Chamaeleons.com
[pic]
FIRN User Guide
A Guide to assist customers with the use of services offered under the FIRN contract.
Version 9 21 14
TABLE OF CONTENTS
1 Overview 4
1.1 FIRN Mission Statement 4
1.2 FIRN Network Operations Guide 4
1.3 Audience 4
2 FIRN Service Overview 5
2.1 Introduction 5
2.2 Key Benefits and Features 5
2.3 Types of Services 6
2.4 FIRN DAN (District Area Network) 7
2.5 Optional Services 10
2.6 SLA Overview 11
2.7 SLA Categories 11
2.8 Service Levels Exclusions 12
2.9 FIRN SLA Applicability – Service Types 13
3 FIRN Customer Support 13
3.1 Trouble Management Support 13
3.2 Trouble Reporting Procedures 13
3.3 Customer Responsibilities 14
3.4 Hayes NOC Responsibilities 16
3.5 MFN NOC Responsibilities 16
3.6 Trouble Ticket Status Check 17
3.7 Trouble Tickets Classifications 18
3.8 Notification Commitments 20
3.9 Escalation Procedures 20
3.10 Generating Configuration Change Request 23
3.11 Customer Managed Option 24
3.12 Hours of Operation 26
3.13 MFN NOC Contacts, Escalation Levels & Responsibilities 26
4 Ordering FIRN Services 29
4.1 Customer Engagement 29
4.2 Prerequisites for Ordering 33
4.3 Initial Service CSAB Order Submission – Installs 35
4.4 In-House Relocations 35
4.5 Relocation of Service to New Physical Address 35
4.6 Changes to Existing Service 35
4.7 FIRN Managed Option 36
4.8 Customer Managed Option 36
4.9 Changes Requiring a CSAB Number Change 37
4.10 Discontinuation of Service 37
4.11 Mandatory Use of Online CSAB System 38
4.12 Incomplete CSAB Orders 38
4.13 FIRN Installation Process 38
4.14 Installs, Moves, Adds, and Changes (IMAC) SLAs 40
4.15 SLA Installation Performance Targets 40
4.16 Other Services and impact on SLA Performance Target 41
4.17 CSAB order submittal and SLA Performance Target for new installations 42
4.18 Book of Record and SLA Hold Time Guidelines 42
4.19 SLA Hold Time Request and Approval Process 43
4.20 SLA Hold Time Reasons 43
5 Billing 44
5.1 Billing Cycles 44
5.2 Minimum Billing Periods 45
5.3 Billing Start Date for new services 45
5.4 CPE acquired through the FIRN contract 45
5.5 Customer Provided CPE 45
5.6 Disconnect Processing and Effective Bill Date 45
5.7 Change in billing results from a funding change Proviso language by the Legislature, or a responsibility change 46
5.8 Credits and Dispute Resolution Guidelines 47
6 NMS Tools 48
6.1 Network Management Systems CPE Requirements for Monitoring 48
6.2 MFN Network Management Tools User Training 49
6.3 MFN NMS Tools Access Requests 49
6.4 Routine Changes 50
6.5 Routine Removals 50
6.6 Emergency Account Removals 50
6.7 Network Management Reports 50
7 Customer Premise Equipment (CPE) 57
7.1 FIRN CPE 57
7.2 Maintenance 58
7.3 Installation 58
7.4 Acquired 58
7.5 Out of Band (OOB) Access 59
7.6 Router Configuration Backup 59
7.7 Router Management 59
7.8 Router Access Account management 60
7.9 After Hours Maintenance Activity 60
7.10 FIRN CPE SLA Matrix 60
7.11 FIRN CPE Roadmap / Models 61
7.12 General 61
7.13 Special CPE needs 61
7.14 New CPE models 62
7.15 FIRN CPE Naming Convention Methodology 62
8 Network Engineering & Design 63
8.1 Design Overview 63
8.2 8.2 Routing Protocol Requirements 65
8.3 IP QoS Requirements 65
8.4 CPE & Access Method Requirements 66
9 Additional Services supported through FIRN 67
9.1 FIRN Secure Internet Bundled Services (Secure Internet Services) 67
9.2 FIRN Advanced Security Offerings (ASO) 73
10 Appendices 81
10.1 FIRN Core Layout 81
10.2 FIRN Types of Access 81
10.3 FIRN vs. FIRN DAN Comparison 81
10.4 NMS Tools Access – CSAB and Access Form Samples 81
10.5 Order Design Reference Documents 81
10.6 Customer Service Questionnaire 81
10.7 Secure Internet Services Questionnaires 81
11 Glossary of Terms 83
12 Revision History 84
Overview
1 FIRN Mission Statement
The State of Florida, DMS, AT&T and its partners will provide timely, quality, and professional network support to the State of Florida for the FIRN Contract.
2 FIRN Network Operations Guide
The FIRN Operations Guide is being developed jointly by DMS-SUNCOM and AT&T to describe the operational handling of the day-two support for FIRN Services. The Guide will provide detailed operational procedures and will show the relationship of the Operational Personnel and Network Management System (NMS) Tools within the FIRN NOC. This Guide is not intended to be a User Guide for NMS Tools and the specific guide for any tool referenced should be consulted for detailed information regarding the capabilities and use of that tool.
This Operations Guide will be periodically reviewed by DMS-SUNCOM, AT&T, Embarq and Hayes staff and revisions will be implemented as necessary. Any proposed changes or updates will be approved by both AT&T and DMS-SUNCOM. The AT&T Life Cycle Manager will be the primary contact person for changes and revisions. From DMS-SUNCOM, the FIRN Product Manager will be the primary contact to coordinate these changes, revisions and approvals.
|Contact |Telephone |Email |Role |
|Connie Gruen |850-216-3515 |connie.gruen@ |AT&T Customer Care Life Cycle Manager |
|Daniel Bowen |850-216-3543 |daniel.bowen@ |AT&T Marketing Life Cycle Manager |
|Freddy Martinez |850-922-7475 |freddy.martinez@dms. |DMS FIRN Product Manager |
3 Audience
This document is to be used to govern and define the rules of engagement between DMS of the State of Florida and AT&T and its sub-contractors. This document will be in compliance with the FIRN contract which was signed on January 12, 2009. In the case of any conflict between this document and the contract, the Contract has the ruling authority. This document should be considered proprietary information between the State of Florida’ Department of Management services and AT&T and its subcontractors. This document is not to be shared in whole or part with any Agency personnel.
FIRN Service Overview
1 Introduction
FIRN is a comprehensive solution providing a rich and flexible private enterprise communications infrastructure dedicated for the exclusive use of State of Florida eligible users. This enterprise infrastructure is based on a Multi-Protocol Label Switching (MPLS) technology and Quality of Service mechanisms providing improved security and robust connectivity resulting in a highly available (HA) and highly reliable (HR) statewide communications network. The FIRN network infrastructure uses the existing MyFloridaNet network backbone as transport. Please refer to Appendix 14.3 for a layout of the MyFloridaNet core.
FIRN will provide service elements such as network core, local loop access, customer premises equipment (CPE), security, Internet access, network management tools, design and engineering, billing and ordering as a complete turn-key solution with mostly flat-rate pricing statewide. Customers have the option to either manage CPE or let FIRN manage it. There is no additional cost to manage a CPE router if the FIRN Bundled Package is selected.
The FIRN network is capable of transmitting over single user local loop connection application traffic such as internet, voice, data, and video.
Any eligible educational entity that is a qualified SUNCOM user (customer) can subscribe to FIRN. The categories listed below can subscribe to FIRN services.
• State Agencies with educational programs
• State Universities or Community Colleges
• Private, Non-profit Universities as defined in Florida State statutes FS 282.703(3) & FS 1009.89(3)
• Educational City or County Governments in Florida
• Private, Non-Profit Elementary and Secondary Schools as defined in Florida State statute FS 282.705 (5)
• Educational School Boards
• Libraries as defined in Florida State statute FS 282.706
• DOE related entities which qualify as SUNCOM users.
Care must be exercised when working with an eligible entity in that unless they are an educational and Erate entity some restriction may apply. For example, DMS offers services which may be directly in competition with this contract if an entity is not E-rateable and happens to be a State Agency.
For these special cases all FIRN team members must consult with DMS before giving approval or the impression to the user entity that the service sought is a workable solution under the FIRN contract. There may be a different State of Florida contract that should be used.
2 Key Benefits and Features
FIRN offers a variety of benefits with a superior solution that delivers:
Core Nodes: The MyFloridaNet/FIRN core features dual carrier class Juniper M320 routers in each LATA-based node location statewide for a total of 20 M320 core routers. These powerful nodes are interconnected by a combination of redundant OC-48 (2.4 Gbps) and OC-12 (622 Mbps) packet over SONET links, providing a tremendous amount of bandwidth with full protection against core link failure.
Internet: Internet access is equal to the access speed of the FIRN connection is included in the basic service. Firewall Services are available as options.
Simplified Lower Pricing: A vast majority of the FIRN pricing is flat rate statewide. For instance, customers in Blountstown will now pay the same price for a T1 connection as the customers in downtown Miami.
Proactive SLAs: FIRN includes Service Level Agreements. All SLAs are monitored 24 x 7 by the FIRN Web based NMS by the FIRN/MFN NOC.
Any-to-Any Connectivity: FIRN features fully meshed connectivity between all sites without the cost and complexity of configuring multiple PVCs. MPLS supports scalable, any-to-any connectivity within customer specific VPNs. Customers are able to order new sites without ever having to make router configuration changes at any of their other locations.
One Connection: FIRN utilizes a private MPLS based IP core to create an integrated network capable of carrying internet, intranet (private VPN) and Extranet traffic all on one connection, helping to cut connection, management and equipment costs.
Network Operation Center: FIRN includes a dedicated world-class Network Management Solution and Network Operations Center located in Tallahassee as well as a live, mirrored, Network Management System and Network Operation Center in Winter Park, Florida.
Network Management Tools Suite: The FIRN NOC will monitor services by utilizing state of the art management tools such as NetQoS Report Analyzer, and CA-Spectrum Service Performance Manager. Remedy trouble ticketing system and eHealth are also included as part of the tools suite and basic service.
Access Choices: FIRN access method is determined by the service provider with the exception of DSL. Customers can request DSL service specifically. Access types include DSL, Frame Relay, and Ethernet
Note: for details and applicability, please refer to the section on “Types of Service”.
3 Types of Services
Pricing is for illustration purposes only. For most recent & updated pricing, please visit the FIRN web site.
1 Regular FIRN
FIRN access connectivity originates at an individual user’s location and terminates at the Provider Edge router, creating an onramp to the FIRN core. FIRN customers will be provided the appropriate access (local loop) type based upon the specific applications and needs at any given site.
For example, customers may have Frame Relay access at one location, Ethernet access at another, and DSL at yet another. Because FIRN provides interoperability across multiple access types, these locations will work together seamlessly. Please refer to Appendix 14.4 for a layout of the different types of access connecting into FIRN.
FIRN access connectivity service is a requirement for ordering and/or retaining any FIRN Other Network Services (ONS).
2 Frame Relay Access
Customers with frame relay access connect into the FIRN Core. When you are provided frame relay access you will be provided an access speed that is equal to your FIRN port speed, which includes full backbone access equal to your FIRN port speed. Frame Relay access characteristics are listed below.
• Full CIR
• Bandwidth Range – 64kbps to 45Mbps
• SLA & QoS Support
3 Ethernet Access
Customers can be provided Ethernet access to connect into the FIRN Core. For Ethernet access you will be provided an access speed that is equal to your FIRN port speed, and includes full backbone access that is equal to your FIRN port speed. Ethernet access characteristics are listed below.
• Full access and port bandwidth
• Bandwidth Range – 2Mbps to 1Gbps
• SLA & QoS Support
4 DSL Access
Customers can select DSL access to connect into the FIRN Core. When DSL service is selected access will be provided at a speed that is equal to the FIRN port speed, which includes full backbone access equal to the FIRN port speed. DSL access characteristics are listed below.
• Best Effort
• Three Bandwidth Ranges
• No QoS Support, or Tools access
5 Pricing Structure
Below is the link showing the pricing elements for FIRN service
The FIRN user must order a regular FIRN connection or access service before ordering any FIRN Other Network Services (ONS). Additionally, a FIRN connection must exist at all times to maintain ONS services. FIRN customers will not be allowed to disconnect the FIRN main connection and retain ONS services.
In the event ONS are required and the FIRN connection is terminated, the FIRN user will have the option to order like services out of the regular SUNCOM offerings. Other SUNCOM services, unlike FIRN, may require and installation charge to initiate new services.
4 FIRN DAN (District Area Network)
The (District Area Network) DAN is designed for local customers with no requirements for internet access
The connection is basically a managed FIRN Bundled offering with no internet access. In this instance, Access is combined with a 4M FIRN Core port for management purposes only. Customers on the DAN can communicate with one another over a single multi-access VLAN and through a connection to the main District DAN router.
The DAN customer gets limited features of regular FIRN (management, administration, etc.) with a reduced monthly cost, since no internet access is provided. Please refer to the diagram below of a sample configuration using FIRN DAN.
DAN Design Requirements:
• Host and remote routers must be provider managed.
• Host circuit BW must be greater than or equal to the cumulative total of the remote circuits BW.
• Network must be configured in a hub and spoke arrangement.
• No QoS SLAs.
• No customer provided CPE.
• Sites cannot be provisioned across LATA boundaries.
o Out of LATA sites can be connected via a private VRF
• There will be a SPOC for trouble reporting (District IT staff).
In addition to the single, multi-access VLAN for intra-DAN communications, DAN subscribers can also have access to the Internet using the District’s regular FIRN internet connection,
[pic]
1 DAN Pricing Structure
Refer to the table below listing the DAN price structure. This is the end user rate.
|E-Rate Bundled Services | | | |
|Distric Area Network (DAN) Pricing | | | |
|CSA FORMAT = AGY - $I RT - NNNN - YR - OC¹ | | | |
|Bandwidth² | |CSA RT Code | | | |
| |Monthly Recurring Rate | | | | |
|1.5 Mbps x 256 kbps - DSL |N/A |D1 | | | |
|384 kbps x 384 kbps - DSL |N/A |D2 | | | |
|768 kbps x 512 kbps - DSL |N/A |D3 | | | |
|64 kbps |N/A |6K | | | |
|128 kbps |N/A |1K | | | |
|256 kbps |N/A |2K | | | |
|512 kbps |N/A |5K | | | |
|1.5 Mbps |$473.00 |01 | | | |
|2.1 Mbps |$623.50 |02 | | | |
|3 Mbps |$623.50 |03 | | | |
|4.5 Mbps |$882.16 |04 | | | |
|6 Mbps |$1,015.12 |06 | | | |
|9 Mbps |$1,382.63 |09 | | | |
|10 Mbps |$1,436.59 |10 | | | |
|12 Mbps |$1,467.76 |12 | | | |
|14 Mbps |$1,492.16 |14 | | | |
|15 Mbps |$1,516.92 |15 | | | |
|18 Mbps |$1,630.82 |18 | | | |
|20 Mbps |$1,688.00 |20 | | | |
|21 Mbps |$1,744.72 |21 | | | |
|25 Mbps |$1,791.60 |25 | | | |
|27 Mbps |$1,814.80 |27 | | | |
|30 Mbps |$1,849.60 |30 | | | |
|33 Mbps |$1,885.00 |33 | | | |
|36 Mbps |$2,131.43 |36 | | | |
|40 Mbps |$2,171.71 |40 | | | |
|41 Mbps |$2,183.22 |41 | | | |
|45 Mbps |$2,229.62 |45 | | | |
|50 Mbps |$2,327.06 |50 | | | |
|65 Mbps |$2,479.35 |65 | | | |
|75 Mbps |$2,660.47 |75 | | | |
|100 Mbps |$3,113.26 |C2 | | | |
|130 Mbps |$3,033.69 |CX | | | |
|155 Mbps |$3,131.59 |C3 | | | |
|200 Mbps |$3,306.99 |C4 | | | |
|300 Mbps |$3,741.34 |C6 | | | |
|350 Mbps |$3,958.51 |C7 | | | |
|400 Mbps |$4,175.68 |C8 | | | |
|500 Mbps |$4,610.03 |CA | | | |
|550 Mbps |$4,810.97 |CB | | | |
|600 Mbps |$5,011.90 |CC | | | |
|700 Mbps |$5,413.77 |CE | | | |
|800 Mbps |$5,783.17 |CG | | | |
|900 Mbps |$6,152.57 |CI | | | |
|1000 Mbps |$6,521.97 |1G | | | |
| | | | | | |
|¹$I= FIRN Services, RT=BANDWIDTH, NNNN=Any Numbering System, YR=Year Service Was Ordered, OC=Option Code. | | | | | |
|²Additional 1Mbps BW applies | |
|to connections over 200 Mbps. | |
|Special instructions for NOC | |
|related to After Hours | |
|contact | |
|Contact Type |Name |Phone Number |Email |
|Primary Technical | | | |
|Secondary Technical | | | |
|After Hours Technical | | | |Insert Hours Available |
|Security Administrator | | | |
|MFN NOC Changes | | | |
|Technical Gathering | | | |
|Definition |
|Primary Technical |Agency OR LOCAL Site Technical contact. This contact will work with MFN NOC to resolve troubles and coordinate ACCESS to |
| |the facility when needed. |
|Secondary Technical |Backup to Primary when Primary not available. |
|After Hours Technical |Agency OR LOCAL Site Technical contact(s) to be contacted 'after-hours' to work with MFN NOC to resolve troubles and |
| |coordinate ACCESS to facility when needed. Please indicate HOURS available to contact. |
|Security Administrator |The Agency person with the authority to add or delete users’ access to the NMS Tools and or Remedy and to approve contact |
| |names and numbers. |
|MFN NOC Changes |The Agency person(s) with the authority to request changes to Vendor managed CPE from the MFN NOC. |
|Technical Gathering |The individual responsible for gathering the information necessary to complete this questionnaire. |
2 Submitting a trouble report
Before submitting a trouble report customer should:
1) Check with their own Help Desk (if one is available) to eliminate any internal LAN issues that may be causing the trouble.
