1 | P a g e

Minimum Technical Specification for the Examination Management System (EMS)

for all theUniversities/Colleges in Karnataka (Pre & Post Examination/Evaluation, Result Processing & Dissemination)

The proposed Examination Management System would cover the following important features of the examination and evaluation activities of all the universities/colleges in the state.

• Retrieval of data from the Admission Database System • Students confirmation to write the examination of various subjects • Provision to make Examination fee payment through e-Payment mode • Creation of Examination Centres • Assignment of students to Examination centres/Hall • Generation of Nominal roll examination centre/hall wise • Provision to down load the Admission Ticket/Hall Ticket through online • Online Web portal to monitor the Logistic support of distribution of Answer

Booklets,Enter the used and un-used Answer booklets with internal secured coding

• Provision to read Barcode values printed on the Answer booklets for internal security and audit trail

• Provision to scan Answer Booklets to the assigned scanning station • Provision to upload the scanned images on fly directly to the portal as and

when scanning completes • Online system for Evaluators registration • Assignment of credentials to Evaluators to access the Evaluation portal • Assignment of Answer Script to Evaluators by Registrar Evaluation • EASE – Electronic Answer Script Evaluation system for digital evaluation • Provision to monitor the Evaluation process in terms of AAA Authentication

Authorization Audit trail • Provision to view Model Answers, Score board to enter question wise

secured marks, sticky notes for later reference for the concerned evaluator only

• Provision for instantaneous result process and dissemination The proposed EASE (E-Answer Scripts Evaluation) system is part of EMS and requiresBPR (Business Process Re-engineering) for an efficient and effective implementation which mentioned below.

I. Pre Examination Activities a. Provision of printing water marking in all pages of the Abs (Answer

Booklets)

2 | P a g e

b. Assigning and printing of Unique Identification code in each Answer Booklet(AB)including for all pages of the AB using random number generation process with Barcode system

c. Provision to record unique identification number and the page wise random number of each AB in to the centralised server using web access mode

d. Provision to Monitor the logistic support of ABs distribution to every examination centre from the agency who prints all ABs, confirmation of receipts of ABs by universities and onward distribution to examination centres

e. Provision to track the status of the ABs as against the distribution to various examination centre on a daily basis

II. Examination Activities a. Provision to update the usage of ABs examination centre wise

namely the used and un used ABs on a day-to-day basis once the examination started and before the completion of the examination

b. Collection and segregation of ABs in terms of used and unused ABs and to keep ready to send to scanning centres for scanning

III. Post Examination Activities a. Pre Scanning process

Assign addl. Identification mapping mark for each ABs/bundle and form a group of ABs to a particular scanning station like subject wise, date wise, packet/parcel wise, area wise, cluster wise (if any), examination centre wise with proper accountability for further monitoring

Provision to record the distribution of set of ABs to the scanning stations with internal mapping of key values of the ABs visa-vice ABs ID number, examination centre, date, subject, etc

b. Scanning process Use high end scanner which shall have provision to capture

image of the ABs and save as PDFfile format in the portal including the water mark of the ABs

The scanned image of the AB is called as AS – Answer Script which is in PDF file format and should be saved in the portal only using specialised API of NIC (not in the local PC/desktop/Laptop system)

The API would be developed by NIC using the DLL of scanner manufacturer(OEM)/DLL from the agency

Scanner shall have a capability to read the barcode value of the ABs in all pages and the OMR parameters of the ABs in to a memory variable (Metadata) for onward transmission on fly to the back end database system at RGUHDS through a secure channel

Ensure that the PDF image created in the above step should not be stored locally

Use NIC’s API/Component on fly to store the PDF image (AS) and memory variable (Metadata) in to the Sharepoint Portal(SPP) at the centralised database system with AAA concept

Scanning station should create only one compressed PDF file (AS)forall pages of the concerned AB in the name specified

3 | P a g e

by the NIC system from the SPP server using COTS components (as additional layer of security)

Provision for random check of AS (Answer Script – Which is nothing but converted scanned AB) with a provision of reading barcode in the PDF file format

c. Post Scanning process Random allocation of ASs residing in the secure document

store of the SPP to evaluators Generation of digital evaluation time table for each evaluator

visa-vice day wise tasks and targets Provision of Credential based accesses to evaluators, centre

superintends, administrators, etc Provision for full size viewing of the AS in a frame along with the

form for scoring the marks The question paper corresponding to the AS should be loaded

automatically along with sample/probable answer for that question

Provision for an evaluator to annotate/comment over the AS during evaluation as a separate layer which cannot be viewed by other evaluators

Provision to linking the AS page number to the scoring of marks so that backtracking of scoring to the actual written answer of the AS is possible

IV. Online Evaluation Process a. Pre-Evaluation

Registration of Evaluators to the EASE portal Allocation of Evaluators to various Centres

1. Proximity 2. Random

Allotment of Answer Scripts 3. Random 4. Subject-wise 5. Scheduled 6. Triggered

One-many mapping of ASs to Evaluator b. Evaluation

Evaluator shall have to check the water mark of the AS of each page as part of the evaluation system/manual checking for the genuinety of the AS before enter the scoring of marks

Provision of Credential based accesses to evaluators, centre superintends, administrators, etc

Provision for full size read only viewing of the AS in a frame along with the form for scoring the marks

The question paper corresponding to the AS should be loaded automatically along with sample/probable answer for that question

Provision for an evaluator to annotate/comment over the AS during evaluation as a separate layer which cannot be viewed by other evaluators

4 | P a g e

Provision to linking the AS page number to the scoring of marks so that backtracking of scoring to the actual written answer of the AS is possible

Easy Navigation across the list of AS assigned to each evaluator Audit trail with credentials based access to open the assigned

Answer Scripts for evaluation by the evaluators for a given day

Parallel evaluation of a particular answer script by more than one evaluators at a time and with a provision of layer based bookmarking/annotation support for each evaluator of a same answer script

Provision for the Registrar(Evaluation)/System Administrator to view all the evaluators bookmarks/annotations using access credentials

