SERVICE DEFINITION G-CLOUD 7 THALES PSN MAIL GATEWAY. Classification: Open



Similar documents
Thales Service Definition for PSN Secure Gateway Service for Cloud Services

Managed Backup. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

SERVICE DEFINITION G-CLOUD 7 SECURE FILE TRANSFER DIODE. Classification: Open

Connecting to the Cloud. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 01/12/2014. Classification: Open

Application Management. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Protective Monitoring as a Service. Lot 4 - Specialist Cloud Services. Version: 2.1, Issue Date: 05/02/201405/02/2014. Classification: Open

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

Cloud Enablement. Lot 4 - Specialist Cloud Services. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Managed Server. Lot 2 - Platform as a Service. Version: 3.0, Issue Date: 05/02/2014. Classification: Open

Thales Service Definition for IL3 Encrypted Overlay for Cloud Services

Router and Vetting G-Cloud Service Definition

GPG13 Protective Monitoring. Service Definition

PSN Protective Monitoring. Service Definition

Service description RFL Virtual Data Centre

Lot 1 Service Specification MANAGED SECURITY SERVICES

Thales Service Definition for NOC Services for Cloud

Data Warehouse as a Service. Lot 2 - Platform as a Service. Version: 1.1, Issue Date: 05/02/2014. Classification: Open

GOVERNMENT HOSTING. Cloud Service Security Principles Memset Statement.

Vodafone secure mail services

and Collaboration as a Service. Lot 3 - Software as a Service. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

SERVICE DEFINITION DOCUMENT MANAGEMENT IN THE CLOUD

Dedicated Compute Cloud. Lot 1 - Infrastructure as a Service. Version: 1.0, Issue Date: 09/12/2014. Classification: Open

Desktop Services (Production) Lot 2 - Platform as a Service. Version: 2.0, Issue Date: 05/02/2014. Classification: Open

A. Reference information. A0. G-Cloud Programme unique ID number for the service and version number of this scoping template

Accessing and sending data securely across security domains

e2e Secure Cloud Connect Service - Service Definition Document

G-Cloud Managed Exchange SaaS. Service Description

UK Government IA Recent Changes and Update

IBM G-Cloud Microsoft Windows Active Directory as a Service

Remote Access Service (RAS)

Open Source Sales Force Automation (SFA) in the Cloud SaaS

Cisco Cloud Security Interoperability with Microsoft Office 365

service description Document Management in the Cloud Software as a Service

1 ForestSafe SaaS Service details Service Description Functional Non Functional

Involve Cloud Video Conferencing Service. VC:me (Video Conferencing: made easy) Service Definition

G-CLOUD FRAMEWORK RM1557-vi 5DRIVE PERSONAL CLOUD BACKUP

Log and Refer Service Desk IL0. September 2013

IBM Web Server as a Service

Solution Overview. Our Solution employs two tiers of storage aligning costs of storage with the changing value of data over time.

G-Cloud Service Definition. Atos Infrastructure as a Service (IL3) for Cloud IaaS

Documentum Document Management in the Cloud Service Definition

SonicWALL Security Quick Start Guide. Version 4.6

G-Cloud Managed Exchange SaaS. Service Description

Get Better Protected... Secure data sharing made possible with Updata s Encryption Overlay Service.

Infrastructure as a Service (IaaS) Compute with Secure Storage and Secure Backup

G-CLOUD 7 - VIRTUAL ASSET MANAGER (VAM) SPECIALIST CLOUD SERVICES (SCS)

G-Cloud 7 Service Definition. Atos Oracle Cloud ERP Implementation Services

Growth Through Excellence

Trend Micro Hosted Security. Best Practice Guide

Service Definition Document

CenturyLink Disaster Recovery Service. G-Cloud V Lot 4 (Specialist Cloud Services)

CESG ASSURED SERVICE CAS SERVICE REQUIREMENT PSN CA (IPSEC)

Introduction to Centerprise International Limited

Specialist Cloud Services. Acumin Cloud Security Resourcing

Vodafone Private Cloud

G-Cloud Service Definition. Atos Oracle Cloud ERP Implementation Services

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

Check Point Security Administrator R70

Software as a Service (SaaS) Online HR

Backup as a Service. Service Definition. G-Cloud VI. Information Security Management System

Deploying Layered Security. What is Layered Security?

