Verizon private network service provides for access to the State network via the Verizon cellular network. Users with Verizon air cards are connected by Verizon directly to the Verizon services router on the State network and have access to the internet and web-based services. Agencies can also request firewall rules to allow additional access to internal State resources. All traffic is encrypted between the air card and the Verizon services router. There is no additional charge for Verizon private network service beyond the cost of cellular service.

The hours of support required for Verizon private network service are listed below.

Product Features and Descriptions

Secure Connection

Verizon private network service establishes a virtual private network (VPN) that enables remote users to communicate confidentially over a public network (i.e., from public internet connections).

Data Encryption

User credentials and all data traffic are encrypted in compliance with Internet Protocol security (IPSec) standards.

Verizon Management Portal

Agencies will be given access to the Verizon management portal, with the ability to add or remove users from the service.

Features Not Included

Access to Verizon cellular network

For Verizon private network service, users must have a device equipped with an air card with access to the Verizon cellular network.

Ordering and Provisioning

To order the Verizon private network service product, please refer to the product request form on the DTS web site. At the bottom of the form, there is an option to “Add New Group” or “Add User to Existing Group” (see following image). Orders to “Add New Group” require approval of the requesting agency’s IT director, but orders to “Add User to Existing Group” do not.

DTS Responsibilities

• DTS will deliver the product described in this product description.
• DTS will provide instructions for product use.
• DTS will operate and maintain adaptive security appliances (ASAs).
• To ensure the security of State information technology resources, DTS may block telecommuters’ access to the State Network when troubleshooting security intrusions.
• DTS will enforce the Information Security Policy, and the Acceptable Use of Information Technology Resources Policy.
• DTS will work with Verizon to establish agency groups for Verizon private network service.
• DTS will work with individual or agency requesting the product (i.e., the customer) to configure user access to the desired State services and systems.

Agency Responsibilities

• Customers will adhere to their agency’s policies and procedures in submitting online orders that have been properly approved.
• Customers will obtain a Verizon-compatible air card or other device from their device manufacturer and a Verizon cellular connection from Verizon.
• Non-State employee customers must be sponsored by a State of Utah agency.
• Agencies are responsible for controlling access to their Verizon Private Network group, including adding and removing users.
• Agencies will work with DTS to configure user access to the desired State services and systems.

System Requirements

Users must have a supported Verizon air card.

DTS Service Levels and Metrics

In an effort to improve service to our customer agencies, DTS will measure and report on the following enterprise metric goals:

• Application Availability
• Resolution Time
• Initial Response
• First Contact Resolution
• Customer Satisfaction Surveys and Reporting

Application Availability

Application availability measures DTS’s efforts to ensure that agency key business applications meet the percentage of availability goals identified in each agency’s service level agreement. DTS will determine application availability based upon the collective measurement of the configuration items (both hardware and software) that are required in order to support the agency business services applications. These metrics will be reported each month, by agency, and will be presented in a cumulative report showing DTS’s efforts over several months. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php.

Resolution Time

Resolution time measures DTS’s efforts to resolve customer incidents within the timelines set below based on urgent, high, medium, and low priorities. These metrics will be reported each month, by agency, and will be presented in a cumulative report showing DTS’s efforts over several months. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php.

Initial Response

Initial response measures DTS’s efforts to respond to customer incidents within the timelines set below based on urgent, high, medium, and low priorities. These metrics will be reported each month, by agency, and will be presented in a cumulative report showing DTS’s efforts over several months. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php.  

First Contact Resolution

First contact resolution measures DTS’s efforts to resolve customer incidents on a customer’s initial contact with either our help desk or a technical specialist. These metrics will be reported each month, by agency, and will be presented in a cumulative report showing DTS’s efforts over several months. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php.

Customer Satisfaction Surveys and Reporting

All users/customers whose technical incidents are resolved by DTS staff will be given the opportunity to respond to an online survey regarding their level of satisfaction with the support received from DTS. Responding to the survey is voluntary.

The chart below identifies DTS enterprise goals for customer satisfaction. Cumulative monthly reports will be created displaying the level of customer satisfaction with DTS support. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php.

