Florida Department of Management Services - DMS
[pic]
MyFloridaNet User Guide
Last updated April 14, 2015 (v3.0)
This document is subject to change without notice. Please check for updated revisions on the MFN website.
Contents
1.0 MyFloridaNet User Guide 6
1.1. Purpose 6
1.2. DMS Point of Contacts 6
1.3. MyFloridaNet NOC – Network Troubles and Outages 6
1.4. DMS and MFN Website Links 7
2.0 Standard MyFloridaNet Service 8
2.1. Introduction 8
2.2. Key Benefits and Features 8
2.3. Access types under Standard MyFloridaNet 9
2.3.1. Frame Relay Access 10
2.3.2. Ethernet Access 10
2.3.3. DSL Access 10
2.4. Optional Services 10
2.4.1. Extended Wiring (Copper Only) 10
2.4.2. Expedite Services 11
2.4.3. After Hours 11
2.5. SLA Overview 11
2.5.1. SLA Categories 12
2.5.2. Service Levels Exclusions 16
3.0 Customer Network Support 17
3.1. Network Assurance Plan 17
3.2. Trouble Management Support 18
3.3. Trouble Reporting Procedures 18
3.4. Customer Responsibilities 19
3.4.1. Contact Information 19
3.4.2. Submission of a Trouble Report 21
3.4.3. DMS List Server Information and Subscription 21
3.5. MFN NOC Responsibilities 21
3.6. Trouble Isolation & Resolution 22
3.7. Trouble Report Status Check 23
3.8. Trouble Tickets Classification 23
3.8.1. Problem Severity Classifications 23
3.8.2. Special Handling 25
3.9. Notification and Status Commitments 25
3.10. Maintenance Window 26
3.10.1. MFN Core Infrastructures 26
3.10.2. Local Exchange Company (LEC) Network 26
3.11. Escalation Procedures 26
3.12. Generating Configuration Change Request (MFN CSAB ordering system vs. MFN NOC) 27
3.12.1. MFN Managed Option 27
3.12.2. Customer Managed Option 27
3.12.3. CPE Configuration Changes and SLA Guidelines 28
3.13. MFN Major Outage Process 29
3.14. Requesting a Reason for Outage (RFO) 30
3.15. Testing Disaster Recovery (DR) Solutions 30
3.15.1. Disaster Recovery Ticket Procedure 30
4.0 Ordering MyFloridaNet Services 31
4.1. Eligibility for Service 31
4.2. Prerequisites for Ordering 31
4.2.1. SUNCOM Network Services Agreement (SNSA) and Online CSA Registration 31
4.2.2. Port Speed Selection 31
4.2.3. Access Speed and Method Selection 32
4.2.4. CPE Selection 32
4.2.5. MFN Service Inquiry 32
4.2.6. Special Construction 32
4.2.7. Site Readiness 33
4.2.8. Special Options 33
4.2.9. Ordering IP QoS 33
4.2.10. Ordering IP Multicast 33
4.2.11. Ordering MFN DSL Services 34
4.3. Order Process 34
4.4. Modifications to Existing Service (MFN CSAB vs. MFN NOC) 34
4.4.1. MFN Managed Option 34
4.4.2. Customer Managed Option 35
4.4.3. CPE Configuration Changes and SLA Guidelines 36
4.5. Relocation of MFN Service 37
4.5.1. In-House Relocations 37
4.5.2. Relocation of Service to New Physical Address 37
4.6. Changes Requiring a CSAB order 37
4.7. Temporary Emergency Bandwidth Upgrade Change 37
4.8. Discontinuation of Service 38
4.9. Mandatory Use of the CSAB System 38
4.10. Incomplete orders 38
4.11. MyFloridaNet Installation Process – Circuit Provision and Router Turnup 39
4.12. Installs, Moves, Adds, and Changes (IMAC) SLAs 40
4.12.1. SLA Start and End Requirements 40
4.12.2. SLA Installation Performance Targets 41
4.12.3. Impact on SLA Performance Targets 42
4.12.4. Order submittal and SLA Performance Target for new installation 42
5.0 MyFloridaNet Billing 43
5.1. Monthly Charges 43
5.2. Minimum Billing Period 44
5.3. Temporary Emergency Bandwidth Upgrade Change 44
5.4. Billing Start Date 44
5.4.1. Acquired through the MFN Contract 44
5.4.2. Customer Provided CPE 45
5.5. Change in Billing Responsibility 45
5.6. Billing Components 45
5.7. Paperless Invoice and Actual Charges 45
5.8. SUNCOM CSAB System Access Instructions 45
5.9. MyFloridaNet Invoice Sample 46
5.10. MyFloridaNet SLA Credits 46
6.0 Network Management System (NMS) Tools 47
6.1. NMS Tool Overview 47
6.2. Local or Web Based Instructor Led NMS Training 49
6.3. NMS CPE Requirements for Monitoring 49
6.4. Configuration Management Tool (Router Configurations) - RANCID 50
6.5. NMS Tools Account Creation 51
6.6. MFN Portal Password Change 51
6.6.1. Password Change Instructions 51
6.6.2. Customer Responsibilities 52
6.7. NMS Alarm Procedures 52
6.8. NMS Client Access Requirements 52
6.9. NMS Reports 52
6.9.1. Remedy Ticket System 52
6.9.2. eHealth Reports 53
7.0 Customer Premise Equipment (CPE) 54
7.1. MFN CPE Acquisition Options 54
7.2. Customer Provided CPE Option 54
7.3. Maintenance 54
7.4. Installation 54
7.4.1. Acquired 55
7.4.2. Customer Provided CPE 55
7.5. Out of Band (OOB) Access 55
7.6. Router Configuration Backup 55
7.7. Router Management 56
7.8. Router Access Account management 56
7.9. After Hours Maintenance Activity 57
7.10. MFN CPE SLA Matrix 58
8.0 Network Engineering & Design 58
8.1. Design Overview 59
8.2. MFN Backbone Topology 59
8.3. MFN Internet Connectivity 59
8.4. VRF Design 59
8.4.1. Agency or Private VRF 60
8.4.2. Common Services VRF 60
8.4.3. Public VRF 61
8.5. IP Addresses 61
8.5.1. Reserved Private IP Addresses 61
8.5.2. Public LAN IP Address Policy 62
8.5.3. Private LAN IP Address Registration and Assignment Policy 62
8.6. Routing Protocol Requirements 62
8.7. Quality of Service 63
8.7.1. MFN QoS Model – DSCP Settings Description 63
8.7.2. QoS Minimum Bandwidth Allocations 64
8.7.3. QoS Maximum Bandwidth Allocations 64
8.7.4. Additional QoS Considerations 64
8.7.5. Packet Matching and Remarking 65
8.8. CPE & Access Method Requirements 65
8.9. MFN Network Time Protocol (NTP) Deployment and Use 65
9.0 Security 66
9.1. MFN VRF Types 67
9.1.1. Agency or Private VRF 67
9.1.2. Common Services VRF 67
9.1.3. Public VRF 68
9.2. Security Policies - F.A.C Chapter 60FF-3 68
9.3. Application Filtering 68
9.3.1. Customer Request to block applications 69
9.4. MyFloridaNet State Firewalls 69
9.4.1. Customer Request to MFN State Firewall Changes 69
9.5. MyFloridaNet Filtering Standards 69
9.5.1. Extranet Filtering Standard 69
9.5.2. MyFloridaNet Common Services Filtered Standards 72
9.5.3. Distributed IPSec Extranet Filtering Standards 74
9.5.4. Public Filtering Standard 76
9.6. QRadar and Security Monitoring 79
9.6.1. General QRadar and Service Information 79
9.6.2. Security Monitoring 79
9.6.2.1. MFN Responsibilities 79
9.6.2.2. Customer Responsibilities 79
10.0 Standard MyFloridaNet Pricing 79
10.1. Price Structure 79
10.2. What’s included in the base price. 80
10.3. Pricing & Services Example 81
10.4. Getting Price Quotes & Facility Availability 81
11.0 Additional Services 82
11.1. MyFloridaNet Lite 83
11.1.1. Local Only Plan 83
11.1.2. Flex Port Plan 83
11.1.3. Local Only and Flex Port Plan - Configuration 84
11.1.4. MFN Lite Service Levels 85
11.2. MyFloridaNet Interstate 85
11.3. Cisco WAAS on MyFloridaNet (Only CPE Hardware) 88
11.3.1. Multicast, IPSec, QoS, and VoIP 89
11.3.2. General Guidelines 89
11.3.3. MFN Responsibilities 90
11.3.4. Customer Responsibilities 90
11.3.5. WAAS Software Upgrades – Downgrades 91
11.3.6. MFN NOC Support 91
11.3.7. Pricing 91
11.4. IntraLATA MAN Services 91
11.4.1. Tallahassee 2GMAN Service 91
11.4.1.1. MFN virtual ports 92
11.4.1.2. Service Levels 93
11.4.2. MAN Service in AT&T LATAs 93
11.4.3. MAN Service in CenturyLink LATAs 94
11.4.4. MAN Service in Tampa LATA (by Hayes) 94
12.0 Appendices 96
12.1. Appendix A: Layout of the MFN Core 96
12.2. Appendix B: NMS Tools & QRadar Account Access Request Form 96
12.3. Appendix C: NMS Client Access Requirements 96
12.4. Appendix D: Standard MFN and MFN Lite Comparison Matrix 96
12.5. Appendix E: Router Configuration Tool – RANCID 96
12.6. Appendix F: Standard City Abbreviations 96
12.7. Appendix G: Installation Confirmation - Provider Managed CPE 96
12.8. Appendix H: Installation Confirmation and Instructions – Customer Managed CPE 97
12.9. Appendix I: Additional MFN Tools 97
13.0 Revision History 98
MyFloridaNet User Guide
1 Purpose
The MyFloridaNet (MFN) User Guide describes the operational handling and support for MyFloridaNet Services between the Department of Management Services (DMS) and its users. This Guide will provide detail information on the services and operational procedures for MyFloridaNet.
This user guide will be periodically reviewed by DMS and revisions will be implemented as necessary. We invite your valuable ongoing feedback in improving this guide. If you have any questions or comments, please let us know by contacting the SUNCOM Helpdesk
MyFloridaNet (MFN) is a multi-year contract for Florida’s enterprise infrastructure (Standard MyFloridaNet service), regional metropolitan area networks, and related telecommunication services as described in this User Guide. The enterprise infrastructure is based on a Multi-Protocol Label Switching (MPLS) technology providing improved security and robust connectivity resulting in a highly available (HA) and highly reliable (HR) statewide communication network. The MyFloridaNet includes the following services:
• Standard MFN service
• MFN Lite service
• MFN PDC service
• IntraLATA MAN service
• Optional services such as expedite, after hour installation and extended wiring
Thank you for choosing MyFloridaNet Services.
2 DMS Point of Contacts
For questions or services related to MyFloridaNet such as billing, product, pricing and ordering, please contact the SUNCOM Helpdesk listed below:
Email – SUNCOM.Helpdesk@dms.
Toll Free – 888-4SUNCOM (888-478-6266)
If the customer feels that a response is not being provided in a timely manner, please ask for a manager. Further escalations can be requested at this point.
If customers are having issues with their network, please call the MyFloridaNet NOC by using the contact information listed below in section 1.3.
3 MyFloridaNet NOC – Network Troubles and Outages
Contact the MyFloridaNet (MFN) NOC for any troubles experienced in your network such as outages or performance degradations or if you are unable to access any application over the MyFloridaNet. You can also access the MyFloridaNet (MFN) Network Management Systems (NMS) web portal at to view the status of any open and closed trouble tickets.
• support@mfn. *
• Toll Free - 1-866-913-8386
* The MFN NOC staff will respond with a ticket number after your email has been read; normally this will occur within 30 minutes. If this is a critical situation, or if you do not receive a response from the MFN NOC within 30 minutes, please call the MFN NOC immediately @ 1-866- 913-8386.
To escalate any network troubles, please refer to “Escalation Procedures” in Chapter 3 of this guide.
4 DMS and MFN Website Links
Additional information such as pricing and Florida Statutes related to SUNCOM can be found at the links below:
Link to MyFloridaNet website:
Link to DMS (Division of Telecommunications - DivTel - telecommunications services) website:
Standard MyFloridaNet Service
1 Introduction
Standard MyFloridaNet is a comprehensive solution providing a rich and flexible private enterprise communications infrastructure dedicated for the exclusive use of State of Florida eligible users. This enterprise infrastructure is based on a Multi-Protocol Label Switching (MPLS) technology and Quality of Service mechanisms providing improved security and robust connectivity resulting in a highly available (HA) and highly reliable (HR) statewide communications network. The MyFloridaNet infrastructure provides a robust network with stringent service levels and enhanced security. Please refer to Appendix A for a “Layout of the MFN Core”.
Standard MyFloridaNet provides service elements such as network core, local loop access, customer premises equipment (CPE), security, Internet access, network management systems tools, design and engineering, billing and ordering as a complete turn-key solution with flat-rate* pricing statewide (for details on flat rate pricing and applicability refer to the MFN web site) A customer has the option to either manage their own CPE or let MyFloridaNet manage it. There are no additional costs to have MFN manage a CPE router. MFN Lite is an exception where the MFN CPE is managed by MyFloridaNet.
* 12Mbps and below
Any pricing listed in the entire document is for illustration purposes only. For most recent & updated pricing, please visit the MyFloridaNet web site. .
2 Key Benefits and Features
Standard MyFloridaNet offers a variety of benefits with a superior solution that delivers:
Core Nodes: The MyFloridaNet core features dual carrier class Juniper M320 routers in each LATA-based node location statewide for a total of 20 M320 core routers. These nodes are interconnected with 10Gigabit connections. Please refer to Appendix A for a “Layout of the MFN Core”.
Internet and Firewall Services: Internet connectivity is offered with the support of a full complement of redundant firewalls and Intrusion Detection Systems (IDS). Internet access equal to the access speed of the MyFloridaNet connection and firewall services are included in the basic service.
Simplified Lower Pricing: MyFloridaNet pricing is flat-rate statewide for access speeds of 12Mbps and below.
Service Level Agreement (SLA): Standard MyFloridaNet includes Service Level Agreements related to Core, Access/CPE and Operations. A four hour problem resolution SLA is a standard feature of Standard MyFloridaNet and ensures customer troubles are addressed in a mission critical fashion.
Any-to-Any Connectivity: MyFloridaNet features fully meshed connectivity between all sites without the cost and complexity of configuring multiple PVCs. MPLS supports scalable, any-to-any connectivity within customer specific VPNs. Customers are able to order new sites without ever having to make router configuration changes at any of their other locations.
Standard Layer 3 Dual Core Connectivity: To ensure continuity of service in case of outage, MyFloridaNet provides dual core connectivity as a standard feature enabling simultaneous Layer 3 connectivity between the CPE router and both Core routers. Access methods such as Frame Relay and Ethernet can deliver this capability.
Network Operation Center: The MyFloridaNet includes a dedicated world-class Network Management Solution and Network Operations Center located in Tallahassee as well as a live, mirrored, Network Management System and Network Operation Center in Winter Park, Florida.
Network Management Tools Suite: The MyFloridaNet will monitor services by utilizing state of the art management tools such as NetQoS Report Analyzer, and CA-Spectrum Service Performance Manager. The Remedy trouble ticketing system and eHealth are also included as part of the tools suite and basic service.
Integrated Security: The MyFloridaNet enterprise security solution includes professionally managed and maintained advanced security appliances capable of integrating a wide variety of network aware devices in order to better safeguard the enterprise. The MyFloridaNet provides security features such as dedicated security engineering, trained NOC technicians, Intrusion Detection Systems, and Firewalls.
Access Choices: MyFloridaNet customers have the flexibility to choose the appropriate access based on the applications and needs at a given site. Access choices include Ethernet, Frame Relay, DSL, Satellite and Private Line providing customers with a wide range of access choices.
3 Access types under Standard MyFloridaNet
MyFloridaNet access connectivity originates at an individual user’s location and terminates at the Provider Edge router (Core Router), creating an onramp to the MyFloridaNet core. MyFloridaNet customers have the flexibility to choose an appropriate access (local loop) type based upon the specific applications and needs at any given site.
For example, customers may choose frame relay access at one location, Ethernet access at one, and DSL at yet another. Because MyFloridaNet provides interoperability across multiple access types, these locations will work together seamlessly. Please refer to the diagram below for the different types of Access methods connecting into the MyFloridaNet.
[pic]
4 Frame Relay Access
Customers can select frame relay access to connect into the MyFloridaNet Core. When you select frame relay access you will choose an access speed that is equal to your MyFloridaNet port speed, which includes full backbone access equal to your MyFloridaNet port speed. Frame Relay access characteristics are listed below.
• Full Committed Information Rate (CIR)
• Access to both Core Routers
• Bandwidth Range – 64kbps to 45Mbps
• SLA & QoS Support
• Where facilities do not exist for greater than 12Mbps, special construction charges may apply.
5 Ethernet Access
Customers can select Ethernet access to connect into the MyFloridaNet Core. When you select Ethernet access you will choose an access speed that is equal to your MyFloridaNet port speed, which includes full backbone access equal to your MyFloridaNet port speed. Ethernet access characteristics are listed below.
• Full access and port bandwidth
• Access to both Core Routers
• Bandwidth Range – 2Mbps to 1Gbps
• SLA & QoS Support
• Where facilities do not exist, special construction charges may apply. Certain speeds based on a "where available" basis.
6 DSL Access
Customers can select DSL access to connect into the MyFloridaNet Core. DSL access characteristics are listed below.
• Best Effort (CPE/Access SLA do not apply)
• Access to both Core Routers is not supported
• Bandwidth – 1.5 Mbps x 256 kbps
• No CPE/Access SLA
• No QoS Support
• NetQoS and QRadar is not available on MFN DSL connections. Upon request from customer, MFN will discuss any possible alternatives based on customer requirements.
• DSL can be installed on a customers' existing B-1 line or customers may choose to order, for an additional charge, a dedicated B-1 line for DSL access.
7 Optional Services
The MyFloridaNet also provides optional services such as extended wiring, after hour and expedite for installation. The list below provides additional information on these optional services.
8 Extended Wiring (Copper Only)
MyFloridaNet offers flat rate pricing for the extension on the customer’s Inside Wiring. Demarc consists of a mounting containing a loopable device and an 8-pin jack that allows the customer to connect their CPE. In most cases, this equipment will be installed at the “minimum point.” The minimum point is usually within 5-10 feet of the customer’s entrance cable. If needed, the technician will install additional wiring and an 8-pin interface jack from the demarcation point located at the minimum point to the customer’s CPE equipment location provided it is possible to do so. The request for extending the wiring from the Demarc can be withdrawn if it is determined that extending the wiring will require extraordinary material, labor or permit costs. The Extended wiring service warrants installation, including parts and workmanship made to the premises telecommunications wire and jacks against defects and malfunctions for a period of one (1) year from the date of installation.
9 Expedite Services
Expedite requests can be made for MFN installation intervals shorter than those specified by the standard MFN installation SLAs. The Expedite date and charges must be approved by the customer on the order. Expedites per connection/access/order are based on improvement day(s) of the standard MFN installation SLAs as listed below. CPE availability, customer CPE designs, and other issues may prevent the installation expedites. If the customer cancels an expedite request, then an expedite fee (minimum of $214.00) may still apply based on work effort already completed.
|Up to T1 connection (SLA Interval is 25 business days) |
|Improvement of SLA installation interval by 1 to 8 business days |
|Improvement of SLA installation interval by 9 to 15 business days |
| |
|Greater than T1 to 45Mbps connection (SLA Interval is 40 business days) |
|Improvement of SLA installation interval by 1 to 5 business days |
|Improvement of SLA installation interval by 6 to 10 business days |
| |
|Greater than 45Mbps connection(SLA Interval is 90 business days) |
|Improvement of SLA installation interval by 1 to 5 business days |
|Improvement of SLA installation interval by 6 to 10 business days |
|Improvement of SLA installation interval by 11 to 15 business days |
|Improvement of SLA installation interval by 16 to 20 business days |
|Improvement of SLA installation interval by 21 to 25 business days |
|Improvement of SLA installation interval by 26 to 30 business days |
10 After Hours
MFN installation of services will be performed during normal business hours. Normal business hours are defined as Monday – Friday 8:00 a.m. to 5:00 p.m. local time. Installation of services performed after 5:00 p.m. is considered after hours with an additional cost. This option will allow for CPE installations and the corresponding site installation to be scheduled between the hours of 5:00 p.m. and 11:00 p.m. Monday through Friday. No holiday installation of services work is anticipated with MyFloridaNet.
Special arrangements and advance notification is required to coordinate after hours installation. It is the customer’s responsibility to provide access to the site and have available the on-site local contact. The scheduling of after hour installation will be handled on a case-by-case basis.
11 SLA Overview
MyFloridaNet is a highly available and highly reliable network backed by stringent network performance and operational service level commitments. These commitments are based upon guaranteed response times and other performance measurements, with associated user credits for service provider non-compliance. The MFN service levels are designed to ensure required performance and delivery expectations are met. Service levels will be applicable on a per incident basis, and will apply to all MFN provided access types except DSL.
MFN service includes pro-active Service Level for outages. Should a trouble condition be experienced, a trouble ticket will be proactively opened by the MFN Network Operations Center (NOC). Additionally, the customer is responsible to monitor their network as well and call the MFN NOC if you experience any issues or if the SLA thresholds have exceeded on your network. Once a trouble ticket has been issued by the MFN NOC, Users and MFN representatives will work together to restore service outages and resolve service issues. Should an SLA violation occur, appropriate credits will be applied to the impacted user’s account and will be capped at 100% of the site’s monthly billing. MyFloridaNet users have the ability to monitor and verify SLA adherence via the web based MFN Network Management System.
The MFN SLA team comprised of DMS and AT&T scrubs and validates the SLA data to determine any SLA violations. Any applicable service provider non-performance penalties will be credited to the user’s monthly invoice for the affected site. Please review your SLA credits on your invoice carefully. SLA credits for any non-compliance SLA not met that the customer believes are missing should be disputed*. For the process and guidelines on SLA credits and dispute, please refer to the section on “MyFloridaNet SLA Credits” in Chapter 5.
*Note: DMS encourages customers to monitor their network and keep track of any non-compliance SLAs. Please call the MFN NOC if you experience any network issues or if the SLA thresholds have exceeded.
