TENDER DALAM TALIAN
MAJLIS PERBANDARAN SUBANG JAYA
DOKUMEN TENDER
(JILID 2/2)
BAGI
CADANGAN MEMBEKAL, MEMASANG, MEMBANGUN, MENGUJI
SERTA MENTAULIAH DISASTER RECOVERY CENTRE (DRC) DAN PERKHIDMATAN BERKAITAN UNTUK
MAJLIS PERBANDARAN SUBANG JAYA
NO. TENDER
MPSJ.KUB.400-10/3/138 (2016)
TARIKH BUKA
13 OKTOBER 2016
TARIKH TUTUP
02 NOVEMBER 2016
MASA TUTUP
12.00 TENGAHARI
YANG DIPERTUA MAJLIS PERBANDARAN SUBANG JAYA,
USJ 5, PERSIARAN PERPADUAN, 47610 SUBANG JAYA,
SELANGOR D.E. www.mpsj.gov.my
CADANGAN MEMBEKAL, MEMASANG, MEMBANGUN, MENGUJI SERTA MENTAULIAH DISASTER RECOVERY CENTRE (DRC)
DAN PERKHIDMATAN BERKAITAN UNTUK MAJLIS PERBANDARAN SUBANG JAYA
NO. TENDER : MPSJ.KUB.400-10/3/138 (2016)
ISI KANDUNGAN
BIL BUTIRAN MUKA SURAT
1.0
SPESIFIKASI TEKNIKAL
3
2.0
RESPOND TIME
6
3.0
DOKUMEN PERJANJIAN
7
4.0
TERMA PEMBAYARAN
. 10
ARAHAN Petender adalah dilarang sama sekali meletakkan tanda pengenalan syarikat atau apa jua maklumat berkaitan seperti chop syarikat, nama kakitangan syarikat atau tanda tangan pada mana-mana bahagian di dalam Jilid 2/2 ini. Kegagalan petender untuk mengikuti arahan sedemikian boleh menyebabkan penyertaan di dalam TENDER ini terbatal.
MAJLIS PERBANDARAN SUBANG JAYA
SPESIFIKASI TEKNIKAL
JENIS PERKHIDMATAN : CADANGAN MEMBEKAL, MEMASANG, MEMBANGUN, MENGUJI SERTA MENTAULIAH DISASTER RECOVERY CENTRE (DRC) DAN PERKHIDMATAN BERKAITAN MAJLIS PERBANDARAN SUBANG JAYA
NO. TENDER : MPSJ.KUB.400-10/3/138 (2016)
A. OBJEKTIF DAN SKOP Objektif tender ini adalah untuk Membekal, Memasang, Membangun, Menguji serta Mentauliah Disaster Recovery Centre (DRC) serta Perkhidmatan Berkaitan untuk MPSJ seperti berikut: 1. Cloud DRC Infrastructure 2. Storage DRC Infrastructure 3. Backup DRC Infrastructure (Cold Site) 4. Equipments and softwares required to support the DRC operations
with the ability to divert/take over operations when needed during disaster.
5. Direct Over Metro-E Connection 6. Membekal Lesen MySQL 7. Perkhidmatan instalasi system yang sedia ada ke server DRC yang di
DRC site yang cadangkan (minimum 25km radius) 8. Perkhidmatan Preventive Maintenance dua kali setahun. Syarat-syarat berikut perlu untuk penilaian yang mesti disertakan oleh Petender di dalam dokumen cadangan dengan jelas. Kegagalan Petender memenuhi setiap syarat-syarat perlu untuk penilaian akan mengakibatkan cadangan tersebut tidak akan dipertimbangkan.
a. Petender wajib menyatakan dengan jelas spesifikasi setiap komponen
peralatan yang ditawarkan, berdasarkan spesifikasi MPSJ di ruangan ‘TECHNICAL SPECIFICATION AND REQUIREMENT’ (please specify)’. Jika ruang tidak mencukupi, Petender boleh menggunakan Lampiran sebagai rujukan dan mestilah ditandakan/dinamakan dengan jelas.
b. Petender mestilah menyediakan senarai alat (‘Bill of Quantities – BQ’)
secara terperinci untuk setiap peralatan dan perkhidmatan yang dicadangkan di setiap Item, sebagai dokumen sokongan wajib bagi mempastikan peralatan dan perkhidmatan yang ditawarkan betul dan
mencukupi. (sertakan sebagai lampiran – rujukan item pada Jilid 1/2; JADUAL KADAR HARGA dan Jilid 2/2; JADUAL TEKNIKAL).
c. Petender mestilah menyertakan gambarajah skematik yang dapat
menerangkan secara konseptual dengan jelas cadangan rekabentuk sistem DRC MPSJ yang dicadangkan.
d. Petender mestilah menyertakan Jadual Perancangan (Work Shedule)
untuk pembekalan, penghantaran, pemasangan, pengujian dan pentauliahan dengan jelas.
e. Semua item utama yang dibekalkan mesti disertakan brosur asal
yang mengandungi maklumat teknikal mengenainya.
