MAJLIS PERBANDARAN SUBANG JAYA DOKUMEN TENDER (JILID 2/2) BAGI

(1)

TENDER DALAM TALIAN

MAJLIS PERBANDARAN SUBANG JAYA

DOKUMEN TENDER

(JILID 2/2)

BAGI

CADANGAN MEMBEKAL, MEMASANG, MEMBANGUN, MENGUJI

SERTA MENTAULIAH DISASTER RECOVERY CENTRE (DRC)

DAN PERKHIDMATAN BERKAITAN UNTUK

MAJLIS PERBANDARAN SUBANG JAYA

NO. TENDER

MPSJ.KUB.400-10/3/138 (2016)

TARIKH BUKA

13 OKTOBER 2016

TARIKH TUTUP

02 NOVEMBER 2016

MASA TUTUP

12.00 TENGAHARI

YANG DIPERTUA

MAJLIS PERBANDARAN SUBANG JAYA,

USJ 5, PERSIARAN PERPADUAN,

47610 SUBANG JAYA,

SELANGOR D.E.

www.mpsj.gov.my

(2)

CADANGAN MEMBEKAL, MEMASANG, MEMBANGUN, MENGUJI

SERTA MENTAULIAH DISASTER RECOVERY CENTRE (DRC)

DAN PERKHIDMATAN BERKAITAN UNTUK

MAJLIS PERBANDARAN SUBANG JAYA

NO. TENDER : MPSJ.KUB.400-10/3/138 (2016)

ISI KANDUNGAN

BIL

BUTIRAN

MUKA SURAT

1.0 SPESIFIKASI TEKNIKAL

3

2.0 RESPOND TIME

6

3.0 DOKUMEN PERJANJIAN

7

4.0 TERMA PEMBAYARAN

.

10

ARAHAN

Petender adalah dilarang sama sekali meletakkan tanda pengenalan syarikat atau apa jua maklumat berkaitan seperti chop syarikat, nama kakitangan syarikat atau tanda tangan pada mana-mana bahagian di dalam Jilid 2/2 ini.

Kegagalan petender untuk mengikuti arahan sedemikian boleh menyebabkan penyertaan di dalam TENDER ini terbatal.

(3)

MAJLIS PERBANDARAN SUBANG JAYA

SPESIFIKASI TEKNIKAL

JENIS PERKHIDMATAN

: CADANGAN MEMBEKAL, MEMASANG,

MEMBANGUN, MENGUJI SERTA MENTAULIAH

DISASTER RECOVERY CENTRE (DRC) DAN

PERKHIDMATAN BERKAITAN MAJLIS

PERBANDARAN SUBANG JAYA

NO. TENDER

: MPSJ.KUB.400-10/3/138 (2016)

A. OBJEKTIF DAN SKOP

Objektif tender ini adalah untuk Membekal, Memasang, Membangun,

Menguji serta Mentauliah Disaster Recovery Centre (DRC) serta

Perkhidmatan Berkaitan untuk MPSJ seperti berikut:

1. Cloud DRC Infrastructure

2. Storage DRC Infrastructure

3. Backup DRC Infrastructure (Cold Site)

4. Equipments and softwares required to support the DRC operations

with the ability to divert/take over operations when needed during

disaster.

5. Direct Over Metro-E Connection

6. Membekal Lesen MySQL

7. Perkhidmatan instalasi system yang sedia ada ke server DRC yang di

DRC site yang cadangkan (minimum 25km radius)

8. Perkhidmatan Preventive Maintenance dua kali setahun.

Syarat-syarat berikut perlu untuk penilaian yang mesti disertakan oleh

Petender di dalam dokumen cadangan dengan jelas. Kegagalan Petender

memenuhi

setiap

syarat-syarat

perlu

untuk

penilaian

akan

mengakibatkan cadangan tersebut tidak akan dipertimbangkan.

a. Petender wajib menyatakan dengan jelas spesifikasi setiap komponen

peralatan yang ditawarkan, berdasarkan spesifikasi MPSJ di ruangan

‘TECHNICAL SPECIFICATION AND REQUIREMENT’ (please

specify)’. Jika ruang tidak mencukupi, Petender boleh menggunakan

Lampiran sebagai rujukan dan mestilah ditandakan/dinamakan dengan

jelas.

b.