The Department of Technology Services provides web URL filtering on the State’s Network. The Web URL Filter will restrict, monitor and log Internet usage of users on the State of Utah Network. The Web URL Filter assigns web sites to one of a number of predefined categories. Categories which are being blocked across all State of Utah networks are defined in the Enterprise Web Filter Policy 5000-0004. The restricted categories are subject to review and may be changed at any time. Exceptions may be granted upon request, based upon work requirements.

Support

• Web Filtering support and metrics will be based on the business support hours and the days of the week identified in this product description.  

Features Included

Palo Alto

• URL Filtering
• Blocking websites based on categorization of URL
• Category Based
• Enterprise Wide
• Exceptions Handled with AD for the UTAH Domain
• Enforcement of AD exception groups

Active Directory

• Identify Users
• Groups identify what a user can do based on membership to group
• Enforcement handled by Palo Alto

Exceptions

• Exceptions are granted on per user based on business requirements.
• Exceptions require approval by users manager and DTS Enterprise Information Security Office (EISO).

Features Not Included

Content Filtering

• Content Filtering is not provided by Web URL Filtering.

Custom Categories Per Agency

• The Web URL filter will use only the categories that will be used enterprise wide. A custom category is to create a defined category to meet the needs of the Enterprise, such as, Always Allow or Always Block.   This is needed when a state web site is categorized in a blocked category that the vendor will not re-categorized due to page content.  To request URL re-categorization, see Agency Responsibilities below.

Ordering and Provisioning

• Web URL Filtering is not a product that needs to be ordered. Web URL filtering is provided on all state networks.

• Exceptions are requested by having the user’s manager submit an email to webfiltering@utah.gov with justification. More information can be found in the DTS Web URL Standard and Process.

DTS Responsibilities

• DTS is responsible for providing Web URL filtering across the State’s Networks. Web URL filtering is provided by evaluating web URL’s and placing the URL into predefined categories. The restricted categories are subject to review and may be changed at any time.
• The EISO maintains a list of approved exceptions for users.

Agency Responsibilities

• Agency Management may request to have a website added or removed from a category (on the grounds that the website is incorrectly categorized, or website should be open to all customers) requires approval from the filtering vendor.
• Agency Management may also request to exempt an Agency employee from being blocked from a filtered category (customer has business reason for accessing website), requires approval from EISO.

Rates and Billing

• N/A

General Service Level and Metrics

• All technical incidents and service requests, and certain types of orders, related to products and services provided by DTS will be reported to the DTS Enterprise Service Desk or to specialized Help Desks that support State agencies or DTS divisions and regions.  All incidents and requests will be captured in the DTS Help Desk application. DTS staff will provide timely acknowledgement and resolution of technical incidents and service requests.

• DTS support staff, including staff directly assigned to the DTS Enterprise Service Desk, will exert all reasonable efforts to meet the Time to Initial Response (TIR) and Total Time to Resolution (TTR) targets set forth below.

• The DTS Enterprise Service Desk is accessible 24×7 by telephone at 801-538-3440 or 800-678-3440. Live chat and direct user reporting of incidents are also available on the DTS website at dts.utah.gov. Published “Business Hours” for the DTS Service Desk are 8:00 AM-5:00 PM, Monday-Friday. Hours of support/on-call coverage vary by agency/division/region and product.

Incident Response and Resolution Targets

Customer Satisfaction Surveys and Reporting

All users/customers whose technical incidents are resolved by DTS staff will be given the opportunity to respond to an on-line survey regarding their level of satisfaction with the support received from DTS. Responding to the survey is voluntary.

Periodic reports will be created showing the level of satisfaction with resolution of incidents by specific support groups and the level of satisfaction of users by agency.

Customer Satisfaction Targets

The Department of Technology Services (DTS) operates a Wide Area Network (WAN) for all State of Utah Executive Branch agencies. DTS also provides WAN services for other State and non-State government entities (cities and counties). The State WAN provides gateway services to the public Internet and functions as a private fault tolerant network, connecting facilities in geographic locations statewide.

DTS will place and install all hardware, software, and facilities necessary to connect a non-State agency to the State WAN. Network Services include IP addressing, Domain Name System (DNS), Internet access, Web content filtering, security products (firewalls), virtual private network (VPN) termination and intrusion prevention systems (IPS), and the necessary tools and staff to support these services. Services are provided in a bundled product offering (see product features below).