2) Consult with their designated local technical contact.
3) Check that power is available.
4) Check to determine if problem is cause by any activity recently performed on their systems (i.e., patches, maintenance, software/hardware changes, etc.)
5) Inquire internally for any other known local telecommunications outages.
6) Check the on-line Ticketing system or call the MFN NOC to verify trouble is not already reported in the system.
7) If steps 1 thru 6 above have been acted upon and there is still no troubles reported or found in the system, then proceed to report the trouble as indicated below:
When calling or emailing the MFN NOC or Hayes to open a trouble ticket, please have the following information available:
• Device Name (Hostname) as it appears in Spectrum
• CSAB Order number & circuit ID number
• Agency Name, Code and Location
• Type & description of service
• CPE service status (managed/unmanaged)
• Detailed description of the trouble
• Exact date and time of the trouble
• Contact information including name, telephone number, and access hours
• Site physical address
• Local physical site access information or contact
• Customer & local contact phone and cell numbers
• E-mail address of contact for status updates
• Hours of operation (When can you be contacted?)
• Advise MFN or Hayes NOC if you have been performing any activity on your system (i.e., patches, maintenance, software/hardware changes, etc.) or if you have any special requirements or constraints.
If you submit a request to open a ticket via email and it does not contain the information referenced above, you will receive a return email requesting the information before a ticket is created and assigned to a technician. The MFN NOC will open tickets in a proactive manor based on established MFN NOC procedures as agreed to by AT&T and DMS-SUNCOM.
* Note - Open trouble tickets may be viewed online by accessing the Ticketing System on the MFN NMS Web Portal at .
**Note: Remember that the MFN NMS system will automatically report FIRN outages and will notify the agency designated technical contact via email or SMS Paging within 15 minutes of the outage being detected as specified by the customer in the NMS User request. Reference the “Notification and Status Commitment” table in section 3.8 for details regarding notifications and status updates.
5 Hayes NOC Responsibilities
1 Report from customer supported by DOE or purchases the Support Option:
2 Customer contacts Hayes Help-Desk @ 1-877-347-6896.
3 Hayes will open a ticket in Keystone then proceed to troubleshoot the issue according to current Hayes trouble handling procedures.
4 In the event the issue is determined to be service affecting, related to the circuit or CPE, Hayes will contact the MFN NOC for a warm hand-off.
5 MFN NOC will open a ticket in Remedy then troubleshoot the issue according to current MFN trouble handling procedures.
Note: For FIRN Direct Connect customers, Tier 1 MFN NOC will not have AT&T core device access to collect AT&T core connection information.
6 MFN NOC Responsibilities
1 Report from customer not supported by DOE and purchases options through the FIRN contract.
2 Customer contacts MFN NOC @ 1-866-913-8386
3 MFN NOC will open a ticket in Remedy then troubleshoot the issue according to current MFN trouble handling procedures.
4 If the MFN NOC determines during initial data gathering that the customer issue is with an option such as encryption or filtering, the MFN NOC will contact Hayes for a warm hand-off. Hayes will open a ticket in Keystone then proceed to troubleshoot the issue according to current Hayes trouble handling procedures.
5 When a customer reports a problem, the MFN NOC agrees to the following:
• Accept trouble reports from the customer or authorized representative by telephone or electronically (if access available). Log and track all troubles reported
• Test all services/facilities as necessary to resolve the problem
• Provide the customer with problem status periodically, as defined in “Notification and Status Commitment” table in section 3.8.
• Escalate troubles to higher-level support upon the customer’s request per “Escalation Procedures” defined in section 3.9.
• Proactively escalate ticket as necessary to Service Manager, Tier 2 and Tier 3 per MFN NOC operating procedures.
• Cooperatively test with the customer or authorized representative when necessary
• Close all tickets with the agreement of the customer or authorized representative and document the name of the individual with whom the ticket was closed
• Open all initial trouble tickets
• Provide single point of contact for communications with the customer
• Update and monitor ticket status
• Forward tickets to appropriate group
• Check for OOB access (if applicable)
• Check for active alarm in Spectrum.
6 DAN Service
DAN Service Description: The DAN is a unique network to each individual school district with the host device collocated with the school district’s FIRN connected device. See Section 2.4 for description detail and diagram
7 Report from a District Area Network (DAN) customer:
8 DAN IT Staff contacts MFN NOC @ 1-866-913-8386
9 2MFN NOC will open a ticket in Remedy then troubleshoot the issue according to current MFN trouble handling procedures.
10 DAN Trouble Reporting requirements:
11 All reporting of issues affecting DAN sites will be the responsibility of the District IT staff. The District IT Staff is the single point of contact (SPOC) for all remote sites on the DAN.
12 Trouble report status updates and closeout information will be provided to the DAN IT staff (SPOC).
13 If a report comes into the MFN NOC from a location other than the DAN SPOC a ticket will be opened, the customer will be given the ticket number and advised of the process of using the DAN SPOC to report troubles. The DAN SPOC will be contacted by the MFN NOC with the ticket information and the local customer information so that the DAN SPOC can follow-up with the local customer for status and process training.
7 Trouble Ticket Status Check
The status of the trouble ticket may be checked by reviewing the ticket in the Ticketing System through the MFN NMS Web Portal or by calling the MFN NOC at 1-866-913-8386. The address for the MFN NMS Web Portal is . When calling, the customer will have available the trouble ticket number to inquire about the ticket status. Status reports will be provided to the customer by the MFN NOC staff per the “Notification and Status Commitment” table in section 3.10.
Note: It is the customer’s responsibility to keep the contact information updated. For details refer to section 3.3, Customer Responsibilities.
8 Trouble Tickets Classifications
1 Problem Severity Classifications
There are five severity classifications that a Tier 1 MFN NOC technician can assign to a detected or reported trouble. The classification assignment will be made based on the definitions of the classifications in this section.
• Critical *
• Major *
• Minor **
• Chronic ***
• Informational
* For all troubles, resolution efforts occur on a 24x7 basis, and status updates are provided to the customer according to the “Notification and Status Commitment” table in section 3.10, until the problem is resolved and service has been restored. Critical, Major and Minor issues have SLA’s associated.
** For ‘Minor’ troubles, resolution efforts occur primarily during regular business hours with coordinated after-hours testing with the customer to minimize interference with performance or downtime for the customer during regular business hours. There are no SLA’s associated with Minor issues unless they are change requests which carry a 2 hour SLA. Please refer to Generating Configuration Change Request section for details.
*** Chronic tickets will be opened under the Major classification and noted in the problem description area as Chronic.
**** Spectrum Alarm classifications do not necessarily correspond to Remedy ticket classifications. Spectrum Alarm classifications listed below:
• Critical alarms include device outages, SLA critical thresholds exceeded, and SLA violations
• Major alarms include selected syslogs and traps, and device component failures (power supplies, fans, etc.).
• Minor alarms include non-major syslogs and traps, authentication failures, and informational alarms.
Critical
Critical problems are defined as those affecting the entire network for a specific agency or within the MFN core that impacts a large number of users with no immediate work around. The condition includes a critical work stoppage or service degradation that prohibits access to mission critical applications during the customer’s normal working hours affecting multiple sites within the agency. A critical condition within the MFN core would consist of a hardware or software failure that causes work stoppage or service degradation prohibiting access to mission critical applications by the connected users in a particular LATA or across the MFN core.
| Examples of critical problems |
|All network alarms for any MFN Core Router |
|All network alarms for any MFN core aggregate circuit |
|Multiple sites of a specific agency are down or have lost connectivity as reported by the customer or the NMS system |
|Multiple sites are experiencing service degradation that has rendered their connections unusable as reported by the customer or the NMS |
|system |
Major
Major problems are defined as single site outages, service degradation prohibiting access to or function of critical applications from a single site or exceeding contracted performance SLA.
| Examples of major problems |
|Single site outages as reported by the customer or the NMS system |
|Service degradation over a Sites WAN connection as reported by the customer or the NMS system |
|High Priority Agency in list below (these will be given priority) |
Minor
Minor problems are defined as affecting individual sites, and do not interrupt service, degrade performance or exceed SLA specifications to an extent that prohibits users from accessing or using critical applications.
| Example of minor problems |
|Non-service affecting as reported by the customer or the NMS system |
|Hardware performance thresholds exceeded (e.g. CPU, memory, or buffer) |
|Latency, Jitter and Packet loss below specified parameters (SLA Table) as reported by the customer. |
|Circuit over utilization as reported by the customer. |
Informational
Informational tickets are created by the MFN NOC when a customer calls to report an issue that may trigger an alarm for the MFN NOC or to request informational assistance. Informational problems do not require repair.
Informational tickets regarding questions on operation of MFN tools should be submitted via email to support@MFN.. Informational tickets referring to the NMS will be responded to within 72 hours.
|Example of informational problems |
|Customer reports the network will be down for maintenance |
|Customer reports a scheduled power outage |
|Customer reports equipment shutdown for office remodeling |
|Customer request information or clarification on MFN tools or operation |
Chronic
A chronic ticket will be opened at the onset of the third occurrence of the same trouble type for a specific site within a 30 day period. An agency chronic ticket will be opened when an excessive number of tickets for a particular agency have been created within a 30 day period. Tickets opened under the following classifications will be excluded from the chronic ticket formula.
• Customer Maintenance
• Customer Education
• Customer Equipment
• Duplicate Ticket
• Weather related
• UPS issue
• Site Power
The Chronic ticket type should only be used to consolidate and track repair events within the individual outage tickets.
9 Notification Commitments
|Notification and Status Commitment Table |
|Severity Level of |Notification* Time |Commitment |
|the ticket | | |
| |15 min |Initial contact within 15 min of outage. Within 2 hours customer will be contacted with cause|
|Critical | |of outage and every 2 hours with status updates. |
|Major |15 minutes |Initial contact within 15 min of outage. Within 2 hours customer will be contacted with cause|
| | |of outage or issue. |
|Minor |30 minutes |Initial contact within 30 min of trouble and updates when conditions change. Within 2 hours |
| | |customer will be contacted with cause of issue. |
|Chronic |As Appropriate |Customer will be advised of chronic status and updated as conditions change |
|Informational |As Appropriate |NOC will respond to information requests within 72 hours otherwise NOC notification is not |
| | |required. |
*Notification or Status can be provided via Email** or phone within the given timeframe. See section 3.9 for “Escalation Procedures” if the stated Notification Time has been exceeded.
** There must be a valid email distribution list on file and configured for each level of ticket notification. A customer may call the MFN NOC or Log in to the Ticketing System at any time to obtain current status of a ticket.
10 Escalation Procedures
1 Customer Requested Escalation Procedures
Escalation Step 1
At any point a customer may call to request the classification of the ticket be raised to the next higher level by calling the MFN NOC or the Hayes NOC as appropriate. For example a customer may request a MAJOR to be raised to a CRITICAL.
Escalation Step 2
The customer may escalate a ticket through the MFN NOC by calling 1-866-913-8386 and asking for the manager on duty.
Escalation Step 3
Customers have the option to escalate network trouble issues by contacting the SUNCOM Network Operations Center at 1-888-4SUNCOM (Option 1, 9) or email suncom.helpdesk@dms. 24 hours a day, 7 days a week. When calling the SUNCOM NOC, please refer to the procedures below:
• State that you would like to escalate a MFN NOC trouble ticket
• Provide the MFN NOC trouble ticket number
• A SUNCOM NOC trouble ticket will be opened to track the progress of the escalation.
• The SUNCOM NOC Technician will work with the Customer to resolve the issue escalating to the SUNCOM Product Support Manager or SUNCOM Engineering Manager, as required.
• Further escalations within the MFN Management Tier will also be made, if requested.
• Once a resolution has been reached on the trouble ticket, the SUNCOM NOC Technician will verify the customer’s satisfaction with the resolution and close the ticket.
2 DMS Requested Escalation Procedures
Escalation Step 1
At any point a DMS representative may call to request the classification of the ticket be raised to the next higher level by calling the MFN NOC. For Example a DMS representative may request a MAJOR to be raised to a CRITICAL.
Escalation Step 2
The DMS representative may escalate a ticket through the MFN NOC by calling 1-866-913-8386 and asking for the manager on duty.
Escalation Step 3
If DMS deems that further escalation is required; please refer to the table below:
|Level of Escalation |Contact Point |Contact Information |Job Description |
|1 |MyFloridaNet NOC Manager |Sharon Quintero. |The MyFloridaNet NOC Manager is responsible for |
| | |Sharon.Quintero@ |the daily operation network ops issues including |
| | |850-325-3860 |installations and post installation troubles. |
|2 |Director, Data Network | Hank Adams, |The Director, Data Network Operations Centers is |
| |Operations Centers |hank.adams@ |responsible for directing the efforts of the |
| | |919-554-5180 |Tallahassee Data Engineering team as well as the |
| | | |Tallahassee Network Operations Center (NOC) |
| | | |management and work force. |
|3 |Service Executive, Service |Rick Chaffin |The Service Executive handles technical and |
| |Management |Rick.Chaffin@ |service issues that are not resolved by the |
| | |(386) 736-6351 |normal repair process or that require special |
| | | |arrangements to ensure that customer needs are |
| | | |satisfied. |
|4 |Director IT, |Stanford L Curtiss III |Overall responsibility for IBM Bluesky accounts, |
| |GLOBAL MANAGED SERVICES |(810) 424-6900 office |AT&T Managed Services, Service Assurance, and |
| | |(810) 424-6900 cell |Custom Managed Services. |
|5 |AVP Global Operations |Matthew Lucas |Responsible for Tier 1.5 through Tier 3 support |
| | |(949) 838-8183 office |of IBM Bluesky, AT&T Managed Services, |
| | |(949) 887-3525 cell |Outsourcing, Custom Managed Services and MSS |
| | | |customers via work centers based in the US, |
| | | |Bangalore, India and Campinas, Brazil. |
|6 |VP Global Enterprise Managed|John Walsh |The Global Enterprise Managed Services (GEMS) |
| |Services |(919) 474-1200 office |organization is responsible for domestic and |
| | | |global service assurance through Global Customer |
| | | |Service Centers (GCSC’s) supporting MRS; eVPN; |
| | | |MIS; and AVTS Service Lines. Additionally, the |
| | | |team has responsibility for Global Technology & |
| | | |Tier 3 Services, Global Managed Voice Services, |
| | | |Managed Security Services and Globally Managed |
| | | |Mainframe Services. |
|7 |Senior VP Service Assurance |Eric Boyer |The Global Enterprise Managed Services (GEMS) |
| | |(214) 757-3080 office |organization is responsible for domestic and |
| | | |global service assurance through Global Customer |
| | | |Service Centers (GCSC’s) supporting MRS; eVPN; |
| | | |MIS; and AVTS Service Lines. Additionally, the |
| | | |team has responsibility for Global Technology & |
| | | |Tier 3 Services, Global Managed Voice Services, |
| | | |Managed Security Services and Globally Managed |
| | | |Mainframe Services. |
|Corporate Sponsor |EVP Global Customer Service |Andrew Geisse |Chief Technology Officer for BellSouth |
| | |(214) 757-5820 |Corporation. In this role, he is responsible for |
| | | |setting the technology direction of BellSouth's |
| | | |core infrastructure. His department includes, |
| | | |network and operations technology, Internet |
| | | |protocol (IP) applications, next generation |
| | | |strategy as well as BellSouth Entertainment, |
| | | |LLC. . |
11 Generating Configuration Change Request
Most changes to the FIRN services including all billable items will require the customer to submit a ORDER through the Online CSAB system. Please refer to the chapter 4 in this guide “Ordering FIRN Services”. There are certain non-billable item changes that do not require a ORDER. For details please refer to the following tables. Changes identified in the FIRN NOC column marked “Yes” can be accomplished with a NOC ticket.