Performance track of evaluators Measuring variance in evaluation of marks among evaluators

and reassignment to next evaluator c. Post Evaluation

Tabulation of marks for result processing Result processing and dissemination Evaluators performance analysis Evaluators Payment through ECS

Hardware & System Software requirements

The following are the hardware requirements for the application software at the Higher Education Council for NIC team:

d. Application Software Development Unit e. Ten Desktop PCs with minimum 4 GB RAM with latest processors

under LAN environment f. Three nos. of 23” LED Monitors g. Two Servers with MS SQL RDBMS 2012 or higher and Share Point

Portal 2013 or higher licenses at SDC h. 1 TB portable external Hard Disk: 2 Nos. i. Mobile Development: Android and Windows mobile phones j. PKCS : DSC k. Biometrics: FIT l. Printers m. DMP, Thermal, Inkjet/Laser jet n. MFD (Multi Functional Device)

Hardware Requirement at KSDC/Cloud for live/production purpose

5 | P a g e

The following hardware and system software are required to be installed at the central location (SDC/Cloud) as a centralised database system for the Electronic Answer Scripts Evaluation System. Sl. No.

Items Description Qty

A. Hardware Items 01. Rack Mount Servers 10

02. 42 U Rack 02 03. KVM Switch with Console 02 04. Core Router, Firewall& Switch with a provision of LAN/WAN ports

configuration 02 (Each)

05. 24 port Network L2 Switch for LAN 01 06. Scanner (Scanning cum Bar-code reading feature) 01(*) 07. Windows based Desktop PC 01(*) 08. SAN storage for storage and retrieval of scanned answer booklets 10 TB size 01(*) 09. WAN/Network Optimization Appliance 01 10. Fibre channel Switch for SAN storage minimum 8 ports 01(*) 11. External Tape drive Backup device for regular backup of SAN storage

data/images 01(*)

12. 10 KVA Online UPS with 2 hours backup 02(*) 13. 20 KVA Diesel Generator 01(*) B. System Software 14. Windows 2012 Server Operating System Enterprise or higher 10 15. MS Sharepoint Portal (SPP) 2013 Enterprises or higher/latest 0516. MS SQL Enterprise licenses 2012 or higher 02 17. Server based Anti-Virus Software Licenses 01 18. Data Loss Prevention System 01 19. RAD View controller for PDF image access through SPP 01 20. Network Monitoring Tool 01 C. Network Bandwidth 21. 40 to 50 Mbps MPLS Network (Intranet only) 01(*) 22. 8 Mbps VPNoBB (for MPLS failover) 01(*) 23. 10 Mbps Internet connection (for NKN failover) 01(*) 24. Network Engineer for day-to-day support on network related issues 01(*) 25. Technical Consultant for day-to-day software implementation support 01(*) D. Civil, Electrical, LAN cabling and Furniture(*) 26. 100 Sq. ft space required for Server infrastructure 27. 500 Sq. ft space required for Scanning infrastructure 28. 500 Sq. Ft space for Project Monitoring Unit 29. Air-conditioning for the above work spaces 30. Required number of computer tables and chairs 31. False flooring and False ceiling for the server room 32. Standard electrical power cabling with extension board containing 5 amps 3 pin plug with

switch 4 numbers in each extension board/plate (*) is not mandatory/not necessary to procure/establish if the central database housed in the KSDC

6 | P a g e

Field Level offices–Scanning/Evaluation Centers It is proposed to have one scanning centre in each district and one evaluation centre in each university for the smooth implementation of the proposed system. The following is the hardware and system software requirements at the district centre (Scanning Station (SS)) and Evaluation Centre (EC) at every universitycampus for the Electronic Answer Scripts Evaluation (EASE) system.

Evaluation Centre (EC) at every UniversitySl. No.

Items Description Qty.

A. Hardware Items 01. Router, Firewall & Switch with a provision to LAN/WAN ports configuration 0202. 4U Rack 0903. 48 port Network L2 Switch for LAN 0304. 24 port Network L2 Switch for LAN 0105. Windows based Desktop PC with 23 inch Monitor 15006. 20 KVA Online UPS with 2 hours backup 0307. 25 KVA diesel generator 0208. WAN/Network Optimization Appliance 01B. Network Bandwidth 09. 10 Mbps MPLS Network 0110. 2 Mbps VPNoBB (MPLS failover) 0111. Network Engineer for day-to-day support on network related issues 0212. Technical Consultant for day-to-day software implementation support 02C. Civil, Electrical, LAN cabling & Furniture 13. 3500 Sq. ft space required for Evaluation 14. 100 Sq. ft space for Network infrastructure 15. Required number of computer tables and chairs 16. Structured LAN cabling to connect 150 clients 17. Air-conditioning for the above work spaces 18. Standard electrical power cabling with extension board containing 5 amps 3 pin plug with

switch 4 numbers in each extension board/plate

Scanning Station (SS)at every district Sl. No.

Items Description Qty.

A. Hardware Items 01. Router, Firewall & Switch with a provision to LAN/WAN ports configuration 0202. 4U Rack 0203. Scanner (Scanning cum Bar-code reading feature) 1004. 24 port Network L2 Switch for LAN 0105. Windows based Desktop PC with 23 inch Monitor 1006. 20 KVA Online UPS with 2 hours backup 0207. 25 KVA diesel generator 0208. WAN/Network Optimization Appliance 01B. Network Bandwidth 09. 10 Mbps MPLS Network 0110. 2 Mbps VPNoBB (MPLS failover) 0111. Network Engineer for day-to-day support on network related issues 0212. Technical Consultant for day-to-day software implementation support 02C. Civil, Electrical, LAN cabling & Furniture 13. 3500 Sq. ft space required for Evaluation 14. 100 Sq. ft space for Network infrastructure

7 | P a g e

15. Required number of computer tables and chairs 16. Structured LAN cabling to connect 150 clients 17. Air-conditioning for the above work spaces 18. Standard electrical power cabling with extension board containing 5 amps 3 pin plug with

switch 4 numbers in each extension board/plate

8 | P a g e

Approximate number of items required for the project (Hardware, System Software, Network Bandwidth & Manpower)

Loc. ID.

