• No results found

SERVICE DESCRIPTION Wide Area Network

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "SERVICE DESCRIPTION Wide Area Network"

Copied!
12
0
0

Loading.... (view fulltext now)

Download now ( 12 Page )

Full text

(1)

SERVICE DESCRIPTION

Wide Area Network

Date: 14.12.2015

(2)

TABLE OF CONTENTS Page 1 INTRODUCTION 3 2 SERVICE DESCRIPTION 4 2.1 Basic service 4 2.2 Options 6 2.2.1 DHCP service 6 2.2.2 Link Balancing 7 2.2.3 Guest Zone 8 2.2.4 Partner VPN 9 2.2.5 Traffic Shaping 10 2.2.6 Link Management 11 3 ADDITIONAL DOCUMENTS 12 4 DISCLAIMER 12

(3)

1

INTRODUCTION

This document describes the USP Wide Area Network managed service with all the options available from USP. This document, together with the agreed Service Level Agreement, constitutes the binding basis for the provision of the managed service.

Field of application

Companies are often distributed over a number of locations, or even over a number of continents. There is a lively exchange of date between locations. In addition to the need for communication between colleagues, those employed at one site must frequently access resources located at a different site.

The Wide Area Network service offers a simple and secure capability for companies to build up a data network covering different locations that is tailored to their needs.

Benefits

The Wide Area Network service is independent of ISPs and transmission technologies. This means that the best possible Internet connection, with the best price/performance ratio, can be selected for each site. This means that our customers benefit from high quality at a favourable price.

At the same time, they can use different connection technologies. This means that our customers get the best possible performance from their services. At the same time, they benefit from a very high availability over the entire network.

USP acts as a single point of contact for all matters relating to your Wide Area Network. Our customers have the benefit of a single contact person who always has an overview of the entire network and is therefore able to solve problems globally, efficiently and quickly.

(4)

2

SERVICE DESCRIPTION

2.1

Basic service

USP's Wide Area Network service provides flexible and efficient networking of sites.

Name of service Wide Area Network Service abbreviation MSS-WAN

Service version 2.0

Status Operational

Operating hours OH1: Monday – Friday, 08:00 – 18:00 CET OH2: Monday – Saturday, 07:00 – 21:00 CET OH3: Monday – Sunday, 0:00 – 23:59 CET OH4: Monday – Friday, 08:00 – 18:00 local time Availability guarantee ACA: best effort

ACB: 99.5% availability during operating hours ACC: 99.7% availability during operating hours ACD: 99.9% availability during operating hours

Usage parameter The service is assessed on the basis of the number of site-to-site connections.

Description The Wide Area Network service connects sites through secure IP VPN tunnels. Whatever the medium by which the Internet Service Provider (ISP) supplies the data to the site, the Wide Area Network service implements a company network based on static IPSec VPN tunnel.

All end points are monitored by the USP Security Operations Center 24 hours a day/7 days a week. Our staff will react in the event of a problem in the network. The USP Security Operations Center act as a single point of contact and handles all interactions with the ISPs.

Benefits Internet connections can be procured from local providers at all sites, so that the best price/performance ratio can be achieved. This improves the performance of the WAN as a whole. At the same time connection costs can be saved.

USP acts as a single point of contact. USP handles coordination with the various providers in the event of connection problems. The problem is considered from a holistic view, which means that a solution can be found quickly and efficiently. In addition to rapid problem solutions, the customer benefits from having one contact for all aspects and does not have to worry about the, often tiresome, management of the various parties.

(5)

Key Performance Indicators (KPIs)

Compliance with the SLA parameters is measured against the availability of the service infrastructure.

Reporting The following service-specific values are collated in the monthly reports: - service infrastructure workload

- data volume in total and per location - bandwidth utilisation

Measuring points The following measuring points are monitored to monitor the service: - CPU/RAM utilisation of the service infrastructure

- accessibility of the ISP router - availability of Internet links

- incoming and outgoing data volume per location

Conditions of use The service infrastructure must be implemented redundantly for availability guarantees that are better than ACA. A redundant setup requires the allocation of static private IP addresses.

