IP VPN Dedicated Services
As of May 1, 2015, IP VPN Dedicated Services are no longer available to Customers who are not already receiving IP VPN Dedicated Services from Company. Effective July 1, 2015, existing IP VPN Dedicated Services Customers cannot renew their IP VPN Dedicated Services nor obtain MAC (Move/Add/Change) services for IP VPN Dedicated Services.
I. PRODUCT DESCRIPTION: IP VPN Dedicated Services (IP VPN Dedicated) is a managed Virtual Private Network solution utilizing internet protocol (VPN). IP VPN Dedicated enables remote Customer sites to access Customers site(s) through dedicated access (as described below) provided on the Company network or, as an option, or third party networks. IP VPN Dedicated supports encrypted connectivity using industry-standard IPSec software to enable IPSec tunneled connections.
Standard IP VPN Dedicated is comprised of customer premises equipment (CPE), VPN management, and dedicated access using Internet protocol (IP Dedicated Service) and includes certain hardware, software, equipment, systems, cabling, and facilities each provided by Company as provided below. CPE shall not include the Company Internet protocol network Customer Equipment, including Customer Equipment acquired from Company. At Customers option, IP Dedicated Service may be provided via 768 kbps, T1, T3, or NxT1 dedicated access; Ethernet; cable service; Digital Subscriber Line (DSL) service; bandwidth provided from a Company Hosting Center; or transport provided by a third party. IP VPN Dedicated may also be ordered in conjunction with Managed Firewall, on-site installation, and certain other additional services set forth herein.
1. CPE, Customer Equipment, and VPN Management. Certain CPE features are provided via software license keys. CPE is manufactured by third parties (Manufacturer), and may include software license keys to support certain features. Customers use of CPE is subject to the terms and conditions of the Manufacturers end user agreement and software license, if any. Company will be responsible for the provisioning, initial remote VPN configuration and ongoing management of CPE and the VPN. Customer is responsible for the provisioning and ongoing management of Customer Equipment. Initial remote VPN configuration may be scheduled between the hours of 8AM and 7PM ET Monday through Friday (excluding Company-designated holidays). Customer may schedule remote VPN configuration outside of these hours for an additional fee. IP VPN Dedicated uses encrypting routers as designated by Company (Router). Title and risk of loss to each item of Customer Equipment purchased from Company passes to Customer upon Companys shipping of that equipment from Companys dock to Customer location in the U.S. Mainland, Alaska, and Hawaii.
2. CPE Maintenance and Monitoring. CPE is monitored and maintained by Company 7X24. Company may also monitor Customer Equipment 7x24 as necessary upon Customer request with Companys agreement. Upon determination of a CPE failure, Company will dispatch an on-site technician to repair or replace Company-owned CPE. CPE maintenance includes transfer of software license keys as required. Upon determination of Customer Equipment failure, Company will notify Customer for resolution by Customer. Company will provide an Out of Band (OOB) modem for troubleshooting each site that is part of IP VPN Dedicated. For sites located within the U.S. Mainland, Alaska and Hawaii, Company will order and provide a dedicated, analog telephone connection for use by each OOB modem at no additional cost. Dedicated analog telephone connections are Customers responsibility for all other site locations. Customer is responsible for any charges incurred to extend the analog telephone connection wiring from the telephone company demarcation point to the CPE within Customers premises. If the analog telephone connection does not provide a minimum of 9600bps throughput, Company cannot remotely manage, troubleshoot or upgrade CPE configurations until such minimum bandwidth is restored. This limitation may negatively impact Companys ability to manage and troubleshoot the site, and could severely increase downtime and/or reduce site availability levels.
3. Customer Portal. Customer Portal is an Internet web portal that provides a secure, scalable, consolidated view of Customers network information 24 hours a day, seven days a week. Customer Portal provides real time access to information about IP VPN Dedicated, including VPN reporting. Customer is limited to 10 user accounts and is responsible for ensuring that all users understand and comply with Companys confidentiality requirements.
4. IP Dedicated Service. Customer VPN site must be serviced by Company provided Internet Dedicated Services, Internet Dedicated Services Ethernet ServicesInternet DSL Services and Internet Cable Services, or Data Center Colocation, as described below, except for sites approved for third party IP Dedicated Service. Unless otherwise indicated, IP VPN Dedicated will be provided bundled with CPE and IP VPN Dedicated management.
4.1 Bundled IP Dedicated Service. Bundled IP Dedicated Service combines IP Dedicated Service, CPE or Customer Equipment monitoring, CPE management, VPN management, and CPE maintenance. The bundled IP Dedicated Service and CPE options are described below.
4.1.1 Bundled Internet Dedicated Services. IP VPN Dedicated bundled with Internet Dedicated Services offers 768 kbps, T1, T3, or NxT1 access options. Bundled Internet Dedicated Services are subject to Internet Dedicated Services Terms and Conditions. The following Internet Dedicated Services service types are available in this bundle: Price-Protected Service, Tiered Service, Shadow Service, and T1 and T3 Burstable Service.
