RFP for Supply, Installation& Warranty Support of Network...

RFP for Supply, Installation& Warranty Support of Network & Security Equipments

for Odisha State Data Centre(OSDC), Bhubaneswar

RFP Enquiry No : OCAC-NeGP-INFRA-0009-2017/18004, Date: 16/01/2018

Network & Security EquipmentsRFP for OSDC

- 2 -

RFP SCHEDULE

Sl. No. Items Date & Time

01 Commencement of the bid 16/01/2018

02 Last date for receiving queries through e-mail: [email protected] &[email protected]

24/01/2018, 5:00 PM

03 PreBidConference 29/01/2018, 5:00 PM

04 Issue of Corrigendum (if required) To beInformed

05 Last date and time for Submission of Bid 15/02/2018, 2:00 PM

06 Opening of Pre-Qualification Bids (PQ) 15/02/2018, 5:00 PM

07 Opening of Technical Bids (TB) 19/02/2018, 1:00 PM

08 Opening of Commercial Bids (CB) To be Informed


- 3 -

Fact Sheet:

This Fact Sheet comprising important factual data on the RFP is for a quick reference to the bidders.

Clause Reference Topic

The Proposal

OdishaComputer Application Centre (OCAC) invites

bidforSupply,Installation& Warranty Supportof Network & Security

EquipmentsforOdishaState Data Centre (OSDC).

Method of

Selection

Cost Based Selection method (Least cost method) shall be used to

select the Bidder toSupply, Installation& Warranty support of

Network & Security Equipments for Odisha State Data Centre. The

bidder has to apply the bid in three envelop system, General (Pre-

qualification), Technical &Commercial bid. Technical bid of those

bidders who qualify in General Bid shall be opened. Commercial

bid of those bidders who qualify in Technical Bid shall be opened.

The least value Bid (i.e. the bidder quoting minimum amount) will

be given preference in the order of selection.

RFP Document

RFP Document can be downloaded from http://www.ocac.in or

http://www.odisha.gov.in or http://www.tenders.gov.in.

The bidders are required to submit the RFP document Fee of Rs.

5,000/- (Rupees Five thousand only)in the form of a demand

draft in favour of “Odisha Computer Application Centre“,

payable at Bhubaneswar from any of the Scheduled commercial

Bank along with the Proposal.

Earnest Money

Deposit (EMD)

Earnest Money Deposit (EMD) of Rs. 10,00,000/- (Ten Lakhs Only)

should be in shape of Account payee Demand Draftfrom any

Nationalized / Scheduled Commercial Banks, in favor of Odisha

Computer Application Centre payable at Bhubaneswar.

Scope of Work Selected agency is expected to deliver the services listed in Scope

of Work as mentioned in this RFP.

Language Bid must be prepared by the Bidder in English language only

Currency

The bidder should quote in Indian Rupees only. The Total Price

inclusive of taxes and duties will be considered for evaluation. So,

the bidder must mention the base price and the tax component

separately.

ValidityPeriod Proposals/bid must remain valid minimum for 180 days from the

last date of bid submission.

http://www.ocac.in/

http://www.odisha.gov.in/

http://www.tenders.gov.in/


- 4 -

Clause Reference Topic

Bid to be submitted

on or before last

date of submission

at:

The proposal must be submitted to:

The General Manager (Admn.)

Odisha Computer Application Centre (OCAC)

OCAC Building, Plot No.-N-1/7-D, AcharyaVihar Square, RRL Post

Office, Bhubaneswar-751013 (INDIA)

The bidder must submit, all the three sealed separate envelopes

(PQ,TB& CB) shall be put in another separate envelope with

superscription as

“Supply, Installation& Warranty supportof Network & Security

EquipmentsforOdisha State Data Centre (OSDC),Bhubaneswar “

and RFP Enquiry No. OCAC-NeGP-INFRA-0009-2017/18004,

Date: 16/01/2018.


- 5 -

Table of Contents

Fact Sheet: .......................................................................................................................................... 3

SECTION I: INVITATION FOR BIDS ................................................................................................................... 6

1.1 Scope of Work ...................................................................................................................... 6

SECTION II: INSTRUCTION TO BIDDERS ....................................................................................................... 10

SECTION III: SPECIAL CONDITIONS OF CONTRACT ................................................................................. 13

SECTION IV: TECHNICAL SPECIFICATIONS ................................................................................................ 14

4.1 Technical Specification for Firewall (Internet) ........................................................................... 14

4.2 Technical Specification of NIPS ............................................................................................... 18

4.3 Technical Specification of Server Load Balancer(SLB) .................................................................. 24

4.4 Technical Specification of 48 port 10/40 G Layer 3 Switch ........................................................... 29

APPENDIX I: PRE-QUALIFICATION & TECHNICAL BID TEMPLATES .................................................. 35

APPENDIX II : COMMERCIAL PROPOSAL TEMPLATES ............................................................................ 42

APPENDIX III: TEMPLATES ................................................................................................................................ 44


- 6 -

Section I: Invitation for Bids

1.1 Scope of Work

(A) Supply, Installation & Warranty supportof Network & Security Equipments as per technical specification atOdisha State Data Centre, OCAC.

(B) Eligibility Criteria

Following table mentions the pre-qualification criteria. A bidder participating in the procurement

process shall possess the following minimum pre-qualification/ eligibility criteria. Any bid failing to

meet the stated criteria shall be summarily rejected and will not be considered for Technical Evaluation.

I. Pre-qualification Criteria

Sl.

No. Clause Documents required

1. (a) The Bidder should be an established

Information Technology company registered under

the Companies Act, 1956 and in operation for at

least 5 years as on 31.03.2017 and should have

their registered offices in India.

(b) The company must be registered with

appropriate authorities for all applicable statutory

duties/taxes

(a) Valid documentary proof of:

Certificate of incorporation/

registration

Self certification of being in the

business for last five years duly

attested by company secretary/

charted accountant should be

attached.

(b) Valid documentary proof of:

GST Identification Number(GSTIN)

Income Tax registration/PAN

number

Income Tax returns for last three

Financial years

2. Average annual turnover in last three financial year

i.e. 2014-15, 2015-16 & 2016-17(as per the

published audited balance sheet), should be at

least 25crores that is generated fromHardware

supply and their associated maintenanceservices,

packaged software etc.

Note:

The turnover refers to the Bidder’s firm and not

the composite turnover of its subsidiaries/sister

concerns etc.

Copy of audited profit and loss

account/balance sheet/annual report

sheet with CA’s Certificate.


- 7 -

Sl.


3. The Bidder should have positive net worth during

last three financial years, ending 31.03.2017 and

shall be Rs. 2 crores on 31st March 2017 in India.

A certified document by the Chartered

Accountant stating the net worth and

average annual turnover of the Bidder

4. The bidder must possess a valid ISO 9001:2008 or

latest and 27000 Certification

Copy of valid certificate at the time of

bidding

5. The bidder must have successfully undertaken at

least the following numbers of systems

implementation engagement(s) of value specified

herein :

- One project of similar nature(in system

integration) not less than the amount Rs.

4,00,00,000/- (Four Crore

Only) OR

- Two projects of similar nature(in system

integration) not less than the amount equal

Rs. 2,25,00,000/- (Two crore twenty five

lakh Only) each;

OR

- Three projects of similar nature(in system

integration) not less than the amount equal

Rs. 1,80,00,000/- (One Crore eighty lakh

Only) each

Similar nature means "Supply, Installation and

maintenance of Network & Security Equipments for

Government / Public Sector Enterprises/BFSI in

India in last three Years".

CompletionCertificatesfromthe client +

copy of work order ;

OR

Work Order + SelfCertificate of

Completion(Certified by theStatutory

Auditor);

OR

Work Order + PhaseCompletion

Certificate from theclient

6. The Bidder :

Should not currently have been blacklistedby any

Government Department/PSU or under a

declaration of ineligibility for fraudulent or corrupt

practices or inefficient/ineffective performance.

Declaration in this regard by the

authorized signatory of the Bidder


- 8 -

Sl.


7. The Bidder should submit valid letter from all the

OEMs confirming the following:

Authorization for Bidder

Confirm that the products quoted are not “end

of life or end of sale products” as on Bid

Submission date. If in case the support for the

product quoted has been stopped/ withdrawn

till the time of delivery of equipment, the same

will be changed with the superior product at no

extra cost.

Undertake that the support including spares,

patches, upgrades for the quoted products shall

be available for the period of 7 years from the

date of final acceptance (FAT).

Relevant documentary evidences like

Authorization letters [ MAF from all

OEMs] to be submitted within 15 days

after award of contract/purchase order

whose products will be supplied.

8. I. The Bidder must have a registered office in

Odisha.

