IP VPN Broadband Services

 

As of May 1, 2015, nonrecurring charges apply available to customers who are not already receiving IP VPN Broadband Services from Company.  Effective July 1, 2015, existing IP VPN Broadband Services customers cannot renew their IP VPN Broadband Services nor obtain MAC (Move/Add/Change) services for IP VPN Broadband Services.

 

I.          SERVICE DESCRIPTION: IP VPN Broadband Services (IP VPN Broadband) is a Company-managed VPN which enables Authorized User(s) located in remote site(s) to use the Internet to connect to a hub site. A remote site connects to the Internet via VPN Remote CPE and a Digital Subscriber Line (DSL), cable modem, other IP networks circuit (Remote Site), or Company provided cellular access. The hub site connects to the Internet via a VPN Hub CPE and dedicated access (Hub Site).

 

IP VPN Broadband provides encrypted connectivity using industry standard Internet Protocol Security (IPSec) software to enable IPSec tunneled connections.

 

1.         VPN Design. The design of the VPN shall be provided by Company based on information provided by Customer to Company. It is Customer's responsibility to provide all information reasonably requested by Company in connection with the provision of the VPN and to ensure that all such information is accurate, complete and up-to-date. Customer-requested VPN design changes must be mutually agreed upon by Company and Customer in Installation and Initial Configuration parameters.

 

2.         Access to IP VPN Broadband. Customer access to each Hub Site and Remote Site is provided via one Title for VPN Remote CPE remains with Company. Other optional access selections are available as shown in Section III, will determine appropriate cellular access CPE.

 

2.1       Hub Site Dedicated Access Options. Standard Hub Site access to IP VPN Broadband is one of the following Internet Dedicated Services ordered pursuant to a separate agreement: 768Kbps/T1, Double/Diverse T1, Price-Protected T1, NxT1, T3 Tiered, Burstable T3, Double/Diverse T3, Price-Protected T3, OC-3 Tiered, OC-3 Burstable, or third party provided transport.

 

2.2       Remote Site Access Options. Standard Remote Site access to IP VPN Broadband is provided via one of the following services: VPN Hub CPE and DSL Office, Internet DSL Office Enhanced, Internet DSL Solo Resale, Internet Cable Resale, Internet Dedicated Services 768 kbps/T1 and Price-Protected T1, cellular access, or third party provided transport. Internet Dedicated T1, cellular access, and third party transport are ordered pursuant to a separate agreement.

 

2.3       Local Access. Except for local loop connections for Internet DSL Services, if Local Access is required by Customer’s choice of dedicated access, then Customer must subscribe under a separate agreement.

 

3.         CPE and CPE Management.

 

3.1.      Hub Site CPE and CPE Management. Company Data Center. Customer must enter into a separate agreement for Data CPE as follows:

 

3.1.1    CPE. Company will provide VPN Hub CPE and OOB Modem at each Hub Site according to the VPN design, for rental by Customer. Title for VPN Hub CPE remains with Company. Company will determine the proper VPN Hub CPE to be used based on the access type and bandwidth selected by Customer.

 

3.1.2    CPE Management.

 

A.         Installation and Initial Configuration. Standard on-site installation and initial configuration of the VPN Hub CPE will be scheduled to occur during standard installation hours, between 8 a.m. and 7 p.m. ET on Business Days.

 

B.         Maintenance. Software on VPN Hub CPE will be maintained with current Company certified software and other necessary maintenance that Company may require from time to time. Upon Company’s determination of a VPN Hub CPE failure, Company will dispatch an on-site field technician to repair or replace Company owned VPN Hub CPE. If the failure is determined by Company before 4 p.m. ET, Company will ship and replace the VPN Hub CPE the next Business Day. If the failure is determined by Company after 4 p.m. ET, Company will ship and replace the VPN Hub CPE the second Business Day.

 

C.        Monitoring. Party Connectivity Option x7x365 proactive monitoring of the VPN Hub CPE and Company provided dedicated access and respond to alarms generated at Company’s Managed Network Solutions Operations Center and notify Customer of the status of the alarm. before 4 p.m. ET, Company will activated when i the connection to Customer-managed Websense server fails, or respond to two successive pings.

 

D.        Out of Band Modem. Company will obtain, install and maintain an OOB modem for troubleshooting each Hub Site.

 

For Hub Sites located in the U.S. Mainland, Alaska and Hawaii, Company will obtain and install a dedicated, analog telephone connection with at least 9600 bps bandwidth (Analog Line) for use by each OOB modem at no additional cost to Customer CustomerÂ’s choice of dedicated access, then Customer must subscribe under a wiring from the telephone company demarcation point to the OOB modem.

