Guidance for NHS Wales staff using VPN

What is a VPN?

VPN is a Virtual Private Network which allows you to use local internet to create a secure connection to the NHS Wales corporate network from remote sites. In NHS Wales we use Cisco AnyConnect to allow users to connect and work securely from remote locations.

Demand for this service increases rapidly during Local or National Major Incidents. We are already seeing unprecedented demand on the VPN service as a result of COVID-19.

How many people can connect to VPN?

The VPN service is currently designed to support up to 3,500 concurrent connections and these users all share around 700 Mbps of bandwidth. As part of the response to COVID-19 this is being increased to up to 7,000 connections / 1,400 Mbps bandwidth. However, there are over 16,000 users configured to use it and new users are being added rapidly as a result of Covid-19.

We have also ordered additional licensing and hardware to further increase the VPN capability (bandwidth and users), however, there is a long lead time for this hardware (estimated at around 90 days).

Internet Bandwidth 

The NHS Wales internet bandwidth has recently increased from 2Gbps to 5Gbps, as part of planned digital priority improvement work. In response to COVID-19 we plan to double this again to 10Gbps to support additional internet-based resources (e.g. video consultations, etc). However, this equipment is also on a 90-day lead-time. As such, the internet bandwidth utilisation is likely to become contended which will result in slow response times for many staff.

We are working with suppliers to reduce the lead time for the required equipment as a matter of urgency, but improvements are weeks away.

In the meantime, it is vital that users at the front-line of care delivery, have access to the bandwidth required for critical clinical and business services, irrespective of whether these users are working remotely from an alternative NHS site, or working from home.

To that end, staff working remotely have a significant role to play in allowing healthcare professionals to access systems and patient information.

What can you do?

Only use the VPN service when necessary

    • Only use it when there are no available alternatives (see below)
    • Close sessions when not required (e.g. lunch break, end of the day)

Alternative options

    • If you have been migrated to Microsoft Office 365 & have EM+S (mobile security) you no longer need to use VPN to access Email, OneDrive, MS Office products.
    • ESR is accessible from the internet
    • E-expenses system is accessible from the internet

Avoid accessing unnecessary websites and online services using work equipment. This applies irrespective of whether or not you are using the VPN. Please use personal devices for these types of sites

  • News sites
  • Media/Audio streaming – only use if required to undertake your role

Note: Access to such services is being continuously monitored and reviewed during this time of increased remote usage

Continue to follow good practice & use common sense

  • Follow all security advice as directed

The National Crime Agency have advised that many web sites that appear to provide coronavirus advice/information are using known exploits to download malware (ransomware, etc) onto devices that visit those sites - Please be vigilant

  • Be particularly mindful when working remotely:
    • Lock corporate workstations or laptops when not in use
    • Don’t print documents if you can avoid it

Please follow the above guidance to try and ensure everyone who needs to use VPN to work remotely to deliver critical services during this time are able to do so. More information and guidance on using VPN, can be found here.