Cebu Normal University Tender

Description Invitation To Bid For Procurement Of University Ict Modernization Development Program No. 24-06-167 1. The Cebu Normal University, Through The General Appropriations Act Of 2024 Intends To Apply The Sum Of One Billion Pesos (₽ 1,000,000,000.00) For The Procurement Of University Ict Modernization Development Program With Bid No. 24-06-167. Bids Received In Excess Of The Abc For Each Lot Shall Be Automatically Rejected At Bid Opening. 2. The Cebu Normal University Now Invites Bids For The Following Items Of The Above Rebidding For The Procurement Of University Ict Modernization Development Program Project. Unit Item Description Quantity Unit Cost Lot University Ict Modernization Development Program University Enterprise Resource Planning (erp) System 1 344,039,200.00 Human Resource Information System (hris) This Module Manages The Campus Staff Data, Including Recruitment, Payroll, And Billing. 1.1.1. Must Have The Following Modules: 1.1.1.1. Time Keeping Monitoring Modules 1.1.1.2. Automated Payroll System 1.1.1.3. Personnel Information System / Human Resource Information System. 1.1.1.4. Installation And Configuration Services 1.1.1.4.1. Application Installation 1.1.1.4.2. User Workflow Integration 1.1.1.4.3. Integration To Cnu Rdbms Database 1.1.1.4.4. Project Management Services 1.1.1.4.5. Capacity Building And Knowledge Transfer 1.1.1.4.5.1. The Winning Bidder Will Conduct User Training. 1.1.1.4.5.2. The Winning Bidder Will Perform A System Demo. 1.1.1.4.5.3. The Winning Bidder Will Perform System Flow Familiarity. Student Information System (sis) 1.2.1. System Features, Transactions, And Reports: 1.2.1.1. Must Have Tools To Enable Migration Of Existing Student Databases, Register New Students, Generate Adhoc Reports, Monitor And Manage Various Service Requests. 1.2.1.2. Must Contain Complete Student Information, Academic Data File, And Scanned Submitted Documents Of Students Converted Into Pdf. 1.2.1.3. Must Support Fast Generation Of Tor And Form 9 1.2.1.4. Must Be Capable Of Generating A List Of Candidates For Graduation, Scholarships, And Honors. 1.2.1.5. Must Be Able To Receive Approved Electronic Grades From Deans. 1.2.1.6. Must Be Able To Apply Tags To Documents Being Submitted By New Enrollees And Remind Students Of Missing Documents That Need To Be Submitted. 1.2.1.7. Must Have A Mobile Application That Will Enable Access To Online Services Relevant To The Students Such As Request For An Electronic Copy Of Grades, Request For Transcripts Of Records, Copies Of The Com, And Others To Be Determined By The University. 1.2.1.8. The Mobile Application Must Be Compatible With The Latest Versions Of Android And Ios Mobile Devices. 1.2.1.9. Must Have A Free Higher Education Application And Reports Generation System 1.2.1.10. Must Have A Reports Generation System (csc, Dbm, Ched And Other Government Reports) 1.2.1.11. Must Have An Online Verification System 1.2.1.12. Must Have An Electronic Issuance Of Transcript Of Records, Diploma, So, Certifications, Etc. 1.2.1.13. Must Have An Online Testing And Admission Scheduling System. 1.2.1.14. Must Have A Faculty Evaluation System. Financial Management System 1.3.1. Accounts Payable And Disbursements 1.3.1.1. Solution Must Allow Users To Set The Recognition Of Withholding Taxes Either Upon Recording Of Accounts Payable Or Upon Disbursement Depending On The Organization's Policy. 1.3.1.2. Solution Must Be Able To Record Payable Vouchers And Generate An Apv Form. The Payable Voucher Should Allow Users To Input The Supplier Invoice Number And Be Able To Retrieve And Automatically Populate The Details Of The Selected Receiving Report/s. 1.3.1.3. Solution Must Be Able To Record Payment Vouchers And Generate A Payment Voucher Form. The Payment Voucher Should Allow Users To Tag And Apply Payments To Specific Supplier Invoice/s Or Payable Voucher/s And Should Have Controls To Avoid Double Payment Of The Same Payable. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.1.4. Solution Must Be Able To Record Adjustments On Supplier Invoices And Accounts Payable Using A Debit Memo. The Debit Memo Activity Should Be Able To Automatically Calculate The Tax Impact Of The Adjustment And Generate The Corresponding Accounting Entries. 1.3.1.5. Solution Must Allow Users To Monitor And Update The Status Of Checks Prepared Whether On-hand, Released, Cancelled, Or Stale. 1.3.1.6. Solution Must Be Able To Capture Details Of Receipts For Fund Replenishments, Reimbursements , And Liquidations. Users Should Also Be Able To Select The Appropriate Gl Account For The Receipt And Generate The Corresponding Accounting Entries. 1.3.2. Revenues And Collections 1.3.2.1. Solution Must Have Complete List Of Customer's Details. Details Include Their Complete Name (for Individual) / Organization Name (for Non-individual), Tin, Addresses, Business Style, Contact Information, Payment Terms, Bank Details And Other Helpful Information Needed By The Organization. 1.3.2.2. Solution Must Be Able To Group Customers Up To Two Levels As Needed By The Organization. 1.3.2.3. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Sales Orders, Invoice, And Collection Transactions), System Reports, And Master Tables 1.3.2.4. Solution Must Be Able To Record Customer Orders And Generate An Order Form. The Customer Order Must Capture Essential Information Such As: Customer Details, Customer Po Number, Order Type (goods Or Services), Delivery Information, And Item Details 1.3.2.5. Solution Must Be Able To Record Invoice Or Billing Statement And Generate The Corresponding Forms. The Invoice Or Billing Statement Should Automatically Populate The Details From Approved Customer Order/s. Accounting Entries Should Automatically Be Generated Based On The Default Entry Setup. 1.3.2.6. Solution Must Be Able To Record Adjustments On Invoices And Accounts Receivable Using A Credit Memo. The Credit Memo Activity Should Be Able To Automatically Calculate The Tax Impact Of The Adjustment And Generate The Corresponding Accounting Entries. 1.3.2.7. Solution Must Be Able To Record Receivable Collections And Generate An Official Receipt Or Ancai. The Collection Should Allow Users To Tag And Apply The Customer Payments To The Intended Sales Invoice/s Or Billing Statement/s With Controls To Avoid Double Tagging Of Collections. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.2.8. Solution Must Allow Users To Record Cash And Collection Deposits And Generate The Corresponding Accounting Entries To Recognize The Proper Cash In Bank Account. 1.3.2.9. Solution Must Be Able To Generate A Report That Shows Statement Of Account And Accounts Receivable Aging In A Given Period. The Aging Report Should Allow Users To Define Whether The Report Is Based On Transaction Date Or Due Date As Well As The Aging Parameters (weekly, Monthly, Custom Defined Aging). 1.3.2.10. Solution Must Be Able To Generate A Report That Shows The Receivable Ledger Per Customer Group Or Specific Customer In A Given Period. 1.3.2.11. Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows All Collections In A Given Period. 1.3.2.12. Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows All Cash And Check Deposits In A Given Period As Well As Undeposited Cash And Collections. 1.3.3. Inventory Module 1.3.3.1. Solution Must Allow The Setup Of Item Groups And Item Details For Goods, Fixed Assets And Consumables Including Safety Stock Levels And Reorder Point. 1.3.3.2. Solution Must Allow The Setup Of Unit Of Measure For Sales And Purchases. 1.3.3.3. Solution Must Allow The Creation Of Unit Of Measure (um) Conversion Table Where The User Can Define The Conversion Rate From One Um To Another. 1.3.3.4. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Receiving, Issuance And Transfer Transactions), System Reports, And Master Tables. 1.3.3.5. Solution Must Be Able To Create Delivery Receipts And Generate A Dr Form. Accounting Entries Should Be Automatically Generated Based On The Default Setup. 1.3.3.6. Solution Must Allow Users To Record Items Returned To Suppliers. Purchase Return Should Automatically Populate Details From The Approved Purchase Order And Allow Users To Select The Items Returned. Accounting Entries Should Be Automatically Generated Based On The Default Setup. 1.3.3.7. Solution Must Be Able To Record Stock Issuance And Generate A Material Issuance Form. The Material Issuance Can Be Issued To A Requesting Department And Should Capture Details On The Requestor And The Items Issued. 1.3.3.8. Solution Must Be Able To Record Incoming And Outgoing Transfer Of Items Between The Organization's Warehouse. 1.3.4. Property And Fixed Assets 1.3.4.1. Solution Must Have A Complete List Of Fixed Assets Details. Details Include The Asset Group, Technical Specifications, Useful Life, Serial Number, And Issuance Status. 1.3.4.2. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Asset Acquisition, Issuance, And Asset Disposal Transactions), System Reports, And Master Tables 1.3.4.3. Solution Must Allow Users To Record The Purchase Details Of Acquired Assets. Accounting Entries Should Be Automatically Generated Based On The Default Entry Setup. 1.3.4.4. Solution Must Allow The Issuance Of Fixed Assets To The Requesting Department And Authorized User Of The Asset. The Solution Should Be Able To Record The Details Of The Issuance As Well As Tag The Physical Location Of Assets Issued. 1.3.4.5. Solution Must Automatically Calculate The Monthly Depreciation And Net Book Value Of The Asset Using Straight-line Method Over The Asset's Remaining Useful Life. Accounting Entries For Depreciation Should Be Automatically Generated Based On The Default Entry Setup. 1.3.4.6. Solution Must Allow Users To Record The Repair Of Fixed Assets And Automatically Calculate The Depreciation For Capitalized Major Repairs. 1.3.4.7. Solution Must Allow Users To Record The Disposal Of Fixed Assets And Remove It From The List Of Active Assets Available For Issuance. Accounting Entries For The Disposal Of Fixed Assets Should Be Automatically Generated Based On The Default Entry Setup. 1.3.5. Government Budget 1.3.5.1. The Solution Must Be Able To Allow The Setup Of Responsible Signatories For Approval Of Budget. 1.3.5.2. Solution Must Allow Users To Setup Monthly Or Annual Budget For Departments, And Activities Based On The General Appropriations Act (gaa), Special Allotment Release Order (saro), And The Agency Budget Matrix 1.3.5.3. Solution Must Be Able To Classify Budget Transactions To Personnel Services, Maintenance And Other Operating Expenses, Capital Outlay, And Financial Expenses 1.3.5.4. Solution Must Allow Setup Of Notice Of Cash Allocation As Transaction Limits. 1.3.5.5. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (record And Approve Budget Realignment, Budget Earmark, And Obligation Request Transactions), System Reports, And Master Tables 1.3.5.6. Solution Must Allow Users To Setup Monthly Or Annual Budget For Departments, And Activities Based On The General Appropriations Act (gaa), Special Allotment Release Order (saro), And The Agency Budget Matrix 1.3.5.7. Solution Should Only Allow Transactions To Proceed Based On Approved Budget. Budget Review And Approval Should Apply To Earmarking For Purchase Requests, And Obligation Requests For Purchase Orders. 1.3.5.8. Solution Must Be Create A Request For Fund Appropriation By Requesting Department And Generate An Rfa Form. The Rfa Should Be Able To Capture Information On The Requestor, Department, Priority, And Purpose Of The Appropriation. 1.3.5.9. Solution Must Be Able To Reclassify Approved Budget From One Expense Item To Another Within The Same Budget Classification. 1.3.6. General Ledger And Accounting 1.3.6.1. Solution Must Be Able To Create Chart Of Accounts For Balance Sheet And Profit And Loss Statement. The Chart Of Accounts Can Be Grouped Up To Three Levels To Allow Drill Down Of Accounts When Reporting. 1.3.6.2. Solution Must Be Able Allow Creation Of Books Of Accounts Which Will Contain The Accounting Entries From Transactions. The Books Of Accounts Should Be Classified Into The General Ledger Book, Disbursement Book, Cash Receipts Book, Sales Book And Purchases Books. 1.3.6.3. Solution Must Allow Users To Format The Summarized And Detailed Reports For The Balance Sheet And Profit And Loss Statement 1.3.6.4. Solution Must Allow Users To Setup Multiple Dimensions For Income And Expense Accounts For More Detailed Reporting. Up To Four Dimensions Can Be Created Which Are: Profit Center Or Cost Center, Revenue Type, Principal Or Major Customer Type, And Location. 1.3.6.5. Solution Must Allow The Creation Of Multiple Currencies And Setup The Conversion Rate For Functional And Reporting Currency. 1.3.6.6. Solution Must Allow Creation Of Subsidiary Ledgers For Customers, Suppliers, Employees, And Others As Defined By The User. 1.3.6.7. Solution Must Allow Setup Of Various Tax Codes And Tax Rates For Vat, Creditable Withholding Taxes, And Expanded Withholding Taxes 1.3.6.8. Solution Must Allow Users To Enter The Amounts Which Will Be Set As The Beginning Balance For Each Account. 1.3.6.9. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Journal Entries), System Reports, And Master Tables 1.3.6.10. Solution Must Allow Users To Record Journal Entries To Record Transactions That Are Not From The Other Modules Such As Adjustments And Reclassification Entries. Journal Entries Should Allow The User To Select The Proper Books Of Account Where The Entry Is Recorded And Should Have Controls To Check The Balance Of Total Debit And Credit Accounts. 1.3.6.11. Solution Must Be Capable Of Month-end And Year-end Process To Close Transactions And Proceed To The Next Control Period. 1.3.7. Set-up And Application Manager 1.3.7.1. Solution Must Allow The Setup Of The Details Of The Organization Such As Tin, Address, Contact Details, Tax Settings, Transaction Currency. 1.3.7.2. Solution Should Allow The Creation Of Various Users Of The Accounting System. 1.3.7.3. Solution Must Allow Admin To Define And Control User Access So That Only Authorized Users Will Be Able To Access Specific Modules, Transact, Approve And Generate Reports. Users Can View, Add, Delete (if Not Yet Posted), Print, Or Approve Transactions. 1.3.7.4. Solution Must Allow Setting Up The Forms Used For Various Activities Including Transaction Number Or Document Series For The Forms Such As: Purchase Orders, Customer Orders, Invoice, Receipts, Payable Voucher, Etc. The System Can Automatically Generate The Succeeding Document Numbers During Transaction Entry. 1.3.7.5. Solution Must Allow Setting Up Forms To Be Used In The Various Transactions, Including The Preparers, Reviewers And Approvers Of Said Forms. 1.3.7.6. Solution Must Allow Setting Up Appropriate Department Of The Organization Which Will Be Used In Various Transactions. 1.3.7.7. Solution Must Allow The Setting Up Appropriate Fiscal Or Calendar Year Of The Organization. 1.3.7.8. Solution Must Have Control Checks To Allow Transactions To Proceed To The Next Activity Only When It Is Approved And Posted. Only Posted Transactions Will Appear In The System Reports. 1.3.7.9. Solution Must Allow Users To Perform Batch Approval Or Posting Of Transactions. 1.3.7.10. Solution Must Have Control Checks To Prevent Multiple Logins, And Failed Login Attempts From The Same Account. System Should Also Perform Automatic Logout For Idle Accounts. 1.3.7.11. Solution Must Be Able To Generate Reports That Shows User Access To The Various System Modules, Their Activities, And The Movement Of All Transactions. 1.3.8. Procurement Management System 1.3.8.1. The Solution Must Have A Complete Procurement Module That Can Capture Detailed Information From Purchase Requisition, Purchase Order, And Receiving 1.3.8.1.1. Module Setup - The Solution Must Have The Following Management And Setup Controls: 1.3.8.1.1.1. Solution Must Have Complete List Of Supplier's Details. Details Include Their Complete Name (for Individual) / Organization Name (for Non-individual), Tin, Addresses, Business Style, Contact Information, Payment Terms, Bank Details And Other Helpful Information Needed By The Organization. 1.3.8.1.1.2. Solution Must Be Able To Group Suppliers Up To Two Levels As Needed By The Organization. 1.3.8.2. Transaction Activities - Solution Must Be Capable Of The Following Transactions: 1.3.8.2.1. Solution Must Have A Dashboard That Would Provide Users Easy Access To Information On The Transactions (create And Approve Purchase Request, Purchase Orders And Receiving Transactions), System Reports, And Master Tables 1.3.8.2.2. Solution Must Be Able To Record Purchase Requests And Generate A Pr Form. The Purchase Request Must Capture Essential Information Such As: Requestor, Purchase Type (goods, Services, Capital Expenses, Consumables), Date Needed, And The Item Details And Quantity. 1.3.8.2.3. Solution Must Allow Users To Create Requests For Quotation To Invite Suppliers Into A Bidding Process For The Requested Items. 1.3.8.2.4. Solution Must Be Able To Present Details Of Canvass To Aid In Decision Making For Purchases. 1.3.8.2.5. Solution Must Be Able To Record Purchase Orders And Generate A Po Form. The Purchase Order Should Be Able To Retrieve And Automatically Populate The Details Of Approved Purchase Requests And Capture Essential Information Such As: Supplier Details, Purchase Type, Chargeable Department, And Delivery Info. The Purchase Order Should Allow Users To Select The Vat Class Of Each Item (vatable/exempt) And Automatically Calculate The Vat For Each Item If Applicable. 1.3.8.2.6. Solution Must Have A Functionality To Adjust The Amount And Quantity Of The Purchase Order. 1.3.8.3. Generated Reports - The Solution Must Have The Following System Generated Reports: 1.3.8.3.1. The Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows Of All Purchase Request In A Given Period 1.3.8.3.2. The Solution Must Be Able To Generate Summarized Or Detailed Reports Which Shows Of All Purchase Order In A Given Period 1.3.8.3.3. The Solution Must Be Able To Generate A Report That Shows Purchase Requests That Are Unserved, Partially Served Or Fully Served 1.3.8.3.4. The Solution Must Be Able To Generate A Report That Shows Purchase Orders That Are Unserved, Partially Served Or Fully Served. Records Management System 1.4.1.1. Document Versioning: Able To Store Many Versions Of The Same Document, Download Or Revert To A Previous Version. 