Petender mestilah menyediakan senarai alat (‘Bill of Quantities – BQ’)

secara terperinci untuk setiap peralatan dan perkhidmatan yang

dicadangkan di setiap Item, sebagai dokumen sokongan wajib bagi

mempastikan peralatan dan perkhidmatan yang ditawarkan betul dan

(4)

mencukupi. (sertakan sebagai lampiran

– rujukan item pada Jilid 1/2;

JADUAL KADAR HARGA dan Jilid 2/2; JADUAL TEKNIKAL).

c. Petender mestilah menyertakan gambarajah skematik yang dapat

menerangkan secara konseptual dengan jelas cadangan rekabentuk

sistem DRC MPSJ yang dicadangkan.

d. Petender mestilah menyertakan Jadual Perancangan (Work Shedule)

untuk pembekalan, penghantaran, pemasangan, pengujian dan

pentauliahan dengan jelas.

e. Semua item utama yang dibekalkan mesti disertakan brosur asal

yang mengandungi maklumat teknikal mengenainya.

(5)

MAJLIS PERBANDARAN SUBANG JAYA

SPESIFIKASI TEKNIKAL

A. GENERAL REQUIREMENT

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN) 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1,8 VENDOR PRE-REQUISITE

Bidder must propose ISO/IEC 27001 certified DRC center. Bidder must comply with Tier 2 of the Data Centre Site Infrastructure Standard (Concurrently Maintainable Site Infrastructure) or above from Uptime Institute.

Bidder must provide minimum DOME 10MB Metro-e Internet line.

Bidder must propose location of the propose DRC and minimum requirement must be 25 Kilometer radius from the existing MPSJ datacenter.

Bidder is to propose two (2) boxes of dedicated SSLVPN box to secure the connection from datacenter to propose DRC.

Bidder must provide offsite storage at the DRC, and also tape pickup services from MPSJ primary site to the DRC based on schedule requested at 3 times a week.

Bidder must propose required hardware and software as specified in scope of work.

Bidder must provide automated scheduled backup and replication solution or online data synchronization between MPSJ datacenter to the proposed DRC

(6)

BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

1.9

2.0 2.1

Bidder must provide transfer technology or training on product as well as on the administrative function for the proposed solution.

SCOPE OF WORKS

Bidder MUST fully comply with the scope of works, which include:

a) Provision of an alternate site i.e.: dedicated room to host critical servers and provide redundancy in terms of availability in the event of primary site at MPSJ main office is down.

b) To install and deploy the identified servers and

hardware. This shall include operating system, network and other relevant application if required as well as technical support and assistance to MPSJ.

c) To provide technical assistance (Resident Engineer) to support MPSJ staff in assuring that on-site restoration operations and end of event backup operations can be implemented in the Bidder’s Recovery Center facility. The Bidder shall assume all cost for testing.

d) To advice and provide other required equipment or software required to support the DRC operations with the ability to divert/take over operations when needed during disaster.

e) To provide dedicated Internet services at 10MBPS (minimum).

(7)

3.0 3.1

3.2

f) To provide preventive and scheduled maintenance for all hardware hosted at the DRC site.

g) To provide consulting services on DRC technology during project implementation to MPSJ.

h) To provide dedicated working space and required infrastructure for 5 MPSJ personnel.

i) To provide automated scheduled backup solution or online data synchronization between MPSJ datacenter, co-location and proposed DRC

j) To provide offsite storage at the DRC, and also tape pickup services from MPSJ primary site to the DRC based on schedule requested at 3 times a week. k) Training is to be provided on product as well as on the

administrative function for the proposed solution.

BIDDER’S RESPONSIBILITY

The bidder shall review this document and take full responsibility of obtaining information from MPSJ as may be required to meet the specifications and requirements.

The bidder shall review and fulfill all specifications and requirements before committing to sign the purchase agreement.

4.0 DOCUMENTATION REQUIREMENTS

MPSJ reserves the right to reproduce all or part of the document submitted by the bidder for internal use.

(8)

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN) 5.0 5.1 5.2 5.3 5.4 DELIVERY REQUIREMENTS

Successful bidder shall complete the entire scope of works within eight (8) to twelve (12) weeks after receipt of MPSJ Letter of Acceptance (LOA).

The bidder shall describe the project management methodology to be undertaken in the project to ensure the time is met as scheduled as well as meeting the technical requirements of the project. The project management methodology shall include the tasks and activities involved as listed below:

a) Project team structure b) Point of contact

c) Implementation schedule based on proposed project delivery and timeline which indicating

- Key milestones dates and deliverables - Workday

- Staffing estimates

The customer has the authority to reject all items that are not working accordingly.