Amazon Compute - EC2 and Related Services

Digital Forensics G-Cloud Service Definition

G-Cloud Service Definition. Atos Information Security Wireless Scanning Service

Service Definition Easysite Web CMS

VODAFONE G-CLOUD SMS-SERVICE

MAILGUARD LIVE. Continuity. Trust the innovator to simplify cloud security

Service Description. Communications Data WorkFlow Management Software from Cyclops Cloud. Product Overview

How To Secure Cloud Compute At Eduserv

Core Protection Suite

Customer Hosted Service Description and Service Level

Agilisys G-Cloud Service V

Collax Mail Server. Howto. This howto describes the setup of a Collax server as mail server.

Service Description Archive Storage in the Cloud

Cloud Storage. Lot 1 - Infrastructure as a Service. Version: 3.0, Issue Date: 03/12/2014. Classification: Open

Service Definition MMaaS Mobile Device Management. G- Cloud VII. Service Definition Nine23 MMaaS Mobile Device Management

Service Description for Hosted Server

Amazon Relational Database Service (RDS)

Secure Remote Backup (IL3) G-Cloud Lot3 IaaS

G-CLOUD IIII FRAMEWORK SERVICE DEFINITION: SCHOOLS HOSTED SERVICE FOR SIMS

N e t w o r k E n g i n e e r Position Description

SFW CRM for Stakeholders - MS Dynamics CRM

Neocol E-Discovery Consulting Services

IBM G-Cloud Application Systems Management as a Service

Transcription:

SERVICE DEFINITION G-CLOUD 7 THALES PSN MAIL GATEWAY Classification: Open

Classification: Open ii MDS Technologies Ltd 2015. Other than for the sole purpose of evaluating this Response, no part of this material may be reproduced or transmitted in any form, or by any means, electronic, mechanical, photocopied, recorded or otherwise or stored in any retrieval system of any nature without the written permission of MDS Technologies Ltd. MDS Technologies Ltd, 2 Methuen Park, Chippenham, Wiltshire, SN14 0GX Telephone: 01225 816220, Fax: 01225 816281 CONTENTS WHY MDS?... 3 SUMMARY OF SERVICE FEATURES... 3 PRODUCT OVERVIEW... 3 PRODUCT FEATURES... 6 EXAMPLE USE CASES... 7 INFORMATION ASSURANCE... 7 ON BOARDING AND OFF BOARDING PROCESSES... 7 PRICE MODEL... 7 SERVICE MANAGEMENT... 8 SERVICE CONSTRAINTS... 8 SERVICE LEVELS... 8 ORDERING AND INVOICE PROCESS... 9 SERVICE LEAD TIME... 10 TERMINATION COSTS... 10 CUSTOMER RESPONSIBILITIES... 10 RELATED SERVICES... 10

