addendum...i. iso 9000:2015 ii. iso 20000:1 2011 iii. iso 27001:2013 iv. cmmi maturity level 3 the...

of 36

ADDENDUM

File. No.: 36(26)/2019-CPS Dated: 10-10-2019

Establishment of ICAR-DR Center and Synchronization with ICAR-DC under project “Investments in Indian Council of Agricultural Research

Leadership in Agricultural Higher Education (NAHEP)”

Against Credit 8776-IN

1.The following corrigendum issued to the subject NCB may also be noted wherever applicable in the bid document.

Existing Amended to

Last Date for sale of bidding document 11-10-2019 up to 4:00PM 24-10-2019 up to 4:00PM

Last date and time for submission of bid 14-10-2019 upto 2:00 PM 25-10-2019 upto 2:00 PM

Time & date of opening of bids 14-10-2019 at 2:30 PM 25-10-2019 at 2:30 PM

2. The following clauses of subject Bid Document are amended as under: -

S.

No.

Page

No.

Bid Section/Clause Sub Section Original Specification as Per Bid Clause Should be read as

1. 1 First page - NATIONAL COMPETITIVE BIDDING FOR NATIONAL COMPETITIVE BIDDING FOR

Establishment of ICAR-DR Center and

Synchronization with ICAR-DC

2. 2 First Page - E-mail: [email protected],

[email protected]

E-mail: [email protected],

[email protected]

3. 14 SECTION II:

INSTRUCTIONS

TO BIDDERS

E. Bid Opening and

Evaluation of Bids.

26.4

The Purchaser's evaluation of a bid will take

into account, in addition to the bid price (Ex-

factory/exwarehouse/off-the-shelf price of the

goods offered from within India, such price to

include all costs as well as duties and taxes

The Purchaser's evaluation of a bid will take into

account, in addition to the bid price (Ex-factory/ex-

warehouse/off-the-shelf price of the goods offered

from within India, such price to include all costs as

well as duties and taxes paid or payable on

of 36

paid or payable on components and raw

material incorporated or to be incorporated in

the goods, and Excise duty on the finished

goods, if payable) and price of incidental

services [the cost of 3 years annual

maintenance service after expiry of warranty

period included in incidental services should

be discounted as stated in ITB 26.5], the

following factors, in the manner and to the

extent indicated in ITB Clause 26.5 and in the

Technical Specifications:

(a) cost of inland transportation, insurance

and other costs within India incidental to the

delivery of the goods to their final destination;

components and raw material incorporated or to be

incorporated in the goods, and Excise duty on the

finished goods, if payable) and price of incidental

services, the following factors, in the manner and to

the extent indicated in ITB Clause 26.5 and in the

Technical Specifications:

(a) cost of inland transportation, insurance and

other costs within India incidental to the delivery of

the goods to their final destination;

4. 29 Section IV. Special

Conditions of

Contract

3. Performance

Security (GCC

Clause 7)

3.1

Within 21 days after the Supplier’s receipt of

Notification of Award, the Supplier shall

furnish Performance Security to the Purchaser

for an amount of 5% of the contract value

excluding annual maintenance cost, valid upto

60 days after the date of completion of

performance obligations including warranty

obligations.

In the event of any correction of defects or

replacement of defective material during the

warranty period, the warranty for the

corrected/replaced material shall be extended

to a further period of 36 months and the

Performance Bank Guarantee for proportionate

value shall be extended 60 days over and

above the extended warranty period.

Within 21 days after the Supplier’s receipt of

Notification of Award, the Supplier shall furnish

Performance Security to the Purchaser for an

amount of 5% of the contract value valid upto 60

days after the date of completion of performance

obligations including warranty obligations.

In the event of any correction of defects or

replacement of defective material during the

warranty period, the warranty for the

corrected/replaced material shall be extended to a

further period of 12 months over and above the

initial Warranty Period of 36 Months. The

Performance Bank Guarantee for proportionate

value (which will be determined by the purchaser in

consultation with the supplier) shall be extended 60

days over and above the extended warranty period.


Conditions of

Contract

3.Performance

Security (GCC

Clause7)

3.3 Substitute Clause 7.4 of the GCC of the

following:

The Performance Security will be discharged


following:

The Performance Security will be discharged by the

of 36

by the Purchaser and returned to the Supplier

not later than 60 days following the date of

completion of the Supplier’s performance

obligations, including the warranty obligation,

under the contract and following receipt of a

performance guarantee for 2.5% of the contract

value excluding annual maintenance costs

towards guarantee for the annual maintenance

as stated in Clause 10 of SCC.

Purchaser and returned to the Supplier not later than

60 days following the date of completion of the

Supplier’s performance obligations, including the

warranty obligation, under the contract.


Conditions of

Contract

3. Performance

Security (GCC

Clause7) 3.4

Clause 3.4 of SCC

Clause 3.4 of SCC may be renumbered as Clause

3.5 of SCC.


Conditions of

Contract

3.Performance

Security (GCC

Clause7)

Add a new Clause as 3.4 of SCC after Clause

3.3 of SCC


following:

Deleted


Conditions of

Contract

11. Payment (GCC

Clause 16)

Add a new Clause as 11.1.1 of SCC 11.1.1 Replace Clause 16.3 of the GCC with the

following;

Payments shall be made promptly by the

Purchaser but in no case later than Forty-

five (45) days after submission of the

invoice or claim by the Supplier.

9. 109 SECTION VI A (Referred to in Clause 13.3 (b) of ITB), QUALIFICATION REQUIREMENTS

S. No 6.ii: Minimum required Documents to be submitted as proof

ii. Work/Purchase order, along with

installation reports signed and sealed by the

client, of Supply & installation of

DC/DR/Cloud infra including IT equipments/

Software/ Migration to IPv6/ Integrated

Solutions

ii. Work/Purchase order, along with installation

reports/Client Certificate signed and sealed by the

client, of Supply & installation of DC/DR/Cloud

infra including IT equipment/ Software/ Migration

to IPv6/ Integrated Solutions

of 36


S. No 7 The Bidder should have valid Certificate;

i. ISO 9000:2015

ii. ISO 20000:1 2011

iii. ISO 27001:2013

iv. CMMI Maturity Level 3

The Bidder should have valid Certificate;

i. ISO 9000/9001:2015

ii. ISO 20000:1 2011

iii. ISO 27001:2013

iv. CMMI Maturity Level 3


S. No. 9 Bids of bidders quoting as authorized

representative of a computer manufacturer,

meeting with the above requirement in full, can

also be considered provided:

i. the manufacturer furnishes authorization in

the prescribed format assuring full guarantee

and warranty obligations as per GCC and SCC.

MANUFACTURERS' AUTHORIZATION

FORM of major items [in the Form given in

Section XII]

Bidder must submit Manufacturer Authorization

Form (MAF) in the prescribed format assuring full

guarantee and warranty obligations as per GCC

and SCC.

MANUFACTURERS' AUTHORIZATION FORM [in

the Form given in Section XII] of Hardware

including HCI, DG Set, Integrated Smart Rack

including UPS and PAC.

12. 124 SECTION XII

(Please see Clause

13.3(a) of

Instructions to

Bidders)

MANUFACTURERS'

AUTHORIZATION

FORM

We hereby extend our full guarantee and

warranty as per Clause 15 of the General

Conditions of Contract and Clause 10 of the

Special Conditions of Contract for the goods

and services offered for supply by the above

firm against this IFB

. We confirm that the equipment offered for

supply are the most recent series models

incorporating the latest improvements in

design. Further, we are in continuous business

of manufacturing products similar to that

specified in the schedule of requirements during

the last three years prior to bid opening.

We hereby extend our full guarantee and warranty as

per Clause 15 of the General Conditions of Contract

and Clause 10 of the Special Conditions of Contract

for the goods and services offered for supply by the

above firm against this IFB. We confirm that the

equipment offered for supply are the most recent

series models incorporating the latest improvements

in design and availability of after sales service for a

period of at least six years including the warranty

period.

of 36

13. 58 SECTION VI:

TECHNICAL

SPECIFICATIONS

A. Broad list of

proposed Items

I. IT components and

services

S.

N

o.