 

If at any time the Analog Line does not provide 9600 bps or greater bandwidth, upon the Company network operations center acceptance of the Router feature for such minimum bandwidth is restored.

 

3.2.      Remote Site CPE and CPE Management. Company will provide CPE and CPE Management for VPN Remote CPE as follows:

 

3.2.1    CPE. Company will provide VPN Remote CPE, as required by the VPN design, for rental by Customer. Title for VPN Remote CPE remains with Company. Company will determine the proper VPN Remote CPE to be used based access type and on the bandwidth selected by Customer.

 

Certain CPE related to the DSL and Cable service (e.g. a modem) is provided as part of the non-recurring charge for the service. Similarly, for Customer requested service upgrades or downgrades, Company will provide upgraded modems and routers as responsible for the provisioning, installation, configuration and ongoing management for the service.

 

3.2.2    CPE Management.

 

A.         Activation and Initial Configuration. Customer is responsible for on-site installation of the VPN Remote CPE. As an option, Customer may choose Company on-site installation. Notwithstanding the foregoing, Customer must order on-site installation for Remote Sites with cellular access. Standard remote activation and initial configuration of VPN Remote CPE will be scheduled to occur during standard installation hours, between 8 a.m. and 7 p.m. ET on Business Days.

 

B.         Maintenance. Software on VPN Remote CPE will be maintained with current Company certified software and other necessary maintenance that Company may require from time to time. Upon Company’s determination of a VPN Remote CPE backup occurs. Dial backup and OOB management can not occur simultaneously on the failure is determined by Company before 4 p.m. ET, Company will ship a replacement VPN Remote CPE to arrive at the Remote Site the next Business Day. If the failure is determined by Company after 4 p.m. ET, Company will ship a replacement VPN Remote CPE to arrive at Remote Site the second Business Day. If the replacement VPN Remote CPE does not resolve the problem, a Company technician will be dispatched for on-site troubleshooting. If the problem is determined by Company to not be a Company problem, the Customer may be billed for the dispatch of the technician.

 

If the failure is determined by Company in its sole Move/Add/Change services for IP VPN Broadband Services Broadband, Customer may be required to pay for the replacement VPN Remote CPE and/or the dispatch of the technician.

 

C.        Monitoring. Party Connectivity Option x7x365 proactive monitoring of the VPN Remote CPE and Company-provided dedicated DSL or T1 access and respond to alarms generated at Company’s Managed Network Solutions Operations Center and notify Customer of the status of the alarm. Company will ping the VPN Remote may require from time to time. Upon Company’s determination of a VPN Remote CPE does not respond to two successive pings.

 

D.        Out of Band Modem. Customer must order OOB modem for Remote Sites with cellular access. OOB modem is optional for other Remote Sites. OOB modems for Remote Sites will be provided with the same terms and conditions as OOB modems for Hub Sites.

 

4.         Customer Portal. Customer Portal is an Internet web portal that provides a secure, scalable, consolidated view of Customer’s network information 24 hours a day, seven days a week. Customer Portal provides real time access to information about IP VPN Broadband, including VPN reporting. Customer is limited to 10 user accounts and is responsible for ensuring that all users understand and comply with Company’s confidentiality requirements. VPN Reporting is not available for Remote Sites with cellular access as primary access.

 

5.         Third Party DSL as primary transport as shown above. Company provides change management services for all IP VPN Broadband sites. Customer may request Third Party DSL as primary transport as shown above via the Customer Portal. A minimum of three business days is required for review and completion of change requests; however, some change requests require additional time, IP VPN Broadband provides encrypted connectivity using Terminal Access Controller:

 

·        Activate Previously Configured LAN Interface

·        Cancel or Discontinue Managed Services – Entity (A cancellation order must also be submitted for IP VPN Broadband)

·        Customer Maintenance

·        Default Gateway – Modify

·        Dual Handshake Configuration Protocol (DHCP) Configuration Modify

·        Dialer Interface – Modify

·        Filters/Access Lists – Modify

·        Interface – Modify

·        Operating System (IOS) Emergency Upgrade

·        Operating System (IOS) Vulnerability Assessment/Upgrade

·        IP Address/Subnet Mask Changes

·        IP Device IOS Change

·        IP Network Address Translation – Modify

·        Broadband Failover are the same as for Company cellular access, Company or Protocol – Modify

·        Protocol/Feature – Modify

·        Request Copy of Router Configuration

·        Simple Network Management Protocol (SNMP) Community Strings Modify

·        Static Route Modify

·        Sub-Interface – Modify

·        Terminal Access Controller Access Control System (TACACS)/Radius Add

·        Embedded Firewall Policy Change (one per month)

·        Intrusion Prevention Signature File Update (one per month)

·        LAN Configuration Upgrade

·        Content Filtering URL Filter Change (one per month)

 

II.         DEFINITIONS: In addition to the Online Definitions, the following apply to IP VPN Broadband:

 

Business Day: Monday through Friday, excluding Company-defined holidays.

