Iomega® OfficeScreen® FAQ's

OFFICESCREEN FIREWALL AND VPN SERVICES

VPN

FIREWALL

OFFICESCREEN FW/IPSEC VPN SERVICES

JUNIPER® NETWORKING HARDWARE

OPTIONAL SERVICES

WIRELESS

VOIP

SUPPORT

OFFICESCREEN EMAIL SECURITY SERVICES

^ Back to top

WHAT IS OFFICESCREEN?

A managed security engineering process built on two decades of experience with multiple technologies and specialization in only the finest. Our engineering expertise and close partnership with industry leaders such as Postini®, Juniper® Networks, and SurfControl® allow us to offer Fortune 500 managed security at a small and medium-sized business' budget.

WHAT SERVICES DO YOU OFFER?

OfficeScreen Firewall and IPsec VPN Services offer managed firewall protection and site-to-sire connectivity for data security and increased productivity. OfficeScreen Email and IM Security, Message Archiving and Email Encryption services offer protection against email and IM-borne threats, plus compliance with industry and federal regulations.

OFFICESCREEN FIREWALL AND VPN SERVICES

WHAT'S DIFFERENT ABOUT OFFICESCREEN FIREWALL/VPN MANAGED SERVICES?

Experience - OfficeScreen is backed by over 20 years of wide area network and local area network integration experience. This experience is passed on to the customer in the form of proactive managed services that adapt to the changing security environment. Experience matters.

Specialization - OfficeScreen is expert engineering applied to industry leading hardware and security solutions designed in collaboration with Juniper and SurfControl. We use these manufacturers exclusively and wield extensive engineering expertise and deep technical ability through specialization on only the best. OfficeScreen engineers know how to make the hardware perform to its peak while offering tailored configurations built around customer business requirements attained during pre-sales consultation.

Engineering - Our engineers are trained and certified by Juniper Networks on all Firewall/VPN appliances. OfficeScreen engineers possess deep knowledge on the remote management and troubleshooting of these appliances and back that with monitoring and overnight replacement of pre-configured hardware. Working closely with Juniper engineers enables us to provide customers with highly skilled support and management.

Pre-Sales Support - Getting the configuration right requires strong pre-sales support before you ever sign the contract. During the pre-sales phases OfficeScreen engineers document customer technical requirements and offer managed options to meet those needs. Proper diagnosis of current customer applications and network environment is a requirement for delivering a smooth installation or wide area network technology swap.

Post-Sales Support - OfficeScreen is a process built around proactive security engineering services on Juniper/NetScreen appliances. OfficeScreen becomes the customer's primary point of contact for all things network security related.

^ Back to top

VPN

WHY DO I NEED A VPN?

To securely connect remote offices and users to business resources such as files, applications, printers, literally any device with an Ethernet port.

VPNs allow you to securely connect multiple offices affordably using standard Internet circuits (T-1, DSL, Cable, Wireless, MPLS, etc). VPNs basically encrypt all your traffic between locations while making the remote offices appear to be on the local area network. Administrators can support remote users more effectively and remote offices can access files, email and applications easily without learning new software or technology.

If you have two or more offices, you can connect their local area networks and create a seamless wide area network in order to increase efficiency and productivity. A VPN is a cost-effective solution for achieving secure site-to-site connectivity. It is cost-effective because it allows you to use a public network for this purpose (vs. leasing private lines). It is secure because it uses encryption to protect the data.

ARE THERE DIFFERENT LEVELS OF ENCRYPTION AVAILABLE WITH THE OFFICESCREEN® VPN SOLUTIONS?

Yes. Two options are available for site to site VPN encryption: 3DES or AES; these are two of the strongest encryption levels commercially available.

HOW MANY OFFICES CAN YOUR VPN SOLUTIONS SUPPORT?

