (AAD)
- Firewall/Network Requirements
- Connectivity Requirements for Compucare
- Connectivity Requirements for Interfacing:
- e-RS Portal Accessibility
- PXP Payment Gateway
- Anti-Virus Exclusions
Overview
This article provides information on the minimum workstation and network/connectivity specifications to ensure optimal running of Compucare on Azure.
Hosting of Compucare
Compucare's database will be hosted and managed by Streets Heaver from our Azure environment in UK South, with real-time replication of the database to UK West for auto-failover purposes. Initially, Compucare's associated APIs, portals and services will be hosted and managed by Streets Heaver from our Data Centre at our head office in Lincoln. These will be transitioned to Azure over time.
The diagram below shows a high level topology for Compucare's hosting environments and how these are connected to the client's network:
More details on the hosting of Compucare and the technology in place can be found here: White Paper for Adoption of Compucare (on Azure)
Minimum Client PCs/Workstations
For the Compucare application itself, this will be initially downloaded from Compucare.streets-heaver.com which provides a downloadable self-updating Compucare client for the user to launch via an icon on their desktop.
The minimum hardware specification for PCs/workstations running Compucare are as follows:
- Microsoft Windows 10 Professional (SP1) or above (Windows 11 Professional recommended) - x64
- Intel Core i5 or above
- 8GB RAM or above
- 300mb free space per user accessing Compucare on a PC/workstation.
- Screen resolution 1920 x 1080 or above (Recommended 23” widescreen monitor or larger)
- .NET8 Core Desktop - required for the Compucare Installer (https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-8.0.0-windows-x64-installer?cid=getdotnetcore)
- .NET6 Desktop (x64) - required for Compucare 8 client (until approx. 8.78 when it will no be required as Compucare 8 will be .NET8) (https://download.visualstudio.microsoft.com/download/pr/52d6ef78-d4ec-4713-9e01-eb8e77276381/e58f307cda1df61e930209b13ecb47a4/windowsdesktop-runtime-6.0.25-win-x64.exe)
User Access via Client EntraID (AAD)
Compucare is licenced by a total (maximum) number of purchased Named User Licences. Access to the application is via SSO using the client's Entra ID (formerly Azure Active Directory (AAD)). The client will have full control of the Named Users that they assign or unassign for access to the Compucare application, up to that maximum level (before additional named user licences need to be purchased).
To enable SSO for Compucare, the client will need an admin to grant consent for the Compucare 8 app registration (owned by Streets Heaver) into their Azure tenant. In particular, the following tenant permissions should be granted:
Compucare - delegated user permissions:
- openid
- User.Read
- User.ReadBasic.All
Report Generator - delegated user permissions:
- People.Read
- Presence.ReadWrite
- User.Read
- User.ReadBasic.All
Further details of Compucare's authentication with the client's AAD can be found within the Authentication Overview here: Overview of Azure SQL Databases and MS Entra ID (ex AAD) Authentication.
Azure Enterprise Application - Consents
Azure Enterprise Application & Security Groups
- It is recommended all Enterprise Applications are configured as "Assignment Required"
- Each Enterprise Application have users assigned via Groups, example typical groups would be as follows and would be split between Live and Test access:
- ReportGenerator_[organisation]_Live
- ReportGenerator_[organisation]_Test
- Compucare_[organisation]_Live
- Compucare_[organisation]_Test
Firewall/Network Requirements
Outbound exceptions to the Streets Heaver domains:
- compucare.streets-heaver.com
- tenants.streets-heaver.com 443
- downloads.sh-cdn.co.uk443
- We recommend split tunnelling traffic to this to use remote users direct internet connection instead of over the VPN to avoid congestion of application update downloads
- reports.streets-heaver.com
- clinician.streets-heaver.com
- ward.streets-heaver.com
Outbound exception to the database servers (this will change based on the Azure estate):
- sql-compucare-test-uks-001.database.windows.net
- compucare-prod-failover-group-001.database.windows.net
Streets Heaver Firewall Configuration for Azure SQL Database - we whitelist the client's external IP to their Compucare SQL database, providing an additional layer of protection. All access to the SQL database will only be granted via a whitelist of IPs provided by the client. The expectation is all traffic will be routed via a client's VPN to Azure SQL.
Connectivity Requirements for Compucare
- A single user at home/work - recommended 10 Mbps min download speed.
- Latency:
- <100 = Good
- 100 - 200 = Acceptable
- >200 = Poor
- For an organisation tunnelling all home/office workers - recommended 50 Mbps min download speed (per 500 named user connections to Compucare). This is subject to load and volume of traffic and use of the system, i.e. heavy use on attachments and blob data.
- For clients who do NOT currently have a VPN for all connections via a static IP/range, you can setup and use Azure VPN Gateway - using a minimum of Gateway Type of VpnGw1AZ, using P2S tunnels.
- It is essential that remote installations and places of work, e.g. mobile clinics and transient workers verify a stable internet connection via the VPN and this is verified prior to going live.
- Split Tunnelling is Recommended
- Compucare updates are approx. 250mb and can occur daily, to all users - in which case its advisable to consider this when setting up connectivity and the VPN traffic. As a minimum ONLY SQL traffic needs to go via the VPN.
Connectivity Requirements for Interfacing:
For HL7 based integration an IPsec VPN will need to be established between the client's network or third party system's network and the Streets Heaver Data Centre. Both parties will then agree and establish the IPs and Ports for their respective integration engines to both listen on and send to, in order to establish bi-directional messaging between systems.
e-RS Portal Accessibility
For accessing the e-RS Portal you have 2 options:
- Sign up for the NHS CIS2 cards via the internet https://digital.nhs.uk/services/care-identity-service/applications-and-services/cis2-authentication/smartcards-via-internet
OR - Acquire your own HSCN connectivity
In the short term, we will continue to facilitate the traditional Citrix connection for those few users required to use the Portal.
PXP Payment Gateway
Compucare 8 needs to have the correct workstation setup to be able to communicate with the PEDs.
Anti-Virus Exclusions
- %LocalAppData%\Compucare_8\*.*
- %LocalAppData%\Compucare_8Pre\*.*
- %LocalAppData%\Temp\*.*
- %LocalAppData%\CompucareInstaller_*
Or whitelist based on the Signed Certificate thumbprint.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article