enterprise infrastructure solutions (eis) - l3harris

Volume I Network Architecture and Technical Response

Enterprise Infrastructure Solutions (EIS)

The original document was submitted as Harris Corporation, prior to becoming L3Harris Technologies. The following pages are as submitted.

Government Communications Systems

Submission No.: HA00105.1a

HRS_EIS_VOL 1_Technical Response_FEB2019_Redacted_FOIA_Exemption_4.docx

RFP No. QTA0015THA3003

To Be Determined

Volume 1—Network Architecture and Technical Response

Enterprise Infrastructure Solutions(EIS)

For:General Services Administration

Office of Integrated Technology Services1800 F Street, NW

Washington, DC 20405

Attention:Mr. Timothy Horan

FAS EIS Contracting Officer

Telephone (703) [email protected]

Contractor Bid or Proposal information - See FAR 3.104. This proposal or quotation includes data that shall not bedisclosed outside the Government (or in the case of a proposal submitted to a Prime contractor, outside the Prime orthe Government) and shall not be duplicated, used or disclosed- in whole or in part- for any purpose other than toevaluate this proposal or quotation. If, however, a contract is awarded to this offeror or quoter as a result of- or inconnection with- the submission of this data, the Government shall have the right to duplicate, use or disclose the datato the extent provided in the resulting contract. This restriction does not limit the Government’s right to use informationcontained in this data if it is obtained from another source without restriction. The data subject to this restriction arecontained in sheets or displayed on screens as marked. This document or electronic file contains Harris Corporationproprietary information, which is exempt from disclosure under the Freedom of Information Act (5 USC 552). See FAR24.202. Copyright 2016, Harris Corporation.

Contract No.: EIS GS00Q17NSD3005Modification No.: To Be Determined

Effective Date: To Be Determined

Enterprise Infrastructure Solutions (EIS) Volume 1 – Network Architecture and Technical Response

Contractor Bid or Proposal Information – See FAR 3.104. Use or disclosure ofdata contained on this sheet or displayed on this screen is subject to therestriction on the title page or opening view screen of this Proposal documentor electronic file. This document or electronic file contains contractor tradesecrets and commercial or financial information obtained from a person in aprivileged or confidential position, and is exempt from disclosure under FOIA(5 USC 552). See FAR 24.202.


HRS_EIS_VOL 1_TechnicalResponse_FEB2019_Redacted_FOIA_Exemption_4.docx

1-ii

APPROVAL

The undersigned have read this plan and agree with its contents.

Harris Corporation:

DateProgram Manager

DateChief Systems Engineer

DateQuality Assurance

DateContracts Manager

DateConfiguration Management

General Services Administration:

Timothy Horan DateFAS EIS Contracting Officer

Name DateTitle







1-iii

TABLE OF CONTENTS

Paragraph Title Page

INTRODUCTION .................................................................................... 1-1

1.0 NETWORK ARCHITECTURE ................................................................ 1-5

2.0 TECHNICAL RESPONSE....................................................................... 1-8

2.1 Mandatory EIS Services ....................................................................... 1-11

2.1.1 Mandatory Data Services...................................................................... 1-12

2.1.1.1 Virtual Private Network Service (VPNS) ............................................... 1-13

2.1.1.1.1 Service and Functional Description (C.2.1.1.1 & C.2.1.1.1.1)............... 1-13

2.1.1.1.2 Standards (C.2.1.1.1.2)......................................................................... 1-16

2.1.1.1.3 Connectivity (C.2.1.1.1.3) ..................................................................... 1-16

2.1.1.1.4 Technical Capabilities (C.2.1.1.1.4) ...................................................... 1-16

2.1.1.1.5 Features (C.2.1.1.2).............................................................................. 1-21

2.1.1.1.6 Interfaces (C.2.1.1.3) ............................................................................ 1-23

2.1.1.1.7 Performance Metrics (C.2.1.1.4)........................................................... 1-23

2.1.1.2 Ethernet Services ................................................................................. 1-25


2.1.1.2.2 Standards (C.2.1.2.1.2)......................................................................... 1-28

2.1.1.2.3 Connectivity (C.2.1.2.1.3) ..................................................................... 1-29


2.1.1.2.5 Features (C.2.1.2.2).............................................................................. 1-32

2.1.1.2.6 Interfaces (C.2.1.2.3) ............................................................................ 1-32


2.1.2 Mandatory Voice Services .................................................................... 1-34

2.1.2.1 Internet Protocol Voice Service............................................................. 1-34


2.1.2.1.2 Standards (C.2.2.1.1.2)......................................................................... 1-40

2.1.2.1.3 Connectivity (C.2.2.1.1.3) ..................................................................... 1-41







1-iv

TABLE OF CONTENTS (continued)



2.1.2.1.5 Features (C.2.2.1.2).............................................................................. 1-43

2.1.2.1.6 Interfaces (C.2.2.1.3) ............................................................................ 1-45


2.1.2.1.8 Managed LAN Service (C.2.2.1.5) ........................................................ 1-46

2.1.2.1.9 Session Initiation Protocol Trunk Service (C.2.2.1.6)............................ 1-47


2.1.2.1.11 Features (C.2.2.1.6.2)........................................................................... 1-47

2.1.3 Mandatory Managed Services .............................................................. 1-48

2.1.3.1 Managed Network Services (MNS)....................................................... 1-48


2.1.3.1.2 Standards (C.2.8.1.1.2)......................................................................... 1-52

2.1.3.1.3 Connectivity (C.2.8.1.1.3) ..................................................................... 1-52


2.1.3.1.5 Features (C.2.8.1.2).............................................................................. 1-59

2.1.3.1.6 Interfaces (C.2.8.1.3) ............................................................................ 1-65


2.1.4 Mandatory Access Arrangements (AA)................................................. 1-66

2.1.4.1 Service and Functional Description (C.2.9.1 & C.2.9.1.1)..................... 1-66

2.1.4.2 Standards (C.2.9.1.2)............................................................................ 1-70

2.1.4.3 Connectivity (C.2.9.1.3) ........................................................................ 1-70

2.1.4.4 Technical Capabilities (C.2.9.1.4) ......................................................... 1-70

2.1.4.5 Access Diversity and Avoidance (C.2.9.2) ............................................ 1-72

2.1.4.6 Interfaces (C.2.9.3) ............................................................................... 1-77

2.2 OPTIONAL EIS SERVICES.................................................................. 1-77

2.2.1 Optional Data Services ......................................................................... 1-78

2.2.1.1 Optical Wavelength Service (OWS)...................................................... 1-79


2.2.1.1.2 Standards (C.2.1.3.1.2)......................................................................... 1-81







1-v



2.2.1.1.3 Connectivity (C.2.1.3.1.3) ..................................................................... 1-82


2.2.1.1.5 Features (C.2.1.3.2).............................................................................. 1-83

2.2.1.1.6 Interfaces (C.2.1.3.3) ............................................................................ 1-84


2.2.1.2 Synchronous Optical Network (SONET) Services ................................ 1-85


2.2.1.2.2 Standards (C.2.1.5.1.2)......................................................................... 1-89

2.2.1.2.3 Connectivity (C.2.1.5.1.3) ..................................................................... 1-89


2.2.1.2.5 Features (C.2.1.5.2).............................................................................. 1-90

2.2.1.2.6 Interfaces (C.2.1.5.3) ............................................................................ 1-91


2.2.1.3 Internet Protocol Service....................................................................... 1-92


2.2.1.3.2 Standards (C.2.1.7.1.2)......................................................................... 1-95

2.2.1.3.3 Connectivity (C.2.1.7.1.3) ..................................................................... 1-96


2.2.1.3.5 Features (C.2.1.7.2).............................................................................. 1-98

2.2.1.3.6 Interfaces (C.2.1.7.3) ............................................................................ 1-99








1-vi



2.2.4 Optional Collocated Hosting Service .................................................. 1-100

2.2.4.1 Functional Definition (C.2.4.1) ............................................................ 1-100

2.2.4.2 Standards (C.2.4.2) ............................................................................ 1-102

2.2.4.3 Connectivity (C.2.4.3) ......................................................................... 1-102

2.2.4.4 Technical Capabilities (C.2.4.4) .......................................................... 1-102

2.2.4.5 Features (C.2.4.5)............................................................................... 1-106

2.2.4.6 Performance Metrics (C.2.4.5.1)......................................................... 1-106







1-vii



2.2.6 Optional Wireless Services ................................................................. 1-107

2.2.6.1 Service and Functional Description (C.2.6.1 & C.2.6.1.1)................... 1-108

2.2.6.2 Standards (C.2.6.1.2).......................................................................... 1-110

2.2.6.3 Connectivity (C.2.6.1.3) ...................................................................... 1-111

2.2.6.4 Technical Capabilities (C.2.6.1.4) ....................................................... 1-111

2.2.6.5 Features (C.2.6.2)............................................................................... 1-111







1-viii



2.2.6.6 Interfaces (C.2.6.3) ............................................................................. 1-113

2.2.6.7 Performance Metrics (C.2.6.4)............................................................ 1-113

2.2.7 Optional Commercial Satellite Communications Service .................... 1-114

2.2.7.1 Service and Functional Description (C.2.7.1 & C.2.7.1.1)................... 1-114

2.2.7.2 Standards (C.2.7.1.2).......................................................................... 1-115

2.2.7.3 Technical Capabilities (C.2.7.1.3) ....................................................... 1-116

2.2.7.4 Features (C.2.7.2)............................................................................... 1-117

2.2.7.5 Performance Metrics (C.2.7.3)............................................................ 1-120

2.2.8 Optional Managed Services................................................................ 1-121

2.2.8.1 Web Conferencing Service (WCS) ..................................................... 1-122

2.2.8.1.1 Service and Functional Description (C.2.8.2.1 & C.2.8.2.1.1)............. 1-122

2.2.8.1.2 Standards (C.2.8.2.1.2)....................................................................... 1-124

2.2.8.1.3 Connectivity (C.2.8.2.1.3) ................................................................... 1-124

2.2.8.1.4 Technical Capabilities (C.2.8.2.1.4) .................................................... 1-125

2.2.8.1.5 Features (C.2.8.2.2)............................................................................ 1-127

2.2.8.1.6 Interfaces (C.2.8.2.3) .......................................................................... 1-127

2.2.8.1.7 Performance Metrics (C.2.8.2.4)......................................................... 1-128

2.2.8.2 Unified Communications Service (UCS) ............................................. 1-128


2.2.8.2.2 Standards (C.2.8.3.1.2)....................................................................... 1-136

2.2.8.2.3 Connectivity (C.2.8.3.1.3) ................................................................... 1-136


2.2.8.2.5 Features (C.2.8.3.2)............................................................................ 1-137

2.2.8.2.6 Interfaces (C.2.8.3.3) .......................................................................... 1-137


2.2.8.3 RESERVED........................................................................................ 1-138







1-ix



2.2.8.4 Managed Security Service (MSS)....................................................... 1-138


2.2.8.4.1.1 Managed Prevention Services ............................................................ 1-138

2.2.8.4.1.2 Vulnerability Scanning Services.......................................................... 1-139

2.2.8.4.1.3 Incident Response Service ................................................................. 1-139

2.2.8.4.2 Standards (C.2.8.5.1.2)....................................................................... 1-140

2.2.8.4.3 Connectivity (C.2.8.5.1.3) ................................................................... 1-140


2.2.8.4.4.1 Managed Prevention Service (MPS)................................................... 1-141

2.2.8.4.4.2 Vulnerability Scanning Service (VSS)................................................. 1-144

2.2.8.4.4.3 Incident Response Service (INRS) ..................................................... 1-146

2.2.8.4.5 Features (C.2.8.5.2)............................................................................ 1-148

2.2.8.4.5.1 Managed Prevention Service (MPS)................................................... 1-148

2.2.8.4.5.2 Vulnerability Scanning Service (VSS)................................................. 1-152

2.2.8.4.5.3 Incident Response Service (INRS) ..................................................... 1-153

2.2.8.4.6 Interfaces (C.2.8.5.3) .......................................................................... 1-153


2.2.8.5 Managed Mobility Service (MMS) ....................................................... 1-153


2.2.8.5.2 Standards (C.2.8.6.1.2)....................................................................... 1-157

2.2.8.5.3 Connectivity (C.2.8.6.1.3) ................................................................... 1-157








1-x



2.2.8.5.5 Features (C.2.8.6.2)............................................................................ 1-161

2.2.8.5.6 Interfaces (C.2.8.6.3) .......................................................................... 1-161


2.2.8.6 Audio Conferencing Service (ACS)..................................................... 1-162


2.2.8.6.2 Standards (C.2.8.7.1.2)....................................................................... 1-164

2.2.8.6.3 Connectivity (C.2.8.7.1.3) ................................................................... 1-164


2.2.8.6.5 Features (C.2.8.7.2)............................................................................ 1-165

2.2.8.6.6 Interfaces (C.2.8.7.3) .......................................................................... 1-166


2.2.8.7 Video Teleconferencing Service (VTS)............................................... 1-166


2.2.8.7.2 Standards (C.2.8.8.1.2)....................................................................... 1-169

2.2.8.7.3 Connectivity (C.2.8.8.1.3) ................................................................... 1-169


2.2.8.7.5 Features (C.2.8.8.2)............................................................................ 1-171

2.2.8.7.6 Interfaces (C.2.8.8.3) .......................................................................... 1-172


2.2.8.8 DHS Intrusion Prevention Security Service (DHS Only) ..................... 1-172


2.2.8.8.2 Standards (C.2.8.9.1.2)....................................................................... 1-173

2.2.8.8.3 Connectivity (C.2.8.9.1.3) ................................................................... 1-173


2.2.8.8.5 Features (C.2.8.9.2)............................................................................ 1-178

2.2.8.8.6 Interfaces (C.2.8.9.3) .......................................................................... 1-179


2.2.9 Service-Related Equipment (C.2.10) .................................................. 1-179

2.2.10 Service-Related Labor (C.2.11) .......................................................... 1-182







1-xi



2.2.11 Cable and Wiring (C.2.12) .................................................................. 1-183

2.2.11.1 Installation Services............................................................................ 1-184

2.2.11.2 Required Connectivity......................................................................... 1-184

2.2.11.3 Site Preparation .................................................................................. 1-184

2.2.11.4 Wiring/Cabling Warranty ..................................................................... 1-185

3.0 SECTION 508 REQUIREMENTS ....................................................... 1-185

3.1 Background......................................................................................... 1-185

3.2 Voluntary Product accessibility Template ........................................... 1-185

3.3 Section 508 Applicability to Technical Requirements ......................... 1-185

3.4 Section 508 Provisions Applicable to Technical Requirements .......... 1-185

3.5 Section 508 Provisions Applicable to Reporting and Training............. 1-186







1-xii

LIST OF ATTACHMENTS

Attachment Title Page

1 Program Management Plan .................................................................1-1-1

2 SCRM Plan ..........................................................................................1-2-1

3 Draft BSS Verification Test Plan ..........................................................1-3-1

4 EIS Verification Test Plan ....................................................................1-4-1

5 Climate Risk Management Plan...........................................................1-5-1

6 Financial Status Report (Sample) ........................................................1-6-1

7 BSS Risk Management Framework Plan.............................................1-7-1

8 NS/EP Functional Requirements Implementation Plan........................1-8-1

LIST OF ILLUSTRATIONS

Figure Title Page

2.1.1.1.1 Harris VPN Service Types .................................................................... 1-15

2.1.1.1.4-1 Best Effort QoS..................................................................................... 1-17

2.1.1.1.4-2 Interface Based QoS............................................................................. 1-18

2.1.1.1.4-3 End-to End QoS.................................................................................... 1-18

2.1.1.1.4-4 IntServ QoS .......................................................................................... 1-19

2.1.1.1.5-1 Load sharing example........................................................................... 1-21

2.1.1.1.5-2 Diverse Access Examples .................................................................... 1-22

2.1.1.2.1-1 Harris Ethernet Transport Service Types.............................................. 1-26

2.1.2.1.1-2 Harris Point-to Point ETS E-LINE Service ............................................ 1-27

2.1.2.1.1-3 Harris Multipoint ETS E-LAN Service ................................................... 1-27

2.1.2.1.1-4 Harris Rooted-to-Multipoint ETS Service .............................................. 1-28

