State of Wisconsin. Virtual Private Network (VPN) Service Offering Definition (SOD)



Similar documents
State of Wisconsin DET File Transfer Protocol Service Offering Definition (FTP & SFTP)

State of Wisconsin. Virtual Private Network (VPN) Roles and Responsibilities

Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

State of Wisconsin. Active Directory (AD) Service Offering Definition (SOD)

State of Wisconsin. Wide Area Network (WAN) Quality of Service (QoS) Service Offering Definition (SOD)

Replacing Sneaker Net with the Internet. DREXEL UNIVERSITY ischool INFO614 DISTRIBUTED COMPUTING & NETWORKING FINAL PROJECT

Phone: Fax: Box: 230

Summer Webinar Series

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Implementing Cisco Secure Mobility

Access Your Cisco Smart Storage Remotely Via WebDAV

Campus VPN. Version 1.0 September 22, 2008

Network Services Internet VPN

Remote Desktop Gateway. Accessing a Campus Managed Device (Windows Only) from home.

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Steelcape Product Overview and Functional Description

UBC Digital Signage Service: CoolSign 5.0 Initial Set- up Guide

State of Wisconsin. Output Management: LAN Print Services Service Offering Definition (SOD)

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Leostream Corporation leostream.com Share this Whitepaper!

Request for Proposal MDM Offeror s Questions for RFP for Virtual Private Network Solution (VPN)

ICAWEB423A Ensure dynamic website security

ASA 8.x: VPN Access with the AnyConnect VPN Client Using Self Signed Certificate Configuration Example

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Implementing Core Cisco ASA Security (SASAC)

AnyConnect VPN Client FAQ

PIX/ASA: Allow Remote Desktop Protocol Connection through the Security Appliance Configuration Example

(d-5273) CCIE Security v3.0 Written Exam Topics

What is the Barracuda SSL VPN Server Agent?

custom hosting for how you do business

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

Requirements Collax Security Gateway Collax Business Server or Collax Platform Server including Collax SSL VPN module

Balboa Park Online Collaborative San Diego, California May 2013

Understanding VPN Technology Choices

ZyWALL OTPv2 Support Notes

Secure remote access to your applications and data. Secure Application Access

SSL VPN Service. Once you have installed the AnyConnect Secure Mobility Client, this document is available by clicking on the Help icon on the client.

Cisco QuickVPN Installation Tips for Windows Operating Systems

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

ACCREDITED SOLUTION. EXPLORER Cisco Systems VPN Client

State of Wisconsin Division of Enterprise Technology (DET) Enterprise E-fax Service Offering Definition (SOD)

Draft Technical Specifications for Multilevel Security Authentication Device

Cisco Actualtests Exam Questions & Answers

State of Wisconsin. Uninterruptible Power Supply (UPS) Service Offering Definition (SOD)

Oracle Desktop Virtualization

INTRODUCTION... 2 Windows Windows Mac OS X Ubuntu Advanced routing Windows Mac OS X Ubuntu...

Interact Intranet Version 7. Technical Requirements. August Interact

Other VPNs TLS/SSL, PPTP, L2TP. Advanced Computer Networks SS2005 Jürgen Häuselhofer

Connecting to Miami University s EHR Solution (GE Centricity)

NCP Secure Enterprise Management Next Generation Network Access Technology

SSL VPN A look at UCD through the tunnel

How to set up Apple OS X Server

Service Descriptions

OIS. Update on Windows 7 at CERN & Remote Desktop Gateway. Operating Systems & Information Services CERN IT-OIS

VPN Tracker for Mac OS X

Cisco Virtual Office Express

Authentication. Authentication in FortiOS. Single Sign-On (SSO)

Remote Vendor Monitoring

Securing Networks with Cisco Routers and Switches 1.0 (SECURE)

GlobalProtect Overview

How to access UCSD Restricted Library Journals off campus, including from Rady Children's hospital.

Cisco Secure Access Control Server 4.2 for Windows

State of Wisconsin DET File Transfer Protocol (FTP) Roles and Responsibilities

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 8 Authentication

Gigabit SSL VPN Security Router

University Computing & Telecommunications Virtual Private Networking: How To/Self- Help Guide Windows 8.1 Operating System.

