OPERATIONS MANUAL Secure Gateway Services Retail ... - Verizon

OPERATIONS MANUAL Secure Gateway Services Retail and Remote Office Mobile User Firewall Section I: Introduction and Service Description. 1. Secure Gateway. Secure Gateway Services are a network-based suite of three services- Retail & Remote Office, Mobile User, and (standard) Firewall that give customers the advantages of a global IP network with the security of a private network. Secure Gateway Services allow Verizon network service customers such as Private IP, vBNS+, Frame Relay or ATM customers the ability to safely link widely dispersed business units, retail outlets, and remote users into a single, secure Wide Area Network (WAN), via a single, Secure Gateway Universal Port. Customer must subscribe to a (pre-existing or newly ordered) Verizon Network Service (i.e., Private IP, vBNS+, ATM, or Frame Relay) to use Secure Gateway Services. Verizon Network Services are contracted separately from Secure Gateway. The following are service components for Secured Gateway Services: a. Secure Gateway-Universal Port (Universal Port). Universal Port is a logical/virtual port that enables Customers to order a single Universal Port to support their Secure Gateway - Retail and Remote Office, Mobile User, and Firewall services. Customer must order Universal Port as a prerequisite to ordering any other Secure Gateway services. b. Secure Gateway-Retail and Remote Office (RRO). RRO service creates a secure end-to-end logical link between corporate resources or corporate “hubs” on the private network and remote sites connected to the Internet or Verizon’s IP network via broadband or Dedicated T1access. Private network "hubs" are typically data centers, corporate headquarters, regional sales offices and other locations hosting mission-critical enterprise servers. i. RRO Service Components. In addition to Universal Port, the following service components are required for RRO: 1. Internet Access Required. Verizon or third party Broadband internet service such as Company’s Internet DSL and Cable service or Internet Dedicated T1 service is required for RRO. If Customer uses Verizon’s Internet Services, Customer will pay the rates and charges provided pursuant to a separate service attachment. 2. Network Service Required. Verizon Network Services such as Private IP Service are required for RRO and provided pursuant to a separate service attachment. 3. RRO Customer Premise Equipment (RRO CPE). RRO requires Customer Premise Equipment (“CPE”) that is Verizon or Customer provided and configured, managed and monitored by Verizon. ii. RRO Service Details. 1. Installation for RRO CPE. RRO CPE may be provided by Verizon or the Customer. If Customer orders Verizon RRO CPE, then Verizon will dispatch a technician to the Customer Site to install the Verizon provided RRO CPE. Verizon will configure and test the Company-provided RRO CPE to its parameters and ship the RRO CPE to the Customer. If the RRO CPE is Customer provided, then Verizon will perform a management take-over of the RRO CPE and configure it with Company managed RRO CPE parameters remotely. Standard remote activation and initial configuration of the RRO CPE will be scheduled during standard installation hours, between 8:00AM and 7:00PM Eastern Time on business days. Customer may choose Company on-site installation for an additional charge as set forth within. If Customer chooses the on-site installation, Company will dispatch a field technician to install the RRO CPE at the remote site, between the hours of 8:00 AM and 7:00 PM Eastern Time on business days, Company-designated holidays excluded. Page 1 of 3 Secure Gateway_OpsManual_7-31-13

c.

Secure Gateway-Mobile User (Mobile User). Mobile User provides secure, encrypted, remote access to the customer's Verizon network service (Private IP) for their mobile workforce and remote employees. Mobile User is a single-user service utilizing a software client that resides on a PC or other device that will build an encrypted tunnel to Customer’s Universal Port. i.

Mobile User Service Components. In addition to Universal Port, the following service components are required for Mobile User: 1. Internet Access. Verizon or third party Broadband internet service is required for Mobile User, such as Verizon’s Internet DSL and Internet Cable services, wireless access, Internet Dedicated T1 service, Verizon Enterprise Mobility as a Service (“EMaaS”) or Enterprise Mobility Dial Access (EMDA). 2. Enterprise Mobility as a Service (“EMaaS”). Purchase of Verizon’s EMaaS service is required for Mobile User and provided pursuant to a separate service attachment. 3. Network Service. Verizon Network Services such as Private IP Service are required for Mobile User and provided pursuant to a separate service attachment.

ii.

