From our Swindon Correspondent:
Health chiefs are to spend £40million cutting the time doctors and nurses waste logging on to computers.
Health Secretary Matt Hancock said the money will help deliver ‘the most basic frontline technology upgrades’ to staff using outdated systems.
In October, the head of the Royal College of GPs told him that it took her up to 17 minutes to log in to her surgery computer each day.
Professor Helen Stokes-Lampard said she was still using the Windows 7 operating system.
Mr Hancock replied that such delays she endured were ‘totally outrageous’.
Look, you can’t go blaming Windows 7 for this. I’ve worked on Windows 7 systems that were reasonably quick and logged in within a few seconds. This is whatever’s behind Windows 7.
BTW They do know Windows 7 support ends on 14th January 2020, 10 days from now? Any nasty exploits someone spots won’t get a patch from Microsoft, and you’ve been told about this for years. The army of bureaucrats running the NHS know this, right?
Staff currently have to sign in to up to 15 computer systems each of which requires individual details.
Busy staff have to remember multiple passwords – or pose a security risk by using the same one across all their systems.
Bit of insider corporate IT stuff about this sort of thing…
Every large organisation I know has all their main user systems on single-sign on (SSO). It really isn’t that hard to do. Back in 2004, I was working on systems that used IBM’s Websphere single sign-on technology. User logs in on once and then any website they go to that is known as a business service gets a header with a username. The application just gets the username (useful for various purposes).
I know companies that just run all their internal web stuff, and simply get the username sent through from Windows (this used to be called Kerberos but it might be NTLM, not really my end of things). Anyway, it’s out of the bag on a Windows network and basically free. You can even use things like active directory to manage user permissions, so an application can say “does this user have access to do this”. Easy peasy lemon squeezy.
And if you want to avoid that, and go with the all-singing all-dancing option for both internal and external users, where it doesn’t matter which desktop they’re on or the server they’re on, and want things like two factor authentication, there’s things like OAuth 2.0 which is basically free, a doddle to set up and is how things like authorising apps to use your Facebook and Google accounts work and has been kicking around for 5 years or so. When you’re authorising a funny cats app, they managed to set up OAuth 2.
What’s ironic is that the NHS is a centralised, hierarchical, Stalinist structure, but in the one area where the Stalinism is actually useful, they aren’t doing it. Having one password for all applications is good for security, good for productivity.
Everyone who does this now uses kerberos. Ntlm is an old Windows way and only really worked with Internet explorer. The username header bit is broadly correct. Kerberos is a technology for authenticating the user header is correct. Active directory is a combination of kerberos and ldap. Ldap is a database used for storing usernames, passwords and anything else useful.
I was teaching Kerberos in the early noughties. Well-established technology back then (if not so easy to use as it is today).
The only way I could get anywhere near a £40M cost for this would be if every change had to be hand-installed from a floppy disk. Which, knowing how the NHS works, is almost certainly what’s going to happen.
PS Extended Win7 support is available from M$ for a small financial consideration. Search for “Extended Security Update (ESU) program”.
I have to say that I don’t generally know the details. I’ve done some applications with Windows Authentication and on the server side coding, it’s very simple.
With the Oauth stuff, we just had a library that we called that gave us the user name and permissions.
Most likely the NHS have multiple providers who are responsible for different parts (PC on ward, servers in back-office, applications etc) who don’t want to work with each other.
Not helped that the contracts won’t have bothered to specific interworking in any detail and, even if they did, they won’t have people who can hold the likes of Crapita to them.
That shouldn’t really be a problem. What is a problem is not having an SSO strategy and specifying it in the contract. And that isn’t about Crapita running rings around people. People always say this, but that’s just excusing how crap the civil service is. It’s not hard to write that sort of clause in a contract.
I’m currently working in the NHS upgrading GPs’ PCs to Windows 10, and nothing in the original article strikes true. Staff member sits in front of PC, Ctrl-Alt-Delete, type in name and password, insert smart card, logged on and applications running within ten seconds. The only times there are any log-on delays is when somebody logs on for the first time to one of the brand new PCs I’ve just installed as the profile is rebuilt – but that’s a one-off issue. If the OP is taking 17 minutes to log onto her computer, she’s really screwed it up. Is… Read more »
@jgh
As you say, 17 min logon even with slow network seems a lie or self-inflicted
An ‘always click Yes/OK’ person
Free Trial/Version of AVG, Avira, Bitdefender, Kasperksky, McAfee, Sophos, Trend etc all running
Heavy pretty themes, screen-savers, wallpapers running
Swap file being thrashed…
As for Matt “Chinless Wonderboy” Hancock – a know nothing throwing other people money at his problem and hoping something works
Hmm, rather like a drug addict stealing for next temporary fix
Ease of use (including quick and easy log-in) is a value. But there is an unlimited number of other values. And in a single system to serve everyone, each value is represented by a committee, all managed by a headless monster, with no recourse when one of the values is pursued to obsession. I tend to agree with JGH that it usually doesn’t take 17 minutes to log in; but if it did given the essence of the NHS, it would be unsurprising. There would be a good policy reason, too, why that patient died of thirst in the corridor.