RFP for Supply, Installation& Warranty Support of Network...
Transcript of RFP for Supply, Installation& Warranty Support of Network...
RFP for Supply, Installation& Warranty Support of Network & Security Equipments
for Odisha State Data Centre(OSDC), Bhubaneswar
RFP Enquiry No : OCAC-NeGP-INFRA-0009-2017/18004, Date: 16/01/2018
Network & Security EquipmentsRFP for OSDC
- 2 -
RFP SCHEDULE
Sl. No. Items Date & Time
01 Commencement of the bid 16/01/2018
02 Last date for receiving queries through e-mail: [email protected] &[email protected]
24/01/2018, 5:00 PM
03 PreBidConference 29/01/2018, 5:00 PM
04 Issue of Corrigendum (if required) To beInformed
05 Last date and time for Submission of Bid 15/02/2018, 2:00 PM
06 Opening of Pre-Qualification Bids (PQ) 15/02/2018, 5:00 PM
07 Opening of Technical Bids (TB) 19/02/2018, 1:00 PM
08 Opening of Commercial Bids (CB) To be Informed
Network & Security EquipmentsRFP for OSDC
- 3 -
Fact Sheet:
This Fact Sheet comprising important factual data on the RFP is for a quick reference to the bidders.
Clause Reference Topic
The Proposal
OdishaComputer Application Centre (OCAC) invites
bidforSupply,Installation& Warranty Supportof Network & Security
EquipmentsforOdishaState Data Centre (OSDC).
Method of
Selection
Cost Based Selection method (Least cost method) shall be used to
select the Bidder toSupply, Installation& Warranty support of
Network & Security Equipments for Odisha State Data Centre. The
bidder has to apply the bid in three envelop system, General (Pre-
qualification), Technical &Commercial bid. Technical bid of those
bidders who qualify in General Bid shall be opened. Commercial
bid of those bidders who qualify in Technical Bid shall be opened.
The least value Bid (i.e. the bidder quoting minimum amount) will
be given preference in the order of selection.
RFP Document
RFP Document can be downloaded from http://www.ocac.in or
http://www.odisha.gov.in or http://www.tenders.gov.in.
The bidders are required to submit the RFP document Fee of Rs.
5,000/- (Rupees Five thousand only)in the form of a demand
draft in favour of “Odisha Computer Application Centre“,
payable at Bhubaneswar from any of the Scheduled commercial
Bank along with the Proposal.
Earnest Money
Deposit (EMD)
Earnest Money Deposit (EMD) of Rs. 10,00,000/- (Ten Lakhs Only)
should be in shape of Account payee Demand Draftfrom any
Nationalized / Scheduled Commercial Banks, in favor of Odisha
Computer Application Centre payable at Bhubaneswar.
Scope of Work Selected agency is expected to deliver the services listed in Scope
of Work as mentioned in this RFP.
Language Bid must be prepared by the Bidder in English language only
Currency
The bidder should quote in Indian Rupees only. The Total Price
inclusive of taxes and duties will be considered for evaluation. So,
the bidder must mention the base price and the tax component
separately.
ValidityPeriod Proposals/bid must remain valid minimum for 180 days from the
last date of bid submission.
Network & Security EquipmentsRFP for OSDC
- 4 -
Clause Reference Topic
Bid to be submitted
on or before last
date of submission
at:
The proposal must be submitted to:
The General Manager (Admn.)
Odisha Computer Application Centre (OCAC)
OCAC Building, Plot No.-N-1/7-D, AcharyaVihar Square, RRL Post
Office, Bhubaneswar-751013 (INDIA)
The bidder must submit, all the three sealed separate envelopes
(PQ,TB& CB) shall be put in another separate envelope with
superscription as
“Supply, Installation& Warranty supportof Network & Security
EquipmentsforOdisha State Data Centre (OSDC),Bhubaneswar “
and RFP Enquiry No. OCAC-NeGP-INFRA-0009-2017/18004,
Date: 16/01/2018.
Network & Security EquipmentsRFP for OSDC
- 5 -
Table of Contents
Fact Sheet: .......................................................................................................................................... 3
SECTION I: INVITATION FOR BIDS ................................................................................................................... 6
1.1 Scope of Work ...................................................................................................................... 6
SECTION II: INSTRUCTION TO BIDDERS ....................................................................................................... 10
SECTION III: SPECIAL CONDITIONS OF CONTRACT ................................................................................. 13
SECTION IV: TECHNICAL SPECIFICATIONS ................................................................................................ 14
4.1 Technical Specification for Firewall (Internet) ........................................................................... 14
4.2 Technical Specification of NIPS ............................................................................................... 18
4.3 Technical Specification of Server Load Balancer(SLB) .................................................................. 24
4.4 Technical Specification of 48 port 10/40 G Layer 3 Switch ........................................................... 29
APPENDIX I: PRE-QUALIFICATION & TECHNICAL BID TEMPLATES .................................................. 35
APPENDIX II : COMMERCIAL PROPOSAL TEMPLATES ............................................................................ 42
APPENDIX III: TEMPLATES ................................................................................................................................ 44
Network & Security EquipmentsRFP for OSDC
- 6 -
Section I: Invitation for Bids
1.1 Scope of Work
(A) Supply, Installation & Warranty supportof Network & Security Equipments as per technical specification atOdisha State Data Centre, OCAC.
(B) Eligibility Criteria
Following table mentions the pre-qualification criteria. A bidder participating in the procurement
process shall possess the following minimum pre-qualification/ eligibility criteria. Any bid failing to
meet the stated criteria shall be summarily rejected and will not be considered for Technical Evaluation.
I. Pre-qualification Criteria
Sl.
No. Clause Documents required
1. (a) The Bidder should be an established
Information Technology company registered under
the Companies Act, 1956 and in operation for at
least 5 years as on 31.03.2017 and should have
their registered offices in India.
(b) The company must be registered with
appropriate authorities for all applicable statutory
duties/taxes
(a) Valid documentary proof of:
Certificate of incorporation/
registration
Self certification of being in the
business for last five years duly
attested by company secretary/
charted accountant should be
attached.
(b) Valid documentary proof of:
GST Identification Number(GSTIN)
Income Tax registration/PAN
number
Income Tax returns for last three
Financial years
2. Average annual turnover in last three financial year
i.e. 2014-15, 2015-16 & 2016-17(as per the
published audited balance sheet), should be at
least 25crores that is generated fromHardware
supply and their associated maintenanceservices,
packaged software etc.
Note:
The turnover refers to the Bidder’s firm and not
the composite turnover of its subsidiaries/sister
concerns etc.
Copy of audited profit and loss
account/balance sheet/annual report
sheet with CA’s Certificate.
Network & Security EquipmentsRFP for OSDC
- 7 -
Sl.
No. Clause Documents required
3. The Bidder should have positive net worth during
last three financial years, ending 31.03.2017 and
shall be Rs. 2 crores on 31st March 2017 in India.
A certified document by the Chartered
Accountant stating the net worth and
average annual turnover of the Bidder
4. The bidder must possess a valid ISO 9001:2008 or
latest and 27000 Certification
Copy of valid certificate at the time of
bidding
5. The bidder must have successfully undertaken at
least the following numbers of systems
implementation engagement(s) of value specified
herein :
- One project of similar nature(in system
integration) not less than the amount Rs.
4,00,00,000/- (Four Crore
Only) OR
- Two projects of similar nature(in system
integration) not less than the amount equal
Rs. 2,25,00,000/- (Two crore twenty five
lakh Only) each;
OR
- Three projects of similar nature(in system
integration) not less than the amount equal
Rs. 1,80,00,000/- (One Crore eighty lakh
Only) each
Similar nature means "Supply, Installation and
maintenance of Network & Security Equipments for
Government / Public Sector Enterprises/BFSI in
India in last three Years".
CompletionCertificatesfromthe client +
copy of work order ;
OR
Work Order + SelfCertificate of
Completion(Certified by theStatutory
Auditor);
OR
Work Order + PhaseCompletion
Certificate from theclient
6. The Bidder :
Should not currently have been blacklistedby any
Government Department/PSU or under a
declaration of ineligibility for fraudulent or corrupt
practices or inefficient/ineffective performance.
Declaration in this regard by the
authorized signatory of the Bidder
Network & Security EquipmentsRFP for OSDC
- 8 -
Sl.
No. Clause Documents required
7. The Bidder should submit valid letter from all the
OEMs confirming the following:
Authorization for Bidder
Confirm that the products quoted are not “end
of life or end of sale products” as on Bid
Submission date. If in case the support for the
product quoted has been stopped/ withdrawn
till the time of delivery of equipment, the same
will be changed with the superior product at no
extra cost.
Undertake that the support including spares,
patches, upgrades for the quoted products shall
be available for the period of 7 years from the
date of final acceptance (FAT).
Relevant documentary evidences like
Authorization letters [ MAF from all
OEMs] to be submitted within 15 days
after award of contract/purchase order
whose products will be supplied.
8. I. The Bidder must have a registered office in
Odisha.
