HomeMy WebLinkAboutContracts_VPN agreements with Vendors_VPN Agreement - Presidio, Paul PhonsoukVirtual Private Network (VPN)Policy
1.0 Purpose
The purpose of this policy is to provide guidelines for Remote Access IPSec or L2TP Virtual Private
Network (VPN)connections to the City of Auburn corporate network.
2.0 Scope
This policy applies to all City of Auburn employees,contractors,consultants,temporaries,and other
workers including all personnel affiliated with third parties utilizing VPNs to access the City of Auburn
network.This policy applies to implementations ofVPN that are directed through an IPSec Concentrator.
3.0 Policy
Approved City of Auburn employees and authorized third parties (customers,vendors,etc.)may utilize the
benefits ofVPNs,which are a "user managed"service.This means that the user is responsible for selecting
an Internet Service Provider (lSP),coordinating installation,installing any required software,and paying
associated fees.
Additionally,
1.It is the responsibility of parties with VPN privileges to ensure that unauthorized users are not
allowed access to the City of Auburn internal networks.
2.VPN use is to be controlled using either a one-time password authentication such as a token
device or a public/private key system with a strong passphrase or IT managed security.
3.When actively connected to the corporate network,VPNs will force all traffic to and from the PC
over the VPN tunnel:all other traffic will be dropped.
4.Dual (split)tunneling is NOT permitted;only one network connection is allowed.
5.VPN gateways will be set up and managed by City of Auburn network operational groups.
6.All computers connected to City of Auburn internal networks via VPN or any other technology
must use the most up-to-date anti-virus software that is the corporate standard (www.mcafee.com);
this includes personal computers.
7.VPN users will be automatically disconnected from City of Auburn's network after thirty minutes
of inactivity.The user must then logon again to reconnect to the network.Pings or other artificial
network processes are not to be used to keep the connection open.
8.The VPN concentrator is limited to an absolute connection time of24 hours.
9.Users of computers that are not City of Auburn -owned equipment must configure the equipment
to comply with City of Auburn's VPN and Network policies.
10.Only InfcSec-approved VPN clients may be used.
11.By using VPN technology with personal equipment,users must understand that their machines are
a de facto extension of City of Auburn's network,and as such are subject to the same rules and
regulations that apply to City of Auburn -owned equipment,i.e.,their machines must be
configured to comply with InfoSec's Security Policies.
4.0 Enforcement
Any employee/parties found to have violated this policy may be subject to disciplinary
action,up to and including termination of employment/agreement.
Confidentiality.
The parties acknowledge that by reason of their relationship to each other hereunder,
each will have access to certain information and materials concerning the others
technology and products that is confidential and of substantial value to that party,which
value would be impaired if such information were disclosed to third parties
("Confidential Information").Should such Confidential Information be orally or
visually disclosed,the disclosing party shall summarize the information in writing as
confidential within thirty (30)days of disclosure.Each party agrees that it will not use in
any way for its own account,except as provided herein,nor disclose to any third party,
any such Confidential Information revealed to it by the other party.Each party will take
every reasonable precaution to protect the confidentiality of such Confidential
Information.Upon request by the receiving party,the disclosing party shall advise
whether or not it considers any particular information or materials to be Confidential
Information.The receiving party acknowledges that unauthorized use or disclosure
thereof could cause the disclosing party irreparable harm that could not be compensated
by monetary damages.Accordingly each party agrees that the other will be entitled to
seek injunctive and preliminary relief to remedy any actual or threatened unauthorized
use or disclosure of such other party's Confidential Information.The receiving party's
obligation of confidentiality shall not apply to information that:(a)is already known to
the receiving party or is publicly available at the time of disclosure;(b)is disclosed to
the receiving party by a third party who is not in breach of an obligation of
confidentiality to the party to this agreement which is claiming a proprietary right in
such information;or (c)becomes publicly available after disclosure through no fault of
the receiving party.
Term,Termination and Survival.This Agreement will remain in effect until terminated by either party.
Either party may terminate this agreement for convenience by providing not less than thirty (30)days
prior written notice,which notice will specify the effective date of termination.Either party may also
terminate this Agreement immediately upon the other party's breach of this Agreement.Upon
termination or expiration of this agreement,any and all computer media or other documentation
containing programs or information used to connect to the City of Auburn will be returned to the City
of Auburn at:
City of Auburn
IT Department
I E Main Street
Suite 320
Auburn WA 98002
5.0 Definitions
Term
IPSec Concentrator
Definition
A device in which VPN connections are terminated.