|FIRN Managed |CSAB Order Required |NOC Ticket |
|FIRN Elements and Features |Establish New |Change Existing|Establish New |Change Existing ** |
| | |** | | |
|FIRN Service |Yes |Yes |No |No |
|Content Filtering |Yes |Yes |No |No |
|Hourly maintenance |Yes |Yes |No |No |
|Monthly maintenance |Yes |Yes |No |No |
|Expedite |Yes |N/A |No |No |
|After Hour Installation |Yes |N/A |No |No |
|Special Construction |Yes |N/A |No |No |
|Extended Demarc |Yes |Yes |No |No |
|LAN IP addressing maintained by DOE |Yes |Yes |No |No |
|LAN IP addressing provided by Agency |No |No |Yes/Hayes |Yes/Hayes |
|Internet |Yes |Yes |No |No |
|Encryption - All types |Yes |Yes |No |No |
|Multicast |Yes |No |No |Yes |
|FIRN Managed CPE |Yes |Yes |No |No |
|Access List |Yes |No |No |Yes |
|Firewall Feature Set |Yes |No |No |Yes |
|QoS type - voice, video, application |Yes |No |No |Yes |
|NAT |Yes |No |No |Yes |
|IP Helper Address add / change |No |No |Yes |Yes |
|DHCP |Yes |No |No |Yes |
|LAN interface settings (Speed, Duplex) |No |No |Yes |Yes |
|IP Accounting (Troubleshooting Aid) |No |No |No |Yes |
|Route Cache Flow (Troubleshooting Aid) |No |No |No |Yes |
|Add Static Route |No |No |Yes |Yes |
|Elements and Features not listed above |Yes |Yes |No |No |
12 Customer Managed Option
|Customer Managed |CSAB Order Required |NOC Ticket |
|FIRN Elements and Features |Establish New |Change Existing|Establish New |Change Existing |
|FIRN Service |Yes |Yes |No |No |
|Content Filtering |Yes |Yes |No |No |
|Hourly maintenance |Yes |Yes |No |No |
|Monthly maintenance |Yes |Yes |No |No |
|Expedite |Yes |N/A |No |No |
|After Hour Installation |Yes |N/A |No |No |
|Special Construction |Yes |N/A |No |No |
|Extended Demarc |Yes |Yes |No |No |
|LAN IP addressing maintained by DMS / DOE |Yes |Yes |No |No |
|LAN IP addressing provided by Agency |No |No |Yes/Hayes |Yes/Hayes |
|Internet |Yes |Yes |No |No |
|Encryption – All types |Yes |No |No |Yes |
|Multicast |Yes |No |No |Yes |
|Customer Managed CPE |Yes |Yes |No |No |
|Access List |** |** |** |** |
|Firewall Feature Set |No |No |No |No |
|QoS type – voice, video, application |Yes |No |No |Yes |
|NAT |No |No |No |No |
|IP Helper Address add / change |No |No |No |No |
|DHCP |No |No |No |No |
|Add Static Route |No |No |Yes |Yes |
|Elements and Features not listed above |Yes |Yes |No |No |
** CSAB Orders can be used for any changes the customer would like to request. The advantage to a CSAB Order is engineering review for these changes. NOC tickets will reduce implementation time.
**** All required information must be in the ticket to complete the requested changes. If the information is incomplete the ticket and the changes will be placed on hold until all required information has been provided by the requestor.
For any Customer requested changes that may have an effect on the MFN core, the MFN Engineering and Design team will meet to review and discuss the design change before any changes can be made. For any changes requiring a ORDER or for changes not listed in the previous tables, Customers should initiate and submit the ORDER via the online CSAB system. Please see chapter 4 for more information on how to order changes.
Based on the tables above, when a change is requested through the MFN NOC, the user should provide the information listed below. For any changes requiring a ORDER, please refer to Chapter 4 of this guide.
• Circuit ID Number
• Type of service
• Managed or unmanaged CPE
• Detailed description of the request
• Exact date and time needed for the change
• CSAB Order Number
• Customer contact name
• Customer phone and cell numbers
• Email address of contact for status updates
• Hours of operation (When can you be contacted?)
• Any special requirements or constraints.
The status of a request can be checked by telephoning or emailing the MFN NOC (1-866-913-8386 or support@mfn.) or by using the Ticketing System application in the MFN Web Portal at . For tickets initiated by Hayes the user should contact Hayes at 1-877 347-6896 or email Hayes at support@ .
Router configuration changes that require engineering review and/or testing may take longer.
13 Hours of Operation
The MFN NOC is operational 24 hours a day, 7 days a week, 365 days a year via live assistance.
14 MFN NOC Contacts, Escalation Levels & Responsibilities
1 Contacts and escalation levels for MFN Operations are as follows:
CenturyLink
|Service Type |Contact/Escalation Level |Phone Number |
|FIRN |Level 1 | |
| | | |
| |MFN NOC |1-866 -913-8386 |
| |support@mfn. |Call 866-913-8386 ask for a supervisor |
| |Level 2 | |
| |Sharon Quintero – NOC Supervisor |850-325-3860 ofc |
| |Sharon.Quintero@ | |
| |Level 3 | |
| |Hank Adams CenturyLink Data Service Director |919-554-5180 ofc |
| |Hank.Adams@ | |
AT&T
|Service Type |Contact/Escalation Level |Phone Number |
|FIRN |Level 2 | |
| |AT&T Distribution (includes all contacts listed below) | |
| |Mfn.operations@ | |
| |Rick Chaffin – Service Manager | |
| |Rick.Chaffin@ |386-736-6351 |
| | | |
| |Cassius George Provisioning Liaison | |
| |cg6284@ |404-499-5458 |
| |Level 3 | |
| |Alex Oliver – NOC Manager | |
| |mo0612@ |404-499-5388 |
| | | |
Hayes
|Service Type |Contact/Escalation Level |Phone Number |
|FIRN |Level 1 | |
| |K-12 – Hayes |1-877 347-6896 ask for Duty Supervisor |
| |support@Level 2 | |
| |Lee Vickery ANS Engineer | |
| |lvickery@ |850-297-0551 X 166 |
| | | |
| |Level 3 | |
| |John Strobel – Director of Special Projects | |
| |jstrobel@ |850-297-0551 X 115 |
| | | |
Tier 4 – Design Engineering
|Service Type |Contact/Escalation Level |Phone Number |
|FIRN |Level 1 Core | |
| |Mark Sullivan Lead Core Engineer |850-216-3552 |
| |ms1802@asemail. | |
| |Level 1 CPE | |
| |Gardner Smith Design Engineer |404-499-5521 |
| |gs2255@asemail. | |
| |Level 2 | |
| |Dale King Lead Design Engineer |404-499-5522 |
| |dk7227@asemail. | |
| |Level 3 | |
| |Lalitha Parameswaran Supervisor Engineering | |
| |lp2394@ |831-594-3041 |
DMS-SUNCOM Engineering and Operations
|Service Type |Contact/Escalation Level |Phone Number |
|FIRN | | |
| |SUNCOM NOC |850-413-9569 |
Ordering FIRN Services
1 Customer Engagement
The following methods can be used to discuss and order FIRN Services.
• AT&T Account Executives contact the customer to propose services
• AT&T Account Executives discover a Customer need during routine meetings with customer.
• The Customer contacts the AT&T Account Executive with a need,
• DMS-SUNCOM personnel contact the customer to propose services
• DMS-SUNCOM personnel discover a Customer need during routine meetings with customer.
• The Customer contacts DMS-SUNCOM personnel with a need.
• The Customer places an order for services on the SUNCOM Website.
• The Customer contacts Department of Education for assistance or for DOE
If the AT&T Account Team is going out to meet with a Customer in reference to FIRN Services, they will notify the corresponding local AT&T Account Manager who will notify the DMS-SUNCOM Sales consultant or notify the DMS-SUNCOM Sales consultant directly as appropriate for that customer as listed in the tables below.
Additionally, AT&T will keep DMS-SUNCOM Sales Consultants informed with all communications and correspondence with the customer pertaining to FIRN. For example, AT&T emailing the customer will CC the consultants within that region. When meeting with SUNCOM customers or potential customers, AT&T will present Suncom as the network of choice and primary service offering.
1 Customer Engagement Personnel
|Consultant |Telephone |Email |Counties |
|Denise Adkins |850-921-1647 |Denise.Adkins@dms. |DMS Consultants Manager |
|John Bellows |(850) 922-7486 or |john.bellows@dms. |Bay Calhoun Escambia |
| |1-888-4SUNCOM | |Franklin Gadsden Holmes |
| |(1-888-478-6266) | |Gulf Jackson Liberty |
| |Option 4 | |Okaloosa Santa Rosa Walton |
| | | |Washington Jefferson Leon Madison |
| | | |Taylor Wakulla |
| | | | |
|Marvin Powell |(850) 413-7906 |Marvin.Powell@dms. |Alachua Baker Bradford |
| |1-888-4SUNCOM | |Clay Columbia Dixie |
| |(1-888-478-6266) | |Duval Hamilton Union |
| |Option 4 | |Gilchrist Lafayette Levy |
| | | |Marion Nassau Putnam |
| | | |St. Johns Suwannee revised 8/03 |
|Janet Doherty |941-373-7599 or |Janet.Doherty@dms. |Brevard Flagler |
| |1-888-4SUNCOM | |Indian River Volusia |
| |(1-888-478-6266) | |Orange Okeechobee |
| |Option 4 | | |
|Bill Fox |(352) 330-1363 or |bill.fox@ |Charlotte Citrus DeSoto |
| |1-888-4SUNCOM | |Hardee Hernando Highlands |
| |(1-888-478-6266) | |Lake Manatee Hillsborough |
| |Option 4 | |Pasco Pinellas Polk |
| | | |Sarasota Sumter |
|Linda Myers |(305) 470-5098 or |linda.myers@dms. |Broward Collier Glades |
| |1-888-4SUNCOM | |Hendry Lee Martin Palm, Dade, Monroe |
| |(1-888-478-6266) | | |
| |Option 4 | | |
|Service Delivery |Telephone |Email |Services |
|Kevin Langston |850-922-7477 |kevin.langston@dms. |Chief Service Delivery |
|Jennifer Swanson |850-921-4067 |Jennifer.swanson@dms. |Toll Free, VPN, Reservationless, |
| | | |Switched PIC, and air card. |
|Derek Howard |850-922-7474 |Derek.howard@dms. |FIRN , LD Dedicated (by agency) |
|Steve Welsh |850-414-7235 |Steve.welsh@dms. |FIRN, LD Dedicated (by agency) |
|Joelle Peek |850-410-0009 |joelle.peek@dms. |Assist on all services when assigned.|
AT&T State Government Account Managers
|Account Manager |Telephone |Email |Areas |
|Danny Thomas |850-216-3553 |danny.thomas@ |State Account Manager Supervisor |
|Rob Gass |407-826-6707 |Rob.Gass@ |State Government Account Manager |
|Chuck Lang |850-216-3535 |Chuck.Lang@ |State Government Account Manager |
|Kevin Patten |850-617-1862 |Kevin.Patten@ |State Government Account Manager |
AT&T Local Government Account Managers
|Account Manager |Telephone |Email |Areas |
|Jeff Parsons |904-359-7211 |Jp5947@ |Jacksonville Area Local Government |
| | | |Account manager Supervisor |
|Tom Henderson |850-969-7002 |Th3672@ |Pensacola Local Government Account |
| | | |Manager |
|Chris Wadley |904-359-7248 |Cw3669@ |Jacksonville Area Local Government |
| | | |Account Manager |
|Daphne Dilbert |813-878-3276 |Dd1829@ |Tampa Area Local Government Account |
| | | |Manager |
|Ismael Gonzalez |407-245-2106 |Jg2476@ |Daytona Beach Area Local Government |
| | | |Account Manager |
|Thomas Gill (Sr) |407-245-2135 |Lg5181@ |Orlando Area Local Government Account |
| | | |Manager |
|Wiley Horton |352-371-5572 |Wh3309@ |Gainesville Area Local Government |
| | | |Account Manager |
|Account Manager |Telephone |Email |Areas |
|Esperanza Diaz-Bello |305-569-7236 |Ed6554@ |Miami Local Government Account Manager |
| | | |Supervisor |
|Elena Cordal |305-569-7292 |Ec6561@ |Miami Area Local Government Account |
| | | |Manager |
|Ester Martin |305-569-7274 |Em6388@ |Miami Area Local Government Account |
| | | |Manager |
|Margarita Castellon |954-838-1721 |Mc0774@ |Fort Lauderdale Area Local Government |
| | | |Account Manager |
|Maria Johnston |305-582-9475 |Mj0368@ |Miami Area Local Government Account |
| | | |Manager |
|Bill Daniel |561-640-6630 |Bd2488@ |West Palm Area Local Government Account |
| | | |Manager |
|Nancy Vinez |561-640-6668 |Nv5238@ |West Palm/Ft Pierce Area Local |
| | | |Government Account Manager |
|Miriam Buonomo |305-840-2389 |Mb0481@ |Miami Area Local Government Account |
| | | |Manager |
2 Prerequisites for Ordering
During the initial stages of the ordering process, the FIRN Team involved with the Customer may consist in all or part of the following personnel:
• DMS-SUNCOM Sales Consultants
• DMS-SUNCOM Service Delivery Personnel
• AT&T Account Executives
• AT&T Technical Consultant
• AT&T Solutions Sales Engineer
• Customer personnel
1 Documents and Resources
Documents in Appendix 15.5:
Resources:
• Information on the SUNCOM Website
• FIRN Network Pricing - refer to SUNCOM Website
• Expedite Process (See Section 2.5 - Optional Services)
• After Hours ((See Section 2.5 - Optional Services)
• User Guide
2 Speed Selection
Customers will choose connection speed from the FIRN offering. The Access method and Router selection will be made by the vendor. It is understood that higher bandwidth and / or additional requirements or services may require an enhanced router be deployed.
3 QoS
QoS deployment will require engineering prior to submitting the ORDER. A QoS Template should be completed and attached to the ORDER. DMS will work with the customer and AT&T to complete the template For a copy of the QoS template, go to Appendix 14.12.
4 Service Inquiry
If the customer has need for high-speed connections, above 9 Meg or Ethernet, the team will need to submit a Service Inquiry request to AT&T to determine the availability of service for the location(s) in question.
Service Inquiries will require the following information to be submitted:
• Speed of connection,
• If upgrade, speed of current connection
• Valid site address,
• Local contact name and number,
• Telephone number for the location if different from the local contact’s number.
In cases were telephone service does not exist for a location, a working number near the location can be used and should be reported as such.
Service Inquiries normally take up to 7 business days to determine service availability. Results of the Service Inquiries will be incorporated into the CSAB order by the customer or DMS.
.
5 Special Construction
Occasionally it may be determined that while facilities were not available for installation of service as determined in the FIRN Service Inquiry, facilities can be constructed to provide the requested service at the desired location. This will require additional time and the customer may incur additional expenses. The requirements, expenses or any additional time required for special construction will be presented to the customer and approval obtained prior to submitting the ORDER to DMS to order services.
If facilities are not available AT&T (and its subcontractors) special construction charges will be approved by DMS Service delivery with customer written authorization. Approval will be expressly stated on the ORDER and the cost of Special Construction included as part of the overall cost for the service on the ORDER ordering document submitted by the customer for ordering FIRN service for the subject location.
6 Site Readiness
For any non-Fiber based FIRN services, the site receiving FIRN service must be ready to receive the service and have a space appropriate for housing network equipment. This includes the site being fully constructed and ready for occupancy and having a secure, clean, environmentally conditioned, properly lit space with the necessary electrical power and with equipment racks, floor space and/or plywood backboards available. All of the following requirements must be met before the circuit installation can be completed.
|Is there an AC power outlet available? (Yes or No) | |
|Is there adequate lighting in the room? (Yes or No) | |
|Is there sufficient backboard space and a #6 ground wire? (Yes or No) | |
|Is wiring/infrastructure already in place (inside the building) from your Demarc to your final | |
|router location? (Yes or No) If No, when will it be in place? | |
|Special Access required for room? (Yes or No) | |
|Is there rack or shelf space available? (Yes or No) | |
|How and where should the network equipment be placed / mounted? (Please describe: shelf, wall, | |
|rack?) | |
|Is conduit needed from the street to the building? (Yes or No). If Yes, when will it be in | |
|place? | |
|Does the equipment room have temperature and humidity control? (Yes or No) | |
|List any special room conditions. List none if there no special room conditions. | |
|Has the Certificate of Occupancy been issued to customer? (Yes or No) | |
Note: Any site readiness requirements will be at customer expense.
