شبكة معلومات وزارة التنمية المحلية13-5

Page ٢ of ٤٦

Table of Contents 1. TOR Overview and scope of work

1.1.1. TOR overview and scope .

1.1.2. RFP General Rules.

1.1.3. Acronyms and abbreviation.

2. Implementation and Operation 2.1. External Networks

2.1.1. Introduction and acknowledgment.

2.1.2. Leased lines General Specs.

2.1.3. The SLA should contain.

2.1.4. Monitoring and reporting.

2.1.5. Installation and Operation.

2.2. Internal Networks

2.2.1. Passive Components.

2.2.1.1. Nodes.

2.2.1.2. Horizontal Cabling system.

2.2.1.3. UTP Cables.

2.2.1.4. Racking System.

2.2.2. Active Components

2.2.2.1. Core Routers: Qty (2).

2.2.2.2. Core Switch: Qty (2).

2.2.2.3. Access Switch: Qty (20).

2.2.2.4. Branches WAN routers: Qty (5).

2.3. Security Solution

2.3.1. 1st stage irewall: Qty (2).

2.3.2. 2nd stage irewall: Qty (2).

2.3.3. Interconnection Switches.

2.3.4. Host Based IPS.

Page ٣ of ٤٦

2.3.5. Web Security appliance with embedded URL ilter for 200 users.

2.3.6. Web Anti-Virus Gateway for 200 users.

2.3.7. Network Admission.

2.3.8. Security Management System.

2.3.8.1. Security Management server: Qty (1).

2.3.9. UTM for Branches.

2.4. Network Management System

2.4.1. General Requirements.

2.4.2. Network Fault and Performance Management.

2.4.3. Network Configuration and Automation.

2.4.4. Network Management server: Qty (1).

2.5. Audio/Video Communication, Call Processing System

2.5.1. IP Phones.

2.5.2. Top Management IP Phones: QTY- 50.

2.5.3. Manager Level 2 IP Phones: QTY- 150.

2.5.4. MS OCS servers: Qty (3).

3. Documentation

3.1. System Acceptance.

3.2. Testing.

3.3. Testing Strategy.

3.4. Identification.

4. Training

4.1 On-hand training.

4.2 Formal training.

5.

Page ٤ of ٤٦

Section 1: TOR Overview and scope of work

1.1 TOR overview and scope: The main aim of this RFP is to design a secure overlay network that, leveraging various Internet connectivity technologies available (Leased Line, ADSL, 3G & Metro Ethernet), will provide a private cost effective network that will be used to run various applications and services. The proposed network topology is a typical star centralized and managed from the Ministry of Local Development (MLD) Data Center located in the MLD's HQ, where all the Remote Nodes (RN) will connect to using secure SSL tunnels. Since all the RNs will depend on the MLD Data Center (MLDC) to gain access to services hosted within the MLDC network, it is very important that the following requirements are met:

- Availability - Scalability - Economical Operation

The Availability should at least imply that the services continuity as well as there are no single point of failures which may impact the running of services or, at least, allow them to be recovered in a few minutes without human intervention after a failure occurs. The Scalability will allow increasing the number of RNs or the level of services offered with incremental investments, without disturbing live network and minimizing initial investments. The Economical operation will allow full remote management of all network devices and services, use of low-cost and widely available Broadband services and low installation fees through implementation of automation. The services initially offered are:

- Connectivity between RNs and MLDC over a high performance secure private network using flexible and redundant connectivity options (ADSL, Leased Lines, 3G and Metro Ethernet).

- Secure access to Internet via local break out at Remote Nodes (RNs) - Free IP telephony service between RNs and MLDC. Provide the possibility for central and remote

breakout to Public Switched Telephone Network (PSTN) via analogue, digital or SIP trunk lines - Email and Domain services across the MLD. - Local storage and processing power at RNs to be able to execute distributed Web applications, like

o Content Management s for Website & Intranet o E-learning and E-teaching o Collaboration (groupware, webinar, video conferencing) o Network Access Control for wired and wireless network

Hosting of custom-built web applications

1.2 RFP General Rules:

- The attached specifications cover all the parts concerning the Design.

- All the items should be provided, installed, tested and operated for a Complete up and running system (turnkey solution).

- The proposed Hardware system must be scalable, flexible for any future expansion smoothly with cost effective without any need for replacing the offered hardware equipments.

- All the technical specifications mentioned here in the RFP is the minimum requirements and must not less than these specification, any more specification is a plus and will be evaluated.

- Bidder must provide, along with the submitted bid, a list of successful, similar local installations; Meaning: - Equivalent or larger in size; - A system installed that is roughly equivalent to Submitter's requirements.

- The Bidder must provide Bill of Materials in the technical proposal meet the same sequence presented in his financial proposal identical to the sequence of the RFP.

- This RFP describes the requirements as well as the Bidder responsibilities. - Failing in any of the above-mentioned items will consider the bidder disqualified.

Page ٥ of ٤٦

The Bidder should provide in his response the following information: - The itemized price for each item. - Training courses, number of trainees, and training period. - Responsibilities of the Bidder during the Guarantee Period. - Maintenance and other services provided by the Bidder and cost for annual Maintenance contract after the Guarantee Period.

1.3 Acronyms and abbreviation

The following table illustrates the organizational and technical acronyms used in the TOR

Term Explanation ACL Access Control List AES Advanced Encryption Standard AN Access Node ARP Address Resolution Protocol ATM Asynchronous Transfer Mode Bps bits per second BRI Basic Rate Interface CIR Committed Information Rate CMP Configuration Management Plan CPE Customer-premises equipment DES Data Encryption Standard DHCP Dynamic Host Configuration Protocol DMS Document Management System DRDB Drainage Database DSL Digital Subscriber Line DSLAM Digital Subscriber Line Access Multiplexer DTMF Dual Tone Multi Frequency EMES Equipment Monitoring and Evaluation System EMS Environmental Media Services ERD Entity Relationship Diagram FR Frame Relay FTP File Transfer Protocol FW Firewall HQ Head Quarter HSSI High Speed Serial Interface I&C Installation & Checkout Plan IPLR Intelligent Packet Loss Recovery IPLR IP Packet Loss Ratio IPS Intrusion prevention system ISDN Integrated Services Digital Network Kbps Kilo bits per second KVM Keyboard, Video or Visual Display Unit, Mouse LAN Local Area Network LCD Light Crystal Display LPM Lines Per Minute Mbps Mega bits per second MDC MLD Data Center MIS Management Information System MLD Ministry of Local Development MLS Microwave Landing System MN Master Node MPLS Multi Protocol Label Switching MS OCS Microsoft Office Communications Server

Page ٦ of ٤٦

Term Explanation NAT Network Address Translator NOC network operations center OAT Operational Acceptance Test

POP point-of-presence PP Project Detailed Plan PPS Packets Per Second PRI Primary Rate Interface PSTN Public Switched Telephone Network PSTN Public Switched Telephone Network QA Quality Assurance QAP Quality Assurance Plan OTDR Optical Time-Domain Reflect meter QoS Quality of Service RAID Redundant Array of Inexpensive Disks RAS Remote Access Server RDBMS Relational Data Base Management System RFP Request for Proposals RN Remote Node(Branch) Rpm revolution per minute RSVP Resource Reservation Protocol SAN Storage Area Network SAT Site Acceptance Test SCCP Skinny Client Control Protocol SCSI Small Computer System Interface SDD System Design Documents SDDD System Detailed Design Document SIP Session Initiation Protocol SLA Service Level Agreement SNMP Simple Network Management Protocol SRR System Readiness Review ToS Type of Service URI Uniform Resource Identification UTM Unified Threat Management UTP Unshielded twisted pair VoIP Voice over IP VPN Virtual Private Network WBS Work Breakdown Structure WLAN Wireless Local Area Network

Page ٧ of ٤٦

Section2: Implementation and Operation

2.1 External Networks 2.1.1.Introduction

The MLD wide area network consists of 2 networks , the first network connect the 5 Cairo premises of MLD , the second network will connect the governorates to MLD . The establishing of the first network is the concern of this RFP. It so important to take in consideration that the design and installation of the network should be scalability and extendibility.

