Alabama State Port Authority

Information Technology Department Disaster Recovery/Hybrid Cloud Request for Proposal

October 23rd, 2017

1 | P a g e

Table of Contents Company Background and Overview ............................................................................................................ 2

Purpose and Description of Project .............................................................................................................. 2

Bid Item Overview ......................................................................................................................................... 2

Eligibility Criteria/Pre-qualification of the Bidder ......................................................................................... 3

Project Requirements ................................................................................................................................... 4

Mandatory Requirements ......................................................................................................................... 4

Physical and Environmental Security Requirements ................................................................................ 5

Proposed Solution Minimum Requirements ............................................................................................ 6

Product Support ............................................................................................................................................ 8

Instructions to proposers .............................................................................................................................. 8

Selection Criteria: .......................................................................................................................................... 9

Proposal and Submittal Requirements ....................................................................................................... 10

Introduction and Corporate Overview .................................................................................................... 10

Scope of Work Summary ............................................................................................................................ 11

Pricing.......................................................................................................................................................... 11

Project Assumptions ................................................................................................................................... 11

References .................................................................................................................................................. 11

2 | P a g e

Company Background and Overview

The Alabama State Port Authority owns and/or operates the public deep-water port facilities at the Port of Mobile handling over 25 million tons annually. The U.S. Army Corps of Engineers Waterborne Commerce Center in 2015 ranked the Port of Mobile as the 10th largest U.S. Seaport in total trade handling in excess of 58 million tons. The Authority’s container, general cargo and bulk facilities have immediate access to two interstate systems, 5 Class 1 railroads, and nearly 15,000 miles of inland waterway connections. Learn more at www.asdd.com.

Document Name Request for Proposal -

DR /Hybrid Cloud

Date of Issue/Release of RFP 10/23/2017

Last Day for Questions 11/1/2017

Bids Due 11/15/2017

Award no later than 11/23/2017

Purpose and Description of Project The Alabama State Port Authority (ASPA) Information Technology Department is requesting Bid 85 for the purchase of a Unified Disaster Recovery Solution for Physical “to be coloed in providers datacenter” and virtual servers utilizing Zerto . As our organization’s virtual infrastructure grows, our organization’s DR capabilities must grow with it. We must grow seamlessly, without having to purchase, install, and configure additional proprietary hardware. The Purpose of this project is to mitigate the complex process of protecting and recovering data and applications in the event of disaster or serious disruptions in service. The main goal of this project is to assure that critical operations can resume normal processing within a reasonable time frame by minimizing the duration of a serious disruption to business operations; facilitating effective co-ordination of recovery tasks; and reducing the complexity of the recovery effort.

Bid Item Overview

Virtual replication and recovery between any storage device

Hosted on Demand Disaster recovery

Documented run book before a disaster occurs

Recover all critical systems and applications to any point in time

Reduce RTO and RPO objectives

3 | P a g e

Seamlessly scale and as data requirements grow

Non-Disruptive Quarterly supervised testing

Provider to include training to staff members

Dedicated connectivity link from primary datacenter to cloud service location

Fully orchestrated and automated recovery - delivering a Recovery Time Objective (RTO) of less than 4 hours and Recovery Point Objective (RPO) of 10 minutes or less using Zerto for the virtual server environment.

Physical rack space for Linux servers and backup appliance

Eligibility Criteria/Pre-qualification of the Bidder

The bidder should be Original Equipment Manufacturer (OEM) or authorized distributor and service provider for the systems. Documentary proof must be attached.

Bidders must have at least 5 years of experience in supply, installation, commissioning and maintenance of respective systems out of which at least 3 years must be in similar kind of activities for single organization. The bidder should give examples of at least four projects of the same scale and nature executed by his/her organization in the past.

The bidder must have infrastructure support in the form of Direct Service Centers. The bidders must enclose details of their infrastructure with reference to locations and technical manpower, availability of inventory spares, etc.

The bidder’s Data Center from where the cloud services are housed at least a Tier 3 Compliant facility.

Bidders should provide a detailed time schedule for the total implementation of the DR services on cloud and backup solution for primary data center.

The bidder should provide address details of their data center, project office and support center for personal visit by the concerned ASPA officials.