12 SLA Categories
Standard MFN Service Levels are divided into three categories as listed below:
• Core
• Access & CPE
• Operational
Core
Service levels for the MFN core will be measured in terms of service outage or performance characteristics as defined in the matrix below. One minute, 1 hour, and 2 hour restoral thresholds are defined with associated user credits for service provider non-compliance.
|SLA |Performance Target |SLA Violation Credits |
|CORE |
|Core Network (PE-PE) |Based on restoral & outage hours specified |25% MRC of Service* if outage > 60 seconds |
|Failure |under SLA Violation Credits | |
| | |50% MRC of Service* if outage > 1 hour |
| | |100% MRC of Service* if outage > 2 hours |
|Latency |≤ 55 ms round trip → PE-PE Router |15% MRC of Service* if performance target is unmet > 4 hours. 25% MRC of |
| | |Service* if performance target is unmet >8 hours. |
|Jitter |≤ 20 ms round trip → PE-PE Router | |
|Packet Loss |≤ 0.5% → PE-PE Router | |
*MRC of Service = MRC (or Monthly Recurring Service) of (Core Port + CPE + Access) for each site
Service Level Components Definition:
• Availability (Core Network Provider Edge router-Provider Edge router Failure)
Availability is defined as the amount of time the MFN core is accessible to the user and is measured in terms of restoral time. One minute, 1 hour, and 2 hour restoral thresholds have been defined for MFN core availability. Should these service restoral times be exceeded, users will receive a credit toward their monthly service invoice for the affected site(s). Each core node is redundant and a failure in the core that does not result in degraded service will not generate SLA violations.
• Latency
Latency is defined as the round-trip (MFN Provider Edge router to Provider Edge router) core delay as measured by strategically placed network probes. Latency will be measured every 5 minutes and based upon the 3 most recent polls using a 1400 byte packet size.
Should the round-trip latency exceed 55 ms, with a service restoral time greater than 4-hours or 8-hours, the appropriate credit will be applied to the user’s monthly service invoice for the affected site(s).
• Jitter
Jitter is defined as the delay variation in the time between packet arrivals and can be negatively impacted by core congestion, route changes and hardware or software issues. Jitter is of most significance when deploying video and voice applications. Therefore, jitter will be measured, utilizing network probes, by sending sample traffic specifically marked as voice and video between the MFN core devices. Jitter will be measured every 5 minutes and based upon the 3 most recent polls using a 1400 byte packet size.
Should round-trip jitter exceed 20 ms, with a service restoral time greater than 4-hours or 8-hours, the appropriate credit will be applied to the user’s monthly service invoice for the affected site(s).
• Packet Loss
Packet loss is defined as the percentage of packets lost as data is traveling between the MFN core devices, and affects all services traversing the MFN core network. Packet loss will be measured every 5 minutes and based upon the 3 most recent polls using a 1400 byte packet size.
Should packet loss exceed 0.5%, with a service restoral time greater than 4-hours or 8-hours, the appropriate credit will be applied to user’s monthly service invoice for the affected site(s).
Access & CPE
Service levels for Access and Customer Premises Equipment (CPE) are measured in terms of service outage or performance characteristics as defined in the matrix below. Access and CPE will be subject to 4-hour and 8-hour restoral performance targets, as well as service levels for latency, packet loss, and jitter. For additional information on CPE SLA, refer to the chapter 7 on CPE.
|SLA |Performance Target |SLA Violation Credits |
|Access & CPE |
|Access & CPE Failure |Based on restoral & outage hours specified under SLA |15% MRC of Service* if outage > 4 hours |
| |Violation Credits | |
| | |100% MRC of Service* if outage > 8 hours |
|Latency |≤ 75 ms round trip for ≥ T1 speeds & 420 ms round trip |15% MRC of Service* if performance target is unmet > 4 hours. |
| |for 56kbps speed for both CE-PE router and CE-internet GW|25% MRC of Service* if performance target is unmet >8 hours. |
|Jitter |≤ 30 ms round trip for both CE-PE router and CE-internet | |
| |GW | |
|Packet Loss |≤ 1% for both CE-PE router and CE-internet GW | |
*MRC of Service = MRC (or Monthly Recurring Service) of (Core Port + CPE + Access) for each site
Service Level Components Definition:
• Availability (Access & CPE Failure)
Availability is defined as the amount of time the access (local loop) and Customer Premise Equipment (CPE) is accessible to the user. Availability will be measured in terms of restoral time. MFN includes 4-hour and 8-hour restoral thresholds for access and CPE availability. Should these thresholds be exceeded, the user will receive a credit toward their monthly service invoice for the affected site(s).
• Latency
Latency is defined as the round-trip (MFN “Customer Edge router-Provider Edge router” or “Customer Edge router -Internet gateway”) delay which is measured using strategically placed network probes. Latency will be measured every 5 minutes and is based upon the 3 most recent polls using a 40 byte packet size. Additionally, the Customer Edge router to Provider Edge router link must be utilized at no greater than 65%. Should the round-trip latency exceed 75 ms (for connections at T1 or greater), with a service restoral time of greater than 4-hours or 8-hours, and with the link utilization of 65% or less, then the appropriate credit will be applied to the user’s monthly service invoice for the affected site(s).
• Jitter
Jitter is defined as delay variation in the time between packet arrivals and can be negatively impacted by access congestion, route changes and hardware or software issues. Jitter is of most significance when deploying applications such as video and voice. Jitter will be measured utilizing network probes by sending sample test traffic specifically marked as voice and video. Jitter will be measured every 5 minutes and based upon the 3 most recent polls using a 40 byte packet size. Additionally, the link from the Customer Edge router to the Provider Edge router must be utilized at no greater than 65%. Should jitter exceed 30 ms with a restoral time of greater than 4 or 8 hours and with the link utilization of 65% or less, then the appropriate credit will be applied to the user’s monthly service invoice for the affected site(s).
• Packet Loss
Packet loss is defined as the percentage of packets lost as data is traveling from “Customer Edge router-to-Customer Edge router” or “Customer Edge router -to-Internet gateway” and affects all services traversing the network. Packet loss will be measured every 5 minutes and based upon the 3 most recent polls using a 40 byte packet size. Additionally, the link from the Customer Edge router to the Provider Edge router must be utilized at no greater than 65%. Should packet loss exceed 1%, with a restoral time of greater than 4-hours or 8-hours, and with the link utilization of 65% or less, then the appropriate credit will be applied to the user’s monthly service invoice for the affected site.
Operational
General network operations and administration service levels will be applied on a per incident basis, including and as defined in the matrix below.
• Installations
• Move, adds and changes
• CPE configuration changes
• Service outage notification
• Service degradation notification
• Initial problem identification
|SLA |Performance Target |SLA Violation Credits |
|Operational |
|Install, Moves, Adds, Changes |64kbps to T1 = 25 business days |25% MRC of Service* if performance target not met. |
| |> T1 to 45Mbps = 40 business days | |
| |> 45Mbps = 90 business days | |
|CPE Configuration Changes |≤ 2 hours |10% MRC of Service* |
|Service outage notification |15 minutes |10% MRC of Service* |
|Service degradation notification |30 minutes |10% MRC of Service* |
|Initial Problem Identification |2 hours |10% MRC of Service* |
*MRC of Service = MRC (or Monthly Recurring Service) of (Core Port + CPE + Access) for each site
• Install, Moves, Adds, Changes – IMAC (service intervals)
For additional IMAC SLA’s, refer to Chapter 4 on “Ordering MyFloridaNet”.
• CPE Configuration Changes
Simple CPE configuration changes are initiated via a MFN NOC trouble ticket and shall be effected in less than 2 hours. This type of change might consist of activities like turning up a new subnet, and adding a static route. These items present little to no impact to the network and can be accomplished without engineering intervention. Complex changes are excluded from SLA requirements of 2 hours and must be reviewed by MFN engineering before implementation to ensure network integrity. For a list of these simple changes that can be made through the MFN NOC, refer to Chapter 3 “Customer Network Support”, section “Generating Configuration Change Request (MFN CSA vs. MFN NOC)”
• Service outage notification
Should an outage occur, users will be notified within 15 minutes of a service outage. It is the customer’s responsibility to provide a valid “Email Distribution List” to receive these notifications. Alarms will be sent to an email distribution list fulfilling this SLA requirement. Failure to subscribe to receiving alarms and providing a valid email distribution list will adversely affect the ability to meet this SLA.
Customers should use Appendix B (NMS tools Account Access Request Form) to request receiving alarm notifications. For additional details, refer to the section on NMS Alarm Procedures.
• Service degradation notification
Should performance degradation occur, users will be notified within 30 minutes. Latency, jitter and packet loss are examples of areas where performance degradation could occur. It is the customer’s responsibility to provide a valid “Email Distribution List” to receive these notifications. Alarms will be sent to an email distribution list fulfilling this SLA requirement. Failure to subscribe to receiving alarms and providing a valid email distribution list will adversely affect the ability to meet this SLA.
Customers should use Appendix B (NMS tools Account Access Request Form) to request receiving alarm notifications. For additional detail refer to the section on NMS Alarm Procedures.
• Initial Problem Identification
Once a trouble ticket has been opened by the MFN NOC, users will be notified of the initial problem within 2 hours. Should the 2 hour window be exceeded, appropriate credits will be applied to the user’s monthly service invoice.
13 Service Levels Exclusions
Please note the following exclusions from service levels and credits:
a) CPE service levels will not be applicable when CPE is managed by the user.
b) CPE service levels are excluded if CPE maintenance is not purchased through the MFN contract.
c) Customer Managed Sites - Performance Degradation CPE service levels are excluded under the following conditions:
i. Customer managed sites for performance degradation SLAs not allowing MFN NOC CLI Read Only access.
ii. CPE running non MFN certified operating system.
iii. CPE using non MFN certified hardware.
iv. CPE not having the correct SNMP community string configured.
v. CPE not having an access list configured correctly to allow MFN NMS tools access.
vi. CPE not having the correct loopback address configured.
vii. Customer refusing to participate in CPE trouble analysis.
d) MFN service levels are excluded during scheduled maintenance windows.
e) Access service levels are not applicable if Access (Local Loop) is not purchased through MFN.
f) If access facilities do not exist for bandwidth speeds greater than 12 Mbps, defined IMAC service intervals will be excluded.
g) If access facilities do not exist for Ethernet, defined IMAC service intervals will be excluded.
h) Any installation or restoration delays caused by a user will not be part of the specified installation or service restoration intervals.
i) MFN service levels will not be applicable due to Force Majeure. For example, delays directly due to acts of God, wars, acts of public enemies, strikes, fires, floods, or other similar cause wholly beyond the providers control, or for any of the foregoing that affect subcontractors or suppliers if no alternate source of supply is available to the provider.
j) Credits are not applicable on DMS cost recovery.
Customer Network Support
1 Network Assurance Plan
MFN processes and procedures assure customer support in the areas of design, implementation, network surveillance and end to end service trouble management. Engineering, operations and management teams review all major projects and critical outage incidents to assure best practices are utilized to deliver high levels of customer satisfaction, optimize the network and eliminate inefficiencies.
MFN strives to create a seamless customer experience by providing proactive end to end customer support to continuously improve:
• Project Planning – evaluation of need and design to reduce risk.
• Proactive Response – resolve alarms and degradation conditions quickly.
• Network Optimization – improve performance through architectural evolution.
• Capacity Planning – MFN is designed for growth.
An integral part of MFN Service Assurance is continuous improvement. Service providers and partners strive to reduce service impacting events through collaboration and incident reviews; focusing on opportunities for improvement.
• Improved situational awareness - Core changes require collaboration and review by engineers, technicians and analysts to assure a clear understanding of work sequences, configuration changes and possible service impact.
• Redundant Connections - Agencies with critical sites that have redundant designs and disaster recovery plans should conduct fail-over connectivity tests regularly.
• Juniper core commit scripts – Implementing these scripts will reduce the chances of human error creating negative events. These tests on core routers require the individual making the changes to acknowledge potential for negative impact.
• Continuous design review – Deploying full routing tables for common services and private VRFs will allow more resilient network failover strategies.
2 Trouble Management Support
Trouble Management Support is provided by the MyFloridaNet Network Operations Center (MFN NOC). The MFN NOC provides remote proactive monitoring of customer networks and systems using centralized remote monitoring tools and technical personnel. The MFN NOC is in operation 24 hours a day, 7 days a week, 365 days a year, for coordination and resolution of network events. The MFN NOC proactively monitors all aspects of the fault, configuration, accounting (network usage, user access, configuration changes, etc…), performance and security as it pertains to the MFN network.
3 Trouble Reporting Procedures
After a site has been provisioned on the MFN, customers will need to follow the procedures described in this section to initiate a Trouble Ticket.
Network problems are normally identified by the MFN NOC in a proactive manner but a trouble ticket can be generated by calling the MFN NOC at 1-866-913-8386 or *email to support@mfn.. For trouble management, the Network Management Systems (NMS) will continually monitor the MFN Network infrastructure and the customer’s CPE devices. Tier 1 technician will be responsible for the items listed in the “MFN NOC Responsibilities” of this Chapter. The MFN NOC will immediately open a trouble ticket in any of these cases.
* The MFN NOC staff will respond with a ticket number after your email has been read; normally this will occur within 30 minutes. If this is a critical situation, or if you do not receive a response within 30 minutes, please call the MFN NOC immediately @ 1-866- 913-8386.
Note - Customer managed CPE has minimum requirements to allow monitoring by the NMS as specified in the NMS CPE Requirements for Monitoring. If the customer does not configure the CPE properly, this could adversely affect the ability to meet Service Level Agreements (SLAs).
Before you report a trouble, please verify the steps indicated under Section “Customer Responsibilities” listed in this Chapter.
If you call the MFN NOC and a trouble ticket has not been generated, the technician will generate one and provide you with a trouble ticket number. Open trouble tickets may be viewed online by accessing the Ticketing System on the MFN NMS Web Portal at .
When calling or emailing the MFN NOC, please have the following information available:
• Device Name (Hostname) as it appears in Spectrum
• Circuit ID number
• Agency Name and Location
• Type and description of service
• CPE service status (managed/unmanaged)
• Detailed description of the trouble
• Exact date and time of the trouble
• Contact information including name, telephone number, and access hours
• Site physical address
• Local physical site access information or contact
• Customer & local contact phone and cell numbers
• E-mail address of contact for status updates
• Hours of operation (When can you be contacted?)
• Advise MFN NOC if you have been performing any activity on your system (i.e., patches, maintenance, software/hardware changes, etc) or if you have any special requirements or constraints.
If you submit a request to open a ticket via email and it does not contain the information referenced above, you will receive a return email requesting the information before a ticket is created and assigned to a technician.
4 Customer Responsibilities
5 Contact Information
To maintain proper communications, SLA and system effectiveness the MFN customer must maintain its designated contact information up to date. See table below outlining the contact information requested for each location. It is the responsibility of the customer to update this information.
Contact information required for each location:
| |Name |Cell Number |Phone Number |Email |
|Technical Contact - Primary | | | | |
| Technical Contact - Secondary| | | | |
|After Hours Technical - | | | | |
|Primary | | | | |
|After Hours Technical – | | | | |
|Secondary | | | | |
|Security Administrator - | | | | |
|Primary | | | | |
|Security Administrator - | | | | |
|Secondary | | | | |
|On-site Contact | | | | |
| |Definition |
|Technical Contact - Primary |Agency or local Site Technical contact. This contact will work with the MFN NOC to resolve troubles and coordinate |
| |access to the facility when needed. |
|Technical Contact - Secondary |Backup to Primary when Primary not available. |
|After Hours Technical - Primary|Agency or local Site Technical contact(s) to be contacted 'after-hours' to work with the MFN NOC to resolve troubles |
| |and coordinate access to facility when needed. Please indicate hours available to contact. |
|After Hours Technical - |Backup to the Primary when Primary is not available |
|Secondary | |
|Security Administrator - |The Agency person with the authority to add or delete users’ access to the NMS Tools and/or Remedy and to approve |
|Primary |contact names and numbers. In addition, the Agency person(s) with the authority to request changes to Vendor managed |
| |CPE from the MFN NOC. |
|Security Administrator – |The Agency person with the authority to add or delete users’ access to the NMS Tools and/or Remedy and to approve |
|Secondary |contact names and numbers. In addition, he Agency person(s) with the authority to request changes to Vendor managed |
| |CPE from the MFN NOC. |
|On-Site Contact |Local site contact to give access to the facility including after hours. |
For MFN services at an existing location, this information can be updated by the Agency Security Administrator by calling or emailing the MFN NOC. The MFN NOC will then open an informational ticket to perform the updates. If the person requesting the change is different than the person on file, the MFN NOC will ask the customer to submit an order to DMS to authorize an update to the Security Administrator.
For MFN services at a new location, please completely fill out an order with all contact information as described in the table above.
Instructions on how to update or add a security administrator
• Submit an order to DMS with complete contact information including:
Name:
Office Phone Number:
Cell Number:
Email Address:
The complete order must be authorized by the organization CIO. In the order , please include the following:
“This is to certify that (insert here names of the Security Administrator and backup Security Administrator) is the security administrator and backup security administrator for Agency/Customer xyz and has been authorized by the CIO (insert Agency/Customer’s CIO name).”
For urgent changes to Agency Security Administrator information, please call the SUNCOM NOC at 1-888-4SUNCOM (Option 1, 2) or email suncom.helpdesk@dms., stating that you wish to update MFN customer Security Administrator contact information. Any changes made by this method will be temporary only. Within 5 business days, the customer must follow up with an order to make this a permanent change. If the customer does not submit a complete order within 5 business days, the contact information will revert to that from before the request was made.
Failure to keep the contact information current may result in delays in restoring your service and could adversely affect the ability to meet any Service Level Agreements (SLAs). In addition, the request to access MFN Portal (NMS Tools) may be denied if DMS is unable to identify or verify the security administrator.
6 Submission of a Trouble Report
Before submitting a trouble report,
1) Check with your own Help Desk (if one is available) to eliminate any internal LAN issues that may be causing the trouble.
2) Consult with your designated local technical contact.
3) Check that power is available.
4) Check to determine if the problem is caused by any activity recently performed on their systems (i.e., patches, maintenance, software/hardware changes, etc)
5) Inquire internally for any other known local telecommunications outages.
6) Check the on-line ticketing system or call the MFN NOC to verify that the trouble is not already reported in the system.
7) If steps 1 thru 6 above have been acted upon and there is still no trouble reported or found in the system, then proceed to report the trouble as indicated in this guide.
*Note: Remember that the MFN NMS system will automatically report MFN outages and will notify the agency designated technical contact via email or SMS Paging within 15 minutes of the outage being detected as specified by the customer in the NMS Tools User request form. Reference the “Notification and Status Commitment” Section in this Chapter for details regarding notifications and status updates.
7 DMS List Server Information and Subscription
DMS, Division of Telecommunications, SUNCOM operates a list server to notify subscribers of MFN maintenance work and other important events. It is important for users to subscribe to this list server, as failure to do so may result in MFN customers not being notified of service-affecting events. Please click here to subscribe to the SUNCOM Service Notification List Server.
8 MFN NOC Responsibilities
When a customer reports a problem, the MFN NOC agrees to the following:
• Accept trouble reports from the customer or authorized representative by telephone or electronically (if access available). Log and track all troubles reported
• Test all services/facilities as necessary to resolve the problem
• Provide the customer with problem status periodically, as defined in “Notification and Status Commitment” table
• Escalate troubles to higher-level support upon the customer’s request per “Escalation Procedures”
• Proactively escalate ticket as necessary to Service Manager, Tier 2 and Tier 3.
• Cooperatively test with the customer or authorized representative when necessary
• Close all tickets with the agreement of the customer or authorized representative and document the name of the individual with whom the ticket was closed
• Open all initial trouble tickets
• Provide single point of contact for communications with the customer
• Update and monitor ticket status
• Forward tickets to appropriate group
• Check for OOB access (if applicable)
• Check for active alarm in Spectrum.
9 Trouble Isolation & Resolution
In the event of an NMS reported issue, the Tier 1 technician will carry out the activities listed in the “Trouble Isolation Procedures” table below to isolate and resolve the trouble.
If the customer contacts the MFN NOC to report a trouble, the technician will open a trouble ticket then ask the customer to verify power, cabling, and other vital technical data to ensure that the trouble is not related to the LAN as defined under section “Customer Responsibilities”. After collecting information from the customer, the Tier 1 technician will continue with the analysis as listed in the “Trouble Isolation Procedures” table below. Trouble resolution will be verified with the customer and the trouble ticket will be closed upon successful resolution of the customers’ issue.
Trouble Isolation Procedures
| | |
|Step |Action |
|1 |C.A. Spectrum displays node down alarm or a customer call is received: Tier 1 Technician will check MFN Remedy for any related active|
| |tickets regarding network outages or activity that would impact service. |
|2 |The Tier 1 technician will verify if the problem is due to scheduled maintenance: |
| |If yes: |
| |Notify the customer of the scheduled maintenance and update the corresponding Remedy ticket. |
| |If no: |
| |The Technician will verify with the customer the items listed under section “Customer Responsibilities” |
| |If No issues are noted after customer verifications; |
| |The technician will proceed with Tier 1 “Critical Ticket Process” |
|3 |Tier 1 will test a customer’s connection to MFN. This also includes escalation points during testing. |
| |Tier 1 technician will escalate trouble as required or requested by customer. |
|4 |Tickets escalated to Tier2/3 will be worked to isolate and repair the problem. |
|5 |Resolutions to be verified with the customer by the Tier group that isolated and repaired the service |
10 Trouble Report Status Check
The status of the trouble ticket may be checked by reviewing the ticket in the Ticketing System through the MFN NMS Web Portal or by calling the MFN NOC. The address for the MFN NMS Web Portal is . When calling, please have the trouble ticket number to inquire about the ticket status. Status reports will be provided to the customer by the MFN NOC staff per the “Notification and Status Commitment” Section in this Chapter.
Note: It is the customer’s responsibility to keep the contact information updated. For details, refer to the section on “Customer Responsibilities” in this Chapter.
11 Trouble Tickets Classification
12 Problem Severity Classifications
There are five problem severity classifications that a Tier 1 MFN NOC technician can assign to a detected or reported trouble. The classification assignment will be made based on the definitions of the classifications in this section.
• Critical *
• Major *
• Minor **
• Chronic ***
• Informational
* For both ‘Major’ and ‘Critical’ troubles, resolution efforts occur on a 24x7 basis, and status updates are provided to the customer according to the table under section “Notification and Status Commitment”, until the problem is resolved and service has been restored. Critical, Major and Minor issues have SLA’s associated.
** For ‘Minor’ troubles, resolution efforts occur primarily during regular business hours with coordinated after-hours testing with the customer to minimize interference with performance or downtime for the customer during regular business hours. There are no SLA’s associated with Minor issues unless they are change requests which carry a 2 hour SLA. Please refer to “Generating Configuration Change Request” section for details.
*** Chronic tickets will be opened under the Major classification and noted in the problem description area as Chronic.
**** Spectrum Alarm classifications do not necessarily correspond to Remedy ticket classifications. Spectrum Alarm classifications are listed below:
• Critical alarms include device outages, SLA critical thresholds exceeded, and SLA violations
• Major alarms include selected syslogs and traps, and device component failures (power supplies, fans, etc).
• Minor alarms include non-major syslogs and traps, authentication failures, and informational alarms.
