What is our primary use case?
We are West Suffolk NHS Foundation Trust, a 496-bed hospital in a fairly rural part of Suffolk in England. As a care provider we provide hospital and community health services with around 3,200 staff at the hospital and a further 650 community staff who work in local clinics and in patients' homes. On 1st April 2020, we acquired our first primary care practice as part of our move towards being an integrated care system.
In terms of Citrix our biggest use case is for remote access and remote control. The former provides a VPN connection and the latter a published desktop. Prior to the onset of the COVID virus we had a 200 concurrent connection license covering both types of connection but today, following an NetScaler upgrade we now have a license for 1,000 concurrent users. Typically we're running 500 to 600 connections out to those locations every day.
Our hospital systems are a mix of SaaS and on-premise solutions. Our primary clinical platform is the Cerner Millennium electronic patient record (EPR) system, and that is delivered entirely over Citrix. However, we also use Citrix on-premises to deliver a range of services, including modern workspace, sharefile, load balancing (over 4 NetScaler’s) and of course remote control and remote access. Recently we have been working with Citrix to develop a thin-client workstation-on-wheels, for use on our hospital wards and believe this to be the first of its type. That's really where the relationship with Citrix has stepped up, because we're doing some new, innovative work.
We've consolidated all of our previous licenses into the latest version of the Citrix Workspace Premium Plus package to optimise the value received from the investment and are shortly to tender for a new support package that we expect will see us engage directly with Citrix.
How has it helped my organization?
The Citrix technologies allows us to do some clever things. For example, it has enabled our Radiologists review images that are quite large at home. Imagine trying to squeeze a 20Gb mammogram down a broadband connection, it is simply not practical. Yet by combining the Citrix technology with a specialist workstation from our Imaging partner, we're now able to have radiologists working successfully from home, reviewing MRIs, CTs, plain films, etc., because all we're sending are keystrokes and screen updates.
In terms of Security. Our organization is one of only four UK hospitals within the NHS to have achieved the Cyber Essentials Plus security accreditation. My organization takes security very seriously. In fact, as far as I know, we're the only NHS hospital that has three full-time staff who work on security within the IT department. We very much take that Zero Trust position and ensure that we provide the necessary policies and controls to protect our organization, but not to the point where we impact our agility or flexibility in terms of supporting people who genuinely have a need.
We've built a strategic relationship with Citrix and we use a lot of their products for everything that we do. I would rate the Citrix stack highly as an end-to-end solution for implementing Zero Trust principles. It's allowed us to do a lot of things quickly and flexibly, and some of the functionality that has become available as we've moved into the newer, more advanced versions of the Citrix software, have proved very beneficial.
What is most valuable?
Among the most valuable features is the Citrix Receiver which allows us to drive that thin-client connection, and the remote control/remote access capabilities. Those things have allowed us to connect an awful lot of people quickly from home and that's obviously helped during the pandemic. There's a concern right now that a second wave of the Corona pandemic is on its way so we're gearing up now to enable a second wave of staff work either from home or from an alternate location. This way we can reduce the number of non-clinical staff in the hospital whilst not degrading the services we provide in any way. Fundamentally we are seeking to keep the number of staff working at the hospital down to only those who actually need to be there.
The user experience, when using Citrix technology remotely, is very good. It's easy to use and I say that with some authority because I've been working from home now for about six months. I've been able to do my role as the CIO entirely from home. I log on through the Citrix gateway first thing in the morning when I start the day and I stay logged in until 5:30 or 6:00 o'clock at night. I've been able to gain access pretty much whenever I want and it's just two clicks to get me there.
I've got friends who work on the wards who use the Citrix client on our workstations-on-wheels and they find it relatively easy. They load the Citrix client, they click on the link to the EPR, and that's it, off they go. Because it's a thin client, because we're not dragging huge amounts of stuff over the network, they get very good performance out of their equipment. And that's allowed us to extend the life of some of our very early workstations-on-wheels. Some of them are now four years old and are coming up for replacement. Indeed that's what we've been doing with Citrix, building the next generation of workstations-on-wheels, to benefit from what we've learned by working with Citrix and partners to deploy this new technology.
The prototype is built and is currently being tested. When we go live we'll see a big step forward in terms of the performance, a notable increase in battery life and the corresponding reduction in the number of times the unit has to be recharged.Those are things that our nurses have told us will be of benefit to them.
The solution also provides the flexibility of being used on any device. We have a mixture of Windows PCs, Android mobile devices, Apple tablets and other Apple devices. We have Citrix installed on all of those and it allows our users to use these devices for any number of things. They can use it for clinical access, bringing patient data quickly to the clinician. For example one such system is the EDM (electronic document management) system that holds the scans of all of our paper documents and using Citrix staff can switch between the EPR and EDM and so get a complete picture of the patient's health. On a more basic note it can also be used to access tasks lists, calendars and email – helping to manage busy lives at a time when hospital staff are working under extreme pressure.