2.1.2.1-1 The Harris Solution Provides Full Service Coverage

for all IPVS Needs ................................................................................ 1-35

2.1.2.1-2 Harris Assures Agency Users Superior Service.................................... 1-36

2.1.2.1.1 Harris IPVS Delivery Platform............................................................... 1-38

2.1.3.1.1 Harris MNS Delivery System ................................................................ 1-50







1-xiii

LIST OF ILLUSTRATIONS (continued)

Figure Title Page

2.1.3.1.5 Instrumentation for Measuring SLA/KPIs with

EINSTEIN Enclave Loopbacks ............................................................. 1-66

2.1.4.5-1 Example of single Access Arrangement ............................................... 1-73

2.1.4.5-2 Example of Carrier and Geographic Diversity Access Arrangement..... 1-73

2.1.4.5-3 Example of On-Net and Carrier Diversity Access Arrangement............ 1-74

2.2.1.1.1 Harris Optical Wave Service ................................................................. 1-81

2.2.1.2.1 Harris SONET Service .......................................................................... 1-86

2.2.1.3.1-1 Harris IPS Solution ............................................................................... 1-93

2.2.1.3.1-2 Harris IPS Internet Access Solution...................................................... 1-94

2.2.1.3.1-3 Harris IPS Extranet Solution ................................................................. 1-94

2.2.1.3.1-4 Harris IPS Intranet Solution .................................................................. 1-95

2.2.1.3.4 Harris IPS Peering Arrangements......................................................... 1-97

2.2.4.1 The Harris Collocated Hosting Service ............................................... 1-101

2.2.4.4 Harris Data Center locations per RLSAs............................................. 1-103

2.2.6.1 Harris MWS Delivery Platform ............................................................ 1-109

2.2.7 Harris’ Portfolio of Satellite Capacity Access. Our access to satellite

capacity provides unparalleled global coverage. ................................ 1-114

2.2.7.4 Harris CMSS Information Assurance Boundary.................................. 1-119







1-xiv

LIST OF ILLUSTRATIONS (continued)

Figure Title Page

2.2.8.1.1 Harris WCS Delivery Platform............................................................. 1-123

2.2.8.2 Our MS Skype for Business/MS Office 365 Solution

Supports UCS and all Related Agency Conferencing Requirements.. 1-130

2.2.8.2.1 Harris UCS Delivery Platform ............................................................. 1-132

2.2.8.4.4.2 Integration of Harris VSS and INRS services

into a cohesive, proactive security environment ................................. 1-146

2.2.8.6.1 Harris ACS Delivery Platform.............................................................. 1-163

2.2.8.7.1 Harris VTS Delivery Platform .............................................................. 1-168

LIST OF TABLES

Table Title Page

2.1 Harris Mandatory Service Summary ..................................................... 1-11

2.1.1.1 Correlation of Technical Evaluation Criteria and Harris Offer ............... 1-13

2.1.1.1.4 VPNS QoS Modes ................................................................................ 1-17

2.1.1.1.6 Harris VPNS SDP Interfaces ................................................................ 1-23

2.1.1.1.7 Harris VPNS Key Performance Metrics ................................................ 1-24


2.1.1.2.4-1 Harris ETS Technical Capabilities (3 – 11) ........................................... 1-30

2.1.1.2.4-2 Harris ETS Technical Capabilities (15 – 26) ......................................... 1-31

2.1.1.2.7 Harris ETS Key Performance Metrics ................................................... 1-33

2.1.2.1 Correlation of Technical Evaluation Criteria and Harris Solution .......... 1-34

2.1.2.1.4 Harris IPVS Technical Capabilities ....................................................... 1-41

2.1.2.1.5 Harris IPVS Features............................................................................ 1-43

2.1.2.1.7 Harris IPVS Key Performance Metrics.................................................. 1-45


2.1.3.1.1-1 The Harris Managed Service Portfolio .................................................. 1-51

2.1.3.1.1-2 Harris Managed Network Services Coverage

for non-domestic locations ...................... 1-Error! Bookmark not defined.

2.1.3.1.4-1 Protocols used and Supported by Harris .............................................. 1-53







1-xv

LIST OF TABLES (continued)

Table Title Page

2.1.3.1.4-2 Harris Network and Security Management Monitoring Branded Tools 1-55

2.1.3.1.4-3 Harris Monitoring, Troubleshooting, and Reporting Capabilities

for MNS................................................................................................. 1-57

2.1.3.1.5 Services including C.1.8.8 National Policy Requirements.................... 1-61

2.1.4 Correlation of Technical Evaluation Criteria and Harris Offer ............... 1-66

2.1.4.4 Harris Access Arrangements & Associated Technical Capabilities....... 1-70

2.2 Harris Optional Service Summary......................................................... 1-78


2.2.1.1.4 Harris OWS Technical Capabilities....................................................... 1-82

2.2.1.1.5 Harris OWS Features............................................................................ 1-83

2.1.1.2.7 Harris OWS Key Performance Metrics.................................................. 1-85


2.2.1.2.4 Harris SONET Technical Capabilities ................................................... 1-89

2.2.1.2.5 Harris SONET Features........................................................................ 1-90

2.2.1.2.7 Harris SONET Key Performance Metrics.............................................. 1-91


2.2.1.3.4 Harris IPS Technical Capabilities.......................................................... 1-96

2.2.1.3.7 Harris IPS Key Performance Metrics .................................................... 1-99

2.2.4 Correlation of Technical Evaluation Criteria and Harris Offer ............. 1-100

2.2.4.1 Collocated Hosting Service Functional Definition ............................... 1-101







1-xvi


Table Title Page

2.2.4.4-1 Harris EIS Collocated Hosting Service:

Facilitating Regional LSA Transitions and Cloud Enablement ............ 1-103

2.2.4.4-2 Harris Primary Colocation Data Center: Full Spectrum Of Services ... 1-104

2.2.6 Correlation of Technical Evaluation Criteria and Harris Solution ........ 1-107

2.2.6.4 Harris MWS Technical Capabilities..................................................... 1-111

2.2.6.5 Harris MWS Features ......................................................................... 1-112

2.2.6.7 Harris MWS Key Performance Metrics ............................................... 1-113

2.2.7.2 Harris CMSS Standards Compliance.................................................. 1-116

2.2.7.3 Harris CSCS Technical Capabilities ................................................... 1-117

2.2.7.4 Harris CSCS Features ........................................................................ 1-117

2.2.7.5 Harris CSCS Key Performance Metrics .............................................. 1-120

2.2.8.1 Correlation of Technical Evaluation Criteria and Harris Solution ........ 1-122

2.2.8.1.4 Harris WCS Technical Capabilities ..................................................... 1-125


2.2.8.2.4 Harris UCS Technical Capabilities...................................................... 1-136

2.2.8.2.7 Harris UCS Key Performance Metrics................................................. 1-137







1-xvii


Table Title Page

2.2.8.4 Correlation of Technical Evaluation Criteria and Harris Solution Offer 1-138

2.2.8.4.4.1 Harris MPS Technical Capabilities...................................................... 1-141

2.2.8.4.4.2-1 Components Probed by Harris VSS ................................................... 1-145

2.2.8.4.4.2-2 Protocols and Applications Scanned by Harris VSS ........................... 1-145

2.2.8.4.4.2-3 Types of Attacks Addressed by the Harris VSS.................................. 1-145


2.2.8.5.4-1 Harris MDM Technical Capabilities..................................................... 1-157

2.2.8.5.4-2 Harris MAM Technical Capabilities ..................................................... 1-158

2.2.8.5.4-3 Harris MMS Managed Security Technical Capabilities ....................... 1-159


2.2.8.6.4 Harris ACS Technical Capabilities ...................................................... 1-164

2.2.8.6.5 Harris ACS Features........................................................................... 1-165


2.2.8.7.4 Harris VTS Technical Capabilities ...................................................... 1-170

2.2.8.7.5-1 Harris VTS Features ........................................................................... 1-171

2.2.8.8 Correlation of Technical Evaluation Criteria and Harris Offer ............. 1-172







1-xviii

LIST OF ACRONYMS

AAD Azure Active Directory

ACL Access Control Lists

ACS Audio Conferencing Service

ACS Authenticated Configuration Scanner

AES Advanced Encryption Standard

ALM Agile Lifecycle Management

AMP Automated Malware Protection

ANI Automatic Number Identification

ARIN American Registry for Internet Numbers

AS Autonomous System

ASON Automatically Switched Optical Networks

ATIS Alliance for Telecommunications Industry Solutions

AVS Audio Visual Interleave

AWS Amazon Web Services

BAMS-D Broad Area Maritime Surveillance-Demonstrator

BCI Bit Count Integrity

BDPaas Big Data Platform as a Service

BER Bit-Error-Rate

BGP Border Gateway Protocol

BLSR Bi-directional Line Switched Ring

BSS Business Support System

BSS Business System Solution

BYOD Bring Your Own Device

CA Computer Associates

CAP Compliance and Assurance Program

CBS Committed Burst Size







1-xix

LIST OF ACRONYMS (continued)

CBSA Core Based Statistical Area

CBSA Core Based Statistical Areas

CBWFQ Class Based Weighted Fair queueing

CCV Common Computer Vulnerability

CDN Content Delivery Network

CE Customer Edge

CFSS Commercial Fixed Satellite Service

CGI-BIN Common Gateway Interface-Binary

CHS Collocated Hosting Services

CIR Committed Information Rate

CLEC Competitive Local Exchange Carriers

CMSS Commercial Mobile Satellite Service

CNM Customer Network Management

CODEC Coder-Decoder

COMSATCOM Communications Satellite

CONUS Continental United States

COOP Continuity of Operations

CoS Class of Service

COTS Commercial-off-the-Shelf

CPE Customer Premise Equipment

CRM Customer Relationship Management

CSCS Commercial Satellite Communications Service

CTI Computer Telephony Integration

CVE Common Vulnerabilities and Exposures

DA Data Aggregator







1-xx


DATS DISA Access Transport Services

DCOM Distributed Component Object Model

DHS Department of Homeland Security

DiffServ Differentiated Services

DISA Defense Information Systems Agency

DLA Defense Logistics Agency

DLP Data Loss Prevention

DLR Design Layout Record

DMZ Demilitarized Zones

DNS Domain Name Service

DNS Domain Name System

DoD Department of Defense

DoS Denial of Service

DR Disaster Recovery

DTMF Dual-tone multi-frequency

DWDM Dense Wavelength Division Multiplexed

DWDM Dense Wavelength Division Multiplexing

EAP Enterprise Application Platform

EESS Eutelsat Earth Station Standards

EIS Enterprise Infrastructure Services

EMI Electro-Magnetic Interference

ERM E-mail Response Management

ERP Enterprise Resource Planning

ESI Electronically Stored Information

ETS Ethernet Transport Services

ETS Ethernet Transport Service







1-xxi


EVC Ethernet virtual connection

EWS Enterprise Web Server

EXP Experimental

FAA Federal Aviation Administration

FAR Federal Acquisition Regulation

FCC Federal Communications Commission

FedRAMP Federal Risk and Authorization Management Program

FIPS Federal Information Processing Standards

FISMA Federal Information Security Management Act

FTI FAA Telecommunications Infrastructure

FTP File Transfer Protocol

GFI Government Furnished Information

GFP Government Furnished Property

GMPLS Global MPLS

GO Geostationary Orbit

GRE Generic Route Encapsulation

GSA General Services Administration

HA High Availability

HCM Human Capital Management

HNAT Harris Network Availability Tool

HSPD Homeland Security Presidential Directive

IaaS Infrastructure-as-a-Service

ICB Individually Case Based

ICD Intelligence Community Directive

IESS Intelsat Earth Station Standards







1-xxii


IETF Internet Engineering Task Force

IFC In-Flight Connectivity

IFE In-Flight Entertainment

INRS Incident Response Service

IOF Inter Office Facilities

IPS Intrusion Prevention Systems

IPS Internet Protocol Service

IPSS Intrusion Prevention Security Services

IPVS Internet Protocol Voice Service

ISDN-BRI Services Digital Network- Basic Rate Interface

IT Information Technology

ITAR International Traffic in Arms Regulations

ITIL Information Technology Infrastructure Library

ITSM Information Technology Service Management

ITU International Telecommunications Union

IVR Interactive Voice Response

JAB Joint Authorization Board

JIT Just-in-Time

KPI Key Performance Indicators

KPIS Key Performance Indicators

KuSS Ku Spread Spectrum

LDAP Ligntweight Directory Access Protocol

LDP Label Distribution Protocol

LEC Local Exchange Carriers

LEED Leadership in Facility Energy and Environment Design

LNP Local Number Portability







1-xxiii


loT Internet of Things

LSA Local Service Agreements

LTE Long-Term Evolution

LUN Logical Unit Number

MAM Mobile Application Management

MARSS Medium Altitude Reconnaissance Surveillance System

MAS/UAS Manned/Unmanned Aerial Systems

MBS Maximum Burst Size

MCM Mobile Content Management

MDM Mobile Device Management

MEF Metro Ethernet Forum

MIME Multimedia Internet Mail Extension

MMS Mobility Managed Service

MNS Managed Network Service

MOS Mean Opinion Score

MPLS Multi-Protocol Label Switching

MPS Managed Prevention Service

MR Maintenance Request

MS Microsoft

MSO Multiple Service Operators

MSS Mobile Satellite Services

MSS Managed Mobility Service

MTIPS Managed Trusted Internet Protocol Service

MW Megawatts

NANP North American Numbering Plan

NAS National Airspace System







1-xxiv


NAT Network Address Translation

NFA Netflow Analyzer

NFV/SDN Network Function Virtualization and Software Defined Network

NMS Network Management System

NNI Network-to-Network Interfaces

NOC Network Operation Center

NOC/SOC Network and Security Operations Center

NS/EP National Security and Emergency Preparedness

NSS National Security Systems

NTSC National Television Standards Committee

O&M Operations and Maintenance

OA Office Automation

OADM Optical Add-Drop Multiplexers

OC Pptical Carrier

OCO Ordering Contracting Officer

OCONUS Outside the Continental United States

OIF Optical Internetworking Forum

OMB Office of Management and Budget’s

OSS Operations Support System

OWS Optical Wavelength Service

PAL Phase Alternation by Line

PAT Port Address Translation

P-ATO Provisional Authorities to Operate

PBX Private Branch Exchange

PC Performance Center

PCL Physical Concentration Location







1-xxv


PDU Protocol Data Units

PIR Peak Information Rate

PM Performance Monitoring

POC Point of Contact

PoE Power over Ethernet

POP Point-of-Presence

PS/ALI Private Switch/Automatic Location Identification

PSAP Public Safety Answering Point

PSTIN Public Switched Telephone Network

QoS Quality of Services

QTS Quality Technology Services

RADIUS Remote Authentication Dial-In User Service

RBAC Role Based Access Controls

RF Radio Frequency

RFC Requests for Comments

RPC Remote Procedure Call

RSVP Resource Reservation Protocol

RTP Real-Time Transport Protocol

SAN Storage Area Network

SATCOM Satellite Communications

SBC Session Border Controller

SCAP Secure Content Automation Protocol

SCIF Sensitive Compartmented Information Facilities

SCR SIP Core Routing

SDK Software Development Kit

SDN Software Defined Networks







1-xxvi


SDP Service Delivery Point

SEC Security

SECAM Système Electronique Couleur Avec Memoire

SF Square footage

SHD Service Health Dashboard

SIEM Security Information and Event Management

SIP Session Initiation Protocol

SLA Service Level Agreement

SMB Server Message Block

SME Subject Matter Experts

SMS Short Messaging Services

SMTP Simple Mail Transfer Protocol

SNMP Simple Network Management Protocol

SOAP Simple Object Access Protocol

SOC Security Operations Center

SOH Section Overhead

SONET Synchronous Optical Networking

SOW Statement of Work

SP Special Publication

SRE Service Related Equipment

SRL Service Related Labor

SSAE Service Organization Management Controls

SSL Secure Socket Layer

SSMT Site and Service Management Tool

SSO Single Sign-on

TaaS Testing as a Service







1-xxvii


TACACS Terminal Access Controller Access Control System

TIC Trusted Internet Connection

TDD Test Driven Development

TDM Time Division Multiplexed

TIA Telecommunications Industry Association

TICAP Trusted Internet Connection Access Provider

TO Task Order

TTR Time to Restore

ToS Type of Service

TS/SI Top Secret/Sensitive Information

TSP Telecommunication Service Priority

UCS Unified Communication Service

UIM Unified Infrastructure Manager

UM Unified Messaging

UNI User Network Interface

UPSR Uni-directional Path Switched Ring

US-CERT United States Computer Emergency Response Team

VADER Vehicle and Dismount Exploitation Radar

VAR Value Added Reseller

VESDA Very Early Smoke Detection Apparatus

VoD Video on Demand

VolP Voice Over Internet Protocol

VPN Virtual Private Network

VPNS Virtual Private Network Service

vR vRealize

VTS Video Teleconferencing Service







1-xxviii


WAN Wide Area Networks

WCS Web Conferencing Service

WFM Workforce Management

WPS Wireless Priority Services







1-3

services in the areas of Service Related Equipment (SRE), Service Related Labor (SRL),

and Cable and Wiring services with the intent to broaden their work scope and expand

their responsibility and authority as task orders are awarded to Harris. In addition, we

have established a core group of small businesses with next-generation capabilities to

ensure we stay abreast of emerging technologies that may be introduced to the GSA and

our Federal Government Customers as missions, goals, and objectives change and new

capabilities are required (i.e., Software Defined Networking (SDN) and Network

Functional Virtualization (NFV)).