The following Bundled Internet Dedicated services and CPE options are available:
A. Single CPE Dedicated Access Service. The Single CPE Dedicated Access Service configuration provides a single Router terminating one dedicated circuit.
A.1 High Availability Service: High Availability Service provides two Single CPE Dedicated Access Service circuits and Routers, each passing traffic. Company will install matching service types (Router, circuit type and circuit speed) for both Single CPE Dedicated Access Services. The two dedicated circuits will upgrade, downgrade and terminate together.
B. Single CPE Shadow Dedicated Access Service. The Single CPE Shadow Dedicated Access Service configuration provides a single Router terminating one primary circuit and one Shadow circuit. The Shadow circuit is provided from a diverse network hub where possible.
C. NxT1 Multilink Frame Relay (MLFR) Service. With NxT1 MLFR Service, Customer receives access to the Company network at any time at the full bandwidth multiplied by the number of circuits ordered (i.e., 4.5 Mbps for 3xT1, 6 Mbps for 4xT1, 7.5 Mbps for 5xT1, 9 Mbps for 6xT1, 10.5 Mbps for 7xT1, and 12 Mbps for 8xT1).
D. Dual CPE Fail-Over Service. Dual CPE Fail-Over Service, (Hot Spare), provides two (2) Routers each terminating a single Internet Dedicated Service circuit. Company will order and install matching service types (CPE and line type/line speed) for both the primary and secondary Internet Dedicated Services. The two Internet Dedicated Service circuits ordered for this configuration must upgrade, downgrade and terminate together at all times. To maintain the reduced pricing for the Hot Spare circuit, Customers Hot Spare service shall not exceed a 16 kbps Measured Use Level for T1 Internet Dedicated Service or 500 kbps for T3. Should the Measured Use Level be exceeded in any month, an excess usage charge applies which is the difference between Companys standard Monthly Fee for the standard Company rate for the corresponding Measured Use Level and the reduced pricing for the Hot Spare circuit. For subsequent months, the excess usage charge will be the standard Monthly Fee for the standard Company rate for the corresponding Measured Use Level until the Measured Use Level decreases below 16 kbps for T1 and 500 kbps for T3, and Customer provides a written request to Company to return to the Hot Spare service.
E. Super Hub and OC 3 Service. Upon Customer request Company will make available Super Hub and OC3 Service at a price agreed upon by Customer and Company at time of order.
4.1.2 Internet DSL and Internet Cable Services. IP VPN Dedicated sites with Internet DSL Services and Internet Cable Services is provided with symmetrical DSL (SDSL), high bit-rate DSL (HDSL), or asymmetrical DSL (ADSL) access. As a component of IP VPN Dedicated, VPN sites with Internet DSL Services (DSL Solo, DSL Office or DSL Office Enhanced) or Cable Resale are subject to the following:
Company will provide access via DSL and Cable broadband technology. Certain CPE related to the DSL and Cable service (e.g. a modem) is provided as part of the recurring charge for the service. Company may interrupt the DSL Service or Cable Resale for scheduled or emergency maintenance or as otherwise set forth in Customer's service agreement. Customer is responsible for the operation and configuration of its own LAN/WAN. DSL Service and Cable Resale are only available in certain geographic areas in the United States. DSL Service provides the following:
A. Onsite installation of DSL or Cable including inside wiring and set-up of CPE.
B. Internet IP connection via ADSL, SDSL, or HDSL local access.
C. Provision of 7x24 Customer support.
D. DSL Office and DSL Office Enhanced Local Loop Connections. DSL local loop connections between Customers location and Company or Companys third-party aggregators will be arranged by Company, and are provided through a local exchange carrier (LEC), which may be Company or another LEC. Customer authorizes Company to act as its agent with respect to the ordering, installing, monitoring, testing, repairing, and performing all related activities regarding the local exchange carrier and the DSL local loop connection. Customer further authorizes Company and its suppliers, including the local exchange carrier, to access Customers premises at mutually convenient times in order to install, monitor, test, repair, or perform related activities regarding the DSL local loop connection and other Service components. In some instances, the local exchange carrier may not offer 7x24 customer support of the DSL local loop connection.
E. DSL Solo Services. It is Customers responsibility to ensure that a LEC-provided POTS line standard telephone line is in place for DSL Solo. DSL Solo is not available on Company UNE-P lines. Service based on shared-line ADSL technology does not support telephone lines used in part or in whole for any alarm service or telecommunications device for the deaf. Accordingly, Customer shall not order DSL Solo Service for any end user who wishes to have such Service provisioned over any (i) telephone line used in part or whole for any alarm service or in conjunction with a telecommunications device for the deaf; (ii) non-analog line; or (iii) line without a dial tone generated and billed to the end user by the incumbent LEC (ILEC).
