RFP TOR Lab Bursting - IaaS Ver 2.0

Lab Bursting (IaaS)

Terms of ReferenceFor use in creating an RFP

Prepared by: Sean JensenDate: May 1, 2023

Status: DraftVersion: 2.0

By accepting delivery of this material, the recipient acknowledges and agrees that all information contained herein shall be treated as proprietary and confidential, and take all appropriate steps to ensure this information remains private.

Lab Bursting (IaaS – Infrastructure as a Service) RFP Document TOR

Table of ContentsLIST OF TABLES.................................................................................................................................................3

1. VERSION CONTROL.................................................................................................................................4

2. INTERPRETATION AND TERMINOLOGY..........................................................................................5

3. DESIGN AND DEPLOY PROJECT TEAM.............................................................................................6

4. INTRODUCTION.........................................................................................................................................7

5. PROJECT OVERVIEW..............................................................................................................................7

6. ADMINISTRATIVE CONTROL...............................................................................................................8

7. DESIGN PRINCIPALS................................................................................................................................8

8. DESIGN DECISIONS AND IMPLICATIONS.........................................................................................9

9. CONCEPTUAL INFRASTRUCTURE DIAGRAM...............................................................................10

10. CONCEPTUAL NETWORK CONNECTIVITY DIAGRAM...............................................................10

11. LAB ENVIRONMENT DEFINITIONS...................................................................................................11

12. REQUIREMENTS......................................................................................................................................12

13. PRICING AND COSTS:............................................................................................................................27

14. RFP PROCESS AND WAIVER OF CLAIMS........................................................................................27

15. INSTRUCTIONS TO PROPONENTS.....................................................................................................28

16. PROPOSAL DETAIL AND DOCUMENTATION.................................................................................30

17. EVALUATION CRITERIA:.....................................................................................................................30

18. INTERVIEWS & ONGOING NEGOTIATIONS...................................................................................31

19. COMPANY PROFILE...............................................................................................................................31

document.docxLast modified December 2, 2016 9:25 PM

The Calgary Airport Authority Copyright © 2023 All Rights Reserved of 34


List of Tables

Table 1. Design Characteristics............................................................................................................9

Table 2. Business Requirements........................................................................................................12

Table 3. Functional Requirements......................................................................................................13

Table 4. Infrastructure/Compute Requirements..................................................................................15

Table 5. Storage Requirements..........................................................................................................17

Table 6. Network Requirements..........................................................................................................18

Table 7. Recoverability Requirements.................................................................................................20

Table 8. Security and Access..............................................................................................................20

Table 9. Service Offerings Requirements............................................................................................23

Table 10. Support and Service Level Requirements...........................................................................23

Table 11. Manage and DevOps Requirements...................................................................................25

Table 12. Price and Billing Requirements...........................................................................................26




1. Version ControlVersion Version Date Summary of Changes Revisions by Reviewed by or

Communication of Changes

1.0 05/21/2015 Initial Draft [email protected]

N/A

1.1 05/26/2015 Ready for 1st review Sean Jensen Sent out for review by Paul, Jason, Kyle and Mike

1.2 05/27/2015 Update after initial review by Jason

Sean Jensen

1.3 05/28/2015 Matching requirements to Scoring Criteria

Sean Jensen Sent out for review by Paul and Jason, Kyle and Mike

1.4 05/29/2015 Updated based on meeting with Jason

Sean Jensen

1.5 06/02/2015 Updated based on discussion with Sean to eliminate duplicates

Dina de Belen

1.6 06/04/2015 Updated based on review

Sean Jensen Sent out for review by Jason, Chris, Braden,

Damien


Sean Jensen


Sean Jensen, Dina de Belen, Paul Hilliard


Sean Jensen & Jason Bischoff




2. Interpretation and Terminology2.1 Definitions

i. “Airport Authority” or “the Authority” means The Calgary Airport Authority.ii. “ATB” refers to Air Terminal Building which is the current terminal in operation right nowiii. “Clarifications” means any clarifications, additions, deletions or amendments issued by

the Airport Authority with respect to the RFP whether before or after the Deadline.iv. “Contract” means the agreement to be negotiated between the Airport Authority and

one or more Proponents (if any). v. “COTS” Applications refers to Commercial Off the Shelf Applicationsvi. “Deadline” means the date and time specified in this RFP after which the Airport

Authority may no longer accept Proposals in its sole discretion. vii. “IaaS” means Infrastructure as a Serviceviii. “IFP” refers to the International Facilities Projectix. “ITB” refers to the new International Terminal Building currently under constructionx. “Proponent” is a party who has submitted a Proposal to the Airport Authority in

response to this Request for Proposal. xi. “Proposal” means a proposal to perform the Work in response to this Request for

Proposals.xii. “Request for Proposals” or “RFP” means this “Request for Proposals” and includes the

documents listed in the Table of Contents of this Request for Proposals and any Clarifications.

xiii. “Scope of Work” (if applicable to this RFP) means the “Scope of Work” included in this RFP.

xiv. “Specifications” (if applicable to this RFP) means the “Specifications” included in this RFP.

xv. “Terms of Reference” (if applicable to this RFP) means the “Terms of Reference” included in this RFP.

xvi. “Work” means the work to be performed and/or the materials and/or equipment to be supplied as described in the Terms of Reference, Specifications and/or Scope of Work.

2.2 All references to time in this RFP will be to local Calgary time.




3. Design and Deploy Project TeamContact information for both vendor consultants and the Authority project team members.

Name Company Role Phone Email

TBD The Authority

Project Manager

Chris Smoliak The Authority

GM, IT Services 403-735-1526 [email protected]

Braden Walters The Authority

IT Services Lab Consultant

[email protected]

Jason Bischoff The Authority

Enterprise Architect 403-735-7016 [email protected]

Paul Hilliard The Authority

Infrastructure Architect [email protected]

Kyle Benning The Authority

Network Architect [email protected]

Mike Heath The Authority

ITOS Security Coordinator

403-735-1275 [email protected]

Carolynn Hexspoor

The Authority

Procurement and Contracts Coordinator

[email protected]

Sean Jensen The Authority

Project Coordinator 403-735-7445 [email protected]

Dina de Belen The Authority

Business Analyst [email protected]



mailto:[email protected]










4. Introduction4.1 The Calgary Airport Authority

The Calgary Airport Authority, a not-for-profit corporation incorporated under the Alberta Regional Airports Authorities Act, is responsible for the management, operation and development of Calgary International Airport and Springbank Airport under long-term leases from the Government of Canada.