DTS operates on a cost recovery basis and is therefore unable to quote one price that applies to all potential customers. Variables such as geographic location and transport requirements affect customer connectivity costs; connectivity costs are different for every customer.

Product Features and Descriptions

Wide Area Network

High availability to multiple locations.

Fault tolerant network with redundant paths from data centers to geographic hubs; these diverse paths are provided by the DTS network microwave services.

Specific infrastructure information may be obtained from the DTS Communications Planning Group.

General Functions and Duties

This product provides for network consulting, planning, and engineering. Services include the deployment of network products, operational support of network products, network tuning, and network diagramming; however, services do not include the acquisition or maintenance cost of other network based multi-media products.

Connection

Network utilization monitoring and bandwidth management.

Last mile connection from remote facilities to geographic hubs.

Wide Area Network Security

Firewall services between the Internet and the State WAN.

Backbone intrusion monitoring and management.

Access Control Lists (ACLs) for local LAN segments, where technically feasible. Note: Logging ACLs on router access lists is not provided to customers.

Packet screening to prevent IP spoofing from external networks.

IP Addressing

Manage address blocks.

Manage subnets, VLANs, and public/private IP assignments.

DNS Service

Manage host, MX, alias, and PTR records.

Host newly registered DNS domains and manage DNS records.

Delegate sub-domains per agency request.

Manage changes to DNS entries.

Provide instructions for registering new DNS names.

Internet Access

Content filtering, which blocks inappropriate or unauthorized access.

Redundant access paths.

Customer-specific filtering is available on request and requires customer identification through the State authoritative directory: UtahID. To request UtahID access, please use the following URL: http://login2.utah.gov/user  (select: register here).

VPN Sessions

DTS will provide secure VPN access into the State network from the Internet; pre-authorization is required. See VPN product information.

Network Operations and Monitoring

DTS Network Operations is a 24×7 service. Customers may contact the DTS Customer Service Center to report network problems by calling 801-538-3440 or 800-678-3440.

Other Features

Enterprise Security

Enterprise Security services are available upon request. Please refer to Enterprise Services on the DTS web site.

Features Not Included

Agency-Specific Solutions

DTS will assess and engineer appropriate network bandwidth by working with agency requirements.

DTS can provide unique WAN services, at an additional negotiated cost, if it is beyond a reasonable expectation.

Acquisition and/or maintenance costs of network based multi-media products (see Product Features: General Functions and Duties).

ACL logging is not provided to customers (see Product Features: WAN Security).

Email

Google provides state email enterprise services for Executive Branch agencies. Non-state entities may take advantage of the State contract and be supported directly by the provider.

Ordering and Provisioning

To inquire or order WAN services, please contact the DTS Customer Service Center by calling 801-538-3440 or 800-678-3440.

DTS Responsibilities

• Provide network maintenance to the customer’s demarcation point.
• Coordinate and notify customers of planned maintenance and outages.
• Assess and engineer appropriate network bandwidth by working with the customer’s business requirements.
• Maintain the integrity and security of the State WAN and Local Area Networks by shutting down ports that have been penetrated, or otherwise violate network security policies.
• Conduct periodic device count audits, in accordance with the network device definition and published guidelines.
• Conduct periodic Special Billing Agreement audits and update agreements as applicable.

Customer Responsibilities

• Contact the DTS Customer Service Center to report network problems by calling 801-538-3440 or 800-678-3440.
• Comply with State acceptable use policies: http://www.rules.utah.gov/publicat/code/r895/r895-007.htm.
• Provide DTS router access lists.
• Consult the assigned Network Planner when planning facility moves.
• Pay for equipment installed by DTS and the replacement costs of any equipment that becomes obsolete. The equipment will remain under the ownership and management of DTS.
• Notify the assigned Network Planner when planning to deploy applications that might affect network traffic.
• Provide adequate space, power, cooling, etc. for State network equipment at each customer facility.
• Provide physical security in facility locations that house State network equipment.
• Provide the DTS assigned Network Planner a local contact at each facility that is capable of assisting with troubleshooting the customer’s WAN connection.
• Comply with State security policies and standards; and adhere to additional network policies and standards as drafted and approved by DTS (see: DTS Policies and Procedures).
• Adhere to State Acceptable Use Policy: http://www.rules.utah.gov/publicat/code/r895/r895-007.htm.
• Prohibit open “rogue” Access Points in the network.
• Coordinate extended network services to additional facilities with DTS WAN Planner.

