NB: Started this last night, got rather involved, stopped editing it, decided to sleep on it (hence the impression of an ear, half-way down) and this morning... Well, it's either pretend I didn't write anything or post asmuch as I wrote, with all due apologies for the rambling nature. Guess which I did..?KnightExemplar wrote:NHS was running Windows XP, a system that hasn't received any updates since 2014. This is an utter failure of their organization to smoothly transition to a safer OS (like Windows Vista, Windows 7, Windows 8, Windows 8.1, or Windows 10... all of which received this patch 2 months ago). This is the risk you take when you work with obsolete OSes that no longer receive updates.
Dependencies: both real (in various senses of the term) and regulatory. At the most annoying end, if you operate with clinical data, there are all kinds of hoops that you are forced to go through that means that you cannot (indeed should not) just "update Java/LotusNotes/Windows/etc because a patch has come out, because if that patch is faulty (far from unknown) and suddenly breaks (or, worse, bends) something vital then suddenly half of the people are sending documents of the slightly updated version which don't play well with the other half, or the web applet you heretofore used to administer patient detsils now crashes becausr it suddenly doesn't have authority to change a remote document, or various other degrees of pain that arise when Big Software decides that suddenly nobody needs a feature, or add another one, or revise it
just a little bit, but that's a little bit too much for some other program to handle.
That can be resolved by going through a Change Control trial, usually, looking for any problems a test system (or a whole group of trial users, running live or simulated data) brings up, identifying the cause, mitigating, retesting, loop until signoffable (then pray, as you roll out everywhere, that you aren't going to find too many of the inevitable untested-for problems). In my experience in a large company (but not so as in-depth sprawling as the NHS, even if it was global in presence), two months is not sufficient to properly analyse major changes and poke them out to everyone. Even though, via tools like ZENWorks we could, once committed to a change, rack up that change one evening and by the next morning (give or take a timezone) have in front of us a report on how we sorted 90% of the machines worldwide and (as a bonus) a list of recalcitrant hardware that needs local IT support to follow through (and/or roll-back and work out where we still went wrong). Apparently simple patches tended to get a more rapid nod, but there was still often collateral fallout in unforseen exceptions to the prior "shucks, it'll be ok" assessment.
And that's with relatively up-to-date systems. In practice, we ran our (sensitive) systems one full version of the OS behind the latest. Win 95 only started to phase in, to replace Win 3.11, when '98 was imminent (but it was also a lot looser and unhomogeneous, so the entire 9x family phased in both as early adoption and barely in time for the post-9x times). 2K became defacto standard not long before XP came to the public (and absorbed 9x and NT legacy workstations, obviously). XP got authorised for critical workstations as Vista arrived. Vista
never got authorised, but Win7 took over from XP as Win8 was released. I assume (though I had left by then) that Win8 was a repeat of Vista, but they're now working on 10.
("Working on" as in generally the IT dept and (for rather dubious reasons, but hey, it helps test it!) executives and Exec PAs got first of the new upgrades, on a smattering of new machines that weren't doing the sensitive data-handling, directly at least, and this gives hands-on experience and also highlights problems with the (say) Timesheet application no longer working as it should due to having had a bug patched that had actually been (inadvertently) exploited to do something intentional and benign. This all contributes to the eventual roll-out task, fixes (and/or 'de-fixes') in place and the tech-support staff being well versed in all the strange new paradigms that are going to be encountered.)
This leads to the XP stumbling block. Not so much XP, but IE8. There's a tool which was designed to be used through IE, but that gateway software was written so long ago that it now 'breaks' under the later, actually more compliant versions of the browser. Practically, IE8 (or earlier!) must be used, and that forces XP to be used, but that's OK, because you don't want Vista and see no need for 7 (just yet). You
could junk the tool (an expensive one, not yet fully amortised) and get a more modern solution - but that would worry the Finance department. Or it's possible you can mess with the system, perhaps get it working on Firefox or Chrome compatability modes, implement a kludge in hardware, software or (with training) wetware to get around the problem - it'll mean a lot of paperwork, though, not counting possibly falling foul of Licencing issues. Best, then, to let the department concerned stick with XP, IE8 and AwkwardlyRetroWebInterface for the time-being. Global support for XP coming to an end? There's still no sign of a replacement system (or revised and updated - assume the vendoris tardy, but has one by the dangly bits enough not to just
find a better vendor's better system) and while even Payroll is languishing in the 'luxury' of whatever the latest OS is, the peons and grunts in various local incarnations of a vital core-business department are held back in the realms of XP (not an
inherently bad place, it is a practical and work-friendly OS, without many of the unnecessary and obstructive bells and whistles of the later Windowses, and while it's no Win2K in raw honesty, the Teletubby aesthetics can be ignored (or the profile reverted) and one has to admit that some of the XP bells take the 'edge' off of 2K's unforgiving NT-like brutality) and right now the most agreeable and cheapest solution is to actually get
premium XP legacy support on a pay-per-call basis and suck it up until the plate techtonics of computing have solved the entire problem by opening up a third way to avoid the problem (and the path suitably tested, authorised, financed and implemented).
And the above is for a company (let's say 20k employees) that can set its own global agenda for the most part. NHS England has 1.4 million employees in roles and locations and get-ups far more diverse, decentralised even from decentralised and sub-contracted divisions and client organisations/trusts/etc. The outfitting of a surgery or a hospital may well vary according to which branch of the organisation is holding the purse strings, the attraction of uniformity will be balanced by (often political, and by extension financial) restrictions that forces the make-do-and-mend of whatever hotch-potch of legacy equipment and software a particular locale happens to use. I know I'm where there are
green screen monitors used by the 'arrivals' receptionist ('80s tech, if it's a day) because it is sufficient for the system they're connecting to, and I very much doubt they have the budget to move everyone on XP to whatever the latest authenticated environment is (with no free upgrade path, being behind the cut-off), never mind having to mess with printer drivers that don't exist and all the aforementioned...
...a point made, I think, even though I never even got to where I originally intended to go to.