sign in sign up
<<
Home , Access Point Name, Customer edge, Private network, Verizon (mobile network)

Customer guidelines Private Network roles and responsibilities

Customer guidelines

Introduction Enhanced by LTE technologies, Private With a Private Network: Network enables a fast, direct connection to This document presents the roles • Devices are authenticated and authorized for internal systems and applications without and responsibilities associated with each Private Network (only authorized data can compromising network control and manageability. It Verizon Private Network. The traverse the designated network). gives organizations a competitive edge to fuel use of Private Network is subject to your growth and safely integrates wireless devices into • Data is routed per your IP pools associated service agreement with Verizon Wireless. their networks. It lets mobile workers, machine-to- with your Private Network. Private Network description—overview machine (M2M) solutions and physical sites • Dedicated Private Network Gateways wirelessly connect without compromising internal are designated. Verizon Wireless Private Network extends networks, applications or data. your IP networks to mobile workers and wireless connected devices by segregating the data from the public . With Private 1 2 3 4 Network, you can deliver mission-critical information easily to your mobile workforces and connected devices on the largest high-speed in America, while reducing Private IP Wireless concerns over security and reliability related to Gateways the public internet. Having data communications Private NNI Verizon Private IP Customer segregated from the public internet blocks 1xRTT Site A Network unsolicited traffic and reduces security risks Private associated with malware, viruses, spyware and Network worms. Private Network offers organizations a Point to Point Private Network reliable and secure wireless extension to IP EV-DO Rev. A Verizon Gateways Wireless Services networks that provides complete control over Verizon Wireless Data Network Site B device network access to internal applications Internet and resources. IPsec Virtual Private 4G LTE Network (VPN)

Radio Access Network 1 Customer guidelines

Connectivity options Option 3: Dedicated physical circuit and the secondary gateway returns to hot standby mode. With Private Network, there are multiple methods You can also complete the Private Network build- out by installing a dedicated physical circuit at offered to connect to your corporate configuration. Customer premises equipment These connectivity options include: your location to connect to Verizon Wireless. Since the circuit is dedicated, you’ll have the entire Customer premises equipment (CPE) used Option 1: Verizon Private IP bandwidth available for use. The use of additional for the connectivity with the Private Network If your company is already a Verizon Private IP encryption technology becomes optional under this Gateway must meet functionality requirements customer, you can use that Private IP network to implementation since no data will traverse the to provide a secure and acceptable level of connect to the Verizon Wireless network. This public internet. performance. Any routers and other CPE that approach allows you to implement Private Network you procure must meet Verizon Wireless Option 4: Wireless to wireless without affecting your existing network topology. requirements for Private Network connectivity. If your company is not a Private IP customer, Private Zero-tunnel configurations are for solutions that You’re responsible for ensuring any CPE meets Network and Verizon Private IP can be implemented require only mobile-to-mobile communications, data capacity and throughput needs. The together. Either way, you can combine the benefits which use wireless connectivity to your data center requirements vary by connectivity type, which are of wireless with the benefits of a multiprotocol label instead of a wireline connection. Zero-tunnel stated in the guidelines below. It is recommended switching (MPLS) network. configurations have no communication outside of that you contact your Verizon sales representative the mobile IP pools and can be designed as a for the latest CPE guidelines. When implemented with Verizon Private IP, all hub-and-spoke configuration in which the central wireless data traffic can be routed directly to any wireless device at the data center provides access Option 1: Verizon Private IP location connected to your Private IP network. This between the customer-hosted applications and the The connectivity between the Private Network simplifies network scenarios and provides devices in the field. With this configuration, you Gateway and Verizon Private IP network has redundancy for business continuity. You can also need to consider your data-plan usage because the dedicated network-to-network interfaces. These access additional hosted services from Verizon that central wireless device’s data traffic is a composite deliver the data traffic between the two networks. can help increase your return on investment as well of all data traffic traversing the connection to the For wireline connectivity with Private IP, there are as better position your business for the future. data center from all of the field/mobile devices. CPE requirements for both Private IP Standard and Option 2: IPsec VPN Enhanced Traffic Management (ETM) solutions. Redundancy You can use virtual private networks (VPNs) to If you have sites using Private IP Standard, you do create a secure tunnel between your internal Verizon requires connectivity redundancy. not mark any traffic. Instead, traffic is policed at network and the Verizon gateway. This can be a Connectivity redundancy provides a backup path the Private IP provider edge (PE) device. At a simple and effective solution if your IT staff is when the primary connection between Verizon and minimum, you need to use routers that can support already familiar with setting up and managing VPN the enterprise network experiences a failure that both (IP) and Internet Engineering environments. This option encrypts all traffic from prevents traffic from moving over the connection. Task Force (IETF) frame-relay encapsulation. To provide connectivity redundancy, each Private the Verizon Wireless Private Network gateway If you have sites using Private IP ETM, you control Network is built with a primary and secondary and sends it over the tunnel through the your traffic at the customer edge (CE) or router, gateway. The secondary gateway acts as a hot public internet to your company location. By and you’ll have multiple priority classes to mark standby to provide support if the primary gateway layering additional technologies, you could also your traffic. At a minimum, your routers need experiences a failure and can no longer operate. encrypt the entire path. to support IP, IETF frame relay, and either Once the primary gateway becomes operational Differentiated Service Code Point (DSCP) or again, traffic redirects back to the primary gateway IP precedence.