F. Failed Dispatch. Company may bill a missed appointment fee when a technician is dispatched and cannot complete an installation because Customer: (a) does not make the appointment; (b) requests rescheduling or cancels upon arrival; or (c) has not arranged for access to the telephone box or Network Interface Device (NID) and it is inaccessible. To avoid the missed appointment fee, Customer must reschedule at least two (2) business days before the scheduled appointment time.
G. Technology Change. In some instances, the condition of the local access for Internet DSL Service and related service components for Customers location may not support Customers selected service tier. In such instances, (a) Company will activate the local access for Internet DSL Office Service at the maximum speed available (128 kbps minimum), (b) the order for Internet DSL Office Service will automatically be altered to reflect the lower service tier, and (c) Customer will be billed accordingly. Customer may request that the order for sites using Internet DSL Office Service be cancelled without penalty if Customers selected service tier is not available for the requested site.
4.2 IP Ethernet Services and Data Center Colocation. As a component of IP VPN Dedicated, VPN sites with Internet Dedicated Services Ethernet ServicesInternet Dedicated Fast Ethernet ServicesInternet Dedicated GigE Servicesor Data Center Colocation are subject to the following:
4.2.1 Internet Dedicated Ethernet Service. Customers electing this option have IP VPN Dedicated with either Internet Dedicated Services Ethernet Services, Internet Dedicated Fast Ethernet Services or Internet Dedicated GigE Services connectivity. IP VPN Dedicated sites with Internet Dedicated Ethernet Service includes CPE and management. It does not include dedicated access bandwidth, which is allocated and charged for under the separate agreement. IP VPN Dedicated sites with either Internet Dedicated Ethernet Service is only available with Single CPE Dedicated Access and management. Internet Dedicated Ethernet Service is provided pursuant to a separate agreement.
4.2.2 Data Center Colocation Premium IP Bandwidth. IP VPN Dedicated sites with Data Center Colocation, includes CPE and management as well as on-site installation and maintenance. It does not include dedicated access bandwidth, which is allocated and charged for under a separate agreement. Shadow, Dual/Diverse, or Fail-Over Services are not available with Data Center Colocation. Customers electing this option have their dedicated access connectivity provided at the selected Facility. Data Center Colocation Premium IP Bandwidth is provided pursuant to a separate agreement.
4.3 Standard Change Management.
Company provides change management services for all IP VPN sites. Customer may request Standard Change Management via the Customer Portal. A minimum of three business days is required for review and completion of change requests; however, some change requests require additional time, depending upon the complexity of the request. The following Standard Change Management activities are provided at no additional charge:
· Activate Previously Configured LAN Interface
· Cancel or Discontinue Managed Services Entity (A cancellation order must also be submitted for IP VPN Dedicated)
· Custom Traffic Shaping / Priority Queuing Modify
· Customer Maintenance
· Default Gateway Modify
· Dual Handshake Configuration Protocol (DHCP) Configuration Modify
· Dialer Interface Modify
· Filters/Access Lists Modify
· Interface Modify
· Operating System (IOS) Emergency Upgrade
· Operating System (IOS) Vulnerability Assessment/Upgrade
· IP Address/Subnet Mask Changes
· IP Device IOS Change
· IP Network Address Translation Modify
· IP Network Routed Protocol Modify
· Modify ISDN Dial Back-Up (DBU)
· Protocol/Feature Modify
· Request Copy of Router Configuration
· Simple Network Management Protocol (SNMP) Community Strings Modify
· Static Route Modify
· Sub-Interface Modify
· Terminal Access Controller Access Control System (TACACS)/Radius Add
· QoS Configuration Change
· Embedded Firewall Policy Change (one per month)
· LAN Configuration Upgrade
· Intrusion Prevention Signature File Update (one per month)
· Content Filtering URL Filter Change (one per month)
· Content Delivery Configuration Change (one per month)
(unless otherwise provided, not available for new orders or renewal on or after November 1, 2009)
II. DEFINITIONS: In addition to the Online Definitions, the following definitions apply to IP VPN Dedicated.
7x24: 7X24 means seven days a week, 24 hours a day
CPE: CPE is a device terminating the Company Internet DSL Service, an Edge Router, or Router provided by Company as part of IP VPN Dedicated. Depending on Manufacturer, CPE may also include software licenses necessary to support IP VPN Dedicated and features of IP VPN Dedicated ordered by Customer.
Customer Equipment: Customer Equipment is hardware, software, equipment (e.g. an edge router, or DSL/cable modem), systems, cabling, and facilities acquired by Customer for use with IP VPN Dedicated Service. Customer Equipment must be maintained by the Customer in order for the VPN site to be properly configured and managed by Company. Customer Equipment may also include equipment (and licenses) purchased by Customer from Company.
Edge Router: A non-encrypting edge router.
OOB: out of band.
QoS: Quality of Service, allowing Customer to prioritize traffic over Company IP network.
Router: An encrypting router as managed and provided by Company. The encrypting router may also include software licenses necessary to support IP VPN Dedicated and features of IP VPN Dedicated.
VPN: A virtual private network utilizing internet protocol.
