WIXLIB

Five Year forward viewFor XXX NHS Foundation TrustRE: T20200219.0192Version 1 28 January 2021

ContentsThe Challenge . 3Proposed Solution . 4Hardware & Software Discovery . 4Routers, Switches and Firewall devices . 4Wireless Access Points . 6Indicative Replacement Products . 7Five Year forward viewCONFIDENTIAL SENSITIVEPage 1 of 11

Version ControlVersionDate 020DraftDraftDraft Document for Internal ReviewAdjusted BOM to reflect Timeline1.022/04/2020ReleaseWayne MartinWayne MartinReeceHardstaffCisco Confirmation added and ReleaseContactsNameCompanyRoleEmailPhoneWayne MartinReece HardstaffCAECAEStrategic Tech LeadAccount .com07980 952 95107976 861 605Adam GrayCAEHead of care and LocalGovernmentAdam.Gray@caeuk.com07870 975 810Important NoteThis document and the information contained therein, is confidential and remains the property of CAETechnology Services Limited (CAE). The document may not be reproduced, or the contents transmitted to anythird party without the express consent of CAE.In absence of any specific provision, this document has consultative status only. It does not constitute acontract between CAE and any other party. Furthermore, CAE does not accept liability for the contents of thedocument, although it has used reasonable endeavours to ensure accuracy and correct understanding.Five Year forward viewCONFIDENTIAL SENSITIVEPage 2 of 11

Executive SummaryThe ChallengeXXX NHS Foundation Trust have a large and distributed Enterprise network. A large percentage of the equipmenthas passed the last day of hardware or software support, this presents a risk to application availability for staffand patients. This means that XXX NHS Foundation Trust need to plan to replace the existing network over thecoming years.CAE are acutely aware of the relationship between XXX NHS Foundation Trust and XXX University Hospital NHSFoundation trust. As such, we need to factor in the dependency XXX NHS Foundation trust have on sharedinfrastructure. Due to the different care and services provided by the two organisations, the obvious scenariowhich could harbour contention would be the Wireless Infrastructure as the wireless dependencies of an acutehospital differ greatly from a mental and social care provider.CAE has been asked to produce a high-level five-year strategy and proposal for replacing the network whichincludes equipment recommendations, indicative costs, including any caveats and a logical order/timeline forthe project. This document will form the initial phase of the five-year forward view by identifying the key networkcomponents and identifying the End of Life status and proposing possible replacements.At this time, no technical and functional requirements have been discussed with the Trust. We are also yet tocover business requirements and outcomes, which are fundamental to the construction of a comprehensivenetwork strategy. The view would be for CAE to align this network strategy to the published strategic approachset out by XXX NHS Foundation Trust, with a Key focus on; Supporting our leading and develop our culture of continuous innovation and improvementTo maximise the value of digital and technology that enhance the electronic record and improve ourefficiency.In doing so, we ensure that the business case proposed, has been created with a view to not only improve thenetworking capability of XXX NHS Foundation Trust, but with a view to help achieve the wider trust objectives.CAE suggest the following principles be adopted as a foundation to the networking strategy: Replace all items that have reached their Last day of Support (LDOS) Milestone;Consider replacing all items that will reach their last day of support (LDOS) milestone before end ofCY2021;Replace all item that have reached their End of Software Maintenance (EOSWM) milestone;Consider replacing all items that will reach their last day of Software maintenance before the end of2021;Estimated Cost over the 5 Year Replacement ProgrammeYear 1Year 2Year 3Year 4Year 5Wireless Replacement for EOL EquipmentWireless for full deployment - OptionalFive Year forward viewCONFIDENTIAL SENSITIVE 0 0 0 0 0.00 – Subject to change if items go EOL in 2020 0 0Page 3 of 11

Proposed SolutionCAE have proposed a solution that is based on the latest Cisco Technology as part of this engagement we will: Work with the Trust to develop a network strategy for the next five years;Agree at what point on the Lifecycle components should be replaced (EoSWM or LDoS);Develop a prioritised program of works to provide replacement hardware in line with:o EoSWM milestones;o LDoS milestones;A replacement for all access layer switches based on Cisco 9000 series switches that will offerimproved performance and future support working towards a software defined network. We haveassumed all switches will be 1:1 replaced;A like for like replacement for routers based on the ISR1000 series Integrated Services routers;A like for like replacement of the ASA firewalls with the Firepower Threat Defence (FTD) appliances;High level timeline/priority for technology replacement.Note: Various options are open to the Trust and CAE would welcome the opportunity to discuss these optionsin further detail.Hardware & Software DiscoveryFollowing the latest Agility Intelligence (AI) audit, we have analysed the output and discovered the datapresented in the following tables. These tables show the discovered components with an “End of Sales” (EoS)announcement (Table1) and devices that are currently In-Life (Table2). Wireless Access Points are shown inTable 3 and have been separated from the main replacement programme, due to the current sharedenvironment held between XXX NHS Foundation trust and XXX University Hospital, CAE believe a discussionneeds to be held to understand how XXX NHS Foundation Trust would like to move forward with this platform.Cisco have a well-defined end of life policy for their products. Generally, a product will receive an End of Sale(EoS) notification six months prior to Cisco ceasing the sale of the product, several key milestones are thenreached through a five-year period until the product reaches the “Last day of Support” (LDoS). Once theproduct reaches LDoS it is said to be obsolete and support via Cisco or a Cisco Partner is no longer possible.Other key dates on the Lifecycle milestones include the “End of Software Maintenance” (EoSWM). When thisdate is reached the production of new software, bug fixes and feature enhancements cease. No furthersoftware development is available on the platform following this l-policy.htmlRouters, Switches and Firewall devicesFourteen (14) of the hardware components discovered during the latest Agility Intelligence audit were found tobe beyond their LDoS. An additional seventy-one (71) devices have an EoS announcement and have reached orexceeded the EoSWM milestone (Table 1).We also discovered one hundred and seven (107) in-life components during the AI audit including switches andfirewalls. These components (table 2) are all in-life (still purchasable from Cisco systems) with no EoSnotifications.In table 1 below, we have only included major items. Items such as power supplies, SFP’s and sub moduleshave not been included, a full breakdown is available on request.Five Year forward viewCONFIDENTIAL SENSITIVEPage 4 of 11