6.0 Approved Connections
This agreement between City of Auburn and Presidio has been approved for the below machine
connections.No other machine access is permitted with out express permission of the City of Auburn
I.S.Operations department.Any failure of this agreement or the guidelines set forth will result in
immediate termination of Presidio VPN with the City of Auburn Network and any other services
described there in.
Approved VPN Server Connections:
1.DCS chassis
2.vSphere,servers,or workstations as needed &approved by City of Auburn
IN WITNESS WHEREOF,the parties hereto have caused this Agreement to be duly executed.
Each party warrants and represents that its respective signatories whose signatures appear below
have been and are on the date of signature duly authorized to execute this Agreement.
Presidio
,~c~Authorized SIgnature
Plwio..kQh €PhOfl>OI.(k
Name (I£.-7 I"l,
IT Department,City of Auburn
Authorized Signature
Name
Date Date
THIRD PARTY CONNECTION REQUEST -INFORMATION
REQUIREMENTS DOCUMENT
In accordance with the Network Connection Policy,all requests for Third Party Network Connections must
be accompanied by this completed Information Requirements Document.This document should be
completed by Presidio person or group requesting the Network Connection and emailed to City of Auburn
A.Contact Information
Requester Information
Name:Phalakone (Paul)Phonsouk
Department Number:n/a
Manager's Name:nla
Director's Name:Steve Walter
Phone Number:503.594.0376
Email Address:swalter@presidio.com
Technical Contact Information
Name:Colin Schmalz
Department:IT
Manager's Name:nla
Director's Name:Steve Walter
Phone Number:253-804-5021
Pager Number:
Email Address:cschmalz@auburnwa.gov
Back-up Point of Contact:
Name:
Department:
Manager's Name:
Director's Name:
Phone Number:
Pager Number:
Email Address
B.Problem Statement/Purpose of Connection
What is the desired end result?Company must include a statement about the business needs of the
proposed connection.Discovery of the current UCS environment and perform an upgrade of the UCS
domain at both Datacenter
C.Scope of Needs (In some cases,the scope of needs may be jointly determined by the supporting
organization and the Third Party.)
What services are needed?(See Section D.of Network Connection Policy)VPN access
What are the privacy requirements (i.e.do you need encryption)?
What are the bandwidth needs?Standard connection provided to Auburn City remote users will
be fme.
How long is the connection needed?Until the upgrade of the UCS has been completed.
Estimated 3-4 days or less
Future requirements,if any.None
D.Third Party Information
Third Party Name:Presidio
Management contact (Name,Phone number,Email address)
Location (address)oftennination point of the Network Connection (including building number,
floor and room number):Remote home office
Main phone number:206-3S1-0S67
Local Technical Support Hours (7X24,etc):8am -Spm (M-F).
Escalation List:Ken Ries (Project Manager for Presidio)
Host/domain names of the Third Party:Presidio.com
Names (Email addresses,phone numbers)of all employees of the Third Party who will use this
access.If not appropriate to list the names of all employees,then provide a count of the number of
employees who will be using the connection.
Paul Phonsouk
pphonSOllk1Vpresidio.com
206-351-0567
E.What type of work witt be done over the Network Connection?
What applications will be used?Web browser
What type of data transfers will be done?File transfer to the UCS FIs at each Datacenter
How many files are involved?2 files (UCS Firmware)
What are the estimated hours of use each week?What are peek hours?8 hours
F.Are there any known issues such as special services that are required?Are there any unknown issues at
this point,such as what internal City of Auburn services are needed?No (both)
G.Is a backup connection needed?(e.g.,are there any critical business needs associated with this
connection?)No
H.What is the requested installation date?(Minimum lead-time is 60 days)Feb 12
L What is the approximate duration of the Third Party Network Connection?Access require until the
upgrade of the UCS has been completed.Estimated 3-4 days or maybe less
1.Has a Non-Disclosure Agreement been sign with the Third Party or the appropriate employees ofthe
Third Party?
K.Are there any exiting Network Connections at City of Auburn with this company?None that I'm aware
of
L.Other useful information -none