II. The Bidder must have service/maintenance
professionals available in Odisha.
I. Relevant Documents supporting
Office addresses.
II. A Self Certified letter by an
authorized signatory mentioning the
list of service/maintenance
professionals.
9. The bidder must have submitted Rs. 5,000/-
(Rupees Five thousand only) towards the cost of
the Tender Document.
The Bidder should furnish, as part of its Bid, an
Earnest Money Deposit (EMD) of Rs. 10,00,000/-
(Ten Lakh Only).
In shape of DD from a schedule
commercial bank
(C) Bid Submission The bid must be submitted in three separate envelopes as i. Pre-qualification Bid(As mentioned in eligibility conditions format) ii. TechnicalBid iii. CommercialBid
(D) Technical Bid
Technical bid shall contain: (i) Technical bid with full details including description of make & model of items /
Network & Security EquipmentsRFP for OSDC
- 9 -
components for technical assessment of the proposal. The bidder must quoteonly for branded parts.
(ii) An Undertaking as mentioned under Eligibility Criteria.
(iii) All the documentary proof of applicable standards and bench marks should be submitted
along with the technical bids.
(iv) The onsite warranty services must be provided at OSDC, Bhubaneswar. The bidder must provide the plan / arrangement in escalation matrix, for warranty services to be provided at OSDC, Bhubaneswar
(v) The Compliance Statement by the bidder to the technical specifications along with relevant product brochure, technical documents etc.Bidswithout proper Compliance Statement will be rejected.
(vi) Acceptance to the terms and conditions laid down in the tender document. A scanned
copy of the bid document duly signed by the bidder’s authorized representative is to be submitted in token of acceptance of the same. Any deviation in the general terms and condition may lead to the rejection of the bid.
Important Note:
a) If the bid is incomplete and / or non-responsive it will be rejected during technical evaluation. The bidder may not be approached for clarifications during the technical evaluation. So bidders are requested to ensure that they provide all necessarily details in the submitted bids.
b) If any price details are found in the Technical Bid, the offer will be summarily rejected.
(E) Commercial Bid
i. Commercial BID SHOULD be submitted in a sealed envelope as per the format specified in Commercial Proposal.
ii. The PRICE PART shall contain only schedule of rates duly filled in. NO stipulation, deviation, terms & conditions, presumptions etc. is permissible in price part of the bid. OCAC shall not take any cognizance of any such conditions and may at its discretion reject such commercial bid.
iii. Prices should be given in INR in figures Only. iv. Bidders are advised strictly not to alter or change the BOQ format /contents. Bidders are
also advised not to paste any image file with BOQ v. Price offered by the bidder shall not appear anywhere in any manner in the technical bid.
(F) Technical Qualification Criteria
i. Bidders who meet the pre-qualifications/eligibility requirements would be considered as
qualified to move to the next stage of Technical evaluations. ii. The Product offered should meet all the technical and functional specifications given in
the ‘’technical specification of respective devices’’. iii. Non-compliance to any of the technical and functional specificationwilllead to rejection
of the proposal. iv. Response except “Yes” or “No” is not acceptable
Network & Security EquipmentsRFP for OSDC
- 10 -
v. Bidders, whose bids are responsive to all the items in the Compliance Sheetfor Technical Proposal and meet all the technical and functional specifications, would be considered technically qualified
(G) Commercial Bid Evaluation
i. The Commercial Bids of technically qualified bidders will be opened on the prescribed date in the presence of bidder representatives.
ii. The Bidder, who has submitted the lowest Commercial bid, shall be selected as the L1 and shall be called for further process leading to the award of the assignment.
iii. Only fixed price commercial bids indicating total price for all the deliverables and services specified in this bid document will be considered.
iv. The bid price will include all taxes and levies and shall be in Indian Rupees. v. Any conditional bid would be rejected
vi. In any case of discrepancy, OCAC reserves the right to pick the value which it considers as beneficial to the government.
Section II: Instruction to Bidders
(A) This is a single bidding system; no consortium is allowed to Bid.
(B) Offer Validity: Offers should be valid for minimum One hundred eighty (180) Days from the
date of opening theTechnical Bid. A bid, valid for a shorter period, is liable to be rejected.
OCAC, Bhubaneswar may ask the bidders to extend the period of validity, if required.
(C) Delivery: The delivery to be done at OSDC, Bhubaneswar and should be completed within
eight Weeks from thedate of issue of Purchase Order.
(D) Product Specifications & Compliance Statement: The bidder should quote the products
strictly as perthe tender specifications and only of technically reputed and globally acclaimed
brands / makes. Complete technical details along with brand, specification, technical
literature etc. highlighting the specifications must be supplied along with the technical bid. A
Statement of Compliance shall be given against each item in the prescribed format given in
Technical specifications. The compliance statements should be supported by authentic
documents. Each page of the bid and cuttings / corrections shall be duly signed and stamped
by the authorized signatory. Failure to comply with this requirement may result in the bid
being rejected.
(E) The prices are to be quoted in INR figure only. If there is a discrepancy between the unit price
and the total price that is obtained by multiplying the unit price and quantity, the unit price
shall prevail and the total price shall be corrected.
(F) The PB Queries of only those bidders/ OEMs shall be entertained and responded to who have
purchased the Tender Document i.e.; deposited the prescribed tender fee.
(G) Materials must be properly packed against any damage and insured up to the destination. The
material should directly be supplied to OSDC, Bhubaneswar. All the expenses involved in
Network & Security EquipmentsRFP for OSDC
- 11 -
shipping the equipment to OSDC, shall be borne by the Bidder. All aspects of safe delivery
shall be the exclusive responsibility of the Bidder. OCAC, will have the right to reject the
component / equipments supplied, if it does not comply with the specifications at any point of
installation / inspection.
(H) Earnest Money is liable to be forfeited and bid is liable to be rejected, if the bidder withdraw
or amends, impairs or derogates from the tender in any respect within the validity period of
the tender.
(I) The Earnest Money of all unsuccessful bidders shall be returned as early as possible. No
interest will be payable by OCAC on the Earnest Money Deposit. The Earnest Money of
successful bidder shall be returned aftersuccessful completion of entire work and submission
of Performance Bank Guarantee (PBG) towards 10% of order value. This performance bank
Guarantee(PBG) shall remain valid for 90 days beyond all the contractual obligations.
(J) If any equipment or part thereof is lost or rendered defective during transit, the supplier shall
immediately arrange for the supply of the equipment or part thereof, as the case may be, at
no extra cost.
(K) The rates should be quoted in Indian Rupees, for the entire work to be done at site.
(L) Govt. Levies like Service Tax, VAT,GST etc. shall be paid at actual rates applicable on the date
of submission of Bid. Rates should be quoted accordingly giving the basic price, VAT, Service
Tax, GST etc.
(M) OCAC reserves the right to accept / reject the offers or cancel the whole tender proceedings
without assigning any reason whatsoever. Late / Delayed offers shall not be accepted under
any circumstances. Incompleteofferswillberejected.
(N) OCAC shall not be responsible for delayed submission or non- submission of bid due to any
reason whatsoever. The bidders are requested to submit the bid much before date & time of
submission, failing which OCAC shall not be responsible for any such delay.
(O) Any attempt of direct or indirect negotiations on the part of the bidder with the authority to
whom the bid has been submitted or authority who is competent to finally accept / reject the
same after the tender has been submitted or any endeavor to secure any interest for an
actual or prospective bidder or to influence by any means the acceptance of a particular
tender will render the tender liable to be rejected.
(P) Unsatisfactory Performance: The Parties herein agree that OCAC shall have the sole and
discretionary right to assess the performance(s) of the Bidder components(s), either primary
and or final, and OCAC, without any liability whatsoever, either direct or indirect, may reject
the system(s) component(s) provided by the Bidder, in part or in its entirety, without any
explanation to the Bidder, either during the pre and or post test period should the same be
unsatisfactory and not to the acceptance of OCAC. The Bidder covenants to be bound by the
decision of OCAC without any demur in such an eventuality.
(Q) Dispute Resolution :
(i) Any dispute or difference, whatsoever, arising between the parties to this agreement
arising out of or in relation to this agreement shall be amicably resolved by the Parties
Network & Security EquipmentsRFP for OSDC
- 12 -
through mutual consultation, in good faith and using their best endeavours. Parties, on
mutual consent, may refer a dispute to a competent individual or body or institution
or a committee of experts appointed By OCAC (Nodal Authority) for such purpose and
abide by the decisions thereon.
(ii) On non settlement of the dispute, same shall be referred to the commissioner-cum-
secretary to Government, IT department, and Government of Odisha for his decision
and the same shall be binding on all parties, unless either party makes a reference to
arbitration proceedings, within sixty days of such decision.