MAJLIS PERBANDARAN SUBANG JAYA
SPESIFIKASI TEKNIKAL
A. GENERAL REQUIREMENT
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 1,8
VENDOR PRE-REQUISITE Bidder must propose ISO/IEC 27001 certified DRC center. Bidder must comply with Tier 2 of the Data Centre Site Infrastructure Standard (Concurrently Maintainable Site Infrastructure) or above from Uptime Institute. Bidder must provide minimum DOME 10MB Metro-e Internet line. Bidder must propose location of the propose DRC and minimum requirement must be 25 Kilometer radius from the existing MPSJ datacenter. Bidder is to propose two (2) boxes of dedicated SSLVPN box to secure the connection from datacenter to propose DRC. Bidder must provide offsite storage at the DRC, and also tape pickup services from MPSJ primary site to the DRC based on schedule requested at 3 times a week. Bidder must propose required hardware and software as specified in scope of work. Bidder must provide automated scheduled backup and replication solution or online data synchronization between MPSJ datacenter to the proposed DRC
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
1.9 2.0 2.1
Bidder must provide transfer technology or training on product as well as on the administrative function for the proposed solution. SCOPE OF WORKS Bidder MUST fully comply with the scope of works, which include:
a) Provision of an alternate site i.e.: dedicated room to host critical servers and provide redundancy in terms of availability in the event of primary site at MPSJ main office is down.
b) To install and deploy the identified servers and hardware. This shall include operating system, network and other relevant application if required as well as technical support and assistance to MPSJ.
c) To provide technical assistance (Resident Engineer) to
support MPSJ staff in assuring that on-site restoration operations and end of event backup operations can be implemented in the Bidder’s Recovery Center facility. The Bidder shall assume all cost for testing.
d) To advice and provide other required equipment or software required to support the DRC operations with the ability to divert/take over operations when needed during disaster.
e) To provide dedicated Internet services at 10MBPS
(minimum).
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
3.0 3.1 3.2
f) To provide preventive and scheduled maintenance for all hardware hosted at the DRC site.
g) To provide consulting services on DRC technology
during project implementation to MPSJ. h) To provide dedicated working space and required
infrastructure for 5 MPSJ personnel.
i) To provide automated scheduled backup solution or online data synchronization between MPSJ datacenter, co-location and proposed DRC
j) To provide offsite storage at the DRC, and also tape
pickup services from MPSJ primary site to the DRC based on schedule requested at 3 times a week.
k) Training is to be provided on product as well as on the
administrative function for the proposed solution. BIDDER’S RESPONSIBILITY The bidder shall review this document and take full responsibility of obtaining information from MPSJ as may be required to meet the specifications and requirements. The bidder shall review and fulfill all specifications and requirements before committing to sign the purchase agreement.
4.0
DOCUMENTATION REQUIREMENTS MPSJ reserves the right to reproduce all or part of the document submitted by the bidder for internal use.
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
5.0 5.1 5.2 5.3 5.4
DELIVERY REQUIREMENTS Successful bidder shall complete the entire scope of works within eight (8) to twelve (12) weeks after receipt of MPSJ Letter of Acceptance (LOA). The bidder shall describe the project management methodology to be undertaken in the project to ensure the time is met as scheduled as well as meeting the technical requirements of the project. The project management methodology shall include the tasks and activities involved as listed below:
a) Project team structure b) Point of contact c) Implementation schedule based on proposed project
delivery and timeline which indicating
- Key milestones dates and deliverables
- Workday
- Staffing estimates The customer has the authority to reject all items that are not working accordingly. The customer has the authority to reject any kind of bugs during or after installation.