The service requires a valid Fortiguard or Forticare subscription for the infrastructure.

The USP Security Operations Center must be notified to the ISP as change-authorised.

(6)

2.2

Options

2.2.1

DHCP service

The service infrastructure acts as a DHCP server or forwards DHCP messages to a target segment.

Name of the service option DHCP service

Abbreviation MSS-WAN-DHCP

Usage parameter The service option is assessed on the basis of the size of the address range. DHCP relaying is assessed at a fixed amount.

Description Clients need to have a valid address before they are able to use network resources. These addresses are either set statically or assigned dynamically by a DHCP server. If this option is enabled, the WAN service infrastructure acts as a DHCP server. Two different versions of this are supported. Either the infrastructure acts as a DHCP server for one or more internal segments. Or alternatively, the addresses are accepted by the infrastructure from a remote server and forwarded into the internal segment.

Benefits Often there is no DHCP server available at smaller sites. No additional infrastructure is required if the WAN service infrastructure takes on the role of the DHCP server.

Static addressing is not possible if the clients in a segment are not known and change frequently, for example in guest networks. Instead of using a dedicated server and hence additional infrastructure, this task can be taken on by the existing service infrastructure.

Key Performance Indicators (KPIs)

Compliance with the SLA is determined using the KPIs for the basic service.

Reporting The following data is added to the reported data: - number of addresses assigned per day - addresses assigned concurrently

Measuring points The number of addresses assigned concurrently is monitored.

Conditions of use The option is offered for segments with no more than 50 protected IP addresses or for guest segments.

(7)

2.2.2

Link Balancing

Where a site has a number of Internet links, they can be used in common with this option.

Name of the service option Link Balancing

Abbreviation MSS-WAN-LB

Usage parameter The service option is assessed on the basis of the size of the basic service. Description This option distributes the data traffic over the available links. Various

strategies can be used for this:

- source IP-based: standard, links selected in sequence by the round-robin method, depending on the source IP.

- weighted load balance: based on the configured weighting of the links.

- spillover: the second link is only selected once a specified bandwidth is exceeded on the first link.

Equal Cost Multipath Routing (ECMP) is generally used on these set-ups. As an alternative to using both links, one line can also be used as a pure backup line.

As an alternative to the strategies listed above, it is also possible to define the load distribution on the basis of predefined rules.

Benefits Connection to the Internet is of enormous importance for many companies. Pure availability is just as important in this context as the performance of the link. This option allows the achievement of an improvement in

performance by distributing the load over a number of links.

Very high availability can be achieved by using multiple links. Should one link fail, the entire data flow will be taken on by the remaining links so that connectivity is assured and you benefit from a constant connection to the Internet.

Key Performance Indicators (KPIs)

Compliance with the SLA is determined using the KPIs for the basic service.

Reporting The following data is added to the reported data: - availability of Internet links

- Internet link utilisation

Measuring points The availability of the links is checked by sending pings. The relevant interfaces on the WAN infrastructure and the ISP router are additionally monitored.

Conditions of use The Internet links are provided by the customer and are not a part of this service option.

USP recommends that the USP Security Operations Center is made change-authorised with the ISP so that changes and incidents can be handled as quickly as possible.

(8)

2.2.3

Guest Zone

This option operates a further zone which can be used to give guests access to the Internet.

Name of the service option Network Segmentation

Abbreviation MSS-WAN-NS

Usage parameter The service option is assessed on the basis of the size of the basic service. Description This option operates an additional network segment. The segment is

terminated at the WAN service infrastructure. This additional zone is completely isolated from the internal zone. There are no firewall rules permitting a transition between the zones.

Benefits The separation of the network zones for staff and the guest segments make it impossible for guests to access resources on the internal network. This significantly increases the security of the company data.