II. The Bidder must have service/maintenance

professionals available in Odisha.

I. Relevant Documents supporting

Office addresses.

II. A Self Certified letter by an

authorized signatory mentioning the

list of service/maintenance

professionals.

9. The bidder must have submitted Rs. 5,000/-

(Rupees Five thousand only) towards the cost of

the Tender Document.

The Bidder should furnish, as part of its Bid, an

Earnest Money Deposit (EMD) of Rs. 10,00,000/-

(Ten Lakh Only).

In shape of DD from a schedule

commercial bank

(C) Bid Submission The bid must be submitted in three separate envelopes as i. Pre-qualification Bid(As mentioned in eligibility conditions format) ii. TechnicalBid iii. CommercialBid

(D) Technical Bid

Technical bid shall contain: (i) Technical bid with full details including description of make & model of items /


- 9 -

components for technical assessment of the proposal. The bidder must quoteonly for branded parts.

(ii) An Undertaking as mentioned under Eligibility Criteria.

(iii) All the documentary proof of applicable standards and bench marks should be submitted

along with the technical bids.

(iv) The onsite warranty services must be provided at OSDC, Bhubaneswar. The bidder must provide the plan / arrangement in escalation matrix, for warranty services to be provided at OSDC, Bhubaneswar

(v) The Compliance Statement by the bidder to the technical specifications along with relevant product brochure, technical documents etc.Bidswithout proper Compliance Statement will be rejected.

(vi) Acceptance to the terms and conditions laid down in the tender document. A scanned

copy of the bid document duly signed by the bidder’s authorized representative is to be submitted in token of acceptance of the same. Any deviation in the general terms and condition may lead to the rejection of the bid.

Important Note:

a) If the bid is incomplete and / or non-responsive it will be rejected during technical evaluation. The bidder may not be approached for clarifications during the technical evaluation. So bidders are requested to ensure that they provide all necessarily details in the submitted bids.

b) If any price details are found in the Technical Bid, the offer will be summarily rejected.

(E) Commercial Bid

i. Commercial BID SHOULD be submitted in a sealed envelope as per the format specified in Commercial Proposal.

ii. The PRICE PART shall contain only schedule of rates duly filled in. NO stipulation, deviation, terms & conditions, presumptions etc. is permissible in price part of the bid. OCAC shall not take any cognizance of any such conditions and may at its discretion reject such commercial bid.

iii. Prices should be given in INR in figures Only. iv. Bidders are advised strictly not to alter or change the BOQ format /contents. Bidders are

also advised not to paste any image file with BOQ v. Price offered by the bidder shall not appear anywhere in any manner in the technical bid.

(F) Technical Qualification Criteria

i. Bidders who meet the pre-qualifications/eligibility requirements would be considered as

qualified to move to the next stage of Technical evaluations. ii. The Product offered should meet all the technical and functional specifications given in

the ‘’technical specification of respective devices’’. iii. Non-compliance to any of the technical and functional specificationwilllead to rejection

of the proposal. iv. Response except “Yes” or “No” is not acceptable


- 10 -

v. Bidders, whose bids are responsive to all the items in the Compliance Sheetfor Technical Proposal and meet all the technical and functional specifications, would be considered technically qualified

(G) Commercial Bid Evaluation

i. The Commercial Bids of technically qualified bidders will be opened on the prescribed date in the presence of bidder representatives.

ii. The Bidder, who has submitted the lowest Commercial bid, shall be selected as the L1 and shall be called for further process leading to the award of the assignment.

iii. Only fixed price commercial bids indicating total price for all the deliverables and services specified in this bid document will be considered.

iv. The bid price will include all taxes and levies and shall be in Indian Rupees. v. Any conditional bid would be rejected

vi. In any case of discrepancy, OCAC reserves the right to pick the value which it considers as beneficial to the government.

Section II: Instruction to Bidders

(A) This is a single bidding system; no consortium is allowed to Bid.

(B) Offer Validity: Offers should be valid for minimum One hundred eighty (180) Days from the

date of opening theTechnical Bid. A bid, valid for a shorter period, is liable to be rejected.

OCAC, Bhubaneswar may ask the bidders to extend the period of validity, if required.

(C) Delivery: The delivery to be done at OSDC, Bhubaneswar and should be completed within

eight Weeks from thedate of issue of Purchase Order.

(D) Product Specifications & Compliance Statement: The bidder should quote the products

strictly as perthe tender specifications and only of technically reputed and globally acclaimed

brands / makes. Complete technical details along with brand, specification, technical

literature etc. highlighting the specifications must be supplied along with the technical bid. A

Statement of Compliance shall be given against each item in the prescribed format given in

Technical specifications. The compliance statements should be supported by authentic

documents. Each page of the bid and cuttings / corrections shall be duly signed and stamped

by the authorized signatory. Failure to comply with this requirement may result in the bid

being rejected.

(E) The prices are to be quoted in INR figure only. If there is a discrepancy between the unit price

and the total price that is obtained by multiplying the unit price and quantity, the unit price

shall prevail and the total price shall be corrected.

(F) The PB Queries of only those bidders/ OEMs shall be entertained and responded to who have

purchased the Tender Document i.e.; deposited the prescribed tender fee.

(G) Materials must be properly packed against any damage and insured up to the destination. The

material should directly be supplied to OSDC, Bhubaneswar. All the expenses involved in


- 11 -

shipping the equipment to OSDC, shall be borne by the Bidder. All aspects of safe delivery

shall be the exclusive responsibility of the Bidder. OCAC, will have the right to reject the

component / equipments supplied, if it does not comply with the specifications at any point of

installation / inspection.

(H) Earnest Money is liable to be forfeited and bid is liable to be rejected, if the bidder withdraw

or amends, impairs or derogates from the tender in any respect within the validity period of

the tender.

(I) The Earnest Money of all unsuccessful bidders shall be returned as early as possible. No

interest will be payable by OCAC on the Earnest Money Deposit. The Earnest Money of

successful bidder shall be returned aftersuccessful completion of entire work and submission

of Performance Bank Guarantee (PBG) towards 10% of order value. This performance bank

Guarantee(PBG) shall remain valid for 90 days beyond all the contractual obligations.

(J) If any equipment or part thereof is lost or rendered defective during transit, the supplier shall

immediately arrange for the supply of the equipment or part thereof, as the case may be, at

no extra cost.

(K) The rates should be quoted in Indian Rupees, for the entire work to be done at site.

(L) Govt. Levies like Service Tax, VAT,GST etc. shall be paid at actual rates applicable on the date

of submission of Bid. Rates should be quoted accordingly giving the basic price, VAT, Service

Tax, GST etc.

(M) OCAC reserves the right to accept / reject the offers or cancel the whole tender proceedings

without assigning any reason whatsoever. Late / Delayed offers shall not be accepted under

any circumstances. Incompleteofferswillberejected.

(N) OCAC shall not be responsible for delayed submission or non- submission of bid due to any

reason whatsoever. The bidders are requested to submit the bid much before date & time of

submission, failing which OCAC shall not be responsible for any such delay.

(O) Any attempt of direct or indirect negotiations on the part of the bidder with the authority to

whom the bid has been submitted or authority who is competent to finally accept / reject the

same after the tender has been submitted or any endeavor to secure any interest for an

actual or prospective bidder or to influence by any means the acceptance of a particular

tender will render the tender liable to be rejected.

(P) Unsatisfactory Performance: The Parties herein agree that OCAC shall have the sole and

discretionary right to assess the performance(s) of the Bidder components(s), either primary

and or final, and OCAC, without any liability whatsoever, either direct or indirect, may reject

the system(s) component(s) provided by the Bidder, in part or in its entirety, without any

explanation to the Bidder, either during the pre and or post test period should the same be

unsatisfactory and not to the acceptance of OCAC. The Bidder covenants to be bound by the

decision of OCAC without any demur in such an eventuality.

(Q) Dispute Resolution :

(i) Any dispute or difference, whatsoever, arising between the parties to this agreement

arising out of or in relation to this agreement shall be amicably resolved by the Parties


- 12 -

through mutual consultation, in good faith and using their best endeavours. Parties, on

mutual consent, may refer a dispute to a competent individual or body or institution

or a committee of experts appointed By OCAC (Nodal Authority) for such purpose and

abide by the decisions thereon.

(ii) On non settlement of the dispute, same shall be referred to the commissioner-cum-

secretary to Government, IT department, and Government of Odisha for his decision

and the same shall be binding on all parties, unless either party makes a reference to

arbitration proceedings, within sixty days of such decision.