Critical
Critical problems are defined as those affecting the entire network for a specific agency or within the MFN core that impacts a large number of users with no immediate work around. The condition includes a critical work stoppage or service degradation that prohibits access to mission critical applications during the customer’s normal working hours affecting multiple sites within the agency. A critical condition within the MFN core would consist of a hardware or software failure that causes work stoppage or service degradation prohibiting access to mission critical applications by the connected users in a particular LATA or across the MFN core.
| Examples of critical problems |
|All network alarms for any MFN Core Router |
|All network alarms for any MFN core aggregate circuit |
|Multiple sites of a specific agency are down or have lost connectivity as reported by the customer or NMS |
|Multiple sites are experiencing service degradation that has rendered their connections unusable as reported by the customer or the NMS system |
Major
Major problems are defined as single site outages, service degradation prohibiting access to or function of critical applications from a single site or exceeding contracted performance SLA.
| Examples of major problems |
|Single site outages as reported by the customer or the NMS system |
|Service degradation over a Sites WAN connection as reported by the customer or the NMS system |
|High Priority Agency in list below (these will be given priority) |
Minor
Minor problems are defined as affecting individual sites, and do not interrupt service, degrade performance or exceed SLA specifications to an extent that prohibits users from accessing or using critical applications.
| Example of minor problems |
|Non-service affecting as reported by the customer or the NMS system |
|Hardware performance thresholds exceeded (e.g. CPU, memory, or buffer) |
|Latency, Jitter and Packet loss below specified parameters (per the SLA matrix in chapter “SLA Overview”) as reported by the customer. |
|Circuit over utilization as reported by the customer. |
Informational
Informational tickets are created by the MFN NOC when a customer calls to report an issue that may trigger an alarm for the MFN NOC or to request informational assistance. Informational problems do not require repair.
Informational tickets regarding questions on operation of MFN tools should be submitted via email to support@mfn.. Informational tickets referring to the NMS will be responded to within 72 hours.
|Example of informational problems |
|Customer reports the network will be down for maintenance |
|Customer reports a scheduled power outage |
|Customer reports equipment shutdown for office remodeling |
|Customer request information or clarification on MFN tools or operation |
Chronic
A chronic ticket will be opened at the onset of the third occurrence of the same trouble type for a specific site within a 30 day period. An agency chronic ticket will be opened when an excessive number of tickets for a particular agency have been created within a 30 day period. Tickets opened under the following classifications will be excluded from the chronic ticket formula.
• Customer Maintenance
• Customer Education
• Customer Equipment
• Duplicate Ticket
• Weather related
• UPS issue
• Site Power
The Chronic ticket type should only be used to consolidate and track repair events within the individual outage tickets.
13 Special Handling
High Priority
Agencies dealing with Public Safety will take precedence and will be given “High Priority” within the MFN NOC queue. This precedence will be assigned for Critical and Major Ticket classifications in the event of resource limitations due to a regional event. An event could be caused by a major storm in an area.
The Agencies listed below are identified as associated with Public Safety. Additional agencies will be added if required.
• E911 Sites
• FDLE – Florida Department of Law Enforcement
• DHSMV / FHP – Department of Highway Safety and Motor Vehicles – Florida Highway Patrol
• FIN – Florida Interoperability Network
• DOT – Law Enforcement
• DCA / DEM – Division of Emergency Management
• DMA – Department of Military Affairs
• FWC – Law Enforcement – Fish Wildlife Commission
• DEP – Law Enforcement – Department of Environmental Protection
• Local Police Departments and Sheriff’s Offices
• OAG – Office of the Attorney General
14 Notification and Status Commitments
|Notification and Status Commitment Table |
|Severity Level |Notification* Time |Commitment |
|Critical |15 minutes |Initial contact within 15 min of outage. Within 2 hours customer will be contacted with cause of outage |
| | |and every 2 hours with status updates. |
|Major |15 minutes |Initial contact within 15 min of outage. Within 2 hours customer will be contacted with cause of outage |
| | |or issue. |
|Minor |30 minutes |Initial contact within 30 min of trouble and updates when conditions change. Within 2 hours customer |
| | |will be contacted with cause of issue. |
|Chronic |As Appropriate |Customer will be advised of chronic status and updated as conditions change |
|Informational |As Appropriate |NOC will respond to information requests within 72 hours otherwise NOC notification is not required. |
*Notification or Status can be provided via Email** or phone within the given timeframe. Refer to the Section on “Escalation Procedures” in this Chapter if the stated Notification Time has been exceeded.
** There must be a valid email distribution list on file and configured for each level of ticket notification. A customer may call the MFN NOC or Log in to the Ticketing System at any time to obtain current status of a ticket.
15 Maintenance Window
MyFloridaNet performs maintenance activities and upgrades to improve performance, remove any security vulnerabilities and add new features. MyFloridaNet has two types of maintenance windows as defined below:
17 MFN Core Infrastructures
All MFN Core Infrastructure maintenance activities will take place between 12.30am and 2.30am on Mondays. Extensions to this window, or additional maintenance windows, can take place. For any customer impact related changes, DMS will notify customers two weeks in advance before the changes occur. In emergency situations, this notification may not be possible.
18 Local Exchange Company (LEC) Network
Normally, the Telephone Companies (LECs) complete these maintenance activities between midnight and 6:00 AM on Wednesday and Sunday. Most maintenance and upgrades are planned and the Telephone Companies will make a reasonable effort to provide timely notification in advance of a service affecting event; however, LECs cannot guarantee notification and reserve the right to perform emergency maintenance at any time to maintain network performance.
19 Escalation Procedures
Escalation Step 1
At any point a customer may call to request the classification of the ticket be raised to the next higher level by calling the MFN NOC. For example, a customer may request a MAJOR ticket to be raised to a CRITICAL ticket.
Escalation Step 2
The customer may escalate a ticket through the MFN NOC by calling 1-866-913-8386 and asking for the manager on duty.
Escalation Step 3
Customers have the option to escalate network trouble issues by contacting the SUNCOM Network Operations Center at 1-888-478-6266 or email SUNCOM.Helpdesk@dms., 24 hours a day, 7 days a week. When calling the SUNCOM NOC, please refer to the procedures below:
• State that you would like to escalate a MFN NOC trouble ticket
• Provide the MFN NOC trouble ticket number
• A SUNCOM NOC trouble ticket will be opened to track the progress of the escalation.
• The SUNCOM NOC Technician will work with the Customer to resolve the issue escalating to SUNCOM Engineering as required.
• Further escalations within the MyFloridaNet Management Tier will also be made, if requested.
• Once a resolution has been reached on the trouble ticket, the SUNCOM NOC Technician will verify the customer’s satisfaction with the resolution and close the ticket.
20 Generating Configuration Change Request (MFN CSAB ordering system vs. MFN NOC)
Most changes to the MyFloridaNet services including all billable items will require the customer to submit a change order through the Communications Service Authorization and Billing (CSAB) ordering system. There are certain non-billable item changes that do not require an order. Changes identified in the table below in the MFN NOC column marked “Yes” can be accomplished with a MFN NOC ticket. Since all billable items require an order, those items are excluded from the table below. Changes that can be requested by an MFN NOC ticket will be completed within 2 hours of creation of the ticket. The ticket will be created with a severity classification of Minor.
Any changes to a non-billable item not listed in the tables below will be discussed internally. As a result of these discussions, the list in the table below will be updated.
For further details, please refer to section 4 in this guide Section “Ordering MFN Services”.
21 MFN Managed Option
|MFN Managed |Order Required |MFN NOC Ticket |
|MFN Elements and Features |Establish New |Change Existing |Establish New |Change Existing |
|LAN IP addressing maintained by DMS |Yes |Yes |No |No |
|LAN IP addressing provided by Agency |No |No |Yes* |Yes* |
|VRF Type – private, common, and public or VRF-Lite |Yes |Yes |No |No |
|Encryption |Yes |No |No |Yes |
|Non-IP traffic |Yes |No |No |Yes |
|Multicast |Yes |No |No |Yes |
|Vendor Managed CPE |Yes |Yes |No |No |
|Customer Managed CPE |Yes |Yes |No |No |
|Access List, DHCP, and LAN Routing Protocols |** |** |** |** |
|Firewall |Yes |No |No |Yes |
|QoS type - voice, video, application |Yes |No |No |Yes |
|NAT |Yes |No |No |Yes |
|IP Helper Address add / change |No |No |Yes |Yes |
|LAN interface settings (Speed, Duplex, VLAN Changes) |No |No |Yes |Yes |
|IP Accounting (Troubleshooting Aid) |No |No |No |Yes |
|Route Cache Flow (Troubleshooting Aid) |No |No |No |Yes |
|Add Static Route |No |No |Yes |Yes |
22 Customer Managed Option
|Customer Managed |Order Required |MFN NOC Ticket |
|MFN Elements and Features |Establish New |Change Existing |Establish New |Change Existing |
|LAN IP addressing maintained by DMS |Yes |Yes |No |No |
|LAN IP addressing provided by Agency |No |No |Yes * |Yes * |
|VRF Type – private, common, and public or VRF-Lite |Yes |Yes |No |No |
|Encryption |Yes |No |No |Yes |
|Non-IP traffic |Yes |No |No |Yes |
|Multicast |Yes |No |No |Yes |
|Vendor Managed CPE |Yes |Yes |No |No |
|Customer Managed CPE |Yes |Yes |No |No |
|Access List, DHCP, and LAN Routing Protocols |** |** |** |** |
|Firewall |No |No |No |No |
|QoS type – voice, video, application |Yes |No |No |Yes |
|NAT |No |No |No |No |
|IP Helper Address add / change |No |No |No |No |
|Add Static Route |No |No |Yes |Yes |
* All IP Addresses must be validated with the MFN NOC Tier2 / Tier 3 Analyst prior to implementation to ensure no conflict will arise with any other IP Addressing Scheme in production.
** An order will be required if a customer is requesting access to resources outside their VRF. Site to Site ACL creation or changes within an Agency do not require an order. The 2 hour configuration SLA does not apply to the creation of any new Access List. For security reasons, all ACL (Access List) changes and creations must be reviewed by the SUNCOM NOC prior to implementation of MFN NOC ticket.
The 2 hour SLA on configuration changes will only be honored for requests placed on a Remedy ticket through the MFN NOC. Refer to the above tables for changes that qualify. All required information must be in the ticket to complete the requested changes. If the information is incomplete the ticket and the changes will be placed on hold until all required information has been provided by the requestor.
For any Customer requested changes that may have an effect on the MyFloridaNet core, the MFN Engineering team will meet to review and discuss the design change before any changes can be made. Router configuration changes that require engineering review and/or testing may take longer. For any changes requiring an order or for changes not listed in the tables above, Customers should initiate and submit an order via CSAB system.
Based on the tables above, when you request a change through the MFN NOC, please provide the information listed below. For any changes requiring an order, please refer to Chapter 4 “Ordering MyFloridaNet” on how to submit a CSAB order.
• Circuit ID Number
• Type of service
• Managed or unmanaged CPE
• Detailed description of the request
• Exact date and time needed for the change
• Customer contact name
• Customer phone and cell numbers
• Email address of contact for status updates
• Hours of operation (When can you be contacted?)
• Any special requirements or constraints.
The status of a request can be checked by calling or emailing the MFN NOC (1-866-913-8386 or support@mfn. ) or by using the Ticketing System application in the MFN NMS Web Portal at .
23 CPE Configuration Changes and SLA Guidelines
1. The types of simple MFN NOC CPE configuration changes are defined in section under “Generating Configuration Change Request (MFN CSAB ordering system vs. MFN NOC)”.
2. The number of simple MFN NOC CPE configuration request is defined as 6 devices or less. Therefore, the SLA requirement of 2 hours or less will be applicable to 6 devices or less.
3. The SLA requirement of 2 hours per request will be adjusted up in 2 hour increments per multiple of 6 devices. For example, if there is a request to make configuration changes, of a single type, to a total of 18 devices, the SLA requirement will be 6 hours. As another example, if there is a request to make configuration changes, of a single type, to 9 devices, the SLA requirement will be 4 hours.
4. The SLA requirements and CPE configuration changes will be applicable regardless of a single partner or multiple partners.
5. Only one type of change as detailed in the tables in section “Generating Configuration Change Request (MFN CSAB ordering system vs. MFN NOC)” will be accepted per request. For example: a single request of IP QoS changes for 6 devices or less.
6. If there is a single request for 7 devices or more, the MFN NOC will create a single trouble ticket and comply with the SLA requirements as stated in number 3 above.
7. If there is a single request for multiple types of changes for 6 devices or less, then the MFN NOC will create multiple trouble tickets for each type of change. For example: if a customer calls or sends an email request with 3 multicast and 3 IP QoS cpe configuration changes for 6 devices. Then the MFN NOC will create two trouble tickets; one for each change type. In this example, the SLA requirement will be 2 hours or less for each trouble ticket.
8. MFN trouble tickets will be created immediately upon receiving email or call from the customer. Any conversations or discussions with Teir2/3 or internal tickets between partners will be carried out after the MFN trouble ticket has been created.
9. After Hour Change Request: Since AT&T requires a provisioning engineer for any CPE configuration changes through the ordering process there will be an after hour charge as listed on the MFN website. This charge will cover all CPE configuration changes that are requested on a given order, regardless of the number of changes requested.
10. There will be no after hour charges for any CPE configuration changes completed through the MFN NOC.
25 MFN Major Outage Process
A Major Outage is considered when 10 critical alarms or greater within the same timeframe surrounding a common event (fiber cut, Network switch failure, Agency Host site failure, DOS Attack, Firewall failure, etc…) or any CORE related outage has occurred. In this case, individual trouble tickets will not be opened. However one Master Trouble Ticket will be opened. This Master Ticket will list all the sites that have been affected by the Major Outage.
MFN NOC will notify the affected agencies/sites via phone call that a Master ticket has been opened on a Major Outage that is affecting their service. All impacted sites will be documented in the Remedy Ticket under this Master Remedy Ticket Number. The MFN NOC will provide status and updates as outlined in the process described in section “Notification and Status Commitments”.
The MFN SLA team will scrub and validate the data and trouble ticket to determine if any SLAs have been violated based on the SLA requirements.
26 Requesting a Reason for Outage (RFO)
• Information on an Outage of a site can be found through the MFN NMS web portal by accessing the Customers trouble ticket. If additional information is needed, Customers requiring an RFO should request it through the DMS SUNCOM NOC at SUNCOM.Helpdesk@dms..
• The SUNCOM NOC has the responsibility of working with the Customer to provide and discuss the RFO.
• Once the RFO has been provided and discussed, the SUNCOM NOC will close the issue by sending an email to the Customer.
27 Testing Disaster Recovery (DR) Solutions
Agencies desiring to test third party disaster recovery solutions and resource capabilities that traverse the MFN must initiate service support activities by contacting the MFN NOC and opening a Minor Remedy ticket for disaster recovery support. The MFN NOC ticket provides the agencies with access to Tier 2 / 3 technical support for their test activities as it applies to the MFN network. The agency must provide contact information for agency technical support and contact information for DR provider as well as any technical information pertinent to the disaster recovery test in the NOC ticket, i.e. IP addresses, circuit IDs, etc. MFN Tier 2 / 3 support may include configuring core devices and premises routers to support end-to-end IP connectivity testing with the DR provider and agency.
It is the agency’s responsibility to coordinate activities with their DR provider, as this portion of the service is not part of MFN. To ensure proper communication, agencies must initiate service support requests at least 2 weeks in advance of the actual test date. This should provide sufficient time to coordinate activities and pre testing.
Upon completion of any testing, the agency should advise the MFN NOC to close the ticket and begin monitoring the tested devices again.
28 Disaster Recovery Ticket Procedure
To capture all of the necessary information to support MFN customer’s that have a disaster recovery solution, Tier 1 technicians need to request the following information from the customer when the NOC is contacted to open a support ticket.
1. Name of agency requesting the testing
2. Agency technical contact information
3. Date of pre test and date of actual test
4. Disaster recovery service provider contact information
5. Test subnets that will be used on the LAN at the Disaster Recovery Location
6. Disaster recovery circuit ID
After the information has been documented in the ticket, Tier 1 technician will provide the customer with the ticket number and escalate the ticket to Tier 2/3. Tier 2/3 will contact the customer and provide them with their contact information for the testing process.
Ordering MyFloridaNet Services
MFN Services come in a wide variety of speeds, access methods (local loops), options, and equipment (routers) to meet customer demands and needs. If at any time during the order process a customer has any questions or needs assistance, they should contact the SUNCOM Helpdesk.
1 Eligibility for Service
Organizations eligible to use SUNCOM services can order MyFloridaNet service. Eligibility for SUNCOM services is defined in Chapter 282, Florida Statutes, and basically includes,
• State Agencies
• State Universities and Community Colleges
• City or County Governments in Florida
• Non-Profit Corporations (receiving the majority of their funding from the State, County or City)
• Some Commissions & Boards
• Water Management Districts
All state agencies are required to use the SUNCOM Network per Florida Statutes.
You can also contact the SUNCOM Helpdesk to determine your eligibility.
Florida Statutes and Administrative Code Rules related to SUNCOM can be found on the DMS website.
Florida Administrative Codes related to SUNCOM Services:
• F.A.C. Chapter 60FF-1 SUNCOM Definitions; Qualifications; Exemptions; Clearances
• F.A.C. Chapter 60FF-2 SUNCOM Order Processing and Billing
• F.A.C. Chapter 60FF-3 SUNCOM Usage and Security Policies
2 Prerequisites for Ordering
3 SUNCOM Network Services Agreement (SNSA) and Online CSA Registration
If not already on file, eligible users who wish to subscribe to SUNCOM services are required to submit a SUNCOM Network Services Agreement (SNSA) form to determine eligibility for SUNCOM services. After eligibility is determined, customers are required to register to use the Communications Service Authorization and Billing (CSAB) system to submit orders. Both the SNSA form and CSAB can be accessed from the links below:
SUNCOM Network Services Agreement
Communications Service Authorization and Billing (CSAB) system
4 Port Speed Selection
Most customers elect to use full port speed where port speed matches the access speed. In situations where the customer does not need to access any users outside of his area or access the MFN transport for other uses (e.g. Internet), MFN Lite (Local Only or Flexport) may be a more cost-effective and appropriate option.
5 Access Speed and Method Selection
The majority of the network users have selected frame relay and Ethernet as the access method for lower speeds for its availability. For higher access rates Ethernet is the preferred delivery method.
6 CPE Selection
Customers connecting to MyFloridaNet must do so via an approved Customer Premises Equipment (CPE). Customers will select a CPE based on their requirements. A list of standard CPE along with specifications is posted on the MFN web site. CPE selection for bandwidth greater than 100Mbps and/or requirements such as IP QoS, multicast and Encryption is based on an Individual Case Basis. DMS will conduct an engineering review to recommend the appropriate CPE. Any customer requested CPE (supported manufacturer only) that is not part of the approved CPE list will go through engineering review and testing before an order can be submitted.
Customer should note that router selection depends on factors such as:
• Bandwidth
• Number of interfaces
• Type of interfaces (typically depending on access type)
• Encryption (software or hardware)
• Quality of Service
• VRF Lite
• Additional LAN interfaces
• Multicast
• Anticipated growth in bandwidth needs
• And other factors based on customer needs
7 MFN Service Inquiry
Requests for MFN service greater than 12 Mbps or service provided via Ethernet require a Service Inquiry to determine availability of facilities to provide service. The service inquiry process shall be initiated once the order is submitted. A service inquiry and price quote can also be initiated before submitting an order by contacting the SUNCOM Helpdesk. Service Inquiries will require the following information to be submitted by the customer:
• Speed and type of connection,
• Valid site address,
• Local contact name and number
• Telephone number for the location if different from the local contact’s number.
In cases where telephone service does not exist for a location a working number near the location can be used and should be reported as such. The service inquiry results will be provided to the customer. In addition, price quotes (if requested) will be provided for any speeds greater than 12 Mbps. Quotes less than 12Mbps can be obtained from the MFN web site. Service Inquiries to determine availability of facilities can normally take up to 10 calendar days.
8 Special Construction
Occasionally, it may be determined that while facilities were not available for installation of service as determined in the MFN Service Inquiry, facilities can be constructed to provide the requested service at the desired location. This will require additional time and the customer may incur additional expenses. These expenses or any additional time required for special construction will be presented to the customer for approval.
9 Site Readiness
For any non-fiber based MFN services, the site receiving MFN service must be ready to receive the service and have a space appropriate for housing network equipment. This includes but not limited to,
• The site being fully constructed and ready for occupancy and having a secure, clean, environmentally conditioned, properly lit space with the necessary electrical power and with equipment racks, floor space and/or plywood backboards available.
• All wiring/infrastructure should be in place (inside the building) from your demarc to your final router location.
• There should be sufficient backboard space and a #6 ground wire.
Note: Any site readiness requirements will be at customer expense.
For any fiber based MFN services, a site survey will be performed to determine if the site is ready for fiber based MFN services. This process will take place after DMS submits the customer order to the service provider. A service provider representative will contact the customer to schedule a site survey.
10 Special Options
There are special order options that require special expertise or special design to implement properly. Some of these are QOS for voice, video, or application. Multicast and connectivity back to a Disaster recovery provider site.
11 Ordering IP QoS
There are times when information should be prioritized over the network and especially when leaving a customer’s site. To prioritize customer traffic, QOS needs to be deployed. Voice, Video, Emergency Voice and other critical applications can be prioritized over the MyFloridaNet. QoS deployment will require engineering prior to submitting the order.
For new implementation of IP QoS, users can request it on the original order requesting services. To assist in the deployment of QoS to the network, the QoS template should be completed and attached to the order. If requested, DMS will work with the customer to complete this template for a QoS design for the bandwidth allocations available. However, to prevent any delays to the installation of the circuit, IP QoS can also be requested later under the original order for the locations in question. Customer will decide the urgency of this requirement. Please see below the IP QoS template:
[pic]
12 Ordering IP Multicast
To activate IP Multicast routing in the MFN, users can request it on the original order requesting services or can activate it later under the same order used originally for the locations in question. If an agency desires to request this routing capability in the MFN, an IP Address for the IP Multicast application(s) will have to be requested from DMS on the order for the Common Services VRF.
How to order IP Multicast:
1. Request IP Multicast with the original order or at a later time using the original order for the location(s). This will require one order for each of the locations needing IP Multicast to be activated.
2. Indicate/request one IP Address assignment per source application if user is part of the Common Service VRF.
13 Ordering MFN DSL Services
MFN DSL is not available at all locations. To avoid delays, please call the SUNCOM Helpdesk and provide a working phone number to determine DSL availability. Ultimate determination of DSL availability cannot be determined until installation.
For additional information, refer to the attached document below “Issues related to MFN DSL”.
[pic]
14 Order Process
Once the configuration of the MyFloridaNet services is determined and the above prerequisites satisfied, logon to the online ordering system to complete and submit to the DMS a completed order Orders CANNOT be submitted directly to the vendor.
Details on CSAB and training can be found at the following links:
• CSAB
• CSAB Training
15 Modifications to Existing Service (MFN CSAB vs. MFN NOC)
Most changes to the MyFloridaNet services including all billable items will require the customer to submit a change order through the CSAB ordering system. All billable items of the MFN services require an order. There are certain non-billable item changes that do not require an order.