Mobile User Service Details. 1. Authentication. Mobile User requires authentication to verify if Authorized Users are authorized to access the Customer’s network. Authentication methods include Verizon – hosted or Customer-hosted authentication. Customer-hosted authentication options include UserID/PSWD (via RADIUS) or SecurID Token (via RADIUS). 2. Access Service. Upon activation, Verizon will provide Customer with the appropriate URL to use to download the VPN software client. As part of the downloading process, Customer must respond to questions in order to comply with U.S. export control restrictions.

d. Secure Gateway-Firewall (standard). Firewall provides enterprise employees secure access to the Internet from Customer locations connected to a Verizon network service via a network-based firewall. Firewall is available with Private IP worldwide. i.

Firewall Service Details. 1.

Administration. After installation of the Firewall configuration, and upon Customer request, Verizon will administer the Firewall within the guidelines set forth in the Firewall service templates, which templates will be provided to Customer during implementation of the Firewall.

e. Availability. Secure Gateway Services are available as follows, as facilities, capacity, and export restrictions permit. Secure Gateway Service

Availability

Universal Port

Global

Retail & Remote Office

U.S. Mainland plus Alaska and Hawaii for Company-leased CPE

Mobile User

Global

Firewall

Global

Section II: Options and Features. 1. RRO. The following optional services are available for each RRO Site: Page 2 of 3 Secure Gateway_OpsManual_7-31-13

a. Verizon-provided On-site Installation. b. Dial Backup CPE. Dial Backup CPE services provide a communication path should the primary access method become unavailable. Dial Backup capability can also provide out-of-band (“OOB”) access to the RRO CPE. c.

Broadband Failover Service and CPE. Broadband Failover service can be provided for Verizon-provided cellular access, Verizon-provided or third-party-provided cable service, or Verizon-provided or third-partyprovided DSL access. Broadband Failover covers failover management only. Cellular Broadband Failover covers cellular CPE management, rental, and maintenance. Broadband Failover via cellular service may require both Cellular Broadband Failover CPE and Broadband Failover. Broadband Failover services provide a communication path should the primary access method become unavailable. Cable and DSL failover requires only Broadband Failover. Broadband Failover service is only available in the U.S. Mainland, when used with Verizon-provided broadband Internet service or Verizon-provided dedicated Internet service. Customer should contact its Verizon account representative to determine when this service is required.

d. Quality of Service Support. Verizon will provide an optional capability for Quality of Service (QoS) support on the RRO CPE routers. Customers may assign up to six priorities for RRO CPE traffic as follows, in order of priority: “EF”, “AF4”, “AF3”, “AF2”, “AF1”, and General Business. Before the traffic leaves Customer’s premises, Customer must assign traffic to one of the listed traffic classes. e. Backup Service Configuration: Customer may use an optional Backup Service configuration with Secure Gateway – RRO to provide access to Customer’s Verizon Network Service in the unlikely event of an outage on the primary access. Customer may establish such Backup Service Configuration Sites only in the United States Mainland. The Backup Service Configuration Option of Secure Gateway – RRO supports failover of Customer’s primary access and Verizon Network Service customer edge routing (if Hot Standby Routing Protocol is enabled) to Customer’s Verizon Network Service. Customer is responsible for the configuration of the Customer Edge (“CE”) router supporting primary access to Customer’s Verizon Network Service. As an option, Customer may choose Verizon Managed Network Services – available through a separate service attachment – for managed configuration of Customer’s CE routers providing primary access to Customer’s Verizon Network Service. f.

Broadband Failover Service: Broadband Failover service can be provided for Verizon-provided cellular access, Verizon-provided or third-party-provided cable service, or Verizon-provided or third-party-provided DSL access. Broadband Failover service is only available in the U.S. Mainland, when used with Verizonprovided broadband Internet service or Verizon-provided dedicated Internet service

g. Optional WAN Analysis Reporting for RRO. Customer may order WAN Analysis for each Retail & Remote Office site at no additional charge. Section III: Service Level Agreement. The service level agreement (“SLA”) for Secured Gateway Services provided in the US is found at the following URL: http://www.verizonenterprise.com/external/service_guide/reg/cp_sgs_2013_sla_Dec2012.pdf

Page 3 of 3 Secure Gateway_OpsManual_7-31-13