Our OfficeScreen FW/IPsec VPN solution bundles are designed to fit small/mid-sized offices of five to 75 users and larger 'head-end' offices of up to 500 employees. Add locations as necessary by adding an internet circuit and an OfficeScreen bundle at each site. i.e. LA(HQ-70 users), SF(25 users), NYC(21 users), SD(7 users), UK(7 users) would be quoted:

OfficeScreen 50 X 1(HQ), OfficeScreen 25 X 2(SF, NYC), OfficeScreen 10 X 2(SD, UK)

WHAT IF I ADD OFFICES OR USERS IN THE FUTURE?

Our solutions are field upgradeable for functionality updates and 10 to unlimited user upgrades. Addition of new users and offices is done easily by placing a call to our service center in advance of Internet circuit turn up. If you need to increase hardware size, we swap out the older gear with new hardware and adjust your bill accordingly.

WILL MY APPLICATIONS WORK WITH THE VPN?

Most IP (Internet protocol) based applications will work over the VPN. During pre-sales consultation OfficeScreen technicians can help answer your questions and alleviate any concerns. If your applications are IP based and currently functioning over frame relay, point to point, MPLS or IPsec VPN, they will work with OfficeScreen. In new installations without an existing WAN in place, applications will be tested prior to turn up. If you have 'heavy' applications such as databases that users 'pull' large data files from through the VPN some sort of compression or 'thin client' solution like terminal server, RDP, VNC, Citrix or PC Anywhere can be used to compress this data for transport over the VPN.

WHAT IS THIN CLIENT TECHNOLOGY?

Thin client technology is a term used to describe software such as Terminal Server, Remote Desktop Protocol (RDP), Citrix or PC Anywhere that only display screenshots of the application to the end user. Instead of pulling the data through the line, users are actually looking at and working on the application as it sits on servers at headquarters. Changes made by users are transmitted to the application server as mouse clicks and keyboard entries and the changes take affect there, not on the users machine. The benefits to this approach are:

  1. High performance for heavy apps delivered to geographically distributed offices or remote users.
  2. Centralization of applications for administration and backup.

ARE THERE ANY DRAWBACKS TO THE THIN CLIENT APPROACH?

Remote users cannot work 'offline' or work unconnected to the network or Internet. Users need to have a connection to the server at HQ in order to see the applications.

Note: OfficeScreen does not include thin client technology. It is assumed the customer has it working in their network. If that is not the case, OfficeScreen presales support can provide a list of approved vendors that can help integrate thin client into the customer network.

WHAT IS A FAT CLIENT?

Fat client refers to a software program that sits on the users computer such as Microsoft® Office applications.

Users can work on the applications whether they are connected to the server at HQ or not. Fat clients can synchronize themselves once connected to the Internet.

^ Back to top

FIREWALL

WHY DO I NEED A FIREWALL?

Firewalls prevent unauthorized access to your network, protecting valuable company information. They are necessary to secure your company and customer data, and protect you from liability associated with the theft of this information.

HOW DOES YOUR FIREWALL PROTECT AGAINST CHANGING THREATS? AREN'T NEW THREATS DEVELOPED EVERY DAY?

Yes, new threats are developed regularly, but they are countered by OfficeScreen firewalls that secure your network through a variety of means. The OfficeScreen firewall is stateful inspection, which monitors, identifies and blocks abnormal traffic flows, preventing them from possibly harming your network. In addition, the OfficeScreen FW/IPsec VPN service has 31 types of common attacks identified for protection. Finally, OfficeScreen provides proactive notification of new security exploits identified that may affect your network, and will be happy to implement firmware updates if the customer chooses.

ARE UPDATES TO THE FIREWALL'S OPERATING SYSTEM INCLUDED?

When Juniper® Networks issues a release to resolve a newly discovered security threat, OfficeScreen customers that may be affected are proactively identified and patches are applied asap. Also, as Juniper tests and releases firmware revisions to include new functionality, OfficeScreen customers can request field upgrades to their firewalls. All such updates are included with the service.

^ Back to top

OFFICESCREEN FW/IPSEC VPN SERVICES

WHAT DO YOU DO TO INCREASE UPTIME FOR MY MISSION CRITICAL WIDE-AREA-NETWORK?