NO Name

1 Dokki Site.

2 Garden City Site. –

3 General Secretariat of the local

administration Site

––

4 Dokki Site.

5 Kasr El Aini Site.

6 Sakkara Training center ––

7 ELharam data entry Center

Page ٨ of ٤٦

Dokki Site, Garden City Site, General Secretariat of the local administration Site, Sakkara Training

center , ELharam data entry Center and Kasr El Aini site will be connected Together through MPLS

IP-VPN Connections.

The following table indicates the total bandwidth required in every branch

NO Name Internet B.W/Mbps

MPLS IP-VPN/Mbps

1 Dokki Site. 6 6

2 Garden City Site. 1

3 General Secretariat of the local administration Site. 1

4 Kasr El Aini site. 1

5 Sakkara Training center. 1

6 ELharam data entry Center. 1

Phase II: Governorates Remote Sites:

Phase II (second network) RFP will be launched after completing the Phase I (first network) while considering the scalability and expendability of both phases Starting from phase I, scalability in terms of capacity and resilience can be increased by adding one more AN at MDC, as show in the picture below:

- The Master Node (MN) holds all records related to RNs (security certificates, accounts, passwords and other information) and will push them down to each AN, The MN failure does not impact the ability of RNs to connect and access to the MLDC and related services. However recovery of the MN will be required for non-routine tasks (like adding a new RN). .

- Each leased line connection presented as Ethernet interface will terminate directly on HQ Appliance where load-balancing and bandwidth aggregation will be provided.

- The connection between the MN and the two ANs will use a VLAN segregated from the VLAN used to route traffic between RNs connected to different ANs.

Page ٩ of ٤٦

- The two ANs will terminate the tunnels and provide to their connected RNs basic services like AAA and internal DNS.

- If one of the ANs goes down for maintenance or failure, all the RNs will reconnect to the second active AN.

- Each remote site is equipped with one RN. Depending on the Broadband connectivity utilized at each remote site, the Appliance will be equipped with required Broadband WAN support.

- The connections of RNs to ANs will follow a load-balancing criteria and in normal conditions (i.e. when both ANs are active), it’s expected that the number of nodes connected to each AN will be about the same.

- Logical topology: The logical connectivity for the data MPLS VPN will be any to any such that every site will communicate directly with the HQ as well as any other site (if required) without the need to communicate firstly with the HQ as shown in figure. Any combination of logical connection could be done during the implementation phase.

The above diagram represents a generic functional layout of the network and the bidder has the full freedom to propose alternative architecture that delivers similar functionalities.

Page ١٠ of ٤٦

2.1.2 leased lines General Specs:

1- The Bidder should explain how the offered bandwidth (both of the internet traffic as a dedicated bandwidth as well

as the IP VPN MPLS traffic) can be granted end-to-end from the MLD Router to the ISP international gateway

router and how he can perform necessary IP routing for connecting with Internet and MPLS IP-VPN and should

explain in details how complete separation of the Internet as well as MPLS IP-VPN traffic from the commercial

Internet traffic can be ensured to achieve the dedicated bandwidth condition.

2- The Bidder should provide the solution to ensure the traffic needs and support all kinds of service (i.e. QoS for

voice and video and data communications between The HQ and all branches).

3- The Bidder should present all the legal documents and licenses that prove its capability of delivering this service.

4- The Bidder international gateway facility should be explained in details. This should include the following:

a- How many routers, their technical specifications and redundancy

b- International links bandwidth, utilization and backup links.

4- The Bidder Point of Presence (POPs) from which the MLD internet traffic can be granted exchange should be

explained. This includes:

a- How many routers , their technical specifications and redundancy.

b- Uplinks Bandwidth, utilization and backup links.

c- DSLAMS types, utilization and uplinks speed

5- Any other Bidder Point of Presence used throughout the MLD internet traffic path to reach the Bidder international

gateways should be explained. This includes:

a- How many routers, their technical specifications and redundancy.

b- Uplinks Bandwidth redundancy, utilization.

c- DSLAMs types, utilization and uplinks speed

6- Site Survey is a must in order to achieve the availability and the integrity of the offered bandwidth.

7- If any Bidder POP throughout the offered solution will be upgraded to offer the needed service by the MLD, all the

guarantees should be submitted by the Bidder to ensure this upgrade. This includes links contracts, devices bills,

8- The Bidder should guarantee that the MLD offered bandwidth will not exceed 3 HOPs to reach the ISP international

links i.e. first HOP from the MLD site at the exchange that will provide the bandwidth or any other POP (according

to the Bidder offered solution), second HOP from the ISP POP to another intermediate POP and the 3rd and HOP to

the Bidder international links.

Page ١١ of ٤٦

9- The offered bandwidth at the exchange that will provide the bandwidth should be distributed over separate local

loops any more added loops for redundancy is a plus. Also, distributing the bandwidth over the exchange that will

provide the bandwidth POP and any other POP for redundancy is a plus.

`

10- Real IPs for all serials should be provided in order to facilitate the monitoring procedures.

11- At least 1 class C subnets from the ISP IP Pool should be offered. Any more offered class C subnets are a plus.

12- The solution should be integrated i.e. no extra hardware or software should be requested to assure the connectivity

between sites and the internet.

2.1.3 Service Level Agreement (SLA) Proposal: The SLA should contain:

1- Detailed description for the level of service provided as well as the technical support that the Bidder will provide to

MLD during the period of contract, indicating if a special treatment can be offered such as a dedicated number for

technical support, high priority in responding to problems or requests reactive and/or proactive.

2- Maximum network availability should be granted.

3- Minimum Network latency and Packet loss should be granted.

4- Minimum Response time in case of any link failure.

5- Minimum time to response to a fault reported to the ISP NOC or customer care.

6- Minimum time to resolve a fault reported to the ISP NOC or customer care.

7- Maximum notification period before any Maintenance procedure carried out by the Bidder that may cause any

degradation or outage for the normal operation of links

8- MLD must get a 24X7 service and will not accept any downtime on any of its links.

9- The SLA should cover the Bidder international links, internal network and the local loops ,CPEs and the routers

to the MLD sites i.e. all the MLD offered bandwidth path to the international links.

10- Each Bidder should explain how he identifies link failure and degradation of service.

11- Each ISP should explain penalties and deduction in monthly fees in case of link failure and/or degradation in

service. This should be categorized as down time /Day, cumulative down time/Day, cumulative downtime /Month,

degradation of service /Day, cumulative degradation of service /Day, cumulative degradation of service/ Month.

Also, all the penalties should be categorized as per link and per total number of links.

Page ١٢ of ٤٦

2.1.4 Monitoring and reporting: 1- The ISP should provide MLD with an online 24x7 access to monitoring tools (from the ISP side) to ensure

that the SLA is met. ISP should elaborate on the tools he employs for such purposes and how the MLD

Engineers can get access to them.

2- In addition to the online monitoring, ISP should submit to MLD monthly reports and graphs indicating

capacity, utilization and its monthly distribution.

3- In case of any type of link failure or degradation of service, a report should be submitted to MLD.

2.1.5 Installation and Operation:

1- The effective date for operating all links is ...........

2- All links should be installed and tested 2 weeks prior to the effective date of operation.

