FIRN Information State of Florida

Department of Management ServicesDivision of Telecommunications

State of FloridaDepartment of Management Services

Division of Telecommunications

The New FIRN Network FIRN - Florida Information Resource Network 2009 Contract

FEATURES BENEFITSData transport provided by MFN(MyFloridaNet)

MFN transport operates within highest industry standards to secure and deliver data.

Bulk pricing and simplicity Significantly reduced prices with simpler rate structure, easier to manage for end user.

Multiregional Internet Gateway Access

Multiple Internet Gateways throughout State of Florida providing most efficient access available to Internet

Guaranteed Quality Commitment to users from service providers; strict service level agreements (SLAs).

E-rate Benefits E-rate compliant to benefit the educational community to ensure E-Rate funding for major portion of these services.

List of FIRN Services

Bundle ServicesFor District Area NetworksFor Hub & Internet and Local Loop

For Hub, Internet and CPE

Email ServiceData Vaulting ServicesCo-Location ServiceWeb Hosting

List of FIRN Services

Interconnected Voice Internet Protocol Service(IVoIPS)

CPE Management ServicesFirewall Management Encryption ServicesContent FilteringWeb Page Support Web Presence of FIRNEmergency Website Maintenance and Support

FIRN Services Description

FIRN Bundled Service A totally bundled offering which includes Internet access, transport, customer premises router, DNS, DHCP, basic firewall protection, and overall management to maintain the service functioning properly. For bundled service, the customer service interface is the Ethernet port on the provider's edge device/router.


FIRN Email Service FIRN Email Service provides basic email services

for administrators, teachers, and students. Based on a secure, robust, and highly available infrastructure, our service not only filters your email in accordance with the CIPA guidelines, it features security measures that mitigate the risk of hacking and email misuse. Additionally, the service complies with federal and state record retention requirements.


FIRN Email Service includes(continued): 24x7x365 Helpdesk for End Users User email mailbox configuration of 100MB

Whitelist/Blacklist Support Spam Folders and Administration Auto-Reply Mechanisms

Anti-virus and Anti-Virus Protection Mechanisms Accessibility using industry standard PC web browsers and email clients

Support for Microsoft Internet Explorer and Microsoft Outlook Secure SMTP, POP3, IMAP functionality RFC compliance for SMTP/POP3/IMAP4/HTTP/HTTPS protocols CIPA Compliance Mechanisms

CIPA Guidelines: http://www.fcc.gov/cgb/consumerfacts/cipa.html Record Retention Compliance Mechanisms

Federal Guidelines: http://www.ed.gov/policy/gen/leg/fra.html State of Florida Guidelines: http://myfloridalegal.com/sunshine

FIRN Services DescriptionData Vaulting Service(continued) Data Vaulting Service provides a secure, high performance,

local vault device at the customer location for maximum performance and efficiency. Vault devices provide a seamless interface to industry standard backup applications and provide easy integration with existing software as well as adherence to existing backup policies.

For additional resiliency, duplicate data storage can be obtained which will allow for the replication of the data from the local vault device(s) at the customer location to a secure vault in our secured offsite facility. Our enhanced replication mechanisms feature technologies that dramatically reduce traditional WAN bandwidth demands that would otherwise be required to perform replication.


Data Vaulting Service (continued)For the purposes of effectively sizing a

Data Vaulting solution, a pre-installation survey is required. This survey will evaluate current data consumption trends and anticipated future data storage needs. Quantity discounts for storage requirements greater than 250 GB are available.

FIRN Services DescriptionData Vaulting Service (continued)The Data Vaulting Service includes: 24x7x365 Support Services 24x7x365 Monitoring of Service and Devices Pre-installation Data Usage and Future Needs Survey250 GB onsite storageOptional Offsite Storage housed in a Secured Facility (additional

increments of 250 GB) – IP access, to reach the Secured Facility, is the responsibility of the customer

Software Accessibility using industry standard Backup SoftwareSome examples include Atempo Time Navigator, BakBone

NetVault, Backup, CA, ARCserve Backup, EMC NetWorker, Veritas NetBackup, and Backup Exec


FIRN Web Hosting Service(continued) FIRN Web Hosting Service provides website hosting and website

hosting support to classroom teachers for educational purposes. This Teacher/Classroom Portal is a convenient and easy to use solution for teaching professionals who wish to establish and manage a website hosting account.

FIRN Web Hosting Service includes: 8x5 Support Services for uploading and accessing their website 10MB of website hosting space Documentation, FAQs, and general guidance on how to use web

standards Authentication and verification of eligibility for service Acceptable use policy


Co-Location Service(continued) Co-Location Service provides end user space in a

secure and robust facility. The co-location facility features air conditioning and conditioned UPS power backed up by generator power. The facility is protected by security mechanisms and provides secured physical access to customer equipment 24x7x365. For every unit of Co-Location Service obtained, one rack unit of space will be provided in a standard lockable cabinet. Equipment of different form factors or space requirements will be handled on a case by case basis. Quantity discounts are available.