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

BOMGAR FOR VENDOR ACCESS SECURE REMOTE ACCESS FOR THIRD-PARTIES

ACL Compliance Director FAQ

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

The BiGuard SSL VPN Appliances

Secure Remote Access Solutions Balancing security and remote access Bob Hicks, Rockwell Automation

External Authentication with Cisco ASA Authenticating Users Using SecurAccess Server by SecurEnvoy

Cisco Certified Security Professional (CCSP)

Cisco IOS SSL VPN: Router-Based Remote Access for Employees and Partners

Cisco ASA 5500 Series Adaptive Security Appliance 8.2 Software Release

Corporate VPN Using Mikrotik Cloud Feature. By SOUMIL GUPTA BHAYA Mikortik Certified Trainer

Fundamentals of Windows Server 2008 Network and Applications Infrastructure

Scenario: IPsec Remote-Access VPN Configuration

Hardware and Software Requirements for Installing California.pro

Managing Enterprise Security with Cisco Security Manager

MICROS Customer Support

This chapter describes how to set up and manage VPN service in Mac OS X Server.

YubiRADIUS Deployment Guide for corporate remote access. How to Guide

TECHNOLOGY LEADER IN GLOBAL REAL-TIME TWO-FACTOR AUTHENTICATION

Ancero Hosted Virtual Server (HVS) and Hosted Virtual Desktop (HVD) Service Guide

Security. AAA Identity Management. Premdeep Banga, CCIE # Cisco Press. Vivek Santuka, CCIE # Brandon J. Carroll, CCIE #23837

Managing Enterprise Security with Cisco Security Manager

How To Authenticate An Ssl Vpn With Libap On A Safeprocess On A Libp Server On A Fortigate On A Pc Or Ipad On A Ipad Or Ipa On A Macbook Or Ipod On A Network

Compliance and Security Challenges with Remote Administration

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Phone: Fax: Box: 230

Cisco VPN Concentrator Implementation Guide

ehealth Ontario EMR Connectivity Guidelines

SingTel VPN as a Service. Quick Start Guide

Cisco ASA. Administrators

Network Access Security. Lesson 10

For more information refer: UTM - FAQ: What are the basics of SSLVPN setup on Gen5 UTM appliances running SonicOS Enhanced 5.2?

Global VPN Client Getting Started Guide

Transcription:

State of Wisconsin Virtual Private Network (VPN) Service Offering Definition (SOD)

Document Revision History Date Version Creator Notes 9/15/11 1.5 Amy Dustin Annual review minor edits

Table of Contents Introduction...4 What Is Included...4 VPN Remote Appliance to DET...4 VPN Client to DET...4 What Is Not Included...5 VPN Remote Appliance to DET...5 VPN Client to DET...5 Benefits...5 Service Description...5 VPN Remote Appliance to DET Service...5 VPN Client to DET Service...5 Service Period...6 Roles and Responsibilities...6 Business Continuity...6 Monitoring...6 Configuration Overview...6 How Services Are Charged...7 Remote Appliance to DET Charges...7 Client to DET Charges...7 VPN Service Offering Definition iii Last Updated: 9/15/2011

Introduction The DET Enterprise Virtual Private Network (VPN) solution offers agencies a needed connectivity option for remote users. This option also encompasses the use of Active Directory for authentication to the state s resources. This service achieves the following: Allows for a secure, encrypted tunnel to the state s network and data center Allows remote users to authenticate to their agency Local Area Networks (LANs) Allows access to e-mail, applications, and user/group shared resources DET has two encrypted VPN service offering options: VPN Remote appliance to DET VPN Client to DET The type of VPN solution implemented at each location is determined jointly between DET staff and the requesting agency. What Is Included VPN Remote Appliance to DET VPN appliances at the Femrite Data Center and 101 E. Wilson managed by DET staff 24x7 monitoring of the VPN appliances VPN appliance at the remote site Installation of the VPN appliance on the agency-procured Internet/Telco connection VPN Client to DET VPN appliances at the Femrite Data Center and 101 E. Wilson managed by DET staff 24x7 monitoring of the VPN appliances Cisco SSL VPN client software for Windows XP/Vista/7 (32-bit and 64-bit), Linux, and Mac OS Cisco AnyConnect client software for Windows XP/Vista/7 (32-bit and 64-bit), Linux VPN Client software connection authentication is made via LDAP to the appropriate Active Directory (AD) domain for each user VPN Service Offering Definition 4 Last Updated: 9/15/2011