(iii) Such arbitration shall be governed in all respects by the provision of the Arbitration
and Conciliation Act, 1996 or later and the rules framed there under and any statutory
modification or re-enactment thereof. The arbitration proceedingshallbeheld in
Bhubaneswar, Odisha
(R) Force Majeure :
Force Majeure is herein defined as any cause, which is beyond the control of the selected
bidder or OCAC as the case may be which they could not foresee or with a reasonable
amount of diligence could not have foreseen and which substantially affect the performance
of the contract, such as:
(i) Natural phenomenon, including but not limited to floods, droughts, earthquakes and
epidemics.
(ii) Acts of any government, including but not limited to war, declared or undeclared
priorities, quarantines and embargos
(iii) Terrorist attack, public unrest in work area provided either party shall within 10 days
from occurrence of such a cause, notifies the other in writing of such causes.
In case of a Force Majeure, all Parties will endeavor to agree on an alternate mode of
performance in order to ensure the continuity of service and implementation of the
obligations of a party under the Contract and to minimize any adverse consequences of Force
Majeure.
(S) Disclaimer: This Tender / Request for Proposal (RFP) is not an offer by OCAC, but an invitation
for bidder’s response. No contractual obligation whatsoever shall arise from the RFP process.
(T) Besides the terms and conditions stated in this document, the contract shall also be governed
by the overall acts and guidelines as mentioned in IT Act 2000 and subsequent amendments,
and anyother guideline issued by State from time to time.
(U) Declaration:
The bidder would be required to give a certificate as below in his commercial bid.
“I/WE UNDERSTAND THAT THE QUANTITY PROVIDED ABOVE IS SUBJECT TO CHANGE.
I/WE AGREE THAT IN CASE OF ANY CHANGE IN THE QUANTITIES REQUIRED, I/ WE WOULD
BE SUPPLYING THE SAME AT THE RATES AS SPECIFIED IN THIS COMMERCIAL BID. I /WE
AGREE TO ADHERE TO THE PRICES GIVEN ABOVE EVEN IF THE QUANTITIES UNDERGO A
CHANGE”.
Network & Security EquipmentsRFP for OSDC
- 13 -
Section III: Special Conditions of Contract
(A) Multiple OEM: Bidder can quote technically complied multiple OEM’s product against
network & security equipments asked in this RFP. Unit price of the product should be same if
products from multiple OEM are being mentioned in the technical and commercial bid. A
bidder should quote upto maximum three OEM’s product against any device.
(B) Price Basis: Price quoted should be in INR only and as per theprescribed format as per BOQ.
The quoted price will be considered firm and no price escalation will be permitted.
(C) Billing is to be done in the name of Odisha Computer Application Centre, Plot No.-N-1/7-D,
AcharyaVihar Square, RRL Post Office, Bhubaneswar-751013. The payment would be on the
basis of the actual bill of material supplied, duly certified by our authorized representative at
OSDC, Bhubaneswar.
(D) Payment: 90% of invoice value after satisfactory delivery, along with testing
acknowledgement ofconfirmed delivery report, satisfactory test report, Installation and
submission of invoice duly signed by OSDC’s authorized representative and completion of the
user’s operational training at site. Balance 10% would be made after submission of
Performance Bank Guarantee issued from a nationalized / scheduled commercial bank of
equivalent amount. This Bank Guarantee should remain valid for a period of 60 days beyond
the warranty period, commencing from the date of satisfactory completion of entire job.
(E) Penalty for Delayed Services: Penalty will be charged @ 0.5% of the contract value per week
subjectto maximum of 5% of total order value, in case of delayed in supply of stipulated time
period.
(F) The quoted product must be activated with requisite licenses during the installation process
to fulfil the technical specification cited in the section: IV of the RFP.
(G) Warranty: All the items covered in the schedule of the requirements /Bill of Material (BOM),
shallcarryfive year(from the date of successful installation) 24 x 7 Comprehensive Onsite
Response Warranty support from OEM.
(H) Post warranty support: OCAC may ask for additional two year post warranty support from
OEM. The bidder shall provide an undertaking that the equipments quoted and supplied shall
not be obsolete or proclaimed as “end-of-support” by the OEM during seven
yearcommencing from the date of satisfactory completion of installation.
(I) Escalation matrix should also be provided along with the technical bid.
(J) All equipments should be configured onsite at SDC premises by the certified OEM
professionals.
Training:- One week on site operational and configurational training to OCAC officers/ engineer’s
must be provided by certified engineer’s of OEM. Training will be conducted after successful
installation of devices at OSDC site. All the necessary documentation will be given by the bidder to
OCAC.
Network & Security EquipmentsRFP for OSDC
- 14 -
Section IV: Technical Specifications
4.1 Technical Specification for Firewall (Internet)
Sl. No. Specifications Compliance
(Yes/No)
1 The Firewall solution offered must be rated as ‘leaders’ or 'Challengers' in the latest Magic Quadrant for Firewall published by Gartner.
2 The Firewall appliance should have certifications like NDPP / ICSA / EAL4 or more.
3 Proposed solution should not declared with eol, eos or end of support by OEM.
Hardware Architecture common features
4
The hardware appliance based security platform should be capable of providing firewall, application visibility, and IPS functionality in a single appliance
5 The appliance should fitted with 16 x 10G ports and 4 x 40 G ports populated with required SFP modules.
6
At least 16Nos of ports should downgrade to 1Gb copper RJ45 Ethernet port through supplied transceivers. [16 No’s Transcevicers are to be provide by the Bidder/ Supplier]
7 The appliance hardware should be a multicore CPU architecture with a hardened 64 bit operating system to support higher memory.
8
Proposed Firewall should not be proprietary ASIC based in nature & should be open architecture based on multi-core cpu's to protect & scale against dynamic latest security threats.
9
Proposed solution should have 50 VPN licensed with third party SSL Certificatefor 5 years from day one in the name of "Odisha State Data centre".
10 Proposed solution should have capacity to resolve the domain name of VPN service like “https://vpn.osdc.gov.in”.
11 Solution should support both client and clientless SSL based VPN(MAC and IP binding).
12 VPN solution on appliance should not have dependency with browser or operating system.
13 Appliance should have supplied with Indian standard 3pin power cord
14 Appliance should have supplied with necessary patchcord for HA, switch and NIPS port for configuration.
15 Appliance ports should have compatibility with switch and NIPS port for connectivity.
16 suppliers should ensured with flawless connectivity among devices like switch, NIPS, Firewall, server etc.
Network & Security EquipmentsRFP for OSDC
- 15 -
17 Device should be configured onsite by OEM with current SDCarchitechture as best practice
Performance & Scalability
18 Firewall must support stateful inspection throughput of 40 Gbps in Active-Active deployment or Active-Passive deployment.
19 NG Firewall should support atleast 20 million concurrent sessions or more.
20 NG Firewall should support atleast 300,000 new connections per second with Application visibility or more
21 NG Firewall should support atleast 1000 VLANs
High-Availability Features
22 Firewall should support Active/Standby, Active/Active/Clustering failover
23 Firewall should support redundant interfaces to provide interface level redundancy before device failover.
24 Firewall should replicate Nat translations, TCP,UDP connection states, ARP table,ISAKMP&IPSec SA's, SIP signaling sessions.
25 Firewall should support failover of IPv4 & IPv6 sessions.
26 Firewall should have integrated redundant power supply.
Firewall Features
27
Solution must be capable of passively gathering information about network hosts and their activities, such as operating system, services, open ports, client applications, and vulnerabilities, to assist with multiple activities, such as intrusion event data correlation, elimination of false positives, and policy compliance.
28 Firewall should support creating access-rules/policies with IPv4 & IPv6 objects, VLAN, Application, usersandgroups, Geolocation, URL
29 Firewall should support operating in routed & transparent mode
30 Should support Static, RIP, OSPF, OSPFv3 and BGP
31 Firewall should support manual NAT and Auto-NAT, static nat, dynamic nat, dynamic pat
32 Firewall should be IPV6 ready from day1. High-Availability features set(Sl. No. 22) should be supported on IPv6 stack. Firewall should support Nat66 (IPv6-to-IPv6) & Nat 64 (IPv6-to-IPv4) functionality.
33 Firewall should support Multicast protocols like IGMP, PIM, etc
34 Should support security policies based on security group names in source or destination fields or both
35 Should support capability to limit bandwidth on basis of apps / groups, Networks / Geo, Ports, etc
36
Should be capable of dynamically tuning IDS/IPS sensors (e.g., selecting rules, configuring policies, updating policies, etc.) without human intervention.
Network & Security EquipmentsRFP for OSDC
- 16 -
37
Should be capable of automatically providing the appropriate inspections and protections for traffic sent over non-standard communications ports (stateful).
38 Should be able to link Active Directory and/or LDAP usernames to IP addresses related to suspected security events.
39 Should be capable of detecting and blocking IPV4, IPv6 attacks.
40
Solution should support network analysis capability to detect threats emerging from inside the network. This includes the ability to establish “normal” traffic baselines through flow analysis techniques (e.g., NetFlow) and the ability to detect deviations from normal baselines.
41 The solution must provide IP reputation (both IPv4 and IPv6) feed that comprised of several regularly updated collections of poor repuration of IP addresses determined by the proposed security vendor
42 Solution must support IP reputation intelligence feeds from third party and custom lists of IP addresses including a global blacklist.