Our core network backbone natively supports data, voice, and video as well as

network services such as Optical Wave Service (OWS), SONET services, co-located

hosting, , wireless communications, satellite communications and other ancillary services,

e.g., web, voice and video conferencing. Our comprehensive services and global reach

enable us to support an ideal mix of services across an expansive coverage area. We are

fully prepared to leverage our core network and essential security service capabilities on

EIS to ensure cost-effective procurements of superior end-to-end solutions for all federal

agencies.

Harris also offers GSA an extensive set of in-place, global network assets and

services to ensure that we can readily provide services to OCONUS and non-domestic

locations. Harris will partner with the GSA to shape the next-generation of

telecommunications and IT infrastructure services that provide high levels of availability,

reliability, flexibility and agility, ease of implementation and continued evolution. Our

offering, which includes transition assistance support, also yields high quality

services that will meet federal agency needs while maintaining cost competiveness.

We achieve these objectives by understanding and using proven operational processes

and establishing valid service performance monitoring and measurement of key network

parameters such as bandwidth utilization, latency, jitter, and packet loss.

To succeed, EIS needs a Critical Network Provider that understands the customer

missions, adopts those missions as their own, and focuses on innovative, customized,

low cost end-to-end infrastructure solutions. EIS needs a team with the proven capability

to design, procure, deploy, transition, and operationally manage a telecommunications

network and a broad range of telecommunications services. And, EIS needs a partner







1-4

that has a proven record of meeting all KPIs/SLAs and delivering major cost savings

through cost effective services and optimization efforts.

Harris offers GSA and each Agency user a best-value, low-risk, cost-effective EIS

solution that leverages existing network infrastructure, diverse domain experts,

and a robust portfolio of IT services to ensure end-to-end integrated solutions.







1-5

1.0 NETWORK ARCHITECTURE

. This customization

and tailoring of our private network yields focused security solutions, high throughput, and

low latency by eliminating bandwidth resource contention with multiple customers.







1-6

Ethernet services,

complying with the Metro Ethernet Forum (MEF) standards for E-LINE, E-LAN and

E-TREE services. Voice services are implemented using Voice over IP (VoIP) technology.

Our Internet Protocol Voice Service (IPVS) supports Session Initiation Protocol (SIP)

Trunking and interoperability with the Public Switched Telephone Network (PSTN).

Managed Network Services (MNS) supports all EIS-provided services through the design,

engineering, implementation, transport, access, and management necessary to deploy,

operate, and maintain agency-specific networks. The Harris core network can also be

augmented, if required, by implementing our optional data services such as Optical

Wavelength Service (OWS) and SONET services.

Harris’ offer includes cellular wireless 3G/4G, Long-Term Evolution (LTE) services,

WiFi, and satellite communications fixed and mobile services. These services can be

provided as stand-alone services and/or as alternative access services integrated with

our core backbone architecture.

The Harris core network is also architected to support future technologies and services

as they evolve, including enhancements and upgrades to continuously improve

telecommunications, network services, and associated support. As a Critical Network

Provider, Harris is hardware and software agnostic, enabling us to objectively design,

deploy, and manage private and virtually private network services.

The combined Harris global infrastructure features a comprehensive set of operations

support services. The NOC/SOC facilities, tools, and staff will monitor and maintain all

agency networks on a 24/7/365 basis for best-in-class availability and proactive security.

The NOC and SOC answer help desk phones, provide Tier-1 support to customer-specific

network users, and provide Tier 1 through 3 support to customer NOCs for access and

transport services across our backbone as well as for customer equipment. The Harris







1-8

consists of routing protocols that control how packets are forwarded, and the data plane

forwards packets based on the control plane’s direction. The control plane can be thought

of as the “brains” of the network and is distributed throughout the nodal equipment

(routers/switches) of the network. SDN alters this model by separating the control plane

and data plane functions and centralizing the control plane of the network. Centralizing

the control plane allows applications to have greater control of network resources and the

forwarding function of the data plane. It also provides greater situational awareness of the

overall state of the network from a centralized location. With this increased awareness

new capabilities such as the dynamic allocation of resources and bandwidth on demand

are enabled. Although SDN is still early in its evolution, it is being deployed in some data

center architectures. The inherent benefits of SDN can lead to new and innovative

security designs, processes, and procedures, enhancing the security posture across the

enterprise, , data center, mobile and wide area network, and the Internet of Things (IoT).

NFV is a more near-term capability and the focus of telecommunications and network

service providers today because it is considered to be a first step towards a future SDN

architecture. NFV allows for the control plane to be virtualized and separated from the

nodal equipment, but it is not necessarily centralized. The goal of telecommunication

service providers is to simplify and speed up the implementation of new services as well

as scale their networks when needed. These processes have become increasingly

complex and costly because more space, power and nodal equipment is usually required.

By virtualizing the control plane, simpler and smaller network devices can replace larger

and more costly nodal equipment. For these reasons, Harris and our teammates have

been actively investigating these emerging technologies for the past several years and

have built preliminary roadmaps into our IT infrastructures and Wide Area Networks

(WAN) to natively support these next-generation capabilities. We are advocates of NFV

and transitioning network equipment functions onto industry-standard servers, switches,

and storage devices to reduce capital and agency expenditures, improve network

efficiency, and increase agility, scalability, and security.

2.0 TECHNICAL RESPONSE

Harris’ robust ‘high quality’ services portfolio provides the flexibility and agility to

support agency transitions to future technologies. Our high quality service offerings will







1-9

enable interoperability and help agencies further transition from legacy technologies to a

converged IP environment with common, core security standards through an expansive

array of modern telecommunications and IT service offerings.

As a Critical Network Provider, Harris has decades of experience in the design of

customized services and solutions and their integration with new or existing hardware,

packaged and custom software, and our backbone infrastructure; optimizing the value of

commercial services. We also manage the complexity inherent with change and evolving

technologies, from requirements planning to architecture, testing, deployment, operations

and maintenance and beyond.

Our offer ensures best value services and real improvements in service continuity for

the GSA and federal agencies. As a Critical Network Provider and full service vendor,

Harris strives to provide the necessary planned services, transition assistance, and

support at the best price and of the ‘highest quality’. Our best value, low risk, cost effective

services’ portfolio is based on our proven processes, people and tools augmented with

directly relevant experience and lessons learned from past managed service network

efforts.

Harris brings unmatched experience as a Critical Network Provider to providing

telecommunication and network services for government agencies. Our experience with

managing and integrating multiple carrier networks into a seamless high quality service

solution is proven on large successful programs like the FAA Telecommunications

Infrastructure (FTI). Harris’ carrier neutral and vendor neutral approach provides highly

reliable and affordable network and telecommunication services because we create

“managed competition” between hundreds of Local Exchange Carriers (LECs) and

broadband Multiple Service Operators (MSOs) with every network design. This approach

provides great flexibility in our network designs as we can add new service providers

and/or equipment suppliers when it provides benefits to the Government.

Harris’ disciplined engineering practice utilizes the Service Design lifecycle phase

outlined in the Information Technology Infrastructure Library (ITIL)v3 which has been

successfully implemented on our network programs. Our disciplined processes,

management expertise and technical prowess ensure the delivery of optimized network

and services’ solutions as well as a seamless transition approach that is non-disruptive







1-10

to ongoing operations for all federal agency task orders. Harris has a reputation of being

a trusted partner that provides operational excellence predicated on a comprehensive

solution-based vehicle addressing all aspects of federal agency information technology

and infrastructure requirements.

The Harris process for evolving and continuous incorporation of new technologies

starts with the Harris Lab certification program. This service continuity process is an in-

depth process to ensure the new functionality not only provides the desired benefit but

also does not adversely affect other currently deployed services. Impact to the overall

network is evaluated to ensure that all potential network and security impacts are known

and mitigated. Examples of potential network impacts include excessive bandwidth

utilization, router capacity issues and IOS upgrade issues. The Harris Security Team

checks to see if any security modifications are required to support the new feature and

evaluates the impact the new service may have on the security posture of the network. In

parallel with the technical testing, the new feature is also integrated into the management

system to ensure the new feature has complete operations support before deployment.

The Harris Network Operations Team evaluates the new feature to ensure that the

network management system can monitor the performance and availability of the service.

If a new SNMP MIB is provided with the feature, it is tested during the integration process.

Once a service has been fully tested and integrated into the management system the

support staff is trained, and the new feature and required operational support procedures

are documented. Before the service is deployed, the customer is also given the

opportunity to monitor integration testing in the Lab. After lab testing, a beta site is

selected for the first deployment of the new service. The test site is typically a small site

that is not very critical to the mission. The duration of the test at the beta site is based on

the overall complexity of the new service being implemented. If the solution requires an

architecture change then the test may last for several days. If it is a simple configuration

change then it may only need a few hours. The time of the test will be jointly determined

by the Harris Test Team and the customer. After the test is completed, a deployment

schedule is jointly developed between the Harris Deployment organization and the

customer.







1-12

2.1.1 Mandatory Data Services

The Harris solution for Mandatory Data Services meets and exceeds the current and

future GSA requirements within the EIS RFP (Paragraph 2.1). The Harris Mandatory Data

Services solution is available in all of the CONUS CBSAs, 3 OCONUS regions, and 25

non-domestic locations (countries) and provides solutions for all mandatory requirements

and most optional features described in Paragraph 2.1. Mandatory data services are also

supported in the following OCONUS regions:

Alaska Hawaii Puerto Rico

Harris anticipates these mandatory services and solutions will be enhanced and

upgraded throughout the life of the contract. Before deploying new technologies, Harris

will work with vendors, monitor standards development and implement a rigorous testing

and certification program(s). Due to our Critical Network Provider heritage, Harris has

mature detailed processes and procedures developed and proven over time to maintain

service continuity during the upgrade process.

Harris’ experience working with government agencies such as DoD, FAA, service

providers, and telecommunications providers gives Harris an understanding of what

needs to be accomplished to provide the GSA and its customers with high quality data

services. Harris is a full service vendor that will provide experienced transition

assistance and support of critical and routine data services. Being a Critical Network

Provider, Harris has the ability to optimize solutions and provide highly competitive

prices while providing high quality best in class services.







1-14

management with both IPv4 and IPv6 support. Load sharing, fail-over protection, and

diverse access options are also provided.

The Harris solution will use Quality of Service (QoS) to accommodate and optimize

an agency’s applications to enable the network to accurately and consistently allow for

traffic prioritization and cost efficiencies. The Harris QoS solution supports both Intserv

and Diffserv models.

QoS will provide support for the following types of network traffic:

1. Time-critical traffic such as voice and video.

2. Business-critical traffic such as transactions.

3. Non-critical traffic such as email.

The Harris VPNS solution coverage includes all of the CONUS CBSAs, three

OCONUS locations and 25 non-domestic locations (countries). The Harris VPNS solution

provides low latency and high availability VPN services. The Harris VPNS solution fully

complies with OMB-11-11 “Continued Implementation of Homeland Security Presidential

Directive (HSPD-12) Policy for a Common Identification Standard for Federal Employees

and Contractors”, NIST Special Publication (SP) 800-46 Revision 1 “Guide to Enterprise

Telework and Remote Access Security” and CNSSP-15, National Information Assurance

Policy on the Use of Public Standards for Secure Sharing of Information Among National

Security Systems. The security features of this solution support multiple encryption and

tunneling methods. Figure 2.1.1.1.1 shows how the three VPN types are implemented.

The three basic traffic types for VPNS are:

1. sites, using broadband or

dedicated access. Figure 2.1.1.1.1 illustrates an Intranet VPN on the right side of

the drawing. The brown line shows the communication path between two sites

within the same agency. Intranet VPN’s provide secure communications between

two different sites within the same agency. The encryption of the service is premise-

to-premise providing secure end-to-end transport. The premises equipment

providing encryption will be provided by the Harris solution and will support multiple

encryption options.







1-16

2.1.1.1.2 Standards (C.2.1.1.1.2)

The Harris VPNS solution is standards based and complies with all specifications,

Government Policy’s, IETF Requests for Comments (RFC) and Working Groups listed in

Paragraph C.2.1.1.1.2 of the RFP. The Harris solution includes a mature and proven

process for infusing new standards based technology into a network infrastructure that

will be used by EIS customers.

Harris continuously monitors standards bodies, Government policies, vendor

specifications and working groups for new features and the development of new

standards. Harris has strong relationships with equipment vendors and works closely with

them when investigating promising new features and technologies. Harris’ experience

building mission critical networks requires us to be meticulous and deliberate when

deploying new technologies and we have developed detailed processes and procedures

when deploying new features. Harris uses the same process for implementing new VPNS

technology and services described above in Paragraph 2.0.

2.1.1.1.3 Connectivity (C.2.1.1.1.3)

The Harris VPNS solution will connect Government locations and trusted business

partners for site-to-site access or broadband services for remote access to provide direct

connectivity between all sites as a partially or fully meshed WAN. The Harris VPNS

solution complies with all listed connectivity instances in the EIS RFP for VPNS. In

Figure 2.1.1.1.1 shown earlier, the connectivity is depicted in the green blocks.

2.1.1.1.4 Technical Capabilities (C.2.1.1.1.4)

The Harris solution will meet all the requirements stated in the RFP SOW

Section C.2.1.1.1.4 (Technical Capabilities).







1-19

In response to technical capability 7d, signaled QoS is applicable to applications

that require a specific service level. IntServ QoS shown in Figure 2.1.1.1.4-4 is where

every router in the system implements and guarantees the service receives the required

bandwidth along the entire path. IntServ is a mechanism that provides Signaled QoS and

uses Resource Reservation Protocol (RSVP) to explicitly signal the prioritization needs

of an application's traffic along the network nodes in the end-to-end path through the

network. If every network node along the path can reserve the necessary bandwidth, the

originating application can begin transmitting. Besides end-to-end signaling, IntServ

requires capabilities on all routers and switches along the path to support Admission

Control, Classification, Policing, Queuing and Scheduling.

In response to technical capability 7e and the DiffServ QoS model, a packet's

"class" can be marked directly in the packet, which contrasts with the IntServ model where

a signaling protocol (RSVP) is required to tell the routers and switch which flows of

packets require QoS treatment. DiffServ achieves better QoS scalability, but IntServ

provides tighter control QoS for real-time traffic. Harris has experience with both methods

and will implement the appropriate QoS mechanism (IntServ or DiffServ) based on the

specific requirements of each Task Order (TO).

Figure 2.1.1.1.4-4. IntServ QoS

In response to technical capability 8, the QoS methods described above are not

limited to a specific access network technology. These are features of the equipment







1-20

providing access and can be supported on all of the access methods listed within this

RFP.

In response to technical capability 9, the Harris solution will support customer

marking of packets for QoS (Diffserv) purposes. If the Government Agency prefers for

Harris to mark packets, then we will mark packets at the edge of the VPNS core network

on the agency’s behalf. The Harris solution also supports customer signaled QoS (Intserv)

as long as the signaling protocol used is RSVP.