(iii) Such arbitration shall be governed in all respects by the provision of the Arbitration

and Conciliation Act, 1996 or later and the rules framed there under and any statutory

modification or re-enactment thereof. The arbitration proceedingshallbeheld in

Bhubaneswar, Odisha

(R) Force Majeure :

Force Majeure is herein defined as any cause, which is beyond the control of the selected

bidder or OCAC as the case may be which they could not foresee or with a reasonable

amount of diligence could not have foreseen and which substantially affect the performance

of the contract, such as:

(i) Natural phenomenon, including but not limited to floods, droughts, earthquakes and

epidemics.

(ii) Acts of any government, including but not limited to war, declared or undeclared

priorities, quarantines and embargos

(iii) Terrorist attack, public unrest in work area provided either party shall within 10 days

from occurrence of such a cause, notifies the other in writing of such causes.

In case of a Force Majeure, all Parties will endeavor to agree on an alternate mode of

performance in order to ensure the continuity of service and implementation of the

obligations of a party under the Contract and to minimize any adverse consequences of Force

Majeure.

(S) Disclaimer: This Tender / Request for Proposal (RFP) is not an offer by OCAC, but an invitation

for bidder’s response. No contractual obligation whatsoever shall arise from the RFP process.

(T) Besides the terms and conditions stated in this document, the contract shall also be governed

by the overall acts and guidelines as mentioned in IT Act 2000 and subsequent amendments,

and anyother guideline issued by State from time to time.

(U) Declaration:

The bidder would be required to give a certificate as below in his commercial bid.

“I/WE UNDERSTAND THAT THE QUANTITY PROVIDED ABOVE IS SUBJECT TO CHANGE.

I/WE AGREE THAT IN CASE OF ANY CHANGE IN THE QUANTITIES REQUIRED, I/ WE WOULD

BE SUPPLYING THE SAME AT THE RATES AS SPECIFIED IN THIS COMMERCIAL BID. I /WE

AGREE TO ADHERE TO THE PRICES GIVEN ABOVE EVEN IF THE QUANTITIES UNDERGO A

CHANGE”.


- 13 -

Section III: Special Conditions of Contract

(A) Multiple OEM: Bidder can quote technically complied multiple OEM’s product against

network & security equipments asked in this RFP. Unit price of the product should be same if

products from multiple OEM are being mentioned in the technical and commercial bid. A

bidder should quote upto maximum three OEM’s product against any device.

(B) Price Basis: Price quoted should be in INR only and as per theprescribed format as per BOQ.

The quoted price will be considered firm and no price escalation will be permitted.

(C) Billing is to be done in the name of Odisha Computer Application Centre, Plot No.-N-1/7-D,

AcharyaVihar Square, RRL Post Office, Bhubaneswar-751013. The payment would be on the

basis of the actual bill of material supplied, duly certified by our authorized representative at

OSDC, Bhubaneswar.

(D) Payment: 90% of invoice value after satisfactory delivery, along with testing

acknowledgement ofconfirmed delivery report, satisfactory test report, Installation and

submission of invoice duly signed by OSDC’s authorized representative and completion of the

user’s operational training at site. Balance 10% would be made after submission of

Performance Bank Guarantee issued from a nationalized / scheduled commercial bank of

equivalent amount. This Bank Guarantee should remain valid for a period of 60 days beyond

the warranty period, commencing from the date of satisfactory completion of entire job.

(E) Penalty for Delayed Services: Penalty will be charged @ 0.5% of the contract value per week

subjectto maximum of 5% of total order value, in case of delayed in supply of stipulated time

period.

(F) The quoted product must be activated with requisite licenses during the installation process

to fulfil the technical specification cited in the section: IV of the RFP.

(G) Warranty: All the items covered in the schedule of the requirements /Bill of Material (BOM),

shallcarryfive year(from the date of successful installation) 24 x 7 Comprehensive Onsite

Response Warranty support from OEM.

(H) Post warranty support: OCAC may ask for additional two year post warranty support from

OEM. The bidder shall provide an undertaking that the equipments quoted and supplied shall

not be obsolete or proclaimed as “end-of-support” by the OEM during seven

yearcommencing from the date of satisfactory completion of installation.

(I) Escalation matrix should also be provided along with the technical bid.

(J) All equipments should be configured onsite at SDC premises by the certified OEM

professionals.

Training:- One week on site operational and configurational training to OCAC officers/ engineer’s

must be provided by certified engineer’s of OEM. Training will be conducted after successful

installation of devices at OSDC site. All the necessary documentation will be given by the bidder to

OCAC.


- 14 -

Section IV: Technical Specifications

4.1 Technical Specification for Firewall (Internet)

Sl. No. Specifications Compliance

(Yes/No)

1 The Firewall solution offered must be rated as ‘leaders’ or 'Challengers' in the latest Magic Quadrant for Firewall published by Gartner.

2 The Firewall appliance should have certifications like NDPP / ICSA / EAL4 or more.

3 Proposed solution should not declared with eol, eos or end of support by OEM.

Hardware Architecture common features

4

The hardware appliance based security platform should be capable of providing firewall, application visibility, and IPS functionality in a single appliance

5 The appliance should fitted with 16 x 10G ports and 4 x 40 G ports populated with required SFP modules.

6

At least 16Nos of ports should downgrade to 1Gb copper RJ45 Ethernet port through supplied transceivers. [16 No’s Transcevicers are to be provide by the Bidder/ Supplier]

7 The appliance hardware should be a multicore CPU architecture with a hardened 64 bit operating system to support higher memory.

8

Proposed Firewall should not be proprietary ASIC based in nature & should be open architecture based on multi-core cpu's to protect & scale against dynamic latest security threats.

9

Proposed solution should have 50 VPN licensed with third party SSL Certificatefor 5 years from day one in the name of "Odisha State Data centre".

10 Proposed solution should have capacity to resolve the domain name of VPN service like “https://vpn.osdc.gov.in”.

11 Solution should support both client and clientless SSL based VPN(MAC and IP binding).

12 VPN solution on appliance should not have dependency with browser or operating system.

13 Appliance should have supplied with Indian standard 3pin power cord

14 Appliance should have supplied with necessary patchcord for HA, switch and NIPS port for configuration.

15 Appliance ports should have compatibility with switch and NIPS port for connectivity.

16 suppliers should ensured with flawless connectivity among devices like switch, NIPS, Firewall, server etc.


- 15 -

17 Device should be configured onsite by OEM with current SDCarchitechture as best practice

Performance & Scalability

18 Firewall must support stateful inspection throughput of 40 Gbps in Active-Active deployment or Active-Passive deployment.

19 NG Firewall should support atleast 20 million concurrent sessions or more.

20 NG Firewall should support atleast 300,000 new connections per second with Application visibility or more

21 NG Firewall should support atleast 1000 VLANs

High-Availability Features

22 Firewall should support Active/Standby, Active/Active/Clustering failover

23 Firewall should support redundant interfaces to provide interface level redundancy before device failover.

24 Firewall should replicate Nat translations, TCP,UDP connection states, ARP table,ISAKMP&IPSec SA's, SIP signaling sessions.

25 Firewall should support failover of IPv4 & IPv6 sessions.

26 Firewall should have integrated redundant power supply.

Firewall Features

27

Solution must be capable of passively gathering information about network hosts and their activities, such as operating system, services, open ports, client applications, and vulnerabilities, to assist with multiple activities, such as intrusion event data correlation, elimination of false positives, and policy compliance.

28 Firewall should support creating access-rules/policies with IPv4 & IPv6 objects, VLAN, Application, usersandgroups, Geolocation, URL

29 Firewall should support operating in routed & transparent mode

30 Should support Static, RIP, OSPF, OSPFv3 and BGP

31 Firewall should support manual NAT and Auto-NAT, static nat, dynamic nat, dynamic pat

32 Firewall should be IPV6 ready from day1. High-Availability features set(Sl. No. 22) should be supported on IPv6 stack. Firewall should support Nat66 (IPv6-to-IPv6) & Nat 64 (IPv6-to-IPv4) functionality.

33 Firewall should support Multicast protocols like IGMP, PIM, etc

34 Should support security policies based on security group names in source or destination fields or both

35 Should support capability to limit bandwidth on basis of apps / groups, Networks / Geo, Ports, etc

36

Should be capable of dynamically tuning IDS/IPS sensors (e.g., selecting rules, configuring policies, updating policies, etc.) without human intervention.


- 16 -

37

Should be capable of automatically providing the appropriate inspections and protections for traffic sent over non-standard communications ports (stateful).

38 Should be able to link Active Directory and/or LDAP usernames to IP addresses related to suspected security events.

39 Should be capable of detecting and blocking IPV4, IPv6 attacks.

40

Solution should support network analysis capability to detect threats emerging from inside the network. This includes the ability to establish “normal” traffic baselines through flow analysis techniques (e.g., NetFlow) and the ability to detect deviations from normal baselines.