B. TECHNICAL SPECIFICATION & REQUIREMENT
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
1.0 1.1
TECHNICAL SPECIFICATION
a) Critical servers (server and hardware specification is as below or equivalent):-
EXISTING INFRASTRUCTURE AND INFOSTRUCTURE a) Critical servers (server and hardware specification is as below or equivalent): -
Server for iRMS (i) VMWare Centos OS 4/5/6 (32GB) (ii) Processor 8vCPU (i) 8GB RAM (ii) Provisioned Storage 107GB
a. Used Storage 28GB
Server for iFMS (i) VMWare Centos OS 4/5/6 (32GB) (ii) Processor 8vCPU (iii) 8GB RAM (iv) Provisioned Storage 107GB
a. Used Storage 28GB
Server for OCPS (i) SUN OS Solaris 10 10/08 s10x_u6wos_07b X8 (ii) Processor 2x Dual-Core AMD Opteron(tm) Processor
2222 (iii) 40GB RAM (iv) HDD 2.3TB
a. Used Storage 1.1TB
Sever for Sybase Database (IRMS & IFMS)
Makluman Makluman Makluman Makluman
Makluman Makluman Makluman Makluman
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
1.2
(i) Linux mpsjdb1.mpsj.gov.my 2.6.32-431.11.2.el6.x86_64
(ii) Processor 1x Intel(R) Xeon(R) CPU E7- 4850 @ 2.00GHz
(iii) 16GB RAM (iv) Provisioned Storage 964GB
a. Used Storage 18GB
Sever for MYSQL Database (OCPS) (i) Linux 3.2.0-29-generic #46-Ubuntu SMP (ii) Processor 1x Intel(R) Xeon(R) CPU E5620 @
2.40GHz (iii) 24GB RAM (iv) Provisioned Storage 487G
a. Used Storage 183GB (v) Provisioned Storage for Data 3TB
a. Used Storage 1.9TB
10TB external storage
Sybase Database License REQUIRED INFRASTRUCTURE AND INFOSTRUCTURE
(i) Config 8 core 40GB storage a) To install and deploy the identified servers and
hardware
b) P2V/V2V Migration Services
c) DRC Policy and Testing
d) To provide other required equipment of software to support DRC operations during disaster
Makluman Makluman Makluman
Makluman Makluman Makluman
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
1.3 1.4 1.5
e) Migrate, set up, install, configure and restoration of all MPSJ critical and core business application system in DRC environment.
f) All installations of MPSJ system application are
based on MPSJ's request. Telecommunication and Internet Service Redundancy a) Dedicated internet service is provided at least 10Mbps
b) Telecommunication and internet service provider is named
accordingly c) Telecommunication and internet service redundancy plan
need to be explained Physical security parameters are in place. This includes gate, security guard, manned reception and CCTV. Physical Entry control is implemented accordingly for example biometric access or access card. Location and parking facility. a) Bidder is to state distance between proposed DRC site and
MPSJ primary site and also the number of parking space available at the DRC.
b) The bidder shall make the DRC available to MPSJ twenty four (24) hours per day, seven (7) days per week as long as required in the event of disaster.
To provide dedicated working space and required infrastructure for 5 MPSJ personnel. The working space should be equipped with other office facilities such as laser jet printer, telephone line, fax machine, facsimile and conference room. The telephone line
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
2.0 2.1
2.2 2.3
2.4
3.0 4.0 4.1 4.2
should allow divert service from MPSJ main premise to the alternate site. Bidder should make the working space available for MPSJ usage as and when required. Maintenance Support & Warranty Requirement Operations and maintenance services for the server and related infrastructure supplied and commissioned by the bidder for the application at the Disaster Recovery Centre. The bidder shall undertake regular preventive maintenance of the hardware and licensed software. Bidder is to clearly describe the proposed methodology for both notifying of new releases and maintenance updates. Bidder is also required to describe all cost related to maintenance releases and major version upgrades. Warranty The warranty of rented items shall include both parts and labor for a minimum period of three (3) years. Insurance on Assets The price of rental shall include all the risk insurance coverage for the hardware and software provided by bidder for the whole of tenure year. The price of rental shall also include the risk insurance coverage for the transportation of backup tape from the main premise to alternate site for the whole of tenure year.
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
5.0
5.1 5.2
6.0 6.1 7.0 7.1
Bidder Past Experiences Bidder MUST have an experience in providing Data Centre facilities and sufficient trained personnel for the datacenter operations. Also in demonstrating their capability to provide consultation services for this project. Bidder to provide list of client reference (latest completed or ongoing), authorized contact person and number. Training and Transfer of technology (TOT) Bidder to provide transfer of technology (TOT) on DRC related software and hardware include operational. Documentation Bidder MUST provide:
a) Finalized completed DRC Diagram b) User Manual c) Service Operation Procedure (SOP) d) Operational Manual e) Any other document requested by MPSJ f) All documentation shall be submitted at the end of the
project.
8 8.1
SERVER INFRASCTRUCTURE MAIN REQUIREMENT
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
8.2 8.3 8.4 8.5 8.6
Supply, installation, configuration and commissioning Server for MPSJ DRC Infrastructure.
Number of unit: 3 Units
Location: Propose DRC center
Product Information Please Specify Processor
Processor: The server must be installed with Two (2) Intel E5-2660 v2 130 W 8 core processors
Quantity Processor: min 2 unit Memory
RAM: Should have at least 128GB DDR3 Memory RDIM/PC3 fully buffered DIMMs at 1866 MHz
Frequency: min. 11866 MHz
Capacity: 128GB RAM Hard Drive
Two (2) 300GB 10k 6G 2.5-inch Hot Plug SAS Hard
RAID 0/1 Controller SAS 6G 0/1
Supported Drive Type SATA, SAS, SSD
Remote Management IPMI 2.0 compliant I/O and expansion
1 x VGA, 3 slots PCI-express 2.0
6 port x Gigabit Ethernet support
1 x Dedicated Service LAN
1 x serial RS-232-C (9-pin)
Dual 800W Power Supply come with 4m Cable power cord for rack PDU.
