Office Virtual Private Network (TOS)

TERMS OF SERVICE FOR
OFFICE VIRTUAL PRIVATE NETWORK (Updated 12/20/2018)

This Service is subject to and governed by the Customer's separate signed Master Services Agreement (MSA) or Customer Service Agreement (CSA) as applicable, with Consolidated Technology Services (CTS), calling itself Washington Technology Solutions or "WaTech" for short. The reference to WaTech means the same as Consolidated Technology Services. This Agreement is entered into between you and CTS for the provision of CTS' IPsec Virtual Private Networks (VPN). For the purposes of this agreement "you" and "Customer" are used interchangeability and mean the entity to which CTS is providing service.

A. Service Description

Virtual Private Networks (VPNs) use the Internet to carry data between distant locations and an organization's main network. Data moving over a VPN connection is secure because it is encrypted in transit and restricted per customer requirements.

  • Office VPN Services
    Office VPN provides a secure, cost-effective way to connect employees to your agency's main network using an Internet connection. Your agency's primary network location must be on the State Government Network (SGN) or the Intergovernmental Network (IGN).

    • Branch Office supports remote office(s) of employees and/or network devices.

    • Site-to-Site provides a WaTech VPN endpoint for a customer or contractual partner owned VPN-capable device to establish a site to site tunnel, creating a secure access solution for users to connect to private network resources located on the WaTech controlled network.

B. Availability/Accessibility

  1. Availability Management
    The service(s) defined in this agreement will be available 24 hours a day, 7 days a week. WaTech shall not be liable for any damages resulting from any service interruptions, downtimes, or any other factor beyond WaTech's control.

  2. Change Management
    All changes to WaTech Data Center computing and network environments are managed to promote or provide stability and minimize the impact of the changes to its customers. All changes to the WaTech computing and network environments are implemented in accordance with WaTech Information Technology Service. Management Operations Manual Standards and Procedures, located at https://watech.wa.gov/itsmom

  3. Problem Management
    Problems with the WaTech computing and network environments are managed in accordance with the WaTech Information Technology Service Management Operations Manual Problem Management Standards and Procedures.

  4. Security Management
    WaTech provides a security system infrastructure that reasonably protects its Customers from unauthorized external access to or broadcast on the Internet of customer's intellectual property, proprietary and confidential data. WaTech shall ensure the security infrastructure is configured and maintained in compliance with OCIO IT Security Policy and Standards as well as the WaTech Information Technology Service Management Operations Manual Standards and Procedures.

C. Charges

The Office VPN Service fees can be found on the WaTech Website: https://watech.wa.gov/solutions/it-services/Office-VPN

D. Responsibilities

1. WaTech Responsibilities

  • Use reasonable efforts to assure that production servers will be available 24-hours, 7-days-a-week, excluding coordinated maintenance activities.

  • Provide and maintain the VPN hardware and software platform and the software system environment.

  • Reasonably manage and maintain the physical environment housing the production servers in accordance with applicable WaTech policies, which may include measures such as:

    • Assuring that only WaTech authorized personnel are allowed access to the physical environment using both electronic monitoring and security guards.

    • Providing environmental controls and monitoring of Data Center physical environment.

    • Maintaining fire detection and suppression systems.

    • Providing conditioned power.

  • Provide support through the WaTech Support Center as follows:

    • IPsec VPN Service Installation will be available 7:00 am - 8:00 pm Monday through Friday.

    • IPsec VPN Incident Response will be available 24x7 for complete site/service outages relating to only the VPN service, features and devices.

2. Customer Responsibilities

  • Internet Access
    Customer is required to maintain an account with an Internet Service Provider (ISP). The ISP connection will enable the Customer to connect to the WaTech IPsec Concentrator.

  • Request Form
    Customer must provide a completed Branch Office VPN Request Form or Site-to-Site VPN Request Form for each new connection at the time their service request is submitted to the WaTech Support Center.

  • Equipment
    Customer is responsible for the physical health of Branch Office Device while on customer premises. As a result of this WaTech requires that all Branch Office devices be plugged into an Uninterruptible Power Supply. If a device fails while plugged into the UPS, WaTech will cover the replacement costs. However, if the device fails while not connected to a UPS the customer will incur the replacement costs.

    Do not disconnect the WaTech VPN device from its power supply or unplug the device from the wall. The WaTech VPN device should only be unplugged under the direction of a WaTech VPN Technician.

    If a WaTech VPN Device fails due to the customer unplugging the power supply from the device, the customer will incur a service fee to cover the costs of repair and/or replacing the device.