The Department of Technology Services (DTS) operates a State Wide Area Network (WAN) as well as the State Local Area Networks (LAN) for all State of Utah Executive Branch agencies. DTS also provides WAN services for State and other government agencies with enterprise-wide, intra-state network services.

The State WAN provides gateway services to the public Internet and functions as a private fault tolerant network, connecting facilities in geographic locations statewide.

In FY2009, WAN and LAN services merged into Network Services, delivering jack-to-jack connectivity to agency customers, using a single rate.

Network Services include IP addressing, Domain Name System (DNS), primary domain email service, Internet access, web content filtering, security products such as firewalls, VPN termination and intrusion prevention systems (IPS), and the necessary tools and staff to support these services. Network Services will provide limited wireless connectivity for agencies (see the Wireless Services description in the following sections).

Features and Descriptions

Wide Area Network

• High availability to multiple locations.
• Fault tolerant network with redundant paths from data centers to geographic hubs; these diverse paths are provided by the DTS network microwave services.

Local Area Network

Consistent connectivity from all end-points using best practices.

General Functions and Duties

This product provides for network consulting, planning and engineering. Services include the deployment of network products, operational support of network products, network tuning, and network diagramming; however, services do not include the acquisition or maintenance cost of other network based multi-media products.

Connection

• Network utilization monitoring and bandwidth management.
• Last mile connection from remote facilities to geographic hubs.
• Ethernet service connectivity to the Intermediate Distribution Frame (IDF) except where Local Area Support is provided.
• Connections at campus sites, designed on a case-by-case basis to provide the most appropriate service that meets campus customers’ needs.

Analog Connection

Once sites are converted to VOIP, any analog equipment, licensing or connections will be the responsibility of the agency.

Device

• A network device is any object that transmits information across any portion of the state owned network, including wireless devices.
• State employees paying the monthly network service fee for desktop or laptop purposes may use a mobile device, such as an iPad, without incurring additional network fees (mobile device support fee is applicable); however, employees may not avoid the network service fee by opting for a mobile device only or by “Bringing Your Own Device”(BYOD)—the approved network service fee is applicable in these scenarios.
• Devices supporting the network infrastructure are excluded.

Security

• Firewall services between the Internet and the state WAN.
• Backbone intrusion monitoring and management.
• Access Control Lists (ACLs) for local LAN segments, where technically feasible.
• Note: Logging on router access lists is not provided to customers.
• Packet screening to prevent IP spoofing from external networks.

IP Addressing

• Manage address blocks.
• Manage subnets, VLANs and public/private IP assignments.

DNS Service

• Manage host, MX, alias and PTR records.
• Host newly registered DNS domains and manage DNS records.
• Delegate sub-domains per agency request.
• Manage changes to DNS entries.
• Provide instructions for registering new DNS names.

Email Services

Services provided via Google.

Internet Access

• Content filtering and block inappropriate or unauthorized access.
• Customer-specific filtering is available, on request.

VPN Sessions

DTS will provide secure VPN access into the state network from the Internet; pre-authorization is required.

Wireless Services

Effective Nov. 1, 2017, DTS will provide the following wireless services. For small office buildings (under 30 employees), DTS will provide up to four (4) access points for wireless coverage.  For medium size buildings containing more than 30 and up to approximately 100 employees, DTS will provide up to 12 wireless access points. For large buildings containing over 100 employees, DTS will provide up to 20 wireless access points.  For multi-agency buildings, wireless access points will be assigned proportionately per number of employees each agency has in the building.

DTS reserves the right to determine the optimal number of wireless access points to install within the recommended standards. Agencies will not automatically qualify for the maximum amount.

Requests for additional wireless access points beyond the standard will require a business justification and will be reviewed on a case-by-case basis.

Requests for all wireless installations should be completed via the online form on DTS’ website. Requests for exceptions outside of the standard offering above can be submitted via the same form. (With the justification for non-standard exception filled in).