III. FEATURES AND OPTIONS
1.1 Third Party Transport. Customer may have IP Dedicated Service provided by third parties. This may be in U.S. Mainland, Alaska and Hawaii locations where Company provides IP Dedicated Service (Third Party In Footprint) or in locations where Company does not provide IP Dedicated Service (Third Party Out of Footprint, collectively, Third Party Services). A Third Party Connectivity Site is defined as a Company-compatible, single device topology, VPN site that is connected to the Internet via a network other than the Company network. Company-provided CPE, or Customer Equipment, is connected to either Customer-provided or third-party local Internet Service Provider (3rd party ISP) provided Customer Equipment. Such Customer Equipment is directly connected to the 3rd party ISP circuit. Company-provided CPE or Customer Equipment may be connected directly to the Internet via third-party ISP with Company prior approval, unless restricted by local law or otherwise.
1.1.1 Dedicated Access Connection. Customer must provide and pay for a dedicated Internet connection through a 3rd party ISP in order to connect the CPE or Customer Equipment at the Third Party Connectivity Site to Customers VPN. The 3rd Party ISP must be properly licensed in the Third Party Connectivity Site country and said country, as well as the 3rd Party ISP, must not restrict the use of VPN technology nor any encryption or other technologies used in VPNs with Third Party Services. Customer is responsible for the installation of all dedicated access connections (including but not limited to the telephone line access circuit and the edge router). Customer shall ensure that the connection speed to the 3rd party ISP from the Third Party Connectivity Site is at least 56 kbps, and that the 3rd party ISP i) allows Company remote access to the CPE or Customer Equipment for management and monitoring purposes, ii) provides an Ethernet handover, iii) provides static routable IP addresses, and iv) does not perform network address translation on any Third Party Connectivity Site IP address.
1.1.2 Support for Third Party Transport. If outage or problem is deemed to be caused by the 3rd Party ISP, Company will contact Customer, and Customer will be responsible for contacting the 3rd Party ISP for resolution of all ISP issues.
1.1.3 Activation of Third Party Transport. The Service Activation Date shall be the date IP packets can be passed between Customers Third Party Connectivity Site and any other site on the VPN.
1.1.4 Third Party In Footprint.
A. Monitoring Service. Company will monitor and manage Customers Third Party Connectivity Site from Companys VPN operations center and notify Customer of the existence of any outages or problems with the Third Party Connectivity Site.
B. CPE and Customer Equipment. CPE is provided as part of the Third Party in Footprint Connectivity Sites however certain DSL or Cable terminating equipment (e.g. a modem) must be provided by Customer and is Customer Equipment. Such Customer Equipment must be maintained by Customer.
C. Spare Equipment. Additional pre-configured cold spare CPE may be rented by the Customer for an additional monthly charge.
1.1.5 Third Party Out of Footprint.
A. Customer Equipment. Customer shall purchase from Company pre-configured encrypting device(s), OOB modem(s), and any other equipment (e.g., DSL or Cable modems) designated by Company as necessary for the Customer to create a functional Company-compatible VPN Third Party Connectivity Site. Such Customer Equipment must be maintained by Customer. Maintenance, repair or replacement of Customer Equipment is the Customers responsibility.
Customer may establish such Third Party Connectivity Sites only in countries where the equipment has been properly homologated and the Customer is legally authorized to import and use such Customer Equipment.
B. Monitoring Service. Company will monitor and manage Customers Third Party Connectivity Site from Companys VPN operations center and notify Customer of the existence of any outages or problems with the Third Party Connectivity Site.
C. Spare Equipment. Additional pre-configured cold spare Customer Equipment may be purchased by the Customer for an additional charge. Company does not carry cold spare Customer Equipment in Third Party Out of Footprint countries and such Customer Equipment will follow normal ordering and shipping procedures from the United States.
1.1.6 Additional Terms and Conditions.
A. Service Level Agreement. All Third Party Out of Footprint sites are excluded from any Service Level Agreement.
B. Discounts. Third Party Connectivity Sites are excluded from calculations regarding the number of VPN Sites for the purpose of determining appropriate discount levels.
C. Third Party Out of Footprint Customer Equipment. Company is acting as a reseller for the Customer Equipment manufacturer and will provide them with certain information about the software that we resell. This information will be used by the manufacturer to manage their software licenses. The manufacturer may conduct audits of end users to ensure that they are in compliance with software license terms associated with that software. Point of sale reports may be sent to the manufacturer in the United States including the following information; Customer name, date of Customer Equipment sale, ship to location, installation country and city, number of Customer Equipment units sold and model of Customer Equipment sold.
1.2 Company Billed Access. A Company Billed Access configuration allows Customers who have purchased Internet Dedicated Services or Internet Dedicated Ethernet Service to use this Company-billed dedicated access service in conjunction with IP VPN Dedicated. IP VPN Dedicated sites with Company Billed Access provides CPE and management only.
1.3 Failover Service. Customer may order ISDN Failover or Broadband Failover as a failover to its IP VPN Dedicated service.