The customer has the authority to reject any kind of bugs during or after installation.

(9)

B. TECHNICAL SPECIFICATION & REQUIREMENT

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

1.0

1.1

TECHNICAL SPECIFICATION

a) Critical servers (server and hardware specification is as below or equivalent):-

EXISTING INFRASTRUCTURE AND INFOSTRUCTURE a) Critical servers (server and hardware specification is as below or equivalent): -

 Server for iRMS

(i) VMWare Centos OS 4/5/6 (32GB)

(ii) Processor 8vCPU

(i) 8GB RAM

(ii) Provisioned Storage 107GB

a. Used Storage 28GB

 Server for iFMS

(i) VMWare Centos OS 4/5/6 (32GB)

(ii) Processor 8vCPU

(iii) 8GB RAM

(iv) Provisioned Storage 107GB

 Server for OCPS

(i) SUN OS Solaris 10 10/08 s10x_u6wos_07b X8

(ii) Processor 2x Dual-Core AMD Opteron(tm) Processor

2222

(iii) 40GB RAM

(iv) HDD 2.3TB

a. Used Storage 1.1TB

 Sever for Sybase Database (IRMS & IFMS)

Makluman Makluman Makluman Makluman Makluman Makluman Makluman Makluman

(10)

1.2

(i) Linux mpsjdb1.mpsj.gov.my

2.6.32-431.11.2.el6.x86_64

(ii) Processor 1x Intel(R) Xeon(R) CPU E7- 4850 @

2.00GHz

(iii) 16GB RAM

(iv) Provisioned Storage 964GB

 Sever for MYSQL Database (OCPS)

(i) Linux 3.2.0-29-generic #46-Ubuntu SMP

(ii) Processor 1x Intel(R) Xeon(R) CPU E5620 @

2.40GHz

(iii) 24GB RAM

(iv) Provisioned Storage 487G

(v) Provisioned Storage for Data 3TB

a. Used Storage 1.9TB

 10TB external storage  Sybase Database License

REQUIRED INFRASTRUCTURE AND INFOSTRUCTURE (i) Config 8 core 40GB storage

a) To install and deploy the identified servers and hardware

b) P2V/V2V Migration Services c) DRC Policy and Testing

d) To provide other required equipment of software to support DRC operations during disaster

Makluman Makluman Makluman Makluman Makluman Makluman

(11)

1.3

1.4

1.5

e) Migrate, set up, install, configure and restoration of all MPSJ critical and core business application system in DRC environment.

f) All installations of MPSJ system application are

based on MPSJ's request.

Telecommunication and Internet Service Redundancy a) Dedicated internet service is provided at least 10Mbps b) Telecommunication and internet service provider is named

accordingly

c) Telecommunication and internet service redundancy plan need to be explained

Physical security parameters are in place. This includes gate, security guard, manned reception and CCTV.

Physical Entry control is implemented accordingly for example biometric access or access card.

Location and parking facility.

a) Bidder is to state distance between proposed DRC site and MPSJ primary site and also the number of parking space available at the DRC.

b) The bidder shall make the DRC available to MPSJ twenty four (24) hours per day, seven (7) days per week as long as required in the event of disaster.

To provide dedicated working space and required infrastructure for 5 MPSJ personnel. The working space should be equipped with other office facilities such as laser jet printer, telephone line, fax machine, facsimile and conference room. The telephone line

(12)

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN) 2.0 2.1 2.2 2.3 2.4 3.0 4.0 4.1 4.2

should allow divert service from MPSJ main premise to the

alternate site. Bidder should make the working space available for MPSJ usage as and when required.

Maintenance Support & Warranty Requirement

Operations and maintenance services for the server and related infrastructure supplied and commissioned by the bidder for the application at the Disaster Recovery Centre.

The bidder shall undertake regular preventive maintenance of the hardware and licensed software.

Bidder is to clearly describe the proposed methodology for both notifying of new releases and maintenance updates.

Bidder is also required to describe all cost related to maintenance releases and major version upgrades.

Warranty

The warranty of rented items shall include both parts and labor for a minimum period of three (3) years.

Insurance on Assets

The price of rental shall include all the risk insurance coverage for the hardware and software provided by bidder for the whole of tenure year.

The price of rental shall also include the risk insurance coverage for the transportation of backup tape from the main premise to alternate site for the whole of tenure year.