Existing MFN service can be modified through the CSAB system and in some cases directly by calling the MFN NOC depending on the change. For example, if the modifications require a change to the access method or speed (either Port or Access), customers are required to use the CSAB ordering system. A detailed list is provided in the table below indicating when an order is required and when a MFN NOC ticket is required. The first table is for MFN managed equipment and the second is for Customer managed equipment. Since all billable items require an order, those items are excluded from the list below. Any changes to a non-billable item not listed in the tables below will be discussed internally. As a result of these discussions, the list in the table below will be updated.
Changes that can be requested by an MFN NOC ticket will be completed within 2 hours of creation of the ticket. The ticket will be created with a severity classification of Minor.
16 MFN Managed Option
|MFN Managed |Order Required |MFN NOC Ticket |
|MFN Elements and Features |Establish New |Change Existing |Establish New |Change Existing |
|LAN IP addressing maintained by DMS |Yes |Yes |No |No |
|LAN IP addressing provided by Agency |No |No |Yes* |Yes* |
|VRF Type – private, common, and public or VRF-Lite |Yes |Yes |No |No |
|Encryption |Yes |No |No |Yes |
|Non-IP traffic |Yes |No |No |Yes |
|Multicast |Yes |No |No |Yes |
|MFN Managed CPE |Yes |Yes |No |No |
|Customer Managed CPE |Yes |Yes |No |No |
|Access List, DHCP, and LAN Routing Protocols |** |** |** |** |
|Firewall Feature Set |Yes |No |No |Yes |
|QoS type - voice, video, application |Yes |No |No |Yes |
|NAT |Yes |No |No |Yes |
|IP Helper Address add / change |No |No |Yes |Yes |
|LAN interface settings (Speed, Duplex, VLAN Changes) |No |No |Yes |Yes |
|IP Accounting (Troubleshooting Aid) |No |No |No |Yes |
|Route Cache Flow (Troubleshooting Aid) |No |No |No |Yes |
|Add Static Route |No |No |Yes |Yes |
17 Customer Managed Option
|Customer Managed |CSA Required |MFN NOC Ticket |
|MFN Elements and Features |Establish New |Change Existing |Establish New |Change Existing |
|LAN IP addressing maintained by DMS |Yes |Yes |No |No |
|LAN IP addressing provided by Agency |No |No |Yes * |Yes * |
|VRF Type – private, common, and public or VRF-Lite |Yes |Yes |No |No |
|Encryption |Yes |No |No |Yes |
|Non-IP traffic |Yes |No |No |Yes |
|Multicast |Yes |No |No |Yes |
|Customer Managed CPE |Yes |Yes |No |No |
|Vendor Managed CPE |Yes |Yes |No |No |
|Access List, DHCP, and LAN Routing Protocols |** |** |** |** |
|Firewall Feature Set |No |No |No |No |
|QoS type – voice, video, application |Yes |No |No |Yes |
|NAT |No |No |No |No |
|IP Helper Address add / change |No |No |No |No |
|DHCP |No |No |No |No |
|Add Static Route |No |No |Yes |Yes |
* All Private IP Addresses must be validated with the MFN NOC prior to implementation to ensure no conflict will arise with any other IP Addressing Scheme in production
** An order will be required if a customer is requesting access to resources outside their VRF. Site to Site ACL creation or changes within an Agency do not require an order. The 2 hour configuration SLA does not apply to the creation of any new Access List. For security reasons, all ACL (Access List) changes and creations must be reviewed by the SUNCOM NOC prior to implementation of MFN NOC ticket.
The 2 hour SLA on configuration changes will only be honored for requests placed on a Remedy ticket through the MFN NOC. Refer to the above tables for changes that qualify. All required information must be in the ticket to complete the requested changes. If the information is incomplete the ticket and the changes will be placed on hold until all required information has been provided by the requestor.
For any Customer requested changes that may have an effect on the MyFloridaNet core, the MFN Engineering team will meet to review and discuss the design change before any changes can be made. Router configuration changes that require engineering review and/or testing may take longer. For any changes requiring an order or for changes not listed in the tables above, Customers should initiate and submit an order via the CSAB system.
Based on the tables above, when you request a change through the MFN NOC, please provide the information listed below. For any changes requiring a CSA, please refer to Chapter 4 of this guide.
• Circuit ID Number
• Type of service
• Managed or unmanaged CPE
• Detailed description of the request
• Exact date and time needed for the change
• Customer contact name
• Customer phone and cell numbers
• Email address of contact for status updates
• Hours of operation (When can you be contacted?)
• Any special requirements or constraints.
The status of a request can be checked by telephoning or emailing the MFN (1-866-913-8386 or support@mfn. ) or by using the Ticketing System application in the MFN Web Portal at .
18 CPE Configuration Changes and SLA Guidelines
1. The types of simple MFN NOC CPE configuration changes are defined in section under “Generating Configuration Change Request (MFN CSAB ordering system vs. MFN NOC)”.
2. The number of simple MFN NOC CPE configuration request is defined as 6 devices or less. Therefore, the SLA requirement of 2 hours or less will be applicable to 6 devices or less.
3. The SLA requirement of 2 hours per request will be adjusted up in 2 hour increments per multiple of 6 devices. For example, if there is a request to make configuration changes, of a single type, to a total of 18 devices, the SLA requirement will be 6 hours. As another example, if there is a request to make configuration changes, of a single type, to 9 devices, the SLA requirement will be 4 hours.
4. The SLA requirements and CPE configuration changes will be applicable regardless of a single partner or multiple partners.
5. Only one type of change as detailed in the tables in section “Generating Configuration Change Request (MFN CSAB ordering system vs. MFN NOC)” will be accepted per request. For example: a single request of IP QoS changes for 6 devices or less.
6. If there is a single request for 7 devices or more, the MFN NOC will create a single trouble ticket and comply with the SLA requirements as stated in number 3 above.
7. If there is a single request for multiple types of changes for 6 devices or less, then the MFN NOC will create multiple trouble tickets for each type of change. For example: if a customer calls or sends an email request with 3 multicast and 3 IP QoS cpe configuration changes for 6 devices. Then the MFN NOC will create two trouble tickets; one for each change type. In this example, the SLA requirement will be 2 hours or less for each trouble ticket.
8. MFN trouble tickets will be created immediately upon receiving email or call from the customer. Any conversations or discussions with Teir2/3 or internal tickets between partners will be carried out after the MFN trouble ticket has been created.
9. After Hour Change Request: Since AT&T requires a provisioning engineer for any CPE configuration changes through the CSAB order process there will be an after hour charge as listed on the MFN website. This charge will cover all CPE configuration changes that are requested on a given order, regardless of the number of changes requested.
10. There will be no after hour charges for any CPE configuration changes completed through the MFN NOC.
19 Relocation of MFN Service
20 In-House Relocations
In-house relocation of D-Marcs will be initiated by CSAB order.
21 Relocation of Service to New Physical Address
Relocation of service to a different physical address will be initiated by two orders. A separate order will be issued for installation of the service at the new location and a second CSA will be issued for the disconnection of the existing service. This is necessary as customers often want no down time associated with the move and require service continuation at the original site until the relocation of all personnel and equipment is completed. The customer must work with DMS to insure no duplication of IP addresses by assignment of new addresses or temporarily subnetting of existing addresses. If downtime can be tolerated by the customer and the customer is not requesting a different router model or upgrade of the existing router, the router may be re-used/relocated to the new service location. This will require approval and coordination with the customer by DMS or ATT. Customer rented routers should be moved to the new location by ATT or one of its subcontractors and not the customer.
22 Changes Requiring a CSAB order
Changes to existing service in port speed, access method, and access speed at the same location will require an order through the CSAB ordering system.
23 Temporary Emergency Bandwidth Upgrade Change
There are times when the needs of an agency may require a temporary increase of bandwidth to manage an emergency. In this case, an exception to the normal provisioning process will be made to provide the requested bandwidth in an abbreviated timeframe.
Temporary emergency bandwidth increases are only available on Ethernet services where the installed backbone circuit, local loop and CPE are capable of managing the increase. Customers will use the CSAB ordering system for the increase in bandwidth and the one-time temporary emergency bandwidth charge selection. The appropriate upgraded charges will apply. In addition, a one-time temporary emergency bandwidth upgrade change fee will apply as well. The upgraded bandwidth charges will continue be bill to the customer unless the customer reverts back to the original bandwidth/service through the CSAB ordering process.
The minimum billing period for temporary emergency bandwidth upgrades will be 30 days. Since the minimum billing is for 30 days, the customer may choose to maintain the temporary upgraded bandwidth for the full 30 day period.
In the event the time frame does not allow for the timely issuance of an order, DMS Service Delivery will submit an email request to AT&T Life Cycle Manager approving the increased bandwidth with a copy to the SUNCOM NOC at suncom.helpdesk@dms.. AT&T Lifecycle Manager will determine what the upgrade capabilities are and advise DMS. DMS will open a MFN NOC ticket for emergency upgrade to the specified bandwidth.
After-hours, or in the event that the customer contacts the MFN NOC directly, the SUNCOM NOC will be notified to create a ticket and send to DMS Service Delivery to advise the customer’s request for an emergency upgrade was received. DMS Service Delivery will contact the customer during normal business hours to determine if upgrade is warranted and that the circuit and router are capable of the upgrade.
In any of these cases, the customer must follow-up with an order to cover the cost related to the temporary emergency bandwidth increase at the earliest possible date. No Config or IMAC SLAs will apply for the temporary emergency bandwidth increase.
24 Discontinuation of Service
Discontinuation of service will be initiated by issuance of an order from the customer to DMS. DMS will honor the customer requested due date when it meets or is beyond the standard disconnect interval of 10 calendar days after receipt of the order from DMS to AT&T. Ample time (typically 5 business days) must be given to DMS to review and process the order for disconnect.
While DMS will work to facilitate as accurate records and invoicing as possible, ultimate responsibility to ensure that invoicing has been discontinued will be the responsibility of the customer in normal review of their invoices. If invoicing is not discontinued for the billing cycle coinciding with the discontinuance of the service, the customer must contact DMS immediately to determine why the invoicing has not ceased with the requested discontinuation of the MFN service.
25 Mandatory Use of the CSAB System
All requests for service, modification to existing service, and discontinuation of service, will be submitted by the customer to DMS via the CSAB System or similar system as deployed by DMS. An exception to this requirement are changes not affecting invoicing and approved via MFN NOC ticket as described in section “Modifications to Existing Service (MFN CSAB vs. MFN NOC)” above.
26 Incomplete orders
Orders submitted to DMS must contain all the information necessary to successfully fulfill the service requested by the customer. Incomplete orders delay the delivery of the requested service action. If a customer is unsure of what is required on the order, please contact the SUNCOM Helpdesk Service Level Agreements (SLAs) will not be in effect until DMS determines that sufficient information has been provided to provision the requested action. Any order that is incomplete or missing information will be brought to the attention of the customer either by phone, E-mail, or by returning the order to the customer, requesting the additional information needed. For this reason, it is imperative that customers monitor the status of their orders through use of the CSAB System. Orders submitted to DMS may be retracted for correction or modification until DMS begins processing of the order. This can be determined by attempting to retract the order via the CSAB System. If DMS has already begun processing the order, the system will refuse to allow retraction of the order. In these cases, DMS must be contacted by phone or E-mail and acknowledgement received by the customer, to discuss the changes required by the customer and what procedure is to be followed. In most cases, the order will have to be returned to the customer for modification or correction. Any changes made to the order after submission to DMS will delay the requested action until the order can be modified or corrected by the customer and resubmitted to DMS. SLA clocks will be stopped or restarted by DMS depending on the magnitude and position of the order in the process at the time of retraction. All changes to the order or existing service must be made by the customer through DMS except as mentioned in “Modifications to Existing Service (MFN CSAB vs. MFN NOC)” above.
27 MyFloridaNet Installation Process – Circuit Provision and Router Turnup
The process below depends on the services and options selected under MyFloridaNet. However, a standard MFN installation process is listed below.
1. A call will be made by the vendor to the on-site contact prior to the due date to advise when to expect the installation of the circuit to occur.
2. Circuit technicians will be dispatched to install the new MyFloridaNet circuit prior to installation of the router.
3. A call will be made by the vendor to the on-site contact prior to the due date to advise when to expect the installation of the CPE to occur.
4. The CPE installer will be dispatched on the planned test and turn-Up date as close to the beginning of the requested appointment window as possible.
5. The CPE installer will work with the vendor provisioning personnel to turn up the vendor managed equipment on the circuit and verify connectivity to the Core and to the VRF(s) that the customer is attached to.
6. The CPE installer will demonstrate connectivity to MFN from the vendor managed CPE router.
After installation of the vendor managed CPE router, an email notification will be sent to the Customer confirming the installation. A template of this email is available in Appendix G.
If the Customer is providing and installing the CPE router, an email with instructions and a schedule date of the router turn-up will be provided to the customer. A template of this email, instructions and confirmation is available in Appendix H.
7. The CPE installer will work with the customer in connecting the router to the Customer’s LAN if the customer is ready at the time of turn up.
8. If there are any unresolved issues noted during the installation process, the customer will be left on their existing service and a new installation date will be rescheduled.
9. The site will be populated into the Network Management System (NMS) Tools within 2 business days.
10. Billing will commence after two business days following successful turn-up and testing/cutover to MyFloridaNet.
See Appendix H for start of billing on Customer managed CPE.
While DMS will work to facilitate as accurate records and invoicing as possible, ultimate responsibility to ensure that all dates including the completion dates are accurate in the CSAB system for their orders and invoice will be the responsibility of the customer. Customers must contact the SUNCOM Helpdesk immediately to discuss any issues with their orders.
For specific details on billing, please refer to the chapter on Billing.
28 Installs, Moves, Adds, and Changes (IMAC) SLAs
29 SLA Start and End Requirements
An SLA performance target begins when the following items are complete:
1. a complete and accurate order is submitted by the customer to DMS
2. it is reviewed by DMS for accuracy and completeness
3. is submitted to the vendor*
* Note: If there is any missing or inaccurate information on the order, the installation date and the SLA performance target may be impacted.
An SLA performance target ends when the following conditions have been met:
For Vendor Provided CPE/Managed
1. The router has been installed on the customer premises.
2. The router has been turned up with the Provisioning engineer and engineer has documented activities in the provisioning comments section of Remedy.
Note: The customer may or may not cutover their LAN at this point based on customer request.
For Customer Provided CPE/Unmanaged
1. The vendor will contact the customer to advise of the circuit installation due date. This is a minimum of two days prior to circuit completion.
2. The circuit will be installed and tested by vendor network technicians prior to the turn up of the CPE.
3. The vendor will contact the customer to set an appointment for turn up of the CPE.
4. The vendor will send a confirmation email of the appointment time for the turn up of the CPE, which will include expectations on billing start date to the customer. Refer to Appendix H for a template of this email.
5. The vendor will have configured the CORE interface prior to the appointment time.
6. The turn up appointment will be scheduled by the vendor and take place within 7 business days of the circuit install date or billing will commence automatically.
7. The customer will configure their CPE using the guidelines and site specific technical data provided by the vendor to them for the location.
8. The customer will connect the CPE to the access circuit.
9. The customer will be responsible to call the vendor at the scheduled appointment time to work with the provisioning engineer to confirm circuit operation and routing through the CORE.
10. The customer will be responsible for any LAN side connections of the CPE and any cutover activities that need to take place for new service turn up.
11. If the customer does not contact the vendor on the scheduled appointment time, the vendor will close out the turn up with the scheduled date and the technical contact as being completed.
30 SLA Installation Performance Targets
The table below provides the SLA installation performance targets for the MyFloridaNet by bandwidth speeds.
|SLA Installation Performance Target |
|Bandwidth Range |SLA Target |
|64 kbps to 1.5 Mbps |Install within 25 business days (Approximately 35 calendar days) |
|2 Mbps to 45 Mbps |Install within 40 business days (Approximately 55 calendar days) |
|90 Mbps to 1000 Mbps |Install within 90 business days (Approximately 125 calendar days) |
If the SLA performance target is not met, DMS will credit Customer 25% of their customer service Monthly Recurring Charge (MRC). SLA violation credits are not applicable on DMS cost recovery.
A customer should request a due date that is not less than the above SLA performance targets. It is the customer’s responsibility to plan and forecast for services ahead of time. This will allow DMS ample time to work with the customer on the order requirements such as design review (if necessary), service inquiry, and validation of other requirements for a submittal of a complete order. Incomplete information on the customer order will impact the due date and SLA performance targets.
The customer may request a shorter due date as a Best Effort from DMS, in which case DMS will determine if the request can be met. SLA Installation performance Targets will still apply if the dates cannot be improved.
The customer may also request a shorter interval by using the Expedite procedure as detailed in Chapter 2. In the case of an expedite request the vendor will make every effort to meet the requested expedite date. SLA Installation Performance Targets are not applicable to expedited order time improvements.
DMS will work with AT&T to determine if the requested due date can be met and notify the customer with any issues.
The following services in the table may be completed much quicker than a new circuit installation and will not be subject to the standard intervals for installation as described above. SUNCOM will work with AT&T and make every effort to complete these quickly and in a timely manner.
|Requested Service Change |Expectation (Business Days) |
|CPE upgrade on existing circuit |15 |
|CPE module upgrade on existing CPE and Circuit |15 |
|In house relocations |15 |
|Extension Demarc on existing service |15 |
|Optional Features such QoS, Multicast, Encryption on existing circuit using the CSA |15 |
|process | |
|Bandwidth upgrade on existing circuit. For example, if a customer has a 12 Mbps |15 |
|circuit provisioned on a DS3 and the customer wants to upgrade to a DS3. | |
31 Impact on SLA Performance Targets
Meeting of the SLA performance targets will be affected by but not limited to the items listed below:
• Incomplete information on the order
• Customer not available (no access to customers site) or not ready for IMAC
• No response from customer contact
• Site not ready for services
• Fiber based requirements not met by agreed upon date
• Customer changes or moves the due date
• If access facilities do not exist for bandwidth speeds greater than 12 Mbps then defined SLA performance targets will not be applicable
• If access facilities do not exist for Ethernet, defined SLA performance targets will not be applicable
• Installation delays caused by customer owned equipment
• Any changes to the order after submittal of a complete order. Depending on the type of change, this may cause the SLA performance target to restart.
• Service inquiry above 12 Mbps or Ethernet
• Errors or incorrect information on the order
• Design issues such as insufficient QoS parameters, routing requirements or inappropriate CPE configuration.
• Any work needed to prepare the site for the MFN service based on site readiness or site survey requirements.
32 Order submittal and SLA Performance Target for new installation
Below is a summary of what is included and excluded from the SLA performance target for some of the major requirements of an order. As compared to other order requirements, these have a larger impact on due dates and SLA performance targets.
|CSA requirements |(Before or After) Order |(included or excluded) |
| |Submittal to AT&T |SLA Performance Target |
|Service Inquiry - above 12 Mbps or all Ethernet |Before |excluded |
|Service Inquiry – 12 Mbps and below |After |included |
|Site Readiness Requirements (non-fiber based) |Before and / or After |excluded |
|Site Survey (fiber based) |After |included |
|Site Readiness (fiber based) |After |excluded |
Example: A “Service Inquiry – above 12 Mbps or all Ethernet” as an order requirement must be performed “Before” the order is submitted to AT&T. The time it takes to perform this requirement is “excluded” from the SLA performance target.
MyFloridaNet Billing
1 Monthly Charges
After the service is installed the customer will receive monthly invoices. The billing cycle for this service runs from the first day of the month to the last day of the month. Fractional charges will bill effective the date of install.
For CPE acquired and installed through the MFN, the “Completion Date” will be based on the router turn-up date. For CPE provided by customer, the “Completion Date” will be the date as mutually agreed scheduled CPE provisioning date for the site.
While DMS will work to facilitate as accurate records and invoicing as possible, ultimate responsibility to ensure that all dates including the completion dates are accurate in the CSAB system for their orders and invoice will be the responsibility of the customer. Customers must contact the SUNCOM Helpdesk immediately to discuss any issues with their orders or invoices.
2 Minimum Billing Period
The minimum billing period for any service installed under MFN will be a minimum of 30 days.
3 Temporary Emergency Bandwidth Upgrade Change
There are times when the needs of an agency may require a temporary increase of bandwidth to manage an emergency. In this case, an exception to the normal provisioning process will be made to provide the requested bandwidth in an abbreviated timeframe.
Temporary emergency bandwidth increases are only available on Ethernet services where the installed backbone circuit, local loop and CPE are capable of managing the increase. Customers will use the CSAB ordering system for the increase in bandwidth and the one-time temporary emergency bandwidth charge selection. The appropriate upgraded charges will apply. In addition, a one-time temporary emergency bandwidth upgrade change fee will apply as well. The upgraded bandwidth charges will continue be bill to the customer unless the customer reverts back to the original bandwidth/service through the CSAB ordering process.
The minimum billing period for temporary emergency bandwidth upgrades will be 30 days. Since the minimum billing is for 30 days, the customer may choose to maintain the temporary upgraded bandwidth for the full 30 day period.
In the event the time frame does not allow for the timely issuance of an order, DMS Service Delivery will submit an email request to AT&T Life Cycle Manager approving the increased bandwidth with a copy to the SUNCOM NOC at suncom.helpdesk@dms.. AT&T Lifecycle Manager will determine what the upgrade capabilities are and advise DMS. DMS will open a MFN NOC ticket for emergency upgrade to the specified bandwidth.
After-hours, or in the event that the customer contacts the MFN NOC directly, the SUNCOM NOC will be notified to create a ticket and send to DMS Service Delivery to advise the customer’s request for an emergency upgrade was received. DMS Service Delivery will contact the customer during normal business hours to determine if upgrade is warranted and that the circuit and router are capable of the upgrade.
In any of these cases, the customer must follow-up with an order to cover the cost related to the temporary emergency bandwidth increase at the earliest possible date. No Config or IMAC SLAs will apply for the temporary emergency bandwidth increase.
4 Billing Start Date
Billing for installation of new services on MFN falls into two categories based on CPE acquisition. The differences are detailed below:
5 Acquired through the MFN Contract
All new MFN equipment will be staged, configured and installed as part of the rental CPE pricing. Installation is optional for an additional cost for CPE purchased through the MFN contract. Billing will start 2 business days after a successful CPE turn-up. For example, if the MyFloridaNet turned up on Friday, billing will start on the following Wednesday as the effective bill date.
6 Customer Provided CPE
Customers choosing to use / provide their own CPE acquired from other sources are an integral part of the turn up process on MFN. The vendor will work with the customer to schedule turn up appointments within 7 business days of the access circuit installation. The turn up schedule will be mutually agreed upon by the Customer and will be used as the record for setting billing dates. The MFN billing will start 2 business days after the scheduled CPE provisioning date for the site. For example, if the Access circuit was installed on Monday, the CPE was turned up on Friday then the billing will start on the following Wednesday. If there is any delay in completing the turn-up due to a vendor error, billing will be deferred to start 2 business days after the correction of the error.