1.3.1 ISDN Failover Service. Company offers the option for ISDN dial back-up service (DBU). DBU offers up to 128 kbps ISDN backup for primary T1 Internet Dedicated Service. DBU is only available within the U.S. Mainland. Company offers two B channel ISDN connectivity and dual analog connectivity; however, both connections may not be able to be linked during every session. Pricing is based on access not to exceed 744 hours/month or 1488 hours/month for dual channel ISDN. Pricing for the DBU option does not include any local access charges or network applications fees. Customer is responsible for obtaining its own telephone lines for DBU.
A. Network Applications. Descriptions of the domain name, mail, news services, and other network applications available in connection with DBU, and the pricing and additional terms applicable to these services, are set forth in the Network Applications Fee Schedule available at www.verizonbusiness.com/terms. Company reserves the right to change the URL from time to time, effective upon posting of the changes to that URL or other notice to Customer.
B. Expedite Service. Expedite service makes the new connection operational four (4) business days after Customers receipt of a confirmation fax. Upon CPE arrival, Customer must immediately contact Company for configuration. Prior to CPE arrival, Customer is responsible to ensure all telco or ISDN lines are installed and in proper working order. Failure to comply with any of the above invalidates installation time guarantees. Any delays caused by incompatibilities between Customers system and Company-provided Equipment will also invalidate installation time guarantees. There is an additional one-time fee if Customer elects expedite service.
1.3.2 Broadband Failover Service. IP VPN failover via broadband access provides for a secondary IP VPN tunnel to be used in the event the primary access circuit fails (Broadband Failover). Broadband Failover is available for Internet Dedicated, Cable or DSL primary transport. Broadband Failover uses the following broadband access types: Company-provided cellular access, Company or third party DSL access, or Company or third party cable access. Customer must purchase broadband access via a separate agreement, either from Company or a third party. Broadband Failover is only available for primary transport in the U.S. Mainland, Alaska and Hawaii.
A. DSL and Cable Failover. The terms for Company or Third Party DSL and Cable access for Broadband Failover are the same as for Company or Third Party DSL or Cable as primary transport as shown above.
B. Company Provided Cellular Failover. For Broadband Failover via Company provided cellular access, Company will provide CPE as part of the monthly recurring charge. Customer may obtain a cellular site survey ordered from and provided by Company. Company will work to resolve issues related to the cellular access, however Customer has final responsibility to resolve for any issues with cellular service that have an impact on IP VPN Dedicated. Company must approve sites with cellular access in advance to determine appropriate cellular access CPE.
2. CPE and Customer Equipment Options. The following CPE and Customer Equipment Options are available.
2.1 VPN On-site Installation. (included with Data Center Colocation)
2.1.1 Availability. VPN On-site Installation is only available in the U.S. Mainland.
2.1.2 Prerequisites: Prior to VPN On-site Installation, Customer agrees to prepare a compatible space for the necessary equipment, provide an adequate power source and demarcate a dedicated analog telephone circuit and space for an analog telephone line for IP VPN Dedicated. For sites within the U.S. Mainland, Company will order and provide the dedicated analog telephone circuit for the OOB modem at no additional cost.
2.1.3 Preparation of Devices or Services. Customer is responsible for making changes to or configuration of devices or services other than the VPN itself (e.g., Domain Name Server, Simple Mail Transfer Protocol Server, Third Party Proxy Server, Windows NT Services, Lotus Notes Servers, Novell Servers, file or print servers, etc.). The Company installation engineer may recommend to Customer the necessary configuration changes, but will not perform these changes.
2.1.4 Installation Dates. Installation dates are subject to the availability of a Company installation engineer. Customer may cancel installation requests without penalty more than three business days prior to the installation date. Installation requests cancelled within three business days of the installation date will be subject to a cancellation charge of 50 percent of the applicable non-recurring charge for the services cancelled.
2.1.5 Conflicts. Customer represents and warrants that the on-site installation will not conflict with any agreements or obligations between Customer and any third parties, and agrees to indemnify and defend Company and its contractors from any losses, damages, costs, or expenses resulting from claims or allegations arising out of or relating to a breach of this warranty.
2.1.6 Other Requirements. On-site installation includes inside wiring and set-up of CPE or Customer Equipment. On-site installation is subject to limitations and requirements, including, but not limited to; (a) the total length of the inside wire installed will not exceed 150 linear feet, (b) the total installation time will not exceed 2.5 hours of labor on-site including CPE or Customer Equipment installation and configuration performed during one site visit, (c) installation may involve surface installation or installation through available ducts or other reasonably accessible conduits, (d) installation does not include moving furniture, modifying fixtures, running conduit or other site changes, (e) installation may involve drilling through walls, floors and ceiling, except drilling of masonry more than one inch think, or any hole that penetrates the building slab, raised floor slabs, block walls or any surface that requires a hammer or special drill is not included, (f) installation will only be done in locations no more than 12 feet in height from the ground or floor, (g) an industry standard indoor/outdoor 4 pair wire, and (h) a safety decision by Company prior to performing any wiring installation. Under no circumstances will Company provide on-site installation in an environment or condition that it reasonably determines to be unsafe.
