Contents
- Overview
- Compucare Hosting Architecture
- Pre-Deployment Checklist
- Minimum Client PC/Workstation Requirements
- User Access via EntraID
- Firewall/Network Requirements
- Connectivity Requirements for Compucare
- Connectivity Requirements for Interfacing
- e-RS Portal Accessibility
- PXP Payment Gateway
- Anti-Virus Exclusions
Overview
This article outlines the minimum client-side hardware, software and connectivity requirements to run Compucare effectively in an Azure-hosted environment.
Compucare is delivered via a self-updating installer, available at https://compucare.streets-heaver.com.
Compucare Hosting Architecture
Compucare is hosted in Streets Heaver's Azure environment in UK South with real-time database replication to UK West for high availability and failover.
For detailed architecture, see the White Paper for Adoption of Compucare (on Azure).
Pre-Deployment Checklist
Use this checklist to ensure all requirements are met before deploying Compucare:
Azure Administrator
- Security groups are assigned to the relevant Enterprise Applications
- Consent has been granted for the required Azure Enterprise Applications
- Entra ID is configured for single sign-on (SSO) in Compucare 8
Networking Administrator
- External IP(s) has been whitelisted, or Azure VPN Gateway and Private Endpoints have been configured (if required)
- Firewall and network access is configured (including URLs, ports, and IPs)
- Internet connectivity meets minimum speed and latency thresholds
- HL7 interfacing VPN is set up for integrations
Systems Administrator
- Client PCs meet the minimum hardware and operating system specifications
- .NET 8 Desktop Runtime is installed
- Anti-virus exclusions have been added
- e-RS portal access method is configured
- PXP Payment Gateway workstations are configured
Minimum Client PC/Workstation Requirements
- OS: Microsoft Windows 10 Professional (SP1) 64-bit or later (Windows 11 Professional recommended)
- CPU: Intel Core i5 or above
- RAM: 8GB RAM or above
- Storage: 300MB free space per user accessing Compucare on a PC/workstation.
- Display: 1920 x 1080 resolution with Windows recommended scaling & 23” widescreen monitor or larger
- .NET Runtime: .NET 8.0 Desktop Runtime
User Access via EntraID
Compucare supports SSO through Microsoft Entra ID (formerly Azure Active Directory). Licences are based on Named Users managed by the client.
To enable SSO for Compucare, the client will need an admin to grant consent for the Compucare 8 app registration into their Azure tenant and allow the following permissions:
- Compucare:
- openid
- User.Read
- User.ReadBasic.All
- Report Generator:
- People.Read
- Presence.ReadWrite
- User.Read
- User.ReadBasic.All
See Overview of Azure SQL Databases and MS Entra ID (ex AAD) Authentication.
Azure Enterprise Application Consents
All applications can be granted consent at https://compucare-consent.streets-heaver.com/
Azure Enterprise Application Security Groups
- Set all Enterprise Applications to "Assignment Required".
- Assign access via security groups such as:
- Compucare_[organisation]_Live
- Compucare_[organisation]_Test
- ReportGenerator_[organisation]_Live
- ReportGenerator_[organisation]_Test
Firewall/Network Requirements
Allow outbound connections to:
- compucare.streets-heaver.com - Main Compucare product launcher
- tenants.streets-heaver.com:443 - Compucare Authentication Services
- downloads.sh-cdn.co.uk:443 - CDN for Compucare updates
- reports.streets-heaver.com - Report Generator
- clinician.streets-heaver.com - Compucare Clinician
- ward.streets-heaver.com - Compucare Ward
SQL Database Endpoints:
- sql-compucare-test-uks-001.database.windows.net:1433
- compucare-prod-failover-group-001.database.windows.net:1433
- compucare-prod-failover-group-001.secondary.database.windows.net:1433
Public IPs for Outbound email services (via the Compucare Service):
- UKW 20.68.104.20
- UKS 51.143.156.137
Access to the Compucare database is restricted to an allowlist of external IP addresses provided by the client. All traffic must route through the client’s VPN to Azure SQL.
Connectivity Requirements for Compucare
This section describes the minimum bandwidth, VPN and Endpoint requirements for Compucare on Azure.
Individual Users
- Minimum download speed: 10 Mbps
- Latency:
- <100ms = Good
- 100-200ms = Acceptable
- >200ms = Poor
Organisations with a centralised VPN
- Minimum download speed: 50Mbps per 500 named users
- Split-tunnelling is recommended to reduce VPN load
- Compucare updates (~250 MB) may be delivered daily to all users, so this should be factored in when configuring connectivity and VPN traffic.
- At a minimum, only SQL traffic needs to go through the VPN to the following endpoints:
- sql-compucare-test-uks-001.database.windows.net:1433
- compucare-prod-failover-group-001.database.windows.net:1433
- Refer to Microsoft’s Connectivity Architecture article for the latest list of Azure IP addresses.
Actual performance is dependent on system usage, including the volume of attachments and blob storage.
VPN requirements for clients without an existing VPN
Clients without an existing VPN must:
- Deploy Azure VPN Gateway with a minimum gateway SKU of "VpnGw1AZ" using P2S tunnels.
- See What is Azure VPN Gateway? and VPN Gateway Pricing for more information.
- Set up an Azure Private Endpoint with Streets Heaver
- Please contact Streets Heaver for the SQL Resource IDs.
- Register Microsoft.sql as a resource provider on your Azure subscription using any of the following methods:
- Azure Portal:
- Go to Subscriptions.
- Select your subscription, then click Resource providers.
- Search for Microsoft.Sql.
- Click Register.
- Azure CLI:
- Run the command:
az provider register --namespace Microsoft.Sql
- Run the command:
- Powershell:
- Run the command:
Register-AzResourceProvider -ProviderNamespace Microsoft.Sql
- Run the command:
- Azure Portal:
It is essential that remote installations and places of work, e.g. mobile clinics and transient workers, verify a stable internet connection via the VPN before going live.
Connectivity Requirements for Interfacing
An IPsec VPN is required for HL7 integration between the client or 3rd-party networks and Streets Heaver's data centre. IPs and ports for bidirectional messaging are agreed upon during setup.
e-RS Portal Accessibility
You can access e-RS and the Data Landing Portal using one of the following options:
NHS Smartcards
- Sign up for the NHS CIS2 smartcards.
- Uninstall any existing versions of Identity Agent and Credential Management.
- Install the latest version of Identity Agent and Credential Management from NHS Digital.
- Once installed, reboot your PC/laptop.
HSCN Connectivity
- Acquire your own HSCN connectivity.
- Follow NHS Digital's guide on How to Set Up a Smartcard User Workstation.
In the short term, Streets Heaver will continue to facilitate the traditional Citrix connection for legacy users.
PXP Payment Gateway
Ensure all PED (Pin Entry Device) workstations are correctly configured to communicate with the payment service. Contact Streets Heaver for setup guidance.
Anti-Virus Exclusions
Add the following paths to your anti-virus exclusions:
- %LocalAppData%\Compucare_8\*.*
- %LocalAppData%\Compucare_8Pre\*.*
- %LocalAppData%\Temp\*.*
- %LocalAppData%\CompucareInstaller_*
Alternatively, allowlist using the Signed Certificate thumbprint.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article