Download the complete service offering doc format of    vpn_services_definition.doc


1. Description of Service

The Information Technology Division (ITD) provides a reliable and secure centrally managed policy compliant Virtual Private Network (VPN) access to MAGnet (Massachusetts Access to Government Network). VPN allows a remote user (external to MAGnet) to securely access agency's applications and resources within MAGnet. The VPN certificate acts as an ID for the external user.

VPN support, services and infrastructure are outsourced to Verizon. Departmental Security Officers submit requests for VPN for their department via InTempo, ITD's secure electronic form. Departmental Security Officers requiring access to InTempo must submit a COMiT request using the InTempo intention. The service contains two components:

1. Basic Services

  • VPN authentication is provided through a certificate which is available 24 x 7 once the user is enrolled.
  • RSA tokens may be used for authentication where a certificate cannot be used on a non-Windows based PC.

2. Business Continuity

The options below are for Business Continuity events only and are not to be used for day to day VPN access.

Option 1: Pre-Enrollment: Customer enrolls in advance of an event

Departmental Security Officers request this option for their users. An enrollment email is sent to the user so they may retrieve their certificate. The pre-enrolled account will be disabled to prevent usage until an event is declared or it is time for a scheduled test.

Option 2: Self-Enrollment: Customer enrolls at the time of an event.

Agencies desiring this option authorize Departmental staff to enroll their end users. At the time of an event an agency would be able to enroll as many users as needed without waiting for ITD or Verizon.

Option 3: Authentication using RSA Token: RSA customers enroll in advance of an event.

Agencies that must use RSA tokens rather than the standard VPN certificate supplied by Verizon can purchase their own tokens to be used for VPN. These accounts will be disabled to prevent usage until an event is declared or it is time for a scheduled test.


The above services include:
  • Add, change or delete a VPN account


Authorized agency personnel will have the ability to:

  • Reset passwords
  • Issue replacement certificates

Support services include:



2. Service Targets/Hours of Availability

Service Requirement


Incident Management

Each agency has designated VPN technical support personnel registered with Verizon who have the availability to reset passwords and approve retrieval of new certificates. If the designee is unable to resolve a VPN issue, this person is authorized to contact the Verizon VPN help desk at 888-216-2063.

If this is not a Verizon VPN issue, ITD Service Management Office has standard processes to manage incidents, requests and changes.

Service Availability

Service available hours are 24 x 7. ITD VPN support is available via on call staff.

Request FulfillmentStaff will respond to service requests from 8:00 am to 5:00 pm Monday through Friday excluding weekends and holidays. The Verizon Helpdesk is available at 24 x 7 at 888-216-2063.


Maintenance is performed weekly in a 3 hour window between 7:00 pm and 10:00 pm, every Friday, excluding holidays. If an outage occurs impacting either the Boston or Chelsea VPN Gateway, customers will be notified about the outage, downtime and instructed to connect to the available Gateway. Ad-hoc maintenance is scheduled through change control and customers are notified though part of the change control.



3. Service Reporting

The following reporting information is provided to customers as part of this service:



Reporting Interval

System Resource Utilization

By user account, a summary report of:

  • User utilization per day
  • Source and destination IP


Monthly report posted to DocDirect

4. Service Requests

COMiT Service Requests*


Lead Time-Business Days

New VPN External Remote Access

This request is to obtain a new VPN certificate for remote access MAGNet.

3 Days

New VPN Business Group Remote Access

This request is to obtain new VPN certificates for a Business Group requiring remote access to MAGNet.

3 Days

Pre-Enroll VPN for Business Continuity

This request is to pre-enroll for a VPN certificate in advance of a Business Continuity event.

3 Days

New VPN RSA Token for Business Continuity

This request is to pre-enroll for RSA token in advance of a Business Continuity event.

3 Days

VPN Self-Enrollment for Business Continuity

This request is to self-enroll for a VPN certificate when a Business Continuity event has been determined.

3 Days

*For new service requests only. To manage existing requests, please log into COMiT.

5. Customer Responsibilities

Customers must sign the Remote Access Agreement and notify ITD immediately upon a change in a user's employment status.

For your convenience, you may also view a detailed list of customer responsibilities doc format of    vpn_services_definition.doc  .


6. Chargeback Rate Information

For more information on Chargeback, including an overview of the program as well as current and previous fiscal year rates, please visit our Chargeback Services webpage.

Customers are directly charged $8.86 per month and reimburse Verizon directly. No additional detail is available for review.


Reviewed February 25, 2014
Updated June 20, 2011
Published August 14, 2009
Created April 14, 2009: Information provided by the Security Office