2.2 Encryption. Company will configure VPN Routers with AES, 3DES or DES encryption based on Customer request. Encryption levels may be limited by applicable law.
2.3 VPN with Managed Edge Router. The managed edge router configuration uses a non-encrypting edge router in front of the Router. This allows for flexibility of upgrades as well as scalability for multiple services for the Customer. The managed edge router service is offered in two configurations:
2.3.1 Company-Managed Edge Router. In this configuration, Company manages both the Edge Router and Router. This configuration is ordered as a standard IP VPN Dedicated on the Edge Router as well as one dual Router as encrypting router. Customer will be billed for the standard IP VPN Dedicated as well as an additional dual Router.
2.3.2 Customer-Managed Edge Router. In this configuration, Company manages the Router but Customer manages the Edge Router. Sites with Customer-managed Edge Router will not be eligible for SLAs and will not be used in SLA calculations. This configuration is ordered as standard IP VPN Dedicated. Customer will use their own Edge Router.
2.4 Cold Spare. At Customers option, a cold spare device is pre-shipped to the site for use if the primary device fails. For Third Party Out of Footprint sites, cold spare Customer Equipment is shipped to Customer location in U.S. Mainland, Alaska, or Hawaii. No configuration is applied to the Customer Equipment prior to shipment and Customer may be required to unpack the equipment and attach the power and data cables at the direction of a Company operations engineer.
2.5 VPN with Internet Firewall Service. Customers electing Internet Firewall Service, whether electing the managed or unmanaged option (the Firewall Service), must sign a separate agreement with Company for Firewall Service. The Firewall Service is a security solution for Internet access Customers and is offered as a managed service (wherein Company provides firewall configuration, administration, monitoring, report generation, support, and the use of a firewall system owned, maintained and supported by Company) or as a Customer-managed service wherein Company will sell the firewall software and CPE to Customer, as provided in the Firewall Service agreement. Customer may elect on-site installation of the Firewall Service for an additional fee. VPN with Internet Firewall Service is a different offering than the Embedded Firewall option described below.
2.5.1 Company-Managed Firewall Options. The following IP VPN Managed Firewall Service configurations are available. Each configuration is automatically billed under separate line item:
A. Serial Configuration. In the serial configuration of the IP VPN Managed Firewall Service, all VPN and Internet traffic flows from the Internet through the Router and the selected managed firewall to the Customer's LAN.
B. Parallel Configuration with Company-Managed Downstream Router. In the parallel configuration of the managed Firewall Service with Company-managed downstream Router, the VPN and Internet traffic are split between the Router and the firewall. The firewall is the default route, with static routes setup to the Router for VPN traffic. This configuration uses three routers.
C. Parallel Configuration with Customer-Managed Downstream Router. This configuration is the same as the parallel configuration with Company-managed downstream router configuration above except that the downstream router is managed by Customer.
D. Parallel Configuration Without Downstream Router. In this configuration, the VPN and internet traffic is split between the Router and the firewall. The Router is the default route for all traffic, with Internet traffic routed to the firewall.
2.5.2 VPN with Customer-Managed Firewall. In this configuration, Company will provide recommendations for Customers configuration and management of its own firewalls to work with IP VPN Dedicated. These recommendations are reference only and Customer will be solely responsible for the provisioning, installation, configuration and ongoing management of such firewalls, which must be compatible with IP VPN Dedicated and the Company network. Failure of the Customer-provided firewall to be compatible with IP VPN Dedicated and the Company network will mean Company will not be responsible for management of IP VPN Dedicated or failure of IP VPN Dedicated for that site and Customer will not be qualified for SLAs. Company reserves the right to change requirements and configuration at any time. Customer-managed firewalls are offered in the following two configurations:
A. Serial Configuration. In the serial configuration, all VPN and Internet traffic flows from the Internet through the Router and the firewall to the Customer's LAN. This configuration is ordered as a standard IP VPN Dedicated.
B. Parallel Configuration Without Downstream Router. In this configuration, the VPN and internet traffic is split between the Router and the firewall. The Router is the default route for all traffic, with Internet traffic routed to the firewall. This configuration is ordered as a standard IP VPN Dedicated on the Edge Router as well as one dual Router as encrypting router.
2.6 Quality of Service (QoS). With QoS, the Router or Customer's applications, at Customers option, mark traffic for assignment to one of four QoS traffic priority classes (EF, AF2, AF3 and BE) for T1 and NxT1 MLFR connections or one of two QoS classes (EF and BE) for T3 connections (excluding Tiered T3), based on the IP precedence settings that Customer applies to the Type of Service (ToS) byte in the IP header. Based on the traffic priorities set by Customer, the various traffic flows are provided a portion of bandwidth that favors higher priority traffic over lower priority traffic during times of congestion. Customer may adjust its QoS configuration by submitting a standard change management request.