It affects the employee experience in a very positive way because of the way in which we have combined the remote connectivity with the Citrix tools. That means that as long as you have the right level of authorization, you can access a great deal of information from anywhere, and you can do it in one of two ways. If you have a hospital device that belongs to the Trust, then you've got a very high level of access to a lot of information because we can then employ end-to-end security. But if you're at home and you're using your home computer, you can still connect. It's just that there is no data transfer and the performance is less through the published desktop than it would be through the remote connection. But both situations work really well and, obviously, have been tested very severely with the Coronavirus where, very quickly, we had to give a lot of people the ability to work from home. One of the ways we did that was to allow them to use their own computers and come in through the Citrix desktop connection.
It takes a little bit of work upfront to get it configured and operable, but given the length of time we've been working with Citrix and the strength of our relationship, we're normally able to get any glitches ironed out and resolved quickly. That allows us to provide both a strong suite of applications to our users and a good user experience.
In terms of automated analytics to detect serious performance issues, what happens is that Citrix work with us and provide a monthly health check. This service monthly provides a series of analytics reports and tell us that it's all working, or if there is any issue they work with us to get it resolved.
What needs improvement?
Where improvement could be driven is in terms of clarity as to the functionality of some of the solutions. If you go back to the older Citrix Xen products that we had, we understood those really well. As we've come into the new workstation premium suite, there is a lot of additional functionality that we perhaps have not yet fully exploited. It is not because we can't, but simply because we don't yet understand the depth of functionality that's offered.
We made the upgrade to the Workspace suite last year we had planned to train this year but then the pandemic struck. We've only had one thing on our minds since March and that's how do we keep the hospital running? How do we make sure we keep people safe? And how do we treat patients in the face of a once-in-a-century experience?
Citrix have offered to help with demos or presentations of these new features, but we also simply haven't had time to dive in.
For how long have I used the solution?
I joined the Trust on the third of January, 2017. At that point the Trust was already engaged with Citrix, so it's at least five years or more.
What do I think about the stability of the solution?
The solution is absolutely rock-solid. I'm almost scared to say this, but throughout the whole stress of what we've been through over the last six or seven months due to COVID, Citrix hasn't missed a beat. It's been solid and reliable. We've had no downtime. It's been absolutely on the money, and given how critical it has been to get people connected and working, the 100 percent reliability has made me very happy.
What do I think about the scalability of the solution?
We're happy with the scalability. We were able to increase a 200-user solution to a 1,000-user solution simply by buying an upgrade to the license. We chose to buy two additional NetScalers, bringing our total to four, but that was largely because we bought the initial upgrade from 200 to 1,000 to allow us to connect the 640 staff who work in the community. But then, the hospital's need for remote access and remote control overtook that. That's what drove us then to buy a second set of NetScalers because we didn't really want to put some 4,000 users through just one gateway (pair). We felt having two gateways would be safer from a resilience point of view. And having two NetScalers per gateways means that we can take one down to do maintenance updates without disrupting the service.
In the next couple of months, we'll start to plan what next year's digital program looks like. The way in which we operate is that through November, December and January we engage with operational and clinical colleagues to determine how we are going to exploit IT to enable transformation going forward. We then build a digital program for our Digital Board to sign off on. As we go through that exercise, looking at how we can deliver better healthcare for our patients and improve the clinical experience, we will be looking to Citrix to help us understand how we can better exploit the new software that we've invested in. Normally by now, having bought it last year, we would have been well into it, but the pandemic has somewhat focused our minds elsewhere.
How are customer service and technical support?
Given that we are building these new, next-generation workstations for use in the clinical areas, it's been great to see just how much support and help we've had from our partners including Citrix. They've recognized that it is something new, that it is something that will help hospitals (not just ours) to deliver services that are more reliable and quicker in busy clinic areas and on wards. It's been a huge pleasure to work with some of their very senior people on a project of this scale.
You often find when you're working with tech organizations, and you step it up to do something that's not straight out of the sales catalog, that some step up well and some don't. Citrix have really stepped up well. They've kept in close contact with us, they've supported the design and they've helped us to consider options at the build level. We're delighted with that. We've built a prototype that's being tested at the moment and we look forward to that going into production. We'll probably hold some sort of press event to talk about what we've done. It's the strength of the partnership that we enjoy with Citrix has allowed us to do that.
How was the initial setup?
The very initial setup was done before I arrived at the Trust, but I have been involved in all the major iterations that we've gone through since. Some of them were relatively easy to do, others were more complex. Getting the license upgrade to increase the number of remote access sessions and upping the size and capability of the gateway was relatively easy. It took a few phone calls, purchasing of the license, and off you go. But configuring the VPN and the Citrix published desktop so that they work within the security model that we have did take more work than we had originally expected.
In some aspects, when you bring software products together from three different vendors, there is always a little work to do to get APIs aligned and to get the solutions talking to each other so that the user then gets a very slick experience. We do such things all the time with our IT department usually spending the most time on testing, especially when the solution is for use with patients. We seek to ensure that when we hand something to a busy doctor, a senior nurse or a therapist that they don't need to have an enormous amount of tech knowledge to be able to use it. They just click on the buttons, enter the information and press go, and it does what it needs to do.