The bidder should be offering cloud services from at least two of its Data Center facilities

The vendor must fulfill the above eligibility criteria/pre-qualification conditions. The duly constituted technical evaluation committee will only evaluate technical bid of vendors fulfilling the pre-qualification conditions. Bid of vendors not fulfilling the pre-qualification conditions given above shall be summarily rejected. Undertaking for subsequent submission of any of the above documents shall not be entertained under any circumstances.

4 | P a g e

Project Requirements Mandatory Requirements The system quoted must be all-inclusive of software, licenses and hardware components, technical systems support & maintenance necessary to support the equipment (24x7x365 with 4 hours response time), system installation, project management, provisioning, validation testing, user and ASPA IT network engineers training including full certification and final turnover. The equipment must support and be certified to run the following operating systems, applications, services, and any future releases including but not limited to:

Microsoft Windows Server 2016 x86 and x64

Microsoft Exchange Server 2016

Microsoft Terminal Services

File Servers

Active Directory Servers

Oracle Application Server

Oracle VM virtualization software

VMware virtualization software

Red Hat LINUX There must be sufficient Rackspace for existing ASPA equipment including but not limited to:

Three HP ProLiant DL380 G8 Servers

Two HP ProLiant DL360 G5 Servers

Cisco 3500 Series Switch

One DellEMC Data Domain DD2500 Backup and Replication Device

Solution document: Solution document provided by the bidder as part of response should include the following parameters:

Design details and parameters based on which bidder proposed DR Site services Solution/ DC location

Complete scope of work and list of the activities to be executed as part of the project

Security principles: The procedures, best practices which are followed and adopted

5 | P a g e

The bidder shall commit that the key personnel utilized for the project have been sufficiently involved in the similar implementations and that once assigned to the project will not be moved out of it, except for reasons beyond the control of the bidder. In such case, an equally competent employee shall be provided as a replacement. The bidder shall organize the responses in accordance with the format specified in the tender and under no circumstance shall leave any response item unanswered. If any row or column does not contain the response, the entire response may not be taken up for consideration. Any response not as per the format may not be included for any further consideration. The bidder shall furnish relevant documentation supporting the above eligibility / qualification criteria separately and not in the sealed envelopes containing the technical bid and commercial bid. In case of non-compliance to any of the eligibility, criteria mentioned above the bidder shall be disqualified without any notice and the bids of the bidder may not be processed further.

Physical and Environmental Security Requirements

a) Bidder should host the entire Cloud infrastructure in a secure data center which should be at least Tier 3 Compliant facility

b) Cloud services offered by Bidder should not be delivered on outsourced or white-label service platform of other backend provider, unless clearly defined and approved by ASPA.

c) Bidder should have Data Center constructed to world class hosting standards as defined by the “Uptime Institute, USA”

d) Bidder should ensure that services provided are to be backed by high QOS (Quality of Service) / SLA (Service Level Agreement)

e) Bidder should have Centralized NMS (Network Management Systems) & 24*7*365 helpdesk US based.

f) Bidder should provide advanced system security, monitoring & management. g) Bidder should ensure that the facilities Fire Suppression and Protection System should

include three levels of redundancy based on Gas Fired Systems, Carbon Monoxide based systems and Water Sprinkler based systems.

h) Bidder should ensure that the floors as well as the ceiling should be based on false flooring and ceiling where the wire conduits and the fire protection systems are installed.

i) Bidder should ensure that the entire facility around the data center should also equipped with a fire detection and smoke alarm system to alert the facilities administration group in case of fire hazards, before this can affect the data center area.

j) Bidder should ensure that general level security personnel should be available on 24-hour basis at all the entry and exit points into the premise with any non-employee entrance restricted to only one entry point.

