1. Description of Service
The Information Technology Division (ITD) provides a reliable and secure centrally managed policy compliant Virtual Private Network (VPN) access to MAGnet (Massachusetts Access to Government Network). VPN allows a remote user (external to MAGnet) to securely access agency's applications and resources within MAGnet. The VPN certificate acts as an ID for the external user.
VPN support, services and infrastructure are outsourced to Verizon. Departmental Security Officers submit requests for VPN for their department via InTempo, ITD's secure electronic form. Departmental Security Officers requiring access to InTempo must submit an COMiT request using the InTempo intention. The service contains two components:
1. Basic Services
- VPN authentication is provided through a certificate which is available 24 x 7 once the user is enrolled.
- RSA tokens may be used for authentication where a certificate cannot be used on a non-Windows based PC.
2. Business Continuity
The options below are for Business Continuity events only and are not to be used for day to day VPN access.
Option 1; Pre-Enrollment: Customer enrolls in advance of an event
Departmental Security Officers request this option for their users. An enrollment email is sent to the user so they may retrieve their certificate. The pre-enrolled account will be disabled to prevent usage until an event is declared or it is time for a scheduled test.
Option 2; Self-Enrollment: Customer enrolls at the time of an event.
Agencies desiring this option authorize Departmental staff to enroll their end users. At the time of an event an agency would be able to enroll as many users as needed without waiting for ITD or Verizon.
Option 3; Authentication using RSA Token: RSA customers enroll in advance of an event.
Agencies that must use RSA tokens rather than the standard VPN certificate supplied by Verizon can purchase their own tokens to be used for VPN. These accounts will be disabled to prevent usage until an event is declared or it is time for a scheduled test.
The above services include:
- Add, change or delete a VPN account
Authorized agency personnel will have the ability to:
- Reset passwords
- Issue replacement certificates
Support services include:
- A Service Account Manager to answer any questions or concerns regarding ITD Services.
- Services offered through our Operations Office; including Change Management and customer access to incident management via email, phone (CommonHelp)
- The online COMiT service management portal
2. Service Targets/Hours of Availability
Each agency has designated VPN technical support personnel registered with Verizon who have the availability to reset passwords and approve retrieval of new certificates. If the designee is unable to resolve a VPN issue, this person is authorized to contact the Verizon VPN help desk at 888-216-2063.
If this is not a Verizon VPN issue, ITD Service Management Office has standard processes to manage incidents, requests and changes.
Service available hours are 24 x 7. ITD VPN support is available via on call staff.
|Request Fulfillment||Staff will respond to service requests from 8:00 am to 5:00 pm Monday through Friday excluding weekends and holidays. The Verizon Helpdesk is available at 24 x 7 at 888-216-2063.|
Maintenance is performed weekly in a 3 hour window between 7:00 pm and 10:00 pm, every Friday, excluding holidays. If an outage occurs impacting either the Boston or Chelsea VPN Gateway, customers will be notified about the outage, downtime and instructed to connect to the available Gateway. Ad-hoc maintenance is scheduled through change control and customers are notified though part of the change control.
3. Service Reporting
The following reporting information is provided to customers as part of this service:
System Resource Utilization
By user account, a summary report of:
Monthly report posted to DocDirect
4. Service Requests
Lead Time-Business Days
New VPN External Remote Access
This request is to obtain a new VPN certificate for remote access MAGNet.
New VPN Business Group Remote Access
This request is to obtain new VPN certificates for a Business Group requiring remote access to MAGNet.
Pre-Enroll VPN for Business Continuity
This request is to pre-enroll for a VPN certificate in advance of a Business Continuity event.
New VPN RSA Token for Business Continuity
This request is to pre-enroll for RSA token in advance of a Business Continuity event.
VPN Self-Enrollment for Business Continuity
This request is to self-enroll for a VPN certificate when a Business Continuity event has been determined.
*For new service requests only. To manage existing requests, please log into COMiT.
5. Customer Responsibilities
Customers must sign the Remote Access Agreement and notify ITD immediately upon a change in a user's employment status.
For your convenience, you may also view a detailed list of customer responsibilities .
6. Chargeback Rate Information
For more information on Chargeback, including an overview of the program as well as current and previous fiscal year rates, please visit our Chargeback Services webpage.
Customers are directly charged $8.86 per month and reimburse Verizon directly. No additional detail is available for review.
Updated June 20, 2011
Reviewed September 7, 2010
Published August 14, 2009
Created April 14, 2009: Information provided by the Security Office