41 The solution must provide IP reputation (both IPv4 and IPv6) feed that comprised of several regularly updated collections of poor repuration of IP addresses determined by the proposed security vendor

42 Solution must support IP reputation intelligence feeds from third party and custom lists of IP addresses including a global blacklist.

43 Should support URL and DNS threat inetllifence feeds to protect against threats

44 Should support Reputation- and category-based URL filtering offering comprehensive alerting and control over suspect web traffic and enforces policies on more than millions of URLs in more than 60 categories.

45 Proposed solution should support safe search

46 Solution must be capable of passively gathering details unique to mobile devices traffic to identify a wide variety of mobile operating systems, mobile applications and associated mobile device hardware.

47

Should support more than 4000 application layer and risk-based controls that can invoke tailored intrusion prevention system (IPS) threat detection policies to optimize security effectiveness.

48

Solution should support network-based detection of malware by checking the disposition of known files in the cloud using the SHA-256 file-hash as they transit the network and capability to do dynamic analysis on-premise (if required in future) on purpose built-appliance.

49

NGFW OEM must have its own threat intelligence analysis center and should use the global footprint of security deployments for more comprehensive network protection.

50 The detection engine should support capability of detecting and preventing a wide variety of threats (e.g., malware, network probes/reconnaissance, VoIP attacks, buffer overflows, P2P attacks, etc.).

51 Should be able to identify attacks based on Geo-location (both IPv4 and IPv6) and define policy to block on the basis of Geo-location

52 The detection engine should support the capability of detecting variants of known threats, as well as new threats

53

The detection engine must incorporate multiple approaches for detecting threats, including at a minimum exploit-based signatures, vulnerability-based rules, protocol anomaly detection, and behavioral anomaly detection techniques. Identify and explain each type of detection mechanism supported.


- 17 -

54

Should support Open based Applicaion ID for access to community resources and ability to easily customize security to address new and specific threats and applications quickly

55

Firewall should provide application inspection for DNS, FTP, HTTP, SMTP,LDAP, VXLAN, MGCP, RTSP, SIP, SCCP, SQLNET, TFTP, H.323, SNMP with policy based.

56 Firewall should support creating access-rules with IPv4 & IPv6 objects simultaneously

Management

57

Management and advanced reporting (minimum 1 TB storage space for historical logs) functionalities with complete feature parity on firewall administration must be provided from day1.

58

The management platform must be accessible via a web-based interface(single manager console, Operation + Management) and ideally with no need for additional client software

59 Solution should include troubleshooting tools like Packet tracer, capture

60 The management platform must provide a highly customizable dashboard.

61

The management platform must be capable of integrating third party vulnerability information into threat policy adjustment routines and tuning workflows.

62

The management platform must be capable of role-based administration, enabling different sets of views and configuration capabilities for different administrators subsequent to their authentication.

63 Should support REST API for monitoring and config programmability

64 The management platform must provide multiple report output types or formats, such as PDF, HTML, and CSV.

65 The management platform must support multiple mechanisms for monitoring and issuing alerts (e.g., SNMP, e-mail, SYSLOG).

66

The management platform must provide robust reporting capabilities, including a selection of pre-defined reports and the ability for complete customization and generation of new reports.

67 The management platform must support risk reports like advanced malware, attacks and network

68

The inbuilt management platform must include an integration mechanism, preferably in the form of open APIs and/or standard interfaces, to enable events and log data to be shared with external network and security management applications, such as Security Information and Event Managers (SIEMs), and log management tools.

69 The inbuilt management platform must privide a customised dashboard.

70 Firewall should have Management for ethernet and console port with web based for configuration

71 Proposed solution should be integrated with HP ArcSight SIEM solution


- 18 -

4.2 Technical Specification of NIPS


(Yes/No)

OEM Eligibility Criteria:

1 The IPS solution offered must be rated as leaders’ or challenger’s in the latest Magic Quadrant by Gartner. IPS should have Recommended rating and certified by Group tests of NSS for NIPS or EAL4+ certified.

2 NIPS should be from different manufacturer as of Firewall OEM.

Solution Requirement

3 Solution should propose built and provide Intrusion Prevention System, SSL Inspection, Anti Malware, Anti BOT, Application control capabilities

4 The communication between all the components of solution (IPS module, logging & policy and Web GUI Console) should be encrypted with SSL or PKI

5 Solution should support high availability.

6 Solution Should provide protection against various types of cyber attacks evasive attacks, scripting attacks etc

7

Solution should have capability to store Logs and configuration of all devices, centrally in the solution and should also have capability to send logs of all devices to the generic central log collection servers

8

IPV6Compliant: • Solution should be IPV6 ready from day1. No extra cost will be borne for IPV6 implementation • Solution must support the complete STACK of IP V4 and IP V6 attack services

9 Proposed solution should not declared with eol, eos or end of support by OEM.

Hardware specifications:

10

The IPS should be a dedicated purpose built hardware with real World Throughput 10 Gbps or more. All the signatures update subscription should be provided from Day1.

11 Solution should support minimum 12,000,000 legitimate concurrent connections.

12

Inspection Ports: Appliance should fitted with16 x 10 GbE SFP+ support. All ports should be configured with required transreceivers. Appliance should have additional ports for sinc, HA and other functionalities. -At least 8Nos of ports should downgrade to 1Gb copper RJ45 Ethernet port through

supplied transceivers. [8 No’s Transcevicers are to be provide by the Bidder/ Supplier]. - Appliance should have supplied with Indian standard 3pin power cord. -Appliance should have supplied with necessary patchcord for HA, router, switch, firewall port for configuration. - Suppliers should ensured with flawless connectivity among devices likerouter, switch, NIPS, Firewall, server etc. - Device should be configured onsite by OEM with current SDC architechture and HP ArcSight SIEM solution as best practice..


- 19 -

13

Deployment Modes supported: In-line; Monitoring mode

14

The proposed device should support High Availability (Active-Passive). The INSPECTED throughput of the appliance should NOT DEGRADE in the High Availability (Active-Passive) mode deployment.

15 Appliance should have redundant power supplies

16 Solution should support high availability.

17 The proposed IPS solution must support Layer 2 Fallback option to bypass traffic even with the power off, in event of un-recoverable internal software error such as firmware corruption, memory errors

Solution should have the capability of easy rollbacks during the version upgrades etc

18 The NIPS system should have adequate local storage in order to keep the various logs

19 NIPS should be able to perform entire packet capture of the infected traffic and sent to the other application for analysis

Security Protections:

20

NIPS should have the ability to identify application traversing on the network so that you can allow or block specific application on the network. For example, you can block just the connections to Facebook, from your network while allowing all other HTTP and HTTPS traffic

21

NIPS should protect against SSL based attacks. NIPS should have built-in/ 3rd party SSL decryption Engine integration capability for SSL Traffic decryption to support prevention of encrypted attacks - which includes attacks over secured http channel without need to have additional appliances

22 NIPS should support malware protection by performing file reputation analysis of malicious files

23 NIPS should do attack recognition inside IPv6 encapsulated packets

24 NIPS should support provide advanced botnet protection using heuristic detection methods

25 NIPS should provide advanced botnet protection using multi event behavior based detection mechanism

26 NIPS should support the ability to limit the number of TCP/UDP/ICMP active connections or connection rate from a host

27 NIPS should support active blocking of traffic based on pre-defined rules to thwart attacks before any damage is done, i.e. before compromise occurs

28 NIPS should have the ability to block connection from outside based on the reputation of the IP address that is trying to communicate with the network

29 NIPS should have the ability to control traffic based on geographical locations. For e.g. a policy can be created to block traffic coming or going to a particular country


- 20 -

30

Intrusion Prevention Protections:

Signatures: Prevents known application vulnerabilities, exploitation attempts, andprotects against known DoS and DDoS flood attacks.

Anti-Scanning: Prevents zero-day self-propagating network worms, horizontal scans,and vertical scans.

31

Bandwidth Management: a) Policies should be defined to restrict or maintain the bandwidth that can be sent or received by each application, user, or segment. b) Guarantee bandwidth for each critical application or limit non-critical traffic such as P2P. c) Set rules to block or allow specific traffic types.

32

Bandwidth Management should support the below Classification Parameters: a) Source Network b) Destination Network c) Port Group d) Service Type e) Service Name f) Direction

33

Anti-Scanning Protection parameters: Anti-Scanning Protection Protection for Very Slow Scans High Port Response Maximal Blocking Duration

34

SYN Flood Protection Parameters: SYN Flood Protection Tracking Time Minimum Allowed SYN Retransmission Time Maximum Allowed SYN Retransmission Time

35

The device must provide advanced DOS/DDOS protection and not just signatures based employing a combination of threshold-based and self-learning, profile-based detection techniques, volume based and exploits signatures to detect DoS and DDoS attacks

36 The OEM should provide 24x7 support for DOS/DDOS flood mitigation and technical assistance to mitigate any realtime threats.