Operating Systems
Must support the followings OS:
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
8.7 8.8 8.9
Windows Server 2012, Redhat Enterprise Linux, Ubuntu, Centos, FreeBSD or Solaris for Intel x86.
Support Services & Warranty:
All proposed item must comes with at minimum 1 (one) year warranty.
Bidder shall provide minimum one (1) year labor on-site support and maintenance.
Documentation:
Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.
Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT), commissioning & operation procedure for the installed equipment(s).
TRAINING:
The supplier shall include an administrator training and a training documentation plan. The training documentation plan shall include: - A syllabus for the training - A number of training days - A training for 3 pax for JTM technical staff
9.0 9.1
DATA STORAGE SOLUTION MAIN REQUIREMENT
Supply, installation, configuration and commissioning MPSJ DRC Data Storage.
Number of unit: 1 unit
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
9.2 9.3
Location: Propose DRC center
Product Information: (please specify)
Model:
Brand:
Country of Origin :
Bill of Quantity (BQ) : (please attach appendix) Unified Storage Requirement:
RAW Storage Capacity Required : 16 TB RAW
Comes with 16 x 1TB SAS 10K RPM HDD to achieve at least 1100 IOPS with performance RAID 10 configurations
Offered RAID 5 Storage Capacity: (Please Specify) Storage Specification :
The Proposed Storage should be configured with these following requirement :
o Minimum Six Core CPUs o 16GB Main Memory o Minimum 4 x 1Gbe + 2 x 10Gbe front end ports per
controller o Dual Controller
The Proposed Unified Storage must be rack mounted (Adequate rack should be proposed)
The Proposed Unified Storage should be configured with redundancy of Disk Drives, Fans & Power Supplies
The Proposed Unified Storage should be able to support minimum 16 disks in the array
The above-mentioned Usable Capacity requirements are exclusive of all necessary required hot spares. Hence each spindle capacity type required above should have independent pool of minimum required hot spares
The Proposed Unified Storage should support RAID Levels: 0, 1, 1/0, 3, 5 & 6.
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
9.4 9.5
(If any of the mentioned Raid Groups are not supported by the Tenderer’s, then kindly propose equivalent features, with supporting whitepaper validation documents from third party agencies)
The Proposed Unified Storage should support for Windows 2000/2003, HP-UX, IBM AIX, LINUX, Solaris OS
The Unified Storage Management software should be array based and provide GUI / web based management with complete Reporting features like LUN Usage, Empty Space etc.
The Proposed Unified Storage should support Web based, Email facility for remote service & also support dial-in / dial-out to report errors and warnings
The initial connectivity is for 2 Servers scalable to 64 high availability hosts
Must support asynchronous mode remote replication
Must be able to replicate between two Unified Storage at the remote site, either LAN or WAN connection.
Ability to copy data (LUNs) to while systems is running
Ability to switch RAID types. Disk Shelf Subsystems :
Controller – 3U Rack-mountable form factor with min 16 slots Hot-Swap 3.5" HDD
Dual 6Gb/s SAS 2.0 I/O Controller
Support 600 GB/450 GB/300 GB (15,000 rpm) 3.5 " SAS disk drives
Support 4 TB / 3 TB / 2 TB/1 TB (7,200 rpm) 3.5 " SAS disk drives
Support 800 GB/400GB/200GB/100GB SSD (Solid State Drives)
Redundant ( 1+1 ) Dual output Power Supply Storage capabilities :
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
9.6 9.7
Support the following data redundancy (RAID) features: o Mirroring o Striping with Single Parity RAID o Striping with Double Parity RAID
Must come with these File serving protocol enabled:- o NFSv4 and NFSv3 o CIFS o WebDAV2 o FTP o RSYNC
Must come with iSCSI block protocol enabled
Support user authentication from Open LDAP, Active Directory
Storage Management
The storage subsystem must support management via — HTTP, HTTPS (Ajax based remote console); CLI-based —SSH, Serial; SMI-S management
Support Services & Warranty:
All proposed item must comes with at minimum 1 (one) year warranty.
Bidder shall provide minimum one (1) year labor on-site support and maintenance.
Documentation :
Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.
Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT), commissioning & operation procedure for the installed equipment(s).
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
10
10.1
NETWORK SWITCH
MAIN REQUIREMENT
Supply, installation, configuration and commissioning MPSJ DRC Network Switch.
Number of unit : 1 unit
Location : Propose DRC center
Product Information : (please specify)
Model :
Brand :
Country of Origin :
Bill of Quantity (BQ) : (please attach appendix)
Each Network Switch must include the following specifications :
Shall come with min 24-port 10/100/1000BaseTx ports.
Shall come with min 4-port 10/100/1000Base SFP ports.
Shall come with dedicated min 2-port 10GbE SFP ports inclusive 10GBase-SR SFP+ per switch .