Name of the Location No. of Locations

A. Application Development Unit at Higher Education Council 01 Sl. No. Description Qty.I - Hardware Items 01. PC/Desktop 1002. 23 inch Monitor for the above three PCs 0303. Rack Mount Servers 0204. External Hard Disk of 1 TB 0205. 7 inch Mobile/Tablet with Android OS 0206. 10 inch Tablet with Windows OS 0207. DSC 0108 FIT (UID Compliant) 0209. Thermal Printer 0110. Inkjet Printer 0111. Laser Printer 0112. DMP 136 Col 0113. DMP 80 Col 0114. Multi Functional Unit 0115. Wireless Router 0116. 24 Port L2 Switch 0117. Wireless Access Point(Indoor) 05II - System Software Licences 01. Windows 2012 Server OS Std Academic License 0202. MS SQL Server 2012 Std Academic License 0203. Visual Studio 2013 Professional Edition with 5 User Licenses 0104. RAD PDF Control Development License 01

B. Data Centre at Bengaluru 01 I - Hardware Items Rack Mount Servers 10 42 U Rack 02 KVM Switch with Console 02 Core Router, Firewall& Switch with a provision of LAN/WAN ports

configuration 02

24 port Network L2 Switch for LAN 02 Server Load Balancer 02 Link Load Balancer 02 SSL VPN 01 SAN storage for storage and retrieval of scanned answer booklets

10 TB size 01

WAN/Network Optimization Appliance 01 Fibre channel Switch for SAN storage minimum 8 ports 01 External Tape drive Backup device for regular backup of SAN

storage data/images 01

10 KVA Online UPS with 2 hours backup 02 20 KVA Diesel Generator 01II - System Software Licences Windows 2012 Server Operating System Enterprise or higher 10 MS Sharepoint Portal (SPP) 2013 Enterprises or higher/latest 05 MS SQL Enterprise licenses 2012 or higher 02 Server based Anti-Virus Software Licenses 01

9 | P a g e

Data Loss Prevention System 01 RADView controller for PDF image access through SPP 01 Network Monitoring System with adequate numbers of hardware

appliances/servers 01 set

C. Scanning Station [One at each District Headquarter] 30 I – Hardware Items Router cum Firewall with Switching facilities with a provision to

LAN/WAN ports configuration 02

4U Rack 02 Scanner (Scanning cum Bar-code reading feature) 10 24 port Network L2 Switch for LAN 01 Windows based Desktop PC with 23 inch Monitor 10 20 KVA Online UPS with 2 hours backup 02 25 KVA diesel generator 02 WAN/Network Optimization Appliance 01II – Man Power to manage the IT/Network Infrastructure Network Engineer for day-to-day support on network related issues 01

D. Evaluation Centre [One at each University] 17 I – Hardware Items Router cum Firewall with Switching facilities with a provision to

LAN/WAN ports configuration 02

4U Rack 09 48 port Network L2 Switch for LAN 03 24 port Network L2 Switch for LAN 01 Windows based Desktop PC with 23 inch Monitor 150 20 KVA Online UPS with 2 hours backup 03 25 KVA diesel generator 02 WAN/Network Optimization Appliance 01 Wireless Access Controller 02 Wireless Access Point-Indoor 05 Wireless Access Point-Outdoor 05II – Man Power to Manage the IT/Network infrastructure Network Engineer for day-to-day support on network related issues 01

10 | P a g e

Deployment Architecture of EMS & EASE

The EMS (Examination Management System) including EASE (Electronic Answer Script Evaluation) System would be installed in the following architectural plan in the centralised data centre. The entire servers are under Microsoft Windows environment.

• MS SQL Database servers – 4 o Three Servers are MS SQL 2012 RDBMS/latest/higher o One Server for MS SQL SSIS and MS SQL SSRS

• SPP Web Front-end Servers – 2 o MS Sharepoint Portal Front-end applications meant for EASE

related security aspects/operation • Application cum Web servers – 3

o All three servers would be used for general web based application software loading, which are open to public access through server load balance

• Anti-Virus/Security Server -1 o Provide facility to update latest patches related to anti-virus in

addition to have secured access by all the SS & EC users

11 | P a g e

Technical Requirements

Server:

Item Description of Requirement

Chassis 2 U Rack Mountable CPU One / Two Intel® Xeon ® E5-2600 product family processor with

2.5MB per core Cache ; Proposed servers should have Minimum 2.0 Ghz and four Cores per CPU.

Motherboard Intel® C600 Chipset Memory 32 GB DDR3 Registered (RDIMM) memory operating at 1333MHz,

scalable to 768 GB. Memory Protection

Advanced ECC (multi-bit error protection), Mirroring mode, Spare Mode

Bays Minimum 16 Hot Plug 2.5" hard disk bays / 8 Hot Plug 3.5" hard Disk Bays + CDROM/DVD Bay

Hard disk drive 3 X 146/300 GB SAS Hot plug 2.5"/3.5" HDDs

Controller SAS Raid Controller with RAID 0/1/1+0/5/5+0 with 256/512MB battery backed write cache (onboard or in a PCI Express slot).

Networking features

Dual Port Multifunction Gigabit Server Adapters (four ports total, Embedded or Slot based) with TCP/IP Offload Engine, including support for Accelerated iSCSI

Ports USB 2.0 support With 5 total ports: (2) ports up front; (2) ports in back; (1) port internal

Bus Slots Min. Seven PCI-Express slots (1 x16 PCIe Slot & 6 x8 PCIe Slots)

Optical drive (Internal / External)

DVD/CD-RW combo drive

Power Supply Redundant Power Supplies

Fans Redundant Fans Compliance The quoted system must conform to the following norms: FCC

Class A, RoHS, CSA Security Hardware-based system security feature that can securely store

information, such as passwords and encryption keys, which can be used to authenticate the platform. It can also be used to store platform measurements that help ensure that the platform remains trustworthy.