Co-Location Service(continued)The Co-Location Service includes: Air Conditioned Space (HVAC)UPS Conditioned Power FeedsSecured AccessibilitySecured CabinetsRobust Connectivity to MFN

FIRN Services DescriptionCo-Location Service(continued) Air Conditioned Space (HVAC) The computer room air conditioning units (HVACs) are strategically

placed to assure the appropriate ambient temperature thresholds are met. In a raised floor data center, the conditioned air is dispersed through the air plenum and using perforated floor tiles. The non-raised floor data center disperses conditioned air using overhead ducting.

UPS Conditioned Power FeedsThe node has Uninterruptible Power Supply (UPS) systems. The UPS

systems receive power from both the commercial power utility and the standby power feeds. Each UPS system conditions the power and feeds the conditioned power to power distribution units (PDU). In case of a commercial power failure, a standby generator is

available to provide

FIRN Services DescriptionCo-Location Service(continued) power to the node within one minute of a commercial power

outage. The one-minute gap is covered by the UPS battery system. During an extended commercial power outage, the diesel generator provides power using the fuel stored on site. The node has a multiple-day fuel supply, with fuel delivery arrangements, if needed. The customer will be provided 120V 20A UPS Conditioned Power Feeds. Customer shall not exceed 1000W per 10RUs or 5700W per 38RUs per cabinet.

MFN will periodically review Customer‘s usage to verify that Customer is not exceeding the power limitation requirements. alternatively, suspend customer‘s Service(s) pending cure of the power non-compliance issue by customer.


Co-Location Service(continued) Secured Accessibility Security includes controlled access and egress doors, controlled

access permissions and access request methods, and managed key and /or access card plans for access control. CCTV cameras are used to monitor access, egress, and infrastructure. Common infrastructure areas are secured areas. MFN reserves the right to access any part of the Node at any time for safety and security reasons.

Secured CabinetsThe customer equipment will be housed in lockable cabinets. The

cabinets are four post racks with lockable doors and side panels and the inside width is 19”.

FIRN Services DescriptionCo-Location Service(continued) Customer‘s Client-Managed cabinet shall, at all times, be clean,

neat and orderly and shall not pose any danger or hazard to the Node or to employees (including subcontractors) that may be requested or required to enter the node to perform a Service. No combustible material, i.e. cardboard, foam, or paper may be stored in Customer cabinet. Customer may not hang or mount anything on the cabinets. Unsecured cabling across aisles or on the floor is strictly prohibited. All devices must be installed in racks or cabinets. Cable wrapping, zip ties and/or Velcro, must be used to organize cabling in a rack or cabinet

A staging area is available, on a first come first served basis for the temporary unpacking and configuration of Servers. MFN is not liable for Customer assets left unattended in this area.


Co-Location Service(continued) Robust MFN Service Connectivity Front-End Connectivity Front-End Connectivity

provides Internet access to the MFN Backbone via an Ethernet handoff from the Node Infrastructure. Customer must subscribe to an MFN Port connection of the appropriate bandwidth. MFN responsibilities include setting up and maintaining the Ethernet handoff(s) to the customer and capacity management of the Node infrastructure in order to provide the subscribed bandwidth.


Co-Location Service(continued) Additional Service Policies Shipping and Receiving Due to safety and liability concerns, the staff cannot ship,

receive, move, unpack or uncrate any Customer owned Equipment (racks, cabinets, racks of equipment, etc). Customer is responsible for unpacking, uncrating, and movement of heavy Equipment including all associated costs. Customer must implement appropriate protection plans to prevent damage to infrastructure (plywood on raised floors, overhead clearance, etc). MFN staff will not pack and ship any Customer owned Equipment.

FIRN Services DescriptionCo-Location Service(continued)Maintenance Windows All scheduled maintenance on common infrastructure is

scheduled during known maintenance windows and must be reviewed by an MFN Engineer. This applies to all Network, power, and facilities infrastructure. These maintenance windows may not be changed and must adhere to a schedule of restricted days.

Pricing components Include:MFN Ethernet Port ( >= 2M)Collocation Ethernet MFN AccessCollocation Area FeePer Rack feeMFN CPE


Co-Location Service(continued)Therefore a customer requiring 4 racks and 10 M of access to MFN would

incur thefollowing: MFN Ethernet Port 10 M $746.46 (standard per existing

contract)Collocation Ethernet MFN Access (10 M) 109.50 Collocation Area Fee 383.25 Per Rack fee x 4 481.80 MFN CPE (1841-SEC) 74.00 (standard rental per

existing contract) $1795.01


Firewall Chassis Service For organizations desiring protection from

threats originating from the outside, Firewall Chassis service delivers a fully managed security offering. This includes protection against threats from the Internet, or facilities located within the same virtual routing and forwarding instance. The service is built upon a provider managed premise-based appliance that is capable of processing packet-level information at bandwidth speeds appropriate for the speed of the of the wide-area connection.