43 Should support URL and DNS threat inetllifence feeds to protect against threats
44 Should support Reputation- and category-based URL filtering offering comprehensive alerting and control over suspect web traffic and enforces policies on more than millions of URLs in more than 60 categories.
45 Proposed solution should support safe search
46 Solution must be capable of passively gathering details unique to mobile devices traffic to identify a wide variety of mobile operating systems, mobile applications and associated mobile device hardware.
47
Should support more than 4000 application layer and risk-based controls that can invoke tailored intrusion prevention system (IPS) threat detection policies to optimize security effectiveness.
48
Solution should support network-based detection of malware by checking the disposition of known files in the cloud using the SHA-256 file-hash as they transit the network and capability to do dynamic analysis on-premise (if required in future) on purpose built-appliance.
49
NGFW OEM must have its own threat intelligence analysis center and should use the global footprint of security deployments for more comprehensive network protection.
50 The detection engine should support capability of detecting and preventing a wide variety of threats (e.g., malware, network probes/reconnaissance, VoIP attacks, buffer overflows, P2P attacks, etc.).
51 Should be able to identify attacks based on Geo-location (both IPv4 and IPv6) and define policy to block on the basis of Geo-location
52 The detection engine should support the capability of detecting variants of known threats, as well as new threats
53
The detection engine must incorporate multiple approaches for detecting threats, including at a minimum exploit-based signatures, vulnerability-based rules, protocol anomaly detection, and behavioral anomaly detection techniques. Identify and explain each type of detection mechanism supported.
Network & Security EquipmentsRFP for OSDC
- 17 -
54
Should support Open based Applicaion ID for access to community resources and ability to easily customize security to address new and specific threats and applications quickly
55
Firewall should provide application inspection for DNS, FTP, HTTP, SMTP,LDAP, VXLAN, MGCP, RTSP, SIP, SCCP, SQLNET, TFTP, H.323, SNMP with policy based.
56 Firewall should support creating access-rules with IPv4 & IPv6 objects simultaneously
Management
57
Management and advanced reporting (minimum 1 TB storage space for historical logs) functionalities with complete feature parity on firewall administration must be provided from day1.
58
The management platform must be accessible via a web-based interface(single manager console, Operation + Management) and ideally with no need for additional client software
59 Solution should include troubleshooting tools like Packet tracer, capture
60 The management platform must provide a highly customizable dashboard.
61
The management platform must be capable of integrating third party vulnerability information into threat policy adjustment routines and tuning workflows.
62
The management platform must be capable of role-based administration, enabling different sets of views and configuration capabilities for different administrators subsequent to their authentication.
63 Should support REST API for monitoring and config programmability
64 The management platform must provide multiple report output types or formats, such as PDF, HTML, and CSV.
65 The management platform must support multiple mechanisms for monitoring and issuing alerts (e.g., SNMP, e-mail, SYSLOG).
66
The management platform must provide robust reporting capabilities, including a selection of pre-defined reports and the ability for complete customization and generation of new reports.
67 The management platform must support risk reports like advanced malware, attacks and network
68
The inbuilt management platform must include an integration mechanism, preferably in the form of open APIs and/or standard interfaces, to enable events and log data to be shared with external network and security management applications, such as Security Information and Event Managers (SIEMs), and log management tools.
69 The inbuilt management platform must privide a customised dashboard.
70 Firewall should have Management for ethernet and console port with web based for configuration
71 Proposed solution should be integrated with HP ArcSight SIEM solution
Network & Security EquipmentsRFP for OSDC
- 18 -
4.2 Technical Specification of NIPS
Sl. No. Specifications Compliance
(Yes/No)
OEM Eligibility Criteria:
1 The IPS solution offered must be rated as leaders’ or challenger’s in the latest Magic Quadrant by Gartner. IPS should have Recommended rating and certified by Group tests of NSS for NIPS or EAL4+ certified.
2 NIPS should be from different manufacturer as of Firewall OEM.
Solution Requirement
3 Solution should propose built and provide Intrusion Prevention System, SSL Inspection, Anti Malware, Anti BOT, Application control capabilities
4 The communication between all the components of solution (IPS module, logging & policy and Web GUI Console) should be encrypted with SSL or PKI
5 Solution should support high availability.
6 Solution Should provide protection against various types of cyber attacks evasive attacks, scripting attacks etc
7
Solution should have capability to store Logs and configuration of all devices, centrally in the solution and should also have capability to send logs of all devices to the generic central log collection servers
8
IPV6Compliant: • Solution should be IPV6 ready from day1. No extra cost will be borne for IPV6 implementation • Solution must support the complete STACK of IP V4 and IP V6 attack services
9 Proposed solution should not declared with eol, eos or end of support by OEM.
Hardware specifications:
10
The IPS should be a dedicated purpose built hardware with real World Throughput 10 Gbps or more. All the signatures update subscription should be provided from Day1.
11 Solution should support minimum 12,000,000 legitimate concurrent connections.
12
Inspection Ports: Appliance should fitted with16 x 10 GbE SFP+ support. All ports should be configured with required transreceivers. Appliance should have additional ports for sinc, HA and other functionalities. -At least 8Nos of ports should downgrade to 1Gb copper RJ45 Ethernet port through
supplied transceivers. [8 No’s Transcevicers are to be provide by the Bidder/ Supplier]. - Appliance should have supplied with Indian standard 3pin power cord. -Appliance should have supplied with necessary patchcord for HA, router, switch, firewall port for configuration. - Suppliers should ensured with flawless connectivity among devices likerouter, switch, NIPS, Firewall, server etc. - Device should be configured onsite by OEM with current SDC architechture and HP ArcSight SIEM solution as best practice..
Network & Security EquipmentsRFP for OSDC
- 19 -
13
Deployment Modes supported: In-line; Monitoring mode
14
The proposed device should support High Availability (Active-Passive). The INSPECTED throughput of the appliance should NOT DEGRADE in the High Availability (Active-Passive) mode deployment.
15 Appliance should have redundant power supplies
16 Solution should support high availability.
17 The proposed IPS solution must support Layer 2 Fallback option to bypass traffic even with the power off, in event of un-recoverable internal software error such as firmware corruption, memory errors
Solution should have the capability of easy rollbacks during the version upgrades etc
18 The NIPS system should have adequate local storage in order to keep the various logs
19 NIPS should be able to perform entire packet capture of the infected traffic and sent to the other application for analysis
Security Protections:
20
NIPS should have the ability to identify application traversing on the network so that you can allow or block specific application on the network. For example, you can block just the connections to Facebook, from your network while allowing all other HTTP and HTTPS traffic
21
NIPS should protect against SSL based attacks. NIPS should have built-in/ 3rd party SSL decryption Engine integration capability for SSL Traffic decryption to support prevention of encrypted attacks - which includes attacks over secured http channel without need to have additional appliances
22 NIPS should support malware protection by performing file reputation analysis of malicious files
23 NIPS should do attack recognition inside IPv6 encapsulated packets
24 NIPS should support provide advanced botnet protection using heuristic detection methods
25 NIPS should provide advanced botnet protection using multi event behavior based detection mechanism
26 NIPS should support the ability to limit the number of TCP/UDP/ICMP active connections or connection rate from a host
27 NIPS should support active blocking of traffic based on pre-defined rules to thwart attacks before any damage is done, i.e. before compromise occurs
28 NIPS should have the ability to block connection from outside based on the reputation of the IP address that is trying to communicate with the network
29 NIPS should have the ability to control traffic based on geographical locations. For e.g. a policy can be created to block traffic coming or going to a particular country
Network & Security EquipmentsRFP for OSDC
- 20 -
30
Intrusion Prevention Protections:
Signatures: Prevents known application vulnerabilities, exploitation attempts, andprotects against known DoS and DDoS flood attacks.
Anti-Scanning: Prevents zero-day self-propagating network worms, horizontal scans,and vertical scans.
31
Bandwidth Management: a) Policies should be defined to restrict or maintain the bandwidth that can be sent or received by each application, user, or segment. b) Guarantee bandwidth for each critical application or limit non-critical traffic such as P2P. c) Set rules to block or allow specific traffic types.
32
Bandwidth Management should support the below Classification Parameters: a) Source Network b) Destination Network c) Port Group d) Service Type e) Service Name f) Direction
33
Anti-Scanning Protection parameters: Anti-Scanning Protection Protection for Very Slow Scans High Port Response Maximal Blocking Duration
34
SYN Flood Protection Parameters: SYN Flood Protection Tracking Time Minimum Allowed SYN Retransmission Time Maximum Allowed SYN Retransmission Time
35
The device must provide advanced DOS/DDOS protection and not just signatures based employing a combination of threshold-based and self-learning, profile-based detection techniques, volume based and exploits signatures to detect DoS and DDoS attacks
36 The OEM should provide 24x7 support for DOS/DDOS flood mitigation and technical assistance to mitigate any realtime threats.