6 | P a g e

k) Bidder should ensure that physical entry of any visitor or non-employee beyond the Reception Lobby should be permitted only with authorized employee presence at all times within the facility to build in additional level of security.

l) Bidder should ensure that physical access to the Main Data Centre facility should be protected through a Biometric Finger-Print Scan facility with an added access card based authentication system.

m) Bidder should provide multi-homed network and centralized NMS (Network Management System).

n) Bidder should ensure that personnel should be accessible by means of a. 24x7 Phone Support b. 24x7 Smart Messaging c. Via Email

o) Bidder should provide uninterruptible power system. p) Bidder should provide redundant in connectivity. q) Bidder should provide world class controlling atmospheric conditioning system at the

data center. r) Bidder should ensure that they should configure services on world-class systems and

equipment like General Instruments, Sun Microsystems, EMC, Lucent Technologies, Dell, HP, IBM, Juniper and Cisco Systems etc.PCI and HIPAA compliant, along with operating SSAE-16 / SOC 2 level compliant facilities

s) Bidder should ensure that ASPA infrastructure should be provided with assured security with all latest features/appliances with firewalling, content filtering, and intrusion prevention.

t) Bidder should be able to provide distributed denial of service detection and manage it.

Proposed Solution Minimum Requirements

a) The proposed disaster recovery site (Data Center and Cloud Setup) should be from

geographically distant location falling under different seismic zone.

b) The proposed solution should be “On Demand Disaster Recovery” with the protected host

VMs powered on only during DR or DR test period.

c) Bidder should provide run book for proposed solution

d) Once testing is complete provider should update the documented run book as required

e) Proposed solution should be burstable in terms of CPU, RAM & Storage space.

f) Service provider should have provision to offer Remote VPN services to roaming / mobile

users to connect to the DR site securely over public internet (IP VPN).

g) ASPA should be able to perform Non-Disruptive DR Drills to achieve the consistency and

Repeatability of the Disaster Recovery processes.

7 | P a g e

h) Highly Scalable solution- Supporting replication with minimum two separate locations for

many-to-one and one-to-many replication scenarios.

i) RPO monitoring, Reporting and Events Analytics for the Disaster recovery solutions should

be offered as part of the offering. ASPA reserves the right the reject the Bid technically if

the service provider overlooks reporting and monitoring component.

j) The Service provider will provide and end-to-end working solution including the

replication tool, DR infrastructure on Cloud / Managed Hosting with DR drill and

management. ASPA will provide the application licenses (as applicable) for the DR site.

k) Service provider will have to size up the optimal Bandwidth for replication between DC

and DR site.

l) Designing and deploying managed connectivity solutions for continuous replication of

data to the DR site as well as to redirect the users to the DR site during disaster.

m) Training provided to the staff members and System Administrator on DR.

n) Services provider should provide the solution document of DR and application.

o) Dedicated connectivity link from Primary data center of ASPA to DR site shall be the part

of DR solution provided by the service provider.

p) DR site Management and monitoring Console provided by the service provider to the

ASPA.

q) The service provider or facility should be able to provide Video Surveillance record of the

DR site of any given point of time as required by ASPA.

r) The service provider should provide the percentage scalability by which the committed

maximum resources such as cores and memory can be scaled up or down and provide

base price change if scalability is exercised.

s) Service provider will have to adhere to following minimum criteria to ensure consistent

working DR environment at all times,

a. Half-yearly DR Drill should be bundled per year as part of the solution. ASPA may

be able to make choice of more Drills at incremental cost basis as per their

business need. Apart from the bundled, DR Drill cost should be shared separately

on Monthly (DR Month) cost basis to ASPA.

b. Process for data recovery check on defined intervals - Minimum 1 recovery

exercise in every 6 months of the Backed up data. ASPA will define the data

recovery plan for checking the data integrity and consistence.

c. Minimum 1 upgrade / downgrade test every 6 months for computing, storage, and

network

d. Minimum 1 Vulnerability Test / Penetration Test to be done on the setup at least

once in six months.

8 | P a g e

Product Support

The system’s pricing must include the first 3 years On-Site Support/Maintenance (24x7x365) with minimum 4-hour response time, Technical Support, Unlimited upgrades and Engineering Support.

Instructions to proposers

Proposals must be received by 10:00 am, on the submission deadline shown above. Proposals may be submitted via mail, courier, or hand delivered to the Alabama State Port Authority, 250 North Water Street, Suite 240, Mobile, Alabama, 36602, or emailed to bvalentz@asdd.com (Brett Valentz, Information Technology Manager).

In submitting a proposal, the vendor agrees that acceptance of any or all proposals by ASPA within a reasonable period of time constitute a contract. No delivery shall become due or be accepted unless a purchase order shall first have been issued by ASPA.