7 Change in Billing Responsibility
Customer must notify DMS (email or call SUNCOM Helpdesk) when a change in billing responsibility occurs from a funding change or Proviso language in Legislature or any other applicable reason. A change in the ordering and billing system may be necessary.
8 Billing Components
The user will order service based on their user and location requirements. The billing components are listed in the CSAB system.
9 Paperless Invoice and Actual Charges
In order to properly manage service costs and keep charges to users as low as possible, these services will bill online using paperless invoicing. All users of the MyFloridaNet service will be required to retrieve their invoices and all back up detail by accessing the CSAB System via the Internet (if you currently retrieve your invoices via the internet, this service will be included with your SUNCOM Network invoices). Please see instructions below to register for the on-line SUNCOM CSAB System.
10 SUNCOM CSAB System Access Instructions
If you do not yet have access to the SUNCOM CSAB System, please email suncomInv@dms. requesting access. In your request, please include the Agency IDs (or Billing Accounts) you will need to access. If you are a supervisor and manage other financial professionals (or you are the sole payer of SUNCOM invoices) in your organization, please request that your new CSAB user account be setup as an administrator. Being an administrator for your organization will enable you to create additional users and manage user permissions throughout the site.
CSAB system increases your control over your telecommunications information.
Need your telecommunications staff to review the invoice before payment is made?
GIVE THEM DIRECT ACCESS TO VIEW THE INVOICE – WITHOUT PRINTING & ROUTING INTERNALLY!
Upon approval you will have access to your data. Once you are in the CSAB system, refer to the “Files tab” to access the PDF files (copy of paper bill). If you are set up for FTP TXT files you will also click on the “Files tab”.
Please use Contacts list in this guide if you have any question related to billing or the following service requests:
• Copies of invoices and detail older than 6 months up to (7) seven years.
• Password assistance – Changes / Reset
• Question or dispute of charges on invoice
• General Billing inquiries
• SLA Credits
• If you need access to more than one Agency Code within your department.
11 MyFloridaNet Invoice Sample
The attached copy is a sample of the CSAB system invoice. All detail is maintained and accessible in the inventory which is available online.
[pic]
12 MyFloridaNet SLA Credits
SLA credits (if any) will be given on a monthly basis on the customer invoice. Customers are responsible and encouraged to view their trouble tickets and MFN NMS web portal for any SLA violations and validate these SLAs through monthly MRC. Listed below is the dispute process for SLA credits,
⇨ SLA Dispute Resolution Process
➢ SLA credits (when applicable) will be given to user on their monthly invoice.
➢ Customers will have 60 calendar days from receipt of the bill containing the SLA credits to dispute SLA credit amount or any credits not received from the reporting month.
➢ User sends an email to the SUNCOM Helpdesk to document dispute.
¬ SUNCOM Billing will review claim from user pertaining to SLA to make sure there is no discrepancy.
➢ SUNCOM billing representative and MFN product manager will review dispute from user pertaining to SLA.
➢ If SLA involves review of a trouble ticket or incorrect credit, MFN product manager will coordinate with SUNCOM NOC to start the dispute resolution process.
¬ If based on this review the claim is valid, billing will submit credit on the next monthly invoice once the credit is determined and verified. Users will be notified by a billing representative.
¬ If based on this review the claim is invalid, SUNCOM Billing will notify the customer and explain why the request is being denied.
¬ Depending on the type of dispute, billing will typically notify users on the outcome of the dispute within 10 to 15 business days from receipt of user email.
¬ If user dispute continues and disagrees with the outcome; user can escalate to DMS management.
If you have questions regarding your SLA credit, please use the contact the SUNCOM Helpdesk.
Network Management System (NMS) Tools
1 NMS Tool Overview
The MyFloridaNet Portal is the primary access point to the network management tools provided as part of the MyFloridaNet services. The portal can be accessed via . The portal provides access to tools such as Spectrum, eHealth, NetQoS, Remedy Ticketing System, Router Configurations, Core Router Proxy, and the Security Tool (Q Radar).
➢ Spectrum – This application provides measurement and alarming on network performance, availability and Service Level Agreement (SLA) adherence.
➢ eHealth - This application provides historical reporting on network performance and availability.
➢ NetQoS - This application provides network traffic analysis.
➢ Remedy - This application allows users to monitor trouble tickets and search tickets.
➢ Router Configurations - The capability to view router configurations in the MFN tools is not only possible on customer managed routers, but also MFN managed routers.
o MFN Managed Routers
For customers with routers managed by MFN, configurations can be viewed in the Premise Router Proxy tool. This is accessed in the “Router Configurations” tab in the MFN tool portal.
[pic]
o Customer Managed Routers
RANCID manages the MFN router configurations, not only collecting and storing them, but tracking a history of changes. A few simple changes are required in the configuration, which are documented in this guide in Appendix E.
Note: Configurations are gathered nightly at 11:00pm and automatically after every configuration is saved to NVRAM. It is imperative that the user’s technical resources save the running configurations to the NVRAM when changes are made. This will ensure that changes are captured at the time of the save and archived nightly.
Customer utilizing this tool can access RANCID from the Router Configurations tab in the portal.
[pic]
➢ Core Router Proxy - This application allows authorized NMS users to execute specific JUNOS commands on their core interfaces.
➢ QRadar - This application monitors for malicious network traffic.
2 Local or Web Based Instructor Led NMS Training
Special in depth classes are held at DMS facilities or at agency locations in Tallahassee. If users are remote, web based live training is supplied if possible. Training agendas are customized according to customer needs. Classes are being led by experts involved in installing and maintaining the systems. Please contact the SUNCOM Helpdesk to request such training.
3 NMS CPE Requirements for Monitoring
Customers managing their own CPE and desiring to have their CPE monitored by the NMS tools must comply with the following configuration requirements in order to be monitored:
• Read Only SNMP security string that can be utilized by the MFN network management servers. This information must be shared with the MFN network management provisioning team prior to routers being added to the systems.
• Expanded access control list (ACL) to allow the devices to be reached by all necessary MFN IP network management server addresses. This list of around 40 IP addresses includes CA Spectrum and CA eHealth servers located in Tallahassee, FL (primary location), and Winter Park, FL (failover location).
Cisco Example:
remark EMBARQ-Spectrum-tlh-1
permit x.x.x.x
• Configure SNMP trap destinations. This will forward SNMP trap data to the Spectrum server, which is necessary for fully functional fault management.
Cisco Example:
snmp-server host x.x.x.x vrrp frame-relay envmon flash authenticate-fail bgp sdllc config-copy config entity event-manager hsrp ipmulticast mvpn ospf pim syslog aaa_server atm firewall ipsec isakmp rtr snmp
• Configure a syslog destination to include the MFN syslog server. This is required for complete functionality of configuration management and security software.
Cisco Example:
logging trap notifications
logging x.x.x.x
• It is recommended that the customer follow the MFN naming convention (MFN+LATA+City Code+Agency Code+incremental number – for example – MFNORLSNFR76A001) in order for the tools to function and provide secure limiting of customer views. Customers not able to rename devices will still see the MFN names utilized in the tools. For a listing of the “Standard City Abbreviations”, please go to Appendix F. If you need assistance in naming your managed CPE, please call MFN NOC at support@mfn..
Note1: Failure to make the changes above may have negative impact to customer services on items such as access to certain NMS Tools, RANCID backups, monitoring of the MFN service, MFN NOC troubleshooting and resolution, and SLAs.
Note2: All required configuration details and parameters will be supplied to the end user during the installation process. If for any reason, you are not provided with these parameters, please contact the MFN NOC at support@mfn..
4 Configuration Management Tool (Router Configurations) - RANCID
MFN uses RANCID as the Configuration Management Tool to support router backup. Backups are made every evening or may also be made whenever a configuration change is made to CPE. This tool is available for both MFN managed and customer managed CPE.
In order for customers who manage their own CPE to use this Configuration Management Tool, they will need to allow the tool access to their router. The router configurations that are required to provide this access are provided in Appendix E. Since the startup-configuration in NVRAM is the only configuration that is being archived, it is imperative that the user technical resources save the running-configuration to NVRAM when changes are made. This will ensure that the latest changes are backed up nightly. Refer to the CPE chapter section “Router Configuration Backup” for additional information.
5 NMS Tools Account Creation
In order to get access to the MFN Portal (MFN NMS Tools and Qradar Access), the Agency Security Administrator will complete and submit the NMS Tools and QRadar Access Request Forms, located in Appendix B and email it to NMSaccounts@dms. to establish new or delete existing NMS accounts. When the accounts are setup, the MFN NMS tools team will provide the user names and passwords to the Authorized Agency Security Administrator or the end user on the form normally within 5 working days after receipt of the form. If an existing working account is not needed, it is the responsibility of the agency security administrator to submit this form to delete the account.
Please note that customers will be denied request to access the MFN web portal (NMS tools) if the correct contact for the security Administrator is not on file. To add or change a Security Administrator on file, please refer to the Section on “Customer Responsibilities” in Chapter 3.
Additional Tools are available for additional MFN services listed below. In order to access these tools, the Agency Security Administrator will complete and submit the Tools Access Request Form, located in Appendix I and email it to NMSaccounts@dms. to establish new or delete existing Tools accounts. Subscription to these services is necessary to access these tools.
1. MFN Statewide MAN Type 2 Service in the AT&T LATAs
2. MFN PDC Utilization Statistics (Bridged or Layer 2 PDC Ports)
3. MFN Managed Firewall Services
Note: It is highly recommended to provide Tools access (including MFN NMS and QRadar) to only those individuals who have completed a successful level II background check.
6 MFN Portal Password Change
The MFN Portal allows end users to access their MFN NMS Tools. End users have the capability to change their MFN Portal password online without contacting the MFN NOC. MFN Portal passwords will automatically expire after 90 days. DMS has established the following password requirements:
1. Passwords must contain at least 8 characters
2. Passwords must be a combination of uppercase and lowercase letters and digits
3. Passwords cannot be the same as the end user’s login ID
4. Passwords cannot be the same as any of the 5 previous password
5. End user accounts will be disabled for 30 minutes after 6 successive incorrect passwords are entered
7 Password Change Instructions
End users can change their password by logging into their MFN Portal account and selecting the link “Password Change Request” under the “Helpful Links” heading on the MFN Portal “Welcome” page. End users will be notified of the requirement to change their password 10 days in advance of the expiration date of their current password. An end user can get assistance in changing their password by contacting the MFN NOC.
8 Customer Responsibilities
1. MFN Portal access is intended for authorized users only. End users are responsible for all activities associated with their MFN Portal account, and any suspicious activity should be reported to the end user’s MFN Security Administrator and the MFN NOC.
2. MFN Portal usernames and passwords are assigned individually and must not be shared with anyone.
3. MFN Portal accounts can only be requested through DMS by following the process described in section “NMS Tools Account Creation” of this guide.
4. End users are responsible for protecting their MFN Portal username and password to prevent unauthorized access to network information. They must either log out from their MFN Portal account, or lock their computer / workstation when leaving it unattended.
5. Passwords should be treated as sensitive and confidential information.
6. Passwords must not be written down.
7. Passwords must not be stored in a file on any computer or workstation unless they are encrypted.
10 NMS Alarm Procedures
Email and SMS paging can be sent for three classifications of alarms: Critical, major, and minor. Alarms will only be sent to user maintained group lists. Using the NMS tools access form in Appendix B, users will indicate which alarms are sent to the email and/ or paging group. Refer to the types of alarms listed below.
CRITICAL
Critical alarms include device outages, SLA critical thresholds exceeded, and SLA violations.
MAJOR
Major alarms include selected syslogs and traps, and device component failures (power supplies, fans, etc.).
MINOR
Minor alarms include non-major syslogs and traps, authentication failures, and informational alarms.
11 NMS Client Access Requirements
The MyFloridaNet Portal is comprised of many tools that serve a specific purpose and role in managing the devices of the MyFloridaNet network. Minimum and recommended client requirements for running the applications included in the MyFloridaNet Portal such as Spectrum, eHealth, NetQoS, Core Router Proxy, Remedy Ticketing System, and Router Configuration tools are provided in Appendix C. Installation and troubleshooting information for the Java Runtime Environment is also included to assist with properly configuring the client computer.
By adhering to the requirements described in Appendix C, the end-user experience and client-side response time should be satisfactory for the applications included in the MyFloridaNet NMS Portal. Please contact the MyFloridaNet NOC at support@mfn. to report any issues accessing the MFN NMS web portal.
12 NMS Reports
13 Remedy Ticket System
Users have the capability to generate remedy trouble ticket reports for their network through the MFN portal. These reports can be exported to an excel spreadsheet. This feature is visible through the main remedy ticketing system tool.
14 eHealth Reports
Users can generate the “At-a-Glance” or “Trend” reports on demand. If the user has a need to create a custom report, a request needs to be submitted to the SUNCOM Helpdesk. If requested by the customer, a meeting can be scheduled with the customer to discuss the request.
Customer Premise Equipment (CPE)
1 MFN CPE Acquisition Options
CPE may be rented, or purchased from the MyFloridaNet (MFN) contract. The MFN web site provides a listing of the standard CPE pricing and specification details.
Purchase or rental of standalone routers without the service is not allowed under MFN. A single router for a single MFN connection is the normal configuration. Any exception to this rule will be discussed on a case by case basis.
2 Customer Provided CPE Option
Customers may use existing routers on the MFN network. To ensure proper operation with the MFN network and to qualify for applicable SLAs, the customer must load these routers with the current approved MFN IOS and must be router models currently supported by the manufacturer. The routers must also be one of the approved and tested CPE. Special needs will be handled on a case by case basis by customers contacting the SUNCOM Helpdesk.
3 Maintenance
Maintenance supporting the standard MFN four (4) hour restoral SLAs is included in the rental prices of MFN CPE.
•
MFN maintenance is a requirement for MFN four (4) hour CPE restoral SLAs. The starting point for the 4 hour restoral SLA will vary depending on whether out of band access to the router is allowed by the customer.
Customers acquiring new equipment from sources other than the MFN contract will not be eligible for MFN CPE maintenance or associated SLAs and will also be responsible for CPE trouble shooting and coordinating any necessary CPE repairs themselves. Provided the customer follows MFN configuration guidelines, MFN CPE management is available and the MFN NOC will at the customer’s direction monitor, backup configurations and notify the customer when CPE or other outages are detected even if the CPE is not under MFN maintenance. MFN installation services are not available for CPE purchased outside the MFN contract.
Key features of CPE maintenance include:
• Replacement of hardware parts and service restoral with 24 x 7 x 4-hour basis
• 24x7x365 access to MFN NOC, engineering resources and CPE vendor Technical Assistance Centers
• IOS software updates (loading any software updates on customer managed CPE is the responsibility of customer)
• 24x7x365 access to CPE vendor websites such as Cisco Connection Online (CCO)
4 Installation
Installation for CPE on MFN falls in to two categories as defined in sections 7.1 (Acquired) and 7.2 (Customer Provided CPE). The differences are detailed below:
5 Acquired
All new MFN equipment will be staged, configured and installed as part of the rental CPE pricing. Installation is optional for an additional cost for CPE purchased through the MFN contract. Billing will start 2 business days after a successful CPE turn-up.
6 Customer Provided CPE
Customers choosing to use / provide their own CPE must be certified and approved for use by DMS. Information such as the minimum hardware recommendations for the access circuit, the applicable configuration template/guidelines and site specific technical data / information will be provided to the Customer. The customer will be responsible for configuring the CPE for a given site’s installation when they elect to manage their own CPE.
The core, circuit and customer provided CPE installations for these sites will be coordinated with the customer by the Vendor Implementer. The Turn-up schedule will be mutually agreed upon by the Customer and the Vendor, with documentation sent via email with the agreed upon Turn-up schedule and will be used as the record for setting billing dates. The MFN billing will start 2 business days after the scheduled CPE Turn-up date for the site. The core and access circuits may actually be installed several days in advance of the scheduled Turn-up date but that will have no impact on billing. Billing will start per the schedule unless installation delays are caused by the MFN Vendor. Turn-up is expected to be scheduled and completed within 7 business days of circuit installation. The turn up appointment will be scheduled by the Vendor and take place within 7 business days of the circuit install date or billing will commence automatically. Refer to section 5.4.2 for details.
If there is any delay in completing the Turn-up due to a Vendor error, billing will be deferred to start 2 business days after the correction of the error.
The preferred strategy is to have all Customer locations installed as Managed sites.
7 Out of Band (OOB) Access
For managed CPE, the MFN vendor will in most installations install (at no cost) OOB access (dial up line and modem) at T1 and greater sites. This option is not available in all LATAs. This OOB access is a crucial aid in troubleshooting, allowing the verification of site power, the retrieval of router and WAN interface diagnostic information and the quick restoral of the configuration when it is necessary to replace the router.
In spite of the $0 cost* and the many advantages of OOB from a maintenance and management perspective, it is understood some customers may choose to not allow OOB access. This choice will affect customer SLAs as noted in section 7.7 below in “Router Management” section.
*Customers are responsible for the cost to provide a POTS (Plain Ordinary Telephone Service) line.
8 Router Configuration Backup
The MFN NMS tools will maintain the last 25 copies of each router’s stored configuration along with the userID of who made each change as long as the MFN NOC has read SNMP access. The MFN NMS includes a configuration management tool that facilitates storage and gives the MFN user many abilities including the side by side comparison of configurations. Unmanaged customers must follow proper configuration guidelines that enable configuration management tool access to their routers. Unless other customer specific solutions are able to be arranged through DMS, unmanaged customers are responsible for configuring replacement routers after maintenance events and will be able to access the stored configurations via the MFN Portal.
9 Router Management
Full Management
Full router management is included and available as an option for all supported CPE at no additional charge and includes CPE configuration management, CPE MIB Polling, syslog trap support, NMS tools access, performance reports, proactive trouble responses, enhanced security support and CPE user access Management via TACAS and/or the CPE and Core proxy.
If full management is selected as an option, the customer’s CPE will be managed by the MFN NOC and customers will have read-only access to their routers via the MFN Portal. MFN includes a two (2) hour SLA for minor router changes. Router configuration changes that require engineering review and/or testing may take longer and not qualify for CPE configuration change SLA. Read/Write access combined with OOB to the CPE allows the MFN NOC to deliver the following capabilities:
• IOS Upgrades
• Configuration Management of the Router
• 2 Hour Configuration Management SLA
• 4 Hour CPE and/or Access Restoral
• Performance Degradation Isolation
• CPE, Circuit or Core Trouble Isolation
Customer Managed
1 - Instead of full management, customers may opt to manage their own CPE routers and will require read and write access to their CPE routers. MFN does not support simultaneous Read/Write capability for the MFN NOC and the customer. Customers allowing the MFN NOC Read Only access combined with OOB to the CPE receive the following reduced capabilities from the MFN NOC:
• 4 Hour CPE and/or Access Restoral After Joint Trouble Isolation Has Occurred
• Limited CPE, Circuit and Core Performance Degradation Isolation and Resolution
• Limited CPE, Circuit or Core Trouble Isolation and Resolution
2 - Self managed customers allowing the MFN NOC Read Only access combined with no OOB to the CPE receive the following reduced capabilities from the MFN NOC:
• 4 Hour CPE and/or Circuit Restoral After Customer Led Trouble Isolation Has Occurred
• Circuit and Core Performance Degradation Resolution
• Circuit or Core Trouble Resolution
3 - Self managed customers not allowing the MFN NOC Read Only access combined with no OOB to the CPE receive the following greatly reduced capabilities from the MFN NOC:
• 4 Hour Circuit Restoral After Customer Led Trouble Isolation Has Occurred
• Circuit and Core Performance Degradation Resolution
• Circuit or Core Trouble Resolution
10 Router Access Account management
The method of controlling access to MFN routers is through the MFN provided integrated LDAP and TACAS+ server at no additional charge. New accounts will normally be activated within 72 hours. Customers choosing self management will be responsible for their own router access methods and account management.
It is highly recommended for trouble shooting and maintenance purposes that self managed Customers allow the MFN NOC read-only access to customer managed CPE routers.
11 After Hours Maintenance Activity
When troubles occur and an on-site visit to the customer premises is required either to replace CPE or for circuit maintenance, the Customer must have an on-site contact person that will be at the customer premises to receive replacement CPE and/or to allow the MyFloridaNet technician access to the site. Any delays associated with the MFN NOC being able to contact/verify an on-site contact will adversely affect the ability to meet Service Level Agreements (SLAs). It is particularly important that customers designate and keep up to date appropriate on-site contacts for sites that require after hours restoral of service. This information can be updated through the MFN NOC. Regardless of the success or failure of contacting an on-site customer representative, the MFN NOC will troubleshoot to the fullest extent possible, particularly circuit issues. Please refer to the Section on “Customer Responsibilities” Chapter 3 on how to update your contact information.
12 MFN CPE SLA Matrix
The following matrix is provided as a reference guide to illustrate the impact of the information provided in the rest of this document. It also provides additional detail regarding the impact of customer selecting to take advantage of the various MFN CPE management, OOB and other options and the effects of Customer selections on MFN management, maintenance and SLAs.
|CPE Access & Features |Customer Managed |Vendor Managed |
| |Customer CPE – Customer |MFN CPE – Customer Managed |MFN CPE – MFN Managed |Customer CPE – MFN Managed |
| |Managed | | | |
| |
|** SLA clock starts immediately for customers allowing OOB. For non-OOB, SLA clock starts after power verification and Customer led problem |
|determination. For customer managed sites, circuit and CPE Restoral clock starts after joint determination has been made by the Customer and the|
|MFN NOC on which item to dispatch. |
|***SLA clock for degradation will end at the time it is determined that lack of RO CPE access is prohibiting further trouble analysis. In |
|addition, reference detail in section 2.5.2, “service level exclusions” |
Network Engineering & Design
1 Design Overview
This chapter describes the basic MyFloridaNet design and provides a description of the requirements for the VPN routing and forwarding (VRF) connectivity as well as the network access and traffic routing requirements and considerations.
MyFloridaNet IP Routed Core is a design based on Layer 3 VPNs using general specifications contained in RFC 4364. RFC 4364 VPNs are also known as BGP/MPLS VPNs because BGP is used to distribute VPN routing information across the MyFloridaNet backbone and MPLS is used to forward VPN traffic across the backbone to remote VPN sites.
Customer networks, because they are private, can use either public addresses or private addresses, as defined in RFC 1918, Address Allocation for Private Internets. When customer networks that use private addresses connect to the public Internet infrastructure, the private addresses might overlap with the same private addresses used by other network users. MPLS/BGP VPNs solve this problem by adding a VPN identifier prefix to each address from a particular VPN site, thereby creating an address that is unique both within the VPN and within the public Internet. In addition, each VPN has its own VPN-specific routing table that contains the routing information for that VPN only.
VPN Routing and Forwarding Tables (VRFs)
To separate a VPN's routes from routes in the public Internet or those in other VPNs, the PE router creates a separate routing table for each VPN, called a VPN routing and forwarding (VRF) table. The PE router creates one VRF table for each VPN that has a connection to a CE router. Any customer or site that belongs to the VPN can access only the routes in the VRF tables for that VPN.