37
Mitigation Capabilities and Actions support: Real Time Signatures TCP Challenge & Response HTTP Challenge & Response Advanced HTTP Challenge & Response
Network & Security EquipmentsRFP for OSDC
- 21 -
38
Should support a wide range of response actions as : a) Block traffic, b) Ignore, c) TCP reset, d) Quarantine host, e) Log traffic, f) Packet capture, g) User defined scripts, h) Email alert, i) SNMP alert, j) syslog alert
39
Signature Protection should handle the below attack categories: • Server-based vulnerabilities: — Web vulnerabilities — Mail server vulnerabilities — FTP server vulnerabilities — SQL server vulnerabilities — DNS server vulnerabilities — SIP server vulnerabilities • Worms and viruses • Trojans and backdoors • Client-side vulnerabilities • IRC bots • Spyware • Phishing • Anonymizers
40
The device should accurately detect the following Attack categories: • Malformed traffic, Invalid Headers • Vulnerability exploitation • URL obfuscation
41
Following Classification Parameters should be supported in the Network Protection Policy: • SRC Network Input • SRC Network • DST Network Input • DST Network • Port Group • Direction • VLAN Tag Group
Network & Security EquipmentsRFP for OSDC
- 22 -
42
Following Action Parameters should be supported by the Network Protection Policy: • Protection Profiles • BDoS Profile • DNS Profile • Anti Scanning Profile • Signature Protection Profile • ConnectionLimit Profile • SYN Flood Profile • Connection PPS Limit Profile • Out of State Profile • Service Discovery Profile • Web Quarantine
43
The Security Update Service should be provided from Day1 that includes: • 24/7 Security Operations Center (SOC) Scanning—Continuous threat monitoring, detection, risk assessment and filter creation for threat mitigation.
The OEM must notify automatically through e-mail/displayed in manager window about the availability of new signatures and new product releases • Emergency Filters—Rapid response filter releases for high impact security events through Emergency Filters. • Weekly Updates—Scheduled periodic updates to the signature files, with automatic distribution. • Custom Filters—Custom filters for environment-specific threats and newly reported attacks reported to the SOC.
44
The proposed device should support below Server Cracking Attack Types: • Cracking, Brute Force, and Dictionary Attacks • Application-Vulnerability Scanning • SIP Scanning • SIP Brute-Force Attacks
Network & Security EquipmentsRFP for OSDC
- 23 -
45
NIPS should support the following protections: • Brute Force DNS • Brute Force FTP • Brute Force IMAP • Brute Force LDAP • Brute Force MSSQL • Brute Force MySQL • Brute Force POP3 • Brute Force SIP (TCP) • Brute Force SIP (UDP) • Brute Force SIP DST (TCP) • Brute Force SIP DST (UDP) • Brute Force SMB • Brute Force SMTP • Brute Force Web • SIP Scan (TCP) • SIP Scan (UDP) • SIP Scan DST (TCP) • SIP Scan DST (UDP) • SMTP Scan • Web Scan
46
The device should handle following traffic inspection & support following: • IPv6, IPv4, MPLS,Tunneled: 4in6, 6in4, 6to4 • Bi- directional inspection, Detection of Shell Code, Buffer overflows, Advanced evasion protection with policy based • Application Anomalies, P2P attacks, TCP segmentation and IP fragmentation • Rate-based threats, Statistical anomalies
47
The Solution should provide visibility into how network bandwidth is consumed to aid in troubleshooting network outages and detecting Advanced Malware related DoS&DDoS activity from within the network
48 Proposed solution should have Source Blocking feature with notification to source true IP address.
49
The management solution must provide centralized monitoring and reporting of –realtime log –historical log for a given period
The management solution must support a wide variety of pre-built as well as custom reports.
The management solution must be able to output report data into a variety of different file formats like HTML, PDF etc.
The management solution must support auto-email of Pre-defined & Customized Reports at a scheduled time.
The management solution must support the archiving and backup of events.
The real-time Dashboard must have the following Graphical display -Top Attacks –Top source/destination IP’s -Top Targets –Device Health – Cpu Utilisation
Network & Security EquipmentsRFP for OSDC
- 24 -
4.3 Technical Specification of Server Load Balancer(SLB)
Sl. No. Specifications Compliance (Yes/No)
OEM ELIGIBILITY CRITERIA
1 OEM should be present in Gartner's LEADER magic quadrant in the latest application delivery controller(ADC) report (2016) or top 3 in IDC report.
Architecture
2 Should be Appliance based solution
3
Minimum Traffic ports supported: Appliance should fitted with 8x 10 GbE SFP+ Layer 4 connections per second: Minimum 600,000 CPS Layer 4 concurrent connections: Minimum 12 million connection Layer 7 requests per second: Minimum 850,000 RPS
4 Should provide minimum 10 Gbps throughput and can be scalable to 20Gbps throughput without changing the hardware (license upgrade only).
5 Device must have Dynamic routing protocols like OSPF, RIP1, RIP2, BGP from Day 1
6
Following Server Load Balancing Topologies should be supported: • Client Network Address Translation (Proxy IP) • Mapping Ports • Direct Server Return • One Arm Topology Application • Direct Access Mode • Assigning Multiple IP Addresses • Immediate and Delayed Binding
7 Proposed solution should not declared with eol, eos or end of support by OEM. in the day of production.
Load Balancing Features
8 Should able to load balancer both TCP and UDP based applications with layer 2 to layer 7 load balancing support
9 Support for policy nesting at layer7 and layer4, solution should able to combine layer4 and layer7 policies to address the complex application integration.
10
The SLB should support the below metrics: — Hash, — Persistent Hash, — Weighted Hash, — Least Connections, — Least Connections Per Service, — Round-Robin, — Response Time, — Bandwidth, — Tunable Hash,
11
Script based functions support for content inspection, traffic matching and monitoring of HTTP, SOAP, XML, diameter, generic TCP, TCPS. Load balancer should support ePolicies to customize new features in addition to existing feature/functions of load balancer
12
VIRTUALIZATION: The proposed SLB should have ADC-VX/Virtualization feature that virtualizes the Device resources—including CPU, memory, network, and acceleration resources. The Hypervisor used to virtualize the SLB hardware should be a specialized purpose build hypervisor, not a commercially available hypervisor (like XEN, VmWare etc.) with smaller footprint. Each virtual ADC instance contains a complete and separated environment of the Following: a) Resources, b) Configurations, c) Management. The proposed device should supplied with minimum 16 Virtual Instances from Day 1.
Network & Security EquipmentsRFP for OSDC
- 25 -
13 Should support Port Aggregation IEEE 802.3ad, Vlan Trunk IEEE 802.1Q
14
The vADC management should have two management roles: • The Global Administrator creates, initially configures, and monitors vADCs. The Global Administrator should be able to dynamically allocate CPU and throughput resources by assigning capacity units and adjusting throughput limits to a vADC. • The vADC Administrator is responsible for the day-to-day configuration and maintenance of vADCs using the same tasks as with traditional ADCs, except for those vADC tasks that only the Global Administrator performs.
15 The device should support DNS SEC Global Server load Balancing functionality.
16
A framework for customizing application delivery should be provided using user-written scripts, that provides the flexibility to control application flows and fully meet business requirements in a fast and agile manner. The proposed framework should enables to: • Extend Server Load Balancer Fabric services/network function virtualization with delivery of new applications • Quickly deploy new services • Mitigate application problems without changing the application • Preserve infrastructure investment by adding new capabilities without additional equipment investment
17
Should support Web Performance Optimization feature that should employ different acceleration treatments for different application and browser scenarios: a) Simplifying large, complex web pages. b) Caching c) Accelerate entire web transaction d) Third-Party timing and SLAs e) Content Minification/content optimization f) Acceleration for mobile devices--Mobile Caching, Image resizing, Touchtoclick conversion/dynamic detect
18 DNSSEC based Global Load Balancing should be supported in the proposed device.
19
The Server Load balancer should support the Application Performance Monitoring feature and should support the following (using integrated or out of box solution without any additional cost): 1) Real user monitoring for any client with no agent software. 2) Centralized monitoring of performance across Local and Datacenter. 3) Measurement of real users and their actual transactions including errors – eliminating manual scripting of synthetic transactions 4) Diagram allowing to visually see which transactions breach SLA 5) Breaking down the measurements by specific application, location or transaction 6) SLA is user-defined – allowing full control over application 7) Ability to see which transactions were not completed due to errors.
20 Should support server side web compression and proximity based LLB
21 The proposed device should support ICSA certified WAF functionality covering all the OWASP Top 10 attack categories.
Clustering & failover
22
Should provide comprehensive and reliable support for high availability with Active-active & active standby unit redundancy mode. Should support both device level and VA level High availability
23
Should support built in failover decision/health check conditions (both hardware and software based) including CPU overheated, SSL card, port health, CPU utilization, system memory, process health check and gateway health check to support the failover in complex application environment
24 Support for automated configuration synchronization support at boot time and during run time to keep consistence configuration on both units.