(13)

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN) 5.0 5.1 5.2 6.0 6.1 7.0 7.1

Bidder Past Experiences

Bidder MUST have an experience in providing Data Centre facilities and sufficient trained personnel for the datacenter operations. Also in demonstrating their capability to provide consultation services for this project.

Bidder to provide list of client reference (latest completed or ongoing), authorized contact person and number.

Training and Transfer of technology (TOT)

Bidder to provide transfer of technology (TOT) on DRC related software and hardware include operational.

Documentation Bidder MUST provide:

a) Finalized completed DRC Diagram b) User Manual

c) Service Operation Procedure (SOP) d) Operational Manual

e) Any other document requested by MPSJ

f) All documentation shall be submitted at the end of the project.

8

8.1

SERVER INFRASCTRUCTURE MAIN REQUIREMENT

(14)

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN) 8.2 8.3 8.4 8.5 8.6

 Supply, installation, configuration and commissioning Server

for MPSJ DRC Infrastructure.

 Number of unit: 3 Units

 Location: Propose DRC center  Product Information Please Specify

Processor

 Processor: The server must be installed with Two (2) Intel

E5-2660 v2 130 W 8 core processors

 Quantity Processor: min 2 unit

Memory

 RAM: Should have at least 128GB DDR3 Memory

RDIM/PC3 fully buffered DIMMs at 1866 MHz

 Frequency: min. 11866 MHz  Capacity: 128GB RAM

Hard Drive

 Two (2) 300GB 10k 6G 2.5-inch Hot Plug SAS Hard  RAID 0/1 Controller SAS 6G 0/1

 Supported Drive Type SATA, SAS, SSD  Remote Management IPMI 2.0 compliant

I/O and expansion

 1 x VGA, 3 slots PCI-express 2.0  6 port x Gigabit Ethernet support  1 x Dedicated Service LAN  1 x serial RS-232-C (9-pin)

 Dual 800W Power Supply come with 4m Cable power cord

for rack PDU. Operating Systems

(15)

8.7

8.8

8.9

 Windows Server 2012, Redhat Enterprise Linux, Ubuntu,

Centos, FreeBSD or Solaris for Intel x86.

Support Services & Warranty:

 All proposed item must comes with at minimum 1 (one)

year warranty.

 Bidder shall provide minimum one (1) year labor on-site

support and maintenance. Documentation:

 Bidder shall provide comprehensive documentation on

system design, system setup, IP address assignment and other information for ease of management.

 Bidder shall provide complete documentation on

configuration, User Acceptance Test (UAT),

commissioning & operation procedure for the installed equipment(s).

TRAINING:

 The supplier shall include an administrator training and a

training documentation plan. The training documentation plan shall include:

- A syllabus for the training - A number of training days

- A training for 3 pax for JTM technical staff

9.0

9.1

DATA STORAGE SOLUTION MAIN REQUIREMENT

 Supply, installation, configuration and commissioning

MPSJ DRC Data Storage.

(16)

9.2

9.3

 Location: Propose DRC center  Product Information: (please specify)  Model:

 Brand:

 Country of Origin :

 Bill of Quantity (BQ) : (please attach appendix)

Unified Storage Requirement:

 RAW Storage Capacity Required : 16 TB RAW

 Comes with 16 x 1TB SAS 10K RPM HDD to achieve at

least 1100 IOPS with performance RAID 10 configurations

 Offered RAID 5 Storage Capacity: (Please Specify)

Storage Specification :

 The Proposed Storage should be configured with these

following requirement :

o Minimum Six Core CPUs o 16GB Main Memory

o Minimum 4 x 1Gbe + 2 x 10Gbe front end ports per

controller

o Dual Controller

 The Proposed Unified Storage must be rack mounted

(Adequate rack should be proposed)

 The Proposed Unified Storage should be configured with

redundancy of Disk Drives, Fans & Power Supplies

 The Proposed Unified Storage should be able to support

minimum 16 disks in the array

 The above-mentioned Usable Capacity requirements are

exclusive of all necessary required hot spares. Hence each spindle capacity type required above should have independent pool of minimum required hot spares

 The Proposed Unified Storage should support RAID

(17)

9.4

9.5

 (If any of the mentioned Raid Groups are not supported by

the Tenderer’s, then kindly propose equivalent features, with supporting whitepaper validation documents from third party agencies)

 The Proposed Unified Storage should support for

Windows 2000/2003, HP-UX, IBM AIX, LINUX, Solaris OS

 The Unified Storage Management software should be

array based and provide GUI / web based management with complete Reporting features like LUN Usage, Empty Space etc.