In response to technical capability 10

The advantage of using a VPN is that it

provides isolation of traffic and limits the exchange of traffic and routing information to

only those sites that are authenticated and authorized members of the VPN. Harris will

provide a layered security architecture to ensure that potential threats will be challenged

with multiple levels of security.

In response to technical capability 11, the Harris solution supports permanent and

temporary VPN users across the network. The Harris solution will reuse an existing

process developed for the nation’s Air Traffic Control network for implementing short

duration services.

In response to technical capability 12, the Harris solution will provide secure routing

services with MD5 authentication using a key chain. MD5 message-digest algorithm is a

widely used cryptographic hash function, typically expressed in text format as a 32 digit

hexadecimal number. The key chain functionality provides a mechanism for storing a

number of different electronic keys, and the key string value is associated with a specific

key for the lifetime that the key is valid. Before routers can pass routing information, the

keys are verified. The Harris solution also implements Access Control Lists (ACL) at the

edge of the network to provide additional protection from routing storms, bogus routes,

and prevention against unauthorized access to the network components.

In response to technical capabilities 13, 14 and 15, the Harris security

management system provides full encryption services which include encryption,

decryption, authentication, key management and security monitoring and reporting.

Authentication services for temporary access users can be either Harris provided, third

party provided or agency provided. The Harris security team, using proven







1-22

routes can be given the same cost and both routes would be inserted into the routing

table as equal cost routes.

In response to feature ID 1.2, a failover protection feature will be provided through

the use of dynamic routing. Dynamic routing is designed to route traffic over the lowest

cost path through the network. During a failure, dynamic routing will reroute traffic over

the next best available path. Without tuning failover parameters, route convergence can

take several seconds dependent on network conditions when the failure occurs.

In response to feature ID 1.3, diverse access points to the core network Point-of-

Presence (POP) will be implemented using two approaches. If a location has dual

entrances to a building, then logical and physically diverse access can be provided over

100% of the path. If a single entrance to the building is available, the last mile will

physically be shared for part of the path. When the shared access path enters the first

node in the access network, the two logical paths are split into two physically diverse

access paths to the Harris backbone. For single access paths, traffic will be logically

separated over the last mile by using either different channels on the access circuit (T1,

DS3, OC3 or etc.), or by using different VLANs for Ethernet access. Figure 2.1.1.1.5-2

shows examples of both methods for providing this feature.

Figure 2.1.1.1.5-2. Diverse Access Examples







1-28

Rooted multipoint configurations are also called E-Tree services. E-Tree connects

several sites, similar to multipoint-to-multipoint configuration. The difference is that E-Tree

connects one or more root sites to a set of leaf sites and then prevents inter-leaf

communication. An E-Tree example is shown in Figure 2.1.2.1.1-4. More than one site

can be configured as the root site and other sites can communicate with each other

through multiple root sites; for example, connecting disparate LAN segments into a single

agency-wide virtual LAN. E-LAN can be offered over the MAN and/or WAN.

Figure 2.1.2.1.1-4. Harris Rooted-to-Multipoint ETS Service

2.1.1.2.2 Standards (C.2.1.2.1.2)

Harris is a full service vendor and provides a fully compliant standards based ETS

solution. Harris will comply with all specifications, Government Policy’s, IETF Requests

for Comments (RFC) Working Groups, and the MEF Architecture Framework listed in

Paragraph C.2.1.2.1.2 of the RFP. The Harris ETS solution complies with all standards

identified in the EIS RFP for ETS.

Harris continuously monitors standards bodies, Government policies, Metro Ethernet

Forum, vendor specifications and working groups for new features and the development

of new standards. Harris also has strong relationships with equipment vendors and works

closely with them when investigating promising new features and technologies on the

horizon. Harris’ experience building mission critical networks enables us to be meticulous

and deliberate when deploying new technologies and we have developed detailed







1-29

processes and procedures for deploying new features. Harris uses the same process for

implementing new ETS technology and services described earlier in Paragraph 2.0.

2.1.1.2.3 Connectivity (C.2.1.2.1.3)

The Harris ETS solution complies with all listed connectivity instances in the EIS RFP

for ETS as described below:

Intra-agency LAN-LAN Connectivity. The Harris ETS solution provides connectivity for

an agency’s LANs located in the same city or different cities, thereby extending the LAN

to the MAN and WAN. This is achieved by connecting the agency’s SDP(s) in one location

to another SDP(s) in one or more locations as shown earlier in Figure 2.1.1.2.1-1.

Interconnection is possible over transoceanic links, if required.


The Harris Ethernet Transport Service (ETS) solution provides high quality service for

the customer while meeting all the following mandatory and optional technical capabilities

identified in Section C.2.1.2.1.4 of the EIS RFP:







1-37

IPVS Service Elements

IPVS Core Network:

The Core IPVS network configuration shown in Figure 2.1.2.1.1 will provide redundant

paths to SIP Trunking Facilities (Soft Switches) in redundant Data Centers to carry normal

daily traffic with redundant “hot stand-by” backup trunks in case of congestion, blockage

or failure on the primary routes. By splitting EIS traffic evenly to both SIP Trunking

Facilities, and providing an appropriate amount of “hot stand-by” backup trunks in each

direction, the Harris solution can ensure the network is fully survivable and meets all

Government requirements for Routine and Critical Availability.

Within this redundancy, Session Border Controllers (SBC) are added at the Data

Centers and external meet points to allow more efficient routing to PSTN and other

external networks by routing the media or call data directly to the external network instead

of through the IPVS Core Network Data Centers to reduce the overall latency of multiple-

network routes.

The quantity of SIP trunks will be based on the unique calling patterns and volume of

individual users such as:

User locations sorted by time zone

Headcount by location

Hours of operation

Peak busy hour and call distribution by hour for each location







1-39

Harris will monitor the peak combined simultaneous call volume for all of the customer

locations in each time zone. On an on-going basis we will combine the call volume so

that, on an hour-by-hour basis, simultaneous call volumes occurring across the time

zones are characterized and trended. This approach ensures SIP Trunk allocation always

exceeds the minimum value required to meet EIS Grade of Service specifications.

VoIP Switches providing all switching capabilities and features specified in the EIS

SOW for Network-based (Hosted) IPVS operation are interspersed within the SIP

Trunking network cloud. These switches will service the needs of multiple Agency IPVS

User Enclaves accessing the SIP Trunking Service through multiple Gateways. Access

to the profiles and features of each Agency Enclave’s IPVS Users will be restricted to the

Harris Team and Agency IPVS administrators.

Our SIP Trunking Service Gateways will accept all specified EIS interfaces and traffic

levels and all off-net participant interfaces, which may be PSTN, Internet, Wireless

Providers, Satellite Gateways, PSAP Networks and other Agency or public networks in

the U.S. or abroad. The Gateways are composed of Routers, Firewalls, Switches, SBCs

and other devices required to maintain robust and secure access. The Gateways provide

all required format, standard and rate conversion to the user sources to ensure end-to-

end compatibility.

Centralized Auto-Attendant assistance is available 24/7 to accept user directory

requests via inbound calls from the PSTN or IPVS network.

The Management and Security Servers at each Data Center will monitor the IPVS

provider’s network to ensure that the IPVS Service is operating properly and associated

EIS performance and security requirements are met, including those of the user premises

managed LAN. These servers are connected to the Harris OSS so that the same status

information is available at the Harris NOC to ensure that any issues are addressed

immediately and required escalation procedures are followed.

The IPVS Provisioning Server configures the IPVS Service hardware and software for

user services based on service orders received from the Harris OSS and requests for







1-40

authorized real-time or near real-time configuration activity performed by an IPVS Agency

administrator through a secure provider website. There is a bi-directional bridge between

the IPVS Provisioning Server and the Harris OSS to accept orders and report IPVS

activity that is billed on a metered basis.

Host-Based IPVS: Hosted IPVS consists of a group of users with IP-compatible phones

or other analog and ISDN-BRI instruments in a building or campus location. Users with

IP-compatible instruments are typically connected by dedicated Switches on the

Managed LAN to the access interface consisting of a Router and Session Border

Controller (SBC). Analog and ISDN-BRI user interfaces are connected to the SBC, which

provides mediation into IP/SIP. The SBC also provides remote PSTN dial in lines for

remote in/out access to the local IPVS network. Management and Security interfaces for

the LAN are combined with user traffic at the Router access interface. The Router and

SBC provide routing, signaling and firewall functions to access the IPVS Core network

and Host Switch using SIP Trunking over the EIS VPN Service. An Agency administrator

coordinates authorized ‘adds, moves and changes’ of Agency IPVS services through the

EIS Internet portal.

Premises-Based IPVS: Premises IPVS services are similar to Hosted services, except

a local VoIP switch is provided, so that the local IPVS service can operate with full

technical capabilities and features without connection to the Host network. In the example

shown in Figure 2.1.2.1.1, the Premises IPVS is connected through our SIP Trunking

Service to the IPVS Core network for external SIP Trunk Access, Management and

Security Services.

For both Host-Based and Premises-Based IPVS, SIP Trunking is the standard for

network transmission and PSTN interoperability.

2.1.2.1.2 Standards (C.2.2.1.1.2)

The Harris IPVS solution complies with all standards identified in the EIS RFP for IPVS

and we will support the optional G.729a coding standard as part of our standard offering:

1. ITU-T G.711

2. (Optional) ITU-T G.723.x, G.726, G.728, or G.729.x

3. ITU-T H.323, H.350







1-47

sets or other PoE devices. We will provide, manage, maintain and repair or replace all

equipment necessary to provide the Managed LAN Service, except for those portions of

the service for which the Government is responsible (e.g., power, facilities, rack space,

cabling/wiring).

The Harris Managed LAN Service will comply with industry standards for the

equipment and interface types and will employ no proprietary technology.

Our Managed LAN Service will meet or exceed each of the technical capabilities

specified in EIS SOW C.2.2.1.5.

2.1.2.1.9 Session Initiation Protocol Trunk Service (C.2.2.1.6)

The Harris IPVS solution is fully compliant with all Session Initiation Protocol Trunk

Service requirements.

We will provide Session Initiation Protocol (SIP) Trunking that interoperates with any

Private Branch Exchange (PBX) systems that support SIP-based IP Trunk interfaces as

shown earlier in Figure 2.1.2.1.1.


2.1.2.1.11 Features (C.2.2.1.6.2)

The Harris IPVS solution will provide the following specified SIP Trunk Service

features:

1. Automatic call routing – The Harris solution will provide the caller ANI to the

customer terminating location via SIP Messaging.

2. Bandwidth QoS management – Harris will monitor if concurrent call volume peaked

above their standard trunk totals to estimate current bursting calls and add network

trunk resources

3. Trunk bursting – Our bursting functionality will allow users to have additional,

concurrent calls up to 25% above their configured total SIP Trunks to prevent call

blocking during times of increased traffic. This provides a business continuity







1-54

Because of our experience in designing, implementing and transitioning safety critical

networks like FTI, Harris brings established processes, tools and discipline to the

implementation and transition phase for each network Task Order.

Implementation, Management and Maintenance: In response to item 1, Harris

develops and implements compliant comprehensive solutions for each Task Order that

are tailored to meet agency-specific requirements. Customized solutions are a hallmark

of Harris network solutions due to our Critical Network Provider mentality focused on

meeting all customer requirements. Commercial telecommunication and network service

offerings are designed to accommodate as many customers as possible and necessitate

a common design where “one size fits all”. In contrast, Harris tailored network solutions

are optimized to a specific agencies unique set of requirements and based on a best

value business and technical managed service model.

These solutions include both wireline and wireless access service solutions described

in our response in Paragraph 2.1.4 of this response. Implementation, management and

maintenance of the mandatory transport solutions for both data and voice are described

in Paragraphs 2.1.1 and 2.1.2. Optional transport services for both data and voice are

described in Paragraphs 2.2.1 and 2.2.2.

Harris also provides tailored customer premise solutions designed to meet all agency-

specific interface requirements including modern standards based interfaces as well as

legacy serial data interfaces (e.g., RS-232).

Harris customizes and tailors security solutions for each agency based on their

specific requirements, policies and practices. Harris performs security risk assessments

for each specific government agency and implements, manages and maintains these

tailored security solutions.







1-59

information on the health and status of the agency-specific network. The web portal

supports SNMP read-access data feeds that provide the status for all network equipment

and services including agency-specific equipment. The web portal provides near real time

status on the installation schedule of all provisioning activities such as equipment

installation, access circuits, and transport services including ports. Network performance

statistics including equipment availability, network throughput, network latency, and

application level performance information are available on the web portal. The web portal

provides agency-specific visibility to configuration data associated with Class of Service

(CoS) and Quality of Service (QoS) information. Trouble ticket status and reporting as

well as security logs are also provided to the Government Agency through the web portal.

In response to item 14, the web portal provides access to the Harris Site and Service

Management Tool (SSMT) for tracking agency-specific access circuit, transport service,

equipment inventory and provisioning status information.

In response to item 15, other current and historical information provided through the

web portal secure access includes, but is not limited to the following:

a) Bandwidth utilization

b) Burst Analysis

c) Data errors

d) Network delays (latency), reliability

and data delivery summaries

e) End-to-end network service views

f) Exception analysis

g) Link, port and device utilization

h) Network statistics

i) Protocols used

j) CPU utilization

k) Network traffic, port and protocol views

2.1.3.1.5 Features (C.2.8.1.2)

Harris will support all service features identified for Managed Network Services:

1. Maintenance and repair of Government Furnished Property (GFP) and Service

Related Equipment (SRE).

2. Agency-Specific NOC/SOC services when required by specific Task Orders. The

processes, tools and capabilities supported by the Harris NOC/SOC are described

earlier in Paragraph 2.1.3.1.4. Harris also supports testing as specified and

required by individual Task Orders.







1-61

outside the validated address range are considered potential attack indicators and

become dropped network traffic.

In the east we will use a secure location

in Northern Virginia to provide connectivity to facilities in the east and some locations in

the central United States.

Both of these POP facilities have three degrees of diversity meaning they have three

physically diverse backbone paths traveling east/west and north/south to improve service

survivability. These locations also support all transport service types and speeds for all of

the required services identified in SOW Section C.1.8.8. Additionally, both locations are

near Internet Exchange Points (IEP) for all major Tier 1 Internet Service Providers (ISPs)

in the United States. The IEPs are local (in the same Metropolitan area) in both cases

and a single hop away. The round-trip delay to these local IEPs is negligible, meaning

that it is less than a couple of milliseconds (ms).

Additionally, any Extranet service can be connected to any POP on our nationwide

backbone footprint and reach our Traffic Aggregation Service in Denver and/or Northern

Virginia. On average, any customer service located in the west will be about two backbone

hops away from our POP in Denver. In the west, the average round-trip delay per hop is

about 8 ms making the average round-trip delay 16 ms (or 8 ms one-way). In the eastern

part of the country our POP density is greater compared to the west, but the average

delay per hop is lower – about 5 ms. On average, any customer service in the east will

be about 3 hops away from northern Virginia for an average round-trip delay of about

15 ms (7.5 ms one-way).







1-64

Instrumentation to measure transport SLA KPIs (as if traffic passes through

loopbacks in EINSTEIN Enclaves with no impact within DHS GFP being counted

against the offeror’s performance).

Harris uses commercially available instrumentation and provides metrics to DHS, GSA

and the customer agency to measure transport SLA KPIs, excluding the redirection route

through the DHS Enclaves. Harris uses iPerf or Test TCP (TTCP) in client/server

configurations to measure network quality of service. Latency, or round trip response

time, is measured via the Ping command. Jitter, or latency variation, is measured with a

UDP protocol test, and datagram loss can also be measured with a UDP diagnostic.

Available bandwidth is measured through TCP testing between the client and the server.

Network and service availability is monitored and measured using Ping commands as a

heartbeat signal.







1-67

solutions including terrestrial and wireless with custom reliability requirements. Harris has

extensive experience formulating unique access arrangement solutions for a broad range

of requirements.

The Harris solution encompasses a consortium of Competitive Local Exchange

Carriers (CLECs), Incumbent Local Exchange Carriers (ILECs), Multiple System

Operators (MSOs), and national service providers. In addition, Harris has business

relations through aggregators for access arrangements from smaller carriers with network

coverage to rural/remote locations. With a united diverse consortium of service providers,

Harris has formed a comprehensive network footprint to provide integrated solutions

through a single contractual arrangement. Harris is capable of adding additional access

arrangement providers to meet end user requirements for diversity and expanded network

coverage.