Network & Security EquipmentsRFP for OSDC
- 26 -
25 Clustering function should support IPv6 VIP’s (virtual service) switchover
26 Should support End-to-End SSL Encryption (Backend Encryption) and SSL initiation (SSL between SLB & Servers)
27
Should Support SSL Offloading & Acceleration on same hardware to reduce number of equipment in Data center & save power / cooling requirement.
SLB should have minimum 30,000 SSL transactions per second for 2048 key from day one
28 Proposed solution should support sticky sessions, entry per server with per user per server in one established session
Redundancy
29 Should Support standard VRRP (RFC - 2338)
Management
30 Using the Web Based Management
31 Dedicated Management Port
32
SLB Device should be accessed through the below: • Using the CLI • Using SNMP • REST API
33 Proposed solution should be integrated with HP ArcSight SIEM solution
WEB Application Firewall
34 Web Application Firewall should be ICSA certified
35
Proposed WAF should have minimum 1 Gbps throughput
The proposed WAF can be a dedicated appliance or part of ADC solution with minimal latency.
If WAF is a dedicated appliance, it should compliance with the above
architecture of SLB.
WAF should have the flexibility to be deployed in the folowing modes:
36 Reverse proxy
37 Out of Path (OOP) support
38 The proposed solution should support standard VRRP (RFC - 2338) for High Availability purpose (no proprietary protocol).
39
The WAF should support the following escalation modes: a)Active, b)Bypass, c) Passive
40 The solution must be able to handle OWASP Top 10 attacks and WASC Web Security Attack Classification.
41
HidingSensitive Content Parameters: It should be able to Mask values of sensitive parameters (for example, passwords, credit card and social security details)
42 WAF should support for IPv4 and IPv6 traffic
Network & Security EquipmentsRFP for OSDC
- 27 -
43
The proposed WAF should support signaling mechanism based on IP blocking system. It should be able to extract the attack source IP address from either the Layer 3 IP header or from the HTTP headers (such as, X-Forwarded-For and True-Client-IP). Once an attack source is detected, the WAF should signal the attack source IP address to perimiterDDoS mitigation device (if required), either by adding the source to the black list or by generating a signature of the attack source IP address to be matched in the HTTP headers.
Auto Policy Optimization
44 Known Types of Attack Protection - Rapid / protection mode
45 • Zero Day Attack protectionfrom day one
46
• Security Filter Auto Policy Generation a)FullAuto b)AutoEnabled c) Auto Refinements
47 • Working in Learn Mode
48 • Auto Discovery
49 • Web Crawler
Following Threats should be protected by the proposed WAF solution:
50 Parameters Tampering
51 Cookie Poisoning
52 SQL Injection
53 Session Hijacking
54 Web Services Manipulation
55 Stealth Commands
56 Debug Options
57 Backdoor
58 Buffer Overflow Attacks
59 Data Encoding
60 Protocol Piggyback
61 Cross-Site Scripting (XSS)
62 Brute Force Attacks
63 OS Command Injection
64 Cross Site Request Forgery (CSRF)
65 Hot Link
66 Information Leakage
67 Path (directory) Traversal
68 Predefined resource location
69 Malicious file upload
70 Directory Listing
71 Parameter Pollution (HPP)
72 OWASP parametres
The proposed WAF should support the following Security Filters:
73 • AllowList Security Filter
Network & Security EquipmentsRFP for OSDC
- 28 -
74 • BruteForce Security Filter
75 • Database Security Filter
76 • FilesUpload Security Filter
77 • GlobalParameters Security Filter
78 • HTTPMethods Security Filter
79 • Logging Security Filter
80 • safe reply or masking of sensitive information in HTTP response filters
81 • WebServices Security Filter
82 • XMLSecurity Security Filter
83 • Parameters Security Filter
84 • PathBlocking Security Filter
85 • Session Security Filter
86 • Vulnerabilities Security Filter
The proposed WAF should support the Activity Tracking, which should include the following:
87 Mimicking user behavior
88 Dynamic IP
89 Anonymity
90 Scraping
91 Clickjacking
Device Fingerprint-based tracking OR module to detect and prevent HTTP requests from ROBOTS or web spiders filters
92 WAF should support Device Fingerprint technology OR robots and web spider filters by involving various tools and methodologies to gather IP agnostic information about the source.
93
Fingerprint information should include the Client Operating System, browser, fonts, screen resolution, and plugins etc. (applicable for Fingerprint technology) OR Solution should provide advanced bot detection and prevention mechanism based on smart combination of signature-based and heuristic analysis
94
It should support running JavaScript on the client side. Once a JavaScript is processed, an AJAX request is generated from the client side to the WAF with the fingerprint information (applicable for Fingerprint technology)
WAF should support the Historical Security Reporting from Day 1
95 • Customizable dashboards, reports, and notifications
96 • Advanced incident handling for security operating centers (SOCs) and network operating centers (NOCs)
97 • Standard security reports
98 • In-depth forensics capabilities
99 • Ticket workflow management
Network & Security EquipmentsRFP for OSDC
- 29 -
4.4 Technical Specification of 48 port 10/40 G Layer 3 Switch
Sl. No. Specifications Compliance
(Yes/No)
OEM Eligibility Criteria
1 OEM should be present in Gartner's LEADER/CHALLENGERS magic quadrant in the latest Datacentre Networking Solutions
Solution Requirement
2 The Switch should support non-blocking Layer 2 switching and Layer 3 routing
3 There switch should not have any single point of failure like power supplies and fans etc should have 1:1/N+1 level of redundancy
4 Switch support in-line hot insertion and removal of different parts like modules/power supplies/fan tray etc should not require switch reboot and disrupt the functionality of the system
5
IPV6 Compliant: • Solution should be IPV6 ready from day1. No extra cost will be borne for IPV6 implementation • Switch should support the complete STACK of IP V4 and IP V6 services
6 Proposed solution should not declared with eol, eos or end of support by OEM in the day of production.
7 The Switch and different modules used should function in line rate and should not have any port with oversubscription ratio applied
8 Switch port should well-matched and linked with firewall, IPS, Blade and Rack servers 10Gb/40Gb ports of OEM like HP, IBM, DELL etc.
9 At least 8Nos of Switch port should downgrade to 1Gb copper RJ45 Ethernet port through supplied transceivers.
10
Each Switch should be supplied with 10 nos. of 15 Mtrs LC-LC patch cord. 10 nos. of 10 Mtrs LC-LC patch cord. 10 nos. of 10 Mtrs CAT6 RJ45 patch cord. 10 nos. of 15 Mtrs CAT6 RJ45 patch cord Patch cord should be from OEM (AMP/CommScope /Rosenberger) with 25 years replacement warranty against any manufacturer defect
11 Appliance should have supplied with Indian standard 3pin power cord
12 Appliance should have supplied with necessary pathcord for HA, switch and NIPS port for configuration.
13 Appliance ports should have compatibility with switch and NIPS port for connectivity.
14 suppliers should ensured with flawless connectivity among devices like switch, NIPS, Firewall, server etc.
15 Proposed solution should not declared with eol, eos or end of support by OEM. in the day of production.
Hardware and Interface Requirement
Network & Security EquipmentsRFP for OSDC
- 30 -
16
Switch should have the following interfaces: i. 48 x 10G Fiber ports with SR modules Loaded ii. ii. 6 x 40GbE ports with Short Range Module Loaded for 40G
operations with patch cord
17 Switch should be rack mountable and support side rails if required
18 Switch should have adequate power supply for the complete system usage with all slots populated and used and provide N+1 redundant
19 Switch should have hardware health monitoring capabilities and should provide different parameters through SNMP
20 Switch should support VLAN tagging (IEEE 802.1q)
21 Switch should support IEEE Link Aggregation and Ethernet Bonding functionality to group multiple ports for redundancy
22 Switch should support Configuration roll-back and check point
23 Switch should support for different logical interface types like loopback, VLAN, SVI/RVI, Port Channel, multi chassis port channel/LAG etc
24 Switch should have console port
Performance Requirement
25 The switch should support 12,000 IPv4 and IPv6 routes entries in the routing table including multicast routes
26 Switch should support Graceful Restart for OSPF, BGP etc.
27 Switch should support minimum 500 VRF instances
28 The switch should support uninterrupted forwarding operation for OSPF, BGP etc. routing protocol to ensure high-availability during primary controller failure
29 The switch should support hardware based loadbalancing at wire speed using LACP and multi chassis etherchannel/LAG
30
Switch should support minimum 1.4 Tbps of switching capacity (or as per specifications of the switch if quantity of switches are more, but should be non blocking capacity) including the services: a. Switching b. IP Routing (Static/Dynamic) c. IP Forwarding d. Policy Based Routing e. QoS f. ACL and Other IP Services g. IP V.6 host and IP V.6 routing
Advance Features
31 Switch should support Data Center Bridging
32 Switch should support common configuration like mirroring, trunking, port violation, port restriction, inter VLAN routing, STP, BPDU, etc.