 The Proposed Unified Storage should support Web based,

Email facility for remote service & also support dial-in / dial-out to report errors and warnings

 The initial connectivity is for 2 Servers scalable to 64 high

availability hosts

 Must support asynchronous mode remote replication  Must be able to replicate between two Unified Storage at

the remote site, either LAN or WAN connection.

 Ability to copy data (LUNs) to while systems is running  Ability to switch RAID types.

Disk Shelf Subsystems :

 Controller – 3U Rack-mountable form factor with min 16 slots Hot-Swap 3.5" HDD

 Dual 6Gb/s SAS 2.0 I/O Controller

 Support 600 GB/450 GB/300 GB (15,000 rpm) 3.5 " SAS

disk drives

 Support 4 TB / 3 TB / 2 TB/1 TB (7,200 rpm) 3.5 " SAS

disk drives

 Support 800 GB/400GB/200GB/100GB SSD (Solid State

Drives)

 Redundant ( 1+1 ) Dual output Power Supply

(18)

9.6

9.7

 Support the following data redundancy (RAID) features: o Mirroring

o Striping with Single Parity RAID o Striping with Double Parity RAID

 Must come with these File serving protocol enabled:- o NFSv4 and NFSv3

o CIFS o WebDAV2 o FTP o RSYNC

 Must come with iSCSI block protocol enabled

 Support user authentication from Open LDAP, Active

Directory

 Storage Management

 The storage subsystem must support management via — HTTP, HTTPS (Ajax based remote console); CLI-based — SSH, Serial; SMI-S management

year warranty.

support and maintenance. Documentation :

(19)

10

10.1

NETWORK SWITCH MAIN REQUIREMENT

MPSJ DRC Network Switch.

 Number of unit : 1 unit

 Location : Propose DRC center  Product Information : (please specify)  Model :

 Brand :

Each Network Switch must include the following specifications :

 Shall come with min 24-port 10/100/1000BaseTx ports.  Shall come with min 4-port 10/100/1000Base SFP ports.  Shall come with dedicated min 2-port 10GbE SFP ports

inclusive 10GBase-SR SFP+ per switch .

 Shall be mountable on standard 19” equipment rack.

 Shall support IP-based Network Management system and

SNMP Protocol.

 Shall support automatic medium-dependent interface

crossover (Auto-MDIX) ports on all copper.

 Shall support min 4094 active VLANs

 Shall support VLAN configuration up to port level.  Shall support 802.1Q, VLAN tagging

 Shall support per VLAN Spanning Tree (STP) IEEE  Shall support stacking architecture

(20)

year warranty.

11

11.1

VPN AND FIREWALL APPLIANCE MAIN REQUIREMENT

MPSJ DRC VPN APPLIANCE.

 Number of unit : 2 unit

 Location : Propose DRC center  Product Information : (please specify)  Model :

 Brand :

(21)

11.2

11.3

PERFORMANCE AND HARDWARE BUILT REQUIREMENTS

 The proposed system appliance shall come with o minimum of 4 x 1GE

o minimum mass storage of 40 GB (SSD) o minimum log space of 20 GB

 The proposed system shall support minimum: o 1.9 Gbps firewall throughput

o 800 Mpbs firewall + Application Detection

throughput

o 300 Mbps Firewall + application Detection & IPS

throughput

o 200 Mbps VPN throughput o 60,000 concurrent connections o 8,000 new sessions per second

 The proposed system shall support the recommended

number of users based on the following features:

o 200 users for Firewall + Application Detection &

VPN turned on

o 100 users for Firewall + Application Detection +

VPN and IPS turned on FIREWALL REQUIREMENT

 For security reasons, the proposed firewall system must

be based on a proprietary application controlled packet forwarding firewall engine and not on a form of open source firewall packet implementation.

 Application control must be configurable for each

individual firewall rule.

 Application control functionality must be configurable in

conjunction or as a dependency of at least the following criteria:

o User / User group

o Time of day / Day of week o Source / Destination

(22)

11.4

 The proposed system must include an unlimited protected

IP addresses license (unlimited box license).

 The proposed system must provide an Intrusion

Prevention System (IPS) including unlimited protected IP‘s for every unit at no extra charge.

