allahabad bank€¦ · all should be connected with bank's nms for sla reporting, till the...

Addendum to RFP for Supply And Maintenance of Network and Security Equipment.

Ref No.: HO/DIT/NW&SEC/2014-15/18 Date:24/12/2014

of 26

Addendum to RFP for

Supply and Maintenance of

Network and Security Equipment

Allahabad Bank

Ref No. : HO/DIT/NW&SEC/2014-15/18 Dated: 24.12.2014

Addendum Date: Jan 29, 2015



of 26

Introduction

The Bank has floated the Tender Ref No. HO/DIT/NW&SEC/2014-15/18Dated: 24.12.2014 for Supply and Maintenance of Network and Security Equipment.

Pre Bid Queries Clarifications:

As per the terms of the RFP document, a pre–bid meeting was also held on 14th Jan,2015 attended by the bidder’s representatives.

As an outcome of the clarifications sought by the bidders at the pre-bid meeting and thequeries received from the bidders by e-mail, this addendum dated 29.01.2015 to theRFP document is being issued herewith. The Addendum covers clarifications to thequeries raised by the bidders, and other additional information, which the Bank deemsfit to be furnished to the bidders.

All other terms and conditions of the Tender document remain unchanged. Please treatthis Addendum as an integral part of the Tender document issued.

No further queries pertaining to this Addendum will be entertained.

Chief Manager (IT)Allahabad BankDIT-Head Office



of 26

Pre Bid Queries Clarifications:

1. Eligibility Criteria:

RFP Ref NO Existing Eligibility Criteria Amended Eligibility CriteriaClause No. 2Point 8

The bidder should have valid ISO27001:2013 Certification

The bidder should have valid ISO27001 Certification

Clause No. 2Point 12

During last three years The Biddershould have executed an assignmentof network and security productdelivery of at least INR 10 Cr. each inat least two scheduled commercialBanks in India out of which oneshould be Public Sector Bank inIndia.

During last five years The Biddershould have executed an assignmentof network and security productdelivery of at least INR 10 Cr. each inat least two Scheduled CommercialBanks in India out of which one shouldbe Public Sector Bank in India.

2. Network And Security Equipments at DC & DRC

RFP Ref NO Existing Amended6.2.4 All the network

equipment/devices shouldbe IPv6 compliant

All the proposed network & Securityequipments/devices should support IPv4 andIPv6. The bidder has to ensure the readinessas per the national roadmap for IPv6deployment. The bidder has to migrate/configure all the network and securityequipments into IPv6 version as per request ofthe Bank without any additional cost to thebank.

3. Limited Liability:3.1 Bidder aggregate liability in connection with the obligations undertaken as a part of

RFP regardless of the form or nature of the action giving rise to such liability ( whether incontract, tort or otherwise), shall be at actual and limited to the value of the totalContract. This limit shall not apply to third party claims for

IP infringement indemnity.

Bodily injury (including death) and damage to real property and tangible personalproperty caused by bidder’s gross negligence.

3.2 Bidders liability in case of claims against the Bank resulting from misconduct/fraud orgross negligence of bidders, its employees and sub-contractors or from infringement ofpatents, trademarks, copy rights or such other Intellectual Property Rights or breach ofconfidentiality obligations shall be unlimited.



of 26

3.3 Bidders declares and undertakes that the Bank shall not be held liable for and shallstand absolved of any responsibility or claim/litigation arising out of the use of any thirdparty equipments supplied by bidder as a part of the RFP.

4. Payment Terms(Clause 12.4):Payment of Network/Security items:

Payment on Delivery of the Goods: 25% of the cost of equipment shall be made bythe Purchaser after receipt of the specified goods, completion of Post DeliveryInspection at the Purchaser site, submission of all relevant documents specified and onsubmission of Performance Security.

Payment and installation of Goods: 50% of the cost of equipment shall be made bythe Purchaser after successful installation, commissioning at the site and successfulAcceptance

Final Payment: Balance 25% of the cost of the equipment would be payable after 3months from the date of acceptance of the equipment or after one successful DisasterRecovery (‘DR’) drill whichever is earlier.

5. General Clarifications for the Bidders:1. Network architecture port details for DC, DR & NAPs and Branches link details will be

shared with the selected bidder.

2. Facility Management: Facility Management at DC (Onsite), DR (onsite) and NAP(Offsite) as per requirement. Remote monitoring of NAP equipments will be done.Installation/Reinstallation at the aforesaid locations will be done as per requirement.

3. Cabling and associated components would be under scope of Bidder at DC, DRC andNAP without any additional cost to the Bank.

4. Any branch related issues reported needs to be communicated to Bank’s representative.

5. Bidder needs to do the sizing and communicate the Bank regarding additional powerand cooling requirement, if any.

6. Internal / external / multi-box solution is accepted.

7. Vendor may visit sites to collect adequate information in terms of part no., serial no.,make, model etc of the equipments.

8. In Section V, Clause 1.1, Sl No. 3, ISDN Fallback Router would be read as 4 required inPhase II.

9. Project Timelines:Sr. No. Activity Time Period for completion

1.Supply, delivery, Installation &configure of network and securityequipment at specified locations

Procure, Deliver, Install andconfigure at Bank’s location within 8weeks from the date of Notificationof Award.



of 26

Sr. No. Activity Time Period for completion

2.