  • Equipment Returns
    The customer will be charged a service fee if the device has not been shipped within 10 business days from the time the service is canceled or the equipment is requested to be returned by WaTech staff.

    Devices that are returned in a damaged condition will incur a service charge to offset the repair costs.

    WaTech VPN devices and equipment are required to be returned with all the original packaging and contents. This includes but is not limited to Ethernet cables, power supplies, documentation, console cables, USB cables, etc. Devices or equipment that are not returned with the original package contents will incur a service charge to offset the replacement costs.

  • Remote Hardware Client Installation
    The Customer VPN Technical Contact will install and setup each Remote Client, with instruction and support by CTS. CTS will provide telephone support for the initial setup, installation and configuration, in collaboration with the Customer VPN Technical Contact. CTS VPN telephone support for VPN installation will not be provided after normal business hours (8-5 Monday through Friday).

    If CTS VPN Hardware Client cannot be installed or configured successfully utilizing telephone support, Customer may need to obtain onsite VPN technical support from third-party vendors to successfully complete the installation. Obtaining such support will be the sole responsibility of Customer.

  • Virus Protection Software
    Customer is responsible for ensuring comprehensive virus protection software, including the most current upgrades and patches consistent with industry standards, is implemented and maintained on the Customer's remote workstation. Customer represents and warrants that all antivirus software and other security software will be configured maintained in accordance with OCIO IT Security Policy and Standards.

  • Firewalls
    Customer is responsible for ensuring a comprehensive firewall, including upgrades, patches, and current versions consistent with industry standards, is implemented and maintained on the Customer's remote workstation and servers. Customer represents and warrants that all firewall software and other security software will be configured maintained in accordance with OCIO IT Security Policy and Standards.

  • Troubleshooting
    The WaTech IPsec Service does not guarantee 100% of your ISP's advertised bandwidth. Branch Office Site devices have 1 Gbps interface and do not throttle bandwidth. Unless your ISP connection is over 1 Gbps the VPN device will not be the bottle neck. However, you can expect slower speeds from IPsec overhead, TCP overhead, and latency from the distance between Branch Office to customer VRF, TCP settings on server, application/protocol in use (SMB) and ISP congestion. If all of the above is in optimal condition customers can expect to see a 25% or greater bandwidth decrease from your ISP bandwidth.

    The WaTech IPsec Service does guarantee that your traffic from the remote site will be encrypted and securely delivered from the Branch Office Device to your customer VRF.

Follow the procedures below before submitting a troubleshooting ticket.

  1. Bandwidth Issues the customer must provide the following information including testing and results.

  • ISP Speeds at Branch office location both upload and download.

  • ISP Modem/router model at Branch Office location.

  • Run testing using the latest version of iPerf* (currently iPerf3) with a host workstation at the Branch Office site in question and a server within the customer VRF.

    iPerf download available at: https://iperf.fr/

    *iPerf is an accepted industry standard bandwidth testing and troubleshooting tool.

  1. General Issues, if a customer opens a ticket with WaTech they will be required (as a bare minimum) to provide the following information:

  • VPN Site name and/or location

  • Status of ISP connection

  • Current (that day) confirmation from the customer's ISP that IPsec traffic is not being blocked by the ISP

E. Special Terms

  1. Exclusions: The following items are the sole responsibility of the Customer NOT support by WaTech:

    • Customer support for systems outside the State Network.

    • Implementation and management of Customer LAN (i.e., firewalls, hubs, servers, workstations, etc.).

    • Help desk support for client devices and applications.

    • LAN-to-LAN (Branch Office to Branch Office) connections via VPN.

    • Technical support for Internet Access.

    • Technical support for customer owned hardware at the Branch Office location.

    Privacy Policy

    WaTech is committed to your privacy and does not collect or log browsing history, traffic destination, data content, or DNS queries from You connected to our VPN.

    For the sake of clarity and transparency, we have placed all information related to data collection in a separate document known as the Privacy Policy, which is available https://watech.wa.gov/privacy-policy. Please review the Privacy Policy in its entirety to get a clear understanding of how we handle your sensitive data.

    Acceptable Use Policy

    It is Your responsibility to assess whether using the site, apps, software, or services is in compliance with local laws and regulations. Whenever You use the site, apps, software, or services, You must comply with this TOS and applicable laws, regulations, and policies.

    You understand that it is your responsibility to keep your WaTech account information confidential. You are responsible for all activities under your account. If You ever discover or suspect that someone has accessed your account without your authorization, You are advised to inform WaTech immediately. WaTech will revoke your account credentials and issue new ones.