1.4.1.2. Digital Signatures: Check The Authenticity Of Documents By Verifying Their Embedded Cryptographic Signatures Or Upload Detached Signatures For Document Signed After They Were Stored. 1.4.1.3. Signature Captures: Capable Of Digital Recording Of Handwritten Signatures And Able To Be Used For Business Transactions And Remote Contract Signing. 1.4.1.4. Multiple Sources: Local File Or Server-side File Uploads, Multifunctional Copier, Or Even Via Email 1.4.1.5. Advanced Access Control: 1.4.1.5.1. Role Based Access Control. Able To Create An Unlimited Amount Of Different Roles Not Being Restricted To The Traditional Administrator, Operator, Guest Paradigm. 1.4.1.5.2. With Permission For Every Atomic Operation Performed By Users 1.4.1.6. Previews For Multiple File Formats: Provides Image Preview Generation For Many Popular File Formats. 1.4.1.7. Full Text Searching: Documents Can Be Searched By Its Text Content, Metadata Or Any Other File Attributes Such As Name, Extension, Etc. Multiple Search Engines Must Be Supported. 1.4.1.8. Configurable Document Grouping: Automatic Linking Of Documents Based On Metadata Values Or Document Properties. 1.4.1.9. Workflows: 1.4.1.9.1. Keep Track Of The State Of Documents, Along With The Log Of The Previous State Changes 1.4.1.9.2. Use The Workflow Engine To Automate Business Processes By Executing System Actions. 1.4.1.9.3. Trigger External Processes Using The Workflow. Execute Actions In Other Systems When A Document Hits A Specific State For Complete Business Automation. 1.4.1.9.4. Comply With Regulations Using Automatic State Expiration And Workflow Escalation. 1.4.1.10. Non-destructive Page Mapping: Change The Order Of The Pages Of The Files Uploaded To A Document Or Disable Them To Remove From View. Pages From Multiple Document Files Can Also Be Joined Or Appended To Create Multiple Document Versions From The Same Set Of Files. 1.4.1.11. Complete Event Tracking System: 1.4.1.11.1. Every Action Performed In The System Must Be Recorded For Audit Trail Purposes. 1.4.1.11.2. Users And Other Applications Can Subscribe To Events To Perform Actions Or Provide Notifications. 1.4.1.12. Deployable In Multiple Different Environments, Vendors, Hardware: 1.4.1.12.1. Able To Do A Direct Installation For Maximum Control And Performance 1.4.1.12.2. Use The Official Docker Image For Easier Installation And Scalability. 1.4.1.12.3. Deployable To A Virtual Machine, Direct Hardware, Public Cloud, Private Cloud, Or A Single Board Computer 1.4.2. 2 Units Document Scanner 1.4.2.1. Proposed Throughput Speed Must Have 50 Ppm / 100ppm. 1.4.2.2. Proposed Feeder Capacity Must Be Up To 80 Sheets Of 80 G/m Paper. 1.4.2.3. Proposed Maximum Document Size Must Be 216 Mm X 3,000 Mm. 1.4.2.4. Proposed Minimum Document Size Must Be 52 Mm X 52 Mm 1.4.2.5. Proposed Maximum Optical Resolution Must Have 600 Dpi. Asset Management System 1.5.1.1.1. Unique Asset Tag That Is Assigned To An Asset For The Purpose Of Tracking And Managing Throughout Its Lifecycle. It Must Consist Of A Barcode Or A Serial Number That Is Affixed To The Asset, And Allows Accurate Identification And Location Of The Asset, Track Its Maintenance And Repair History, Assign Ownership And Monitor Depreciation. 1.5.1.1.2. Search Engine For Locating Assets Within An Inventory Or Database. This Can Involve Searching For Assets Based On Various Criteria, Such As Location, Type, Condition, Or Other Attributes Such As Assignee, Barcode Or Serial Number. 1.5.1.1.3. Asset Check In/out Which Serves As A Check List Of Asset/s That Need To Be Accepted Or Released From Possession. It Should Be On Real Time Release And Acceptance With The Option To Attach Photos Or Videos. 1.5.1.1.4. Asset Status That Provides Information On Current Status Such As Accepted, Released, Current Location And Other Status Like Maintenance And Assigned Technician. 1.5.1.1.5. Sends Notifications Of The Status Of An Asset If Accepted, Released, Under Maintenance Or In Transit. 1.5.1.2. Administrator Settings That Provide The Following Functionalities: 1.5.1.2.1. Branding Functionality That Provides Distinctive Name, Logo, Symbol, Or Design To Differentiate Cnu’s Asset Management Services 1.5.1.2.2. Security Features That Provide User Authentication And Access Controls To Authorized Users To Access Sensitive Information Or Make Changes To Asset Records. Option Includes Two Factor Authentication 1.5.1.2.3. Groupings Functionality That Defines And Assigns Groups Within Cnu Such As Finance, Supply Office, Etc. That Will Help Define And Narrow Down Searches And Assignments Of Assets. 1.5.1.2.4. Localization That Defines And Assigns Personnel, Users, Administrator, Groups And Assets Within The Campus To Certain Areas Or Places. 1.5.1.2.5. Notification Feature For Automated Alerts Or Messages To Notify Users Of Events Or Activities Related To The Assets. This Must Include Alerts For Maintenance And Repairs, Asset Checkouts Or Returns, Or Changes To Asset Records. Notifications Can Be Sent Via Email, In-app Notification And Other Messaging Channels Such As Chatbots. 1.5.1.2.6. Qr Code Generation And Assignment To Assets. 1.5.1.2.7. Asset Labeling Feature That Generates Qr And Barcodes For Labelling Of Assets. 1.5.1.2.8. Grouping Of Assets Based On Common Characteristics Or Attributes. Asset Categories Shall Be Used To Organize Assets Into Logical Groupings To Simplify Asset Tracking And Management. 1.5.1.3. User Management Functionality That Provides The Following: 1.5.1.3.1. Rights And Permission For Assignment Of Rights, Permissions And Responsibilities Such As Administrators And Users 1.5.1.3.2. Manual Or Automatic Creation And Removal Of Users That Can Be Triggered By The Hr Application System Through Automatic Notification Of New, Resigned And/or Retired Employees. 1.5.1.4. Asset Management Sub-modules Capable Of The Following: 1.5.1.4.1. Dynamic Fields That Are Highly Customizable To Be Added Or Removed From An Asset Record Based On The Specific Needs Of Cnu, Type Or Category Of An Asset. These Fields Are To Be Used To Capture Additional Information Or Data Points That Are Not Included In The Standard Asset Record Or To Tailor The Asset Record To The Specific Requirements Of Cnu. 1.5.1.4.2. Generates A Checklist For Acceptance Or Release Of An Asset That Will Be Shown On The Dashboards Of The User And Assigner. 1.5.1.4.3. Provides The Users The Capability To Request For Equipment, Office Supplies Or Even Vehicle Service For Use On Certain Occasions. 1.5.1.4.4. Migration Of Assets From Flat File Or Excel File. 1.5.1.4.5. Inventory Status That Provides Stakeholders, Administrator, Users And Requester Of The Current Inventory Of Assets Such As But Not Limited To Office Supplies, Fuel, And Other Pertinent Assets Of Cnu. 1.5.1.4.6. Low Inventory Notification That Allows Cnu To Be Automatically Notified Of Low Inventory On A Threshold Previously Set. 1.5.1.4.7. Asset Assignment Feature That Assigns An Asset To A Specific User Or Location Within Cnu. This Is Done To Track The Person Responsible For The Asset, Asset Location, And How It Is Being Used Through The Use Of Qr Code And Or Barcode Labels. Once An Asset Is Assigned, The Asset Management Software Must Be Able To Track The Asset's Location, Usage History And Maintenance Records. It Should Be Able To Provide Alerts Or Notifications When The Asset Is Due For Maintenance, Repair, Or Replacement. 1.5.1.4.8. License Management Feature That Assigns, Tracks And Records The Number Of Sw Licenses And Its Usage Within Cnu. 1.5.1.4.9. In-app Notification With Secondary Notification Through Email Alerts. 1.5.1.4.10. Mobile Application Feature That Will Enable Access To The Asset Management System Anytime, Anywhere. 1.5.1.5. Single Sign-on 1.5.1.5.1. Must Be An Add-on To The Cms System So Sso And User Rights/roles Are Incorporated Within The Existing User Base. 1.5.1.5.2. Authentication Must Be Through The Sso Of The Cms 1.5.1.6. The Winning Bidder Must Provide Two (2) Units Of Barcode Printers, Two (2) Handheld Scanners And Consumables. 1.5.1.7. The Winning Bidder Shall Perform Pre-functional Testing And User Acceptance Testing Upon Completion Of Its Installation, To Be Witnessed By Cnu Nominated Personnel. Consolidated University & Student Portal 1.6.3.1. Design, Development And Customization Of Faculty And Student Portal 1.6.3.2. Consolidated University & Student Portal Technical Requirements 1.6.3.2.1. Portal Services 1.6.3.2.1.1. Must Support At Most Ten Thousand (10,000) User Identities. 1.6.3.2.1.2. Must Provide User Logins With Appropriate Authentication. 1.6.3.2.1.3. Must Provide ‘forgot Password’ Facility. 1.6.3.2.1.4. Must Provide ‘change Password’ Facility. 1.6.3.2.1.5. Must Have Administration Functionalities Such As: 1.6.3.2.1.5.1. User Management 1.6.3.2.1.5.2. Role Management 1.6.3.2.1.5.3. Announcements 1.6.3.2.2. Development Of Frequently Asked Questions (faqs) 1.6.3.2.2.1. Create Faqs 1.6.3.2.2.2. Read Faqs 1.6.3.2.2.3. Update Faqs 1.6.3.2.2.4. Delete Faqs 1.6.3.2.2.5. List Faqs 1.6.3.2.3. Route Configuration 1.6.3.2.3.1. Route Creation 1.6.3.2.3.1.1. Redirection Link 1.6.3.2.3.1.2. Redirection Logo 1.6.3.2.3.1.3. User Role Assignment 1.6.3.2.3.1.4. Active / Inactive Route 1.6.3.2.3.2. Update Route 1.6.3.2.3.3. Delete Route 1.6.3.2.3.4. List Route 1.6.4. Dashboard Development 1.6.4.1. The Dashboard Must Provide Route Display And Redirection For At Most Four (4) Applications. 1.6.4.2. From The User Dashboard, A Link Must Be Provided To Route The User To A Particular Application. The Requirement Is A Routing Link And So No Application Development Or Application Side Configuration Is Part Of The Portal Requirement. Unified Database Platform 1.7.1.1. It Shall Be Cloud Agnostic And Cloud-native And Can Support Deployments In Bare Metal, Vms, Or Kubernetes Both In On Premise Infrastructure As Well As Cloud For At Least The Following Options: 1.7.1.1.1. Baremetal 1.7.1.1.2. Vmware Vsphere 1.7.1.1.3. Aws 1.7.1.1.4. Google Cloud Platform 1.7.1.1.5. Microsoft Azure 1.7.1.2. It Shall Synchronize The Data Across Multiple Sites And Support Multiple Advanced Replication Architecture. 1.7.1.3. It Must Be Deployed In An Active-active Manner To Ensure Minimal Disruption To Services And Can Withstand The Following Failure Scenarios Depending On The Deployment Topology: Virtual Machine Failure, Container/kubernetes Node Failure, Availability Zone Failure, Region Failure. 1.7.1.4. It Shall Support Both The Sql And Nosql Apis’ Under A Common Storage Substrate To Address Current And Future Use Cases. 1.7.1.5. It Shall Enable Client Applications To Auto- Discover Cluster Nodes And Cluster Topology Using An Application- Friendly Library. 1.7.1.6. It Shall Support A Single Synchronous Cluster Stretched Across Multiple Az’s/regions/clouds, And Support Multiple Advanced Replication Architectures For The Resiliency Of The System. 1.7.1.7. Shall Horizontally Scale Out/in/up/down With Minimal To No Business Disruptions. 1.7.1.8. Shall Offer A Single User Interface Across Various Clouds With Simplified Database Management And Monitoring Like Db Upgrades, Backups, Security & On-demand Scaling Of Nodes To Simplify Operation And Management. 1.7.1.9. It Shall Support Distributed Acid And Transactions With Strong Data Consistency. 1.7.1.10. One (1) Year Of Enterprise Support For Production And Non-production. 1.7.1.11. It Shall Provide The Ability To Increase Computing Capacity Linearly By Adding New Nodes To The Existing Database System With No Downtime. 1.7.1.12. It Shall Support Data Replication Between Two Isolated Instances To Support Application-level Active-active Deployments. 1.7.1.13. The Proposed Solution Shall Enhance The Primary Cluster Capability With Additional Read-replica Nodes To Facilitate Reads Closer To The Customer Base. 1.7.1.14. The Proposed Solution Shall Support Data Affinity To Comply With Country/region-specific Regulatory/compliance Requirements. 1.7.1.15. The Proposed Solution Shall Support Encryption In Transit And Rest To Have A Strong Security Posture. 1.7.1.16. The Proposed Solution Shall Be Able To Provision And Manage In A Fully Air-gapped Environment. 1.7.1.17. The Proposed Solution Shall Support Region/zone/cloud Affinity To Define Different Data Serving Topologies To Keep The Data Serving Nodes Closer To The User Base. 1.7.2. Other Requirements: 1.7.2.1. The Proposed Solution Must Offer A Single User Interface Across Various Clouds With Simplified Database Management And Monitoring Like Db Upgrades, Backups, Security & On-demand Scaling Of Nodes To Simplify Operation And Management. 1.7.2.2. The Proposed Solution Must Have Cdc Capability To Generate Events On Data Change. 1.7.2.3. The Proposed Solution Must Have Api For Management Automation. 1.7.2.4. The Proposed Solution Must Support Advanced Sql Features Like Stored Procedures, Foreign Keys, Triggers, Json Support (filtering, Constraints, And Projections) To Support Current And Future Use Cases. 1.7.2.5. Must Have The Following Services: 1.7.2.5.1. Ssl/dns Configuration - Must Be Able To Install And Configure Ssl Certificates And Assist In The Configuration Of Dns. 1.7.2.5.2. Workflow Integration - Ability To Define Different Approval Process In The Workflow Engine. 1.7.2.5.3. Database Migration - Must Be Able To Migrate All Existing Electronic Data To The New Database. Ict Infrastructure Requirements 1 22,236,484.00 2.1. Supply And Installation Of 48-core Single Mode Os2 Fiber Optic Cable That Will Link Select Buildings To The Data Center. The Backbone Will Serve As The Network Gateway Throughout The Campus. 2.2. 1gbps Direct Internet Access 2.2.1. The Winning Bidder Must Provide A 1gbps Direct Internet Access 2.2.2. The Winning Vendor Must Initiate A Service Application (service Subscription) And Activation From An Internet Service Provider (isp) That Is Capable Of Delivering Internet Service Through A Fiber Optic Cable (foc) Backbone. The University Shall Be The Subscription Account Owner. Centralized Security Operations Center 1 246,115,477.00 The Solution Must Be A Cloud-native Security Operation Platform With Built-in And Fully Integrated (single Interface/management) Next-generation Ngsiem, Ueba, Ndr, Fim, Sanboxing, And Soar Capabilities, As Well As Open Integration To Existing Security Stacks And Future Security Tools, To Automate Cybersecurity Threat Detection, Investigation, And Response Across The Entire Attack Surface. 3.1. Xdr 3.1.1. The Solution Must Be Soc 2 Type 2 Certified 3.1.2. The Solution Must Have Ng-siem Natively To Provide A Centralized Location For Gathering And Organizing Data From Any Existing Security Control, It, And Productivity Tool Using Pre-built Integrations That Are Easy To Use And Do Not Incur Additional Costs For Integrating New Security Tools. 3.1.3. The Solution Must Have Ndr Natively Built-in To Provide Visibility Into Threats At The Network Layer To Stop Attacks Faster To Limit Potential Damage. 3.1.4. The Solution Must Include Ueba Natively To Analyze Traffic And Produce Security Status And Event Information On Individual Users, As Well As Monitor Network Assets And Analyze Their Behavior To Detect Threats. 3.1.5. The Solution Must Include File Integrity Monitoring To Track Changes To Specified Files And Directories, Such As File Changes, File Creations, And File Deletions. 3.1.6. The Solution Must Have Sandbox Built-in Capable Of Detecting Reassembled Files Over The Wire That, If Found To Be Malicious, Will Actively Detonate In A Malware Sandbox To Detect Novel Threats. 3.1.7. The Solution Must Be Able To Collect Data Without Limiting The Type And Number Of Devices To Collect From. 3.1.8. The Software Solution Must Be Scalable And Capable To Accommodate Minimum Of 100gb Data. 3.1.9. The Solution Must Have Native Sensors That Can Be Delivered On-premises As A Purpose-built Appliance, A Virtual Appliance (vmware, Microsoft Hyper-v, Or Kvm), Or In The Cloud, Such As Aws, Azure, Google Cloud Platform, Or Oracle Cloud Infrastructure. 3.1.10. The Solution's Native Sensor Must Be Prepackaged With Network Ids, Deep Packet Inspection, And Malware Sandbox Functionality. 3.1.11. The Solution Must Integrate Threat Intelligence And Telemetry Data From Multiple Sources With Security Analytics To Contextualize And Correlate Security Alerts. 3.1.12. The Solution Must Have Soar Built-in To Provide Both Manual And Automated Response To Cyber Threats Using Pre-defined Playbooks And Pre-built Integrations To Security, It, And Productivity Products, Ensuring Identified Threats Are Mitigated Appropriately And Consistently. 3.1.13. The Solution Must Be Able To Automatically Generate Novel Alerts Based On Input Data Sources Without Requiring The Manual Creation Of Rules, Such As Finding Anomalous Patterns Based On Parent-child Process Relationships, Unusual Application Connections Or Usage, Unusually High User Command Execution Rates, And Unusually High Numbers Of Connections To Non-standard Ports For An Application. 3.1.14. The Solution Must Automatically Integrate Its Own Threat Intelligence Platform (tip) Into Its Architecture For Data Enrichment In Order To Rapidly Identify Attack Paths And Previous Interactions With Known Bad Actors, Increasing Threat Detection Accuracy While Decreasing Response Time. 3.1.15. The Solution Must Be Capable Of Catching, Extracting, And Reassembling Malware That Travels Through The Network Via Http, Ftp, Smb, And Smtp. 3.1.16. The Solution Must Be Capable Of Forwarding Malicious Files To An External Https Server. 3.1.17. The Solution Must Be Able To Translate An Ip Address Into A Geographical Location Or Reputation. 3.1.18. The Solution Must Be Able To Override The Geolocation Gathered From Geolocation Databases By Manually Defining The Geolocation Associated With Specified Ip Addresses. 3.1.19. The Solution Must Have An Aggregator That Can Be Deployed As A Virtual Appliance And Act As A Proxy To Forward Traffic From Other Sensors To The Central Data Repository. 3.1.20. The Solution Must Support Geo Location Public Ip Look Up 3.1.21. The Solution Must Have Reputation-based Threat Intelligence That Automatically Enriches Network Data And Logs During Real-time Ingestion To Add Context To The Data, Thereby Improving The Analyst's Threat Detection, Investigation, And Hunting. 