Presentation on theme: "Department of Management Services Division of Telecommunications."— Presentation transcript:
Department of Management Services Division of Telecommunications
State of Florida Department of Management Services Division of Telecommunications
The New FIRN Network FIRN - Florida Information Resource Network 2009 Contract FEATURESBENEFITS Data transport provided by MFN (MyFloridaNet) MFN transport operates within highest industry standards to secure and deliver data. Bulk pricing and simplicitySignificantly reduced prices with simpler rate structure, easier to manage for end user. Multiregional Internet Gateway AccessMultiple Internet Gateways throughout State of Florida providing most efficient access available to Internet Guaranteed QualityCommitment to users from service providers; strict service level agreements (SLAs). E-rate BenefitsE-rate compliant to benefit the educational community to ensure E-Rate funding for major portion of these services.
List of FIRN Services Bundle Services For District Area Networks For Hub & Internet and Local Loop For Hub, Internet and CPE Service Data Vaulting Services Co-Location Service Web Hosting
List of FIRN Services Interconnected Voice Internet Protocol Service(IVoIPS) CPE Management Services Firewall Management Encryption Services Content Filtering Web Page Support Web Presence of FIRN Emergency Website Maintenance and Support
FIRN Services Description FIRN Bundled Service A totally bundled offering which includes Internet access, transport, customer premises router, DNS, DHCP, basic firewall protection, and overall management to maintain the service functioning properly. For bundled service, the customer service interface is the Ethernet port on the provider's edge device/router.
FIRN Services Description FIRN Service FIRN Service provides basic services for administrators, teachers, and students. Based on a secure, robust, and highly available infrastructure, our service not only filters your in accordance with the CIPA guidelines, it features security measures that mitigate the risk of hacking and misuse. Additionally, the service complies with federal and state record retention requirements.
FIRN Services Description FIRN Service includes(continued): 24x7x365 Helpdesk for End Users User mailbox configuration of 100MB Whitelist/Blacklist Support Spam Folders and Administration Auto-Reply Mechanisms Anti-virus and Anti-Virus Protection Mechanisms Accessibility using industry standard PC web browsers and clients Support for Microsoft Internet Explorer and Microsoft Outlook Secure SMTP, POP3, IMAP functionality RFC compliance for SMTP/POP3/IMAP4/HTTP/HTTPS protocols CIPA Compliance Mechanisms CIPA Guidelines: Record Retention Compliance Mechanisms Federal Guidelines: State of Florida Guidelines:
FIRN Services Description Data Vaulting Service(continued) Data Vaulting Service provides a secure, high performance, local vault device at the customer location for maximum performance and efficiency. Vault devices provide a seamless interface to industry standard backup applications and provide easy integration with existing software as well as adherence to existing backup policies. For additional resiliency, duplicate data storage can be obtained which will allow for the replication of the data from the local vault device(s) at the customer location to a secure vault in our secured offsite facility. Our enhanced replication mechanisms feature technologies that dramatically reduce traditional WAN bandwidth demands that would otherwise be required to perform replication.
FIRN Services Description Data Vaulting Service (continued) For the purposes of effectively sizing a Data Vaulting solution, a pre-installation survey is required. This survey will evaluate current data consumption trends and anticipated future data storage needs. Quantity discounts for storage requirements greater than 250 GB are available.
FIRN Services Description Data Vaulting Service (continued) The Data Vaulting Service includes: 24x7x365 Support Services 24x7x365 Monitoring of Service and Devices Pre-installation Data Usage and Future Needs Survey 250 GB onsite storage Optional Offsite Storage housed in a Secured Facility (additional increments of 250 GB) – IP access, to reach the Secured Facility, is the responsibility of the customer Software Accessibility using industry standard Backup Software Some examples include Atempo Time Navigator, BakBone NetVault, Backup, CA, ARCserve Backup, EMC NetWorker, Veritas NetBackup, and Backup Exec
FIRN Services Description FIRN Web Hosting Service(continued) FIRN Web Hosting Service provides website hosting and website hosting support to classroom teachers for educational purposes. This Teacher/Classroom Portal is a convenient and easy to use solution for teaching professionals who wish to establish and manage a website hosting account. FIRN Web Hosting Service includes: 8x5 Support Services for uploading and accessing their website 10MB of website hosting space Documentation, FAQs, and general guidance on how to use web standards Authentication and verification of eligibility for service Acceptable use policy
FIRN Services Description Co-Location Service(continued) Co-Location Service provides end user space in a secure and robust facility. The co-location facility features air conditioning and conditioned UPS power backed up by generator power. The facility is protected by security mechanisms and provides secured physical access to customer equipment 24x7x365. For every unit of Co- Location Service obtained, one rack unit of space will be provided in a standard lockable cabinet. Equipment of different form factors or space requirements will be handled on a case by case basis. Quantity discounts are available.
