You are here: Home » Services » Government Shared Network » GSN Features

GSN Features

Service Management

The Government Shared Network (GSN) features a fully managed infrastructure with a 24 x 7 Service Desk. The GSN Service Desk provides second level support with the agency's own help desk providing first level user support.

The GSN Service Manager within the State Services Commission's All-of-Government Operations unit manages the day-to-day operation of the network and provides planning (capacity and availability) and support (incident, change and configuration) services.

Service delivery and support processes are designed around the ITIL service management framework developed by the UK Office of Government Commerce and recognised as a reference for best practices in IT service management.

Basic GSN services include an agency-specific portal with a range of standard reports. Future service options will include enhanced monitoring and reporting capabilities.

Agencies have access to facilities that allow them to manage the configurations of some of their own network services. Services that can be directly managed by agencies include the virtual firewall, the user VPN concentrator for remote access, and DNS. As the tools and facilities mature, agency and user self-service will extend to activation, deactivation and configuration of most services.

Security and Privacy

While the GSN focus is on open connectivity and maximum access to transport resources, it does so with an awareness of the security needs of the State Services. The GSN provides fully secure end-to-end encrypted exchanges among users, accredited to NZSIT-400 standards and meeting RESTRICTED level security requirements as defined by Security in the Government Sector (SIGS).

The GSN uses encryption to protect all agency information across Telecommunication Provider Layer 2 or Layer 3 links.

Security on the GSN is provided via a five-tier model, with each tier providing physical separation. Security mechanisms within the GSN ensure that only the appropriate traffic is allowed to traverse the GSN in the correct direction and with the correct behaviour. The following are some of the mechanisms in place:

Perimeter protection provided by multiple firewalls certified to a minimum of Evaluation Assurance Level 4 (EAL4).
Intrusion detection and prevention (IDS/IPS) provided at various points.
All email content is scanned for viruses.
Anti-spoofing measures assure positive identification of participating agencies.
Security related events are monitored and reported by a security correlation engine.

The GSN is a shared infrastructure and achieves security by logically separating agency traffic. As the GSN utilises Layer 3 Telecommunication provider circuits, it also ensures that the information in agency traffic is protected if, for any reason, an agency's data is compromised.

Two key technologies are used to achieve traffic separation and protection:

Multi-protocol Label Switching (MPLS) operates on all inside-network Core devices and is used to separate private agency information across WAN links.
Virtual LANs are used to separate private agency information across LAN links.

A key feature of the GSN is that the infrastructure is shared only by State Services organisations. Similar commercial products are, of course, shared by the wider public user base.

Network and Configuration Management

The GSN provides a managed access network for agencies, which relieves them of the burden of maintaining network routing interfaces, routes and associated routing tables.

Agency Administration and Control

Access to information provided by, or held on behalf of an agency is restricted to those authorised by the agency.

Where feasible administrative functions associated with products or the underlying services such as policy definition and configuration settings are delegated to owning agencies. Authorised GSN personnel have levels of access necessary to provide administration and support for GSN-provided and GSN-managed services, but have no unauthorised access to restricted agency information or content.

GSN will provide 2-factor authentication for access to the agency GSN portal to allow agencies to complete the following:

Manage the agency firewall.
Manage the agency user VPN concentrator.
Manage agency domain names.
Log faults.
Request Moves, Adds, or Changes (MACs).
Retrieve reporting information.

GSN Provided Customer Premises Equipment (CPE)

Depending on the agency environment and options selected, GSN may require the installation of specific hardware (e.g. switches, encryption device) at agency sites.