3- All the DSL unites, cables and CPEs from both sides, the Bidder side and the MLD side, should be

provided by the Bidder and should be a well known and tested brand by MLD. Also any local loop

installation or fees will be the responsibility of the Bidder.

Bidder should submit action plan for the installation procedures including milestones and deliverable reports. The Bidder should explain in details in the action plan how he can guarantee full operation of the new installed lines with the existing MLD lines from the routing perspective and to ensure minimum or no down time during the transition process to the new links.

Page ١٣ of ٤٦

2.2 Internal Networks 2.2.1 Passive Components

2.2.1.1 Nodes

This following table indicates the LAN Number of nodes

Page ١٤ of ٤٦

- Minister's office in Dokki building and each one has an internal network which will be

connected through UTP Uplinks based on a star topology as shown in figure.

- The server room in The Cabinet of the Ministry Dokki which contains the main

switch will has 70 nodes distributed in all Rooms connected to the main switch.

- Minister's office in Garden City will have 50 nodes distributed in all Rooms and will be

aggregated in one rack, which contains the edge switch and router connection to the main

switch.

- General Secretariat of the local administration will have 68 nodes distributed in all Rooms

and will be aggregated in one rack , which contains the edge switch and router

connection to the main switch.

- ELharam data entry Center will have 40 nodes distributed in all Rooms and will be aggregated

in one rack, which contains the edge switch and router connection to the main switch .

- Sakkara Training center will have 40 nodes distributed in all Rooms and will be aggregated

in one rack, which contains the edge switch and router connection to the main switch.

- Organization for Reconstruction and Development of the Egyptian Village will have 90 nodes distributed in all Rooms and will be aggregated in one rack, which contains the edge switch.

Page ١٥ of ٤٦

The proposed network should support Virtual LANs (VLANs) to allow grouping of users in any logical

combination, not restricted by their physical locations or sub-networks. All

routing between VLANs should be achieved internally through the Layer 3 core switch.

The bidder should conduct a requirement study after the award of the tender to clarify

and confirm user requirements prior to the actual design and development of the system.

The bidder should provide, install and configure all equipment including switches, racks and any other

necessary accessories.

The bidder should mount the proposed switches on to new racks to be supplied by bidder in this works

, complete with proper cable management and power distribution units.

Bidder should highlight any constraint with the proposed solution especially pertaining to

scalability.

Bidder should propose upgrade path as the network requirement increases.

The bidder should be responsible for patching all the network cables from the switches and

all other network equipment to the proposed core and edge switches.

Page ١٦ of ٤٦

The bidder should ensure that The MLD network has healthy operations after the patching exercise.

The bidder should label all new equipment and cables (both data and power) according to The MLD

standards of labelling.

2.2.1.2 Horizontal Cabling system INSIDE CABLING

General The general guideline for installing inside wiring for all buildings MLD should require the bidder to provide all labor and materials for installation of the interior infrastructure. The bidder will install the interior infrastructure in accordance with the Standard Cabling System.

Routes The bidder should agree the routes to be taken by trucking in particular the main containment systems, in consultation with representatives of MLD.

MLD recommends the location of concentrationpoints to be used in the installation. MLD will also identify any exceptions to the rules governing the number of workplaces outlets to be installed in each area of the installation.

Concentration points Each installation will involve establishing or expanding one or more network concentration point.

Each concentration point will consist of one rack or multiple racks, Contains up to around 50 premises cable terminations per rack, one or more data uplinks, active data equipment units, and ancillary equipment such as power supply protection and cable management units

The bidder will be responsible for the movement & replacement of all furniture and other items required , in negotiation with the MLD.

The bidder is obliged to ensure that no premises cable has a length of more than 90m from concentration point to workplace outlet. Where a choice of concentration point location presents a significant risk that this 90m limit will be exceeded, the bidder must obtain approval from MLD prior to the beginning of the installation.

Upon completion of the initial cabling Any damages in the buildings by the bidder Should be fixed by the bidder and an his own, all holes and methods of entry should befilled with a suitable firebreak material. It is preferred that a material is used which can be easily removed and reused when required. Where access holes are drilled into workplace areas from major trunking areas, the size of the holes made should be sufficient for an additional 20% cables to be installed at a later date.

The bidder will need to ratify the planned layout before installation workbegins.

Location of outlets and Quantity

The location of outlets in office space should be chosen to achieve maximum distribution of double outlets around the usable space, for the convenience of the office users.

Where cables in offices are not contained in multi-compartment trunking, the location of outlet

Page ١٧ of ٤٦

s should be chosen so as to minimize the number of holesdrilled in the office fabric.

By default, outlets in office space are to be located wherever it is reasonable to

place equipment that has a data requirement.

2.2.1.3 UTP Cables

All horizontal cabling system must be UTP Cat 6 with the following specification:

UTP 4 pairs cabling with Cat6 performance at 4 connectors channel. Support Class B applications. TIA/EIA Specifications.

All internal building Network Operations Infrastructure should adhere to ANSI/EIA/TIA 568B (Commercial Building Telecommunications Cabling Standards) and ANSI/EIA/TIA 569 (Commercial Building Standard for Telecommunications) Pathways and Spaces.

The cable must be installed so that mechanical strain does not reach the jack. Only one colour scheme should be used throughout the project.

UTP Patch Panel QTY (20)

UTP RJ45 connectors with Cat6 performance at 4 connectors channel.

24 ports per single rack unit 19".

Support TIA/EIA Class B applications.

Include labelling paper frame.

One Horizontal organizer should be provided for each Patch Panel.

Complete ties and strips package should be provided for the cable management. UTP Network patch cord QTY (400)

UTP RJ45 Patch cord with cat 6 performance at 4 connector's channel. Support TIA/EIA class B applications. Strained copper pre assembled. 1M length.

UTP User patch cord QTY (400)

UTP RJ45 Patch cord with cat 6 performance at 4 connector's channel. Support TIA/EIA class B applications. Strained copper pre assembled. 3M Length.

External UTP Face Plates QTY (400)

UTP RJ45 connector with cat 6 performance at 4 connector's channel.

External wall mount support box.

Support TIA/EIA Class B application.

Page ١٨ of ٤٦

Single Gang type.

Number to cover all active and stand by ports.

2.2.1.4 Racking System

All hardware must provide vertical and horizontal cable organizers for cross connects wire and should be wall mounted Where the bidder has a choice of equally acceptable concentration points, the bidder is expected to choose those which offer to MLD the highest performance , lowest over all installation, and maintenance costs and suitable for all active components installation. MLD must approve such choices.

HQ Rack 42U (Qty: 2)

Rack 19U (Qty: 9)

• All Racks must be grounded to the isolated ground bar.

• All Racks must have one shelf and glass door with lock.

•All Racks must have Proper ventilation fans.

•All Racks must have a 19" power strip with 8 outlets at least.