Components Qty Form Factor

1. WAN

Switches 2 Hardware

2. Global Load

Balancer 4

Virtual Instance

in HA

3. Perimeter

firewalls 2 Hardware in HA

4. Network IPS 2 Hardware in HA

5. Core

Switches 2 Hardware in HA

6. Server Farm

Firewall 2 Hardware in HA

7. Server Load

Balancer 2

Virtual Instance

in HA

8. Server Farm


9. Management


10. Web

Application

Firewall

2 Virtual Instance

in HA

11. Security

Information

Event

Management

(SIEM)

1 Hardware /

Virtual

12.

Hyper-

Converge

Infra

As per

required

Nodes

CPU Cores - 640,

RAM - 4096 GB,

Storage: 280 TB

The above

resources are

minimum

useable, bidder

has to ensure and

provision the

extra resources

S.

No

Components Qty1 Description

1. WAN and

Access

Switches -

Fiber

4

10GMultimode Fiber x

20,1G Copper x 10,

Populate all uplink

modules with SFPs (Per

SW)

2.

Global Load

Balancer 4

Hardware / Virtual,

Populate all Available

SFP+ Ports (10G

Multimode)

3. Perimeter

firewalls 2

Hardware, Populate all

Available SFP+ Ports

(10G Multimode)

4.

Network IPS 2


Available SFP+ Ports,

(10G Multimode)

5.

Core Switches 2


Ports with Multimode

fiber

6. Server Farm

Firewall 2



(10G Multimode)

7.

Server Load

Balancer 2

Hardware / Virtual,

Populate all Available

SFP+ Ports (10G

Multimode)

8.

Server Farm

Switches -

Copper

4


Available Uplink ports.

populate with 2 x 100G

QSFP Module and 4 x

10G SFP+ Multimode SR

modules

9.

Server Farm

Switches -

Fiber

2

Hardware, Fiber-Populate

all Available SFP+ Ports

(10G Multimode), Uplink

All Ports to be Populated

4 x 100G QSFP & 2 x

10G SFP+ Multimode

Fiber

10. Management

Switches 2

Hardware, copper- Uplink

All Ports to be Populated

of 36

for compression,

deduplication and

itself operations.

13. Rack

Server/Blade

Server

2

CPU Cores - 12

cores x 2, RAM -

128 GB, HDD - 1

TB per Server

14. Backup &

Recovery

Solution with

Backup

Appliance/m

edia

hardware.

1

Total 40 TB

Hardware,

Software and

licenses for both

sites (DC& DR)

15.

Display 02

40”

Display/LED/TV

for NOC and

CCTV

16. Latest

Operating

System

Licenses

As per

supplied

Compute

core

Redhat / Ubantu

17.

Database 8 core

MySQL Server

(latest version)

for existing

services

18.

Database 8 core

MSSQL Server

(latest version)

for existing

services

19.

Database 2 core

Oracle (latest

version) for

existing services

20. WebLogic

Server 2 Core

Middleware

Webserver for

existing services

21. Antivirus for

Servers 300 Software

11. Web

Application

Firewall

2



(10G Multimode)

12.

Hyper-

Converge

Infra

Min, 12

Nodes

CPU Cores - 480, RAM -

3072 GB, Storage: 200 TB

Usable, Populate all


(10G Multimode)

13.

Rack

Server/Blade

Server

2

CPU Cores - 12 cores x 2,

RAM - 128 GB, HDD - 1

TB per Server, Populate

all Available SFP+ Ports

(10G Multimode)

14. Backup &

Recovery

Solution with

Backup

Appliance/me

dia hardware2.

1

Total 40 TB Hardware

Usable, Software and

licenses for both sites

(DC& DR), Populate all


(10G Multimode) / 16G

FC

15. Server

Security for

Servers

300 Software (Antivirus &

HIPS)

16. Add-on

licensing of

existing

Microfocus

EMS (SM,

OBM,

UCMdb

SM=5

OBM

=30

UCMDb

=50

Software

17. Oracle

WebLogic

Server

Enterprise

Edition

(Processor;

Perpetual)

01 Middleware Webserver

for existing services

18.

Enterprise

Linux OS

As per

supplied

Comput

e Cores

/Sockets

Data Centre/ unlimited

VM Operating System

Licenses for server

of 36

22. Host

Intrusion

Prevention

System for

Servers

100 Software

23. Add-on

licensing of

existing

Microfocus

EMS (SM,

OBM,

UCMdb

SM=5

OBM=30

UCMDb

=50

Software

24. Migration/Im

plementation

of IPv6 on

both ICAR-

DC and

proposed

DRC

As per

SOW

Services

25. Implementati

on of DRC

and

Synchronizat

ion with DC

As per

bid

requirem

ent

Service

Note: The above items may be increase or decrease.

19. Open Source

Enterprise

Database

Subscription

01

Enterprise Edition (1-4

Socket Server)

MySQL Server (latest

version) for existing

services

20. Perpetual

Database 8 cores

Microsoft SQL Enterprise

Server (latest version) for

existing services

21. Oracle

Database

Enterprise

Edition

(Processor;

Perpetual)

02

Oracle Database

Enterprise Edition (latest

version) for existing

services

22. Migration/Im

plementation

of IPv6 on

both ICAR-

DC and

proposed

DRC

As per

SOW

Services

23. Implementati

on of DRC3

and

Synchronizati

on with DC

including DR

Drill once in

year

As per

bid

require

ment

Service

Note:

1.The items may be change as per solution requirement.

2. Refer Technical Specification at Item 2 of ANNEXURE-

II.A of addendum.

3. Items list from S. No. 1 to 17, Installation and

configuration at site must be completed by the respective

OEM.

14. 58 SECTION VI: TECHNICAL SPECIFICATIONS

A. Broad list of

proposed Items II. Non-IT Infrastructure

S.

No

.

Category No. Item S.

No

.

Category No. Item

1. Integrated 08 RACK, UPS,

of 36

1. Integrated

Smart Rack

Infrastructu

re

08 RACK, UPS,

Colling,

Electric Panel,

Fire System,

Alarm, CCTV,

Biometric etc.

2. Silent

Generator

Set

01 200KVA

3. Electrical As per

required

Lighting,

Switching etc.

4. Civil As per

required

As per

proposed

layout plan of

DRC.

5. Comfort

Colling

As per

requireme

nt

Should be

available in all

proposed

sitting

Note: The above is minimum at the site. Vender

has to ensure as per DRC layout.

Smart Rack

Infrastructure

Colling, Electric

Panel, Fire

System, Alarm,

CCTV,

Biometric etc.

2. Silent Diesel

Generator Set

01 200KVA

3. Passive cable

and

components

Lum-

sum

As per solution

requirement

4. Public Address

System 01

As per solution

requirement of

Data Centre.

5.

Access Control 05

All the doors of

DC, UPS and

NOC rooms

6.

Display 02

40” Display

/LED /TV for

NOC and CCTV

7. Electrical As per

propose

d layout

plan of

DRC

Adequate

Lighting,

Switching etc

8. Civil As per proposed

layout plan of

DRC.

9. Comfort

Colling

Should be

available in all

proposed sitting

area as per

proposed layout

plan of DRC.

10.

CCTV

Surveillance

DC, UPS, NOC

rooms, DG set

area should be

under CCTV

Surveillance.

Note: The above items are minimum at the site.

of 36

Vender has to ensure as per DRC layout.

15. 38 SECTION VI:

TECHNICAL

SPECIFICATIONS

2. Business

Objectives and

Requirement of the

Purchaser

iii. Supply, installation and setting up of the

multi-layer Physical Security infrastructure

like biometric/ Smart card etc. based access-

control system, CCTV/ surveillance systems.

iii. Supply, installation and setting up of the multi-

layer Physical Security infrastructure like

biometric/ Smart card etc. based access-control

system, CCTV/ surveillance systems. Ancillary

room to be covered under CCTV / ACS. Entrance

Door monitoring under CCTV. In by Proximity

reader / out by Push button for ACS.

16.

59

Section VI:

Technical

Specifications,

SPECIFICATIONS

AND

DESCRIPTION,

1. Application

Delivery

Controller/Load

Balancer (GLB, SLB

WAF), Clause No.