37

Mitigation Capabilities and Actions support: Real Time Signatures TCP Challenge & Response HTTP Challenge & Response Advanced HTTP Challenge & Response


- 21 -

38

Should support a wide range of response actions as : a) Block traffic, b) Ignore, c) TCP reset, d) Quarantine host, e) Log traffic, f) Packet capture, g) User defined scripts, h) Email alert, i) SNMP alert, j) syslog alert

39

Signature Protection should handle the below attack categories: • Server-based vulnerabilities: — Web vulnerabilities — Mail server vulnerabilities — FTP server vulnerabilities — SQL server vulnerabilities — DNS server vulnerabilities — SIP server vulnerabilities • Worms and viruses • Trojans and backdoors • Client-side vulnerabilities • IRC bots • Spyware • Phishing • Anonymizers

40

The device should accurately detect the following Attack categories: • Malformed traffic, Invalid Headers • Vulnerability exploitation • URL obfuscation

41

Following Classification Parameters should be supported in the Network Protection Policy: • SRC Network Input • SRC Network • DST Network Input • DST Network • Port Group • Direction • VLAN Tag Group


- 22 -

42

Following Action Parameters should be supported by the Network Protection Policy: • Protection Profiles • BDoS Profile • DNS Profile • Anti Scanning Profile • Signature Protection Profile • ConnectionLimit Profile • SYN Flood Profile • Connection PPS Limit Profile • Out of State Profile • Service Discovery Profile • Web Quarantine

43

The Security Update Service should be provided from Day1 that includes: • 24/7 Security Operations Center (SOC) Scanning—Continuous threat monitoring, detection, risk assessment and filter creation for threat mitigation.

The OEM must notify automatically through e-mail/displayed in manager window about the availability of new signatures and new product releases • Emergency Filters—Rapid response filter releases for high impact security events through Emergency Filters. • Weekly Updates—Scheduled periodic updates to the signature files, with automatic distribution. • Custom Filters—Custom filters for environment-specific threats and newly reported attacks reported to the SOC.

44

The proposed device should support below Server Cracking Attack Types: • Cracking, Brute Force, and Dictionary Attacks • Application-Vulnerability Scanning • SIP Scanning • SIP Brute-Force Attacks


- 23 -

45

NIPS should support the following protections: • Brute Force DNS • Brute Force FTP • Brute Force IMAP • Brute Force LDAP • Brute Force MSSQL • Brute Force MySQL • Brute Force POP3 • Brute Force SIP (TCP) • Brute Force SIP (UDP) • Brute Force SIP DST (TCP) • Brute Force SIP DST (UDP) • Brute Force SMB • Brute Force SMTP • Brute Force Web • SIP Scan (TCP) • SIP Scan (UDP) • SIP Scan DST (TCP) • SIP Scan DST (UDP) • SMTP Scan • Web Scan

46

The device should handle following traffic inspection & support following: • IPv6, IPv4, MPLS,Tunneled: 4in6, 6in4, 6to4 • Bi- directional inspection, Detection of Shell Code, Buffer overflows, Advanced evasion protection with policy based • Application Anomalies, P2P attacks, TCP segmentation and IP fragmentation • Rate-based threats, Statistical anomalies

47

The Solution should provide visibility into how network bandwidth is consumed to aid in troubleshooting network outages and detecting Advanced Malware related DoS&DDoS activity from within the network

48 Proposed solution should have Source Blocking feature with notification to source true IP address.

49

The management solution must provide centralized monitoring and reporting of –realtime log –historical log for a given period

The management solution must support a wide variety of pre-built as well as custom reports.

The management solution must be able to output report data into a variety of different file formats like HTML, PDF etc.

The management solution must support auto-email of Pre-defined & Customized Reports at a scheduled time.

The management solution must support the archiving and backup of events.

The real-time Dashboard must have the following Graphical display -Top Attacks –Top source/destination IP’s -Top Targets –Device Health – Cpu Utilisation


- 24 -

4.3 Technical Specification of Server Load Balancer(SLB)

Sl. No. Specifications Compliance (Yes/No)

OEM ELIGIBILITY CRITERIA

1 OEM should be present in Gartner's LEADER magic quadrant in the latest application delivery controller(ADC) report (2016) or top 3 in IDC report.

Architecture

2 Should be Appliance based solution

3

Minimum Traffic ports supported: Appliance should fitted with 8x 10 GbE SFP+ Layer 4 connections per second: Minimum 600,000 CPS Layer 4 concurrent connections: Minimum 12 million connection Layer 7 requests per second: Minimum 850,000 RPS

4 Should provide minimum 10 Gbps throughput and can be scalable to 20Gbps throughput without changing the hardware (license upgrade only).

5 Device must have Dynamic routing protocols like OSPF, RIP1, RIP2, BGP from Day 1

6

Following Server Load Balancing Topologies should be supported: • Client Network Address Translation (Proxy IP) • Mapping Ports • Direct Server Return • One Arm Topology Application • Direct Access Mode • Assigning Multiple IP Addresses • Immediate and Delayed Binding

7 Proposed solution should not declared with eol, eos or end of support by OEM. in the day of production.

Load Balancing Features

8 Should able to load balancer both TCP and UDP based applications with layer 2 to layer 7 load balancing support

9 Support for policy nesting at layer7 and layer4, solution should able to combine layer4 and layer7 policies to address the complex application integration.

10

The SLB should support the below metrics: — Hash, — Persistent Hash, — Weighted Hash, — Least Connections, — Least Connections Per Service, — Round-Robin, — Response Time, — Bandwidth, — Tunable Hash,

11

Script based functions support for content inspection, traffic matching and monitoring of HTTP, SOAP, XML, diameter, generic TCP, TCPS. Load balancer should support ePolicies to customize new features in addition to existing feature/functions of load balancer

12

VIRTUALIZATION: The proposed SLB should have ADC-VX/Virtualization feature that virtualizes the Device resources—including CPU, memory, network, and acceleration resources. The Hypervisor used to virtualize the SLB hardware should be a specialized purpose build hypervisor, not a commercially available hypervisor (like XEN, VmWare etc.) with smaller footprint. Each virtual ADC instance contains a complete and separated environment of the Following: a) Resources, b) Configurations, c) Management. The proposed device should supplied with minimum 16 Virtual Instances from Day 1.


- 25 -

13 Should support Port Aggregation IEEE 802.3ad, Vlan Trunk IEEE 802.1Q

14

The vADC management should have two management roles: • The Global Administrator creates, initially configures, and monitors vADCs. The Global Administrator should be able to dynamically allocate CPU and throughput resources by assigning capacity units and adjusting throughput limits to a vADC. • The vADC Administrator is responsible for the day-to-day configuration and maintenance of vADCs using the same tasks as with traditional ADCs, except for those vADC tasks that only the Global Administrator performs.

15 The device should support DNS SEC Global Server load Balancing functionality.

16

A framework for customizing application delivery should be provided using user-written scripts, that provides the flexibility to control application flows and fully meet business requirements in a fast and agile manner. The proposed framework should enables to: • Extend Server Load Balancer Fabric services/network function virtualization with delivery of new applications • Quickly deploy new services • Mitigate application problems without changing the application • Preserve infrastructure investment by adding new capabilities without additional equipment investment

17

Should support Web Performance Optimization feature that should employ different acceleration treatments for different application and browser scenarios: a) Simplifying large, complex web pages. b) Caching c) Accelerate entire web transaction d) Third-Party timing and SLAs e) Content Minification/content optimization f) Acceleration for mobile devices--Mobile Caching, Image resizing, Touchtoclick conversion/dynamic detect

18 DNSSEC based Global Load Balancing should be supported in the proposed device.

19

The Server Load balancer should support the Application Performance Monitoring feature and should support the following (using integrated or out of box solution without any additional cost): 1) Real user monitoring for any client with no agent software. 2) Centralized monitoring of performance across Local and Datacenter. 3) Measurement of real users and their actual transactions including errors – eliminating manual scripting of synthetic transactions 4) Diagram allowing to visually see which transactions breach SLA 5) Breaking down the measurements by specific application, location or transaction 6) SLA is user-defined – allowing full control over application 7) Ability to see which transactions were not completed due to errors.