FIRN Services Description Co-Location Service(continued) The Co-Location Service includes: Air Conditioned Space (HVAC) UPS Conditioned Power Feeds Secured Accessibility Secured Cabinets Robust Connectivity to MFN
FIRN Services Description Co-Location Service(continued) Air Conditioned Space (HVAC) The computer room air conditioning units (HVACs) are strategically placed to assure the appropriate ambient temperature thresholds are met. In a raised floor data center, the conditioned air is dispersed through the air plenum and using perforated floor tiles. The non-raised floor data center disperses conditioned air using overhead ducting. UPS Conditioned Power Feeds The node has Uninterruptible Power Supply (UPS) systems. The UPS systems receive power from both the commercial power utility and the standby power feeds. Each UPS system conditions the power and feeds the conditioned power to power distribution units (PDU). In case of a commercial power failure, a standby generator is available to provide
FIRN Services Description Co-Location Service(continued) power to the node within one minute of a commercial power outage. The one-minute gap is covered by the UPS battery system. During an extended commercial power outage, the diesel generator provides power using the fuel stored on site. The node has a multiple-day fuel supply, with fuel delivery arrangements, if needed. The customer will be provided 120V 20A UPS Conditioned Power Feeds. Customer shall not exceed 1000W per 10RUs or 5700W per 38RUs per cabinet. MFN will periodically review Customers usage to verify that Customer is not exceeding the power limitation requirements. alternatively, suspend customers Service(s) pending cure of the power non- compliance issue by customer.
FIRN Services Description Co-Location Service(continued) Secured Accessibility Security includes controlled access and egress doors, controlled access permissions and access request methods, and managed key and /or access card plans for access control. CCTV cameras are used to monitor access, egress, and infrastructure. Common infrastructure areas are secured areas. MFN reserves the right to access any part of the Node at any time for safety and security reasons. Secured Cabinets The customer equipment will be housed in lockable cabinets. The cabinets are four post racks with lockable doors and side panels and the inside width is 19.
FIRN Services Description Co-Location Service(continued) Customers Client-Managed cabinet shall, at all times, be clean, neat and orderly and shall not pose any danger or hazard to the Node or to employees (including subcontractors) that may be requested or required to enter the node to perform a Service. No combustible material, i.e. cardboard, foam, or paper may be stored in Customer cabinet. Customer may not hang or mount anything on the cabinets. Unsecured cabling across aisles or on the floor is strictly prohibited. All devices must be installed in racks or cabinets. Cable wrapping, zip ties and/or Velcro, must be used to organize cabling in a rack or cabinet A staging area is available, on a first come first served basis for the temporary unpacking and configuration of Servers. MFN is not liable for Customer assets left unattended in this area.
FIRN Services Description Co-Location Service(continued) Robust MFN Service Connectivity Front-End Connectivity Front-End Connectivity provides Internet access to the MFN Backbone via an Ethernet handoff from the Node Infrastructure. Customer must subscribe to an MFN Port connection of the appropriate bandwidth. MFN responsibilities include setting up and maintaining the Ethernet handoff(s) to the customer and capacity management of the Node infrastructure in order to provide the subscribed bandwidth.
FIRN Services Description Co-Location Service(continued) Additional Service Policies Shipping and Receiving Due to safety and liability concerns, the staff cannot ship, receive, move, unpack or uncrate any Customer owned Equipment (racks, cabinets, racks of equipment, etc). Customer is responsible for unpacking, uncrating, and movement of heavy Equipment including all associated costs. Customer must implement appropriate protection plans to prevent damage to infrastructure (plywood on raised floors, overhead clearance, etc). MFN staff will not pack and ship any Customer owned Equipment.
FIRN Services Description Co-Location Service(continued) Maintenance Windows All scheduled maintenance on common infrastructure is scheduled during known maintenance windows and must be reviewed by an MFN Engineer. This applies to all Network, power, and facilities infrastructure. These maintenance windows may not be changed and must adhere to a schedule of restricted days. Pricing components Include: MFN Ethernet Port ( >= 2M) Collocation Ethernet MFN Access Collocation Area Fee Per Rack fee MFN CPE
FIRN Services Description Co-Location Service(continued) Therefore a customer requiring 4 racks and 10 M of access to MFN would incur thefollowing: MFN Ethernet Port 10 M $ (standard per existing contract) Collocation Ethernet MFN Access (10 M) Collocation Area Fee Per Rack fee x MFN CPE (1841-SEC) (standard rental per existing contract) $
FIRN Services Description Firewall Chassis Service For organizations desiring protection from threats originating from the outside, Firewall Chassis service delivers a fully managed security offering. This includes protection against threats from the Internet, or facilities located within the same virtual routing and forwarding instance. The service is built upon a provider managed premise-based appliance that is capable of processing packet-level information at bandwidth speeds appropriate for the speed of the of the wide-area connection.