WHY MDS? Bespoke cloud solutions that fit your business needs Trusted provider of agile, scalable and assured digital services Full range of cloud hosting and enablement solutions Security Cleared (SC) operational support staff Honest providers of services, support and practical advice 24/7 support through our ITIL-aligned Service Desk A privately owned, UK sovereign company We are an SME - agile with minimal bureaucracy Providing infrastructure services to the Public Sector for over 12 years Certified against ISO 27001, ISO 9001, ISO14001 and Cyber Essentials Plus We listen to our customers, we understand, we deliver PROFESSIONAL, PERSONALISED SOLUTIONS SUMMARY OF SERVICE FEATURES Accredited Solution with ITIL service management Complete suite of features including firewalling, virus checking, intrusion detection and gateway policy enforcement Complete reporting service Resilient service, provided from two data centres Suitable for information protected up to OFFICIAL SENSITIVE. Options available for Remote Access solutions. PRODUCT OVERVIEW Connectivity is a key element of any Cloud service, and providing connectivity in to enhanced secure services such as those connected to the Elevated PSN requires a higher level of security than a simple Internet link. Working with Thales, MDS can provide Mail Gateway solutions to the Protected Public Sector Network (PSN) in order that your users, administrators and third party support organisations can exchange data between your Cloud services and the internet. By connecting through the Thales Secure Mail Gateway service, users can exchange mail data with the internet with protections in place based on defined security policies, thus supporting business process. This reduces the technical restrictions that are typically placed when using PSN networks combined with Cloud service solutions. The Thales Mail Gateway Service securely manages the boundary between the Customer s own security domain(s) and other external networks or security domains. These domains may be at different security levels (previously referred to as Impact Levels), or may be just a separate domain at the same security level, for which the customer needs to exercise control over the flow of information and access. In all cases the Mail Gateway Service will be configured and managed to execute the Customer s own security policies. The policies will define the data contained within emails allowed to traverse the

boundary both into and out of the customer network. In the case of Mail traffic, the security policies provide filtering capabilities that include but are not necessarily limited to malware detection and within attached files, file type restrictions, SPAM filtering, word filtering, URL checking within the body of the e-mail and sender based reputation. The Service enables a safe, controlled and secure access to external emails, helping to facilitate joined up government, whilst protecting the Customer s secure information held with the caveats OFFICIAL and OFFICIAL SENSITIVE. The diagram below shows the Thales Mail Gateway solution in the context of PSN. The solution provides customers with the capability to connect to it and pass their Mail traffic through it when sending mail or receiving mail from other networks, be they on PSN (at ASSURED or PROTECTED) and untrusted networks such as the Internet. THIRD PARTY PROVIDER PSN DNSP PSN(P) IPED THALES GATEWAY SERVICE BOUNDARY Customer Users And Customer User Auth Customer Mail Server THALES PSN DNSP PSN(P) PRIMARY PSN(P) DR PSN(P) Customer Users And Customer User Auth Customer Mail Server INTERNET INTERNET FW Primary Mail Gateway Service Mail Security Policy DR Mail Gateway Service INTERNET FW INTERNET PRIMARY PSN(A) DR PSN(A) Customer Users And Customer User Auth Customer Mail Server THALES PSN DNSP PSN(A) GCN Customer Users And Customer User Auth Customer Mail Server THIRD PARTY PROVIDER PSN DNSP PSN(A) This solution provides customers with a single point at which they can control all data leaving and entering their network, and ensure that it meets their internal security policy.

Thales PSN Gateway Services solution provides a mechanism to allow a customer to; exchange email with the PSN and the Internet, and provides access to the PSN and Internet to access web based applications. An overview of the integration touch points with the customer infrastructure is depicted in the diagram below. Enterprise Email Ironport Mail (ESA) SMTP Enterprise CA LDAP Enterprise AD Customer Firewall Thales Management LAN Customer Server/Desktop Environment Thales gateway service includes connectivity between the Customer Server/Desktop Environment, the PSN and the Internet. The following sections identify the dependencies on the other customer infrastructure elements. Assumptions Email will be exchanged between Thales managed Email Gateway and the customer managed mail servers using SMTP. The current list of SMTP relays will be configured on the Email Gateway to forward email. Customer will send email to the primary gateway and will failover to sending to the secondary gateway. This can happen either due to congestion or round robin. Thales will receive email into either primary or secondary gateways using MX records from the PSN and the Internet. Email will then be delivered to the customer managed mail servers using static mailer tables using SMTP. Detailed security policy to be controlled by the gateway will be provided by the customer. Note: services to develop these policies are available on request and will be a chargeable option. Customer Dependencies The solution requires the ability to perform LDAP(s) lookup on the Customer Active Directory for checking valid users.the Server provider will provide CA certificates from the trust chain to allow full chain validation.