The first approach of establishing access connectivity is via an interconnection

between the CLEC teammate and within a collocated POP. In this approach, assuming

the end-user location is On-Net to the CLEC, the CLEC will provision an access







1-68

arrangement circuit from the end-user location to the CLEC equipment within the

collocated POP.

.

The second approach of establishing access connectivity is via an interconnection

with a CLEC teammate. The CLEC teammate transports the access circuit to the end-

user SWC, where it is handed to the ILEC. The ILEC will provision an access arrangement

circuit from the end-user location to the SWC, which is handed off to the CLEC and the

CLEC teammate transports the circuit to the Harris

This array of Harris solutions is well positioned to deliver a selection of access

arrangements to the GSA and its customers to meet their intended goals for service

continuity, availability, reliability and mission critical communications/applications.

.

Harris will provide special construction to meet service delivery and/or performance

requirements in the following cases:

1. An access arrangement does not exist or does not have sufficient capacity, and

special construction will need to be provided through the implementation,







1-69

rearrangement or relocation of physical plant solely to satisfy the requested access

arrangement.

The Harris solution will take the necessary steps to fulfill each access arrangement/

special construction project by collaborating with the agency/facility owner/property

management, and Ordering Contracting Officer (OCO) to coordinate and schedule site

surveys. Preliminary access arrangements design(s) will be developed and site survey

data will be captured on the Site Survey Estimate Template for special construction.

Harris will provide all of the artifacts to the applicable stakeholders to review, provide

feedback, suggestions and/or point out any concerns. Harris will collaborate with the

stakeholders to address any concerns and make any necessary changes to the special

construction design to ensure a cohesive approach.

Harris has spearheaded and managed numerous access arrangement and inside

facility special construction projects, each with its own unique challenges. Such

challenges are comprised of working with a variety of contractors, design consideration

for wildlife reserves, permitting, X-ray of concrete walls and floors, safety, OSHA etc.

From an access arrangement service ordering and management perspective, a

service delivery platform will be established and integrated with a web portal. This

platform will have an Access Arrangement component which will allow GSA and/or

agencies to select the desired access technologies with diversity options. To provide

seamless order entry and service lifecycle management, Harris with its teammates and

partners have implemented communication links between the various functional systems

which includes; Business Support System (BSS), Operations Support System (OSS) and

Network Management System (NMS) to provide a holistic workflow for service

provisioning and service activation with active monitoring capabilities, reference

Figure 2.1.3.1.1 Service Delivery Platform provided in the Managed Network Services

(MNS) description.







1-70

Harris will lead the scheduling and coordination of

performing site acceptance testing with all the stakeholders including end user(s).

2.1.4.2 Standards (C.2.9.1.2)

The Harris Access Arrangements solution complies with all standards identified in the

EIS RFP for network access.

2.1.4.3 Connectivity (C.2.9.1.3)

The Harris Access Arrangements solution complies with all listed connectivity

instances in the EIS RFP for network access

The Harris solution is comprised of strategically selected telecommunications network

service providers. Each team member was selected based on their geographical network

coverage area(s) i.e., local, regional, national and non-domestic to ensure end-to-end

connectivity within each CBSA

2.1.4.4 Technical Capabilities (C.2.9.1.4)

. The technical capabilities which will be encompassed with

the range of line speeds for access arrangements will include integrated access of

different services with transparency to any protocol. The Harris solution will provide

various type of access arrangements via commercially available equipment operating with

the latest software release and with technical capabilities based on industry standards.

Table 2.1.4.4 shows the type of access arrangements and associated technical capability

options that will be available and supported.

Table 2.1.4.4. Harris Access Arrangements & Associated Technical Capabilities

1. T1. This category of AA will support line rate of 1.544 Mbps, which can be configured to provide channelized or un-

channelized T1 access arrangement as follows:

a) Channelized T1. In this mode, 24 separate DS0s clear channels of 56/64 kb/s will be supported.

b) Unchannelized T1. In this mode, a single 1.536 Mbps information payload will be supported.







1-75

2. Maintain a minimum separation of 30 feet throughout all diverse routes between

premises/buildings where an SDP and its associated network connecting point are

housed.

3. Maintain a minimum vertical separation of two feet, with cables encased

(separately) in steel or concrete for cable crossovers.

In instances where minimum separation and/or diversity and/or avoidance is not

achievable, Harris will exert best effort to propose an acceptable access arrangement

solution as well as a special construction option to meet agency requirements.

Furthermore, during the development of TO proposals, Harris will work with the

ordering agency to understand their routing preferences for access circuits connecting

agency SDPs to associated connecting network points. These special routing requests

are captured in the specific agency TO and associated provisioning records. Recognizing

that uncompromised (i.e., adhering to the explicit route conditions requested at time of

TO) may not be available in some locations, Harris will apply best effort to propose an

acceptable arrangement along with documentation describing any necessary

compromise. If the specific route is not possible or the compromised solution is not

acceptable to the agency, it will be negotiated on an individual case basis.

In addition to physically diverse access arrangements, the CLEC, ILEC, MSO, national

service provider’s equipment installed at agency facilities is carrier grade (i.e., Redundant

Power Supplies, Redundant Processor modules, Redundant Switch Fabric and

Redundant Line Cards). The redundant capabilities carrier grade equipment provides

coupled with diverse access arrangements allows for automatic switching of transmission

in real-time. The systems are configured to operate in primary mode and transmit data

via the primary access link. In the event of a network issue on the primary route/path, the

system will automatically switch to the redundant mode and transmit data via the diverse

route/path. Once the issue on the primary mode and/or primary route/path is resolved the

system can be configured to automatically or manually switch back to the primary path.

The switching of transmission should not result in a network outage or be noticeable by

the end users.

From time to time CLECs, ILECs, MSOs and Long Distance carriers perform

configuration changes, network grooming and/or maintenance on their network elements







1-76

due to changes in their network topology and routing. These configuration, grooming and

maintenance activities can affect the operational integrity of access circuits as well as

produce diversity or avoidance violations. If the proper controls and processes are not

established the configuration, maintenance and grooming activity may cause unexpected

operational issues. Operational issues that arise due to configuration and maintenance

activities within the access/transport path will be immediately noticeable. However,

grooming activities which affect circuits flagged with diversity or avoidance are not as

noticeable. Grooming activities which cause diversity or avoidance violations will only be

discovered during a network outage when the diverse and/or avoided circuit needs to be

operational due to a failure on the primary path or circuits that were flagged to be avoided

experience a simultaneous interruption based on a network outage experienced by the

service provider. To circumvent such unexpected interruptions and violations, Harris has

established control measures and processes to proactively review and identify the

circuit(s) that will be affected by configuration changes, maintenance and/or grooming

activities. The control measures and processes that have been established with the

teammates/carriers include tagging a circuit with a flag which annotates the circuit with

the applicable classification i.e., diverse path, avoidance and/or Telecommunication

Service Priority (TSP).

The DLRs are entered into the diversity and avoidance system/database as well as a

graphical baseline representation is developed.

Prior to any proposed access reconfigurations, maintenances and network grooming

activities affecting routes previously implemented with access route/path diversity or

avoidance, Harris will provide to the agency written notification and revised PCLs for OCO

approval in accordance with the requirements in the TO. Such communication will include;

type of event, duration, start and stop time. Harris will provide maintenance and grooming

activity notifications to the OCO 30 days prior to the event. The final steps Harris will

perform is the review of the updated DLRs, perform a comparison and validation to insure

there are no diversity or avoidance violations, update the system/database, re-baseline

the route/path and produce an updated graphical representation of the access solution.







1-77

Harris has a dedicated diversity and avoidance team whose sole responsibility is to

interface with service providers and monitor and review DLRs to ensure that diversity and

avoidance violations are prevented. The diversity and avoidance team will provide a

graphical representation (e.g., diagrams, and maps) of access circuit routes to show

where diversity has been implemented to the OCO within 30 calendar days of the

implementation of access diversity and again thereafter when a change is made.

2.1.4.6 Interfaces (C.2.9.3)

The Harris Access Arrangements solution is compatible with all listed interfaces

identified in the EIS RFP for network access including all listed User Network Interface

(UNI) types and standards including the payload data rate and signaling type at the SDP

for access arrangements.

2.2 OPTIONAL EIS SERVICES

Wireless Communication Services are provided based on specific Task Order

requirements and can be implemented as a standalone service or as an alternative

access service such as out-of-band network management for agency-specific Service

Related Equipment (SRE). Other optional services such as the provisioning and

operations and maintenance of SRE, Service Related Labor (SRL), and Cable and Wiring

services will be provided to support design and engineering as well as the implementation

of all services. Table 2.2 summarizes the Harris optional service offerings:







1-80

wavelengths. A Customer Network Management access connection is shown providing

alarm monitoring capabilities as well as capabilities for set up, modification, and tearing-

down of connections.

The Harris offering for Optical Wave Service (OWS) provides government agencies

with dedicated broadband, framing-independent transport networks for interconnecting

offices throughout domestic locations. The Harris solution provides optical electronics

equipment and fiber connectivity representing local and long-haul transport network

infrastructure. Local Transport solutions are developed using a comprehensive set of

vendors and resources available to Harris in its role as System’s Integrator.

Harris offers highly available, low latency solutions and in its role as a Critical Network

Provider, ensures every solution is specifically designed and implemented to meet

customer needs.

Access connections to agency locations are provided using appropriate Access

arrangements, as described in the Access Arrangements section of this proposal volume.

Management of the OWS Transport infrastructure is performed by a trained and

experienced staff of Network Operators and Technicians with a proven track record of

provisioning, transitioning, optimizing and maintaining critical customer services on major

National networks such as FTI Operations and Mission Support. As requested, Customer

Network Management (CNM) access to monitoring and management views and tools

associated with dedicated network transport elements can be provided to requesting

agencies using user-friendly, secured Web portal or remote user interface arrangements.

As a proven Critical Network Provider for multiple federal Government networks,

Harris has a unique relationship with telecommunications service and equipment

providers. Because we have the latitude to use a wider range of solution providers than

typical Carriers, a competitive relationship between vendors and providers is established

and maintained, driving innovation and adoption of technology upgrades and

enhancements.







1-87

The Harris optical solution in the example illustrated in Figure 2.2.1.2.1 is

As requested, the Harris solution allows agency access to the Data Communications

Channel (DCC), allowing agencies to establish communication between its edge devices.

Harris SONET service is available in Metro areas and long haul CONUS

implementations and select OCONUS regions. Harris SONET services support

connection to and interoperability with Government specified terminations (e.g., SDP-to-

SDP, POP-to-POP) and any other EIS Provider’s network compliant with industry

standards.

The Harris solution for SONET service enables Agencies to build optical transport

networks that are high bandwidth, with a high level of reliability and traffic isolation. These

transport networks are built using facilities from the Harris optical backbone infrastructure.

SONET services provide proactive performance monitoring and enable self-healing

functions with robust network management.

Additionally, Agency locations can be provisioned with Access Arrangements

to connect into SONET topologies via Optical Add-Drop Multiplexers (OADMs).







1-98

accordance with, but not limited to, the NIST SP 800-54. MD5 will be used to

authenticate router peering and ACL’s will be used to protect both the agency and

the network from being flooded with bogus routing information.

2.2.1.3.5 Features (C.2.1.7.2)

The Harris IPS solution supports the mandatory Class of Service (CoS) feature. Harris

will support prioritization of three classes of service: Premium, Enhanced, and Standard.

To provide the network layer prioritization feature,

DiffServ classifies and marks packets so they

receive a specific per-hop forwarding behavior at network devices along a route. The ToS

bit is set once, based on policy information, and then read and acted on by network

devices. Because IP is an internetworking protocol, DiffServ works across networks,

including carrier and service provider networks that support the service. Therefore,

DiffServ will support CoS on the Internet, Extranets, and Intranets.







1-105

enact the technical capabilities for the collocated hosting service to manage the migration

of Government furnished property (GFP), and to strictly administer the ITIL framework for

comprehensive IT service management.

GFP Management: Our EIS Colocation Migration Approach consists of four (4) phases

that complete pre-delivery preparation, equipment relocation and provisioning, and set up

and readiness of equipment interoperability—constituting well-defined strategy and

comprehensive planning for non-disruptive migration to colocation environments,

positioning Harris to safely assume responsibility for all damage or injury to persons or

property occasioned in the delivery of collocated hosting service delivery.

Preparation: manages change and manages the move—assisting GSA and the Agency

CO/COR in task order and service order management, CLIN pricing, and contract

deliverables review. We also confirm functional requirements for service level

management.

Discovery: meticulously documents the pre-migration environment consisting of GFP

and other equipment, cataloging make and models, serial numbers, asset tags, MAC

addresses, rack requirements, and detailed cabling maps for both power and networks.

The Move: we move non-critical systems first, then systems with smaller downtime

windows. In a “forklift” move, we shut down all equipment and move them to the collocated

facility all at once. During this phase we provision the necessary physical space,

environmental systems, security systems, network connectivity, and 24x7 service

management.

Post-Migration: with equipment racked and cabled, we undertake the same meticulous

documentation process executed in the Discovery phase. We verify that every GFP asset

is moved, plugged-in, configured, and monitored. A second post-migration activity tests

for environment compatibility and interoperability. SLA performance readiness is

confirmed through a post-move audit.

Service Management Our EIS Customer Service Portal for Collocated Hosting

Services provides agency customers with remote, real-time status alarming and reporting

of collocated facilities and GFP, to include the status of power to each rack, environmental

cooling, smoke detection, facility entry/exit logs and service connectivity. Our automated

control systems manage facility environments, continually sensing conditions and







1-106

sending real-time alerts to trained facility engineers when conditions approach defined

environmental thresholds. At the same time, our control systems present alarms to

agency users registered in our management console and visible from the EIS Customer

Service Portal. Additionally, our trained and certified operations support staff ensure the

availability of agency systems and GFP at all times, employing the ITIL framework

comprehensively.

2.2.4.5 Features (C.2.4.5)

The Harris collocated facilities deliver secure environments for the protection of

information and resources for federal agencies complying with the physical and technical

security standards set forth by Intelligence Community Directive (ICD) 705, Sensitive

Compartmented Information Facilities: deliver spaces that prevent compromising

emanations, inadvertent observation or overhearing, disclosure by unauthorized persons,

forced entry, and the detection of surreptitious and covert entry.

s. Harris

is prepared to construct or configure SCIF spaces to meet task order requirements within

the United States or overseas data centers in Europe and Asia Pacific.

2.2.4.6 Performance Metrics (C.2.4.5.1)

The Harris Colocation Hosting Services will meet and exceed each of the listed Key

Performance Indicators (KPIs), in accordance with the associated notes to the KPI Table

provided in EIS SOW C.2.4.5.1. NS2020 Agency customers are 100% guaranteed of

continuously available collocated hosting services through secure, reliant, fully

redundant, carrier-neutral data center communications and operations.







1-110

The Mobility Switch connects to the RAN, which is a wide area network of cellular

repeater sites, through a fiber and microwave radio backbone. The placement of the

cellular repeater sites is carefully engineered to provide superior coverage factoring in

terrain and man-made features. The RAN directly connects to the user radio devices

through an RF (Radio Frequency) air interface.

Centralized operator assistance is available 24/7 to accept user directory requests via

inbound calls from the PSTN or MCS network.

The Management and Security Servers at each Voice Switching Center will monitor

the MCS provider’s hardware and software to ensure that the MCS Service is operating

properly and associated EIS performance and security requirements are met.

The MCS catalog-based ordering items specified in EIS Section B will be available to

NCS users via a public Internet portal provided by the Harris OSS.

Users — MCS users consist of individual cell phones, PDAs, data modems, M2M devices

and WiFi hotspot and Femto cell repeaters to enhance indoor coverage. The MCS will be

compatible with all standards-based user BYOD devices, and equivalent MCS provider

devices are included by us in Service Related Equipment (SRE) as specified in EIS

SOW C.2.10.

2.2.6.2 Standards (C.2.6.1.2)

The Harris MWS solution fully complies with all identified standards and their subparts

identified in the EIS RFP for MWS. The Harris solution will also comply with new versions,

amendments, and modifications made to the above-listed documents/standards including

beyond 4G.