For any fiber based FIRN services, a site survey will be performed to determine if the site is ready for fiber based FIRN services. This process will take place after DMS submits a complete ORDER to the service provider. A service provider representative will contact the customer to schedule a site survey.
3 Initial Service CSAB Order Submission – Installs
Orders will be reviewed by SUNCOM Service Delivery personnel before submission to AT&T. After an acceptable design has been established, it is SUNCOM’s goal to review and submit ORDER’s to AT&T from the customer within three business days of receipt. Additionally, ORDER’s will be correct and with an acceptable, functional design at submission. Any assistance required by DMS-SUNCOM from AT&T will be sought out and obtained prior to ORDER submittal. DMS-SUNCOM will engage DMS-SUNCOM Engineering, AT&T Technical Consultants and/or AT&T Solutions Sales Engineers, for assistance before submission of the ORDER to AT&T. AT&T will assist DMS with the design and review within 3 business days.
4 In-House Relocations
In-house relocation of D-Marcs will be initiated by ORDER. In-house relocations can typically be completed much quicker than new circuit installations and will not be subject to the standard intervals for installation. AT&T will work with SUNCOM to perform in-house moves in a quick and timely manner.
5 Relocation of Service to New Physical Address
Relocation of service to a different physical address will be initiated by a CSAB order and will typically be handled by issuing two (2) ORDER’s. A separate ORDER will be issued for installation of the new service at the new location and a second ORDER will be issued for the disconnection of the existing service. This is necessary as customers often want no down time associated with the move and require service continuation at the original site until the relocation of all personnel and equipment is completed. If downtime can be tolerated by the customer and the customer is not requesting an upgrade of the existing service, the router may be re-used/relocated to the new service location. This will require approval and coordination with the customer by DMS-SUNCOM or AT&T. Rented routers should be moved to the new location by AT&T or one of its subcontractors and not the customer.
6 Changes to Existing Service
Most changes to the FIRN services including all billable items will require the customer to submit a ORDER through the Online CSAB system. There are certain non-billable item changes that do not require an ORDER. For details please refer to the following tables. Changes identified in the FIRN NOC column marked “Yes” can be accomplished with a NOC ticket.
***Changes that can be requested by an FIRN NOC ticket will be completed within 2 hours of creation of the ticket. The ticket will be created with a severity classification of Minor.
7 FIRN Managed Option
|FIRN Managed |CSAB Order Required |NOC Ticket |
|FIRN Elements and Features |Establish New |Change Existing|Establish New |Change Existing ** |
| | |** | | |
|FIRN Service |Yes |Yes |No |No |
|Content Filtering |Yes |Yes |No |No |
|Hourly maintenance |Yes |Yes |No |No |
|Monthly maintenance |Yes |Yes |No |No |
|Expedite |Yes |N/A |No |No |
|After Hour Installation |Yes |N/A |No |No |
|Special Construction |Yes |N/A |No |No |
|Extended Demarc |Yes |Yes |No |No |
|LAN IP addressing maintained by DOE |Yes |Yes |No |No |
|LAN IP addressing provided by Agency |No |No |Yes/Hayes |Yes/Hayes |
|Internet |Yes |Yes |No |No |
|Encryption - All types |Yes |Yes |No |No |
|Multicast |Yes |No |No |Yes |
|FIRN Managed CPE |Yes |Yes |No |No |
|Access List |Yes |No |No |Yes |
|Firewall Feature Set |Yes |No |No |Yes |
|QoS type - voice, video, application |Yes |No |No |Yes |
|NAT |Yes |No |No |Yes |
|IP Helper Address add / change |No |No |Yes |Yes |
|DHCP |Yes |No |No |Yes |
|LAN interface settings (Speed, Duplex) |No |No |Yes |Yes |
|IP Accounting (Troubleshooting Aid) |No |No |No |Yes |
|Route Cache Flow (Troubleshooting Aid) |No |No |No |Yes |
|Add Static Route |No |No |Yes |Yes |
|Elements and Features not listed above |Yes |Yes |No |No |
8 Customer Managed Option
|Customer Managed |CSAB Order Required |NOC Ticket |
|FIRN Elements and Features |Establish New |Change Existing|Establish New |Change Existing |
|FIRN Service |Yes |Yes |No |No |
| |Yes |Yes |No |No |
|Content Filtering | | | | |
|Hourly maintenance |Yes |Yes |No |No |
|Monthly maintenance |Yes |Yes |No |No |
|Expedite |Yes |N/A |No |No |
|After Hour Installation |Yes |N/A |No |No |
|Special Construction |Yes |N/A |No |No |
|Extended Demarc |Yes |Yes |No |No |
|LAN IP addressing maintained by DMS / DOE |Yes |Yes |No |No |
|LAN IP addressing provided by Agency |No |No |Yes/Hayes |Yes/Hayes |
|Internet |Yes |Yes |No |No |
|Encryption – All types |Yes |No |No |Yes |
|Multicast |Yes |No |No |Yes |
|Customer Managed CPE |Yes |Yes |No |No |
|Access List |*** |*** |*** |*** |
|Firewall Feature Set |No |No |No |No |
|QoS type – voice, video, application |Yes |No |No |Yes |
|NAT |No |No |No |No |
|IP Helper Address add / change |No |No |No |No |
|DHCP |No |No |No |No |
|Add Static Route |No |No |Yes |Yes |
|Elements and Features not listed above |Yes |Yes |No |No |
** ORDERs can be used for any changes the customer would like to request. The advantage to a ORDER is engineering review for these changes. NOC tickets will reduce implementation time.
* All Private IP Addresses must be validated with the MFN NOC prior to implementation to ensure no conflict will arise with any other IP Addressing Scheme in production
*** An ORDER will be required if a customer is requesting access to resources outside their VRF or to another Agency. Site to Site ACL creation or changes within an Agency do not require a ORDER. DMZ site between multiple sites within a particular Agency, with pre-defined layer 4 ports does not require ORDER. The 2 hour configuration SLA does not apply to the creation of any new Access List. 6-23-10 note – while it is ideal to make some changes using a NOC ticket, a DMS directive has been issued to require a CSA for any ACL changes until further notice.
**** All required information must be in the ticket to complete the requested changes. If the information is incomplete the ticket and the changes will be placed on hold until all required information has been provided by the requestor.
9 Changes Requiring a CSAB Number Change
Changes in Speed will result in a CSAB Authorization Number change and will be processed as a disconnect of existing service and installation of new service. Two ORDERs will be issued to assist in the changing of AT&T invoicing and DMS-SUNCOM inventory and billing records. The ORDERs will clearly state the reason for the change and that a physical disconnect and installation of the service may not be required unless a new local loop is needed.
10 Discontinuation of Service
Discontinuation of service will be initiated by DMS-SUNCOM through the issuance of a CSAB order. The ORDER will be issued with the same SUNCOM Inventory ID number as the installing ORDER and will contain at a minimum:
• agency location name, address, city, phone number
• local contact and phone number,
• requested due date for discontinuation of service
• Circuit number.
AT&T will honor the customer requested due date (CRDD) when it meets or is beyond the standard disconnect interval of 10 calendar days after receipt of the ORDER from DMS to AT&T. DMS may request shorter intervals on an exception basis. AT&T will consider granting shorter intervals on a case by case basis.
11 Mandatory Use of Online CSAB System
All ORDERs will be submitted to AT&T by DMS-SUNCOM and accepted by AT&T via the Online CSAB System or similar system as deployed by DMS-SUNCOM. Closeout information required by DMS-SUNCOM will be provided via the Online CSAB system prior to payment or acknowledgment of installation, change, or service discontinuation. Changes approved via NOC ticket and not affecting invoicing charges would be an exception.
12 Incomplete CSAB Orders*
ORDERs submitted to AT&T will contain all the necessary information as agreed to by DMS-SUNCOM and AT&T. Any ORDER that is incomplete or missing information should be brought immediately to the attention of the DMS-SUNCOM personnel issuing the ORDER for correction. This can be accomplished in real-time if all parties are available or may be returned to DMS-SUNCOM for resolution if DMS-SUNCOM personnel are unavailable. For details and process on SLA hold time, refer to section 4.13.4. DMS-SUNCOM will contact the customer for clarification to complete the ORDER and return to AT&T for processing.
Any modification to the requirements set forth by the ORDER must be approved by DMS-SUNCOM before processing or payment will not be authorized.
*No ONS services can be ordered without selecting an access service or connection first.
13 FIRN Installation Process
1. A call will be made by the Vendor to the on-site contact prior to the due date to advise when to expect the installation of the circuit to occur.
2. Circuit technicians will be dispatched to install the new FIRN circuit and the Out of Band Modem line (in AT&T / Legacy BellSouth Territory) prior to installation of the router.
3. A call will be made to the on-site contact prior to the due date to advise when to expect the installation of the router to occur.
4. The CPE installer will be dispatched on the planned Test and Turn-Up date as close to the beginning of the requested appointment window as possible.
5. The CPE installer will work with the Provisioning Personnel to turn up the equipment on the circuit and verify connectivity to the Core and to the internet.
6. The CPE Installer will work with the customer in connecting the router to the Customer’s LAN if the customer is ready at the time of turn up.
7. If there are any unresolved issues noted during the testing process, the customer will be left on their existing service and a new installation date will be rescheduled.
8. After the successful testing and turn up of the customer location the provisioning Engineer will close out the Remedy provisioning schema. After closing of the Remedy Provisioning schema an email will be sent to the NMS team to populate the tools.
9. The systems team will work to populate the device in to the Network Management System (NMS) Tools. The sites are usually populated within 2 business days.
10. Based on the guidelines stated in this document related to service turn-up and effective bill dates, AT&T and it partners will enter the “Completion Date” and “Effective Bill Date” in the Online CSAB system. AT&T and its partners will close ORDERs in the online CSAB system within 7 business days from the day the service was turned-up. DMS will not authorize payment if ORDER’s are not closed out properly in the Online CSAB System. It is extremely important that AT&T and its partners close out ORDERs in a timely manner following this rule.
11. The following table shows those individuals ATT has authorized to work and close FIRN ORDERs in the Online CSAB system. This list will be maintained by ATT and any changes will be reported monthly. While this table is intended to show the individuals who will be processing ORDERs for FIRN it is understood that in emergencies ATT may have to add resources in order to meet an emergency need of the State. It should be noted that while the individuals below are listed as those who are currently approved and tasked to work FIRN ORDERs, any ORDER activity performed by any employee of ATT, any Subcontractor acting on behalf of ATT, or any other individual given access to the Online CSAB System by ATT, ATT has ultimate responsibility for all activity associated with the ATT Online CSAB account.
|Name |Phone Number |Email Address |Partner |
|Flo Brekka |954-838-1538 |Flo.Brekka@ |AT&T |
|Beth Daly |954-838-1582 |Beth.Daly@ |AT&T |
|Maura Cordero |954 838-1339 |mc7310@ |AT&T |
|Cathy Bevis |954 838-1431 |mb7900@ |AT&T |
|Jon Osterbur |407-628-6649 |Jon.A.Osterbur@ |Centurylink |
|John McCoy |850-847-0199 |john.mccoy@ |Centurylink |
| | | | |
12. Billing will commence the day following successful turn-up and testing/cutover to FIRN. For example:
Please refer to section 5.2 “Billing Start Date for new services” for additional information.
14 Installs, Moves, Adds, and Changes (IMAC) SLAs
2 SLA Start and End Requirements
3 An SLA performance target begins when the following items are complete:
1. a complete and accurate CSAB order is submitted by the customer to DMS
2. it is reviewed by DMS for accuracy and completeness
3. is submitted to the Service Provider
4 The SLA performance target ends:
For Vendor Provided CPE / Managed:
1. The router has been installed on the customer premise
2. Router has been turned up with the Provisioning engineer and engineer has documented activities in the provisioning comments section of Remedy
3. Customer verifies and accepts installation by signing the FIRN Installation Checklist as a template for services to be tested. Testing may be performed using the Installers Laptop per customer request.
Note: The customer may or may not cutover their LAN at this point based on customer request.
For Customer Provided CPE / Unmanaged:
1. The Vendor will contact the customer to advise of the circuit installation due date. This is a minimum of two days prior to circuit completion.
2. The circuit will be installed and tested by Vendor Network technicians prior to the turn up of the CPE.
3. The Vendor will contact the customer to set an appointment for turn up of the CPE.
4. The Vendor will send a confirmation email of the appointment time for the turn up of the CPE, which will include expectations on billing start date to the customer, The Vendor will have configured the CORE Interface prior to the appointment time.
5. The turn up appointment will be scheduled by the Vendor and could take place within 7 business days of the circuit install date or billing will commence automatically. Refer to section 5.2.2 (Customer Provided CPE) for details.
6. The customer will configure their CPE using the guidelines and site specific technical data provided by the Vendor to them for the location.
7. The customer will connect the CPE to the access circuit.
8. The customer will be responsible to call the Vendor at the scheduled appointment time to work with the Provisioning Engineer to confirm circuit operation and routing through the CORE.
9. The customer will be responsible for any LAN side connections of the CPE and any cutover activities that need to take place for new service turn up.
10. If the customer does not contact the Vendor on the scheduled appointment time, the Vendor will close out the turn up with the scheduled date and the Technical contact as being completed.
15 SLA Installation Performance Targets
The table below provides the SLA installation performance targets for the FIRN by bandwidth speeds. The SLA report will represent business days as method for calculation. SLA Targets exclude the Vendor holidays
|SLA Installation Performance Target |
|Bandwidth Range |SLA Target* |
|All FIRN Except Secure Internet Services |Install within 45 business days (Approximately 35 calendar days) |
|Secure Internet Services |64kbps to T1 = 60 days |
| | |
| |>T1 to 45Mbps = 80 business days |
| | |
| |>45Mbps = 180 business days |
If the SLA performance target is not met, AT&T will credit DMS 25%, 10% for Secure Internet Services, of their customer service Monthly Recurring Charge (MRC). SLA violation credits are not applicable on DMS cost recovery.
A customer should request a due date that is not less than the above SLA performance targets. It is the customer’s responsibility to plan and forecast for services ahead of time. This will allow DMS ample time to work with the customer on ORDER requirements such as design review (if necessary), service inquiry, and validation of other requirements for a submittal of a complete ORDER. Refer to the Chapter 4.0 on Order Process for additional information. Incomplete information on the customer ORDER will impact the due date and SLA performance targets.
The customer may request a shorter due date as a Best Effort from Vendor, in which case AT&T will determine if the request can be met without expedites. SLA Installation performance Targets will still apply if the dates cannot be improved.
The customer may also request a shorter interval by using the Expedite procedure as detailed in Section 2.4.2 . In the case of an expedite request the Vendor will make every effort to meet the requested expedite date. SLA Installation Performance Targets are not applicable to expedited order time improvements.
DMS will work with AT&T to determine if the requested due date can be met and notify the customer with any issues.
16 Other Services and impact on SLA Performance Target
The following services can be completed much quicker than a new circuit installation and will not be subject to the standard intervals for installation as described above. The vendor will work with SUNCOM and make every effort to complete these quickly and in a timely manner.
|Requested Service Change |Expectation* |
|CPE upgrade on existing circuit |15 |
|CPE module upgrade on existing CPE and Circuit |15 |
|In house relocations |15 |
|Extension Demarc on existing service |15 |
|Optional Features such QoS, Multicast, Encryption on existing circuit using |15 |
|the CSAB process | |
|Bandwidth upgrade on existing circuit. For example, if a customer has a 12 |15 |
|Mbps circuit provisioned on a DS3 and the customer want to upgrade to a DS3.| |
*Business Days
17 CSAB order submittal and SLA Performance Target for new installations
Below is a summary of what is included and excluded from the SLA performance target for some of the major requirements of a CSAB ORDER. As compared to other CSAB order requirements, these have a larger impact on dues dates and SLA performance targets.
|CSAB order requirements |(Before or After) CSAB order |(included or excluded) |
| |Submittal to AT&T |SLA Performance Target |
|Service Inquiry - above 12 Mbps or all Ethernet |Before |excluded |
|Service Inquiry – 12 Mbps and below |After |included |
|Customer Service Questionnaire Review by DMS |Before |excluded |
|Site Readiness Requirements (non-fiber based) |Before and / or After |excluded |
|Site Survey (fiber based) |After |included |
|Site Readiness (fiber based) |After |excluded |
Example: A “Service Inquiry – above 12 Mbps or all Ethernet” as a CSAB ORDER requirement must be performed “Before” the CSAB ORDER is submitted to AT&T. The time it takes to perform this CSAB ORDER requirement is “excluded” from the SLA performance target.
Note: For any item that is excluded from SLA performance targets after a ORDER has been submitted to AT&T, an SLA Hold time needs to be documented in the Remedy Order for the location as noted in the process below.