20 Should support server side web compression and proximity based LLB

21 The proposed device should support ICSA certified WAF functionality covering all the OWASP Top 10 attack categories.

Clustering & failover

22

Should provide comprehensive and reliable support for high availability with Active-active & active standby unit redundancy mode. Should support both device level and VA level High availability

23

Should support built in failover decision/health check conditions (both hardware and software based) including CPU overheated, SSL card, port health, CPU utilization, system memory, process health check and gateway health check to support the failover in complex application environment

24 Support for automated configuration synchronization support at boot time and during run time to keep consistence configuration on both units.


- 26 -

25 Clustering function should support IPv6 VIP’s (virtual service) switchover

26 Should support End-to-End SSL Encryption (Backend Encryption) and SSL initiation (SSL between SLB & Servers)

27

Should Support SSL Offloading & Acceleration on same hardware to reduce number of equipment in Data center & save power / cooling requirement.

SLB should have minimum 30,000 SSL transactions per second for 2048 key from day one

28 Proposed solution should support sticky sessions, entry per server with per user per server in one established session

Redundancy

29 Should Support standard VRRP (RFC - 2338)

Management

30 Using the Web Based Management

31 Dedicated Management Port

32

SLB Device should be accessed through the below: • Using the CLI • Using SNMP • REST API

33 Proposed solution should be integrated with HP ArcSight SIEM solution

WEB Application Firewall

34 Web Application Firewall should be ICSA certified

35

Proposed WAF should have minimum 1 Gbps throughput

The proposed WAF can be a dedicated appliance or part of ADC solution with minimal latency.

If WAF is a dedicated appliance, it should compliance with the above

architecture of SLB.

WAF should have the flexibility to be deployed in the folowing modes:

36 Reverse proxy

37 Out of Path (OOP) support

38 The proposed solution should support standard VRRP (RFC - 2338) for High Availability purpose (no proprietary protocol).

39

The WAF should support the following escalation modes: a)Active, b)Bypass, c) Passive

40 The solution must be able to handle OWASP Top 10 attacks and WASC Web Security Attack Classification.

41

HidingSensitive Content Parameters: It should be able to Mask values of sensitive parameters (for example, passwords, credit card and social security details)

42 WAF should support for IPv4 and IPv6 traffic


- 27 -

43

The proposed WAF should support signaling mechanism based on IP blocking system. It should be able to extract the attack source IP address from either the Layer 3 IP header or from the HTTP headers (such as, X-Forwarded-For and True-Client-IP). Once an attack source is detected, the WAF should signal the attack source IP address to perimiterDDoS mitigation device (if required), either by adding the source to the black list or by generating a signature of the attack source IP address to be matched in the HTTP headers.

Auto Policy Optimization

44 Known Types of Attack Protection - Rapid / protection mode

45 • Zero Day Attack protectionfrom day one

46

• Security Filter Auto Policy Generation a)FullAuto b)AutoEnabled c) Auto Refinements

47 • Working in Learn Mode

48 • Auto Discovery

49 • Web Crawler

Following Threats should be protected by the proposed WAF solution:

50 Parameters Tampering

51 Cookie Poisoning

52 SQL Injection

53 Session Hijacking

54 Web Services Manipulation

55 Stealth Commands

56 Debug Options

57 Backdoor

58 Buffer Overflow Attacks

59 Data Encoding

60 Protocol Piggyback

61 Cross-Site Scripting (XSS)

62 Brute Force Attacks

63 OS Command Injection

64 Cross Site Request Forgery (CSRF)

65 Hot Link

66 Information Leakage

67 Path (directory) Traversal

68 Predefined resource location

69 Malicious file upload

70 Directory Listing

71 Parameter Pollution (HPP)

72 OWASP parametres

The proposed WAF should support the following Security Filters:

73 • AllowList Security Filter


- 28 -

74 • BruteForce Security Filter

75 • Database Security Filter

76 • FilesUpload Security Filter

77 • GlobalParameters Security Filter

78 • HTTPMethods Security Filter

79 • Logging Security Filter

80 • safe reply or masking of sensitive information in HTTP response filters

81 • WebServices Security Filter

82 • XMLSecurity Security Filter

83 • Parameters Security Filter

84 • PathBlocking Security Filter

85 • Session Security Filter

86 • Vulnerabilities Security Filter

The proposed WAF should support the Activity Tracking, which should include the following:

87 Mimicking user behavior

88 Dynamic IP

89 Anonymity

90 Scraping

91 Clickjacking

Device Fingerprint-based tracking OR module to detect and prevent HTTP requests from ROBOTS or web spiders filters

92 WAF should support Device Fingerprint technology OR robots and web spider filters by involving various tools and methodologies to gather IP agnostic information about the source.

93

Fingerprint information should include the Client Operating System, browser, fonts, screen resolution, and plugins etc. (applicable for Fingerprint technology) OR Solution should provide advanced bot detection and prevention mechanism based on smart combination of signature-based and heuristic analysis

94

It should support running JavaScript on the client side. Once a JavaScript is processed, an AJAX request is generated from the client side to the WAF with the fingerprint information (applicable for Fingerprint technology)

WAF should support the Historical Security Reporting from Day 1

95 • Customizable dashboards, reports, and notifications

96 • Advanced incident handling for security operating centers (SOCs) and network operating centers (NOCs)

97 • Standard security reports

98 • In-depth forensics capabilities

99 • Ticket workflow management


- 29 -

4.4 Technical Specification of 48 port 10/40 G Layer 3 Switch


(Yes/No)

OEM Eligibility Criteria

1 OEM should be present in Gartner's LEADER/CHALLENGERS magic quadrant in the latest Datacentre Networking Solutions

Solution Requirement

2 The Switch should support non-blocking Layer 2 switching and Layer 3 routing

3 There switch should not have any single point of failure like power supplies and fans etc should have 1:1/N+1 level of redundancy

4 Switch support in-line hot insertion and removal of different parts like modules/power supplies/fan tray etc should not require switch reboot and disrupt the functionality of the system

5

IPV6 Compliant: • Solution should be IPV6 ready from day1. No extra cost will be borne for IPV6 implementation • Switch should support the complete STACK of IP V4 and IP V6 services

6 Proposed solution should not declared with eol, eos or end of support by OEM in the day of production.

7 The Switch and different modules used should function in line rate and should not have any port with oversubscription ratio applied

8 Switch port should well-matched and linked with firewall, IPS, Blade and Rack servers 10Gb/40Gb ports of OEM like HP, IBM, DELL etc.

9 At least 8Nos of Switch port should downgrade to 1Gb copper RJ45 Ethernet port through supplied transceivers.

10

Each Switch should be supplied with 10 nos. of 15 Mtrs LC-LC patch cord. 10 nos. of 10 Mtrs LC-LC patch cord. 10 nos. of 10 Mtrs CAT6 RJ45 patch cord. 10 nos. of 15 Mtrs CAT6 RJ45 patch cord Patch cord should be from OEM (AMP/CommScope /Rosenberger) with 25 years replacement warranty against any manufacturer defect

11 Appliance should have supplied with Indian standard 3pin power cord

12 Appliance should have supplied with necessary pathcord for HA, switch and NIPS port for configuration.

13 Appliance ports should have compatibility with switch and NIPS port for connectivity.

14 suppliers should ensured with flawless connectivity among devices like switch, NIPS, Firewall, server etc.

15 Proposed solution should not declared with eol, eos or end of support by OEM. in the day of production.

Hardware and Interface Requirement


- 30 -

16

Switch should have the following interfaces: i. 48 x 10G Fiber ports with SR modules Loaded ii. ii. 6 x 40GbE ports with Short Range Module Loaded for 40G

operations with patch cord

17 Switch should be rack mountable and support side rails if required

18 Switch should have adequate power supply for the complete system usage with all slots populated and used and provide N+1 redundant

19 Switch should have hardware health monitoring capabilities and should provide different parameters through SNMP

20 Switch should support VLAN tagging (IEEE 802.1q)

21 Switch should support IEEE Link Aggregation and Ethernet Bonding functionality to group multiple ports for redundancy

22 Switch should support Configuration roll-back and check point

23 Switch should support for different logical interface types like loopback, VLAN, SVI/RVI, Port Channel, multi chassis port channel/LAG etc

24 Switch should have console port

Performance Requirement

25 The switch should support 12,000 IPv4 and IPv6 routes entries in the routing table including multicast routes

26 Switch should support Graceful Restart for OSPF, BGP etc.

27 Switch should support minimum 500 VRF instances

28 The switch should support uninterrupted forwarding operation for OSPF, BGP etc. routing protocol to ensure high-availability during primary controller failure

29 The switch should support hardware based loadbalancing at wire speed using LACP and multi chassis etherchannel/LAG

30

Switch should support minimum 1.4 Tbps of switching capacity (or as per specifications of the switch if quantity of switches are more, but should be non blocking capacity) including the services: a. Switching b. IP Routing (Static/Dynamic) c. IP Forwarding d. Policy Based Routing e. QoS f. ACL and Other IP Services g. IP V.6 host and IP V.6 routing

Advance Features

31 Switch should support Data Center Bridging

32 Switch should support common configuration like mirroring, trunking, port violation, port restriction, inter VLAN routing, STP, BPDU, etc.

