Minimum System Requirements for Compucare (on Azure)

Created by Stuart Hymers, Modified on Wed, 30 Jul at 2:12 PM by Kyle Fotherby

Contents

 

Overview

This article outlines the minimum client-side hardware, software and connectivity requirements to run Compucare effectively in an Azure-hosted environment.

Compucare is delivered via a self-updating installer, available at https://compucare.streets-heaver.com.


Compucare Hosting Architecture

Compucare is hosted in Streets Heaver's Azure environment in UK South with real-time database replication to UK West for high availability and failover.

For detailed architecture, see the White Paper for Adoption of Compucare (on Azure).

 

Pre-Deployment Checklist

Use this checklist to ensure all requirements are met before deploying Compucare:


Azure Administrator

  • Security groups are assigned to the relevant Enterprise Applications
  • Consent has been granted for the required Azure Enterprise Applications
  • Entra ID is configured for single sign-on (SSO) in Compucare 8

Networking Administrator

  • External IP(s) has been whitelisted, or Azure VPN Gateway and Private Endpoints have been configured (if required)
  • Firewall and network access is configured (including URLs, ports, and IPs)
  • Internet connectivity meets minimum speed and latency thresholds
  • HL7 interfacing VPN is set up for integrations

Systems Administrator

  • Client PCs meet the minimum hardware and operating system specifications
  • .NET 8 Desktop Runtime is installed
  • Anti-virus exclusions have been added
  • e-RS portal access method is configured
  • PXP Payment Gateway workstations are configured


Minimum Client PC/Workstation Requirements

  • OS: Microsoft Windows 10 Professional (SP1) 64-bit or later (Windows 11 Professional recommended)
  • CPU: Intel Core i5 or above
  • RAM: 8GB RAM or above
  • Storage: 300MB free space per user accessing Compucare on a PC/workstation.
  • Display: 1920 x 1080 resolution with Windows recommended scaling & 23” widescreen monitor or larger
  • .NET Runtime: .NET 8.0 Desktop Runtime

 

User Access via EntraID

Compucare supports SSO through Microsoft Entra ID (formerly Azure Active Directory). Licences are based on Named Users managed by the client.

To enable SSO for Compucare, the client will need an admin to grant consent for the Compucare 8 app registration into their Azure tenant and allow the following permissions:

  • Compucare:
    • openid
    • User.Read
    • User.ReadBasic.All
  • Report Generator:
    • People.Read
    • Presence.ReadWrite
    • User.Read
    • User.ReadBasic.All


See Overview of Azure SQL Databases and MS Entra ID (ex AAD) Authentication.


Azure Enterprise Application Consents

All applications can be granted consent at https://compucare-consent.streets-heaver.com/

ApplicationAzure Enterprise Application IDConsent URL
Compucare-https://compucare-consent.streets-heaver.com/compucare
Compucare Authentication Services

Client Console
cdf3f8be-3c73-4f69-a0da-7690107708bdhttps://compucare-consent.streets-heaver.com/?state=tenantServer
Compucare 845404467-1a84-4afd-8a21-36d3b94b0e4bhttps://compucare-consent.streets-heaver.com/compucare8
Compucare Clinician1c297e4a-4dc4-4a7a-a03f-3e7ae4f18e49https://compucare-consent.streets-heaver.com/clinician
Compucare Wardbebb9cb0-74bb-4f0b-8826-df6f54eea28dhttps://compucare-consent.streets-heaver.com/ward
Report Generator835fd79b-9087-406b-889e-8167cfbf864dhttps://compucare-consent.streets-heaver.com/reportGenerator
Report Generator API43e92ffc-e310-41d7-b9eb-b1ae93127b50https://compucare-consent.streets-heaver.com/reportGenerator
Compucare 8 APIb196010e-0b1d-4964-be33-e797fa29a66ahttps://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=b196010e-0b1d-4964-be33-e797fa29a66a&redirect_uri=https://compucare-consent.streets-heaver.com&state=4&scope=.default&nonce=abcde&prompt=consent
Clinician App7381cc0d-bab3-4f1e-9b93-ff3e39b06239https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=7381cc0d-bab3-4f1e-9b93-ff3e39b06239&redirect_uri=https://compucare-consent.streets-heaver.com&state=4&scope=.default&nonce=abcde&prompt=consent