PRODUCT FEATURES TheThales PSN Mail Gateway service has the following features: Uses best of breed industry technology Connections to IPED, PSN(A) and PSN(P); the Mail Gateway serivce includes connection from the Thales Data Centre to IPED, GCN, PSN(A) or PSN(P) (on the Thales PSN DNSP). This enables customers to connect through to their destination network Fully Managed Solution; the solution is fully managed and protectively monitored. Assistance with Customer Active Directory Connection; Thales work with the customer to connect the service to their existing Active Directory services (please note in some cases this may require connectivity options). Disaster Recovery; the Mail Gateway service operates within a fully resilient architecture with a Disaster Recovery site to ensure business continuity for customers and a highly available service. Advanced filtering capabilities as follow: Mail Address and Domains; defined domains for receipt or transmission of mail. Anti-SPAM and Anti-Virus Incoming and Outgoing Content Filters; word fitering, and options for advance DLP such as credit card number recognition are available options. Self-Release; options for users to self-release e-mail with logging at a secure mailbox for auditing. Optional Reporting Mechanisms: System Information or System Status Mail Information; Mail Statistics for both inbound and outbound Mail. Optional Chargeable Additions; PSN(P), PSN(A), IPED and GCN Connectivity via Thales DNSP. Policy definition; as an option MDS can provide a service to develop a mail security policy that the Gateway will enforce. Consultancy and Design Assistance; Thales provide consultancy for the design and provision of bespoke remote access services. Remote Access Solutions. Secure Web Gateways.

EXAMPLE USE CASES This service has a wide variety of uses, including: Providing access to PSN based mail services. Providing managed, secure and monitored mail information exchange with other PSN networks and untrusted networks such as the internet. INFORMATION ASSURANCE The Pan Government Accreditor (PGA) has accredited both the Thales PSN Protected WAN Overlay (formerly IL3 connectivity) and PKI services; these services are registered as PSNSP 002 and SRV0111. Thales has registered its Gateway Services solution with the Public Services Network Authority under the registration number SRV 0166. This service is currently accredited by the Pan Government Accreditor (PGA). The protective monitoring and ITIL service management for both the accredited PSN Connectivity Services and the Secure RAS Gateway Services are hosted within our Tier 3 (TIA) List X Certified Doncaster Data Centre operation. In addition to the physical protection of the service, Thales, as a Certified CESG Assurance Service (Telecommunications) CAS(T) and ISO 27001:2005 supplier, has a mature and regularly maintained ISO 27001 ISMS. All of the documentation required is in accordance with, and compliant against HM Government IS No 1&2 and PSNA documentation sets. Thales as both a PSN DNSP and PSNSP has been fully accredited under the PSN IA regime. This level of IA and Service Assurance ensures that the Thales services are compliant with Cyber Essentials and Network Security Principles; as specified in the Cabinet Office s Procurement Policy Note (09/14 25 September 2014). This level of assurance also ensures that Thales services are compliant with Implementing the Cloud Security Principles (14th August 2014). ON BOARDING AND OFF BOARDING PROCESSES On-boarding Customers will contract with MDS for the number of users required. During the on-boarding phase MDS and Thales will work with the customer to provide assurance that the customer mail serivces are correctly configured to meet Thales requirements. Off-boarding During off-boarding MDS will work with Thales to decommission your Mail Gateway service, securely removing any customer configuration and Mail data. PRICE MODEL Pricing for this service is dependant on the offering chosen.