 The included IPS system must be based on thousands of

signatures.

 The signatures for the IPS system must be updated at

least on a weekly basis or in case of a newly discovered vulnerability on demand.

 The IPS system must be able to detect and prevent

attacks based on the following evasion and obfuscation techniques: o IP Fragmentation o TCP Stream Reassembly o RPC Defragmentation o FTP Evasion Protection o URL Decoding

o HTML Decoding and Decompression o TCP Split Handshake

 The proposed system must be based on a dedicated

proprietary, linux- based operating system to prevent inheriting common OS vulnerabilities.

 The proposed system must support NAT/PAT on all

interfaces.

 The proposed system shall be able to operate on either

transparent (bridge) mode to minimize interruption to existing network infrastructure or NAT/route mode. Both modes must also be available concurrently.

APLICATION PROXIES REQUIREMENT

 The proposed system must provide application proxies for

the following services:

(23)

o NTP o HTTP o VPN

 The proposed system must provide an authoritative DNS

server for inbound load balancing.

 The proposed system must provide the ability to create

predefined reusable objects for networks that include network / IP, MAC, and interface.

predefined reusable network objects based on existing predefined objects as well as existing custom defined objects.

predefined reusable objects for services that include protocol, port range, label, and timeou

predefined reusable service objects based on existing predefined service objects.

predefined reusable objects for connections that include NAT type, interface, weighting, failover, and load

balancing settings for up to four balanced interfaces.

predefined reusable objects for users and groups that include user and group pattern matching.

predefined reusable objects for date and time ranges granularity shall be at least one hour.

 High availability - The proposed solution shall provide the

ability to deploy two units in a hot standby mode so that if one fails the other takes over all concurrent sessions for forwarding and VPN network traffic.

(24)

 High availability - Deploying a unit as a standby unit in

high availability mode shall take no longer than 5 minutes and use a graphical user interface wizard to get the standby unit up and running.

 The proposed system must provide application control per

firewall rule for more than 900 applications such as:

o All well-known Instant Messaging applications o All well-known Peer-2-Peer file sharing applications o All well-known streaming portals

o All well-known VoIP applications

 The proposed system must be capable of utilizing

interface groups per firewall rule to enhance IP-spoofing protection.

 The proposed system must support VLAN’s according

802.1q standard for up to 4,096 VLANs.

 The proposed system must support static and/or dynamic

NAT/PAT configuration per firewall rule.

 The proposed system must support firewall authentication

for the following authentication methods:

o MS Active Directory o RADIUS

o LDAP

o x.509 certificates

o VPN group membership

 The proposed system must support firewall authentication

either inline (browser-based authentication pop-up) or offline (works for any protocol).

 The proposed system must provide a connector between

the system and Microsoft Domain Controllers that allows for transparent means to find out the user to IP context (a.k.a., “DC Agent“).

 The proposed system must provide an offline firewall rule

(25)

 The proposed system must provide real-time monitoring

for active sessions through the user interface.

 The proposed system must provide one-click session

abortion through the user interface without sending TCP RST.

 The proposed system must provide one-click session

termination in the user interface.

 The proposed system must provide session detail

information in the user interface.

 The proposed system must provide firewall history cache

with following entry types and information:

o BLOCK (no rule matching, block by rule, block by

rule interface mismatch)

o DROP (TCP packet belongs to no active session,

ICMP packet belongs to no active session, ICMP packet is ignored, IP header checksum is invalid, IP header is incomplete, IP packet is incomplete, TCP header has an invalid ack number, forwarding not active)

o Traffic Type (Application)

o ALLOW ( by rule “name”)

o FAIL (accept timeout, connect timeout, denied by

filter, host unreachable, network access denied, port unreachable, protocol unreachable, routing triangle)

 The proposed firewall system must be manageable via a

secure web-based user interface.

 The port over which the web interface port of the proposed

firewall system is accessible must be modifiable via the user interface.

 Wi-Fi: The proposed system must provide an optional

802.11n-based Wi-Fi access point with up top three distinct Wi-Fi networks.

(26)

11.5

 Wi-Fi: The proposed system must provide a function to

display a landing page (click-thru) that has to be accepted for network traffic originating from the Wi-Fi network.

 Wi-Fi: The proposed system must provide a function to

display a logon page where users connected via Wi-Fi need to log on before being able to access the Internet.

 Wi-Fi: For the logon page functionality (as above) of the

proposed system, an easy-to-use web portal shall generate logons for the Wi-Fi networks.