(B)-1

OEM should be present in Gartner's LEADER

magic quadrant in the latest ADC/WAF report

and should have OEM TAC based in INDIA.

OEM should be present in Gartner's LEADER

magic quadrant in the latest ADC/WAF report and

should provide India Toll free number to avail

TAC services

17.

60

Section VI:

Technical

Specifications,

SPECIFICATIONS

AND

DESCRIPTION,

1. Application

Delivery

Controller/Load

Balancer (GLB, SLB

WAF), Clause No.

(E)-13

The Server Load balancer should support the

Application Performance Monitoring feature

and should support the following: a) Real

user monitoring for any client with no agent

software. b) Centralized monitoring of

performance across Local and Datacenter. c)

Measurement of real users and their actual

transactions including errors – eliminating

manual scripting of synthetic transactions d)

Diagram allowing to visually see which

transactions breach SLA e) Breaking down

the measurements by specific application,

location or transaction f) Ability to see which

transactions were not completed due to errors.

The Server Load balancer should support the

Application Performance Monitoring feature and

should support the following:

a) Real user monitoring for any client with no

agent software.

b) Centralized monitoring of performance across

Local and Datacenter.

c) Measurement of real users and their actual

transactions including errors – eliminating manual

scripting of synthetic transactions

d) Breaking down the measurements by specific

application, location or transaction

e) Ability to see which transactions were not

completed due to errors.

18.

62

SECTION VI:

TECHNICAL

SPECIFICATIONS Perimeter Firewall

The platform must be supplied with at least

10x RJ45 interfaces, 10x 10G SFp+ from Day

one, and should have option to upgrade to 2 x

The platform must be supplied with at least 10 x

RJ45 interface, 10 x 10G SFP+ from Day one, and

should have option to upgrade to 2 x 40G or 2 x

of 36

40G and 2x100G ports in future. 100G ports in future.

19.

62

SECTION VI:

TECHNICAL


The Proposed solution must be filed

upgradable and must have option to upgrade

RAM in future.

The Proposed solution must have option to

upgrade the RAM in future, without changing the

Firewall Device.

20.

63

SECTION VI:

TECHNICAL


NGFW system should support virtual tunnel

interfaces to provision Route-Based IPSec

VPN

Clause Deleted

21.

65

SECTION VI:

TECHNICAL

SPECIFICATIONS Server-farm Firewall

Solution must allow admin to open support

tickets directly from management GUI from

Day one.

Clause Deleted

22.

65

SECTION VI:

TECHNICAL


Firewall should support minimum 10 Million

concurrent sessions

Firewall should support minimum 08 Million

concurrent sessions

23.

65

SECTION VI:

TECHNICAL


The proposed system shall be able to operate

on either Transparent (bridge) mode to

minimize interruption to existing network

infrastructure or NAT/Route mode. Both

modes can also be available concurrently

using Virtual Contexts.

The proposed solution should support Virtual

contexts minimum 5 Virtual Firewall license

should be provided.

24.

65

SECTION VI:

TECHNICAL


The Firewall & IPSEC VPN module shall

belong to product family which minimally

attain Internet Computer Security Association

(ICSA) Certification.

The Firewall & IPSEC VPN module shall belong

to product family which minimally attain Internet

Computer Security Association (ICSA)

Certification or equivalent.

25.

65

SECTION VI:

TECHNICAL


The proposed system should support

b) PPTP VPN

c) L2TP VPN

The proposed system should support PPTP, L2TP

or equivalent

26.

65

SECTION VI:

TECHNICAL


The device shall utilize inbuilt hardware VPN

acceleration:

The proposed solution should have

inbuilt/integrated hardware VPN acceleration.

27. 66

SECTION VI:

TECHNICAL Server-farm Firewall e) Supports Redundant gateway architecture Clause stand Deleted

of 36

SPECIFICATIONS

28.

66

SECTION VI:

TECHNICAL

SPECIFICATIONS Server-farm Firewall a) Route based IPSec tunnel

Route based or policy-based IPSec tunnel.

29.

66

SECTION VI:

TECHNICAL


The system shall support IPSEC site-to-site

VPN and remote user VPN in transparent

mode.

Clause stand Deleted

30.

66

SECTION VI:

TECHNICAL


In event if IPS should cease to function, it

will fail open by default and is configurable.

This means that crucial network traffic will

not be blocked and the Firewall will continue

to operate while the problem is resolved

In event if IPS should cease to function, It should

have configurable option for fail-open or fail-close

ensuring that crucial network traffic will not be

blocked and the Firewall will continue to operate

while the problem is resolved or similar function.

31.

66

SECTION VI:

TECHNICAL


IPS solution should have capability to protect

against Denial of Service (DoS) and DDoS

attacks. Should have flexibility to configure

threshold values for each of the Anomaly.

DoS and DDoS protection should be applied

and attacks stopped before firewall policy

look-ups.


32.

66

SECTION VI:

TECHNICAL


Firewall should have integrated Antivirus

solution

Firewall should have integrated Advance Malware

protection

33.

67

SECTION VI:

TECHNICAL


The proposed system should have integrated

Web Content Filtering solution without

external solution, devices or hardware

modules.

The proposed system should have Web Content

Filtering function.

34.

67

SECTION VI:

TECHNICAL


The proposed system shall be able to queries

a real time database of over 110 million +

rated websites categorized into 70+ unique

content categories.


35. 67

SECTION VI:

TECHNICAL Server-farm Firewall

The proposed system shall allow

administrator to prevent sensitive data from

The proposed system able be block and/or logged

of 36

SPECIFICATIONS leaving the network. Administrator shall be

able to define sensitive data patterns, and data

matching these patterns that will be blocked

and/or logged when passing through the unit.

when any file passing through the unit.

36.

68

SECTION V:

SCHEDULE OF

REQUIREMENTS

4. Network Intrusion

Prevention Solution

(IPS), point A1

NIPS solution should be centrally managed

with existing/additional component of

existing central manager

NIPS solution should be managed through locally

independently as well as dedicated central

management appliance for policy pushing and

administration

37. 68 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point A2

In case of any additional component/solution

all the policies and configurations should be

easily migrated to proposed solution in DC

and DR

38. 68 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point A3

Proposed NIPS in DR should have same

policies and configurations as of DC's to have

organization level security policy parity.

39. 68 SECTION V:

SCHEDULE OF

REQUIREMENTS 4. Network Intrusion

Prevention Solution

(IPS), point C 1

The NIPS solution should have the maximum

throughput of 10 Gbps

The NIPS solution should have minimum

throughput of 10 Gbps which should be scalable at

least 35 Gbps on same appliance having both

hardware and software-based bypass considering

internal issues i.e. memory hang, firmware crash

etc.

40. 68 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point C 3

The Appliance should support a minimum of

10,000,000 Concurrent Connections

The Appliance should support minimum of

10,000,000 Concurrent Connections/Sessions and

scalable at least 65,000,000 Concurrent

Connections/Sessions on same appliance.

41. 68 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point C 4


225,000 Connections per Second


2,25,000 Connections per Second which should

scalable up to 6,00,000 Connections per Second

on same appliance

42. 68 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point D 4

IPS appliance should provide advanced DoS

detection with "self-learning" for more

accurate and fewer false positives


detection having self-learning/Behaviour

based/Statistical/Filters based techniques for more


43. 68

SECTION V:

SCHEDULE OF


Prevention Solution

NIPS solution must support Threshold,

Vulnerability and exploit based Clause stand deleted

of 36

REQUIREMENTS (IPS), D.5 DOS/DDOS prevention.

44. 68 SECTION V:

SCHEDULE OF


Prevention Solution

(IPS), point D 6

NIPS should provide PDF Emulation

functionality i.e it should not only Allow

operators to filter PDF files but should also

provide Deep file analysis which can check

the JavaScript inside PDF and determine

whether its behavior would be malicious or

not. All without signatures.

NIPS should check the JavaScript inside PDF by

leveraging Predictive machine learning/PDF

emulation/Advanced malware engines to check its

malicious behavior

45. 69 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point D 8

NIPS should use stateful detection and

prevention techniques and provide zero-day

protection against worms, Trojans, spyware,

keyloggers, and other malware from

penetrating the network.