18 Book of Record and SLA Hold Time Guidelines
The Online CSAB system will be the book of Record for order issuance to the Vendor and completion dates from the Vendor.
The Remedy System will have an order issued for each new installation and will track any “SLA Hold Times” against the SLA Performance Targets. The Remedy Order Start Date will be entered using the date to the ORDER was issued to AT&T based on the Online CSAB System. The Remedy Order End Date will be populated with the same date that will be entered in the Online CSAB System as the “Completion Date”.
The Completion Date is based on the day of Service Turn-Up for Vendor Managed or the Appointment time set for Customer Managed.
For SLA Hold Time only, the Remedy System will be used for the IMAC data on the SLA monthly Report. Any “SLA Hold Times” must contain the three details listed below to be considered for review. Discretion will be used when using “SLA Hold Times” reason.
1. Detail Reason of SLA Hold Time
2. Timestamp for start of SLA Hold Time
3. Timestamp for end of SLA Hold Time
Any SLA Hold Time with the above information will be validated as part of the SLA scrubbing process by the SUNCOM NOC and AT&T (and it sub-contractors). The SUNCOM NOC will validate and compare all the SLA reporting information with the information provided through the Online CSAB system. Any SLA Hold Time without the above information (three bullet items) will not qualify for SLA Hold Times.
19 SLA Hold Time Request and Approval Process
The vendor will email DMS at csahold@dms. and csa@FIRN. to request a SLA hold on a ORDER. The email should provide as much detail as possible as to the reason of the SLA hold time. This will be followed up by a phone call to the DMS Service Delivery personnel (listed on the ORDER) as well. DMS Service Delivery personnel will respond in a like manner (email & call) to notify the vendor if the request is approved or rejected.
If approved, the vendor will return the ORDER via the On-line CSAB System to DMS adding in the comment the SLA Hold Reason and Hold Times (start and end). See a list of valid SLA hold reasons below in section 4.13.4.2 “SLA Hold Time Reasons”. DMS Service Delivery personnel will accept or reject the Hold Times by adding a comment in the Online CSAB System. In addition, the vendor will update the Remedy Order System with this information The SLA clock will be stopped while DMS Service Delivery corrects the ORDER and will be restarted once the ORDER is received by AT&T for processing. However any delay in determining that a ORDER is incomplete does not relieve AT&T of its SLA intervals for installation of service. In other words, a ORDER cannot be held for a length of time and then returned to DMS Service Delivery for correction and have the clock restarted on the SLA process. The SLA clock is only suspended while the ORDER is at DMS Service Delivery for change or completion. Every effort will be made by both the vendor and DMS Service Delivery personnel to contact the customer and fix the issue as soon as possible in order to remove the SLA Hold time.
If rejected and disputed, DMS service delivery will escalate the issue to their management for resolution.
No ORDER will be returned or put on hold without prior approval from DMS Service Delivery personnel.
20 SLA Hold Time Reasons
[pic]
1 Other Impacts on SLA Performance Targets
• If access facilities are not available for bandwidth speeds greater than 12 Mbps and all Ethernet, defined SLA performance targets will not be applicable
• Installation delays caused by end user owned equipment
Billing
1 Billing Cycles
Services are initiated through the DMS On-Line CSAB (Communications Services Authorization) process in the Order Tracking System. AT&T will complete Block 7 –“For Telco Use Only” by providing the Work Order Number, Completion Date, Circuit number and Effective Bill Date as well as other required fields on the ORDER. The first chargeable day will be the day as stated on the ORDER Effective Bill Date. This effective bill date will be based on the guidelines described in this document including section 5.2 below and “FIRN Installation Process”. It is the responsibility of SUNCOM Billing to validate the invoices against the “Effective Bill Date” for accuracy. Additionally, SUNCOM billing will validate that billing has started the next calendar day after the completion date. See example below. Any discrepancies will be reported to AT&T.
Fractional charges, which are a portion of the Monthly Recurring Charges (MRC), will be billed from the Effective Bill Date up to the next month’s bill cycle. For example:
Completion Date: 10/12/2009
Effective Bill Date: 10/13/2009
Initial Bill Date: 11/01/2009
Fractional Charges: 10/13/2009 – 10/31/2009
MRC: 11/01/2009-11/30/2009
2 Minimum Billing Periods
There is no minimum billing period in the FIRN contract. Customers will be billed for the service they have in order to comply with the Erate requirement that the service provided must be the service billed.
3 Billing Start Date for new services
Billing for installation of new services on FIRN falls in to two categories based on CPE acquisition as defined in sections 7.4 (Acquired) and 7.4 (Customer Provided CPE). The differences are detailed below:
4 CPE acquired through the FIRN contract
All new FIRN equipment will be staged, configured and installed as part of the packaged CPE pricing.
If the FIRN turned up on Friday, billing will start on the following calendar day as the effective bill date.
5 Customer Provided CPE
Customers choosing to use / provide their own CPE acquired from other sources are an integral part of the turn up process on FIRN. The Vendor will work with the customer to schedule turn up appointments within 7 business days of the access circuit installation. The turn up schedule will be mutually agreed upon by the Vendor and the Customer and will be used as the record for setting billing dates. The FIRN billing will start the next calendar day after the scheduled CPE provisioning date for the site.
For example, if the Access circuit was installed on Monday, the CPE was turned up on Friday then the billing will start on the following calendar day as the effective bill date.
If there is any delay in completing the Turn-up due to a Vendor error, billing will be deferred to start the next calendar day after the correction of the error.
6 Disconnect Processing and Effective Bill Date
For disconnection of service, AT&T will provide the same information in Block 7 and the Effective Bill Date as agreed upon. Standard disconnect interval is 10 calendar days after receipt of the ORDER from DMS to AT&T. DMS may request shorter intervals on an exception basis. AT&T will consider granting shorter intervals on a case by case basis.
For example: Complete disconnects
ORDER Received: 10/15/2009
Completion Date: 10/25//2009
Effective Bill Date: 10/26/2009
Bill Date: 11/01/2009
Fraction Credit: 10/26/2009 – 10/31/2009
Any move/change that is downgrading, upgrading or site change etc. that is not completely disconnecting service and replacing existing one will not be double billed. For example, billing for old/existing service would stop the day of the completed move and the effective bill date of the new install will be the next calendar day. Please note both a Disconnect and New Install ORDER must be issued.
For example: Change of service:
New Service turned up: 10/15/2009
Existing ORDER Bills through: 10/15/2009
New Service starts Billing: 10/16/2009
AT&T is required to provide all information for Block 7 – “For Telco Use Only” as soon as the orders are completed. This process affects the billing to customers whether installing, cancelling or making changes to existing services. For installs and disconnects, DMS-SUNCOM must validate the effective date used within the customer billing and this information must be completed by AT&T within the current bill cycle if at all possible. DMS-SUNCOM will use the validated date provided unless the customer challenges the date; if this occurs a formal dispute will be initiated. See process in section 5.11 below.
7 Change in billing results from a funding change Proviso language by the Legislature, or a responsibility change
DMS will submit a ORDER to AT&T to effect this change. For changes reflecting new FRN numbers ORDERs should be issued no later than May 1st prior to the next funding year. Requests to change billing responsibility will be initiated by DMS through the issuance of a ORDER and will typically be handled by issuing two (2) ORDER’s. A ORDER will be issued under the agency code of the new agency for the installed service at the existing location and a second ORDER will be issued for the cancellation of billing for the existing service. There are at least three situations where this billing change may apply:
1. The original Agency passes “Billing only” responsibility to the new Agency
All provisioning and support responsibility remains with the original Agency. In this event, the Remedy ID and NMS Tools access remains with the original Agency. AT&T will create a “Billing only” record in ccConnect to effect the change in billing. The ORDER reflected in the billing to DMS will be changed to reflect the New ORDER. Close-out comments on the ORDER’s will reflect a “Billing only” change. To properly manage the potential discontinuance of service, it is prudent on DMS and AT&T to maintain a cross-reference of both ORDERs. Record and will process this change request through the downstream systems to affect the following at a minimum:
o No changes required in the downstream provisioning and support systems
o Remedy ID
o Router Name, as required
o Router Description to include the new ORDER number
Example: DOE is no longer responsible for billing under Agency code for the individual FIRN users; however, DOE maintains full responsibility for the installed service under Agency code 48R.
2. The original Agency passes all billing, provisioning and support to the new agency.
In this event, there is no change required to the provisioned service. AT&T will create a new ccConnect Record and will process this change request through the downstream systems to affect the following at a minimum:
o Remedy ID
o Router Name, as required
o Router Description to include the new ORDER number
o NMS Tools Security Administrator, if required
Example: The DOE will no longer fund the Community Colleges’ Internet Access. All services currently installed under DOE Agency code 48S will be move to the appropriate Community College code i.e. C14 for Manatee Community College. Some planning was done during the migration in preparation of this potential change in funding such as allowing all Community Colleges access to their devices within NMS Tools.
3. The original Agency passes all billing, provisioning and support to the new agency.
In this event, there is a change required to the provisioned service. AT&T will create a new ccConnect Record and will process this change request through all downstream systems to affect the following at a minimum:
o New Agency Name
o New Contact Information
o New Router configuration including a change in IP Address and VRF Assignment
o Remedy ID
o Router Name
o Router Description to include the new ORDER number
o NMS Tools Security Administrator
In this situation time is required to process and schedule the provisioning of the service to the new Agency.
Example: Due to proviso language, DOE will pass ownership another agency or District. The physical location will not change, however all provisioning will be changed to reflect specific details of the new agency or District. This change will follow the process of a move of service without changing the physical address.
The ORDER will be issued with the new Authorization number and will contain at a minimum:
• The new ORDER Authorization Number
• Agency location name, address, city, phone number
• Local contact and phone number,
• Requested due date for change of service
• Circuit number
• VRF assignment
• IP Address changes
• Explanation of the type of Billing Change being requested.
AT&T is required to provide all information for Block 7 – “For Telco Use Only” as soon as the orders are completed. This process affects the billing to customers whether installing, cancelling or making changes to existing services. For installs and disconnects, DMS must validate the effective date used within the customer billing and this information must be completed by AT&T in a timely manner. DMS- will use the date provided unless the customer challenges the date; if this occurs a formal dispute will be initiated; see process in section 5.11 below.
8 Credits and Dispute Resolution Guidelines
All charges billed by AT&T to DMS- DIVTEL must be authorized by a ORDER. If charges are billed that are not authorized by a ORDER – they will be deducted.
DMS- DIVTEL will not pay AT&T for unauthorized charges and will deduct the unauthorized charges from the monthly bill with notification by email to AT&T that the charges are not valid. When AT&T issues the credit for the unauthorized charges; the credit will not be accepted; the charges were not paid, therefore the credit is not due to DMS- DIVTEL. AT&T issued the credit to offset charges previously billed. This process is to clear the past due amount from the billing.
For other disputes within the billing; DMS- DIVTEL will pay the charges with an agreed upon time period for AT&T to correct the billing. The normal time period for corrections will be 2 bill cycles. For example:
Dispute identified on June 5th bill cycle: 6/5/2009
Email to AT&T identifying dispute: 7/2/2009
Correction received by bill cycle: 9/5/2009
Some corrections may occur sooner depending on the date the dispute is identified. Based on this example, if the dispute was identified to AT&T on 6/15/2008 then the correction should be made by the 8/5/2008 bill cycle.
If the correction is not received within two billing cycles, the charges will be deducted from the next bill. If this occurs, email will be sent to notify AT&T of the deduction.
NMS Tools
1 Network Management Systems CPE Requirements for Monitoring
Customers managing their own CPE and desiring to have their CPE monitored by the NMS tools must comply with the following configuration requirements in order to be monitored:
• Read Only SNMP security string that can be utilized by the MFN network management servers. This information must be shared with the MFN network management provisioning team prior to routers being added to the systems.
• Expanded access control list (ACL) to allow the devices to be reached by all necessary FIRN IP network management server addresses. This list of around 40 IP addresses includes CA Spectrum and CA eHealth servers located in Tallahassee, FL (primary location), and Winter Park, FL (failover location).
Cisco Example:
remark EMBARQ-Spectrum-tlh-1
permit x.x.x.x
• Configure SNMP trap destinations. This will forward SNMP trap data to the Spectrum server, which is necessary for fully functional fault management.
Cisco Example:
snmp-server host x.x.x.x vrrp frame-relay envmon flash authenticate-fail bgp sdllc config-copy config entity event-manager hsrp ipmulticast mvpn ospf pim syslog aaa_server atm firewall ipsec isakmp rtr snmp
• Configure a syslog destination to include the MFN syslog server. This is required for complete functionality of configuration management and security software.
Cisco Example:
logging trap notifications
logging x.x.x.x
• Follow the FIRN naming convention (FRN+LATA+City Code+Agency Code+incremental number) in order for the tools to function and provide secure limiting of customer views. Customers not able to rename devices will still see the FIRN names utilized in the tools.
Note: All required configuration details and parameters will be supplied to the end user by AT&T during planning meetings before turn up.
2 MFN Network Management Tools User Training
Users are training on the MFN Network Management tools through three approaches.
1. Online web based training
2. Local or web based instructor led training
3. Vendor classes
• Online On Demand Web Based Training
Tool overview and navigational training is available online from the DMS FIRN Training Website and updated regularly.
• Local or web based instructor led training
Special in depth classes are held at DMS facilities or at agency locations in Tallahassee. If users are remote, web based live training is supplied if possible. Training agendas are customized according to customer needs. Classes are being led by experts involved in installing and maintaining the systems.
Contact: Brian.Bayne@
• Vendor Classes
Classes for CA eHealth and NetQoS Reporter Analyzer are occasionally held by software vendors at DMS training facilities. These special classes are scheduled by the Embarq sales team.
Contact: Tom.Avery@
3 MFN NMS Tools Access Requests
1 Additions –
The process below is not active yet. Currently, we are using the NMS Tools form to approve access to the Web Portal. All (including new and existing Customer, DMS and vendor employees) NMS Tools request will be sent to NMSAccounts@dms. for DMS approvals. Refer to the User Guide process for additional information.
The Agency ORDER Administrator should complete and submit the ORDER through the online CSAB system. Requestors should assure that all information on the ORDER is filled out in order to avoid delays in processing. Please view the sample ORDER in Appendix 14.11. DMS will submit the ORDER via the Web-based CSAB system to AT&T. AT&T will forward the ORDER to the Embarq - Network Systems inbox for completion of the request. The Embarq - Network Systems Group will e-mail the user notifying them that the MFN NMS Tools account has been configured and that the Embarq – Network Systems Group will contact the user to provide account and password information. The Embarq notification form is located in Appendix 14.11.
Note that the Q-Radar Security tool is limited to two accounts per organization. It is advised that the Q-Radar user have an IT Security Background. Only an organization Security Administrator may request and authorize an account.
DMS will handle the NMS Tools accounts for Customers and AT&T employees (and its partners) through the CSAB online system. NMS Tools accounts or any other MFN access for AT&T and its Partner employees will only be created after the statutorily required Background Check is satisfactorily completed (see MFN OPS Guide Chapter 11 “Background Checks for MFN”).
Customer Access to MFN web portal (NMS tools) will be denied if the customer security administrator contact cannot be validated.
4 Routine Changes
The Agency ORDER Administrator should complete and submit the ORDER through the online CSAB system. Please view the sample ORDER in Appendix 14.11
5 Routine Removals
If an existing working account is not needed, it is the responsibility of the agency ORDER administrator to submit a ORDER to delete the account. Requests to delete accounts should be sent from the agency through the online CSAB system. Please view the sample ORDER in Appendix 14.11. DMS will submit the ORDER via the Web-based CSAB system to AT&T. AT&T will forward the ORDER to the Embarq - Network Systems inbox for completion of the request and the ORDER can then be closed.
6 Emergency Account Removals
In the case of an emergency account removal request, DMS should forward the information to accounts@MFN., and then escalate the request by calling the MFN NOC. The MFN NOC will contact the appropriate manager to expedite the removal, including after hours and weekends.
7 Network Management Reports
Network management reports are available to end users and DMS from various products and can be accessed from the web based user interface.
Section 6.5 provides information on
1. CA Spectrum Report Manager
2. CA eHealth
3. NetQoS Reporter Analyzer
CA Spectrum Report Manager Reports
Report Types
CA Spectrum Report Manager (SRM) is used by Embarq Network Operations and SLA analyst teams to generate reports for performance SLA alarms from Spectrum to be included in monthly SLA Report.
[pic]
Spectrum SPM SLA
Report
The Report Manager also provides useful inventory reports.
[pic]
Spectrum SPM Asset
Report
CA eHealth Reports
CA eHealth is used by DMS, and internal organizations to report historical data on devices and connections for customer sites and the core network.