Internal Users The cost of implementing and supporting the Mail Gateway depends on the number of accounts being ordered. Example pricing for 100 and 250 users is included below. Users Upfront charge Recurring Charge (12 months) Per-User Per-Month 100 103,751.55 4,965.45 136.11 250 106,402.80 5,653.20 58.08 Significant discounts can be supplied where the Gateway is purchased alongside our other Thales provided services. SERVICE MANAGEMENT This service is managed by MDS 24/7 Service Desk, with Thales acting as a resolver group. Further support, maintenance, facilitation and training services are available if required. SERVICE CONSTRAINTS There is a minimum contract period of 12 months on both Internal and External options. Pricing is exclusive of IMACs (Installs, Moves and Changes). SERVICE LEVELS The following table details the services levels that apply to the Service Management functions (ITIL V3) for the Secure Mail Gateway Service. Service Attribute Incident Management Availability Service Level 24hrs, 365 days per year. Incidents may be raised by designated Customer personnel, or by those identified in the Thales Network Operation Centre s processes and procedures. Escalation and reporting will be in accordance with Thales Network Operations Centre processes and procedures. For a severity 1 incident, Time to Respond is 1 hour from logging the incident followed by a further Time to Fix of 4 hours. The availability target is 99.9% and will be measured and reported on monthly. A threshold for service credits is set at 99.7%. The high level of availability is underwritten by the dual resilient architecture. In the event of a Gateway Service component failure the service will continue to operate by failing over to the DR location.

Service Attribute Service Requests Release Management Service Reporting Capacity Management Service Outages Change Request Disaster Recovery Service Level Including IMACs (Installs Moves and Changes). Service Requests are not a part of the Secure Mail Gateway Service and all changes are required to be progressed through the CR process. Service Requests are chargable. Releases will be issued and applied in-line with those provided by the original equipment manufacturers and according to a Forward Schedule of Change that will be circulated to all customers prior to any work. Service reports may be provided and show monthly information regarding policy infrigements. The Thales Gateway Service is licenced to operate up to the defined number of users in the customer contract for Web and Mail authorised users. Capacity Management issues relating to an extended capability will be addressed through the change process. Performance will be monitored by Network Operations staff, and any potential capacity issues will be addressed through the incident management or change management process. Any scheduled outage will be excluded from availability calculations. Thales operates with a planned maintenance window between the hours of 01:00 and 05:00 on Sunday subject to an agreed Forward Schedule of Change. Maintenance is carried out only when necessary and all outages are subject to a rolling monthly Forward Schedule of Change circulated to customers. Customers can generate changes to the service through submission of a change request by the designated customer representative to the Thales Service Delivery Manager. All change requests will be managed by the Thales Change Advisory Board (CAB). The Mail Gateway Service provides a resilient service with a DR capability operating in a hot-standby configuration. If DR has been initiated and a service effecting incident occurs within the DR site, this will be considered as a severity one failure with the resultant four hour time to fix target and escalation procedures. ORDERING AND INVOICE PROCESS A purchase order and Call-Off form are required. The Call-Off form details the services, charges and payment arrangements. In support of this Thales will provide a written: Specification Document Service Level Agreement Deployment Plan that includes key milestone dates and any customer dependencies (see customer requirements).

Billing for the service is monthly in advance. Payment can be via the following methods: Bacs or Cheque. SERVICE LEAD TIME Organisations can order services and be activated within 6 8 weeks. TERMINATION COSTS There are no termination costs for this service, subject to the minimum contract period. At the point of termination, all client configuration, accounts and access will be permanently deleted. CUSTOMER RESPONSIBILITIES To ensure a smooth integration and operation of the service the Customer is responsible for the following: Provide suitably qualified staff with knowledge of the customer infrastructure to work with the Supplier delivery team, enabling the Gateway systems to be correctly configured by the Supplier. Provide contact details for an approved set of IT staff that will have permissions to raise Incidents. Provide contact details for incident escalation. Ensure the Customer network is compliant with relevant PSN Code of Connection requirements. Provide Security Manager contact details for reporting any notifiable security events. Provide connectivity for PSN to allow connection from the service to the Customer estate. RELATED SERVICES This service may be bought in conjunction with the following other G-Cloud services: Cloud Enablement Transition Management Managed Server Thales PSN Remote Access Thales PSN Web Gateway

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information