33 Switch should support multi OEM hypervisor environment and should support features for programmable configuration change
Layer2 Features
34 Spanning Tree Protocol (IEEE 8201.D, 802.1W, 802.1S
Network & Security EquipmentsRFP for OSDC
- 31 -
35 Switch should support VLAN Trunking (802.1q) and should support 3900 VLAN
36 Switch should support basic Multicast IGMP v1, v2, v3
37 Switch should support minimum 90,000 no. of MAC addresses
38 Switch should support 8 Nos. of link or more per Port channel (using LACP) and support 96 port channels or more per switch
39 Switch should support Industry Standard Port/Link Aggregation for All Ports across any module or any port.
40
Switch should support multi chassis Link Aggregation for All Ports across any module or any port of the switch and Link aggregation should support 802.3ad LACP protocol for communication with downlink/uplink any third party switch or server
41 Switch should support Jumbo Frames up to 9K Bytes on Ports
42 Support for broadcast, multicast and unknown unicast storm control to prevent degradation of switch performance from storm due to network attacks and vulnerabilities
43 Switch should support Link Layer Discovery Protocol as per IEEE 802.1AB for finding media level failures
Layer3 Features
44 Switch should support all physical ports to use either in Layer2 or Layer 3 mode and also should support layer 3 VLAN Interface and Loopback port Interface
45 Switch should support basic routing feature i.e. IP Classless, default routing and Inter VLAN routing
Switch should support static and dynamic routing using: a. Static routing b. OSPF V.2 using MD5 Authentication c. ISIS using MD5 Authentication d. BGP V.4 using MD5 Authentication e. Should support route redistribution between these protocols f. Should be compliant to RFC 4760 Multiprotocol Extensions for BGP-4 (Desirable)
46
47 Switch should re-converge all dynamic routing protocol at the time of routing update changes i.e. Non-Stop forwarding for fast re-convergence of routing protocols
48 Switch should support multi instance MPLS routing using VRF, VRF Edge routing and should support VRF Route leaking functionality
49 Switch should be capable to work as DHCP server and relay
Availability
50 Switch should have provisioning for connecting to 1:1/N+1 power supply for usage and redundancy
51 Switch should provide gateway level of redundancy in IpV4 and IPV6 using HSRP/VRRP
Network & Security EquipmentsRFP for OSDC
- 32 -
52 Switch should support for BFD For Fast Failure Detection as per RFC 5880
Quality of Service
53
Switch system should support 802.1P classification and marking of packet using: a. CoS (Class of Service) b. DSCP (Differentiated Services Code Point) c. Source physical interfaces d. Source/destination IP subnet e. Protocol types (IP/TCP/UDP) f. Source/destination TCP/UDP ports
54 Switch should support methods for identifying different types of traffic for better management and resilience
55
Switch should support for different type of QoS features for ream time traffic differential treatment using a. Weighted Random Early Detection. b. Strict Priority Queuing.
56 Switch should support to trust the QoS marking/priority settings of the end points as per the defined policy
57 Switch should support Flow control of Ethernet ports to control traffic rates during congestion by allowing congested nodes to pause link operation at the other end for receiving traffic as per IEEE 802.3x
Security
58 Switch should support for deploying different security for each logicaland physical interface using Port Based access control lists of Layer-2 to Layer-4 in IP V.4 and IP V.6 and logging for fault finding and audit trail
59 Switch should support control plane i.e. processor and memory Protection from unnecessary or DoS traffic by control plane protection policy
60 Time based ACL
61 Switch should support for external database for AAA using: a. TACACS+ b. RADIUS
62 Switch should support MAC Address Notification on host join into the network for Audit trails and logging
63
Switch should support to restrict end hosts in the network. Secures the access to an access or trunk port based on MAC address. It limits the number of learned MAC addresses to deny MAC address flooding
64 Switch should support DHCP Snooping
Network & Security EquipmentsRFP for OSDC
- 33 -
65 Switch should support Dynamic ARP Inspection to ensure host integrity by preventing malicious users from exploiting the insecure nature of the ARP protocol
66 Switch should support IP Source Guard to prevents a malicious hosts from spoofing or taking over another host's IP address by creating a binding table between the client's IP and MAC address, port, and VLAN
67 Switch should support for Role Based access control (RBAC) for restricting host level network access as per policy defined
68 Switch should support Spanning tree BPDU protection
69 Switch should support unicast and/or multicast blocking on a switch port to suppress the flooding of frames destined for an unknown unicast or multicast MAC address out of that port
70 Switch should support Spanning tree BPDU protection
71 Switch should support for MOTD banner displayed on all connected terminals at login and security discrimination messages can be flashed as per banks ISD rules
Manageability
72 Switch should support for embedded RMON/RMON-II for central NMS management and monitoring
73 Switch should support for sending logs to multiple centralised syslog server for monitoring and audit trail
74 Switch should provide remote login for administration using: a. Telnet b. SSH V.2
75 Switch should support for capturing packets for identifying application performance using local and remote port mirroring for packet captures
76
Switch should support for management and monitoring status using different type of Industry standard NMS using: a. SNMP V1 and V.2 b. SNMP V.3 with encryption c. Filtration of SNMP using Access list d. SNMP MIB support for QoS
77 Switch should support for basic administrative tools like: a. Ping b. Tracerout
78 Switch should support central time server synchronization using Network Time Protocol NTP V.4
79
Switch should support for providing granular MIB support for different statistics of the physical and logical interfaces
Network & Security EquipmentsRFP for OSDC
- 34 -
80 Switch should support for predefined and custmised execution of script for device mange for automatic and scheduled system status update formonitoring and management
81 Switch should provide different privilege for login in to the system for monitoring and management
82 Switch should support Real time Packet Capture using Wireshark in real time for traffic analysis and fault finding
IPv6 features
83
Switch should support for IP V.6 connectivity and routing required for network reachability using different routing protocols such a. OSPF V.3 b. BGP with IP V.6 c. IP V.6 Policy based routing d. IP V.6 Dual Stack etc e. IP V.6 Static Route f. IP V.6 Default route
84 Should support route redistribution between these protocols
85 Switch should support multicast routing in IP V.6 network using PIMv2 Sparse Mode
86 Switch should support for QoS in IP V.6 network connectivity
87
Switch should support for monitoring and management using different versions of SNMP in IP V.6 environment such as: a. SNMPv1, SNMPv2c, SNMPv3 b. SNMP over IP V.6 with encryption support for SNMP Version 3
88 Switch should support syslog for sending system log messages to centralized log server in IP V.6 environment
89 Switch should support NTP to provide an accurate and consistent timestamp over IPv6 to synchronize log collection and events
90
Switch should support for IP V.6 different types of tools for administration and management such as: a. Ping b. Traceroute c. VTY d. SSH e. TFTP f. DNS lookup
Network & Security EquipmentsRFP for OSDC
- 35 -
Appendix I: Pre-Qualification & Technical Bid Templates
General
The bidders are expected to respond to the RFP using the forms given in this section and all documents
supporting Pre-Qualification / Technical Evaluation Criteria.
Pre-Qualification Bid & Technical Proposal shall comprise of following forms :
Forms to be used in Pre-Qualification Proposal
Form 1: Compliance Sheet for Pre-qualification Proposal
Form 2: Particulars of the Bidders
Form 3: Manufacturers /Producers Authorization Form
Forms to be used in Technical Proposal
Form 4: Compliance Sheet for Technical Proposal
Form 5: Letter of Proposal
Network & Security EquipmentsRFP for OSDC
- 36 -
Form 1: Compliance Sheet for Pre-qualification Proposal
(The pre-qualification proposal should comprise of the following basic requirements. The documents
mentioned in this compliance sheet along with this form, needs to be a part of the Pre-Qualification
proposal)
S. No. Basic Requirement Documents Required Provided Reference & Page
Number
1. Document Fee Demand Draft Yes / No
2 Power of Attorney Copy of Power of Attorney in the
name of the Authorized signatory Yes / No
3 Particulars of the
Bidders As per Form 2 Yes / No
4 Earnest Money
Deposit Demand Draft Yes / No
5
Average Sales
Turnover in
Hardware &
Maintenance
services
Extracts from the audited Balance
sheet and Profit & Loss; OR
Certificate from the statutory
auditor
Yes / No
6
Letter of
authorization from
H/W OEM
Letter of authorization; as per
template provided (Form 3) Yes / No
7 Technical
Capability Copy of work order Yes / No
8 Local Service
Centres
A Self Certified letter by an
authorized signatory Yes / No
9 Quality
Certifications ISO 9001:2008 or latest , ISO 27000 Yes / No
10 Legal Entity Copy of Certificate of Incorporation;
and Copy of PAN, IT return, GSTIN Yes / No
11 Blacklisting&
Performance A self certified letter Yes / No
Network & Security EquipmentsRFP for OSDC
- 37 -
Form 2: Particulars of the Bidders
S No. Information Sought Details to beFurnished
a Name ,address and URL of the bidding Company
b Incorporation status of the firm (public limited /
private limited, etc.)
c Year of Establishment
d Date of registration
e RoC Reference No.
f Details of company registration
g Details of registration with appropriate authorities
for GST
h Name, Address, e-mail ID, Phone nos. and Mobile
Number of Contact Person
Network & Security EquipmentsRFP for OSDC
- 38 -
Form 3: Manufacturers /Producers Authorization Form
Letter No._____________ Date:________
To
The General Manager(Admn)
Odisha Computer Application Centre
Bhubaneswar
Sub : OEM Authorization Letter
Dear Sir:
Ref: Your RFP Ref: OCAC-NeGP-INFRA-0009-2017/18004
We, who are established and reputable manufacturers / producers of ________________________
having factories / development facilities at (address of factory / facility) do hereby authorize M/s
___________________ (Name and address of Agent) to submit a Bid, and sign the contract with you against
the above Bid Invitation.