4.2 General Nature of ProjectThis Request for Proposals seeks experienced and qualified firms to submit Proposals for CLOUD BURSTING (IaaS – INFRASTRUCTURE AS A SERVICE).

5. Project Overview5.1 Executive SummaryCalgary Airport Authority (The Authority) has embarked on a strategy to extend the capacity of the Lab Environment and increase extensively the level of automation for quality assurance of Projects. The intention is to enable application and system owners to consume IT infrastructure resources on demand as a catalog-based service through a self-service portal.Through this project, the Authority aims to create a platform for IT service delivery that:

Quickly create or replicate any operating environment in the Lab (Sandbox, Development, Quality Assurance, Integration, and Pre-Production) at the service provider

Quickly extend any operating environment in the Lab Is cost effective through improved resource utilization with the use of cloud management

software Increases agility through the use of automation and virtualization provided by cloud

management software Is accessible through the use of a self-service portal for the consumption of IT

infrastructure

5.2 Document PurposeThe Airport Authority is seeking proposals from qualified vendors for the implementation, support and maintenance of Cloud IaaS for our Lab Environment. This document discusses the business and functional requirements of the Cloud IaaS solution and the technical requirements for different subject areas. The main purpose is to solicit Vendors for proposals on the implementation for the Lab Bursting solution (IaaS).

5.3 Scope of WorkThe Authority currently has an Infrastructure based on HP Cloud System, where we have created an internal Private Cloud. Based on the nature of project work, hardware resources are required periodically for short and long periods of time. The Authority does not wish to invest in the procurement hardware assets to meet these short terms needs.

The intent of this work is to provide a turnkey solution (where possible), supply hosted Infrastructure as a Service (IaaS) technology (this may require hardware and software), implementation professional services, maintenance and ongoing support for the IaaS requirements as stated within this proposal.

The Authority expects to use this service ongoing as required by our project needs.

Proponents are encouraged to bid on all of the requirements included in this document.




The following schedule is driven by the need to have YYC Project teams begin testing IFP applications on the Hosted Private Cloud Infrastructure by end of September 2015.

Issue RFP: June ?th 2015Pre-Proposal Information Session: June ?th, 2015Vendor Question Deadline: June ?th 2015Question Responses: June ?th 2015RFP Closing Date: July ?st, 2015Shortlist Presentations: July ?st – ?rd 2015Contract Award: July ?th 2015Infrastructure as a Service Implementation July ?th to July 31st 2015Process Automation / Provisioning / Burn in / Testing of IaaS Aug 3rd – Aug 31 2015Ready for general availability Sept 1st 2015Please note, the dates provided above are indicative and are subject to change.

5.4 Project SetupThe selected proponent(s) will report directly to the Calgary Airport Authority’s IT Project Management Office (IT PMO), who will manage the implementation project directly.

The Airport Authority’s IT PMO is responsible for the terms of reference. Proponents will work closely with IT and business stakeholders to ensure that technology solutions are designed, implemented and integrated effectively within the Calgary Airport Authority environment.

A team consisting of representatives from the IT PMO, IT and business stakeholders will perform a review of all submissions.

This Lab Bursting (IaaS) project is currently under the direction of ??? ([email protected]), IT Project Manager, Calgary Airport Authority. The Calgary Airport Authority may choose in the future to contract the services of a Project Manager to manage the project (design, implementation, testing and commissioning) of Vendor solutions.

6. Administrative ControlThe Authority will need to have the following administrative control over the hosted IaaS technology.The Authority IaaS user (usually a network or infrastructure specialist):

Controls the operating systems, network equipment, and deployed applications at the virtual machine level.

The infrastructure specialist can scale up or down the virtual services or blocks of storage area.

The IaaS user may also be the SDN administrator who uses the controller to optimize the traffic flow from one device to another.

7. Design Principals7.1 The Calgary Airport Authority (the Authority) has a preference to use on premise resources

before using service provider resourcesi. Non-Functional testing should be performed on premises before using service providerii. Non-Functional testing that cannot use on premises equipment should be executed

completely using the service provider 7.2 Technology of the service provider must match that being used at the Authority where

applicablei. VMWare 5.5




ii. SQL Server 2008 and 2012iii. Windows Server 2008, 2012, 2012 R2iv. OpenStack (supporting HP Cloud System Matrix) – Currently being considered by the

Authority, but not mandatory7.3 Network connectivity between the Authority and service provider must be a non-internet

based LAN extension from the Authorityi. IP Space controlled by the Authority must match that being used in the Authority’s Labii. Network Protocols must match the Authority productioniii. Access Control protocols must match the Authority productioniv. Capacity of throughput. This bandwidth will be variable, but we would require upwards

of 1 Gbps circuit connection

8. Design Decisions and ImplicationsWhen multiple possible valid design options are available, each option is discussed with its trade-offs and benefits. Design choices are compared with their impact against certain characteristics and summarized in the following table.

Table 1. Design Characteristics

Characteristic Description Key Metrics

Availability Indicates the effect of a choice on the ability of a technology and the related infrastructure to achieve planned available operation and to sustain operation during system failures.

Percentage uptime

Performance Reflects whether the option has a positive or negative impact on the overall infrastructure performance.

System response time

System throughput

Scalability Indicates the effect an option has on the ability of the solution to be augmented to achieve higher sustained performance within the infrastructure.