For those agencies wishing to purchase additional access points, beyond the standard, a request can be made via the same online form with the authorization for additional charges completed.*

*Charges for additional access points, beyond the standard, will be billed via an SBA and will include:

• The cost of the Access point(s).
• Any additional hardware and wiring required to accommodate those access     points.
• Yearly maintenance cost.
• Replacement cost.  (At 5 years or at the request of the customer).
• Associated labor for installations and replacements.

Features Not Included

Additional Firewalls or Security

DTS can help evaluate and develop a solution for additional security requirements that may require an additional negotiated cost or be dependent on available funding.

Cabling

For local area support, this product does not include the cost of supplying, installing, or upgrading the agency’s infrastructure cabling.

Wiring and Cable Design

A DTS wiring specialist will review customer requests and will engineer a solution or plan using the latest technology in accordance with code, and industry best standards and practices. Services based on available resources. See DTS Consulting Rate below under Rates and Billing.

VoIP Conversion High-Level Wiring Guidelines

• Cat 6a, 6
  • DTS will not ask for any re-wiring for VOIP unless remedial action is required.
• Cat 5e
  • DTS will not ask for any re-wiring for VOIP unless remedial action or potential load issues exist.
  • DTS may need to do performance testing if load or environmental issues are possible
• Cat 5
  • DTS will do performance testing whenever possible.
  • DTS will make recommendations based on performance testing.
• Cat 3
  • DTS will ask for re-wiring.

Agency-Specific Solutions

• DTS will assess and engineer appropriate network bandwidth by working with agency requirements.
• DTS can provide unique WAN or LAN connections, at an additional negotiated cost if it is beyond a reasonable expectation.

Router Access List Logging

DTS can help agencies design a logging server solution.

Telecommuter Access

DTS offers VPN and other telecommuter products for remote access to the WAN.

DTS Responsibilities

• Provide jack-to-jack network maintenance; however, facility cabling is the responsibility of the agency.
• Coordinate customer notification of planned maintenance and outages.
• Assess and engineer appropriate network bandwidth by working with agency business requirements.
• Provide network service in an efficient and economical manner—to include using bandwidth monitoring statistics to justify enhancements.
• Maintain the integrity and security of the State WAN and Local Area Networks by shutting down ports that have been penetrated, or otherwise violate network security policies.
• Conduct periodic device count audits, in accordance with the network device definition and published guidelines.
• Conduct periodic Special Billing Agreement (SBA) audits and updating agreements as applicable.
• Network Solutions Engineer and technical support staff must document the firewall configurations so that agencies that need access to applications have access—i.e., enabling state interoperability.

Agency Responsibilities

• Comply with the state Acceptable Use Policy: https://dts.utah.gov/policies/documents/1000-0003acceptableuse.pdf
• Provide security requirements.
• Consult assigned Network Solutions Engineer when planning facility moves.
• Notify assigned Network Solutions Engineer when planning to deploy applications that might affect network traffic.
• Provide adequate space, power, cooling, etc. for state network equipment at each agency facility.
• Provide physical security in facility locations that house state network equipment.
• DTS customers should provide the assigned Network Solutions Engineer a local contact at each facility that is capable of assisting with troubleshooting customer concerns; this is often a DTS employee.
• Comply with state security policies.
• Agencies are responsible for reviewing their Network Bill from DTS in a timely manner for accuracy.

General Service Levels and Metrics

All technical incidents and service requests, and certain types of orders, related to products and services provided by DTS will be reported to the DTS Enterprise Service Desk or to specialized Help Desks that support State agencies or DTS divisions and regions. All incidents and requests will be captured in the DTS ServiceNow application. DTS staff will provide timely acknowledgement and resolution of technical incidents and service requests.

DTS support staff, including staff directly assigned to the DTS Enterprise Service Desk, will exert all reasonable efforts to meet the Time to Initial Response (TIR) and Total Time to Resolution (TTR) targets set forth below.

The DTS Enterprise Service Desk is accessible 24×7 by telephone at 801-538-3440 or 800-678-3440. Live chat and direct user reporting of incidents are also available on the DTS website at dts.utah.gov. Published “Business Hours” for the DTS Service Desk are 7:00 AM-6:00 PM, Monday-Friday. Hours of support/on-call coverage vary by agency/division/region and product.