Shall be mountable on standard 19” equipment rack.
Shall support IP-based Network Management system and SNMP Protocol.
Shall support automatic medium-dependent interface crossover (Auto-MDIX) ports on all copper.
Shall support min 4094 active VLANs
Shall support VLAN configuration up to port level.
Shall support 802.1Q, VLAN tagging
Shall support per VLAN Spanning Tree (STP) IEEE
Shall support stacking architecture
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
Support Services & Warranty:
All proposed item must comes with at minimum 1 (one) year warranty.
Bidder shall provide minimum one (1) year labor on-site support and maintenance.
Documentation :
Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.
Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT), commissioning & operation procedure for the installed equipment(s).
11 11.1
VPN AND FIREWALL APPLIANCE MAIN REQUIREMENT
Supply, installation, configuration and commissioning MPSJ DRC VPN APPLIANCE.
Number of unit : 2 unit
Location : Propose DRC center
Product Information : (please specify)
Model :
Brand :
Country of Origin :
Bill of Quantity (BQ) : (please attach appendix)
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
11.2 11.3
PERFORMANCE AND HARDWARE BUILT REQUIREMENTS
The proposed system appliance shall come with o minimum of 4 x 1GE o minimum mass storage of 40 GB (SSD) o minimum log space of 20 GB
The proposed system shall support minimum: o 1.9 Gbps firewall throughput o 800 Mpbs firewall + Application Detection
throughput o 300 Mbps Firewall + application Detection & IPS
throughput o 200 Mbps VPN throughput o 60,000 concurrent connections o 8,000 new sessions per second
The proposed system shall support the recommended number of users based on the following features:
o 200 users for Firewall + Application Detection & VPN turned on
o 100 users for Firewall + Application Detection + VPN and IPS turned on
FIREWALL REQUIREMENT
For security reasons, the proposed firewall system must be based on a proprietary application controlled packet forwarding firewall engine and not on a form of open source firewall packet implementation.
Application control must be configurable for each individual firewall rule.
Application control functionality must be configurable in conjunction or as a dependency of at least the following criteria:
o User / User group o Time of day / Day of week o Source / Destination
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
11.4
The proposed system must include an unlimited protected IP addresses license (unlimited box license).
The proposed system must provide an Intrusion Prevention System (IPS) including unlimited protected IP‘s for every unit at no extra charge.
The included IPS system must be based on thousands of signatures.
The signatures for the IPS system must be updated at least on a weekly basis or in case of a newly discovered vulnerability on demand.
The IPS system must be able to detect and prevent attacks based on the following evasion and obfuscation techniques:
o IP Fragmentation o TCP Stream Reassembly o RPC Defragmentation o FTP Evasion Protection o URL Decoding o HTML Decoding and Decompression o TCP Split Handshake
The proposed system must be based on a dedicated proprietary, linux- based operating system to prevent inheriting common OS vulnerabilities.
The proposed system must support NAT/PAT on all interfaces.
The proposed system shall be able to operate on either transparent (bridge) mode to minimize interruption to existing network infrastructure or NAT/route mode. Both modes must also be available concurrently.
APLICATION PROXIES REQUIREMENT
The proposed system must provide application proxies for the following services:
o Caching DNS
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
o NTP o HTTP o VPN
The proposed system must provide an authoritative DNS server for inbound load balancing.
The proposed system must provide the ability to create predefined reusable objects for networks that include network / IP, MAC, and interface.
The proposed system must provide the ability to create predefined reusable network objects based on existing predefined objects as well as existing custom defined objects.
The proposed system must provide the ability to create predefined reusable objects for services that include protocol, port range, label, and timeou
The proposed system must provide the ability to create predefined reusable service objects based on existing predefined service objects.
The proposed system must provide the ability to create predefined reusable objects for connections that include NAT type, interface, weighting, failover, and load balancing settings for up to four balanced interfaces.
The proposed system must provide the ability to create predefined reusable objects for users and groups that include user and group pattern matching.
The proposed system must provide the ability to create predefined reusable objects for date and time ranges granularity shall be at least one hour.
High availability - The proposed solution shall provide the ability to deploy two units in a hot standby mode so that if one fails the other takes over all concurrent sessions for forwarding and VPN network traffic.
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
High availability - Deploying a unit as a standby unit in high availability mode shall take no longer than 5 minutes and use a graphical user interface wizard to get the standby unit up and running.
The proposed system must provide application control per firewall rule for more than 900 applications such as:
o All well-known Instant Messaging applications o All well-known Peer-2-Peer file sharing applications o All well-known streaming portals o All well-known VoIP applications
The proposed system must be capable of utilizing interface groups per firewall rule to enhance IP-spoofing protection.
The proposed system must support VLAN’s according 802.1q standard for up to 4,096 VLANs.
The proposed system must support static and/or dynamic NAT/PAT configuration per firewall rule.