2 Customer guidelines

Note: Routers that support a proprietary version -- The CPE device must be able to terminate BGP, 2. Turn-UP call of Asynchronous Transfer Mode (ATM)/frame-relay GRE and IPsec. a. You are responsible for having the CPE protocol are not supported. And routers that Option 4: Wireless to wireless prepared to support the Private Network are deemed end-of-life (EOL) status by their connection. Readiness involves configuring Only Verizon Wireless devices approved for Private manufacturer are not supported. your CPE. This might include activities such Network activations may be used. as Phase I exchange of pre-shared keys and/ Option 2: IPsec VPN or Phase II setup of the IPsec tunnel. Private Network Gateway connectivity to your Customer responsibilities b. You need to provide resources to participate premises using IPsec VPN requires CPE that meets Implementation of Private Network in the Turn-UP, which validates the the following criteria: You are responsible for providing the resources to connectivity from Private Network Gateway • Support (BGP). work with the Verizon solution engineer (SE) to your premises. Personnel supporting the • Support Generic Routing Encapsulation through the Private Network implementation Turn-UP call must have the CPE knowledge of (GRE) tunnel. process. This includes the following activities: the configuration being used and have the • Terminate IPsec tunnel in transport mode. authority and capability to make configuration 1. Private Network connectivity form changes as necessary. This includes • Virtual Tunnel Interface (VTI) with IPsec Provide the required information to complete the expertise on the configuration of the IPsec encapsulation: form, such as contacts, IP pools and CPE. This tunnel, Domain Naming System (DNS), -- Private Network only supports static VTI. information is used to build the connection Translation (NAT) and Dynamic VTI is not supported. between the Private Network Gateway and your firewall. It also includes the ability to monitor, premises, along with how IP addressing will be -- IPsec transform set must be configured in trace and troubleshoot to confirm that assigned to the wireless devices. Completing tunnel mode only (default). the connection is operational. the Private Network connectivity form with c. The Verizon sales team will communicate to -- The CPE device must be able to terminate BGP, accurate information is crucial to timely building you the proposed Turn-UP call dates. It is GRE and IPsec. a Private Network. Any missing or incorrect expected that you will be able to provide the information will result in delays in building out Option 3: Dedicated physical circuit necessary personnel for the selected Turn-UP the Private Network. Private Network Gateway connectivity to your call date. a. You are responsible for procuring private IP premises using dedicated physical circuit requires 3. Customer test CPE that meets the following criteria: addresses, which must be communicated to Verizon Wireless during implementation. Upon successful Turn-UP call, Verizon will release • Support BGP. Private Network supports static and dynamic up to 10 IP addresses associated with your Private • Support GRE tunnel. addressing for 1X service and/or EV-DO Network. You are responsible for activating a limited number of devices to validate their • Terminate IPsec tunnel in transport mode. service, 4G LTE service and internet addressing system Internet Protocol connectivity to your applications. If successful, • Virtual Tunnel Interface (VTI) with IPsec version 4. you will use those devices to provide the Verizon encapsulation: solution engineer with trace routes and ping tests. -- Private Network only supports static VTI. 4. Wireless Enterprise Help Desk Dynamic VTI is not supported. Upon completion of the Turn-UP call, you will -- IPsec transform set must be configured in receive a welcome packet that provides details on tunnel mode only (default).

