What is GCSx?
GCSx stands for Government Connect Secure Extranet. It is a secure private Wide-Area Network (WAN) which enables secure interactions between connected Local Authorities and organisations.

GCSx is connected to the Government Secure Intranet (GSI), which also enables secure interactions between local authorities and central government departments and national bodies. GCSx provides a range of connectivity options to enable access the GSI network and its hosted services; GCSx does not use the Internet or any other public networks.

GCSx provides secure access from connected Local Authorities to many other secure networks such as:

Government Secure Extranet (GSX)
Government Secure Intranet (GSI)
National Health Service (NHS)
Criminal Justice Extranet (CJX)
Police National Network (PNN)

What are the benefits of GCSx?
The provision of a national secure network infrastructure which provides secure connectivity to the wider local and central government communities is of significant benefit to local authorities. Key reasons are that GCSx:

Provides an accredited, managed network to connect all English and Welsh local authorities with, inter alia, central government, the NHS, the Scottish Local Authorities and the Criminal Justice Community into a trusted secure community
Provides a secure email relay service with an accredited, independently managed anti- virus service
Enables secure data sharing
Is scalable
Is cost effective
Supports aggregated network connectivity into the secure community so that several local authorities can share a single physical connection onto GCSx (provided that the appropriate security is in place)
Supports the creation of closed user groups
Supports collaboration and joint working
Provides outbound web browsing
Is an enabler of transformational government within local authorities.

How does GCSx work?
GCSx is a secure, accredited, fully managed service. The service is hosted from geographically separate data centres, providing data security and network resilience at all times. Diagram 1 illustrates how GCSx interacts with the GSI and the Internet to deliver a secure communication network to local authorities.

Code of Connection (CoCo)
Local authorities need to sign up to the Code of Connection (CoCo) that defines the minimum standards and processes that an authority must comply with before being able to connect to GCSx. Achieving compliance to the CoCo requires the local authority to provide a compliance statement and supporting comment against a number of security control measures. To reduce any delays in the preparation for the adoption of GC services all connecting organisations should start their CoCo as soon as possible. Each Local Authority has been signed a Regional Account Manager to support them through the CoCo process. Please see here for more information.

Wide Area Network (WAN)
The WAN will provide:

Access to GSi NTP servers (network time protocol)
A DNS service to resolve LA addresses and GSi addresses
DNS recursion to the Internet
DNS load balancing, which provide virtual IP addresses to servers within the GCSx data centres
Controlled support for protocol access to GSI, according to business / accreditation rules.

Firewall
A firewall governs the connection between GCSx, GSI and other secure external networks. This permits access to applications that are approved to run within GSi. It prevents unauthorised access to web services and hosted applications across GCSx / GSI. The firewall will be opened up on a case-by-case basis as LAs achieve appropriate security (CoCo) compliance. There are also centrally managed firewalls within GCSx / GSI providing perimeter.