The proposed system must support firewall authentication for the following authentication methods:
o MS Active Directory o RADIUS o LDAP o x.509 certificates o VPN group membership
The proposed system must support firewall authentication either inline (browser-based authentication pop-up) or offline (works for any protocol).
The proposed system must provide a connector between the system and Microsoft Domain Controllers that allows for transparent means to find out the user to IP context (a.k.a., “DC Agent“).
The proposed system must provide an offline firewall rule tester.
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
The proposed system must provide real-time monitoring for active sessions through the user interface.
The proposed system must provide one-click session abortion through the user interface without sending TCP RST.
The proposed system must provide one-click session termination in the user interface.
The proposed system must provide session detail information in the user interface.
The proposed system must provide firewall history cache with following entry types and information:
o BLOCK (no rule matching, block by rule, block by rule interface mismatch)
o DROP (TCP packet belongs to no active session, ICMP packet belongs to no active session, ICMP packet is ignored, IP header checksum is invalid, IP header is incomplete, IP packet is incomplete, TCP header has an invalid ack number, forwarding not active)
o Traffic Type (Application) o ALLOW ( by rule “name”) o FAIL (accept timeout, connect timeout, denied by
filter, host unreachable, network access denied, port unreachable, protocol unreachable, routing triangle)
The proposed firewall system must be manageable via a secure web-based user interface.
The port over which the web interface port of the proposed firewall system is accessible must be modifiable via the user interface.
Wi-Fi: The proposed system must provide an optional 802.11n-based Wi-Fi access point with up top three distinct Wi-Fi networks.
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
11.5
Wi-Fi: The proposed system must provide a function to display a landing page (click-thru) that has to be accepted for network traffic originating from the Wi-Fi network.
Wi-Fi: The proposed system must provide a function to display a logon page where users connected via Wi-Fi need to log on before being able to access the Internet.
Wi-Fi: For the logon page functionality (as above) of the proposed system, an easy-to-use web portal shall generate logons for the Wi-Fi networks.
VPN AND CONNECTIVITY REQUIREMENTS
The proposed system must provide at least the following encryption methods:
o DES, 3DES o AES, AES-256 o Blowfish o CAST
The proposed system must provide capability to create dedicated VPN site-to-site tunnels, hub and spoke, and fully meshed VPN connections.
The proposed system must provide an IPsec-based VPN infrastructure.
The proposed system must be IPSEC interoperability certified by the VPNC (VPN Consortium).
The proposed system’s manufacturer must be member of VPNC.
The proposed system must provide client-to-site VPN clients for Windows, MAC OS, and most common Linux derivates.
The proposed system must provide client-to-site VPN support for the built-in clients in iOS (iPhone, iPad) and Android devices.
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
11.6 11.7
The proposed system must be capable of terminating PPTP and IPsec client connections.
The proposed system must support user interface- based VPN tunnel termination.
The proposed system must support user interface- based VPN tunnel monitoring.
The proposed system must be capable of automatic ISP backup link activation in case of line loss.
The proposed system must be capable of session- based load balancing over multiple ISP uplinks.
Load balancing over multiple ISP/VPN connections must be redundant with automatic fallback after original connection status has been restored.
Traffic shaping must be available within the VPN tunnel (application-, source-, and destination-based).
The proposed system must support UMTS/3G uplinks and the vendor must provide a 3G Modem for use worldwide and available for all firewall units.
All VPN configuration settings must be available through user interface. No command-line interface shall be needed.
Support Services & Warranty:
All proposed item must comes with at minimum 1 (one) year warranty.
Bidder shall provide minimum one (1) year labor on-site support and maintenance.
Documentation :
Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.
Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT),
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
commissioning & operation procedure for the installed equipment(s).
12.0 12.1
ENTERPRISE DATABASE FOR OCPS System MAIN REQUIREMENT
Supply, installation, configuration and commissioning of Enterprise Database System for MPSJ.
Number of unit : Enterprise Edition Subscription (1-4 socket server 1 Year)
Location : Propose DRC
Product Information : (please specify)
Model
Brand :
Country of Manufacture :
Bill of Quantity (BQ) : (please attach appendix)
Propose Enterprise Database must come with the following features :
High Performance & Scalability to meet the demands of exponentially growing data loads and users.
Self-healing Replication Clusters to improve scalability, performance and availability.
Online Schema Changes to meet changing business requirements.
Performance Schema for monitoring user & application level performance and resource consumption.
SQL & NoSQL Access for performing complex queries and simple, fast Key Value operations.
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
12.2
Platform Independence giving you flexibility to develop and deploy on multiple operating systems.
Big Data Interoperability using MySQL as the operational data store for Hadoop and Cassandra.
Propose Enterprise Database must come with replication tools for replication of data from production to DRC site.
Must include 1 pair of replication agents.