Customer Satisfaction Surveys and Reporting

All users/customers whose technical incidents are resolved by DTS staff will be given the opportunity to respond to an on-line survey regarding their level of satisfaction with the support received from DTS. Responding to the survey is voluntary.

Periodic reports will be created showing the level of satisfaction with resolution of incidents by specific support groups and the level of satisfaction of users by agency.

A Virtual Private Network (VPN) enables remote users to communicate confidentially over a public network (i.e., between a public Internet connection and the State of Utah network).

Note: You can read the related DTS Remote Access VPN Procedure at the end of this product description.

DTS provides two methods for State employees to connect to the state network:

• VPN: VPN provides a convenient solution for State employees who occasionally work off-site, and, for those who access state IT resources from public facilities or kiosks. This option also provides temporary access to restricted State applications for vendors or contractors. VPN uses SSL (Secure Sockets Layer) to secure traffic between a remote computer and restricted State IT resources.
• VPN Client: VPN provides a robust solution for power users who work off-site on a regular basis. It provides the same level of access to State IT resources as if the users were connected at their offices. The VPN Client is desktop software that secures traffic between a remote computer and restricted State IT resources—all data traffic is encrypted.

The hours of support required for Remote Access VPN are listed below.

Product Features and Descriptions

Secure Connection

Remote Access VPN establishes a virtual private network (VPN) that enables remote users to communicate confidentially over a public network—i.e., from public Internet connections.

Data Encryption

User credentials and all data traffic are encrypted via SSL/TLS.

User Authentication

• Users are allowed access to restricted state IT resources only if they can verify identification at login.
• Unauthorized users are not permitted access.

Authentication Directory

• Each user is authenticated to UtahID.
• DTS maintains UtahID.

Palo Alto

Palo Alto Appliances provide redundant, scalable network devices that perform end-point security for remote-user configurations. DTS operates and maintains the infrastructure.

Two Factor

Two-factor authentication is enabled by default on all user VPN groups.

Solution for Infrequent or Temporary Off-site Users

• Authorized access to restricted State IT resources for State employees who occasionally work off-site.
• Temporary authorized access to restricted State applications for vendors, contractors, and other State business partners.

Features Not Included

Remote Access Connection

The customer must have a remote access connection—e.g., commercial DSL, cable modem service, public kiosk service, etc.

Internet Service

The user must have Internet service on his or her remote access connection.

Two Factor Support

The two factor infrastructure support and maintenance falls under DTS Identity and Access Management

Non-State Equipment

Support for non-state (i.e. personal equipment).

Ordering and Provisioning

To order the Remote Access VPN product, or to request a new VPN group, select the Order VPN Access or Request New VPN Group buttons at the top right of this page.

Note: CenturyLink FTTN and Independent Telcos providing DSL require VPN services.

DTS Responsibilities

• DTS will deliver the product described in this product description.
• DTS will provide instructions for product use.
• DTS will operate and maintain Palo Alto Appliances
• To ensure the security of State information technology resources, DTS may block telecommuters’ access to the State Network when troubleshooting security intrusions.
• DTS will enforce the VPN, State Information Security and Appropriate Use policies.
• VPN Client: DTS will provide instructions for installing and configuring the VPN Client software.

Agency Responsibilities

• The customer will adhere to their agency’s policies and procedures in submitting online orders that have been properly approved.
• The customer will obtain a remote access connection—e.g., commercial DSL or cable modem.
• The customer must have a UtahID account.
• Non-state employee customers must be sponsored by a State of Utah agency.*

*Note: Non-state employee customers will be sent the directions by the DTS help desk on how to install VPN.

Web VPN

• The customer’s Web browser must support SSL.

VPN Client

• The desktop support technician assigned to the customer’s agency will set up the customer’s computer with software required to access the agency LAN and other business software required by the VPN user.
• The desktop support technician assigned to the customer’s agency will assist the customer with installing and configuring the VPN Client software as requested.
• VPN customers will comply with the State Acceptable Use Policy, the State Information Security Policy, and the VPN Policy. Non-state assets must be approved by authorized agency and security personnel.

System Requirements

• Desktop client supported include 
  • Windows 10, 
  • Apple macOS 10.11 or higher.
• Mobile devices supported include:
  • Google Android 5.x or higher 
  • Apple iPadOS 10 (64-bit devices only) 
  • Apple iPhone iOS 10 or higher (64-bit devices only)
• Web browsers must be SSL/TLS compliant.

