Contents
- Overview
- Hosting of Compucare
- Minimum Client PCs/Workstations
- User Access via Client EntraID (AAD)
- Firewall/Network Requirements
- Connectivity Requirements for Compucare
- Connectivity Requirements for Interfacing
- e-RS Portal Accessibility
- PXP Payment Gateway
- Anti-Virus Exclusions
Overview
This article provides information on the minimum workstation and network/connectivity specifications to ensure optimal running of Compucare on Azure.
Hosting of Compucare
Compucare's database and associated APIs, services and web apps are hosted and managed by Streets Heaver from our Azure environment in UK South, with real-time replication of the database to UK West for auto-failover purposes.
The diagram below shows a high-level topology for Compucare's hosting environments and how these are connected to the client's network.
For more details on the hosting of Compucare and the technology in place, see the White Paper for Adoption of Compucare (on Azure).
Minimum Client PCs/Workstations
For the Compucare application itself, this will be initially downloaded from Compucare.streets-heaver.com which provides a downloadable self-updating Compucare client for the user to launch via an icon on their desktop.
The minimum hardware specification for PCs/workstations running Compucare are as follows:
- Microsoft Windows 10 Professional (SP1) or above (Windows 11 Professional recommended) - x64
- Intel Core i5 or above
- 8GB RAM or above
- 300mb free space per user accessing Compucare on a PC/workstation.
- Screen resolution of 1920 x 1080 with Windows recommended scaling
- Recommended 23” widescreen monitor or larger
- .NET8 Core Desktop - required for the Compucare Installer (https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-8.0.0-windows-x64-installer?cid=getdotnetcore)
User Access via Client EntraID (AAD)
Compucare is licenced by a total (maximum) number of purchased Named User Licences. Access to the application is via SSO using the client's Entra ID (formerly Azure Active Directory (AAD)). The client will have full control of the Named Users that they assign or unassign for access to the Compucare application, up to that maximum level (before additional named user licences need to be purchased).
To enable SSO for Compucare, the client will need an admin to grant consent for the Compucare 8 app registration (owned by Streets Heaver) into their Azure tenant. In particular, the following tenant permissions should be granted:
Compucare - delegated user permissions:
- openid
- User.Read
- User.ReadBasic.All
Report Generator - delegated user permissions:
- People.Read
- Presence.ReadWrite
- User.Read
- User.ReadBasic.All
Further details of Compucare's authentication with the client's AAD can be found within the Authentication Overview here: Overview of Azure SQL Databases and MS Entra ID (ex AAD) Authentication.
Azure Enterprise Application - Consents
You can grant consent to all applications via https://compucare-consent.streets-heaver.com/
Azure Enterprise Application & Security Groups
- It is recommended that all Enterprise Applications be configured as "Assignment Required".
- Each Enterprise Application has users assigned via Groups. An example of typical groups is as follows and would be split between Live and Test access:
- ReportGenerator_[organisation]_Live
- ReportGenerator_[organisation]_Test
- Compucare_[organisation]_Live
- Compucare_[organisation]_Test
Firewall/Network Requirements
Outbound exceptions to the Streets Heaver domains:
- compucare.streets-heaver.com
- Main Compucare product launcher
- tenants.streets-heaver.com443
- Compucare Authentication Services
- downloads.sh-cdn.co.uk443
- This is our CDN for downloading Compucare updates
- We recommend split tunnelling traffic to this to use remote users' direct internet connection instead of over the VPN to avoid congestion of application update downloads
- reports.streets-heaver.com
- Report Generator application
- clinician.streets-heaver.com
- Compucare Clinician application
- ward.streets-heaver.com
- Compucare Ward application
Outbound exception to the database servers (this will change based on the Azure estate):
- sql-compucare-test-uks-001.database.windows.net : 1433
- compucare-prod-failover-group-001.database.windows.net : 1433
- compucare-prod-failover-group-001.secondary.database.windows.net : 1433
Emailing Server (Via Compucare Service) Public IP's for configuration with Email Servers
- UKW 20.68.104.20
- UKS 51.143.156.137
Streets Heaver Firewall Configuration for Azure SQL Database - we allowlist the client's external IP to their Compucare SQL database, providing an additional layer of protection. All access to the SQL database will only be granted via an allowlist of IPs provided by the client. The expectation is that all traffic will be routed via a client's VPN to Azure SQL.