The backup replication must use Continuous Data Protection (CDP) technology that that continuously captures or tracks data modifications by saving a copy of every change made
The replication solutions must use the technique of saving byte or block-level differences rather than file-level differences
Must provide fine granularities of restorable objects ranging from crash-consistent images to logical objects such as files, mailboxes, messages, and database files and logs.
Shall be able to restore to physical disk or the software snapshot.
Retention of CDP shall support o Time-based Retention o Space-based Retention o Time and Space based Retention o Sparse Retention
Support Bandwidth Optimization
Support Encryption communication from host to Server and Server to target
Replication Info-structure Management System :
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
12.3
Must come with web-based UI, where tasks such as backup, restore, monitor et al. This server also generates reports, trend graphs, e-mail and SNMP trap alerts
Must be able to handle activities like data transfer, generating log files for trend graphs, compressing data on its way to the Secondary server.
Agents Operating Systems Support: o Windows o RedHat Enterprise Linux o SuSE Linux Enterprise Server o Community Enterprise Operating Systems o Open SuSE o Debian o Oracle Enterprise Linux o Solaris o HP-UX o AIX o Virtualization : Citrix XenServer, VMware vSphere &
Hyper-V Scope of Services for Disaster Recover (DR) OCPS must cover the following :
Installation of MySQL Enterprise server on dedicated server
Import of production MySQL data to DR MySQL
Establish, maintain, and monitor real-time MySQL replication with production MySQL data to DR MySQL
Schedule regular automated snapshots of MySQL data
Installation of OCPS System on DR Server
Configuration of OCPS System on DR server to match configurations in production environment
Establish, maintain, and monitor replication of raw production email data to DRC storage
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
12.4 12.5 12.6
Perform scheduled DR OCPS environment tests as and once a year.
Scope of Services for H/A Active-Active MySQL DB
Setup MySQL DB Active-Active Clustering
Migration of the existing OCPS database (400GB) to the new Active-Active Cluster environment.
Testing of new Active-Active MySQL cluster on OCPS System environment
Support Services & Warranty:
All proposed item must comes with at minimum 1 (one) year warranty.
Bidder shall provide minimum one (1) year labor on-site support and maintenance.
Documentation :
Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.
Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT), commissioning & operation procedure for the installed equipment(s).
13 13.1
ENTERPRISE DATABASE FOR IRMS and IFMS System MAIN REQUIREMENT
Supply, installation, configuration and commissioning of Enterprise Database System for MPSJ.
Number of unit : Enterprise Edition Subscription (4 socket server 1 Year)
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
13.2 13.3
Location : Propose DRC
Product Information : (please specify)
Model
Brand :
Country of Manufacture :
Bill of Quantity (BQ) : (please attach appendix) Replication Info-structure Management System :
Must come with web-based UI, where tasks such as backup, restore, monitor et al. This server also generates reports, trend graphs, e-mail and SNMP trap alerts
Must be able to handle activities like data transfer, generating log files for trend graphs, compressing data on its way to the Secondary server.
Agents Operating Systems Support: o Windows o RedHat Enterprise Linux o SuSE Linux Enterprise Server o Community Enterprise Operating Systems o Open SuSE o Debian o Oracle Enterprise Linux o Solaris o HP-UX o AIX o Virtualization : Citrix XenServer, VMware vSphere &
Hyper-V
Shall comes with a tape library with a minimum of 12TB of capacity using mini SAS connectivity.
Scope of Services for Disaster Recover (DR) must cover the following :
Installation of Existing SAP Enterprise server on dedicated server
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
13.4
Import of production data to DR MySQL
Establish, maintain, and monitor real-time replication with production data to DR.
Schedule regular automated snapshots of data
Installation of IRMS and IFMS System to DR Server
Configuration of IRMS and IFMS System on DR server to match configurations in production environment
Establish, maintain, and monitor replication of raw production email data to DRC storage
Perform scheduled DR OCPS environment tests as and once a year.
Scope of Services for Host Based Replication System must cover the following :
Installation of New or Existing Enterprise Backup System Management server on related server
Installation of New or Existing Enterprise Backup System server on related server
Installation of New or Existing Enterprise Backup Software Agents on related server. (please specify the number of agents included)
The backup replication must use Continuous Data Protection (CDP) technology that that continuously captures or tracks data modifications by saving a copy of every change made
The backup solutions must use the technique of saving byte or block-level differences rather than file-level differences
Must provide fine granularities of restorable objects ranging from crash-consistent images to logical objects such as files, mail boxes, messages, and database files and logs.