 

CPE: that item of CPE. Customer bears the risk of loss or damage to all CPE after Customer's Premises which, as determined by Company, is required for provision of IP VPN Broadband.

 

DSL: In no event originate or terminate digital data.

 

ET: Eastern United States Time. All references to time of day are to ET.

 

OOB: Out of band.

 

Router: A router and related software as determined by Company from time to time, managed and provided by Company.

 

VPN: Virtual private network utilizing internet protocol.

 

VPN Hub CPE: CPE at Hub Sites as determined by Company from time to time, provided by Company. Such VPN Hub CPE may include, without limitation, a router and related software, a Cisco Concentrator and related software, or equivalent equipment. The respond to alarms generated at CompanyÂ’s access at the Hub Site.

 

VPN Remote CPE: CPE at Remote Sites as determined by Company from time to time, provided by Company. Such VPN Remote CPE may include, without limitation, a router and related software a device terminating the Company Internet DSL Service or Company cellular service, or equivalent equipment. In some cases, the router may be used to terminate both VPN sessions as well as access at the Remote Site.

 

III.        FEATURES AND OPTIONS

 

1.         Hub Site Options.

 

1.1       Hub Site Access Options. and install a dedicated, analog telephone connection with at least 9600 bps bandwidth following Hub Site access options in lieu of standard Hub Site dedicated access:

 

1.1.1    Data Center Services Option. The terms and conditions for Data Center Services apply for access via Data Center Services to an IP VPN Broadband Hub Site located at a Company Data Center. Customer must enter into a separate agreement for Data Center Services.

 

IP VPN Broadband Service provided at a Company Data Center includes VPN monitoring and management as well as on-site installation and maintenance, however it does not include dedicated access bandwidth, which is allocated and charged for under the separate agreement for Data Center Services.

 

1.1.2    Existing Company Dedicated Access Option. Upon Company approval, a Company-provided dedicated connection at the Hub Site installed prior to subscription to IP VPN Broadband may be used for Hub Site access. The terms and conditions of Customer’s agreement for the dedicated connection will continue to apply.

 

1.1.3    Third Party Connectivity Option. Upon Company approval, access to IP VPN Broadband may be provided by a party other than Company that is connected to the Internet via a Company compatible network, as determined by the Company, other than the Company network, subject to the following provisions:

 

A.         Third Party Connectivity CPE. Customer must rent from Company the VPN Hub CPE and any other equipment designated by Company as necessary for a functional Hub Site.

 

B.         Monitoring Service. Company will provide 7x24x365 proactive monitoring of the VPN Hub CPE and respond to alarms generated at Company’s Managed Network Solutions Operations Center and notify Customer of the status of the alarm. Upon determination of Customer Third Party Connectivity failure, Company will notify Customer for resolution by Customer.

 

C.        Customer Obligations. Customer must obtain, install and maintain a dedicated Internet connection through a local, third-party Internet Service Provider (“3rd party ISP”) in order to connect the CPE and Customer provided equipment at each Third Party Connectivity Site to IP VPN Broadband. Customer is responsible for the installation and maintenance of all dedicated access connections (including but not limited to the telephone line access circuit). Customer must ensure that the connection speed to the 3rd party ISP from the Third Party Connectivity Site is at least 56 kbps, and that the 3rd party ISP allows Company remote access to the CPE for management and monitoring purposes.

 

Customer must obtain, install and maintain an Analog Line for use exclusively by each OOB modem at the Third Party Connectivity Site. Customer is responsible for all charges for the connection including, but not limited to Analog Line circuit charges and charges for facilities and extra cabling necessary within CustomerÂ’s building, including, but not limited to connection between the telephone company entrance point and connection to CPE and Customer provided equipment.

 

1.1.4    Enterprise Mobility Dial Access. As of March 1, 2008 Hub Site access via Enterprise Mobility Dial Access is no longer available to new Customers.