3. Router Enhanced Features. Company provides configuration, implementation, administration, monitoring, support, and reporting (if applicable) for the Router features selected by Customer at install or from time to time as part of the overall management of IP VPN Dedicated service. Unless otherwise noted, the features are provided as an embedded operating service feature. The selected feature is operational upon the Company network operations center acceptance of the Router feature for management. Company will provide relevant software patches and upgrades as provided by the Router manufacturer from time to time for installation during a scheduled maintenance period. Router features are available for an additional charge per month per Router, and may only be available for certain Routers as determined by Company or may require custom support from Company.
3.1 Embedded Firewall. Embedded Firewall is a Router based firewall service that establishes Company managed firewall policies on the Router. Company manages Customer-selectable zones (e.g. external or untrusted, internal or trusted, DMZ), firewall policies, and firewall rule sets between all zones.
3.1.1 Firewall Reporting. Unless otherwise provided this feature is not available for new orders or renewal on or after April 1, 2010. Firewall reporting is an option to Embedded Firewall. Customer traffic firewall reports will be available on a rolling basis, with the latest two months reports available for viewing on the Customer Portal.
3.2 Content Filtering Feature. Content Filtering is a Router based service that allows Customer to control web-based content accessed by end users. Content filtering feature is used with a Customer provided and managed Websense server or configured to select up to 25 URL filters (List-based Filtering), or both. Company configures content filtering to interface with Customers Websense server based on information provided by Customer. If List-based Filtering is used, it will be activated when (i) the connection to Customer-managed Websense server fails, or (ii) Customer does not have Websense server. Customer may request modifications to URL filter list on the Router via the standard change management process.
3.3 Content Delivery Feature. Unless otherwise provided this feature is not available for new orders or renewal on or after November 1, 2009. This feature is available as a Router module that provides for caching of Customer web-based content to store frequently requested web content on the Router module.
3.4 Ethernet LAN Feature. This feature is only available as a LAN card on a Router. The LAN card provides for additional LAN ports (standard or with power over Ethernet, (PoE)). Company monitors the LAN card generally, but not individual ports on the LAN card. Customer may request modifications to LAN configurations via the Standard Change Management process.
3.5 Intrusion Prevention Feature. Intrusion Prevention is a Router based service that detects, alerts, and in some cases blocks attacks (intrusions) on the Customer network. Company configures standard intrusion prevention signature files provided by the Router manufacturer. All Routers configured with the intrusion prevention feature will contain the same signature file. The intrusion prevention signature file is configured with default actions for each signature to either (i) block the attack and drop the traffic, (ii) block the attack and reset the connection, (iii) generate an alarm, or (iv) perform a combination of the above listed actions as determined by Company. Upon request from Customer, alarms generated by the intrusion prevention feature can also be routed to Customer-owned syslog server(s). Company uploads new signature files to the Router as new signature files are released by the Router manufacturer from time to time.
3.5.1 Intrusion Prevention Reporting. Unless otherwise provided this feature is not available for new orders or renewal on or after April 1, 2010. Intrusion Prevention reporting is an option to the Intrusion Prevention feature. Reports are available on a rolling basis, with the latest two months reports available for viewing on the Customer Portal.
IV. RATES AND CHARGES: In addition to the rates and charges set forth in the Customer's service agreement or service attachment, the following nonrecurring charges apply:
V. TERMS AND CONDITIONS: In addition to the Online Master Terms - Terms and Conditions of Service, the following terms and conditions apply:
1. VPN Design. The design of the VPN shall be provided by Company based on information provided by Customer to Company. It is the Customer's responsibility to provide all information reasonably requested by Company in connection with the provision of the VPN and to ensure that all such information is accurate, complete and up-to-date. Customer understands that should Customer desire to change the design of this VPN, the design must be mutually agreed upon in writing prior to implementation and must fall within acceptable Company product parameters. Any modifications may require modifications to the monthly recurring charges and may affect the application of Service Level Agreements.
2. CPE, Customer Equipment and Management. Customer will provide Company with such access to CPE and Customer Equipment under Customers control and such assistance as Company reasonably requires to provide IP VPN Dedicated Service. Customer shall: (a) maintain the CPE in accordance with the reasonable instructions of Company as may be given from time to time; (b) not modify, relocate, or in any way interfere with the CPE; and (c) not cause the CPE to be repaired, serviced, or otherwise accessed except by, or under the instruction of, an authorized representative of Company. Customer shall be liable for any and all damage to CPE caused by the act or omission of Customer or the malfunction or failure of any Customer equipment. CPE does not include the Company IP network or any Customer Equipment, including Customer Equipment acquired by Customer from Company.