OS Support Microsoft Windows Server, Red Hat Enterprise Linux (RHEL), SUSE Linux Enterprise Server (SLES), Oracle Enterprise Linux (OEL), Vmware, Citrix XenServer

Warranty 3 year warranty. Pre failure warranty on CPU, Memory and Hard disks

12 | P a g e

Remote Manageability Software

System remote management software should support browser based Graphical Remote Console

Server The Server Management Software should be of the same brand as of the server supplier.

SAN Storage:

Description of Requirement

The Storage system must have at least two controllers running in an active-active mode with automatic failover to each other in case of one/any controller failure.

The system should have 64 GB cache across dual two controllers. On a controller power failure, the cache data must be destaged and no cache data loss should be permitted. SSDs will not be considered as cache. The storage shall support FC and iSCSI protocols for use with different applications and avoid any protocol related buying in future. Any hardware/software required for this functionality shall be supplied along with it in NSPOF mode per storage controller specifications above The storage shall support 6Gbps SAS and NL-SAS drives. It should also support SSD drives. The storage shall be supplied with 20 TB usable on RAID 6 with 15K RPM 600GB SAS Drives and 30 TB usable on RAID 6 with 7.2K RPM NL SAS Drives. The system shall be configured with 8x8Gbps FC ports. Storage should be configured with 4 Backend ports per controller for 4 separate SAS loops and should be scalable 8 separate SAS loops for disk expansion connectivity without upgrading the existing controller/adding new controllers. Backend Ports should support 6Gbps SAS architecture. OR. The system shall be configured with 8x8Gbps FC ports and 4x10G iSCSI ports. Storage should be configured with 4 Backend ports with SAS3.0 12Gbps SAS architecture for disk expansion connectivity. The system should support either RAID 1+0, RAID 5 and RAID 6.

The storage should be scalable to at least 520 drives. Without changing the controller There should be a provision for minimum of 2 global hot spare disks for SAS.

The storage shall have the ability to expand LUNS/Volumes on the storage online. Storage should support Thin Provisioning and licenses for the same should be provided from day one for configured capacity System should have redundant hot swappable components like disks, power supplies, fans etc. The storage shall also support clones and snapshots. License for the same should be provided from day one for configured capacity. Also license to restore snapshot should be provided. All the licenses on the storage system must be provided for the capacity provided. The Storage should support automatic data tiering of moving frequent blocks of volumes to high performance drive and less frequent blocks to low performing drives and vice a versa.

13 | P a g e

The proposed system should be field upgradeable to a higher model in the family through data-in-place upgrades. Easy to use GUI based or web enabled administration interface for configuration, storage management. Storage management alerting and reporting tools also should be bundled with the storage. Support for industry-leading Operating System platforms including: LINUX , Microsoft Windows, HP-UX, SUN Solaris, IBM-AIX, etc. Multipathing software for 10 server required with the solution. The proposed system should support Web based, Email facility for remote service. The proposed system must be rack mounted (Adequate storage OEM rack should be supplied) 3 Years 24x7 support for Hardware and free patches and major version upgrades to all software capabilities that are mentioned above Additional Points The storage array should be able to provide traffic prioritization from the Hosts at the FC port level to enable guaranteed bandwidth to key business applications. This functionality is required to allow a single storage system to limit the input/output (I/O) activity of noncritical servers and prioritize the performance of business-critical servers accessing the same storage system port. The storage array should support Dynamic & Automatic Data Tiering capability to Dynamically move highly accessed data using either Policy based tiering or automated tiering to Fastest Disk tier in order to Enhance data performance without any interruptions to the business applications. Licenses for this feature should based on max capacity of quoted model Proposed storage should support data in place upgrade to highest storage model in same family. No data migration is required when upgrading to next model

SAN Switch: SAN Fibre Switch S

No Parameter Features

1 Architecture - Modular Chassis with 19 ” Rack mountable

- Power supply for 230 V AC 50 Hz with Redundant power supply

- Hot swappable power and cooling components 2 Operational metrics 384 Gbps end-to-end full duplex aggregate bandwidth

3 Interface 12 FC ports and upgradeable to 24 FC ports (in single chassis)

8 Gbps Full Duplex for each FC port

Support for 2/ 4/ 8/ 16 Gbps HBA

4 Features Trunking with up to eight 16 Gbps ports per ISL trunk - Supports leading SAN and NAS disk arrays

Capability to interface with HBA from multiple OEM’s and OS

- Non-disruptive firmware update

14 | P a g

5

Se

6 Di

7 MaSo

EXTERNA

Perform Native s2:1 comNative foCompreBurst TrSAS (maData BuAverageInterface Tape FoFormat RecordinEncodinData com Physica Width (inHeight (Length (Weight ( EnvironOperatin

OperatinAltitude

g e

ecurity

agnostics

anagementoftware

AL TAPE DR

mance

sustained trpressed traormatted cassed forma

ransfer Rateax)

uffer Size e file accesses available

ormat

ng densityng method mpression

al

n/mm) in/mm) (in/mm) (lbs/kg)

nmental ng Tempera

ng Non-con

- - - Cl linPOenFCpo

t

RIVE:

ansfer rateansfer rate apacity atted capace (MB/sec)

s time e

ature

ndensing hu

Hardware Centraliz POST an SSH, SN Port bindlearLink opnk traffic/laOST and emnvironmentaCping and Port mirroring

fabric View Web base

city

umidity

e and Softwzed fabric mnd online di

NMP ding ptics and catency/distambedded oal monitorinPathinfo (Fg, optics he

w d GUI for m

160 M400 M2500 G6250 G

600 512 M50 sec6 Gb/s

LTO U15.14316 Cha2.5:1

Interna5.87 / 1.76 / 48.3 / 23.2 / 1

50° to

20% to13,000

ware Zoningmanagemen

agnostics

able diagnosnce;

online/offlineng C tracerout

ealth monito

managemen

B/s B/s GB GB

B c s SAS

Ultrium 6 3 Kb/mm annel 32/33

al w/ bezel149.1 44.65 11 .45

104° F / 10

o 80% 0 ft (4,000 m

g nt

stics,

e diagnosti

te) oring, powe

nt

3 RLL NPM

0° to 40° C

m)

cs, includin

er monitorin

ML

@ 6 CFM

ng

ng

15 | P a g e

Non-operating Temperature -40° to 149° F/-40° to 66° C

Non-operating Non-condensing humidity 10% to 95% Power Voltage +5V, +12V

Power consumption

Idle: 3.8 Watts Typical: 23.8 Watts Peak: 31.5 Watts

Reliability MTBF 250,000 hours at 100% duty cycle MSBS 1,000,000 cycles Load/Unload Life 100,000 cycles

