Aggregated Remote Access

Solution Overview

The Aggregated Remote Access offering provides KPSN Partners with a highly available geographically resilient Remote Access service that is fully monitored and can be provided to Partners as a managed service by our Supplier or with delegated administration.
The solution is based on the Juniper Virtualised MAG platform placed at Internet ingress points in the East and West of the county. The Juniper product is the market leader in SSL VPN connectivity, and the version that the KPSN solution provides is the FIPS compliant variant.

The service provides SSL based, clientless remote access, landing Partner’s users into their own internal network. The solution can provide full client access or present just various applications to the users depending on the Partner’s requirements.
The solution is deployed as an aggregated service supporting multiple partners, whereby each Partner receives their own dedicated Virtual MAG appliance.

The virtualisation function allows secure separation of Partner traffic whereby Partners terminate securely, landing within their own internal infrastructure provided by a KPSN VPN. The virtualised function also allows for Partner specific URLs so that each Partner may provide their users with a dedicated Partner personalised URL to attach to.

Appliance Deployment Default Operation
Virtual MAG Per Partner The VPN termination points are deployed within the East and West Internet ingress/egress points. By default each Partner will target the Virtualised VPN termination device from the side of the county they are from, in line with how they are currently set-up for Internet access.

The alternative Virtual device will be used as a back-up in the event of a failure of the Partner’s primary device. The swap over will be either on an ad-hoc basis (changing the URL used, or in the event of a major outage by a change of the DNS entry, all of which is hosted on the KPSN external DNS servers.

Service Levels

Service Deliverables Minimum service availability: 99.99%.
Service Hours 24/7/365 (366 days in each leap year).

Additional Details

Bespoke Requirements The Partner will be required to provide assistance ahead of the service deployment by providing assistance with the following:

  • Defining the User Role and Resource profiles to allow users’ access to the appropriate internal resources via SSL.
  • Defining resources to be made available within profiles, this can include direct web links, or remote use of defined applications using WSAM (Windows Secure Application Manager) or defined network resources using direct IP access utilising Network Connect.
  • Defining configuration of endpoint defence using Host Checker functionality to demonstrate feature availability.
  • Defining Sign-in-Policy and customisable sign-in page with Partner logos.

Any additional bespoke requirements should be highlighted by the Partner at the point of requesting a quotation and may incur additional charges.

Service Hours 24/7/365 (366 days in each leap year).
Minimum Catalogue Service Term One Year.
Applicable Cease Charges The minimum term for this service is one year. A three month notice period is applicable for ceasing this service after the one year minimum contract term.

This service is billed centrally to KPSN and, therefore, KPSN set the price on a per Partner basis.
If you would like to find out more about this or any other services please contact us.
A PDF version of this information can be downloaded here.