Incremental (Phase II and Phase III)delivery and installation of network,security equipment at specifiedlocations.

Procure, Deliver, install andconfigure at Bank’s location within 8weeks from the date of letter issuedin this regard by the Bank.

10. Existing Network Architecture: Network architecture, port details for DC, DR& NAPs,and other details will be shared with the selected bidder.

The existing network is implemented in a hierarchical topology as depicted below:

BhartiMPLS

Branches

CBS PO

Existing Network Topology of Allahabad Bank Phase-I,II Network

BSNL MPLS

NAP 1

DATA CENTER

NAP 38

Branches

DRS

MPLSBranch n

MPLSBranch 1

MPLSBranch 2

Replication Links

Branches

NAP 2

ISDNISDN

ISDN



of 26

TTSLMPLS

SIFYMPLS

VSATHUB

VSAT BRANCHES

BSNL MPLS

DATA CENTER

Tata RF

SIFY RFMPLSBranch n

MPLSBranch 1

MPLSBranch 2

DRS

Replication Links

Existing Network Topology of Allahabad Bank Phase-III Network



of 26

The network topology consists of following layers:

• Core Layer: Data Centre (DC) and Disaster Recovery Site (DRS)

• Distribution Layer: Network Aggregation Points (NAPs)

• Access Layer: Offices i.e. branches, ECs, ZOs, Onsite ATMs, Cash Dispensers,E-Lobbys, Training Colleges and Field Inspection Offices (FIOs) etc.

11. Arbitration: If the dispute cannot be settled by mutual discussions within the thirty (30)day period, either party may refer the matter to a panel of three arbitrators. Each partyshall choose one arbitrator, both of whom shall elect the third arbitrator who shall be thepresiding arbitrator. The arbitration proceedings shall be held under the provisions of theArbitration and Conciliation Act, 1996 or any of its subsequent amendments. Thearbitration proceedings shall be in English and the venue of arbitration shall be Kolkata,India.

12. Solicitation of Employees: Both the parties agree not to hire, solicit, or acceptsolicitation (either directly, indirectly, or through a third party) for their employees directlyinvolved in this contract during the period of the contract and one year thereafter, exceptwhen parties may agree on a case-by-case basis. The parties agree that for the periodof the contract and one year thereafter, neither party will cause or permit any of itsdirectors or employees who have knowledge of the agreement to directly or indirectlysolicit for employment the key personnel working on the project contemplated in thisproposal except with the written consent of the other party. The above restriction wouldnot apply to either party for hiring such key personnel who (i) initiate discussionsregarding such employment without any direct or indirect solicitation by the other party(ii) respond to any public advertisement placed by either party or its affiliates in apublication of general circulation or (iii) has been terminated by a party prior to thecommencement of employment discussions with the other party.

13. Core Router/ISDN Fallback Router/Internet Router/NAP Router (Technical SpecsAnnex 2) EAL Requirement : The clause should be read as "Router OS should beEAL 2 (Common Criteria) or equivalent common criteria (network device protectionprofile) certified" instead of "Router OS should be EAL 4 (Common Criteria) orequivalent common criteria (network device protection profile) certified".

14. Com.pdf and Com1.pdf are same.

15. Other Clarifications: Other clarifications/queries raised by the bidders are amended/clarified in the following table. Apart from these queries no other changes are done inthe RFP.



of 26

SerialNo Clause ref Page

No RFP text Query Details Bank's Response

1

6.5.2 Planning,Implementation andConfiguration ofnetwork & securitydevices

25 Periodic SLA reports to be sharedwith the Bank

Vendor assumes the SLAreporting tool would beextended by the customer,please validate

Vendor has to provide SLA reportingtool as part of the solution asmentioned in minimum tech specs.1. Fault Management2. Asset Management3. Remote Control4. Web Network Management5. Utilization Management6. Performance management7. Event Management8. Real Time MonitoringAll should be connected with Bank'sNMS for SLA reporting, Till theequipments are connected to existing/to be procured EMS Solution in future ,Bidder need to provide the necessaryreports either manually or using built intools of equipments to support SLAs.

2 6.7 Network Audit 30

During the tenure of the contract,the bidder shall conduct a networkaudit once in a year on the followingaspects without any cost to theBank

Please let us know if thenetwork audit needs to be doneby a third party or the vendorresources only as the third partycost needs to be built inotherwise

Vendor has to provide audit servicesusing Third party resources within thescope of Facility Management.

3 CoreRouter/53/Annex 2 2

The router shall support at least100k queues to offer granular QoS,policing and shaping capabilities.

Pls amend the clause to 'Therouter shall support queues tooffer granular QoS, policing andshaping capabilities.'

The router shall support at least 100kqueues / 8 queues per interface to offergranular QoS, policing and shapingcapabilities.

4

IPSecRouter/6/Annex 2,ISDN FallbackRouter/6/Annex 2

4 Should have 256Mb flash andshould be upgradeable to 2GB

Pls amend the clause to 'Shouldhave 256Mb flash and shouldbe upgradeable to 1GB'.

Accepted. The Clause should be readas "Should have 256Mb flash andshould be upgradeable to 1GB".

5 IPSecRouter/13/Annex 2 4

Shall have 3500 IPSec Tunnels inDC-DR Routers from day-1incremental to 6000 IPSec tunnelsduring the contract period

Pls amend the clause to 'Shallhave 3500 IPSec Tunnels inDC-DR Routers from day-1.'

