enterprise infrastructure solutions (eis) · 2020-04-24 · this proposal includes data that shall...

Disclosure Statement:

This proposal includes data that shall not be disclosed outside the Government and shall not be duplicated, used, or disclosed—in whole or in part—for any purpose other than to evaluate this proposal. If, however, a contract is awarded to this offeror as a result of—or in connection with—the submission of this data, the Government shall have the right to duplicate, use, or disclose the data to the extent provided in the resulting contract. This restriction does not limit the Government’s right to use information contained in this data if it is obtained from another source without restriction. The data subject to this restriction are contained all sheets this proposal.

Volume 1 — Technical

Enterprise Infrastructure Solutions (EIS)

Solicitation #QTA0015THA3003

Submitted To: GSA Office of Integrated Technology Services 1800 F Street, NW, 4th Floor Washington, DC 20405

Submitted By: BT Federal Inc. Tony Wellen, Chief Financial Officer (CFO) 11440 Commerce Park Drive, Suite 100 Reston, VA 20191

March 31, 2017

GSA Network Services 2020 EIS RFP QTA0015THA3003

Volume 1 Technical i Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

Table of Contents

1.0 Network Architecture [L.29.1] ............................................................................. 1

1.1. Understanding [L29.1(A); M.2.1, M.2.1(1)] ......................................................... 9

1.1.1. BT Integrated Network & Other Services .......................................... 11

1.1.2. BT Federal Integrated Management & EIS Services ......................... 13

1.1.3. Service Delivery Points and Service Related Equipment .................. 16

1.2. Quality of Services [L29.1(B); M.2.1(2)] ........................................................... 18

1.2.1. Deliver ............................................................................................... 19

1.2.2. Compliant .......................................................................................... 19

1.2.3. Scalable ............................................................................................ 19

1.2.4. Reliable ............................................................................................. 20

1.2.5. Resilient ............................................................................................ 20

1.3. Service Coverage (for CBSA-Dependent Services) [L29.1(C); M.2.1(3)] ......... 21

1.4. Security [L29.1(D); M.2.1(4), C.1.8.7] .............................................................. 23

1.4.1. Service-Specific Security Requirements [M.2.1(4-a), C.1.8.7, C.1.8.7.1] .......................................................................................... 23

1.4.2. General Requirements [M.2.1(4-b), C.1.8.7, C.1.8.7.1, C.1.8.7.4, C.1.8.7.7] .......................................................................................... 24

1.4.3. Traffic Identification and Routing Policy [L.29(2c), L.29.2.3; M.2.1(4c); C.1.8.8(3)] ......................................................................................... 33

1.4.3.1. Technical Approach to the Design of Aggregation Services [L.29.2.3 (1-8); C.1.8.8(3)] ............................................................................. 33

1.4.3.1.1. Traffic Identification [L.29.2.3 (1)]: .................................................. 34

1.4.3.1.2. Traffic Redirection [L.29.2.3 (2)]: .................................................... 35

1.4.3.1.3. Non-Participating Agency Traffic [L.29.2.3 (3)] ............................... 37 1.4.3.1.4. Traffic Control Mechanisms [L.29.2.3 (4)] ....................................... 37

1.4.3.1.5. Failsafe Redirection of Traffic [L.29.2.3 (5)] .................................... 37

1.4.3.1.6. GFP Hosting [L.29.2.3 (6)] .............................................................. 38

1.4.3.1.7. Availability of Cleared Personnel [L.29.2.3 (7)] ............................... 38

1.4.3.1.8. Measurement of Transport SLAs & KPIs [L.29.2.3 (8)]................... 38

1.4.3.2. Approach to Aggregation Service Implementation [L.29.2.3; C.1.8.8 (3)] .................................................................................................. 38

1.4.3.3. Approach to Aggregation Service Operations [L.29.2.3; C.1.8.8] ... 39

1.4.4. Risk Management Framework Plans [M.2.1(4), C.1.8.7] ................... 41

2.0 Technical Response - [L.29 (2a), L.29.2.1, M.2.1; C.1.2] ................................. 42

2.1. Data Service [C.2.1] ......................................................................................... 42

2.1.1. Virtual Private Network Service (VPNS) [M.2.1; C.1.2, C.2.1.1] ........ 42

2.1.1.1. Understanding [L.29.1(A); M.2.1(1)] ............................................... 44


Volume 1 Technical ii Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

2.1.1.2. Quality of Service [L.29.1(B); M.2.1(2)] .......................................... 47

2.1.1.2.1. Deliver ............................................................................................ 47

2.1.1.2.2. Compliant ....................................................................................... 47

2.1.1.2.3. Scalable .......................................................................................... 47

2.1.1.2.4. Reliable and Resilient ..................................................................... 48

2.1.1.3. Service Coverage (for CBSA-Dependent Services) [L29.2.1(C); M.2.1(3)] ......................................................................................... 49

2.1.1.4. Security [L29.2.1(D); M.2.1(4a, 4b, 4c(i) through 4c(viii)] ............... 49

2.1.1.5. Service and Functional Description [L.29.2.1(1st bullet); C.2.1.1.1] 50

2.1.1.5.1. Functional Definition [L.29.2.1 (1st bullet); C.2.1.1.1.1] .................. 51

2.1.1.5.2. Standards [L.29.2.1 (2nd bullet); C.2.1.1.1.2] ................................. 54

2.1.1.5.3. Connectivity [L.29.2.1 (3rd bullet); C.2.1.1.1.3] .............................. 54

2.1.1.5.4. Technical Capabilities [L.29.2.1 (4th bullet); C.2.1.1.1.4] ............... 55

2.1.1.6. Features [L.29.2.1 (5th bullet); C.2.1.1.2] ....................................... 58

2.1.1.6.1. High-Availability Options ................................................................. 58

2.1.1.6.2. Interworking Services (Optional) .................................................... 63

2.1.1.7. Interfaces [L.29.2.1 (6th bullet); C.2.1.1.3] ..................................... 63

2.1.1.8. Performance Metrics [L.29.2.1 (7th bullet); C.2.1.1.4] .................... 63

2.1.2. Ethernet Transport Services [M.2.1; C.1.2, C.2.1.2] .......................... 63

2.1.2.1. Understanding [L.29.2.1(A); M.2.1(1)] ............................................ 65

2.1.2.2. Quality of Service [L.29.2.1(B); M.2.1(2)] ....................................... 67

2.1.2.2.1. Deliver ............................................................................................ 67

2.1.2.2.2. Compliant ....................................................................................... 67

2.1.2.2.3. Scalable .......................................................................................... 67


2.1.2.3. Service Coverage [L29.2.1(C); M.2.1(3)] ........................................ 68

2.1.2.4. Security [L.29.2.1(D; M.2.1(4)] ....................................................... 68

2.1.2.5. Service and Functional Description [C.2.1.2.1] ............................... 69

2.1.2.5.1. Functional Definition L.29.2.1 (1st bullet); C.2.1.2.1.1] ................... 70

2.1.2.5.2. Standards [L.29.1 (2nd bullet); C.2.1.2.1.2] .................................... 74

2.1.2.5.3. Connectivity [L.29.1 (3rd bullet); C.2.1.2.1.3] ................................. 74


2.1.2.6. Reserved ........................................................................................ 76

2.1.2.7. Interfaces [L.29.2.1 (6th bullet); C.2.1.2.3] ..................................... 76

2.1.2.8. Performance Metrics [L.29.2.1 (7th bullet); C.2.1.2.4] .................... 77

2.1.3. Optical Wavelength Service [C.2.1.3] ................................................ 77

2.1.4. Private Line Service [C.2.1.4] ............................................................ 77

2.1.5. Synchronous Optical Network Service [C.2.1.5] ................................ 77


Volume 1 Technical iii Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

2.1.6. Dark Fiber Service [C.2.1.6] .............................................................. 77

2.1.7. Internet Protocol Service [C.2.1.7] .................................................... 77

2.2. Voice Service [M.2.1; C.2.2] ............................................................................ 77

2.2.1. Internet Protocol Voice Service [C.2.2.1] .......................................... 78

2.2.1.1. Understanding [L.29.1(A); M.2.1(1), C.2.2.1.1] ............................... 80

2.2.1.2. Quality of Service [L.29. 1(B); M.2.1(2)] ......................................... 82

2.2.1.2.1. Deliver ............................................................................................ 82

2.2.1.2.2. Compliant ....................................................................................... 83

2.2.1.2.3. Scalable .......................................................................................... 84


2.2.1.3. Service Coverage (for CBSA-dependent services) [L29.2.1(C); M.2.1(3)] ......................................................................................... 85

2.2.1.4. Security [L29.2.1(D); M.2.1(4a, 4b, 4c(i) through 4c(viii)] ............... 85

2.2.1.4.1. IPVS Traffic Security ...................................................................... 86

2.2.1.4.2. IPVS/Voice Infrastructure Security ................................................. 86

2.2.1.5. Service and Functional Description [L.29.2.1(1st bullet); C.2.2.1.1] 87

2.2.1.5.1. Service Description......................................................................... 87

2.2.1.5.2. Functional Definition [L.29.2.1 (1st bullet); C.2.2.1.1.1] .................. 89

2.2.1.5.3. Standards [L.29.2.1 (2nd bullet), C.2.2.1.1.2] ................................. 90

2.2.1.5.4. Connectivity [L.29.2.1 (3rd bullet), C.2.2.1.1.3] ............................... 90


2.2.1.5.6. Features [L.29.2.1 (5th bullet); C.2.2.1.2] ....................................... 95

2.2.1.5.7. Interfaces [L.29.2.1 (6th bullet); C.2.2.1.3] ..................................... 98

2.2.1.5.8. Performance Metrics [L.29.2.1 (7th bullet); C.2.2.1.4] .................... 98

2.2.1.6. Managed LAN Service [C.2.2.1.5] .................................................. 98

2.2.1.6.1. Hardware Components and PoE [C.2.2.1.5] .................................. 98

2.2.1.6.2. Management, Maintenance, Repair/Replacement [C.2.2.1.5] ........ 99

2.2.1.6.3. Technical Capabilities [C.2.2.1.5] ................................................. 100

2.2.1.7. Session Initiation Protocol (SIP) Trunk Service [C.2.2.1.6] ........... 104

2.2.1.7.1. Technical Capabilities (C.2.2.1.6.1) .............................................. 104

2.2.1.7.2. Features (C.2.2.1.6.2) .................................................................. 104

2.2.2. Circuit Switched Voice Service [C.2.2.2] ......................................... 104

2.2.3. Toll Free Service [C.2.2.3] .............................................................. 104

2.2.4. Circuit Switched Data Service [C.2.2.4] .......................................... 105

2.3. Contact Center Service [C.2.3] ...................................................................... 105

2.4. Colocated Hosting Service [C.2.4] ................................................................. 105

2.5. Cloud Service [C.2.5] ..................................................................................... 105

2.6. Wireless Service [C.2.6] ................................................................................. 105


Volume 1 Technical iv Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

2.7. Commercial Satellite Communications Service [C.2.7] .................................. 105

2.8. Managed Service [C.2.8] ............................................................................... 106

2.8.1. Managed Network Service [C.2.8.1] ................................................ 106

2.8.1.1. Understanding [L.29.1(A); M.2.1(1)] ............................................. 107

2.8.1.2. Quality of Service [L.29. 1(B); M.2.1(2)] ....................................... 108

2.8.1.2.1. Deliver .......................................................................................... 108

2.8.1.2.2. Compliant ..................................................................................... 108

2.8.1.2.3. Scalable ........................................................................................ 108

2.8.1.2.4. Reliable and Resilient ................................................................... 109

2.8.1.3. Service Coverage (for CBSA-dependent services) [L29.2.1(C); M.2.1(3)] ....................................................................................... 109

2.8.1.4. Security [L29.2.1(D); M.2.1(4a, 4b, 4c(i) through 4c(viii) .............. 109

2.8.1.5. Service and Functional Description [L.29.2.1(1st bullet); C.2.8.1.1] ..................................................................................................... 111

2.8.1.5.1. Functional Definition [L.29.2.1(1st bullet); C.2.8.1.1.1] s/b 2.1.5 .. 116

2.8.1.5.2. Standards [L.29.2.1 (2nd bullet); C.2.8.1.1.2] ............................... 117

2.8.1.5.3. Connectivity [L.29.2.1 (3rd bullet); C.2.8.1.1.3] ............................ 117

2.8.1.5.4. Technical Capabilities [L.29.2.1 (4th bullet); C.2.8.1.1.4] ............. 117

2.8.1.6. Features [L.29.2.1 (5th bullet); C.2.8.1.2] ..................................... 124

2.8.1.6.1. GFP Repair and SRE ................................................................... 124

2.8.1.6.2. Agency Specific Network Operations Center (NOC)and Security Operations Center (SOC) ............................................................. 125

2.8.1.6.3. Network Testing ........................................................................... 125

2.8.1.6.4. Traffic Aggregations Service (DHS Only) ..................................... 126

2.8.1.7. Interfaces [L.29.2.1-6; C.2.8.1.2, C.2.8.1.3] .................................. 127

2.8.1.8. Performance Metrics [L.29.2.1-7; C.2.8.1.4] ................................. 127

2.8.2. Web Conferencing Service [C.2.8.2] ............................................... 127

2.8.3. Unified Communications Service [C.2.8.3] ...................................... 127

2.8.4. Managed Trusted Internet Protocol Service [C.2.8.4, F.2.1 # 5-27] 127

2.8.5. Managed Security Service [C.2.8.5] ................................................ 127

2.8.6. Managed Mobility Service [C.2.8.6] ................................................. 127

2.8.7. Audio Conferencing Service [C.2.8.7] ............................................. 127

2.8.8. Video Teleconferencing Service [C.2.8.8] ....................................... 128

2.8.9. DHS Intrusion Prevention Security Service (DHS Only) [C.2.8.9] ... 128

2.9. Access Arrangements [C.2.9] ........................................................................ 128

2.9.1. Understanding [L.29.1(A); M.2.1(1), F.2.1 # 28] .............................. 128

2.9.2. Quality of Service [L.29. 1(B); M.2.1(2)] .......................................... 129

2.9.2.1. Deliver .......................................................................................... 129


Volume 1 Technical v Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

2.9.2.2. Compliant ..................................................................................... 130

2.9.2.3. Scalable ........................................................................................ 130

2.9.2.4. Reliable and Resilient ................................................................... 130

2.9.3. Service Coverage [L29.2.1(C); M.2.1(3)] ........................................ 130

2.9.4. Security [L29.2.1(D); M.2.1(4a, 4b, 4c(i-viii)] ................................... 130

2.9.5. Service Description [L.29.2.1(1); C.2.9.1] ....................................... 131

2.9.5.1. Functional Definition [L.29.2.1(1); C.2.9.1.1] ................................ 131

2.9.5.2. Standards [L.29.2.1 (2nd bullet); C.2.9.1.2] .................................. 132

2.9.5.3. Connectivity [L.29.2.1 (3rd bullet); C.2.9.1.3] ............................... 134

2.9.5.4. Technical Capabilities [L.29.2.1 (4th bullet); C.2.9.1.4] ................ 134

2.9.6. Features (Access Diversity and Avoidance) [L.29.2.1(5); C.2.9.2] .. 136

2.9.6.1. Access Route or Path Diversity [C.2.9.2] ...................................... 137

2.9.6.2. Access Route or Path Avoidance [C.2.9.2] ................................... 138

2.9.7. Interfaces [L.29.2.1 (6); C.2.9.3] ...................................................... 139

2.9.8. Performance Metrics [L.29.2.1 (7)] .................................................. 140

2.10. Service Related Equipment ........................................................................... 140

2.10.1. Warranty Service (C.2.10.1) ............................................................ 141

2.11. Service Related Labor ................................................................................... 141

2.12. Cable and Wiring ........................................................................................... 142

2.13. External Traffic Routing Requirement [L.29.2.3, C.1.8.8] ............................... 142

3.0 Transition [C.3] .............................................................................................. 144

4.0 Section 508 Requirements [C.4] .................................................................... 145

4.1. Background [C.4.1] ........................................................................................ 145

4.2. Voluntary Product Accessibility Template [C.4.2, F.2.1 # 33] ........................ 145

4.3. Section 508 Applicability to Technical Requirements [C.4.3] ......................... 145

4.4. Section 508 Provisions Applicable to Technical Requirements [C.4.4] .......... 145

4.5. Section 508 Provisions Applicable to Reporting and Training [C.4.5] ............ 147

5.0 Contractual Matters (“Background”) [C.1] ...................................................... 148

5.1. EIS Goals [C.1.1] ........................................................................................... 148

5.2. EIS Scope for Mandatory and Optional Services [C.1.2, M.1.1] .................... 149

5.3. Minimum Requirements for Geographic Coverage [C.1.3] ............................ 149

5.4. Task Orders [C.1.4] ........................................................................................ 150

5.5. Authorized Users [C.1.5] ................................................................................ 150

5.6. Upgrades and Enhancements [C.1.6] ............................................................ 150

5.7. Organization of this Statement of Work [C.1.7] .............................................. 153

5.8. General Requirements [C.1.8] ....................................................................... 153

5.8.1. Organization of EIS Services [C.1.8.1] ............................................ 153

5.8.2. Service Locations [C.1.8.2] ............................................................. 153


Volume 1 Technical vi Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

5.8.3. Performance [C.1.8.3] ..................................................................... 153

5.8.4. Conformity to Standards [C.1.8.4] ................................................... 153

5.8.5. Non-Domestic [C.1.8.5] ................................................................... 153

5.8.6. Interoperability [C.1.8.6] .................................................................. 154

5.8.7. System Security Requirements [C.1.8.7] ........................................ 154

5.8.8. National Policy Requirements [C.1.8.8] ........................................... 155

5.8.9. Technical Support [C.1.8.9] ............................................................. 156

6.0 Technical Volume Documents (Plans) – Attachments ................................... 157

Attachment 1 — EIS Risk Management Framework Plan [L.29.2.2, C.1.8.7] ............... 1

Attachment 2 — MTIPS Risk Management Framework Plan [L.27.2] .......................... 1

Attachment 3 — Acronyms [L.22] ................................................................................. 1

Attachment 4 — Exceptions (None) [L.8] ...................................................................... 1

Attachment 5 — Assumptions and Conditions [L.9] ...................................................... 1

List of Figures

Figure 1-0. BT-GSA Strategic Partnership for the EIS IDIQ ......................................... 1

Figure 1-1. BT-GSA Global Partnership for the EIS IDIQ. ............................................ 3

Figure 1-2. BT-GSA CONUS Partnership for the EIS IDIQ. .......................................... 3

Figure 1-3. BT’s Flexible, Agile Example of Satisfied Complex Customer Requirements ..................................................................................................... 6

Figure 1-4. BT’s Global Services .................................................................................. 7

Figure 1.1-1. BT’s Comprehensive Architecture and Support Infrastructure ............... 10

Figure 1.1-2. BT’s Integrated Network and Other Services ........................................ 11

Figure 1.1-3. BT’s Integrated Management and EIS Services .................................... 14

Figure 1.1-4. BT’s Service Delivery Points and Service Related Equipment .............. 17

Figure 1.3-1. BT Currently Supports 87 CBSAs for Mandatory Services .................... 21

Figure 1.4-1. BT Federal’s Service Boundaries Through Order Process. ................... 24

Figure 1.4-2. BT Federal’s Protected Boundaries. ...................................................... 25

Figure 1.4-3. BT Federal’s Segmentation + Protection of Government Data. ............. 26

Figure 1.4-4. BT Federal’s Traffic Aggregation + National Policy Requirements Architecture ...................................................................................................... 34

Figure 1.4-5. BT Federal’s Segmentation + Protection of Government Data. ............. 40

Figure 2.1-1. BT’s North American Core Network....................................................... 43

Figure 2.1-2. BT’s VPNS (“BT Global IP Connect”) .................................................... 45


Volume 1 Technical vii Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

Figure 2.1-3. BT’s VPNS-Supported Application-based Six (6) CoSs. ....................... 52

Figure 2.1-4. BT’s VPNS Solution for Flexible Application-Based CoS. ..................... 53

Figure 2.1-5. BT “Global Connect” for VPNS. ............................................................. 55

Figure 2.1-6. BT’s IP Connect Support for Dual Stack IPv4 and IPv6 VPNs. ............. 58

Figure 2.1-7. BT VPNS Load Sharing to a Single BT POP. ........................................ 59

Figure 2.1-8. BT VPNS Load Sharing to two BT POPs. ............................................. 59

Figure 2.1-9. BT’s Port Protection and Path Protection Fail-Over. ............................. 61

Figure 2.1-10. Port Protection and POP Diversity Fail-Over. ...................................... 61

Figure 2.1-11. BT’s Internet-Based Fail-Over. ............................................................ 62

Figure 2.1-12. BT’s Satellite-Based Fail-Over. ........................................................... 62

Figure 2.1-13. BT’s North American Core Network. .................................................... 64

Figure 2.1-14. BT’s ETS (“BT Global Ethernet Connect”). .......................................... 65

Figure 2.1-15. BT’s ETS E-LINE EPL. ........................................................................ 70

Figure 2.1-16. BT’s ETS E-LINE EVPL. ...................................................................... 71

Figure 2.1-17. BT’s ETS E-LINE E-Tree. .................................................................... 72

Figure 2.1-18. BT’s ETS E-LAN. ................................................................................. 72

Figure 2.1-19. BT’s ETS E-LAN combined with E-LINE EVPC. .................................. 73

Figure 2.2-1. BT’s Global Voice Network. ................................................................... 79

Figure 2.2-2. BT’s One Voice Hosted Platform. .......................................................... 81

Figure 2.2-3. BT’s “One Voice” Hosted Solution for IPVS. .......................................... 88

Figure 2.2-4. BT’s Site for Typical Managed LAN Service .......................................... 99

Figure 2.8-1. BT’s MNS Organization. ...................................................................... 111

Figure 2.8-2. BT’s Integrated Process. ..................................................................... 113

Figure 2.8-3. BT Federal’s NOC Approach/Solution for MNS. .................................. 115


Volume 1 Technical viii Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

List of Tables

Table 1-1. Overview of EIS and BT Global Services ....................................................... 8

Table 1.3-1. BT’s 87 CBSAs in Alphabetical Order ....................................................... 22

Table 1.4-1. Communication Paths and BT Federal’s Approach to Security Arrangements ............................................................................................ 27

Table 1.4-2. BT Federal’s Capabilities for Additional Security Requirements [C.1.8.7.6].................................................................................................. 31

Table 2.1-1. BT’s 29 POPs in its Core North American Network* ................................. 44

Table 2.1-2. Legend for Components of BT’s VPNS ..................................................... 45

Table 2.1-3. BT’s VPNS Technical Capability and Detail [C.2.1.1.1.4] .......................... 55

Table 2.1-4. BT’s Ethernet Connect QoS Prioritization Classes .................................... 74

Table 2.1-5. BT’s Ethernet Technical Capabilities ......................................................... 75

Table 2.2-1. Mandatory IPVS Features ......................................................................... 95

Table 2.2-2 Mandatory Standard Features .................................................................... 97

Table 2.2-3. BT’s Compliant IPVS Interfaces ................................................................ 98

Table 2.9-1. BT’s Support for Mandatory Access Arrangements per RFP C.2.9.1.4 ... 134

Table 2.9-2. BT’s Compatibility with AA UNIs ............................................................. 139

Table 5.1-1. EIS Goals and BT’s Fulfillment – Technical ............................................ 148

Table 5.8-1. BT Security Responses Per RFP SOW C.2 ............................................ 155


Volume 1 Technical 1 Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

1.0 Network Architecture [L.29.1]

BT Federal looks forward to building a strategic

partnership and co-marketing relationship with the

General Services Administration (GSA) to deliver

Mandatory and Optional Services on the Enterprise

Infrastructure Solutions (EIS) IDIQ via the BT

Global Network and supported by BT Federal

Business Support Systems (BT Federal BSS) as

Figure 1-0 depicts.

BT Federal brings capabilities and experience from supporting GSA Agency customers.

It draws in part on the vast capabilities and experience of parent company BT plc. to

which this federal business unit, BT Federal, adds timely, cost-effective solutions,

developed to meet specific EIS requirements. They include capability and experience in

meeting Service Level Agreements (SLAs) on work of similar size and scope.

Figure 1-0. BT-GSA Strategic Partnership for the EIS IDIQ

Delivers EIS Services via BT Network, processed through BSS, to Agency Customers

Why BT Federal?

Delivers MPLS-based product (BT’s IP

Connect Global) through BT-owned

equipment and managed POPs

Draws on relevant Past Performance

and other projects that meet EIS goals

Provides flexible, agile services that

work with multiple, related contracts



BT Federal

Why BT Federal?

BT Federal is a U.S. based IT services company focused on U.S. Federal Government

customers. BT Federal’s executive management team has a distinguished track record

of both U.S. military and government service and serving well known IT networking and

security-based firms.

With 2014 revenues in excess of $25 billion and 2014 R&D investment of $725 million,

BT Federal’s parent BT plc is one of the 200 largest companies in the world. It serves

more than 80% of the Fortune 500 and 100% of the FTSE100. Its managed networked

IT services business operates globally and delivers locally to help customers in more

than 170 countries. BT delivers its MPLS-based product (BT’s IP Connect Global)

through BT-owned equipment and managed POPs both CONUS and around the world.

BT is a direct descendent of the world’s first commercial telecommunications

undertaking. Founded in 1846, it was the forerunner of the $3.4 trillion IT industry.

Privatized in 1984, BT heralded today’s vibrant, competitive telecommunications

industry. In 2004, BT created a world-leading capability to manage major contracts to

deliver communications and networked IT services globally.

BT operates a large global infrastructure capable of supporting customized network

solutions that optimize the Government’s use of terrestrial and satellite resources (see

Figure 1-1). BT was the first network service provider to launch an award-winning

global MPLS-based network providing a scalable, protocol-independent transport

worldwide. BT currently provides end-to-end managed network services to Government

organizations, multinational corporations, and domestic businesses operating globally.

BT’s network underpins governments, businesses, and consumers with unique breadth

of scope, reach, and capability around the globe. Figure 1-1 and Figure 1-2 depict BT’s

network infrastructure coverage both globally and CONUS respectively. BT brings

communications and networked IT products and services securely, efficiently worldwide.



BT Federal

Delivers EIS Services—and more—to global customers around the world

Figure 1-2.

Delivers EIS Services—and more—to global customers around the world



BT Federal

Innovation

BT is continuously growing its network in both reach and capacity. It is expanding

optical services, MPLS, carrier virtual private network (VPN), Ethernet, Voice, and

satellite infrastructure. BT is adding Internet peering points of presence (POPs) to

further the reach of existing products and to expand portfolio offerings with new services

(e.g., POP mobile access and Cloud services). BT invested more than $725 Million in

Research & Development in 2014 to bring the next generation of network services and

technologies customers as an industry leader.

Examples of BT’s innovation include:

NfV: NfV involves the implementation of network functions in software that can

run on generic computing hardware. These virtual functions can be deployed

anywhere in the network without having to install new equipment. BT will deliver

a virtual appliance to a customer site in minutes where previously it took weeks

to commission and install the hardware version. BT initiated the Network

Functions Virtualization Industry Specification Group (ISG) under the auspices of

ETSI. Open to all including non-ETSI members, the NfV ISG aims to build the

NfV ecosystem, identify common approaches to solve technical challenges and

encourage innovation. The group already includes more than 20 global carriers

plus more than 85 leading equipment and software vendors.

SDN: SDN techniques are orchestrating local area network within datacenters

through provisioning of virtual networking machines. Connectivity to applications

can be turned up at the same time as compute infrastructure and applications. In

the near term, BT sees SDN being used to turn up new connections between the

datacenter and WAN customer sites, to add new in-line services into the network

and new connectivity between locations.

.



BT Federal

EIS Goals

The overarching goal for EIS is to make the resulting contracts as flexible and agile as

possible to meet and satisfy the widely differing requirements of the federal Agencies

both now and for the next decade and beyond.

BT services leverage both global and local relationships in combination with a wholly

owned and operated diverse core architecture to provide Agencies with high

performance through localized access routes, resiliency through diverse core

architecture, and flexibility as a function of a network generation data network

implementation.

The BT network serves as the core infrastructure for Data Centers throughout Europe

and connects partner datacenters throughout the globe. The Diversity and engineered

failover levels of the BT Network enable network architecture to include not just physical

access and core diversity, but Continuity of Operation failover compliance engineered

into the service fabric of the BT Offering. BT One Voice and Internet based Remote

VPN access services enable customers to maintain business and mission capabilities

regardless of the physical presence of its work force.

BT Federal will provide flexible, agile services because BT Federal is itself flexible,

agile, and ready to meet widely differing requirements of federal Agencies, now and for

years to come. As Figure 1-3 depicts

. Based on Federal experience, BT

foresees similar need for high-quality services delivered by highly skilled experts who

can manage and cooperate on complex, interrelated contracts in flexible, agile manner.

GSA Network Services 2020 IS RFP QTA0015THA3003


BT Federal

Figure 1-3.

BT’s commitment to GSA and the Government is to go beyond networks and

infrastructure and offer the Government a partnership based on sharing engineering

expertise and delivering a range of network-centric services that result in outcomes that

enhance value. BT’s value in the partnership is around full life-cycle management in

support of customer’s requirements and overall business imperatives. BT has extensive

experience in mobilizing teams to transition existing infrastructure and/or transform

infrastructure into desired future state.

BT’s goal is to become GSA’s trusted network partner of choice. In support of GSA’s

EIS, BT will provide lifecycle engagement throughout the duration of the program. BT

looks forward to having the opportunity to provide key mission support activities as part

of the EIS program. The BT Team is eager and ready to work directly with GSA

providing telecommunications network connectivity solutions that meet the needs of the

GSA and the U.S. Government Agencies it supports around the globe.



BT Federal

Network Architecture and BT Global Services

BT provides a global standardized

network architecture that will support all

offered EIS services.

BT serves government, business, non-

profit, and consumer customers, who

demand a wide range of services, as

Figure 1-4 shows.

Figure 1-4. BT’s Global Services

Can deliver state-of-the art services (including EIS Services) to Government Agencies.

BT’s Network Architecture

Robust architecture based on global network of

services

Interoperability with Legacy Telco Services

Dedicated BT Federal team for engineering

support and program management

Proven processes and engineering that ensure

service delivery and sustained performance

Secure operations that meet Government

Security-/Information-handling requirements



BT Federal

Each EIS Service maps to a BT corporate service shown in Table 1-1.

Table 1-1. Overview of EIS and BT Global Services

EIS Service BT Complement

Mandatory Services currently bid by BT Federal

Virtual Private Network Service BT One Connect

Ethernet Transport Service BT One Connect

Internet Protocol Voice Service BT One Voice

Managed Network Service BT Compute



BT Federal

BT offers the following:

Mandatory Services that already meet EIS requirements and KPIs (with near-

future plans to extend to Optional Services via contract modifications)

Sustainment of supporting engineering, operations organizations, and

processes to:

Enable services

Ensure service delivery

Sustain service performance

Coverage that includes:

CONUS network for immediate coverage of 87 Core Based Statistical Areas

(CBSAs) plus expansion capability

OCONUS and Non-Domestic network for 60+ countries directly (e.g., with

dedicated or Ethernet access) and another 150+ using Internet-based VPN

services

Security:

Driven by requirements in securing Global infrastructure and securing the

networks of customers

Understanding of Government national security requirements for EIS

Operations in security environments that already meet these requirements

The following details the BT architecture for EIS.

1.1. Understanding [L29.1(A); M.2.1, M.2.1(1)]

BT’s network architecture, shown in Figure 1.1-1, will meet EIS Mandatory Services and

requirements and is structured around the core capabilities, customer access, and

support systems of the BT Global network. In addition to the Mandatory Services and

capabilities for EIS, the architecture enables future service expansion to provide

additional Optional Services and technology refreshment over the life of the contract.



BT Federal

Figure 1.1-1.

Spans from Service Related Equipment and required Access Arrangements to BT’s data

transport and services for a flexible network and secure operational environment



BT Federal

The following is a discussion of the different major elements of BT’s Architecture for EIS.

1.1.1. BT Integrated Network & Other Services

BT’s network provides the fundamental Layer 1, Layer 2, and Layer 3 services that

underlies all BT data network services as well as possess common capabilities needed

to provide service to customer locations.

BT’s network and related services, as Figure 1.1-2 depicts, comprises:

Figure 1.1-2. BT’s Integrated Network and Other Services

BT’s Infrastructure is the Foundation for all Mandatory EIS Network Services

and Future Expansion

Layer 1 Services (Supporting PLS, SONET, and OWS): Using optical network

technology to provide high-performance and high-availability services to enable

BT’s Multi-Protocol Labeled Switching (MPLS) Core plus provide backhaul from

access providers and customer premises.

Layer 2/3 Services (Supporting VPNS, ETS, IPS): Using MPLS to enable one

seamless platform both Layer 2 (e.g., Switched Ethernet) and Layer 3 (e.g., IP

router VPN) as a foundation of BT’s Virtual Private Network and Ethernet

Transport Services, interoperability with Legacy Telco Services as well as access

to Internet Services.



BT Federal

Implemented using commercial best practices and carrier-grade equipment

with processor and power-supply redundancy

BT MPLS Core Routers utilizes dual diverse CPUs and Power supplies and

are inter - connected via multiple High Speed Gigabit Optical Back Bone links

which are diversely routed to ensure maximum availability and resiliency to

provide necessary performance that meet or exceed EIS service performance

metric KPIs.

so traffic stays more local

and enables BT to meet Latency KPIs and to provide POP diversity and

avoidance

60+ Non-Domestic countries for seamless CONUS-OCONUS networking

Carrier-grade routers with built-in redundancy and engineered route-diverse

connectivity to rest of network enables core network to meet Availability KPIs

(e.g. Cisco, Juniper, Alcatel Lucent, etc.)

BT engineering staff, who perform capacity planning and fault analysis to help

BT to meet Grade of Service (Packet Delivery) and Jitter KPIs

Provides transport for other Mandatory Services (e.g., Internet Protocol Voice

Service) and for control information required to support customer premise

based devises under Managed Network Service

BT Access Network: Support for legacy TDM services as well as Ethernet

services to required set of CBSAs. For all access types, BT will work directly with

access providers to supply required access performance to meet EIS KPIs as

well as engineer and deliver required access route diversity in conjunction with

specific route or path diversity requirements.

Traditional Local Exchange Providers (LECs): BT will leverage our

CONUS LEC partnerships to provide best possible access pricing for

traditional TDM based Private Line service (i.e., T1, DS3, etc.) as well as



BT Federal

Synchronous Optical Networking (SONET) and Layer 2 Ethernet Private Line

(EPL) and Ethernet Virtual Private Line (EVPL) services.

Emerging Ethernet Access Providers (MSOs). Services from Multiple-

System Operators (MSOs, AKA Cable Companies) that provide access to

nearly 100 million CONUS customers. These MSOs typically do not share

access and routes with Traditional Local Service Providers, thus enhancing

diversity options where available. The BT network incorporates an increasing

set of MSOs, which enables BT’s use MSO’s flexible, cost effective network

access solutions to provide Agencies with resilient networking services.

Wireless: Includes Wi-Fi, Mobile (e.g., 4G, Line of Sight), to Satellite services

PSTN: Global connectivity to the CONUS and Non-Domestic Public

Switched Telephone Network (PSTN)

Internet: Internet provider in CONUS and Non-Domestic

Hosting and Cloud: Extensive Hosting Cloud services for Agencies, which

BT uses to support its own operations and services

1.1.2. BT Federal Integrated Management & EIS Services

The BT EIS Architecture provides an environment that enables full operations support

for all mandatory and optional EIS services.

As Figure 1.1-3 shows, BT provides management and services in distinct security

domains to meet Government information assurance requirements:

Global Services – 3rd Party Access and Services: Support for legacy TDM

services as well as Ethernet services to required set of CBSAs. For all access

types, BT will work directly with access service provider to ensure KPI

performance requirements are meet. Additionally, any site with diversity



BT Federal

requirements BT will work in partnership with access service provider to engineer

a diverse solution as specified by the customer, as follows:

Figure 1.1-3. BT’s Integrated Management and EIS Services

Has a comprehensive Operations Support and BSS to support all EIS Services plus Agency

Requirements for Security and Security Services

Traditional Local Exchange Providers (LECs): BT will leverage our

CONUS LEC partnerships to provide best possible access pricing for

traditional TDM based Private Line service (i.e., T1, DS3, etc.) as well as

SONET and Layer 2 Ethernet Private Line (EPL) and Ethernet Virtual Private

Line (EVPL) services.

Emerging Ethernet Access Providers (MSOs). Services from Multiple-

System Operators (MSOs, AKA Cable Companies) that provide access to

nearly 100 million CONUS customers. These MSOs typically do not share

access and routes with Traditional Local Service Providers, thus enhancing

diversity options where available. The BT network incorporates an increasing



BT Federal

set of MSOs, which enables BT’s use MSO’s flexible, cost effective network

access solutions to provide Agencies with resilient networking services.

Wireless: Includes Wi-Fi, Mobile (e.g., 4G), to Satellite services

PSTN: Global connectivity to the CONUS and OCONUS Public Switched

Telephone Network (PSTN)

Internet: Internet provider in CONUS and OCONUS

Global Services – BT Security:

Service Operations: Supports underlying capabilities to meet Mandatory

Service requirements:

o Provisioning: Coordinates needed Service and Access Arrangement

for orders, with required status information provided to BT EIS

Infrastructure for use by BT EIS Project Management staff

o Operations: Network Operations monitors all aspect of service

delivery including underlying Core network services and associated

customer location access services; also provides EIS-required Service

performance information (provided via EIS Customer and GSA Portal)

Security Management: Provides comprehensive Cyber Security

management of the underlying BT infrastructure.

Future Services: BT has a flexible management platform to support the

optional services, integrating service-specific management platforms into an

integrated solution to meet EIS requirements



BT Federal

underlying all service delivery

and support systems, with system that specifically supports EIS partitioned

from larger BT Security Management platform to ensure proper handling of

customer information and enable BT to meet National Security requirements;

used to ensure security posture of EIS Portals and their connection to Internet

for secure access by GSA and EIS customers

EIS Customer & GSA Portals: Systems used to meet specific IT

requirements of the EIS contract, of which examples are:

o Customer Ordering Portal

o Customer Trouble Management Portal

o Billing Portal

o Service Performance Portal

o TO Portal

o Customer Inventory Portal

o Customer Reports Portal

o GSA Information Portal

Managed Network Services: Systems used to support EIS MNS service,

with capabilities tailored by TO requirements and can include Security

Information and Event Management (SIEM) systems to meet customer needs

1.1.3. Service Delivery Points and Service Related Equipment

BT has “Premier” status with all major hardware and software providers, and BT has the

experience to architect, design, engineer, acquire, install, and operate devices to meet

Agency needs.



BT Federal

As Figure 1.1-4 depicts, BT offers:

Network Interface Devices: In some cases, these devices are used to terminate

access connects delivered to Agency locations in order to provide required,

Agency-ordered Access Arrangement (AA) Service Delivery Point (SDP) User

Network Interface (UNI). In addition, these devices also enable end-to-end

management and performance data collection for transport service (e.g., VPNS,

ETS) and to support components of measuring Key Performance Indicators

(KPIs)

Service Related Equipment: Used to provide specific EIS Service SDPs,

examples of which include:

Voice Services Devices: Include Voice Analog Telephone Adaptors to

support standard 2-wire telephones for IPVS, IPVS Phones, local IPVS PBXs

Security Devices: Either stand-alone or incorporated into routers; include

VPN devices using required encryption standards (e.g., FIPS-140-2) to

enable Broadband, Wireless, and/or Extranet access to Agency-specific

network services (e.g., VPNS)

Campus and Local Area Network Equipment: Devices to meet specific

Agency TOs to build-out Campus (CAN) and Local (LAN) networks

Figure 1.1-4. BT’s Service Delivery Points and Service Related Equipment

Allow BT’s architecture to incorporate SRE to meet Agency Requirements



BT Federal

Summary

Combined, the BT EIS Architecture supports all mandatory services and provides the

foundation for adding optional services.

Mandatory Services:

Virtual Private Network Service (VPNS): VPNS is provided as the

combination of the BT’s Integrated Network’s Layer 3 Virtual Private Network

(VPN) capabilities, associated Access Arrangements, Service Related

Equipment (SRE), and BT Services and Security Systems.

Ethernet Transport Service (ETS): ETS is provided as the combination of

the BT’s Integrated Network’s Layer 2 VPN capabilities, associated AAs,

SRE, and BT Services and Security Systems.

Internet Protocol Voice Service (IPVS): IPVS is provided as a combination

of the BT Integrated Network, BT’s Global PSTN connectivity, SRE, and BT

Services and Security Systems.

Managed Network Services (MNS): MNS is provided by systems within the

BT Federal Security Enclave, ensuring the required capabilities to manage all

aspects of an EIS customer’s network with the required security elements.

Optional and Future Services. BT’s Architecture directly supports the addition

of the EIS Optional Services as well as future services to meet Agency needs.

This includes services themselves, necessary operations support systems, and

integration in the EIS Instructure (including requirements for EIS Customer Portal

1.2. Quality of Services [L29.1(B); M.2.1(2)]

BT’s comprehensive architecture provides the foundation for all Mandatory Services

and the maintenance of quality across the following required metrics:



BT Federal

1.2.1. Deliver

BT’s delivery approach relies on a combination of technical capabilities, service

automation, and dedicated program and project management:

Technical: BT dedicated engineering staff ensure that technical capabilities that

deliver services and service features as well as sufficient capacity in Network-to-

Network Interfaces (NNI) with local access providers plus Core network capacity

(with areas of scalability specific to EIS services addressed in Sections 2.1.1

VPNS, 2.1.2, ETS, 2.2.1 IPVS, 2.8.1 MNS)

Service Automation: BT has a sophisticated BSS environment to ensure

consistency of provisioning actions, strict configuration management, and

escalation to ensure that BT meets service delivery KPIs

Program & Project Management: BT’s program management team has

experience with Government customers in scheduling and coordinating service

delivery, including: requirements verification, site surveys, CPE Service Devices,

and schedule for installation, test, and turn-up and transition management

1.2.2. Compliant

BT’s network will ensure metrics and reporting for all aspects of service delivery KPIs:

BT has expertise to design and deliver all elements of necessary support

infrastructure per Government rules and regulations

BT has incorporated KPI compliance specifics into each of the Services

described in this document

1.2.3. Scalable

BT will provide all services, designed to ensure scalability using both tactical and

strategic capacity planning.

Strategic: BT performs strategic capacity planning and scaling analysis to

address scalability by adding core locations, router upgrades and replacements,



BT Federal

upgrades of backbone capacity and architecture, and increased capacity and

architecture with local access providers

Tactical: On a tactical basis BT proactively monitors network capacity (e.g., PE-

to-PE utilization plus PE to local access providers) and device use (e.g.,

performance and chassis, slot, card use) and services capacity (e.g., call

management system capacity, licensed software use) to enable BT to meet

Agency scaling in accordance with service KPIs

Capacity Guidelines (aside form areas of scalability specific to EIS services—

addressed in respective EIS Service sections below) including:

Other Consumables: BT tracks bandwidth, hardware and licenses to ensure

KPI delivery intervals based on BT purchase/acquisition cycles

1.2.4. Reliable

BT designs its network services with commercial best-practice resiliency:

Engineering principles include: 1) redundant route processor and power supplies

in network equipment and 2) active-active call management servers to support

voice services

Use of robust service provisioning automation helps prevent “human factor” that

can degrade service reliability

1.2.5. Resilient

BT draws on Reliability for Resiliency in:

Transport Services: BT network uses industry standard practices such as

MPLS Fast-Re-Route to ensure service in event of backbone failures.

Additionally, BT MPLS Router links are provisioned up to a max of 80% capacity

to ensure sufficient bandwidth is available for Fast-Re-Route



BT Federal

Models: BT uses sophisticated models to model each service’s architecture and

implementation (and dependence on other services) by identifying performance

and services availability-based system component failures (e.g., routers) so BT

engineers can determine critical items that impact resiliency and deliver within

agreed-upon KPIs

Solutions: To meet specific resiliency requirements (e.g., based on an Agency

TO), BT will engineer solution to meet these requirements (e.g., highly resilient

access to Agency sites like traditional SONET ring protection, 1+1 arrangements

to Carrier Ethernet and Ethernet access ring technologies)

1.3. Service Coverage (for CBSA-Dependent Services) [L29.1(C); M.2.1(3)]

BT Architecture’s service coverage, as Figure 1.3-1 shows (with CBSAs listed in Table

1.3-1) includes BT’s current 87 CBSAs, which provide all Mandatory Services. In

addition (but not shown) are services not bound by these CBSAs. Such services are

either accessible via Internet (e.g., Remote Access for VPNS) or in areas with limited,

often basic access methods (e.g., Ethernet but no SONET access).

Figure 1.3-1. BT Currently Supports 87 CBSAs for Mandatory Services

Offers Mandatory Services to 87 of top 100 CBSA CONUS



BT Federal

Table 1.3-1. BT’s 87 CBSAs in Alphabetical Order

# Code CBSA Name # Code CBSA Name

1. 10580 Albany, NY 45 28940 Knoxville, TN

2. 10740 Albuquerque, NM 46 29740 Las Cruces, NM

3. 11460 Ann Arbor, MI 47 29820 Las Vegas, NV

4. 11700 Asheville, NC 48 30780 Little Rock, AR

5. 12060 Atlanta, GA 49 31080 Los Angeles, CA

6. 12100 Atlantic City, NJ 50 31140 Louisville, KY

7. 12260 Augusta, GA 51 32820 Memphis, TN

8. 12420 Austin, TX 52 33100 Miami, FL

9. 12580 Baltimore, MD 53 33340 Milwaukee, WI

10. 12980 Battle Creek, MI 54 33460 Minneapolis, MN

11. 13820 Birmingham, AL 55 33660 Mobile, AL

12. 14460 Boston, MA-NH 56 33860 Montgomery, AL

13. 15380 Buffalo, NY 57 34980 Nashville, TN

14. 15680 California, MD 58 35380 New Orleans, LA

15. 16700 Charleston, SC 59 35620 New York, NY

16. 16740 Charlotte, NC 60 36260 Ogden, UT

17. 16860 Chattanooga, TN 61 36420 Oklahoma City, OK

18. 16980 Chicago, IL 62 36540 Omaha, NE

19. 17140 Cincinnati, OH 63 36740 Orlando, FL

20. 17460 Cleveland, OH 64 37340 Palm Bay, FL

21. 17820 Colorado Springs, CO 65 37980 Philadelphia, PA

22. 17900 Columbia, SC 66 38060 Phoenix, AZ

23. 18140 Columbus, OH 67 38300 Pittsburgh, PA

24. 19100 Dallas, TX 68 38540 Pocatello, ID

25. 19380 Dayton, OH 69 38900 Portland, OR

26. 19740 Denver, CO 70 39300 Providence, RI

27. 19820 Detroit, MI 71 40060 Richmond, VA

28. 20140 Dublin, GA 72 40140 Riverside, CA

29. 20500 Durham, NC 73 40220 Roanoke, VA

30. 21340 El Paso, TX 74 40900 Sacramento, CA

31. 22180 Fayetteville, NC 75 41620 Salt Lake City, UT

32. 22660 Fort Collins, CO 76 41700 San Antonio, TX

33. 23420 Fresno, CA 77 41740 San Diego, CA

34. 23540 Gainesville, FL 78 41860 San Francisco, CA

35. 25060 Gulfport, MS 79 41940 San Jose, CA

36. 25180 Hagerstown, MD 80 42660 Seattle, WA

37. 26420 Houston, TX 81 43340 Shreveport, LA



BT Federal

# Code CBSA Name # Code CBSA Name

38. 26620 Huntsville, AL 82 41180 St. Louis, MO

39. 26900 Indianapolis, IN 83 45300 Tampa, FL

40. 27140 Jackson, MS 84 46140 Tulsa, OK

41. 27260 Jacksonville, FL 85 46220 Tuscaloosa, AL

42. 27740 Johnson City, TN 86 47580 Warner Robins, GA

43. 28140 Kansas City, MO 87 47900 Washington, DC

44. 28660 Killeen, TX

In addition to CONUS-based CBSAs, BT’s network includes worldwide infrastructure in

more than 60 countries, which provide services to more than 170 countries plus

Network-to-Network Interconnects and access agreements that enable seamless

CONUS-OCONUS global communication. For more details, please see Section 5.3,

Service Coverage.

1.4. Security [L29.1(D); M.2.1(4), C.1.8.7]

BT Federal’s proposed architecture and services will comply with security specifications

as identified and discussed in this section.

1.4.1. Service-Specific Security Requirements [M.2.1(4-a), C.1.8.7, C.1.8.7.1]

BT Federal meets outlined requirements as stated in RFP C.1.8.7, for service-specific

core solutions. BT Federal bases delivery of core services on segmentation of data for

Government Agencies, which both allows for passage of minimal provisioning

information to BT Federal and third-parties and also obfuscates when practical.

Furthermore, BT Federal’s system architecture meets and provides for a Moderate

System classification. BT Federal has designed this system, as seen in Figures 1.1-1

and 1.1-3 in Section 1.1, Understanding, to provide flexibility for higher classifications

as well as Agency-specific requirements. This system provides for compliance with

FISMA, DoD, Intelligence Community, and NIST requirements. BT Federal will comply

with FISMA, DoD and Intelligence Community-associated guidance and directives to

include all applicable FIPS, NIST SP 800 series guidelines. More specifically, it

provides for controls in NIST SP 800-53R4 that support cyber resiliency and focuses on

data protection through BSS certification and encryption of data.



BT Federal

The BT Federal BSS has a boundary that exists between the BSS and ordering

Government Agencies, as Figure 1.4-1 shows. The boundary supports FISMA, NIST,

and other U.S. Government standards (designed to protect Agency data). All services

provided by BT Federal will traverse the boundary and ensure that ordering Agency

data receives protection. Within the BT Federal BSS, BT Federal has created a

boundary for ISO 27001 compliance and requires that third-party vendors submit their

certifications for review on a TO basis before allowance to deliver said service to a

Government end client.

Figure 1.4-1.

Establishes Security Boundaries for Agency data from service order entry to activation.

1.4.2. General Requirements [M.2.1(4-b), C.1.8.7, C.1.8.7.1, C.1.8.7.4, C.1.8.7.7]

BT Federal has designed controls characterized in terms of resiliency, identified factors

to consider when selecting, tailoring, or implementing controls to improve cyber security

and resiliency to reduce risk. Should new or additional policy requirements arise that

require contract modification for the new Government-specified requirements, BT

Federal will submit a technical approach and schedule for proposing these modifications

to the CO per contract modification guidelines in RFP J.4.

BT Federal recognizes potential concerns and requirements of Government Agency

clients to achieve their missions, tasks, organizational priorities—and how, increasingly,



BT Federal

mission success relies on IT infrastructure. BT Federal also understands requirements

for Government Agencies to meet federally mandated policies and procedures to

protect their infrastructure and the nation as a whole. BT Federal will protect all network

services, information, BT Federal infrastructure and information-processing resources

against threats, attacks, or failures of systems. Cyberattacks are no longer simple,

discrete events: rather, Agencies face series of siege-long campaigns waged by well-

funded adversaries. Today’s adversaries use approaches like Advanced Persistent

Threat (APT) that include stealthy, persistent, sophisticated techniques to establish a

foothold in organization’s systems—and then maintain and extend footholds throughout

organizations. Adversaries then exfiltrate sensitive information and disrupt operations,

contributing new variables into the ever-evolving threat landscape.

BT Federal recognizes Agency requirements to communicate locally, nationally, and

globally—effectively and securely. Such communications occur through Agency-level

security and encryption combined with securing Agency information. BT Federal

understands that EIS contracts will include information used by BT Federal itself; such

information demands protection of network controls and services provided by BT

Federal and its EIS subcontractors. To protect Agency data, BT Federal will create the

BT Federal BSS with a defined boundary, as shown in Figure 1.4-2, Figure 1.4-3, and

Figure 1.4-2. BT Federal’s Protected Boundaries.

Protect Agency data for continuous secure, encrypted exchange of information



BT Federal

BT Federal service protection will include continuous secure, encrypted exchange of

Use proper segmentation to afford Agencies protection for their data.



BT Federal

Table 1.4-1. Communication Paths and BT Federal’s Approach to

Security Arrangements

Communication

Path

BT Federal Approach to Security

Arrangements

Benefits to Government Agencies

Government

Agency to BT

Federal

BT Federal will coordinate with each

Agency to ensure FIPS 140-2 compliance

with communications to/from Agency

Protection of Agency data

Includes “CONTROLLED

UNCLASSIFIED INFORMATION”

(CUI) or contractor-selected

designation per document sensitivity

through encrypted communications

with BT Federal per FIPS PUB 140-2,

“Security requirements for

Cryptographic Modules”

BT Federal to BT

and 3rd-Party

Vendors

Protection of Agency data by:

o Restriction of access to and

communication of Agency data (other

than minimal details for processing

orders)

o

Protection of Agency data

Secure communications of order and

operational data

In addition,

This also includes, at network and services levels, meeting

Government requirements and mandates for a Moderate System classification and

having the flexibility to meet specific TO-based Agency requirements.

BT Federal is committed to protecting Agency data and is adapting its EIS Risk

Management Framework Plan (attached in this Technical volume), BSS Risk

Management Framework Plan (attached to the Management volume), and future BSS

System Security Plans (BSS SSPs) for this boundary as committed in the NIST 800-

53v4 controls, NIST SP 800-37, NIST SP 800-18 Rev 1, and other NIST 800 series

guidelines. Through ongoing management of SSPs, Risk Management Framework



BT Federal

Plans, and other NIST-based processes and procedures, supported by internal and

third party audits, BT Federal affirms commitment to the Government.

As a global security participant, BT Federal’s in-place security architecture has direct

access to vulnerability information, often before it becomes publicly available. The

Government is assured that BT Federal will provide world-class security measures to

protect the integrity of all physical and logical network elements.

Outer Layer of Security (Physical Layer)

At the outer layer, physical access controls will operate within BT Global Services

facilities and redundant network pathways that operate outside of BT Global Services

facilities. BT will address physical security for each Global POP (GPOP) by placing it

inside a secured facility, built according to highest industry standards where BT can

have site access monitored and regulated via specific access controls. BT will control,

log, and monitor access to these facilities by either network security equipment or

physical presence of security guards on premises 24x7. For colocated sites, BT will

apply both supplier policies along with its requirements.

Inner Layer (Network Access)

Firewalls and remote access systems will protect BT computer networks at the internal

layer. Alternatively, BT will provide perimeter security to prevent intrusion from untrusted

networks. Since neither addresses remote access, BT’s Global Services Network

Security will use front-end secure token devices to protect remote access users from

unauthorized access. Here, usernames and passwords will remain unique and

randomly generated for added protection. BT will review daily audits of firewall activity

for unauthorized changes have taken place. “2 Factor” Authentication will be

implemented on any computing device with direct access to controlled Government

information as identified under FISMA Moderate controls.

Management Systems (subsystem)

BT will use UNIX-based management systems based within its campus network,

protected by firewall routers that use detail ACL (access control lists) and/or rule-based

firewalls to block unrecognized packets. Only a limited number of users with BT



BT Federal

Security’s approval will have permission to access these routers. BT audits all UNIX

systems within campus LANs monthly. BT will perform security patches whenever

available. BT’s use of VPNs and MPLS will prevent one customer from viewing

another’s data unless authorized as part of a Community of Interest Networks (CoINs).

BT will accomplish such prevention by use of proprietary labels applied to incoming

packets to determine how to route them.

Routers (Network Element)

BT will install routers in the network with Terminal Access Controller Access System

(TACACS) for authentication, which use individual usernames and passwords. BT will

review request for access and will process within appropriate global security functions.

BT will encrypt passwords. BT will generate/change password and SNMP community

strings randomly (not using vendor default) as BT's data security standards for

password parameters. BT will review access methodology for other support elements.

Review will lower password compromise and need for regular changes to password

parameters.

Personnel Background Investigation Requirements [C.1.8.7.7]

BT Federal will perform personnel security/suitability checking in accordance with FAR

Part 52.204-9. BT Federal recognizes and will enforce, at the ordering Agency’s cost

that all BT Federal personnel with access to Government information within the security

A&A scope successfully complete background investigation in accordance with

Homeland Security Presidential Directive-12 (HSPD-12), Office of Management and

Budget (OMB) guidance M-05-24, M-11-11 “Continued Implementation of Homeland

Security Presidential Directive (HSPD-12) Policy for a Common Identification Standard

for Federal Employees and Contractors,” and as specified in Agency-identified security

directives and procedural guides.

Risk Management Approach [C.1.8.7.4]

In depth details for the Risk Management can be found within the attached BT Federal

EIS Risk Management Framework Plan. At a high level per NIST 800-37, Revision 1,

BT Federal is committed to work with each Agency to meet requirements for a Security



BT Federal

Assessment and Authorization (Security A&A). This commitment includes controls and

boundaries that comprise the BT Federal BSS, and a boundary for each service

(Service-specific) that holds or transmits Government sensitive data and Government

CUI data.

BT Federal will comply with all security A&A requirements mandated by federal laws,

directives and policies, including making available any documentation, physical access,

and logical access needed to support this requirement. BT Federal will work Agencies

on Agency-specific IT security procedural guidance associated with managing

enterprise risk and guidance on performing Security A&A.

System Security Plan

BT Federal is committed to the highest level of Security and protection of Agency

assets, asset information, and information. The BT Federal Chief Information Security

Officer (CISO), or program-specific ISSO, will provide quarterly/annual project plans,

System Security Plans (SSPs) based on NIST SP 800-18 Rev 1 deliverables, and

details as defined within NIST SP 800-37.

Agency Requirements

BT Federal has built its BSS and support architecture to be able to meet at minimum

FIPS 199, “Standard for Security Categorization of Federal Information and Information

Systems” for a minimum level of Moderate Impact Level.

. Each of these follow

the FISMA, FIPS, NIST, ICD, and DoDI requirements as required by the Moderate

Impact Level categorization or specific customer requirements that may be agreed upon

on a per customer, per contract basis. More specifically, it provides compliance with

controls in NIST SP 800-53R4 that support cyber resiliency.

BT Federal has designed all portions of the BT Federal BSS and infrastructure to

comply with IPv4 and IPv6. BT Federal will enable all network management by using

IPv6 to support OMB Memorandum M-05-22 and NIST SP 500-267.



BT Federal

A&A Commitment

As provided in NIST 800-37, Revision 1, BT Federal is committed to work with each

Agency to meet requirements for a Security Assessment and Authorization (Security

A&A). This will include controls and boundaries that include the BT Federal BSS and

other systems that will hold Agency-specific details. These systems will comprise:

Customer Ordering, Customer Trouble Management, Billing, Service Performance,

Task Ordering, Customer Inventory, Customer Reporting, and GSA Information. BT

Federal will work with each Agency on Agency-specific IT security procedural guidance

associated with managing enterprise risk and guidance on performing the A&A.

Additional Security Requirements

BT Federal meets and agrees to incremental requirements, as Table 1.4-2 shows. BT

Federal is committed to supporting each Agency’s unique requirements as they arise in

TOs to protect U.S. National interest.

Table 1.4-2. BT Federal’s Capabilities for Additional Security

Requirements [C.1.8.7.6]

ID # RFP Description BT Federal Capabilities

1 The deliverables identified in RFP C.1.8.7.5 shall be

labeled “CONTROLLED UNCLASSIFIED

INFORMATION” (CUI) or contractor selected

designation per document sensitivity. External

transmission/dissemination of CUI data to or from an

Agency computer must be encrypted. Certified

encryption modules must be used in accordance with

FIPS PUB 140-2, “Security requirements for

Cryptographic Modules.”

BT Federal has experience in supporting the

U.S. Government and in meeting the

requirements as outlined in FIPS PUB 140-2.

BT Federal will coordinate with each Agency

to ensure FIPS 140-2 compliance with any

communication to and from the Agency.

Encryption of communication is a core BSS

and support functionality at a BT Federal

operational and corporate level.

2 The government has the right to perform

manual or automated audits, scans, reviews, or

other inspections of the contractor’s IT

environment being used to provide or facilitate

services for the government.

In accordance with the FAR (see FAR I, 52.239-

1) the contractor shall be responsible for the

following privacy and security safeguards:

BT Federal recognizes the Government’s

right to perform audits, scans, reviews and

other inspections of BT Federal IT

environment and facilities used to fulfill this

contract.

In compliance with FAR I, 52.239-1, BT

Federal will safeguard the information

associated with this contract and each TO:



BT Federal


1. The contractor shall not publish or disclose in

any manner, without the CO’s written

consent, the details of any safeguards either

designed or developed by the contractor

under this TO or otherwise provided by the

government. Exception - Disclosure to a

Consumer Agency for purposes of security

assessment and authorization verification.

2. To the extent required to carry out a program

of inspection to safeguard against threats and

hazards to the security, integrity, availability

and confidentiality of any non-public

government data collected and stored by the

contractor, the contractor shall afford the

government logical and physical access to the

contractor’s facilities, installations, technical

capabilities, operations, documentation,

records, and databases within 72 hours of the

request. Automated audits shall include, but

are not limited to, the following methods:

o Authenticated/unauthenticated operating

system/network vulnerability scans

o Authenticated and unauthenticated web

application vulnerability scans

o Authenticated and unauthenticated

database application vulnerability scans

o Internal and external penetration tests

3. Automated scans can be performed by

government personnel, or agents acting on

behalf of the government, using government

operated equipment, and government

specified tools. If the contractor chooses to

run its own automated scans or audits, results

from these scans may, at the government’s

discretion, be accepted in lieu of government

performed vulnerability scans. In these cases,

scanning tools and their configuration shall be

approved by the government. In addition, the

1. BT Federal will not publish or disclose

details of any safeguards either designed

or developed by the contractor under this

TO or otherwise provided by the

Government. Exception - Disclosure to a

Consumer Agency for purposes of

security assessment and authorization

verification.

2. BT Federal will provide access within 72

hours as needed to fulfill FAR mandates.

BT Federal will support the use of

automated audits to include the following

methods:


operating system/network vulnerability

scans

o Authenticated and unauthenticated web

applications vulnerability scans


database application vulnerability scans

o Internal and external penetration tests

3. BT Federal will support either the

Government or its appointed agent(s) using

Government equipment and Government

tools to run automated scans. If the

Government finds BT Federal automated

scans and audits acceptable and chooses to

accept these in lieu of their own; then BT

Federal will have the scanning tools and

configurations approved by the Government.

In addition, the results of BT Federal will

conducted scans and provide them, in full, to

the Government.



BT Federal


results of contractor-conducted scans shall be

provided, in full, to the government.

MTIPS

BT Federal will bid on the MTIPS Optional Service in the near future as part of an EIS

contract modification, per RFP G.3.2.5 "Authorization of Orders" and RFP L.27 "General

Proposal Instructions." (We also mention this below in Section 2.8.4, MTIPS.)

1.4.3. Traffic Identification and Routing Policy [L.29(2c), L.29.2.3; M.2.1(4c);

C.1.8.8(3)]

For all relevant services offerings under EIS (e.g., VPNS) that transports Internet,

.

1.4.3.1. Technical Approach to the Design of Aggregation Services [L.29.2.3 (1-

8); C.1.8.8(3)]

BT Federal’s network design solution, which Figure 1.4-4 depicts, can address all

external traffic routing requirements in RFP C.1.8.8-3.



BT Federal

Federal EIS contract. BT Federal’s design has the characteristics to meet RFP C.1.8.8-

3 requirements.

1.4.3.1.1. Traffic Identification [L.29.2.3 (1)]:

BT Federal will use the following methodology to identify participating Agency traffic,

based on programmatic and technical approaches. BT Federal’s Program Management

team will work to have full understanding of each Agency’s network activity and

potential for their networks to connect to other Agencies. This includes:



BT Federal

Identification of routing and aggregation from requirements in initial TOs

Program discussions with Agencies to understand data flows for routing via

Government Furnished Equipment (GFE)

Continuous review by BT Federal’s program management and implementation

engineering to identify new aggregation requirements

Periodic review by BT Federal’s program team of orders placed by Agencies

1.4.3.1.2. Traffic Redirection [L.29.2.3 (2)]:

Dedicated Transport Services



BT Federal

Data Transport Services

Major POPs and End-Points

Transport Types and Speed

BT Federal will ensure that all transport types for Mandatory Services are available at

Enclave service BT POPs. Any access (if the Enclave is not colocated with the POP)

from the BT POP to the Enclave will be sufficient (i.e., in speed) to ensure that it does

not impact Agency performance.

Diversity

, all BT POPs receive service by diverse routes (to other BT

POPs) to ensure high-service availability. Any required access from BT POPs to

created EINSTEIN Enclaves will also receive service by route diverse network services.

Number of Hops and Delays Per Hop

BT Federal has configured its data network as a partial mesh. Such configurations

minimize impact of router “hops.” It also minimizes impact of router and link failures on



BT Federal

network performance.

1.4.3.1.3. Non-Participating Agency Traffic [L.29.2.3 (3)]

1.4.3.1.4. Traffic Control Mechanisms [L.29.2.3 (4)]

For data services, BT Federal’s use of secure tunnels to transport affected traffic to

aggregation Enclaves will provide additional security by preventing Agency traffic from

inadvertent or malicious by-pass. Agency traffic cannot re-direct without two different

actions on different devices. First, redirection would require changes in the secure

tunnel from the participating Agency’s location to Enclaves. Second, redirection would

require changes in routing setup to enable traffic to enter the participating Agency’s

normal VPN, as opposed to VPN setup to move data to GFP Enclave. Also, BT Federal

will monitor all device configurations and will mark any unauthorized changes as a

security issue, which will invoke enforcement of appropriate response plan.

1.4.3.1.5. Failsafe Redirection of Traffic [L.29.2.3 (5)]



BT Federal

1.4.3.1.6. GFP Hosting [L.29.2.3 (6)]

1.4.3.1.7. Availability of Cleared Personnel [L.29.2.3 (7)]

1.4.3.1.8. Measurement of Transport SLAs & KPIs [L.29.2.3 (8)]

1.4.3.2. Approach to Aggregation Service Implementation [L.29.2.3; C.1.8.8 (3)]



BT Federal

1.4.3.3. Approach to Aggregation Service Operations [L.29.2.3; C.1.8.8]

Identify Traffic Flows: BT Federal’s EIS Project Team assigned to a

participating Agency will work with that Agency to identify traffic flows that need

to conform to National Policy requirements. BT Federal will accomplish this by

interviewing appropriate Agency staff and documenting BT Federal’s solution as

it meets the Agency’s EIS service requirements.

Security Infrastructure:

s.



BT Federal

Figure 1.4-5. .

Segregates the BT Federal BSS management environment to ensure proper handling of

Government information and national security requirements



BT Federal

1.4.4. Risk Management Framework Plans [M.2.1(4), C.1.8.7]

BT Federal’s proposed architecture and services will comply with security specifications

as identified in the Risk Management Framework Plan provided in Attachment 1 “EIS

Risk Management Framework Plan”.



BT Federal

2.0 Technical Response - [L.29 (2a), L.29.2.1, M.2.1; C.1.2]

The following sub-sections provide BT’s detailed response for Virtual Private Network

Services, Ethernet Transport Services, and Mandatory Voice Services (Internet Protocol

Voice Service), and Managed Network Services.

2.1. Data Service [C.2.1]

BT is bidding the two Mandatory Services under Date Service as follows.

2.1.1. Virtual Private Network Service (VPNS) [M.2.1; C.1.2, C.2.1.1]

VPNS is provided as an EIS service, based on BT’s Global Connect Network. This

network is designed to provide the performance, reliability, and security of a leased-line

network with the any-to-any scalability and flexibility of an IP network. The IP Connect

Global Network and its management system are ISO 27001 certified, providing a high

quality of operation of the network, including the logical and physical protection of all

essential systems to ensure robust monitoring and control. The IP Connect Global

features include:

Global Reach to more than 170 countries, including:

POPs in CONUS

MPLS Technology providing robust Layer 2 and Layer 3 services

Multi VPN, Extranet VPN, Multicast VPN

BT Managed or Customer provided CPE

Robust, resilient Architecture using a Dual-Core and Dual-Vendor Approach

Flexible dedicated, Ethernet, and Satellite access



BT Federal

Cities where BT owns local Fiber networks

with Digital Subscriber Line (xDSL) access

Countries with Ethernet access

170+ Countries with Internet Connect service

Countries with Mobile (3G/4G) access

111+ Countries with Satellite access (including CONUS and US Territories)

Hybrid Virtual Private Network solution using secure Internet Access:

170+ Countries

Access technology agnostic

BT’s North American MPLS core network, depicted in Figure 2.1-1, enables high-

speed, robust Virtual Private IP networks to support Government requirements

throughout North America.

Figure 2.1-1.

Provides High-Performance, Resilient, Scalable Platform to meet EIS Requirements



BT Federal

Table 2.1-1.

y

2.1.1.1. Understanding [L.29.1(A); M.2.1(1)]

The BT IP Global Connect network is a critical part of BT’s Architecture (detailed in

Section 1.1, Understanding). This solution meets all EIS service requirements for

VPNS:

Secure, reliable, and high-speed MPLS-based IP VPN multi-service core network

enabling partially and fully-meshed Wide Area Networks (WANs), also known as

Virtual Private Networks (VPNs)

Comprehensive and innovative combination of Access Arrangements

Intranet, Extranet, and Remote Access Solutions seamlessly and securely

connecting Internet and Broadband sites and Remote (including mobile) users to

customer WANs

of services to support a full range of application requirements from

time-critical voice and video to non-critical traffic.

The

r

and other network management.



BT Federal

Essential elements of BT’s solution for VPNS appear in Figure 2.1-2 and

Table 2.1-2. They appear in BT’s Architecture (detailed in Section 1.1, Understanding)

as the Layer 2/3 Services cloud and Global Services Management Systems.

Figure 2.1-2. BT’s VPNS (“BT Global IP Connect”)

Provides VPNS with seamless, secure CONUS/OCONUS access to Agency WANs

Table 2.1-2 provides a legend for components of BT’s VPNS.

Table 2.1-2. Legend for Components of BT’s VPNS

1. Routine access 2. Critical access with

POP diversity

3. Critical access with route

diversity to POP

4. “Wi-Fi” access

5. Dedicated Internet

Access

6. Satellite access 7. Wireless “4G” 8. Line-of-sight

wireless access



BT Federal

Details of the solution include:

IP Connect MPLS Core:

Uses unique dual-vendor/dual-core approach to enable very high resilience to

router and link availability

Provides multiple-path diverse-route connecting core routers to ensure that

link failures (e.g., due to fiber cuts) do not affect service availability

Provides bandwidth to IP Connect Access POPs Provider Edge (PE) router

functions

IP Connect Access POPs:

Serve PE routing functions that create customer WANs (VPNs) using Virtual

Route Forwarding (VRF) tables and MPLS bandwidth

Connect to Access Providers

Access Providers:

Enable private line (e.g., T1, DS3, OC-x, Ethernet), Shared Ethernet,

Wireless, and Satellite connectivity

Offer options for high-availability, route diverse, and POP-diverse access

Offer Internet Services

Include BT access services

IP Connect Internet Gateway:

Provides seamless connectivity to intranet, extranet, remote users

Enables backup connectivity that uses Internet and access providers



BT Federal

2.1.1.2. Quality of Service [L.29.1(B); M.2.1(2)]

BT’s Quality of Service (QoS) that Government and Agency customers can expect

follow in terms of services delivered, compliance, scalability, reliability and resiliency.

2.1.1.2.1. Deliver

BT uses a comprehensive approach for the delivery of all services to customers. Upon

receipt of an order, we assign a Post-Sales Engineer and a Project Manager. These

personnel work together throughout the process to convert the ordered service into a

delivered capability.

2.1.1.2.2. Compliant

The BT VPNS solution is compliant with all EIS requirements as well as the mandatory

Access Arrangements as described in the Architecture (see Section 1.1,

Understanding) and discussed in Section 2.9, Access Arrangements.

2.1.1.2.3. Scalable

As a leading Global Telecommunications Service Provider, BT has comprehensive

approaches to ensure the scalability of all its services. For IP Connect, our planning and

engineering staff perform the following:

For the MPLS core, BT proactively monitors trunk utilization and all aspects of

router performance and health to ensure that they meet both the tactical (near-

term) and strategic (long-term) requirements of the Government. Upgrades (e.g.,

trunk and router capacity), are planned and implemented against the projected

utilization growth (and service resiliency) to maintain delivery and network

performance, and in accordance with EIS VPNS Key Performance Indicators

(KPIs) and Acceptable Quality Levels (AQLs).

Similar to the MPLS core, we take a proactive approach when it comes to

monitoring router performance, port and slot availability, and connectivity to core

routers. Upgrades are made to ensure that services scale meets projected

demands. These upgrades ensure that we will deliver MPLS services in

accordance with EIS VPNS KPIs and AQLs.



BT Federal

We proactively monitor capacity utilization on Network-to-Network Interfaces

(NNIs) used by all access providers. This information is used to project growth,

and plan capacity upgrades and augments. BT will increase capacity to ensure

that increased access provisioning does not adversely affect service

performance and KPIs and AQLs.

BT will proactively monitor Internet VPN Gateways (that enable secure access to

customer WANs/VPNs), over the Internet. This includes capacity to the Internet

and the MPLS network as well as the performance and capacity of the VPN

device. BT will increase capacity as necessary to meet Government

requirements to maintain or exceed AQLs.

2.1.1.2.4. Reliable and Resilient

BT uses commercial best practices to ensure service reliability and resiliency, including:

MPLS protection mechanisms (e.g., FRR)

Multiple Core Nodes with diverse routes and connections between core nodes

No over provisioning/subscribing MPLS links, max provisioning/subscribing of

80% of link bandwidth

Carrier-class equipment (dual power supplies, route processors, dual-router

nodes, etc.)

Carrier-class facilities with dual power feeds and redundant power systems, each

with at least eight hours of backup

On-site hardware sparing to reduce Mean-Time-To-Repair (MTTR)

Strict configuration management control and operations procedures

Architecture modeling, capacity planning, ability to operate with failures

Comprehensive network, performance monitoring, and trouble resolution

supported by two 7x24x365 Network Control Centers (CONUS and OCONUS)



BT Federal

2.1.1.3. Service Coverage (for CBSA-Dependent Services) [L29.2.1(C); M.2.1(3)]

Based on an analysis of mandatory Access Arrangements and BTs technical approach

and in-place access agreements for VPN services, the CBSAs supported appear in

Figure 1.3-1. There are no CBSA limitations for the use of Internet-based Extranet and

Remote Access to VPNS WANs.

2.1.1.4. Security [L29.2.1(D); M.2.1(4a, 4b, 4c(i) through 4c(viii)]

BT Federal’s use of VPNs with MPLS technology will help protect Government data

transmissions on BT’s IP Global Connect network (VPNS) by segregating that data from

all other. BT will monitor all management systems proactively 24/7 and real-time to

detect (unauthorized) access attempts into the core network. BT’s IP Connect Global

service complies fully with leading Security Standards and Practices. These include ISO

27001 and 27002 standards on integrity. BT also plays a global leadership role in the

security portion of the Telecom market. BT belongs to a number of international

organizations and confederations who promote incident prevention. Resultant programs

include: Forum of Incident Response & Security Team (FIRST), the Computer

Emergency Response Team (CERT), DHS Carrier Infrastructure and Key Resource

(CIKR), and the Cyber Information Sharing and Collaboration Program (CISCP).

VPNS Configuration

BT Federal will have VPN assignments performed on core network elements by using

centrally managed configuration systems. These systems will reside on a separate

secure LAN segment, which BT Federal will monitor for logon failures and other security

related issues. Access to these systems will go through BT Federal’s Integrated

Security Services and will receive revalidation at least every six months.

VPNS Password Management

BT Federal Network Security will request access to routers, access nodes,

management systems, VPN order and assignment systems for review and approval by

security organizations. BT Federal Network Security will change passwords at least

once a month and will distribute them in encrypted form.



BT Federal

VPNS Audits

BT Federal Network Security will perform regular audits on all network components,

including: routers, Unix systems, Management systems, VPNs, and administrative

systems.

VPNS Security Services Handling for Network Elements

2.1.1.5. Service and Functional Description [L.29.2.1(1st bullet); C.2.1.1.1]

To meet the VPNS requirements for the Government, BT will provide our secure,

reliable, high-speed IP Global Connect platform, as described in Section 2.1.1, VPNS.

Our services will provide the following:

VPNS Ports: Serve as MPLS VPN ports on BT IP Connect network, based on

IETF RFC 4364 creating one or more WANs each with its own Closed User

Group (CUG) and IP addressing; use MPLS multiple services including support

for IPv4 and IPv6 addressing and routing

VPNS Port CoS Configuration: Provides for Customer selection of parameters

for 6 CoS settings; enables traffic prioritization based on application needs using

IP header Differentiated Services (DiffServ) Code Point (DSCP) marking

Access Arrangements: Provides Access to VPNs using Ethernet (shared and

dedicated) and Satellite services

Internet Gateways: Enables seamless connection of fixed sites or remote users

using secure VPN technology (e.g., FIPS-compliant IPSec and SSL solutions)



BT Federal

2.1.1.5.1. Functional Definition [L.29.2.1 (1st bullet); C.2.1.1.1.1]

BT’s technical approach for supplying intranet, extranet, and remote services based on

use of IP Global Connect follow below:

Intranet

BT enables intranet solutions based upon provisioning of Internet Engineering Task

Force (IETF) RFC 4364 CUGs on BT’s IP Global Connect (MPLS) network. These

create Virtual Route Forwarding (VRF) tables that contain private IP routing space for

each VPN assigned to a customer. Bandwidth between VRFs use Labeled Switch

Paths, attach to virtual ports, and extend to customer sites using the selected AA.

Extranet

BT bases extranet solutions on use of Internet-based access from customer sites and

secure, encrypted tunnels which are standard capabilities of BT’s hybrid VPN (“HVPN”)

IP Connect product. Based on IPSec technology following Government requirements,

(e.g., FIPS-140-2 AES-256), these tunnels can:

Direct Termination: Terminates directly customer-site to customer-site; enables

creation of network based on partial or full-mesh; also connects to BT IP Connect

Gateway allowing further connection to Intranet (MPLS-based) customer WAN

Gateway Termination: Terminates on BT IP Connect Internet-to-MPLS/VPN

Gateway; enables connectivity of single site (or, as above, number of sites) to

connect to Intranet customer WAN

Remote Access

BT enables users’ (Remote Access via router-based, or workstation based) VPN clients

to connect to an IP Connect MPLS-based WAN using the Internet Gateway. BT

supports IPSec and SSL/TLS (Similar to the Extranet solution) and can configure them

to meet Government standards (e.g., FIPS-140-2 AES256). IP Connect (the basis for

VPNS) supports of Service (CoS) to address the range of application

requirements from time-critical (voice and video) and business-critical (transactions) to

non-critical (email) traffic.



BT Federal

BT’s CoS model uses Differentiated Service Code Point (DSCP). DSCP provides low-

latency to critical network traffic such as voice or streaming media. It also provides

simple, best-effort service to non-critical services like Web traffic or file transfers. BT’s

Classes of Service include:

CoS as applied to applications within BT’s IP Connect Global appear in Figure 2.1-3.

Figure 2.1-3.

Enable transport of Agency data, voice, and video applications over a single network.



BT Federal

BT’s standard IP Connect CoS model, which supports VPNS,

as Figure 2.1-4 shows.

Figure 2.1-4. BT’s

Enables real-time bandwidth for voice; enables bursting’s full use of Agency bandwidth



BT Federal

2.1.1.5.2. Standards [L.29.2.1 (2nd bullet); C.2.1.1.1.2]

BT will comply with standards listed in RFP C.2.1.1.1.2 and as required in future TOs.

2.1.1.5.3. Connectivity [L.29.2.1 (3rd bullet); C.2.1.1.1.3]

BT will comply with all connectivity instances listed in RFP C.2.1.1.1.3 VPNS. BT’s

VPNS will connect Government locations and trusted business partners via leased lines

for site-to-site access or broadband for remote access to provide direct connectivity

between all sites as a partially- or fully-meshed WAN. For VPNS, BT offers many forms

of connectivity to the BT “IP Global Connect” platform (e.g., Ethernet, Leased Line,

Broadband): BT will comply with all listed connectivity requirements for Mandatory

Services and, when modifying the EIS contract for Optional Services in the near future.

A detailed description of how appear in Section 2.1.1.1, Understanding, and further

detailed in Section 1.1, Understanding, regarding Network Architecture.Access

methods, whether dedicated, shared, satellite, wireless, or via Internet will work with

BT’s VPNS to create logical WAN connectivity whether any-to-any, hub-and-spoke, or

hybrid. This includes secure services to trusted business partners and secure access

for remote access users, as Figure 2.1-5 depicts.



BT Federal

Figure 2.1-5. BT “Global Connect” for VPNS.

Supports a full range of legacy and Ethernet-based access methods

2.1.1.5.4. Technical Capabilities [L.29.2.1 (4th bullet); C.2.1.1.1.4]

In Table 2.1-3, BT details its approach to meeting technical capabilities required in the

RFP here in similar sequence provided in RFP C.2.1.1.1.4.

Table 2.1-3.

.



BT Federal

.



BT Federal



BT Federal

Figure 2.1-6.

Supports combination of IPv4 and IPv6 VPNs at Agency locations

2.1.1.6. Features [L.29.2.1 (5th bullet); C.2.1.1.2]

BT will meet the listed (required) technical capabilities per following sub-sections below.

2.1.1.6.1. High-Availability Options

BT’s design will provide for the following high-availability options: Load Sharing, Fail-

Over Protection, and Diverse Access Points to Service Provider’s POP(s).

Load Sharing

Load Sharing will consist of two (2) Connection Endpoint routers (CEs) at an Agency’s

network at Agency-specific sites. BT will configure both CEs located on the same LAN

Segment. BT will configure a pair of access links with the following requirements:

Termination on pair of PEs located in:

Single BT POP (see Figure 2.1-7)

Two diverse BT POPs (see Figure 2.1-8)

Pair of links that act as Primary and Secondary, both active at same time

Physical and logical Port Speed same for both links



BT Federal

Inbound load sharing, achieved by iBGP multipath

Outbound load sharing distributed to WAN that faces edge routers via Cisco

Express Forwarding (CEF) or routing protocols (e.g., EIGRP load balancing)

Figure 2.1-7. BT VPNS Load Sharing to a Single BT POP.

Enables Access High-Availability Load Sharing for an Agency’s location using at least two IP

Connect PEs at a Single BT POP

Figure 2.1-8. BT VPNS Load Sharing to two BT POPs.

Enables Access High-Availability Load Sharing for an Agency’s location using at least two IP

Connect PEs at two BT POPs



BT Federal

Fail-Over Protection

Failover Protection of CE will be provided by either Hot Standby Routing Protocol

(HSRP) or Virtual Router Redundancy Protocol (VRRP) each of these protocols will

enable increased site resiliency by creating a redundant router pair with an

Active/Standby or Master/Backup designated relationship. Thus providing a single

default gateway with failover protection for customer services. VRRP further expands

this failover capability by allowing interoperability with multiple vendor’s equipment as

well as designating additional routers to participate as Backup devices further

increasing hardware resiliency and service availability.

Either option is available to increase the availability of an Agency customer site, by

providing two paths to the BT IP Connect network. BT provides basic Fail-Over

Protection. BT marks one access path as Primary and the other access as Failover—

only used in the event that Primary path or port becomes unavailable. During normal

operation, BT will route all traffic over the Primary port. Should this connection fail, BT

will then route traffic routed over the Failover port. Failover is unavailable to transport

traffic if the Primary is operating properly.

BT can use virtually all access methods associated with BT IP Connect for VPNS to

support Fail-Over Protection: Dedicated (e.g., Private Line, SONET, Dedicated

Ethernet), Ethernet (including shared and Layer 2 Cable and DSL access), Satellite,

and Internet using Hybrid VPN secure access.

In general, BT will use the following two (2) Failover approaches in combination with

access routing to diverse BT Access POPs.

1. Layer 3 Resilience

Port Protection and Path Protection: Use of two diversely routed access paths

to single BT POP that terminates in two different PE Routers (see

Figure 2.1-9)

Port Protection and POP Diversity Fail-Over: Use of two diversely routed

access paths to two (2) geographically diverse BT POPs (see Figure 2.1-10)



BT Federal

Figure 2.1-9. BT’s Port Protection and Path Protection Fail-Over.

Uses High-Availability port and path protection with 2 IP Connect PEs to Single BT POP

Figure 2.1-10. Port Protection and POP Diversity Fail-Over.

Uses High-Availability Fail-Over with 2 IP Connect PEs at 2 BT POPs

2. Physical Access Resilience

Examples include:

Using diversely routed access to one or more BT POPs (Figure 2.1-10, above)

Using Internet-based (including wireless) Hybrid VPN connectivity for routing

failover (Figure 2.1-11)

Using Satellite connectivity (Figure 2.1-12)



BT Federal

This flexibility enables the use of two different type of VPNS ports to support Fail-over:

Ports do not need to be of same size

Ports do not need to use the same access type

This enable the customer to tailor the cost of the Fail-over approach to meet critical

functional needs and business needs (i.e., cost effectiveness).

Figure 2.1-11. BT’s Internet-Based Fail-Over.

Provides high-availability by using 2 IP Connect PEs for Internet-based

Failover to 2 BT POPs

Figure 2.1-12. BT’s Satellite-Based Fail-Over.

Provides high-availability by using 2 IP Connect PEs for satellite-based

Fail-Over to 2 BT POPs.



BT Federal

3. Diverse access points to service provider’s POP(s)

BT provides design, engineering and implantation of diverse access solutions to POPs

as a standard service. BT will work with the Government to understand TO objectives

and requirements and develop solutions based on available Access Arrangements.

In general, this requires BT’s working with local access providers to provide Circuit

Layout Records (CLRs) that show physical routing of access systems from Agency

customer sites to BT POPs. BT will use one or more access providers to ensure that

design and implementation of diverse routing.

2.1.1.6.2. Interworking Services (Optional)

BT will enable Interworking between BT’s VPNS and ETS by establishing gateways

between the services. BT will address the solution on a TO basis to ensure that the

resulting solution meets Agency customer objectives and requirements.

2.1.1.7. Interfaces [L.29.2.1 (6th bullet); C.2.1.1.3]

BT’s VPNS will support all required service UNIs at the SDP for VPNS and is

compatible with all Interfaces listed in RFP C.2.1.1.3 Interfaces.

As described in Section 2.1.1.5.2, Standards, BT will support VPNS with the BT “IP

Connect” network via IPv6. (BT will also support E1/E3—standard in countries that use

the E-carrier system.)

2.1.1.8. Performance Metrics [L.29.2.1 (7th bullet); C.2.1.1.4]

BT will meet each Key Performance Indicators (KPIs) listed in RFP C.2.1.1.4. BT treats

performance levels and acceptable quality level (AQL) for these VPNS KPIs as

mandatory unless marked optional. BT accepts definitions and measurement guidelines

in RFP G.8.2.

2.1.2. Ethernet Transport Services [M.2.1; C.1.2, C.2.1.2]

BT will provide Ethernet Transport Services (ETS) by using the BT Ethernet Connect

Global network a family of expanding Ethernet transport services, CONUS and

OCONUS. Based on the BT Global MPLS platform, BT ETS will conform to standards of



BT Federal

the Internet Engineering Task Force (IETF) and Metro Ethernet Forum (MEF). BT’s ETS

will provide Layer 2 connectivity, providing Agency customers with network flexibility:

Layer 2 Topologies: Ethernet Line (E-LINE) and Ethernet LAN (E-LAN)

Bandwidth: Defined bandwidth between Ethernet Connect locations using

Ethernet Private Virtual Circuits (EVCs)

CoS: Using Ethernet Class of Service (CoS) (802.1p) to address application

specific performance requirements

CONUS / OCONUS Networks:

BT’s North American MPLS core network, as Figure 2.1-13 shows, provides the

foundation for BT’s high-speed, robust ETS networks to support Agency requirements.

Figure 2.1-13.

Provides a high-performance, resilient, scalable platform to meet ETS requirements



BT Federal

2.1.2.1. Understanding [L.29.2.1(A); M.2.1(1)]

For ETS, BT will provide Agency customers with BT “Ethernet Global Connect,”

described in Section 1.1, Understanding, as Layer 2/3 services. This solution meets

all ETS service requirements in the following manner:

Secure, high availability, high-speed MPLS-based ETS over BT’s multi-service

MPLS core network to provide E-LINE and E-LAN topologies

Comprehensive, innovative combination of Access Arrangements, both

dedicated and shared

of services (CoS) to support a full range of application

requirements from time-critical voice and video to non-critical traffic

The BT Global Ethernet Connect will support BT’s network architecture for ETS, as

Figure 2.1-14 depicts.

Figure 2.1-14. BT’s ETS (“BT Global Ethernet Connect”).

Uses BT’s Core MPLS Network to provide required functions to create ETS Line and LAN

solutions, CONUS and OCONUS

Details of the solution include:

MPLS Core:



BT Federal

Unique dual vendor and dual core approach that enable very high resilience

to router and link failures

Multiple path diverse routes connecting core routers ensures that link failures

(e.g., due to fiber cuts) do not isolate core network routers

MPLS Fast Re-Route (FRR) that enables very rapid restoration of

connectivity between core routers in the event of a link or router failure

Provides bandwidth to the Ethernet Access POPs PE router functions

Ethernet Access POPs:

Provider Edge (PE) routing function creates customer-logical Ethernet Private

Line (EPL), Ethernet Virtual Private Line (EVPL), and Ethernet LAN (ELAN)

tables to support creation of EIS customer E-LINE and E-LAN solutions

Connect to Access Providers

Access Providers:

BT’s comprehensive set of access providers that enable Dedicated and

Shared Ethernet, Wireless, and Satellite connectivity

Options for high-availability, route diverse, and POP-diverse access



BT Federal

2.1.2.2. Quality of Service [L.29.2.1(B); M.2.1(2)]

2.1.2.2.1. Deliver

BT will use a comprehensive approach to deliver all services to Agency customers. BT

will assign a Post-Sales Engineer and a Project Manager to oversee the delivery of

services per awarded design and in a timely manner. They will work in concert to turn

accepted or ordered service into delivered capability. BT will manage its CONUS

network from the Operational Group and NOC facilities located in Reston VA.


The BT ETS solution is compliant with all EIS requirements as well as the mandatory

Access Arrangements as described in the Architecture (see Section 1.1,

Understanding) and discussed in Section 2.9, Access Arrangements.

2.1.2.2.3. Scalable

BT’s comprehensive approach to ensuring scalability of all services includes planning

and engineering staff, who will perform the following services to ensure that Ethernet

Connect Global remains scalable while maintaining peak performance and adheres to

Government standards:

MPLS Core: BT will track trunk utilization and all aspects of router performance

so they meet both tactical (near-term) and strategic (long-term) requirements. BT

will plan upgrades (e.g., trunk and router capacity) and implement them against

projected capacity growth (and service resiliency) to maintain delivery and

network performance in accordance with ETS KPIs and Acceptance Quality

Limits (AQLs).

Router Performance: Similar to the MPLS core, BT will proactively monitor

router performance, port and slot availability, and connectivity to core routers. BT

will perform upgrades so services scale against projected demands. This

proactive approach will ensure that BT will deliver services in accordance with

acceptable KPIs and AQLs.



BT Federal

NNI Capacity Utilization: BT will monitor capacity utilization on Network-to-

Network Interfaces (NNIs) with all access providers. Based on projected growth,

BT will increase capacity so access provisioning will not impact service

performance and provisioning of KPIs and AQLs.


BT adheres to industry best practices to ensure service reliability and resiliency, like:

MPLS protection mechanism (e.g., FRR)

Multiple route diverse connections between core nodes

Carrier-class equipment (dual power supplies, route processors, dual-router, etc.)

Carrier-class facilities with dual power feeds and redundant power systems, each

with at least eight hours of backup

No over provisioning/subscribing MPLS links, max provisioning/subscribing of

80% of link bandwidth


Strict configuration and change management control and operations procedures

Architecture modeling, capacity planning, and ability to operate with failures

Comprehensive network and performance monitoring and trouble resolution

supported by two 24x7 Network Control Centers located CONUS and OCONUS

2.1.2.3. Service Coverage [L29.2.1(C); M.2.1(3)]

Based on analysis of mandatory Access Arrangements and BT’s technical approach

and in-place access agreements for ETS services, BT offers 87 CBSAs supported,

detailed in Section 1.3, Service Coverage (for CBSA-Dependent Services).

2.1.2.4. Security [L.29.2.1(D; M.2.1(4)]

BT’s ISO 27001 certification for Ethernet Connect Global Core Network encompasses

activities carried out by the BT Network Control Center to manage the Ethernet Connect



BT Federal

Global Network. These activities include logical and physical protection of all network

devices and essential systems required to ensure robust monitoring and control.

BT Federal will apply federal security standards such as FISMA to infrastructure that

provides Managed Network Service and remote Ethernet Transport Services. BT will

manage solution components of third-party vendors to include pass-through security

and compliance provisions. Such standards may include: encryption, device,

performance, and security monitoring for non-BT systems and components.

2.1.2.5. Service and Functional Description [C.2.1.2.1]

BT Ethernet Connect Global is a Carrier Grade Ethernet transport that uses the BT

MPLS services platform, using IETF and MEF standards for Ethernet over MPLS.

Ethernet links are transported using MPLS label switched paths (LSPs) inside an outer

MPLS “tunnel”. Point-to-point connections can also be provided by Ethernet over

SONET solutions where available.

To meet carrier grade Ethernet requirements, BT will provide our secure, reliable, high-

speed Ethernet Connect Global platform as either dedicated or shared service (per TO

requirements). The service will enable Agencies to interconnect their LANs (e.g.,

10Mbps-100Gbps) as either point-to-point or -multipoint or any-to-any over MAN/WAN.

The service includes:

Access and Service Ports: Includes access to Agency customer site (i.e.,

Access Arrangement) and Layer 2 VPN port, Layer 2 services based on IETF

RFC 4664) and Closed User Groups (CUGs) defined for the Layer 2 switching

environment for each customer. (BT installs a Network Demarcation Device to

support end-to-end service performance monitoring.)

Ethernet Virtual Circuits (EVCs) – E-LINE (EPL & EVPL): Logical connections

for data transmission paths between customer sites or to L2VPN for E-LAN.

Topology:



BT Federal

E-LINE: Ethernet Private Line (EPL) configurable as Ethernet Line service (E-

LINE) or as a Virtual Private Line Service (EVPL), similar to Asynchronous

Transfer Mode (ATM) and Frame Relay

E-LAN: Ethernet-LAN (E-LAN) service also known as Virtual Private LAN

Service (VPLS), similar to IP VPN service but using Ethernet addressing

BT will enable Intranet services by use of one or more Ethernet topologies connecting

Agency customer sites. BT will accommodate extranets by adding extranet locations to

an existing Agency customer’s Ethernet topology (e.g., additional EVC to UNI

configured to support E-LINE EVPL) and use of appropriate encryption and gateway

functions at both ends of a circuit.

2.1.2.5.1. Functional Definition L.29.2.1 (1st bullet); C.2.1.2.1.1]

Ethernet Private Line (E-LINE)

E-LINE Ethernet Private Line (EPL – point-to-point): The Ethernet Access and Port will

be configured with “Port Based” mapping. In this configuration, only a single EVC can

be configured between two sites, transparent to all Ethernet traffic, including VLAN tags.

Re-provisioning of the service is necessary to move to an EVPL or E-LAN configuration.

These services are available over the MAN and WAN as Figure 2.1-15 shows.

Figure 2.1-15. BT’s ETS E-LINE EPL.

Standards-Based Service to Meet Agency Needs



BT Federal

Ethernet Private LAN (E-LAN)

E-LAN Ethernet Virtual Private Line (EVPL – point-to-multipoint): BT Ethernet

Connect is also configurable as a point-to-multipoint service suitable for customers

wishing to connect several sites back to a hub. For this service the hub site Ethernet

Access and Port is configured as “VLAN Based”. In general, there can be more than

one hub site. In this case, multiple EVCs can be configured to a hub site and each is

assigned a VLAN tag for identification and use by the customer. These services are

available over the MAN and WAN. This configuration is shown in Figure 2.1-16.

Figure 2.1-16. BT’s ETS E-LINE EVPL.


E-Tree (Rooted-to-Multipoint): This configuration enables communication from Root to

Leaf but not Leaf to Leaf. An example is shown in Figure 2.1-17.

E-LAN Ethernet LAN (E-LAN – multipoint-to-multipoint): E-LAN or Virtual Private

LAN Service (VPLS) allows any-to-any connectivity with a Closed Use Group (CUG).

The VPLS instance on the BT MPLS network PE acts like a multi-port Ethernet switch

performing Media Access Control (MAC) with address learning and ageing across the

ports assigned to the CUG and directing Ethernet frames to the appropriate customer

port. These services are available over the MAN and WAN. This configuration is shown

in Figure 2.1-18.



BT Federal

Figure 2.1-17. BT’s ETS E-LINE E-Tree.


Figure 2.1-18. BT’s ETS E-LAN.


The flexibility of BT;s network enables combination of the three models shown above in

Figure 2.1-15, 2.1-16, and Figure 2.1-17. This will enable Agency’s to create an

additional EVC to meet specific application performance requirements (e.g., data center



BT Federal

replication). These services are available over the MAN and WAN. A possible example

appears in Figure 2.1-19.

Figure 2.1-19. BT’s ETS E-LAN combined with E-LINE EVPC.

Provides significant flexibility to enable Agencies to address multiple use cases

at the same time

MEF Standard Parameters:

Each EVC will have the following MEF standard parameters:

CIR – Committed Information Rate: Defines assured bandwidth

EIR – Excess Information Rate: Defines bandwidth considered “excess”

CBS/EBS – Committed/Excess Burst Size: Improves network performance

with higher values

Color Modes:

Green (Forwarded Frame: CIR-conforming traffic

Yellow (Discard-Eligible Frame: Over CIR and within EIR

Red (Discarded Frame): Exceeds EIR



BT Federal

Table 2.1-4 shows BT’s QoS mapping from Ethernet Priority bits to MEF terminology

and MPLS platform implementation.

Table 2.1-4. BT’s Ethernet Connect QoS Prioritization Classes

2.1.2.5.2. Standards [L.29.1 (2nd bullet); C.2.1.2.1.2]

BT will comply with all standards listed in RFP C.2.1.2.1.2 and in future TOs.

2.1.2.5.3. Connectivity [L.29.1 (3rd bullet); C.2.1.2.1.3]

BT will comply with all connectivity instances listed in RFP C.2.1.2.1.3 Ethernet.

1. Intra-Agency LAN-LAN Connectivity: As described above in Section 2.1.2.1,

Understanding, and Section 2.1.2.5.1, Functional Definition, the BT Ethernet

Connect network will enable ETS both CONUS and OCONUS (e.g., over

transoceanic links, as required) to connect to any SDP that forms part of the same

CUG or administrative group.



BT Federal

2. Inter-Agency LAN-LAN Connectivity: BT will support the bridging of one Agency’s

ETS service to another’s at Agency-directed SDP locations.


BT will comply with all Ethernet technical capabilities requirements in Table 2.1.5.

Table 2.1-5. BT’s Ethernet Technical Capabilities

1.



BT Federal

17.

.

2.1.2.6. Reserved

2.1.2.7. Interfaces [L.29.2.1 (6th bullet); C.2.1.2.3]

BT’s ETS is compatible with the interfaces in RFP C.2.1.2.3. BT’s ETS will support use

of these interfaces to provide service between the SDPs.



BT Federal

2.1.2.8. Performance Metrics [L.29.2.1 (7th bullet); C.2.1.2.4]

BT will meet each of the listed Key Performance Indicators (KPIs) and notes

performance levels and AQL of KPIs for Ethernet in RFP C.2.1.2.4.

2.1.3. Optical Wavelength Service [C.2.1.3]

BT is not including Optical Wavelength Service as a component of this initial EIS RFP

response, but will reassess adding this optional service in the future.

2.1.4. Private Line Service [C.2.1.4]

BT is not including Private Line Service as a component of this initial EIS RFP


2.1.5. Synchronous Optical Network Service [C.2.1.5]

BT is not including Synchronous Optical Network Service as a component of this initial

EIS RFP response, but will reassess adding this optional service in the future.

2.1.6. Dark Fiber Service [C.2.1.6]

BT is not including Dark Fiber Service as a component of this initial EIS RFP response,

but will reassess adding this optional service in the future.

2.1.7. Internet Protocol Service [C.2.1.7]

BT is not including Internet Protocol Service as a component of this initial EIS RFP


2.2. Voice Service [M.2.1; C.2.2]

BT describes how it will provide Internet Protocol Voice Services (IPVS) as its

mandatory voice service.

BT will provided Internet Protocol Voice Service (IPVS) as its sole voice offering. IPVS

is provided using Voice over IP protocol standards which are leveraged by all major

telecommunications carriers for transport of all voice services through their core

networks. BT will extend this next generation voice technology directly to Agency

location though both network-based and premise based service architectures allowing



BT Federal

for a greater flexibility for deployment options. IPVS will enable better quality, reliability

and features as compared to legacy voice switched services.

Advanced, site-based IPVS switches can also enable Agencies to move from traditional

circuit switch services to IPVS without requiring new infrastructure in their on-site phone

equipment make IPVS technology integration in a broader CONUS network easier to

budget and implement. The local Advanced IPVS Switch can terminate traditional

handset and building lines directly into the switch thus replacing the traditional PBX and

enable IPVS without needing to replace the traditional circuit switch based handsets.

2.2.1. Internet Protocol Voice Service [C.2.2.1]

BT’s suite of Global Voice Services meets the requirements of the EIS Internet Protocol

Voice Service (IPVS). The suite includes:

One Voice Hosted: Provides fully managed VoIP solution based on Cisco

Hosted Unified Communication Services platform hosted in secure BT facilities

One Voice Enterprise: Offers fully managed, customer premises-based VoIP

solutions

One Voice SIP: Provides industry standard SIP Trunk capabilities to customers

to access the BT Global Voice network

The BT Global Voice network extends to throughout the world. Having regional

interconnection point enables BT to provide an excellent voice experience to end

customers because it directly manages more of the underling network. The Global

footprint is illustrated in Figure 2.2-1 and consists of:

Voice Nodes: Connection points between BT’s network and PSTN at one or

more locations in country

Hosted Voice Nodes. These are facilities that provide secure hosting services

for Hosted VoIP customer services

BT IP Global Connect Network (MPLS). The BT Global Connect network

connects all Voice Nodes, Hosted Voice Nodes, and customer locations with



BT Federal

high-performance and high-reliability data network (shown in Figure 2.1-2). The

components include the OSS and BSS systems that support:

Global Layer 3 MPLS/VPN Services Network: Connects all components

Hosting Services: Supports OSS, BSS, and Hosted Services

PSTN Connectivity: Supports global voice connectivity

EIS Management Services Platform:

Supports EIS MNS

Provides Managed LAN Services to managed premises

equipment/services

Figure 2.2-1.

Provides global connectivity for Voice Services and facilities to support Hosted Voice platforms

for Agency Customers



BT Federal

2.2.1.1. Understanding [L.29.1(A); M.2.1(1), C.2.2.1.1]

The BT IPVS service is provided over the BT Global Connect MPLS network via

secured VPNs for global on-net calling and connectivity. It offers a choice of access

options (MPLS, Ethernet, TDM) and protocol options (including: SIP, H.323, ISDN) to

suit Agency needs. It is engineered to support number porting and fully replace PSTN

connection in an effective resiliency solutions by Routing PSTN traffic over data

networks providing a full PSTN/ISDN service on VoIP technology. It is designed to

Support outgoing and incoming PSTN calls as well as calls to emergency services.

The underlying architecture is based on the BT Global Connect MPLS network. A VoIP

switch in installed at the local facility with new VoIP phones or traditional Circuit Switch

Phones terminated via the Local Area Interfaces. The IPVS Switch is then connected

back to the BT Global Connect MPLS network via the preferred access type available

for that location. At this point the voice call are handled as high-priority data packets. If

the call termination is to another site within the same Agency’s IPVS service from BT, it

will be routed directly to the terminating location and handset without transitioning to

through the PSTN. Likewise, call to another Agency with BT IPVS will route through the

BT network without transitioning to the PSTN.

Calls originating or terminating to an Agency location for outside the BT IPVS network

will be delivered through via BT Session Boarder Controllers to PSTN carrier to carrier

interconnection points. BT will advertise the Direct Inbound Dial (DID) of Agency lines to

the PSTN infrastructure and route call via the BT Global Connect MPLS network.

Because BT connects to multiple PSTN interconnection point in CONUS and OCONUS,

BT will route the call to the optimal PSTN interconnection point based on reliability and

quality, PSTN availability.

Figure 2.2-2 depicts the overall services architecture for the BT IPVS solution.



BT Federal

Figure 2.2-2.

Provides Agencies with required IPVS (VoIP) communications services

There are four (4) major components to this solution:

1. The BT Global Solution is connected via the BT Global Connect MPLS/VPN

network (the same solution basis that provides BT’s EIS VPNS)

2. BT Global SIP Platform, connected to the PSTN via traditional and IP

technology CONUS and worldwide, provides SIP Trunk services for all IPVS

3. Voice Call Services, based on Cisco Unified Communications platform, provides

all required IPVS Hosted Services, features (voice mail) and mandatory features

4. Service Related Equipment: Includes:

Premises-Based VoIP PBX Systems: Support IPVS Enterprise site services

Various VoIP Phone Instruments: Meet range of station requirements (e.g.,

standard, multi-appearance, assistant)



BT Federal

VoIP Analog Telephone Adaptors (ATA): Interface to interface to single or

multiple analog telephone sets

SIP Trunk-to-ISDN Interfaces: Connect IPVS SIP Trunk Service to legacy

premises-based PBXs

2.2.1.2. Quality of Service [L.29. 1(B); M.2.1(2)]

BT will provide Quality of Service as follows:

BT’s delivery approach relies on a combination of technical capabilities, service

automation, and dedicated program/project management:

Technical: BT’s dedicated engineering staff will ensure that technical

capabilities are in place to deliver services and include service features and

sufficient capacity:

For IPVS SIP Trunk, this means support by BT’s Global SIP platform with

extensive CONUS and Worldwide PSTN connectivity

For IPVS Hosted, this means robust infrastructure to support Call

Management software and PSTN access via BT Global SIP network

For IPVS Premises, this means that BT has engineering staff and vendor

relationships for design and engineering to meet customer requirements

Service Automation: BT’s sophisticated BSS environment will ensure

consistency of provisioning actions, strict configuration management, and

escalation to ensure that BT meets service delivery KPIs

Program & Project Management: BT’s program management team has

experience with Government customers in scheduling and coordinating service

delivery, including: requirements verification, site surveys, CPE Service Devices,

and schedule for installation, test, and turn-up

2.2.1.2.1. Deliver

BT’s solution for IPVS draws on BT Global SIP platform and well known

commercial products that exceed EIS requirements.



BT Federal

The IPVS architecture allows services to be delivered using the wide variety of

access circuits available to a MPLS Data network including both legacy private

lines and next generation Ethernet and MPLS access circuits.

Service will be delivered within the customer location based on the specific

services orders and the requirements outlined in the TO. Options include but are

not limited to: Managed Call Managers, VoIP Handsets, and dedicated switch

LAN infrastructure.


BT is a licensed Voice supplier around the global and fully complies to the voice

regulations as specified by each terminating country’s regulatory Agency.

BT’s IPVS service is compliant with the standards and featured specified in the EIS

SOW for IPVS services. Operating a Global Voice infrastructure, BT makes industry

compliance a high priority. BT’s IPVS compliance with the industry standards ensures

quality of service is maintained though highly reliable, repeatable and auditable

interconnections and network specifications. Industry standards include:

1. ITU-T G.711

2. (Optional) ITU-T G.723.x, G.726, G.728, or G.729.x

3. ITU-T H.323, H.350

4. Real-Time Transport Protocol (RTP) IETF RFC 3550

5. Session Initiation Protocol (SIP) IETF RFC 3261

Voice service through the BT core are given the highest Priority class designation within

the MPLS transport layer to ensure any potential network congestion will not affect

voice services. Call are routed through the Global Connect MPLS Core via the best

route available as calculated by advanced network statistics and real time traffic load

and latency to reduce jitter and delver the high call quality possible.



BT Federal

2.2.1.2.3. Scalable

BT’s Global SIP platform handles billions of minutes per month and is constantly

expanding to meet customer demands

BT currently manages more across its One Cloud hosted UC

platforms (basis of BT’s EIS IPVS Hosted solution)

IPVS services allows for increased call volume based on Bandwidth levels rather

than voice channels in a private line. This allows for more calls supported on a

single access circuit and easier upgrade to more bandwidth when compared to

legacy voice circuits.

Voice call are given the highest Class of Service through the BT Global Core

network ensuring any potential network congestion will not affect call quality or

availability.


BT’s IPVS Hosted solution is a “hot-hot” application environment with at least two

geographically diverse Data Centers in each region providing redundant support

for a Hosted Call managers and associated voice traffic routes. At all times, an

IPVS customer is supported by both the Hosted Call Managers and related

applications in both centers:

CONUS centers are Miami and Chicago

100% processing capability for Hosted customers if Data Center failure

Each Hosted service has access over BT MPLS/VPN network to 2+ BT

Global SIP POPs

Customer sites connect to robust BT MPLS/VPN network (basis of BT’s VPNS),

whose reliability and resiliency includes:

MPLS protection mechanisms (e.g., FRR)

Multiple routes and diverse connections between core nodes



BT Federal

Carrier-class equipment (dual power supplies, route processors, dual-router

nodes, etc.)

Carrier-class facilities with dual power feeds and redundant power systems,

each with at least eight hours of backup


Strict configuration management control and operations procedures

Architecture modeling, capacity planning, ability to operate with failures

Comprehensive network and performance monitoring and trouble resolution

supported by two 24x7 Network Control Centers located CONUS and

OCONUS

Reliability and resiliency for premises-based IPVS solution uses industry-best

practices, tailored to requirements and based on carrier class premise based

equipment.

2.2.1.3. Service Coverage (for CBSA-dependent services) [L29.2.1(C); M.2.1(3)]

BT will provide IPVS as with all Mandatory Services in 87 of the top 100 CBSAs; please

see detailed response in Section 1.3, Service Coverage.

In addition to CONUS-based CBSAs, BT’s network includes worldwide infrastructure

supporting services to more than 170 countries and territories directly or through

regional Network-to-Network interconnects and access agreements that enable

seamless CONUS and OCONUS global communication.

2.2.1.4. Security [L29.2.1(D); M.2.1(4a, 4b, 4c(i) through 4c(viii)]

BT Federal has implemented a full range of security systems and protocols to protect its

suite of Voice services and products. BT Federal’s security infrastructure, described in

our Network Architecture in Section 1.4, Security, and further detailed in Attachment

1, EIS Risk Management Framework Plan, provides a robust, low-risk environment for

delivery of BT’s Voice services.



BT Federal

BT Federal performs protective measures to customer communications on its IPVS

network in two ways: IPVS Traffic Security and IPVS/Voice Infrastructure Security.

2.2.1.4.1. IPVS Traffic Security

BT Federal and BT enable network security for IPVS traffic by creating a SIP Trunk

access point of presence (POP). This trunk includes country-specific session border

controllers (SBC) to which customer sites connect. SBCs act as firewalls to the BT

network, provide security, and manage traffic to and from customer sites. BT provides a

SIP Trunk Call Server platform by a system called Open Session Control Server

(OSCS), implemented to control calls to and from customers.

2.2.1.4.2. IPVS/Voice Infrastructure Security

BT Federal and BT implement SBC Access POPs to help prevent unauthorized access

as follows:

Monitoring of IP Addresses and connection

Allowing access only via dedicated TCP/UDP ports

Limiting call attempts to prevent denial of service (DoS) attacks

Providing dedicated customer VPN—no other BT users or BT customers have

access to these dedicated VPNs

Controlling traffic volume for each connection/customer individually

Providing protection for operational systems through firewalls for network access

Providing Terminal Access Controller Access Control System Plus (TACACS+)

that allow authorized access only

Providing connection points to other carrier network with incremental anomaly

monitoring for any activities that might risk BT customer data or infrastructure

BT Federal and BT have physical facilities that serve its "One Voice" product suite

(Hosted, Enterprise, and SIP). BT has distributed these facilities geographically,

CONUS and OCONUS. BT’s diverse distribution model provides a highly agile, flexible

service. BT has deployed One Voice services by using dedicated firewalls, access lists,



BT Federal

Virtual Local Area Networks (VLANs), Virtual Routing Fields (VRFs), and physical

separation from other offered services. BT’s combining of these features and

configurations provide appropriate levels of security enforcement at the BT Point of

Presence (POP) site for IPVS applications and services. BT will deploy all required

technologies to provide high-level security.

To separate traffic completely, BT Federal will have each Agency’s IPVS

implementation placed in either a separate VRF at a Layer 3 level or a separate VLAN

at the Layer 2 level, based on required access type.


BT provides its Service and Functional Description in the following sub-sections.

2.2.1.5.1. Service Description

BT provides the following IPVS descriptions.

Network-Based Hosted IPVS

As Figure 2.2-2 shown above, BT’s solution for IPVS provides capabilities for both

hosted voice services as well as voice services provided via premises-based equipment

and software. In both, these connect over the BT Global Connect MPLS/VPN IP

network (e.g., VPNS and ETS connect to customer sites under EIS) and to underlying

infrastructure that supports origination and termination of CONUS and global voice call

(i.e., BT Global SIP platform, described in Section 2.2.1, IPVS).

BT’s IPVS Hosted solution uses the on the Cisco Unified Communication Platform.

BT’s One Voice Hosted services are delivered via dedicated instances of the following

applications:

Unified Call Manager Cluster (UCM Cluster): Scalable, distributable, highly

available enterprise-class calls-processing solution for voice, video, and mobility

applications

Unity Connection (UCxn): Provides Voice Mail and Unified Messaging Services



BT Federal

Unified Premium Attendant Console (UPAC): Windows-based operator

console

As Figure 2.2-3 depicts, BT provides a full range of standard and options IPVS

features. In addition, the solution enables integration with existing systems and Unified

Communications applications from Microsoft, IBM, Google, and Skype for Business.

Figure 2.2-3. BT’s “One Voice” Hosted Solution for IPVS.

Offers scalable, business grade hosted environment to optimize Agency requirements

Premised-Based IPVS

BT will use a selection from leading VoIP switch providers to support the IPVS

Premises-based service. Based on TO requirements, BT will implement a solution that

may include:



BT Federal

Premised-Based IPVS can handle thousands of users or just a small office

environment. It enables locations to integrate both traditional and IP voice networks into

a single call operations model combining the costs saving of internal IP based calls

within a WAN between geographically diverse office locations and the traditional circuit

switch voice service or next generation IP voice trunk for calls to the public switch

telephone Network (PSTN).

The exact type of Premise-Based solution will depend on the TO level requirements and

the scope of the facilities that are to be supported. The IPVS switch will be selected

based on the features specified in the TO will be installed in Customer provided Data

room and will be connected to the TO specified internal voice Infrastructure. BT will

manage the installation and activation of the VOIP and ensure proper operation.

Managed LAN Service

BT will provide Managed LAN Service as part of IPVS. This service is provided by the

BT Federal MNS services, staff, and processes. Details appear in Section 2.2.1.6,

Managed LAN Services.

SIP Trunk Service IPVS

BT’s Global SIP platform forms the basis for BT’s solution for the provided IPVS SIP

Trunk Services. Details appear in Section 2.2.1.7, Session Initiation Protocol (SIP)

Trunk Service.

2.2.1.5.2. Functional Definition [L.29.2.1 (1st bullet); C.2.2.1.1.1]

BT bases all BT IPVS solutions on combination of:

BT’s Global SIP network for connection to the PSTN

BT’s Hosted VoIP Call Management Platform (based on Cisco Hosted Unified

Communications platform)

BT’s Global MPLS/VPN network (basis for BT’s VPNS solution for EIS)

Selected Best-In-Class Premises-Based VoIP PBX solutions, tailored to TOs



BT Federal

Other SRE elements (e.g., Analog Telephone Adaptors, Ethernet Switches) able

to deliver complete customer solutions

BT’s MNS for EIS to support IPVS Managed LAN Service

BT’s IPVS solutions support voice calls between on-net IPVS customer locations within

a private voice dialing plan and between on-net and off-net locations through the BT

Global SIP network’s PSTN integration. In all cases, BT will provide direct dialing.

2.2.1.5.3. Standards [L.29.2.1 (2nd bullet), C.2.2.1.1.2]

All BT’s IPVS solutions will comply with all listed mandatory standards, as well as two of

the optional CODECs:

ITU-T G.711

ITU-T G.726, G.729A

ITU-T H.323, H.350

Real-Time Transport Protocol (RTP) IETF RFC 3550

Session Initiation Protocol (SIP) IETF RFC 3261

2.2.1.5.4. Connectivity [L.29.2.1 (3rd bullet), C.2.2.1.1.3]

The BT Global SIP network, which supports all BT IPVS services, connects to the

CONUS PSTN. This enables connectivity to all devices accessible over the PSTN,

whether CONUS (domestic), OCONUS (non-domestic), wireless or wireline, other EIS

IPVS solutions, or satellite-based voice networks (if part of the PSTN).


BT’s One Voice suite of products (Hosted, Enterprise, and SIP) allows the Government

unlimited on-net to on-net and on-net to CONUS off-net calling to CONUS, OCONUS,

and Non-Domestic locations. These products also provide the capabilities that enable

IPVS users to establish and receive telephone calls between both on-net locations and

the PSTN.

BT’s IPVS allows for remote access capabilities where an end user can use any

landline or cell phone to receive phone calls as if they were on their VoIP phone. This is



BT Federal

enabled through call-forwarding feature for both Land-line and Mobile or through a BT

Mobile application.

While traditional landlines do not support call origination as if on a VoIP phone due to

call setup standards of PSTN landlines, Data enabled devices such as Mobile phones

and computer can be supported through BT software applications to emulate full VoIP

experience for the end user.

BT’s One Voice suite of products are full-service voice and data IPVS technologies

enabling BT to support all of the mandatory capabilities as required by the Government,

including:

1. Real time transport of voice, facsimile, and TTY communications

2. Real time delivery of Automatic Number Identification (ANI) information (when

provided from the originating party)

3. Interoperability with public network dial plans (e.g., North American Numbering

Plan and ITU-E.164)

4. Interoperability with private network dial plans and support direct dialing

5. Interoperability support for non-commercial, Agency-specific 700 numbers

6. Provide access to public directory and operator assistance services

7. Provide unique directory numbers for all on-net Government locations, including

support for existing Government numbers.

8. Provide the capability to initiate automatic callback

9. Support 3-way calling

Gateways

BT will provide all necessary gateways for interoperability with the PSTN to support

IPVS as well as devices to support telephone station UNIs. BT will support standards

based UNI interoperability as specified in TO.



BT Federal

User Gateway

BT will provide non-proprietary User Gateways. These include Analog Telephone

Adaptors to support analog stations, as well as IP to ISDN BRI and PRI gateways and

will enable non-IP telephones devices to interoperate with BT’s IPVS offering.

PSTN Gateway

The PSTN Gateway function is provided by the BT Global SIP platform and provides

transparent access and interworking with domestic and non-domestic PSTNs.

Station Mobility

The BT IPVS Hosted solution provides station mobility as a standard capability. BT will

also configure IPVS Premises-based solution to support station mobility.

Interoperability with Local Firewalls

BT’s IPVS uses standards-based ports and protocols and therefore will traverse with

Agency firewalls and other security layer devices. The BT Program team will work with

the Agency to ensure that the Agency’s firewall is compatible with BT IPVS and provide

documentation of the needs firewall rulesets needed to enable the service to traverse

the Agency firewall to the VoIP station equipment.

As detailed in Section 1.4, Security, the Systems Security Plan, and in Attachment 1,

EIS Risk Management Framework Plan, BT Federal will take all measures to protect

all Government communications that are associated with this deployment. This includes

deployment of BT’s robust SIP-specific gateway security and components (appliances

and software) including SIP firewalls where available, BT Federal’s network

operations/management sites and Government approved components at points of entry

to Government sites.

Denial of Service (1)

BT’s system and communication protection strategy provides a disciplined and

structured process that integrates information security and risk management activities

into the system development life cycle. This strategy aligns with NIST Risk Management

Framework NIST SP 800-37 and NIST SP 800-53 R4 control objectives. BT leverages a



BT Federal

full spectrum of leading edge and industry standard cybersecurity technologies and

techniques specifically focused on protection of its communications services. This starts

at the physical layer with hardened access control security, explicate logical access

rights in a need-to-know environment to all BT Core Equipment, unused interfaces

deactivated and logs collected regularly. Security practices continue through to the

operational layer where BT uses a global mesh of highly trained cyber analysts, security

engineers and intelligence experts to manage and monitor the network. This mix of

People, Process and Technology ensures the highest level of system and

communication protection for its customers’ data. At the center is BT’s big data

architecture, BT Assure Cyber.

BT services and underlying infrastructure is protected by BT’s own BT Assure Cyber

product. Assure Cyber brings together event data and telemetry from a rich variety of

sources including business systems, traditional security controls and advanced

detection tools. Vulnerabilities and incidents which would previously have taken days,

even weeks, to investigate and respond to, can now be identified and acted on

immediately. It uses a number of advanced analytics engines to detect subtle threats

within the monitored environment. It then overlays real time threat intelligence and puts

those threats into context within the vast array of events presented to cyber analysts

and security professionals that would otherwise distract attention from priority incident

analysis. At the core of the Assure Cyber architecture is a “super correlation” engine

that uses advanced mathematics to pick out anomalies from within human and machine

orientated traffic and identifies Hacker, Malware, worms, virus and other aggressive

events in the network that may deny legitimate users from accessing IPVS.

Additionally, BT deploys firewall applications to deny access to particular IP addresses,

automatically or manually in response to suspicious event or denial of service (DoS)

attacks. BT continuously receives latest known exploits identified by various agents and

vendors. A list of known offenders and indicators will be updated on our server as they

are identified, thus blocking specific addresses. BT will modify the probe if the abnormal

behavior becomes routine. This complements BT Assure Cyber anomaly detection

methods to gain a heightened situational awareness beyond that achievable with a



BT Federal

single method of detection and analysis. Together, unauthorized behavior in the BT

Core Service layer is detected early and mitigated before it can adversely affect

legitimate customer traffic.

BT Customer networks are individually segmented in the MPLS using distinct Virtual

Router Forward (VRF) and Virtual Local Area Network (VLAN) assignment to limit the

ability of any one customer influencing or penetrating another customer within the BT

Services environment. Additional security elements for IPVS are described in 3.2.1.4.2.

Intrusion (2)

BT will implement Intrusion Detection Systems (IDS) for all deployed firewalls on

Government sites served as a routine part of BT One Voice solution implementation.

The IDS probes will continuously monitor the devices on the network and collect and

analyze firewall logs to detect attacks and allow for mitigation of illegitimate attempts to

gain access to the network. These probes identify both abnormal traffic arriving at the

Firewall and ‘known’ attacks via the use of IDS signatures.

Invasion of Privacy (3)

BT will ensure IPVS privacy by configuring Privacy features on the phones and all other

deployed appliances to the extent available and possible. Dedicated line are inherently

private with IPVS details such as communication number, IP address protected based

on the provisioning features enabled by the Agency TO.

For shared lines, the privacy feature enables phone users to block other users who

share a directory number from seeing current call information, resuming a call, or

barging into a call on the shared line. Users can choose to activate privacy feature

(on/off toggle) when they receive incoming call on a shared line. The privacy state is

applied to all new calls and current calls owned by the phone user. Privacy is enabled

for all phones in the system by default. The Privacy on Hold feature prevents other

phone users from viewing call information or retrieving a call put on hold by another

phone sharing the directory number. Privacy on Hold is disabled for all phones in the

system by default. BT can enable Privacy on Hold globally for all phones. In addition,



BT Federal

Call Detail Records (CDR) will be secured in the BT One Voice solution servers and can

only be accessed by designated personnel.

Emergency Service

BT is a participant telephone service provider in the “911 emergency service” program

and supports 911 and E911 services. BT has configured the BT Global SIP platform to

link a 911 caller to the correct Public Safety Answering Point (PSAP), based on the

North American Numbering Plan (NANP), to an emergency dispatch center Public-

Safety Answering Point (PSAP).

Local Number Portability

BT’s IPVS solution complies with Local Number Portability (LNP) requirements.

2.2.1.5.6. Features [L.29.2.1 (5th bullet); C.2.2.1.2]

BT’s IPVS solution delivers all mandatory and standard features as required by the

Government.

The “Description” column of Table 2.2-1 explains how BT’s One Voice suite of features

satisfies the mandatory IVPS requirements of the Government.

Table 2.2-1. Mandatory IPVS Features [C.2.2.1.2]

ID

Number

Name of

Feature Description Mandatory IVPS Features Offered by BT

BT

Compliant

1 Voice Mail

Box-

Voice mail capability that includes voice messaging transmission,

reception, and storage 24x7 except for periodic scheduled maintenance.

Yes

At least 60 minutes of storage time (or 30 messages) Yes

Ability to remotely access voice mail services Yes

Secure access to* voice mail via a password or PIN Yes

Automatic notification when a message is received Yes

Minimum message length of two minutes Yes

Capability to record custom voice mail greetings. This capability can be

administered on a station basis according to the ordering Agency’s needs.

Yes

Send an email with a WAVE (.wav) file attachment of each voicemail

message received by users of this feature to the email address that the

user designates

Yes



BT Federal

ID

Number

Name of

Feature Description Mandatory IVPS Features Offered by BT

BT

Compliant

Provide users the capability to add other notification devices / email

addresses or to update email information and email preferences when

receiving and forwarding messages through a secure user web portal.

Yes

2 Auto

Attendant

Auto Attendant allows callers to be automatically transferred to an

extension without the intervention of an operator.

Provide capabilities allowing callers to dial a single number for high volume

call areas and to select from up to nine (9) options to be directed to various

attendant positions, external phone numbers, mailboxes or to dial by name

or extension at a minimum.

Yes

3 Augmented

911/E911

Service

Appropriately populate a 911 Private Switch/Automatic Location

Identification (PS/ALI) database with the Government’s profile which shall

include all the users’ telephone numbers, station locations, building

location, building address, building floor, and room number during service

implementation. The contractor shall provide secure remote access to the

Government via a client or a web browser to allow the Government to

maintain the Government’s profile on an ongoing basis (e.g., to account for

moves, adds, deletions, or other changes).

Ensure these Government profile updates are reflected in the PS/ALI

database.

Yes

BT includes these further details:

1. Voice Mail Box: For host IPVS, this is a native feature of the

nfigured by BT. For premises-based IPVS, BT

will ensure that the platform selected and its configuration meet the feature’s

requirements.

2. Auto Attendant: For host IPVS, this is a native feature of

configured by BT. For premises-based IPVS, BT

will ensure that the platform selected and its configuration meet the feature’s

requirements.

3. E911: For hosted IPVS, all voice features are provided by the implementation of the

configured by BT.



BT Federal

This includes the connection to the appropriate Public Safety Answer Points

(PSAPs). natively supports the configuration of Enhanced 911

services and the ability for an Agency to use Web-based interface to make

administrative changes to keep the Private Switch/ Automatic Location Identification

(PS/ALI) database current. For premises-based IPVS, BT will ensure that the

platform selected and its configuration meet the feature’s requirements

Table 2.2-2 shows BT’s One Voice suite has features that satisfy the mandatory 23

standard requirements of the Government per RFP 2.2.1.2.

Table 2.2-2 Mandatory Standard Features [C.2.2.1.2]

No. Description Standard Features BT Compliant

1. Caller ID Yes

2. Conference Calling Yes

3. Do Not Disturb Yes

4. Call Forward – All Yes

5. Call Park Yes

6. Hotline Yes

7. Call Forward – Busy Yes

8. Call Pickup Yes

9. Hunt Groups Yes

10. Call Forward – Don’t Answer Yes

11. Class of Service Restriction Yes

12. Multi-Line Appearance Yes

13. Call Hold Yes

14. Distinctive Ringing Yes

15. Directory Assistance Yes

16. Call Transfer Yes

17. Call Waiting Yes

18. Speed Dial Yes

19. Call Number Suppression Yes

20. Specific Call Rejection Yes

21. Last Number Dialed Yes

22. IP Telephony Manager (Administrator) Yes

23. IP Telephony Manager (Subscriber) Yes

The EIS IPVS mandatory standard features are native features

onfigured by BT. For premises-based IPVS, BT will



BT Federal

ensure that the platform selected and its configuration meet all mandatory requirements

and features.

2.2.1.5.7. Interfaces [L.29.2.1 (6th bullet); C.2.2.1.3]

BT uses industry standard interface types, compatible with services in Table 2.2-3, for

our Routers, LAN connections (e.g. RJ-45), and Network connections to wiring racks.

BT will accommodate interface standards of standard IEEE 802.3 inline power for the

GFE phones as specified in RFP C.2.2.1.3.

Table 2.2-3. BT’s Compliant IPVS Interfaces

UNI Type Interface Type and

Standard

Payload Data Rate

or Bandwidth

Signaling Type BT’s

Compliance

1 Router or LAN Ethernet port:

RJ-45 (Std: IEEE 802.3)

Up to 100 Mbps SIP (IETF RFC 3261),

H.323, MGCP, or SCCP

Yes

2.2.1.5.8. Performance Metrics [L.29.2.1 (7th bullet); C.2.2.1.4]

BT will meet all KPIs as called out in the RFP C.2.2.1.4. BT will measure KPIs between

the BT-supplied devises and will report to the Supported Agency via the BT Federal

BSS web portal or through direct communication if specified in the TO. KPI specification

will serve as the base for SLA and will automatically drive trouble ticket creation and

escalated work flows (based on the severity and impact of the trouble).

2.2.1.6. Managed LAN Service [C.2.2.1.5]

BT will provide Managed Local Area Network (LAN) Services to support all designated

equipment at IPVS sites. Details appear in following sub-sections.

2.2.1.6.1. Hardware Components and PoE [C.2.2.1.5]

BT will provide equipment from site demarcation for Data Transport Service (e.g.,

VPNS, ETS) to the handsets. As Figure 2.2-4 shows, this includes equipment such as:

LAN Switches, including those that support Power Over Ethernet (PoE)

VoIP handsets of a range of capabilities

Any provided firewalls



BT Federal

Other equipment (e.g., Analog Telephone Adaptors) for legacy analog handsets

Equipment/Software to support premises-based VoIP Services (e.g., servers)

Figure 2.2-4. BT’s Site for Typical Managed LAN Service

Offers BT’s management and support plus site equipment for end-to-end IPVS quality,

performance and availability

BT provides its Managed LAN Service as a tailored version of its EIS Managed Network

Services (MNS). As described in Section 2.8.1, Managed Network Service, BT will

tailor the engagement of its MNS support. MNS will be able to provision and provide full

lifecycle support and management of the LAN equipment.

2.2.1.6.2. Management, Maintenance, Repair/Replacement [C.2.2.1.5]

BT will provide, manage, maintain, and repair or replace all equipment necessary to

provide the Managed LAN Service to the Government. This will exclude portions of the

service for which the Government is responsible (e.g., power, facilities, rack space,

cabling/wiring, etc.).

BT NOC will provide management for MNS. As described in the Section 2.8.1,

Managed Network Service, BT will work with Agencies to develop full Concept of

Operations (CONOPS), support model, and NOC instructions so procedures go into

place to coordinate all activities to repair or replace affected Managed LAN equipment.



BT Federal

This also includes tracking all warrantee information and Return Material Authorizations

(RMA), as appropriate for the manner in which the equipment acquired by an Agency.

2.2.1.6.3. Technical Capabilities [C.2.2.1.5]

In additional to the standard IPVS Technical Specification addressed in 3.2.1.5 of this

document, BT will provide all technical capabilities of the Managed LAN service as

specified and described below

Hardware and Licensing [C.2.2.1.5(1)]

BT will provide all hardware and licensing to extend the IPVS site demarcation point to

the termination device for both hosted and premises based solutions. In the case of an

on-premises solution this includes any hardware or licensing necessary to support on-

premises call processing (e.g., call manager, IP PBX, etc.). BT will provide all necessary

licensing for all Voice Gateways at Government premises.

Hardware/Software Interoperability [C.2.2.1.5(2)]

BT will collaborate with ordering Agencies for cabling infrastructure including cat

5,5E,6,6A and single- and multi-mode fiber as well as identify any existing cabling

limitations applicable at the customer facility during initial site survey. BT will propose

corrective actions where required and deploy BT-controlled Site equipment and cabling

per guidance on individual TO and authorized site representative.

Maintenance and Upgrades [C.2.2.1.5(3)]

BT will be responsible for the ongoing maintenance and upgrades of BT-owned

equipment used to provide the Managed LAN Service. Maintenance and upgrades of

the equipment will be performed at no cost to the Government within the TO scope and

as required to meet contracted services level agreements. The BT MNS NOC will

perform these activities.

Installation Time Intervals [C.2.2.1.5(4)]

For sites that already have Managed LAN Service, BT can have new user devices

installed by an end-user on site. In this case, after order, BT will express-ship the new



BT Federal

device (with instructions for user installation) within 5 business days of confirmed order

by an Agency.

In cases where user self-installation is not desired by an Agency, BT will propose

installation time intervals based on specific TO requirements. BT will deliver a user

device implementation plan with the response to a TO.

No Wireless Devices or Components [C.2.2.1.5(5)]

BT’s managed LAN service will not include any wireless devices unless requested and

approved by the Government (OCO).

No Other Services [C.2.2.1.5(6)]

BT’s Managed LAN service will not support other services (e.g. data, video, etc.) unless

requested and approved by the Government (OCO).

Authorized Devices [C.2.2.1.5(7)]

BT will install, operate, and manage only authorized devices (as determined by ordering

Agency) on Managed LAN Service. To ensure compliance, BT recommends that

configuration of LAN equipment with “LAN Port Security.” This will ensure that only

authorized devices can operate on the Managed LAN Service.

Monitor, Manage, Restore [C.2.2.1.5(8)]

BT will monitor, manage, and restore the Managed LAN Service on a 24x7 basis using

the BT MNS NOC.

Specific LAN Management Activities [C.2.2.1.5(9)]

BT’s MNS will form the basis of providing IPVS Managed LAN Service, as described

more fully in Section 2.8.1, Managed Network Service.

BT’s EIS Support Staff will perform detailed analysis of each TO and identify the range

of activities needed to support the requirements successfully. They will coordinate this

analysis in coordination with the Agency and will identify activities that remain Agency

responsibilities. Capabilities of the Managed LAN Service are supported by the BT



BT Federal

Federal BSS management interfaces and will support the following functions (and

therefore would not necessarily be the Agency customer’s responsibility.

Configuration Management: BT personnel will work with designated

representative to define configuration base lines, implement the configuration

and validate compliance

Moves, Adds, Changes, Disconnects (MACDs): BT personnel will work with

the designated representative to coordinate MACDs of physical circuits and

equipment and the configurations required to maintain service in the new

topology.

Service/Alarm Monitoring and Fault Management: BT personnel will actively

monitor alarms though the BT NOC. BT will inform the designated representative

of any active faults in the network and status on resolution.

Ticket Creation: Please see below details under “Proactive Notification”

Proactive Notification: Please see below details under “Proactive Notification”

Trouble Isolation and Resolution: Please see below details under “Escalation

for Trouble Tickets”

Proactive Notification [C.2.2.1.5(10)]

The BT MNS NOC, performing Managed LAN Service, will monitor all designed

equipment for major and minor alarms. Alarms will create Trouble Management tickets.

The NOC systems and procedures will ensure that ordering Agency-designated Points

of Contact will receive a proactive notification e-mail (or other methods identified in TO)

within 15 minutes of alarm detection.

Escalation for Trouble Tickets [C.2.2.1.5(11)]

BT has established and will put in place (upon TO initiation) a systematic, step-by-step

process and associated procedures to report issues and escalate when necessary to

higher levels for remediation of the issues. BT will identify escalation authorities and

define the escalation path for trouble tickets for both network and hardware issues for

each service location upon task order awards. In all cases, the Managed LAN Service



BT Federal

trouble management processes will coordinate with all aspects of the voice service

delivery including:

Managed LAN Equipment

Site Network Connectivity (e.g., VPNS, ETS)

IPVS

Steps and timeframes of this process include:

Ticketing: Occurs in following ways:

NOC responds to internally generated trouble ticket

Customer enters ticket into system

NOC Level 1 staff enters ticket details into trouble ticketing system based on

customer email or phone call to NOC

Level 1: Identify and analyze issue, its severity, and its source quickly; search

knowledge-base of issues for previous instances/solutions; proceed to help caller

fix issue; if unsuccessful within 2 hours, escalate to Level 2

Level 2: Receive escalated ticket; evaluate analysis and actions taken at Level 1;

further analyze, retrace, and examine more details of issue and potential cause;

create trouble tickets with other services (e.g., IPVS, VPNS); work with those

services’ NOCs as required; proceed with solution more technically suitable to

situation; if unsuccessful within 4 hours, escalate to Level 3 SME

Level 3: Retrace problem; try to recreate with help of initial reporter; create

trouble tickets with other services (e.g., IPVS, VPNS); work with those services’

NOCs as required; reach out to other experts; identify root cause and appropriate

solution within 48 hours

Level 4: Escalate to vendor for advanced trouble management

In all cases, BT will update the current Managed LAN Services trouble management

system (visible by the user) and inform the user (initial reporter of trouble) on a regular

basis regarding actions of the NOC team until issue resolution.



BT Federal

2.2.1.7. Session Initiation Protocol (SIP) Trunk Service [C.2.2.1.6]

Session Initiation Protocol (SIP) Trunk Service provides direct IP connection between a

SIP-enabled PBX system on an Agency’s premises and BT’s SIP-compliant IPVS

network. As Figure 2.2-2 shows, BT provides SIP Trunk via its BT Global SIP (GSIP)

network, authorized via BT GSIP Session Boarder Controller and managed by BT GSIP

call management platform. Calls originating from locations supported by SIP trucks will

be routed through the BT network directly to the on-net number termination within the

BT IPVS network or to the PSTN for handoff to the terminating off-net providers for the

destination number.

2.2.1.7.1. Technical Capabilities (C.2.2.1.6.1)

BT’s IPVS SIP Trunk will enable both on-net and locations on the PSTN. The BT Global

SIP network will provide SIP Trunk, which connects CONUS and worldwide to the

PSTN.

2.2.1.7.2. Features (C.2.2.1.6.2)

BT IPVS SIP Trunk provides the following features:

1. Automatic call routing

2. Bandwidth QoS management

3. Trunk bursting

4. Telephone number blocks (DID)

2.2.2. Circuit Switched Voice Service [C.2.2.2]

BT is not including Circuit Switched Voice Service as a component of this initial EIS

RFP response, but will reassess adding this optional service in the future.

2.2.3. Toll Free Service [C.2.2.3]

BT is not including Toll Free Service as a component of this initial EIS RFP response,




BT Federal

2.2.4. Circuit Switched Data Service [C.2.2.4]

BT is not including Circuit Switched Data Service as a component of this initial EIS RFP


2.3. Contact Center Service [C.2.3]

BT is not including Circuit Switched Voice Service as a component of this initial EIS


2.4. Colocated Hosting Service [C.2.4]

BT is not including Collocated Hosting Service as a component of this initial EIS RFP


2.5. Cloud Service [C.2.5]

BT is not including Cloud Service as a component of this initial EIS RFP response, but

will reassess adding this optional service in the future.

2.6. Wireless Service [C.2.6]

BT is not including Wireless Service as a component of this initial EIS RFP response,


2.7. Commercial Satellite Communications Service [C.2.7]

BT is not including Commercial Satellite Communications Service as a component of

this initial EIS RFP response, but will reassess adding this optional service in the future.



BT Federal

2.8. Managed Service [C.2.8]

2.8.1. Managed Network Service [C.2.8.1]

BT has a significant experience in

providing managed services.

Commercial examples include:

BT Advise: Provides Information

Technology (IT) professional and

consulting services including

networking and unified communications services

BT Assure: Provides Identify & Access Services, Security Consulting,

Engineering, Managed Security Services, and Security Intelligence

For the baseline contract BT has created the organization, processes, and systems

needed to respond to the mandatory Managed Network Service (MNS) service.

Based on Agency TO requirements, MNS will:

Manage delivery of transport and other services

Develop network and other complex IT solutions

Provide labor necessary for installation, configuration, sustaining engineering,

and NOC and SOC services

Provide required equipment for services

Provide maintenance and repair of SRE (LAN and WAN)

Take full responsibility (or as specified) to coordinate all EIS services (and others

directed by Agencies) to direct and monitor provisioning, changes, repair, and

maintenance activities to manage and ensure functionality and performance of

associated Agency systems

BT’s Managed Network Services

Service planning and solution engineering

Solution implementation (incl. labor and equipment)

Service provisioning

End-to-end Service Management (incl. LAN routers

and WAN)

Service assurance (performance management and

SLA management)



BT Federal

The following sub-sections describe BT’s approach and capabilities to meet the

requirements of the EIS Managed Network Service (MNS) and to ensure successful

outcomes for the Government.

2.8.1.1. Understanding [L.29.1(A); M.2.1(1)]

BT understands the elements to meet the Government’s MNS requirements. BT’s

Architecture, detailed in Section 1.1, Understanding, incorporates MNS into the BT

Federal EIS Management environment that specifically address EIS requirements,

including functionality and National Security Policy areas.

BT’s comprehensive approach for providing MNS includes:

Organizational Structure: BT has created a structure which combines Program

Management, Project Management, Network Design, Engineering, Maintenance,

and Operations in a collaborative approach to understand customer requirements

and objectives and to drive successful implementation, execution, and operations

for EIS Government customers.

Process Structure: BT has incorporated processes for the EIS TO process.

Network Management Operations Center (NOC): BT has created a CONUS-

based management system with fully trained, qualified network operations staff,

who will operate in a flexible environment to support baseline EIS requirements

and will expand capabilities to meet specific TO needs.

Engineering Teaming: BT has and will continue to team with companies that

have specific knowledge and understanding to better create, implement, and

provide long-term support EIS customer requirements.

Vendor Relationships: BT has “premier” status relationships with all major

equipment vendors (e.g., Cisco, Juniper, Avaya, Microsoft) to support the

engineering and development of solutions.

Lab Facilities: BT and partners and vendors have extensive lab facilities to

develop and test solutions, as well as support Network Operations Center

integration of Agency TO-specific requirements



BT Federal

2.8.1.2. Quality of Service [L.29. 1(B); M.2.1(2)]

2.8.1.2.1. Deliver

BT will base delivery of MNS on Quality Program Management Staff and Engineers:

PM: Program Management Professional (PMP)-certified

Lead Engineer: Appropriate certifications, such as CCIE

Lead Operations Manager: 10+ years of relevant operations experience

Robust and Proven Processes: Focus on ensuring Agency requirements are

captured in schedule, concept of operations, EIS services configurations, and

acceptance criteria

Robust System Design: BT’s design will ensure end-to-end performance risk

reduction before deployment:

NOC Systems: Have high-availability design and redundancy. To meet

specific TO requirements, BT can create additional NOC for geographic

diversity or other special requirements

Lab Testing: Ensures delivered capabilities meet Agency requirements for

proposed solutions


BT’s MNS meets all the baseline EIS requirements. The flexible and configurable

design of the BT solution, and the associated processes, enables customization to

address TO requirements.

2.8.1.2.3. Scalable

BT’s MNS solution provides scalability:

Access to additional quality staff from BT as well as capabilities brought by our

team members to support program management, design engineering, testing,

and implementation



BT Federal

NOC systems are scalable to support thousands of devices under management

plus operations staff to support Agency workloads and additional Agencies


MNS systems are provided on a robust infrastructure with on-site redundant resources

to ensure high-availability of As shown in the design, NOC systems are

accessible over an Agency’s EIS transport network or via a secure VPN to enable NOC

operation in the event that the primary NOC staff location is inaccessible.

In addition, based on TO requirements, BT can instantiate another completely

redundant NOC environment to ensure COOP/DR system resiliency.

2.8.1.3. Service Coverage (for CBSA-dependent services) [L29.2.1(C); M.2.1(3)]

BT’s MNS is not CBSA dependent:

Devices can be managed via network connectivity from any provider

Program Management, Engineering, Design, and Operations services are

available to Agencies regardless of their CBSA-based services needs

BT will provide implementation (equipment, labor) based on TO requirements

2.8.1.4. Security [L29.2.1(D); M.2.1(4a, 4b, 4c(i) through 4c(viii)

BT Federal has implemented sound policies for securing and protecting services and

infrastructure that ultimately provide a secure environment for Agency customers. BT

Federal’s NIST-800 lifecycle policies guide the standards, tools and techniques BT

Federal uses to detect service failures, misconfigurations, or deliberate attacks, respond

to them and recover from such business-interrupting incidents in the most effective

manner. See Section 1.4, Security, for details about how Security for BT’s NOC MNS

lies within BT Federal security boundaries.

For MNS, BT Federal will provide continuous monitoring of each device under

management. Monitoring will include performance and health. It will also configurations

change, anomalous activities associated with unauthorized access to the device, and

management infrastructure. By using NIST-800-53v4 as its foundation, BT Federal will



BT Federal

manage and monitor each managed device to ensure high levels of both device

protection and of customer network protection.

To support its MNS infrastructure, the BT Federal BSS’s design will meet and provide a

Moderate System classification in support of Agency customers. BT Federal BSS

architecture will meet FIPS 199, “Standard for Security Categorization of Federal

Information and Information Systems,” for minimum of a Moderate Impact Level. BT

Federal has designed its security and risk plan, able to operate within requirements of

FISMA, FIPS, NIST, ICD, and DODI, as well as to specific Agency customer

requirements.

The BT Federal BSS provides

for compliance with FISMA, FIPS, Presidential and Agency Directives, and NIST

standards. It also provides more specifically controls in NIST SP 800-53R4 that support

cyber resiliency.

. BT Federal

characterizes controls in terms of the resiliency. BT Federal has identified factors to

consider when selecting, tailoring, or implementing controls to improve cyber security

and resiliency to reduce risk. In this way, BT Federal will apply federal security

standards, such as FISMA and NIST, to each TO at BT Federal BSS security boundary,

as well as the infrastructure that provides MNS and remote VPN services. BT Federal

will manage solution components of third-party vendor. These may include pass-

through security and compliance provisions.

BT Federal will maintain separation of Agency information at BSS and operational levels

as key areas of protection engineered into BT Federal’s operational delivery

capabilities. The Government, however, will apply such standards, as outlined by GSA,

FISMA, and NIST guidance when transferring data to BT Federal. Such standards may

to include encryption of data transferred from and to other Agencies and for

Government-owned, -managed or -provided non-BT Federal systems.



BT Federal


When MNS is used with a single EIS service (e.g., VPNS) or a group of EIS services

(e.g., VPNS, Ethernet, voice service, and cloud IaaS) requested in a TO, those services

will have the functionalities of a managed service (i.e., Managed VPNS, Managed

Ethernet, Managed voice service, and Managed Cloud IaaS).

BT will use appropriate labor and equipment as defined in RFP C.2.10 Service Related

Equipment and RFP C.2.11 Service Related Labor in the TO. The BT MNS solution is a

comprehensive set of capabilities that combine process, people, and technology to

create an end-to-end and life-cycle focused management environment with the focus on

ensuring the availability and reliability of today’s complex Agency networks service and

their support local equipment. MNS will use SRE and SRL to meet TO requirements. BT

has a robust reach back to the entire BT Global Organization to identify any required

equipment and assign direct labor support for any TO.

Figure 2.8-1 shows the basic program structure BT uses to support MNS customers.

Figure 2.8-1. BT’s MNS Organization.

Provides proper organization for efficiently executed services.

Specific responsibilities of each functional area include:

Project Manager (PM): Ensures outcome of MNS activity; serves as primary

communication channel for Agency customer on coordination and status;

finalizes Concept of Operations (CONOPS) that combines technical and

operational aspects of solution to deliver and operate for customer, including all

aspects of SRE and SRL defined in TO and over TO lifecycle



BT Federal

Lead Engineering Manager (LEM): Details technical implementation of

requirements of Agency customer; engages technical Subject Matter Experts

(SMEs) to address requirements from designing network routing to full Security

Service implementation and Secure Operations Center rollout; includes

sustaining engineering and Tier 3 support; manages engineering SRL

Service Delivery Manager (SDM): Executes site implementation activities

across EIS services (e.g., VPNS, etc.), within NOC; schedules customer site

implementations, transitions, test, and turn-up.

NOC Manager: Manages NOC operations (24x7x365 operations staff,

development of TO-specific monitoring, reporting, customer NOC interactions);

ensures Tier 1/2 activities and performance; manages operations-related SRL

BT’s team will apply System Engineering principles to address Agency requirements

and employ an approach and integrated system that meets EIS MNS requirements.

The BT-integrated process, as Figure 2.8-2 shows, begins with receipt of Agency

request for MNS. BT’s MNS team then analyzes requirements and develops solutions

and partnerships required. They prepare a response to Agency-specific requirements.



BT Federal

Responds to Agency MNS requirements with full lifecycle support

Once awarded, BT will conduct a kickoff meeting to finalize support staff for the Agency.

BT will engage relevant functional groups, subcontractors, vendors, and Agency

stakeholders to finalize a solution to implement.

Primary outputs could include:

Implementation Schedule: Detailed time-phased schedule for implementation

of MNS engagement elements

Concept of Operations: CONOPs that detail technical design, implementation

processes and procedures, and operations processes and procedures used

throughout solution lifecycle

Equipment Configurations: Specific equipment types, hardware, software,

logical configurations needed Agency solution



BT Federal

Acceptance Criteria: Agreed-upon functional, performance, and operational

items necessary for acceptance of solution by Agency

Upon completion of kick-off meeting items, BT’s PM will assume all responsibility for

solution execution. Such execution will include coordinating all activities with Agency

PM counterpart and conducting regularly scheduled status meetings.

BT’s PM will coordinate all activities needed for implementation including:

NOC implementation: Ensures implementation of TO-specific Agency

requirements and implementation of CONOPs. The NOC staff will work with

Agency’s NOC (if applicable) to coordinate processes and any electronic bonding

and trouble management integration

Transport Implementation: Ensures implementation of Transport Services

(e.g., VPNS) to meet Agency’s implementation schedule and performance and

availability requirements

Other EIS Services Implementation: Ensures implementation of other EIS

services to support Agency’s solution

Equipment Configuration: Ensures purchase of SRE, as required, and

configuration, testing, and stating for installation

Site Implementation: Coordinates implementation teams in support of Agency

site implementations

Finally, the PM will coordinate all activities for test and turn-up of all services,

verification of NOC services, and exercise of all reporting and sustainment processes.

To meet technical and operations requirements, BT has established CONUS-based

NOC facilities that provides a comprehensive set of features and functions to meet EIS

requirements. BT has specifically selected tools and systems to enable BT NOC

engineers to customize device and services support, real-time and summary reporting,

and trouble management reporting and customer integration.

Figure 2.8-3 shows the functional architecture of a BT NOC in support of MNS.

GSA Network Services 2020

Provides MNS capabilities to meet Agency-specific TO requirements

BT’s NOC has the following features to meet fundamental to all MNS requirements.

Each functional system will interoperate to the BSS system providing the Procuring

Agency a consolidated view of their Managed Network Service:

NOC Manager: Forms cornerstone of BT NOC’s environment and integrate;

combines following capabilities:

Flexible polling using SNMP, Text, SysLog, screen-scraping, and other

customized methods

Event normalization, correlation, and bonding to Trouble Ticketing system

Raw polling, trap, and event storage via SQL compatible databases

Flexible device configuration capture and audit for Configuration Management

Programmable, customizable automatic and periodic report generation

Document repository for reports with secure access for Agency customers



BT Federal

Trouble Ticketing and Management:

Enables Government customer-specific trouble management and workflow

plus auto-ticketing from The NOC Manager

Enables access by EIS MNS customer via secure Web-based interface

Enables provision of Application Programming Interface (API) to customers

2.8.1.5.1. Functional Definition [L.29.2.1(1st bullet); C.2.8.1.1.1] s/b 2.1.5

As Figure 2.8-3 shown above, BT offers an environment that enables it to assume

management of an Agency’s network infrastructure. Management includes real-time

monitoring of underlying network transport and services and any SRE (or other TO-

required devices). BT’s technical capabilities combined with the Program structure (as

Figure 2.8-1 shown above), will enable BT to take responsibility for all services and

networks managed for an MSN TO under the EIS contract. It will include Tier 1

customer first call, MNS manual and auto-created tickets, and trouble execution through

Tier 2 to Tier 3.

The PM will provide Agencies with single point of accountability and assigns the rest of

the BT Operations Organization for day-to-day activities. Such activities will include:

Scheduling of regression testing for new device software and firmware and

cording roll-out with the customer

Scheduling routine maintenance (e.g., replacement of device fan filters)

Administration of devices including password maintenance and log reviews

Coordination and scheduling of device repair and replacement

24x7 monitoring of all services and coordination to ensure rapid service

restoration and reporting (based on the agreed CONOPs) to the customer

BT structures its MSN offering so that all services provided, whether using single or

complex mix of EIS services, receive treatment as a fully Managed Service. BT has

provided a detailed description of one example, namely Managed LAN service for end-

to-end support of IPVS, in Section 2.2.1.6, Managed LAN Service.



BT Federal

2.8.1.5.2. Standards [L.29.2.1 (2nd bullet); C.2.8.1.1.2]

BT MNS will comply with all appropriate standards to support the underlying EIS access

and transport services as well as specific standards and requirements in the TO.

2.8.1.5.3. Connectivity [L.29.2.1 (3rd bullet); C.2.8.1.1.3]

BT will comply with all connectivity instances listed in RFP C.2.8.1.1.3 to ensure

underlying EIS offerings connect seamlessly to Agency network environments.

BT’s technical approach to MNS will enable direct interface of network management

capabilities with all BT EIS underlying services (e.g., VPNS). In addition, all of BT’s

MNS NOC staff will have procedures in place to coordinate installation, modification,

and restoration of services provided by BT or of any other service as directed by

Agency TO (as enabled by supplied Letters of Agency).


BT has the engineering capability and systems to provide for all technical baseline

requirements in support of EIS MNS. BT also has the capability to develop new

solutions for ICB TO. Such solutions may range from configuration of existing

equipment, new equipment, new transport and other EIS services to customization of

NOC services and associated support CONOPs.

Design and Engineering Services [C.2.8.1.1.4.1]

BT has access to substantial engineering staff and experience in designing and

engineering network services to support the Government. These resources (shown in

Figure 2.8-1 and processes (shown in Figure 2.8-2), with additional detailed described

below enable BT to:

1. Identify SRE (and its detailed firmware, software, and configuration), related

software and SRL needed to deliver MNS

2. Created a system or network design that identifies all network components,

protocols, component and logical redundancy, and Information Assurance

elements (e.g., traffic filtering, proxies). Based on TO requirements, and

engagement with the Agency, the design will include recommended



BT Federal

performance levels and network capacity and capacity management needed

to ensure solution performance.

3. Provide complete project coordination for all aspects required in a TO,

including: design, engineering, implementation, installation, access

coordination (both service provider and site), provisioning, equipment staging

and configuration, hardware and system testing, and service activation.

Using best practices, BT’s project coordination will minimize the impact on

existing current Agency networking environment.

BT will provide the following:

BT Sales Engineering and Program Engineering Staff with significant and

direct experience in supporting Federal Government.

BT Network Engineering Staff with significant support from other BT divisions

and resources (including our labs for testing and verification) for development

and refinement of the design and detailed engineering

BT Partners, including vendors (e.g., Cisco, Juniper, Avaya, etc.) and BT

Engineering Companies that have significant experience in the design and

implementation of systems for the Federal Government.

Combined, such BT teams will perform the following steps to ensure successful

systems design and engineering for our Government MNS customers:

Systems Engineering: Incorporates customer requirements into design

Detailed Engineering:

Solution Architecture

Selection of devices and hardware configuration

Verification of device software versions (e.g., meet security requirements)

Determination of routing architectures, router and switch security hardening

and the development of router and switch configurations for network services

Simulation and Modeling to verify design performance and reliability



BT Federal

Creation of detailed specification of standard EIS services (e.g., sites

capacities, access solutions, QoS settings, backbone diversity)

Creation of technical and relevant operation components of CONOPs

Definition of changes to MNS NOC services and support for technical

approach for integrating BT MNS NOC services with Agency customer NOC

Support for planning of implementation, management, and maintenance of

Network Management System (NMS) phases

Implementation, Management and Maintenance [C.2.8.1.1.4.2]

BT has a comprehensive set of processes and systems to provide complete lifecycle

solution development, implementation, management, and maintenance.

Starting from Solution Refinement processes (which incorporates the Design and

Engineering Service), the assigned BT’s PM will oversee implementation of a TO,

including:

1) Drive implementation of defined solutions which incorporate

a) Access solutions that use the wide-range of EIS technologies (e.g., wireline,

wireless) to meet Agency performance requirements (e.g., high-availability,

capacity)

b) Transport services that are design to meet Agency requirements, incorporating

BT EIS Transport services as well as those from other EIS providers ensuring the

ability to distribute traffic over multiple carrier backbones. Routing and other

traffic control mechanisms will be implemented to support traffic allocation based

on Agency needs.

c) Customer premises solutions and associated devices to meet Agency

requirements

d) Implement security solutions, which can be a combination of software,

equipment, establishment of Agency-specific NOCs or Secure Operations

Centers (SOCs), and associated processes and procedures.



BT Federal

2) BT will supply and manage the hardware, firmware and related software required by

the Agency. BT’s ongoing supply agreements with major hardware vendors will:

supply hardware and related software (e.g., routers, switches, Encryption devices,

VPN equipment, firewall, CSU/DSU, hubs, adapter, and modems) necessary for

agreed to design; execute coordinated implementation plan for installation, test, and

turn-up the equipment

3) The BT MNS systems as shown Figure 3.8-3 provides the tools that are configured

to monitor all aspects of the NMS Agency solution. These systems also provide real-

time information from all aspects of the solution (e.g. transport and access) will be

provided.

4) The BT MNS systems and staffing

a) Manage the network in real time 24x7

b) Provide coverage for remote management from BT NOC or from NOC developed

to meet specific TO requirements

c) Set all polling intervals to less than 15 minutes; provide devices, access, and

transport network performance information with ability to compare to created

thresholds to enable determination of nominal proper performance

d) Use system to enable customization of reports enabling both reporting of KPIs

(SLAs) of EIS services (e.g., access and transport services) plus any specific

Agency reporting and assessment requirements

e) Assess and reporting on Agency network capacity. Support capacity review and

planning and report findings and recommendations to the Agency

f) Address, as agreed in the MNS CONOPs with the Agency, Agency-specific

network capacity and performance issues

5) Enable SNMP read-access to devices supplied as part of MNS deployment

6) Use BT MNS systems and staff to manage network configuration and configuration

of all devices as part of TO’s NMS solution:



BT Federal

a) Adding Protocols as required to all elements of device and network configuration

elements (e.g., routing, protocols, traffic prioritization, firmware and software

updates, routing optimization).

b) Adding, moving, or removing Customer Premises Equipment (CPE), e.g., SRE

c) Change addressing, filter and traffic prioritization schemes as requested by

authority Representative.

d) Optimization of the network routes to meet specific route requirements (diversity,

avoidance) or performance goals.

e) Update designated Agency hardware (e.g., upgrade card, software, firmware),

not limited to routers, firewall, VPNs, and switches

f) Based on TO-based CONOP, execute upgrading or downgrading of bandwidth

(and capturing the configuration change)

g) Implementing configuration changes and provide complete configuration

management and associated database for all Agency-specific devices to enable

controlled configuration changes to devices plus enable audit in real-time for

configuration of devices against approved baseline

7) Provide IP Address Management, per TO requirement; have NMS Program work

with ARIN plus internal organizations and customers (e.g., if they already have

allocated range) for IP address allocation

8) To enable controlled access and access audit of devices, the BT MNS NOC will

setup all devices with remote access management (e.g., Radius or TACACS) to

enable centralized user authorization plus role-based control to support least-

privilege user access model (as directed and approved by Agency). Devices that do

not support centralized access management will be addressed on a case-by-case

basis to ensure compliance

9) BT MSN NOC will perform complete devices configuration management including

storing of baseline configurations of all devices plus backup of at least previous 10

approved baselines; use configurations to restore configurations as needed; use



BT Federal

NOC systems to provide Agency with secure access to configuration database plus

backup logs

10) The BT NOC (in coordination with associated assigned MNS Engineering staff)

identify, test, and prepare upgrades, updates, patches, and bug-fixes; have NOC

support notify Agency after identification of availability of these items. MNS

engineering staff will work with the Agency to develop the testing approach to

identify functional or security issues related with installation of software (e.g., patch,

bug-fix, update). MNS staff will follow the mutually agreed-upon CONOPs for

procedures to install software

11) Provide all preventative and corrective maintenance, including physical maintenance

(e.g., fan replacement, filter replacement) and software upgrades.

12) BT MNS NOC systems contain all systems and processes to address functional

needs defined

a) Monitoring [a-g]: NOC will monitor all aspects of Agency’s network from

underlying EIS transport services and all devices supplied by BT as well as

any Agency devices at Agency’s direction

b) Out-of-Band Management [h]: Based on TO requirements, BT will provide,

monitor, and manage circuits and network for an Agency’s out-of-band (OOB)

management system for an Agency’s network. The OOB system will be

incorporated, as appropriate into the BT MNS NOC systems.

c) Trouble Management [i-j]: BT MNS NOC will include complete Trouble

Management and Ticketing system. This system provides APIs to enable

integration with an Agency’s ticketing system. If provided access, the BT NOC

staff will access the Agency’s ticketing system to open, update, and close

tickets

d) Troubleshooting [k-n]: BT MNS NOC will perform all troubleshooting

activities for access, transport, and associated devices. Based on the TO

requirements and agreed CONOPs, the NOC staff will perform this for other

services and Government devices. The NOC will alert (through agreed



BT Federal

method, e.g., email, phone, Agency trouble ticketing system) of any Agency-

specific faults or maintenance

e) Tier 1 – 3 Support [o-q]: BT MNS will provide and answer NOC Help Desk

Phones and provide Tier 1 support for Agency-specific items (captured in the

NOC Knowledge-base during the development of an Agency’s specific

CONOPs, maintained and augmented based on real-world experience. The

NOC will provide Tier 2, and 3 (combined with assigned engineering support)

services for all EIS services, MNS equipment, and other items as required in

TO and defined in agreed CONOPS

13. BT NOC will have secure, Agency-accessible information:

a) A document repository that contains complete installation schedule with near-

real time status of all installation activities

b) Real-time or near real-time network performance statistics, availability, device

performance, device configurations, and any applicable application-level

performance data available

c) Trouble management information (including trouble reporting statistics and

tracking information)

d) Security log information (e.g., device access logs, configuration change logs,

SysLogs) in real-time

14. BT NOC will have complete, on-line inventory of all EIS services provisioned and

all equipment

15. BT MNS NOC will provide secure access via VPN and HTTPS access to reports

and historical data, including all identified data items, with ability to add data

items in response to Agency requirements. The NOC systems shown in Figure

3.8-3 provide the capability to capture all relevant data, set thresholds, and

format reports. Data items include:

a. Bandwidth and service quality information

b. Burst analysis identifying under or over utilization instances



BT Federal

c. Data errors

d. Delay, reliability and data delivery summaries

e. End-to-end network views

f. Exception analysis

g. Link, port, and device utilization

h. Network statistics

i. Protocol usage

j. CPU utilization

k. Traffic, port, and protocol view

2.8.1.6. Features [L.29.2.1 (5th bullet); C.2.8.1.2]

BT NMS services must interface with many of the day-to-day operational elements for

both BT and the purchasing Agency. The BT NMS service is designed to enable the

Agency to better maintain their local infrastructure and ensure compliance with Agency

specific operational standards from installation and testing through the maintenance

lifecycle. Equally important is the continuous monitoring of SRE for Availability and

Security by the BT NOC with Agency interfaces as required in each TO.

2.8.1.6.1. GFP Repair and SRE

BT’s solution for MNS will perform maintenance on all provided SRE, including

managing all repair operations. Based on TO requirements, BT’s Engineer,

Implementation Lead, and Operations Lead will (with the Agency) address the full life-

cycle of all GFP and SRE.

The agreed CONOPS will address tasks such as:

Perform required preventative maintenance for example:

Fan filter replacement

Firmware and software upgrades

Meet required on-site response time for repair at each customer location



BT Federal

Provide requirements and process to perform Return Merchandise Authorization

(RMA) to coordinate with vendor for repair or replacement of SRE based on

agreed warranty approach

Provide development and execution of sparing plan (e.g., depot location, on-site)

to meet Mean Time to Repair (MTTR) goals

Schedule capture of equipment warranty terms/conditions with expiration dates

Recommend new repair approaches

Coordinate site visits for SRE repair, maintenance, or replacement

2.8.1.6.2. Agency Specific Network Operations Center (NOC)and Security

Operations Center (SOC)

Agency-Specific Help Desk Services

The BT MNS NOC will provide complete trouble ticketing and trouble management

workflow systems and customer specific knowledge-base libraries to create help desk

services.

Shared and Dedicated NOC and SOCs

BT’s flexible, scalable NOC architecture, based on TO requirements, will enable both

customization of NOC function (e.g., additional data items to collect, additional

reporting, etc.) plus the ability to establish staff NOC workstation locations virtually

anywhere using secure (e.g., FIPS-140-2, etc.) remote access techniques.

Per TO requirements, BT will include Security Information Event Management (SIEM)

capabilities to enable Security (SOC) related services.

In addition to customizing shared capabilities, BT’s NOC and SOC systems are modular

and will be instantiated as dedicated NOC and SOC to meet Agency requirements.

2.8.1.6.3. Network Testing

BT will support Agency-specific development activities by using its and its partners’ lab

environments. BT will also support acquisition and use of test equipment, software, and

other applications on BT-provided network infrastructure supporting EIS services and



BT Federal

proposed NMS equipment and configurations to prove the ability of the proposed

solution to meet Agency needs.

BT’s MNS program management team and engineering staff will collaborate with

Agency representatives to address support of Agency-specific services. BT will use its

own and partner lab environments for comprehensive testing of equipment, software

and applications, system configurations, and operations procedures. BT and its partners

have resources and experience to provide a full range of IT capabilities and systems

including voice, video, transport (e.g., IP VPN) plus application integration testing.

BT will develop test scope, procedures, schedule, and test report requirements with

Agency representatives and will conduct all work at Agency discretion.

2.8.1.6.4. Traffic Aggregations Service (DHS Only)

BT’s detailed response to Traffic Aggregation Service appears Section 1.4.3, Traffic

Identification and Routing Policy.

When awarded the require TO, the BT MNS NOC and associated technical capability,

staff, and processes, will:

Assume responsibility for maintaining and repairing all aspects for traffic

aggregation service (including commercial security services and network links)

Work with DHS to develop processes and procedures for BT-provided “Smart-

Hands” help maintain and repair of designated equipment (“sensor system”). BT

will establish within its NOC, call- and email-handling procedures and trouble



BT Federal

management processes (within its trouble management system) to ensure

prompt, proper handling of authorized requests for “Smart-Hands” support.

2.8.1.7. Interfaces [L.29.2.1-6; C.2.8.1.2, C.2.8.1.3]

BT’s MNS is compatible with all EIS access and transport services as listed in RFP

C.2.8.1.3. BT will support all required UNI types.

2.8.1.8. Performance Metrics [L.29.2.1-7; C.2.8.1.4]

BT’s MNS service (e.g., processes, staff, systems) is flexible; BT can customize these

services to meet Agency TO requirements.

2.8.2. Web Conferencing Service [C.2.8.2]

BT is not including Web Conferencing Service as a component of this initial EIS RFP


2.8.3. Unified Communications Service [C.2.8.3]

BT is not including Unified Communications Service as a component of this initial EIS


2.8.4. Managed Trusted Internet Protocol Service [C.2.8.4, F.2.1 # 5-27]

BT is not including Managed Trusted Internet Protocol Service as a component of this

initial EIS RFP response, but will reassess adding this optional service in the future.

2.8.5. Managed Security Service [C.2.8.5]

BT is not including Managed Security Service as a component of this initial EIS RFP


2.8.6. Managed Mobility Service [C.2.8.6]

BT is not including Managed Mobility Service as a component of this initial EIS RFP


2.8.7. Audio Conferencing Service [C.2.8.7]

BT is not including Audio Conferencing Service as a component of this initial EIS RFP




BT Federal

2.8.8. Video Teleconferencing Service [C.2.8.8]

BT is not including Video Teleconferencing Service as a component of this initial EIS


2.8.9. DHS Intrusion Prevention Security Service (DHS Only) [C.2.8.9]

BT is not including DHS Intrusion Prevention Security Service as a component of this

initial EIS RFP response, but will reassess adding this optional service in the future.

2.9. Access Arrangements [C.2.9]

BT will provide all required Access Arrangements (AAs) to support BT EIS services.

These AAs use multiple technologies and systems to connect from Agency locations

(SDPs) to BT Points-of-Presence (POPs) to access services (e.g., ETS, IPVS, IPVS,

etc.).

2.9.1. Understanding [L.29.1(A); M.2.1(1), F.2.1 # 28]

As detailed throughout Section 1.0, Network Architecture, BT’s Architecture for EIS

will enable and provide multiple technical methods and a range of capabilities to

connect BT’s EIS network infrastructure (i.e., network POPs) to Agency sites (SDPs). In

general, AAs will be provided using a combination of BT owned assets and systems as

well as contracts with leased services providers including those with nationwide (as well

as OCONUS national) providers and local providers (e.g., ILECs and CLECs). These

agreements including all the mandatory service types as well as the ability to address

the required diversity options.

BT will support the required types and options for AAs, including:

Sites connected via dedicated circuits (traditionally based on TDM) carrying:

PDH Protocols: T1, DS3 CONUS and E1, E3 OCONUS

SONET Protocols: OC-3 through OC-192

Ethernet Protocols: 10Mbps, 100Mbps, 1Gbps, 10Gbps, 40Gbps, 100Gbps

Sites connected via shared services:

Ethernet Protocols: 10Mbps, 100Mbps, 1Gbps, 10Gbps, 40Gbps, 100Gbps



BT Federal

Wireless Access:

Wireless Providers: BT has agreements with wireless providers to enable

delivery of cellular services (e.g., LTE)

Line of Sight Vendors: BT has agreements with wireless Line of Sight

vendors holding licensed frequencies to provide point-to-point connectivity

Access Resiliency Options:

Route diverse protected access from Agency customer site (SDP) to BT POP

Route diverse protected access from Agency site (SDP) to two geographically

diverse BT POPs

Working and protect access (e.g., collapsed ring) from Agency site (SDP) to

BT POP

Technologies that BT uses to provide such services are constantly evolving. Even

traditional TDM services are now being delivered over packet infrastructures by using

Circuit Emulation Services (CES). BT works will access providers so that solutions

provided have updated engineering to meet service level requirements (i.e., AQLs) of

associated services.

2.9.2. Quality of Service [L.29. 1(B); M.2.1(2)]

2.9.2.1. Deliver

BT has defined processes and procedures to design and provision AA to Agency sites:

Responding to TOs: BT Pre-Sales engineer reviews TO access requirements,

used as basis for due diligence to ensure and potentially price access to set of

TO-specified locations as well as any specific redundancy requirements

Execution of Awarded TO: Consists of two (2) essential components:

1. BT Post-Sales engineer will work with BT network engineering and AA

provider so that AA designs implemented will meet customer requirements



BT Federal

2. BT Provisioning will use its standard provisioning processes to flow orders to

various access providers

3. BT Post-Sales engineers and BT Project Managers will track and supervise

all AA installations, ensuring coordination for all site surveys and site

installation activities

2.9.2.2. Compliant

All AAs delivered by BT will meet AA requirements to provide the necessary UNI,

throughput, and availability.

2.9.2.3. Scalable

BT has standard processes to monitor available capacity of its Network-to-Network

Interconnects (NNIs) with access service providers. These processes will ensure that

long-lead time upgrades to NNIs to:

Prevent delays in provisioning (for both TDM and Ethernet Shared access)

Ensure adequate capacity for zero loss of Ethernet frame for Ethernet Shared

access

2.9.2.4. Reliable and Resilient

BT will use best commercial practices to support robust NNIs with access providers.

2.9.3. Service Coverage [L29.2.1(C); M.2.1(3)]

BT will provide service coverage for 87 of the top 100 CBSAs, as Figure 1.3-1 shows

and as detailed in Section 1.3, Service Coverage.

2.9.4. Security [L29.2.1(D); M.2.1(4a, 4b, 4c(i-viii)]

BT will ensure that AAs will comply with security specifications as detailed in Security

Sections 1.4.1, 1.4.2, and 1.4.3. Each EIS Service offering leveraging AA will maintain

its own security standards, based on EIS Services-specific security requirements and as

described in each service section of the RFP response.

Although AAs are not a separate service, there are generic security issues that BT

addresses with its access providers:



BT Federal

Access providers must support NS/EP to meet EIS requirements

There must be secure mechanisms to support order management. This is to

ensure that all access changes are performed only if authorized by BT.

There must be secure mechanism to support trouble management. This is to

ensure that all maintenance actions are performed only if authorized by BT.

All services are provided consistent with best commercial practices.

Any BT or access provider CPE used to complete an AA will be configured and

secured in accordance with best commercial security practices.

Access to customer facilities for AA delivery and CPE installation must be

coordinated by BT and AA personnel must meet local site access regulations as

specified in the TO. Cleared personnel will be provided if required by the TO.

2.9.5. Service Description [L.29.2.1(1); C.2.9.1]

2.9.5.1. Functional Definition [L.29.2.1(1); C.2.9.1.1]

BT will use appropriate AAs to carry multiple applications and services as described in

3.1.1.6 and

In addition, BT will provide diversity options, including:

1. Physically disparate, diverse paths from the SDP to the POPs of two diverse

contractors. BT Sales engineering and BT network engineering will design these

solutions collaboratively with its access providers and with the customer. For

example, it may be possible and cost effective to use two different types of access

(e.g., dedicated and shared Ethernet) from one or two different access provider

companies to cost effectively meet a customer’s service availability needs. In

addition, BT will work with other EIS contractors, as directed by the Government, to

support customer access diversity requirements. In general, the developed design,

captured in the Circuit Layout Record (CLR) and route maps of the proposed



BT Federal

service will be reviewed by BT engineering and with the customer before

implementation.

2. Physically disparate, diverse paths from the SDP to the contractor’s POP. BT

will work with its access providers to request access path diversity from the SDP to

BT service POPs. BT engineers will review the CLRs and route maps to ensure that

the implemented solution meets the requirements.

3. Redundant paths from an SDP to the contractor’s POP. BT will work with its

access providers to request access path redundancy from the SDP to BT service

POPs. BT engineers will review the CLRs and technical design to ensure that the

implemented solution meets the requirements.

BT understands issues related to need for special construction to create required

diversity (e.g., Outside Plant) and coordination with and upgrades to building facility

(e.g., Inside Plant).

1. If an AA does not exist, or if there is insufficient capacity

2. If construction is required to implement a different route (e.g., to meet an AA route

diversity requirement

In general, special construction (or in some instances to identify or confirm site

facilities or existing AA routes) a site survey may be required. When BT must perform

site surveys of Agency locations to collect and validate floor plans, physical

measurements, building power capacity, and external ingress/egress factors.

BT will deliver site survey reports to the designated Agencies Point of Contact after the

completion of the physical site visits as defined in RFP J.10.

2.9.5.2. Standards [L.29.2.1 (2nd bullet); C.2.9.1.2]

BT will comply with the standards stated in RFP C.2.9.1.2 as they apply to the EIS

contract and AA needed for service delivery.

BT will comply with the following standards:

1. ANSI T1.102/107/403/503/510 for T1



BT Federal

2. ANSI T1.607/610 for ISDN PRI

3. Telcordia PUB GR-499-CORE for T3

4. ANSI T1.105 and 106 for SONET

5. Telcordia PUB GR-253-CORE for SONET

6. ITU-TSS G.702 and related recommendations for E1 and E3

7. Frequencies grid and physical layer parameters for Optical Wavelength:

a. DWDM: ITU G.692 and G.694 as mandatory and G.709 and G.872 as

optional

b. WDM: ITUG.694.2 and Telcordia GR 253

8. Applicable Telcordia for DWDM systems are GR-1073, GR-1312, GR-2918, GR-

2979 and GR-3009

9. EIA/TIA-559, Single Mode Fiber Optic System Transmission Design

10. Telcordia GR-20-CORE for Generic Requirements for Optical Fiber and Optical

Fiber Cable GR-253 (SONET), and GR-326 (Connector)

11. Digital Subscriber Line (DSL) - ADSL and SDSL:

a. ADSL and DSL Forums

b. ITU-TSS Recommendation G.992 for ADSL (interoperable DSL modem

and DSLAM line card)

c. ANSI T1.413 (compatible DSL modem and DSLAM line card from the

same manufacturer)

12. ISDN based DSL (IDSL): ISDN Forums

13. Ethernet Access: IEEE 802.3, including 10 Base-T/TX/FX, 100 Base-TX/FX,

1000 Base-T/FX/L/LX/B/BX/PX, and 10/40/100 Gigabit Ethernet (IEEE 802.3ae

and 802.3ba)

14. Cable High-Speed Service: DOCSIS (Cable Labs) standards



BT Federal

15. BT will comply with all new versions, amendments, and modifications to the

above documents and standards.

2.9.5.3. Connectivity [L.29.2.1 (3rd bullet); C.2.9.1.3]

BT has designed its AAs to connect between Agency-specified locations and equipment

(interoperated based on the ordered UNI) and by definition work with BT’s POP network

equipment.

2.9.5.4. Technical Capabilities [L.29.2.1 (4th bullet); C.2.9.1.4]

BT will provide the mandatory capabilities:

1. BT’s architecture will enable Integrated access to multiple (different) services over

the same Access Arrangement.

2. Access Arrangements will be transparent to the protocol level of the AA, consistent

with its technical definition:

Layer 1 TDM access is transparent to all Layer 2 and Layer 3 services

Layer 2 TDM and Ethernet access is transparent to Layer 3 services

BT understands and will support AA mandatory capabilities. As Section 2.9.1,

Understanding, details BT has agreements with both traditional and emerging access

providers to support the full range of TDM and Ethernet access requirements, which

Table 2.9-1 lists.

Table 2.9-1. BT’s Support for Mandatory Access Arrangements per RFP C.2.9.1.4

Ref Category Item Specific Complies

1 T1 Channelized 24xDS0 @ 56/64 kb/s with line rate of 1.544 Mbps Yes

Unchannelized Single 1.536 Mbps payload Yes

2 ISDN PRI 23xDSO @ 56/64 kb/s over interface of ISDN PRI

(23B+D) with line rate of 1.544 Mbps

Yes

3 ISDN BRI 2xDSO @ 56/64 kbps over interface of ISDN BRI

(2B+D) with line rate of 144 Kbps

Yes

4 T3 28xDS1 @ 1.536 Mbps with line rate of 44.736 Mbps Yes

Single 48.008 Mbps payload with line rate of 44.736

Mbps

Yes

5 Channelized 30xDS0 with line rate of 2.048 Mbps Yes



BT Federal


E1 (non-

domestic)

Unchannelized Single 1.92 Mbps information payload with line rate of

2.048 Mbps

Yes

6 E3 (non-

domestic)

Channelized 16xE1 with line rate of 34.368 Mbps Yes

Unchannelized Single 30.72 Mbps information payload with line rate of

34.368 Mbps

Yes

7 SONET

OC-3

Channelized 3xOC-1 for information payload data rate of 49.536

Mbps with line rate of 155.520 Mbps

Yes

Concatenated Single channel equivalent to information payload data

rate of 148.608 Mbps with line rate of 155.520 Mbps

Yes

8 SONET

OC-12

Channelized 4xOC-3 each with information payload data rate of

148.608 Mbps with line rate of 622.080 Mbps

Yes

Concatenated Single channel equivalent to an information payload

data rate of 594.432 Mbps with line rate of 622.080

Mbps

Yes

9 SONET

OC-48

Channelized 4xOC-12 channels, each with information payload data

rate of 594.432 Mbps with line rate of 2.488 Gbps

Yes


rate of 2.377728 Gbps with line rate of 2.488 Gbps

Yes

10 SONET

OC-192


rate of 2.488 Gbps with line rate of 10 Gbps

Yes



Yes

11 SONET

OC-768

(Optional)



ICB



ICB

12 Analog Line 4 KHz 2 wire analog lines and trunks without access integration

for voice service.

Not

Offered

13 DSO Payload data rates of 56 kbps and 64 kbps Yes

14 Sub Rate

DS0

(Optional)

Support Subrate DS0 at information payload data rates

of 4.8, 9.6, and 19.2 kbps.

Not

Offered

15 Optical

Wavelength

Bi-directional

wavelengths

(WDM)

1 Gbps Yes

OC-48 Yes

OC-192 Yes

OC-768 ICB

16 Dark Fiber

(Optional)

Support both single-mode and multimode fibers ICB



BT Federal


Support minimum of 80 DWDM wavelengths or user

data with spacing as specified in ITU-T G.694.1.

Operate in "C", ”D”, “L” and ”S” bands

17 DSL ADSL

Asymmetric

Upstream data rates 16 - 768 kbps

Downstream data rates 1.5 - 8 Mbps

ICB

SDSL Symmetric Upstream/downstream traffic at data rates up to 1.5

Mbps

ICB

ISDN Symmetric Upstream/downstream traffic at data rates of 144 Kbps ICB

18 Ethernet

Access Arr.

Support both dedicated access and/or shared access

(multiplexed Ethernet connections) over Metro Ethernet

service from SDP to POP at access speeds of: 1-10

Mbps (1 Mbps increments),

Yes

10-100 Mbps 10 Mbps increments), Yes

100–1,000 Mbps (100 Mbps increments), Yes

1-10 Gbps (1 Gbps increments), Yes

10 - 100 Gbps at 10 Gbps increments (optional) ICB

19 Cable High-

Speed

Service

Access Arr.

(Optional)

Provide on ICB at data rates of 256 Kbps to 30 Mbps: Not

Offered

256 Kbps - 5 Mbps (Standard: DOCSIS 1.0) Not

Offered

256 kbps - 10 Mbps (Standard: DOCSIS 1.1) Not

Offered

256 kbps - 30 Mbps (Standard: DOCSIS 2.0) Not

Offered

20 FTTP

(Optional)

5 Mbps downstream and 2 Mbps upstream, 15 Mbps

downstream and 2 Mbps upstream

Not

Offered

21 Cellular

Service

4G Long Term Evolution (LTE) with 100 Mbps

downstream and 50 mbps upstream

Yes

Line of Sight connection using licensed frequencies of:

DS1, NxDS1 (where N=2-27), DS3, E1 (Non-domestic),

NxE1 (where N=2-15) (Non-domestic), E3 (Non-

domestic), SONET OC-3, 1/5/10 Gbps

Yes

2.9.6. Features (Access Diversity and Avoidance) [L.29.2.1(5); C.2.9.2]

BT accepts the definitions of route diversity in RFP C.2.9.2 as well as the options

associated with routes and access diversity.



BT Federal

2.9.6.1. Access Route or Path Diversity [C.2.9.2]

Access diversity Options are defines as follows:

1. Between an SDP and its associated connecting network’s PCL or POP, or

2. Between an SDP and at least two connecting network PCL/POPs.

3. Access from the same or different access providers (e.g., ILEC and a CLEC) for

two separate routes, using any mix of access arrangements.

These diverse routes will:

1. Not share any common telecommunications facilities or offices including a

common building entrance

2. Maintain minimum 30-foot separation feet throughout all diverse routes between

premises/buildings housing for SDP and associated network

3. Maintain a minimum vertical separation of two feet, with cables encased

(separately) in steel or concrete for cable crossovers

BT will provide the capability for the automatic switching of transmission in real-time,

negotiated on an individual case basis:

1. From the primary access route to the one or more diverse access routes,

including satellite connection, and

2. From the diverse access route to the primary access route.

BT will exercise the following control measures on the configuration or the

reconfiguration of the diverse access route:

1. BT will provide a graphical representation (e.g., diagrams, maps) of access

circuit routes to show where diversity has been implemented to the OCO within

30 calendar days of the implementation of access diversity and again thereafter

when a change is made.

2. Prior to any proposed reconfiguration of routes previously configured for access

diversity, BT will provide to the Agency written notification and revised PCLs for

OCO approval in accordance with the requirements of the TO.



BT Federal

3. BT will establish internal controls to prevent the dismantling of diversified routes.

2.9.6.2. Access Route or Path Avoidance [C.2.9.2]

BT will supply the capability for a customer to define a geographic location or route to

avoid between an SDP and its associated connecting network point.

BT will exercise the following control measures on the configuration or reconfiguration of

the avoidance access route:

1. BT will provide graphical representation (e.g., diagrams) of access circuit routes

to show implementation of avoidance to OCO within 30 calendar days and again

thereafter following change

2. Prior to any proposed reconfiguration of routes previously configured for

avoidance, BT will provide to the Agency written notification and revised PCLs for

OCO approval in accordance with the requirements of the TO.

3. BT will establish internal controls to prevent the dismantling of avoided routes.

BT will provide the features to support the required access diversity and avoidance

requirements, as discussed in Section 2.9.5.1, Functional Definition. BT’s program

management team and network service provisioning will work with access providers to:

Provide traceable documentation and sufficient Circuit Layout Record (CLR)

information to ensure the proposed solution meets the customer’s diversity and

avoidance requirements

Perform site surveys as necessary to confirm actual diversity and avoidance

requirements

Provide graphical documentation, and others as appropriate, to the Government

and customer to demonstrate compliance.

Ensure internal controls for change by tagging the AA (both within the AA

providers’ and BT databases) to ensure that any proposed routing changes

require notification (to be provided to the Government and customer) as well as

to ensure that the required diversity and avoidance requirements are maintained.



BT Federal

Ensure that the required redundancy (e.g., protection switching) has been

properly engineered and tested.

2.9.7. Interfaces [L.29.2.1 (6); C.2.9.3]

All UNIs identified for AA in RFP C.2.9.3 are compatible with the appropriate associated

BT EIS Service, as Table 2.9-2 details.

Table 2.9-2. BT’s Compatibility with AA UNIs

Ref Interface Type and Standard Payload Data Rate

or Bandwidth

Signaling Type Compliant

1 ITU-TSS V.35 Up to 1.92 Mbps Transparent Yes

2 EIA RS-449 Up to 1.92 Mbps Transparent Yes

3 EIA RS-232 Up to 19.2 kbps Transparent Yes

4 EIA RS-530 Up to 1.92 Mbps Transparent Yes

5 T1 (with ESF) [Std: Telcordia SR-TSV-002275;

ANSI T1.403)

Up to 1.536 Mbps Transparent

IP (v4/v6)

Yes

6 ISDN PRI (23B+D and 24B+0D) [Std: ANSI

T1.607/610]

Up to 1.472 Mbps Transparent Yes

7 T3 [Std: Telcordia GR-400-CORE] Up to 43.008 Mbps Transparent Yes

8 E1 (Std: ITU-TSS Up to 1.92 Mbps G.702)

(Non- domestic)

Transparent Yes

9 E3 (Std: ITU-TSS G.702) (Non-domestic) Up to 30.72 Mbps Transparent Yes

10 SONET OC-3 (Std: ANSI T1.105 and 106) 148.608 Mbps Transparent Yes

11 SONET OC-3c (Std: ANSI T1.105 and 106) 148.608 Mbps Transparent Yes

12 SONET OC-12 (Std: ANSI T1.105 and 106) 594.432 Mbps Transparent Yes

13 SONET OC-12c (Std: ANSI T1.105 and 106) 594.432 Mbps Transparent Yes

14 SONET OC-48 (Std: ANSI T1.105 and 106) 2.377728 Gbps Transparent Yes

15 SONET OC-48c (Std: ANSI T1.105 and 106) 2.377728 Gbps Transparent Yes





20 10 Base-T/TX/FX

(Std: IEEE 802.3)

Link bandwidth: Up to

10 Mbps

IP (v4/v6)

IEEE 802.3

Ethernet MAC

(for bridging)

Yes

21 100 Base-TX/FX (Std: IEEE 802.3) Link bandwidth: Up to

100 Mbps

IP (v4/v6) Yes



BT Federal

Ref Interface Type and Standard Payload Data Rate

or Bandwidth

Signaling Type Compliant

IEEE 802.3

Ethernet MAC

(for bridging)

22 1000 Base-T/L/LX/B/BX/PX (Std: IEEE 802.3) Link bandwidth: Up to 1

Gbps

IP (v4/v6)

IEEE 802.3

Ethernet MAC

(for bridging)

Yes

23 10 Gbps

(Std: IEEE 802.3)

Link bandwidth: Up to

10 Gbps

IP (v4/v6)

IEEE 802.3

Ethernet MAC

(for bridging)

Yes

24 USB

(Std: USB Implementers’ Forum)

Up to current standard Transparent

IP (v4/v6)

Yes

25 ISDN BRI (2B+D) (Multirate)

[Standard: ANSI T1.607 and 610]

144 kbps ITU-TSS Q.931

IP (v4/v6)

Yes

26 3G / 4G / 4G LTE (Cellular Service) Up to current standard ITU 3GPP

TR25.913

IP (v4/v6)

Yes

2.9.8. Performance Metrics [L.29.2.1 (7)]

Since AA are not a separate service, any applicable KPIs are associated with the EIS

Service which in turn leverage the different AA as part of the solution in accordance with

the TO requirements.

2.10. Service Related Equipment

When identified in a TO, the BT will provide networking and security service-related

equipment such as Switches, Routers, PBXs, Telephones, Servers, Security

Appliances, Firewalls, Conferencing-Related Equipment, Microwave Systems, Free-

space Optics Systems, Surveillance Systems, Sensors, Radio-related Equipment,

VSATs, and Wireless Devices.

BT has supply agreements with, and is a major purchaser of network equipment from

Juniper, Cisco, Alcatel-Lucent, and others, making it the equivalent of “Gold” or

“Premier” status those with companies.



BT Federal

BT will provide hardware and materials that are incidental to the installation, operation

and maintenance of EIS services.

All equipment provided to the Government by BT will be new and not previously used or

refurbished.

As part of the installation process, BT will provide all necessary incidental components

(e.g., racks and cables) for the installation, develop plans for preventative and fix

maintenance, and models (e.g., Management Information Base –MIB) for the

incorporation into the appropriate management platforms (e.g., MNS).

2.10.1. Warranty Service (C.2.10.1)

BT will provide, at no additional cost to the Government, a minimum one-year system

warranty (or the warranty provided by the OEM, whichever is longer) for all hardware

and software ordered under this contract, including all equipment supplied, installed,

and integrated by the contractor. The equipment warranty will provide for hardware

repairs and the distribution of updated software to all users who ordered the hardware

or software under this contract. BT will provide warranty information associated with

each product and service delivered to the GSA CO or OCO if requested.

BT will repair or replace malfunctioning equipment covered by warranty within five (5)

business days or as specified in the TO. BT will provide to the Government a point of

contact for the warranty who is available from 7AM – 7PM local time, or for a longer

period if specified in the TO. The warranty shall begin at the time the SRE is accepted.

2.11. Service Related Labor

BT Federal is not bidding this optional service at this time.

BT Federal will provide required Service Related Labor in accordance with the TO

through the contract modification process.

BT understands that the EIS services called out in a TO will include all Service Related

Labor (SRL) necessary to implement services (reference RFP C.2.1 – C.2.10 and

C2.2.12). Agencies may include SRL on TOs to support services in EIS. Requested



BT Federal

SRL for construction, alteration, and repair will be integral to and necessary for the effort

defined in the TO.

2.12. Cable and Wiring

BT Federal is not responding to Cable and Wiring optional services at this time. Cable

and Wiring for circuit delivery to existing commercial demarks is included in the service

price. In response to a TO, BT will provide installation services necessary to provide

telecommunications services and related supporting IT services.

BT Federal will provide required connectivity using appropriate cabling and wiring, and

related trenching, ducting, grounding, and lightning protection systems to the

commercial demark in accordance with the TO and appropriate standards.

Site preparation work done by BT under this contract will conform to applicable federal,

regional and local codes and will conform to accepted industry installation and

construction practices. All planned work and code compliance shall be subject to OCO

review and approval prior to the start of work. BT will provide the tools and test

equipment to perform the site preparation as specified in the TO and BT will retain

ownership of the tools and test equipment unless otherwise specified in the TO. The

Government will furnish facilities and utilities to BT already installed at site, including

light, heat, ventilation, and power. BT will provide temporary utilities unavailable in the

work area and will coordinate any disconnection of utilities. BT will provide building

additions and/or changes as required to support the telecommunications and IT

installation, provided they are integral to and necessary for the effort defined in the TO.

HVAC and electrical construction shall be limited to new or upgraded installations

necessary to support telecommunications and IT equipment. BT will expand or modify

power systems to provide appropriate environmental controls to support the installation.

BT will provide a warranty period of at least one (1) year for the premises wiring/cabling

after service acceptance.

2.13. External Traffic Routing Requirement [L.29.2.3, C.1.8.8]

For a detailed description of External Traffic Routing Requirements, please see how BT

meets requirements in Section 1.4.3, Traffic Identification and Routing Policy.



BT Federal

BT understands that it is not required to have established infrastructure supporting

National Policy requirements described in RFP C.1.8.8 in order to respond to the EIS

RFP. In looking at a the future requirement, BT has provided the following detailed

technical description of how it will accomplish design, implementation, and operation of

its aggregation service that addresses the required items to establish and demonstrate

the technical viability of BT’s aggregation service. This technical description is a

projection on a future architecture for delivering National Policy requirements described

in RFP C.1.8.8. Specifics of the plan are subject to change based on the detailed

requirements provided by the Government in the TO and BT’s evaluation of those

requirements in its response and pricing.

1. Methodology for identifying the offeror's participating Agency traffic for each

affected service.

4. Control mechanisms the offeror will use to ensure that the identification and

redirection of participating Agency traffic cannot be inadvertently or maliciously

by-passed.

5. Sensing and control mechanisms the offeror will use to ensure the redirection of

traffic is failsafe (no disruption of participating Agency services) should failures

occur with DHS GFP.



BT Federal

3.0 Transition [C.3]

BT addresses RFP C.3, Transition, in the Management Volume.

Here, BT acknowledges and accepts requirements upon EIS contractors specified for:

Contractor’s Role in Transition [C.3.1.2]

Contractor-wide Planning and Implementation [C.3.2.2]

Agency-specific Planning and Implementation [C.3.2.3]

Planning and Implementation [C.3.3.2]

Inventory [C.3.3, F.2.1 # 29-30]

Reporting [C.3.3.4, F.2.1 # 31-32]



BT Federal

4.0 Section 508 Requirements [C.4]

4.1. Background [C.4.1]

BT acknowledges and accepts the Background information regarding Section 508

provided in RFP C.4.1. BT will meet:

Technical Standards (Section 508, Subpart B)

Functional Performance Criteria (Section 508, Subpart C)

Information, Documentation, and Support (Section 508, Subpart D)

Any design or technologies that is determined to not meet the Technical Standards of

Subpart B will be identified immediately and equivalent facilities will be proposed.

4.2. Voluntary Product Accessibility Template [C.4.2, F.2.1 # 33]

BT will post the Voluntary Product Accessibility Template (VPAT) for each service

identified in paragraphs RFP C.4.4 to its website, to demonstrate that offerings comply

with Section 508 standards. BT accepts that the VPAT is required 30 days after NTP

and will update it as needed to assist customer Agencies in evaluating services for

Section 508 standard compliance.

4.3. Section 508 Applicability to Technical Requirements [C.4.3]

BT acknowledges that Technical Requirements in RFP C.2 identify the technical

provisions for services used by an Agency to execute mission operations. BT will have

services that execute mission operations meet relevant provisions of Section 508,

Subparts B, C, and D as identified in RFP C.4.4 or will provide equivalent facilitation.

4.4. Section 508 Provisions Applicable to Technical Requirements [C.4.4]

BT acknowledges that relevant provisions of Subpart B, Technical Standards,

paragraph 1194.21, Software Applications and Operating Systems, will apply to

appropriate services, to include: Data Service, Voice Service, Managed Service,

Contact Center Service, Data Center Service and Cloud Service.


paragraph 1194.22, Web-based Intranet and Internet Information and Applications, will



BT Federal

apply to appropriate EIS services, to include: Data Service, Voice Service, Managed

Service, Contact Center Service, Data Center Service and Cloud Service.


paragraph 1194.23, Telecommunications Products, will apply to appropriate EIS

services, to include: Voice Service, Data Service, Managed Service, Contact Center

Service, Data Center Service and Cloud Service.

BT acknowledges that relevant provisions of Subpart C, Functional Performance

Criteria, paragraph 1194.31, will apply to appropriate services under the EIS contract.

For the relevant services, BT will provide one of the following two capabilities:

1. Support for assistive technologies used by disabled individuals

2. Support for at least one mode of operation and information retrieval that:

a) For severely vision impaired to 100 percent vision impaired users, does not

require vision

b) For vision impaired users, does not require visual acuity greater than 20/70

c) For severely hearing impaired to 100 percent hearing impaired users, does not

require hearing

d) For hearing impaired users, does not require enhanced auditory capability

e) For users with no speech capability or with impaired speech, does not require

user speech

f) For users without fine motor control or simultaneous action capability, does not

require fine motor control or simultaneous action and is operable without limited

reach and strength

BT acknowledges that relevant provisions of Subpart D, Information, Documentation,

and Support, paragraph 1194.41, will apply to appropriate services provided under the

EIS contract.



BT Federal

4.5. Section 508 Provisions Applicable to Reporting and Training [C.4.5]

BT will comply with the Government’s information reporting requirements addressed in

RFP G.9 Program Management.

BT will report required information via Internet, email, or telephone. BT will have

services providing the required information meet relevant provisions of Section 508,

Subparts B, C, and D or will provide equivalent facilitation.

BT will comply with training requirements outlined in RFP G.10. BT will deliver training

via meeting and briefings, classroom, seminars, instructor-led and non-instructor on-line

web based self-study, and manuals or desk top guides. For training delivered via

meeting and briefings, classroom, and seminars, BT will provide assistance such as

signers and Braille products to disabled trainees when requested in advance by the

Government. For training delivered via instructor-led and non-instructor on-line web

based, BT will provide the same capabilities for Internet reporting to disabled trainees.



BT Federal

5.0 Contractual Matters (“Background”) [C.1]

5.1. EIS Goals [C.1.1]

Flexible and cost-effective network topologies using Ethernet and IP-based VPN

technologies are replacing the large network architectures based on private line point-

to-point implementations. BT invests in robust telecommunication infrastructure and

data layer network technologies to meet growing demand from the Government for a

flexible, secure network able to support a variety of traffic types while maintaining strict

operational and service quality expectations.

BT believes that connectivity alone does not create value. The key to creating value is

to design a network from the access technology through to the Core infrastructure that

addresses the customer requirements and them optimize each element of the network

to ensure expectation are meet throughout the lifetime of the relationship.

BT will meet EIS goals by providing features with clear benefits to Agency Customers,

as Table 5.1-1 lists.

Table 5.1-1. EIS Goals and BT’s Fulfillment – Technical

Goals BT Features Agency Benefits

Service

Continuity

Diverse Core with protected access

relationships. 24x7 Operations

Reliable network with limited service impact in an

outage event

Highly

Competitive

Prices

Competitive, with ability to extend discounts

for Task Order Unique requirements

Pricing to fit Agency-specific requirements

High-Quality

Service

CONUS and Global core design using

multiple transport path, Carrier grade

equipment and repeatable, controlled

engineering standards.

Services deliver a consistent experience

regardless of location CONUS or OCONUS and

in line Agency expectation and SLAs

Full Service

Vendors

A Broad Product offering comprehensive

solutions on a Global scale

Leverage a range of telecommunication services

from the tenured global leader providing

standards based products across most of the

developed world.

Operations

Support

Dedicated DSS authorized US Government

facing CONUS NOC backed by Global NOCs

spread around the world providing 100%

failover regardless of the situation.

The Governments networks procured through BT

Federal on the EIS contract will be supported by

an operational organization that know



BT Federal

Goals BT Features Agency Benefits

understand both the US Gov’t and the local

operational environments on a Global level.

Transition

Assistance

and Support

BT service offerings have transitional

elements to assist customer moving from

traditional service to Data-centric services.

Agencies can implement new technology while

still maintaining traditional infrastructure. The

limits the initial cost required to transition to new

technology while making future technology

upgrades easier to implement.

For further details, please see Section 1.0

5.2. EIS Scope for Mandatory and Optional Services [C.1.2, M.1.1]

In compliance with the RFP M1.1, BT is bidding all Mandatory Services. BT is pricing

Access Arrangements. BT is also providing Voice services (namely, IPVS) to non-

domestic locations per RFP J.1.2.

As noted for each Optional Service section below, BT is preparing to offer Optional

Services in the future via contract modification. It is our intention to have contract

modifications prepared and submitted for GSA approval before initial Agency TOs issue.

For this reason, please note that BT will address (almost) exclusively Mandatory

Services and address Optional Services only as required or implied by the EIS RFP.

5.3. Minimum Requirements for Geographic Coverage [C.1.3]

BT partners directly with local access providers and other vendors through dedicated

Network to Network Interfaces (NNIs) to bridge the gap between our core nodes and

customer locations. NNIs enable fully integrated global offerings allowing for increased

flexibility of access type, speed, and service levels, regardless of customer location

worldwide. With multiple regional and local core nodes in multiple locations, BT’s

network reach and connectivity reduces the potential for customer service interruption

or degradations by distributing local facility connectivity across a broader range of core

sites, and optimizes performance while reducing expense.

BT will provide EIS services on a global (CONUS/OCONUS) basis per RFP J.1. Initially,

BT will provide Mandatory Services within 87 of the top 100 Core Based Statistical



BT Federal

Areas (CBSAs) per RFP J.1; see Figure 1.5 and Section 1.3, Service Coverage,

above for further details.

BT plans to add Optional Services, more CBSAs and additional OCONUS and Non

Domestic coverage with contract modifications in the near future, as BT comes to

understand better the needs and requirements of Agency customers.

5.4. Task Orders [C.1.4]

BT Federal looks forward to participating in Fair Opportunity and Task Orders (TO), as

offered by the Government. BT currently has several trusted relationships with Federal

Agencies and upon award will commence assisting partner Agencies in identifying

needs and requirements.

BT Federal Engineering and Sales Staff will directly respond to Agency TO as received

and in accordance with FAR Subpart 16.505 and terms and conditions of the EIS

Contract. BT Federal will evaluate each TO according to capabilities of BT service

products and to present the best solution for Government consideration. Engineering

and Sales staff with US Federal Government tenured experience will work continuously

with the GSA EIS contract to ensure an understand of both the GSA operating

environment and TO requirements are incorporated into all proposed solutions.

5.5. Authorized Users [C.1.5]

BT looks forward to supporting each Agency Customer of GSA; BT will work only with

authorized organizations in support of this contract.

BT will work with GSA and Federal stakeholders to market and promote the EIS

services to the fullest extent allowed by the FAR, regulations, and law to increase

market share for both GSA and BT, while maintaining clear compliance

5.6. Upgrades and Enhancements [C.1.6]

BT agrees with the Government that telecommunications technologies and services are

evolving rapidly. As a result of such evolution, services and solutions available under

the EIS contract will indeed increase, enhance, and upgrade.



BT Federal

BT itself has global experience in developing and implementing new technologies. BT

operates a separate Research and Engineering organization to directly develop new

technologies and guild their introduction into commercial telecommunication systems

responsibly. BT will draw on all such experience in bringing to market under EIS new

technologies that are within scope and that provide transformational effects in improving

efficiencies and operations across the Government sector. BT undertakes all such

activities regularly—and shares resultant benefits with customers—in a manner that

makes BT one of the largest, most successful telecommunications providers in the

world.

BT shares Government interest in deployment roll-out of Network Function Virtualization

and Software Defined Network (NFV/SDN).

BT has been at the forefront of NFV and SDN innovation:

Inception: BT have been at the inception of these technologies. NfV was born

out of open innovation between BT with Intel, HP, WindRiver, Tail-F, Ineoquest

and Verivue to demonstrate a proof of concept in 2011

Results: In June 2012 the results of a BT-led joint proof of concept published at

the Carrier Cloud Conference produced the term “NFV,” as a result of which

carriers decided to build a new forum within ETSI: the NFV Industry Specification

Group

Adoption: BT has adopted these technologies into services if commercial benefit

to customers

R&D: BT has an NFV test bed at BT laboratories and has been running tests

with vendors, who include ADVA , Cisco, HP, and Huawei

Trials: BT has run proof of concept trials with customers, some now live

Forecast: BT sees that the industry needs to work with evolving technologies

that will make NFV more efficient and deliver higher performance—in order of

maturity: VMware, Opensource, KVM, Containers and uni- or micro-kernels (the

latter being fresh out of university programs)



BT Federal

OpenConfig:

BT is working heavily with OpenConfig

BT has led and driven publication of more than 10 draft standards that use

YANG models in areas like Operational structure and routing policy

configuration

BT’s stated policy is to use OpenConfig and YANG as strategic solution for all

future network configuration whether network solution is containerized,

virtualized, or appliance based technology

Partners: Industry bodies BT works with include: ETSI, IETF, OpenConfig,

Openstack, OpenNetworking, Forum, Superfluidity, SONATA, Trilogy, TMForum

In broad brushstrokes, BT’s strategy for NFV is:

NFV Short Term:

Launched IWAN to provide virtualized network functions on “standard” CPE

Will run proof of concepts for NFV with customers, working with vendors such

as HP, Cisco, VMWARE, Riverbed, Checkpoint

NFV Short-to-Medium Term: Exploits VirtualCPE (vCPE) as on-premise and

network-edge nodes that include CSX-(x86) to lower cost of CPE for customers

SDN:

Uses SDN within Cloud Compute, Apps from BT, Compute storage services:

o BT’s network technology team will continue to engage proactively with

vendors and standards bodies (ETSI, Open Networking Foundation,

Openstack) to drive interoperability at scale

SD-WAN Short Term: Uses BT’s “Connect Intelligence IWAN” as first step in

Hybrid network / SD-WAN journey for customers

SD-WAN Medium Term: Integrates BT’s IWAN and Cloud Connect to enable

customers to take full advantage of all BT Connect value-added services



BT Federal

5.7. Organization of this Statement of Work [C.1.7]

BT has replied to the RFP’s SOW for all services in this response.

5.8. General Requirements [C.1.8]

5.8.1. Organization of EIS Services [C.1.8.1]

BT has responded to RFP C.1.8.1 in the following sub-sections by order in RFP C.2.

5.8.2. Service Locations [C.1.8.2]

BT recognizes and accepts the Government’s definition of Service Delivery Point (SDP)

per RFP C.1.8.2.

5.8.3. Performance [C.1.8.3]

BT responds to EIS Key Performance Indicators (KPIs) throughout its response below.

BT notes that it may propose and provide alternative KPIs to the Government in the

future, based on implementation and addition of evolutionary technology and other

necessitating factors that may arise.

5.8.4. Conformity to Standards [C.1.8.4]

If a standard, issued by a body (e.g., the Internet Engineering Task Force), has a

definition with specific version and/or date, then BT will implement the specific version

of that standard. Otherwise, BT will comply with latest versions of standards as GSA

and Agency customers expect. BT acknowledges that national will supersede

international standards for services provided to on-net users located in the U.S. When

citing multiple standards, BT will follow the order of precedence set by industry forum

specification, followed by ANSI, followed by connective, followed by ITU-TSS, unless

otherwise specified.

5.8.5. Non-Domestic [C.1.8.5]

BT will comply with Non-Domestic requirements in RFP C.1.8.5.

When delivering service to an SDP at a non-domestic location, the UNI (e.g., interface

type), BT will see that the standard for the SDP complies with country-specific interface

standards if delivering service to country-specific Government equipment. However, the



BT Federal

Government equipment conforms to a North American standard, then BT will see that

the UNI standard at the SDP complies with the North American standard where

permitted by local law and regulations.

5.8.6. Interoperability [C.1.8.6]

BT will support interoperability for given service offerings so that users of a service from

one EIS contractor will be able to communicate with users of services from other EIS

contractors with equivalent performance. BT notes that GSA recognizes that different

levels of interoperability exist commercially, particularly in the area of data networking.

Nevertheless, BT will make interoperability available for any service that is currently

commercially offered by BT and is interoperable with services of other EIS contractors.

In addition, BT will make available any future service interoperability at no additional

cost to GSA when BT offers interoperability for its commercially provided service.

Since PSTN for circuit switched services provides near-full interoperability, BT will

support interoperability between voice services, circuit switched data service, and

wireless services if offered. BT will also support connectivity and interoperability for

remote and mobile users as specified in individual service descriptions.

5.8.7. System Security Requirements [C.1.8.7]

BT will ensure that all services provided comply with all FISMA, DOD, and Intelligence

Community requirements where applicable.

The BT has provided Attachment 1, EIS Risk Management Framework Plan, that

describes its approach for security compliance for all services under EIS.

BT will comply with all applicable federal and Agency-specific IT security directives,

standards, policies, and reporting requirements for performing services under EIS.

BT will comply with FISMA, DOD and Intelligence Community-associated guidance and

directives to include all applicable FIPS, NIST SP 800 series guidelines.

BT complies with all service specific security requirements in RFP C.2 Technical

Requirements. Security receives direct address for each Service as Table 5.8-1shows.



BT Federal

Table 5.8-1. BT Security Responses Per RFP SOW C.2

EIS Service / Plan Section Reference

Network Architecture 2.4

Virtual Private Line Network Service 3.1.1.4

Ethernet Transport Service 3.1.2.4

Internet Protocol Voice Service 3.2.1.4

Managed Network Service 3.8.1.4

Access Arrangements 3.9.4

EIS Risk Management Framework Plan Attachment 1

BT will comply with all security A&A requirements mandated by federal laws, directives

and policies, including making available any documentation, physical access, and

logical access needed to support this requirement.

BT will perform personnel security / suitability checking in accordance with FAR Part

52.204-9

5.8.8. National Policy Requirements [C.1.8.8]



BT Federal

5.8.9. Technical Support [C.1.8.9]

BT will provide customer technical support as a component of each EIS service and will

comply with detailed requirements per RFP G.6.2 Customer Service Office and

Technical Support and RFP G.6.4 Trouble Ticket Management.



BT Federal

6.0 Technical Volume Documents (Plans) – Attachments


Volume 1 Technical Attachment 1-1 Use or disclosure of proposal data is subject to tbe restrictions on the cover page of this proposal

BT Federal

Attachment 1 — EIS Risk Management Framework Plan [L.29.2.2, C.1.8.7]

Attachment 1 EIS Risk Management Framework Plan, is submitted as a separate file.


Volume 1 Technical Attachment 2-1 Use or disclosure of proposal data is subject to tbe restrictions on the title page of this proposal

BT Federal

Attachment 2 — MTIPS Risk Management Framework Plan [L.27.2]

BT is not including MTIPS Service as a component of this initial EIS RFP response, but

will reassess adding this optional service in the future. BT is investigating the

development of a MTIPS-compliant offered and will submit EIS contract modification,

per RFP G.3.2.5 "Authorization of Orders" and RFP L.27 "General Proposal

Instructions" if offered in accordance with the EIS Requirements for MTIPS services.

The BT Federal BSS system and operational security practice will be compliant with

NIST SP 800-53. Modification of system will be required to reach “High Impact Level”.

At that time, BT will not provide a “MTIPS Risk Management Framework Plan,” as

permitted by the EIS RFP.


Volume 1 Technical Attachment 3-1 Use or disclosure of proposal data is subject to the restrictions on the cover page of this proposal.

BT Federal

Attachment 3 — Acronyms [L.22]

Acronym Definition

A&A Assessment and Authorization

AA Agency-ordered Access Arrangement

AA Access Arrangements

ACL Access Control Lists

ANI Automatic Number Identification

APT Advanced Persistent Threat

AQLs Acceptable Quality Levels

ATA Analog Telephone Adaptors

ATM Asynchronous Transfer Mode

ATO Authority to Operate

BGP

BoD Bandwidth-on-Demand

BSS Business Support System

BT BSS BT Business Support Systems

CA Certificate Authority

CBSAs Core Based Statistical Areas

CDR Call Detail Records

CE Customer Edge

CEF Cisco Express Forwarding

CERT Computer Emergency Response Team

CEs Connection Endpoints

CES Circuit Emulation Services

CIKR Carrier Infrastructure and Key Resource

CISCP Cyber Information Sharing and Collaboration Program

CISO Chief Information Security Officer

CLRs Circuit Layout Records

CNSS Committee on National Security Systems

CO Contracting Officer

CoINs Community of Interest Networks

CONOPS Concept of Operations

CONUS Continental United States

COOP Continuity of Operations Plan

CoS Classes of Service

CUGs Closed User Groups

CUI Controlled Unclassified Information

DHS Department of Homeland Security



BT Federal

Acronym Definition

DoD Department of Defense

DoDI Department of Defense Instruction

DS3 Distributed Simulation Stimulation System

DSCP Differentiated Services (DiffServ) Code Point

DSCP Differentiated Service Code Point

DSL Digital Subscriber Line

DWDM Dense Wavelength Division Multiplexing

EBS Excess Burst Size

E-Gov Electronic Government

EIR Excess Information Rate

EIS Enterprise Infrastructure Solutions

ERP Enterprise Resource Planning

ETS Ethernet Transport Service

ETSI European Telecommunications Standards Institute

EVCs Ethernet Private Virtual Circuits

EVCs Ethernet Virtual Circuits

EVPL Ethernet Virtual Private Line

FAR Federal Acquisition Regulation

FIPS Federal Information Processing Standard

FIRST Forum of Incident Response & Security Team

FISMA Federal Information Security Management Act

FRR Fast Re-Route

FTP File Transfer Protocol

Gbps Gigabit per second

GFE Government Furnished Equipment

GFP Government Furnished Property

GPOP Global Points of Presence

GSA General Services Administration

GWAN Government Wide Area Network

HSPD-12 Homeland Security Presidential Directive-12

HTTPS Secure HyperText Transfer Protocol

HVAC Heating, Ventilation and Air Conditioning

ICD Intelligence Community Directive

ICMP Internet Control Message Protocol

IDIQ Indefinite Delivery Indefinite Quantity

IDS Intrusion Detection Systems

IEEE Institute of Electrical and Electronics Engineers

IETF Internet Engineering Task Force



BT Federal

Acronym Definition

IETF RFC IETF Request for Comment

IP Internet Protocol

IPS Internet Protocol Service

IPSec IP Security

IPv4 Internet Protocol Version 4

IPv6 Internet Protocol Version 6

IPVS Internet Protocol Voice Services

ISO International Organization for Standardization

ISSM Information System Security Manager

ISSO Information System Security Officer

ISV Independent Software Vendor

KPIs Key Performance Indicators

LAN Local Area Network

LECs Local Exchange Providers

LEM Lead Engineering Manager

LIM Lead Implementation Manager

LNP Local Number Portability

LOM Lead Operations Manager

MACDs Moves, Adds, Changes, Disconnects

MNS Managed Network Services

MPLS Multi-Protocol Labeled Switching

MSOs Multiple-System Operators

MTIPS Managed Trusted Internet Protocol Service

MTTR Mean-Time-To-Repair

NANP North American Numbering Plan

NCC Network Control Center

NCPS National Cyber Protection System

NFV/SDN Network Function Virtualization and Software Defined Network

NIST National Institute of Standards

NMS Network Management System

NNIs Network-to-Network Interfaces

NOC Network Management Operations Center

NOC Network Operations Center

NS/EP National Security and Emergency Preparedness

OCO Ordering Contracting Officer

OCONUS Outside the Continental United States

OC-x Optical Carrier

OMB Office of Management and Budget



BT Federal

Acronym Definition

OOB Out-of-Band

OSPF Open Shortest Path First

OWS Optical Wave Service

PDH Plesiochronous Digital Hierarchy

PE Provider Edge

PMP Program Management Professional

PoE Power Over Ethernet

POPs Points of Presence

PS/ALI Private Switch/Automatic Location Identification

PSAP Public-Safety Answering Point

PSTN Public Switched Telephone Network

QoS Quality of Service

R&D Research & Development

RFCs Requests for Comments

RFP Request for Proposal

RJ-45 Registered Jack-45

RMA Return Material Authorizations

RMA Return Merchandise Authorization

RT Route Target

SDN Software Defined Networking

SDP Service Delivery Point

Security A&A Security Assessment and Authorization

SIEM Security Information and Event Management

SIEM Security Information Event Management

SLAs Service Level Agreements

SMEs Subject Matter Experts

SNMP Simple Network Management Protocol

SOC Security Operations Center

SONET Synchronous Optical Networking

SRE Service Related Equipment

SRL Service Related Labor

SSPs System Security Plans

T1 Tier 1

TACACS Terminal Access Controller Access System

TACACS+ Terminal Access Controller Access Control System Plus

TDM Time Division Multiplex

TO Tasks Order

TS/SCI Top Secret/Sensitive Compartmented Information



BT Federal

Acronym Definition

UCM Unified Call Manager Cluster

UCxn Unity Connection

UNI User Network Interface

UPAC Unified Premium Attendant Console

VolP Voice over Internet Protocol

VPAT Voluntary Product Accessibility Template

VPNS Virtual Private Network Service

VRF Virtual Route Forwarding

WA Washington

WAN Wide Area Network

Wi-Fi, Wireless

xDSL Digital Subscriber Line


Volume 3 Past Performance Attachment 4-1 Use or disclosure of proposal data is subject to the restrictions on the cover page of this proposal.

BT Federal

Attachment 4 — Exceptions (None) [L.8]

BT Federal takes no exceptions to the requirements in Volume 1 Technical.

RFP

Reference

Proposal

Location Exceptions/Deviations Justification

N/A N/A N/A N/A



BT Federal

Attachment 5 — Assumptions and Conditions [L.9]

BT Federal makes no Assumptions to the requirements in Volume 1 Technical.

RFP

Reference

Proposal

Location Assumptions/Conditions Detailed Resolution

N/A N/A N/A N/A