VPN AND CONNECTIVITY REQUIREMENTS

 The proposed system must provide at least the following

encryption methods:

o DES, 3DES o AES, AES-256 o Blowfish o CAST

 The proposed system must provide capability to create

dedicated VPN site-to-site tunnels, hub and spoke, and fully meshed VPN connections.

 The proposed system must provide an IPsec-based VPN

infrastructure.

 The proposed system must be IPSEC interoperability

certified by the VPNC (VPN Consortium).

 The proposed system’s manufacturer must be member of

VPNC.

 The proposed system must provide client-to-site VPN

clients for Windows, MAC OS, and most common Linux derivates.

 The proposed system must provide client-to-site VPN

support for the built-in clients in iOS (iPhone, iPad) and Android devices.

(27)

11.6

11.7

 The proposed system must be capable of terminating

PPTP and IPsec client connections.

 The proposed system must support user interface- based

VPN tunnel termination.

 The proposed system must support user interface- based

VPN tunnel monitoring.

 The proposed system must be capable of automatic ISP

backup link activation in case of line loss.

 The proposed system must be capable of session- based

load balancing over multiple ISP uplinks.

 Load balancing over multiple ISP/VPN connections must

be redundant with automatic fallback after original connection status has been restored.

 Traffic shaping must be available within the VPN tunnel

(application-, source-, and destination-based).

 The proposed system must support UMTS/3G uplinks and

the vendor must provide a 3G Modem for use worldwide and available for all firewall units.

 All VPN configuration settings must be available through

user interface. No command-line interface shall be needed.

 All proposed item must comes with at minimum 1 (one) year

warranty.

 Bidder shall provide comprehensive documentation on system

design, system setup, IP address assignment and other information for ease of management.

 Bidder shall provide complete documentation on

(28)

commissioning & operation procedure for the installed equipment(s).

12.0

12.1

ENTERPRISE DATABASE FOR OCPS System MAIN REQUIREMENT

 Supply, installation, configuration and commissioning of

Enterprise Database System for MPSJ.

 Number of unit : Enterprise Edition Subscription (1-4 socket

server 1 Year)

 Location : Propose DRC

 Product Information : (please specify)  Model

 Brand :

 Country of Manufacture :

 Propose Enterprise Database must come with the following

features :

 High Performance & Scalability to meet the demands of

exponentially growing data loads and users.

 Self-healing Replication Clusters to improve scalability,

performance and availability.

 Online Schema Changes to meet changing business

requirements.

 Performance Schema for monitoring user & application

level performance and resource consumption.

 SQL & NoSQL Access for performing complex queries and

(29)

12.2

 Platform Independence giving you flexibility to develop and

deploy on multiple operating systems.

 Big Data Interoperability using MySQL as the operational

data store for Hadoop and Cassandra.

 Propose Enterprise Database must come with replication tools

for replication of data from production to DRC site.

 Must include 1 pair of replication agents.

 The backup replication must use Continuous Data Protection

(CDP) technology that that continuously captures or tracks data modifications by saving a copy of every change made

 The replication solutions must use the technique of saving byte

or block-level differences rather than file-level differences

 Must provide fine granularities of restorable objects ranging

from crash-consistent images to logical objects such as files, mailboxes, messages, and database files and logs.

 Shall be able to restore to physical disk or the software

snapshot.

 Retention of CDP shall support o Time-based Retention o Space-based Retention

o Time and Space based Retention o Sparse Retention

 Support Bandwidth Optimization

 Support Encryption communication from host to Server and

Server to target

(30)

12.3

 Must come with web-based UI, where tasks such as backup,

restore, monitor et al. This server also generates reports, trend graphs, e-mail and SNMP trap alerts

 Must be able to handle activities like data transfer, generating

log files for trend graphs, compressing data on its way to the Secondary server.

 Agents Operating Systems Support: o Windows

o RedHat Enterprise Linux o SuSE Linux Enterprise Server

o Community Enterprise Operating Systems o Open SuSE

o Debian

o Oracle Enterprise Linux o Solaris

o HP-UX o AIX

o Virtualization : Citrix XenServer, VMware vSphere &

Hyper-V

Scope of Services for Disaster Recover (DR) OCPS must cover the following :

 Installation of MySQL Enterprise server on dedicated server  Import of production MySQL data to DR MySQL

 Establish, maintain, and monitor real-time MySQL replication

with production MySQL data to DR MySQL

 Schedule regular automated snapshots of MySQL data  Installation of OCPS System on DR Server

 Configuration of OCPS System on DR server to match

configurations in production environment

 Establish, maintain, and monitor replication of raw production

(31)

12.4

12.5

12.6

 Perform scheduled DR OCPS environment tests as and once

a year.