The point should be read as "Shallhave 2500 IPSec Tunnels in DC-DRRouters from day-1 incremental to3000 IPSec tunnels during the contract



of 26



period".

6 IPSecRouter/47/Annex 2 5

Shall support embedded eventmanager that enables automation ofmany network management tasksand directs the operation of routerOS to increase availability, collectinformation, and notify externalsystems or personnel about criticalevents.

Pls remove this clause.

This is a normal GUI feature supportedby all leading OEMs, however with thehelp of external NMS bidders are alsoallowed to propose their solution.

7 ISDN FallbackRouter/15/Annex 2 6

Shall support onboard voice andvideo capable digital signalprocessor

Pls amend the clause to 'Shallsupport onboard voice capabledigital signal processor.'

Accepted. The clause should be readas "Shall support onboard voicecapable digital signal processor."

8

InternetRouter/7/Annex 2,NAPRouter/7/Annex 2

8 Should have 256Mb flash andshould be upgradeable to 2Gb

Pls amend the clause to 'Shouldhave 256Mb flash'.

Accepted. The clause should be readas " Should have 256Mb flash andshould be upgradeable to 1Gb."

9 InternetRouter/12/Annex 2 8 Shall support performance of 300

Kpps for 64 Byte packet.

Pls amend the clause to 'Shallsupport performance of 500Kpps for 64 Byte packet.'

This is the minimum specs and anyenhancement proposed by bidder/OEM is acceptable.

10 InternetRouter/48/Annex 2 9

Should have support for in-built/external voice call processingin the event of WAN link failure tocentral call processing Enginecapability for IP phones

Pls remove this clause. This Clause may be treated as deletedfrom RFP.

11 CoreSwitch/7/Annex 2 12 Multicast Routing entries at least:

20000

Pls amend the clause to'Multicast Routing entries atleast: 2000.'

Multicast Routing entries at least:15000

12 Layer 2Switch/11/Annex 2 27

Centralized VLAN Management.VLANs created on the CoreSwitches should be propagatedautomatically.

Pls amend the clause to'Centralized VLAN Managementthrough NMS. VLANs createdon the Core Switches should bepropagated automatically or this

RFP requirement stands. However,equivalent feature is acceptable.



of 26



feature can be achieved throughNMS.'

13

Annex 2 -TechnicalSpecification:Internet Router

8Should support Netflow, S-Flow, R-Flow, C-flow, J-Flow, Netstreamfeature etc.

The functionality of all thefeatures and protocols are sameand they are supported bydifferent OEM with differentnames. For example for Cisco itis Netflow, for Juniper it is J-flow. Hence request you tomodify it to "Should supportNetflow/S-Flow/R-Flow/ C-flow/J-Flow/ Netstream feature etc".

Should support Net flow/S-Flow/R-Flow/ C-flow/ J-Flow/ Net stream orequivalent feature.

14

Annex 2 -TechnicalSpecification:Internet Router

8 Shall support performance of 300Kpps for 64 Byte packet.

300 Kpps for internet router istoo low, request you to increaseit to at least "500 Kpps for 64byte".


15

Annex 2 -TechnicalSpecification: CoreSwitch

12 MAC addresses support: 75,000

75000 MAC address is too highfor a core switch, request you tochange it to "MAC addressessupport: 50,000".

Minimum MAC addresses support:50,000; however, better configuration isacceptable.

16

Annex 2 -TechnicalSpecification: WANOptimizer(CompressionEngine)

11

Should not be bottleneck to achievethe bank’s objective of meeting RPOof 15 minutes for data to bereplicated from DC to DR and alsobe able to complete Bank’s EODwithin theagreed SLA levels, viz.. EOD –4Hrs, EOM – 6 Hrs, EOY – 8 Hrs

Compression & optimizationachieved by WAN OP devicesare dependent on traffic type &pattern. Traffic with higher de-duplication data will get highercompression / optimization,resulting in improved RPO. Itwill be very difficult to commit toa number at this stage / withoutsufficient info at hand. Hencerequest you to kindly removeRPO values from the productspecifications. Also Request youto kindly delete all SLA related

RFP requirement stands. RPO/RTOand other parameters are required tobe considered as part of the SLA.



of 26



specs from the WAN Optimizerspecification in the RFP. This isnot a WAN Optimizer featureand also SLA will be dependenton so many other parametersand conditions, hence kindlydelete this from the WANOptimizer specs.

17

Annex 2 -TechnicalSpecification: WANOptimizer(CompressionEngine)

11

Bank’s Current Replication LinkBandwidth is 54 Mbps, Daily LogData is around 250 GB , Month EndLog Data is around 450 GB.Considering a 30% increase in theDaily & Monthly Data YOY andincrease of replication bandwidth to100 Mbps shortly and may factor a30% incremental growth YoY,Bidder needs to size and provide aWAN Optimiser/Compressor devicein HA mode at DC & DR both, whichcan compress and replicate the datafrom DC to DR within the specifiedtime and meet the required RPO of15 Minutes and specified RTO of 2hours.

As highlighted in point 5 & 6.WAN OPT device of 500 MbpsWAN capacity will reach 40%load capacity in 5th year ofoperation assuming 54 Mb linkcurrently & 30% yoy growth.Also it will be very difficult tocommit RPO of 15 Minuteswithout sufficient information athand. Hence request you tokindly remove RPO/ RTOvalues from the productspecifications.