Utilization

Cost/performance ratio

Speed in provisioning

Security Reflects whether the option has a positive or negative impact on overall infrastructure security. Can also indicate whether a quality has an impact on the ability of a business to demonstrate or achieve compliance with certain regulatory policies.

Unauthorized access prevention

Data integrity and confidentiality

Forensic capabilities in case of a compromise

Manageability Relates to the effect of a choice on overall infrastructure manageability.

Servers per administrator

Clients per IT staff

Time to deploy

Ease of administration

Recoverability Indicates the effect of a choice on the ability to recover from a service outage or catastrophic event.

Recovery time objective (RTO)

Recovery point objective (RPO)




Cost is a key consideration in architectural design decisions. Initial and ongoing costs are considered against the desired design characteristics of the system.

9. Conceptual Infrastructure Diagram




10.Conceptual Network Connectivity Diagram

11. Lab Environment Definitions

11.1 Development –Environment used to support development initiatives where project teams build, configure, customize, and use source control to create a target application. From development, these applications are promoted to a quality assurance environment. The Authority also uses this to write upgrade procedures that follow in each target environment

11.2 Quality Assurance - Test Environment is where the Authority tests our service packages, upgrade procedures and changes through controlled data and perform controlled testing of the target application

11.3 Integration – Used to test our completed applications, upgrade procedures and changes with other services, applications, data, hardware, and software that closely resemble the Production. This environment is also used for user acceptance testing and service integration

11.4 Training – User to provide an environment for end user and administration training 11.5 Pre-Production – This staging environment is where a target applications can be monitored

alongside all the other applications that exist in production. Deployment scripts, service performance and other non-functional tests are complete to measure impacts without the risk of causing issues in production

11.6 Production - The Production environment is where the target application is available for business use




Conceptual Drawing of Current Lab




12.Requirements

12.1 Business Requirements

Requirements describe, in business or technical terms, the necessary properties, qualities, and characteristics of the Authority needs. Requirements are provided by the Authority and are used as the basis for the design and evaluation. If particular requirements cannot be met, mark them accordingly in the appropriate section of the following table and in the documentation.

Table 2. Business Requirements

Requirement ID

Requirement Type

Title Requirement Description Does Vendor Meet Requirement

(Fully Met

Partially Met

Not Met)

B101 Mandatory Support for multiple business groups

Support multiple business groups with different resource and infrastructure requirements. For example, workloads from Development and Pre-Prod groups are provisioned on faster machines, while workloads from QA, Integration and Training can be provisioned on slower machines.

B102 Mandatory Hybrid model The Authority expects a hybrid approach. Some workloads are provisioned locally on premises and some workloads are provisioned on the service supplied

B103 Mandatory Workload Service must be able to accept virtual machines or templates to configure as catalogues as supplied by the Authority

B104 Mandatory Best practice When no other explicit functional requirements are in conflict, always use the best solution that exists on the market (proven technology, most-widely used, standardized, bundled, out-of-the-box, and best practice, for example).

B105 Mandatory Deviate from best practice

If there is a valid reason to deviate from best practice, it must be justified and documented. The Authority approves deviation from the best practice based on the provided argumentation.

B106 Mandatory Documentation standard

All documentation will be delivered to meet the Authority documentation standard.




Requirement ID

Requirement Type

Title Requirement Description Does Vendor Meet Requirement

(Fully Met

Partially Met

Not Met)

B107 Mandatory CSR Where possible, functionality of the product features that contribute to Corporate Social Responsibility (CSR) of the Authority should be considered. An example is green IT for energy conservation.

12.2 Functional Requirements

The following requirements define the function of a system and its components. The key customer drivers and requirements guide all design activities. Requirements, assumptions, risks, and constraints are carefully logged so that all logical and physical design elements can be easily traced back to their source and justification.

Table 3. Functional Requirements

Requirement ID

Requirement Type Title Requirement Description

Does Vendor Meet Requirement

(Fully Met

Partially Met

Not Met)FR101 Mandatory Workloads Service must be capable running several

environments consisting of different workloads built on several platforms. These environments will contain commercial off the shelf (COTS) and custom developed applications hosted in; Development, QA, Integration, Pre-Production and Production

FR102 Mandatory Environment Isolation

Different application environments must be able to share the same infrastructure in addition to capabilities of isolated network service (LAN)

FR103 Mandatory Report generation

The Authority requires the ability to report on resource consumption, and audit log. Including but not limited to the following:· Access· Time in use· Resources consumed· Up time· Cost Show Back




Requirement ID



(Fully Met

Partially Met

Not Met)FR104 Mandatory Orchestration Be able to support current approval

processes and automation components such as HP Cloud Service Automation and VMWare vRealize Automation.

FR105 Mandatory Storage Tiering Ability to provision workloads to different storage types and volumes (SDD, Fibre Channel, SATA, etc.)

FR106 Mandatory Remote access Users must have access to workloads via internet from external locations connected utilizing a secure method (VPN, etc.) or if located at the Authority through the main Network connection (MPLS / L2)

FR107 Mandatory Usability User experience on self-service portal must be fast and responsive.

FR108 Mandatory Availability Ability to achieve an availability metric of 99% uptime of operation to sustain operations during system failures.




12.3 Infrastructure/Compute Requirements

Table 4. Infrastructure/Compute Requirements

Requirement ID



(Fully Met

Partially Met

Not Met)CV101 Mandatory Rapid, Self-

Service Provisioning

Service must be able to launch and setup applications and services without intervention of the service provider

CV102 Mandatory Image Customization

Be able to provide the ability for image attributes through use of templates, Sysprep, or automation tools

CV103 Mandatory Bring Your Own Image/Instance Import

Provide the ability to import authority images into the cloud service provider

CV104 Mandatory Three - Generation OS Support

Service must support up to n -2 for Microsoft Operating Systems

CV105 Mandatory Large Instance Support

Service must be able to support workloads up to the following specifications:32 CPUs256 GB Memory25,000 IOPS storage performance256 mbps Network62 TB Storage

CV106 Mandatory Scalability The design must be scalable, starting from a small configuration of 10 basic workloads and up to supporting 1500 simultaneous virtual machines.