DTS Service Levels and Metrics

In an effort to improve service to our customer agencies, DTS will measure and report on the following enterprise metric goals:

• Application Availability
• Resolution Time
• Initial Response
• First Contact Resolution 
• Customer Satisfaction Surveys and Reporting

Application Availability

Application availability measures DTS’s efforts to ensure that agency key business applications meet the percentage of availability goals identified in each agency’s service level agreement. DTS will determine application availability based upon the collective measurement of the configuration items (both hardware and software) that are required in order to support the agency business services applications. These metrics will be reported each month, by agency, and will be presented in a cumulative report showing DTS’s efforts over several months. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php. 

Table Note: *Times exclude those tickets in a “Pending” status waiting for a known bug fix.

Resolution Time

Resolution time measures DTS’s efforts to resolve customer incidents within the timelines set below based on urgent, high, medium, and low priorities. These metrics will be reported each month, by agency, and will be presented in a cumulative report showing DTS’s efforts over several months. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php. 

Initial Response

Initial response measures DTS’s efforts to respond to customer incidents within the timelines set below based on urgent, high, medium, and low priorities. These metrics will be reported each month, by agency, and will be presented in a cumulative report showing DTS’s efforts over several months. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php.  

First Contact Resolution

First contact resolution measures DTS’s efforts to resolve customer incidents on a customer’s initial contact with either our help desk or a technical specialist. These metrics will be reported each month, by agency, and will be presented in a cumulative report showing DTS’s efforts over several months. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php. 

Customer Satisfaction Surveys and Reporting 

All users/customers whose technical incidents are resolved by DTS staff will be given the opportunity to respond to an online survey regarding their level of satisfaction with the support received from DTS. Responding to the survey is voluntary. 

The chart below identifies DTS enterprise goals for customer satisfaction. Cumulative monthly reports will be created displaying the level of customer satisfaction with DTS support. These reports will then be posted on the DTS Metrics Web page at https://dts.utah.gov/metrics/index.php. 

Remote Access VPN Request Procedure

Purpose

This procedure describes how users can submit requests for virtual private network (VPN) access.

Scope

This procedure applies to all State of Utah VPN users.

Procedure

Users can submit VPN requests from the DTS website by going to the Remote Access VPN product description and selecting Order VPN Access.

Users can also access the Remote Access Request Form directly using the attached link or through ServiceNow by going to the Service Catalog, selecting HelpDesk, and then selecting Remote Access Request.

After selecting Remote Access Request, the submitter’s information will be autopopulated from the Requested for field. You can also search for a different user in this field.

The user should then select VPN from the Remote Request Type field, fill in the Justification field, and complete the other required fields.

Note: A user can request remote access for more than one user by:

• selecting the Remote access is needed for more than one user checkbox, as shown in the following image; and
• attaching to the Remote Access Request Form a csv list (using the linked template) that includes the following information for each user who requires remote access:
  • email address, and
  • VPN group name (without the VPN prefix).

To request VPN remote access, a requester must have a UtahID account with access to the state’s network. (If the requester does not have a network login already established, the requester should first submit an Agency Employee Access Request Form before submitting a remote access request. The Agency Employee Access Request Form can be accessed directly using the attached link or through ServiceNow by going to the Service Catalog, selecting Agency Requests, and then selecting Agency Employee Access Request. The Agency Employee Access Request Form can also be used for contractors.) When the requester’s account is ready, a VPN request can then be submitted.

Information Not Specified

If a user has no company, is not a State employee, or has no division, or if no approver has been specified for the user’s agency, ServiceNow checks for approval governance. The approval governance is a system that allows approvals to be customized by agency and division. If ServiceNow can’t find approvers, it will generate a task for the Enterprise Security Team to approve the request or designate an approver for the agency’s division.

Once the request is formally submitted, an automated email (as shown below) will be sent to the approver requesting VPN approval.