Non-recoverable Error Rate 1 in 1 × 1017 bits (non-media error, clean drive)

Media Compatibility LTO-6 (read/write) LTO-6 WORM (read/write) LTO-5 (read/write) LTO-5 WORM (read/write) LTO-4 (read only) LTO-4 WORM (read only) Media Specifications Cartridge Dimensions 4” × 4.15” × .85” (L×W×H) (102mm × 105.4mm × 21.5mm) Archive Storage 30 years Durability 20,000 load/unload cycles

BACKUP SOLUTION: Appliance based backup Solution Should be able to backup open files on Windows Environment, and backup of other OS platforms like RHEL, SUSE Linux, AIX, Solaris & HP-UX Should support windows 2003/2008/2012 servers and Windows XP and Windows 7 OS platforms Central administration console must be JAVA/GUI and it should be provided with utility to connect from desktop/laptop. Backup software Should support AD in terms of single user restoration, OS restoration and whole system state.

16 | P a g e

Backup Software should provide, an online backup for all the database and applications i.e. Oracle, Exchange, Active Directory, Sharepoint, DB2, Sybase, Informix, MaxDB etc. The backup software should support backup to disk and support Deduplication across all the layers (Source, Media & Target). The backup Software should have support for 256 Bit AES Encryption. The backup software should support full integration to virtual environment like VMWare and Microsoft HyperV for the backup and recovery of full virtual machines and the individual files and folders inside them. Should support single pass backup for faster backup/recovery Proposed Appliance should be preinstalled with Linux OS, Security product and supports unlimited Client Agents to perform the Client Backups The backup software should support synthesizing new full backups without the need of taking any full backup from clients, with the help of old full backups and incremental backup images. The backup software must have integrated advanced backup technologies i.e. deduplication and tape archiving. Dedupelication should work with SAS, SATA and near line SATA. There should not be any dependency of SSD (in terms of performance) The Proposed Appliance should support wide range of hardware to connect third party hardware in terms of Tape Drive, VTL if required. The proposed Appliance should have Intel Xeon Quadcore processor or better with compatible Intel chipset. The proposed Appliance should have Operating System disk in mirroring and data disk on Raid 6 with Hot spare. Proposed appliance must be provided with minimum usable space of 14 TB in Raid 6 with Host spare. Box should be expandable to 200 TB or more for future expansion. The Proposed Appliance should have two redundant AC Power Supplies Backup solution should be in Gartner leaders quadrant Proposed Backup solution should support instant recovery (directly through backed up images) of virtual machines. The proposed backup solution should allow creation of additional backup copies, run concurrently with primary backup, within the same Library or over the network to another tape library/stand alone drive of different format medium (e.g. Ultrium to SDLT etc..) to allow easy valuating operation. Backup software should have feature to support disk based Incremental forever equivalent to Virtual full backup; where every incremental backup shall be equivalent to full backup without actually copying the actual data blocks of previous full backup. This all should happen in single job instead of running two or more task in job monitor. The backup solution must provide file backup, Bare Metal restore, deduplication, encryption, database online backup, dedupe data replication etc with single agent. Multiple agents/clients should not be installed in server to achieve above features. Backup Solution not only makes use of vSphere Change Block Tracking (CBT) to backup just the changed blocks since a previous point in time, it further enhances CBT’s value by combining with Backup technology to eliminate deleted blocks and to create synthetic full images using unique Optimized Synthetics Engine.

17 | P a g e

Backup solution must have network resilience feature; which can be used for remote site backup in case of low bandwidth. It should not be at extra cost and must be without the need of specific vendor hardware.

ARCHIVAL SOLUTION:

Archival Solution Technical Specification The solution must be capable of archiving content from multiple sources like messaging including MS Exchange, Domino File Servers , MS Sharepoint, VOIP etc The proposed solution must have integration with Email solution through SMTP archiving without the need of any additional hardware. The solution should have the capability to archive data from multiple electronic repository to single repository to achieve best single instance across multiple frontend source data. The solution must support a Single unified console to manage archiving from different sources like File server, sharepoint, Mailing solution etc The solution should provision a web based discovery mechanism to search relevant data across archives from multiple sources like file server, messaging, Sharepoint etc. The discovery mechanism should support a guided, hierarchal review of searched data with capability to filter, marking and legal hold to prevent deletion/expiry. The solution should facilitate a supervision mechanism for emails to ensure compliance of messaging content. The supervision mechanism should facilitate sampling of messages and subsequent review by authorized personnel The solution should support tagging of messages by message security solutions like anti-spam/anti-virus for efficient retention Proposed solution must support outlook on Windows & MAC machines. Archival solution must have support with IMAP compliant devices to access thy emails. Proposed solution should support archiving both at premises and cloud. Proposed solution must have monitoring integration with messaging solution vendor; Microsoft System Center Operations Manager (SCOM) for easy management. The solution should support Message Journaling as well as Envelope Journaling, capture BCC data and expansion of distribution lists The solution must support "Agentless" archiving of messages. There should be no need to deploy any agent on the messaging server. The solution must support search for mails based on undisclosed recipients criteria The solution should support seamless access using shortcuts from the native email client as well as browser based client. The solution should support all archiving actions like manually archive, search, restore, retrieve, delete from the native email client and browser based client

18 | P a g e

The solution should support archiving based on either any or a combination of the following criteria: - Item Type (message, calendar etc.) - Date - Size - Email Attachment only - User - Organizational Unit Proposed solution must have advance way of archive disk/partition data backup to avoid backup of old partitions which must be possible with or without WORM devices.