CV107 Mandatory DNS is available Hosted DNS services must be available at service provider

CV108 Mandatory No Compute Starvation or Resource Prioritization Across Tenants

Be able to provide isolated compute requirements from other tenants

CV109 Mandatory Hot-Swappable Virtual Hardware

Be able to add/remove compute components such as vCPU, memory, and disk while instance is powered on

CV110 Mandatory Instance Maintenance

Be able to support DRS (Distributed Resource Scheduling) during maintenance




Requirement ID



(Fully Met

Partially Met

Not Met)Mitigation windows

CV111 Mandatory Instance Maintenance/Failure Notifications

Service must be able to send out alerts/notifications in the event of failures

CV112 Mandatory Instance Restart Flexibility

Service must provide flexibility to set which instances should be restarted or which instances should remain down during failure or maintenance

CV113 Mandatory Instance Anti-Affinity

Service must be able to run instances on different hosts or different infrastructure

CV114 Mandatory Basic Auto scaling Support

Service must support automatically adding host capacity as compute requirements increase

CV115 Desirable Instance Affinity Instances may be isolated from each other on different hosts

CV116 Desirable Extra Large Instance Support

Service should support extra-large instances with the following specifications: 32 CPU512 GB Memory50,000 IPOS256 mbps Network62 TB Storage

CV117 Desirable Restart Priority Service should provide flexibility to set priority in which instances will be restarted

CV118 Desirable Console-Level Access to Instances

Service should provide the ability to power on/off instances as well as mount ISO images

CV119 Optional Single-Tenant Compute Instances

No component of an instance should be shared across multi-tenants. None of the memory or storage should be shared with other tenants.

CV120 Desirable Compute Performance Baseline

Service should provide guarantee of base compute resources




Requirement ID



(Fully Met

Partially Met

Not Met)CV121 Desirable Advanced Auto

scaling SupportShould be able to add load balanced instances automatically. If it is determined that another server is needed, it should be able to set that up with minimal effort

CV122 Optional Export Instance Image

Provide the ability to export instance to ISO or OVA

CV123 Optional Bare-Metal Provisioning

Support for bare-metal provision for when the Authority host own equipment or lease equipmentAbility to collocate equipment

CV124 Optional Customer-Controlled Overprovisioning

Service should support ability to define overprovision above the set baseline

CV125 Optional Sub one minute Provisioning Times

Provide the ability to provision basic image in under one minute

12.4 Storage Requirements

Table 5. Storage Requirements

Requirement ID



(Fully Met

Partially Met

Not Met)SV101 Mandatory Bulk Data

Import/ExportBe able to provide capability to do bulk import and export of data

SV102 Mandatory Block Storage Snapshots

Service must have the ability to take snapshots of different storage levels

SV103Mandatory Expandable

Block Storage Volumes

Must be able to expand/extend storage volumes on demand without restarting workload where applicable

SV104

Mandatory Logging of Administrative Object Service Requests

Must be able to log management activities for object storage

SV105 Mandatory Provider-Enabled Encryption Services

Provide the ability to encrypt storage devices

SV106 Mandatory File/Object-Versioning Support

Must provide capability to version files/objects




Requirement ID



(Fully Met

Partially Met

Not Met)SV107 Preferred Cross-

Geography copy/replication

Service must support ability to replicate data between multiple data centers

SV108 Preferred Block Storage Interconnect Transparency

Must be able to map a block level storage directly on one of the instances; Raw Device Mapping

SV109 Preferred Multiple Instance Mount

Must be able to support multiple instance mounting in order to support Linux

SV110 Preferred SSD-Based Block Storage

Be able to provide Solid State Drive backed block storage volumes

SV111 Preferred Snapshot Copy/Replication

Be able to provide storage based snapshot, clone

SV112 Preferred Automatic Object Durability

Must provide transaction logging for object level storage

SV113 Preferred Bulk Object Delete and Retirement Policies

Have the ability to recover bulk deleted objects for a period of one week

SV114 Preferred Bulk Data Import/Export With Encryption

Be able to provide capability to do bulk import and export of data with encryption

SV115 Preferred Tiered Storage Service(s)

Must be able to set performance tier within the block storage

SV116 Optional Instance-Specific Storage

Have the capability to support volumes that are allocated to a specific instance; RDM

12.5 Network Requirements

Table 6. Network Requirements

Requirement ID



(Fully Met

Partially Met

Not Met)

NV101 MandatoryBandwidth Capacity and Speed

This bandwidth will be variable, but we would require upwards of 1 Gbps circuit connection

NV102 MandatoryMultiple Virtual NICs and Network Segments

Must be able to expand many segments in each instance




Requirement ID



(Fully Met

Partially Met

Not Met)

NV103 Mandatory

Isolated Network Segments & Private-Network Interface Instances

Must support VRF (Virtual Routing and Forwarding) and be able to use the same configuration at the Authority where applicable

NV104 Mandatory Static IPs Must be able to assign static IP addresses

NV105 MandatoryChoose Your Own RFC 1918 Address Space

Must be able to choose our own subnets; non-routable IPs

NV106 Mandatory Private Customer Connectivity

Must support L2 extension of the Authority LAN; Direct LAN connectivity (non-internet)

NV107 MandatoryCustomer Network Segments Across Data Centers

Must support OTV (Overlay Transport Virtualization); L2; Be able to take IP addresses and have the same IP in both sides

NV108 Mandatory Front-End Load Balancing

Have the ability to provide load balancing from web and application servers to forward-facing users

NV109 Mandatory Back-End Load Balancing

Have the ability to provide load balancing from web and application servers to back-facing services such as databases

NV110 Desirable Multiple Network Segments

Additional networks as required conforming to RFC 1918 (private IP spaces)RFC 1918 is the private IP spaces (10.0.0.0/8, 172.16.0.0/16 and 192.168.0.0/16)

NV111 Desirable Session Load Balancing

Should be able to maintain connection to an instance once it has been made

NV112 Desirable Metrics-Driven Load Balancing

Should be able to switch connection between different instances based on availability and load

NV113 DesirableNetwork Performance Tiers of Service

Should be able to difference levels of support based on bandwidth and availability tiers

NV114 Optional WAN Traffic Encryption

Option to provide WAN traffic encryption if network is not private; Non MPLS

NV115 Optional

Instance Support for Multiple Network Interfaces and IPs

Instances must be able to support multiple network interfaces and IPs

NV116 Optional Real-Time Network Performance

Optional ability to monitor network activity or performance




Requirement ID



(Fully Met

Partially Met

Not Met)Visibility

NV117 Optional High-Speed Cross-Geography Networking

Optional capability for geographic separation of some networks across multiple physical datacenters

12.6 Recoverability Requirements

The following table provides requirements that have been captured to provide the ability to recover from an unexpected incident that affects the availability of the environment.