NIPS should use detection and prevention

techniques and provide zero-day protection against

worms, Trojans, spyware, keyloggers, and other

malware from penetrating the network.

46. 69 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point E 3

The solution must support outbound SSL

traffic inspection.

The solution must support SSL traffic inspection

having traffic shaping capability

47. 69 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point E 4

The IPS inspected throughput should be at

least 10 Gbps with SSL Decryption with at

least 10% SSL Traffic; 5 Gbps for only SSL

traffic and min 8 Gbps for SSL mix traffic.

The IPS inspected throughput should support

intercept SSL traffic.

48. 69 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point E 7

The proposed solution should provide full

support for ECDHE “Elliptic-curve Diffie-

Hellman” while significantly increasing the

speed and efficiency of supporting IBSSL

connections and keys

The proposed solution should provide full support

for ECDHE “Elliptic-curve Diffie-Hellman”

49. 69 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point E 8

The Proposed solution should fully support

full IPS inspection for workloads in both

AWS and Azure

Clause stand deleted

50. 69 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point E 9

The IPS Appliance should have the capability

to create virtual IPS systems Clause stand deleted

51. 69 SECTION V:

SCHEDULE OF


Prevention Solution

The IPS Solution should support Anti-

malware protection from new threats based

The IPS Solution should support Anti-malware

protection from new threats by integration with

of 36

REQUIREMENTS (IPS), point E 1 on Cloud-based intelligence or must have

integration with APT solution on premise.

APT solution on premise.

52. 70 SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point E 23

The NIPS solution should provide signature

less defense through advance sandboxing

solution which inspects suspicious files and

analyses its behaviour (dynamic code

analysis). It is even able to look at non-

executing portions of code (static code

analysis) to give the industry’s deepest

analysis of files. The proposed sandboxing

solution should be appliance based on-

premise solution.

The IPS Solution should support Anti-malware

protection from unknown/Zero day threats based

on integration with APT solution on premise.

The NIPS solution should provide signature less

defense through advance sandboxing solution

which inspects suspicious files and analyses its

behaviour

The proposed solution should have

onbox/integrated 15 Virtual analyzers/Sandbox

images scalable up to 60 Virtual analyzers

/Sandbox images on same appliance having

customized environment and should support all

available Windows and Mac operating systems.

NIPS should have seamless integration with

sandboxing solution having common dashboard.

53. 70 SECTION V:

SCHEDULE OF


Prevention Solution

(IPS), point F 3

The NIPS solution should provide the

following kind of various reports such as : -

IPS Configuration Summary Report - Other

NIPS Integration Summary Report - Device

Summary Report - IPS Policy Assignment

Report - Attack Set Profile Report

The NIPS should have rich reporting capabilities

include report for All attacks, Specific & Top N

attack, Source, Destination, Misuse and Abuse

report, Rate limiting report, Traffic Threshold

report, Device Traffic Statistics and Advance

DDoS report

54. 69 SECTION V:

SCHEDULE OF


Prevention Solution

(IPS), point 9

The NIPS should be capable of accurately

detecting intrusion attempts and discern

between the various types and risk levels,

including unauthorized access attempts, pre-

attack probes, suspicious activity,

vulnerability exploitation, Dos, DDoS, brute

force, hybrids and zero-day attacks

Accurately detects intrusion attempts, suspicious

activity, DoS, DDoS, vulnerability exploitation

and zero-day attacks.

55.

70

SECTION V:

SCHEDULE OF


Prevention Solution

(IPS), point 19

The NIPS solution should provide the ability

to quarantine and remediate specific internal

host which is believed to be compromised.

The NIPS solution should provide the ability to

quarantine and remediate malicious traffic

of 36

REQUIREMENTS

56.

69

SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point 15

NIPS Solution should provide generic BOT

signature to detect any new BOT coming to

the network. NIPS Vendor should provide a

list of known Command and Control servers

which it updates periodically

NIPS Solution should provide generic BOT

signature to detect any new BOT coming to the

network which known Command and Control

servers should be updated periodically

57.

69

SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), point 14

NIPS Solution should protect against both

Exploit and Volume based DOS. It should

have self-learning, threshold and exploit DOS

signatures to protect against DOS attacks


detection having self-learning/Behaviour

based/Statistical/Filters based techniques for more


58.

69

SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), D.14

NIPS solution should provide Application

identification, User identification, Device

identification capabilities


59.

69

SECTION V:

SCHEDULE OF

REQUIREMENTS


Prevention Solution

(IPS), E.5

The Proposed solution should provide full

snort support with feature to

support PCRE “Perl Compatible Regular

Expressions” also.


60. 70 SECTION V:

SCHEDULE OF


Prevention Solution

(IPS), point F 3


following kind of various reports such as : -

IPS Configuration Summary Report - Other

NIPS Integration Summary Report - Device

Summary Report - IPS Policy Assignment

Report - Attack Set Profile Report

The NIPS should have rich reporting capabilities

include report for All attacks, Specific & Top N

attack, Source, Destination, Misuse and Abuse

report, Rate limiting report, Traffic Threshold

report, Device Traffic Statistics and Advance

DDoS report

61.

70

SECTION V:

SCHEDULE OF


Prevention Solution

(IPS), F.5


following types of Security Policies:

• IPS policies

• Firewall policies

• Reconnaissance policies

• QoS policies

• Advanced Malware policies

• Connection Limiting policies

• Inspection Options policies

The NIPS solution should provide the following

types of Security Policies:

• IPS policies

• Traffic Shaping policies/QoS

• Advanced Malware policies

• Inspection Options policies

62. 71 SECTION V: 4. Network Intrusion Should support Stateful Active/Passive and Should support Active/Passive or Active/Active

of 36

SCHEDULE OF

REQUIREMENTS

Prevention Solution

(IPS), G.1

Active/Active for the NIPS

appliance, the HA should be out of the box

solution and should not require any third

party or additional software for the same.

for the NIPS appliance and should not require any

third party or additional software for the same.

63.

71

SECTION VI:

TECHNICAL

SPECIFICATIONS

5.a.1.ii - Fabric

Architecture

DC Fabric should be based on standards based

VXLAN and EVPN or equivalent

Protocol/mechanism


64.

71

SECTION VI:

TECHNICAL

SPECIFICATIONS

5.a.2.i - Fabric

Architecture

DC Fabric architecture must support

integrated Routing and Bridging at the leaf

layer


65.

71

SECTION VI:

TECHNICAL

SPECIFICATIONS 5.a.2.iii - Fabric

Architecture

The fabric architecture must be based on

hardware VXLAN overlays to provide logical

topologies that are abstracted from the

physical infrastructure with no performance

degradation.


66. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS

5. Network

Switching

a. Fabric

Architecture

iv. Fabric VXLAN Controller/Fabric switches

must support integration via Open Vswitch

Data Base protocol (OVSDB) with 3rd party

Controllers supporting OVSDB and HW L2

gateways. Fabric / All fabric switches should

be licensed to provide this functionality.

The solution must support open API integration

with north bound orchestrators and controllers.

Fabric / All fabric switches should be licensed to

provide this functionality.

67. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS

5. Network

Switching

a. Fabric

Architecture

vi. Centralised management appliance or

VXLAN Fabric Controller must run in "N +

2" redundancy

Centralised management appliance or VXLAN

Fabric Controller must run in "N + 2" / "N+1"

redundancy.

68. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.a.3.iii - Fabric

Architecture

Fabric VXLAN Controller shall have ability

to automate VXLAN control plane. Clause stand deleted

69. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.a.3.v - Fabric

Architecture

Fabric VXLAN controller must provide out-of-

box/seamless integration with best of breed

Physical and virtual firewall appliances


70. 72 SECTION VI: 5.a.3.i - Fabric VXLAN based controller shall provide Fabric controller shall provide topology information

of 36

TECHNICAL

SPECIFICATIONS

Architecture topology information of the fabric of the fabric"

71. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS 5.a.4.i - Fabric

Architecture

Fabric should support Telemerty function

where in it should receieve telemerty

information from all the network components

including all switches.


72. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS 5.a.4.iv - Fabric

Architecture

Telemerty should provide deeper visibility in

terms of providing time line based view of the

all the control plane data of the DC switching

fabric like MAC address table, VXLAN

mappings , Routing tables OR should provide

time line based view of data plane/inband

telemetry across all switches.


73. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.a.4.v - Fabric

Architecture

All Switches shall have licence for streaming

telemetry information from day 1. Clause stand deleted

74. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.a.4.vi - Fabric

Architecture

Telemerty software shall be licensed to

receieve telemerty information from all

switches.


75. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.a.4.vii - Fabric

Architecture

Telemerty solution and switch OEM should be

the same in order to provide seamless

integration.


76. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS 5.a.4.viii - Fabric

Architecture

Telemerty feature in the qouted soluion should

be in "General avilability state" since atleast 1

year to avoid initial product teething issues. No

preview / beta versions are to be qouted.


77. 72 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.a.5.ii - Fabric

Architecture

All the switches, Optics, Telemetry solution

should be from the same OEM All the switches and Optics should be from the

same OEM

78. 73 SECTION VI:

TECHNICAL Core Switching

8. The switch must support at least 350 mac

addresses

The switch must support minimum of 90000 MAC

addresses support

of 36

SPECIFICATIONS

79. 74 SECTION VI:

TECHNICAL

SPECIFICATIONS

Core Switching

43. Switch should support GRE encapsulation

from day 1 and GRE within VRFs should also

be supported

Switch should support GRE encapsulation from day

1.

80. 75 SECTION VI:

TECHNICAL

SPECIFICATIONS Core Switch

Telemetry software and switch OEM should be

the same. Telemetry feature in quoted product

should be in "General availability" state since

at least 1 year and no preview / beta software

features are to quoted


81. 75 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.b.H.74 Core

Switch

Shall Support IEEE 802.3ab 1000BASE-T Clause stand deleted

82. 75 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.b.H.75 Core

Switch

Shall Support IEEE 802.3z Gigabit Ethernet Clause stand deleted

83. 75 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.b.H.76 Core

Switch

Shall Support IEEE 802.3ae 10 Gigabit

Ethernet


84. 75 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.b.K.81 Core

Switch

Switch shall support all devops tools like

Ansible, Chef, Puppet and license for the same

should be provided from day1


85. 75 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.b.K.82 Core

Switch

Switch shall have all the license enable for

integrating with VXLAN based controller from

day 1. Bidder needs to provide the SKU of

license in compliance.


86. 75 SECTION VI:

TECHNICAL

SPECIFICATIONS 5.b.L.85 Core Switch

Switch shall have licence for streaming

telemetry information from day 1 . Bidder

needs to make sure to provide the SKU licence

as part of the compliance sheet.


87. 75 SECTION VI:

TECHNICAL


Bidder shall provide the sofware to consume

and provide access to the telemerty

information sent by the switches. The software

should be licesned for all the qouted Leaf and

spine switches, for a period of 5 years at a

minimum.


of 36

88. 75 SECTION VI:

TECHNICAL


Telemerty software and switch OEM should be

the same. Telemerty feature in qouted product

should be in "Genereal availability" state since

atleast 1 year and no preview / beta softwares

features are to qouted


89. 75 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.b.L.88 Core Switch









90. 75 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.b.L.89 Core Switch

Switch should have capability to run Docker

container on switch.


91. 76 SECTION VI:

TECHNICAL

SPECIFICATIONS

Server Farm Switch

Fiber

8. The switch must support at least 350 mac

addresses

The switch must support minimum of 90000 MAC

addresses support.

92. 76 SECTION VI:

TECHNICAL

SPECIFICATIONS

Server Farm Switch

Fiber

Switch shall support for different logical

interface types like: Loopback, VLAN, SVI,

Port Channel/LAG, Multi chassis port channel

Switch shall support for different logical interface

types like: Loopback, VLAN, SVI or equivalent,


93. 76 SECTION VI:

TECHNICAL

SPECIFICATIONS

Server Farm Switch

Fiber

38.Switch should support GRE encapsulation


be supported

Switch should support GRE encapsulation from day

1.

94. 77 SECTION VI:

TECHNICAL

SPECIFICATIONS Server Farm Switch

Fiber

Shall support active/active layer-2 topology

without STP where host are dual homed to

switch using vPC or MLAG

Clause should be Read as:

"Shall support active/active layer-2 topology

without STP where host are dual homed to switch

using vPC or MLAG or equivalent"

95. 77 SECTION VI:

TECHNICAL

SPECIFICATIONS

Server Farm Switch

Fiber

Switch should support 64 path L3 ECMP Clause should be Read as:

"Switch should support 8 path L3 ECMP"

96. 78 SECTION VI:

TECHNICAL

SPECIFICATIONS

Server Farm Switch

Fiber





of 36

at least 1 year and no preview / beta software


97. 78 SECTION VI:

TECHNICAL

SPECIFICATIONS

5.c.K.76 Server Farm

Fiber Switch





98. 78 SECTION VI:

TECHNICAL

SPECIFICATIONS


Fiber Switch






99. 78 SECTION VI:

TECHNICAL

SPECIFICATIONS


Fiber Switch






100. 78 SECTION VI:

TECHNICAL

SPECIFICATIONS 5.c.K.81 Server Farm

Fiber Switch






minimum.


101. 78 SECTION VI:

TECHNICAL


Fiber Switch







102. 78 SECTION VI:

TECHNICAL


Fiber Switch









103. 78 SECTION VI:

TECHNICAL

SPECIFICATIONS


Fiber Switch


container on switch. Clause stand deleted

104. 79 SECTION VI: WAN & Access 8. The switch must support at least 350 mac The switch must support minimum of 90000 MAC

of 36

TECHNICAL

SPECIFICATIONS

Switch Copper addresses addresses support.

105. 79 SECTION VI:

TECHNICAL

SPECIFICATIONS

WAN & Access

Switch Copper

Switch shall support for different logical

interface types like: Loopback, VLAN, SVI,


Switch shall support for different logical interface

types like: Loopback, VLAN, SVI or equivalent,

Port Channel/LAG, Multi chassis port channel.

106. 79 SECTION VI:

TECHNICAL

SPECIFICATIONS

WAN & Access

Switch Copper

Switch shall support minimum VOQ (Virtual

Output Queuing) buffer of 1.5Gb for optimal

performance

Switch shall support minimum VOQ (Virtual

Output Queuing) buffer of 70Mb for optimal

performance

107. 79 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper. 6

The switch must support 1 Million IPv4 routes

The switch should support 32k IPv4 routes

108. 79 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper.7

The switch must support atleast 1 million IPv6

routes The switch should support at least 16k IPv6 routes.

109. 79 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .16

Switch must support and bidder must qoute

licenses from day 1 for the below listed

features:

a] BGP

b] OSPF

c] ISIS

d] PIM SM, SSM

e] PIM SSM v6

f] MLDv2

g] DCI technologies like MPLS/OTV and

VXLAN

Switch should support for the below listed features.

Compliance for the same is to be submitted.

a] BGP

b] OSPF

c] ISIS

d] PIM SM, SSM

110. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

WAN & Access

Switch Copper

Shall support active/active layer-2 topology

without STP where host are dual homed to

switch using vPC or MLAG

Shall support active/active layer-2 topology without

STP where host are dual homed to switch using

vPC or MLAG or equivalent

111. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

WAN & Access

Switch Copper

Switch should support 64 path L3 ECMP

Switch should support 8 path L3 ECMP

112. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

WAN & Access

Switch Copper

38. Switch should support GRE encapsulation


be supported


of 36

113. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

WAN & Access

Switch Copper

Switch should support Multicast Only Fast Re-

route (MoFRR) for fast multicast convergence


114. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .36

Switch shall support EVPN control plane Clause stand Deleted

115. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .37

Shall support VXLAN from day 1 Clause should be Read as: "Shall support

VXLAN/OTV from day 1"

116. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .40

Shall be VXLAN ready from day 1. Clause should be Read as: "Shall be VXLAN/OTV

ready from day 1."

117. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .41

Switch shall support VXLAN routing and

bridging on day 1 and there should be no

limitation with LAG


118. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .45

VXLAN routing and switching must also be

supported in non default VRFs for

multitenancy


119. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .46

Switches shall support routing between

different VXLANs from day 1


120. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .50

Switch shall support for different type of QoS

features for real time traffic differential

treatment using:


121. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .51

Strict Priority Queuing Clause stand Deleted

122. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .52

Weighted Random Early Detection (WRED) Clause stand Deleted

123. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .42

Switch should support MPLS L3 VPNs from

day 1


124. 80 SECTION VI:

TECHNICAL

5d - WAN & Access

Switch Copper .43

Switch should support PBR (Policy based

routing)


of 36

SPECIFICATIONS

125. 80 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .44

Switch should support Label Distribution

Protocol (LDP)


126. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS WAN & Access

Switch Copper




at least 1 year and no preview / beta softwares



127. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .54 Switch should support Unicast RFP from day 1


128. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .61

Switch shall support central time server

synchronization using Network Time Protocol

and PTP (Precession Time Protocol)


129. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .73

Switch shall support NTPv4 and PTP

(Precession Time Protocol)

Clause should be Read as: "Switch shall support

NTPv4 / PTP (Precession Time Protocol)"

130. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .76





131. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .77






132. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .80






133. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS 5d - WAN & Access

Switch Copper .81






minimum.


of 36

134. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS 5d - WAN & Access

Switch Copper .83









135. 81 SECTION VI:

TECHNICAL

SPECIFICATIONS

5d - WAN & Access

Switch Copper .84




136. 84 SECTION VI:

TECHNICAL

SPECIFICATIONS

5e - Management

Switch .2

a. 48 x 100Mb/1G RJ 45 ports

Clause should be Read as: "a. 48 x 1G RJ 45 ports"

137. 84 SECTION VI:

TECHNICAL

SPECIFICATIONS

5e - Management

Switch .14 Quad Core x86 CPU


138. 84 SECTION VI:

TECHNICAL

SPECIFICATIONS

5e - Management

Switch .13




139. 84 SECTION VI:

TECHNICAL

SPECIFICATIONS

5e - Management

Switch .63

Switch should support Software Defined

Networking without change of hardware after

adding appropriate licence only.


140. 84 SECTION VI:

TECHNICAL

SPECIFICATIONS

5e - Management

Switch .64






141. 84 SECTION VI:

TECHNICAL

SPECIFICATIONS 5e - Management

Switch .65






minimum.


142. 84 SECTION VI:

TECHNICAL

SPECIFICATIONS

5e - Management

Switch .66





of 36



143. 84 SECTION VI:

TECHNICAL

SPECIFICATIONS 5e - Management

Switch .67









144.

84-

86

SECTION VI:

TECHNICAL

SPECIFICATIONS

6. Security Incident

and Event

Management

Solution (SIEM)

Security Incident and

Event Management

Solution (SIEM)


145.

87

SECTION V:

SCHEDULE OF

REQUIREMENTS

7. Server Security &

HIPS, A.1, A.2 and

A.3

A1. Server Security solution should be

centrally managed with existing component

of existing central manager.

All organizational level security policies should be

inforce using central management platform which

should support windows and Linux OS having

automatic recommendations against existing

vulnerabilities, dynamically tuning IDS/IPS

sensors to provide automatic recommendation of

removing assigned policies if vulnerability no

longer exists

A2. In case of any additional

component/solution all the policies and

configurations should be easily migrated to

proposed solution in DC and DR

A3. Proposed solution in DR should have

same policies and configurations as of DC's

to have organization level security policy

parity.

146.

87

SECTION V:

SCHEDULE OF

REQUIREMENTS


HIPS, A.18

The offered product series or its operating

system series may have achieved EAL

(Evaluation Assurance Level) Certification of

EAL2 or higher in the Common Criteria.

The offered product series achieved EAL

(Evaluation Assurance Level) Certification of

EAL4 or higher in the Common Criteria and FIPS

140-2 validated

147. 88

SECTION V:

SCHEDULE OF


HIPS - C.1

For the ICAR-DC System, DC servers within

DMZ should be enabled with HIPS. The

For the ICAR-DC System, DC servers within

DMZ should be enabled with HIPS. The solution

of 36

REQUIREMENTS solution should offer HIPS integrity control

functionality to authorised application and

change control on critical systems as a single

solution.

should offer HIPS integrity monitoring

functionality

148.

88

SECTION V:

SCHEDULE OF

REQUIREMENTS 7. Server Security &

HIPS,) - C.12

The HIPS solution should support real-time

change tracking audit log. It should include

file, user, program name and contents that

have changed.

The proposed Solution should support stateful

Inspection Firewall, Anti-Malware, Deep Packet

Inspection with HIPS, Integrity Monitoring,

Application Control, and Recommended scan in

single module with agentless and agent

capabilities

149.

88

SECTION V:

SCHEDULE OF

REQUIREMENTS 7. Server Security &

HIPS, – C.11

The HIPS solution should provide at least the

following control detection on files, registry,

applications services – a. Create b. Modify c.

Change Permission d. Read e. Read / Write f.

Delete

Should provide automatic recommendations

against existing vulnerabilities, dynamically

tuning IDS/IPS sensors and provide automatic

recommendation of removing assigned policies if

vulnerability no longer exists

150.

88

SECTION V:

SCHEDULE OF

REQUIREMENTS


HIPS, – C.13

The HIPS solution in the event of

unauthorized file change, should report on

what changes have been made, who made the

changes, how the changes were made and

when they did the changes.

Monitors critical operating system and application

files, such as directories, registry keys, and values,

to detect and report malicious and unexpected

changes in real time

151.

88

SECTION V:

SCHEDULE OF

REQUIREMENTS


HIPS, – C.15

The HIPS solution should prevent the

tampering of application on the hard disk and

in the memory.

Proposed solution should provide temper

protection

152. 88 SECTION VI:

TECHNICAL

SPECIFICATIONS Hyper Converge

Infrastructure clause

no. 1

CPU Cores - 640, RAM - 4096 GB, Storage-

280TB. The above are useable resources,

bidder has to ensure and provision the extra

resources for compression, deduplication and

itself operations.

Minimum 12 nodes having CPU Cores - 480, RAM

- 3072 GB, Storage- 280TB. The above resources

are derived assuming 10% overheads on CPU and

Memory. If more than 10% overheads are required

for the solution, the same must be configured in the

solution to ensuring useable resources.

153. SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 2

The proposed solution should be in leader’s

quadrant by latest Gartner Report for

Hyperconverged Infrastructure

The proposed solution should be in leader’s

quadrant by latest Gartner Report for

Hyperconverged Infrastructure. Proposed HCI

Nodes should support Hardware root of trust

of 36

154. 89 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 13

The proposed solution must have capability to

support all industry drives available

(NVMe/SSD & SAS/SATA)


support available NVMe/SSD/SAS/SATA drives

155. 89 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 14

The proposed solution should support

deduplication & Compression and Erasure

Coding across specific workload and across all

tier of storage disks and shall have the

capability to assign deduplication and

compression at volume/container level

selectively for better storage and performance

management.

The proposed solution should support deduplication

& Compression and erasure coding across specific

workload for proposed HCI Solution for better

efficiency. Compression, deduplication and Erasure

coding must not be factored while configuring the

required usable capacity across HCI cluster. The

proposed each node of HCI should provide at least

25000 IOPS based on 4-8KB block size providing

<5ms response time.

156. 89 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 15

The proposed solution independently scales

storage and compute as and when needed

without any downtime and shall support 2

node failure.

The proposed solution should able to independently

scale storage and compute as and when needed

without any downtime and shall support 2 nodes

failure as well.

157. 90 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 16


support HCI nodes with different models

(same OEM)/different CPU & Memory/Disks

configurations in the same cluster without any

impact on enterprise-class storage services/

functionalities. Shall also allow mixing of

hybrid as well as All Flash nodes in the same

cluster.

The proposed solution should support archival data

to be kept high on SAS/NLSAS disks and in less on

SSD nodes without compromising any of enterprise

storage functionalities and it should co-exist with

supplied cluster nodes

158. 90 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 18

The proposed HCI solution should support at

least two or more enterprise level SSD's for

caching as well as for capacity for workload.

The Proposed solution should support redundancy

with minimum two caching SSD's at caching layer.