3.1.22. The Solution Must Be Able To Cut Through The Noise Of An Overwhelming Volume Of Alerts By Automating Both Threat Detection (via Ai And Machine Learning) And Response (via Automated Threat Hunting). 3.1.23. The Solution Must Have Integrated Threats, Incident And Compliance Management. 3.1.24. The Solution Must Be Capable Of Constructing A Meaningful Security Context By Utilizing Machine Learning To Determine The Strength Of The Link Between An Alert And A Potential Incident By Employing Multiple Security Artifacts Such As Shared Entities (assets Or Users), Properties (hashes Or Urls), And Time. 3.1.25. The Solution Must Automatically Monitor For Known Bad Events, And Use Sophisticated Correlation Via Search, To Find Known Risk Patterns Such Brute Force Attacks, Data Leakage And Even Application-level Fraud. 3.1.26. The Solution Must Be Able To Detect Compromised Hosts Associated With Advanced Threats And Malware Infections 3.1.27. The Solution Must Be Able To Find Activities And Events Associated With Successful Attacks And Malware Infections 3.1.28. The Solution Must Issue Alert Upon Detection Of Blacklisted External Ip 3.1.29. The Solution Must Be Fully Customizable When Creating Warning Or Alarms For High Risks Events 3.1.30. The Solution Must Support Authentication Authorization Accounting (aaa). 3.1.31. The Solution Must Use Machine Learning Based Detections. Please Provide Some Use Cases And Evidence That The App Is Using Machine Learning Based Algorithms 3.1.32. The Solution Should Include Unsupervised Machine Learning Detection Model That Predicts Current Behavior Based On The Historical Distribution Of A Given Detection Parameter (host, User, Source Ip Address, Etc). 3.1.33. The Solution Should Include An Unsupervised Machine Learning Detection Model That Learns Steady Population Statistics From The Past Peer Data And Looks For Irregularities That Deviate From Typical Behavior Over Time. 3.1.34. The Solution Should Include An Unsupervised Machine Learning Detection Model That Examines Whether The Presence Of A Given Detection Parameter Has Appeared In The Last Number Of Days Or Not. 3.1.35. The Solution Should Include A Supervised Classification Model That Uses A Set Of Indicators To Determine A Decision Boundary Between Normal And Suspicious Data Points. 3.1.36. The Solution Must Provide An Api With The Following Capabilities: 3.1.36.1. Retrieve Detailed Collector Information 3.1.36.2. Retrieve Detailed Incident Information 3.1.36.3. Update Incident Detail 3.1.36.4. Next-generation Siem 3.1.37. The Solution Must Ensure That Security Incidents Are Accessible And Searchable Within Twelve (12) Months. As Needed, Evidence From Security Incidents Is Made Available For Historical Analysis. 3.1.38. The Solution Must Be Capable To Collect Different Types Of Metadata (e.g., Logs, Security Events, Network Flows, Among Others) From Data Sources And Shall Include Log Compression And Industry Standard Encryption At Rest And In Transit To Ensure Security Of Captured Data From Disclosure To Disinterested Parties. 3.1.39. The Solution Must Automatically Normalize And Enrich Data From Any Source With Context Such As Threat Intelligence, User Details, Device Information, Geographical Location To Enable Detailed, Extensible Data Analytics. 3.1.40. The Solution Must Be Capable Of Collecting And Normalizing Server Logs, Network Packets, Server Process Data, File Data, And Threat Intelligence Data Into Json-formatted Records. 3.1.41. The Solution Must Include An Alert Statistics Dashboard That Allows Analysts To Quickly Examine Any Discovered Alerts At A Glance, Such As: 3.1.41.1. Graph Of Critical Vs. Total Alert Status 3.1.41.2. Show The Open Vs. Total Alert Graph. 3.1.41.3. Show The Alert Trend. 3.1.41.4. The Solution Must Be Capable Of Ingesting Tls Encrypted Syslog And Syslog-ng Logs. 3.1.42. The Solution Must Have A Sensor That Can Be Deployed As An Agent In Windows Servers (windows Server 2008 R2, 2012, 2016, And 2019) To Collect Event Data Related To The Following: 3.1.42.1. Hardware 3.1.42.2. Security 3.1.42.3. System 3.1.42.4. Windows Firewall 3.1.42.5. Windows Defender 3.1.42.6. Windows Powershell 3.1.43. The Solution Must Be Able To Integrate With Domain Controllers In Order To Enrich Data Collected With The Relationship Between Users And Ip Addresses. 3.1.44. The Solution Must Be Able To Integrate With A Dhcp Server To Determine The Relationship Between Hostnames And Ip Addresses And Track Devices When The Ip Address Changes. 3.1.45. The Solution Must Be Able To Ingest Windows Sysmon Events. 3.1.46. The Solution Must Be Able To Correlate Traffic, Processes, Users, And Commands In Order To Detect Security, Ddos, And Breach Attempts. 3.1.47. The Solution Must Have A Collector That Can Be Deployed As An Agent In Linux Servers (rhel, Centos, Debian, Ubuntu, Amazon Linux, Oracle Linux, Suse Linux) To Monitor And Capture The Following Information: 3.1.47.1. Process Info. 3.1.47.2. Command Execution. 3.1.47.3. Files. 3.1.47.4. File Events. 3.1.48. The Solution Must Include A Tool For Finding And Visualizing Correlations Between Events. 3.1.49. The Solution Must Have A Visual Tool For Focusing In On A Single Entity (host, Ip, Url, Or User) In A Security Event And Viewing Its Relationship To Other Entities. 3.1.50. The Solution Must Include Out-of-the-box Threat Hunting Templates That Can Be Edited, Copied, And Exported. 3.1.51. The Solution Must Be Capable Of Removing Duplicate Data Through Packet Deduplication. 3.1.52. The Solution Must Be Able To Reduce The Amount Of Metadata Gathered For Smb Commands. 3.1.53. The Solution Must Automatically Compress The Ingested Data. 3.1.54. The Solution Must Be Capable Of Sending Alerts To Relevant Personnel Regarding Security Issues Based On Correlated Events. 3.1.55. The Solution Must Be Capable Of Serving Any Number Of Logical Network Data Or Log Segregation Based On Specific Departments, Functionalities, Or Locations That The User Considers To Be Managed Separately. Not Only Should Security Information Be Kept Completely Separate, But Machine Learning-based Threat Detections Should Also Be Distinct For Each Department. 3.1.56. The Solution Must Include Data Collectors That Are Able To Send Data (log/event) In Real-time And Batch Mode. 3.1.57. The Solution Must Be Capable Of Performing Server And Network Infrastructure Monitoring Out Of The Box. 3.1.58. The Solution Must Be Capable Of Performing Application Monitoring Out Of The Box. 3.1.59. The Solution Must Be Able To Maintain The Original Timestamps For Each Event While Handling Timestamps From Different Time Zones 3.1.60. The Solution Shall Provide Advance Correlation Capabilities To Detect Security Incidents Such As: 3.1.60.1. Ddos Attacks 3.1.60.2. Worm Outbreak 3.1.60.3. Port Scan 3.1.60.4. Sql Injection 3.1.60.5. Brute Force Attack 3.1.61. The Solution Must Be Able To Correlate Asset Info With Threat And Vulnerability Data. 3.1.62. The Solution Provides Network Visibility From Wire Data That Contains Critical Insights About Payloads, Session Information, Errors, Dns, Etc. 3.1.63. The Proposed Solution Shall Be Able To Provide Search Function That Support Boolean-style Patterns Search. 3.1.64. Proposed Solution Shall Be Able To Allow Analysts To Build Queries Using Combined Search Methods. A Single Query May Contain Keywords And Field-based Conditions. 3.1.65. The Proposed Solution Must Be Able To Perform Sub Search In Regard To The Security On Top The Current Search. 3.1.66. The Solution Must Have A Customizable Widget On The Dashboard. 3.1.67. The Solution Must Support Email Notification With Content In Json Format. 3.1.68. The Solution Should Include An Investigative Tool That Allows Security Analysts To Quickly Examine Any Security Alerts By Displaying Enriched Alert Information That Includes Identified Mitre Att&ck Tactic And Techniques Used, Attack Kill Chain Category, Ml Based Score, Alert Status, Key Event Parameters That Contribute To Triggering The Alert, And Full Event Details. 3.1.69. The Solution Must Have The Ability To Threat Hunt And Automate The Threat Hunt And Apply To Soar. 3.2. User And Endpoint Behavior And Analytics (ueba) 3.2.1. The Solution Must Be Capable Of Inspecting Assets For Threat Data And Past Performance. 3.2.2. The Solution Must Be Capable Of Monitoring Every Server, Router, And Host System In The Private Network. 3.2.3. The Solution Should Provide A Host-centric View Of Alert Activity For Specific Hosts. 3.2.4. The Solution Must Come With User Behavior Analytics That Collect User Information From Active Directory 3.2.5. The Solution Must Come With Entity Behavior Analytics That Collect Ip Information From Network Traffic. 3.2.6. The Solution Must Track Changes And Secure Your Environment By Monitoring For Suspicious Activity, User Role Changes, Unauthorized Access And More. 3.2.7. The Solution, Based On Observed Security Events And Asset Risk Profile, Assigns A Risk Score. 3.2.8. The Solution Must Discover Assets Dynamically Across Networks, Endpoints, And Cloud Environments. 3.2.9. The Solution Must Use Either Host Names, Mac Addresses, Or Ip Addresses To Uniquely Identify Assets. 3.2.10. The Solution Must Collect And Fuse User-relevant Data From Multiple Data Sources Across The Security Infrastructure Automatically. 3.2.11. The Solution's Machine Learning Must Be Used To Enable Sophisticated Behavioral Analytics In The Solution. 3.2.12. The Solution Without Any Rules Or Signatures, Must Detect Bad Behavior. 3.2.13. The Solution Must Be Capable Of Detecting The Use Of An Unfamiliar App By An Internal User Who Normally Uses A Minimal Yet Consistent Number Of Applications. 3.2.14. The Solution Must Be Capable Of Detecting When An Internal User Has An Abnormally High Volume Of Traffic In Comparison To Its Usual Volume Or That Of Its Peers. 3.2.15. The Solution Must Be Capable Of Detecting The Use Of An Unfamiliar App By An External User Who Normally Uses A Minimal Yet Consistent Number Of Applications. 3.2.16. The Solution Must Be Capable Of Detecting When An External User Has An Abnormally High Volume Of Traffic In Comparison To Its Usual Volume Or That Of Its Peers. 3.2.17. The Solution Must Be Able To Detect A User Who Logs In To A New Asset Who Typically Uses A Small, Consistent Number Of Assets. 3.2.18. The Solution Must Be Capable Of Detecting A User Who Has Logged In From An Unusual Location. 3.2.19. The Solution For Each Detected And Identified For Asset, Must Provide A Kill Chain View Of Security Events. 3.2.20. The Solution Must Track Threats Based On The User Rather Than The Threat Type. 3.2.21. The Solution Must Assign A Risk Score To Each User In Order To Easily Identify Risky Users. 3.2.22. The Solution Must Be Capable Of Detecting A User Who Typically Executes A Small, Consistent Number Of Processes But Has Recently Executed A New Process. 3.2.23. The Solution Must Be Capable Of Detecting An Internal Http Connection Made By An Internal User Agent That Has Never Been Observed Or Has Only Been Seen On Rare Occasions. 3.2.24. The Solution Must Be Capable Of Detecting An External Http Connection Made By A Potentially Malicious User Agent. 3.2.25. The Solution Must Be Capable Of Detecting A User Who Has Logged In From Locations That Are Geographically Impossible To Travel Between Within The Time Frame. 3.2.26. The Solution Must Be Capable Of Detecting A User Who Logs In At An Unusual Time. 3.2.27. The Solution Must Be Able To Detect An Asset That Started A Previously Unknown Process, Which Could Indicate A Malware Attack. 3.2.28. The Solution Must Be Capable Of Detecting Processes That Typically Launch A Small, Consistent Number Of Child Processes. 3.2.29. The Solution Must Be Capable Of Detecting A File Or Files That Have Been Created An Unusually Large Number Of Times. 3.3. Network Detection And Response (ndr) 3.3.1. The Solution Must Be Capable Of Monitoring Suspicious Traffic In Both External (north/south) And Internal (east/west) Traffic, As Well As Traffic In All Physical And Virtual Environments. 3.3.2. The Solution Must Enable The User To Safely Inspect Suspicious Files In Order To Detect The Presence Of Zero-day Malware And Advanced Persistent Threats. 3.3.3. The Solution Must Be Capable Of Ingesting Rspan Session Flows. 3.3.4. The Solution Must Be Capable Of Ingesting Gre Traffic That Has Been Mirrored With Erspan. 3.3.5. The Solution Must Be Capable Of Compiling Identical Metadata From Talkative Applications Into A Single Record To Reduce Traffic Going To Central Data Repository. 3.3.6. The Solution Must Be Capable Of Correlating Processes Running On The Sensor And Host And The Ip Address/port Visible In Traffic. 3.3.7. The Solution Must Passively Collect Asset Information And Network Flow Information. 3.3.8. The Solution Must Be Capable Of Correlating And Identifying Application Performance Issues Due To Security Incident (e.g. Ddos Attacks, Unauthorized Access To The System That Causing Application Performance Issues.). 3.3.9. The Solution Should Have The Ability To Report When Data Theft Occurs. 3.3.10. The Solution's Architecture Has To Be Very Extensive In Network Traffic Analysis Using Both Supervised And Unsupervised Learning. 3.3.11. The Solution Must Be Capable Of Capturing Raw Network Packets And Reducing The Data To Produce Valid Security Events Without The Size Of A Full Packet Capture. 3.3.12. The Solution Must Be Capable Of Collecting And Correlating Firewall Traffic Logs, Ids Events, Netflow And Cloud Flow Logs. 3.3.13. The Solution Must Be Able To Track The Interaction Between Network Devices, Services, And Applications In Real Time And Over Time. 3.3.14. The Solution Shall Be Able To Address All Alert Types Tied To Phases Of Attack Life Cycle. 3.3.15. The Solution Should Support Integration To Firewall To Do Inline Blocking Mode (not Tcp Reset). 3.3.16. The Solution Must Be Capable Of Monitoring Dns Resolution Changes For Specified Domains, So That If One Of The Observed Domains Resolves To A Different Ip Address, The Solution Will Populate A Visual Record Indicating The Change. 3.3.17. The Solution Must Provide A Visual Representation Of The Entire Attack Landscape, Mapping Detected Threats To Their Corresponding Attack Kill Chain Stage. The Detected Threat Must Be Clearly Tagged With The Relevant Mitre Attack Framework For Detailed Analysis Of An Ongoing Attack's Progression. 3.3.18. The Solution Must Be Capable To Do Comprehensive Network Traffic Analysis Which Includes: 3.3.18.1. Network Performance Statistics 3.3.18.2. Server Performance 3.3.18.3. Application Detection And Performance Monitoring: 3.3.18.4. Top Sources & Top Destinations 3.3.18.5. Asset Application Performance 3.3.18.6. Application Processing Time 3.3.18.7. Network Interactions With Asset 3.3.18.8. Http Statistics 3.3.18.9. Dns Statistics 3.3.18.10. Asset Discovery And Statistics 3.3.18.11. Ip Address 3.3.18.12. Device Manufacturer 3.3.18.13. Application Services 3.3.18.14. Time Discovered And Last Seen 3.3.18.15. Asset Tag(s) And Description 3.3.18.16. Server Certificate Visibility 3.4. Soar (security Orchestration Automation And Response) 3.4.1. The Solution Must Automatically Recognize Alerts From Multiple Sources, Analyze Them For Similarities, And Automatically Add Any Identified Connected Alerts To A Case Or Cases, Preventing The Team From Duplicating Efforts And Hunting For Details In Multiple Places. 3.4.2. The Solution Must Have A Dynamic Case Management Tool That Automates The Continuous Correlation Of Existing Cases To New Alerts When They Are Discovered To Be Potentially Related. 3.4.3. The Solution Must Be Capable Of Storing Cases For A Year. 3.4.4. The Solution Must Be Capable Of Accelerating Security Incident Management Processes By Automating Case Generation With Key Details Such As The Ones Listed Below. 3.4.5. Incident Name And Ticket Id: These Must Be Generated Automatically. 3.4.6. Incident Score: A Score Based On How Serious The Incident Was. 3.4.7. Incident Severity: The Incident's Severity (critical, High, Medium, Or Low) 3.4.8. Incident Reported Time: The Time When The Incident Occurred. 3.4.9. Analyst Assigned To Incident: The Person Tasked With Handling The Incident. 3.4.10. Incident Status: The Incident's Associated State (new, Escalated, Ongoing, Solved, Cancelled). 3.4.11. Incident Closed Time: The Time When The Incident Was Resolved. 3.4.12. The Solution Must Have Out Of The Box Or Customizable Playbooks Of Best Practices To Scale Operations, Drive Consistency In Response And Meet Compliance Requirements. Playbooks Deployed Shall Include At Least: 3.4.12.1. Phishing Enrichment And Response 3.4.12.2. Malware Endpoint Response 3.4.12.3. Internal And External Login Anomalies (multiple Failed Logins, Unusual Activity Such As Login Attempts Outside Office Hours, Unusual Login Location, Login From Suspicious Device) 3.4.12.4. Unusual Browsing Activity 3.4.12.5. Web Attack Profiling And Blacklisting 3.4.12.6. File Activity Anomalies Such As Creation, Move, Delete, Or Change 3.4.12.7. Potential Data Exfiltration 3.4.12.8. C&c Connection 3.4.13. The Solution Must Automatically Trigger Playbooks With Predefined Workflows That To Perform A Variety Of Instructions That Could Include Executing Scripts Or Integrating With Other Tools In The Environment. 3.4.14. The Solution Must Have The Option To Create User-defined Playbooks With Customized Workflow. 3.5. 2 Units Next-generation Firewall For Perimeter 3.5.1. Must Perform Stream-based, Bi-directional Traffic Analysis, Without Proxying Or Buffering, To Uncover Intrusion Attempts And Malware And To Identify Application Traffic Regardless Of Port. 3.5.2. Must Scan For Threats In Both Inbound And Outbound Traffic Simultaneously To Ensure That The Network Is Not Used To Distribute Malware And Does Not Become A Launch Platform For Attacks In Case An Infected Machine Is Brought Inside. 3.5.3. Must Have Proxy-less And Non-buffering Inspection Technology Provides Ultra-low Latency Performance For Dpi Of Millions Of Simultaneous Network Streams Without Introducing File And Stream Size Limitations, And Can Be Applied On Common Protocols As Well As Raw Tcp Streams. 