Each VRF is basically a layer 3 full mesh routing table allowing each CE router to directly connect to every other CE router at the layer 3 level. There is no layer 2 connectivity between CE routers and no routing protocols can be run between CE routers across the MFN core. Routing between MFN PE nodes is accomplished using multi-protocol bgp. All routing decisions within the VRF are made via BGP and in general the entire VRF can have only one best path for each prefix.
2 MFN Backbone Topology
The MFN core nodes are interconnected with 10 Gigabit Ethernet connections. A network topology is listed in Appendix A.
3 MFN Internet Connectivity
The MFN network has three internet connected VRFs: Common Services, Public, and FIRN_RAW.. It also has three Internet POPs located in Orlando, Miami, and Jacksonville. Refer to Appendix A of the MFN Internet topology.
4 VRF Design
There are three basic types of VRFs on MFN as stated below:
• Agency or Private VRF
• Common Services VRF
• Public VRF
The figure below illustrates the three basic types of connectivity. This is a logical, not a physical depiction.
[pic]
5 Agency or Private VRF
A Private VRF is a closed routing and forwarding instance for the exclusive use of an individual Customer.
• A Private VRF doesn’t inherently provide Internet access. Internet must be provided by either a separate connection to the Public or Common Services VRF or by another external ISP connection.
• For an agency in Private VRF who accesses the Internet using an external ISP connection, State Network access would be via a separate extranet connection or VPN connection.
6 Common Services VRF
The Common Services VRF provides open access between all directly connected CE routers in the VRF in a layer 3 full mesh, as such; multiple agencies are part of a Common Service VRF. This means that any CE router/network connected to Common Services can directly communicate with any other CE or network that is also connected, regardless of what agency or entity the CE or network belongs to. Common Services also provides Internet access ‘in the cloud’, meaning all CE routers can directly reach the Internet via the MFN Firewalls. These Firewalls allow outbound access to the Internet as well as limited inbound access for SMTP, DNS, and VPN.
• Internet bound traffic will pass only through the dual centralized State MyFloridaNet firewalls.
• Some agencies may have multiple CE routers connected directly into the Common Services VRF, while others may have a single Common Services aggregation router connecting all the remote sites via private VRF.
• Connectivity to the Common Services VRF from outside the State Firewalls (Internet or Public Services VRF) must be accomplished via an extranet connection or secure VPN connection
• No CPE will be simultaneously configured into both the Public VRF and the Common Services VRF.
• The Common Services VRF, while protected from the Internet by the MFN Firewalls, should not be considered a “secure” network. Multiple avenues of attack or intrusion still exist and it is incumbent upon all CS members to protect themselves from the CS network as an “un-trusted” network. Multiple agencies and users are connected to the CS routing domain. Many if not most of these users have additional connections to the open Internet, either via the MFN PUBLIC vrf or via a 3rd party provider. These connections do have access lists that prevent hosts on the Internet from reaching IPs on CS directly. However, in many if not most cases, there is no deep packet inspection being performed on traffic ingressing into the CS routing domain from customers networks that potentially may have been compromised. Additionally there are no methods to police networks attached to CS to ensure that no un-authorized back doors have been connected.
7 Public VRF
The Public VRFs denote a Layer 3 VPN on the MyFloridaNet backbone that is not firewalled. These routing & forwarding spaces should be considered the same as the open Internet and are therefore unsecured. The most common scenario considered for the Public VRF is an Agency/Private VRF or WAN behind a customer owned Firewall typically located at a headquarters location. A separate connection to the Public VRF would provide Internet access.
• All connections to the Public VRF must rely on their own local Firewalls and additional security measures.
• For an agency in the Public VRF, State Network Access (State Intranet) would be via a secure VPN connection or a separate extranet connection.
• On the MyFloridaNet backbone it is worth noting that the PUBLIC VRF is really a vrf and not just the standard IPv4 table on the backbone. This VRF does carry a full Internet routing table.
• The Public VRF routing domain routes to the Internet via default routing only.
8 IP Addresses
9 Reserved Private IP Addresses
The Private IP assignments listed below cannot be used by customers on the MyFloridaNet. These are reserved for the MyFloridaNet WAN. A customer’s private IP Addresses must be validated with the MFN NOC prior to implementation to ensure that no conflict will arise with any other IP Addressing Scheme in production.
• 10.64.0.0-10.79.255.255
• 10.208.0.0-10.223.255.255
• 192.168.95.0 -192.168.98.255
• 10.123.0.0-10.123.255.255
• 10.127.0.0-10.127.255.255
• 10.220.0.0/16
• 10.221.0.0/16
• 10.222.0.0/16
• 10.224.0.0/16
10 Public LAN IP Address Policy
This section describes the policy related to the assignment and allocation of public IP addresses (IPv4) owned by the Department of Management Services, Division of Telecommunications (DivTel) and AT&T. DivTel shall be responsible for the assignment and allocation of these public IP addresses to SUNCOM Eligible User through the order process. This policy is only applicable when Users request to utilize DivTel or AT&T public IP addresses. All DivTel and AT&T owned IP addresses must be returned to DivTel and AT&T upon disconnect of services by customer.
In addition, this policy is established in an attempt to prevent any shortage of these public IP addresses. As a result, DivTel will efficiently assign these public IP addresses to SUNCOM Eligible Users based on the following guidelines:
1. Users shall be assigned one public IP address. Private IP addresses shall be NATed into this one public IP address. NAT shall be configured at the edge router.
2. Users that require additional IP addresses shall submit a request to DivTel through the order process. This request shall include a detail description and justification for the requested public IP address space.
3. DivTel shall monitor the use of these assignments to make sure these public IP address are being utilized efficiently. DivTel reserves the right to reclaim these addresses if it is determined that such address assignments are not being utilized efficiently.
Notes:
• Private IP addresses for Common Service vrf are assigned by DivTel.
• Public IP addresses for Common Services vrf are owned and assigned by DivTel.
• Public IP addresses for Public vrf are owned and assigned by AT&T.
• Any request outside of those noted above will be handled on an exception basis.
12 Private LAN IP Address Registration and Assignment Policy
For Common Services VRFs: DivTel is responsible for assigning, registering and managing the Private IP addresses for routing over the MyFloridaNet. Customers must officially register private LAN IP addresses with DivTel before these addresses can be routed over the MyFloridaNet. An email must be sent to SUNCOM.Helpdesk@dms. listing the private IP addresses that the customer wishes to register. The SUNCOM NOC will coordinate the assignment and registration of these private IP addresses.
For Private VRFs: Careful consideration should be given to private address range assignments even when they are initially intended for use in the agency LAN or closed user group. Sometimes the use of these ranges may require that they be extended beyond the closed user group, requiring routing and registration with the DivTel authorized range list. Many times this imposes the need and inconvenience of readdressing as the desired private LAN IP address range is owned by another agency. Registering any private LAN IP address range put into production with DivTel is highly recommended prior to any network or application implementation.
13 Routing Protocol Requirements
PE-CE routing methods supported will vary according to the type VRF the CE is connecting to. The table below summarizes the routing options and preferred choices per VRF in BOLD.
Table of Supported PE-CE Routing Methods
|VRF |BGP |Static |RIPv2 |
|Common Services |YES* |Yes |No |
|Public |YES* |Yes |No |
|Agency |YES* |Yes |Yes** |
|EDU_RAW |YES* |Yes |No |
1. BGP is the preferred PE-CE routing protocol for all MFN VRF’s
2. RIPv2 and static routing are supported on MFN but strongly discouraged
3. OSPF is not supported as PE-CE routing protocol
4. Connections to the Public, and Common Services VRFs shall have inbound route-filters applied that will only accept routes from the CE that have been agreed upon with the customer.
5. Within an Agency VRF, the customer may advertise any IP block from any location. No inbound route filters will be applied.
6. An inbound packet-filter will also be applied that will only allow in packets with source-addresses that are from the same agreed upon subnet list.
7. Static routes will be the preferred method for LAN connectivity on managed CPE routers.
8. All PE-CE routing protocols will require MD5 authentication
*This is the best and preferred choice.
** This choice, while offered, is strongly discouraged. Disadvantages are chattiness, convergence time, and difficulty providing tertiary routes in the core.
NOTES:
• Within a private VRF, only one dynamic routing protocol may be chosen. A dynamic routing protocol in combination with static routes is acceptable.
• The choice of routing protocol will have significant impact on PE-CE convergence times.
14 Quality of Service
15 MFN QoS Model – DSCP Settings Description
The table below provides the IP QoS requirements for each class of application.
|Class |Description |DSCP Marking |DSCP (Decimal Value) |
|Voice |Voice over IP |EF |46 |
|Video |Interactive Video |AF41 |34 |
|Application |Priority Data |AF21 |18 |
|Best Effort |All other Traffic (Internet, ftp) |BE |0 |
|Signaling |Call setup & control |AF31 |26 |
|Emergency Voice |Priority VOIP |AF43 |38 |
|DSCP (Hex/Decimal) |EXP |Description |
|BE (00/0) |000 |All traffic not assigned a specific forwarding class (Best Effort) |
|AF43 (26/38) |011 |Voice calls from Emergency Services/Response groups |
|EF (2E/46) |101 |Standard VoIP traffic |
|CS6 (30/48) |110 |Protocol control traffic (BGP) |
|AF31 (1A/26) |110 |Protocol control traffic (VoIP signaling) |
|AF41 (22/34) |100 |Video traffic |
|AF21 (12/8) |010 |Application traffic |
16 QoS Minimum Bandwidth Allocations
• Minimum Bandwidth for QoS is 512 Kbps.
• 512 Kbps circuits can allocate 250 Kbps of voice or 250 Kbps of a data application.
• 768 Kbps circuits can allocate voice or data applications in increments of 250 Kbps, and video at 500 Kbps. The maximum amount of QoS for a 768 Kbps circuit is 500 Kbps.
• T1 circuits can allocate voice and data applications in increments of 250k, and video QoS in increments of 500 Kbps.
• At 3 Mbps or above, voice, video and data applications are allocated in increments of 500 Kbps.
17 QoS Maximum Bandwidth Allocations
The MFN QOS policy is to provide QOS up to 2/3 of the connection bandwidth, with no more than
200Mb in any individual queue. The following is a list of example Access Speeds with max QOS values.
|Circuit Bandwidth |Max QoS |
|512 Kbps |250 Kbps |
|768 Kbps |500 Kbps |
|1.5 Mbps |1 Mbps |
|3 Mbps |2 Mbps |
|6 Mbps |4 Mbps |
|9 Mbps |6 Mbps |
|10 Mbps |6 Mbps |
|12 Mbps |8 Mbps |
18 Additional QoS Considerations
1. Frame Relay and Metro-Ethernet connections will be shaped to 90% of the local loop port speed.
2. Out of profile Voice traffic will be dropped.
3. Out of profile Data traffic will be remarked as best effort and transmitted.
4. CAC, or bandwidth control, is required to ensure that network resources are not oversubscribed. To maintain the quality of existing voice or video connections, new sessions or calls that exceed the available bandwidth should be rejected to ensure existing sessions degraded in service quality.
5. CPE QoS configurations may have two options, a Trusted and a Un-Trusted design. The Trusted design will trust that the dscp markings on the customers LAN are correct, valid and are coming from appropriate sources. This is the model used by the Cisco 3750 Metro Switch. The Un-Trusted model will mark all traffic inbound from the LAN with the appropriate DSCP markings as prearranged with the end users. This is the model used by all other layer 3 CE routers on MFN. All traffic not specified as QoS traffic by the end user will be re-written as Best Effort.
6. PE routers will have both an ingress QoS policy and an egress QoS policy. These policies will ensure that the customers QoS traffic adheres to the agreed upon rates.
7. Packets marked with DSCP markings that are not part of the customers agreed upon profile will either be dropped (in the case of Voice or Emergency Voice) or transmitted as best effort (application overflow).
8. If the customer has equipment that cannot match the MFN QOS model for dscp marking, then the Layer 3 CE routers will be configured to re-mark this traffic to match the supported MFN QOS model.
19 Packet Matching and Remarking
If the customer has equipment that cannot conform to the MFN QOS model for dscp marking, then the layer 3 CE routers will be configured to remark this traffic to match the supported MFN QOS model. This is done using Cisco’s Access Control List, or Juniper’s Firewall policies. We can match using source/destination IP, port numbers, or dscp values originating from the customer equipment.
20 CPE & Access Method Requirements
Access
Frame Relay and Metro Ethernet Access will include standard dual PE connectivity.
• All connections will always be configured with full CIR (Committed Information Rate) or CB (committed bandwidth).
• Fractional DS3 frame relay connections will be configured at the actual clock rate of the ordered port speed. For instance, a frac-DS3 order for 15mb will be clocked at 15mb – meaning the transmit rate will have a hard limit of 15mb/sec.
CPE
MyFloridaNet (MFN) customers are offered great flexibility in Customer Premises Equipment (CPE). MFN is structured so that any CPE from a supported vendor can be obtained (after a certification process) once the particular CPE product has been tested and approved by the MFN quality assurance and design engineers.
Currently, MFN CPE provides only security bundle IOS features.
21 MFN Network Time Protocol (NTP) Deployment and Use
Network Time Protocol is configured and used by all devices on the MFN network*. Greenwich Mean Time (GMT) is captured using NTP from AT&T. The time information is then redistributed through the MFN core using MFN NTP servers as master time servers. Devices connected to the core that are properly configured for NTP will have access to time information and updates provided by the master NTP servers. Refer to the diagram below. The time is true GMT (uncorrected for region). Core network devices use the uncorrected GMT to timestamp events. The MFN NMS tools system capture the same time from the MFN Network but does correct for EST and automatically adjusts for DST. This is done by the MFN NMS tools system to make the information and reports user friendly. Time stamps are used by network devices and tools to notate events which are critical to troubleshooting and MFN SLA measurements. Configuration for NTP is part of the standard MFN templates and is provided to customer managed agencies. It is recommended that customer managed equipment connected to MFN be configure appropriately to capture time from the MFN core.
*Note: Customers managing their MFN router are recommended to use the NTP configuration as provided part of the standard MFN template.
[pic]
Security
MFN includes a state-of-the-art comprehensive security solution that protects users from threats originating both inside and outside of the enterprise. Real-time security monitoring, analysis and response systems utilize logging information from all core and customer provided Layer 3 network devices in order to safeguard the network.
The MFN security umbrella includes:
• Proactive mitigation of outside threats by utilizing a complex of gateway, firewall, and IDS appliances at Internet entry/exit points.
• Proactive mitigation of inside threats via the network wide integration, analysis and response to Syslogs, NetFlow, firewall and other pertinent logging information.
Although the above protection mechanisms are in place, it is essential that customers take steps to secure their internal networks. Customers are responsible for protecting their internal networks. Recommendations include:
• Internet facing connections should be appropriately firewalled. Internet facing connections are defined as those in the Common Services, and PUBLIC VRFs.
• Encrypt sensitive data traversing open Internet networks (Common Services, and PUBLIC). This functionality can be configured in the MFN provided CPE if the customer has a security bundle router.
1 MFN VRF Types
2 Agency or Private VRF
A Private VRF is a closed routing and forwarding instance for the exclusive use of an individual Customer.
• An Private VRF doesn’t inherently provide Internet access. Internet must be provided by either a separate connection to the Public or Common Services VRF or by another external ISP connection.
• For an agency in Private VRF who accesses the Internet using an external ISP connection, State Network Access (State Intranet) would be via a separate extranet connection or secure VPN connection.
3 Common Services VRF
The Common Services VRF provides open access between all directly connected CE routers in the VRF in a layer 3 full mesh, as such; multiple agencies are part of a Common Service VRF. This means that any CE router/network connected to Common Services can directly communicate with any other CE or network that is also connected, regardless of what agency or entity the CE or network belongs to. Common Services also provides Internet access ‘in the cloud’, meaning all CE routers can directly reach the Internet via the MFN Firewalls. These Firewalls allow outbound access to the Internet as well as limited inbound access for SMTP, DNS, and VPN.
• Internet bound traffic will pass only through the dual centralized State MyFloridaNet firewalls.
• Some agencies may have multiple CE routers connected directly into the Common Services VRF, while others may have a single Common Services aggregation router connecting all the remote sites via private VRF.
• Connectivity to the Common Services VRF from outside the State Firewalls (Internet or Public Services VRF) must be accomplished via an extranet connection or secure VPN connection
• No CPE will be simultaneously configured into both the Public VRF and the Common Services VRF.
• The Common Services VRF, while protected from the Internet by the MFN Firewalls, should not be considered a “secure” network. Multiple avenues of attack or intrusion still exist and it is incumbent upon all CS members to protect themselves from the CS network as an “un-trusted” network. Multiple agencies and users are connected to the CS routing domain. Many if not most of these users have additional connections to the open Internet, either via the MFN PUBLIC vrf or via a 3rd party provider. These connections do have access lists that prevent hosts on the Internet from reaching IPs on CS directly. However, in many if not most cases, there is no deep packet inspection being performed on traffic ingressing into the CS routing domain from customers networks that potentially may have been compromised. Additionally there are no methods to police networks attached to CS to ensure that no un-authorized back doors have been connected.
4 Public VRF
The Public VRF denote a Layer 3 VPN on the MyFloridaNet backbone that is not firewalled. These routing & forwarding spaces should be considered the same as the open Internet and are therefore unsecured. The most common scenario considered for the Public VRF is an Agency/Private VRF or WAN behind a customer owned Firewall typically located at a headquarters location. A separate connection to the Public VRF would provide Internet access.
• All connections to the Public VRF must rely on their own local Firewalls and additional security measures.
• For an agency in the Public, State Network Access (State Intranet) would be via a secure VPN connection or a separate extranet connection.
• On the MyFloridaNet backbone it is worth noting that the PUBLIC VRF is really a vrf and not just the standard IPv4 table on the backbone. This VRF does carry a full Internet routing table.
• The public VRF routing domain routes to the Internet via default routing only.
5 Security Policies - F.A.C Chapter 60FF-3
Customers are required to adhere and follow the directives of the Florida Administrative Code Rules (FAC) established by DMS. These Security rules and policies can be accessed by visiting the Florida Administrative Code web site at . Once there, search for administrative code by typing “60FF-3” in the “By Chapter Number” field.
6 Application Filtering
MFN provides enterprise Application Filtering. The application filtering takes place at the MFN Internet POPs for Common Services VRF traffic only. The devices are configured to monitor application use and performance and will guard against potentially dangerous applications.
On an enterprise level, the following applications are being blocked:
|NAME |CATEGORY |SUBCATEGORY |
|gotomypc |
| gotomypc-file-transfer |general-internet |file-sharing |
| gotomypc-base |networking |remote-access |
| gotomypc-printing |networking |remote-access |
| gotomypc-desktop-sharing |networking |remote-access |
| gotomypc-remote-control |networking |remote-access |
GoToMyPC Description
GoToMyPC is a remote control software service that enables the user to operate their computer from another computer, over the Internet. Citrix Online, a division of Citrix Systems, produces GoToMyPC.
|NAME |CATEGORY |SUBCATEGORY |
|Bittorrent |general-internet |file-sharing |
|Emule |general-internet |file-sharing |
|Gnutella |general-internet |file-sharing |
|Kazaa |general-internet |file-sharing |
|Manolito |general-internet |file-sharing |
|Peerenabler |general-internet |file-sharing |
|Soulseek |general-internet |file-sharing |
|Vagaa |general-internet |file-sharing |
|Xunlei |general-internet |file-sharing |
| |
| |
|BitTorrent Description |
|BitTorrent is a peer-to-peer file sharing (P2P) communications protocol. BitTorrent is a method of distributing large amounts of |
|data widely without the original distributor incurring the entire costs of hardware, hosting and bandwidth resources. Instead, |
|when data is distributed using the BitTorrent protocol, each recipient supplies pieces of the data to newer recipients, reducing |
|the cost and burden on any given individual source, providing redundancy against system problems, and reducing dependence on the |
|original distributor. |
eMule Description
eMule is a peer-to-peer file sharing application for Microsoft Windows. Started in May 2002 as an alternative to eDonkey2000, eMule now connects to both the eDonkey network and the Kad network. The distinguishing features of eMule are the direct exchange of sources between client nodes, fast recovery of corrupted downloads, and the use of a credit system to reward frequent uploaders. Furthermore, eMule transmits data in zlib-compressed form to save bandwidth.
Gnutella Description
Gnutella is a file sharing network. As of December 2005, Gnutella was the third-most-popular file sharing network on the Internet, following eDonkey 2000 and FastTrack. In June of 2005, Gnutella's population was 1.81 million computers. With the decline of Fasttrack and the emergence of Bittorrent, Gnutella is feasibly still firmly established as third-largest peer-to-peer network. There are many popular clients for Gnutella including Limewire, Morpheus, BearFlix, BearShare, Phex, Acquisition, and Shareaza.
Kazaa Description
Kazaa is a peer-to-peer file sharing application using the FastTrack protocol.
Manolito Description
MANOLITO or MP2P is the internal protocol name for the proprietary peer-to-peer file sharing network developed by Pablo Soto, first used by Blubster, and later Piolet.
PeerEnabler Description
PeerEnabler is a secure content distribution technology that utilises users' own PCs to disseminate content for publishers.
Soulseek Description
Soulseek is a file-sharing application and network used mostly to exchange music, although users are able to share a variety of files. It was created by Nir Arbel, a former Napster programmer. Like Napster, it relies on a central server located in Germany.
Vagaa Description
Vagaa is a Chinese language peer-to-peer (P2P) file sharing program. The software is compatible with the eDonkey network and BitTorrent and is often used for downloading large files such as movies, games and drama series.
Xunlei Description
Xunlei is a download manager developed by Thunder Networking Technologies, supporting HTTP, FTP, EDonkey, BitTorrent protocols. As of 2010, it was the most commonly used BitTorrent client worldwide.
|NAME |CATEGORY |SUBCATEGORY |
| |media |gaming |
|Quake |media |gaming |
|Source-engine |media |gaming |
|Unreal |media |gaming |
|WorldofWarcraft |media |gaming |
Description
is a gaming service provided by Blizzard Entertainment. was launched in November 30, 1996 with the release of Blizzard's action-RPG Diablo. was the first online gaming service incorporated directly into the games that make use of it, in contrast to the external interfaces used by the other online services at the time. This feature, along with ease of account creations and the absence of member fees, caused to become popular among gamers and became a major selling point for Diablo and subsequent Blizzard games. Since the successful launch of , many companies have published online game services mimicking the service package of Blizzard and the user interface.
Quake Description
The Quake series is a series of first-person shooter video games produced by id Software.
Source Engine Description
The Source engine (officially the Valve Source Engine) is a 3D game engine developed by Valve Corporation. Counter-Strike, Day of Defeat, Half-Life, Half-Life 2, Portal, Team Fortress 2 and many other games use this engine.