159. 90 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 22

The proposed HCI solution must provide

operations management and provide

performance, storage, CPU utilization per VM

The proposed HCI solution must provide operations

management and provide performance, storage,

CPU utilization per VM/Node

160. 90 SECTION VI:

TECHNICAL

SPECIFICATIONS

HCI- SDN clause No

29

proposed solution must leverage virtualized

network functions from third-party software

(eg. virtual firewalls, load balancers, threat

detection, and application performance

monitoring etc.), which can be inserted in-line

The proposed solution support integration with

virtual firewall, load balancers, Threat detection,

application performance monitoring etc. using API.

of 36

or in tap-mode with VM traffic, and can be

easily enabled for all traffic, or deployed only

for specific network traffic.

161. 90 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 34

The platform should have support for rack

/chassis awareness to support redundant data

should go to different rack/chassis nodes

The platform should have support for rack /chassis

awareness and should support redundant data

intelligent placement at different rack/chassis/nodes

162. 90 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 35

The proposed HCI must support connectivity

(HCI Storage extension) to 3rd party bare

metal servers along with load balanced and

distributed architecture across all available

nodes in cluster (for optimized DB licensing

on physical servers) to HCI storage cluster &

use the cluster capacity like a iSCSI, NFS

target.

The Proposed HCI solution must provide support to

connect bare metal physical servers to HCI Storage

using iSCSI in highly available data fabric and

should leverage HCI data distribution load balanced

architecture.

163. 91 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 36

The proposed HCI should support native

(without any third-party software) File

Services over NFS/CIFS/SMB and file

replication across clusters and data centers

The proposed HCI should support File Services

over NFS/CIFS/SMB and file replication across

clusters and data centers using one management

console for management ease for HCI and File

server operations

164. 91 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 39

The Solution should to analytics on capacity

behavior and should have capability of

showing all under and over utilized VM's with

their right sizing information.

The Solution should support analytics on capacity

behavior and should have capability of showing all

under and over utilized VM's with their right sizing

information

165. 91 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 40

The Solution should be capable of creating

custom dashboard with reporting as per

customer ease and requirements, Solution

should be able to scan/search objects with

advanced search option for faster access to

require information for trouble shooting.

Proposed solution should support ease of

management by creating department wise

dashboard with custom object monitoring with

quick search and customizing reporting options to

monitor entire infra efficiently.

166. 91 SECTION VI:

TECHNICAL

SPECIFICATIONS

CMP Clause 41 The solution should have catalogue of private

as well as public cloud services, and should

support self-service provisioning capabilities

The solution should have OS+Application

catalogue which support provisioning within ICAR

Datacneter and if require public cloud services

provider (Govt. Approved Public Cloud Providers

with all necessary India Data Security Certifications

of 36

) and should support self-service provisioning

capabilities from a single portal.

167. 91 SECTION VI:

TECHNICAL

SPECIFICATIONS

CMP Clause 41 Central administrator must be able to

manage/control the marketplace view for the

tenants. Any authorised user must be able to

deploy the application using the published

blueprint in his application marketplace

Central administrator must be able to

manage/control the services of the tenants. Any

authorised user must be able to deploy the

application using the published blueprint in his

application catalogue and solution should have

capabilities to upload user's cataglogue to central

place (Like MarketPlace) to be referenced by other

departments if require access given to leverage it

for better manageability. Blueprint should be able

to span across multiple clusters (in premises and

leading public cloud providers)

168. 92 SECTION VI:

TECHNICAL

SPECIFICATIONS

CMP Clause 60 Capabilities to automate and distribute

reporting Clause stand deleted

169. 92 SECTION VI:

TECHNICAL

SPECIFICATIONS

Hyper Converge


no. 67

The proposed HCI solution should support

data at rest encryption with/without any

specialized hardware. If any external

hardware/software/server is needed to

accomplish data at rest encryption, the same

must be included in the offered solution from

day 1

Proposed solution should support DATA at Rest

Encryption. All hardware/Software require

components should be factor along with solution

170. 93 SECTION VI:

TECHNICAL

SPECIFICATIONS

9. Backup and

Recovery Solution.

Clause 1

The proposed solution should have total

minimum of 40TB useable backup storage

with backup and recovery solution of whole

VMs/instances/physical servers/DBs of both

sites (DC & DR). The storage

appliance/hardware should have scalability to

cater future backup requirement within

appliances /media servers.

The proposed solution should have 40 TB Useable

backup target storage on DC site and 40 TB Usable

backup target storage on DR site to be supplied.

Software licenses to be supplied for 200 instances

(135 Virtual machines and rest are physical servers)

on primary site and 100 instances (100 Virtual

machines) on DR site. The storage

appliance/hardware should have scalability to cater

future backup requirement within appliances /media

servers.

171. 93 SECTION VI: 9. Backup and Backup software should provide Recovery of Backup software should provide Recovery of

of 36

TECHNICAL

SPECIFICATIONS

Recovery Solution.

Clause 8

Application Items, File, Folder and Complete

VM recovery capabilities from the image level

backup within 15Mins RTO.

Application Items, File, Folder and Complete VM

recovery capabilities from the image level backup

within RTO of 15 mins for 200 GB of Data from

Backup storage and RPO of 24 hrs - Backup of data

at least once in 24 hours.

172. 96 SECTION VI:

TECHNICAL

SPECIFICATIONS

ii. Integrated Smart

Rack Infrastructure

Integrated Rack Data Centre Solution suitable

for 60 KVA IT load distributed in 8 Server

Racks & 2 Network Racks Integrated with

Suitable redundant Cooling units, Fire

detection & Suppression and Monitoring

system.

Integrated Rack Data Centre Solution suitable for

60 KVA IT load distributed in total 8 Racks (6

Server Racks & 2 Network Racks) Integrated with

Suitable redundant Cooling units.

173. 96 SECTION VI:

TECHNICAL

SPECIFICATIONS


Rack Infrastructure

6.Fire Detection and

Suppression System

Integrated rack solution should have integrated

fire detection, VESDA system and suppression

system.

Integrated rack solution should have integrated fire

detection, VESDA system and suppression system.

UL Approved NOVAC 1230 Room Flooding FSS

for the UPS Room.

174. 97 SECTION VI:

TECHNICAL

SPECIFICATIONS


Rack Infrastructure

viii. Biometric access control system for

integrated rack infrastructure front doors.

viii. Biometric access control system for main

server room, NOC room, UPS room and integrated

rack infrastructure front doors.

175. 98 SECTION VI:

TECHNICAL

SPECIFICATIONS


Rack Infrastructure

7.i Biometric access control system shall be

deployed for access of integrated rack

infrastructure to authorized persons only.

7.i Biometric access control system shall be

deployed for access of main server room, NOC

room, UPS room integrated rack infrastructure to

authorized persons only.

176. 99 SECTION VI:

TECHNICAL

SPECIFICATIONS

Modular UPS

i. Capacity (in kVA /

kW)

b) Modular & Scalable UPS with hot

swappable Power Module of 30 kVA /30kW

b). Modular & Scalable UPS with hot swappable

Power Module of 20 Kw/25kW/30 kVA

/30kW/50kW having minimum 150 kVA Frame

capacity.

177. 100 SECTION VI:

TECHNICAL

SPECIFICATIONS

Modular UPS

iii. Technology and

capability

i.UPS should be with Inbuilt switches for

Input, Output, Static Bypass and Maint.

Bypass

i.UPS should have fast acting Semiconductore fuses

for protections & Isolators for Input, Output, Static

Bypass and Maint. Bypass.

178. 100 SECTION VI:

TECHNICAL

SPECIFICATIONS

Modular UPS

vi. Input

Input Voltage Range: 304 - 477 V AC (On Full

Load)

Input Voltage Range: 340 - 460V AC (On Full

Load)

New added item

179. SECTION VI:

TECHNICAL

Non-IT

Infrastructure

Storage Refer Technical Specification Item No. 1 (Storage)

of ANNEXURE-II.A of the Addendum

of 36

SPECIFICATIONS

180. SECTION VI:

TECHNICAL

SPECIFICATIONS

Non-IT

Passive fiber cable and components Refer Technical Specification Item No. 2 (Passive

cable and components) of ANNEXURE-II.A of the Addendum

of 36

ANNEXURE-II.A

1. Storage

Sr. No Features Specifications

1 Storage Controller The Storage System must have a dual controller configuration running in an active-active mode configured as a 2-Way

Cluster with automatic failover capabilities in case of one controller failure.