 

1.2       Customer Provided and Managed Router. Customer may provide its own Request Copy of Router not include dedicated access bandwidth, which is allocated and charged for must be compatible with the Company network and dedicated solely to the IP VPN Broadband network. Customer will be solely responsible for the provisioning, installation, configuration and ongoing management of such router. Company may monitor Customer Equipment 24x7x365 as necessary upon Customer request with Company’s agreement at Customer’s cost. Failure of the Customer-provided router Management Protocol SNMP Community Strings Modify maintenance that Company may require from time to time failure due to such router failure. Company reserves the right to change router requirements and configuration at any time.

 

2.         Remote Site Options.

 

2.1       Remote Site Access Options. Remote Site Access Options are as follows:

 

2.1.1    at any time the Analog Line does not provide 9600 bps or greater bandwidth. Upon Company approval, a Company-provided DSL connection at the Remote Site installed prior to subscription to IP VPN Broadband may be used for Remote Site access. The terms and conditions of Customer’s agreement for the DSL connection will continue to apply.

 

2.1.2    Internet Satellite – Office and Enterprise Option. Customer may subscribe to Remote Site access via Company Internet Satellite –Office. Customer must enter into a separate agreement for Company Internet Satellite – Office.

 

2.1.3    Company Provided Cellular Access. Company will provide cellular access CPE as part of the monthly recurring charge. Customer may obtain a cellular site survey from Company. Company will work to resolve issues related to the cellular access, however Customer has final responsibility to resolve for any issues with cellular service that have an impact on IP VPN Broadband. Company must approve sites with cellular access in advance. Company failure, Company will ship pre-configured VPN Remote CPE to the Customer. If.

 

2.1.4    Third Party Connectivity Option. Upon Company approval, DSL or cable access to IP VPN Broadband may be provided by a party other than Company that is connected to the Internet via a Company compatible network, as determined by the Company, other than the Company network, subject to the following provisions:

 

A.         Third Party Connectivity CPE. Customer must rent from Company the equipment designated by Company as necessary for a functional Remote Site.

 

B.         Customer Obligations. Customer must obtain, install and maintain a dedicated DSL or cable, at its cost, connection through a local, third-party 3rd party ISP in order to connect the CPE and Customer provided equipment at each Third Party Connectivity Site to IP VPN Broadband. Customer is responsible for the installation and maintenance of all access connections (including but not limited to the telephone line access circuit). Customer must ensure that the connection speed to the 3rd party ISP from the Third Party Connectivity Site is at least 56 kbps, and that the 3rd party ISP allows Company remote access to the CPE for management and monitoring purposes.

 

2.2       Out of Band Management. If Customer subscribes, May 1, 2015, management via an OOB modem, for Remote Sites located in the U.S. Mainland, Alaska and Hawaii, Company will obtain and install an Analog Line, at Customer’s cost, for use exclusively by each OOB modem. As an option, Customer may provide the Analog Line for OOB modem. Customer is responsible for charges incurred to extend the Analog Line wiring from the telephone company demarcation point Intrusion Prevention is a Router based service that detects, alerts July 1, 2015 equipment. An OOB modem is required for sites using cellular access.

 

2.3       On-Site Installation. Optional installation of VPN CPE and any other Company-owned CPE will be scheduled to will be maintained with current Company certified software and other necessary Business Days. For Internet DSL Services modem and router installation, the terms and conditions for Internet DSL Services on-site installation apply. On-site installation is required for sites using cellular access.

 

2.4       Failover Service. Customer may order Dial Backup or Broadband Failover as a failover to its IP VPN Broadband service at the Remote Sites.

 

2.4.1    Dial Backup. Customer may order analog dial backup as an option for sites using DSL, Cable or T1 connectivity. Company provides an analog modem and necessary cabling for dial backup at the rate shown in Customer’s Service Agreement. Customer is responsible to provide one Analog Line for each site that requires dial backup. At the Customer’s request, Company can provide an Analog Line at the rate shown in Customer’s Service Agreement. Company will be responsible for any dial charges that accrue during the time that dial backup occurs. Dial backup and OOB management can not occur simultaneously on the VPN CPE at any one time.

 

2.4.2    Broadband Failover Service. IP VPN failover via broadband cellular access provides for a secondary IP VPN tunnel to be used in the event the primary access circuit fails (Broadband Failover). Broadband Failover is available for Internet Dedicated, Cable or DSL primary transport. Broadband Failover uses the following broadband access types: Company-provided cellular access, Company or third party DSL access, or Company or third party cable access. Customer must purchase failover access via a separate agreement. Broadband Failover is only available for primary transport in the U.S. Mainland, Alaska and Hawaii. The terms for Company cellular access, Company or Third Party DSL and Cable access for Broadband Failover are the same as for Company cellular access, Company or Third Party DSL as primary transport as shown above.