RFP requirement stands. RPO/RTOand other parameters are required tobe considered as part of the SLA.

18

Annex 2 -TechnicalSpecification: AAASERVER

32It must support Downloadable IPACLs, vlan assignment, NetworkAccess Filtering (NAF) etc

NAF is no more used for anyACS integration and hencerequest you to kindly delete itfrom the specs. Request you tochange the specification to -"Itmust support Downloadable IPACLs, vlan assignment, etc".

Accepted, The clause should be readas "It must support Downloadable IPACLs, VLAN assignment, etc."



of 26



19 6.2.7.3 19

Perimeter firewall at DC & DRCThe existing perimeter firewalls(make: Checkpoint model: IP560) atDC & DRC has been declared Endof Support from 31-12-2018.Vendorneeds to factor for smart defensewith required updates for abovementioned perimeter firewall tillexpiry.Vendor is required to providecomprehensive onsite AMC supportfor the component at DC & DRCand ATS for associated software asmentioned in Annexure-9 from 7thApril 2015 till the end of the contractfollowed by replacement of thesame with a perimeter firewall. Alsovendor is required to factor AMC /ATS post implementation till the endof the contract period. The Biddershould propose the perimeterfirewall of different make from MZfirewall make.

Can we use existing CheckPoint licenses, Smart Defensewith updates, Configurationsand features and replace onlyunderlying IP560 hardware onday1 with Check Point hardwareas per perimeter firewallspecifications?

As IP560 hardware is alreadyend of sale and there will beissues in memory or CPUupgrade as spares are notavailable for sale, which mightbe required to upgrade systemto latest Check Point softwareversion. Check can give anoption with latest OS for buyback of old box on Day 1.

Existing Check Point firewall will bereplaced in Phase-III, as there is aprovision of IPS in RFP so smartdefense is not required at this point intime.Bidder should factor the Smart DefenseLicenses in the proposed replacementof Check Point Firewall in Phase- III.

20

Annex 2 -TechnicalSpecification:Internal IPS,External IPS.

21, 24,25

Internal IPS - IPS throughput shouldbe 4 Gbps, external IPS hasInspected throughput of 5 Gbps

As the throughput of externalIPS is more than the internalIPS, hence request you toconsider internal IPS as externalIPS and external IPS as internalIPS.

Functionalities between internal andexternal IPSs have been interchangedas number of concurrent sessions inInternet Banking/Mobile Banking wouldbe lower than number of concurrentsessions in Core Banking.

21 RFP-Page 15, 4.Project Scope (4.1) 15

4. PROJECT SCOPE:4.1 The scope of work includedesign, procurement, deployment,installation, performance tuning, andfacility management of existing,upgraded/replaced network &security components at DC/DRS

Please provide present networkarchitecture & port details forDC, DRS & NAPs, Branchesincluding all WAN links in orderto have complete understandingof the existing network.

Network architecture is shared as partof corrigendum. Bidder may conductdetail site survey both at DC & DR forcomplete understanding, if required.



of 26



during the period of contract so asto be able to achieve the adequateservice levels described herein

22RFP-Page 71-SECTION V, &Annexure 2

71 Layer 3 Switch, Phase I, Total 7Nos.

In Annexure 2, Layer 3 Switches- "Technical Requirements" aremissing. Kindly incorporate theTechnical Requirements for L3switches.

Fully managed 48 x 10/100/1000 with 4- SFP ports (all ports should bepopulated with 1000 Base SX fromDay-1) with Wire Speed throughput, fullL3 functionality including IPv4 and IPv6routing (static and major dynamicrouting protocols ). The switch shouldbe of same make as the otherproposed switches and manufacturershould in the Gartner's Leaders/Challengers Magic Quadrants.

23

Annexure 2,TechnicalSpecification: CoreRouter

1

Interface10 x 1000 BaseT ports distributed inminimum two interface cards.4 x 10G Base-SR ports distributedin minimum two interface cards.

Please provide clarity on theseports requirements and sharethe present & Planned networkdetails.

Network architecture is shared as partof corrigendum. Further, the existingNetwork & Security equipment detailsalready provided as part of the RFP.Bidder may conduct detail site surveyboth at DC & DR for completeunderstanding, if required.

24 Annexure 9 1 Bill Of Materials

BOM contains only active items,Racks and RFP is silent onPassive requirements andarrangements. Please confirmwhether bank will beresponsible for necessarypassive readiness forinstallation of active devices.

Rack (if any additional required) will beprovided by Bidder. Also, bidder has tocheck required rack space at DC & DR.Also bidder has to provide necessarycables, passive components like fiber,copper patch cord etc as required.



of 26



25 RFP-Pt.4, ProjectScope, Clause 4.8 15

4.8The Bidder has to size theequipment based on volumetricgrowth & service levels agreed withthe bank. At any point during thetenure of the contract, the hourlyaverage network & security deviceutilization should not exceed 70% ofthe capacity. In case the saidutilization exceeds 70% of thecapacity thrice a month, then theBidder has to provideadditional/higher capacityequipment from same OEM, within 2weeks, at no extra cost to the Bank

Suggested to change/removethe clause as activity in theentire network can't becontrolled and there may besudden unplanned activity whichmay increase the networkutilization.

Account wise growth is alreadyprovided. Bidder needs to calculateperformance during sizing accordingly.