Shall be able to restore to physical disk or the software snapshot
Retention of CDP shall support o Time-based Retention o Space-based Retention
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
o Time and Space based Retention o Sparse Retention
Support Bandwidth Optimization
Support Encryption communication from host to Server and Server to target
Must come with web-based UI, where tasks such as backup, restore, monitor et al. This server also generates reports, trend graphs, e-mail and SNMP trap alerts
Must be able to handle activities like data transfer, generating log files for trend graphs, compressing data on its way to the Secondary server
Install, configure and test the management server
Install, configure and test the replication agents
Configure replication pair and set the retention as per MPSJ's requirement
Develop a DR Plan specifically for the systems that will be install with agents that can comply with Information Security Management Systems standard
Test and verify the DR Plan
All proposed software including services shall comes with 1 year 24x7 (round-the-clock) unlimited telephone and email support. Hotline telephone number and helpdesk email shall be provided. Whenever deemed necessary by ICT Department, certified technical personnel shall be assigned and fetched to perform the following tasks, but not limited to:- o Standard and advanced health checking of the supplied
system. o Standard and advanced troubleshooting of the supplied
system. o Calibration, re-engineering and/or re-deploy of the supplied
system. o Consultation on the supplied systems. o Migration and integration assistant of the supplied systems
with other systems.
BIL. SPESIFIKASI MAJLIS SETUJU/ TIDAK
SETUJU
CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)
13.5 13.6 13.7
o Standby during major events o Any mitigation works required to ensure the system at MPSJ
local area network runs at its optimum performance
Scope of Services for H/A Active-Active Database
Setup Active-Active Clustering
Migration of the existing database (1.4TB) to the new Active-Active Cluster environment.
Testing of new Active-Active MySQL cluster on DRC System environment
Support Services & Warranty:
All proposed item must comes with at minimum 1 (one) year warranty.
Bidder shall provide minimum one (1) year labor on-site support and maintenance.
Documentation :
Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.
Bidder shall provide complete documentation on
MAJLIS MAJLIS PERBANDARAN SUBANG JAYA
RESPOND TIME
BIL BUTIRAN PEMATUHAN *
MASA *
1
Masa yang diambil untuk mengambil tindakan pembaikan sekiranya mendapat panggilan telefon atau perkhidmatan pesanan ringkas (SMS) atau aplikasi whatsApp, e-mel, atau faks daripada kakitangan Jabatan Teknologi Maklumat terhadap sebarang permasalahan berlaku ke atas pelaksanaan DRC tersebut. Masa tersebut dikira bermula daripada saat panggilan telefon atau SMS, whatsapp, e-mel, atau faks dibuat.
Setuju / Tidak Setuju
2 jam
3 jam
4 jam
* Wajib potong mana yang tidak berkenaan
MAJLIS PERBANDARAN SUBANG JAYA
DOKUMEN PERJANJIAN
BIL BUTIRAN PEMATUHAN *
1
Perjanjian Menandatangani dokumen perjanjian di antara petender dan Majlis Perbandaran Subang Jaya (MPSJ). *rujuk pada Arahan Kepada Pentender perkara 19.0 di Jilid 1/2.
Setuju / Tidak Setuju
* Wajib potong mana yang tidak berkenaan
MAJLIS PERBANDARAN SUBANG JAYA
TERMA PEMBAYARAN
BIL BUTIRAN PEMATUHAN *
1
2
Terma Pembayaran Terma-terma pembayaran adalah tertakluk kepada keputusan pihak MPSJ. Terma-terma pembayaran tersebut adalah seperti berikut:
Mengikut Jadual Pembayaran.
Setiap tuntutan pembayaran perlu mengemukakan laporan secara bertulis dan ditandatangani oleh pihak kontraktor dan MPSJ.
Mengisi Borang Akuan Siap Kerja MPSJ. Jadual Pembayaran
Pembayaran setelah kerja-kerja penghantaran barang dan perisian diterima;
Pembayaran setelah kerja-kerja pemasangan, instalasi, konfigurasi dan migrasi selesai dilaksanakan;
Pembayaran setelah pengujian user acceptance test (UAT)
Pembayaran setelah pengujian final acceptance test (FAT) dilaksanakan dan;
Pembayaran setelah dokumen perjanjian dimeterai.
Setuju / Tidak Setuju
50%
30%
10% 5%
5%
* Wajib potong mana yang tidak berkenaan
LAMPIRAN E
Service Level Assurance (SLA) Memastikan pematuhan pada Service Level Assurance (SLA)
1. KONTRAKTOR perlulah menyediakan kemudahan talian kecemasan / hotline, kepada MPSJ supaya dapat dihubungi dengan cepat jika berlaku sebarang
2. Masalah/insiden. Kontraktor hendaklah melakukan troubleshoot dan menyelesaikan sebarang masalah yang dihadapi dengan serta merta.
3. KONTRAKTOR mestilah menyediakan perkhidmatan sokongan yang
mencukupi selama 24 jam sehari dan 7 hari seminggu.
4. Memastikan masa tindakbalas (response time) dan masa penyelesaian (resolution time) seperti yang telah dinyatakan dipatuhi.
5. Selepas menerima laporan kerosakan Perkhidmatan tersebut,
KONTRAKTOR hendaklah menjalankan Khidmat Penyenggaraan.