RACK (TBD) (Qty: 1)

RACK - TBD (To Accommodate All Servers)

It's Must to be the same brand as the servers

Minimum two separate Power Distribution Unit with (Main & Female Power Connector)

Power Cables Servers & PDU

KVM Switch Input Ports (At least 8 Port)

Output Port

All Needed Cables & Accessories

Accessories Integrated Rack able monitors TFT At least 17", Keyboard, Mouse

Preferable Fan Unit for proper ventilation

Preferable Stability Kit

Blanking Kit

Grounding kit (If Needed)

Page ١٩ of ٤٦

2.2.2 Active Components

2.2.2.1 Core Routers: Qty (2)

1. Architecture

Supports high-quality simultaneous services at wire speed up to multiple T3/E3 Performance up to 500 Kpps Supports wide variety of field upgradeable LAN, WAN & service modules Supports common feature and command set structure and interface modules with other Routers

with software upgradeable feature sets Supports ADSL and G.SHDSL interfaces for backup

2. Configuration One E3 Port 2-ports 10/100/1000Base-TX Gigabit Ethernet LAN interfaces At least 4 Interface card slots with free slots to accommodate future upgrades Supports up to four network modules 1 slot for VPN Acceleration Modules 2 slot for Voice Processing Modules Console cable, power cables and operating manuals

3. Protocols Support Routing via Static Routing, RIP-v1, RIP-v2, OSPF, & BGP-4 Supports TCP, UDP Supports Telnet, SNMP, FTP, TFTP, Trace Route IP Multicast: PIM (sparse and dense mode) and DVMRP

4. Quality of Services Supports PQ, CQ, WFQ, CAR, GTS, WRED. Support resource reservation protocol (RSVP) Destination-based load sharing among equal and none equal cost paths Supports 802.1 p and L2 CoS Auto configuration of QoS

5. Redundancy Support Interface Backup, Link Backup and Route Backup Dial-on-Demand Routing for Dial Backup Hot Standby Router Protocol/Virtual Router Redundancy Protocol (HSRP/VRRP) Should Support Redundant power supply

6. Security Features Should Support either hardware or software based security features Access Control Lists L3/L4 Supports Dial-In User Service (RADIUS), Kerberos V, and TACACS+ with authentication,

authorization, and accounting (AAA), PAP & CHAP. Embedded hardware-based VPN encryption acceleration Supports VPN using L2TP, GRE and IPSec (DES, 3DES, AES 128, AES 192, and AES 256) site-to-

site and remote access Supports Dynamic Multipoint VPN Software Firewall, intrusion prevention, IPSec VPN, advanced application inspection and control,

SSH v2.0, and SNMPv3

7. Management Command Line Interface (CLI) Network Management Application (SNMP, RMON)

Page ٢٠ of ٤٦

Embedded web-based device-management tool for WAN access and security features supports Telnet, TFTP, NTP and SNTP

2.2.2.2 Core Switch: Qty (2)

Core Switch should be equipped with 24 RJ-45 10/100/1000 Port, and four SFP ports.

The switch should support at least the following protocols : IEEE 802.3z 1000Base -SX/LX/TX IEEE 802.1P IEEE 802.1Q IEEE 802.1D IEEE 802.3af

Switch should support full duplex operation on all ports with minimum of 32 Gbps

Switching fabric Forwarding rate based on 64-byte packets :38 Mpps Should Support Stacking The switch should support per VLAN Rapid Spanning Tree. Should support Inter-VLAN IP routing for full Layer 3 routing between VLANs. The switch should be managed via SNMP protocol (preferably web -based Management

and configuration interface) Per-port broadcast , multicast , and unicast storm control to prevent faulty end station

from degrading overall systems performance The Switch should support four egress queues per port to enable differentiated

management of up to four traffic types across the stack. Power supply requirements; 220VAC, 50Hz All Manuals, Original CD's console cable, power cable, any other needed accessories

and software should be included.

2.2.2.3 Access Switch: Qty (20)

Edge Switches with 24 Ethernet 10/100 ports and two dual Purpose port (10/100/1000 or SFP) 8 PoE Ports 1 RU fixed-configuration LAN Lite image installed

The switch should support at least the following protocols : IEEE 802.3z 1000Base -SX/LX/TX IEEE 802.1P IEEE 802.1Q IEEE 802.1D IEEE 802.3af

Switch should support full duplex operation on all ports with minimum of 16 Gbps Switching

fabric Forwarding rate based on 64-byte packets :6.5Mpps The switch should support per VLAN Rapid Spanning Tree Should support Inter-VLAN IP routing for full Layer 3 routing between VLANs. The switch should be managed via SNMP protocol (preferably web -based Management and

configuration interface)

Page ٢١ of ٤٦

Per-port broadcast , multicast , and unicast storm control to prevent faulty end station from degrading overall systems performance

The Switch should support four egress queues per port to enable differentiated management of up to four traffic types across the stack.

Power supply requirements; 220VAC, 50Hz All Manuals, Original CD's console cable, power cable, any other needed accessories and

software should be included.

2.2.2.4 Branches WAN routers: Qty (5)

Performance that supports bidirectional high-quality simultaneous services throughput of 120 KPPS

Should have at least 3 empty slots Should support one slot for any Network modules Should be equipped with 2 Serial ports The ability to aggregate the connected WAN lines through multi-link PPP All software licenses should be included All needed cables should be included AC power supply 200 to 240 VAC (autoranging) 50 Hz 2-ports 10/100 Base-TX Ethernet LAN interfaces Console cable, power cables and operating manuals WAN protocols and media: Leased Lines, Frame Relay, MPLS Routing via Static Routing, RIP-v1, RIP-v2, OSPF, & BGP-4 Supports TCP, UDP Supports Telnet, SNMP, FTP IP Multicast: PIM and DVMRP Supports for multiple routing tables Support resource reservation protocol (RSVP) Auto configuration of QoS Virtual Router Redundancy Protocol (VRRP) Support External Redundant Power Supply Web-based device-management Network Management Application (SNMP, RMON) Command Line Interface (CLI) Supports VPN using SSL, L2TP, GRE and IPSec (DES, 3DES, AES 128, AES 192, and AES

256) site-to-site and remote access Software Firewall, intrusion prevention, IPSec VPN, advanced application inspection and

control, SSH v2.0, and SNMPv3 should be supported

Page ٢٢ of ٤٦

2.3 Security Solution

2.3.1 1st stage irewall: Qty (2) Features

Provide proactive threat defense to stop attacks before they spread through the network Control network activity and application traffic Multifunction appliance including: Full-featured, high-performance firewall Should be equipped with IPS

Performance

Firewall Throughput at least: 300 Gbps IPS throughput at least: 140 Mbps Concurrent Sessions: 120000 New connections per second: 8500 Users/Nodes Unlimited VPN Throughput: Up to 170 Mbps SSL VPN sessions: 250

Interfaces 2-port Gigabit Ethernet 3-port Fast Ethernet 100 Virtual Interfaces (VLANs) High Availability Active/Active and Active/Standby configurations supported (Active/Active proposed)

2.3.2 2nd stage firewall: Qty (2)

The firewall should be support the following minimum requirements:

It should be a different vendor from the first stage The firewall should be ASIC based. The Firewall should support at least 10 integrated 10/100/1000 Ethernet ports. Supports expansion module for future increase in number of interfaces Support Firewall performance of at least 8 Gbps Throughput. Support IPSec VPN throughput of at least 6 Gbps. A minimum of 600 000 concurrent sessions Minimum of 20 000 new sessions/sec Should Support IPS, Antivirus on the same appliance Should Support long term logs Should support logging, analysis, and reporting In case of adding Antivirus it should be ASIC based All manuals, console cable, power cables, any other needed accessories and software should be

included.

2.3.3 Interconnection Switches: Configurations

8 ports 10/100 1 T/SFP-based Gigabit Ethernet port Management console port

Page ٢٣ of ٤٦

Availability and Scalability

IEEE 802.1d Spanning Tree Protocol IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) IEEE 802.1s Multiple Spanning Tree Protocol (MSTP) Switch port auto recovery Per-port broadcast, multicast, and unicast storm control VLAN Trucking Protocol (VTP) pruning IGMPv3 Snooping for IPv4 and IPv6 MLD v1 and v2 Snooping IGMP filtering

Security IEEE 802.1x port-based security IEEE 802.1x with VLAN assignment IEEE 802.1x with voice VLAN IEEE 802.1x with ACL assignment Port-based ACLs Unicast MAC filtering Unknown unicast and multicast port blocking SSHv2, and SNMPv3 Bidirectional data support on the Switched Port Analyzer (SPAN) port MAC Address notification. DHCP snooping MAC Address aging feature Multilevel authorization on console access and Web-based Management User-selectable address-learning mode IGMP filtering. Dynamic VLAN assignment RADIUS authentication in addition to support for Local Database

Manageability CLI support Embedded Web browser for initial switch configuration Support extensive management using SNMP network-management platforms SNMP v1, v2c, and v3 and Telnet interface support VLAN trunks based on 802.1Q tagging At least 255 VLANs per switch At least 128 spanning-tree instances per switch Group Management Protocol server functions IGMPv3 snooping TFTP Software Upgrade Auto-sensing, Auto-negotiation and Auto-MDIX on all 10/100/1000 port Dynamic Trucking Protocol (DTP) Link Aggregation Control Protocol (LACP) that conforms to IEEE 802.3ad.