3.5.4. Must Have A Single-pass Dpi Architecture Simultaneously Scans For Malware, Intrusions And Application Identification, Drastically Reducing Dpi Latency And Ensuring That All Threat Information Is Correlated In A Single Architecture. 3.5.5. Must Have An Engine With The Multi-core Architecture To Provide High Dpi Throughput And Extremely High New Session Establishment Rates To Deal With Traffic Spikes In Demanding Networks. 3.5.6. Must Identify And Mitigate Even The Most Insidious Modern Threats, Including Future Meltdown Exploits. Detects And Blocks Malware That Does Not Exhibit Any Malicious Behavior And Hides Its Weaponry Via Encryption. 3.5.7. Must Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.5.8. Must Have Multi-engine Sandbox Platform, Which Includes Virtualized Sandboxing, Full System Emulation And Hypervisor Level Analysis Technology, Executes Suspicious Code And Analyzes Behavior, Providing Comprehensive Visibility To Malicious Activity. 3.5.9. Must Have A Secure Sd-wan That Enables Distributed Enterprise Organizations To Build, Operate And Manage Secure, High-performance Networks Across Remote Sites For The Purpose Of Sharing Data, Applications And Services Using Readily-available, Low-cost Public Internet Services Without Additional License Cost. 3.5.10. Must Have A Wizard To Automatically Configure Sdwan Policy On The Firewall 3.5.11. Must Displays Sd-wan Performance Probes And Top Connections. 3.5.12. All Network Traffic Must Be Inspected, Analyzed And Brought Into Compliance With Firewall Access Policies. 3.5.13. Must Supports Active/passive (a/p) With State Synchronization. The Proposed Solution Should Support Hardware Redundancy Using Only Single Security License In Both Primary & Secondary Appliance. 3.5.14. Must Have Block Until Verdict To Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.5.15. Must Have Zero-day Protection To Protect The Network Against Zero-day Attacks With Constant Updates Against The Latest Exploit Methods And Techniques That Cover Thousands Of Individual Exploits. 3.5.16. Must Have Bi-directional Raw Tcp Inspection That Scans Raw Tcp Streams On Any Port And Bi-directionally To Detect And Prevent Both Inbound And Outbound Threats. 3.5.17. Must Have Application Control That Controls Applications, Or Individual Application Features That Are Identified By The Engine Against A Continuously Expanding Database Of Over Thousands Of Application Signatures. That Increases Network Security And Enhances Network Productivity. 3.5.18. Must Have Ddos/dos Attack Protection. Syn Flood Protection Provides A Defense Against Dos Attacks Using Both Layer 3 Syn Proxy And Layer 2 Syn Blacklisting Technologies. Additionally, It Protects Against Dos/ddos Through Udp/icmp Flood Protection And Connection Rate Limiting. 3.5.19. Must Be Capable Of Load-balances Multiple Wan Interfaces Using Round Robin, Spillover Or Percentage Methods. Policy-based Routing Creates Routes Based On Protocol To Direct Traffic To A Preferred Wan Connection With The Ability To Fail Back To A Secondary Wan In The Event Of An Outage. 3.5.20. Must Display Rules Which Are Actively Used Or Not Being Used. 3.5.21. Must Be Able To Simplify And Reduce Complex Distributed Firewall Deployment Down To A Trivial Effort By Automating The Initial Site-to-site Vpn Gateway Provisioning Between Firewalls While Security And Connectivity Occurs Instantly And Automatically. 3.5.22. Must Guarantee Critical Communications With 802.1p, Dscp Tagging And Remapping Of Voip Traffic On The Network. 3.5.23. The System Intrusion Prevention System Must Be Capable Of Signature-based Scanning, Automatic Signature Updates, Bi-directional Inspection, Granular Ips Rule Capability, Geoip Enforcement, Botnet Filtering With Dynamic List, Regular Expression Matching. 3.5.24. The Anti-malware System Must Be Capable Of Stream-based Malware Scanning, Gateway Anti-virus, Gateway Anti-spyware, Bi-directional Inspection, No File Size Limitation. 3.5.25. The System Must Have Traffic Visualization That Can Monitor User Activity, Application, Bandwidth, And Threat. 3.5.26. Must Have A Http/https Web Content Filtering That Is Capable Of Url Filtering, Proxy Avoidance, Keyword Blocking, Policy-based Filtering (exclusion/inclusion), Http Header Insertion, Bandwidth Manage, And Rating Categories. 3.5.27. Must Have A Vpn That Is Capable Of Secure Sd-wan, Auto-provision Vpn, Ipsec Vpn For Site-to-site Connectivity, Ssl Vpn And Ipsec Client Remote Access, Redundant Vpn Gateway, And Mobile Client For Ios, Mac Os X, Windows, Chrome, Android And Kindle Fire. 3.5.28. Must Have Networking Capabilities Such As Portshield, Path Mtu Discovery, Enhanced Logging, Vlan Trunking, Layer-2 Qos, Port Security, Dynamic Routing (rip/ospf/bgp), Policy-based Routing (tos/metric And Ecmp), Nat, Dhcp Server, Bandwidth Management, A/p High Availability With State Sync, Inbound/outbound Load Balancing, L2 Bridge, Wire/virtual Wire Mode, Tap Mode, Nat Mode, And Asymmetric Routing. 3.5.29. The System Management And Monitoring Must Have Web Gui, Command Line Interface (cli), Snmp V2/v3 Support, Centralized Management And Reporting, Netflow/ipfix Exporting, Cloud Based Configuration Back Up, And Zero-touch Registration & Provisioning. 3.5.30. Must Be Certified With Icsa Labs Advance Threat Defense Certified With 100% Unknown Threat Detection For 7 Consecutive Quarters From Q1-q4, 2021 & Q1-q3, 2022. 3.5.31. Must Have 24x7 Support That Includes Firmware Updates And Hardware Replacement. Support Includes Around-the-clock Access To Telephone And Web-based Support For Basic Configuration And Troubleshooting Assistance, As Well As Hardware Replacement In The Event Of Failure. 3.5.32. The System Must Have The Minimum Throughput Requirements (or Higher): 3.5.32.1. Firewall Inspection Throughput – 42 Gbps; 3.5.32.2. Threat Prevention Throughput – 28 Gbps; 3.5.32.3. Application Inspection Throughput – 30 Gbps; 3.5.32.4. Ips Throughput – 28 Gbps; 3.5.32.5. Tls/ssl Decryption And Inspection Throughput (dpi Ssl) – 10 Gbps; 3.5.32.6. Vpn Throughput – 22.5 Gbps; 3.5.33. The System Must Be Capable Of Handling: 3.5.33.1. Connections Per Second - 280,000/sec; 3.5.33.2. Maximum Connections (spi) – 15,000,000; 3.5.33.3. Max Dpi-ssl Connections – 1,500,000; 3.5.33.4. Maximum Connections (dpi) – 12,000,000 3.5.33.5. The System's Interface Must Include: 3.5.33.5.1. 2 X 100/40-gbe Qsfp28, 3.5.33.5.2. 8 X 25/10/5/2.5-gbe Sfp28, 3.5.33.5.3. 4 X 10/5/2.5/1-gbe Sfp+, 3.5.33.5.4. 4 X 10/5/2.5/1-gbe Cu, 3.5.33.5.5. 16 X 1-gbe Cu 3.5.33.5.6. 2 X Usb 3.0, 3.5.33.5.7. Management Interfaces - 1 Gbe, 1 Console" 3.5.33.5.8. Storage: 1.5tb 3.6. 2 Units Next-generation Firewall For Data Center 3.6.1. Must Perform Stream-based, Bi-directional Traffic Analysis, Without Proxying Or Buffering, To Uncover Intrusion Attempts And Malware And To Identify Application Traffic Regardless Of Port. 3.6.2. Must Scan For Threats In Both Inbound And Outbound Traffic Simultaneously To Ensure That The Network Is Not Used To Distribute Malware And Does Not Become A Launch Platform For Attacks In Case An Infected Machine Is Brought Inside. 3.6.3. Must Have Proxy-less And Non-buffering Inspection Technology Provides Ultra-low Latency Performance For Dpi Of Millions Of Simultaneous Network Streams Without Introducing File And Stream Size Limitations, And Can Be Applied On Common Protocols As Well As Raw Tcp Streams. 3.6.4. Must Have A Single-pass Dpi Architecture Simultaneously Scans For Malware, Intrusions And Application Identification, Drastically Reducing Dpi Latency And Ensuring That All Threat Information Is Correlated In A Single Architecture. 3.6.5. Must Have An Engine With The Multi-core Architecture To Provide High Dpi Throughput And Extremely High New Session Establishment Rates To Deal With Traffic Spikes In Demanding Networks. 3.6.6. Must Identify And Mitigate Even The Most Insidious Modern Threats, Including Future Meltdown Exploits. Detects And Blocks Malware That Does Not Exhibit Any Malicious Behavior And Hides Its Weaponry Via Encryption. 3.6.7. Must Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.6.8. Must Have Multi-engine Sandbox Platform, Which Includes Virtualized Sandboxing, Full System Emulation And Hypervisor Level Analysis Technology, Executes Suspicious Code And Analyzes Behavior, Providing Comprehensive Visibility To Malicious Activity. 3.6.9. Must Have A Secure Sd-wan That Enables Distributed Enterprise Organizations To Build, Operate And Manage Secure, High-performance Networks Across Remote Sites For The Purpose Of Sharing Data, Applications And Services Using Readily-available, Low-cost Public Internet Services Withought Additional License Cost. 3.6.10. Must Have A Wizard To Automatically Configure Sdwan Policy On The Firewall 3.6.11. Must Displays Sd-wan Performance Probes And Top Connections. 3.6.12. All Network Traffic Must Be Inspected, Analyzed And Brought Into Compliance With Firewall Access Policies. 3.6.13. Must Supports Active/passive (a/p) With State Synchronization. The Proposed Solution Should Support Hardware Redundancy Using Only Single Security License In Both Primary & Secondary Appliance 3.6.14. Must Have Block Until Verdict To Prevent Potentially Malicious Files From Entering The Network, Files Sent To The Cloud For Analysis Can Be Held At The Gateway Until A Verdict Is Determined. 3.6.15. Must Have Zero Day Protection To Protect The Network Against Zero-day Attacks With Constant Updates Against The Latest Exploit Methods And Techniques That Cover Thousands Of Individual Exploits. 3.6.16. Must Have Bi-directional Raw Tcp Inspection That Scans Raw Tcp Streams On Any Port And Bi-directionally To Detect And Prevent Both Inbound And Outbound Threats. 3.6.17. Must Have Application Control That Controls Applications, Or Individual Application Features That Are Identified By The Engine Against A Continuously Expanding Database Of Over Thousands Of Application Signatures. That Increases Network Security And Enhances Network Productivity. 3.6.18. Must Have Ddos/dos Attack Protection. Syn Flood Protection Provides A Defense Against Dos Attacks Using Both Layer 3 Syn Proxy And Layer 2 Syn Blacklisting Technologies. Additionally, It Protects Against Dos/ddos Through Udp/icmp Flood Protection And Connection Rate Limiting. 3.6.19. Must Be Capable Of Load-balances Multiple Wan Interfaces Using Round Robin, Spillover Or Percentage Methods. Policy-based Routing Creates Routes Based On Protocol To Direct Traffic To A Preferred Wan Connection With The Ability To Fail Back To A Secondary Wan In The Event Of An Outage 3.6.20. Must Display Rules Which Are Actively Used Or Not Being Used. 3.6.21. Must Be Able To Simplify And Reduce Complex Distributed Firewall Deployment Down To A Trivial Effort By Automating The Initial Site-to-site Vpn Gateway Provisioning Between Firewalls While Security And Connectivity Occurs Instantly And Automatically. 3.6.22. Must Guarantee Critical Communications With 802.1p, Dscp Tagging And Remapping Of Voip Traffic On The Network. 3.6.23. The System Intrusion Prevention System Must Be Capable Of Signature-based Scanning, Automatic Signature Updates, Bi-directional Inspection, Granular Ips Rule Capability, Geoip Enforcement, Botnet Filtering With Dynamic List, Regular Expression Matching. 3.6.24. The Anti-malware System Must Be Capable Of Stream-based Malware Scanning, Gateway Anti-virus, Gateway Anti-spyware, Bi-directional Inspection, No File Size Limitation 3.6.25. The System Must Have Traffic Visualization That Can Monitor User Activity, Application, Bandwidth, And Threat. 3.6.26. Must Have A Http/https Web Content Filtering That Is Capable Of Url Filtering, Proxy Avoidance, Keyword Blocking, Policy-based Filtering (exclusion/inclusion), Http Header Insertion, Bandwidth Manage, And Rating Categories. 3.6.27. Must Have A Vpn That Is Capable Of Secure Sd-wan, Auto-provision Vpn, Ipsec Vpn For Site-to-site Connectivity, Ssl Vpn And Ipsec Client Remote Access, Redundant Vpn Gateway, And Mobile Client For Ios, Mac Os X, Windows, Chrome, Android And Kindle Fire. 3.6.28. Must Have Networking Capabilities Such As Portshield, Path Mtu Discovery, Enhanced Logging, Vlan Trunking, Layer-2 Qos, Port Security, Dynamic Routing (rip/ospf/bgp), Policy-based Routing (tos/metric And Ecmp), Nat, Dhcp Server, Bandwidth Management, A/p High Availability With State Sync, Inbound/outbound Load Balancing, L2 Bridge, Wire/virtual Wire Mode, Tap Mode, Nat Mode, Asymmetric Routing, And Common Access Card (cac) Support. 3.6.29. The System Management And Monitoring Must Have Web Gui, Command Line Interface (cli), Snmp V2/v3 Support, Centralized Management And Reporting, Netflow/ipfix Exporting, Cloud Based Configuration Back Up, And Zero-touch Registration & Provisioning. 3.6.30. Must Be Certified With Icsa Labs Advance Threat Defense Certified With 100% Unknown Threat Detection For 7 Consecutive Quarters From Q1-q4, 2021 & Q1-q3, 2022. 3.6.31. Must Have 24x7 Support That Includes Firmware Updates And Hardware Replacement. Support Includes Around-the-clock Access To Telephone And Web-based Support For Basic Configuration And Troubleshooting Assistance, As Well As Hardware Replacement In The Event Of Failure. 3.6.32. The System Must Have The Minimum Throughput Requirements (or Higher): 3.6.32.1. Firewall Inspection Throughput – 28 Gbps; 3.6.32.2. Threat Prevention Throughput – 15 Gbps; 3.6.32.3. Application Inspection Throughput – 18 Gbps; 3.6.32.4. Ips Throughput – 17 Gbps; 3.6.32.5. Anti-malware Inspection Throughput- 16 Gbps 3.6.32.6. Tls/ssl Decryption And Inspection Throughput (dpi Ssl) – 7 Gbps; 3.6.32.7. Vpn Throughput – 15 Gbps;" 3.6.33. The System Must Be Capable Of Handling: 3.6.33.1. Connections Per Second - 228,000/sec; 3.6.33.2. Maximum Connections (spi) – 5,000,000; 3.6.33.3. Max Dpi-ssl Connections – 350,000; 3.6.33.4. Maximum Connections (dpi) – 3,500,000 " 3.6.34. The System's Interface Must Include: 3.6.34.1. 6 X 10/5/2.5/1-gbe Sfp+, 3.6.34.2. 2 X 10g/5g/2.5g/1g Cu, 3.6.34.3. 24 X 1-gbe Cu, 3.6.34.4. 2 X Usb 3.0, 3.6.34.5. Management Interfaces - 1 Gbe, 1 Console 3.6.34.6. Storage: 128gb M.2 (expandable Up To 256gb) 3.7. 2 Units Application Delivery Controller 3.7.1. System Must Of Be 19-inch Rack Mountable 1 U Form Factor. 3.7.2. System Must Have Dedicated Management Port. 3.7.3. System Must Have Rj-45 Console Port. 3.7.4. System Must Have 5x1g Copper Interface, 4x1g Sfp Or 4x10g Sfp+. 3.7.5. System Must Have Dual Power Supply. 3.7.6. System Must Support 20 Gbps Of L7 Throughput. 3.7.7. System Must Support 32 Million Concurrent Connection. 3.7.8. System Must Support 500k Layer4 Connection Per Second. 3.7.9. System Must Support 180 K 1:1 Layer7 Connection Per Second For Http. 3.7.10. System Must Support 9gbps Of Ssl Offloading Throughput With 28 K Ssl Cps On Ecdhe Cipher. 3.7.11. Application Delivery Partition/virtual Context. 3.7.12. System Must Support 32 Application Delivery Partition/virtual Context. 3.7.13. System Must Support Dedicated Configuration File For Each Virtual Context. 3.7.14. System Must Support Resource Allocation To Each Context Including Throughput, Cps, Concurrent Connection, Ssl Throughput. 3.7.15. System Must Be Able To Modify The Resource Allocation On The Fly Without Restarting/rebooting Any Context. 3.7.16. All The Virtual Context Must Be Available From Day-1. 3.7.17. System Must Support 7 Million Ddos Protection (syn Flood) Syn/sec 3.7.18. System Must Support Protection From Fragmented Packets. 3.7.19. System Must Support Protection From Ip Option. 3.7.20. System Must Support Protection From Land Attack. 3.7.21. System Must Support Protection From Packet Deformity Layer 3. 3.7.22. System Must Support Protection From Packet Deformity Layer 4. 3.7.23. System Must Support Protection From Ping Of Death. 3.7.24. System Must Support Protection From Tcp No Flag. 3.7.25. System Must Support Protection From Tcp Syn Fin. 3.7.26. System Must Support Protection From Tcp Syn Frag. 3.7.27. System Must Support Connection Limit Based On Source Ip. 3.7.28. System Must Support Connection Rate Limit Based On Source Ip. 3.7.29. System Must Support Request Rate Limit Based On Source Ip. 3.7.30. Server Load-balancing /proxy Features. 3.7.31. System Must Support Layer4-layer7 Load-balancing. 3.7.32. System Must Support Load-balancing Algorithims Including Round-robin, Least Connection, Service Least Connecttion, Fastest Reponse, Hash Etc. 3.7.33. System Must Support Active-active And Active-backup Server Configuration For Load-balancing. 3.7.34. System Must Support Reverse Proxy Functionality Of Hosting Multiple Http/https Service Behind Single Ip 3.7.35. System Must Support Source-nat For Slb Traffic 3.7.36. System Must Have Flexibility To Config Vip As Source Nat Ip 3.7.37. System Must Support X-forwarder Option. The Appliance Should Have Option To Enable X-forwarder Option Per Service To Log Actual Client Ip In Web Server Log. 3.7.38. System Must Support L7 Database Load-balancing 3.7.39. System Must Support Http Compression 3.7.40. System Must Support Global Server Load-balancing 3.7.41. System Must Support Tls 1.2 And Tls 1.3 3.7.42. System Should Integrate With Third Party Ssl Certificate Lifecycle Management Platform To Renew Certificates Automatically, Automate The Certificates Issuance, Automate Provisioning Of Renewed Certificates, Eliminate Outages With Continuous Key And Certificate Updates & Enable Devops Teams, Pki, And Security Teams To Acquire Full Visibility Of Certificate Usage Throughout Their Networks. 3.7.43. System Must Support Simple Certificate Enrollment Protocol. 3.7.44. System Must Support Dns Application Firewall. 3.7.45. System Should Stop Buffer Overflows, Malformed Requests And Head Off Dns Amplification-based Ddos Attacks, Also Able To Prevent Dns Cache-poisoning And Spoofing. 3.7.46. System Must Support Application Template A Wizard That Guide A User Through A Step-by-step Deployment Process For Quick And Easy App Deployment. 3.7.47. The Application Template Wizard Embeds Industry Best Practices Relevant To The Application And Enables To Deploy Applications In Minutes Instead Of Hours. Application Template Must Include Oracle, Microsoft Exchange, Skype, Sharepoint From Day One. 3.7.48. System Must Support Authentication Offloading From Back-end Servers Using Saml, Kerberos, Ntlm, Tds Sql Logon, Ldap, Radius, Basic, Ocsp Stapling, Html Form- Based From Day One. 3.7.49. System Must Support Graceful Activation And Disabling Of The Backend Server. 