OfficeScreen security engineers are monitoring your network and proactively troubleshooting any issues as soon as they occur. This 24x7 service results in increased uptime for your network and productivity for your staff.

In addition, using optional dual WAN configurations with instantaneous VPN failover, OfficeScreen is able to seamlessly re-route traffic around any failed circuits. The customer never knows the difference. When the primary circuit is back up the service is automatically flipped back.

HOW CAN I GUARANTEE QUALITY AND PERFORMANCE FOR IMPORTANT APPLICATIONS?

Through traffic shaping, OfficeScreen engineers are able to dedicate bandwidth to your critical applications and prevent non-critical applications from hogging up bandwidth.

WHAT DOES THE END USER SEE WHEN INSIDE THE FIREWALL/VPN NETWORK?

End-users can see remote offices and resources as if they were local (private IP addresses) to their network. No additional software or end user training is necessary for users to enjoy secure interoffice computing. Users have native mapped drive and drag & drop file sharing capabilities between locations.

DO I HAVE TO BUY THE HARDWARE?

No, OfficeScreen customers do not own the hardware at any point during or after the contract term expires. This frees the customer to upgrade their firewalls as they grow during their contract term. After contract expiration customers have the option to get the newest model available, keep the existing unit with a contract extension, or return the hardware to terminate the contract.

AFTER PLACING AN ORDER HOW LONG DOES IT TAKE TO GET THE FW/VPN INSTALLED?

Typically, installation can be completed within days of order acceptance. During the presales consultation a network topology map and application schematic will be created by engineering to aid in rapid and smooth deployment.

WHAT DOES MY SERVICE FEE COVER?

Your service fee covers everything you need for site security, inter-office connectivity and remote user access. OfficeScreen is a hardware-inclusive managed service that combines state of the art security hardware with top notch engineering, around the clock monitoring/support and custom tailored installation. These are all covered by your service fee.

^ Back to top

JUNIPER® NETWORKING HARDWARE

WHY IS JUNIPER HARDWARE THE RIGHT CHOICE?

Don't settle for anything less than enterprise-level hardware and service when it comes to your network security. Juniper Networks is an industry leader and has been recognized by Infonetics Research as the clear #1 in high-end firewall/VPN and SSL VPN markets. Juniper is also #2 in the overall network security market by revenue.

Better performance - Juniper Networks NetScreen hardware is streamlined and designed for security only, assuring maximum performance

Higher levels of security - Strongest level of encryption commercially available and solid stateful firewall protection

More reliability/more uptime - Dual WAN interfaces with tunnel failover mean greater network uptime for mission-critical environments

^ Back to top

OTHER SERVICES

WE HAVE ANTI-VIRUS SOFTWARE INSTALLED ON OUR DESKTOP COMPUTERS, SO WHY WOULD I NEED YOUR ANTI-VIRUS OPTION?

OfficeScreen protects your whole network. The OfficeScreen Gateway Anti-Virus Option secures entire offices from viruses and worms at the Internet gateway, and also prevents them from infecting the rest of the enterprise. When used with a desktop anti-virus software this creates a very secure layered anti-virus/worm and malicious content approach.

HOW CAN THIS PROTECT ME AGAINST SPYWARE, MALWARE AND PHISHING?

With the OfficeScreen Anti-Virus option you get built in spyware and malware protection delivered by the onboard Kaspersky® AV engine.

HOW CAN I PREVENT ACCESS TO OBJECTIONABLE WEBSITES?

One of the options of the OfficeScreen FW/IPsec VPN bundle is web filtering. Leveraging the onboard SurfControl® web filtering engine, this option filters objectionable Internet content - limiting your liability and increasing productivity.

I WANT TO PROVIDE LITTLE/NO INTERNET ACCESS TO SOME EMPLOYEES BUT FULL ACCESS TO OTHERS. CAN YOUR SYSTEM DO THIS?

Yes. We will assist you in creating a security policy for your organization and create multiple policy groups for various users with different needs.