Connectivity Requirements for Compucare
- A single user at home/work - recommended 10 Mbps min download speed.
- Latency:
- <100 = Good
- 100 - 200 = Acceptable
- >200 = Poor
- For an organisation tunnelling all home/office workers - recommended 50 Mbps min download speed (per 500 named user connections to Compucare). This is subject to load and volume of traffic and use of the system, i.e. heavy use on attachments and blob data.
- For clients who do NOT currently have a VPN for all connections via a static IP/range, you can set up and use Azure VPN Gateway using a minimum of Gateway Type of "VpnGw1AZ" using P2S tunnels.
- When an Azure VPN Gateway (or any other Azure connections are required) it is necessary to set up an Azure Private Endpoint between the client's tenant and Streets Heaver's tenant. Please contact Streets Heaver for the SQL Resource IDs, which are available upon request.
- NOTE: It is necessary for the client’s subscription owner to register the provider below, if this is not registered then the Private Endpoint request will fail.
Portal Azure CLI PowerShell Subscriptions → (Resource provider)
Search for Microsoft.Sql → Registeraz provider register --namespace Microsoft.SqlRegister-AzResourceProvider -ProviderNamespace Microsoft.Sql
- It is essential that remote installations and places of work, e.g. mobile clinics and transient workers, verify a stable internet connection via the VPN and verify it before going live.
- Split Tunnelling is Recommended
- Compucare updates are approx. 250mb and can occur daily to all users, in which case it's advisable to consider this when setting up connectivity and the VPN traffic. As a minimum, ONLY SQL traffic needs to go via the VPN to:
- sql-compucare-test-uks-001.database.windows.net : 1433
- compucare-prod-failover-group-001.database.windows.net : 1433
- The current known list of IPs for the Azure 51.105.64.32/29, 51.105.72.32/29, 51.140.144.32/29, 51.143.209.224/27 as of March 2025, the current IP range are defined https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-architecture?view=azuresql
- Compucare updates are approx. 250mb and can occur daily to all users, in which case it's advisable to consider this when setting up connectivity and the VPN traffic. As a minimum, ONLY SQL traffic needs to go via the VPN to:
Connectivity Requirements for Interfacing
For HL7-based integration, an IPsec VPN will need to be established between the client's network or third party system's network and the Streets Heaver Data Centre. Both parties will then agree and establish the IPs and ports for their respective integration engines to both listen on and send to, to establish bi-directional messaging between systems.
e-RS Portal Accessibility
For accessing the e-RS website (https://ers.nhs.uk/) and Data Landing Portal (https://dsp-portal.national.nhs.uk/ ), you have two options:
- Sign up for the NHS CIS2 cards via the internet: https://digital.nhs.uk/services/care-identity-service/applications-and-services/cis2-authentication/smartcards-via-internet
- Un-installing any current versions of Identity Agent and Credential Management that may be installed on your laptop.
- Install the following https://ssp.dirteam.nhs.uk/dir/downloads/NHS.CredentialManagement.Setup-3.2.2.0.msi which will install both the internet facing Identity Agent and Credential Management software.
- Re-boot your laptop/PC once installed.
OR - Acquire your own HSCN connectivity
- Follow this guide https://digital.nhs.uk/services/care-identity-service/setting-up-and-troubleshooting/how-to-set-up-a-smartcard-user-workstation
In the short term, we will continue to facilitate the traditional Citrix connection for those few users required to use the Portal.
PXP Payment Gateway
Compucare 8 needs to have the correct workstation setup to be able to communicate with the PEDs.
Anti-Virus Exclusions
- %LocalAppData%\Compucare_8\*.*
- %LocalAppData%\Compucare_8Pre\*.*
- %LocalAppData%\Temp\*.*
- %LocalAppData%\CompucareInstaller_*
Or allowlist based on the Signed Certificate thumbprint.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article