All reports, surveys, tables, charts, diagrams, design work, product recordings and other data (including electronic audio and video) or documentation prepared or complied by Proposer in connection with the performance of its obligations under the contract, shall be the sole and exclusive property of ASPA. Proposer shall retain in its files, sufficiently detailed working papers relevant to its engagement with ASPA. Proposer further agrees that its working papers will be held with the strictest confidence and will not be disclosed or otherwise made available to outside sources, except as required by law, without the written consent of ASPA.

Proposer must agree to keep confidential any and all information concerning the plans, operations or activities of ASPA which may be divulged by ASPA or ascertained by Proposer in the course of performing services under any contract with ASPA. In the event Proposer is required to disclose confidential information pursuant to a subpoena, order of a court, or other legal process, Proposer shall, upon notice of such required disclosure and prior to disclosure, immediately notify ASPA disclosure and allow ASPA the opportunity to inspect the information subject to disclosure, and in the event such disclosure is objectionable under any standard or rule of the court, Proposer shall exhaust all legal means to prevent disclosure.

Additionally, the successful proposer must satisfy the requirements of the Beason-Hammon Act, which requires that the contracting parties affirm, for the duration of the agreement, that they will not violate federal immigration law or knowingly employ, hire for employment, or continue to employ an unauthorized alien within the State of Alabama. Furthermore, a contracting party found to be in violation of this provision shall be deemed in breach of the agreement and shall be responsible for damages resulting therefrom.

Also, as a condition for the award of any contract, grant, or incentive by the state, any political subdivision thereof, or a state-funded entity to a business entity or employer that employs one or more employees within the State of Alabama, the business entity or employer shall provide

9 | P a g e

documentation establishing that the business entity or employer is enrolled in the EVerify program.

No work shall commence nor shall any invoices be paid until the vendor provides the requested proof of insurance as outlined in the ‘Insurance Requirement for Proposers’ document attached and until such proof is accepted by the ASPA. If you have questions concerning the insurance requirements please contact Kevin Malpas, ASPA Risk Manager, at 251-441-7118, or kmalpas@asdd.com.

Proposal must be clearly identified as ‘DR Hybrid Cloud’. Responsibility for timely submittal and routing of proposal lies solely with the Proposer. Proposals received after the closing time specified will not be considered.

ASPA reserves the right to reject any or all proposals, to further negotiate with successful proposer and to waive informalities and minor irregularities in proposal received, and to accept any portion of the proposal if deemed in the best interest of ASPA.

Selection Criteria:

CRITERIA TO BE RATED Maximum Points

1. Experience of Proposed Staff

Experience of Project Manager and Team with the installation. Year’s staff has been assigned to similar scope of services. Level of education, training, licensing. Certification of staff.

15

2. Approach to the Project

Demonstrated understanding of the ASPA’s needs and solicitation requirements. Approach is well organized and presented in a clear, concise and logical manner. Availability and proposed use of technology and methodologies. Quality control and thoroughness is well defined.

12

3. Capability to Perform

Capability of the Firm to furnish the resources necessary to perform the work including management plan, quality control measures, warranty, and maintenance of system. Ability to complete work within deadlines. Availability and continuity of staff during the course of the agreement, if selected. Geographical proximity and ability to respond to maintenance and warranty issues in a very timely manner to assist in keeping all components fully functional Experience with public agencies. 5 years of experience with these types of services.

12

10 | P a g e

4. Firm’s Relevant Experience

Experience in performing similar services for organization of similar size to the ASPA.

15

5. Proposed Pricing

Proposed pricing 10

Maximum Total Points 64

Points are subject to change based upon ASPA evaluations. ASPA intends to award the agreement to the Proposer whose Proposal best satisfies the scope of services and product described and is otherwise in the best interest of ASPA. The determination of award shall be made by ASPA, in its sole discretion, which decision shall be final. ASPA may request submission of additional information to assist it in evaluating a Proposal, and the Proposer shall cooperate fully with such request. An onsite presentation or online presentation may also be required. The contract resulting from this RFP will be awarded to the qualified Proposer who ASPA believe will be the most advantageous to ASPA. ASPA may condition an award on the successful Proposer’s agreement to such terms and conditions as required by ASPA including, but not limited to, ASPA’s indemnification.