In terms of how long these updates take, the remote access and remote control was a solution that was built for 200 concurrent users. Today, it's built for 1,000 concurrent users. It probably took about two weeks to agree on exactly what software license we needed to buy, about a week to procure it, and about three hours to embed it. That was quick and easy to do.
In terms of the Citrix desktop, we couple that with a second form of authentication that comes from a third-party, and that took six to seven weeks. It didn't take that long to get it to work—we got it to work quite quickly—but it took that long to get it to work smoothly. It took time to work with the three different application vendors that were involved and iron out the bugs and make it work as we wanted. But most of it, particularly where it's just us dealing directly with Citrix, happens quickly and easily.
What was our ROI?
If you think about our ability to continue to operate as a healthcare organization during the pandemic, without Citrix we would have struggled. We would have found it very difficult to have so many people able to continue doing their day jobs from locations other than their normal bases. It is therefore fair to say that the ROI on our connectivity investment was excellent. Yet this does not stand in isolation as the delivery of our electronic patient record system using clinical workstations-on-wheels is all built over Citrix technology. Absolutely, for every pound we've spent, we've seen a good ROI.
What's my experience with pricing, setup cost, and licensing?
I'm happy with the pricing. The cost of the Citrix software reflects what I would expect a product of that nature, in that market, to be.
Understanding the licensing is quite a bit more complicated, because one of the things about Citrix is that you can buy licensing at different levels. You can buy a basic license, which will give you the core functionality. You can buy an advanced license that will give you the core plus another layer, or you can buy a premium license, which provides a much wider set of functionalities. In truth I still struggle with some of the variations but with the aid of our reseller we usually find what we are looking for. Yet I still like the idea because it means that if all you need is a basic load balancing solution, then you don't need to buy an advanced or premium license. On the other hand, if you want to use the extra features that come with those higher-grade licenses, you can choose to do so, but you only pay for what you need.
Which other solutions did I evaluate?
The only comparable I can think of is that we use software from a different party for virtualizing servers. But we were aware that in terms of the ICA-type protocol, Citrix was the product that everyone was saying was the best. Indeed, I've worked with Citrix for a very long time - I guess a little over 20 years, so I never had really had any intentions of looking anywhere else because I believe that it's the right tool, to do what we need. In truth I have not seen any compelling evidence to make me think otherwise.
What other advice do I have?
My advice is to spend more time planning than you do implementing. Get what you need—the components that make up the solution—all agreed and lined up before you then commence the build work. I know that's really easy for someone like me to say, when you're under pressure and your organization needs something built very quickly. Therefore, to make sure that you generate the most benefit from your investment and you drive the features that really help, spending a little more time in the planning phase and making sure that you've got the right type of license, the right application or appliance required to do the job as this will save a lot of rebuild work or remodelling work down the line. It will also mean that if you want to grow it for scaling purposes, it will be far easier to do if you've thought about that before you implement the solution.
One of the lessons I have learned from using this solution is the fact that we have been able to be agile and respond to the needs of the organization through the use of the product. That has been a very good side of things. Another side of the lessons learned is that when we paid for the upgrade to move to the premium suite, we could have engaged earlier with Citrix to understand the additional functionality. We knew ahead of time that there was additional functionality, but in terms of the detail, we didn't get into that and then we got overtaken by the pandemic. In a normal year that wouldn't have mattered, but the lesson I've learned is that if we take an upgrade in the future, if we take the next step forward to a next generation of that software, I want to try to ensure that the purchase and the training of my engineers are closely coupled.
As for protecting our environment, we use Citrix Gateway, but the single sign-on is provided by another partner of ours. We have Tap and Go, Remote PC Access, Web App Gateway. We do have Web/URL filtering, but not from Citrix.
In terms of maintaining the solution, I have resources at both 2nd and 3rd line engineering that have Citrix skills and who look after the day-to-day stuff. In addition we have a contract through a Citrix partner and so can escalate calls that we can't handle. We spent time and effort putting our engineers through Citrix training. But occasionally, something comes up and we're not able to resolve it. At that point, we log a call via the partner and the partner's engineers, and Citrix's own engineers, get involved. Normally that results in a relatively quick resolution. The Citrix engineers clearly know the product really well. They'll quite often say, "Oh, we've seen this before. You need to do this or that or the other." As I said, we've had very few issues with reliability on the Citrix platform so those calls are actually quite rare.
Overall, I love it. It's been a really good product. It's helped my organization and helped me to deliver what the organization wants. For me, Citrix takes 10 out of 10.
For example, right now I'm at home, and my connection to the hospital runs over the Citrix VPN that we've created. We also have Citrix Remote PC Access, so if you are home and you're on your own computer, rather than one that belongs to the hospital, you can access the published desktop rather than having full VPN access.
We're a fairly big Citrix customer. We're doing some quite ground breaking stuff with them. We're beyond just being a customer. Traditionally, Citrix is positioned in the marketplace as a manufacturer. They sell through channels and the customer deals primarily with the partner. Because of the amount of work we've done, we primarily deal directly with Citrix themselves. There is a partner involved because that's the only way of doing the sales component of it, so if we want to buy something that has to be through the channel. But the work that we're doing is being done alongside engineers who are employed by Citrix rather than by the partner.