3. Technical Obligations. For the duration of Customers use of IP VPN Dedicated, Customer agrees to: (a) be responsible for the compliance of its Authorized Users with the End User Terms & Conditions set forth below; (b) designate and maintain an authorized system administrator responsible for administering Authorized User accounts; (c) be solely responsible for all Authorized User accounts, support, billing, and collections, as applicable; and (d) be solely responsible for the set-up, administration, and maintenance via secure connection of all Authorized User accounts, including without limitation Authorized User identifications and passwords. Company shall provide second-level technical support to Customer regarding the administration of Authorized User accounts, and reserves the right to access and revise any CPE configuration where required to satisfy the obligations of the service agreement or any order. Company shall not be responsible for the inaccuracy or disclosure of any configuration to Authorized Users.
4. End User Terms & Conditions.
Company exercises no control over the content of the information passing through Company network, including without limitation Companys host computers, network hubs, and points of presence. COMPANY MAKES NO WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, FOR IP VPN DEDICATED AND DISCLAIMS ANY WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
IP VPN Dedicated is provided to Authorized Users only. Resale to or use by other persons or entities is prohibited. Company will not be responsible for any damage an Authorized User suffers. This includes damages resulting from loss of data due to delays, nondeliveries, misdeliveries, or service interruptions. Use of any information obtained via the Network is at the Authorized Users own risk.
Use of IP VPN Dedicated is subject to the Acceptable Use Policy (Policy) for the country in which an Authorized User connects to the Network, as set forth at www.verizonbusiness.com/terms, and if no Policy exists for that country, the U.S. Policy shall apply. Company reserves the right to suspend or terminate an Authorized Users account for any actual or threatened violation of the Policy.
5. Unauthorized Use. Customer is advised that use of IP VPN Dedicated carries a risk of various forms of fraud, including but not limited to, unauthorized or fraudulent use of IP VPN Dedicated (Unauthorized Use) by persons who obtain Customers host names, UIC codes, passwords or other authentication-related information used in connection with IP VPN Dedicated. Customer is responsible for (i) exercising due diligence in protecting Customer systems and information that might be used to access, exploit, or otherwise use IP VPN Dedicated, (ii) modifying, updating, deleting and otherwise administering such access information and passwords with respect to Authorized User accounts, and (iii) promptly notifying Company in writing of any security compromise with respect to such information or Authorized User accounts. Customer shall be responsible for payment of rates, fees, charges and surcharges incurred for all usage of IP VPN Dedicated, including without limitation, Unauthorized Use of IP VPN Dedicated. This obligation shall not apply with respect to Unauthorized Use that is due to Companys negligent or willful misconduct.
6. Service Disclaimer. In no event shall Company be held liable for any security breach experienced by Customer, whether or not related to IP VPN Dedicated provided under this service attachment or any products, designs, or architectures recommended by Company. IP VPN Dedicated constitutes only one component of Customers overall security program and there is no guarantee that IP VPN Dedicated will be uninterrupted, error-free, or free from security breaches.
VI. SERVICE LEVEL AGREEMENT (SLA): Customers meeting the following requirements will be eligible for SLA credits.
1. For Customer's under a Global SLA, effective on or after May 1, 2004, the following service level agreement (SLA) applies:
Not withstanding anything to the contrary, the maximum amount of credit in any calendar month shall not exceed thirty-five percent (35%) of the Monthly Fee and/or Start-up Fee for bundled IP Dedicated Service, management and CPE which, absent the credit, would have been charged that month. The SLAs set forth Customers sole remedies for any claim relating to IP VPN Dedicated or the Company network, including any failure to meet any service level set forth in the SLA. Raw data available via SNMP read-only access may not be relevant and can not be used to determine SLA compliance or violation.
Company reserves the right to amend SLAs from time to time effective upon notice to Customer; provided, that in the event of any amendment resulting in a material reduction of the SLAs, service levels or credits, Customer may terminate IP VPN Dedicated Service without penalty by providing Company written notice of termination during the thirty (30) days following notice of such amendment. Company may avoid IP VPN Dedicated termination if, within 30 days of receipt of Customers written notice, it agrees to amend the service agreement to eliminate the applicability of the material reduction. SLA statistics are confidential and may be used by Customer solely for the purpose of analyzing service quality. Companys records and data shall be the basis for all SLA calculations and determinations.
2. For all Customers except those under the Global SLA, effective May 1, 2004: The SLA for IP VPN Dedicated is incorporated by reference herein and made a part of the service agreement, and is set forth at the following URL: www.verizonbusiness.com/terms and applies only to Customers VPN sites where (1) there is an IP VPN Dedicated term of at least one year, (2) Customer has granted Company authority to order and maintain local access, (3) the site is part of a VPN of at least three sites, and (4) Customer maintains the dedicated analog connection(s) supporting the OOB modem. Notwithstanding anything to the contrary, the maximum amount of credit in any calendar month under all dedicated access and VPN SLAs shall not exceed the Monthly Fee and/or Start-up Fee for bundled IP Dedicated Service, management and CPE which, absent the credit, would have been charged that month. The SLAs set forth Customers sole remedies for any claim relating to IP VPN Dedicated or the Company Network, including any failure to meet any service level set forth in the SLA. Raw data available via SNMP read only access may not be relevant and can not be used to determine SLA compliance or violation. No SLAs are available for DSL service.