2 Controller Cache

Requirements

The system should be configured with 16 GB cache across the two controllers with an ability to protect data on cache. In

the event of unplanned power failure, data in the cache should be safely de-staged to the disks to protect data from loss.

3 Storage system should support add on SSD based cache up to 4TB.

4 Capacity Storage should be configured with 40 TB usable capacity with RAID level 6 using NLSAS drive of 6 TB or less.

5 Raid Level Support The storage system should support raid levels 0,1,5,6,10 and option for distributed dynamic raid for faster rebuild

6 Host Interface Support

The Storage System should support for FC & iSCSI Host Connectivity Protocols. The Storage System shall be configured

with minimum of 4 no. of universal ISCSI ports that can be used as 1G/10G iSCSI. The storage system shall be able to

support choice of additional 4 no. of 16G FC/10G iSCSI/12Gb SAS host ports.

7 Drive Technology

Support

The Storage System should have support for SSD, 10K SAS and 7.2K NL-SAS Drives. Disk Drives should be available

in line with the industry standards. The Storage System shall support a mix & match of different drive types in the same

storage.

8 Storage Capacity The storage system should be capable to scale up to 96 drives and at least 1 PB of capacity.

9

Storage Built In

Functionality

The Storage System shall have the ability to expand LUNS/Volumes on the storage online and instantly

10

The storage shall have the ability to create logical volumes without physical capacity being available (Thin Provisioned)

or in other words system should allow over-provisioning of the capacity. The feature should be made available for

the maximum supported capacity

11

The Storage System should be configured with the Capability to support creation of instantaneous or Point In Time

Snapshot copies of volumes and also creation of full copy clones. The Copy feature needs to support incremental, thin-

provisioned and reverse copy operations.

of 36

12

The Storage System shall have the capability to support global SSD caching to automatically manage Hot Spots in the

system. The feature should automatically detect and cache frequently access data across controllers on lobal SSD cache to

improve the performance of random read workloads.

13 The Storage System Should provide support for host multi-pathing drivers

14

Additional Advanced

Software Features

Supported

The Storage System shall support Synchronous & Asynchronous Replication for DR Strategy.

15 The storage system should support non-disruptive dynamic expansion of configured raid.

16 Storage system should support adjustable cache block size to align the cache with target application.

17 Storage system should be capable of automatically adjusting volume controller ownership to correct any load imbalance

issues when workloads shift across the controllers

18 Management

Easy to use GUI based and web enabled administration interface for configuration, storage management.

19 The GUI interface should be able to provide real time system performance data like IOPS, Bandwidth and response time.

20 OS Support Support for industry-leading Operating System platforms including: LINUX , Microsoft Windows etc.

21 Built in Redundancy The system shall support Fully Redundant & Hot Swappable Fans & Power Supplies. There shall be support for Non-

Disruptive Microcode Update & Non-Disruptive Parts Replacement

2. Passive fiber Cable and Components

PART

1 TECHNICAL SPECIFICATION FOR PASSIVE FIBER CABLE AND COMPONENTS

S. No General Passive Specifications

1 All Copper cable and components should be from the same OEM. The OEM should submit ISO certificate for the manufacturing facilities related

to all products to be used in this solution.

2 All Passive Components should be RoHS (Restriction of Certain Hazardous Substances) compliant. Declaration to be provided for RoHS

Compliance

3 There should be 25-year extended performance warranty/Application Assurance for end -to-end channel.

of 36

4 All the components should comply with their respective specifications stated below.

5 ETL/3P certificates should be present on respective Lab website for all Copper Components (Part-2)

PART

2 Passive Specs for Ca 6A cables and components

1 Cat 6A , 4 Pair Shielded S/FTP Cable

1.1 Cable Should be Cat 6A S/FTP or higher

1.2 Conductor Size : 23 AWG

1.3 Each pair enclosed in Aluminum foil with overall braided screen

1.4 Sheath Type: Flame retardant and Low Smoke Zero Halogen (LSZH). ETL/3P certificate to be submitted along with bid

1.5 Cable shall be UL listed

2 Shielded Cat 6A INFORMATION OUTLET

2.1 Should support minimum frequency of 500 MHZ

2.2 material Should be nickel plated zinc die cast

2.3 Should provide 10Gbast T performance upto 100 meter with 4 connectors

2.4 Should have mating cycles of 900 or above

2.5 Information Outlet should be Toolless .

2.6 IO should be UL listed

3 24 PORT CAT6A JACK PANEL UNLOADED

2.1 Should be made from Sheet Steel

3.2 Have port identification numbers on the front of the panel.

3.3 Should have self-adhesive, clear label holders (transparent plastic window type) and white designation labels with the panel, with optional color

labels / icons.

3.4 Jack panel should be UL listed

3.5 Each port / jack on the panel should be individually removable on field from the panel.

3.6 Should have integrated rear cable management shelf.

3.7 Ports should be in zig zag manner or should have sideways orientation

4 MOUNTING CORDS – S/FTP Cat 6A

of 36

4.1 Should be 4 pair 26 AWG stranded copper wire Cat 6A

4.2 Each pair enclosed in Aluminium foil with overall copper braided screen

4.3 Should be terminated with Insulation Displacement Technology to avoid heating in POE+ and HPOE devices

4.4 Patch Cord should support 802.3 bt

4.5 patch cord should be UL listed

4.6 Sheath Should be LSFRZH

4.7 Should support minimum 900 mating cycles

4.8 Should be verified by ETL/3P in channel for Cat6A (Certificate to be available online on intertek or 3Ptest website)

Part -3 Passive Specs for Fiber Products

1 FIBER CABLE INDOOR/OUTDOOR 12 CORE OM4 MULTIMODE

1.1 Should be as per IEC 60794-1-2 E1; IEC 60794-1-2 E11; IEC 60794-1-2 E3; IEC 60794-1-2 F1; IEC 60794-1-2 E4; IEC 60794-1-2 E7; IEC

60794-1-2 E10

1.2 Should be unarmored

1.3 Type: Multimode OM4

1.4 Cable Jacket material: Low Smoke Zero Halogen

1.5 Minimum Cores 12

2 LIU UNLOADED WITH DUPLEX LC PORTS WITH SPLICE TRAY

2.1 Have sufficient slots to accommodate 24 Duplex LC Ports

2.2 Should have fiber management provision inside

2.3 Should have Splice holder for minimum 24 Fiber cores

2.4 Should be made of Steel CRCA

2.5 Material Should steel: 1.5 mm, powder-coated

3 OPTICAL FIBER PIGTAILS OM4 MULTIMODE MODE LC

3.1 Connector type LC

3.2 Fiber Type MM OM4

3.3 Compact design (SFF). 1.25 mm ferrule technology

3.4 Length 1meter/1.5 meter

4 OPTICAL FIBER EQUIPMENT CORDS (MINIMUM 3 METER)

4.1 All optical fiber patch leads shall comprise of Multimode OM4

of 36

4.2 Jacket should be LSZH sheath

4.3 Connector: Zirconia ceramic ferrule

4.4 Connector type Duplex LC-LC

4.5 Mating cycles: delta IL < 0.2 dB after 500 mating cycles

4.6 Pull-out force patch cord: ≥ 100 N (per connector)

4.7 Should have option for Visual coding, mechanical coding and lock protection.

4.8 Length 2 meter /3 meter /5 meter

5 LC DUPLEX MULTIMODE ADAPTOR

5.1 LC Duplex Multimode adapter with Quick mounting clip integrated.

5.2 Protection class (IP-20 rated)

5.3 Material: fiber- (halogen-free)

5.4 Should have integrated shutter for protection of accidental exposure to eye

5.5 Should be UL listed (UL certificate to be attached along with the bid)

5.6 Should have option for Visual coding, mechanical coding and lock protection.

5.7 Should have Mating cycles: min. 500

5.8 Should support Pull-out force: min. 70 N

3. All other clauses of the subject bid document will remain unchanged.