There are no additional ISP costs to pay as the guests can also use existing Internet connections.

Reporting Incoming and outgoing data traffic for the guest segment is added to the existing report.

Measuring points The incoming and outgoing data volume is measured. Conditions of use The conditions of use for the basic service apply.

Guests must be uniquely identified and the data traffic must be logged in accordance with current legislation. The components required for this are not part of this service option. They must either be provided by the customer, or procured from the ISP as a service.

(9)

2.2.4

Partner VPN

This option allows sites that are not operated by USP to be connected to the company network.

Name of the service option Partner VPN

Abbreviation MSS-WAN-PVPN

Usage parameter The service option is assessed at a fixed rate independently of the basic service.

Description This option is used to operate a site-to-site connection to another company or to partners. The connection is established by the WAN service

infrastructure as an IPSec VPN tunnel.

The connections are restricted so that the users can only access those resources that they need for their work. The tunnels can be further restricted. For example, access can be restricted to office hours.

Benefits Data communications with business partners outside the company network is a common requirement. Partner VPN connections make possible a simple and low-cost option for incorporating partners into communications. And without entering the risk that partners can access sensitive data that is not intended for third parties.

USP has considerable experience in handling partner VPN connections such as these and can establish an appropriate VPN tunnel to practically any gateway. This means that it is not necessary to buy expensive

infrastructure.

Reporting Incoming and outgoing data traffic for the tunnel is added to the existing report.

Measuring points The availability of the tunnel will be monitored. Conditions of use The conditions of use for the basic service apply.

Whatever the availability guarantee for the basic service, partner VPN tunnels are always operated as best effort, as USP can only have limited influence on the counter-party.

(10)

2.2.5

Traffic Shaping

This option makes it possible to give data differing priorities.

Name of the service option Quality of Service

Abbreviation MSS-WAN-QoS

Usage parameter The service option is assessed on the basis of the size of the basic service. Description This option classifies the data traffic into up to three classes. A maximum

bandwidth is assigned to the classes. Classes may exceed their bandwidths as long as the total bandwidth available is not completely utilised. The classes are limited to their particular bandwidth if the entire bandwidth is used.

The data traffic is divided up on the basis of various characteristics: - origin address

- origin port

- destination address - destination port - protocol

As a rule, a default class is specified to accept all data packets that are not explicitly assigned to another class.

Benefits More and more often, business applications are being provided centrally and the users access these applications from anywhere in the world. Thanks to the Quality of Service option, important data traffic can be communicated as a priority. This makes working with the business applications more

comfortable, without having to pay out for more bandwidth.

Data traffic that is not time-critical, backup data for instance, can be given a lower priority than other data. This means that you do not need dedicated lines but you can continue to use the existing lines.

Reporting The utilisation of the various classes is added to the monthly reports. The rejected packets are also reported.

Measuring points The number of rejected packets is measured. Conditions of use The conditions of use for the basic service apply.

Changes to the bandwidths have a considerable influence on this option and must be notified to the USP Security Operations Center as soon as possible. There is no prioritisation on the application layer (layer 7) with this option. but this can be implemented with the MSS-WP-AC service.

(11)

2.2.6

Link Management

USP handles all the contract management for the Internet connections.

Name of the service option Link A Management, Link B Management, MPLS Link Management Abbreviation MSS-WAN-LINK_A, MSS-WAN-LINK_B, MSS-WAN-MPLS

Usage parameter The service option is assessed on the basis of the bandwidth of the various links. The primary Internet link is always assigned to the Link A

Management (MSS-WAN-LINK_A) option, and the second link to Link B Management (MSS-WAN-LINK_B) correspondingly. MPLS links are assigned to the MPLS Link Management (MSS-WAN-MPLS) option.

Description In this option, USP acts as the contractual contact for the Internet providers. USP subleases the lines to the customer.