^ Back to top

WIRELESS

I HAVE AN EXISTING WIRELESS ACCESS POINT(S) IN MY NETWORK. HOW DOES OFFICESCREEN SECURE THESE?

Unsecured wireless access points are a major security concern for businesses today. 'War Driving' (driving around looking for wireless access points to break into) is a common exploit used by hackers to gain access to corporate networks.

OfficeScreen Firewall/IPsec VPN bundles can be configured to terminate existing wireless access points (WAP) onto ports we configure as a 'wireless zone'. Two different configurations are available: Basic and Advanced. The Basic wireless configuration, supported on OfficeScreen 5 through 25, allows wireless users to access the Internet only, protecting corporate resources from access by guest wireless users. The Basic configuration is common in hot spot environments when you want to offer guests access to the Internet, but not your corporate network. The advanced wireless configuration, supported on OfficeScreen 50 through 500, secures both corporate and guest wireless users, allowing authorized corporate users to access internal corporate resources, with guests only having access to the Internet. The Advanced configuration is designed for the business network that has both corporate and guest wireless users with different access rights for each. Each of these configurations is available as no-cost option on the respective OfficeScreen units supported and integrates with FW/VPN options like anti-virus and web filtering for an even greater degree of security.

I AM THINKING ABOUT INTEGRATING WIRELESS INTO MY NETWORK. DOES OFFICESCREEN HAVE A WIRELESS SOLUTION?

OfficeScreen FW/IPsec VPN Wireless bundles (planned Q1 of 2007) integrate the wireless access point and firewall together to secure and tightly control wireless access privileges. This unit supports the division of SSIDs (Service Set Identifier) into purpose specific zones for different types of wireless users with differing security policy and authentication requirements. Onboard Virus protection and web filtering can then be activated to provide an even greater degree of security.

^ Back to top

VOIP

I'M THINKING OF TRANSITIONING MY PHONE SYSTEM TO VOIP. CAN YOU HELP ME?

Yes. OfficeScreen FW/IPsec VPN solutions include Juniper® Networks appliances that support Juniper's proprietary Application Layer Gateway (ALG). This technology understands VoIP protocols and provides the highest level of security while dedicating bandwidth, prioritizing VoIP traffic and communicating with local area and wide area network QoS protocols. OfficeScreen secures both hosted and CPE based VoIP with dynamic port security, session awareness and denial of service protection. While you will need to order VoIP from your service provider or VoIP system integrator, OfficeScreen solutions are ideal for securing VoIP environments.

Hosted VoIP examples - Broadsoft or Cliantro delivered by VoIP service providers.

CPE based VoIP examples - Avaya IP Office, Cisco Call Manager, Shoretel delivered by systems integrators.

A Note on Customer Premise Based VoIP - Standard Internet circuits do not have the ability to support QoS, which is a requirement for business critical VoIP applications. This is a limitation of the Internet and the way it handles packets. MPLS or Point to Point links between offices passing VoIP traffic are strongly recommended. With a QoS enabled wide area network in place, OfficeScreen provides security against the Internet, denial of service protection and data connectivity for remote users and off-net locations.

^ Back to top

SUPPORT

WHAT DOES "FULLY MANAGED FW/IPSEC VPN SUPPORT" MEAN?

Fully managed means all support, daily administration and around the clock network monitoring and proactive troubleshooting are included in the service fee. Fully managed implies the customer does not need dedicated personnel to monitor and manage connectivity to remote offices and users. OfficeScreen® takes the fully managed concept one step further by including Proactive troubleshooting.

Pro-active Troubleshooting- If a customer location goes offline for two consecutive polling cycles, OfficeScreen engineers begin troubleshooting procedures without the customers intervention. OfficeScreen engineers seek to isolate the source of the problem before contacting the customer. Once the source of the problem is located the customer is contacted and notified of the problem and the efforts being taken to bring the network back up.

i.e. Customer LA node is down and not responding - OfficeScreen engineer attempts to reach the Juniper remotely. If no contact, the Security Point of Contact (SPOC) calls ISP and notifies them of a problem with the circuit and asks for a trouble ticket number and resolution ETA.