The solution must allow the administrators to configure the following in shortcuts: - Include recipient information in the shortcuts. - Include nothing / original message body / custom message body in shortcuts. - Include "X" number of characters in the shortcut. - Include a custom body defined from a configuration file in the shortcut etc. The solution should leave a shortcut at either the time of archiving or later as well. The solution should allow users to view archived items directly without having the need to restore them to the messaging server to avoid delays and impact on messaging solution. No network connections should be established between archiving server and messaging server at the time of retrieving archived items The solution must support indexing and archiving of minimum 500+ commonly used file types. The solution should support archiving of entire email folders and application of selective archiving policies based upon folders. The solution must support dynamic retention period of archived items i.e. retention of archived items can be increased or decreased on fly. The solution should facilitate "future proofing" of content by facilitating an HTML copy for long term retention and search The solution should support "safety copies" of items to be kept on the mail server. The "safety copy" allows the archiving software to wait for the archived item to be backed up or replicated before the original item is removed from the mail server. Archival solution must have option to set or configure disk property read and read-write access Archival solution must have disk configurable option with High & Low watermark. In case, Height watermark reaches, disk should automatically become Read only and other pre-configured disk should get read-write access to store fresh archived items. The solution must have OWA integration in such a fashion that archived item can be browsed directly through archived browser tab instead of browsing through internet explorer (IE). IE can be additional feature. The archival solution must have an integrated e-discovery solution which allows guided Discovery, review and analysis of data from the archives and non archived data like desktop, sharepoint, file server, Documentum etc. It’s required for future proofing. Proposed Archival solution must have seamless and consistent end user search experience across multiple interface like Desktop/Laptop, mobile, tablets etc.

19 | P a g e

General Specifications of the Networking Components:

Sl. No.

Detailed Technical Specifications

1.0 General Specifications 1.01 Routers and Switches offered should be from same OEM

1.02 Network should meet requirements for various kinds of users.

1.03 Network should be state of art design incorporating all the modern technologies and should be highly-available

1.04 Network should be designed to cater the growing need and it should be easily scalable and sustainable as the number of users and servers increase.

1.05 Apart from the services offered by the bidder, OEM should also have their spare depots in India, location and address of which should be published on their public website

1.06 The Original Equipment Manufacture should be profitable for last 3 years.

1.07 The Original Equipment Manufacture should be in the magic quadrants of the Gartner report for Enterprise LAN.

1.08 The element managers should be provided for respective products that should be able to integrate with leading helpdesk tools.

20 | P a g e

Core Router (Quantity – 2): Detailed Technical Specifications

General features: 1. The router should be chassis based with minimum 3 payload slots with

distributed architecture through the segregation of control plane and data plane

Architecture 2. Should have internal redundant power supplies 3. Should have redundant CP/ Routing Engine, in case of failure of primary

CPU there should be no drop in the transit traffic. 4. Minimum back-plane capacity of 70-Gbps & forwarding performance of 55

Million packets per sec of 64 bytes packet. The performance is considered with IPv4 & IPv6

5. The Router Should support variety of interfaces I/O cards such as 1 Gig, 10 Gig, STM1, STM4, STM16, DS3/E3, E1/T1, ATM Interfaces, Circuit emulation (SAToP, CESoPSN) . All of the I/O slots should be universal and should support all of the above stated interfaces.

6. Should have Minimum 8 X 10/100/1000 TX Ethernet and 8 X SFP based Ports, and 2 X 10 Gig SR ports from day one. The Optics for the interface should be provided.

Ipv4 Feature support 7. The Router should support the below IPv4 protocols and feature

ISIS LDP BGP, MP-BGP, Support for RIP Version 2 , OSPF , Support for BGP confederations & Route Reflectors Resource Reservation Protocol (RSVP) & Label distribution protocol(LDP) MPLS , L3VPN, L2VPN VPLS The router should support DCI with EVPN supporting RFC 4364 RFC 4761 Should support security features like IPSEC, Firewall and Network attach detection from day-1

8. IPv6 Features: IPv6 ping IPv6 trace route, RIPng OSPF v3 , IS-IS , VRRPv6 , MLD , IPv6 ACL

9. Should support 6PE, 6VPE and NAT64. 10. Should support IPSEC for encrypting traffic on WAN interface. 11. Should support virtual switch or bridge domain for local switching 12. Should support at-least 500K IPv4 routing entries per system and 500k IPv6

routing entries per system 13. Should support minimum 1000 VRF’s 14. Should support 4 logical Systems 15. Should support 1 K VPLS instances 16. High Availability support: Non Stop Routing, Graceful Restart, MPLS

FRR, Should support 802.1ag , Y.1731, Multi chassis Link aggregation (MC-LAG), BFD for IPV4 and IPV6, VRRP .

17. ISSU ,in service software upgrade

21 | P a g e

Detailed Technical Specifications

18. Non Stop bridging and Non-stop-Routing 19. Should support HQOS, Classification based on source and port, priority

queue for critical traffic. Should support policing and shaping of traffic. 20. Network Management: 21. SNMP: Support for SNMP version 2 & upgradable to version 3 shall be

provided. 22. Console or Out-of –band Management: The Router shall have console

management access 23. The Router shall support Network Time Protocol (NTP) as per RFC 1305 or

SNTP (simple NTP) as per as per RFC 2030 Certifications

24. Router should be EAL3/ NDPP and NEBS certified 25. Safety certifications UL 60950-1 26. EMC certifications FCC Class A

Core Switch (Quantity –2): Sl. No.

Detailed Technical Specifications

A Features: 1. Should be Chassis based switch with passive backplane 2. Shall have minimum ten payload slots 3. Shall have distributed, Non blocking switching architecture, each module

should be provisioned with adequate hardware/software to support the same.All the interfaces ports should be wirespeed and non blocking.