26

Annex 2 -TechnicalSpecification:LOAD BALANCER

29 Should have minimum 8 GB RAM

For an appliance to provide 15Gbps throughput it isrecommended to have higherRAM. Hence please change thespec to “Should have minimum48 GB RAM”

Should have minimum 16GB RAM.However, scalability option should beavailable as per sizing, volumetricprojection and throughput of thedevice.

27

Annex 2 -TechnicalSpecification:LOAD BALANCER

30 Should support up to 3.5 Gbps ofcompression throughput

It is recommended to havehigher compression throughputon the appliances so as toachieve better performanceenhancement for the loadbalanced applications. . Henceplease change the spec to“Should support up to 5 Gbps ofcompression throughput”


28 InternetRouter/12/Annex 2 8 Shall support performance of 300

Kpps for 64 Byte packet.

Pls amend the clause to 'Shallsupport performance of 500Kpps for 64 Byte packet.'


29 InternetRouter/48/Annex 2 9

Should have support for in-built/external voice call processingin the event of WAN link failure tocentral call processing Engine

Pls remove this clause. This Clause may be treated as deletedfrom RFP.



of 26



capability for IP phones

30 Annexure-2External IPS 25

The solution must employ fullanalysis of at least 303 differentnetwork protocols and 151 data fileformat that are commonly utilizedover the internet. Providereferences.

Kindly eliminate the specificfigures to make it generic, sothat all the reputed OEMs canparticipate

The point should be read as "Thesolution must employ full analysis ofdifferent network protocols and data fileformat that are commonly utilized".

31 Annexure - 2 /Internal IPS 23

The management platform must bedelivered in virtual appliance formfactor (management system and UImust provide the same features andfunctions as in the physicalappliance).

should proposed solutionsupport to have all managementfeatures on IPS appliance? Andcan we propose a dedicatedmanagement

Modified clause- "The managementplatform must be delivered in virtualappliance form factor or a dedicatedappliance (management system andUI must provide the same features andfunctions as in the physical appliance)"

32 67 - 17 67 Site PreparationWhich Site Preparation is underthe Scope of Bidder when DCand DR already existing

Site Preparation may be read asreadiness of existing site with respectto the installation, configuration andintegration of the proposed equipments& required cabling and other passivecomponents.

33 14 42 Manufacturer's Authorization Form

Please clarify that therequirement of MAF isapplicable only for Newdeployment/ Procurement &Installation & not for the currentinstalled equipments

MAF is applicable only for Newdeployment/ Procurement & Installation

34 6.4 Clause a 22

The Warranty, (ATS/AMC) shouldbe back to back from OEM onsiteand comprehensive in nature with(24 x 7) service support includingspares replacement/repair, patchupgrades .

Please clarify what do you meanby ATS ? Does this includeSoftware licensing & renewal ?

Yes (all the licenses under the scopeof the work) included. Back to Backconfirmation letter from OEM in thisregard to be submitted. All licensesprovided under the scope of workshould be perpetual in nature.



of 26



35 1.1-S.No. 16 71 Device Monitoring, Managementand Audit Tool

Is the requirement of HelpdeskTool/ Ticketing Tool orMonitoring Tool ? And what kindof reports are required to beavailable from tool

Monitoring tool provided by the biddershould be self sufficient to provide allthe monitoring related reports for theproposed equipments to be provided tothe Bank; End to End SLAmanagement is vendor's responsibility.

36 6.2.7 19

Vendor is required to supply, install,configure and providecomprehensive onsite warranty &AMC support to network & securityequipments defined in the RFP

For equipments that havereached End of Support Life orwill be declared during thecontract period-The supportfrom OEM would be availableon best effort basis in case thesupport is not available fromrespective vendor for thespecified equipment

FM support on best effort basis for theequipments which are already End OfSupport till their replacement. For all in-support equipments, bidder need quoteAMC/ATS/FM with SLA binding.

37 Annexure 26 -Checklist ofdocuments

105

Please confirm whetherAnnexure 11 (Contract Form),Anneuxre 2 (PerformanceSecurity), Annexure 16(Undertaking of Authenticity forsupply of equipment& services),Annexure-16 (Proforma ofcertificate for issue by thepurchaser after successfulcommissioning of the suppliedgoods), Annexure-19 (Non-Disclosure Agreement) have tobe submitted along with the bidor post Contract signing

All these documents should besubmitted/executed by the successfulBidder on issuance of LOI/PurchaseOrder.



of 26



38Annexure - 2Minimum TechnicalSpecifications :External IPS

255. The appliance must scale tosupport up to 20 x 1 GigabitEthernet interfaces

It is highly recommended that aNIPS appliance should be ableto adapt to higher networkthroughputs along with interfacespeeds. Hence, as a part of thebanking environment the IPSsolution should be able tosupport higher interfacethroughputs of 10 Gig too.hence, kindly rephrase theclause to " The appliance mustscale to support up to 8 x 1Gigabit Ethernet and 4x 10Gigabit Interfaces"

RFP requirement stands. However, andany enhancement proposed by bidder/OEM is acceptable.


25

29. The solution must supportNetwork Access Policies to controlusers access to a Web Applicationand the actions (i.e. upload files,post comments, view movie clips)that are permitted, within the sameappliance.