1-115

and recommends to customers the best way to achieve the most efficient use of that

resource. The Harris advantage, as the second largest customer of satellite services, is

a strong working knowledge of how to get the service requirements of its customers

satisfied.

Harris has the ability to leverage its volume purchasing to the benefit of EIS customers.

An Agency mission can require satellite bandwidth, equipment, installation, operations

and maintenance (O&M) and support services globally. Harris’s robust managed satellite

service offering, with over 1300 satellite engineers, ensures meeting all SLA’s, timely

service delivery through continuous dialog with satellite vendors or through our own ready

pool of capacity to provide rapid response to bandwidth on demand requirements. Harris’

engineers and bandwidth partners will design, implement, and operate leased bandwidth

services and leverage our core expertise in space segment optimization and satellite

operator management in every solution we provide to GSA agency customers.

Harris also offers Mobile Satellite Services (MSS) and Aeronautical SATCOM services

to the U.S. Government. We are currently a Value Added Reseller (VAR) of Iridium

services and through our channel partners/vendors, U.S. SecureNet, SATCOM Direct

and U.S. Space, BGAN, Global Xpress, and Thuraya services. In addition, we partner

with SATCOM Direct for aeronautical services such as In-Flight Connectivity (IFC) or In-

Flight Entertainment (IFE) for U.S. Government aircraft. Harris currently provides 1 GHz

of Ku-band bandwidth only to support manned/unmanned aerial systems (MAS/UAS)

such as Predator, Reaper, Warrior-A, Global Hawk, Broad Area Maritime Surveillance-

Demonstrator (BAMS-D), Grey Eagle, Ku Spread Spectrum (KuSS), Medium Altitude

Reconnaissance Surveillance System (MARSS), and Vehicle and Dismount Exploitation

Radar (VADER). With Harris, EIS customers will have one toll free number to call for

ordering and operational service issues. Our satellite solutions employ no proprietary

technologies to provide the proposed technical capabilities and features.

2.2.7.2 Standards (C.2.7.1.2)

Harris and its suppliers comply and will continue to comply with all performance

standards applicable to the delivery of mobile and fixed satellite services.

Commercial Fixed Satellite Service (CFSS):







1-124

proprietary technology to provide the proposed capabilities and features. Upon Agency

request, Harris will offer alternative technologies, for example Cisco WebEx, as part of a

TUC (Task Order Unique CLIN) with similar capabilities and implementation

architectures.

MS Cloud — Our Cloud-Based MS Office 365 with Skype for Business WCS offering is

provided by MS Data Centers as SaaS (Software as a Service). Our WCS MS Cloud

offering provides all the features and benefits of our proposed UCS Cloud offering fully

described in Paragraph 2.2.8.2.1. Agency WCS users and other Internet users will

generally interface to the MS Data Centers through the Internet, although each Data

Center is equipped with a substantial Gateway capability to accept all Agency IP

interfaces and all off-net Internet participants in the U.S. or abroad.

WCS Operations Help Desk — WCS Help Desk, Management, Security and

Provisioning functions are identical to those described for our UCS offering described in

Paragraph 2.2.8.2.1, except the WCS Help Desk is equipped with Internet and public

telephone access.

Users — WCS Service users are not one location or network, but an instance of multiple

users at many locations and on many networks joining a conference. Users may access

a WCS conference using any Web Browser equipped device. Most WCS Agency users

will access the Data Centers through a TIC, but alternative EIS IP services may be used.

Off-net, world-wide WCS access will be through the Internet. Any Web Browser plug-in

required for users to play back, participate in, or lead a Web Conference session will be

provided with the service.

2.2.8.1.2 Standards (C.2.8.2.1.2)

The Harris WCS solution complies with all standards identified in the EIS RFP for

WCS.

2.2.8.1.3 Connectivity (C.2.8.2.1.3)

The Harris WCS solution complies with all listed connectivity instances in the EIS RFP

for WCS.







1-129

The MS Cloud Offering will provide the needed modernization platform to launch the

collaboration, social media, unified communications, audio, video and innovative tools of

the future at a reduced price point from current agency environments. Our offering

optimizes the value of commercial MS software services and ensures evolving/continuous

incorporation of new technologies through intrinsic growth of the MS products.







1-131

The MS Cloud Offerings will:

Deliver an “evergreen” service with the latest innovative solutions for end users. (The

term “evergreen” describes a service that maintains technological currency and

innovation, including the latest messaging and productivity solutions. Agencies,

therefore, do not have to wait for years, potentially, for new capabilities that address

their mission.

Deliver cloud services to enterprise businesses with a 99.9% Service Level

Agreement (SLA).

Provide advanced security solutions, such as Just-in-Time (JIT) access management

for Microsoft personnel. Microsoft does not believe that it has to have access to

customer data to maintain the availability and continuity of the environment.

Prevent “configuration drift” of the environment with procedures that rebuild all servers

at fixed intervals to protect the environment from configuration, incident, and intrusion

threats.

Provide customers with timely, targeted, and accurate reporting through the Service

Health Dashboard (SHD), which provides alerts and communications on the health of

the service.

These types of solutions are unique to the MS Cloud Offerings and cannot be

replicated with scale and accuracy on other platforms.

Currently, MS Cloud Solutions are being used by the U.S. Naval Reserve, U.S. Air

Force, and Defense Logistics Agency (DLA), and is hosted in MS Data Centers serving

more than 600,000 users.

2.2.8.2.1 Service and Functional Description (C.2.8.3.1 & C.2.8.3.1.1)

We offer our UCS as a Cloud-Based, Premises-Based or Hybrid solution. Our UCS

service delivery platform is shown in Figure 2.2.8.2.1.







1-133

UCS service delivery requires the interfacing of several EIS components:

EIS Access and Transport Services

The Harris Operations Support System (OSS) providing management oversight, and

The UCS Service itself, composed of MS Cloud, UCS Operations Help Desk and user

elements

The EIS Access and Transport Services are provided under other EIS contract

components and the OSS is provided by Harris as part of our value added service. This

description concentrates on the UCS Service elements and their relationship to the other

components in providing the UCS Service. Our UCS Service will not employ any

proprietary technology to provide the proposed capabilities and features. Upon Agency

request, Harris will offer alternative technologies, for example Cisco WebEx/Spark, as

part of a TUC (Task Order Unique CLIN) with similar capabilities and implementation

architectures.

Office 365 for Government combines a browser-based productivity solution, combined

with the uptime and availability of an enterprise-grade cloud platform in the core plan,

across multiple browsers, including the current and the immediate previous version of

Internet Explorer and Firefox, and the latest version of Chrome and Safari.

In addition to the requirements for UCS in EIS SOW C.2.8.3, the MS Cloud-Based

and Hybrid UCS MS Skype/Office SaaS offerings will comply with the applicable

requirements of C.2.5.3 Software as a Service, including referenced system security







1-134

requirements. The MS Office 365 Multi-Tenant & Supporting Services is a compliant

Cloud Service offering with Agency FedRAMP Authorization.

The MS Data Centers hosting the Cloud Service are HA/HR facilities employing the

latest technologies for the utmost in service availability:

Software Defined Networking (SDN)

Purpose designed servers

Multiple, redundant power sources

Redundant Data Centers with dedicated high bandwidth fiber facilities

Agency UCS users will generally interface to the MS Data Centers through a TIC Each

Data Center is equipped with a substantial Gateway capability to accept all Agency IP

interfaces and traffic levels and all off-net Internet and PSTN SIP Trunk participants in the

U.S. or abroad.

UCS Operations Help Desk — The Harris OSS will provide 24/7 Tier 1 Help Desk

assistance for UCS problem reporting and trouble ticketing. The UCS Operations Help

Desk function is available 24/7 to provide Tier 2 and Tier 3 technical support and

operational assistance for UCS configuration and reporting. The UCS Operations Help

Desk has an on-line IP connection to the user device interfaces to satisfy the requirements

of EIS SOW C.2.8.3.1.4 -4 (r) that it be part of the UNI. The UCS Operational Help Desk

is also equipped with public telephone.

The Management and Security Servers will monitor any UCS user premises provider

hardware and software, and maintain a replica of MS Data Center SaaS performance and

security monitoring to ensure that the UCS Service is operating properly and associated

EIS performance and security requirements are met. The servers are connected to the

Harris OSS so that the same status information is available at the Harris NOC to ensure

that any issues are addressed immediately and required escalation procedures are

followed.

The Provisioning Server provides portal translation from the Harris OSS to the MS

Cloud and configures any user premises hardware and software for user services based

on service orders received from the Harris OSS and requests for authorized real-time or

near real-time service activity coordinated through the UCS Operations Help Desk. There







1-135

is a bi-directional bridge between the UCS Provisioning Server and the Harris OSS to

accept orders and report UCS activity that is billed on a metered basis.

Users — The User end of the UCS service is specified to be implemented as an

application hosted by the contractor that supports multiple users over an IP network

(agency- or contractor-provided), or as a premises-based, hosted, or hybrid solution. We

propose a Cloud-Based (multiple-user) solution with alternatives for a Premises-Based or

Hybrid solution.

Premises-based Solution: In a Premises (Managed) solution, UCS Management

and Client Servers running MS Skype for Business and MS Office 365 are added to the

user enclave (e.g., at an Agency location). This configuration allows all of the UCS

functionality to operate autonomously within an Agency location. In this case, the

connection to the MS Cloud is not required, but the connection to the UCS Operations

Help Desk location is still required for support, performance monitoring and provisioning

assistance. Harris will offer the Premises solution as an Individually Case Based (ICB)

CLIN.

Hybrid Solution: Harris considers two principal cases of a Hybrid solution (other

cases are possible):

Premises/Cloud Hybrid Solution:

Legacy Hybrid Solution: A case where an existing Digital PBX with existing

subscriber devices are connected to the MS Cloud for UCS services similar to the Cloud-

Based configuration through a SIP Gateway. This case is occasionally used for Legacy

to UCS transition.

Harris will offer the Hybrid solution as an Individually Case Based (ICB) CLIN.







1-139

Security Information and Event Management (SIEM) technology, and understands the

importance of an accurate, correlated, common operational picture for security situational

awareness. Our MPS solution includes a flexible monitoring framework, various devices,

and tools that can only be created from years of experience providing real time monitoring

for large critical infrastructures.

2.2.8.4.1.2 Vulnerability Scanning Services

Our vulnerability scanning service is Secure Content Automation Protocol (SCAP)

compliant. To secure an infrastructure, one must discover the vulnerabilities within it and

mitigate them to reach an acceptable risk posture for an enterprise. Harris, as a provider

of mission critical networks, routinely scans its own and our customer’s networks. We

build a picture of the network vulnerabilities, and recommend appropriate mitigations to

our customers. The vulnerability database and scanning service we use can also be used

to prepare an organization for cyberwarfare, as the vulnerabilities in an infrastructure

frequently become points of attack. These scans may originate within the network, or on

the other side of a network perimeter. We also understand that legacy software

environments may not allow some vulnerabilities to be mitigated directly, and work with

our customers to define appropriate countermeasures when required.

2.2.8.4.1.3 Incident Response Service

Most organizations using a Managed Security Service Provider began using one in

response to an incident or possible intrusion. Incident Response Services include

proactive, pre-emptive services that protect a network and prevent successful intrusions.

These activities include onsite consulting, analysis of the enterprise security policy,

processes, tools, and existing countermeasures, and audits of the operational security

environment. From a baseline security posture, a plan can be built for an enterprise that

includes continuous monitoring with vulnerability scanning, network mapping, policy

reviews, and cyber awareness training. These activities are conducted in preparation for

Reactive Incident Response Services, which provide telephone and on-site support to

react to potential security incidents, with an emphasis on damage containment and

control. The objective is to prevent any single incident from crippling an enterprise

network infrastructure. This includes detection and containment of Denial of Service

(DoS) attacks, viruses, worms, Trojan horse infections, data exfiltration attempts, and







1-140

insider threat activities such as espionage. Harris provides the capabilities to enhance

cyber resiliency within an organization, and can provide the forensic services required to

successfully prosecute offenders. Our forensic services group has a 100% conviction rate

when called to testify in cyber-attack prosecutions.

2.2.8.4.2 Standards (C.2.8.5.1.2)

Our Managed Security Service Solution complies with all applicable security

standards, including FISMA (44 U.S.C. Section 301. Information security), NIST FIPS

Pub 140-2, NIST FIPS Pub 199, and all NIST security guides and special publications.

As a Managed Security Services Provider, Harris is continually benchmarking its

capabilities against evolving security technology standards. These include the United

States Computer Emergency Response Team (US-CERT) reporting standards and the

Internet Engineering Task Force (IETF) RFC 2350, Expectations for Computer Security

Incident Response. Harris is an active participant in NIST Security Standards Working

Groups and various industry security organizations, including the Cloud Security Alliance.

We constantly monitor the standards bodies for new developments and maturing

technologies that could impact our services. Harris frequently brings these requirements

to our customers’ attention, and uses these standards to ensure interoperability between

legacy network devices and emerging capabilities such as software defined networking.

2.2.8.4.3 Connectivity (C.2.8.5.1.3)

The Harris Solution offers managed security services that connect and interoperate

within the agency networking environment, as defined by the agency in the Task Order.

In our role as a Critical Network Provider we have designed and implemented network

Demilitarized Zones (DMZ) and secure LAN segments as well as Extranet Gateways and

Internet Gateways, for various customers. For example, on FTI Harris maintains the

Extranet Gateway for trusted third parties to support structured data exchange

capabilities.


The Harris MSS solution complies with all MSS technical capabilities. Our technical

capabilities for each Managed Security Service Offering are described in the following

paragraphs.







1-147

A key feature of incident response is the capability to provide investigative and

forensic services to the agency. Forensic data collection includes capturing data,

maintaining the chain of analysis used to determine the origin and actions of a potential

attacker, and collecting the information while preserving the chain of custody. Harris has

been called upon to assist in administrative actions and legal proceedings, including

testifying in court if necessary to assist in prosecution.

The best defensive measure for an INRS is security awareness and training. In

conjunction with the agency customer, Harris provides security awareness training on an

as-requested basis. This training can include classroom or computer based courses,







1-148

mock attack drills, emerging trends in threats and vulnerabilities workshops, and

refinements to incident response processes such as new tools and capabilities.

2.2.8.4.5 Features (C.2.8.5.2)

Our MPS, VSS, and INRS capabilities provide flexible, tailorable solutions to support

agency requirements effectively. The Harris MSS fully complies with all required MSS

features.

2.2.8.4.5.1 Managed Prevention Service (MPS)

a) Firewall

. Our firewall solutions provide Network Address Translation

(NAT) and Port Address Translation (PAT) to disguise internal IP addresses. Agency

specified security policies such as packet blocking and session termination of

nonconforming traffic are supported through the use of the firewall rulesets.

b) Personal Firewalls –

For instances where

hardware deployment is not possible, the McAfee Endpoint Protection product is

applied as a software firewall solution.

c) Network Intrusion Prevention System –

. It provides the

ability to analyze network and application protocols and packet content. Suspicious

activity is identified, monitored and mitigated through the blocking or termination of a

session based on known attack signatures and behavior patterns.

d) Endpoint Protection –

This capability provides application firewall, endpoint







1-149

recording, whitelisting, blacklisting (banning), threat detection, and remediation

recommendations to protect agency endpoint systems as required.

e) Secure Web Proxy – the

This includes protection against spyware,

phishing attacks, peer-to-peer services, and streaming applications. URL blocking is

supported.

f) Inbound Web Filtering – This capability

filters inbound web sessions at the HTTP/HTTPS/SOAP/XML-RPC/Web Service

application layers and protects against cross site scripting, SQL injection attacks,

session tampering, buffer overflow errors, and malicious web crawlers.

g) Application Level Gateway – the

h) Network Behavior Analysis –

These three capabilities profile “normal” behavior and identify anomalies

such as DDoS attacks, scanning, and some types of malware such as botnets.