  • OfficeScreen techs contact customer SPOC with trouble ticket number and update on correction ETA.
  • OfficeScreen tech monitors situation until LA node comes back online.

^ Back to top

WILL YOU COME OUT AND INSTALL THE SYSTEM FOR ME?

All OfficeScreen products are remotely deployed, keeping the cost of the service down while still providing world class technical solutions. OfficeScreen engineers specialize in remote deployment and support as a function of the managed services.

OfficeScreen FW/IPsec VPN - Iomega OfficeScreen engineers determine the technical requirements in the pre-sales phases of customer communication and confirm these requirements prior to installation. These configuration requirements are entered into each site's file. OfficeScreen delivers pre-configured hardware based on customer Internet settings. Once received by the customer Security Point of Contact (SPOC), OfficeScreen engineers work with your SPOC via toll free number to plug in the unit with labeled ports and color coded cabling. This solution is simple plug-and-play and we complete and test the configuration with the SPOC on the line. Once installation is complete OfficeScreen engineers discover each customer device in the Iomega Security Operations Center and initiate pro-active monitoring.

^ Back to top

WHAT IF MY HARDWARE BREAKS DOWN?

OfficeScreen FW/IPsec VPN - New pre-configured hardware will be sent to you overnight with your configuration loaded before shipping. Configurations are backed up nightly to insure customers needing hardware replacement get the most updated configuration. The replacement unit arrives plug and play, functioning the same as the previous unit did before it failed.

^ Back to top

OFFICESCREEN EMAIL SECURITY AND SPAM DEFENSE POWERED BY POSTINI

WHAT DO YOU HAVE FOR ANTI-SPAM?

OfficeScreen Managed Email Security and Spam Defense Powered by Postini® is an enterprise-quality service, providing unrivaled protection against viruses, spam, and other malicious threats. Postini’s patented managed service platform blocks threats before they reach your email gateway. Deployment is simple, with no investments in hardware, installation, or maintenance required. Trusted by over 35 thousand enterprises and 10 million users, this reliable and cost-effective email security solution is within the reach of businesses small to large through Iomega.

WHAT KIND OF SOFTWARE OR HARDWARE WILL I NEED TO INSTALL FOR EMAIL SECURITY?

None. OfficeScreen Email Security is “software as a service” and operates with a simple email re-direct. There is no hardware or software to install or maintain.

HOW DOES THIS SERVICE COMPARE TO THE SOFTWARE AND APPLIANCES I’VE USED BEFORE?

Traditional software and appliances are not equipped to handle the increase in volume and sophistication of email borne threats, resulting in system crashes, lost emails, and wasted resources on equipment upgrades. OfficeScreen Email Security is a managed service, which offers faster, better protection from growing threats, no software, hardware or installation and maintenance headaches, and a complete security and compliance solution with options for email encryption and message archiving.


In addition, this service is more cost-effective. The problem with traditional solutions is that as spam increases, your costs to maintain your email system also increase (need to buy more software and hardware to keep up with the spammers). With the OfficeScreen model, as spam increases, your costs remain the same.

WHO IS POSTINI?

Postini is a global leader in on-demand communications security, compliance, and productivity solutions for email, instant messaging and the web. Postini’s award-winning services are designed to protect customers from viruses, spam, phishing, fraud and other attacks; encrypt messages to ensure confidentiality and privacy; and archive communications to ensure compliance with regulations and prepare for e-discovery. More than 35,000 businesses rely on Postini every day to protect them from a wide range of threats, reduce compliance and legal risks, and enable the intelligent management and enforcement of policies to protect intellectual property, reputations and business relationships.


Iomega has partnered with Postini to make their industry-leading messaging security and compliance solutions available to Small and Medium-sized Businesses (SMBs).

ARE YOU ABLE TO READ MY EMAILS WITH THIS SERVICE?

No. Postini's architecture processes mail in real time so emails are not copied to disk during the filtering process, which enables Postini to observe the highest levels of confidentiality.