Table 7. Recoverability Requirements

Requirement ID



(Fully Met

Partially Met

Not Met)

RR101 Mandatory Archiving Must be able to archive virtual machines and retrieve them when needed.

RR102 Mandatory Restore from Backup

Must be able to backup and restore the environments during a predetermined schedules as well as needed

12.7 Security and Access Requirements

The following table provides requirements that have been captured for overall data control, confidentiality, integrity, accessibility, governance, and risk management, including the ability to demonstrate or achieve compliance with regulation.

Table 8. Security and Access

Requirement ID



(Fully Met

Partially Met

Not Met)

SR101 MandatoryDocument User Control Considerations

Must provide documented process for user access control and periodic reports on compliance

SR102 Mandatory Available Access Must be able to access the document.docx

Last modified December 2, 2016 9:25 PM



Requirement ID



(Fully Met

Partially Met

Not Met)Time environment 24/7/365

SR103 Mandatory Block Storage Data Eradication

Must have the capability to perform a verified clean of a volume that is no longer needed. Service must be in line with NIST SP-800-88 Rev 1, Guidelines for Media Sanitization

SR104 MandatoryExternal Network Security ACLs/Firewall

Perimeter must be secured by firewalls and ACLs

SR105 MandatoryInternal Network Security ACLs/Firewall

Tenant space must be secured by firewalls and ACLs

SR106 Mandatory

Allow Firewall Policy to Be Changed per Instance or Group

Allow micro-segmentation or private virtual LAN for instances

SR107 MandatoryCustomer Control Over Data Locale Residency

Order of preferred data locale residency:1. Alberta2. Western Canada

SR108 Mandatory Customer Data Ownership

Vendor must provide a statement saying that the Authority is sole owner of all data stored on service

SR109 Mandatory Provider Personnel Protections

Must provide advice on enhanced personnel security clearances for the support team. Clearance must include a satisfactory Criminal Record and background check to assure reliability of Vendor staff

SR110 Mandatory Secure Instance Access Credentials

Must provide documented processes in place to limit physical access only to authorized personnel

SR111 Mandatory

Local Identity Management and Granular Role-Based Authorization – Compute

Must provide limits Vendor staff access/permissions to infrastructure resources based on their identity and role within the organization

SR112 Mandatory

Local Identity Management and Granular Role-Based Authorization – Storage





Requirement ID



(Fully Met

Partially Met

Not Met)

SR113 Mandatory

Local Identity Management and Granular Role-Based Authorization – Network


SR114 Mandatory Private Image Catalog

Provide the ability to maintain Authority-specific instance image catalogue

SR115 MandatoryFederated SSO to Management Console

Provide the ability to federate single sign on between airport Authority and service provider

SR116 MandatoryCustomer Control Over Data Locale Residency

Order of preferred data locale residency: 1. Canada2. Non-US

SR117 DesirableMFA Administrative Access Control (Root and Admin)

Multifactor access for administrative-level functions

SR118 Desirable Cloud Security Guideline Matrix

Be in adherence to CSA Cloud control matrix

SR119Desirable Penetration Testing

Request Process

Must participate in at least annual penetration testing to verify the electronic security of the service.

SR120Desirable SIEM Integration or

Service

Be able to support Security Information and Event Management integration to airport Authority

SR121Desirable Enterprise Directory

Integration

Should be able to integrate authentication requirements with The Authority Active Directory (native)

SR122 Desirable Support for Authentication

Should be able to authenticate using the Authority Active Directory

SR123

Desirable Role-Based Authorization Based on Dynamic Group or Tag

Should be able to set authorization or access levels based on the Authority Active Directory groups/tags

SR124 Optional Patch Management Service

Be able to provide patch management services for OS images

SR125 Optional Network Forensic Tools

Service should provide the ability to diagnose their own network structure and provide possible issues/exposure report

SR126 OptionalInstance Vulnerability Scanning

Provide host-based scanning and virus protection

SR127 Optional Meet the Authority Be able to meet the Authority Internal document.docx




Requirement ID



(Fully Met

Partially Met

Not Met)internal Audit Standard

Audit Standard ITSS-7001, available from Information Security.

12.8 Service Offerings Requirements

The following table provides requirements that have been captured for overall data control, confidentiality, integrity, accessibility, governance, and risk management, often including the ability to demonstrate or achieve compliance with regulation.

Table 9. Service Offerings Requirements

Requirement ID



(Fully Met

Partially Met

Not Met)

SO101 MandatoryEnterprise Customer Case Studies

Be able to provide enterprise reference sites

SO102 Desirable Content Delivery Network

Be able to support content streaming (i.e. streaming videos, podcasts, etc.)

12.9 Support and Service Level Requirements

The following table provides requirements that have been captured to deliver a highly available operation in compliance with SLAs, as measured by percent uptime of relevant components.