Anomaly detection allows Harris to identify potential attacks before they can become

pervasive throughout the agency. Source, destination, and estimated size of encrypted

connections are maintained in logs for further analysis.

i) Network Traffic Content Analysis and Sandboxing – Harris uses the CISCO

Automated Malware Protection (AMP) Threat Grid Appliance in conjunction with the

CISCO Intrusion Detection/Prevention capabilities of the ASA 5500 series firewalls to

provide traffic content analysis. Static and dynamic analysis engines can be applied in

conjunction with threat intelligence indicators to identify suspicious objects in near real

time. A sandbox is used to contain the object until it can be rendered harmless and

released into the network.

j) Email Forgery Protection and Filtering –

This appliance applies digital fingerprinting,







1-150

lexical analysis, and clustering techniques to supplement keyword and pattern

matching and applies these techniques to both structured and unstructured data. The

gateway identifies regulated content (HIPAA, SOX, GLBA); and personally identifiable

information, such as credit cards, Social Security numbers, and regional-specific

identifiers. Upon detection, a wide range of policy based actions can be applied,

including forced encryption (push, pull, TLS), alerting, re-routing, quarantining,

blocking, and other custom actions defined by the agency. Intel’s Email Gateway

identifies and blocks incoming spam while providing integrated protection against

viruses, malware, phishing, directory harvest, denial-of-service attacks (DoS), and

bounce-back attacks. These capabilities include protection of information about an

agency’s networks or domains through the use of proxy information to protect the

actual sender/recipient domains and user IDs, as well as filtering based on the domain

and header-based information. Email filtering rules are established in conjunction with

the agency to maximize protection of their domains and to establish an effective email

management policy.

k) Email Content Analysis and Sandboxing – Intel’s email gateway provides these

capabilities to the agency. Objects and attachments to emails are extracted from the

message and Intel’s threat intelligence engines provide static and dynamic analysis of

the content to determine if the content is malicious. If malicious content is detected, it

is handled according to the email security policy established by the agency.

l) User Authentication Integration – integration of the Intel email gateway’s threat

mitigation service with the agency’s authentication service is an inherent feature of the

gateway architecture.

The objective is to make user authentication transparent to the email

gateway architecture while maximizing the protection provided.

m) DNSSEC –

This solution includes protection

against Distributed DOS attacks, DNS tunneling, cache poisoning, NXDomain, and







1-151

DNS/DHCP attacks. At the same time, whitelisting technology is used to support

connectivity to the top 1,000 sites through reputation analysis.

n) DNS Sinkholing –

The

appropriate response to DNS query manipulation is determined in conjunction with the

agency to ensure the agency’s security policy is correctly implemented and enforced.

o) Data Loss Prevention (DLP) – Harris provides DLP capabilities through a

combination of services

Our goal is to enforce

the agency’s security policies while protecting its data from deletion, destruction, or

unauthorized disclosure.

p) Demilitarized Zones (DMZs) Support – Harris is very familiar with DMZ architectures

for various agency applications. DMZs are used to provide buffer areas between

private agency internal networks and public network domains such as the Internet. Our

DMZ architectures support Web (HTTP), FTP, email (SMTP and MIME) and DNS

servers. The objective of the DMZ architecture is to protect the agency’s network

information from unauthorized disclosure and potential malicious attacks.

q) Extranet Support – Harris has implemented extranet architectures and connections

to protect our customer’s internal networks while facilitating connectivity to trusted third

parties or other government agencies. Extranet architectures are supported with

appropriate firewalls, DMZs, and gateways in accordance with the security policy of

the agency.

r) Firewall-to-Firewall VPNs –

This allows the SOC to maintain a secure connection for monitoring the health and

security status of the firewalls and their tunnels.







1-152

s) Remote Client VPNs –

Network Connect runs as the client-side VPN capability that is

downloaded to the remote agency user’s device. Upon successful two factor

authentication, the encrypted VPN connection is established. Upon termination of the

connection, the VPN is disconnected.

t) EINSTEIN 2

u) Short term Storage – Harris provides the storage capacity for at least 24 hours of

agency-specific data generated by the MPS through the use of the ArcSight Logger

appliance. Logger provides the capability to store up to 8Tb of data. This data is

compressed and correlated prior to storage, and can be accessed by the agency in

near real time through the SOC console.

v) Long Term Storage – Harris provides a storage area network (SAN) for long term

storage of agency specific security information. When the ArcSight Logger

environment is nearing capacity, the data is offloaded to the SAN for long term storage.

SAN storage is accessible by request to the SOC operators on an as-needed basis.

2.2.8.4.5.2 Vulnerability Scanning Service (VSS)

Our VSS

products have received NIST SCAP 1.2 validations, for Common Vulnerabilities and

Exposures (CVE) and as an Authenticated Configuration Scanner (ACS). Tenable

supports XML, PDF, HTML, and CVS APIs to facilitate export of vulnerability scan results

into reports and other utilities to make the VSS as useful as possible to the subscribing

agency.







1-154

The Harris Managed Mobility Service (MMS) will provide EIS users with superior

support for agency-owned and personal mobile handheld devices (smartphones and

tablets, based on smartphone OSs) to access Agency networks and applications in

accordance with the agency’s IT security policy. We will fully support security, network

services, and software and hardware management for mobile handheld devices, including

the increasing use of Bring Your Own Device (BYOD) initiatives and advanced wireless

computing that is becoming an important part of Agency strategies.

We will support all aspects of MMS, including mobile device management (MDM),

mobile application management (MAM), mobile content management (MCM), mobile

security management and Deployment.

MMS is one of the most complex GSA service offerings, and Harris’ historical

competence as a mission critical Critical Network Provider and transition/migration proven

experience will ensure its successful implementation and operation.


We offer our MMS as a Cloud-Based, Premises-Based, or Hybrid solution. MMS is

essentially a value-added overlay on the MWS service specified in EIS SOW C.2.6.

MMS service delivery requires the interfacing of several EIS components:

EIS Access and Transport Services

EIS MWS Service

The Harris Operations Support System (OSS) providing management oversight, and

The MMS Service itself, composed of Data Center and user elements

The EIS MWS, Access and Transport Services are provided under other EIS contract

vehicles and the OSS is provided by Harris as part of our value added service. This

description concentrates on the MMS Service elements and their relationship to the other

components in providing the MMS Service. Our MMS Service uses AirWatch software to

provide the proposed capabilities and features.

Cloud-Based Solution

Data Center The core of our MMS Cloud-Based Service is redundant MMS Data

Centers with centralized MMS Mobility Servers. The Data Centers are identically







1-155

configured and geographically dispersed to provide load balancing of expected user traffic

and protection against single points-of-failure during man-made and natural disasters.

Each Data Center is equipped with a substantial Gateway capability to interface with

the EIS MWS Mobility Switches and to accept all specified EIS interfaces and traffic levels

from MMS Agency users. The Gateway is composed of Routers, Firewalls, Switches and

other devices required to maintain robust and secure access. The Gateway also provides

a connection to all other Data Centers in the MMS Service to synchronize the transfer of

user services in case of local failures or capacity limitations.

The Cloud Mobility Servers provide the MDM, MAM, MCM and Security functions

specified in the EIS SOW.

The principle Cloud Mobility Server interface is IP MMS data which is routed by the

Gateway to both the target MWS Providers and the subscribing Agency networks. The

connection to the MWS is distributed over the MWS RAN to all mobile devices in the

same manner as any other IP connection (e.g., the Internet). The Terrestrial IP

Connection is distributed over a secure VPN to the Agency network to provide an

alternate access to the RAN as a route for MMS data to the mobile devices.

Other Cloud Mobility Server interfaces to the secure VPN are:

A multipurpose Agency terrestrial network extension for mobile users

A local ‘Apps Store’ containing both commercial Apps and Agency Apps uploaded

over the VPN for distribution to mobile users

A reporting interface to Agency administrators

The Harris OSS will provide 24x7 Tier 1 Help Desk assistance for problem reporting

and trouble ticketing. The MMS Operations Help Desk function at each Data Center is

available 24x7 to provide Tier 2 and Tier 3 technical support and operational assistance

for MMS configuration and reporting. The MMS Operations Help Desk has an on-line IP

connection logically separated from user traffic on the secure VPN connection to the

Agency administrator. The MMS Operations Help Desk is also equipped with public

telephone and internet connection for general use.

The Management and Security Servers at each Data Center will monitor the MMS

provider’s hardware and software to ensure that the MMS Service is operating properly

and associated EIS performance and security requirements are met. These servers are







1-156

connected to the Harris OSS so that the same status information is available at the Harris

NOC to ensure that any issues are addressed immediately and required escalation

procedures are followed.

The MMS Provisioning Server configures the MMS Service hardware and software for

user services based on service orders received from the Harris OSS and authorized real-

time or near real-time Agency administrator changes to user profiles and features

communicated over the secure VPN. There is a bi-directional bridge between the MMS

Provisioning Server and the Harris OSS to accept orders and report MMS activity that is

billed on a metered basis.

Users The user end of the Cloud-Based MMS service are the mobile devices which

receive MMS data over either RAN or Agency network extensions. Users will be provided

an application to install on their devices to enable MSS as part of the MMS Service. An

Agency administrator has access to MMS Data Center facilities over a secure VPN for

the following:

Access to MMS Provisioning Server for authorized ‘Adds, moves and changes’ of user

profiles, features and privileges

MMS reports from the Cloud Mobility Servers

Access to the Mobile Apps store for content management

Access to Help Desk functions

Premises-Based and Hybrid Solutions

Data Center For a Premises-Based or Hybrid solution, the Mobility Servers, Apps Store

and reporting functions are moved to an Agency location. Data Center connectivity

remains the same as the Cloud-Based service for Gateway, Management, Security,

Provisioning and Help Desk. These functions will operate in the same manner as a Cloud-

Based implementation, but their connections will be to the Mobility Servers at the Agency

location through a proxy over the secure VPN.

Users Like the Cloud-Based MMS Service, the user end of the Premises-Based or

Hybrid MMS service are mobile devices which receive MMS data over either the RAN or

Agency network extensions. Users will be provided the same application to install on their

devices to enable MSS as part of the MMS Service. The Mobility Server and Mobile Apps







1-169

Voice only participants can join the MS Cloud video teleconference by IPVS, CSVS

and MCS dial-in through PSTN meet points as described for ACS in

Paragraph 2.2.8.6.1.

Off-net Internet participants will join the MS Cloud video teleconference through a TIC

and non-Internet Off-net participants will join the MS Cloud video teleconference by

external network dial-in through PSTN meet points.

Each MS Data Center will be equipped with a substantial Gateway capability to accept

all IP and TDM interface types.

VTS Operations Help Desk VTS Operations Help Desk, Management, Security and

Provisioning functions are identical to those described for our UCS offering in

Paragraph 2.2.8.2.1, except the VTS Operations Help Desk is equipped with Internet and

public telephone access and the Operations Help Desk function includes the ability for an

attendant to join in and facilitate the Video Teleconference at user request.

Users VTS Service users are not one location or network, but an instance of multiple

users at many locations and on many networks joining a conference. Users will access a

VTS conference using standards-based audio and video enabled devices. Our VTS will

enable point-to-point and multi-point conferencing with audio conference add-on

capabilities to support the following three user configurations: 1) desktop, 2) portable roll

about, and 3) fixed conference room locations on dial-in, IP/SIP or dedicated connections.

2.2.8.7.2 Standards (C.2.8.8.1.2)

The Harris VTS solution complies with all standards identified in the EIS RFP for VTS.

2.2.8.7.3 Connectivity (C.2.8.8.1.3)

The Harris VTS solution complies with all listed connectivity instances in the EIS RFP

for VTS.







1-173


The DHS Intrusion Prevention Security Service (IPSS) consists of 4 distinct functions:

1. Indicator management – work necessary to manage and share cyber threat indicators

and countermeasures.

2. Detection – access to network traffic and the application of a range of capabilities to

inspect the traffic and identify malicious activity.

3. Response and Protection covers capabilities that apply countermeasures to prevent

and manage malicious activities.

4. Alerting and reporting covers event notification and forensic artifact handling.

Essentially, this service provides intrusion prevention, detection, and response

capabilities to facilitate the coordination and sharing of threat information across

agencies. As a provider of incident response capabilities for the last 15 years, Harris

is well versed in the processes and procedures required to coordinate incident

response functions.

2.2.8.8.2 Standards (C.2.8.9.1.2)

The Harris IPSS fully complies with the following standards and guidance:

ICD 703 – Protection of Classified National Intelligence, Including Sensitive

Compartmented Information

NSA Security Guidelines for IPSS/ECS

CNSSI 1253 – Security Categorization and Control Selection for National

Security Systems, 27 March 2014

NIST SP800-53 Rev 4, Security and Privacy Controls for Federal Information

Systems and Organizations

US-CERT Standard Operating Procedures (SOPs) SOP 108 – Identifying

Sensitive Information: PII Handling and Minimization, and SOP 110 - PII

Handling & Minimization

2.2.8.8.3 Connectivity (C.2.8.9.1.3)

Harris provides connectivity with EINSTEIN Enclaves through our Traffic Aggregation

Service. The detailed design of the Traffic Aggregation Service and EINSTEIN Enclave

is described Section 2.1.3.1.5(4) in response to the RFP SOW requirements C.2.8.1.2(4).







1-174

We examine Participating Agency traffic that meets the definition of “External Traffic”

in TIC v2.0, and can connect to DHS US-CERT data centers.


Harris is fully compliant with DHS IPSS mandatory capabilities as follows:

1. A process that allows DHS to provide cyber threat indicators and define desired

effects in the protection of covered network traffic is not a new capability to Harris.

Harris has been working with DHS cyber threat indicators from our FAA customer for

over 12 years on the FAA Telecommunications Infrastructure (FTI) program. The

establishment of a process can only be done in collaboration with DHS to provide

the most responsive capability to the Government. As the provider of the TIC Portal

and SOC capabilities, Harris is uniquely positioned to assist DHS in obtaining the

desired effect in the most effective manner. For example, if content scanning can be

performed through various tools, Harris can advise the Government on the

respective performance impacts and assist in selection of the most effective

capability.

2. Before the activation of new or modified indicators and their associated actions Harris

tests IDS/IPS sensor indicators in a laboratory environment. Modification of IDS/IPS

sensors in a large enterprise takes time to propagate the change without impacting

the mission. It is essential that the threat indicators work as intended prior to wide

scale deployment.

3. A process that allows DHS to direct actions on network traffic to gather additional

information on cyber threats, stop cyber-attacks, and respond to cyber incidents can

be created in partnership with DHS. On FTI, the FAA directs actions and coordinates

the incident response process in conjunction with the SOC.

4. Harris can receive, accept, utilize and secure GFI up to the TS/SCI level, including

PII, in accordance with DHS-approved security guidelines. Harris has cleared

personnel and Secure Telephone Equipment to support coordination activities. We

have several ICD 703 compliant Sensitive Compartmented Information Facilities on

campus that could provide an appropriate cleared facility for sensitive

communications.







1-175

5. DHS could share GFI via VPN access and/or Secure Telephone Instrument

download to Harris. This information could then be uploaded to the DHS IPSS

sensors. After validation of digital signature to ensure the integrity and authenticity of

the data, the GFI could be placed into production.

6. Additional commercially available cyber threat information from various threat

intelligence sources could be leveraged or correlated with DHS GFI to provide

additional protections. These threat intelligence services include services from Cisco,

FortiNet, Intel, and Palo Alto. The synthesis of commercially available threat

information with GFI provides validation of intelligence indicators.

7. Only indicators and associated actions approved and requested by DHS are applied

to traffic streams from Participating Agencies. Harris does not modify sensor settings

and/or security rules unless we receive direction from an authorized person.

8. The ability to apply different sets of mitigation capabilities to a Participating Agency’s

traffic that does not affect which mitigations are applied to a separate Participating

Agency’s traffic is accommodated through virtualized firewall and IDS/IPS

capabilities. Each agency has its own security policies that are enforced through their

own unique rule sets.

9. Ensure that GFI is not disclosed or shared with any third part or used for any purpose

that DHS has not specifically authorized. Disclosure of GFI that reflects classified

information is protected by traditional individual security agreements with SOC

personnel. Use of GFI for other than its intended purpose would be a violation of

security policy that could jeopardize Harris’ position as a provider of classified

security solutions. As such, we are strongly incentivized to only use information for

its intended purpose and not disclose it to unauthorized third parties.

10. Harrishas access to Participating Agency Federal System Network traffic if said

federal agency uses Harris to provide Internet services.

11. We have trained SOC incident response analysts available 24X7 providing DHS with

a capability to gather additional contextual information via phone, instant message,

or email if desired.