ProductQtyEoSWMLDOSLink to EOS NoticeLast Day of Support 2015 - ObsoleteWS-C3750-24PS-S204/07/201331/07/2015LINK To EOSWS-C3750-48PS-E305/07/201331/07/2015LINK To EOSWS-C3750-48PS-S406/07/201331/07/2015LINK To EOSLast Day of Support 2016 - ObsoleteCISCO878-K9109/05/201231/05/2016LINK To EOSCISCO1841131/10/201431/10/2016LINK To EOSCISCO877W-G-E-K9119/12/201231/12/2016LINK To EOSLast Day of Support 2018 - ObsoleteWS-C3750G-12S-E130/01/201431/01/2018LINK To EOSWS-C3750G-12S-S130/01/201431/01/2018LINK To EOSLast Day of Support 2021WS-C3750V2-24PS-S214/05/201731/05/2021LINK To EOSWS-C3750V2-48PS-S714/05/201731/05/2021LINK To EOSWS-C3750X-12S-E130/10/201731/10/2021LINK To EOSWS-C3750X-48PF-S2730/10/201731/10/2021LINK To EOSWS-C3750X-48PF-E530/10/201731/10/2021LINK To EOSWS-C3750X-48P-S1730/10/201731/10/2021LINK To EOSWS-C3750X-24P-S430/10/201731/10/2021LINK To EOSWS-C3750X-48P-E130/10/201731/10/2021LINK To EOSWS-C3750X-48T-S230/10/201731/10/2021LINK To EOSWS-C3750X-24P-E130/10/201731/10/2021LINK To EOSWS-C3750X-48T-E230/10/201731/10/2021LINK To EOSLast Day of Support 2022ASA55121N/A31/08/2022LINK To EOSLast Day of Support 2024C897VAW-E-K9119/03/202031/03/2024LINK To EOSTable 1 - End of Life ComponentsProductEoSWMLDOSIn-Life Products – Currently -S4---WS-C3650-48FS-S36---Five Year forward viewCONFIDENTIAL SENSITIVEQtyLink to EOS NoticePage 5 of 11

ASA550612---C1117-4P1---Table 2 – In-Life ComponentsWireless Access PointsThe Agility Intelligence audit also identified many Access Points that have reached their LDoS (167). A further259 have gone beyond the EoSWM milestone. The audit also discovered 232 1800 series AP’s. These are allcurrently available and have no EoS notification at the time of writing.All wireless Access Points are tethered to the OUH Wireless LAN Controllers (WLC) and are currently runningAireOS version 8.3.143.0. As the WLC hosts several different AP Models, the software utilised must be acompromise between the latest functionality and AP’s models deployed. This means that the latest (and CAERecommended) Access Point models cannot be added to the existing Wireless LAN controller.For example, if the 9115 Wi-Fi-6 AP’s were added to the current deployment, AireOS version 8.9.100.0 wouldbe required. In this case all the AP’s (418 in total) except for the AIR-OEAP1810-E-K9 and the AIR-AP1832I-EK9 would need to be replaced. If we were required to purchase a new WLC, there are further complexities aswe’d need a WLC capable of running the older AireOS version. We could implement the Cisco 5520 WirelessController (support for up to 1500 AP’s). If we want to utilise the latest technology a replacement of the olderAccess Points would be necessary.ProductQtyEoSWMLDOSLink to EoS NoticeLast Day of Support 2018 - nk to EoSAIR-LAP1042N-E-K93801/10/201430/09/2018Link to EoSAIR-LAP1142N-E-K9302/03/201431/03/2018Link to EoSAIR-CAP1602E-E-K93029/12/201731/12/2021Link to EoSAIR-CAP1602I-E-K917429/12/201731/12/2021Link to EoSAIR-CAP3602I-E-K94729/12/201731/12/2021Link to EoSAIR-OEAP1810-E-K9829/10/202031/10/2024Link to EoS---Last Day of Support 2021In-Life Products – Currently availableAIR-AP1832I-E-K9232Table 3 – Wireless Access PointsThe following table Illustrates the earliest and latest software required for each access point type deployedwith the latest 9100 series and 4800 series AP’s added to the table to illustrate the challengeProductDeployed Access PointsAIR-LAP1041N-E-K9AIR-LAP1042N-E-K9Five Year forward viewCONFIDENTIAL SENSITIVEEarliest Supported VersionFinal Supported version7.0.98.08.3.x7.0.98.08.3.xPage 6 of 11