Report Types
• At-a-Glance
The following eHealth reports are available from the console and the Web interface. They provide a series of charts that show the performance of critical variables for a specified element during the report period. Reports are typically generated for Router/Switches, LAN/WAN connections, and QoS.
[pic]
CA eHealth At-A-Glance Report
• Trend Reports
The following reports are available from the console or the Web interface. They show the performance of an element or a group of elements, over a specified period of time, based on specific variables. Reports are typically generated for Router/Switches, LAN/WAN connections, and QoS.
[pic]
CA eHealth Trend Report
Scheduling Reports
Users can generate the “At-a-Glance” or “Trend” reports on demand. If the user has a need to create a custom report, a request needs to be submitted to your local SUNCOM Sales Consultant 1-888-4SUNCOM (Option 4). A meeting will be scheduled with the customer to discuss the request. DMS will work with the AT&T and Embarq on the report.
As an example, if a user would like a trend report on a connection to include data for one full year, this would not be feasible from the user interface and would take an excessive amount of time to run. In this scenario the user would run a similar report for a short time period, and then make the request through the support address to have this report scheduled for after hours with an extended time period. Reports such as this can take hours to run from the interface, and run just a few minutes after hours as a background process.
NetQoS Reporter Analyzer Reports
Traffic analysis from NetQoS Reporter Analyzer is done from a web based interface, typically on a real time basis to troubleshoot issues or analyze network traffic patterns.
Report Types
• Real Time Reports
Real time reports include Protocol, ToS, Flows and Utilization for the previous two hour period with 1 minute granularity. This reporting is ideal for real time troubleshooting of issues.
[pic]
NetQoS Reporter Analyzer Real Time Report
• Historical Reports
Historical reports include Protocol, ToS, Flows and Utilization for selectable time periods for up to 1 year with 15 minute granularity. This type of reporting is ideal for looking at previous time periods, and provides more reporting options and flexibility.
[pic]
NetQoS Reporter Analyzer Historical Report
Reports Access and Scheduling Information
| |Available from Web |Manual generation |Automatic |Reports available |Reports available |
| |Interface? |of reports by end |generation of |online? |via e-mail? |
| | |user? |reports by end | | |
| | | |user? | | |
| | | | | | |
|CA Spectrum | | | | | |
|Report Manager | | | | | |
|SLA Reports |yes |yes |yes |yes |yes |
|Inventory Reports |yes |yes |yes |yes |yes |
| | | | | | |
|CA eHealth | | | | | |
|At-A-Glance Reports |yes |yes |no* |yes |yes |
|Trend Reports |yes |yes |no* |yes |yes |
| | | | | | |
|Netqos | | | | | |
|Reporter Analyzer | | | | | |
|Real Time Traffic Analysis |yes |yes |no |yes |no |
|Reports | | | | | |
|Historical Traffic Analysis |yes |yes |no |yes |no |
|Reports | | | | | |
| | | | | | |
|* Can be scheduled by system administrators. | | | |
| Recommended if reports are for extended time periods or required on a recurring basis. |
Customer Premise Equipment (CPE)
1 FIRN CPE
CPE will be included in the cost for the packages under the new FIRN contract.
Customer Provided CPE Option
Customers may use existing routers on the FIRN network. To ensure proper operation with the FIRN network and to qualify for applicable SLAs, the customer must load these routers with the current approved FIRN IOS and must be router models currently supported by the manufacturer. Special needs will be handled on a case by case basis by DMS.
2 Maintenance
Maintenance supporting the standard FIRN restoral SLAs is included in the rental prices of FIRN CPE
Customers acquiring new equipment from sources other than the FIRN contract (after 4/9/2007) will not be eligible for FIRN CPE maintenance or associated SLAs and will also be responsible for CPE trouble shooting and coordinating any necessary CPE repairs themselves. Provided the customer follows FIRN configuration guidelines, FIRN CPE management is available and the MFN NOC will at the customer’s direction monitor, backup configurations and notify the customer when CPE or other outages are detected even if the CPE is not under FIRN maintenance. FIRN installation services are not available for CPE purchased outside the FIRN contract.
Key features of CPE maintenance include:
• Service restoral with 24 x 7 x 2,4 and 8-hour basis
• 24x7x365 access to MFN NOC, engineering resources and CPE vendor Technical Assistance Centers
• IOS software updates
• 24x7x365 access to CPE vendor websites such as Cisco Connection Online (CCO)
Other maintenance needs should be addressed to the Customer’s DMS representative.
3 Installation
Installation for CPE on FIRN falls into two categories as defined in sections 7.1 (FIRN CPE Acquisition Options) and 7.2 (Customer Provided CPE). The differences are detailed below:
4 Acquired
All new FIRN equipment will be staged, configured and installed as part of the package pricing. Billing will start the day after a successful CPE installation.
Customer Provided CPE:
Customers choosing to use / provide their own CPE obtained from other sources will be given: the minimum hardware recommendations per the approved CPE Roadmap for the connection speed, the proper configuration guidelines and site specific technical data / information. The customer will be responsible for configuring the CPE for a given site’s installation. The service and customer provided CPE installations for these sites will be coordinated with the customer by the Vendor Implementer. The Turn-up schedule will be mutually agreed upon by the Customer and the Vendor, documentation will be sent via email with the agreed upon Turn-up schedule and will be used as the record for setting billing dates. The FIRN billing will start the day after the scheduled CPE Turn-up date for the site. The core and access circuits may actually be installed several days in advance of the scheduled Turn-up date but that will have no impact on billing. Billing will start per the schedule unless installation delays are caused by the FIRN Vendor. Turn-up is expected to be scheduled and completed within 7 business days of circuit installation. The turn up appointment will be scheduled by the Vendor and take place within 7 business days of the circuit install date or billing will commence automatically. Refer to section 5.2.2 for details. Installation procedures and expectations are documented in section 4.12.
If there is any delay in completing the Turn-up due to a Vendor error, billing will be deferred to start the day after the correction of the error.
The preferred strategy is to have all Customer locations installed as Managed sites.
5 Out of Band (OOB) Access
For managed CPE, the FIRN vendor in AT&T territory will install (at no cost) OOB access (dial up line and modem) at T1 and greater sites. This OOB access is a crucial aid in troubleshooting, allowing the verification of site power, the retrieval of router and WAN interface diagnostic information and the quick restoral of the configuration when it is necessary to replace the router.
In spite of the $0 cost and the many advantages of OOB from a maintenance and management perspective, it is understood some customers may choose to not allow OOB access. This choice will affect customer SLAs as noted in section 7.10 below.
6 Router Configuration Backup
The MFN NMS tools will maintain the last 25 copies of each routers stored configuration along with the userID of who made each change as long as the MFN NOC has read SNMP access. The MFN NMS includes a configuration management tool that facilitates storage and gives the FIRN user many abilities including the side by side comparison of configurations. Unmanaged customers must follow proper configuration guidelines that enable configuration management tool access to their routers. Unless other customer specific solutions are able to be arranged through DMS, unmanaged customers are responsible for configuring replacement routers after maintenance events and will be able to access the stored configurations via the MFN Portal.
7 Router Management
Full Management
Full router management is included and available as an option for all supported CPE at no additional charge and includes CPE configuration management, CPE MIB Polling, syslog trap support, NMS tools access, performance reports, proactive trouble responses, enhanced security support and CPE user access Management via TACAS and/or the CPE and Core proxy.
If full management is selected as an option, customer’s CPE will be managed by the MFN NOC and customers will have read-only access to their routers via the MFN Portal. Router configuration changes can be made using a MFN NOC ticket or issuing an ORDER. (See table in section 4.8) Those changes that require engineering review and/or testing may take longer.
Read/Write access combined with OOB to the CPE allows the MFN NOC to deliver the following capabilities:
• IOS Upgrades (where appropriate – rental, leased or maintained CPE)
• Configuration Management of the Router
• 2,4, and 8 Hour Restoral
• Performance Degradation Isolation
• CPE, Circuit or Core Trouble Isolation
Unbundled Customer Managed
1 - Customers may opt to provide and manage their own CPE routers. FIRN does not support simultaneous Read/Write capability for the MFN NOC and the customer. Customers allowing the MFN NOC Read Only access combined with OOB to the CPE receive the following reduced capabilities from the MFN NOC:
• 4 Hour Service Restoral After Joint Trouble Isolation Has Occurred
• Limited CPE, Circuit or Core Trouble Isolation and Resolution
2 - Self managed customers allowing the MFN NOC Read Only access combined with no OOB to the CPE receive the following reduced capabilities from the MFN NOC:
• 4 Hour CPE and/or Circuit Restoral After Customer Led Trouble Isolation Has Occurred
• Circuit or Core Trouble Resolution
3 - Self managed customers not allowing the MFN NOC Read Only access combined with no OOB to the CPE receive the following greatly reduced capabilities from the MFN NOC:
• 4 Hour Circuit Restoral After Customer Led Trouble Isolation Has Occurred
• Circuit or Core Trouble Resolution
8 Router Access Account management
The method of controlling access to FIRN routers is through the FIRN provided integrated LDAP and TACAS+ server at no additional charge. New accounts will normally be activated within 72 hours. Customers choosing self-management will be responsible for their own router access methods and account management.
It is highly recommended for trouble shooting and maintenance purposes that self-managed Customers allow the MFNFIRN NOC read/only access to customer managed CPE routers.
9 After Hours Maintenance Activity
When troubles occur and an on-site visit to the customer premises is required either to replace CPE or for circuit maintenance, the Customer must provide a live on-site contact that will be at the customer premises to receive replacement CPE and/or to allow the FIRN technician access to the site. Any delays associated with the FIRN NOC being able to contact/verify an on-site contact will correspondingly lengthen the FIRN SLAs. It is particularly important that customers designate and keep up to date, appropriate on-site contacts for sites that desire after hours restoral of service. Regardless of the success or failure of contacting an on-site customer representative, the FIRN NOC will troubleshoot, particularly circuit issues, to the fullest extent possible.
10 FIRN CPE SLA Matrix
The following matrix is provided as a reference guide to illustrate the impact of the information provided in the rest of this document. It also provides additional detail regarding the impact of customer selecting to take advantage of the various FIRN CPE management, OOB and other options and the effects of Customer selections on FIRN management, maintenance and SLA’s.
|CPE Access & Features |Customer Managed |Vendor Managed |
| |Customer CPE – Customer |FIRN CPE – Customer Managed |FIRN CPE – FIRN Managed |Customer CPE – FIRN Managed |
| |Managed | | | |
| |
11 FIRN CPE Roadmap / Models
A copy of a most recent FIRN CPE roadmap can found on eWorkspace.
12 General
The CPE Roadmap is a list of accepted CPE for use on FIRN. These models underwent strenuous acceptance testing for approved operation with the Core equipment on the FIRN Network. The list of tested models will be posted eWorkspace.
This web site link lists all of the Standard models and does not include specially approved options or models for specific applications. These specially approved models will be listed under the USOC listing or CPE spreadsheet. A copy of these most recent documents can be obtained through AT&T.
13 Special CPE needs
Periodically customers will have special requirements for CPE. The following steps cover the addition of CPE / Features / Options for these situations:
1. During the Discovery / Design meetings with an Agency a need for a particular option or feature is discovered.
2. The AT&T and DMS FIRN Engineering team is engaged to review the requirement.
3. DMS will be provided with the test plans and if requested by DMS to participate in these tests.
4. The Hardware / Software / Feature(s) are scheduled to be tested in the Lab. This testing will commence as soon as it can be scheduled. No specific timeframe can be assigned to this task as the constraints are variable. The testing constraints include but are not limited to: Hardware availability, IOS availability, Lab Availability and or Customer availability. The length of time required to complete testing will vary based on complexity of the requirements and resources required to complete testing.
5. DMS will have remote access to these labs to conduct and observe desired test scenarios in real-time.
6. Upon test completion, DMS will be provided with the test results.
7. Upon successful completion of the Lab Testing, the Sales Engineering Team will be notified to publish pricing and request USOCS.
8. USOCS will be requested for new items, this may take 60 Calendar days to complete.
9. AT&T will notify DMS of new CPE, USOC and pricing. This will include the configuration of such CPE
14 New CPE models
Periodically new models of CPE will need to be added over the life of the contract. This may be due to new features and option only available on new models or normal replacement of model series by the manufacturer. The following steps cover the addition of new CPE models:
1. DMS, Customer or AT&T can request the addition of a new CPE model. This will be done through a Change request.
2. AT&T will submit the Change Request (CR) to DMS describing the changes or additions. This CR will be utilized to place all requirements including features/options, hardware/software configuration, test plans and results, pricing for the approval process.
3. The AT&T and DMS FIRN Engineering team is engaged to review the requirements through this CR.
4. DMS will be provided with the test plans and if requested by DMS to participate in these tests.
5. The new CPE model Hardware / Software / Feature(s) are scheduled to be tested in the Lab. This testing will commence as soon as it can be scheduled. No specific timeframe can be assigned to this task as the constraints are variable. The testing constraints include but are not limited to: Hardware availability, IOS availability, Lab Availability and or Customer availability. The length of time required to complete testing will vary based on complexity of the requirements and resources required to complete testing.
6. DMS will have remote access to these labs to conduct and observe desired test scenarios in real-time.
7. Upon test completion, DMS will be provided with the test results and placed into the CR.
8. Upon successful completion of the Lab Testing, the Sales Engineering Team will be notified to publish pricing and request USOCS.
9. USOCS will be requested for new items, this may take 60 Calendar days to complete.
10. AT&T will notify DMS of new feature, USOC and pricing. This will include the configuration of such CPE. This information will be placed in the CR and other applicable documents such CPE road map and CPE pricing spreadsheet.
15 FIRN CPE Naming Convention Methodology
When naming FIRN CPE, the following naming conventions must be followed.
1. The router model number
2. A dash
3. One of the following:
• On standard routers, the transport the router is configured for, such as T1, 2T1, ME, DSL
• For one-off, custom configurations which are not expected to be generally used, "XX" will be used instead of the transport.
4. A dash
5. One of the following:
• Standard Routers: a feature set designation, such as SEC or HSEC
• An agency identifier, such as HSMV, FIN, or JAC
6. A dash
7. One of the following:
• Other special modification/additions to the router, such as 4FE for 4 switched 10/100 ports.
• One off: a sequence number, 01, 02, etc. as the agency generates new custom configurations.
8. If additional qualifying information is needed it will be added to the end of the router name and separated with an additional dash.
Example of CPE Names:
|CPE Type |CPE Name |
|Cisco 1841 (BGP/HSEC) |1841-ME-SEC |
|Cisco 2821 |2811-4T1-SEC |
|Custom 7206 for HSMV |7206-XX-HSMV-01 |
|Cisco 1841 (BGP/Security) |1841-64K-SEC |
Network Engineering & Design
1 Design Overview
This chapter describes the basic MyFloridaNet design and provides a description of the requirements for the VPN routing and forwarding (VRF) connectivity as well as the network access and traffic routing requirements and considerations.
MyFloridaNet IP Routed Core is a design based on Layer 3 VPNs using general specifications contained in RFC 4364. RFC 4364 VPNs are also known as BGP/MPLS VPNs because BGP is used to distribute VPN routing information across the MyFloridaNet backbone and MPLS is used to forward VPN traffic across the backbone to remote VPN sites.
Customer networks, because they are private, can use either public addresses or private addresses, as defined in RFC 1918, Address Allocation for Private Internets. When customer networks that use private addresses connect to the public Internet infrastructure, the private addresses might overlap with the same private addresses used by other network users. MPLS/BGP VPNs solve this problem by adding a VPN identifier prefix to each address from a particular VPN site, thereby creating an address that is unique both within the VPN and within the public Internet. In addition, each VPN has its own VPN-specific routing table that contains the routing information for that VPN only.
1 VPN Routing and Forwarding Tables (VRFs)
To separate a VPN's routes from routes in the public Internet or those in other VPNs, the PE router creates a separate routing table for each VPN, called a VPN routing and forwarding (VRF) table. The PE router creates one VRF table for each VPN that has a connection to a CE router. Any customer or site that belongs to the VPN can access only the routes in the VRF tables for that VPN.
8.2 VRF Design
[pic]
FIRN VRF
The FIRN VRF denotes a Layer 3 VPN on the MyFloridaNet backbone that is not firewalled. As the term Public signifies, this routing & forwarding space should be considered the same as the open Internet and is therefore unsecured.
• All connections to the FIRN VRF must rely on their own local Firewalls and security measures.
• No route-target leaking will be done into or out of the FIRN VRF.
• For a customer in the FIRN VRF, State Network access would be via a separate extranet connection.
2 8.2 Routing Protocol Requirements
CE-PE routing methods supported will vary according to the type VRF the CE is connecting to, with a preferred routing method for each scenario. Table 1 summarizes the supported methods with the preferred method in bold.