1-176

12. Our IDS/IPS sensors support signature based and heuristic based detection

capabilities. Emerging detection methods, such as data mining and machine

learning, can be deployed as they become operationally mature.

13. Solutions that allow for detection of malicious activity within encrypted traffic are

dependent upon the type of malicious activity. Indicators that do not involve

decryption provide a higher probability of near real time detection. Decryption

capabilities would be dependent upon identification of the encryption algorithm

applied, and other contextual indicators associated with the information.

14. Harris, as a SOC operator, is well versed in a broad variety of protection measures.

Our IPSS capabilities include:

The ability to collect more detailed information for a specific session after

malicious activity has been detected, including full packet capture.

The ability to prevent or block a detected threat by terminating the network

connection or blocking access to the target. This capability is implemented in

various gateways and firewall rulesets.

Change the attack’s content by removing or replacing malicious portions of an

attack to make it inoperable. Harris has applied packet scrubbing capabilities to

support this type of countermeasure.

Harris has used Honeynets in conjunction with Moving Target Technologies to

track evasion strategies and duplicate the processing performed by a

compromised target host.

Over time, Harris has tuned detection accuracy on IDS/IPS sensors so the

optimum ratio of false positives to false negatives that reflect the organization’s

risk tolerance level can be obtained.

15. Redirection of traffic to a safe or uncompromised server can be supported if Harris

has access to the routing tables involved, or if the Participating Agency will make the

necessary modifications.

16. Capture and storage of analytically relevant data associated with potentially harmful

traffic specific to some indicators but not necessarily applied to all indicators involves







1-177

selective storage of contextual information. This capability can be triggered by rules

associated with various IDS/IPS sensor technologies.

17. Ensuring that DHS IPSS technology does not retain traffic other than traffic

associated with suspected malicious activity would require Harris to develop traffic

inspection capabilities to validate that only traffic associated with suspected

malicious activity was retained. This would involve analysis of various logs and

indicators associated with IPSS sensors.

18. In conjunction with DHS and the Participating Agency, Harris would define a process

to apply DHS-directed prevention services, as defined and approved by US-CERT.

19. In conjunction with DHS, Harris would develop procedures to apply DHS directed

prevention services to only designated, Federal System network traffic that passes

through the TIC Portal.

20. Operation of the DHS IPSS as an in-line service that performs mitigation actions as

traffic traverses the ISP network is possible. In this case, IPSS services would be

performed as part of Portal operations, transparent to the end user. All Internet traffic

delivered to the Participating Agency’s SDP would be monitored and subject to

mitigation services before delivery. All Participating Agency traffic delivered to the

Internet through the Participating Agency’s SDP would be subject to monitoring and

mitigation prior to delivery.

21. Defining and applying the full range of existing and future DHS IPSS functional

capabilities to counter cyber threats and attacks at cyber relevant speed would be a

unique capability that would further enhance the TIC Portal capabilities.

22. Quarantined malware can be provided to the Participating Agency and DHS via the

US-CERT malware lab or other specified entities upon request.

23. Before deployment of threat indicators, signatures, or countermeasures, Harris

maintains a laboratory to ensure the countermeasures operate as intended prior to

deployment. Testing ensures that unintentional consequences are not released into

an agency network.







1-178

24. DHS and Participating agencies can be provided with detection alerts and associated

contextual information about suspicious traffic that is sufficient to identify the facts of

an incident or attempted incident in accordance with DHS guidance.

25. Data supporting network traffic pattern assessment to detect and address anomalous

patterns that may be indicators of malicious activity can be provided by Harris SOC

analysts to DHS and Participating Agencies upon request.

26. DHS and Participating Agencies can be provided with information related to

indicators, signatures, associated actions, and/or alerts over a given time period.

This information can be used to determine if the countermeasure deployment was

successful, or if the attack spread throughout a network.

27. Agency network traffic is not disclosed to anyone other than authorized DHS and

agency personnel. Participating agency data is secured against unauthorized

access, use, disclosure, and retention through SOC security procedures.

28. Harris routinely tests new detection capabilities and indicators. In conjunction with

DHS and the participating agencies, a process that allows the Government to

participate and observe tests, and that provides test results to authorized personnel,

can be defined and placed into practice.

29. Within 15 minutes of discovery, DHS is notified of any unauthorized access, use,

disclosure, or retention of Participating Agency data, and of any breach of any

security or information handling requirements provided by DHS regarding handling

of Participating Agency network traffic. Harris will provide DHS sufficient information

to assess the scope of a data breach and/or conduct a damage assessment.

2.2.8.8.5 Features (C.2.8.9.2)

Harris is fully compliant with DHS IPSS features as follows:

1. Harris can provide capabilities that apply sensitive and classified (up to TS/SCI)

indicators and countermeasures to email messages and with real time secure

information exchange with DHS for global awareness. Harris uses the Intel Secure

Email Gateway and the Fortinet Email scanning service.

2. Harris can provide capabilities that apply sensitive and classed (up to TS/SCI)

indicators and countermeasures offered by DOD/DHS to DNS queries and







1-179

responses with real time secure information exchange with DHS for awareness.

Harris uses the Infoblox DNSSec security appliances.

3. Additional countermeasures as defined and specified by DHS can be

accommodated through negotiated processes and procedures with the Harris

SOC.

2.2.8.8.6 Interfaces (C.2.8.9.3)

Harris will support the UNI at the SDP to connect the DHS IPSS services as Ethernet

Access Services as defined in Section C.2.1.2.

2.2.8.8.7 Performance Metrics (C.2.8.9.4)

Performance Metrics for this service are defined on a task order basis.

2.2.9 Service-Related Equipment (C.2.10)

When identified in a Task Order, the Harris solution will provide networking and

security equipment such as, but not limited to, Switches, Routers, PBXs, Telephones,

Servers, Firewalls, Conferencing-Related Equipment, Microwave Systems, Free-space

Optics Systems, Surveillance Systems, Sensors, Radio-related Equipment, Satellite

Earth Stations and Wireless Phones.

Harris will also ensure all agency requirements not specifically detailed within the Task

Order are addressed.

Equipment may also need to meet the Federal Information Security Management Act

(FISMA) requirements. The goal of FISMA is to promote the development of key security







1-180

standards and guidelines to support the implementation of and compliance with the

Federal Information Security Management Act including:

Standards for categorizing information and information systems by mission impact

Standards for minimum security requirements for information and information systems

Guidance for selecting appropriate security controls for information systems

Guidance for assessing security controls in information systems and determining

security control effectiveness

Guidance for the security authorization of information systems

Guidance for monitoring the security controls and the security authorization of

information systems

Harris will review the technical requirements identified in each Task Order, specific

agency requirements, Government security requirements and site specific requirements

to ensure that the agency is requesting the proper make, model and operating system of

each SRE item. If the SRE selected does not meet all the technical or agency

requirements, Harris will make alternative recommendations when replying to the specific

task order.

New Equipment Assurance

Harris is committed to providing only new equipment under this contract. Refurbished

or used equipment will not be provided. The Harris solution uses brand name equipment

supplied from proven leaders in the industry.

The equipment providers are the best in class providers in VoIP such as Cisco,

SONUS, Polycom, Mitel and AVAYA. The wireless phones and tablets are provided by

leading suppliers such as Apple, Samsung and HTC. Security equipment is provided by

Palo Alto, Cisco Systems and Juniper Networks. Data equipment suppliers include

equipment such as Cisco, Adtran, Dell and Juniper Networks.

The vendors in the equipment list all have equipment that has been JTIC and FISMA

approved for use in Government networks. JTIC certification is important because many

government agencies will only allow JTIC certified equipment to be used within their

agency IT infrastructure and it insures that customers of GSA are receiving the high

quality service from proven brand name suppliers.







1-181

Warranty Service

The Harris solution will provide, at no additional cost to the Government, a minimum

one-year system warranty (or the warranty provided by the OEM, whichever is longer) for

all hardware and software purchased under this contract, including all equipment

supplied, installed, and integrated by Harris.

Harris will provide warranty information

associated with each product and service delivered to the GSA CO or OCO if requested.

Warranty Response Time

The Harris solution will provide hardware and software support on all SRE for the first

year of service. Most equipment manufacturer warranties do not meet this requirement.

. There

will be no additional cost for the first year of maintenance.

Warranty Point of Contact (POC)







1-182

2.2.10 Service-Related Labor (C.2.11)

Harris offers comprehensive support for EIS Service-Related Labor, offering access

to directly applicable domain expertise across the entire range of EIS telecommunications

services. Harris has a 30-year record of success providing mission-tailored support labor

to Government customers implementing communications-based solutions.

Today, given our core competency as a Critical Network Provider, Harris is ideally

suited to provide EIS Service-Related Labor. Our resource pool comprises over 9,000

technical professionals across a broad range of relevant technologies and technical

disciplines. For EIS, our teammates complement and add technical professionals as

needed with EIS Service domain expertise. The result is that, collectively, the Harris Team

offers a robust capability to provide qualified Service-Related Labor support for all 21 of

the RFP Section J.5-defined labor categories, across all three levels, i.e., Junior,

Journeyman, and Senior/Subject Matter Expert (SME).

As a leading provider of Managed Network Services, Harris has optimized our

business model for the effective delivery of technical assistance to government agencies.

This assistance takes the form of service-related labor for service planning, solution

engineering, service provisioning, end-to-end service management, and service

assurance. The support provided enables our government agency customers to focus

more effectively on their mission operations through strategic outsourcing of specific

management functions. The Harris service-related labor augments the agencies’

capabilities and helps ensure the viability of their increasingly complex networks.

On EIS, Service-Related Labor will be critical to supporting key elements of

government agency objectives, including:

Transition of legacy contract telecommunications services onto more cost-effective

EIS services, without operational disruption

Design and engineering, implementation, management, and maintenance services

providing the technical and operational capabilities that ensure the availability and

reliability of agencies’ increasingly complex networks

Evolution to a new IT shared-services paradigm that streamlines enterprise-wide

delivery of IT services, significantly reduces costly duplication across business units,

and facilitates use of more-efficient, innovative IT technology







1-183

Support for consolidation of Agency data centers to optimize existing data center

utilization by leveraging purpose-built commercial data center hosting services

Exploring strategies for utilizing state-of-the-art cloud computing technology and

migrating Government IT resources to the cloud

Achievement of these objectives will transform how Government Agencies plan,

purchase, deploy, operate, and maintain their IT assets across the enterprise.

Agencies that require Service-Related Labor assistance will issue Task Orders (TO)

that include labor to support EIS services, including construction, alteration, and repair

labor required to complete a telecommunications solution if it is integral to and necessary

for the effort defined in the TO. The types of labor services to be delivered may vary

widely by TO; as a result, KPIs and SLAs will be specific to and defined in each TO.

Harris will assess each such TO and, based on the requirements and Services

involved, determine the optimal Service-Related Labor expertise necessary to address

the TO scope. The assessment will include a determination of the optimal combination of

Harris and teammate labor services as necessary for Service-specific expertise, including

Small Business teammates to the extent practicable to support Small Business goals. As

part of our TO response, measurement methods, SLA credit formulations, and tracking

methodology will be defined in response to the TO requirements.

2.2.11 Cable and Wiring (C.2.12)

In order to be a full service vendor to the Government, Harris offers the optional Cable

and Wiring services listed below.







1-184

Our installation practices

have been refined and proven over many years of installation work for FAA and other

mission critical agencies with the most demanding requirements for quality, adherence to

specifications and protection of collocated equipment and services.

2.2.11.1 Installation Services

Harris will provide installation services for equipment necessary to provide

telecommunications services and related supporting IT services. Our installation

practices will conform to all local agency standards and best commercial practice.

2.2.11.2 Required Connectivity

Harris will provide required connectivity using appropriate cabling and wiring, and

related trenching, ducting, grounding, and lightning protection systems in accordance with

the TO and appropriate standards.

2.2.11.3 Site Preparation

Site preparation work done by Harris under this contract will conform to applicable

federal, regional and local codes and will conform to accepted industry installation and

construction practices. Our understanding is that all planned work and code compliance

will be subject to OCO review and approval prior to the start of work.

Tools and Test Equipment Harris will provide the tools and test equipment to

perform the site preparation as specified in the TO and will retain ownership of the

tools and test equipment unless otherwise specified in the TO.

Temporary Utilities Harris understands that the Government will furnish facilities

and utilities to Harris that already are installed at the site, including light, heat,

ventilation, and power. Harris will provide temporary utilities that are not available in

the work area and coordinate any disconnection of utilities.

Building Additions/Changes Harris will provide building additions and/or changes

as required, provided that they are integral to and necessary for the effort stated in the

TO. HVAC and electrical construction will be limited to new or upgraded installations

necessary to support telecommunications and IT equipment. Harris will expand or







1-185

modify power systems to provide appropriate environmental controls to support the

installation.

2.2.11.4 Wiring/Cabling Warranty

Harris will provide a warranty period of one (1) year for the premises wiring/cabling

after service acceptance.

3.0 SECTION 508 REQUIREMENTS

Harris is familiar with Section 508 requirements which make electronic and information

technologies accessible to people with disabilities.

3.1 Background

Section 508 was enacted to eliminate barriers to information technology, to make

available new opportunities for people with disabilities, and to encourage development of

technologies that will help achieve these goals.

3.2 Voluntary Product accessibility Template

Harris will post Voluntary Product Accessibility Templates (VPAT) for each service

offered to our EIS web site within 30 days after NTP that offerings

comply with Section 508 standards. The applicable services are; Data Services, Voice

Services, Managed Services, Services, Colocated Hosting Services and Cloud Services

and compliant to the Harris Business Support System (BSS).

3.3 Section 508 Applicability to Technical Requirements

Services that execute mission operations shall meet the relevant provisions of

Section 508, Subparts B, C, and D as identified in Section 3.4 or shall provide equivalent

facilitation. Harris validated that we fully comply with these provisions. Compliance of the

Harris BSS with these provisions is covered in Volume 2 Management, Section 1.5.3.1.3

Web Interface – Accessibility.

3.4 Section 508 Provisions Applicable to Technical Requirements

The relevant provisions of Subpart B, Technical Standards, paragraph 1194.21,

Software Applications and Operating Systems, apply to the appropriate services, to

include but not be limited to the following:

Data Service

Voice Service

Managed Service Data Center Service







1-186

The relevant provisions of Subpart B, Technical Standards, paragraph 1194.22, Web-

based Intranet and Internet Information and Applications, apply to the appropriate EIS

services, to include but not be limited to the following:

Data Service

Managed Service

Data Center Service

The relevant provisions of Subpart B, Technical Standards, paragraph 1194.23,

Telecommunications Products, apply to the appropriate EIS services, to include but not

be limited to the following:

Voice Service

Data Service

Managed Service Data Center Service

The relevant provisions of Subpart C, Functional Performance Criteria, paragraph

1194.31, apply to appropriate services provided under the EIS contract. For the relevant

services, one of the following two capabilities will be provided:

1. Support for assistive technologies used by disabled individuals.

2. At least one mode of operation and information retrieval that:

a) For blind users, does not require vision.

b) For vision impaired users, does not require visual acuity greater than 20/70.

c) For deaf users, does not require hearing.

d) For hearing impaired users, does not require enhanced auditory capability.

e) For users with no speech capability or with impaired speech, does not require user

speech.

f) For users without fine motor control or simultaneous action capability, does not

require fine motor control or simultaneous action and is operable without limited

reach and strength.

The relevant provisions of Subpart D, Information, Documentation, and Support,

paragraph 1194.41, shall apply to the appropriate services provided under the EIS

contract.

3.5 Section 508 Provisions Applicable to Reporting and Training

Compliance with the government’s information reporting requirements are addressed

by providing the required information via the Internet, email, or telephone. Services







1-187

providing the required information will meet the relevant provisions of Section 508,

Subparts B, C, and D or shall provide equivalent facilitation.

Training will be delivered via meeting and briefings, classroom, seminars, instructor-

led and non-instructor on-line web based self-study, and manuals or desk top guides. For

training delivered via meeting and briefings, classroom, and seminars, assistance such

as signers and Braille products will be provided to disabled trainees when requested in

advance by the Government. For training delivered via instructor-led and non-instructor

on-line web based, the same capabilities provided for Internet reporting will be provided

to disabled trainees.

enterprise infrastructure solutions (eis) - l3harris

Documents