All contracts with the ISPs are regularly examined and re-evaluated. A regular check is made to ensure that the bandwidth still meets

requirements. If not, these are amended, with the customer's agreement. The latency times between the sites are also monitored. The ISP is re-evaluated should these times not meet requirements.

Benefits The evaluation of ISPs is often a time-consuming and tiresome task – especially abroad. USP handles this task so that our customers can save significant effort and, eventually, money.

A one-stop shop for the complete WAN service. This gives the customer a consistent SLA and one single partner responsible for the service who will reliably make sure that incidents are rectified promptly and professionally in the customer's interests. This significantly enhances the availability of the WAN overall.

Reporting No additional data is reported in the monthly reports.

Measuring points The latency time from the USP Security Operations Center to the various sites is measured.

Conditions of use The conditions of use for the basic service apply.

This option is not available in some countries, as the entity taking out the contract must have a presence in-country.

(12)

3

ADDITIONAL DOCUMENTS

The present document describes the functional scope of USP's Wide Area Network service. General information on the Service Level Agreement and on operation may be found in the additional documents.

Service management and SL catalogue

This document contains all the information relating to the Service Level Agreement parameters. It defines the support processes and collaboration obligations, for instance, along with operating hours and availability guarantees.

Services catalogue The services catalogue defines the operation tasks and the standard changes. The document also describes the processes by which the corresponding changes can be triggered in a qualified fashion. Price list The prices of all services and options are laid down in the price list.

4

DISCLAIMER

This document is the intellectual property of USP AG and may not be copied, reproduced, handed on or used for execution without its permission. Unauthorized use is punishable in accordance with Section 23 in conjunction with Section 5 of the Swiss Unfair Competition Law. This work is protected under copyright. The rights consequently justified, particularly of translation, reproduction, the use of illustrations, distribution by photomechanical or other means and storage in data processing systems, even in extract, remain reserved. The functions, data and illustrations described in this documentation are applicable with the reservation that amendment is possible at any time. They are provided for better understanding of the material, without claiming completeness and correctness in detail. The programs described in this document are only provided on the basis of a valid licence agreement with USP AG and can only be used in compliance with the conditions laid down in the licence agreement.

USP's General Terms and Conditions shall apply unless higher-ranking provisions apply.

References

Download now ( PDF - 12 Page - 339.79 KB )

Related documents

MODULE 18 Application - Document Recognition LESSON 41

In the simplest scheme based on the boolean model for retrieval, we retrieve the documents that have occurrences of both good and teacher.. Such

An automated tuberculosis screening strategy combining X-ray-based computer-aided detection and clinical information

For the feature ranking and selection procedures, it is not surprising that CAD score is the most relevant fea- ture for the combined strategy, as it is a complete screening strategy

Tax Policy Design and The Role of a Tax-Free Threshold

Considering a range of tax and benefit systems, particularly those having benefit taper rates whereby some benefits are received by income groups other than those at the bottom of

Geneinno Intelligent Robot T1 Pro

Please charge in time when the battery is low, use the standard charger and connector to charge the host, charging time is about 3 hours, wireless relay is about 2 hours..

Evaluating the Performance of Public Urban Transportation Systems in India

The purpose of this study was to evaluate the rela- tive performance of 26 public urban transportation organizations in India using various criteria.. We grouped these 19 criteria

Perspectives on the Future of Graduate Education in Medicinal Chemistry and Pharmacognosy 1

The prior training of incoming graduate students impacts significantly on the didactic courses enrolled in dur- ing the first year in a graduate program in medicinal chem- istry

Advisor AUDIT TAX MANAGEMENT CONSULT-

The College Board puts the average total cost for in-state students at four-year public colleges and universities at just over $23,000: about half the cost of private schools..

Social Stratification in India Reflected by the Conflicts Happen in Arundhati Roy’s Novel “The God of Small Things”

Based on his theory, the effect of social stratification is people classify into high class, middle class, and the lowest class.. Paul B Horton and Chester