Table 10. Support and Service Level Requirements

Requirement ID



(Fully Met

Partially Met

Not Met)

SS101 Mandatory 24/7 Support, 15-Minute Response

Be able to provide acknowledgement of newly opened support requests (within 15 min, 24/7)




Requirement ID



(Fully Met

Partially Met

Not Met)

SS102 Mandatory Live Support Offering (English)

Live support offering must be delivered in English

SS103 Mandatory Online Self-Service Support Portals, Knowledge bases

SS104 Mandatory Online Error/Bug Reporting

Must provide an online web-based tool for reporting bugs or issues

SS105 Mandatory90 Day Parallel Support for API Changes

Must be able to support for 90 Days any changes made to any API that the Authority is leveraging

SS106 Mandatory Account Manager Offering Have an Account Manager Offering

SS107 Mandatory Cloud Offboarding Support

Must be able to provide offboarding support for when the Authority ends contract with provider

SS108 Mandatory60-day Service Health and SLA History

Must provide report on the performance of service provided and conformance to the SLA for the past 60-days

SS109 MandatoryDowntime Calculation Starts Immediately

Calculation of service interruption duration must begin immediately upon time of interruption

SS110 MandatoryCompute Service Availability SLA — 30 Minutes

No service interruption shall have a duration of longer than 30 minutes

SS111 MandatoryStorage Service Availability SLA — 30 Minutes


SS112 Desirable 1 year Service Health History

Be able to provide health metrics for current year and current -1 year

SS113 DesirableCompute Service Availability SLA — Five Minutes


SS114 DesirableStorage Service Availability SLA — Five Minutes


SS115 Desirable Customer View of SLA Dashboard

Be able to provide a web-based online tool that provide performance metrics and thresholds of SLA

SS116 DesirableOne Year Parallel Support for API Changes

Must be able to support for 1 year any changes made to any API that the Authority is leveraging

SS117 Optional Published DR Plan and Test Results

Be able to provide published DR plan and test results

SS118 OptionalCompute Service Availability SLA — Three Minutes


SS119 Optional Storage Service No service interruption shall have a document.docx




Requirement ID



(Fully Met

Partially Met

Not Met)Availability SLA — Three Minutes duration of longer than 3 minutes

SS120 Optional Member of TSANetMust be a premium member in good standing to assist with solving multi-vendor issues

12.10 Manage and DevOps Requirements

The following table provides requirements that have been captured for ease of managing the environment and maintaining normal operations. Sub-qualities can include scalability and flexibility.

Table 11. Manage and DevOps Requirements

Requirement ID



(Fully Met

Partially Met

Not Met)

MR101 Mandatory Management and Monitoring Systems

Instances must integrate with existing Authority management and monitoring systems• APM (Application Performance Monitoring tool) for servers and applications• SolarWinds• vCenter Server• Active Directory• vRealize Operations• CSA (Cloud System Automation)• vRealize Automation• vCloud Connector

MR102 MandatorySelf-Service CLI & API for All Cloud Functions

Must be able to programmatically move work loads

MR103 Mandatory GUI Management Console Support

Be able to provide a web-based management console support

MR104 MandatoryCustom Tagging and Grouping of Resources

Must be able to group workloads based on tags

MR105 Mandatory Real-Time Performance-

Must provide real-time monitoring dashboards for instances/data centers




Requirement ID



(Fully Met

Partially Met

Not Met)Monitoring

MR106 Mandatory

Real-Time Performance Health checks, Thresholds and Alerts

Must provide a health check tool and be able to send out alerts based on configured thresholds

MR107 Mandatory Access to Monitoring Data

Be able to programmatically view and utilize monitoring metrics

MR108 MandatoryAccount Management Logging

Must log activities and provide access to logs for any changes to administration accounts

MR109 MandatoryProvisioning and Catalog Action Logging

Must log activities and provide access to logs for any changes to provisioning and catalogs

MR110 MandatorySecurity Configuration Logging

Must log activities and provide access to logs for any changes to security configurations

MR111 Desirable SDK Library Be able to provide a Software Developer Kit for cloud API

MR112 Desirable 1-year Performance Metrics History

Be able to provide performance metrics for current year and current -1 year

MR113 Desirable Community Image Catalog

Should be able to provide a catalog of community driven templates

MR114 Desirable Self-Service, Post provisioning Events

Should be able to execute post-provisioning tasks without the intervention of the service provider

MR115 Optional Mobile Dashboards Be able to provide mobile device monitoring dashboards

MR116 OptionalGUI-Based Network Design/Inventory Mapping

Must provide a GUI inventory of network nodes and instances with ability to export to PDF, PNG

MR117 Optional

Configuration Management Capabilities as a service

Option to apply a patch to update non-compliant instance/data center configurations

12.11 Price and Billing Requirements




Table 12. Price and Billing Requirements

Requirement ID



(Fully Met

Partially Met

Not Met)

PR101 MandatoryGranular Showback Based on Group/Tag

Ability to provide showback details on nodes and instances based on groups, tags, or resource pools

PR102 MandatoryCost Calculator/Simulator

Be able to provide a cost calculator/simulator

PR103 Mandatory SPLAs for Major OS Releases

Must have Service Provider License Agreement (SPLA) available

PR104 Mandatory Billing in Canadian Dollars

Must be able to provide billing in Canadian dollars

PR105 Optional Lease Periods Ability to lease equipment for co-location

13.Pricing and Costs:Please provide cost proposal(s) that show a tier of services that meet the requirements (, Desirable and Optional) outlined above. The proposal must encompass all hardware and software necessary for design, provisioning, hosting and maintenance of the proposed solution.Vendors shall:

NOT charge the Authority when preparing quotations or estimates. NOT charge travel or per diem, unless mutually agreed upon by the Authority Identify applicable discounts for extended work periods and project-based work.

Pricing tables should show the tier of services being offered.

14.RFP Process and Waiver of Claims14.1 This is not a tender call. The submission of a Proposal does not give rise to an

obligation on the Proponent to enter into a contract with the Airport Authority to perform the Work.

14.2 The Proponent and the Airport Authority acknowledge that no contractual or other legal rights or obligations shall arise between them in relation to the Work unless a written Contract is executed.