FIRN Services Description Firewall Chassis Service(continued) Upon subscription to the service, an engineer will contact the customer to develop custom security policies that are tailored to individual needs. Policies may include standard Layer-2 and Layer-3 intrusion prevention, or deep-packet inspection at the application layer to prevent peer-to-peer or other unwanted and unauthorized traffic. Once security policies have been approved by the customer, the engineer will schedule the installation, testing, and validating of firewall performance/functionality. Upon service acceptance, the device will continue to be monitored by the provider for availability and performance/functionality. Should an appliance hardware failure occur, the provider will dispatch a technician to either fix or replace the defective part(s), usually by the next business day.
FIRN Services Description Firewall Chassis Service(continued) Because the nature of external threats to IT resources is dynamic, the service includes on-going management, by experienced security specialists, to mitigate and prevent newly reported exploits from compromising sensitive data. This alleviates the burden of relying on external resources for proper and timely security alerts and advisements and greatly enhances the integrity of the organizations data by preventing unauthorized access to confidential or sensitive information.
FIRN Services Description Firewall Feature Set Within the Site Router This service is for customers who prefer to run the Firewall Feature Set within the operating system of capable CPE. A standard security design template will be applied to each CPE. This feature set will be managed and administered for the duration of customer subscription and provides basic access list controls and Netflow data analysis for traffic monitoring and diagnostic information. These access lists may be altered by the provider and upon request of the customer, to provide a more granular level of security that meets the security policies of the customer. Typical changes may include permitting or denying peer-to-peer protocols or specific websites.
FIRN Services Description Firewall Management Feature For organizations desiring protection from threats originating from the outside, Firewall Management service delivers a fully managed security offering. This includes protection against threats from the Internet, or facilities located within the same virtual routing and forwarding instance. The service is built upon a provider managed, premise-based appliance that is capable of processing packet-level information at bandwidth speeds appropriate for the speed of the of the wide-area connection. The appliance, unlike the Firewall Chassis Management service, is NOT included in this service and must be a DMS/FIRN approved appliance.
FIRN Services Description Firewall Management Feature (continued) Upon subscription to the service, an engineer will contact the customer to develop custom security policies that are tailored to individual needs. Policies may include standard Layer-2 and Layer-3 intrusion prevention, or deep-packet inspection at the application layer to prevent peer-to-peer or other unwanted and unauthorized traffic. Once security policies have been approved by the customer, the engineer will schedule the installation, testing, and validating of firewall performance/functionality. Upon service acceptance, the device will continue to be monitored by the provider for availability and performance/functionality. Should an appliance hardware failure occur, the provider will notify the customer so that the customer may take appropriate action to have the device repaired or replaced by the customers preferred vendor.
FIRN Services Description Firewall Management Feature (continued) Because the nature of external threats to IT resources is dynamic, the service includes on-going management, by experienced security specialists, to mitigate and prevent newly reported exploits from compromising sensitive data. This alleviates the burden of relying on external resources for proper and timely security alerts and greatly enhances the integrity of the organizations data by increasing the overall security posture of the organization. This type of holistic approach to security can greatly help in preventing unauthorized access to confidential or sensitive information.
FIRN Services Description Encryption Service For organizations that are legislatively mandated to transmit confidential information in an encrypted format, this service provides a secure and reliable method to meet this obligation. The heart of the service is a provider-supplied, managed, and maintained appliance that creates a virtual private network using industry standard IPSEC tunnels and data encryption algorithms. The appliance uses Internet Key Exchange (IKE) to handle negotiation of protocols and algorithms based on the States security policy as well as to generate the encryption and authentication keys to be used by the encrypted session(s) or equivalent. IKE provides authentication of the VPN peers, negotiates VPN security associations, and establishes VPN encryption keys. The IKE policy incorporates 3DES encryption, SHA, and Diffie-Hellman groups 2 (1024-bit) and 5 (1536-bit) identifiers or equivalent. Machine authentication is provided using a digital certificate generated and issued by the AT&T selected Certificate Authority (CA).
FIRN Services Description Encryption Service(continued) Upon subscription to the service, a security engineer will contact the customer to develop the security policy for the organization. The engineer will configure the appliance and schedule installation with the customer. After installation, the device will continue to be monitored by the provider for availability, performance and functionality. Should an appliance hardware failure occur the provider will dispatch a technician to fix or replace the defective part(s), usually by the next business day.
FIRN Services Rate Calculator The FIRN Services Rate Calculator makes it easier for the FIRN user when calculating the individual and total cost of services. In addition this tool allows the user to calculate Erate discounts. Please reference link for FIRN Calculator (attached is the excel file with the FIRN calculator)
FIRN Services Simplified Matrix The FIRN simplified matrix will assist the user to easily determine what services are included with the bundled packages available to FIRN users. Please reference link for the FIRN Services Simplified Matrix (excel file for the FIRN services simplified matrix is attached)