Performance 16 Gbps switch fabric Forwarding rate based on 64-byte packets up to 2.7 Mpps At least 6,000 MAC addresses

Standards IEEE 802.1s, IEEE 802.1w, IEEE 802.1x, IEEE 802.3ad, IEEE 802.1D, IEEE 802.1p, IEEE 802.1Q IEEE 802.3x full duplex on 10BASE-T, 100BASE-TX, and 1000BASE-T ports RMON I and II standards SNMPv1, SNMPv2c, and SNMPv3

Page ٢٤ of ٤٦

2.3.4 Host Based IPS:

Bidder should propose Host IPS for application servers & desktops. Proposed solution should be easy to deploy, easy to configure, and easy to manage via a single

console. The ability to aggregate and extend multiple endpoint security functions-the Security Agent

provides host intrusion prevention, distributed firewall, malicious mobile code protection, operating system integrity assurance, and audit log consolidation, all within a single agent

Preventive protection against entire classes of attacks, including port scans, buffer overflows, Trojan horses, malformed packets, malicious HTML requests, and e-mail worms

Should Support data loss prevention (DLP) feature “Zero update" prevention for known and unknown attacks Industry-leading protection for servers and desktops, Unix and Windows Application-specific protection for web servers and databases An open and extensible architecture with the ability to define and enforce security according to

corporate policy An enterprise scalable architecture-the Security Agent is scalable to 100,000 agents per manager Future support of Integrated solution architecture with Network Admission or Access Control

(NAC)

2.3.5 Web Security appliance with embedded URL ilter for 200 users:

Support user authentication based on: LDAP, NTLM (single sign on) and active directory ( single sign on ), radius, X509 certificate , built in username/group database, RSA Secur ID ( OTP), web identity management systems, substitution realm, guest authentication, permit specific authentication errors.

Supports at least HTTP, HTTPS, FTP, DNS, P2P, Telnet, IM, TCP-Tunnel, Windows Media, Quick Time, Filtering Capabilities, P2P control proxy services.

Support operation in Proxy, transparent (cookies and IP), Bridging, WCCP modes. Should support the hardware-based SSL termination (may be added in future) Should be fail open if any hardware failure happen in the box for internet services continuity Support multiple filtering policies based on: user based policies (user, group), location based

policies (IP, network) Service based policy (Protocol, Destination port), flexible destination based policies (Domain, URL, Wild card URL, HTTP method), time of day.

Support controlling bandwidth management based on : client address, Content-type, Time, Protocol via deploying multiple bandwidth classes (Minimum guaranteed bandwidth, Maximum Bandwidth, and priority)

Support HTTP compression, Bandwidth optimization and protocol optimization Managed via HTTP and HTTPS, CLI, Telnet, SSHv2 and support auto logout enforcement. User-friendly GUI interface administration tool to create and maintain policies, view statistics,

Upgrade appliance OS. Support Object caching, and Byte caching Pre-defined policies Content policy language to create custom text-based policies Support configuration backup on a centralized FTP server and restore via HTTP, FTP and TFTP. Support event tracking and notification alerts via e-mail, SNMP, Event log, and combined tracking

and notification Send a SNMP trap and email notification incase of DOS attack events with date, time and level of

severity (Severe, Resource errors, Informational, Verbose). Support user authentication to view specific reports for delegated management. Enables administrators to generate reports that:

o Identify possible security holes o Track potentially dangerous user activity o Report on blocked traffic by category and URL o Conserve network bandwidth resources by identifying abuse patterns o Report on web usage by user, group location, URL, and other factors o Real time reporting tool o Historical reporting tools with the ability to customize and schedule reports for distribution by e-

mail. Supports ICAP protocol, the bidder should mentions any other protocols supported

Page ٢٥ of ٤٦

Equipped with at least 2x320GB SATA disk space and 2GB of RAM. Should equipped with at least 2 10/100/1000 network interfaces

2.3.6 Web Anti-Virus Gateway for 200 users:

Should be fully integrated with above security appliance, highly recommended be from same vendor, if possible

Providing protection against: o Infected Web Email o Spyware & SPAM Trojans o Internet Worms o Malicious HTTP & FTP Content

Scan HTTPS traffic to remove viruses from encrypted browser session downloads Automated Virus updates Definable update time frequency settings. Must support the ability to:

o set timeout duration o drop file if errors in scanning occur o define trusted sites o Heuristics fingerprint recurring files as infected or clean for non-cacheable content o allow/deny lists with extensions along with file size and content type restrictions o Customized alerts can notify administrators when a virus is found, AV updates are successful,

AV updates fail, subscriptions expire, files are dropped, or files pass without scanning. o "Log files can be customized using standard logging formats and sent off-box via TCP or UDP

for processing" o New firmware updates and release notes are sent to the appliance for administrator approval

and installation. Should equipped with at least 2 10/100/1000 network interfaces At least 70GB SCSI hard disk, with minimum 2GB RAM

2.3.7 Network Admission:

Recognizes users, their devices, and their role in the network. Occurs at the point of authentication, before malicious code can cause damage.

Evaluates whether machines are compliant with security policies. Security policies can vary by user type, device type, or operating system.

Enforces security policies by blocking, isolating, and repairing noncompliant machines. Machines are redirected into a quarantine area, where remediation occurs at the discretion of the administrator.

Can apply posture assessment and remediation services to LAN-based user devices, wireless users, and remote users connecting through VPN concentrators or dial-up servers.

Deployed in out-of-band. Deployment of the solution is in-band only during the process of authentication, posture assessment, and remediation. Once a user's device has successfully logged on, its traffic bypasses the appliances and traverses the switch port directly.

Manager provides port- or role-level control by assigning ports to specific VLANs, assigning users to specific roles that map to specific VLANs, and providing a time-based session timeout per role.

Enforced security policies by making compliance a condition of access Minimized vulnerabilities on user machines through periodic evaluation and remediation Significant cost savings by automating the process of repairing and updating user machines Supports single sign-on for remote access users using certain IPSEC VPN and WebVPN clients Configured to offer checks for from known Security Vendors Computer Associates International,

Inc. F-Secure Corporation McAfee, Inc. Microsoft Symantec Trend Micro Zone Labs

Authentication Integration with Single-Sign-On for VPN Users:

Page ٢٦ of ٤٦

Serves as an authentication proxy for most forms of authentication, Natively integrating with Kerberos, Lightweight Directory Access Protocol (LDAP), RADIUS,

Active Directory, S/Ident, and others. Supports Roles-based access control, enabling administrators to maintain multiple user profiles

with varying degrees of access.

Vulnerability Assessment: Support scanning of all Windows-based operating systems, Mac OS, and Linux machines. Conducts network-based scans or can use custom-built scans as required.

Device Quarantine Can place non compliant machines into quarantine to prevent the spread of infection while

maintaining access to remediation resources. Quarantine can be accomplished by using small subnets, or by using quarantine VLAN

Security Policy Updating Automatic security policy updates Provides predefined policies for the most common network access criteria, including policies that

check for critical operating system updates and common antivirus software virus definition updates.