4. Shall have CPU and power supply redundancy 5. The Switch should be SDN ready and support openflow and VXLAN B Performance: 6. Dual Redundant Switch Fabric/CPU shall offer minimum 4.8Tbps 7. In the event of failure of one switching/routing engine/fabric, forwarding shall

not stop and failover from one engine to other shall be stateful. The performance of the switch should not degrade in case of failure of one CPU card.

8. The proposed switch shall support simply the changes through In‐Service / non‐stop OS upgrade mechanism with a minimal disruption of traffic through upgrade process.

9. Minimum 3.5 Bpps performance or higher shall be supported for both IPv4 and IPv6

10. Shall be capable of 240Gbps switching capacity per slot and each module should offer non‐ blocking & wire speed forwarding for ipv4 &ipv6

11. Should have distributed Switching Architecture 12. Shall support minimum 8 hardware queues per port 13. Shall support Hot‐swappable power supplies and switching modules C Layer 1 Features 14. Support for 10/100/1000 BASE‐T, 1000 BASE‐SX, LX, LH,ZX GBIC/SFP and

10‐Gig SR/LR/ZR, 40G,100G

22 | P a g e

15. Chassis shall support ‐ Minimum 384 Gigabit ports ‐ Minimum 240 Nos. of 10‐Gig non blocking ports.

D Layer 2 Features 16. Shall have Layer 2 switch ports and VLAN trunks 17. Shall have IEEE 802.3 ad Link aggregation and port Trunking across line

cards 18. Shall have IEEE 802.1Q VLAN encapsulation19. Shall support VTP or equivalent centralized VLAN management to reduce

administrative burden of configuring VLANs on multiple switches in turn eliminating the configuration errors & troubleshooting

20. Shall support a mechanism to detect link issues using IEEE 802.3ah 21. Shall support display and clear MAC address information in MAC Address

Table 22. Shall have IEEE compliance for 802.1Q VLAN, 802.1p, 802.1d STP, 802.3ad,

802.1w RSTP, 802.1s MSTP, 802.3ad LACP, IEEE 802.1ab Link Layer Discovery Protocol,802.3ba.

23. Shall have 500,000 system wide MAC addresses 24. Shall have minimum 4,000 active VLAN support E Layer 3 Features 25. Shall have basic Routing‐Static IP routing, RIP v1/v2, OSPF, ,RIPng PIM‐SM

and policy based routing, RIPnG, OSPFv3, MLD 26. Shall have VRRP for IPv4 and IPv6 for redundancy 27. Shall have IGMP v1, v2, v3 28. Shall have IP multicast routing protocols PIM 29. Shall support minimum 500K IPv4 and 500K IPv6 unicast routes. 30. Shall support minimum 250K IPv4 and 250K IPv6 multicast routes. 31. Shall support Static LSP, LDP , VPLS F QoS Features 32. Shall have Per‐port QoS configuration 33. Support for IEEE 802.1p QoS policies. 34. Support for Diff ServQoS on all ports 35. Shall support minimum eight queues per port in hardware 36. Shall have priority queuing 37. Shall have IP differentiated service code point (DSCP) and IP precedence 38. Shall support Congestion Avoidance feature like WRED G Availability 39. Shall be provided with redundant Switching Fabric 40. N+1/1+1 Redundant Power Supply from day one 41. Hot Swap ability on all modules and Power Supply 42. Hot Swappable Fan tray H Security: 43. Shall have Filters/Access‐List on all ports 44. Shall support Port Mirroring 45. Shall be able to shut down Spanning Tree Protocol enabled interfaces when

BPDUs are received to avoid accidental topology loops 46. Shall be able to prevent edge devices not in the network administrator's

control from becoming Spanning Tree Protocol root nodes

23 | P a g e

47. Shall have TACACS+/RADIUS enabled. 48. Shall have SSHv1/ SSHv2, SNMPv1, SNMPv2, SNMPv3, SCP/SFTP/FTP

support 49. Shall support Syslog over IPv6, I Certifications 50. The Switch should be EAl3/NDPP certified 51. Switch should be ROHS compliant, NEBS, EN 55022 Class A and CISPR J Minimum Configuration deliverable 52. Core Switch Shall have minimum 80 x 10/100/1000 Mbps Base TX ports and

48 Nos of 10 Gig ports populated with 48 SR transceivers. All the above‐mentioned ports should be wire‐speed forwarding performance for both IPv4 & IPv6 packets & should be provided across modules for redundancy.

Firewall with IPS (Quantity – 2):

Sl. No.

Detailed Technical Specifications

A. The appliance based security platform shall be capable of providing firewall and VPN (IPSec) functionality simultaneously.

The platform should be based on real time, secure, embedded operating system.

2 Capability to detect hardware failure during power up and before going online 3 Should provide Stateful failover. 4 HA configuration that uses dedicated HA‐control interfaces apart from the

mentioned traffic interfaces5 Should provide active/active and active/standby failover 6 Sessions ‐

Should support upto 1.5 Mil Concurrent sessions and at least 64,000 sessions per second Should be scalable to 3 Mil concurrent sessions and 128,000 sessions per second.

7 System Throughput ‐ Should support min 10 Gbps of firewall. Should have 4 Gbps IPSec throughput IPS throughput of 4 Gbps

8 Memory ‐ at least 2GB or higher 9 The architecture of the firewall should be service module based, where

performance of the firewall can be increased by adding service cards 10 VoIP ‐ Session Initiation Protocol (SIP), Real‐Time Streaming Protocol

(RTSP), ALG's. 11 Support : ‐ IKE, IPSec VPN standards, 56‐bit DES, 168‐bit 3DES, OSPF

routing, x.509, Up to 256‐bit AES data encryption 12 Authentication, Authorization and Accounting (AAA) support:

‐RADIUS, TACACS or TACACS+ 13 Support for: Network and application level attacks ranging from

malformed packet attacks to DoS attacks, . Support RSA and Diffie‐ Hellman, MD‐5,SHA‐1

14 DHCP relay :‐ Forwards DHCP requests from internal devices to an administrator‐ specified DHCP server, enabling centralized distribution, tracking, and

24 | P a g e

maintenance of IP addresses.

