California Government Enterprise Network (CGEN)

CGEN services provide the California State Government WAN connectivity through vendor owned and managed equipment. The vendor manages from the customer’s LAN to the vendor’s routers in the CDT iHubs. Customers can access the Internet, CDT facilities, customer servers and applications hosted at CDT and other State departments. CDT is the owner of record and manages the provisioning of customer connectivity. Customers are still responsible for their own local area network (LAN).

CGEN employs Layer 3 advanced Multiple Protocol Label Switching (MPLS) which is any-to-any access and supports Quality of Service. Where applicable, Layer 2 transport can be used. CGEN is reliable, scalable and secure and leverages the vendor’s ability to keep CGEN current with technology and industry standards.

CDT will continue to manage the network infrastructure that supports CGEN. This infrastructure includes two interface hubs (iHubs); each one being in a different geographic location and local access transport area (LATA) for diversity and fault tolerance. One is located in Sacramento and one in the Bay Area. A third iHub will be installed in a southern California LATA. The iHubs are the gateways to servers located at CDT and to the Internet.

The CGEN managed service is gradually replacing CSGNET. CSGNET is comprised of either CDT-owned or customer-owned access equipment and CDT  manages the WAN. Once all CSGNET customers are migrated to CGEN, CSGNET will be retired.

This offering is classified as a Current service.



  • 24 x 7 CDT Service Desk and vendor support coordination
  • Vendor network operations centers
  • Customer site WAN access
  • Customer access to services provided by CDT
  • Customer visibility into their CGEN resources


  • Access to customer owned equipment at CDT facilities
  • Supports inter-departmental shared services
  • Improved network security for departmental privacy
  • Internet access


  • Remote office access to services
  • Vendor-provided web portal and reports for each customer to monitor their own network connectivity, usage, and incidents
  • iHubs deliver customer traffic to customer servers and applications hosted at CDT
CDT is responsible for providing an infrastructure and core that the CALNET vendors can leverage to deliver access for Customer headquarters and remote sites.

CGEN leverages CALNET vendor managed service product offerings.  The CGEN Service bundle is a shared responsibility model, offering end-to-end WAN connectivity using vendor-owned routers at the customer edge, and vendor-owned circuits connecting to 2 of 3 CDT iHubs. The diagram below illustrates the CGEN Share Responsibility Model:


Application protocol services are available from the CALNET vendors. The following list identifies the protocols that are currently available.

  • DLSW (Data Link Switching) providing IBM SNA protocol support.
  • AppleTalk supporting earlier Apple network solutions.
  • IPX/SPX (Internetwork Packet Exchange/Sequenced Packet Exchange) supporting earlier Novell network solutions.
  • Network layer encryption for Customer traffic that needs encryption and does not have encryption provided by the session end points.

The list below summarizes the CALNET vendors that can be used by each CGEN customer.

  • Category 1.2 MPLS VPN and Converged VoIP
    • AT&T
    • Comcast
    • Electric Lightwave (Zayo)
    • NWN
    • Verizon
  • Category 3 Metropolitan Area Network (MAN) Ethernet
    • AT&T
    • CenturyLink
    • Comcast
    • Cox
    • Electric Lightwave (Zayo)
    • Level 3
    • NWN
    • Verizon
  • Redundant connections to both CDT data centers are included in the cost for Category 1.2 and 3 Network Services so customers can plan a disaster recovery solution.

Most of the State’s Internet access service is provided by the iHubs. The iHubs work together to provide a central point that coordinates the State’s Internet access over multiple service providers. The Internet Access service includes fundamental security measures designed to protect the State networks. The following are included in the CDT Internet access service:

  • Intrusion Detection Service
  • Intrusion Prevention Service
  • De-militarized Zone network segments

Generally, implementations that enforce Internet usage policy are implemented by CDT customers.



CGEN includes the following security measures:

  • Customer sites are connected to a Customer’s virtual network which is isolated from all other Customer networks.
  • Virtual LAN technology used in the iHubs protects each Customer’s virtual network.
  • Since the network access device is managed by the CALNET vendor, sites requiring firewall functions should implement a separate device for that purpose. The firewall device can be Customer provided or CDT provided.
  • CDT staff with access to Customer data receives appropriate background checks.

For more information, see Security Services.

Changes to CGEN services fall into two categories; Billable requiring a Form 20 or Non-billable low impact. For Billable changes requiring a Form 20, Customers will follow the customary process of submitting a Service Request. However, the Customer should contact their Account Lead for directions on preparing the Service Request for efficient processing. For Non-billable changes, Customers can use the SRM System where they will find several template requests (listed below) for common changes.

  • Bandwidth Utilization Reporting
  • Device Management and Monitoring
  • IP Addressing
  • Network Route Statement
  • Vendor Web Portal / Tool Access
  • The CDT Service Desk will coordinate incident resolution with the Customer and the vendor.
  • Layer 2 and 3 support.
  • Customers have access to the vendors’ web portal to monitor the health of their network connections. Customers can view:
    • Router configurations, current and historical.
    • Progress of incident tickets.
  • The vendors will send automated emails to a Customer:
    • When an incident ticket is opened.
    • When an incident ticket is resolved.

Note: Customers are directed to go to the vendor’s portal to monitor activity on the incident ticket.