3.7.50. System Must Support Application Level Load-balancing Of Radius And Diameter Protocol. 3.7.51. System Must Support Application Level Load-balancing Of Dns Protocol. 3.7.52. System Must Support Application Level Load-balancing Of Spdy Protocol. 3.7.53. System Must Support Application Level Database Load-balancing. 3.7.54. System Must Support Application Level Imap,pop3 And Smtp Load-balancing. 3.7.55. System Must Support Application Level Load-balancing For Sip Protocol. 3.7.56. System Must Support Application Level Load-balancing For Fix Protocol. 3.7.57. System Must Support Dns Caching. 3.7.58. System Must Support Anycast Based Global Server Load-balancing. 3.7.59. System Must Support Connection Limit Per Server/link. 3.7.60. System Must Support Connection Rate Limit Per Server/link. 3.7.61. System Must Support Request Rate Limit Per Server/link. 3.7.62. System Must Support Single Sign-on (sso) Authentication Relay. 3.7.63. System Must Support Authentication For Microsoft Sharepoint, Outlook Web Access, And Other Packaged And Custom Applications. 3.7.64. System Must Support Perfect Forward Secrecy (pfs) With Elliptic Curve Diffiehellman Exchange (ecdhe) And Other Elliptic Curve Cryptography(ecc) Ciphers. 3.7.65. System Must Support Scriptable Health Check Support Using Tcl, Python, Perl, And Bash. 3.7.66. System Must Support Next Hop Load Distribution (nhld) For Load Balancing Multiple Links. 3.7.67. System Must Support Internet Content Adaptation Protocol (icap) 3.7.68. System Must Support Ipv4 To Ipv6 And Ipv6 To Ipv4 Slb-pt 3.7.69. System Should Support Ip Anomaly Detection. 3.7.70. System Must Have A Provision To Dynamically Add Ips To Black Lists When Ddos Attack Targeted Towards A Specific Ip Address Is Detected 3.7.71. System Must Have A Capabilities To Dynamically Updated Threat Intelligence Feed 3.7.72. System Must Support Starttls Offload For Secure Email And Ldap 3.7.73. System Must Support Vrrp Based Redundancy. 3.7.74. System Must Support Active-active And Active-backup Configuration. 3.7.75. System Must Support Automatic And Manual Configuration Sync. 3.7.76. System Must Support Dynamic Vrrp Priority By Traffic Interface, Server, Nexthop And Routes. 3.7.77. System Must Support Scale-out Configuration Upto 8 Devices To Support Higher Throughput. 3.7.78. System Must Support Dedicated Vrrp Setting Per Virtual Context. 3.7.79. System Must Have Web-based Graphical User Interface (gui) 3.7.80. System Must Have Industry-standard Command Line Interface (cli) 3.7.81. System Must Support Granular Role-based\object-based Access Control 3.7.82. System Must Support Snmp, Syslog, Email Alerts, Netflow V9 And V10 (ipfix), Sflow 3.7.83. System Must Support Rest-style Xml Api For All Functions. 3.7.84. System Must Support External Authentication Including Ldap, Tacacs+, Radius 3.7.85. System Must Have A Seperate Centralize Management For Easily Configure And Manage Policies Across Applications Deployed In Data Centers, Private And Public Clouds. 3.7.86. Centralize Management Should Provide Visibility And Actionable Insights Into The Application Traffic. Simplify Troubleshooting Via Access To Contextualized Data And Logs. Analyze Collected Data To Detect Anomalous Trends. Get Alerts Based On Various Metrics And Customizable Fields. Alerts Delivered Via Email Or Web-hook Url For Automated And Rapid Action. 3.7.87. Centralize Management Should Provide Multi-tenancy Function And Helps Application Team And Services Owners As Tenant And Allow Them To Manage Their Own Infrastructure And Application Policies. 3.7.88. Centralize Management Should Provide Api Driven Automation To Integrate With Devops Tool Like Ansible, Chef, Jenkins, And Orchestration Systems Like Vmware Vro/vra, Cisco Cloud Center, Microsoft Azure, Google Cloud Platform, Amazon Web Services And More. 3.7.89. Centralize Management Analytics Capabilities Must Include End-to-end Response Time Monitoring & Details, Per-request Analysis & Application Access Logs, Security Insight And Analytics, Granular Traffic Insight & Analytics, End-to-end Latency, Response Time Details, Request Rate & Request Method, Response Code, Locations, Os, Device & Browser Information, Top Clients, Worst-behaving Urls, Services And Domains And Many More. 3.7.90. Centralize Management Analytics Function Must Provide Per Transaction Logs With Visual Representation Of Time Spent In Various Phases Of Request And Response. 3.7.91. Adc Vendor Must Support Multi-cloud Function For Upcoming Applications Which Will Be Hosted On Cloud As A Future Requirement. Multi-cloud Function Must Support And Include Amazon Aws, Microsoft Azure, Oracle Cloud, & Also To Be Hosted On Container & Bare Metal. Byol Bandwidth License Will Be Purchased Separately As And When Required As A Future Requirement. 3.7.92. System Must Support Integrate With Third-party Such As Sdn Platforms (e.g., Cisco Aci And Vmware) And Cloud Orchestration Systems (e.g., Openstack And Microsoft Scvmm) From Day One. 3.7.93. System Must Support Network Equipment Building System (nebs) Compliance From Day One. 3.7.94. Should Be A Common Criteria Eal 2+ Certification Or Higher 3.7.95. Adc Vendor Should Have Iso 27001 – Information Security Certifications 3.7.96. Vendor Should Be Registered Under A Government E-market Place Website (https://gem.gov.in/) 3.7.97. Appliance Must Support Dnssec Pass-through. 3.7.98. Support Dnssec To Prevent Threats Like Dns Cache Poisoning And Spoofing. 3.7.99. System Must Support Redirection Of Dns Request On Udp To Tcp 3.7.100. System Must Support Dns Over Https (doh) 3.7.101. System Must Support Dns-udp And Dns-tcp 3.7.102. System Must Support Dns Caching And Recursive Lookup. 3.7.103. System Must Support Dns Load Balancing. 3.7.104. System Must Support Integration With 3rd Party Hardware Security Module (hsm) 3.8. Primary Network Infrastructure 3.8.1. 2 Units Core Network Switches 3.8.1.1. Must Have High Performance 1.92tbps With 1,190mpps Specification. 3.8.1.2. Must Have High Availability Setup/configuration And Hot-swap Redundant Power Supplies. 3.8.1.3. Must Have Intelligent Monitoring, Visibility, And Remediation. 3.8.1.4. Must Have Advanced Layer 2/3 Feature Set Includes Bgp, Ospf, Vrf, And Ipv6 3.8.1.5. Must Be A Compact 1u Switch With 1/10 Gbe And 40/100 Gbe Connectivity Form Factor. 3.8.1.6. Should Allow Individual Software Modules To Be Upgraded For Higher Availability. 3.8.1.7. Must Have Support For Congestion Actions, Such As Strict Priority (sp) Queuing And Weighted Fair Queuing. 3.8.1.8. Must Have An Enabled Distributed And Redundant Architecture By Deploying Two Switches, With Each Switch Maintaining Independent Control Yet Staying Synchronized During Upgrades Or Failover. 3.8.1.9. Must Be Able To Allow Groups Of Two Routers To Dynamically Back Each Other Up To Create Highly Available Routed Environments. 3.8.1.10. Must Be Able To Monitor Link Connectivity And Shuts Down Ports At Both Ends If Unidirectional Traffic Is Detected, Preventing Loops In Stp-based Networks. 3.8.1.11. Must Support Aggregation Groups (lags), Each With Eight Links Per Group With A User-selectable Hashing Algorithm. 3.8.1.12. Must Have Redundant And Load-sharing Fans, And Power Supplies. 3.8.1.13. Must Have Hot-swappable Power Supply And Fan Modules. 3.8.1.14. Must Have Separate Data And Control Paths. 3.8.1.15. Must Supports At Least 24 Ports Of 1/10g For Use With Sfp And Sfp+ Transceivers, And 4 Ports Of 40g/100g 3.8.1.16. Must Support 1 Expansion Module For Additional Interfaces Such As; 3.8.1.16.1. 12 X 1/2.5/5/10g Rj45 Ports Module 3.8.1.16.2. 12 X 100m/1g/10g Rj45 Ports Module 3.8.1.16.3. 12 X 1/10g Ports Sfp/sfp+ Ports Module 3.8.1.16.4. 4 X 40g Qsfp+ Ports Module 3.8.1.16.5. 1 X 100g Qsfp28 Port Module 3.8.1.17. Must Have Sfp+ Transceivers [optional 1gbase-t And 10gbase-t Transceivers And 4x10g Breakout Cables. 3.8.1.18. Must Support High-performance Backups And Disaster Recovery Systems; Provides A Maximum Frame Size Of 9 K Bytes. 3.8.1.19. Must Support Internal Loopback Testing For Maintenance Purposes. 3.8.1.20. Must Be Able To Protect Against Unknown Broadcast, Unknown Multicast, Or Unicast Storms With User-defined Thresholds. 3.8.1.21. Must Have Management Interface Control. 3.8.1.22. Must Have The Following Management Security. A. Restricts Access To Critical Configuration Commands. B. Offers Multiple Privilege Levels With Password Protection. C. Acls Provide Snmp Access. D. Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.1.23. Must Have Snmp V2c/v3 Which Provides Snmp Read And Trap Support Of The Industry Standard Management Information Base (mib) And Private Extensions. 3.8.1.24. Must Be Able To Monitor The Network For Degradation Of Various Services, Including Monitoring Voice. 3.8.1.25. Must Have Remote Monitoring (rmon) Which Uses Standard Snmp To Monitor Essential Network Functions And Supports Events, Alarms, History, And Statistics Groups, As Well As A Private Alarm Extension Group. 3.8.1.26. Must Have Tftp And Sftp Support Which Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.1.27. Must Have A Debug And Sampler Utility That Supports Ping And Traceroute For Ipv4 And Ipv6. 3.8.1.28. Must Have Network Time Protocol (ntp) Which Synchronizes Timekeeping Among Distributed Time Servers And Clients; Keeps Timekeeping Consistent Among All Clock-dependent Devices Within The Network. Can Serve As The Ntp Server In A Customer Network. 3.8.1.29. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) Which Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.1.30. Must Be Able To Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.1.31. Must Be Able To Support Up To 4,000 Port-based Or Ieee 802.1q-based Vlans. 3.8.1.32. Must Have Bridge Protocol Data Unit (bpdu) Tunneling - Transmits Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans 3.8.1.33. Must Be Able To Support Port Mirroring. 3.8.1.34. Must Be Able To Support Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp). 3.8.1.35. Must Be Able To Controls And Manage The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.1.36. Must Allow Each Vlan To Build A Separate Spanning Tree To Improve Link Bandwidth Usage In Network Environments With Multiple Vlans. 3.8.1.37. Must Be Able To Determine The Mac Address Of Another Ip Host In The Same Subnet; Supports Static Arps; Gratuitous Arp Allows Detection Of Duplicate Ip Addresses; Proxy Arp Allows Normal Arp Operation Between Subnets Or When Subnets Are Separated By A Layer 2 Network. 3.8.1.38. Must Have A Built-in Dynamic Host Configuration Protocol (dhcp) Server Function. 3.8.1.39. Must Have A Builtin Radius Server Function. 3.8.1.40. Must Support Aaa. 3.8.1.41. Must Have Domain Name System (dns) 3.8.1.42. Must Have Policy Based Routing (pbr) 3.8.1.43. Must Have Static Ipv4 Routing. 3.8.1.44. Must Be Able To Support Basic Layer3 Dynamic Routing Protocol Using Rip. 3.8.1.45. Must Be Able To Deliver Faster Convergence; Uses Link-state Routing Interior Gateway Protocol (igp), Using Standard Protocol Ospf. 3.8.1.46. Must Have Border Gateway Protocol 4 (bgp-4) 3.8.1.47. Must Be Able To Provide A Set Of Tools To Improve The Performance Of Ipv4 Networks; Including Directed Broadcasts, Customization Of Tcp Parameters, Support Of Icmp Error Packets, And Extensive Display Capabilities. 3.8.1.48. Must Have Static Ipv6 Routing. 3.8.1.49. Must Have Dual Ip Stack, This Maintains Separate Stacks For Ipv4 And Ipv6 To Ease The Transition From An Ipv4-only Network To An Ipv6-only Network Design. 3.8.1.50. Must Be Able To Provide Ospf Support For Ipv6. 3.8.1.51. Must Have Generic Routing Encapsulation (gre) — Enables Tunneling Traffic From Site To Site Over A Layer 3 Path. 3.8.1.52. Must Be Able To Support Powerful Acls For Both Ipv4 And Ipv6. Supports Creation Of Object Groups Representing Sets Of Devices Such As Ip Addresses. For Instance, It Management Devices Could Be Grouped In This Way. Acls Can Also Protect Control Plane Services, Such As Ssh, Snmp, Ntp, Or Web Servers. 3.8.1.53. Must Be Able To Ease Security Access Administration By Using A Password Authentication Server. 3.8.1.54. Must Be Able To Provide For Both On-box As Well As Off-box Authentication For Administrative Access. 3.8.1.55. Must Be Able To Use External Servers To Securely Log In To A Remote Device; With Authentication And Encryption, It Protects Against Ip Spoofing And Plain-text Password Interception. 3.8.1.56. Must Be Able To Enable Establishing Multicast Group Memberships In Ipv4 Networks; Supports Igmpv1, V2, And V3. 3.8.1.57. Must Support One-to-many And Many-tomany Media Casting Use Cases, Such As Iptv Over Ipv4 And Ipv6 Networks; Support For Pim Spare Mode (pim-sm, Ipv4, And Ipv6). 3.8.1.58. Must Have A Built-in Network Management System Feature. 3.8.1.59. Must Have A Built-in Wireless Access Controller Function. 3.8.2. 4 Units Distribution Switches (2 Units Aggregation; 2 Units Top Of Rack; 1 Unit 8 Port Poe Switch (for Cctv And Other Security Devices And Ip Telephony) 3.8.2.1. Must Have High-performance 1.92tbps With 1,190mpps Specification. 3.8.2.2. Must Have Intelligent Monitoring And Visibility. 3.8.2.3. Must Have High Availability With Industry Leading Stacking, And Hot-swap Redundant Power Supplies. 3.8.2.4. Must Be Able To Support Long Distance Virtual Stacking Feature. 3.8.2.5. Must Be Designed For Core/aggregation In The Campus Or Top Of Ra 3.8.2.6. Must Have Advanced Layer 2/3 Feature Set Includes Bgp, Ospf, Vrf, And Ipv6 3.8.2.7. Must Enable Congestion Avoidance. 3.8.2.8. Must Support Lossless Ethernet Networking Standards To Eliminate Packet Loss Due To Queue Overflow. 3.8.2.9. Must Have Separate Data And Control Paths Which Separates Control From Services And Keeps Service Processing Isolated; Increases Security And Performance. 3.8.2.10. Must Be Able To Allow A Group Of Switches To Dynamically Back Each Other Up To Create Highly Available Routed Environments. 3.8.2.11. Must Have Ieee 802.3ad Lacp-supports With Up To 8 Members Per Lag With A User-selectable. 3.8.2.12. Must Have Scalable System Design-provides Investment Protection To Support Future Technologies And Higher-speed Connectivity. 3.8.2.13. Must Have High-speed Fully Distributed Architecture-provides Up To 1.92tbps For Bidirectional Switching And 1,190 Mpps For Forwarding To Meet The Demands Of Bandwidthintensive Applications Today And In The Future. 3.8.2.14. For Aggregation Switch Configuration, Bidder Must Propose 2 Units 48 Ports Of 1gbe/10gbe (sfp/sfp+) 4 Ports Of 40gbe/100gbe (qsfp+/qsfp28) 3.8.2.15. For Miscellaneous Function Switch Configuration, Bidder Must Propose 8 X 1/10gbe Rj45 Ports With 2 X 10gbe Ports As Uplink. 3.8.2.16. For Top Of Rack Switch Configuration, Bidder Must Propose 2 Units 24 X 1/10gbe Rj45 Ports With 4 X 40g/100gbe (qsfp+/qsfp28) Ports And 1 X Expansion Bay For Top Of Rack Switch. 3.8.2.16.1. Top Of Rack Switch Must Support 1 Expansion Module For Additional Interfaces Such As: 3.8.2.16.1.1. 12 X 1/2.5/5/10g Rj45 Ports Module 3.8.2.16.1.2. 12 X 100m/1g/10g Rj45 Ports Module 3.8.2.16.1.3. 12 X 1/10g Ports Sfp/sfp+ Ports Module 3.8.2.16.1.4. 4 X 40g Qsfp+ Ports Module 3.8.2.16.1.5. 1 X 100g Qsfp28 Port Module 3.8.2.17. Must Allow High-performance Backups And Disaster-recovery Systems; Provides A Maximum Frame Size Of 9k Bytes. 3.8.2.18. Must Be Able To Support Internal Loopback Testing For Maintenance Purposes And Increased Availability; Loopback Detection Protects Against Incorrect Cabling Or Network Configurations And Can Be Enabled On A Per-port Or Per-vlan Basis For Added Flexibility. 3.8.2.19. Must Be Able To Protect Against Unknown Broadcast, Multicast, Or Unicast Storms With Userdefined Thresholds. 3.8.2.20. Must Have Industry Standard Cli With A Hierarchical Structure. 3.8.2.21. Must Be Able To Restrict Access To Critical Configuration Commands; Offer Multiple Privilege Levels With Password Protection; Acls Provide Snmp Access; Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.2.22. Must Have An Ip Sla Which Monitors The Network For Degradation Of Various Services, Including Voice. 3.8.2.23. Must Have An Snmp V2c/v3-provides Snmp Read And Trap Support Of Industry Standard Management Information Base (mib) And Private Extensions. 3.8.2.24. Must Have Remote Monitoring (rmon) That Uses Standard Snmp To Monitor Essential Network Functions And Supports Events, Alarms, History, And Statistics Groups As Well As A Private Alarm Extension Group. 3.8.2.25. Must Have Tftp And Sftp Support Which Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.2.26. Must Have A Debug And Sampler Utility-supports Ping And Traceroute For Ipv4 And Ipv6 3.8.2.27. Must Have Network Time Protocol (ntp) That Synchronizes Timekeeping Among Distributed Time Servers And Clients And Keeps Timekeeping Consistent Among All Clock- Dependent Devices Within The Network And Can Serve As The Ntp Server In A Customer Network. 3.8.2.28. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) That Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.2.29. Must Be Able To Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.2.30. Must Have Vlan Which Supports Up To 4,000 Port-based Or Ieee 802.1q-based Vlans. 3.8.2.31. Must Be Able To Transmit Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans. 3.8.2.32. Must Be Able To Duplicate Port Traffic (ingress And Egress) To A Local Or Remote Monitoring Port; Supports 4 Mirroring Groups, With An Unlimited Number Of Ports Per Group. 3.8.2.33. Must Be Able To Support Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp)\ 3.8.2.34. Must Be Able To Control And Manage The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.2.35. Must Be Able To Allow Each Vlan To Build A Separate Spanning Tree To Improve Link Bandwidth Usage In Network Environments With Multiple Vlans. 3.8.2.36. Must Be Able To Determine The Mac Address Of Another Ip Host In The Same Subnet; Supports Static Arps; Gratuitous Arp Allows Detection Of Duplicate Ip Addresses; Proxy Arp Allows Normal Arp Operation Between Subnets Or When Subnets Are Separated By A Layer 2 Network. 3.8.2.37. Must Have A Built-in Dynamic Host Configuration Protocol (dhcp) Server Function. 