    WaTech aims to provide the best service possible to all of You. In that sense, we require that you do not misuse our content or services. A misuse refers to any use, access, or interference with the content or services contrary to the TOS or applicable laws and regulations.

    In order to protect the services from being misused or used to harm someone, WaTech reserves the right to take appropriate measures when our services are being used contrary to the terms of this TOS and applicable laws. You agree that WaTech may terminate your account, without providing a refund for services already paid, if you misuse the service.

    In using our services, you agree not to:

    • Send or transmit unsolicited advertisements or content (i.e., "spam") over the service.

    • Send, post, or transmit over the service any content which is illegal, hateful, threatening, insulting, or defamatory; infringes on intellectual property rights; invades privacy; or incites violence.

    • Upload, download, post, reproduce, or distribute any content protected by copyright or any other proprietary right without first having obtained permission from the owner of the proprietary content.

    • Upload, download, post, reproduce, or distribute any content that includes sexual or explicit depictions of minors.

    • Engage in any conduct that restricts or inhibits any other Customer from using or enjoying the service.

    • Attempt to access, probe, or connect to computing devices without proper authorization (i.e., any form of "hacking").

    • Attempt to compile, utilize, or distribute a list of IP addresses operated by WaTech in conjunction with the service.

    • Use the service for anything other than lawful purposes.

    Third-party Services

    WaTech is not responsible for the availability of the content or services provided by Third Parties as they are not under the control or supervision of WaTech and they may have different terms of use and policies. Your access through our services to any website, service, or content provided by Third Parties does not indicate any relationship between us and such Third Parties.

    Disclaimers

    We will strive to prevent interruptions. However, the service is provided on an "as-is" and "as-available" basis, and we do not warrant, either expressly or by implication, the accuracy of any materials or information provided through the site or the service, or their suitability for any particular purpose. We expressly disclaim all warranties of any kind, whether express or implied, including but not limited to warranties of merchantability or fitness for a particular purpose, or non-infringement. We do not make any warranty that the services will meet your requirements, or that it will be uninterrupted, timely, secure, or error-free, or that defects, if any, will be corrected.

    VPN service coverage, speeds, server locations, and quality may vary. WaTech will attempt to make the service available at all times. However, the service may be subject to unavailability for a variety of factors beyond our control, including but not limited to emergencies; third-party-service failures; or transmission, equipment, or network problems or limitations, interference, or signal strength; and may be interrupted, refused, limited, or curtailed. WaTech is not responsible for data, messages, or pages lost, not delivered, delayed, or misdirected because of interruptions or performance issues with the service, communications services, or networks. WaTech may impose usage or service limits, suspend service, terminate VPN accounts, or block certain kinds of usage in our sole discretion to protect Subscribers or the Service. The accuracy and timeliness of data received is not guaranteed; delays or omissions may occur.

    Export Controls

    This service is subject to all relevant United States export control laws and regulations. WaTech makes no representation that this service is appropriate or available for use in other locations outside the United States. By using this service, You represent and warrant that: (i) you are not listed on the U.S. Commerce Department's Table of Denial Orders, the U.S. Treasury Department's lists of specially designated nationals, or otherwise denied the privilege of participating in transactions involving the export of U.S.-origin products and services; (ii) you are not located in a country that is subject to embargo by the United States (currently Cuba, Iraq, Libya, North Korea, Sudan, Syria, or the Taliban Occupied Part of Afghanistan); (iii) you are not engaged, directly or indirectly, in the design, development, production, stockpiling, or use of nuclear, chemical, or biological weapons or missiles; and (iv) you will not, without prior authorization from the Bureau of Export Administration, (a) knowingly re-export the technical data received from you to any destination or (b) export the direct product of the technical data, directly or indirectly, to a country listed in Country Group D:1 or E:2 in Supplement No. 1 to Part 740 of the Export Administration Regulations (Albania, Armenia, Azerbaijan, Belarus, Bulgaria, Cambodia, Cuba, Estonia, Georgia, Kazakhstan, Kyrgyzstan, Laos, Latvia, Libya, Lithuania, Macau, Moldova, Mongolia, North Korea, People's Republic of China, Romania, Russia, Tajikistan, Turkmenistan, Ukraine, Uzbekistan, or Vietnam).

    Security Disclaimer

    This WaTech service is designed to prevent outsiders from gaining access and will provide an effective method of monitoring and limiting access. However, it may not prevent some instances of an employee from gaining unauthorized access to the Internet or to confidential information stored on the network. WaTech does not and will not accept liability for any losses or damage to Customer's business or data that arise as a result of the service not preventing unauthorized access. The WaTech service does provide a high standard of protection and service, but no system can claim to be completely secure.