3 Customer guidelines

engaging Wireless Enterprise Help Desk (WEHD) Customer premises equipment CDMA devices for Private Network support. This information It is your responsibility to select CPE that meets Private Network requires use of mobile IP (MIP) should only be shared with those personnel on the requirement for connectivity. You should protocol when on 3G and networks for non- your help desk that have been designated to consult with your equipment vendors to determine 4G-capable devices.1 MIP is designed to support support your Private Network implementation. if their routers support the minimum requirements. host mobility. This allows mobile device users to a. Enterprise Customer Management System move from one network to another without the (ECMS). You will have a profile established Device guidelines need to change the device’s IP address. As a within ECMS in order to receive support from Only Verizon Wireless–approved devices may be result, devices can stay connected to the network WEHD. Once the ECMS profile has been activated. 4G devices must be verified for Private regardless of their location. This is made possible approved and customer testing was Network usage. It is recommended that you by the ability of MIP to track a mobile host without successful, Verizon will make available the contact your Verizon sales representative for the the need to change the mobile host’s long-term remaining IP addresses within your Private latest approved devices. IP address. Network build. M2M configuration guidelines Roaming Other customer responsibilities Devices classified as Internet of Things Private Network supports device connectivity when leaving the Verizon Wireless network Network Event Notification (IoT)/M2M must conform to the “Application, Device, Network Usage Guidelines for IoT and footprint (aka outbound roaming) with approved Network Event Notifications (NENs) provide alerts M2M.” Your sales team can provide a copy Verizon roaming providers whose wireless to scheduled network maintenance or network of these guidelines. technologies may include GSM, UMTS, HSPA or outages that may impact your Private Network 4G LTE. performance. You have the option of receiving Support enterprise-class APN In order for a device to roam with Private Network, NENs via email to designated personnel for the Each Private Network built will have a unique you must take the following into consideration: following events: (APN). The typical structure 1. The device must be Verizon Wireless certified • Planned and/or unplanned work or outages for Private Network enterprise-class APN is: and have the proper modem to connect to the [COMPANY].GW [XX].VZWENTP • Low and/or high priority—what are the roaming provider’s network. chances this event would affect your network Field values: 2. The SIM profile used within the device must and/or devices? • [Company] is the derived company abbreviation. contain plans that support roaming within the • Technology affected (i.e., 1xRTT, EV-DO, • GW[XX] is the Gateway number associated with desired geographic area. LTE and push to talk) your Private Network. 3. Devices must initially be activated on the • Enterprise Wireless Gateway (primary or backup • VZWENTP is the enterprise indicator. Verizon Wireless U.S. network to allow the data center where your private network is based) enterprise APN to be correctly configured per 4G-capable devices must support enterprise- • Geographic location (region, state or city) over-the-air delivery. class APN. Verizon 4G LTE device requirements The Verizon Wireless solution engineer contain specific requirements that the device 4. Guidelines associated with international IoT and and WEHD personnel will work with you in vendor must conform to in order to support M2M roaming requirements will apply. completing the NEN profile. enterprise-class APN. This conformance 5. Only the Verizon IMSI is supported. is verified as part of Verizon Wireless 6. 3G-only (non 4G LTE-capable) devices are device certification. not supported.