14.3 The Proponent may withdraw its Proposal at any time without liability of any kind to the Proponent.

14.4 The Airport Authority may suspend or cancel this RFP at any time in its sole discretion without liability of any kind to the Airport Authority.

14.5 The Airport Authority plans to negotiate a Contract acceptable to the Airport Authority with the Proponent(s) (if any) who proposes the best overall value to the Airport Authority. Such negotiation may include any matter related to the Contract and the Work including the price of the Work. If the terms of a Contract are concluded between the Airport Authority and one or more Proponents, such Proponents will enter into a Contract directly with the Airport Authority or with the Airport Authority’s designated agent as applicable.

14.6 The Airport Authority may, in its sole discretion, choose to not negotiate a Contract with a Proponent with the lowest priced Proposal nor with any Proponent if none of the Proposals are acceptable to the Airport Authority in its sole discretion.




14.7 The Airport Authority reserves the right to consider or reject all or part of any Proposal and further reserves the right to communicate with any single Proponent or group of Proponents to seek clarifications of or modifications to any Proposal after the Deadline without obligation to similarly communicate with or provide any such opportunity to any other Proponent.

14.8 The Airport Authority reserves the right in its sole discretion to refuse to consider any Proposal which it determines to be unacceptable in its sole discretion.

14.9 Notwithstanding any irregularity, noncompliance or insufficiency of any Proposal, the Airport Authority may consider any such Proposal and negotiate and enter into a Contract with the applicable Proponent as the Airport Authority deems appropriate in its sole discretion.

14.10 Any and all costs incurred by a Proponent in the preparation of a Proposal shall be borne solely by the Proponent.

14.11 In consideration of the opportunity to participate in the RFP process, the Proponent covenants and agrees that it shall have no claims of any kind against the Airport Authority for damages, loss of profits, costs, or other losses of any nature arising at law or in equity in relation to this RFP or its participation in the RFP process.

14.12 If the Proponent commences any legal proceedings against the Airport Authority in relation to the RFP or its participation in the RFP process, the Proponent agrees to indemnify and hold harmless the Airport Authority from any loss, damages or expenses related to or arising from such a proceeding including legal fees incurred by the Airport Authority, on a solicitor and client basis, associated with defending such a claim.

15. Instructions to Proponents15.1 Questions Regarding this RFP

All questions concerning this RFP may only be submitted by E-mail to:

Carolynn Hexspoor at [email protected]

Answers to submitted questions will be provided solely to the party submitting the question except where the Airport Authority, in its sole discretion, determines the answer should be provided to some or all of the other responding parties.

Questions are to be submitted no later than June 26, 2015 at 12:00 PM. Questions submitted after that date and time will not be answered.

15.2 Proposal ContentThe following information should be fully addressed in Proposals:

15.2.1. Any conflict of interest as described below;15.2.2. The Proponent’s organizational and technical capability;15.2.3. The Proponent’s past performance and experience with the Airport Authority and with other parties on similar projects;15.2.4. The Proponent’s organizational and technical capability to perform the Work (include resumes of key personnel);15.2.5. The Proponent’s financial stability and capabilities;15.2.6. The financial costs/benefits of the Proposal to the Airport Authority; 15.2.7. The proposed completion schedule for the Work;15.2.8. Any additional types of services offered by the Proponent related to the Work; and15.2.9. Any other items specified in the Terms of Reference, Scope of Work, Specifications (as applicable) or elsewhere in this Request for Proposal;15.2.10. All Clarifications must be acknowledged by faxing or emailing back the executed copy of the signature page only and ensure that the original signed copy of the Clarification is submitted with your Proposal package.





15.3 ConfidentialityThe Airport Authority will use commercially reasonable efforts to keep all Proposals confidential but the Airport Authority shall not be liable for release of any information contained in a Proposal.

15.4 InsuranceSuccessful Proponents shall carry, at their own expense during the term of any Contract(s) entered into by a Proponent and the Airport Authority, insurance as described in this RFP. The Airport Authority will insure such Proponents under the Airport Authority’s insurance policies as described in this RFP.

15.5 ClarificationsPrior to DeadlineIf any Clarifications are issued prior to the Deadline, the Airport Authority will issue such Clarifications in writing to all Proponents who submit Proposals prior to the Deadline. Proponents who have already submitted a Proposal prior to receipt of such Clarifications may, by written notice to the Authority, withdraw or amend their Proposal. If no such notice is received by the Authority, the submitted Proposal will be deemed to be a Proposal made in response to this RFP as amended by such Clarifications.

After DeadlineIf the Airport Authority issues any Clarifications after the Deadline, the Airport Authority will issue such Clarifications in writing to all Proponents who have submitted qualifying Proposals.All such Proponents will be given such time as indicated in any such Clarifications to submit a written reply to the Clarifications.Proponents must describe in their reply the full and complete changes (if any) which any such Clarifications have upon their Proposals and indicate whether they wish to withdraw their Proposal or continue to participate in this RFP process as amended by such Clarifications.

15.6 Communication from Airport AuthorityOnly information given in writing by the Director, Procurement and Contracts or his authorized representative, and which refers specifically to this RFP, may be relied upon by Proponents in responding to this RFP.

15.7 Application of Goods and Services TaxGoods and Services Tax shall be excluded from all proposed pricing

15.8 Proponent RepresentationsBy submitting a Proposal each Proponent:i. acknowledges that it has received and carefully reviewed this RFP and any Clarifications

and that it is able to perform the Work;ii. acknowledges that, if successful, it will be invited to enter into negotiations with the

Airport Authority to settle the terms of the Contract for the performance of the Work, however either the Airport Authority or the Proponent may terminate such negotiations at any time in their sole discretion and without any liability;

iii. understands that the Airport Authority may conduct such Contract negotiations with one or more Proponents and may award more than one Contract to more than one Proponent in respect of portions of the Work in its sole discretion; and

iv. represents that except as specified in the Proposal,(1) No other person has or will have any interest (direct or indirect) nor any share in any Contract which may result from this RFP process;




(2) No collusion, arrangement or price fixing agreement between the Proponent and any other person regarding Proposals submitted in respect of this RFP has been or will be made;(3) The Proponent has no undeclared knowledge regarding any other Proposals which may be or have been submitted in response to this RFP; and(4) No comparison of figures, agreement or arrangement (express or implied) with any other person regarding this RFP has occurred.