HOW CAN I BE SURE THAT VALID MESSAGES ARE NOT FILTERED OUT AS SPAM?

Postini has an extremely low false positive rate (.08%), which means that valid messages are rarely erroneously identified as spam. In addition, each end user has access to their Message Center online. This simple to use console allows you to see all messages filtered out as spam. If a message from a known sender was filtered the user can click to deliver the message to their inbox and also to add the sender to their approved list for future messages.

HOW DO YOU MANAGE WHITE LISTS AND BLACK LISTS?

White lists and black lists are lists of email senders that are either approved or blocked. Postini makes life simple for both the administrator and the end user by allowing the user to manage this information through their own Message Center via the web. This is fast and easy to do. End user self management also prevents the delay and added work involved with systems where the user and administrator have to go back and forth in setting up allowed/disallowed senders.

WHAT IF I WANT TO SEND AN ENCRYPTED EMAIL?

You can easily choose to add one of our OfficeScreen Email Encryption services as an optional add-on to the OfficeScreen Email Security service. OfficeScreen Managed Email Encryption Option Powered by Postini enables automatic, selective message encryption based on your policies. Your encryption policy is continuously and automatically enforced and transparent to users. As an on-demand service, OfficeScreen Email Encryption requires no new software, hardware or maintenance. Administrators can easily and dynamically set policies based on users, content or recipients.

CAN YOU HELP ME ARCHIVE MY MESSAGES?

Yes we can. OfficeScreen Message Archiving is available for both email and IM and is an option to the OfficeScreen Email Security Service. OfficeScreen Managed Message Archiving Option Powered by Postini enables quick and affordable implementation of data retention and compliance policies. All inbound and outbound messages are captured, stored and replicated for maximum data integrity.

HOW CAN I CONTROL THE IM USAGE OF MY EMPLOYEES?

The OfficeScreen IM Security Option to our Email Security service line enables you to outsource your IM security and management and ensure that usage is consistent with company guidelines. IM policies can be applied to your entire organization, users groups or individual users. This management layer enables organizations to determine which users have access to public IM, which public IM networks will be used, and whether the conversations will be internal only or to external users as well. This service also acts to stop threats such as IM worms before they can ever enter your network via the major public IM networks. That means blocking infected or spoofed IM messages before your users can unknowingly activate a worm by clicking on a malicious URL.

WILL YOU COME OUT AND INSTALL THE SYSTEM FOR ME?

All OfficeScreen products are remotely deployed, keeping the cost of the service down while still providing world class technical solutions. OfficeScreen engineers specialize in remote deployment and support as a function of the managed services.


Although OfficeScreen Email Security services can be easily configured for activation, businesses with more complex environments that wish to ease the learning curve and effort while maximizing the value of their email services can purchase PowerUp Email Support Options for additional assistance in the set-up process.

WILL MY EMAILS BE LOST IF MY MAIL SERVER GOES DOWN?

Unlike appliances, Postini is a service that is able to spool your messages in the event that your server goes down, and resume delivering them when you are back up and running.

WHAT IF MY HARDWARE BREAKS DOWN?

OfficeScreen Email Security is a hosted solution with no software or hardware. In addition, Postini's redundant infrastructure is 99.999% available, so you can be sure that, no matter the catastrophe, your critical communications will be available.

WHAT HAPPENS TO MY EMAIL IF POSTINI HAS A DATACENTER PROBLEM?

Postini has data centers across the U.S. and Europe. If an issue ever arises with a local data center your email is already configured to failover to a different existing datacenter.

WHAT ARE THE MINIMUM TECHNICAL REQUIREMENTS FOR OFFICESCREEN EMAIL SECURITY?

OfficeScreen Email Security is a managed service that resides outside of your network. It requires no additional resources such as hardware, software or personnel to keep it maintained. To use this service a company must have its own domain such as abcwidgets.com with a static IP address and a dedicated mail server that can be in-house or operated by an ISP. To begin scanning email messages the company’s technical administrator must simply change its mail exchange (MX) record to point to the Iomega OfficeScreen servers.

^ Back to top