To approve, the approver should click on the blue text: Click here to approve RITM #

To reject, the approver should click on the blue text: Click here to reject RITM # 

Example VPN Request Email

Utah Department of Technology Services Service Desk Notification
Remote Access Requested for: Cheri Oldham
Short Description: Remote Access is being Requested
Priority: 4 – Low
Category:

Summary of Change request:
Request Type = HR Request
Requested for = Cheri Oldham
Company = Dept of Technology Services
Department = 2762
Division = DTS OPERATIONS 2700
Phone = (801) 538-3440
Alternate Phone =
Alternate Approver =
Which Agency is responsible for this Request? =
Location = CENTRAL UTAH CORRECTIONAL FACILITY
Street = 255 E 300 N
City = GUNNISON
Manager = Scott Moffitt
Manager’s Phone = 4356342129
Action = Add/Change Access
Remote Request Type = VPN
Which Group should the Requester be in, or which person should they be setup like? = general
Remote access is needed for more than one user. = false
Which Agency or Entity is making this request. = Dept of Technology Services
Pick a Division (if applicable) =
Justification =
Comments =

Click here to approve RITM0114737
Click here to reject RITM0114737

Click here to view Approval Request: LINK
Click here to view Requested Item: LINK

Having trouble? Get help at dts.utah.gov or contact your Help Desk at 801-538-3440.

Manage Preferences

Ref:MSG14845392

Once approval has been granted, ServiceNow will create a new task for your help desk to fulfill the VPN access. After your help desk grants access, an email will be sent by the help desk to the individual listed in the Requested for field of the Remote Access Request Form with instructions for installing VPN. The task can then be closed and the request is completed.

LAN-to-LAN VPN provides a secure and encrypted network connection for business transactions conducted between users and systems on one LAN to users, systems, and applications located on another LAN.

LAN-to-LAN VPN is a service for State agencies that need secure and encrypted access to business applications located on another network—e.g., a federal agency application or an application on another State agency’s subnet.

LAN-to-LAN VPN service provides agency LAN administrators or security staff the ability to dedicate long-term access to specific restricted services for a group of users—e.g., a business to business Extranet.

LAN-to-LAN VPN Product Features

Secure Business to Business Transactions

Dedicated long-term access for a group of users (or servers) on one LAN to specific restricted services located on another LAN.

Secure Connection

A Virtual Private Network (VPN) between two LANs internal or external to the state Wide Area Network.

Configuration

DTS staff work personally with the LAN Administrator assigned to an agency to configure the LAN-to-LAN VPN to meet specific business requirements.

ASA

Adaptive Security Appliances (ASAs) provide redundant, scalable network devices that perform end-point security for LAN to LAN configurations. DTS operates and maintains the ASAs.

Product Benefits

Security:

Many State agency businesses require access to applications maintained by other organizations located on external networks or subnets. Those organizations often require secure access to their network to reduce risk to their IT resources. LAN-to-LAN VPN configures a secure gateway to those business applications.

Ease of use:

Once the LAN-to-LAN VPN is set up, users don’t have to do anything—the service is transparent.

Business effectiveness:

State agencies can conduct requisite business transactions on other agencies’ or businesses’ secure networks.

Ordering and Provisioning

To order the Remote Access VPN product, please refer to the product request form on the  DTS web site.

DTS Responsibilities

• DTS will work with the customer or the LAN Administrator assigned to the customer agency to obtain the parameters required to set up and test the requested LAN-to-LAN VPN.
• DTS will provide instructions for product use.
• DTS will operate and maintain Adaptive Security Appliance (ASA).
• To ensure the security of State information technology resources, DTS may block access to any State network node when trouble-shooting security intrusions.
• DTS will enforce State Information Security, and Appropriate Use policies.

Agency Responsibilities

• The customer will adhere to their Agency’s policies and procedures in submitting orders that have been properly approved.
• The customer agency will submit LAN-to-LAN VPN request to DTS through the DTS website.
• Customer will complete the online request form including: Customer Contact information; IP Addresses; Internet Key Exchanges (IKE) and Internet Protocol Security (IPSEC) information.
• The customer or the LAN Administrator assigned to the customer’s agency will work with DTS Network Operations to provide network parameters required to set up and test the requested LAN-to-LAN VPN.
• The customer or the LAN Administrator assigned to the customer’s agency will support the end-users’ access to the business-related application or network on the far end of the LAN-to-LAN VPN.
• Customers will comply with the State Acceptable Use Policy, the State Information Security Policy.

System Requirements

End nodes must be IPSEC devices.