The CGEN Governance Board was established to ensure that governance of the network is effective and responsive to diverse departmental needs. As the technology and functional scope of CGEN evolves, the CGEN Board will review proposed network enhancements and upgrades for consistency with State strategic objectives and with customer network requirements. The CGEN Board represents the entities that use the network to ensure that it provides cost-effective services for California.

What is the charge for changes?

Change Charges range from $42.50 to $500 depending on the type of change. Most basic router changes, such as ACL or routing changes, do not incur a Change Charge.

What is the Retirement Fee and how long do I have to pay it?

The retirement fee is used to support CSGNet infrastructure during the state-wide migration to CGEN. The Retirement Fee will gradually decrease over time as CSGNet infrastructure is decommissioned.

How long will my migration take?

There are several steps to prepare for a migration to CGEN. The length depends upon the size and complexity of the Customer’s network. At the conclusion of preparation activities, Customers who only have a few sites could be done in as little as 120 days. Complex and/or large Customers could take up to six months. Customers can positively influence the duration of their migration by keeping the local contact information current and facilitating any required site work.

Who do I call if I want to make a change in my CGEN network?

Customers should contact their Account Lead to discuss and coordinate network changes.

Subscriptions to this service are available. Additional services may be referenced in the CDT Rates Appendix C – CGEN.

Service CodeService DescriptionUnit of MeasurementRateNotes
CGEN Vendor Pass-Through CostsSee Appendix B
CGEN Ethernet CircuitsSee Appendix B
CGEN Switched Ethernet CircuitsSee Appendix B
CGEN MPLS CircuitsSee Appendix B
Additional CGEN Telco Pass-ThruSee Appendix B

CGEN Infrastructure

Service CodeService DescriptionUnit of MeasurementRateNotes
T204T-1 CGEN Infrastructure ConnectionPer Connection $77.00
T2072 MB CGEN Infrastructure ConnectionPer Connection $92.00
T2105 MB CGEN Infrastructure ConnectionPer Connection $222.00
T21310 MB CGEN Infrastructure ConnectionPer Connection $432.00
T21620 MB CGEN Infrastructure ConnectionPer Connection $678.00
T21950 MB CGEN Infrastructure ConnectionPer Connection $1,234.00
T221100 MB CGEN Infrastructure ConnectionPer Connection $1,852.00
T224500 MB CGEN Infrastructure ConnectionPer Connection $2,469.00
T2271G CGEN Infrastructure ConnectionPer Connection $3,125.00
T2305G CGEN Infrastructure ConnectionPer Connection $4,323.00
T23310G CGEN Infrastructure ConnectionPer Connection $4,940.00

CGEN OTech Support

Service CodeService DescriptionUnit of MeasurementRateNotes
T301OTech Support FeePer Connection $240.00


Service CodeService DescriptionUnit of MeasurementRateNotes
T6012 MB OEM/OEW Port ConnectionPer Connection $79.00
T6034 MB OEM/OEW Port ConnectionPer Connection $158.00
T6055 MB OEM/OEW Port ConnectionPer Connection $186.00
T60710 MB OEM/OEW Port ConnectionPer Connection $369.00
T60920 MB OEM/OEW Port ConnectionPer Connection $576.00
T61150 MB OEM/OEW Port ConnectionPer Connection $1,046.00
T613100 MB OEM/OEW Port ConnectionPer Connection $1,573.00
T615500 MB OEM/OEW Port ConnectionPer Connection $2,100.00
T6171G OEM/OEW Port ConnectionPer Connection $2,618.00
T6195G OEM/OEW Port ConnectionPer Connection $3,672.00
T62110G OEM/OEW Port ConnectionPer Connection $4,191.00
  1. The Customer contacts their Account Lead regarding changes to their network services.
  2. The Customer collaborates with CDT to determine if the Customer’s current network design and bandwidth is appropriate for their business needs.
  3. CDT will develop a CGEN design for the Customer including bandwidth and connection type for each location.
  4. CDT will develop a cost estimate based on the design, bandwidth and any additional Protocols Services or one-time costs.
  5. The Customer approves the design and cost estimate and submits a Service Request to CDT to proceed with provisioning the services.
  6. CDT manages the service provisioning. Customers are responsible for local area contacts for on-site activities.
  7. The Customer is provided training on vendor-provided monitoring and reporting tools.

Below are direct links to each of the Network and Telecommunications Service Requests.

Service Request NameLink
Bandwidth Utilization ReportOrder Bandwidth Utilization Report Now
Cloud Provider Interconnect (CPI)Order Cloud Provider Interconnect (CPI) Now
Device Management and MonitoringOrder Device Management and Monitoring Now
DNS ServicesOrderDNS Services Now
Fiber ServicesOrder Fiber Services Now
Firewall/ACLOrder Firewall/ACL Now
IP Addressing for CGENOrder IP Addressing for CGEN Now
LAN SupportOrder LAN Support Now
Network Routes/Router ConfigurationsOrder Network Routes/Router Configurations Now
New Network Design/Cost EstimateOrder New Network Design/Cost Estimate Now
Router Access List RequestOrder Router Access List Request Now
VPN AccessOrder VPN Access Now
WAN ConnectionOrder WAN Connection Now