This is not a feature of NetworkIPS solution and is afunctionality of a Web GatewaySolution. Also this is specific toa particular OEM. Hence, kindlyremove this clause.

This Clause may be treated as deletedfrom RFP.


25

30 The solution must supportNetwork Access Policies to controlthe users access to a specific URLCategory. As an example, block theusers access to Social Media sitesusing a URL Category, within thesame appliance.




2531 The solution must support 15Billion URLs across 68 categories,within the same appliance.


This clause may be treated as deletedfrom RFP.



of 26




25

33 The solution must supportNetwork Access Policies to controlusers access to a website based onDomain Certificate Category, withinthe same appliance




25

34 The solution must be able todecrypt HTTPS access to theTwitter main website and blockaccess to a specific member site i.e.https://twitter.com/metasploit, withinthe same appliance.




26

53. The appliance must be have thefollowing Electro-magneticcompatibilitycertification/declarationFCC Class A,Industry Canada Class A,AS/ NZS CISPR 22 Class A,EN 55022 Class A (CE Mark),EN 61000- 3- 2 (CE Mark),EN 61000- 3- 3 (CE Mark),EN 55024 (CE Mark),VCCI Class A,KCC Class A,GOST Class A,GB9254 Class A,GB17625.1

This is specific to a particularOEM. Hence, kindly remove thisclause.

This point shall be read as "Theappliance must have the followingElectro-magnetic compatibilitycertification/declaration FCC Class A,Industry Canada Class A,AS/ NZS CISPR 22 Class A,EN 55022 Class A (CE Mark),EN 61000- 3- 2 (CE Mark),EN 61000- 3- 3 (CE Mark),EN 55024 (CE Mark),VCCI Class A,KCC Class A,GOST Class A,GB9254 Class A,GB17625.1or equivalent"

45 4.7 15

The successful Bidder shall conductpreventive maintenance (includinginspection, testing, satisfactoryexecution of all diagnostics,cleaning and removal of dust anddirt from the equipment andnecessary repairing of the

This willl require a largedowntime of all devices at Dc &DR.is bank ok to provide theplanned downtime for thisactivity ?

This should be done at DC during DRdrill and can be done at DR anytimewith a planned and approveddowntime.



of 26



equipment) once at least in every 90days in addition to the normalmaintenance required

46 5/Project Timelines 16

The Bank, at its discretion, shallhave the right to alter the deliveryschedule and quantities based onthe implementation plan. This will becommunicated formally to theBidder during the implementation, ifa need arises.

The delivery schedule andquantity needs to be freezed atthe time of issuing PO to bidder,this cannnot be changed lateras the bidder will be releasingPO to his vendors and it will bedifficult to make changes andabide to the timelines mentionedin RFP.

The delivery schedule and quantity willbe finalized at the time of issuance oforder confirmation. However, if there isneed of any changes after issuing theconfirmation letter , the same will bemutually discussed and finalized.

47 5/Project Timelines 16

Bank reserves the right to changelocation of installation at a later datewith prior intimation to the Bidder.Transportation and TransitInsurance cost for relocation of thehardware if already delivered at thespecified location will be at theBank’s cost.

1) Bidder needs to check withOEM, if Support can beprovided at new location.2) Also SLA levels cannot bemaintained at the new/changedpremises, in case of a remotelocation. New SLA has to bearrived after mutually discussingwith bidder.

In case of remote location wherebidder/OEM support office is notpresent, SLA levels shall be discussedand finalized mutually.

48 6.1.3 17

Facilities Management: Vendor isrequired to carry out activities butnot limited to given in the followingtable: • Network & Securityequipment deployment,configuration, patch managementetc at DC / DRS as part of the RFP• -Coordinating with Network SI /SOC / Facility Manager for resolvingRouting, Switching, connectingCommunication Links related issuesat DC/DR side to the branches/

Need clarification on connectingcommunications links relatedissues at DC/DR in case of thirdparty provider.

Co-ordination/Assisting the Bank /Bank assigned vendor forcommunication links would be theresponsibility the bidder.



of 26



offices, etc .

49 6.1.5 17

The provided network & securityequipments and its associatedmanagement and monitoringsoftware should be provided withone year on-site warranty which willstart from the date of acceptance ofthe network & security equipmentsafter being installed and tested

1) Pls elaborate on monitoringand management SW.Is it EMS?2) The warranty start date to bestarted from date of installationof a particular equipment.

1. It is a centralized managementsolution which effectively monitors andmanages the specific device.2. RFP term stands.

50 6.2.2 18

The Vendor should make sure thatthe solutions being provided arecomplying with the security policiesprevalent in the Indian PSU bankingenvironment, regulatorycompliances and the Industry’sleading practices.

The new equipments to besupplied will be as per currentsecurity policies prevalent inbanking environment. Howeverfor any new security policyannounced bygovernment/regulatory bodies,the required feature may not beavailable in the new and existingdevices. Bank will have toprocure the same.

The Vendor should make sure that thesolutions being provided are complyingwith the current security policiesprevalent in the Indian PSU bankingenvironment, regulatory compliancesand the Industry’s leading practices.