Scope of Services for H/A Active-Active MySQL DB

 Setup MySQL DB Active-Active Clustering

 Migration of the existing OCPS database (400GB) to the new

Active-Active Cluster environment.

 Testing of new Active-Active MySQL cluster on OCPS System

environment

warranty.

 Bidder shall provide complete documentation on configuration,

User Acceptance Test (UAT), commissioning & operation procedure for the installed equipment(s).

13

13.1

ENTERPRISE DATABASE FOR IRMS and IFMS System MAIN REQUIREMENT

 Supply, installation, configuration and commissioning of

Enterprise Database System for MPSJ.

 Number of unit : Enterprise Edition Subscription (4 socket

(32)

13.2

13.3

 Location : Propose DRC

 Product Information : (please specify)  Model

 Brand :

 Country of Manufacture :

Replication Info-structure Management System :

restore, monitor et al. This server also generates reports, trend graphs, e-mail and SNMP trap alerts

log files for trend graphs, compressing data on its way to the Secondary server.

 Agents Operating Systems Support: o Windows

o RedHat Enterprise Linux o SuSE Linux Enterprise Server

o Community Enterprise Operating Systems o Open SuSE

o Debian

o Oracle Enterprise Linux o Solaris

o HP-UX o AIX

o Virtualization : Citrix XenServer, VMware vSphere &

Hyper-V

 Shall comes with a tape library with a minimum of 12TB of

capacity using mini SAS connectivity.

Scope of Services for Disaster Recover (DR) must cover the following :

 Installation of Existing SAP Enterprise server on dedicated

(33)

13.4

 Import of production data to DR MySQL

 Establish, maintain, and monitor real-time replication with

production data to DR.

 Schedule regular automated snapshots of data  Installation of IRMS and IFMS System to DR Server  Configuration of IRMS and IFMS System on DR server to

match configurations in production environment

 Establish, maintain, and monitor replication of raw production

email data to DRC storage

 Perform scheduled DR OCPS environment tests as and once

a year.

Scope of Services for Host Based Replication System must cover the following :

 Installation of New or Existing Enterprise Backup System

Management server on related server

 Installation of New or Existing Enterprise Backup System

server on related server

 Installation of New or Existing Enterprise Backup Software

Agents on related server. (please specify the number of agents included)

 The backup replication must use Continuous Data Protection

(CDP) technology that that continuously captures or tracks data modifications by saving a copy of every change made

 The backup solutions must use the technique of saving byte

or block-level differences rather than file-level differences

 Must provide fine granularities of restorable objects ranging

from crash-consistent images to logical objects such as files, mail boxes, messages, and database files and logs.

 Shall be able to restore to physical disk or the software

snapshot

 Retention of CDP shall support o Time-based Retention o Space-based Retention

(34)

o Time and Space based Retention o Sparse Retention

 Support Bandwidth Optimization

 Support Encryption communication from host to Server and

Server to target

restore, monitor et al. This server also generates reports, trend graphs, e-mail and SNMP trap alerts

log files for trend graphs, compressing data on its way to the Secondary server

 Install, configure and test the management server  Install, configure and test the replication agents

 Configure replication pair and set the retention as per MPSJ's

requirement

 Develop a DR Plan specifically for the systems that will be

install with agents that can comply with Information Security Management Systems standard

 Test and verify the DR Plan

 All proposed software including services shall comes with 1

year 24x7 (round-the-clock) unlimited telephone and email support. Hotline telephone number and helpdesk email shall be provided. Whenever deemed necessary by ICT

Department, certified technical personnel shall be assigned and fetched to perform the following tasks, but not limited to:-

o Standard and advanced health checking of the supplied

system.

o Standard and advanced troubleshooting of the supplied

system.

o Calibration, re-engineering and/or re-deploy of the supplied

system.

o Consultation on the supplied systems.

o Migration and integration assistant of the supplied systems

(35)

13.5

13.6

13.7

o Standby during major events

o Any mitigation works required to ensure the system at MPSJ

local area network runs at its optimum performance Scope of Services for H/A Active-Active Database