VPN Management
Atlas Group provides VPN management services at 30-35% less than market rates due to our open source based infrastructure and automation. Atlas Group’s Integrated Secure Communications System (ISCS) automates VPN functions, security and business rules in complex multi vendor environments.
Atlas Group can provide VPN management services globally and support them with intrusion detector, continuous vulnerability assessment, help desk, desktop management, telco administration and remote access services. We offer a three tiered billing hierarchy, although in electronic form – not on-line. The Nagios based monitoring and notification system is viewable in a Web browser by the client.
There are two VPN options for consideration. First, the Basic Services option is based on the Secure Computing SG300 firewall and meets all standard requirements. Benefits include integrated firewall, router, Ethernet switch functionality, local site Internet egress, dial-up access redundancy and 24 hour automated alarm monitoring and notification. Second, the Enhanced Services option provides for tunnel integrity monitoring, traffic segmentation and routing, advanced security features and self-healing VPN tunnels. An SG580 firewall, capable of supporting 140 tunnels, is typically proposed for the hub site in standalone or redundant mode.
Billing
Atlas Group will provide PDF based electronic billing documents based on a three level hierarchy. A payable invoice will be sent to each local site group. These groups will roll up to regional and then global totals as billing reports. The reports will also identify new, changed or deleted accounts during the billing period. Invoices and reports will be sent on the first of each month for that month’s activities, payable net 30.
Basic Services Option
The SG300 based configuration provides for integrated firewall/ router/ Ethernet switch capabilities at each site but does not provide the Web security features or self-healing that the Enhanced Service provides. The Basic Service offers end-to-end VPN security with parallel “all-or-nothing” local Internet egress. Atlas Group monitors the SG300 and carrier link to determine device and link availability. Outages are automatically dispatched by email or pager to Wolverine IT and/ or to Granite Telecom operations.
The SG300 is a compact, feature-rich network security appliance for small network sites. The on-board 10/100 Ethernet switch enables a small business to implement a LAN quickly and easily, and connect the network to the Internet via broadband (ADSL, cable, SHDSL, etc.) or narrowband (modem or ISDN dial-up) connections. If the broadband connection is lost, the SG300 can failover in seconds to the narrowband connection
Nagios Monitoring
The VPN status is browser-viewable on-line. The element monitoring screen looks like:
The Nagios screens highlight conditions as green, yellow and red depending on severity. Nagios is viewable by the client via a standard Web browser. It offers a large number of standard reports to analyze various flavors of down time, up time and maintenance.
Nagios will automatically dispatch alarms via pager notification and/or emails to Atlas Group or the client.
Enhanced Services Option
Atlas Group provides managed services in 35 countries from data centers in Brunswick, Maine and Dornoch, Scotland. We use Nagios monitoring, Osiris host intrusion detection and Nessus vulnerability scanning. These services are complimented by cross platform Open VPN remote access. The Enhanced Services option includes all the Basic Services features and is based on using an SG560 or SG580 at each site.
Integrated Secure Communications System (ISCS)
Atlas Group sponsors the open source Integrated Secure Communications System (ISCS) project. ISCS provides compartmentalized, multi-layered network security in depth inside the network perimeter. Security is therefore available in a scalable, granular and affordable package. ISCS allows the administrator to replace the hundreds of thousands of order dependent rules required for such an environment with simply tens of order dependent policies based upon business language requirements (e.g. “Give store managers, purchasing and finance access to inventory data”).
Illustration 1: ISCS Policies
Self-Healing Tunnels
The Atlas implementation of the Nagios monitoring platform tracks multiple matrices per VPN link. Atlas' Nagios configuration reveals much more than simply the availability of the gateway and if the tunnel is "up." Atlas can discern if the existing tunnel is able to pass traffic and automatically resynchronize VPN tunnels when they occasionally go out of sync. Consequently, Atlas VPN downtime is typically 30 seconds to two minutes in the case of tunnel de-synchronization rather than 20 to 30 minutes. This implementation utilizes Secure Computing devices or generic Linux devices.