The Public Services Network (PSN)
The Public Services Network (PSN) provides UK Public Sector organisations with a standardised ICT environment – a single assured network and a set of network services (voice, unified communications and video) from accredited providers via a simplified procurement process (latest being RM1045 – Network Services).
The principles of PSN were established in late 2008 and it certainly has been a large part of my career with Cisco to help Government and the wider Public Sector achieve direct cost savings and transform how Public Sector organisations operate and how they deliver citizen services.
Government has now stated that “The internet is ‘ok’ ” and signalled its intent to move away from the PSN and future services should be made available on the Internet.
“It was clear that everyone agreed we could just use the Internet….. ….we’re on a journey away from the PSN”.
So what does that mean?
Well, it recognises that user requirements have changed and the traditional private Wide Area Network (WAN) architecture is evolving, as they were designed to support predictable traffic flows between clients in remote offices and server based applications in private data centres.
Today, WAN technologies are struggling to combat sophisticated cyber-threats, or keep up with the requirements of today’s mobile workforce and their use of Internet of Things (IoT) devices and new cloud applications. They need to securely connect to multiple public and private clouds, enable location independent working with ubiquitous guest and corporate WiFi and provide a consistent end-user experience at a lower cost.
So how do you design for Internet by default?
GDS have offered some advice in the network principles, which are sound and based on good practices, as follows:
- Principle 1: Understand the user need – design for a roaming user base.
- Principle 2: Use services to protect your data, don’t rely on the network – layer your security
- Principle 3: Design for interworking and flexibility – open standards
Evolved user needs, new technology innovations and changes in security policy are all shaping the future direction of PSN, but many of the original core principles of PSN still apply today, which can be summarised in the following 5 C’s:
- Cost: Lower the cost of running Telecoms with simplified procurement and economies of scale;
- Consolidation: From 2000+ silo’ed networks to a single network of networks;
- Connected: Deliver a platform for shared services;
- Compliance: Assured communication within Public Sector with compliance and codes of connection;
- Competition: An open marketplace of suppliers using open standards and interoperability.
One that resonates the most is cost reduction and economies of scale, as many public sector entities have achieved greater savings through partnerships and shared services working together to consolidate their requirements and going to market for Regional PSN’s. These regional partnerships should be enhanced along with the benefits of taking a strategic approach to infrastructure design and aggregated procurement.
Compliance & Assurance
PSN involved various codes of connection for consumers, providers and inter-provider connectivity, which was necessary to build trust and share data securely. Products that handled encryption services required NCSC Commercial Product Assurance (CPA) and Cisco certified various core networking products i.e. ISR/ASR Routers, Firewalls and AnyConnect VPN client. Will CPA product assurance continue to be a requirement?
Open Standards and Competition
The technologies used will need to be based on open standards and interoperable to create a marketplace of suppliers to drive down costs for Public Sector. Interoperability is embedded in the core network principles including the need to design for a roaming user base.
So what will the post-PSN era look like?
These changes are shifting the emphasis away from fixed length private MPLS WAN contracts towards Internet connectivity and the PSN needs to adjust based on where the data and applications are hosted. Therefore, WAN requirements are directly linked to an organisations Cloud Adoption Journey i.e. Private DC First, Cloud First or Cloud Native. I recently reviewed cloud connectivity approaches and made some specific recommendations in the following blog.
Ultimately, a one-size-fits-all approach is not agile enough to cater for the diverse user needs across the UK Public Sector, so the following range of connectivity approaches will emerge:
1. Direct Cloud Access: Dedicated links, or a cross connect via a carrier, can connect cloud providers to your network infrastructure directly.
2. Indirect Cloud Access: Use existing Internet connections and a secure VPN network to extend your network policies and gain visibility into the public cloud.
3. Software Defined WAN: The Internet can offer an alternative to MPLS networks with flexible VPN services leveraging SD-WAN technologies. This will largely depend on user requirements like application availability and SLA’s, as the Internet does not offer Quality of Service (QoS).
4. Hybrid WAN: Some use-cases may require a hybrid WAN with mix of both MPLS and SD-WAN connections, to offer users enhanced security or QoS during periods of peak demand.
5. Secure Agile Exchange: A hybrid cloud networking approach designed to reduce circuit costs, virtualise edge network (DMZ) functions and orchestrate with common policy enforcement for distributed consumers and providers. This is a strategic approach to rationalise the number of distributed DMZ environments across public cloud providers and remove duplication of cost.
6. Secure Internet Gateway (SIG): Some applications may be re-platformed and sourced as SaaS, which are accessed via the Internet and secured using application encryption i.e. SSL/TLS. A cloud based Secure Internet Gateway can act as the first line of defence for roaming users and offices with direct Internet access.
Government and Industry will need to work together to define best practices for each of these approaches and publish guidance across various areas like Technology, Security, Service Management and Procurement:
- · Technology: technical standards and interoperability whilst taking advantage of innovations e.g. 5G;
- · Security: minimum appropriate security standards, product and service assurance requirements;
- · Operations & Service Management: exploiting new self-service models – build vs buy models;
- · Procurement: simplified procurement whilst maintaining standards and economies of scale.