3.8.2.38. Must Have A Built-in Radius Server Function. 3.8.2.39. Must Support Aaa. 3.8.2.40. Must Have Domain Name System (dns) Capability. 3.8.2.41. Must Enable The Use Of A Classifier To Select Traffic That Can Be Forwarded Based On Policy Set By The Network Administrator. 3.8.2.42. Must Have Static Ipv6 Routing. 3.8.2.43. Must Have Basic Layer3 Function Such As Rip 3.8.2.44. Must Have Open Shortest Path First (ospf) Capability. 3.8.2.45. Must Have Border Gateway Protocol 4 (bgp-4) Which Delivers An Implementation Of The Exterior Gateway Protocol (egp) Utilizing Path Vectors; Uses Tcp For Enhanced Reliability For The Route Discovery Process; Reduces Bandwidth Consumption By Advertising Only Incremental Updates; Supports Extensive Policies For Increased Flexibility; Scales To Very Large Networks. 3.8.2.46. Must Have Ip Performance Optimization, This Provides A Set Of Tools To Improve The Performance Of Ipv4 Networks; Includes Directed Broadcasts, Customization Of Tcp Parameters, Support Of Icmp Error Packets, And Extensive Display Capabilities. 3.8.2.47. Must Have Static Ipv6 Routing. 3.8.2.48. Must Have Ospfv3 That Provides Ospf Support For Ipv6. 3.8.2.49. Must Have Access Control List (acl) Which Supports Powerful Acls For Both Ipv4 And Ipv6. Supports Creation Of Object Groups Representing Sets Of Devices Like Ip Addresses. 3.8.2.50. Must Have Remote Authentication Dial-in User Service (radius) 3.8.2.51. Must Have Management Access Security. 3.8.2.52. Must Have Secure Shell (sshv2) Which Uses External Servers To Securely Log In To A Remote Device; With Authentication And Encryption, It Protects Against Ip Spoofing And Plain-text Password Interception; Increases The Security Of Secure Ftp (sftp) Transfers. Must Have Multicast Internet Group Management Protocol (igmp) Which Enables Establishing Multicast Group Memberships In Ipv4 Networks; Supports Igmpv1, V2, And V3. 3.8.2.53. Must Have Protocol Independent Multicast (pim) For Ipv4 And Ipv6 Supports One-to-many And Many-to-many Media Casting Use Cases Such As Iptv Over Ipv4 And Ipv6 Networks. Support For Pim Sparse Mode (pim-sm, Ipv4 And Ipv6) 3.8.3. 9 Units X 24 Port Access Poe Switches 3.8.3.1. Must Be A High Performance 160 Gbps System Switching Capacity, 119 Mpps Of System Throughput. 3.8.3.2. Must Be A Compact 1u Switch With 4 X 1/2.5/5g Rj45 Ports (multi-gigabit) And 20 X 10/100/1000mbps Rj45 Ports, And 4 X 1/10g Sfp+ Ports. 3.8.3.3. Must Be Able To Support 24 X Poe And 12 X Poe+ 3.8.3.4. Must Have A License Upgrade To Support Continuous Poe 3.8.3.5. Must Have A License Upgrade To Support Udld (uni-directional Link Detection) 3.8.3.6. Must Have Built-in High Speed 1/10gbe Uplinks. 3.8.3.7. Must Have Intelligent Monitoring, Visibility, And Remediation Via Single Pane Of Glass Across Wired, Wireless, And Wan. 3.8.3.8. Must Have Support For Automated Configuration And Verification. 3.8.3.9. Must Enables Secure And Simple Access For Users And Iot 3.8.3.10. Must Have Traffic Prioritization (ieee 802.1p) For Real-time Classification. 3.8.3.11. Must Be A High Performance Front Plane Stacking For Up To 4 Switches. 3.8.3.12. Must Be Able To Monitor Link Connectivity And Shuts Down Ports At Both Ends If Unidirectional Traffic Is Detected, Preventing Loops In Stpbased Networks. 3.8.3.13. Must Have Ieee 802.3ad Lacp, Each With Eight Links Per Group. 3.8.3.14. Must Have Ethernet Ring Protection Switching (erps) Supports Rapid Protection And Recovery In A Ring Topology. 3.8.3.15. Must Have Ieee 802.1s Multiple Spanning Tree Provides High Link Availability In Vlan Environments Where Multiple Spanning Trees Are Required; And Legacy Support For Ieee 802.1d And Ieee 802.1w. 3.8.3.16. Must Have Support For 24x Ports 10/100/1000 Baset Poe+ Ports Supporting Up To 30w Per Port And 4x 1g/10g Sfp+ Ports. Should Have The Following Ports: A. 1x Console Port B. 1x Usb Port 3.8.3.17. Must Have Jumbo Frames Allow For Highperformance Backups And Disaster-recovery Systems; Provides A Maximum Frame Size Of 9k Bytes. 3.8.3.18. Must Have Packet Storm Protection Against Broadcast And Multicast Storms With Userdefined Thresholds Smart Link Enables Simple, Fast Converging Link Redundancy And Load Balancing With Dual Uplinks Avoiding Spanning Tree Complexities. 3.8.3.19. Must Have Management Interface Control Enables Or Disables Each Of The Following Depending On Security Preferences, Console Port, Or Reset Button. 3.8.3.20. Must Have Industry-standard Cli With A Hierarchical Structure For Reduced Training Time And Expense. 3.8.3.21. Management Security Restricts Access To Critical Configuration Commands, Provides Multiple Privilege Levels With Password Protection And Local And Remote Syslog Capabilities Allow Logging Of All Access. 3.8.3.22. Must Have Snmp V2c/v3 Provides Snmp Read And Trap Support Of Industry Standard Management Information Base (mib), And Private Extensions. 3.8.3.23. Must Have Remote Monitoring (rmon) With Standard Snmp To Monitor Essential Network Functions. Supports Events, Alarms, History, And Statistics Groups As Well As A Private Alarm Extension Group; Rmon, And Sflow Provide Advanced Monitoring And Reporting Capabilities For Statistics, History, Alarms And Events. 3.8.3.24. Must Have Tftp And Sftp Support Offers Different Mechanisms For Configuration Updates; Trivial Ftp (tftp) Allows Bidirectional Transfers Over A Tcp/ Ip Network; Secure File Transfer Protocol (sftp) Runs Over An Ssh Tunnel To Provide Additional Security. 3.8.3.25. Must Have Network Time Protocol (ntp) Synchronizes Timekeeping Among Distributed Time Servers And Clients; Keeps Timekeeping Consistent Among All Clock-dependent Devices Within The Network So The Devices Can Provide Diverse Applications Based On The Consistent Time. 3.8.3.26. Must Have Ieee 802.1ab Link Layer Discovery Protocol (lldp) Advertises And Receives Management Information From Adjacent Devices On A Network, Facilitating Easy Mapping By Network Management Applications. 3.8.3.27. Must Provide Independent Primary And Secondary Operating System Files For Backup While Upgrading. 3.8.3.28. Must Be Able To Assign Descriptive Names To Ports For Easy Identification. 3.8.3.29. Must Have Multiple Configuration Files Can Be Stored To A Flash Image. 3.8.3.30. Must Have Unidirectional Link Detection (udld) Which Monitors The Link Between Two Switches And Blocks The Ports On Both Ends Of The Link If The Link Goes Down At Any Point Between The Two Devices. 3.8.3.31. Must Have Vlan Support And Tagging For Ieee 802.1q (4k Vlan Ids). 3.8.3.32. Must Have Jumbo Packet Support Improves The Performance Of Large Data Transfers; Supports Frame Size Of Up To 9000 Bytes. 3.8.3.33. Must Have Bridge Protocol Data Unit (bpdu) Tunnelling That Transmits Stp Bpdus Transparently, Allowing Correct Tree Calculations Across Service Providers, Wans, Or Mans. 3.8.3.34. Must Have Port Mirroring Which Duplicates Port Traffic (ingress And Egress) To A Monitoring Port; Supports 4 Mirroring Groups. 3.8.3.35. Must Have Stp That Supports Standard Ieee 802.1d Stp, Ieee 802.1w Rapid Spanning Tree Protocol (rstp) For Faster Convergence, And Ieee 802.1s Multiple Spanning Tree Protocol (mstp) 3.8.3.36. Internet Group Management Protocol (igmp) Controls And Manages The Flooding Of Multicast Packets In A Layer 2 Network. 3.8.3.37. Must Have Domain Name System (dns) Capability. 3.8.3.38. Must Have Acls That Also Provides Filtering Based On The Ip Field, Source/ Destination Ip Address/subnet, And Source/ Destination Tcp/udp Port Number On A Per-vlan Or Per-port Basis. 3.8.3.39. Must Have Management Access Security For Both On And Off Box Authentication For Administrative Access. 3.8.3.40. Must Be Able To Support Multiple User Authentication Methods. Uses An Ieee 802.1x Supplicant On The Client In Conjunction With A Radius Server To Authenticate In Accordance With Industry Standards. 3.8.3.41. Must Support Mac-based Client Authentication. 3.8.3.42. Must Have Secure Management Access That Delivers Secure Encryption Of All Access Methods (cli, Gui, Or Mib) Through Sshv2, Ssl, And/or Snmpv3. 3.8.3.43. Must Have Icmp Throttling That Defeats Icmp Denial-of-service Attacks By Enabling Any Switch Port To Automatically Throttle Icmp Traffic. 3.8.3.44. Must Have Port Security Which Allows Access Only To Specified Mac Addresses. 3.8.3.45. Must Have Mac Address Lockout That Prevents Particular Configured Mac Addresses From Connecting To The Network. 3.8.3.46. Must Have Secure Sockets Layer (ssl) That Encrypts All Http Traffic, Allowing Secure Access To The Browser-based Management Gui In The Switch. 3.8.3.47. Must Have Igmp Snooping That Allows Multiple Vlans To Receive The Same Ipv4 Multicast Traffic, Lessening Network Bandwidth Demand By Reducing Multiple Streams To Each Vlan. 3.8.3.48. Must Have Multicast Listener Discovery (mld) That Enables Discovery Of Ipv6 Multicast Listeners; Support Mld V1 And V2. 3.8.3.49. Must Have Internet Group Management Protocol (igmp) That Utilizes Any-source Multicast (asm) To Manage Ipv4 Multicast Networks; Supports Igmpv1, V2, And V3. 3.9. Campus Network Expansion 3.9.1. 50 Units Indoor Access Points 3.9.1.1. Must Have 3.55 Gbps Raw Capacity Specification. 3.9.1.2. Must Have Wpa3 And Enhanced Open Security. 3.9.1.3. Must Have A Built-in Technology That Resolves Sticky Client Issues For Wi-fi 6 And Wi-fi 5 Devices. 3.9.1.4. Must Have Ofdma And Mu-mimo For Enhanced Multi-user Efficiency. 3.9.1.5. Must Have High Performance Dual Radio 802.11ax Ap With Ofdma And Multi-user Mimo (mu-mimo) Specification. 3.9.1.6. Must Be Able To Support Data Rates Of Up To 2.4 Gbps For Ieee802.11ax. 3.9.1.7. Must Have Multi-user Transmission With Downlink And Uplink Ofdma. 3.9.1.8. Must Have Multi-user Capability With Uplink And Downlink Multi-user Mimo. 3.9.1.9. Must Have Dual Radio 802.11ax Access Point With Ofdma And Multi-user Mimo (mumimo): 3.9.1.10. Must Have Multi-gig Uplink Ethernet Port With The Following Specifications: A. Supports Up To 2.5/5 Gbps With Nbase-t And Ieee 802.3bz Ethernet Compatibility. B. Backwards Compatible With 100/1000base-t. 3.9.1.11. Must Support Up To 300 Associated Client Devices Per Radio, And Up To 16 Bssids Per Radio. 3.9.1.12. Must Support The Following Frequency Bands (country-specific Restrictions Apply): A. 2.400 To 2.4835ghz B. 5.150 To 5.250ghz C. 5.250 To 5.350ghz D. 5.470 To 5.725ghz E. 5.725 To 5.850ghz F. 5.850 To 5.895ghz 3.9.1.13. Must Have Dynamic Frequency Selection (dfs) Which Optimizes The Use Of Available Rf Spectrum. 3.9.1.14. Must Support Radio Technologies: A. 802.11b: Direct-sequence Spreadspectrum (dsss) B. 802.11a/g/n/ac: Orthogonal Frequency-division Multiplexing (ofdm) C. 802.11ax: Orthogonal Frequencydivision Multiple Access (ofdma) With Up To 16 Resource Units (for An 80mhz Channel)" 3.9.1.15. Must Support The Following Modulation Types: A. 802.11b: Bpsk, Qpsk, Cck B. 802.11a/g/n: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam (proprietary Extension) C. 802.11ac: Bpsk, Qpsk, 16-qam, 64-qam, 256-qam, 1024-qam (proprietary Extension) D. 802.11ax: Bpsk, Qpsk, 16-qam, 64-qam, 256-qam, 1024- Qam802.11n High-throughput (ht) Support: Ht20/40 3.9.1.16. Must Have 802.11ac And 802.11ax 3.9.1.17. Must Support Single-channel Implementation Also Known As Channel Blanket 3.9.1.18. Must Support Multi-channel Implementation. 3.9.1.19. Must Support Hybrid Implementation. 3.9.1.20. Must Support Data Rates (mbps): A. 802.11b: 1, 2, 5.5, 11 B. 802.11a/g: 6, 9, 12, 18, 24, 36, 48, C. 802.11n (2.4ghz): 6.5 To 300 (mcs0 To Mcs15, Ht20 To Ht40) D. 802.11n (5ghz): 6.5 To 600 (mcs0 To Mvc31, Ht20 To Ht40) E. 802.11ac: 6.5 To 3,467 (mcs0 To Mcs9, Nss = 1 To 4, Vht20 To Vht160) F. 802.11ax (2.4ghz): 3.6 To 574 (mcs0 To Mcs11, Nss = 1 To 2, He20 To He40) G. 802.11ax (5ghz): 3.6 To 4,803 (mcs0 To Mcs11, Nss = 1 To 4, He20 To He160) H. 802.11n/ac Packet Aggregation: Ampdu, A-msdu 3.9.1.21. Must Have Four Integrated Dual-band Down Tilt Omni-directional Antennas For 4x4 Mimo With Peak Antenna Gain Of 4.2dbi In 2.4ghz And 7.5dbi In 5ghz. Built-in Antennas Are Optimized For Horizontal Ceiling Mounted Orientation Of The Ap. The Down Tilt Angle For Maximum Gain Should Be Roughly 30 Degrees. 3.9.1.22. Must Have Combining The Patterns Of Each Of The Antennas Of The Mimo Radios, The Peak Gain Of The Effective Per-antenna Pattern Is 3.8dbi In 2.4ghz And 4.6dbi In 5ghz. 3.9.1.23. Must Have Link Aggregation (lacp) Support Between Both Network Ports For Redundancy And Increased Capacity. A. Auto-sensing Link Speed (100/1000/2500base-t) And Mdi/mdx B. 2.5gbps Speed Complies With Nbase-t And 802.3bz Specifications C. Poe-pd: 48vdc (nominal) 802.3af/at/bt (class 3 Or Higher) D. E1: 10/100/1000base-t Ethernet Network Interface (rj-45) E. Auto-sensing Link Speed And Mdi/mdx 3.9.1.24. Must Have Dc Power Interface: 48vdc (nominal, +/- 5%), Accepts 1.35mm/3.5mm Center-positive Circular Plug With 9.5mm Length. 3.9.1.25. Must Have Visual Indictors (two Multi-color Leds): For System And Radio Status. 3.9.1.26. Must Have A Reset Button: Factory Reset, Led Mode Control (normal/off). 3.9.2. 30 Units Outdoor Access Points 3.9.2.1. Must Have 8x8 Mu-mimo Capability. 3.9.2.2. Must Be Delivering A Raw Capacity Of 4.8 Gbps. 3.9.2.3. Must Have An Uplink And Downlink Orthogonal Frequency Division Multiple Access (ofdma), Downlink Multi-user Mimo (mu-mimo) And Cellular Colocation. 3.9.2.4. Must Have Ai Powered Technology Ensures That All Clients Are Attached To Their Best Serving Access Point. 3.9.2.5. Must Have Session Metrics, Network Metrics, Applications And Client Type Are Used To Identify And Maintain The Best Connection. 3.9.2.6. Must Have High Performance Dual Radio 802.11ax Ap With Ofdma And Multi-user Mimo (mu-mimo). 3.9.2.7. Must Have Multi-user Capability With Uplink And Downlink Multi-user Mimo. 3.9.2.8. Must Have Multi-gig Uplink Ethernet Port A. Supports Up To 2.5/5 Gbps With Nbase-t And Ieee 802.3bz Ethernet Compatibility. B. Backwards Compatible With 100/1000base-t. 3.9.2.9. Must Have An Ap Type: Outdoor Hardened, Wi-fi 6 Dual Radio, 5 Ghz 8x8 Mimo And 2.4 Ghz 4x4 Mimo Software And Configurable Dual Radio Supports 5 Ghz And 2.4 Ghz 5 Ghz: 3.9.2.10. Must Be Able To Support Up To 300 Associated Client Devices Per Radio, And Up To 16 Bssids Per Radio. 3.9.2.11. Must Have The Following Supported Frequency Bands (country-specific Restrictions Apply): A. 2.400 To 2.4835 Ghz B. 5.150 To 5.250 Ghz C. 5.250 To 5.350 Ghz D. 5.470 To 5.725 Ghz E. 5.725 To 5.850 Ghz F. 5.825 To 5.875 Ghz 3.9.2.12. Must Have The Following Available Channels: Dependent On Configured Regulatory Domain. 3.9.2.13. Must Have Dynamic Frequency Selection (dfs) Optimizes The Use Of Available Rf Spectrum. 3.9.2.14. Must Support The Following Radio Technologies: A. 802.11b: Direct-sequence Spread-spectrum (dsss) B. 802.11a/g/n/ac: Orthogonal Frequency-division Multiplexing (ofdm) C. 802.11ax: Orthogonal Frequency-division Multiple Access (ofdma) With Up To 16 Resource Units (ru) 3.9.2.15. Must Have The Following Supported Modulation Types: A. 802.11b: Bpsk, Qpsk, Cck B. 802.11a/g/n: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam (proprietary Extension) C. 802.11ac: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam, 1024 Qam (proprietary Extension) D. 802.11ax: Bpsk, Qpsk, 16- Qam, 64-qam, 256-qam, 1024 Qam E. 802.11n High-throughput (ht) Support: Ht 20/40 F. 802.11ac Very High Throughput (vht) Support: Vht 20/40/80/160 G. 802.11ax High Efficiency (he) Support: He20/40/80/160 3.9.2.16. Must Have The Following Supported Data Rates (mbps): A. 802.11b: 1, 2, 5.5, 11 B. 802.11a/g: 6, 9, 12, 18, 24, 36, 48, 54 C. 802.11n (2.4ghz): 6.5 To 300 (mcs0 To Mcs15, Ht20 To Ht40) D. 802.11n (5ghz): 6.5 To 600 (mcs0 To Mcs31, Ht20 To Ht40) E. 802.11ac: (5 Ghz): 6.5 To 3,467 (mcs0 To Mcs9, Nss = 1 To 4 For Vht20 To Vht160) F. 802.11ax (2.4ghz): 8.6 To 574 (mcs0 To Mcs11, Nss = 1 To 2, He20 To He40) G. 802.11ax (5ghz): 8.6 To 4803 (mcs0 To Mcs11, Nss = 1 To 4, He20 To He160) H. 802.11n/ac Packet Aggregation: A-mpdu, A-msdu 3.9.2.17. Must Have The Maximum (conducted) Transmit Power (limited By Local Regulatory Requirements): A. 2.4 Ghz Band: +22 Dbm Per Chain, +25dbm Aggregate (2x2) B. 5 Ghz Band: +22 Dbm Per Chain, +28dbm Aggregate (4x4) 3.9.2.18. Must Have Multi-gig Port (rj-45) A. Auto-sensing Link Speed (100/1000/2500base-t) And Mdi/mdx B. 2.5gbps Speed Complies With Nbase-t And 802.3bz Specifications C. Poe-pd: 48vdc (nominal) 802.3at/bt (class 4 Or Higher) - 802.3az Energy Efficient Ethernet (eee) 3.9.2.19. Must Have 100/1000base-t (rj-45) A. Auto-sensing Link Speed And Mdi/mdx - 802.3az Energy Efficient Ethernet (eee) B. Poe-pd: 48vdc (nominal) 802.3at/bt (class 4 Or Higher) 3.9.2.20. Must Have Link Aggregation (lacp) Support Between Both Network Ports For Redundancy And Increased Capacity. 3.9.2.21. Must Have Visual Indicator (multi-color Led): For System And Radio Status. 3.9.2.22. Must Have A Reset Button: Factory Reset (during Device Power Up). 3.9.2.23. Must Have 802.11ac And 802.11ax 3.9.2.24. Must Support Single-channel Implementation Also Known As Channel Blanket 3.9.2.25. Must Support Multi-channel Implementation. 3.9.2.26. Must Support Hybrid Implementation. 3.9.3. Wireless Lan Controller 3.9.3.1. Bidder Must Supply Licenses For The Number Of Access Points Proposed In This Bid For 3 Years Maintenance. 3.9.3.2. Must Be Software Solution For Wi-fi Performance At The Edge That Support Up To 3,000 Aps. 3.9.3.3. The Network Controller Could Be A Software Solution Or A Network Appliance. 3.9.3.4. The Network Controller Can Be A Function/feature Within The Whole Network Management System Or Platform. 3.9.3.5. Must Be Able To Deliver 24x7 Reliability, Live Upgrades, And Always-on Connectivity. 3.9.3.6. Must Support Zero Touch Provisioning. 3.9.3.7. Must Support Plug-n-play Ap Replacement. 3.9.3.8. Wireless Network Can Still Function Normally When The Network Controller Fails. 3.9.3.9. If The Wireless Lan Controller Is Software Solution Only, Bidder Must Include An Operating System License. 3.10. Network Management System (nms) 3.10.1. Solution Should Support Zero-touch Deployment Of Switches And Wireless Controllers And Even Ngfw To Eliminate Human Intervention. 3.10.2. Solution Should Support Physical Branch Provisioning By Automating Onboarding, Initial Configuration, And Customer-supplied Configurations For The Complete Branch Network For Single Or Multiple Branches. 