Management The Web-based centralized management console allows administrators to define the types of

scans required for each role and the related remediation packages necessary for recovery. One management console can manage several servers. Remediation and Repair Quarantining gives devices access to remediation servers that can provide operating system

patches and updates, virus definition files, or endpoint security solutions Administrators have the option of guiding and overseeing these fixes using the Appliance

enforcement agent. Discretionary Certified Devices List Supports creation of The Certified Devices List to simplify access for devices known to be clean

through other means. If the Certified Devices List is empty, all machines are subject to scanning each time they enter

the network. The Certified Devices List can be cleared either on scheduled bases or with one click during times

of high virus and worm activity. Adapt to the flow of malicious code incidents by adjusting the scans required, the roles subject to

scans, the use of the Certified Devices List, and the types of remediation required. They can also limit bandwidth and protocols used based on user roles.

2.3.8 Security Management System: General Features

Uses policy-based management techniques. Provides client graphical user interface Provides multiple views into the application to accommodate different tasks and user experience

levels. Provides interactive tutorial helps users quickly come up to speed on features and concepts. Allows security policies to be configured per device, per device group, or globally.

Scalable Network Management Able to scale to efficiently manage large number of security devices. Supports policy-based management techniques, defining settings once and the settings to

individual devices, or groups of devices. Provides flexible device-level overrides which allows taking advantage of policy re-use and

sharing, but still has the ability to customize device-specific settings as necessary. VPN Provisioning

Configuration of site-to-site, hub-and-spoke, full-mesh and extranets VPNs.

Page ٢٧ of ٤٦

Supports Dynamic Multipoint VPN and generic routing encapsulation (GRE) IP Security (IPSec), both with dynamic IP and hierarchical certificates.

VPN and Easy VPN services can be configured remotely Configurations for automatic failover and load-balancing for head-ends are supported.

Firewall Provisioning Enables administrators to configure policies for Firewall appliances, modules and Software-based The software provides a single rule table for all platforms. Reports firewall rules that overlap or conflict with other rules. Group objects of a similar type so that a single access rule can apply to all objects in the group. The software helps identify and delete rules that have no effect on the network. The access control list (ACL) hit count feature checks to ensure traffic is flowing correctly. Displays which rules match a specific source, destination, and service flow, including wildcards. Device information can be imported from a device repository, imported from a configuration file,

or added in the software. Additionally, firewall policies can be discovered from the device itself. Allows a user to apply a rule policy on groups of interfaces in a scalable manner.

IPS Provisioning

Enables administrators to configure policies for IPS appliances, modules and Software-based Single-Interface, Multi-VLAN IPS Configuration- with inline support, Gives the user the ability to assign VLAN pairs to a single interface. Rate Limiting Configuration Auto-Apply Signature Update IPS sensors with signature updates, minor releases, and patches. Able to copy signature tunings from one device to many devices. Global Event Configurations to all IPS sensors. Detects out-of-band configuration changes made to devices by other management components.

Management Services

Manage Integrated Security Services − Enables the management of integrated security services, including quality of service (QoS) for

VPN, routing, and Network Admission Control (NAC).

Device Grouping − Users can create and define device groups based on business function or location to. Devices

in a group can be managed as a single device.

Multiple Application Views − Provides multiple views into the application to support different use cases and experience

levels. Device view for single device management, Map View for visualizing the topologies, and Policy View for performing highly-efficient and scalable multi-device management.

Policy Object Manager

− Objects can be defined once and used any number of times to avoid manually entering values.

Deployment Manager-Flexible Deployment Options − Supports both on-demand and scheduled deployments to a device or to files.

Rollback

− Provides the ability to roll back to a previous configuration

Role Based Access Control − Define Access rights for multiple administrators, with appropriate controls.

Workflow

− Allows assigning specific tasks to each administrator during the deployment of a policy, with formal change control and tracking.

Distributed Deployment and Update

− Simplifies updates to large numbers of remote firewalls, which may have dynamic addresses or NAT addresses.

Operational Management

− Software distribution, − Device inventory reporting

Page ٢٨ of ٤٦

Health and Performance Monitoring

− Provides health and performance monitoring data for network devices and specific security services.

2.3.8.1 Security Management server: Qty (1)

Product feature : Brand Name Processor: Intel® Xeon® 5500 series Number of processors: 1 Chipset: Intel® 5520 Chipset Graphics: Integrated graphics Memory Type: DDR3 Registered (RDIMM) or Unbuffered (UDIMM) Memory size: NOT LESS 4 GB Hard disk: 3.5 inch SAS (10K rpm): I TB SATA (1 x 500GB) SAS Optical drive: DVD RW SATA Drive Network Controller: 1GbE NC362i 2 Ports Gigabit Form Factor (fully configured): RAKE MOUNTED Accessories: Keyboard USB , Mouse USB Ports: BCM 5709 GbE Duel Port -TOE IPV6 and BCM 5709 GbE Duel Port -TOE IPV6

ISCSI Boot, with iSCSI Offload Option Tape Drives: Power Vault 100T, DAT72 Tape Backup device

2.3.9 UTM for Branches:

It should support the following minimum requirements:

The firewall should be ASIC based. The Firewall should support at least two integrated 10/100/1000 & eight 10/100 Ethernet ports. Supports expansion module for future increase in number of interfaces Support Firewall performance of at least 500 Mbps Throughput. Support IPSec VPN throughput of at least 100 Mbps. A minimum of 350 000 concurrent sessions Minimum of 10 000 new sessions/sec Should Support IPS, Antivirus on the same appliance Should Support long term logs Should support logging, analysis, and reporting In case of adding Antivirus it should be ASIC based All manuals, console cable, power cables, any other needed accessories and software should be

included.

2.4 Network Management System:

We are looking in this section for the following management disciplines to cover the following:1. Network Service Management for MTC’s Environment. 2. Performance Management for MTC’s Environment. 3. Automated Network Configuration Environment.

Page ٢٩ of ٤٦

The network management tool should provide:

1. Same look and feel for the tools provided. 2. Role based definition and delegation of administrators for certain regions or tasks. 3. Secure communication between the network nodes and the managing servers using SNMP v3 (In

addition to SNMP v1 and v2). We are looking for the following service level for the implementation for the proposed EMS:

1. Architecture Design 2. Implementation for the proposed EMS 3. Hands on Training during the implementation for the proposed EMS. 4. Local reference list with necessary contacts.

2.4.1 General Requirements Centralized console for all network monitoring. Supports Automated actions on all managed network. GUI Console for Administration, Configuration Set-up and Reporting Ability to expand EMS solution to include Advanced Reporting, Capacity Planning and Trend

Analysis for later phases. 2.4.2 Network Fault and Performance Management Single management software is concerned with all network management. Controlled Auto-discovery (segment filters, time intervals, etc). Automated scheduled rediscovery. Automatic Topology Mapping. Real time color-coded presentation of devices and links status. User defined map views. Scheduled Outages. Customizable events forwarding and action-on an event through GUI interface on

service management platform. User defined thresholds. Provides predefined/User defined corrective action on event failure. Configurable network discovery from the primary service management platform. Distributed collector architecture to minimize network traffic. Customizable network maps centrally on primary service management platform. Supports unnumbered serial interfaces Configurable SNMP polling process from primary management platform Provides an enhanced web user interface with dynamic views Launches targeted views from events for rapid problem resolution Supports discovery of VLAN architecture Manages switched layer 2 environments as well as routed layer 3 environments Root cause problem analysis Monitor router CPU and memory utilization performance Report on over and underutilized links It should support fault management functions that facilitate the detection, Isolation,

filtering & identification of abnormal operation of any managed Component. It should be integrated to proposed Enterprise Management System. Showing real-time faults and conducts sophisticated performance analysis and

reporting on historical data and trends for routers and switches (Should support the Frame Relay MIB as well).