Unreal Description
Unreal is a first-person shooter video game developed by Epic Games and Digital Extremes and published by GT Interactive (now owned by Atari) in May 1998. It was powered by an original gameplay and computer engine that now bears the game's name, one that had been in development for over three years in founder Tim Sweeney's garage before the game was released. Since the release of Unreal, the franchise has had one sequel and two different series based on the Unreal universe. One official bonus pack, the Fusion Map Pack released by Epic Games, can be downloaded from the internet for free.
World of Warcraft Description
World of Warcraft (commonly abbreviated as WoW) is a pay-to-play massively multiplayer online role-playing game. World of Warcraft runs natively on both Macintosh and Windows platforms, there are more than 2 million players in North America, 1.5 million players in Europe, and 3.5 million players in China as of January, 2007.
|NAME |CATEGORY |SUBCATEGORY |
|irc |
| irc-dcc-chat |collaboration |instant-messaging |
| irc-dcc-whiteboard |collaboration |instant-messaging |
| irc-base |collaboration |instant-messaging |
| irc-dcc-file-transfer |general-internet |file-sharing |
|webshots |collaboration |social-networking |
IRC Description
Internet Relay Chat is a form of realtime internet chat. It is mainly designed for group communication in discussion forums called channels, but also allows one-to-one communication via private message.
Webshots Description
Webshots provides a stage for members to upload and share their personal videos and pictures in albums in a variety of areas including entertainment, travel, sports, news, pets, home and garden, and rides.
|NAME |CATEGORY |SUBCATEGORY |
|URL Blocks |
|Kali |general-internet |gaming |
|Sony Online Entertainment |general-internet |gaming |
|Marimba |general-internet |gaming |
Kali Description
Kali is an online gaming system. The Kali software can browse and filter all the Internet game servers for a particular game as well as search for and launch other multiplayer games with players in Timbuktoo or on a home LAN (Local Area Network). Kali was the first to prove online gaming a reality (yes, even before Gamespy), and it continues to provide the fastest and most flexible game browsing system anywhere.
Sony Online Entertainment Description
SOE will operate as an independent game development studio where we will continue to focus on creating exceptional online games for players around the world, and now as a multi-platform gaming company. Yes, that means PlayStation and Xbox, mobile and more!
Marimba Description
is a music community specialized to the Marimba. It is for all of the marimba players, manufacturers, composers, and somebody who simply loves this instrument.
7 Customer Request to block applications
Common Service VRF customers can request to block application for their users. At this time, no application for a single host IP address can be blocked. A customer can only request to block for a contiguous block of IP address ranges. If you have a need to block applications, please submit a request to suncom.helpdesk@dms. . The SUNCOM NOC will review customers request and notify customer with any issues. After the request has been reviewed and approved by DMS, the changes will be made and the customer will be notified by the SUNCOM NOC of the completed changes.
8 MyFloridaNet State Firewalls
MFN offers enterprise firewall services (for Common Services VRF Only) based on redundant platforms. Firewall devices are configured with one acting as a primary and the other serving as a redundant device in fail-over mode. Additionally, all configuration changes will be synchronized between the devices in each Internet POP.
9 Customer Request to MFN State Firewall Changes
The following is the list of permitted DNS and MAIL Applications for Common Services with their permitted associated ports.
• DNS - UDP 53
• SMTP - TCP 25
• POP3 - TCP 110
For change requests related to the MFN State Firewall, the customer will submit a request to DMS by email to suncom.helpdesk@dms. . The SUNCOM NOC will review and notify the customer with any issues. After the request has been reviewed and approved by DMS, the changes will be made and the customer will be notified by the SUNCOM NOC of the completed changes.
10 MyFloridaNet Filtering Standards
11 Extranet Filtering Standard
The following requirements of MFN Extranet Filtering will provide an acceptable way for customers to allow connectivity between specific resources or hosts on a foreign, unsecure network and specific resources or hosts on their local network via an extranet circuit at the providers Core-Node location. This requirement avoids violating State Administrative Code 60FF with regard to creating any Internet backdoors.
Requirements:
1. Vendor managed router serving the EXTRANET Filtering role will be hardened to meet current MyFloridaNet core router standards. Core Extranet will be placed in a hardened facility such as a Central Office (CO) or POP.
2. Extranet route will support all access types currently supported and will have the ability to facilitate access to any VRF.
3. Extranet router will be equipped with a firewall feature set (FWFS) and IDS functionality. All firewall and IDS logging will be directed to MyFloridaNet’s security information management system (QRadar).
4. There will be an inbound filter termed INSIDE-FW-VRF-CustomerX that will filter the inside segment from the foreign network. The filter is required to be as specific as possible. Recommendations are listed below in the following examples:
a. Extranet host conduit to internal host/protocol port: permit tcp host 225.223.1.5 host 164.51.1.2 eq 23
b. Extranet host conduit to internal hosts/protocol port: permit tcp host 225.223.1.5 192.168.199.51 255.255.255.0 eq 1721
c. Extranet host conduit to internal host OPEN: permit ip host 225.223.1.5 host 192.168.199.51 (Not recommended and should be a last resort).
5. All filters must comply with the following template:
ip access-list extended INSIDE-FW-VRF-CustomerX
remark ICMP section
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit icmp any any timestamp-request
deny icmp any any
remark TCP section {example}
permit tcp host 225.223.1.5 host 192.168.199.51 eq 3306
permit tcp host 225.223.1.5 host 192.168.199.51 range 1701-1721
remark UDP section {example}
permit udp any 199.250.30.51 host 192.168.199.51 eq 1701
[pic]
12 MyFloridaNet Common Services Filtered Standards
The following requirements of MFN Common Services Filtering shall provide an acceptable way for customers who do not use Common Services for Internet access in order to connect securely to Common Services resources. This requirement will also apply to those Common Services customer who connect to a foreign network. This requirement avoids violating State Administrative Code 60FF with regard to creating any Internet backdoors.
Requirements:
1) Vendor managed premise router serving the CS filtering role will be hardened to meet current MyFloridaNet CPE security standards.
2) CPE will be equipped with a firewall feature set (FWFS) and IDS functionality. All firewall and IDS logging will be directed to MyFloridaNet’s security information management system (QRadar).
3) There will be an outbound filter termed CS-ACL that will filter and protect the common services network. The CS-ACL will allow the customers host(s) to connect to a specific host and port on the Common Services Network. Example: permit tcp 192.168.95.0 255.255.255.0 host 199.250.30.51 eq 80. The filter is required to be as specific as possible. Recommendations are listed below in the following examples:
a. Agency network or host conduit to internal host/protocol port:
permit tcp host 192.168.199.51 255.255.255.0 host 199.250.30.51 eq 80
b. Agency network or host conduit to internal network/protocol port:
permit tcp 192.168.199.51 255.255.255.0 host 199.250.30.51 eq 1721
c. Agency network or host conduit to internal host OPEN:
permit ip host 192.168.199.51 host 199.250.30.51 (Not recommended and should be a last resort).
4) All filters must comply with the following template
CS-ACL Template
ip access-list extended CS-ACL
remark ICMP section
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit icmp any any timestamp-request
deny icmp any any
remark TCP section {examples}
permit tcp host 199.250.30.51 host 192.168.199.51 eq 3306
permit tcp host 199.250.30.51 host 192.168.199.51 range 1701-1721
remark UDP section {example}
permit udp any 199.250.30.51 host 192.168.199.51 eq 1701
[pic]
14 Distributed IPSec Extranet Filtering Standards
This section describes how SUNCOM customers shall connect foreign networks that utilize the public Internet (including the MFN public VRF) as layer-3 transport to MFN. This design adheres to the State Administrative Code 60FF with regards to securing MFN from unauthorized access via Internet backdoors. The requirements contained in this section apply to all MFN Service Provider managed equipment operating in an IPSec Extranet capacity.
Requirements:
1. Any appliance serving in a Distributed IPSEC EXTRANET Filtering role will meet the requirements set forth in the MyFloridaNet CPE standards.
2. Any IPSec VPN tunnel which traverses the Internet will utilize on the device’s loopback1 interface an IP address assigned by DMS. The loopback1 IP address will be assigned from the 164.51.201.0/24 Class-C IP address pool. No IP address other than that listed will be assign to the loopback1 interface unless authorized by DMS. IPSec tunnels remaining within the MFN intranet are excluded from this requirement.
3. The remote peer(s) IP address and crypto map ACL must as all time reflect the issued CSAB order(s). . In an emergency situation an e-mail change request submitted by DMS Network Engineering shall be acted upon. A follow-up order shall be issued to reflect the applicable change action.
4. CPE will be equipped with a firewall feature set and IDS functionality. All firewall and IDS logging will be directed to MyFloridaNet’s security information management system (QRadar).
5. LAN-to-LAN VPN Profile Standards are as follow:
IPSec Local Tunnel Archer IP Address:
interface Loopback1 Create loopback1
description IP-sec peering Shall use this description
ip address 164.51.x.x {mask} The IP address shall be assigned by DMS from the approved pool(s)
crypto map {name-2} The Service Provider shall define {name-2}
IKE Phase 1 – Authentication Profile:
crypto isakmp policy {n} The ISAKMP policy number {n} shall start with 10 and as required be ordered in multiples of 10: {n} = 10, 20, 30,....
encr 3des Encryption shall be 3DES
authentication pre-share Authentication pre-shared key shall have at a minimum 9 characters. Multiple tunnels may use the same key
group 5 IKE policy shall use the 1536-bit Diffie-Hellman group
lifetime 86400 ISAKMP policy shall be renegotiated every 24 hours
Note: The same isakmp policy may be used for multiple tunnels
crypto ipsec transform-set {name-1} esp-3des esp-sha-hmac
The transform-set {name-1} shall be defined by the Service Provider. The transform-set shall utilize esp-3des esp-sha-hmac
Note: The same transform-set may be used for multiple tunnels
crypto ipsec df-bit clear The do not fragment bit clear shall be used as required
IPSec Phase 2 - Encryption Profile:
crypto map {name-2} local-address Loopback1
The Service Provider defined name-2 used within the loopback1 configuration shall equal {name-2}
crypto map {name-2} {n} ipsec-isakmp
The Service Provider defined name-2 used within the loopback1 configuration shall equal {name-2}, and {n} equals the applicable crypto map isakmp policy
set peer {peer1 address} {peer address} is the IP address of the far-end device(s) which the IPSec tunnel shall terminate
set peer {peer2 address} Multiple peers may be added
set security-association lifetime seconds 28800
The security association shall timeout in 8-hours
set transform-set {name-1} {name-1} shall be the applicable transform-set name
set pfs group5 Diffie-Hellman group5 perfect forward secrecy shall be use if supported by the far-end device.
match address {name-3} The Service Provider shall define name-3 use for the ACL that shall trigger the Phase 1 isakmp negotiations
Access Control List (ACL):
ip access-list extended {name-3}
ACL that shall trigger the Phase 1 isakmp negotiations
remark ICMP section
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit icmp any any timestamp-request
deny icmp any any
remark application tcp section
permit tcp [{local host network}{mask}][{remote host network}{mask}{port}]
.
.
remark application tcp section
permit upd [{local host network}{mask}][{remote host network}{mask}{port}]
.
.
Local WAN Interface Configuration:
Interface {sueto circuit} The crypto map shall be applied to the applicable WAN interface of the local device
crypto map {name-2} The Service Provider defined name-2 used within the loopback1 configuration shall equal {name-2}
Note: name-1, name-2, and name-3 are constant within this configuration template.
[pic]
16 Public Filtering Standard
The following requirements of MFN Public Filtering (a.k.a SOFIA2) shall apply when customers create a DMZ with access to internal or Common Services VRF resources. This requirement avoids violating State Administrative Code 60FF with regard to creating any Internet backdoors.
Requirements:
1. Vendor managed premise router serving the PUBLIC Filtering role will be hardened down to meet current MyFloridaNet CPE standards.
2. CPE will be equipped with a firewall feature set and IDS functionality. All firewall and IDS logging will be directed to MyFloridaNet’s security information management system (QRadar).
3. There will be an outbound filter termed DMZ-FW that will filter and protect the public segment. The DMZ-FW will allow any external host to connect to a specific host and port on the DMZ. Example: permit tcp any 199.250.30.51 eq 80.
4. There will be an outbound filter termed INSIDE-FW that will filter the inside segment from the DMZ. It is required to be as specific as possible with any filtering.
Recommendations are listed below in the examples below:
a. DMZ host conduit to internal host/protocol port: permit tcp host 199.250.30.51 host 192.168.199.51 eq 445
b. DMZ host conduit to internal hosts/protocol port: permit tcp host 199.250.30.51 192.168.199.51 255.255.255.0 eq 1721
c. DMZ host conduit to internal host OPEN: permit ip host 199.250.30.51 host 192.168.199.51 (Not recommended and should be last resort).
5. All filters must comply with the following template:
DMZ Template
ip access-list extended DMZ-FW
remark ICMP section
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit icmp any any timestamp-request
deny icmp any any
remark TCP section
permit tcp any host 199.250.30.51 eq 80
permit tcp any host 199.250.30.52 eq 443
permit tcp any host 199.250.30.53 range 20-21
Inside Template:
ip access-list extended INSIDE-FW
remark ICMP section
permit icmp any any echo-reply
permit icmp any any time-exceeded
permit icmp any any unreachable
permit icmp any any timestamp-request
deny icmp any any
remark TCP section
permit tcp host 199.250.30.51 host 192.168.199.51 eq 3306
permit tcp host 199.250.30.51 host 192.168.199.51 range 1701-1721
remark UDP section
permit udp any 199.250.30.51 host 192.168.199.51 eq 1701
[pic]
17 QRadar and Security Monitoring
19 General QRadar and Service Information
Q-Radar is one of the MFN tools available in the MFN portal. QRadar is a network security management platform that provides situational awareness and compliance support through the combination of flow-based network knowledge, security event correlation, and asset-based vulnerability assessment.
QRadar evaluates suspicious activity in the MFN network and generates offense reports. These offense reports must then be analyzed by a person in order to identify whether or not the offense is valid and if further action should be taken, as appropriate. Information on “false positive” offenses is used by the MFN Security group to modify the rules in Q-Radar, filtering out these offenses from the reports.
20 Security Monitoring
21 MFN Responsibilities
The MFN NOC utilizes the MFN tools suite including Q-Radar to continuously (24x7x365) monitor MyFloridaNet for security offenses related to the MFN CORE particularly those that could lead to an SLA violation.
In the event of a core related security offense the MFN NOC will create an MFN trouble ticket in Remedy to track the progress and resolution of the potential offense. In addition, if an associated offense is present in QRadar, the MFN NOC will update the QRadar offense record to show that it is being investigated.
If, while monitoring for CORE offences, the SUNCOM NOC identifies a non-core offense (non-core offenses are generally those Q-Radar based offenses that are created from network traffic originating from or destined to customer LAN locations) that appears particularly urgent or threatening, the SUNCOM NOC will send specific, relevant information gathered from those offenses via email to the impacted customer. Customers have the ultimate responsibility to monitor their network for any security vulnerabilities.
22 Customer Responsibilities
MFN customers have the ultimate responsibility for the security of their network. If you encounter a security threat on your network, please contact your security administrator immediately to mitigate the issue. For assistance, customers can report the problem to the SUNCOM NOC by contacting the SUNCOM Helpdesk via email or a phone call.
Customers have the option to utilize MFN provided security tool (QRadar) at no additional charge. QRadar provides customers the ability to monitor their network for any possible security threats and offenses. In order to apply for a QRadar account, please refer to section “NMS Tools Account Creation” of this User Guide. DMS also provides training on how to use QRadar. To schedule a time for training, please contact the SUNCOM Helpdesk.
Standard MyFloridaNet Pricing
1 Price Structure
There are three primary/major billable elements to the MyFloridaNet as listed below. Other billable options such as “After Hours”, “Extended Wiring” and “Expedite Services” are also available.
• MFN Core Port
• Local Loop Access
• Customer Premises Equipment (CPE)
Under standard MFN, both the MFN core port and local loop access must be selected as the same bandwidth type and speed at an individual site. The Customer Premises Equipment (CPE) is an optional feature. Please refer to the CPE chapter for details on CPE.
MyFloridaNet core port for all service types is flat rate. Local loop access into MyFloridaNet core is a combination of flat rate & ICB as detailed below,
• 56kbps to 12Mpbs – Flat Rate
• 15Mbps to 45Mbps – Flat Rate within 25 miles
• 90Mbps to 1000Mbps – Individual Case Basis (ICB)
Please visit the MFN website to view the complete MyFloridaNet services pricing matrix.
Internet access is included in the base price up to the selected bandwidth speed. There are no installation charges* or term commitments under standard MyFloridaNet. In cases where fiber facilities do not exist, there will be special construction charges. In addition, the customer will need to be prepared to absorb any additional charges associated with “Site Readiness” to prepare the building to receive the facilities. Some examples of these requirements could be: Power, Conduit, Backboard and / or other site modifications to prepare for installation of facilities.
*CPE purchased through MFN does not include installation and must be purchased separately if the customer prefers installation through MFN. CPE rented through MFN includes installation.
2 What’s included in the base price.
By purchasing a core port and local loop access, the customer will be provided with the items as listed below. CPE can be purchased at additional cost through the MyFloridaNet.
• Internet up to the core port speed
• Local loop up to the core port speed
• Transport bandwidth up to the core port speed
• Access to Network Management Tools
o NetQoS
o eHealth
o CA Spectrum
o Remedy Trouble Ticketing System
• Integrated Security and Firewall Service (QRadar Tool)
• Credit based SLAs
• CPE configuration Management (optional at no charge)
• Configuration of Customer VPN
• Dual Core Connectivity for Redundancy (Frame Relay and Ethernet)
• End-to-End Quality of Service
• Network Operations Center with live staff 24x7x365
• IP Address Assignment
• Encryption Services (If CPE with security bundle selected – software based encryption)
• Month to Month Service with no term commitments
• No installation charges (except for special construction, site readiness charges, and CPE purchased through MFN)
• Standard 4 hour restoral of service (Refer to CPE chapter and SLAs for details)
3 Pricing & Services Example
The diagram below represents (as an example) a customer with two (2) locations. These two sites are provisioned with two different types of local loop access each with a Standard MyFloridaNet core port, access and CPE. Internet and dual core connectivity is included as part of the basic pricing as listed in the table below.
[pic]
[pic]
* Rates listed in the table above are for illustration purposes only. Actual rates are posted on MFN website.
4 Getting Price Quotes & Facility Availability
Price quotes for local loop Access speed types (15Mbps to 1Gbps) can be requested by contacting the SUNCOM Helpdesk.
The SUNCOM Helpdesk may also assist the Customer in determining the availability of facilities through a service inquiry for bandwidth speeds above 12Mbps and Ethernet. If facilities are not available through this service inquiry, special construction charges may apply.
MFN DSL is not available at all locations. Please contact the SUNCOM Helpdesk and provide a working phone number to determine DSL availability. Ultimate determination of DSL availability cannot be determined until installation.
Additional Services
These additional services were added through Amendments to the MFN Contract and Change Requests after the original MFN Contract. Certain features, functionalities and processes of standard MFN services do not apply to these additional services.
1 MyFloridaNet Lite
MFN Lite is designed for customers with little or no requirement for MFN backbone or Internet access. There are two different plans offered under MFN Lite; Local Only and Flex Port. MFN Lite offers a subset of standard MFN service and is available only with Ethernet access. Refer to Appendix D for a “Standard MFN and MFN Lite Comparison Matrix.” The two plans are detailed below. MFN Lite rates are listed on the MFN web site.
Under MFN Lite, the MFN CPE will be managed by MFN and not the customer.
Note: MFN Lite is architecturally different from standard MFN service, therefore differing SLAs and limitations may apply.
2 Local Only Plan
The Local Only Plan is basically a managed and monitored MFN Ethernet offering with no backbone or Internet access. In this instance, MFN access is combined with a MFN core port (128kbps)
that is used for management purposes only. This management port of 128kbps is carved out from the subscribed MFN access (local loop) to manage the service.
For example: For a 2 Mbps access (local loop), 128kbps of this access is utilized to manage the service. The remaining bandwidth is utilized to communicate with other sites locally.
Customer locations using the Local Only Plan will communicate with one another via a single, shared multi-access VLAN.
[pic]
3 Flex Port Plan
The Flex Port Plan allows the customer to select a port speed that is lower than the MFN local loop access speed, yet does not exceed 50% of the MFN local loop access speed. Customer locations, using the Flex Port Option, will have access to a single, shared multi-access VLAN for local communication amongst themselves, as well as a limited amount of access to the MFN Core or Internet as subscribed by the customer. In contrast with standard MFN, the port and the access bandwidth DOES NOT have to be equal.
[pic]
Refer to the table below for valid combinations of port and access speeds for the Flex Port offering. The ≤50% rule is reflected in the following table of valid Flex Port and Access combinations.
[pic]
For example: From the table above, if a customer orders a 10 Mbps access (local loop) with a 4Mpbs core port connection, the customer will have 6Mbps of bandwidth available for local communication and 4 Mbps of core port (MFN backbone and Internet).
4 Local Only and Flex Port Plan - Configuration
• Local Only subscriber connections communicate with one another, as well as Flex Port locations, over a single, shared, multi-access VLAN
• In addition to the single, multi-access VLAN, host sites, using the Flex Port option, can also have access to one of the following VRFs: Common Services, Public, or Private (following the existing rules set under standard MyFloridaNet).
• Local Only Remotes sites can access core services through a host location that is using a Flex Port connection
• Other configurations not listed will be submitted to the MyFloridaNet engineering team for review.
5 MFN Lite Service Levels
MFN Lite - Local Only Plan
• Only the “Access/CPE - Failure” and “Operational” MFN SLA categories are applicable.
MFN Lite - Flex Plan
• Flex Port Portion – All SLA categories apply.
• Local Only Portion - Only the “Access/CPE - Failure” and “Operational” MFN SLA categories are applicable.
6 MyFloridaNet Interstate
MyFloridaNet (MFN) Interstate connectivity allows agencies and their associated entities, to gain easy, secure, “Out of State Florida” access to the MFN core. MFN Interstate connections may be given access to an agency’s private VRF, the State’s Common Services VRF or Public VRF depending on the connection requirements and will have access to standard MFN web based Network Management System tools. The service may be provided with a customer managed or MFN managed router with private line and frame relay access methods.