51 6.4/m 22

In case The Bank desires to get thewarranty / AMC services deliveredby their appointed Vendor orSystem Integrator, then the OEMshall transfer such warranty / AMCservices to that preferred Vendor atno additional cost to The Bank

Pls Clarify

In case, the selected bidder fails tomeet the SLA and performance of thebidder is not satisfactory then the Bankmay exercise this option. In that caseOEM shall transfer such warranty /AMC services to that preferred Vendorat no additional cost to The Bank..



of 26



52 23

Provide support during periodical ISAudits of the Bank and also rectifythe deficiencies pointed out duringIS Audit at no cost to the Bank.

what if auditor proposes toinstall certificates, licences orsoftware or any chargeablecomponent, will bank procurethe requiredsw/hw/licence/certificate for this?

Any item not in the current scope ofRFP would be taken care by the Bank

53 6.5.2 25The bidder shall also undertakerequired upgrade of the equipmentfrom time to time

How can the bidder provideequipment upgrade from time totime. Please clarify.

For example if on today's scenario witha 2800 branches network if there is aRAM requirement of 2GB and afterreaching 4000 branches network if theRAM requirement goes to 4GB bidderneeds to upgrade / replace the RAM orbidder needs to upgrade / replace thebox (if required).

54 6.5.2 26

Periodic / on demand reports relatedto network & security activities in theprescribed format to be provided tothe Bank

what is the time frame in whichexisting EMS tool will beavailable for bidder's use ?

RFP requirement stands. These reportsare to be made available fromassociated tools with proposedsolutions.

55 21/OrderCancellations 67

21.1 Delay in delivery andinstallation of beyond a period of 45days from the date of purchaseorder.

Point clashing with Timelinesmentioned earlier in RFPdocument.

The point should be read as "21.1Delay in delivery and installation ofequipments beyond a period of 8weeks from the date of notification ofaward would attract LD equivalent to0.5% of the delivered price of thedelayed Goods or unperformedServices until actual delivery orperformance, per week or part thereofsubject to maximum deduction of 10%of the overall contract value. Once themaximum is reached, the Bank mayconsider termination of the contract.”



of 26



56

1.1/Supply,Installation andCommissioning ofNetwork andSecurityequipments will bedone in threephases as under:

71a) Phase I Equipment shall besupplied within six weeks ofnotification of award

Point clashing with Timelinesmentioned earlier in RFPdocument.

The point should be read as "a) PhaseI Equipment shall be supplied within 8weeks of notification of award".

57Annex 2 -TechnicalSpecification: AAASERVER

32

Windows Active Directory andWindows NT database support toconsolidate Windows username andpassword management and usesthe Windows PerformanceMonitor for real-time statisticsviewing.

Windows NT has becomeobsolete now and hencerequest you to kindly delete itfrom the spec. Request you tochange the specification to -"Windows Active Directorysupport to consolidate Windowsusername and passwordmanagement and uses theWindows Performance Monitorfor real-time statistics viewing."

Accepted. The clause should be readas "Windows Active Directory supportto consolidate Windows username andpassword management and uses theWindows Performance Monitor for real-time statistics viewing."

58 Annexure 6 78 Details of Offices

Is bidder required to haveoffices in the region whereHardware needs to bedelivered.

Bidder has to provide details of Officesin India.

59 Annexue 7 79 Service Support details Whose Service Support OEM orbidder ? Bidder

60 Sec II,Clause 6.4 21 Warranty, AMC and ATS We request addition of standardexceptions and exclusions. RFP requirement stands

61 Clause 6.6 29 Monitoring and Audit

We request that the audit shouldbe with a prior notification of atleast 15 days during the normaloffice hours of the Bidder at thecost of the Bank subject to theconfidentiality and securityterms of the Bidder.

If external auditors/ specialists

15 days accepted.

Individual audit agencies are expectedto be appointed; they are not SystemIntegrator.



of 26



are appointed, they shall not bethe competitors of the Bidder.

62 RFP, NetworkEquipment at DC &DRC, 6.2.7

19

The Bidder should propose the MZfirewall of different make fromperimeter firewall (existing /proposed). Also to be noted thatbidder is required to provision IPSand Firewall of different make in thesame layer

Existing Perimeter firewall ischeckpoint IPSO which is goingto be there till Dec 2018. Thatmeans Checkpoint is ruled outfor MZ at this time.

Bidder's assumption is correct.

63 RFP, NetworkEquipment at DC &DRC, 6.2.7

19

Vendor needs to factor for smartdefense with required updates forabove mentioned perimeter firewalltill expiry.

Please share Checkpointaccount details to getsubscription information fromCheckpoint.

Not required at this point.

64

RFP, ANNEXURE9 - Price Schedulefor theitems/services tobe purchased

81 NW-SEC DC-DR Procurement

we understand this comprisescomplete network and securityinfra given in Schedule ofRequirements (Pg 71) exceptNAP Router and NAP switch.Please confirm

Bidder's assumption is correct.

65

RFP, ANNEXURE9 - Price Schedulefor theitems/services tobe purchased

81 NW-SEC DC-DR Procurement

Phase III is starting only at April2018. Please advise if you areexpecting bidder to quote nowfor items which are to be to beprocured in 2018.

Bidder's assumption is correct. TCOwould be considered as per the quote.

66

RFP, section-II(ITB), NetworkEquipments at DC& DRC, clause refno. 6.2.3

18

The throughput of Core Router,IPSec Router, Firewall, IPS, LoadBalancer need to be assessed forsufficiency and final throughput afterenabling all functions like IPS,Antivirus, Anti-bots, etc and

Please elaborate this 40%-50%criteria

RFP requirement stands; it is from theexperience that all the devicesperformance go down once all servicesare put to use. Vendor needs toadequately size the devices which donot drop below the envisaged



of 26



ensuring that the same should notdrop below 40-50% as originallyenvisaged.

performance level.