33 Switch should support multi OEM hypervisor environment and should support features for programmable configuration change

Layer2 Features

34 Spanning Tree Protocol (IEEE 8201.D, 802.1W, 802.1S


- 31 -

35 Switch should support VLAN Trunking (802.1q) and should support 3900 VLAN

36 Switch should support basic Multicast IGMP v1, v2, v3

37 Switch should support minimum 90,000 no. of MAC addresses

38 Switch should support 8 Nos. of link or more per Port channel (using LACP) and support 96 port channels or more per switch

39 Switch should support Industry Standard Port/Link Aggregation for All Ports across any module or any port.

40

Switch should support multi chassis Link Aggregation for All Ports across any module or any port of the switch and Link aggregation should support 802.3ad LACP protocol for communication with downlink/uplink any third party switch or server

41 Switch should support Jumbo Frames up to 9K Bytes on Ports

42 Support for broadcast, multicast and unknown unicast storm control to prevent degradation of switch performance from storm due to network attacks and vulnerabilities

43 Switch should support Link Layer Discovery Protocol as per IEEE 802.1AB for finding media level failures

Layer3 Features

44 Switch should support all physical ports to use either in Layer2 or Layer 3 mode and also should support layer 3 VLAN Interface and Loopback port Interface

45 Switch should support basic routing feature i.e. IP Classless, default routing and Inter VLAN routing

Switch should support static and dynamic routing using: a. Static routing b. OSPF V.2 using MD5 Authentication c. ISIS using MD5 Authentication d. BGP V.4 using MD5 Authentication e. Should support route redistribution between these protocols f. Should be compliant to RFC 4760 Multiprotocol Extensions for BGP-4 (Desirable)

46

47 Switch should re-converge all dynamic routing protocol at the time of routing update changes i.e. Non-Stop forwarding for fast re-convergence of routing protocols

48 Switch should support multi instance MPLS routing using VRF, VRF Edge routing and should support VRF Route leaking functionality

49 Switch should be capable to work as DHCP server and relay

Availability

50 Switch should have provisioning for connecting to 1:1/N+1 power supply for usage and redundancy

51 Switch should provide gateway level of redundancy in IpV4 and IPV6 using HSRP/VRRP


- 32 -

52 Switch should support for BFD For Fast Failure Detection as per RFC 5880

Quality of Service

53

Switch system should support 802.1P classification and marking of packet using: a. CoS (Class of Service) b. DSCP (Differentiated Services Code Point) c. Source physical interfaces d. Source/destination IP subnet e. Protocol types (IP/TCP/UDP) f. Source/destination TCP/UDP ports

54 Switch should support methods for identifying different types of traffic for better management and resilience

55

Switch should support for different type of QoS features for ream time traffic differential treatment using a. Weighted Random Early Detection. b. Strict Priority Queuing.

56 Switch should support to trust the QoS marking/priority settings of the end points as per the defined policy

57 Switch should support Flow control of Ethernet ports to control traffic rates during congestion by allowing congested nodes to pause link operation at the other end for receiving traffic as per IEEE 802.3x

Security

58 Switch should support for deploying different security for each logicaland physical interface using Port Based access control lists of Layer-2 to Layer-4 in IP V.4 and IP V.6 and logging for fault finding and audit trail

59 Switch should support control plane i.e. processor and memory Protection from unnecessary or DoS traffic by control plane protection policy

60 Time based ACL

61 Switch should support for external database for AAA using: a. TACACS+ b. RADIUS

62 Switch should support MAC Address Notification on host join into the network for Audit trails and logging

63

Switch should support to restrict end hosts in the network. Secures the access to an access or trunk port based on MAC address. It limits the number of learned MAC addresses to deny MAC address flooding

64 Switch should support DHCP Snooping


- 33 -

65 Switch should support Dynamic ARP Inspection to ensure host integrity by preventing malicious users from exploiting the insecure nature of the ARP protocol

66 Switch should support IP Source Guard to prevents a malicious hosts from spoofing or taking over another host's IP address by creating a binding table between the client's IP and MAC address, port, and VLAN

67 Switch should support for Role Based access control (RBAC) for restricting host level network access as per policy defined

68 Switch should support Spanning tree BPDU protection

69 Switch should support unicast and/or multicast blocking on a switch port to suppress the flooding of frames destined for an unknown unicast or multicast MAC address out of that port

70 Switch should support Spanning tree BPDU protection

71 Switch should support for MOTD banner displayed on all connected terminals at login and security discrimination messages can be flashed as per banks ISD rules

Manageability

72 Switch should support for embedded RMON/RMON-II for central NMS management and monitoring

73 Switch should support for sending logs to multiple centralised syslog server for monitoring and audit trail

74 Switch should provide remote login for administration using: a. Telnet b. SSH V.2

75 Switch should support for capturing packets for identifying application performance using local and remote port mirroring for packet captures

76

Switch should support for management and monitoring status using different type of Industry standard NMS using: a. SNMP V1 and V.2 b. SNMP V.3 with encryption c. Filtration of SNMP using Access list d. SNMP MIB support for QoS

77 Switch should support for basic administrative tools like: a. Ping b. Tracerout

78 Switch should support central time server synchronization using Network Time Protocol NTP V.4

79

Switch should support for providing granular MIB support for different statistics of the physical and logical interfaces


- 34 -

80 Switch should support for predefined and custmised execution of script for device mange for automatic and scheduled system status update formonitoring and management

81 Switch should provide different privilege for login in to the system for monitoring and management

82 Switch should support Real time Packet Capture using Wireshark in real time for traffic analysis and fault finding

IPv6 features

83

Switch should support for IP V.6 connectivity and routing required for network reachability using different routing protocols such a. OSPF V.3 b. BGP with IP V.6 c. IP V.6 Policy based routing d. IP V.6 Dual Stack etc e. IP V.6 Static Route f. IP V.6 Default route

84 Should support route redistribution between these protocols

85 Switch should support multicast routing in IP V.6 network using PIMv2 Sparse Mode

86 Switch should support for QoS in IP V.6 network connectivity

87

Switch should support for monitoring and management using different versions of SNMP in IP V.6 environment such as: a. SNMPv1, SNMPv2c, SNMPv3 b. SNMP over IP V.6 with encryption support for SNMP Version 3

88 Switch should support syslog for sending system log messages to centralized log server in IP V.6 environment

89 Switch should support NTP to provide an accurate and consistent timestamp over IPv6 to synchronize log collection and events

90

Switch should support for IP V.6 different types of tools for administration and management such as: a. Ping b. Traceroute c. VTY d. SSH e. TFTP f. DNS lookup


- 35 -

Appendix I: Pre-Qualification & Technical Bid Templates

General

The bidders are expected to respond to the RFP using the forms given in this section and all documents

supporting Pre-Qualification / Technical Evaluation Criteria.

Pre-Qualification Bid & Technical Proposal shall comprise of following forms :

Forms to be used in Pre-Qualification Proposal

Form 1: Compliance Sheet for Pre-qualification Proposal

Form 2: Particulars of the Bidders

Form 3: Manufacturers /Producers Authorization Form

Forms to be used in Technical Proposal

Form 4: Compliance Sheet for Technical Proposal

Form 5: Letter of Proposal


- 36 -

Form 1: Compliance Sheet for Pre-qualification Proposal

(The pre-qualification proposal should comprise of the following basic requirements. The documents

mentioned in this compliance sheet along with this form, needs to be a part of the Pre-Qualification

proposal)

S. No. Basic Requirement Documents Required Provided Reference & Page

Number

1. Document Fee Demand Draft Yes / No

2 Power of Attorney Copy of Power of Attorney in the

name of the Authorized signatory Yes / No

3 Particulars of the

Bidders As per Form 2 Yes / No

4 Earnest Money

Deposit Demand Draft Yes / No

5

Average Sales

Turnover in

Hardware &

Maintenance

services

Extracts from the audited Balance

sheet and Profit & Loss; OR

Certificate from the statutory

auditor

Yes / No

6

Letter of

authorization from

H/W OEM

Letter of authorization; as per

template provided (Form 3) Yes / No

7 Technical

Capability Copy of work order Yes / No

8 Local Service

Centres

A Self Certified letter by an

authorized signatory Yes / No

9 Quality

Certifications ISO 9001:2008 or latest , ISO 27000 Yes / No

10 Legal Entity Copy of Certificate of Incorporation;

and Copy of PAN, IT return, GSTIN Yes / No

11 Blacklisting&

Performance A self certified letter Yes / No


- 37 -

Form 2: Particulars of the Bidders

S No. Information Sought Details to beFurnished

a Name ,address and URL of the bidding Company

b Incorporation status of the firm (public limited /

private limited, etc.)

c Year of Establishment

d Date of registration

e RoC Reference No.

f Details of company registration

g Details of registration with appropriate authorities

for GST

h Name, Address, e-mail ID, Phone nos. and Mobile

Number of Contact Person


- 38 -

Form 3: Manufacturers /Producers Authorization Form

Letter No._____________ Date:________

To

The General Manager(Admn)

Odisha Computer Application Centre

Bhubaneswar

Sub : OEM Authorization Letter

Dear Sir:

Ref: Your RFP Ref: OCAC-NeGP-INFRA-0009-2017/18004

We, who are established and reputable manufacturers / producers of ________________________

having factories / development facilities at (address of factory / facility) do hereby authorize M/s

___________________ (Name and address of Agent) to submit a Bid, and sign the contract with you against

the above Bid Invitation.