Table of Supported CE-PE Routing Methods
|VRF |Static |BGP | | |
Notes:
• The choice of routing protocol will have a significant impact on CE-PE convergence times. BGP provides better convergence times as compared to other routing protocols and hence it is recommended to deploy BGP.
• Connections to the FIRN VRF shall have inbound route-filters applied that will only accept routes from the CE that have been agreed upon with the customer.
• An inbound packet-filter will also be applied that will only allow in packets with source-addresses that are from the same agreed upon subnet list.
• Static routes will be the preferred method for LAN connectivity on managed CPE routers.
3 IP QoS Requirements
The table below provides the IP QoS requirements for each class of application.
|Class |Description |DSCP Marking |DSCP (Decimal Value) |
|Voice |Voice over IP |EF |46 |
|Video |Interactive Video |AF41 |34 |
|Application |Priority Data |AF21 |18 |
|Best Effort |All other Traffic (Internet, ftp) |BE |0 |
|Signaling |Call setup & control |AF31/CS6 |26/48 |
|Emergency Voice |Priority VOIP |AF43 |38 |
Notes:
• IP QoS is available for the following access types - Frame Relay, ATM, Private Line (Dedicated) and Metro Ethernet.
• Minimum Bandwidth for QoS is 512 Kbps.
• 512 Kbps circuits can allocate 250 Kbps of voice or 250 Kbps of a data application.
• 768 Kbps circuits can allocate voice or data applications in increments of 250 Kbps, and video at 500 Kbps. The maximum amount of QoS for a 768 Kbps circuit is 500 Kbps.
• T1 circuits can allocate voice and data applications in increments of 250k, and video QoS in increments of 500 Kbps. The maximum amount of QoS for a T1 circuit is 1 Mbps.
• At 3 Mbps or above, voice, video and data applications are allocated in increments of 500 Kbps.
QoS Maximum Bandwidth Allocations
|Circuit Bandwidth |Max QoS |
|512 Kbps |250 Kbps |
|768 Kbps |500 Kbps |
|1.5 Mbps |1 Mbps |
|3 Mbps |2 Mbps |
|6 Mbps |4 Mbps |
|9 Mbps |6 Mbps |
|10 Mbps |6 Mbps |
|12 Mbps |8 Mbps |
There are similar limits for higher speeds, but the rule of thumb is no more than 2/3 of the connection bandwidth is to be used for QoS.
4 CPE & Access Method Requirements
1 Access
Frame Relay and Metro Ethernet Access will include standard dual PE connectivity.
• All connections will always be configured with full CIR or CB (committed bandwidth).
• Fractional DS3 frame relay connections will be configured at the actual clock rate of the ordered port speed. For instance, a frac-DS3 order for 15mb will be clocked at 15mb – meaning the transmit rate will have a hard limit of 15mb/sec.
Private Line access does not automatically include dual PE connectivity as does Frame Relay, ATM and Metro Ethernet. Customers would need to order a second private line per the pricing schedule under "Dual Core Connectivity" and possibly an upgraded router model to accomplish dual PE connectivity.
2 CPE
Currently, FIRN CPE provides two types of approved IOS:
Base IP IOS: Does not provide BGP & security features
Advanced Security IOS: Provides BGP and security features. (Recommended)
For further information on CPE IOS, please visit MFN web site.
Additional Services supported through FIRN
1 FIRN Secure Internet Bundled Services (Secure Internet Services)
1 Service Description:
2 A. Secure Internet Services: Secure Internet Services for end users identified in Section 2, are Services combined with a cloud-based basic firewall protection, using a uniform approach and tools, against unauthorized use and access.
1) Contractor shall be responsible for the full lifecycle management of all firewall devices facilitating the Secure Internet Services. This includes:
a) Ensuring optimal configuration, tuning, and provide 24x7x365 management and monitoring services using trained and certified security experts;
b) Monitoring 24x7x365 firewall subscriptions that protect from network-borne threats using trained and certified security experts;
c) Firewall provisioning and deployment;
d) Firewall upgrade and patch management;
e) Firewall backup and recovery;
f) Firewall policy and signature management;
g) Firewall policy-based control over applications, users, and content; and
h) Auditable and accurate change management logs.
2) The cloud-based basic firewall provides the following security functions for all virtual
contexts:
a) The Sandbox Analyzer to identify and analyze targeted and unknown files for
malicious behaviors. It shall generate and automatically deliver protection for
newly discovered malware via signature updates. Signature update delivery shall
include integrated logging/reporting.
b) Geo Blocking to prevent network based access to internal resources by blocking
based on geographic location.
c) Application Blocking to identify and block unwanted applications without regard
to the port they are using for communication.
d) Security Information and Event Management (SIEM): Secure Internet Services
will include detailed information provided by the MyFloridaNet QRadar tool. DMS
and each Secure Internet Services end user will receive two QRadar login accounts
allowing them accurate, correlating information regarding network flows (500:1
sampling), session data, packet captures, reputation white/black listing and
endpoint system vulnerability results providing the maximum amount of detail to
traffic traversing their network connection. This access shall give Secure Internet
Services end users visibility into their Internet connection activity, virtual activity,
user activity and application activity, giving them intelligence into their FIRN
Secure Internet connection.
3) The cloud-based firewall will provide the following optional more advanced security
functions for all virtual contexts subscribing to the Advanced Security and Content
Filtering service at the pricing listed in the second column of Table 1.0.
a) NextGeneration IPS & IDS: By proactively applying deep packet and application
inspection of network activity at the border of the FIRN and the internally protected
zones, service will provide better analysis and overall security for each FIRN
Organization. Automated correlation and Intrusion Analysis by this service will
provide notifications of suspected unauthorized network activity and has the ability
to prevent the activity from ever reaching the end user’s internal network. This
feature is part of the advanced cloud-based firewall deployment.
b) Malware & Anti-Virus detection: This service feature provides real time antivirus
and anti-malware protection. End users will have the ability to automatically
take action on malicious files currently in transport across the network. This
feature will block unwanted malware and viruses at our edge devices before they
consume Internet bandwidth or threaten the local network and ultimately desktop
endpoint systems users depend on to access the Internet. This feature is part of the
advanced cloud-based firewall deployment.
c) Next Generation Content Filtering/URL Blocking is enabled upon request. This
service helps End users enforce their protection policies and block inappropriate,
illegal, and dangerous web content. It will have the ability to block multiple
categories of objectionable web content, providing the necessary combination of
control and flexibility to protect important resources. The service will deliver
sophisticated reporting and visually descriptive monitoring through dashboards,
graphs, charts, and data search functionality. This feature is part of the advanced
cloud-based firewall deployment.
4) FIRN Help Desk
a) FIRN Secure Internet includes access to our standard FIRN helpdesk to provide
assistance directly to FIRN end users to answer questions related to all FIRN
Secure Internet service tools and services.
b) The helpdesk will work directly with the end user to provide advice on remediation
methods and industry best practices as they relate to services the contractor
provides as part of our Secure Internet offering.
c) The helpdesk will be staffed live and/or offer immediate call back within thirty
(30) minutes 24x7x365.
d) The staff will perform daily “eyes on glass” real-time monitoring and analysis of
security events. Monitoring and analysis shall span multiple sources including but
not limited to events from the security tools (SIEM), MFN network tools, NetFlow
logs, firewall logs, and router logs.
e) The MFN/FIRN security team via the FIRN helpdesk will bring any particularly
concerning security problems they detect via the SIEM to the end user’s attention
for remediation. The helpdesk will also provide remote remediation assistance and
advice to the FIRN end users.
f) FIRN Help Desk staff via the MyFloridaNet security team will have access to the
Contractor’s commercial Security Operation Center (SOC) and threat intelligence
research teams to assist in identifying threats and developing preventative
countermeasures based on information collected from monitoring events
worldwide.
5) End users shall be able to be placed within a specific educational routing domain; also
known technically as a virtual routing and forwarding (VRF) instance. In such an
enterprise, the State of Florida shall have the capability to secure all schools behind a
unified enterprise intranet.
[pic]
3 B. New Secure Internet and Advanced Security & Content Filtering: Secure Internet services shall be offered based on the rates provided in Table 1.0 below. All current contractual terms, conditions and features of current FIRN Internet Services shall apply with the exception of the following changes:
1) Pricing for this service is flat rate (included in Table 1.0) in the AT&T, CenturyLink and Verizon LATA areas. This new pricing shall be an addition to the flat rate and mileage band pricing originally introduced in the contract or from a previous amendment. The new flat rates in Table 1 may not apply outside of these areas. Any connections outside of the AT&T, Century Link, and Verizon LATAs shall be priced as an individual case basis (ICB). ICB pricing shall never be more than the original flat rate pricing submitted in the original contract.
2) Any FIRN specific core aggregation circuit exceeding 80% peak utilization for more than 2 consecutive 5 minute polling intervals on more than 2 consecutive days will be upgraded within 90 days. Any FIRN end-user provisioned over any MyFloridaNet core aggregation circuit shall follow the aggregation circuit thresholds described in the MyFloridaNet contract.
3) Secure Internet services shall utilize the MyFloridaNet QoS standards and applicable templates.
4) A Contractor managed CPE router is included in the standard service. However, the FIRN end-user may choose to manage the Contractor provided CPE router or provide and manage their own CPE router as long as it is certified by the Contractor. The option to manage the CPE router is at no additional cost to the end user, nor does it alter terms and conditions set forth in the contract or this Amendment.
5) If the FIRN backbone bandwidth is not available in certain areas at time of the end user’s order, and if the connection speed is greater than 2Gbps, the Contractor may provide services via other commercial Internet services at the price in Table 1.0 upon mutual approval by AT&T and DMS.
6) To stay consistent with the intent of this amendment and Erate filing requirements, Secure Internet services will be offered at the nominal bandwidth stated in amendment. At a minimum, ordered bandwidth will be kept consistent for the duration of the FIRN contract or twelve month, whichever occurs first. DMS will only be allowed to increase bandwidth during this period.
7) Bandwidth speeds greater than 1 GB connectivity options are provisioned N x 1GB connections or equivalent bandwidth over 10GB access to a single end user site when and where available.
8) Secure Internet Services Pricing Table
|FIRN Secure Internet Bundle |
|Monthly Pricing - Table 1.0 |
|Ethernet |Bundled Cost - Core |Additional Cost for |
|Bandwidth |+ Access + CPE + |Advanced Security and |
| |Basic Firewall |Content Filtering |
| |Security |and URL blocking |
|10 Mbps |$1,121.07 |$255.56 |
|50 Mbps |$2,053.83 |$255.56 |
|100 Mbps |$2,605.37 |$255.56 |
|200 Mbps |$3,622.63 |$511.11 |
|300 Mbps |$4,632.43 |$766.67 |
|400 Mbps |$5,162.24 |$1,022.22 |
|500 Mbps |$5,636.83 |$1,277.78 |
|600 Mbps |$6,106.70 |$1,533.33 |
|700 Mbps |$6,372.29 |$1,788.89 |
|800 Mbps |$6,562.81 |$2,044.44 |
|900 Mbps |$6,739.15 |$2,300.00 |
|1000 Mbps |$6,914.97 |$2,555.55 |
|2000 Mbps |$10,877.40 |$3,833.33 |
|5000 Mbps |$15,597.94 |$5,749.99 |
|10000 Mbps |$22,688,85 |$8,624.98 |
4 Options
After hours install, as defined in section 2.4.3 of the MFN Ops Guide, is available at an additional flat rate of $164.25 per device.
5 Service Requirements
A CSAB Order is required to order and establish the FIRN Secure Internet Service.
DMS and Customers will not be required to subscribe to FIRN Secure Internet Service. Users shall only subscribe to FIRN Secure Internet Service if they are a FIRN transport subscriber with a FIRN connection at that location.
6 FIRN NOC Process
Refer to section 3 for normal FIRN service process details.
• FIRN Helpdesk will escalate advanced security troubleshooting to FIRN SOC according to the standard troubleshooting process
7 FIRN SOC Process
8 SLA
The FIRN Secure Internet service bundle introduces performance measures via Service Level Agreements for Install, Moves, Adds, Changes and Outages with the following
Table 2.0
.
|Service Performance Measures |
|Table 2 |
|SLA |Performance Target |Liquidated Damages |Measurement |
|Install, Moves, Adds, |64kbps to T1 = 60 days |10% MRC of Service* if performance |Measured and calculated |
|Changes (“IMAC”) |>T1 to 45Mbps = 80 |is not met. |per incident based on the |
| |business days | |operational tools provided. |
| |>45Mbps = 180 business | |Contractor will not be |
| |days | |liable where facilities do |
| | | |not exist for access types |
| | | |(excluding Ethernet) |
| | | |greater than 12 Mbps. |
|Site Outage & Service |Within twenty-four (24) hours |5% MRC of the entire |Measured using the trouble |
|Troubles – Restore |Monday – Friday. |service if outage > 24 |ticketing system. |
| | |hours |SLA clock will start when |
| | | |the trouble has been reported in |
| | | |the ticketing system. The SLA clock|
| | | |will stop when the site has |
| | | |been restored and verified with the|
| | | |end user. For |
| | | |all service troubles, |
| | | |Contractor must open |
| | | |trouble tickets pro-actively |
| | | |and immediately when the |
| | | |outage has been discovered. The |
| | | |time |
| | | |between the actual outage |
| | | |and the opened trouble |
| | | |ticket was opened will be |
| | | |counted towards SLA restoral time. |
| | | |For example: |
| | | |if an outage occurred at |
| | | |1:00PM and the trouble |
| | | |ticket was opened at |
| | | |1:30PM, 30 minutes of |
| | | |this time will be counted towards |
| | | |the SLA restoral time. |
|*MRC of Service = MRC of (Core Port + CPE + Access) for each site |
9 MFN NMS Tools
Normal NMS tool support will be provided for the base FIRN service and hardware.
10 Security Information and Event Management Tool
11 Ordering
• Refer to section 4 for details
12 Billing
• Refer to section 5 for detail
13 FIRN Secure Internet Bundled Services Implementation Process
• Orders for the Secure Internet Bundled Services will be submitted through the normal FIRN ordering process detailed in section 4.
• MFN Security will be notified of order by the Care Center
• MFN Security will evaluate the customer order according to CSAB options
• MFN Security will contact customer within 30 days of their order being placed
o All customers who preordered this service (ordered before 7/1/2014) will be contacted and processed in the order in which they were received
• MFN Security will require each customer to complete and return the Initial Customer Engagement Questionnaire.
• MFN Security will evaluate each completed Questionnaire and contact customer for additional information as needed.
• MFN Security will follow-up with specific configuration questionnaires pertaining to the requested features
o GEO Blocking Questionnaire
o Application Blocking Questionnaire
o Security Information and Event Management (SIEM) Request Form
o Next Generation IPS / IDS Questionnaire
o Malware & Anti-Virus Detection Questionnaire
o URL Filtering/Blocking Questionnaire
• MFN Security will engage additional resources to review overall architecture and complete the final design specifications
• MFN Security will submit final design specifications to the customer for approval
• Once the final design has been approved by customer, MFN Security will work with additional teams to establish implementation date
• Customer will be notified of implementation date for approval
• MFN Security will initially provision and deploy Security Internet Bundle on agreed implementation date
• MFN Security will be available to modify implemented configuration for 24 hours after initial turn-up
• After the initial 24 hour turn-up window has expired, 24x7x365 management and monitoring will be accomplished by the FIRN Helpdesk utilizing established FIRN trouble and change management processes
2 FIRN Advanced Security Offerings (ASO)
A. ASO can be purchased by end users as an Advanced Security Bundle (ASB) (see B.).
Some of these ASB as well as other Advanced Security Offerings may also be purchased
separately (See I-J.)..
B. Advanced Security Bundle (ASB): ASB includes, for each end user selected location
(district headquarters):
1) Fully Managed Device for On-site Intrusion Prevention System (IPS) Device and
Service.
2) Fully Managed Device for On-site Premise Firewall Event Logging Management,
Analysis and Notification of end user District Area Network (DAN) Firewall.
3) Fully Managed Device for On-site end user Device Event Logging Management and
Analysis for up to 15 devices per end user location.
4) Fully Managed Counter Threat Appliance (CTA) to assimilate logging information from
all end user selected sources passing on significant events for further analysis.
5) Fully Managed Cloud Based Security Information and Event Management (SIEM)
Correlation via forwarded information from the CTA.
6) End User Portal for detailed information regarding their Security incidents and security
posture.
C. Intrusion Prevention System (IPS): IPS helps eliminate malicious inbound and outbound
traffic 24x7x365, without device or signature management, and without increasing in-house
headcount. IPS service lets the end user comply with data loss regulations to protect against
threats to sensitive data by centralizing the analysis of all devices including firewall logs
and provides comprehensive reporting via contractor’s end user portal to demonstrate the
effectiveness of the end user’s security controls. The IPS device can be attached to the End
User network to provide Intrusion Detection with the onus then on the end user to
implement appropriate corrective action. Alternatively, the IPS can be placed in-line of
Internet traffic, in which case the contractor shall implement recommended security
response to the intrusion. IPS includes:
1) Configuration and implementation.