4 Customer guidelines

When roaming off the Verizon Wireless a. Provide at least 10 device IDs. Private Network regression testing network, the data connection with b. Meet any Verizon legal requirements per You are responsible for any charges associated Verizon Wireless will be dropped and a new National Account Agreement (NAA); Major with the customization of your CPE to data connection will be established with the Account Agreement (MAA); state and local support SBA. roaming provider’s network. This new government agreement; or other Verizon connection will send the data traffic to customer agreements. Private Network Traffic Management Verizon Wireless, which will be routed to the c. Supply contact information to those Private Network Traffic Management (PNTM) EXGW associated with your Private Network. authorized to access the M2M provides a premium and differentiated network experience. It enables application Private Network options Management Center. differentiation and quality of service (QoS) over Private Network offers features that enhance your the 4G LTE Private Network using standards- overall experience. These are optional Private Customer account self-management based IP packet marking (IP DSCP) to create IP Network build capabilities. You have the following You can manage your wireless accounts through traffic preferences for business-critical responsibilities associated with these options. In either My Business Account or Verizon Enterprise applications and to achieve more predictable order to include these options as part of your Center. These portals offer self-service ability in application performance during times of peak Private Network solution, you will be required to ordering, account maintenance, billing and network demand. With PNTM, your business can meet the guidelines described below. reporting. To enhance your experience we let improve your users’ experience during peak network demand through: Machine to Machine Management Center you make changes to your account an d devices used within your Private Network. This includes • More control. When the wireless 4G LTE Private The M2M Management Center is a self-service the ability to provision, manage and report Network becomes congested, PNTM gives you portal with specialized features for managing the IP addresses. the ability to prioritize your applications for connectivity of M2M devices. This lets you monitor optimal performance. near real-time device usage and connection You are responsible to work with your Verizon status, and set up notifications to alert you when account team to establish a profile to access • Higher productivity. With more predictable a specific event occurs or when a predefined these portals. application performance during high-traffic threshold is exceeded. It also lets you generate periods, you can use business-critical Service-based access current and historical reports on device usage, applications when and where you need them. Service-based access (SBA) enables access to provisioning and connected data sessions. You • Increased flexibility. PNTM lets you map your Verizon’s Visual Voice Mail, multimedia messaging can easily access the M2M Management Center applications into the Business Critical Class of services and 3G location-based assisted-GPS from the My Business Account or Verizon Service (CoS) based on the applications’ services. Only devices approved by Verizon will be Enterprise Center portals. requirements. allowed for access with solutions that use 3G You are responsible for the following to enable assisted-GPS service. This requires meeting the • New potential. PNTM extends QoS policies M2M Management Center: following criteria: traditionally provided on fixed WAN to the 4G LTE Private Network, giving you expanded 1. Establish a My Business Account or Verizon 1. Open Development device certification Enterprise Center profile. 4G LTE Private Network control. 2. Location-based services interoperability testing 2. Provide resources to work with the Verizon Only user SIM profiles that contain the PNTM Solution Engineer through the M2M feature will be supported with CoS capability. You Management Center implementation process, are responsible for selecting the appropriate CoS which includes these activities:

5 Customer guidelines

to be associated with the SIM profile, as well as IPv4-based Network Mobility protocol and representative can provide guidance to the any associated charges with the service and any requires the router to be configured to support certification process. charges associated with the customization of its this capability. You are responsible for the 5. Provide geographically diverse primary and CPE to support PNTM. 4G LTE Private Network configuration and any charges associated with the failover E-AAA servers and the associated subscribers with unlimited data plans are ineligible customization of your CPE to support DMNR. dedicated connections. for PNTM. Customer-hosted E-AAA Data records streaming PNTM capability will not be in service when In a customer-hosted enhanced authentication, roaming off Verizon Wireless network since Private Network supports the option to have a authorization and accounting (E-AAA) the roaming provider’s network can’t establish direct feed of Remote Authentication Dial-In User configuration, the Verizon authentication, the dedicated bearer used for PNTM. Service (RADIUS) accounting records (start and authorization and accounting (AAA) server acts as stop fields/attributes) sent from the Verizon Data PNTM for Public Safety a proxy to your E-AAA and requires a physical Streaming Server (DSS) to an accounting server circuit to connect the customer-hosted E-AAA Eligible public safety accounts can take advantage you designate. You will receive the RADIUS file with the Private Network AAA. You must provide of priority access to a data channel over the with the raw data (without modification or geographically diverse primary and failover wireless service for its data traffic during times of customization) that you can parse according servers and associated dedicated connections. heavy network demand. While PNTM for Public to your reporting needs. Your receiving server Connectivity to customer-owned E-AAA servers Safety enables a dedicated data channel, must be capable of receiving and acknowledging over VPN connection is not supported. Customer- Verizon Wireless makes no guarantee of wireless raw accounting information. A physical circuit hosted E-AAA configuration will require service availability, which is subject to the is required for sending the accounting records certification of your E-AAA proxy servers. limitations of wireless service availability as from Verizon Wireless to your accounting server. detailed in the agreement. PNTM for Public For solutions involving customer-hosted E-AAA, You are responsible for charges associated with Safety is only available to customers approved by you are responsible to: the circuit. Verizon Wireless that qualify as Public Safety 1. Provide the information required within the Split Data Routing Entities classified by the following NAICS codes: Private Network connectivity form. Dual Access Point Name (APN) provides • 621910 Ambulance Services 2. Provide the physical circuit to be terminated at a simultaneous data sessions to a Private Network • 922110 Courts Verizon Wireless fixed-end system (FES) and the internet from an enterprise-owned device. • 22120 Police Protection location. You are responsible for charges The functionality is device driven where the Class associated with the circuit. 3 APN value data traffic is associated with internet • 922160 Fire Protection 3. Submit your E-AAA server for certification and destination and the Class 6 APN value data traffic • 922190 Other Justice, Public Order, pay associated certification costs. is assigned to the Private Network connection. and Safety Activities Verizon provides the ability to route the data traffic 4. Only Bridgewater or Bridgewater-certified to the gateway within its network based on the Dynamic Mobile Network Routing equipment is supported today for authentication Class APN value the device has chosen to route and authorization E-AAA functionality. This Dynamic Mobile Network Routing (DMNR) allows the data. Mobile-originated data into Verizon’s certification is conducted by Bridgewater/ configuration of Private Network for dynamic network will be based on the Class APN the AMDOCS, which charges a fee for the testing. routing support of mobile or stationary routers to device has chosen to route the data. For example, You will be responsible to pay to Bridgewater/ the subnets it serves (up to eight) to other devices Class 3 APN data will be routed within Verizon’s AMDOCS for the testing. A Verizon on your network. DMNR is based off Mobile network to a public gateway that connects to the

6 Customer guidelines

public internet, while Class 6 APN data will be • Select one of the billing options: routed to the Private Network gateway that -- Single-party billing. You will be billed for both Learn more. contains the customer’s build. the internet and Private Network data traffic as To learn more about Verizon Wireless The wireless device selected must have the part of your data price plan. Private Network, contact your ability to: -- Multi-party billing. You can have internet data Verizon Wireless business specialist or • Support multiple APNs based on the LTE Data traffic billed to an entity other than your Private visit us at verizonwireless.com/contactrep (LTEDATA) Device Requirements issue April 2016 Network account. or later. • Route internet-designated data traffic using the Class 3 APN and data traffic categorized for the customer’s Private Network using Class 6 APN.

• Separate internet and private data traffic to Internet ensure internet data uses Class 3 APN only and

private data uses Class 6 APN only. Public gateway For solutions involving Dual APN, it’s your responsibility to: Class 3 APN: VZWINTERNET • Confirm with your Verizon account team that your Verizon Wireless data network billing profile contains the Dual APN special Class 6 APN: Customer feature offerings. PN APN network Radio access IPsec VPN • Select devices that support Dual APN. network (RAN) • Accept that the device has the capabilities Point-to-point circuit required by you to protect your private data

traffic from internet data traffic. The device must Private network Customer gateway Private IP (MPLS) premises provide protection in keeping private data private router by not allowing internet data traffic to mix with private data associated with your Private Network. Data within the device is managed by the device or its applications, Verizon is not responsible for device data management and how the device protects data associated with Private Network from data associated with the internet.

1 Mobile IP capability only applies to Verizon Wireless 3G and 2G devices. Network details & coverage maps at vzw.com. © 2017 Verizon. UG02640317 7