What Is Not Included VPN Remote Appliance to DET Procurement of the Internet/Telco connection to the remote location Management of the Internet/Telco connection to the remote location Billing for the Internet/Telco connection that the agency procures Troubleshooting of desktop issues VPN Client to DET Procurement of the Internet/Telco connection to the remote location Management of the Internet/Telco connection to the remote location Billing for the Internet/Telco connection that the agency procures Updates to VPN software clients Troubleshooting of all desktop issues or technical assistance Broadband satellite-based Internet connections due to increased latency that limits performance Benefits Provides a secure method for access to state resources from remote locations Service Description VPN Remote Appliance to DET Service This service requires a hardware VPN appliance at the remote site. It creates a point-topoint connection that can be available 24x7. Multiple users can connect to the LAN side of the VPN appliance. The remote site becomes an extension of the agency s network, and is able to access resources as determined by the security policies defined by the agency. VPN Client to DET Service This service requires a software application installed on the remote user s device. Agency technical staff has the choice of the full IPSEC client or the light-weight Cisco AnyConnect client which employs the SSL protocol. Each user must authenticate to the remote VPN appliance at DET via a LDAP call from the VPN appliance to AD to establish an encrypted tunnel. After authentication to the VPN appliance, the user will have access to resources as determined by the access and security policies defined by the agency. Note that the VPN Client to DET service is not designed to replace the full functionality of a product such as Citrix, but can be used to provide basic connectivity. A good use case for VPN is to permit users to access their office computer remotely via RDP. This model VPN Service Offering Definition 5 Last Updated: 9/15/2011

is easy to support and the user can access network resources as if they were sitting at their office desk. Service Period The SOD, Roles and Responsibilities (RnR) and rate will be reviewed annually to determine if any modifications are required. Roles and Responsibilities Roles and Responsibilities for the VPN service can be found here. Business Continuity DET has two sets of VPN appliances, one set located at the Femrite Data Center and one at 101 E. Wilson. This allows for continued service should one of the appliances fail. Monitoring Standard monitoring includes alerting and reporting to DET support staff for CPU, memory, I/O and up/down status of the appliances. Configuration Overview Overview of the current environment at DET for both VPN options: Fault-tolerant VPN hardware appliances in the DET core. These appliances are VPN appliances that take all the remote client connections and route them to the networks and resources that the end user is accessing. They work in conjunction with Active Directory (AD) for authentication to network resources. VPN hardware appliance for locations with between three and seven users to create a point-to-point connection (VPN appliance to DET option only). VPN software client for individuals (VPN Client to DET option only). Current authentication to the network via the software client (VPN Client to DET option only). Current Active Directory (AD) authentication to resources using Remote Desktop Protocol (RDP). Different VPN groups and filters are set up to control security access to agency and DET resources. VPN groups can be set up for vendor support access as well. VPN Service Offering Definition 6 Last Updated: 9/15/2011

How Services Are Charged Remote Appliance to DET Charges DET staff tracks time and bills at the current hourly consulting rate to determine the one-time installation charge. The one-time charge is billed through the Enterprise Billing System. A monthly recurring charge for each installed appliance is billed through the Enterprise Billing System. Client to DET Charges A user ID must be assigned to an AD security group that allows access to DET resources using a VPN client. The agency security officer is responsible for keeping that AD security group current. DET counts the number of users in that specific AD security group on an annual basis. DET assesses an annual charge for the number of users for each agency. This annual charge is billed through the Enterprise Billing System. Please see the IT Services Rate Sheet for rate information. VPN Service Offering Definition 7 Last Updated: 9/15/2011

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information