 

3.         Router Enhanced Features. DSL or cable, at its cost, monitoring, support, and reporting (if applicable) for the Router features selected by Customer at install or from time to time as part of the overall management of IP VPN Broadband. Router enhanced features are available at both Hub Sites and Remote Sites. Unless otherwise noted, the features are provided Intrusion Prevention reporting is an option to the Intrusion upon the Company network operations center acceptance of the Router feature for management. Company will provide relevant software patches and upgrades as provided by the Router manufacturer from time to time for installation during a scheduled maintenance period. Router features are available for an additional Services customers cannot renew their IP VPN Broadband Services nor obtain MAC.

 

3.1       Embedded Firewall. Embedded Firewall is a Router based firewall service that establishes Company managed firewall policies on the Router. Company manages Customer-selectable “zones” (e.g. external or untrusted, internal or trusted, DMZ), firewall policies, and firewall rule sets between all zones.

 

3.1.1    Firewall Reporting. Firewall reporting is an option to Embedded Firewall. Customer traffic firewall reports will be available on a rolling basis, with the latest two months’ reports available for viewing on the Customer Portal.

 

3.2       Content Filtering. Content Filtering is a Router based service that allows Customer to control web-based content accessed by end users. Content filtering feature is whether or not related to IP VPN Broadband provided hereunder or any products select up to 25 URL filters (List-based Filtering), or both. Company configures content filtering to interface with Customer’s Websense server based on information provided by Customer. If List-based Filtering is used, it will be activated when (i) the connection to Customer-managed Websense server fails, or (ii) Customer does not have Websense server. Customer may request modifications to URL filter list on the Router via the standard change management process.

 

3.3       Intrusion Prevention. Intrusion Prevention is a Router based service that detects, alerts, and in some cases blocks attacks (intrusions) on the Customer network. Company configures standard intrusion prevention signature files provided by the Router manufacturer. All Routers configured with the intrusion prevention feature will contain the same signature file. The intrusion prevention signature file is configured with default actions for each signature to either (i) block the attack and drop the traffic, (ii) block the attack and reset the connection, (iii) generate an alarm, or (iv) perform a combination of the above listed actions as determined by Company. Upon request from Customer, alarms generated by the intrusion prevention feature can also be routed to Customer-owned syslog server(s). Company uploads new signature files to the Router as new signature files are released by the Router manufacturer from time to time.

 

3.3.1    Intrusion Prevention Reporting. Intrusion Prevention reporting is an option to the Intrusion Prevention feature. Reports are available on a rolling basis, with the latest two months’ reports available for viewing on the Customer Portal.

 

3.4       Ethernet LAN. This feature is only available as a LAN card on a Router. The LAN card provides for additional LAN ports (standard or with power over Ethernet, (PoE)). Company monitors the LAN card generally, but not individual ports on the LAN card. Customer may request modifications to LAN configurations via the Third Party DSL as primary transport as shown above process.

 

IV.        RATES AND CHARGES: In addition to the rates and charges set forth in Customer’s service agreement the following nonrecurring charges apply:

 

1.         Intrusion Prevention Reporting

 

2.         Paper Invoice Charge

 

3.         Convenience Payment Charge

 

V.         TERMS AND CONDITIONS: In addition to the Online Master Terms - Terms and Conditions of Service, the following terms and conditions apply:

 

1.         IP VPN Broadband Service Disclaimer. In no event shall Company be held liable for any security breach experienced by Customer, whether or not related to IP VPN Broadband provided hereunder or any products, designs, or architectures recommended by Company. Customer acknowledges and agrees that: (a) IP VPN Broadband constitutes only one component of Customer’s overall security program and is not a comprehensive security solution; (b) there is no guarantee that IP VPN Broadband will be uninterrupted or error-free, that networks or systems connected to IP VPN Broadband or supported by IP VPN Broadband will be secure, or that IP VPN Broadband will meet Customer’s requirements; and (c) there is no guarantee that any communications sent by means of IP VPN Broadband will be private.

 

2.         Company will provide certain CPE which was manufactured by third parties (Manufacturer). Customer’s use of such CPE is subject to the terms and conditions of the Manufacturer’s agreement and end user software license, if any. The provisions of the Guide related to CPE purchase or rental will apply to any purchase or rental or CPE by Customer Company will provide help-desk to occur during standard installation hours, between 8 a.m. and 7 p.m. ET on under purchase passes to Customer upon Company’s receipt of full payment for that item of CPE. Customer bears the risk of loss or damage to all CPE after installation and while such equipment is located at an installation site and, for rental equipment, shall pay Company the reasonable and customary costs of repair or replacement if loss or damage occurs.