67

RFP, section-II(ITB), NetworkEquipments at DC& DRC, clause refno. 6.2.5

18

All the network equipment/devicesshould be compatible for monitoringthrough EMS tool. Bidder should co-ordinate and configure the devicesto the EMS tool (existing/ Bank mayprocure in future )of the Bank duringthe contract period.

Which EMS tool bank is usingnow?

Tivoli; EMS tool configuration would beresponsibility of EMS vendor. In case ofany integration or interfacing would berequired current vendor's scope wouldbe restricted to connect theimplemented devices with EMS tool(tools from major OEMs like CA, HP,IBM etc.). Current vendor needs tosupport, procure and implement in caseof any compatibility issue identifiedduring interfacing / integration at nocost to the bank.

68

If Bank will procure EMS tool infuture from other vendor, thenthey will be responsible fordesign and configuration ofEMS tool. Please confirm.

69

RFP, section-II(ITB), NetworkEquipments at DC& DRC, clause refno. 6.2.7.6

20

The existing compression enginesat DC & DRC have been declaredEnd of Support from 31-05-2015and 01-04-2018.Vendor is requiredto supply, install, configure andprovide comprehensive onsite AMCsupport for the compression engine/ WAN optimization engine at DC &DRC and ATS for associatedsoftware.The Vendor is required tosize hardware year-wise (if required)to meet the Bank’s 15 Min RPO fordata replication between DC & DRand 2 Hrs. RTO for disastermanagement.

We assume that this WANoptimization engine is used onlyfor DC and DR traffic. Pleaseconfirm

Yes; it is being used for DC and DRCreplication traffic.

70 RFP, section-II(ITB), Warranty,AMC & ATS,

22 Provide adequate spares for thecritical components of the hardware.

Will bank pay for consideredspares? There is no line items inthe commercial format for

Bidder need to maintain spares to meetthe SLAs.



of 26



clause ref no. 6.4.g spares. Where the spare costwill get included?

71RFP, section-II(ITB), Warranty,AMC & ATS,clause ref no. 6.4.s

23

Provide support during periodical ISAudits of the Bank and also rectifythe deficiencies pointed out duringIS Audit at no cost to the Bank.

This support will be only forproducts supplied to meet thisRFP requirement

This support will be only for productssupplied/ in-support equipments,services and maintained to meet thisRFP requirement

72RFP, section-II(ITB), FacilityManagement,clause ref no. 6.5.1

24

The service level should be at parwith DC, when the system isoperational from DR Site. Dataarchiving, restoration and purgingshould be SLA driven responsibilityof the solution implementer.

Please provide more informationon how Network and Securitysolution owner can beresponsible for Data archiving,restoration and purging.

In case of configuration data, log datarelated to DC and DRC site the vendorwill be responsible for archiving,restoration and purging.

73

RFP, section-II(ITB), FacilityManagement-Planning,Implementation andConfiguration ofnetwork& securitydevices, clause refno. 6.5.2

24

The network design should enablefunctioning of both the client serverand web based applicationsdeployed/ to be deployed by theBank. The network design should bescalable and meet the performancerequirements of the Bank bysupporting data, voice and videoconferencing (through LL/ ISDN/RF/ WLL/CDMA/VSAT links, etc)traffic in a converged MPLS basedVPN network environment andVSAT network

Will design be only for DC, DRCand NAP or it has to includebranches also? As per this RFP,bank intends to keep same 3-tier architecture (DC-NAP-Branch). In case design will bebased on MPLS L3 VPN, thenwho will be responsible to makechanges at branch side

Bidder is responsible for configuration /re-configuration of all network &security equipments at DC/DRC sitewith respect to any changes in networkdesign during the tenure of thecontract. Bidder is also responsible toguide/assist the bank/ bank assignedvendor for configuration/ changes atbranch/NAP in this context.

74


24

The Bidder has to ensure end-to-end encryption for all traffic (exceptfor Voice and Video) at DC/DRSside to provide security in thecommunications in coordination withthe Application software vendor.

We assume that in the existingrouters of branches, encryptionis already enabled. Pleaseconfirm. In case answer is "no",then who will be responsible forenabling encryption at branchside?

Enabling of encryption at DC/DRC siteis responsibility of the bidder. Bidder isalso responsible to guide/assist thebank/bank assigned vendor forencryption at branch/NAP in thiscontext.



of 26



75


25

Installation/re-installation, Maintain,Monitoring of all the Network &Security equipment atDC/DRS/NAP.

Do we need to consider anyfacility manager at NAP?

Not required, but NAP offsitesupport/remote monitoring anddiagnosis is required.

76


25

Resolve/ Co-ordinate the issuesrelated to Network & SecurityInfrastructure at DC/DRS related toNAP/Branches/various offices etc

In case of issue atbranches/offices, who will beresponsible to resolve theissues?

Bidder is responsible to guide/ assistthe Bank/Designated vendor forresolving issues at branches/offices.

Responses towards all other queries /clarifications/clauses raised by the bidders may be treated as “RFP Requirement Stands”

***End of the Document***

allahabad bank€¦ · all should be connected with bank's nms for sla reporting, till the...

Documents