Comprehensive reports for managing the performance (including Frame Relay devices).

Generating usage patterns reports, trends, error rates and capacity of individual network interfaces.

Supports the most popular Frame Relay devices via the RFC 1315 management MIB.

Page ٣٠ of ٤٦

2.4.3 Network Con iguration and Automation An enterprise class solution that tracks and regulates configuration and software changes across

routers, switches, firewalls, load balancers, and wireless access points. Provides visibility into network changes, enabling MLD’s IT staff to identify and correct trends

that could lead to problems, while mitigating compliance issues, security hazards, and disaster recovery risks.

Captures full audit trail information about each device change. Automation of the complete operational lifecycle of network devices from provisioning to policy-

based change management, compliance, and security administration Introducing the process-powered automation. Bringing networks into compliance with corporate or regulatory standards is a non-trivial, labor-

intensive, and ultimately difficult task Will help MLD in meeting compliance standards through a network compliance model that maps

device information, including configurations and run-time diagnostics, as well as policies and user roles, into a normalized structure to prevent compliance violations before they occur.

Providing MLD powerful capabilities for managing compliance with government regulations and industry standards for IT processes and best practices.

Will help to determine the compliance status of MLD’s network resources. Detailing the current compliance status of MLD network infrastructure with respect to the

government regulations and industry standards. Generate detailed Visio diagrams MLD network automatically, greatly improving network

troubleshooting. Providing valuable insight for troubleshooting and understanding layer 2 and layer 3

relationships. The combination of layer 2 and 3 diagramming provides MLD with insight that cannot be matched

with one view. Allow MLD to Automate large scale tasks and changes through template-based provisioning,

Automate software upgrades with image analysis & upgrade recommendation, Define who can make which changes and when, and allow MLD to Update images and feature sets quickly, reliably, and easily.

Reduce costs by automating time-consuming manual compliance checks and configuration tasks. Pass audit and compliance requirements easily with proactive policy enforcement and out-of-the-

box audit and compliance reports (ITIL, CISP, HIPAA, SOX, GLBA and others). Improve network security by recognizing and fixing security vulnerabilities before they affect the

network, using an integrated security alert service. Increase network stability and uptime by preventing the inconsistencies and mis configurations

that are at the root of most problems. Use process-powered automation to deliver application integrations, which deliver full IT lifecycle

workflow automation, without scripting. Support SNMPv3 and IPv6, including dual-stack IPv4 and IPv6 support. HP Network Automation

supports both of these technologies to provide flexibility in your protocol strategy and implementation.

Use automated software image management to deploy wide-scale image updates quickly with audit and roll-back capabilities.

2.4.4 Network Management server: Qty (1)

Product feature : Brand Name Processor: Intel® Xeon® 5500 series Number of processors: 1 Chipset: Intel® 5520 Chipset Graphics: Integrated graphics Memory Type: DDR3 Registered (RDIMM) or Unbuffered (UDIMM) Memory size: NOT LESS 4 GB Hard disk: 3.5 inch SAS (10K rpm): I TB SATA (1 x 500GB) SAS Optical drive: DVD RW SATA Drive

Page ٣١ of ٤٦

Network Controller: 1GbE NC362i 2 Ports Gigabit Form Factor (fully configured): RAKE MOUNTED Accessories: Keyboard USB , Mouse USB Ports: BCM 5709 GbE Duel Port -TOE IPV6 and BCM 5709 GbE Duel Port -TOE IPV6


2.5 Audio/Video Communication, Call Processing System Call Processing system extends MLD telephony features and capabilities to packet telephony network

devices such as IP phones, media processing devices, voice over IP (VoIP) gateways, and multimedia

applications. Additional data, voice, and video services such as Voice messaging, multimedia

conferencing and interactive multimedia response systems interact with the IP telephony solution

through the call processing software open telephony application programming interfaces. With technical

Specifications are as follow:

Fully IP Call Handling System in Software & Hardware The system should support at least 500 IP phones and fully redundant. The Call Processor Server controls all the internal / external phone calls. The bidder

should provide two CPS’s to be installed at the main site. The two CPS’s should work in an active / standby manner, so if one CPS fails, the phone sets should automatically register at the redundant CPS. Bidder should explain in details.

The CPS's should be pure IP based system Each CPS should have 10/100/1000 Mbps uplinks to be connected to the Backbone

switch The bidder should explain in detail the hardware (CPU, memory, hard disk, etc…) and

software (operating system) architecture of the proposed CPS. The bidder should highlight the reliability / availability features supported by his system.

The proposed CPS should allow for the following basic features as minimum. The bidder should clarify if any of the following features are not supported by the proposed system. The bidder may also highlight other features that are not listed hereunder.

Call Hold: Both calling and called party can place a call on hold. Music on Hold: The system has an integrated recorder to run music (or general

announcements) during call hold. Call Pickup: A user can answer neighboring calls in his group by pressing the pickup

feature key. Call Forward: Forwards internal and external calls to any telephone extension.. Call Park: A user can park a call for a certain period at a specific directory number so

he/she or any other user can retrieve it. Call Back: Auto ring onto an extension that doesn’t answer. Caller ID: Display internal and external call numbers on the phone display. Also, caller

name information can be managed via LDAP server.

Page ٣٢ of ٤٦

Do Not Disturb: Extensions set to DND should not be interrupted by any calls except for emergencies.

Call Announcement: Visual and/or audible alert when a busy station receives another call.

Single Button Barge end users can press a single line key to join a call in progress. If the line has multiple calls connected, then the authorized users can view the calls simultaneously on the phone screen and determine which one to enter.

Conference Calls: At least 3 parties (internal and/or external) can get into a conference. The system should also allow for the conference chairperson to drop off certain members.

Call by Name: Extensions can be replaced by names. Call Coverage: A call ringing at one extension can ring on a group of covering

extensions, and can be answered by any extension. Call Privacy: Prevents any user from accidentally or deliberately bridging onto a live

call. Authorization Code: Allows authorized users to override access restrictions assigned to

any station. Hunt Groups: Groups of extensions can be established to answer multiple /

simultaneous calls placed to a certain DID number. Trunk Groups: The system should support trunk groups Automatic Line Selection: Incoming / outgoing calls should automatically select the

proper line to go through. Multiple Lines assignment: Multiple extensions and/or CO lines can be assigned to the

same station. Join across Lines users can join calls across different lines that appear on their phone.

The feature enables the executive staff and other users to swiftly connect different parties into a conversation.

Directory dial from phone, Corporate and personal: The user can search for his/her contacts through the phone's screen & can dial the number directly

Directories: Missed, placed, and received calls list stored on the IP phones Arabic Language: The CPS should support Arabic Language on the IP phones (beside

the English Language) In case of more than one CPS’s are connected within the same system, a uniform

numbering plan should be maintained. The system should support silence suppression as well as echo cancellation. The bidder

should describe the mechanisms used to provide both features. The bidder should demonstrate the QoS capabilities of the proposed system in order to

guarantee the voice quality. Factors like packet loss, delay and delay variation are minimal to be described.

The system should also provide call admission control to keep track of bandwidth utilization as well as bandwidth allocation for new calls.

The systems should support open standards to allow integration with third-party applications.

The bidder should describe backup procedures recommended for his offered system. Bidder should also specify the backup media (floppy, tape, CD, etc…).

The CPS should be managed via CLI, SNMP protocol (preferably SNMPv3) or web-based management and configuration interface.

Page ٣٣ of ٤٦

Each CPS should be supplied with latest software release, original user and installation manuals as soft-copies (CD’s), console cable, power cables, and any other needed accessories for mounting the system into a data cabinet.