Azure Enterprise Application Security Groups

  • Set all Enterprise Applications to "Assignment Required".
  • Assign access via security groups such as:
    • Compucare_[organisation]_Live
    • Compucare_[organisation]_Test
    • ReportGenerator_[organisation]_Live
    • ReportGenerator_[organisation]_Test


Firewall/Network Requirements

Allow outbound connections to:

  • compucare.streets-heaver.com - Main Compucare product launcher
  • tenants.streets-heaver.com:443 - Compucare Authentication Services
  • downloads.sh-cdn.co.uk:443 - CDN for Compucare updates
  • reports.streets-heaver.com - Report Generator
  • clinician.streets-heaver.com - Compucare Clinician
  • ward.streets-heaver.com - Compucare Ward

SQL Database Endpoints:

  • sql-compucare-test-uks-001.database.windows.net:1433
  • compucare-prod-failover-group-001.database.windows.net:1433
  • compucare-prod-failover-group-001.secondary.database.windows.net:1433

Public IPs for Outbound email services (via the Compucare Service):

  • UKW 20.68.104.20
  • UKS 51.143.156.137

Access to the Compucare database is restricted to an allowlist of external IP addresses provided by the client. All traffic must route through the client’s VPN to Azure SQL.


Connectivity Requirements for Compucare

This section describes the minimum bandwidth, VPN and Endpoint requirements for Compucare on Azure.


Individual Users

  • Minimum download speed: 10 Mbps
  • Latency:
    • <100ms = Good
    • 100-200ms = Acceptable
    • >200ms = Poor


Organisations with a centralised VPN

  • Minimum download speed: 50Mbps per 500 named users
  • Split-tunnelling is recommended to reduce VPN load
    • Compucare updates (~250 MB) may be delivered daily to all users, so this should be factored in when configuring connectivity and VPN traffic. 
    • At a minimum, only SQL traffic needs to go through the VPN to the following endpoints:
      • sql-compucare-test-uks-001.database.windows.net:1433
      • compucare-prod-failover-group-001.database.windows.net:1433
    • Refer to Microsoft’s Connectivity Architecture article for the latest list of Azure IP addresses.

Actual performance is dependent on system usage, including the volume of attachments and blob storage.


VPN requirements for clients without an existing VPN

Clients without an existing VPN must:

  • Deploy Azure VPN Gateway with a minimum gateway SKU of "VpnGw1AZ" using P2S tunnels. 
  • Set up an Azure Private Endpoint with Streets Heaver
    • Please contact Streets Heaver for the SQL Resource IDs.
  • Register Microsoft.sql as a resource provider on your Azure subscription using any of the following methods:
    • Azure Portal:
      1. Go to Subscriptions.
      2. Select your subscription, then click Resource providers.
      3. Search for Microsoft.Sql.
      4. Click Register.
    • Azure CLI:
      1. Run the command:
        az provider register --namespace Microsoft.Sql
    • Powershell:
      1. Run the command:
        Register-AzResourceProvider -ProviderNamespace Microsoft.Sql

It is essential that remote installations and places of work, e.g. mobile clinics and transient workers, verify a stable internet connection via the VPN before going live.


Connectivity Requirements for Interfacing

An IPsec VPN is required for HL7 integration between the client or 3rd-party networks and Streets Heaver's data centre. IPs and ports for bidirectional messaging are agreed upon during setup.

 

e-RS Portal Accessibility

You can access e-RS and the Data Landing Portal using one of the following options:


NHS Smartcards

  1. Sign up for the NHS CIS2 smartcards.
  2. Uninstall any existing versions of Identity Agent and Credential Management.
  3. Install the latest version of Identity Agent and Credential Management from NHS Digital.
  4. Once installed, reboot your PC/laptop.


HSCN Connectivity

  1. Acquire your own HSCN connectivity.
  2. Follow NHS Digital's guide on How to Set Up a Smartcard User Workstation

In the short term, Streets Heaver will continue to facilitate the traditional Citrix connection for legacy users.


PXP Payment Gateway

Ensure all PED (Pin Entry Device) workstations are correctly configured to communicate with the payment service. Contact Streets Heaver for setup guidance.


Anti-Virus Exclusions

Add the following paths to your anti-virus exclusions:

  • %LocalAppData%\Compucare_8\*.*
  • %LocalAppData%\Compucare_8Pre\*.*
  • %LocalAppData%\Temp\*.*
  • %LocalAppData%\CompucareInstaller_*

Alternatively, allowlist using the Signed Certificate thumbprint.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article