MFN Interstate subscribers will simply order an MFN port of the desired speed, and the corresponding Interstate frame relay or private line transport. For frame relay access, a circuit will be required at both the remote and provider edge ends, with Committed Information Rate (CIR) equal to the MFN port speed. For customers with multiple frame locations, a custom design will be provided to ensure the most cost effective access solution is crafted. For private line transport, a point to point circuit from the remote location to the MFN Core in Tampa can be provided. Fractional T1 frame relay connections with CIR equal to port speed and fractional T1 private lines will be offered where available and feasible. Additional information is provided in the table below:
|MFN Interstate |
|Type - Feature |MFN InterState Access |
|Port and Local Loop |Port and Local Loop must be the same type and speed |
|Access Type |Private Line and Frame Relay |
|Access to NMS Tools |Yes |
|Access Pricing |ICB |
|Dual Core Connectivity |Included for Frame Relay. Individual Case Basis for Private Line. |
|IP QoS |Yes |
|IP Multicast |Yes |
|CPE Management |Customer Choice; either by MFN or Customer |
|VRF Type Supported |Select one: Common, Public, or Private |
|VRF Lite Supported |No |
|Access & Port Bandwidth Speeds Support (Mbps) |64k, 128k, 256k, 512k, 768k, 1.5M and 45M |
|IP Sec/Encryption |Yes |
|IPX/tunneling |Yes |
|Access List |Yes |
|Security Firewall |Yes |
|Internet |Yes - up to the port speed |
|MFN Core backbone access |Yes - up to the port speed |
|QoS application |Yes |
|QoS video |Yes |
|QoS voice |Yes |
|CPE Type & Charge |Rental and Purchase |
|Additional CPE Charge |$51.50 additional for interstate |
|Extended Demarc |No |
|After Hours Installation |No |
|Special Construction Charges |Yes - where facilities do not exist |
|Offering |Based on availability |
|Agreement Term |No Term Agreements. Port, Access & CPE Rental - Month to Month |
|Termination Liability Charges |None |
The MFN Interstate access circuits will terminate into the MFN core node in Tampa. Secondary termination locations can be made available, upon request, from Tallahassee, Florida.
Pricing Examples:
1. A customer desiring a T1 private line MFN interstate connection from Texas would require the following monthly pricing components:
➢ MFN T1 dedicated Port $ 466.85
➢ Dedicated T1 Private line from Texas to MFN $ ICB
➢ Optional Customer Specific Router from MFN Contract plus $51.50 TBD
2. A customer desiring a T1 frame relay connection from Texas would require the following monthly pricing components:
➢ MFN T1 Frame Relay Port $ 342.11
➢ T1 Frame Relay connection with T1 CIR in Texas and $ ICB T1 Frame Relay connection into MFN
➢ Optional Customer Specific Router from MFN Contract plus $51.50 $ TBD
3. A customer desiring T1 frame relay connectivity from multiple sites would require the following monthly pricing components:
➢ MFN T1 Frame Relay Port for each remote connection
➢ T1 Frame Relay connection with T1 CIR for each remote connection
➢ Frame Relay connection, with sufficient bandwidth to handle all remotes without oversubscription, into MFN
➢ Optional Customer Specific Router from MFN Contract plus $51.50 per remote location
There will be an additional Interstate CPE charge of $51.50 per month per location. This is in additional to the MFN CPE rental charge. Existing MFN Optional features such as extended wiring, expedite and after hour services are not available under MFN interstate.
[pic]
1 Cisco WAAS on MyFloridaNet (Only CPE Hardware)
Cisco WAAS (Wide Area Application Services) is a powerful application acceleration and WAN optimization solution that accelerates the performance of any TCP-based application delivered across a WAN. MFN offers the Cisco WAAS Network Module as an added option to applicable Cisco series routers. MFN does not provide the entire solution (it only provides the WAAS module for MFN routers) Residing in the remote site routers, this module is a file-caching device that will minimize traffic crossing the WAN by serving local client requests.
The Cisco WAAS module features its own system resources (processor, RAM, and disk space). None of the WAAS features are actually carried out in the IOS but rather on the module. The only additional processing needed in the IOS is the operation of WCCPv2 (Web Cache Communication Protocol version 2). WCCPv2 is needed to intercept traffic flowing through the router to be examined and/or accelerated through the WAAS module.
[pic]
This will enable customers to expand their existing customer managed Cisco WAAS solutions by providing the Cisco WAAS network modules in MFN routers. This will be limited to providing a means for customers to purchase these modules, install them in MFN routers, and provide the minimal configuration necessary to bring the modules onto the network. Support will be provided in a limited manner. Configuration of the module beyond the IOS configuration to bring the module online will be the responsibility of the customer. The Customer is also responsible to provide other components of their WAAS solution such as WAAS Core device and the Central Manager.
2 Multicast, IPSec, QoS, and VoIP
Cisco WAAS is capable of accelerating many different TCP-based applications. WAAS modules ship pre-configured to classify and accelerate a set of predetermined applications. Additional applications may be classified by making configuration changes in the Central Manager. If WAAS isn’t configured to accelerate a particular application that traffic flows through the router untouched by the WAAS module. Multicast traffic (which is UDP-based) will remain unchanged. IPSec will not have any packets altered and will continue to flow through the module. QoS features will continue to function because DSCP values will not be changed. VoIP is a UDP-based application that will not be affected (VoIP signaling is not accelerated by WAAS). This allows the module to seamlessly integrate into complex environments and co-exist with Multicast and IPSec traffic, QoS features, and VoIP.
3 General Guidelines
1. WAAS on MFN will be offered in a limited manner. MFN is not equipped to offer an end-to-end managed WAAS solution.
2. MFN will be limited to providing WAAS network modules in CPE routers along with the limited configuration required to place it on the network.
3. WAAS modules provided on MFN will be integrated by the customer into their existing WAAS infrastructure (which they own and manage themselves).
4. The customer will be required to have maintenance (hardware/software) on their WAAS solution components.
5. The WAAS module will not be accessed by the provider once the initial configuration is completed. The module will be under administrative control of the customer.
6. The customer will have access to the CLI of the WAAS module only. This will not give them access to the IOS as they are separate and different software instances.
4 MFN Responsibilities
1. Provide the necessary IOS configuration to enable the module and WCCPv2 (traffic redirection).
2. Build the conduit between the router and Cisco WAAS module in the remote site router using IP addresses provided by the customer.
3. A Cisco WAAS module that has failed and needs to be replaced, will be replaced according to the CPE replacement SLA. This applies to Cisco WAAS modules residing in routers with MFN maintenance.
4. Ensure IP connectivity between the Cisco WAAS module and the customer’s WAAS Central Manager (this implies connectivity to the WAAS Core Device as well).
5. Ensure network module “service-engine” interface is “up/up”.
6. Initiate graceful hardware/software reboots of the network module when needed and/or requested by the customer.
7. Ensure WCCP is functioning properly between the Cisco IOS and the network module.
8. During troubleshooting, standard troubleshooting steps will remain in place until it’s determined the problem is related to the WAAS module. If and when this is determined, the MFN NOC will follow the procedures outlined in the flowchart for Cisco WAAS. If MFN can’t identify a problem after following the flowchart, the NOC will recommend the customer take a closer look at their WAAS configuration and engage outside support if necessary. If the trouble was reported by someone with no knowledge of Cisco WAAS, we’ll recommend they engage their internal IT resources for assistance. MFN will work with the customer and associates of the customer to see the issue through to completion.
9. Because of the nature of this offering, MFN will need to act as “the hands in the router” for the customer. MFN will provide data to the customer and/or the customer’s associates in support of finding a resolution to the problem.
[pic]
5 Customer Responsibilities
1. Own, manage, configure, and support the Cisco WAAS Central Manager (network appliance used to centrally manage, configure, provision, monitor, and report on all the Cisco WAAS devices in the network). The Central Manager and WAAS Core device are not available for purchase nor rent via the MyFloridaNet contract.
2. Own, manage, configure, and support the Cisco WAAS Core Device (network appliance residing at the host site (or wherever the file server resources exist) to participate in the optimization of application traffic.
3. Own Cisco maintenance on the Central Manager and Core Appliance to provide Cisco WAAS expertise when needed (this expertise will not be provided by MFN).
4. Own responsibility for all aspects of software upgrades to the Cisco WAAS module. This includes obtaining the software, performing the upgrade, and ensuring the new software is functioning as desired. The MFN NOC will not participate in this task.
5. Engage additional support (possibly from a third party and/or Cisco) as needed to troubleshoot issues directly related to the WAAS solution and beyond the scope of MFN support for Cisco WAAS.
6. The MFN NOC will be engaged after the customer troubleshoots WAAS issues with Cisco TAC and it’s determined the problem lies in the Cisco WAAS module. The MFN NOC will direct the customer to Cisco TAC as needed and will work with the customer to resolve the problem.
6 WAAS Software Upgrades – Downgrades
The Cisco WAAS module runs its own operating system which is shipped with the module. This operating system is completely separate and different from Cisco’s IOS. Any change to the WAAS module operating system is done through the Central Manager. By maintaining current SmartNet contracts on the devices the customer will have available all current versions of the OS. As needed a copy of the desired OS rev will be downloaded, by the customer, to the Central manager then pushed to remote module.
7 MFN NOC Support
On the MyFloridaNet, the customer has the responsibility of managing the end to end Cisco WAAS solution. MFN tier 2/3 will assist with support when required. MFN tier 2/3 support will be limited to CPE router configuration changes and WAAS module (hardware) changes. Customers utilizing WAAS will have a separate and valid support agreement with Cisco for technical support in the event a trouble needs to be escalated to technical support. The customer will make that determination and initiate contact with Cisco for support. If the customer requires MFN support, they’ll follow standard ticket process to engage MFN tier 2/3 support. Tier 1 will open tickets on behalf of the customer and immediately escalate to the appropriate tier 2/3 CPE support group.
8 Pricing
Depending on the requirements and configuration, pricing for the CPE with the WAAS module will be provided to the customer. The customer may be required to upgrade their existing CPE in order to provide the WAAS module.
1 IntraLATA MAN Services
There are four types of services provided under IntraLATA MAN service as listed below. Each service has a different pricing and service structure. Each service below has its own rates.
• Tallahassee 2GMAN Service
• MAN Service in AT&T LATAs only
• MAN Service in CenturyLink LATAs only
• MAN Service in Tampa LATA (through Hayes) only
These services are provided on a “where available” basis. Please access the Florida Public Service Commission (PSC) LATA Map (from link below) to determine which Incumbent Local Exchange Telephone Companies (ILECs) provides services in their respective area.
2 Tallahassee 2GMAN Service
The 2GMAN Service is a high-speed data service, which uses a shared fiber network to allow for the interconnection of Local Area Networks (LAN) across selected metropolitan areas and offered in Tallahassee only. The 2GMAN Service provides bandwidth speeds of 1.544 Mbps, 10Mbps, 100Mbps, 200Mbps, 400Mbps, 600Mbps, 800Mbps, 1000Mbps, 2Gbps, 5Gbps and 10Gbps access from the Eligible User’s LAN to the shared Tallahassee 2GMAN network. As an added benefit and where applicable, 2GMAN service provides MFN NMS tools and MFN NOC access at no additional charge. Certain MFN SLAs apply as well.
The 2GMAN Service is offered for local and intraLATA use only. Therefore, the 2GMAN service does not include any MyFloridaNet (MFN) transport or internet access. Customers with MFN transport or internet access requirements can subscribe to standard MFN service.
There are two types of 2GMAN services; Standard and Enhanced as defined below.
Standard 2GMAN services are available for all speeds ranging from 1.5 Mbps to 10Gbps. Standard 2GMAN service includes a router that would satisfy the needs of most customers requiring basic connectivity for a given speed.
Enhanced 2GMAN service is available for speeds between 200Mbps and 1Gbps. Enhanced 2GMAN service provides an upgraded router to meet the needs of customers where there is a requirement for a more powerful Customer Premises Equipment (CPE) device to support features such as encryption, and QoS. Some of the advanced services that normally require an additional charge are included in the Enhanced 2GMAN service.
Type of routers for standard and enhanced 2GMAN is listed in the table below. A description of these routers can be accessed here. If the customer requires a different type of CPE from the list below, the customer should utilize standard MFN service where the customer can choose the exact router based on their additional requirements.
|Bandwidth |Standard CPE |Enhanced CPE |
|1.5 Mbps |2921-T1-SEC |3925-T1-SEC* |
|10 Mbps |2921-ME-SEC |3925-ME-SEC* |
|100 Mbps |2921-ME-SEC |3925-ME-SEC* |
|200 Mbps |ASR1001-ME-IPB |ASR1001-ME-AES-VPN-FW |
|400 Mbps |ASR1001-ME-IPB |ASR1001-ME-AES-VPN-FW |
|600 Mbps |ASR1001-ME-IPB |ASR1001-ME-AES-VPN-FW |
|800 Mbps |ASR1001-ME-IPB |ASR1001-ME-AES-VPN-FW |
|1000 Mbps |ASR1001-ME-IPB |ASR1001-ME-AES-VPN-FW |
|* Additional charges based on chassis upgrade options |
If the customer requires CPE that provides more advanced services or a more powerful router than the Enhanced 2GMAN services router, the customer should utilize standard MFN service where the customer can choose the exact router based on their additional requirements.
If customer require optional features such as QoS, Encryption, or router upgrade, please refer to the “Optional Features” matrix” to determine when charges apply.
3 MFN virtual ports
• 2GMAN service customers can no longer purchase MFN virtual port. Therefore, new orders or upgrades for MFN Virtual Ports will not be accepted.
• Effective 01/01/2013, any current customers subscribing to a 100Mbps MFN virtual port utilizing an average bandwidth above 25% of the total port speed will be migrated to a standard MFN service. The average utilization will be captured from a two (2) week consecutive period during business days 8AM to 5 PM.
4 Service Levels
• MFN SLA categories (Core, Access/CPE, and Operational) are applicable with the exception of IMAC SLA under Operational category. Customer must have a Virtual Port in order to qualify for MFN SLAs.
• IMAC SLA for 2gman access is exempt. However, the IMAC SLA for the MFN virtual port is not exempt.
1 MAN Service in AT&T LATAs
The AT&T Metro Ethernet Service is a high-speed packet transport that is based on Ethernet transmission technology. This service is provided in all AT&T LATAs on a “where available” basis. Please access the Florida Public Service Commission (PSC) LATA Map to determine which Incumbent Local Exchange Telephone Companies (ILECs) provides services in their respective area. Metro Ethernet Service provides various transport capabilities that range from 2Mbps through 1Gbps. The following characteristics of the service are listed below:
1. The service does not include CPE or management of the CPE or MFN tools access.
2. There are no installation charges associated with the service. However, Special construction charges (costs to cover build out of facilities) may apply.
3. Customers are required to subscribe to MFN NOC and Metro Ethernet Reporting at an additional monthly charge posted on the MFN website. MFN NOC provides access to a single point of contact for trouble reporting. Metro Ethernet Reporting provides alarm surveillance, performance report and SLA reporting for Metro Ethernet network components. Metro Ethernet Reporting offers a web-enabled graphical user interface (GUI) on the customer’s desktop.
4. For each order, a twelve (12) month term commitment will be standard for the service. There will be no termination liability charges incurred if the service commitment is terminated after the twelve (12) month term. In the event of termination prior to completion of the twelve (12) month term for an order, Customers will be obligated to pay the amount of monthly charges for the remainder of the minimum twelve (12) month term. This Service will be on a month-to-month basis at the conclusion of the twelve (12) month service commitment.
5. Network Availability, Network Latency and Time-to-Repair SLAs are available as part of the service. The customer must notify the MFN NOC of non-compliance of an SLA within 30 days of the event occurring. MFN NOC will then research the issue to validate any non-compliance.
6. AT&T Metro Ethernet Service Independent Company (ICO) Trunk Connection: Provides interconnection between AT&T’s Ethernet network and the Ethernet network of an Independent Telephone Company. Additional charges may apply depending on the configuration.
7. Automatic Protection Switching (APS): Automatic Protection Switching (APS) is an optional feature that provides customers with the option of having data channel survivability through the use of a secondary path that is diverse from the path provided with their primary Metro Ethernet Connection. APS is not available for a 2 Mbps, 4 Mbps or 8 Mbps Connection. APS may be ordered as a structurally diverse transport path (Structural Protection) or a route diverse transport path (Route Protection). Structural Protection APS is defined as the APS facility and the primary Metro Ethernet Connection facility being in separate sheaths in separate structures located along the same route (e.g., underground/underground, buried/underground, aerial/underground, aerial/buried, buried/buried, and aerial/aerial), or along different routes at the Telephone Company’s discretion. Route Protection APS is defined as the APS facility being in a separate sheath within alternate underground, aerial or direct buried structures that are run along separate physical paths from the facilities associated with the primary Metro Ethernet Connection. No precise distance separation is specified between the paths; although the separation is sufficient to preclude one disruptive event from affecting both routes. This is at an additional charge.
8. Optical Termination Charge: An electrical termination on the customer premises is standard for 2, 4 and 8 Mbps connections. However, an Optical termination charge applies when an optional optical termination is requested for a 2, 4 or 8 Mbps Connection.
2 MAN Service in CenturyLink LATAs
Ethernet Service is a high-speed data service, which uses a shared fiber network to allow for the interconnection of Local Area Networks (LAN) across selected metropolitan areas. Services are offered for local and intra-LATA use where facilities exist. This service is provided in all CenturyLink LATAs (where available). Please access the Florida Public Service Commission (PSC) LATA Map to determine which Incumbent Local Exchange Telephone Companies (ILECs) provides services in their respective area. Ethernet Service provides various transport capabilities that range from 3 Mbps through 1Gbps. The following service characteristics are listed below:
1. Service is based on a month to month basis.
2. There are no installation charges associated with the service. However, Special construction charges (costs to cover build out of facilities) may apply.
3. Customers are required to subscribe to MFN NOC at an additional monthly charge posted on the MFN website. MFN NOC provides access to a single point of contact for trouble reporting.
4. The service does not include CPE or management of the CPE or MFN tools access.
5. CenturyLink Ethernet Service Independent Company (ICO) Trunk Connection: Provides interconnection between CenturyLink Ethernet network and the Ethernet network of an Independent Telephone Company. Additional charges may apply depending on the configuration.
3 MAN Service in Tampa LATA (by Hayes)
Ethernet Service is a high-speed data service, which uses a shared fiber network to allow for the interconnection of Local Area Networks (LAN). Service shall be provided in the Tampa LATA (where available). Where available, Hayes has the option to provide the services in areas outside of AT&T and CenturyLink serving areas. The service shall provide 10Mbps, 100Mbps and 1000Mbps access from the Customer’s LAN to the shared Ethernet Services Network. The following service characteristics are listed below:
1. The service does not include CPE or management of the CPE or MFN tools access.
2. There are no installation charges associated with the service. However, Special construction charges (costs to cover build out of facilities) may apply.
3. Customers are required to subscribe to MFN NOC at an additional monthly charge. MFN NOC provides access to a single point of contact for trouble reporting.
4. For each order, a twelve (12) month term commitment will be standard for the service. There will be no termination liability charges incurred if the service commitment is terminated after the twelve (12) month term. In the event of termination prior to completion of the twelve (12) month term for an order, Customers will be obligated to pay the amount of monthly charges for the remainder of the minimum twelve (12) month term. This Service will be on a month-to-month basis at the conclusion of the twelve (12) month service commitment.
5. Inter Office Facilities mileage charges may apply and shall be determined with Service Inquiry request.
Appendices
1 Appendix A: Layout of the MFN Core
[pic]
2 Appendix B: NMS Tools & QRadar Account Access Request Form
[pic][pic]
4 Appendix C: NMS Client Access Requirements
[pic]
5 Appendix D: Standard MFN and MFN Lite Comparison Matrix
[pic]
6 Appendix E: Router Configuration Tool – RANCID
[pic]
7 Appendix F: Standard City Abbreviations
[pic]
8 Appendix G: Installation Confirmation - Provider Managed CPE
[pic]
9 Appendix H: Installation Confirmation and Instructions – Customer Managed CPE
[pic]
10 Appendix I: Additional MFN Tools
[pic]
Revision History
|Revision date |Version |Revised Sections and Summary of Changes |
|01-10-2008 |1.0 |Draft Document Released |
|03-10-2009 |1.0 |Final Document Released |
|10-08-2009 |1.01 |Updated SUNCOM NOC contact information. |
|04-05-2011 |2.0 |Changes/Additions made: Key benefits and features (s2.2), Extended Wiring (s2.4.1), SLA Overview (s2.5), Network|
| | |Assurance Plan (s3.1), Customer responsibilities (s3.4), Generating Configuration Change Request (s3.12), |
| | |Maintenance Window (s3.10), Major Outage Process (s3.13), Prerequisites for ordering (s4.2), Order Process |
| | |(s4.3), Modifications to Existing Service (s4.4), Emergency Bandwidth Change Request (s4.7), MyFloridaNet |
| | |Installation Process (s4.11), Installs, Moves, Adds, and Changes (IMAC) SLAs (s4.12), Minimum Billing Period |
| | |(s5.2), Emergency Increase of Bandwidth (s5.3), Change in Billing Responsibility (s5.5), NMS CPE requirements |
| | |for monitoring (s6.3), NMS Tools Account Creation (s6.5), MFN Portal Password (s6.6), Maintenance (s7.3), |
| | |Network Design and Engineering (chapter 8), Security (chapter 9), What’s included in the base price (s10.2). MFN|
| | |Lite (s11.1), MFN Interstate (s11.2), WAAS (s11.3), Tallahassee 2GMAN (s11.4), MFN Satellite (s11.5), |
|10-20-2011 |2.1 |1) Added new section - MFN LSM Service (s11.6), |
| | |2) Change to existing section - Public LAN IP Address Policy (s8.5.2), |
| | |3) Added new section - Private LAN IP Address Registration and Assignment Policy (s8.5.3). |
|04-05-2012 |2.2 |1) Added new information related to SUNCOM Billing System Access (OaSiS) (s5.8) |
| | |2) Added new QRadar Access Form under Appendix B |
| | |3) Added Tools Access Form for Additional MFN Services (Appendix I). Added process related to additional tools |
| | |in section 6.5. |
| | |3) Updated section 8.5.1 (Reserved Private IP Addresses) with additional of IP range. |
|01-23-2013 |2.3 |1) Updated MFN CPE SLA Matrix by adding a comment below the table. (s7.10) |
| | |2) Added bullet “c” related to performance degradation SLA exclusions for CPE managed sites. (s2.5.2) |
| | |3) Added additional private IP block (last four bullets) under section “Reserved Private IP Addresses” (s8.5.1) |
|03-23-2015 |3.0 |1) Expedite Services (s2.4.2) |
| | |2) Changed related sections on move of MFN services to CSAB (including billing and ordering chapters) |
| | |3) Updates made to CPE chapter to include verbiage related to standalone CPE and DSL POTS line. |
| | |4) Removed MFN Satellite and LSM services |
| | |5) Updates to the section 9.3 and 9.4 |
| | |6) Other small changes throughout the document |
Note: Other small changes have been made throughout the document. Therefore, it is encouraged that users read the entire document of the latest revision to become familiar with the MyFloridaNet user guide and its processes. Thank you.
-----------------------
MyFloridaNet
Customer VPN
Internet
Ethernet 2Mbps
Access
Port
CPE
Frame
1.5Mbps
Access
Port
CPE
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related searches
- state of florida department of education
- florida department of financial services licensee search
- florida department of financial services fl
- department of financial services florida hr
- department of financial services state of florida
- florida department of financial services financial services
- florida department of financial services my
- department of management services purchasing
- florida department of financial services license renewal
- florida department of financial services my profile
- state of florida department of state
- florida department of state division of corporations