Internal VPN Requests

This page provides instructions for requesting SSL VPN for EOTSS employees and business partners only.

Submitting a Request

Please follow these steps to procure a VPN token or certificate:

Step 1. Submit a Service Request in ServiceNow using one of the appropriate classifications listed below. (contractors or business partners should not be allowed to submit requests on their own.)

  • EOTSS Employee - Request a New VPN Internal Remote Access (508060)
  • EOTSS Contractor - Request a New VPN Internal Remote Access (508080)

Step 2. EOTSS Employees, print, complete and sign the MassIT Employee VPN Agreement Form OR, if you are a Contractor, print, complete and sign the VPN User Agreement and Business Form

Step 3. Using the costs below, print and complete the Supply Request Form

  • The costs for the VPN certificate and token services are listed below:
  • The costs for the VPN certificate service are: $8.86 per month per certificate user; plus a one-time charge of $3.49.
  • The costs for the VPN token service are: $6.00 per month per token user; plus a Verizon infrastructure charge of $1.86, totaling $7.86 per month; and a one-time charge of $3.49. 
  • Additionally, there are costs for the token which vary depending on who you purchase them from and for how long.  The token purchase is a separate supply request to a vendor on the blanket contract for tokens.  Once the token(s) are purchased, the “seed file” for them will need to be sent to EOTSS Security Engineering & Operations to install on the authentication server.  EOTSS Security Services at 617-660-4420, should be able to coordinate this task.
  • Billing runs from July 1st to June 30th on a fiscal year basis; so please, request the correct amount of months until the end of the fiscal year on the supply request.
  • Use the Attachment “A” form from Verizon if needed to determine the Verizon VPN costs.  

Step 4. Attach the signed EOTSS Employee or VPN User/Business Partner Agreement form to the Supply Request Form.

Step 5. Submit both forms to your Resource Manager* for approval which will follow your group's internal approval process.

Step 6. The Resource Manager submits both completed and signed forms to TFG (Technical Finance Group) to process. Note: TFG will not be able to process VPN Supply Requests without the signed user agreement.

Step 7. If the request is for a certificate, once the supply request is approved and processed for the SSL VPN request, an email will be sent to the user or the EOTSS Security Officer designate with an embedded link to download the SSL VPN certificate.  When the user clicks on the embedded link in the email to download the SSL VPN certificate, they will be connecting to the Megapath/Verizon Service Center website.  The user will then have access to the SSL VPN client to download and the installation instructions.  

Additionally, if any technical problems are encountered with the downloading or installation of the SSL VPN client, certificate or token, CommonHelp, as the VPN Technical Contact for EOTSS, provides all the necessary SSL VPN technical support. CommonHelp's phone number is: 1-866-888-2808.

All business partners and contractors work with the Project Manager of the project or the Resource Manager that hired them. Their access is restricted and will need a Non-Employee VPN Group request form attached as explained in the " External VPN Request".

All SSL VPN requests are for the SSL Certificate, unless there is decision by the manager of the employee to have a token.  If the request is for a token instead of a SSL VPN certificate; the Resource Manager will need to work with the Security Services Group to find out how to obtain one.  This would entail purchasing the token from one of EOTSS' contract vendors and coordinating with EOTSS Security Services Group its implementation.  Tokens are usually purchased from one to three years or more.

Important Note:

This is a service for which monthly charges are incurred starting when the token or certificate is issued.  These charges will be billed and paid until VPN is cancelled.  To cancel VPN as a result of staff leaving, a de-provisioning service request must be processed.  To cancel VPN for any other reason email a request to cancel the VPN to the Procurement Manager (Annemarie Kates).  It is important to let her know when the employee has left and is no longer using the token or certificate.  Also, insure that if it is a token that it is returned to the Resource Manager.

* Your Resource Manager, the person who is your manager and is responsible for requesting services of this type for their subordinates, can assist with the proper completion of the form. Incorrectly completed forms may be returned which will slow down the process.