Firewall Chassis Service(continued) Upon subscription to the service, an engineer will contact the

customer to develop custom security policies that are tailored to individual needs. Policies may include standard Layer-2 and Layer-3 intrusion prevention, or deep-packet inspection at the application layer to prevent peer-to-peer or other unwanted and unauthorized traffic. Once security policies have been approved by the customer, the engineer will schedule the installation, testing, and validating of firewall performance/functionality. Upon service acceptance, the device will continue to be monitored by the provider for availability and performance/functionality. Should an appliance hardware failure occur, the provider will dispatch a technician to either fix or replace the defective part(s), usually by the next business day.

FIRN Services DescriptionFirewall Chassis Service(continued)

Because the nature of external threats to IT resources is dynamic, the service includes on-going management, by experienced security specialists, to mitigate and prevent newly reported exploits from compromising sensitive data. This alleviates the burden of relying on external resources for proper and timely security alerts and advisements and greatly enhances the integrity of the organization’s data by preventing unauthorized access to confidential or sensitive information.


Firewall Feature Set Within the Site Router

This service is for customers who prefer to run the Firewall Feature Set within the operating system of capable CPE. A standard security design template will be applied to each CPE. This feature set will be managed and administered for the duration of customer subscription and provides basic access list controls and Netflow data analysis for traffic monitoring and diagnostic information. These access lists may be altered by the provider and upon request of the customer, to provide a more granular level of security that meets the security policies of the customer. Typical changes may include permitting or denying peer-to-peer protocols or specific websites.


Firewall Management Feature For organizations desiring protection from threats

originating from the outside, Firewall Management service delivers a fully managed security offering. This includes protection against threats from the Internet, or facilities located within the same virtual routing and forwarding instance. The service is built upon a provider managed, premise-based appliance that is capable of processing packet-level information at bandwidth speeds appropriate for the speed of the of the wide-area connection. The appliance, unlike the Firewall Chassis Management service, is NOT included in this service and must be a DMS/FIRN approved appliance.


Firewall Management Feature (continued) Upon subscription to the service, an engineer will contact the

customer to develop custom security policies that are tailored to individual needs. Policies may include standard Layer-2 and Layer-3 intrusion prevention, or deep-packet inspection at the application layer to prevent peer-to-peer or other unwanted and unauthorized traffic. Once security policies have been approved by the customer, the engineer will schedule the installation, testing, and validating of firewall performance/functionality. Upon service acceptance, the device will continue to be monitored by the provider for availability and performance/functionality. Should an appliance hardware failure occur, the provider will notify the customer so that the customer may take appropriate action to have the device repaired or replaced by the customers’ preferred vendor.


Firewall Management Feature (continued) Because the nature of external threats to IT resources

is dynamic, the service includes on-going management, by experienced security specialists, to mitigate and prevent newly reported exploits from compromising sensitive data. This alleviates the burden of relying on external resources for proper and timely security alerts and greatly enhances the integrity of the organization’s data by increasing the overall security posture of the organization. This type of holistic approach to security can greatly help in preventing unauthorized access to confidential or sensitive information.


Encryption Service For organizations that are legislatively mandated to transmit

confidential information in an encrypted format, this service provides a secure and reliable method to meet this obligation. The heart of the service is a provider-supplied, managed, and maintained appliance that creates a virtual private network using industry standard IPSEC tunnels and data encryption algorithms. The appliance uses Internet Key Exchange (IKE) to handle negotiation of protocols and algorithms based on the State’s security policy as well as to generate the encryption and authentication keys to be used by the encrypted session(s) or equivalent. IKE provides authentication of the VPN peers, negotiates VPN security associations, and establishes VPN encryption keys. The IKE policy incorporates 3DES encryption, SHA, and Diffie-Hellman groups 2 (1024-bit) and 5 (1536-bit) identifiers or equivalent. Machine authentication is provided using a digital certificate generated and issued by the AT&T selected Certificate Authority (CA).

FIRN Services DescriptionEncryption Service(continued) Upon subscription to the service, a security engineer

will contact the customer to develop the security policy for the organization. The engineer will configure the appliance and schedule installation with the customer. After installation, the device will continue to be monitored by the provider for availability, performance and functionality. Should an appliance hardware failure occur the provider will dispatch a technician to fix or replace the defective part(s), usually by the next business day.

FIRN Services Price Sheets

(Please insert attached Excel Price Sheets named “FIRN Price Sheets”)

FIRN Services Rate Calculator

The FIRN Services Rate Calculator makes it easier for the FIRN user when calculating the individual and total cost of services. In addition this tool allows the user to calculate Erate discounts.

Please reference link for FIRN Calculator (attached is the excel file with the FIRN calculator)

FIRN Services Simplified Matrix

The FIRN simplified matrix will assist the user to easily determine what services are included with the bundled packages available to FIRN users.

Please reference link for the FIRN Services Simplified Matrix (excel file for the FIRN services simplified matrix is attached)

FIRN Information State of Florida

Documents

Transcript of FIRN Information State of Florida