2) Administration and tuning.
3) 24x7x365 Real-time security event and device health monitoring.
4) Upgrade, change, and patch management.
5) Thousands of unique countermeasures.
6) Daily audits of existing rules. 7) Advanced analysis and blocking techniques, including advanced statistical analysis,
suspicious activity correlation and expert security analysis of patterns.
8) Twice weekly countermeasure updates.
9) Intelligence-enhanced threat protection.
10) On-demand security and compliance reporting.
D. Firewall Event Logging: Monitoring of any supported end user premise firewall listed
below and support for next generation and HA Firewall pairs at no additional charge. Log
information shall be incorporated into the provided SIEM and any SIEM indications of a
problem are analyzed by security professionals in near real time and end user are notified
of any significant firewall events complete with recommended firewall configuration
changes. End users desiring a full proactively managed firewall solution can combine this
offering with existing FIRN contract firewall management options. Supported firewall
devices are:
1) Cisco
2) Juniper Networks
3) Palo Alto Networks
4) Dell SonicWALL
5) Check Point
6) Fortinet
E. End User Device Event Logging: The 15 devices can be any mixture of any supported
devices (servers, routers, etc.) capable of sending log information to the provided logging
device. The logging information shall be fed into the SIEM similar to the Firewall log
information and proactively responded to the same way, resulting in notification of the end
user of any suspicious activity complete with recommended actions.
F. Counter Threat Appliance (CTA): The CTA resides on the end user’s network and shall
be responsible for maintaining connections to all sources a end user needs monitored and
managed. The CTA shall collect logs from these sources and handles parsing,
normalization, de-duplication and filtering of collected events. Security events of interest
are sent from the CTA to Contractor’s Security Operations Centers (SOC) via a secured
connection, where they are prioritized and, if needed, reviewed by the Contractor’s certified
Security Analysts to determine if any malicious or suspicious activity is occurring.
Additionally, the CTA is a secure point from which Contractor’s Security Analysts can
provide device management. Through the secured connection, the CTA shall have the
capability to enable communications and administrative activities for vendor managed
devices.
G. End User Portal and Reports: The End User Portal shall provide the intelligence and
analytics needed to easily understand the risks, demonstrate compliance and make better
security decisions. The Portal shall give end users full visibility into their security and compliance posture with advanced reporting functionality integrated across all proffered
Advanced Security Offerings. The End User Portal shall include a mobile application
ensuring security data is always at the end user’s fingertips.
H. Advanced Security Bundled Pricing
|ASB Monthly Pricing |
|Table 2.0 |
|Bandwidth Monthly |Recurring |
|10 Mbps |$3,413.00 |
|50 Mbps |$3,413.00 |
|100 Mbps |$3,413.00 |
|200 Mbps |$3,717.00 |
|300 Mbps |$4,139.00 |
|400 Mbps |$4,139.00 |
|500 Mbps |$4,139.00 |
|600 Mbps |$4,404.00 |
|700 Mbps |$4,404.00 |
|800 Mbps |$4,404.00 |
|900 Mbps |$4,404.00 |
|1,000 Mbps |$4,404.00 |
|2,000Mbps* |$8,808.00 |
|5,000Mbps* |$22,020.00 |
|10,000Mbps* |$44,040.00 |
*Where available
I. Standalone Advanced Security Options. End user may purchase any of the products and
services described below.
1) IPS Monitoring is as described in C.3) above. Pricing for those wishing to buy as a
standalone product is as follows:ng ‐ Table 3.0
|IPS Monitoring |
|Monthly Pricing ‐ Table 3.0 |
|Internet Bandwidth |Monthly Recurring |
|0 Mbps to 100 Mbps |$875.00 |
|101 Mbps to 1000 Mbps |$1,375.00 |
|1001 Mbps to 2000 Mbps |$1,550.00 |
2) IPS Management was included and described in the bundled offering. Pricing for those
wishing to buy as a standalone product is as follows:
|IPS Management |
|Monthly Pricing ‐ Table 4.0 |
|Internet Bandwidth |Monthly Recurring |
|0 Mbps to 100 Mbps |$1,562.00 |
|101 Mbps to 500 Mbps |$2,083.00 |
|501 Mbps to 1000 Mbps |$3,250.00 |
|1001 Mbps to 2000 Mbps |$4,483.00 |
|2001 Mbps to 4000 Mbps |$6,042.00 |
|4001 Mbps to 10000 Mbps |$9,042.00 |
3) End User Device Event Monitoring was included and described in for up to 15 devices in
the bundled offering. For those wishing to buy monitoring for additional devices or as a
standalone offering pricing is as follows:
|Device Monitoring |
|Monthly Pricing ‐ Table 5.0 |
|Device Count Monthly |Recurring |
|1 |$125.00 |
|15 |$1,500.00 |
|200 |$11,417.00 |
|500 |$21,917.00 |
4) Vulnerability Management service identifies exposures and weak spots in end user
environments by performing highly accurate external scanning and internal scanning
across the network. Vulnerability Management shall enable vulnerability scanning
without the hardware, software and maintenance requirements of scanning products.
Vulnerability results shall be integrated into Contractor’s other Managed Security
Services, allowing threats against vulnerable and non-vulnerable systems to be assessed
and prioritized accordingly.
The Vulnerability Management technology shall be fully managed and maintained by the
Contractor’s dedicated vulnerability management team, eliminating administration and
maintenance burdens so end users can better focus on protecting assets and reducing
risks. Vulnerability Management includes:
a) Highly accurate internal and external vulnerability scanning. b) Support for physical, cloud and virtual infrastructure.
c) Dedicated vulnerability management team to provide expert
guidance and support.
d) Flexible reporting and remediation workflow tools via on-demand portal.
e) 24x7x365 expert support by certified security analysts.
|Vulnerability Management service |
|Monthly Pricing ‐ Table 6.0 |
|Network or Server Device Count |Monthly Recurring |
|128 |$600.00 |
|512 |$1,250.00 |
|1024 |$11,917.00 |
|Application Count |Monthly Recurring |
|10 |$767.00 |
|25 |$1,250.00 |
|160 |$3,250.00 |
5) Log Retention Services shall be a fully-managed service that provides support for a wide
range of sources, allowing capture and aggregation of the millions of logs generated
every day by critical information assets such as servers, routers, firewalls, databases,
applications and other systems. The Log Retention Services shall support hundreds of
devices per appliance. Log Retention Services Include:
a) Log Retention device with 13TB of compressed storage (3.8TB uncompressed).
b) Capturing and storing end user-specified system logs from the IT devices, systems
and other network assets to the Log Retention Appliance.
c) Implementing software upgrades and security patches to Log Retention Appliance
Monitor the information security, system health and performance of Log Retention
Appliances 24x7x365.
d) Provide end user client access to the Logs.
e) Configure any Log Retention Appliance native alerting functionality to provide
alerting to notify end user of any such end user Devices no longer transmitting
Logs to the Log Retention Appliances.
f) Act as the initial point of contact for end user support.
|Log Retention Services |
|Monthly Pricing ‐ Table 7.0 |
|(13TB Compressed Capacity) |
|End User Device Count |Monthly Recurring |
|25 |$2,225.00 |
|100 |$2,513.00 |
|500 |$3,083.00 |
|Additional 13/3 8TB |$1,250.00 |
|Capacity | |
J. Security Incident Response and Consulting:
1) The Incident Response and Digital Forensics practice shall help provide rapid
containment and eradication of threats, minimizing the duration and impact of a security
breach. Leveraging elite cyber threat intelligence and global visibility, Contractor shall
help end users prepare for, respond to and recover from even the most complex and largescale
security incidents. The rate is based upon a response tailored to the particular event
and is on a per-end user basis.
|Incident Response Service |
|Monthly Pricing ‐ Table 8.0 |
|Minimum 50 hours |Hourly Rated |
|1 |$420.00* |
|*Includes travel and expenses, discounts may be available for additional hours |
|needed during same on-site visit |
2) The Contractor’s Security and Risk Consulting (SRC) group shall help customers solve
security and compliance challenges. The Contractor shall provide services listed
below:
Regulatory and Compliance
• GLBA (Gramm-Leach-Bliley Act) Gap Analysis
• HIPAA (Health Insurance Portability and Accountability Act) Gap Analysis
• FISMA (Federal Information Security Management Act)/NIST (National Institute of Standards and Technology) Gap Analysis
• PCI (Payment Card Industry) Gap Analysis
• QSA (Qualified Security Assessor) On-Demand
• ISO (International Organization for Standardization) 2700x Gap Analysis
• General Controls Audit
• Information Security Assessment
• Security Architecture Review
• Governance Review
• Facility Clearance Readiness Review
• E-Discovery (Electronic Discovery)
• Security and Compliance Attestation Reporting
• Third-Party Diligence and Vendor Management
• IT (Information Technology) Risk Assessment
Testing and Analysis
• Vulnerability Assessments
• Penetration Testing
• Web Application Assessments
• Network Security Assessment
• Physical Security Assessment
• Wireless Network Testing
• Social Engineering
• War Dialing
• Data Discovery and Classification
Note:
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to develop,
implement, and maintain a comprehensive written information security program that
protects the privacy and integrity of end user records.
The Health Insurance Portability and Accountability Act of 1996 (HIPPA) includes: the
HIPAA Privacy Rule, which protects the privacy of individually identifiable health
information; the HIPAA Security Rule, which sets national standards for the security of
electronic protected health information; the HIPAA Breach Notification Rule, which
requires covered entities and business associates to provide notification following a
breach of unsecured protected health information; and the confidentiality provisions of
the Patient Safety Rule, which protect identifiable information being used to analyze
patient safety events and improve patient safety.
Payment Card Industry (PCI) Gap Analysis are designed to combat identity theft and to
better secure credit card data. Credit card associations created the Payment Card Industry
(PCI) Data Security Standard (DSS) and expect organizations that process, store or
transmit cardholder data to comply with these standards.
ISO (International Organization for Standardization) 2700x is a series of specifications
which include Information Security Management Systems whose focus is based on
evaluating process rather than content. These standards contain a Code of Practice consisting of a comprehensive set of information security control objectives and a menu
of best practice security controls.
Security Risk Consulting Service
|Security Risk Consulting Service |
|Monthly Pricing - Table 8.0 |
|Minimum 50 hours |Hourly Rated |
|1 |$360.20* |
|* Includes travel and expenses |
3) All CSAB orders shall include a statement-of-work to be reviewed and approved by DMS and end user. The statement-of-work template shall be defined in the operational and user guide.
K. Service Level Objectives:
|Security Risk Consulting Service |
|Service Level Objectives - Table 9.0 |
|SLO Type |Description |Action |
|Security Monitoring (applicable to ASB and |End user shall receive a response (according to the escalation|1/30th of monthly fee for |
|Standalone options) |procedures defined in the End User Portal or in the manner |Service for the affected device|
| |pre-selected in writing by End user, either through the help | |
| |desk ticketing system, email, or by telephone) to security | |
| |incidents within fifteen (15) minutes of the determination by | |
| |the Service Provider that given malicious activity | |
| |constitutes a security incident. This is measured by the | |
| |difference between the time stamp on the incident ticket | |
| |created by the SOC personnel or technology and the time stamp | |
| |of the correspondence documenting the initial escalation. A | |
| |“security incident” is defined as an incident ticket that | |
| |comprises an event (log) or group of events (logs) that is | |
| |deemed high severity by the SOC. The most up-to-date version | |
| |can always be found in the Real-Time Events section of the End| |
| |User Portal). Automatically created incident tickets (via | |
| |correlation technology) and event(s) or log(s) deemed low | |
| |severity will not be escalated, but will be available for | |
| |reporting through the End user portal. | |
|Active Health Monitoring (for all FIRN |Active health checks identifying the following conditions are |1/30th of monthly fee for |
|provided devices) |subject to the following SLAs: |Service for the affected device|
| | | |
| |Device Unreachable – 30 minute response (via phone, ticket, or| |
| |email) from identification of the device being unreachable. | |
| |This is measured by | |
| |the difference between the time stamp on the device | |
| |unreachable ticket created by the SOC personnel or technology | |
| |and the time stamp of the correspondence documenting the | |
| |initial escalation. | |
5. Annual Affidavit: The Contractor agrees to submit to DMS at least annually, an affidavit from an authorized representative attesting that the Contractor is in compliance with the preferred pricing provision in Section 4(b) of form PUR 1000.
1 FIRN NOC Process
• Refer to section 3 for process details.
2 SLA
• Tables will be developed from data in section K of amendment
.
3 Tools
• TBD by Vendor
4 Ordering
• Refer to section 4 for details
5 Billing
• Refer to section 5 for detail
6 FIRN Advanced Security Offerings (ASO) Implementation Process
• Being provided by the vendor
Appendices
1 FIRN Core Layout
[pic]
2 FIRN Types of Access
[pic]
3 FIRN vs. FIRN DAN Comparison
4 NMS Tools Access – CSAB and Access Form Samples
[pic] [pic]
5 Order Design Reference Documents
[pic] [pic] [pic]
6 Customer Service Questionnaire
[pic]
7 Secure Internet Services Questionnaires
[pic]
Glossary of Terms
This glossary may cover additional terms not found in the Operations Guide, but which may be helpful within the network environment.
|Word or Acronym |Definition |
|Access Circuit |The circuit between the Agency and the AT&T “cloud”. |
|ATM |Asynchronous Transfer Mode. ATM is a cell switching technology used for Layer-2 protocol in ADSL |
| |service. |
|CIR |Committed Information Rate: The level of data traffic (in bits) which the carrier agrees to handle |
| |over a period of time, averaged over a period. |
|CPE |Customer Premise Equipment: CPE is equipment at the customer’s location such as the router, CSU/DSU, |
| |etc. It can be provided by AT&T or the customer. |
|CSU/DSU |Channel Service Unit/Data Service Unit; the device that sits in front of the router and performs line |
| |coding, line conditioning, equalizing functions and other similar activities. It can be external (the|
| |size of a modem) or internal (WAN interface card). |
|DSL |Digital Subscriber Line. DSL is a pair of modems on either end of a single twisted pair wire that |
| |delivers ISDN Basic Rate Access. This is commonly used for remote access for Teleworkers, but can |
| |also be used as the main access method for an Agency, rather than frame. |
|Frame Relay |Frame Relay is a pool of bandwidth made instantly available to any concurrent data sessions sharing |
| |the access circuit. This data transport method sends data by dividing it into chunks of up to 8,000 |
| |bytes. The chunks are sent one at a time in “rapid bursts”, known as a “frame”. An address frame is |
| |sent into the network, which interprets the address and sends the information to its destination at up|
| |to 45Mbps. |
|FIRN |Florida Information Resource Network |
|MPLS |Multi-Protocol Label Switching. The technology that AT&T uses within its network which minimizes lost|
| |packets and speeds data transfer using IP protocol. |
|NAT |Network Address Translation. An Internet standard that enables a local area network (LAN) to use one |
| |set of IP addresses for internal traffic and a second set for external traffic. This allows a company |
| |to keep internal IP addresses private. |
|NOC |Network Operations Center. The Network managing center which is available 24x7x365 for network |
| |maintenance, management and trouble-shooting. . |
|Protocol |A set of formal rules that describe how to properly transmit data across a network |
|QoS |(Quality of Service) - System that provides adherence of SLAs of the Network |
|SLA |Service Level Agreement |
|SME |Subject Matter Expert |
|VPN |(Virtual Private Network) |
| |A method of telecommunication that uses the Internet Backbone as a means of transportation, yet keeps |
| |data secure through encryption methods. |
|IOS |Internal Operating System used in Cisco routers |
|Ops Guide |Operations Guide, also known as a NOC Guide, is the reference document for the overall management FIRN|
| |Network Operations. |
|TFTP |Trivial File Transfer Protocol. Common protocol for transferring data. |
|UPS |Uninterruptible Power Supply |
|WAN |Wide Area Network |
|IMG |Incident Management Group |
Revision History
|Revision date |Version |Revised Section |Summary of Changes |
|04/20/2009 |1.0 | |Initial Acceptance |
|06/03/2014 |2.0 |14 |Add Amendment 4 Services |
|09/28/2015 | |3 |Updated Escalation Contacts |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
Related searches
- getroman com reviews
- acurafinancialservices.com account management
- acurafinancialservices.com account ma
- getroman.com tv
- http cashier.95516.com bing
- http cashier.95516.com bingprivacy notice.pdf
- connected mcgraw hill com lausd
- education.com games play
- rushmorelm.com one time payment
- autotrader.com used cars
- b com 2nd year syllabus
- gmail.com sign in