Proposal and Submittal Requirements Please include the following specified deliverables in your proposal, according to the following:

Introduction and Corporate Overview

Company Name

Years in business

Type of organization, i.e. corporation, partnership, etc.

Ownership (names, nature of participation)

Number of employees on staff

Number of customers

Number of Certified Engineers

Statement that the Proposer is fully qualified to provide the requested services

Statement regarding bond or surety cancellation or forfeiture

Statement regarding bankruptcy petitions/judgments

Describe any pending, contemplated, or on-going administrative or judicial proceedings

material to proper’s business

11 | P a g e

Scope of Work Summary

The proposal must include a work plan which identified necessary resources and tasks. The work plan should include the following:

Project scope

Project schedule

List of key activities

Deliverables and dates

Implementation and testing dates and agenda

Go-live date

Training plan for administrator and functional user training dates and agenda

Ongoing support (problem reporting and resolution, upgrades, patches, etc.)

Pricing

In spreadsheet format provide, setup cost, monthly cost and any additional yearly fees if

applicable.

Project Assumptions

Vendors can make the following assumptions when responding to the proposal:

ASPA will provide a project manager

ASPA will provide a network engineer

ASPA will provide relevant network information based on project requirements

ASPA will provide time for testing and implementation

References

Three (3) client references with current verified contact information.

References are to include company name, contact, phone, and email address.

Client references must have completed a successful implementation involving similar project

12 | P a g e

13 | P a g e

State of )

County of )

CERTIFICATE OF COMPLIANCE WITH THE BEASON-HAMMON ALABAMA TAXPAYER AND CITIZEN PROTECTION

ACT (ACT 2011-535, as amended by Act 2012-491)

DATE:

RE Contract/Grant/Incentive (describe by number or subject):

b

y and between (Contractor/Grantee) and (State Agency or Department or other Public Entity)

The undersigned hereby certifies to the State of Alabama as follows:

1. The undersigned holds the position of with the Contractor/Grantee named above, and is

authorized to provide representations set out in this Certificate as the official and binding act of that entity, and has knowledge of

the provisions of THE BEASON-HAMMON ALABAMA TAXPAYER AND CITIZEN PROTECTION ACT (ACT 2011-

535 of the Alabama Legislature, as amended by Act 2012-491) which is described herein as “the Act”.

2. Using the following definitions from Section 3 of the Act, select and initial either (a) or (b), below, to describe the

Contractor/Grantee’s business structure.

BUSINESS ENTITY. Any person or group of persons employing one or more persons performing or engaging in any activity,

enterprise, profession, or occupation for gain, benefit, advantage, or livelihood, whether for profit or not for profit. "Business entity" shall include, but not be limited to the following:

a. Self-employed individuals, business entities filing articles of incorporation, partnerships, limited partnerships,

limited liability companies, foreign corporations, foreign limited partnerships, foreign limited liability companies

authorized to transact business in this state, business trusts, and any business entity that registers with the

Secretary of State.

b. Any business entity that possesses a business license, permit, certificate, approval, registration, charter, or similar

form of authorization issued by the state, any business entity that is exempt by law from obtaining such a business

license, and any business entity that is operating unlawfully without a business license.

EMPLOYER. Any person, firm, corporation, partnership, joint stock association, agent, manager, representative, foreman, or

other person having control or custody of any employment, place of employment, or of any employee, including any person or

entity employing any person for hire within the State of Alabama, including a public employer. This term shall not include the

occupant of a household contracting with another person to perform casual domestic labor within the household.

(a) The Contractor/Grantee is a business entity or employer as those terms are defined in Section 3 of the Act.

(b) The Contractor/Grantee is not is a business entity or employer as those terms are defined in Section 3 of the Act.

3. As of the date of this Certificate, Contractor/Grantee does not knowingly employ an unauthorized alien within the State of

Alabama and hereafter it will not knowingly employ, hire for employment, or continue to employ an unauthorized alien within

the State of Alabama;

4. Contractor/Grantee is enrolled in E-Verify unless it is not eligible to enroll because of the rules of that program or other factors

beyond its control.

Certified this day of 20 __.

Name of Contractor/Grantee/Recipient

By:

Its

The above Certification was signed in my presence by the person whose name appears above, on

this day of 20 . WITNESS:

Print Name of Witness