Compatible with MS OCS to make and receive PSTN calls Failover of MS OCS protocol to SIP protocol

2.5.1 IP Phones

IP Phones are required to be with deferent levels for Top Management, Branch Managers, Employees, Managers Secretary and Operators. Vendors should provide his option regards these categories. Each IP Phone should be with minimum features as follow:

MS OCS support Pixel-based display A pixel-base display provides supplemental information, access to applications, and

makes it easy to use telephone features. Calling name and number display G.711 and G.729a audio compression Identifies incoming messages and categorizes them for users. Allows users to quickly access diverse information such as weather, stocks, quote of the day, or

any Web-based information using extensible mark up language (XML) to provide a portal to an ever-growing world of features and information.

Online help feature gives users information about the phone's keys, buttons, and features

Call Waiting Call Forward Call Transfer Three-way calling (conference) On-hook dialing, Pre-Dialing, and Off-hook dialing Redial Call hold Call monitor Speed dials configurable bottoms IP Phones can be Identified to Three different call processing for redundancy

2.5.2 Top Management IP Phones: QTY- 50

Colour display, 16-bit colour depth, 320 x 240 effective pixel resolution Eight phone lines support Full-duplex speakerphone with acoustic echo cancellation Should be equipped with at least Two 10/100/1000BaseT Ethernet ports At least 24 defined user-selectable ring tones are available Support local or power of Ethernet as power source Supports differentiated services code point (DSCP) and 802.1Q/p standards. Support secure VPN, TLS and SRTP Support MS OCS

Page ٣٤ of ٤٦

2.5.3 Manager Level 2 IP Phones: QTY- 150

Graphical monochrome 4-bit grayscale display Two phone lines support Full-duplex speakerphone with acoustic echo cancellation Should be equipped with at least Two 10/100BaseT Ethernet ports At least 10 defined user-selectable ring tones are available Support local or power of Ethernet as power source Supports differentiated services code point (DSCP) and 802.1Q/p standards. Support MS OCS

2.5.4 Servers to support MS OCS: Qty (3)

Product feature : Brand Name Processor: Intel® Xeon® 5500 series Number of processors: 2 Chipset: Intel® 5520 Chipset Graphics: Integrated graphics Memory Type: DDR3 Registered (RDIMM) or Unbuffered (UDIMM) Memory size: NOT LESS 8 GB Hard disk: 3.5 inch SAS (10K rpm): I TB SATA (2 x 500GB) SAS Optical drive: DVD RW SATA Drive Network Controller: 1GbE NC362i 2 Ports Gigabit Form Factor (fully configured): RAKE MOUNTED Accessories: Keyboard USB , Mouse USB Ports: BCM 5709 GbE Duel Port -TOE IPV6 and BCM 5709 GbE Duel Port -TOE IPV6


Section 3: Documentation

The System should not be deemed to be operational and complete until full and complete

documentation has been submitted and accepted by MLD. During Implementation, the vendor will pro

vide a full set of documentation required to operate and maintain the proposed system including

hardware, software, and training and operations users and reference guides.

The bidder will provide one electronic and paper master copy from which they may make in-house

copies. Graphical representation of equipment and network structure is to be provided on a Visio for

mat. Electronic copy must be in one continuous document and separate Visio document.

The bidder must prepare diagrams showing the locations and layout of the concentration points

Page ٣٥ of ٤٦

and the routes taken between Equipments.

The Bidder should provide at no cost to MLD 3 original sets of the following types of documentation:

System design and configuration documentation; Operator manual or User’s Guide/Manual.

All documentation provided by the Bidder must be written in the Arabic

Language and expressed in a clearly and easily understandable manner.

MLD reserves the right to reproduce, at no additional cost whatsoever,

any part of the documentation provided by the Bidder for its internal use.

The Bidder should provide any revised editions, supplementary materials or new

publications relevant to the System and documentation on enhancements at no

additional cost to MLD.

The above specifications should apply for documentation and manuals of Third Party hardware,

software and equipment.

As a guide, the operator manual should include, but not limited to, instructions for the following proce

dures:

System power-up and power-down procedures; System start up and shutdown procedures; System Configuration Backup procedures; System failure and recovery procedures; Day to day operations ; and System administration operations such as the assignment, reset and deletion of

passwords, etc.

As-Built Diagrams

Contractor will provide as-built documentation within 15 days of completion of the

project. These prints will include outlet locations, outlet numbers, trunk-cable, routing, and

legends for all symbols.

3.1 System Acceptance

Page ٣٦ of ٤٦

System acceptance will occur in three phases:

Hardware Tests.

Network Devices Fluke Test Print

• Network Tests.

• Final System Acceptance.

After installing the system hardware and performing appropriate diagnostic tests, the bidder

will certify that hardware is functioning correctly. MLD may request specific demonstrations

of the hardware readiness.

Upon completion of field installation of the network and training, the bidder will certify that the network is read

y for acceptance. The bidder will be required to demonstrate all system functions to MLD Satisfaction.

Any problems found during this demonstration will be immediately corrected by the bidder after which time ML

D will verify that corrections have been made and accept the system.

The bidder will then perform final system testing. Upon completion of the final system testing, the

bidder will certify that the network has passed the final system test criteria.

3.2 Testing

Prior to completion of the contract, full test results and documentation should be submitted to MLD

for approval.

The results should be delivered in native electronic format, not in a text editable format, though paper

copies must be made available on demand.

If any specialist software is required to read these results, this should be supplied free of charge by the

contractor.

The installer must give MLD less than one week’s notice for attendance when any testing is to be carried out.

3.3 Testing Strategy

After installation, all cables must be tested for Category 6 compliance.

Cable run length should be obtained using OTDR testing, supply printed graphs, and included as part of

the documentation of the installation.

3.4 Identi ication

Each cabinet or rack within each concentration point should have a unique identifier, typically a letter.

Concentration points should display the identification number in a prominent position using a permanent

label.

Each concentration point will be identified by a combination of the building in which it is located and the room n

Page ٣٧ of ٤٦

umber containing the concentration or adjacent to it, if the concentration point is in a corridor space.

Where there is no obvious room adjacent to a concentration points, a scheme based on the floor

number, G for ground, 1 for first floor, etc and the geographical location, E for eastern wing, etc will be

used. Such schemes must be agreed with Ministry of Local Development.

Further, each cabinet or rack within each concentration point should have a unique identifier,

typically a letter. Concentration points should display the identification number in a prominent position using a

permanent label.

Notice should be taken of environmental conditions within which the concentration point

is located and measures taken to ensure that the label will not fail or become obscured.

Only machine-generated labels will be accepted.

The mentioned Quantities are for guidance only. Bidder should make the site survey and validate these quantities through his technical team.

Section 4: Training 4.1 On-hand training:

•Onsite training is required to describe all operational tasks for proposed systems and

the troubleshooting process required for the operation for two engineers.

4.2 Formal training:

•Bidder should provide certified training courses in a training center of the vendor locally.

•Bidder should provide training materials for all the proposed courses and a complete training plan explaining the number of days, hours and the prerequisites for the audience in each course.

Page ٣٨ of ٤٦

Page ٣٩ of ٤٦

Page ٤٠ of ٤٦

Page ٤١ of ٤٦

–

–

––

Page ٤٢ of ٤٦

(SLA)

Presentation

Page ٤٣ of ٤٦

Page ٤٤ of ٤٦

(1.2 RFP General Rules)

––

Page ٤٥ of ٤٦

2.5 Call Processing System

2.2.1 Passive Components

(sub contractors)

(vendor warranty

UNDP

Page ٤٦ of ٤٦

.

mohamedi @ mld.gov.eg

––