We hereby extend our full guarantee and warranty for the Solution, Products and services offered by the

above firm against this Bid Invitation.

We also undertake to provide any or all of the following materials, notifications, and information pertaining

to the Products manufactured or distributed by the Supplier :

a. Such Products asOCAC may opt to purchase from the Supplier, provided, that this option shall not

relieve the Supplier of any warranty obligations under the Contract; and

b. in the event of termination of production of such Products:

i. Advance notification to OCAC of the pending termination, in sufficient time to permit to procure

needed requirements; and

ii. Following such termination, furnishing at no cost to OCAC, the blueprints, design documents,

operations manuals, standards, source codes and specifications of the Products, if requested.


- 39 -

We duly authorize the said firm to act on our behalf in fulfilling all installations, Technical support and maintenance obligations required by the contract.

Yours faithfully, (Name) (Name of Producers) Note: This letter of authority should be on the letterhead of the manufacturer and should be signed by a person competent and having the power of attorney to bind the manufacturer. The Bidder in its Bid should include it.


- 40 -

Form 4: Compliance Sheet for Technical Proposal

The Technical proposal should comprise of the following basic requirements.

1. Below mentioned quoted products of OEMtable.

2. Filled in compliance sheet as per Section IV: Technical specifications document for each device.

Quoted Products of OEM

Item OEM 1: _____ OEM 2: _____ OEM 3: _____

Model Version &

Year of

release

End of

support

expected

Model Version &

Year of

release

End of

support

expected

Model Version &

Year of

release

End of

support

expected

Firewall(Internet)

NIPS

Server Load Balancer(SLB)

48 port 10/40 G Layer 3 Switch


- 41 -

Form 5: Letter of Proposal

To:

The General Manager (Admin)


Plot No. - N-1/7-D, AcharyaVihar

P.O.- RRL, Bhubaneswar - 751013

EPBX: 0674-2567280/2567064/2567295

Fax: +91-0674-2567842

Subject:Submission of the Technical bid for Supply, Installation & Warranty supportof Network &SecurityEquipmentsforOdisha State Data Center, OCAC.

Dear Sir/Madam,

We, the undersigned, offer to provideSupply, Installation & Warranty support of Network &

SecurityEquipments forOdisha State Data Center, OCAC on with your RFP Ref No :__________andour

Proposal. We are hereby submitting our Proposal, which includes this Technical bid and the Commercial

Bid sealed in a separate envelope.

We hereby declare that all the information and statements made in this Technical bid are true and accept

that any misinterpretation contained in it may lead to our disqualification.

We undertake, if our Proposal is accepted, to initiate the Implementation services related to the

assignment not later than the date indicated in the tender document.

We agree to abide by all the terms and conditions of the RFP document. We would hold the terms of our

bid valid for 180 days as stipulated in the RFP document.

We understand you are not bound to accept any Proposal you receive.

Yours sincerely,

Authorized Signature [In full and initials]:

Name and Title of Signatory:

Name of Firm:

Address:

Location: _____________________________________

Date: ___________________________


- 42 -

Appendix II : Commercial Proposal Templates

The bidders are expected to respond to the RFP using the forms given in this section for Commercial

Proposal.

Form 6: Covering Letter

Form 7: Commercial Proposal

Form 6: Covering Letter

< Location, Date> To





EPBX: 0674-2567280/2567064/2567295

Fax: +91-0674-2567842

Subject:Submission of the Commercial bid for Supply, Installation & Warranty support of Network&SecurityEquipmentsforOdisha State Data Center, OCAC.

RFP Reference No : OCAC-NeGP-INFRA-0009-2017/18004

Dear Sir/Madam,

We, the undersigned, offer to provide the Implementation services for Network &SecurityEquipmentssupply

& related services in accordance with your Request for Proposal cited above and our Proposal (Technical

and Commercial Proposals). Our attached Commercial Proposal is for the sum of [Amount in words and

figures]. This amount is inclusive of the taxes.

Our Commercial Proposal shall be binding upon us, up to expiration of the validity period of the Proposal,

i.e., [Date].

We understand you are not bound to accept any Proposal you receive.

We remain,

Yours sincerely,

Authorized Signature:

Name and Title of Signatory:

Name of Firm:

Address:


- 43 -

Form 7: Commercial Proposal

RFP REFERENCE NO : OCAC-NeGP-INFRA-0009-2017/18004

COMMERCIAL BID FORMAT

Sl. No.

Item Quantity

(a)

Unit Price

(b)

Taxes per Unit

(c)

Total Unit Cost (d)

(d=b+c)

Total

a x d

1 Firewall (Internet) 2

2 Network Intrusion Prevention System(NIPS)

2

3 Server Load Balancer(SLB) 2

4 48 port 10/40 G Layer 3 Switch 4

Grand Total

Total Cost In Words

Seal of the Company Authorised Signatory “I/WE UNDERSTAND THAT THE QUANTITY PROVIDED ABOVE IS SUBJECT TO CHANGE. I/WE AGREE THAT IN CASE OF ANY CHANGE IN THE QUANTITIES REQUIRED, I/ WE WOULD BE SUPPLYING THE SAME AT THE RATES AS SPECIFIED IN THIS COMMERCIAL BID. I /WE AGREE TO ADHERE TO THE PRICES GIVEN ABOVE EVEN IF THE QUANTITIES UNDERGO A CHANGE”.


- 44 -

Appendix III: Templates

Performance Bank Guarantee (PBG)

To





EPBX: 0674-2567280/2567064/2567295

Fax: +91-0674-2567842

Whereas, << name of the supplier and address >>(hereinafter called “the Bidder”) has undertaken, in

pursuance of contract no. << insert contract no. >> dated. <<insert date >> to provide Implementation

services for << name of the assignment >> to OCAC (hereinafter called “the beneficiary”)

And whereas it has been stipulated by in the said contract that the Bidder shall furnish you with a bank

guarantee by a recognized bank for the sum specified therein as security for compliance with its obligations

in accordance with the contract;

And whereas we, << name of the bank >> a banking company incorporated and having its head /registered

office at << address of the registered office >> and having one of its office at << address of the local office

>>have agreed to give the supplier such a bank guarantee.

Now, therefore, we hereby affirm that we are guarantors and responsible to you, on behalf of the supplier,

upto a total of Rs.<< insert value >> (Rupees << insert value in words >> only) and we undertake to pay you,

upon your first written demand declaring the supplier to be in default under the contract and without cavil

or argument, any sum or sums within the limits of Rs .<< insert value >> (Rupees << insert value in words

>> only) as aforesaid, without your needing to prove or to show grounds or reasons for your demand or the

sum specified therein.

We hereby waive the necessity of your demanding the said debt from the Bidder before presenting us with

the demand.

We further agree that no change or addition to or other modification of the terms of the contract to be

performed there under or of any of the contract documents which may be made between you and the

Bidder shall in any way release us from any liability under this guarantee and we hereby waive notice of

any such change, addition or modification.

This Guarantee shall be valid until << Insert Date >>)


- 45 -

Notwithstanding anything contained herein:

I. Our liability under this bank guarantee shall not exceed Rs<< insert value >>(rupees << insert

value in words >> only).

II. This bank guarantee shall be valid up to << insert expiry date >>)

III. It is condition of our liability for payment of the guaranteed amount or any part thereof arising

under this bank guarantee that we receive a valid written claim or demand for payment under this

bank guarantee on or before << insert expiry date >>) failing which our liability under the guarantee

will automatically cease.

(Authorized Signatory of the Bank)

Seal:

Date:

RFP for Supply, Installation& Warranty Support of Network...

Documents

Transcript of RFP for Supply, Installation& Warranty Support of Network...