15.9 Conflict of Interesti. Any Proponent (including its owners, partners, shareholders, officers or principals, and

their respective family members) who has any family, business or financial relationship with any Airport Authority employee or member of the Board of Directors of the Airport Authority may be disqualified from this RFP process at any time where the Airport Authority, in its sole discretion, determines a disqualification to be in the best interests of the Airport Authority

Proponents must, in their Proposal, disclose any such relationship of which the Proponent, after making reasonable inquiries, is aware.

In this Section, the term “family” means a spouse, domestic or common law partner, parent, child, brother, sister, grandfather, grandmother, grandson, granddaughter, father-in-law, mother-in-law, brother-in-law, sister-in-law, son-in-law, daughter-in-law, stepfather, stepmother, stepson, stepdaughter, stepbrother, stepsister, half-brother or half-sister.

ii. If a Proponent fails to disclose any such interest or the interest is falsely or insufficiently reported, the Airport Authority may terminate or cancel any Contract which it may have entered into with the Proponent without liability, expense, or cost.

16.Proposal Detail and Documentation16.1 Proponents shall submit 2 complete copies of their Proposal including the completed

Proposal Form (attached) with one (1) clearly marked “Original” and one (1) clearly marked “Copy”.

16.2 All Clarifications must be acknowledged by faxing or emailing back the executed copy of the signature page only and ensure that the original signed copy of the Clarification is submitted with your bid package.

16.3 Proponents should identify any specific elements of this RFP which they are unable to address.

16.4 Proponents should identify how they meet the above identified requirements showing that they either: - meet requirements- partially meets requirements- do not meet requirements

16.5 Proposals must contain sufficient detail and information to allow the Airport Authority to consider the Proposal.

16.6 Proponents should assume they will not be given further opportunity after the Deadline to supply additional information.

16.7 All prices shall be in Canadian dollars unless otherwise directed by the Airport Authority.

17.Evaluation Criteria:17.1 An evaluation/selection committee designated by the Airport Authority will evaluate

submitted proposals based on the below criteria for this Request for Proposal:document.docx




17.1.1. Ability to meet the identified requirements based on pre-determined scoring criteria17.1.2. Ability to deliver solution within the proposed schedule17.1.3. Cost based on pricing criteria identified above

The proposal shall identify and discuss invoice payment terms. The Airport Authority will issue progress claims to the awarded vendor and utilizes a standard 35 day payment schedule from date of received invoice at accounts payables.

The proponent submitting the overall lowest cost will not necessarily be awarded the contract for the work as outlined within the above Terms of Reference. The Airport Authority reserves the right to negotiate final contract terms and scope of service, including fee proposal with the successful proponent(s).

17.1.4. Solution Completeness / Reliability

17.2 Responses that fall short of meeting any of the key requirements of the RFP may be rejected.

17.3 Responses will be rated as to how they meet the criteria with a weighting on each factor.17.4 Responses that fall short of meeting any of the key requirements of the project may be

rejected.17.5 The Authority reserves the right to proceed with any respondent(s), that they feel offer the

best overall value to The Authority.

18. Interviews & Ongoing Negotiations18.1 The Authority may elect to cancel, change, or proceed with any (or none) of the proposals.18.2 The Authority may, at its sole discretion, decide to interview none, one, or more of the

interested parties after reviewing the submissions.18.3 The Authority reserves the right to negotiate with one, or more of the interested parties

without being obligated to the others that responded.18.4 The Authority may shortlist any number of parties and then proceed with further in-depth

discussions.

19.Company ProfileQuestion Response

(Attach as required)Company nameParent company

Company address

Name of person responsible for the information contained in this RFP

Telephone numberFacsimile numberEmail addressWeb page

Initial year of operations




Question Response(Attach as required)

Company location:Corporate officeLocal offices (Canada)Local offices (US)Local offices (Europe)Other office

Number of employees:Canada Total

DevelopmentImplementationSales & administration

SupportEmployee turnover rate (estimate)Key employees (names and terms of contract)

Total revenues defined from development services:Current yearPrevious year

Determine how core revenues are obtained: (what keeps you in business?)

Total profit/lossCurrent yearPrevious year

List Company Core competencies:List Programming Development environments:

Describe your organization’s ability to strategize and provide BI solutions.Give examples of solutions you’ve implemented in the past.Please indicate any terms and conditions of trading together with an indication where it is agreeable to amend or alter those terms. If there are any terms, which you are not able or agreeable to alter, please specifically indicate those terms.

Give details of any business continuity arrangements.

Have you supplied to customers in a similar industry, with a similar profile to the Calgary Airport Authority that would act as a reference site for you?

If you are a VAR, total number of installations of the version of the software being proposed, which have been carried out by your organization?

Describe any third party alliances/relationships?

Certifications on staff? (MSCE, CNE, etc)

Please provide details of any outstanding legal action against your company or any directors or partners.

Are there any anticipated mergers or acquisitions pending?




Question Response(Attach as required)

Please provide information on your implementation methodology.

What documentation do you provide throughout the project and upon completion?

Describe your bench strength and capacity to provide resources on site.

Training:Do you offer formal user training?What type of courses do you run and what is their duration?Describe any training materials offered?

Do you have a warranty period for delivered projects?What is your approach and philosophy on this?

Approach to Quality and Testing procedures.Are testing processes formalized?Do they have any Quality control techniques or methods?

Approach to pricing.What are your rates to for mentoring?What are your rates for training?Do you offer discounts for volume purchases?

Give a brief description of your organization's background

Knowledge of architectureDescribe your organization’s architectural knowledge



RFP TOR Lab Bursting - IaaS Ver 2.0

Documents

Transcript of RFP TOR Lab Bursting - IaaS Ver 2.0