3.10.3. Proposed Solution Should Automatically Discover And Maps Network Devices. Should Have An Ability To Display Real-time Graphical Representation. 3.10.4. The Proposed Solution Should Classify Devices In The Topology Map Based On Different Network Layers And Filter Based On Vlan. 3.10.5. The Proposed Solution Should Have 2d And 3d Wireless Coverage Planning Tool Provide Real Time Rf Heat Maps That Show Accurate Information On The Overall Signal Quality Delivered To Locations On A Map. 3.10.6. The Proposed Solution Should Have Capability Of Visualize The Wi-fi 6 Insight Aps Over Legacy Aps, Airtime Efficiency, And Wireless Latency 3.10.7. The Solution Shall Have The Ability To Compare Configuration Versions Using A Side-by-side, Split-screen Display To Highlight Differences Between Current And Captured Configuration. 3.10.8. The Proposed Solution Must Be Able To Define Baseline Software Image Per Location For Specific Platform And Provide Pre- And Post-upgrade Checks For Software Image Management. 3.10.9. The Proposed Solution Must Have An Ai-driven Analytics Engine With Machine-learning Based Workflows To Provide Root Cause Analyses And Solve Complex Issues. 3.10.10. The Proposed Solution Shall Provide At-a-glance Fault Summary Dashboards To View Top Unhealthy Network Elements With Status Kpis And Drill Down To View The Detailed Information. 3.10.11. The Proposed Solution Shall Provide Actionable Insights Into Network, Client, And Application-related Issues Eliminating White Noise And False Positives Based On Recent And Historical Data; And Provide Guided Remediation To Troubleshoot The Issues. 3.10.12. The Proposed Solution Shall Support Vector-based Area Detection Technology For Wireless Network. 3.10.13. The Proposed Solution Should Have The Following Options Of Deployment; 3.10.13.1. Mini Version For Small Network And Can Run Built-in On Core Switches And Ngfw. 3.10.13.2. Full Featured Appliance-based Solution For An Average Network Size 3.10.13.3. Full Featured Software-based Solution For Extremely Large Network Size 3.10.14. Network Management System Solution Can Also Be Utilize To Implement Network Layer Security Based On Self-defending Network. 3.10.15. Must Include Operating System License If Bidder Will Propose Software Solution Only. Servers And Storage Appliances 1 86,140,314.00 4.1. Vm Servers Six (6) Units Vm Servers With Minimum Specifications As Follows: 4.1.1. Processor: Dual Processor With At Least 2.0ghz, 2 X 28c 4.1.2. Memory: 1tb Ram 4.1.3. Storage: 2 X 800gb Ssd Sas (raid 1) And 2 X 2tb Ssd Sas 4.1.4. Disk Controller: Raid 0, 1, 10, 5 4.1.5. Sas Raid Controller 4.1.6. Network Ports: At Least 2 X Dual Ports 10gbe 4.1.7. Hba Card (fc Card): 2 X Dp Fc16 4.1.8. Must Have N+1 Fan Redundancy 4.1.9. Must Have Dual Redundant Power Supply 4.1.10. Must Include Enterprise Linux Based Operating System Per Server That Can Accommodate Virtual Machines Without Additional License Cost 4.2. Storage Area Network Switches 4.2.1. 2 Units X 24 Ports 16gb Fc San Switch 4.2.2. 48 Pcs 16gb Fc Lc To Lc Cables 4.2.3. Redundant Power Supply 4.3. Block Storage System 4.3.1. Enterprise Block Storage System Specifications: 4.3.1.1. Must Have 50tb Nvme Ssd Usable Capacity. 4.3.1.2. Minimum Of 4 X 16gb Fc Ports 4.3.1.3. Designed For Six Nines Of Availability 4.3.1.4. Must Support Active-active, End-to-end Nvme Controllers 4.3.1.5. Must Support Nvme Ssd 4.3.1.6. Must Have The Capability To Natively Connect To And Manage The Storage Of Different Brands For Future Capacity Expansion And Integration Of Existing Storage. 4.3.1.7. Must Include Management Capabilities To Eliminate Dozens Of Time-consuming Tasks And Decision Points. Labor-intensive Processes Like Initial Volume Placement, Migrations, Load Balancing. 4.4. Back-up System Requirements For Enterprise On-premise Back-up System: 4.4.1. Back-up Server Must Have The Following Minimum Specifications: 4.4.1.1. Dual Processor With At Least 2.0ghz, 2 X 12c 4.4.1.2. Memory: 256gb Ram 4.4.1.3. Storage: 2 X 800gb Ssd Sas (raid 1) And 2 X 4tb Ssd Sas 4.4.1.4. Sas Raid Controller 4.4.1.5. At Least 4 X 10gbe 4.4.1.6. Hba Card (fc Card): 2x Dp Fc16 4.4.1.7. Must Have N+1 Fan Redundancy. 4.4.1.8. Windows Server Operating System 4.4.1.9. Must Have Dual Redundant Power Supply. 4.4.1.10. The Solution Must Include Tools For Effective Management. 4.4.1.11. The Solution Must Provide Software Licenses For Protection Of Either 20 Vm’s Or 50tb Capacity. 4.4.1.12. The Solution Must Support Native Tiering To Public And/or Private Clouds For Long-term Retention. 4.4.1.13. The Solution Must Support Data Deduplication. 4.4.1.14. The Solution Must Support Reporting Capabilities For Physical Capacity Utilization. 4.4.1.15. Must Include Operating System License For Back-up Software 4.5. Block Storage System For Back-up 4.5.1. Enterprise Block Storage System Specifications: 4.5.1.1. Must Have 300tb Nlsas Usable Capacity. 4.5.1.2. Minimum Of 4 X 16gb Fc Ports 4.5.1.3. Equipment Must Be Designed For A Minimum Of Six Nines Of Availability Or Higher. 4.5.1.4. Must Support Active-active Controllers. 4.5.1.5. Must Also Have The Capability To Natively Connect And Manage The Storage Of Different Brands For Future Capacity Expansion And Integration Of Existing Storage. 4.5.1.6. Must Include Management Capabilities To Eliminate Dozens Of Time-consuming Tasks And Decision Points. Labor-intensive Processes Like Initial Volume Placement, Migrations, Load Balancing. 4.6. Virtualization Software 4.6.1. Must Support Api And Policy Driven Storage Capabilities 4.6.2. Must Support Persistent Memory 4.6.3. Must Support Single Reboot 4.6.4. Must Support Quick Boot. 4.6.5. Must Support Live Migration Of Workloads 4.6.6. Support For Msft Vbs 4.6.7. Must Support Endpoint Security 4.6.8. Must Support Fault Tolerance 4.6.9. Must Support Per-vm Enhanced Vm Migration Compatibility. 4.6.10. Must Support Proactive High Availability 4.6.11. Must Support Vm-level Encryption. 4.6.12. Must Support Centralized Network Management 4.6.13. Must Support Load Balancing 4.6.14. Must Support Prioritize Resources To Virtual Machines Data Center Facility 1 92,008,302.00 5.1.1. The Winning Vendor Shall Supply, Install And Commission A Modular Data Center That Will Support The Network, Servers And Storage Deployments. This Data Center Must Be Scalable In Nature With Its Capacities, Including Additional Racks, Easily Upgraded Without Disruption To Normal Operations. 5.1.1.1. Server Racks 5.1.1.2. Uninterruptible Power Supply (ups) 5.1.1.3. Precision Air Conditioning Unit (pacu) 5.1.1.4. Cctv System 5.1.1.5. Environmental Monitoring System (ems) 5.1.1.6. Fire Suppression System 5.1.2. Cold Aisle Containment System 5.1.2.1. Equipped With Automatic Sliding Door, Magnetic Locking Roofs, Intelligent Lighting System, Cable Management, Touchscreen Display Controller, Sms Modem And Data Center Facility Equipment Status (ups And Pacu). 5.1.2.2. Must Have Access Controller With Management Of Users, Logs And Access Authorization (2-door Type) 5.1.2.3. Equipped With Access Control Reader (rfid Card, And Pin/badge Code) 5.1.2.4. Able To Communicate With The Following Sensors: Temperature & Humidity, Smoke, Leak Detection, Door Status And Data Center Equipment (pacu, Ups And Power Meters) 5.1.2.5. Includes A Monitoring Tool / System With Analytics. 5.1.2.6. Temperature & Humidity Sensor Included For All Entire Racks. 5.1.2.7. Includes Smoke Sensor (dry Contact Type With Alarm Light) For The Entire Racks. 5.1.2.8. Equipped With Door Status Sensor For The Entire Racks. 5.1.2.9. Equipped With Water Leak Sensor For The Entire Racks. 5.1.2.10. Able To Monitor Rack Space. 5.1.2.11. Able To Display Virtual Rack Diagram / Layout. 5.1.2.12. Equipped With Smart Meter. 5.1.3. Closed Bay Server Racks 5.1.3.1. Dimension: 600mm (width) *1100mm (depth) *2000mm (height) 5.1.3.2. Static Weight Loading Capacity Of At Least 1,400kg 5.1.3.3. Ip Rating – 20 5.1.3.4. Door Perforations – 70% Minimum 5.1.3.5. Adjustable Leveling Feet For Stability And Security 5.1.3.6. Front And Rear Doors Open Up To 130º 5.1.3.7. Front And Rear Doors Must Be Grounded To The Rack. 5.1.3.8. With Electronic Lockable Front & Rear Doors Integrated To Dcim Software 5.1.3.9. With Front And Rear U-position Numbers 5.1.3.10. With Removable Power Trough On The Roof For Power, Network And Optic Cables Management 5.1.3.11. With Heavy Duty Castor 5.1.4. Must Propose 1 Unit Out Of Band Switch With The Following Specifications: 5.1.4.1. 48 Ports X Rj45 Rs-232 Serial Ports 5.1.5. Managed Pdu 5.1.5.1. Metered Type. 5.1.5.2. Ac Input Voltage: 400v 3ph 5wire 60hz Wye. 5.1.5.3. Nominal Voltage Input: 350v – 415vac 3 Phase Wye. 5.1.5.4. Output Voltage: 200v-240vac 1phase. 5.1.5.5. 36 X Ec320-c13 Output Receptacles. 5.1.5.6. 3 X Iec320-c19 Output Receptacles. 5.1.5.7. With Branch/group Circuit Breaker Protection. 5.1.5.8. Equipped With Led Current (rms Value) Display And Overload Warning Indicator. 5.1.5.9. Must Be Monitored Through Dcim Software. 5.1.5.10. Tool-less Installation Standard Rack Cabinets. 5.1.5.11. Must Include Brackets For Mounting In Other Brand Rack Cabinets. 5.1.5.12. Zero-u Installation To Save Rack Space. 5.1.5.13. Operating Range: 0 To 45 Degrees Celsius. 5.1.6. Iot Smart Cctv Cameras 5.1.6.1. With Live Caption And Monitoring 5.1.6.2. Smart Features 5.1.6.3. Must Cover The Entire Sever Room And Server In An Aisle 5.1.6.4. At Least 5mp Resolution 5.1.6.5. With Storage Capable To Retain Videos For 30 Days 5.1.7. Precision Cooling 5.1.7.1. Must Provide 4 Units Of Precision Row Cooling With At Least 30kw Total Cooling And 30kw Sensible Cooling Capacity 5.1.7.2. Must Be Ce Certified Or Equivalent International Standard. 5.1.7.3. The Indoor Unit Fan Type Must Be Ec Fan With Automatic Adjustment Through A Controller To Match The Heat Load From 20%-100%. 5.1.7.4. The Outdoor Unit Fan Must Have Variable Speed Control Which Adjusts According To Different Weather Conditions. 5.1.7.5. The Indoor Fans Must Be Hot Swappable Which Should Not Require Shutting Down Of The Entire Pacu Unit When Replacing The Defective Fan/s. 5.1.7.6. The Pacu Unit Must Be Equipped With Electronic Expansion Valve (eev) To Provide Accurate Control Of The Refrigerant To Run Optimized On Various Conditions. 5.1.7.7. Filter Shall Be High Efficient Eu4/f4/merv8 Standard. 5.1.7.8. At Least Ten-inch Lcd Colored Touch Screen Display Externally Mounted And Viewed From The Front Of The Unit 5.1.7.9. The Touch Panel Must Contain The Settings And Programs Of All The Stored Operating Parameters That Can Be Used, Viewed, And Set On The User Display Interface. 5.1.7.10. Must Be Equipped With Automatic Restart Feature That Will Automatically Restart The System After A Power Failure. 5.1.7.11. High Pressure And Low Pressure Of Refrigerant System Shall Be Recorded In The Controller And Be Viewed Through The Display. 5.1.7.12. Shall Have Reheater With Positive Temperature Coefficient (ptc) Selfregulating Reheating Element At 3kw Rating. 5.1.7.13. Must Have Electrode Humidifier With 3kg/hr Capacity. 5.1.7.14. The Controller Is Able To Work In Teamwork Mode. 5.1.7.15. Capable To Accept 2 Power Source With Automatic Switching From Feed A To Feed B And Vice Versa To Support High Availability. 5.1.7.16. The Pacu Shall Be A 3 Phase (380/400/415v, 60hz) 5.1.7.17. 5.1.7.18. Must Have Built-in Or Has Available Slot For Communication Port To Interface With Pc In Order To Remotely Monitor Ups Status Via Tcp/ip Network. 5.1.7.19. Supports Communications Protocols Such As Rs-485, Snmp And Must Be Monitored Centrally On The Data Center Infrastructure Management Software (dcim). 5.1.7.20. Unit Dimension Shall Not Be Greater Than 300mm W X 2000mm H X 1090mm D. 5.1.7.21. All Pacu Units Must Have At Least One External Temperature And Humidity Sensors Installed On The Back Door Of The Rack Next To It. 5.1.7.22. Unit Must Be Compatible With R-410a Refrigerant Or Other Environmental Friendly Refrigerant 5.1.7.23. Must Have Dry Contact Device For Alarm System. 5.1.7.24. All Pacu Units Must Be Integrated To Door Access Control And Fire Suppression System 5.1.8. Ups Systems With Independent Battery System: 5.1.8.1. Supply 2 Units Modular Ups With 80kw Frame In 2n Configuration 5.1.8.2. 40kva Initial Modular Capacity 5.1.8.3. Can Cater 5kw Per Rack @ 8 Racks 5.1.8.4. At Least 15 Mins Back Up Time 5.1.8.5. The Ups Must Be Based On Igbt Technology Architecture That Provides High Quality, Low Noise, Pure And Uninterrupted Power Supply, Three Phase, Four Wire + Ground, Hot Swappable Modular Type Ups 5.1.8.6. Must Be Ce Certified, Iec/en62040-1, Iec/en62040-2 Or Equivalent. 5.1.8.7. The Ups Shall Have Built-in Protection Circuit Breakers For Input, Manual Bypass, Bypass And Output Connections. 5.1.8.8. The Ups Must Be A 3 Phase (380/400/415v, 60hz) Input Type And 3 Phase (380/400/415v, 60hz) Output Type. 5.1.8.9. The Ups Status Must Have User Friendly Interface With Big Graphic Lcd Screen For All Communication And Command Options To Show Operational And Functional Status, Measurements, Event Log, Etc. 5.1.8.10. Must Have Built-in Communication Port To Interface With Pc In Order To Remotely Monitor Ups Status Via Tcp/ip Network. 5.1.8.11. In Each Of The Ups, It Include Controller Module, Static Transfer Switch (sts Module) And Power Modules. Modules Must Be Hotswappable Without Bypass Mode Or Without System Shutdown Required In Order To Minimize Down Time. 5.1.8.12. Has Automatic Restart Function To Normal Mode Right After The Ac Input Resumes Following A Low Battery Shutdown And Returns Automatically To Normal Mode From Bypass Mode After An Overload Condition Or Short Circuit Condition Is Cleared. 5.1.8.13. Enclosure Ip Rating – Ip20 As A Minimum 5.1.8.14. Ambient Operating Temperature Between 0 To 40 Degrees C 5.1.8.15. Audible Noise <62db At 1 Meter 5.1.8.16. Winning Bidder Must Provide Calculation Of Mtbf (mean Time Between Failures) Which Must Not Be Lower Than 125,000 Hours Based On Online Mode (battery At Float & Battery Charge), Onbattery (inverter Mode) Back Up Mode And Bypass Mode. 5.1.8.17. Ups Input Specification 5.1.8.17.1. Voltage: 380v ± 20 % Or Better. 5.1.8.17.2. Frequency: 60 Hz ± 5 % Or Better. 5.1.8.17.3. Power Factor: 0.99 Or Better. 5.1.8.17.4. Harmonic Distortion (thdi): 5% Or Better 5.1.8.18. Ups Output Specification 5.1.8.18.1. Voltage: 380v/400v/415v ±1 % Or Better. 5.1.8.18.2. Frequency: 60 Hz ± 0.1 % Or Better. 5.1.8.18.3. Power Factor: Unity (1) 5.1.8.18.4. Harmonic Distortion: < 2%(at Linear Load) Or Better. 5.1.8.18.5. Overload: ≤125% ; 10 Min , ≤150% ; 1 Min Or Better. 5.1.8.18.6. Overall Efficiency: 96% (online Mode) And 99% (eco Mode) 5.1.8.19. Battery Specification 5.1.8.19.1. The Battery System Must Be Lithium Ion (lfp Type) Or Equivalent Complete With Battery Module, Battery Cabinet And Battery Management System. 5.1.8.19.2. Each Ups Must Have 15min Battery Runtime At 40kw Load. 5.1.8.19.3. The Battery System Must Be Designed To Support Each Ups Independently. A Common Battery Scheme For 2 Ups Is Not Allowed In Order To Prevent Single Point Of Failure. 5.1.8.19.4. The Lithium Ion Battery Cabinet Of Each Ups Shall Have Visual Display System For Real Time Display System Status 5.1.8.19.5. With Four Level Safety Protection To Ensure System Safety And Reliability (cell Level, Module Level, And System Level) 5.1.8.19.6. With Three Levels Of Battery Management System From Cell Level (basic), Rack Level And System Level 5.1.8.19.7. The Battery Must Be Manufactured By A Factory Which Has Been Certified For Iso 9001 And Iso14001. 5.1.9. Monitoring System 5.1.9.1. Able To Visualize The Overall Layout Of The Data Center 5.1.9.2. With Overall Environment Mapping Or Profile Of The Data Center 5.1.9.3. With Electrical, Mechanical, Fire And Safety Systems And Sub Systems Status Monitoring 5.1.9.4. Monitoring Of Precision Cooling Status And Profile 5.1.9.5. Power Diagrams 5.1.9.6. Alarm Notification And Reporting 5.1.9.7. The System Must Be Able To Monitor The Following: 5.1.9.7.1. Access Control And Surveillance (cctv) 5.1.9.7.2. Asset Management 5.1.9.7.3. Rack Utilization, Rack U-space, Weight, Power Load And Network Port For Each Rack 5.1.9.7.4. Multiple Site Management 5.1.9.7.5. Alarm Notification, Reporting And Schedule 5.1.9.8. Equipped With Intelligent Platform Management Interface (ipmi) 5.1.9.9. System Can Be Integrated To End User Active Directory (ldap) Management For: 5.1.9.9.1. Real Time And Historical Pue 5.1.9.9.2. Electricity Cost And Billing 5.1.9.9.3. Overall Capacity Utilization 5.1.9.9.4. Work Order Progress And Approval Process. 5.1.9.9.5. Alarm Notification And Reporting 5.1.10. Environmental Management System (ems) 5.1.10.1. Input Voltage: 100- 230vac 5.1.10.2. Input Frequency: 50hz 5.1.10.3. Digital Inputs: 4 5.1.10.4. Analogue Inputs: 2 5.1.10.5. Water Leak X 1: Detect Voltage < 1v ((alarm Signal With S-1fp Leak Sensor) 5.1.10.6. 8 X Sensor Hub Outputs For Smoke, Fire, Door Connections 5.1.10.7. Relay Outputs: 2 5.1.10.8. Led Warning Lights 5.1.10.9. 1 Ru 5.1.10.10. Ems Protocols 5.1.10.10.1. Ipv4/ Ipv6 Ftp/ Sftp/ Tftp 5.1.10.10.2. Dhcp Smtp 5.1.10.10.3. Http/ Https Sntp 5.1.10.10.4. Snmp V1/v3 Syslog 5.1.10.10.5. Telnet/ Ssh Radius 5.1.10.11. Rack Temp/humidity Sensor Specification 5.1.10.11.1. Input Power: Via Pdu Or Ups Snmp Or Ems Appliance 5.1.10.11.2. Temp Accuracy: 15ºc - 35ºc : ± 1ºc 5.1.10.11.3. Temp Accuracy: 0ºc - 15ºc & 35ºc - 45ºc: ± 2ºc 5.1.10.11.4. Humidity Operation: 20 - 90% Rh None Condensing. 5.1.11. Other Requirements 5.1.11.1. The Winning Bidder Shall Assess The Floor Loading Capacity Of The Cnu Nominated Area Where The Data Center Shall Be Installed. The Winning Bidder Must Perform Floor Loading Augmentation Works To Ensure That The Floor Loading Capacity Is Sufficient To Support The Data Center Equipment. 5.1.11.2. The Winning Bidder Shall Be Responsible In All Essential Installation Works. 5.2. Consolidated Command And Control Center 5.2.1. 6 Units Led Wall Monitors 5.2.1.1. Must Provision 6 Units 55 Inch Led Wall Monitors 5.2.2. 6 Units Desktop Computers 5.2.2.1. Must Have The Following Minimum Specifications: 5.2.2.2. Must Have A Minimum Of Intel I5 Cpu. 5.2.2.3. Must Have The Latest Windows Os 5.2.2.4. Must Have 16gb Memory. 