We hereby extend our full guarantee and warranty for the Solution, Products and services offered by the
above firm against this Bid Invitation.
We also undertake to provide any or all of the following materials, notifications, and information pertaining
to the Products manufactured or distributed by the Supplier :
a. Such Products asOCAC may opt to purchase from the Supplier, provided, that this option shall not
relieve the Supplier of any warranty obligations under the Contract; and
b. in the event of termination of production of such Products:
i. Advance notification to OCAC of the pending termination, in sufficient time to permit to procure
needed requirements; and
ii. Following such termination, furnishing at no cost to OCAC, the blueprints, design documents,
operations manuals, standards, source codes and specifications of the Products, if requested.
Network & Security EquipmentsRFP for OSDC
- 39 -
We duly authorize the said firm to act on our behalf in fulfilling all installations, Technical support and maintenance obligations required by the contract.
Yours faithfully, (Name) (Name of Producers) Note: This letter of authority should be on the letterhead of the manufacturer and should be signed by a person competent and having the power of attorney to bind the manufacturer. The Bidder in its Bid should include it.
Network & Security EquipmentsRFP for OSDC
- 40 -
Form 4: Compliance Sheet for Technical Proposal
The Technical proposal should comprise of the following basic requirements.
1. Below mentioned quoted products of OEMtable.
2. Filled in compliance sheet as per Section IV: Technical specifications document for each device.
Quoted Products of OEM
Item OEM 1: _____ OEM 2: _____ OEM 3: _____
Model Version &
Year of
release
End of
support
expected
Model Version &
Year of
release
End of
support
expected
Model Version &
Year of
release
End of
support
expected
Firewall(Internet)
NIPS
Server Load Balancer(SLB)
48 port 10/40 G Layer 3 Switch
Network & Security EquipmentsRFP for OSDC
- 41 -
Form 5: Letter of Proposal
To:
The General Manager (Admin)
Odisha Computer Application Centre
Plot No. - N-1/7-D, AcharyaVihar
P.O.- RRL, Bhubaneswar - 751013
EPBX: 0674-2567280/2567064/2567295
Fax: +91-0674-2567842
Subject:Submission of the Technical bid for Supply, Installation & Warranty supportof Network &SecurityEquipmentsforOdisha State Data Center, OCAC.
Dear Sir/Madam,
We, the undersigned, offer to provideSupply, Installation & Warranty support of Network &
SecurityEquipments forOdisha State Data Center, OCAC on with your RFP Ref No :__________andour
Proposal. We are hereby submitting our Proposal, which includes this Technical bid and the Commercial
Bid sealed in a separate envelope.
We hereby declare that all the information and statements made in this Technical bid are true and accept
that any misinterpretation contained in it may lead to our disqualification.
We undertake, if our Proposal is accepted, to initiate the Implementation services related to the
assignment not later than the date indicated in the tender document.
We agree to abide by all the terms and conditions of the RFP document. We would hold the terms of our
bid valid for 180 days as stipulated in the RFP document.
We understand you are not bound to accept any Proposal you receive.
Yours sincerely,
Authorized Signature [In full and initials]:
Name and Title of Signatory:
Name of Firm:
Address:
Location: _____________________________________
Date: ___________________________
Network & Security EquipmentsRFP for OSDC
- 42 -
Appendix II : Commercial Proposal Templates
The bidders are expected to respond to the RFP using the forms given in this section for Commercial
Proposal.
Form 6: Covering Letter
Form 7: Commercial Proposal
Form 6: Covering Letter
< Location, Date> To
The General Manager (Admin)
Odisha Computer Application Centre
Plot No. - N-1/7-D, AcharyaVihar
P.O.- RRL, Bhubaneswar - 751013
EPBX: 0674-2567280/2567064/2567295
Fax: +91-0674-2567842
Subject:Submission of the Commercial bid for Supply, Installation & Warranty support of Network&SecurityEquipmentsforOdisha State Data Center, OCAC.
RFP Reference No : OCAC-NeGP-INFRA-0009-2017/18004
Dear Sir/Madam,
We, the undersigned, offer to provide the Implementation services for Network &SecurityEquipmentssupply
& related services in accordance with your Request for Proposal cited above and our Proposal (Technical
and Commercial Proposals). Our attached Commercial Proposal is for the sum of [Amount in words and
figures]. This amount is inclusive of the taxes.
Our Commercial Proposal shall be binding upon us, up to expiration of the validity period of the Proposal,
i.e., [Date].
We understand you are not bound to accept any Proposal you receive.
We remain,
Yours sincerely,
Authorized Signature:
Name and Title of Signatory:
Name of Firm:
Address:
Network & Security EquipmentsRFP for OSDC
- 43 -
Form 7: Commercial Proposal
RFP REFERENCE NO : OCAC-NeGP-INFRA-0009-2017/18004
COMMERCIAL BID FORMAT
Sl. No.
Item Quantity
(a)
Unit Price
(b)
Taxes per Unit
(c)
Total Unit Cost (d)
(d=b+c)
Total
a x d
1 Firewall (Internet) 2
2 Network Intrusion Prevention System(NIPS)
2
3 Server Load Balancer(SLB) 2
4 48 port 10/40 G Layer 3 Switch 4
Grand Total
Total Cost In Words
Seal of the Company Authorised Signatory “I/WE UNDERSTAND THAT THE QUANTITY PROVIDED ABOVE IS SUBJECT TO CHANGE. I/WE AGREE THAT IN CASE OF ANY CHANGE IN THE QUANTITIES REQUIRED, I/ WE WOULD BE SUPPLYING THE SAME AT THE RATES AS SPECIFIED IN THIS COMMERCIAL BID. I /WE AGREE TO ADHERE TO THE PRICES GIVEN ABOVE EVEN IF THE QUANTITIES UNDERGO A CHANGE”.
Network & Security EquipmentsRFP for OSDC
- 44 -
Appendix III: Templates
Performance Bank Guarantee (PBG)
To
The General Manager (Admin)
Odisha Computer Application Centre
Plot No. - N-1/7-D, AcharyaVihar
P.O.- RRL, Bhubaneswar - 751013
EPBX: 0674-2567280/2567064/2567295
Fax: +91-0674-2567842
Whereas, << name of the supplier and address >>(hereinafter called “the Bidder”) has undertaken, in
pursuance of contract no. << insert contract no. >> dated. <<insert date >> to provide Implementation
services for << name of the assignment >> to OCAC (hereinafter called “the beneficiary”)
And whereas it has been stipulated by in the said contract that the Bidder shall furnish you with a bank
guarantee by a recognized bank for the sum specified therein as security for compliance with its obligations
in accordance with the contract;
And whereas we, << name of the bank >> a banking company incorporated and having its head /registered
office at << address of the registered office >> and having one of its office at << address of the local office
>>have agreed to give the supplier such a bank guarantee.
Now, therefore, we hereby affirm that we are guarantors and responsible to you, on behalf of the supplier,
upto a total of Rs.<< insert value >> (Rupees << insert value in words >> only) and we undertake to pay you,
upon your first written demand declaring the supplier to be in default under the contract and without cavil
or argument, any sum or sums within the limits of Rs .<< insert value >> (Rupees << insert value in words
>> only) as aforesaid, without your needing to prove or to show grounds or reasons for your demand or the
sum specified therein.
We hereby waive the necessity of your demanding the said debt from the Bidder before presenting us with
the demand.
We further agree that no change or addition to or other modification of the terms of the contract to be
performed there under or of any of the contract documents which may be made between you and the
Bidder shall in any way release us from any liability under this guarantee and we hereby waive notice of
any such change, addition or modification.
This Guarantee shall be valid until << Insert Date >>)
Network & Security EquipmentsRFP for OSDC
- 45 -
Notwithstanding anything contained herein:
I. Our liability under this bank guarantee shall not exceed Rs<< insert value >>(rupees << insert
value in words >> only).
II. This bank guarantee shall be valid up to << insert expiry date >>)
III. It is condition of our liability for payment of the guaranteed amount or any part thereof arising
under this bank guarantee that we receive a valid written claim or demand for payment under this
bank guarantee on or before << insert expiry date >>) failing which our liability under the guarantee
will automatically cease.
(Authorized Signatory of the Bank)
Seal:
Date: