1. SevenNATIONAL INSTITUTE OF TECHNOLOGY, DURGAPURMAHATMA GANDHI AVENUE DURGAPUR 713 209, WEST BENGAL, INDIAFAX: 0343-2547375;E-mail:director@nitdgp.ac.in; Website: www.nitdgp.ac.in Telephones: 0343-2546397 (Director)BID REFERENCE: NITD/ITIC/IMSS/ 2008/08/ 07.08.2008To______________________________________________________________________Dear Sir,Sub: INVITATION FOR QUOTATIONS FOR INFRASTRUCTURE MANAGEMENT AND SECURITYSERVICES GENERAL1. You are invited to submit your most competitive quotation for the goods as per annexure-I2. Bid Price a) The contract shall be for the full quantity as described above. Corrections, if any, shall be made by crossing out,initialing, dating and re writing. b) All duties, taxes and other levies payable by the contractor under the contract shall be included in the total priceF.O.R. NIT Durgapur. c) The rates quoted by the bidder shall be fixed for the duration of the contract and shall not be subject to adjustmenton any account. d) The bid price must be quoted in Indian Rupees.3. Each bidder shall submit only one quotation for each item. Manufacturer/authorized dealers of reputed brands ofhigh technical quality with adequate after-sales support facilities are eligible to apply. The bidder must havesupplied similar good to reputed organization to their full satisfaction and furnish a list of the same.4. The bid submitted by the bidder must comprise the following: Part I (Techno-commercial Bid)(a) Detailed technical specifications and literature/drawings/manuals of the goods/services to be supplied.(b) Compliance report on quoted goods in accordance with Annexure I.(c) Detail Implementation plan in accordance with Annexure I.(d) Authorized dealership certificate from the original manufacturer as per the Annexure III.(e) Credentials and list of organizations where the bidder supplied similar items(f) Warranty Certificate (comprehensive on-site).(g) Valid sales-tax / VAT clearance certificate.Part II (Price Bid)Price bid as per Annexure-II5. Validity of QuotationQuotation shall remain valid for a period not less than 60 days after the deadline date specified for submission.6. Evaluation of QuotationsThe Purchaser will evaluate and compare the quotations determined to be substantially responsive i.e. which(a) are properly signed and (b) conform to the terms and conditions, and specifications.7. Award of contractThe Purchaser will award the contract to the bidder whose quotation has been determined to be substantiallyresponsive and who has offered the lowest evaluated quotation price.

2. 7.1 Notwithstanding the above, the Purchaser reserves the right to accept or reject any quotations and to cancel the bidding process and reject all quotations at any time prior to the award of contract. 7.2 The bidder whose bid is accepted will be notified of the award of contract by the Purchaser prior to expiration of the quotation validity period. The terms of the accepted offer shall be incorporated in the purchase order.8.Delivery shall be made at NIT, Durgapur9.Payment shall be made immediately within 30 days after satisfactory installation, commissioning and acceptance of the good.10. Comprehensive onsite warranty shall be applicable to the supplied goods for a period of thirty six months from the date of acceptance.11.The Institute is exempted from payment of custom and excise duty on items mentioned below: a)Scientific and technical instruments, apparatus, equipment (including computers); b)Accessories, spare parts and consumables thereof; c)Computer software, CD-ROM, recorded magnetic tapes, microfilms, and microchips. d) Sales Tax, if applicable, should be charged @ 4% against D form.12. The successful bidder must submit before the release of payment a valid bank guarantee on any nationalized bank of 10% of the order value towards Performance Security during the warranty period.13. Liquidated Damage will be applicable at the rate of 0.5% per week. The purchaser has the right to cancel the purchase order when LD accumulates to 10 %.14. A bank draft of Rs.1000/- towards the Bid Document price payable to Director, NIT Durgapur at Durgapur will be enclosed with the bid by the bidder.15. A bank draft or bank guarantee worth 2% of the quoted value payable to Director, NIT Durgapur at Durgapur will be enclosed with the bid by the bidder towards the Earnest Money Deposit (EMD). The EMD shall remain valid for a period of 45 days beyond the final bid validity period.16. Quotations are to be submitted in two separate sealed covers marked PART-I (Techno-commercial bid) and PART-II (Price bid) containing relevant documents, superscripting Bid No. - NITD/ITIC/IMSS/2008/08. These two sealed covers are to be placed in a separately sealed larger cover. Further the sentence Not to be opened before 16-00 hours on 28.08. 2008 is also to be put on these envelopes.17. Settlement of any dispute will be made under the jurisdiction of Durgapur Court.18. You are requested to provide your offer latest by 16-00 hours on 28.08. 2008.19. The purchaser will open the bids at 16:30 hours on 28.08. 2008.20. Pre Bid Conference on the bid will be on 21.08.2008 at 10:30 AM at Library Building 1st floor.21.1 At any time prior to the deadline for submission of bids, the Purchaser may, for any reason, whether at its owninitiative or in response to a clarification requested by a prospective bidder, modify the bidding documents byamendment. 21.2 In order to allow prospective bidders reasonable time in which to take the amendment into account in preparingtheir bids, the Purchaser, at its discretion, may extend the deadline for the submission of bids.22. The bid document must be signed and sealed and enclosed with the bid as a token of acceptance of all terms and conditions in the bid document by the bidder.23. The items/services must be delivered within 60 days from the date of placement of purchase order at the respective department.24. All other terms and conditions of GFR 2005 of the Government of India will be applied.25. We look forward to receiving your quotations and thank you for your interest in this project. NIT Durgapur 3. Chairman, IT Infrastructure Committee National Institute of Technology The bid must be addressed to: Durgapur, West Bengal 713209 Prof. A. K. Mitra Mobile: +91-97347-34317, Email: akmrecdgp@yahoo.com NIT Durgapur 4. Annexure - I Technical SpecificationsInfrastructure Management and Security Services for Campus Wide NetworkingNIT Durgapur is having an extensive network consisting of over 3500 nodes. The network is built over two core switches of Extreme Networks and a combination of distribution access switches of 51 Extreme Networks and 95 DAX Switches. There are 4 Wireless Access Points to link Wireless enabled Laptops. Part of this Network is even extended to the Student Hostels. A high efficiency Internet bandwidth is taken from BSNL & Reliance. BSNL is providing 32 + 2 Mbps and Reliance is providing 20 Mbps. Internet browsing access is provided throughout the network through Proxy Services. Email Server and Email Service are hosted from respective servers. Further the IT infrastructure of NIT Durgapur is well equipped with number of servers, software and LRs, which are used for several academic and management purpose. NIT Durgapur being an academic institute of INI status must have open approach with focus on clean and efficient access of web, institute email, resources and other services (like Office Automation, Update and patch management services and INDEST services). We must see that network resource is not being wasted due to anomalous activities and the resources are provided with protection for basic sanity. A good monitoring facility is also required for a responsible network.Recent IT Act had given legal status to digital data and digital identity. Therefore, maintaining compliance diligence is becoming necessary responsibility for large networks like NIT Durgapur. In view of the above facts NIT Durgapur must set the strategy for infrastructure management and security at gateway as well as endpoint level to have a clean, efficient and responsible network. Strategy1. Gateway Level SecurityAs a structure of infrastructure and security management we must divide the network logically into Zones. Each zone shall have defined levels of accessibilities depending on their functions. Zones are as follows, External Untrusted Zone De-Militerised Zone (DMZ) Administrative Zone Academic Zone Hostel Zone Residential ZoneA firewall should be used at gateway level to segregate External Untrusted Zone, DMZ and Internal LAN. VLAN should be defined based on this zone division to limit broadcast at Layer 2. The firewall must be evaluated based on the following criteria: - Firewall having IPS with deep packet inspection Creation of Security Zones Intelligent Intrusion Detection System Gateway antivirus engine on web and email traffic Cryptography Public Key & VPN Infrastructure Host Security Application Security Access Control Disaster recovery and Continuity Plan Event Log ManagementAs a policy no service from Internal LAN should go directly to Internet. All out going services must go through respective proxy services. The DMZ should host all services that are in direct connection to the Internet. Therefore, DMZ should host Web Server, Mail Server, Proxy Server etc. The policy in the firewall should be defined that will allow only the services offered. The performance of the firewall also should be sufficient function in full load. Intrusion Detection capability is also an important criteria for the firewall (Fig I). 5. Firewall, Antivirus, Anti-spam, IPS etc. Fig I: Gateway Security II. Resource and Access ManagementA resource management application will be of immense help for the manageability of the nodes. Such a centralized facility will bring in manageability, accountability and compliance.The first strategy to defending nodes is to have an antivirus, anti-spam and personal firewall installed in every node by policy. Measures must be in place to keep them updated with latest patches. Therefore, more than just installing, an update enforcement policy is also imperative.Secondly, every threat that poses a network utilizes the weakness in the applications themselves to break in. The application and operating system OEMs constantly remedies these weaknesses whenever they are discovered and posts them as patch updates. The OS and the applications update are to be given equal importance to have a safe and clean working environment. Centralized patch update facility can push install the updates by policy.The Third and most important issue is policy based access control mechanism for network resource and services with the compatibility with IEEE802.1X standard. If a user is not authenticated they will not be allowed entry into the network from the Layer 2 switch ports. If the user is not compliant by the policy (including the security policies), the user will be connected but without the access to regular resources, rather he will quarantined to a remedial VLAN, where he get access to the redial Server for Patch update, personal antivirus update and client application update. IEEE 802.1x Compatible SwitchFig II: Access Management 6. Specification1. Gateway Level Security FeatureDescription Performance Maximum PerformanceMulti-bus System Architecture Preferable and Capacity Firewall throughput (large packets) 1+ GbpsAdvanced DES/AES throughput 500 Mbps (min)Maximum concurrent sessions 2,50,000 (min)New sessions/second 15,000 (min)Maximum security policies, Packets Per Second,SpecifyAntivirus Throughput.Maximum users supported.Unrestricted Network Connectivity 10/100/1000 GBE Ports 10SFP (Mini GBIC) Ports 2USB (preferable)2 Firewall Network attack detection, DoS and D DoSRequiredprotection, TCP reassembly for fragmented packetprotection, SYN cookie protection, Zone-based IPspoofing, Malformed packet protection. Unified Threat IPS: Protocol anomaly detection, Stateful protocolRequired Management signatures, IPS/DI attack pattern obfuscation.Gateway Antivirus: Signature database based withRequiredautomatic update ficilities, Anti-spyware, Anti-adware, Anti-keylogger, Protocols to be scannedPOP3 HTTP SMTP IMAP FTPGateway Anti-spam RequiredIntegrated URL filteringRequiredExternal URL filteringRequired IPSec VPNConcurrent VPN tunnels1000 (Min)Encryption: DES, 3DES and AES (256-bit) MD-5Requiredand SHA-1; Manual key, Internet Key Exchange(IKE),public key infrastructure (PKI) (X.509); Perfectforward secrecy (DH Groups) 1,2,5; Prevent replayattack; Remote access VPN; Layer 2 TunnelingProtocol (L2TP) support within IPSec; Auto-ConnectVPN; Redundant VPN gateways support User Authenticationand Local Database support; Third-party userRequired Access Control authentication RADIUS and LDAP; WindowsDomain Control & Active Directory Integration;Support for Single Sign On, VPN authentication,Web-based authentication, 802.1X authentication;User/ Group access control; Networking Virtualization: Support of min 50 nos securityRequiredzones, min 150 nos pf VLNs; Routing: OSPF routes,RIP v1/v2 Routes, Static routes, Policy based routes,Multicasting, Multicast inside IPSec tunnel; IPAddress Assignment: Static IP, DHCP, PPPoE;Address Translation: NAT / PAT, Policy-basedNAT/PAT, Support for MIP, Virtual IP, VLAN802.1Q Trunking, MIP/VIP Grouping. Preferable:IGMP v1/v2, IGMP Proxy, Standard EncapsulationMechanism. Mode of OperationSupport for Layer 2 (transparent) and Layer 3 (routeRequiredand/or NAT) mode Trafficand Bandwidth Policy based Guaranteed and Maximum bandwidth;Required Management Quality ofIngress traffic policing; Priority-bandwidth Service (QoS)utilization; Committed and burstable bandwidth byhierarchy/ departments/ groups & users 7. High Availability (HA) Active/passive Mode (at L3 or Transparent Level)Requiredwith Configuration synchronization, Sessionsynchronization for firewall and VPN, Sessionfailover for routing change, Device failure detection,Link failure detection Multiple ISP Link Management and Load BalancingRequiredVoice over IP (VoIP) Security (H.323. Application-level gateway (ALG), Network Preferable Address Translation (NAT) for VoIP protocols) System ManagementWebUI (HTTP and HTTPS) , Command line Requiredinterface (console, SSH and telnet), SNMP, OEMSpecific management Studio/console/interface Administration Support for Local administrator database, ExternalRequiredadministrator database through RADIUS, RSASecureID, LDAP,Restrictedadministrativenetworks, multiple level of users, software upgradesthrough WebUI. Logging/Monitoring System log (multiple servers), Email Reports, RequiredGraphical real-time and historical monitoring,Traceroute, SNMP, VPN tunnel monitor. On Appliance Reporting Intrusion events reports, Policy violations reports,RequiredWeb Category reports (user, content type), SearchEngine Keywords reporting, Virus reporting by Userand IP Address, Compliance Reports. CertificationICSA Firewall, VPN, FCC, CE, UL Required2. Infrastructure Management(a) Centralized Resource Management: Policy based resource management; Support for Windows desktop Imaging; Application management; Application self-healing; IT asset discovery, inventory & classification; Remote control, Enterprise web reporting based on BusinessObject.(b) Centralized Patch Management Should support Individual application vulnerability scanning, E-mail agent configuration for sending vulnerability notifications, Comprehensive vulnerability and compliance reporting, Role-based administrative account creation, Automatic vulnerability package downloadsas soon as they are available, System vulnerability base lining for an agent group containing a validated group of mandatory patches, Vulnerability package deployment to groups of clients, Server tuning guidelines, Successful patch deployment verification using reporting functions.OS Patch should support Redhat Linux 2.1 to 4.0 Enterprise Edition, Windows 9xWindows XP SP1 / SP2, Windows 2000 and 2003 server, Windows Vista, Sun Solaris 10.0, IBM AIX 5.1 to 5.3, Novell, Novell SuSe Linux etc.Application Patch should support Adobe Acrobat Reader, Adobe Flash Player for Internet Explorer, Adobe Flash Player for FireFox/Netscape, Adobe Macromedia Plug-In (Internet Explorer, Firefox), Apple QuickTime, Computer Associates eTrust Antivirus, McAfee VirusScan Engine, McAfee VirusScan Enterprise Engine, McAfee VirusScan DAT, Microsoft .NET Framework, Microsoft ActiveSync, Microsoft Content Management Server, Microsoft Data Access Components (MDAC), Microsoft DirectX, Microsoft Frontpage Server Extension (FPSE), Microsoft Internet Explorer, Microsoft Internet Security and Acceleration Server (ISA), Microsoft Jet, Microsoft Malicious Software Removal Tool, Microsoft MSDE Microsoft MSN Messenger, Microsoft MSN Messenger Exchange IM Client, Microsoft Internet Information Service (IIS), Microsoft MSXML, Microsoft Office 2003 and 2007 (Access, Excel, FrontPage, InfoPath, OneNote, Outlook, PowerPoint, Project, Publisher, Visio, Word), Microsoft Outlook 2003 Junk E- mail Filter, Microsoft Outlook 2007 Junk E- mail Filter, Microsoft Outlook Express Microsoft SharePoint Service, Microsoft SQL Server Microsoft Visual Studio .NET Microsoft Visual Studio, Microsoft Windows Installer, Microsoft Windows Mail Junk E- mail Filter, Microsoft Windows Media Player, Microsoft Windows Messenger, Microsoft Windows Update, Mozilla Firefox, Real Networks RealPlayer for RedHat, Real Networks RealPlayer for Windows, Sophos Antivirus Sun Java Runtime Engine Sun Java for Mac OS X, Symantec Antivirus Corporate Edition for 64 bits, Symantec Norton Antivirus Symantec Norton Antivirus Trend Micro OfficeScan Trend Micro ServerProtect, WinZip etc. 8. 3. Implementation:(i) Implementation and Integration of the item 1 and item 2 must be done at NIT Durgapur with the scalability provision of adding more resources, services and users in the network. (ii) Provision of virtualization of server resources must be present. (iii) User policy and Access policies of different resources and services must be made as per the instruction given by the competitive authority from NIT Durgapur. (iv) Implementation must be done with the perspective of atleast 5000 users. (v) Resource Management must be implemented for atleast 2000 users (Hostel and Residential zone will not get this facility).4. Techno Commercial Requirements:(i) THREE YEARS on site warranty of the supplied goods from the date of acceptance. For Software the license and support will be for 3 years including updates and version upgrade with unlimited web and telephonic support from the OEM. (ii) Services should be provided with posting of ONE no of Qualified, Certified and Experienced engineer at NIT Durgapur for the period of THREE years. (iii) Bidder must have performed atleast THREE numbers of similar type of jobs with atleast 75% of the valuation of this quotation. (iii) Equipments and Software must be with licenses and will be in the name of NIT Durgapur. Software licensing will be perpetual licensing. (iv) Delivery Period: 60 days from the date of placement of purchase order (v) Place of Delivery: Internet Server Room, NIT Durgapur (vi) Installation / commissioning / demonstration requirement: Installation, commissioning, complete demonstration and successful running at Internet Server Room, NIT, Durgapur 9. Annexure - II PRICE BID 1 2 3 4 5678SchedulItemCountry QuantityPrice for each unitUnit Price Total Price Sales & othereDescription Of Origin & Unittaxes payableNo. Ex-factory /ex Excise duty Packing andInland Incidental services if contract iswarehouse/ex-if any forwardi Transportation, Insuranceas listed in clauseawarded showroom of the ng & other local costs8 of SCCshelfincidental to Delivery (a) (b) (d)(e)a+b+c+d+e4X6 We agree to supply the above goods in accordance with the technical specifications and the terms and conditions mentioned in the bid document at prices mentioned above within the period specified in the Invitation for Quotations. We also confirm that the comprehensive onsite warranty of 36 months shall apply to the offered goods. In case of discrepancy between unit price and total price, the unit price shall prevail Place:Signature of Bidder __________________________ Date: Name ____________________________ Business Address ___________________________ 10. Annexure III MANUFACTURERS' AUTHORIZATION FORMToDate: Prof. A. K. Mitra Chairman, IT Infrastructure Committee National Institute of Technology Durgapur, West Bengal - 713209 Mobile: +91-97347-34317 Email: akmrecdgp@yahoo.comDear Sir: Bid No.: We who are established and reputable manufacturers of(name and descriptions of goods offered) having factories at(address of factory) do hereby authorize M/s (Name and address of Agent) to submit a bid, and sign the contract with you for the goods manufactured by us against the above Bid. We hereby extend our full guarantee and warranty as per Clause 10 of the General section and Clause 4.(i) of Technical Specification for the goods and services offered for supply by the above firm against this bid. Yours faithfully, (Name) 11. (Name of manufacturers)