5.2.2.5. Must Have A Minimum Of 512gb Ssd 5.2.2.6. Must Have An Integrated Video Card 5.2.2.7. Must Have A Minimum Of 1 X Hdmi Port 5.2.2.8. Must Have 2 X Usb 3.2 Gen Port 5.2.2.9. Must Have 1 X Rj45 Ethernet Port 5.2.2.10. Must Include Keyboard And Mouse 5.2.2.11. Must Include 23 Inch Monitor 5.2.2.12. Must Include Office Productivity Software 5.2.2.13. Must Include Endpoint Security (refer To 4.6 For Specifications) 5.2.3. Consolidation Of Various Monitoring System 5.2.3.1. The Winning Bidder Must Ensure Network, Security, Servers And Application Monitoring Systems Are Viewed And Controlled From The Command Center 5.2.3.2. Data Center Monitoring System (dcim) Must Be Viewed And Controlled From The Command Center 5.2.3.3. Cctv Monitoring Is To Be Done At The Command Center 5.2.4. Other Requirements 5.2.5. Provision Of Essential Furnishing 5.2.6. Provision Of Power Supply 5.2.7. Provision Of Network Nodes Including Required Data Cabling 5.2.8. Provision Of Services Essential To Prepare The Cnu Nominated Area Conducive For A Command Center Smart Security System 1 108,560,223.00 6.1. Smart Cctv Cameras (90 Units) 6.1.1. Cctv System Must Consist Of The Following: 6.1.1.1. Dome Camera, 4mp Or Higher Mp 6.1.1.2. Bullet Camera, 4mp Or Higher Mp 6.1.1.3. Ptz Camera, 4mp Or Higher Mp 6.1.1.4. Network Video Recorded (nvr) With Rightsized Storage Equipment 6.1.1.5. Cctv Software And Analytics 6.1.1.6. Video Retention Policy Of A Minimum Of 90 Days 6.1.2. Tcp/ip Based Cameras 6.1.2.1. The Camera Must Be Tcp/ip Based 6.1.2.2. Should Support 12-24 Vdc Or 24 Vac. 6.1.2.3. Should Support 1920 X 1080 Resolution. 6.1.2.4. Should Support 25/30 Fps. 6.1.2.5. Should Support Night Vision For At Least 40m For Dome, 60m For Bullet, 200m For Ptz. 6.1.2.6. Should Be At Least Ip67 Ingress Protection For Dome And Bullet, Ip66 For Ptz 6.2. Facial Recognition System The Facial Recognition System Shall Function, Among Others, As The Primary Data Capture Device For The Daily Time Record Of University Employees, Which Shall Be Integrated With The Hris Dtr Module. It Will Also Function As An Identification Tracker Of Students Coming In And Out Of The Campus. It Will Be Deployed Initially At The Main Entry And Exit Points Of The Campus. At A Minimum, The System Must Be Equipped With The Following: 6.2.1. Touch-less Access Control Reader Equipped With Facial Recognition Capable Of Four (4) Factor Authentication, Such As: 6.2.1.1. Face 6.2.1.2. Finger 6.2.1.3. Card 6.2.1.4. Pin 6.2.2. Equipped With At Least 2mp Camera And Able To Perform Thermal Screening That Will Manage Student And Personnel Credentials And Isolate Those With High Temperature To Keep The Campus Premises Safe And Secure. 6.2.3. Must Be Equipped With Ups. 6.2.4. Rfid Card Options Must Include, At A Minimum, Em Prox, Mifare, Desfire. 6.3. Video Analytics & Video Management System A Video Management System Collects Video From Cameras And Other Sources, Stores That Footage On A Storage Device, Provides An Interface To Both View The Live Video And Access Recorded Footage, And Integrates With Surveillance Systems Of Different Stakeholders Thereby Providing A Holistic And Integrated Solution For The Campus. The Following Capabilities Are Required (note: No Osm): 6.3.1. Analyze Video/camera Events 6.3.1.1. Video Signal Lost 6.3.1.2. Video Signal Restored 6.3.1.3. Camera Sabotage Features 6.3.2. Counting Events 6.3.2.1. A Person Counted As Entering. 6.3.2.2. A Person Counted As Exiting. 6.3.2.3. Car Counted In Lane. 6.3.2.4. Car Exited Carpark. 6.3.2.5. Car Entered Carpark. 6.3.3. Protect Areas Of Interest 6.3.3.1. Intrusion Detection 6.3.3.2. Loitering Detection 6.3.3.3. Possible Theft 6.3.3.4. Object Removed. 6.3.3.5. Object Left Unattended. 6.4. Automated Turnstile Through Rfid Access Supply And Installation Of Automated Gates, Turnstiles And Door Access Retrofitting Servers At The Main Entrance And Exit Area Of The University. 6.4.1.1. Accessed Using A Single Card And Programmable Control System. It Must Include Rfid Card Printers, Readers, And Stocks Of Consumables (rfid Cards And Printer Ribbons) To Meet The Initial Requirements Of All Students, Employees, And Guests Who Will Use The Facilities; 6.4.1.2. Passing Turnstile That Integrates Modules Such As Access Control, Turnstile Control, And Alarm; 6.4.1.3. The Access Control Management System Is Equipped With An Ic Card Reader; 6.4.1.4. Barriers Will Be Closed Automatically If No One Enters The Turnstile After Identity Is Verified. The Lock And Unlock Of Barriers Can Be Controlled By A Remote Controller. When Receiving A Fire Alarm Signal, The Turnstile Will Automatically Open; 6.4.1.5. Support Mechanical Anti-pinch And Ir Anti Pinch, Anti-collision. Support Sound And Light Alarms. Passing Modes. Pass With Identity Verified, Not Allowed To Pass, And Pass Without Restrictions, And Able To Use The Three Modes In Any Combination. Unlock And Lock Speed, Pass Duration, And Lock Delay Duration Must Be Adjustable. Support Intrusion Alarm (entering And Exiting), Trailing Alarm, Stay Overtime Alarm, Climbing Turnstile Alarm, Unlock Anomaly Alarm, Barrier Anomaly Alarm, Ir Anomaly Alarm, Communication Anomaly Alarm, And More. Support Integration Of Face, Fingerprint, Qr Code, Cpu Card Reader/id Card Reader Module, And More To Achieve A Combination Of Multiple Authentication Methods. 6.5. Vms Server Vms Server Consisting Of One (1) General Purpose Server, With Minimum Specifications As Follows: 6.5.1. Memory: 16 Gb Ddr4 Dimm 6.5.2. Storage: 1 Tb 7.2k Sata × 2 6.5.3. Network Ports: 2 × 1gbe Lom Network Interface Controller (nic) Ports. 6.5.4. Operating System: Windows Server Os (licensed Copy Auxiliary Communications 1 100,900,000.00 The Winning Bidder Shall Provide Below Listed Equipment, Appliances And/or Devices To Supplement The Overall Workability Of This Project As Well As Provide Additional Productivity Equipment To The University: 7.1. 9’ X 12’ Led Display 1 Unit Change 1 Unit Indoor 7.1.1. 2 Units Outdoor Led Wall Display To Be Used As Electronic Billboard, With A Minimum Size Of 9ft X 12ft 7.2. 85” Indoor Led Display For Video Conference 7.2.1. 6 Units 85” Indoor Led Display 7.2.2. Provision Of 10x Optical Zoom Video Conferencing Kit Camera 7.3. Ipbx System With Ip Phones The Winning Bidder Must Supply A Complete Working Ip Pbx System For At Least 100 Users. The Proposed System Must Be Compliant With The Following Specifications, At A Minimum: 7.3.1.1.1. Must Extend Voice And Video Features To Network Devices Such As Ip Phones, Telepresence Endpoints, Media-processing Devices, Gateways, And Multimedia Applications. 7.3.1.1.2. Must Be Able To Perform Multimedia Conferencing, Collaborative Contact Centers, And Interactive Multimedia Response Systems Through Open Telephony Apis. 7.3.1.1.3. Must Be Able To Provide Call Attendant With Tools That Quickly Accepts And Effectively Dispatch Incoming Calls To Individuals Across The Organization. 7.3.1.1.4. Must Be Able To Perform Calling, Meeting And Messaging. 7.3.1.1.5. Must Be Equipped With Instant Messaging Features. 7.3.1.1.6. Must Be Equipped With Convergence-based Communication Services To Listen To Messages In Hands-free Mode. 7.3.1.1.7. Must Be Able To Support Maximum Of 1000 Users. 7.3.1.1.8. Must Have 1000 Mailboxes And At Least 24 Voicemail Ports. 7.3.1.1.9. Must Support Up To 1200 Devices. 7.3.1.2. Ip Telephones (300 Units) 7.3.1.2.1. Equipped With Programmable Line Keys. 7.3.1.2.2. Must Have Fixed Function Keys That Allow One-touch Access To Service, Messaging, Directory, Hold/resume, Transfer, And Conference Features. 7.3.1.2.3. Must Have High-resolution Display. 7.3.1.2.4. Must Support Power-over- Ethernet (poe) Class 1 And Is Energy Star Certified 7.3.1.2.5. Equipped With Power Saving Option To Enable Power Consumption Reduction During Off-hours. 7.3.1.2.6. Equipped With Standard Wideband-capable Audio Handset And Connects Through An Rj-9 Port. 7.3.1.2.7. Equipped With Analog Headset Jack And Is Wideband-capable Rj- 9 Audio Port. 7.3.1.2.8. Must Support Backlit Indicators For Audio Path Keys (handset, Headset And Speakerphone), Select Key, Line Keys, And Message Waiting. 7.3.1.2.9. Must Be Equipped With A Fullduplex Speakerphone To Allow Flexibility In Placing And Receiving Calls. 7.3.1.2.10. Must Be Able To Mask The Audible Dual Tone Multifrequency (dtmf) Tones When The Speakerphone Mode Is Used. 7.3.1.3. Solution Should Include A Voice Gateway Solution. 7.4. Public Address And Voice Alarm System 1 Unit 7.4.1 Should Have A Distributed Control Device (dcs) That Is Integrated With Many Functions And Supports The Connection Via Ethernet. 7.4.2 Built-in 1g Memory To Store The Audio Such As Digital Voice Messages And The Alarm Tone Of The Emergency Broadcast Integrated Into The Fire Alarm System And Building Management. 7.8.3 Should Have A Fault Detection Function For The Broadcasting System That Can Automatically Examine The Host System, Power Amplifier, Power Source, And Communication, And Detect The Open Circuit, Short Circuit, And Grounding Fault To Generate The Fault Alarm And Log. 7.8.4 Should Have A Paging Microphone That Allows Users To Make Paging And Broadcast Search Notices By Zone. 7.8.5 Should Have A Broadcasting System That Has Its Own 1 Ppt Emergency Microphone, Which Could Be Used To Play Emergency Broadcasts And Evacuate The Crowds In Specific Zones. 7.8.6 Should Have System Standby Amplifiers. When The Main Amplifier Fails To Function, The Standby Amplifier Replaces It Automatically. After The Main Amplifier Recovers, The System Will Use It Instead Of The Standby Amplifier In An Automatic Way. 7.5. Warranties 7.5.1. Whenever Applicable, All Equipment, Devices, Software And Systems Must Have At Least 1 Year Warranty And Support Services.\ 7.6. Services Requirements 7.6.1. Testing And Commissioning 7.6.1.1. The Winning Bidder Shall Perform Testing And Commissioning Services Upon Completion Of All Required Installations As Defined In This Terms Of Reference. 7.6.1.2. All Testing To Be Performed Must Be Witnessed By Cnu Assigned Personnel To Ensure Transparency Of The Testing Results. 7.6.1.3. The Testing And Commissioning Shall Ensure The Workability Of The Systems On A Stand-alone And Integrated Perspectives. 7.6.1.4. The Winning Bidder Must Submit For Approval Testing Mops (method Of Procedures) Prior To Actual Testing. 7.6.1.5. The Testing And Commissioning Services Shall Serve As The Uat (user Acceptance Testing) Provided It Is Witnessed By Cnu’s Nominated Personnel. 7.6.1.6. In The Event Of Testing Failure, The Winning Bidder Is Required To Perform Rectification Works Not More Than 72 Hours From The Time The Failed Testing Is Witnessed Or Reported. In The Event That Parts, Units And/or Entire Device/s Are To Be Replaced Which May Take Longer Than 72 Hours, The Winning Bidder Is Required To Submit A Written Request Justifying The Extension Of The Prescribed Rectification Duration. 7.6.1.7. All Testing To Be Performed Must Be Within The Manufacturer Prescribed Testing Procedures Or Methods. 7.6.1.8. The Winning Bidder Must Submit A Testing Report. 7.6.2. Knowledge Transfer And Training 7.6.2.1. The Winning Bidder Must Conduct Appropriate Knowledge Transfer Or Training To All Supplied And Installed Equipment, Devices, Software, Systems And Platforms Prior To Handover. 7.6.2.2. Training Must Include Basic Operation Of The Equipment, Devices And/or Systems, Allowable Troubleshooting That Will Not Void The Warranties And Orientation On Support Requests. 7.6.2.3. The Training Sessions Can Be Face To Face Through Classroom Type Or Online/virtual Provided A Walk-through Of The Systems Are Made Possible (if Applicable). 7.6.3. As-built Plans 7.6.3.1. The Winning Bidder Is Required, As Part Of The Post Project Documentation, To Submit As-built Plans Which Will Reflect The Actual Design And Implementation Of Various Ict Infrastructure And Systems In A Form Of Diagrams And/or Layouts. 7.6.3.2. Whenever Applicable, The As-built Plans Must Be Signed By Licensed Engineer Of A Particular Trade. 7.7. Implementation Duration 7.7.1. From The Date Of Notice To Proceed (ntp), The Winning Bidder Has Three Hundred Sixty (360) Calendar Days To Deliver And Complete The Project. Completion Includes Formal Handover And Acceptance By Cnu. 7.7.2. Participating Bidders Must Include In Its Bid Submission A High-level Gantt Chart That Illustrates The Project Implementation Schedule Per Wbs. 7.8. Bidder Competency And Qualification Requirements 7.8.1. The Bid Submission Shall Be In Sufficient Detail To Show Compliance With The Specification And Shall Include The Following: 7.8.1.1. Statement Of Compliance, Or Otherwise, Against The Specification For The System Offered. 7.8.1.2. A Scaled Drawing Showing The Proposed Layout Of All The Equipment In The Proposed System. 7.8.1.3. A Detailed Technical Description Of The Proposed System, Including All The Equipment And Software Offered. 7.8.1.4. A Working Timeline Including The Periods Of Design And Manufacture, Delivery, Installation, Training, Site Acceptance Testing, And Commissioning. 7.8.1.5. A Description Of The Architectural, Mechanical, Electrical, And Other Data Center Facility-related Works. 7.8.1.6. Colored Brochures Of All Equipment Supplied Including Racks And Consoles. 7.8.2. The Participating Bidder Must Include The Following Certifications In Its Bid Submission: 7.8.2.1. Manufacturer’s / Distributor’s Certificate Or Manufacturer’s / Distributor’s Authorization From The Manufacturer Of The Data Center, Desktop, Laptop, Network, And Server That The Bidder Is An Authorized Dealer/reseller To Join The Bid And It Has Validated The Full Solution Of The Project. 7.8.2.2. The Certification Must State That The Manufacturer / Distributor Of The Server And Network, Through Its Local Office, Is Capable Of Providing Support For The Offered Solution Which Will Be Implemented In This Project. 7.8.2.3. The Certification Or Manufacturer’s / Distributor’s Authorization Must Be Issued By The Manufacturer’s Incountry (philippines) Office. In Cases Where The Manufacturer Has No Representative Office In The Philippines, The Bidder May Secure The Certification Or Manufacturer’s Authorization From The Manufacturer’s Regional Office Exercising Supervision Over All Activities In The Philippines. 7.8.3. Manufacturer’s / Distributor Certification For The Servers, Storage, Networking, And Desktop Computers: 7.8.3.1. Must Have In-country Spare Parts Warehouse. 7.8.3.2. Must Be An International Enterprise And Should Have More Than 10 Years Of Business Experience In The Philippines. 7.8.3.3. The Manufacturer / Distributor Must Have Certified Engineers. 7.8.4. Manufacturer’s / Distributor Certificate Stating That The Equipment Supplied Is Not Obsolete Or Shortly To Be Phased Out Of Production. 7.8.5. Warranty Certificates Of All Supplied Equipment And Devices, Stating The Warranty Coverage 7.8.6. The Bidder Should Have Iso 9001:2015 Quality Management Systems. In The Case Of A Joint Venture (jv), Each Of The Parties Forming The Jv Must Possess The Iso Certifications As Stated Herein. Total Php 1,000,000,000.00 Delivery Of The Goods Is Required Within Three (3) Calendar Day After Receipt Of Notice To Proceed. Bidders Should Have Completed, Within Two (2) Years From The Date Of Submission And Receipt Of Bids, A Contract Similar To The Project. The Description Of An Eligible Bidder Is Contained In The Bidding Documents, Particularly, In Section Ii (instructions To Bidders). 3. Bidding Will Be Conducted Through Open Competitive Bidding Procedures Using A Non-discretionary “pass/fail” Criterion As Specified In The 2016 Revised Implementing Rules And Regulations (irr) Of Republic Act (ra) No. 9184. Bidding Is Restricted To Filipino Citizens/sole Proprietorships, Partnerships, Or Organizations With At Least Sixty Percent (60%) Interest Or Outstanding Capital Stock Belonging To Citizens Of The Philippines, And To Citizens Or Organizations Of A Country The Laws Or Regulations Of Which Grant Similar Rights Or Privileges To Filipino Citizens, Pursuant To Ra No. 5183. 4. Prospective Bidders May Obtain Further Information From Cebu Normal University And Inspect The Bidding Documents At The Address Given Below During Office Hours From 8:00 A.m. To 5:00 P.m. 5. A Complete Set Of Bidding Documents May Be Acquired By Interested Bidders On June 30, 2024 To July 22, 2024 From The Given Address And Website(s) And Upon Payment Of The Applicable Fee For The Bidding Documents, Pursuant To The Latest Guidelines Issued By The Gppb, In The Amount Of Seventy-five Thousand Pesos (₱ 75,000.00). The Procuring Entity Shall Allow The Bidder To Present Its Proof Of Payment For The Fees If It Will Be Presented In Person, By Facsimile, Or Through Electronic Means. 6. The Cebu Normal University Will Hold A Pre-bid Conference On July 8, 2024, 1:30 P.m. At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City, Which Shall Be Open To Prospective Bidders. 7. Bids Must Be Duly Received By The Bac Secretariat Through Manual Submission At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City On Or Before July 22, 2024 @ 1:00 P.m. Late Bids Shall Not Be Accepted. 8. All Bids Must Be Accompanied By A Bid Security In Any Of The Acceptable Forms And In The Amount Stated In Itb Clause 14. 9. Bid Opening Shall Be On July 22, 2024, 1:30 P.m. At The Bac Office, Room 203 2nd Floor Administration Building, Cebu Normal University, Osmeña Boulevard, Cebu City. Bids Will Be Opened In The Presence Of The Bidders’ Representatives Who Choose To Attend The Activity. 10. The Cebu Normal University Reserves The Right To Reject Any And All Bids, Declare A Failure Of Bidding, Or Not Award The Contract At Any Time Prior To Contract Award In Accordance With Sections 35.6 And 41 Of The 2016 Revised Irr Of Ra No. 9184, Without Thereby Incurring Any Liability To The Affected Bidder Or Bidders. 11. For Further Information, Please Refer To: Ma. Jodelle C. Badilla Bac Secretariat Office Cebu Normal University Osmeña Boulevard, Cebu City 6000 Philippines Cnubacsec@gmail.com (+63 32) 254 1452 Local 141 12. You May Visit The Following Websites: For Downloading Of Bidding Documents: Www.philgeps.gov.ph Www.cnu.edu.ph June 28, 2024 Dr. Joseph Elvir C. Tubilan Bac Chairperson