15 Provides: Rich dynamic NAT and PAT services Bidirectional NAT and Transparency Static NAT and PAT services.

Policy‐based NAT and PAT services

16 Management 17 Web based management to support for remote monitoring 18 Accessible through variety of methods including : Telnet, Console Port, SSH 19 Dedicated Out‐of‐Management interface 20 Support SNMPv1, v2, v3 & Support for syslog 21 Should have the ability to create customizable administrative roles/profiles

(monitoring only, read‐only access to configuration). 22 Software features 23 support for IPv4, RIPv2, OSPF,BGP,VLAN, DHCP. Support for IPv6

RIPng,OSPFv3. Support H.323,SIP,FTP,etc. 24 Power Supply 25 Internal Redundant Power supply 26 Minimum Interfaces Required 02 No's 10 Gbps SR ports

6 No's of 1 Gig Ports 4 SFP ports

27 Should be minimum EAL‐3/NDPP Certified

Router at all Branches: Sl.

No. Detailed Technical Specifications

1.0 General requirements

1. Device should have a modular architecture

2. Minimal performance degradation when running advanced services such as stateful firewall, NAT and IPSec.

3. Device should support Routing, IPSEC, Firewall, IPS for IPv4 and IPv6 from day-1 Hardware and interface requirements

4. Device should have atleast 6 x 10/100/1000, 10 Gig ,WAN and LAN ports and 4 free slots for future expansion.

5. Device should support modular LAN and WAN connectivity options including Gigabit Ethernet T1/E1, serial V.35, E3, 10G.

6. Should have internal redundant power supply from day 1.

7. Should have minimum 1GB RAM and 1GB Flash

Performance requirements

8. The Device should support IPS performance of 600 Mbps. The functionality

25 | P a g e

Sl. No.

Detailed Technical Specifications

can also be met using external device. Hardware should be ready from day-1. 9. The Device should have Firewall performance of 4 Gbps.

10. The Device should support minimum 24,000 Connections per second

11. The Device should support minimum 2,50,000 Concurrent Sessions

Quality of Service (QoS ) requirements

12. Devices should support Class-based queuing with prioritization

13. It should be possible to configure maximum bandwidth and guaranteed bandwidth

14. Devices should support Queuing based on VLAN, DLCI, interface, bundles, or filters

15. Devices should support Marking, policing, and shaping

16. Devices should support congestion management features like WRED

Routing protocol support

17. The Device should support IPv4 and IPv6 routing

18. The Device should support VRRP

19. The Device should support Static Routes

20. The Device should support RIPv1 & RIPv2

21. The Device should have OSPFv2 and IS-IS routing features

22. The Device should support Policy Based Routing

23. The Device should support Routing over IPSec Tunnels

24. The Device should support ECMP

25. Multicast Features

26. Multicast Listener Discovery (MLD)

27. IGMP v1/v2/v3

28. PIM-SM

29. Source Specific Multicast (SSM)

30. MPLS Features

31. Layer 2 VPN

32. Layer 3 VPN

33. LDP

34. RSVP

Security features

35. Devices should support AAA using RADIUS or TACACS

36. Devices should support Packet Filters

26 | P a g e

Sl. No.

Detailed Technical Specifications

37. Devices should support Network attack detection

38. Devices should support DoS and DDoS protections

39. Devices should support MD5 and SHA-1 authentication

40. Devices should support Prevent replay attack

41. Devices should have role based access mechanisms.

Management and Troubleshooting

42. Device should have Console, Telnet and Web for management

43. Devices should support Software upgrades through Web

44. Devices should support SNMPv2 and SNMPv3

45. Extensive debugs on all protocols

46. Real-time traffic-interface/sub interface statistics.

47. Real-Time Performance Monitor—service-level agreement verification probes/alerts Certifications

48. Safety certifications UL 60950-1

49. EMC certifications FCC Class B

50. Device shall be minimum EAL 3/ NDPP Certified.

48 Port Switch:

Switch – 48 Port Sl. No.

Detailed Technical Specifications

A The Switch should support Stacking from Day 1 via standard interfaces for a scalable solution

B c

Should provide 48‐10/100/1000 & additional 2 nos of SFP.

D Should have at least 100Gbps switching bandwidth E Should have switching throughput of up to 75 million pps 1. MAC Address table size of 16000 entries 2. The Switch should be 19” Rack‐Mountable / 1 rack unit (RU) 3. Should be provided with 512 MB DRAM and 1GB flash memory Resiliency and high availability 4. Should support IEEE 802.3ad Link Aggregation Control Protocol (LACP) 5. Should support IEEE 802.1s Multiple Spanning Tree Protocol 6. Should support Redundant Power Supply 7. Should support load sharing algorithm for bridged and routed traffic 8. Should monitor and detect link failure on uplink interfaces and can propagate

27 | P a g e

the failure to downlink interfaces so that servers connected to those downlink interfaces can switch over to secondary interfaces.

9. Layer 2 and Layer‐3 features 10. Should support IEEE 802.1Q 1000 VLAN simultaneously

11. Should support Multiple VLAN Registration Protocol (MVRP, IEEE 802.1ak) for dynamic registration and deregistration of VLANs on ports in a VLAN bridged network

12. Should support Jumbo frames of 9000 bytes 13. Should provide Static IP routing, RIP & OSPF 14. Should provide IPv6 static routing 15. Should VRRP for redundancy

16. Should support Multicast VLAN Registration (MVR) to distribute multicast streams across an Ethernet ring‐based Layer 2 network and reduce the amount of bandwidth consumed by the multicast traffic

17. Security

18. Should support MAC address limiting (per port and per VLAN) and MAC address move to detect MAC movement and MAC spoofing on access interfaces

19. Should support port and VLAN Access control lists (Ingress and Egress ) 20. Should support IEEE 802.1X ‐ Port, Multiple supplicant, VoIP VLAN

21. Should support DHCP snooping, DHCP server and relay with option 82 for Layer 2 VLANs and Layer 3 interfaces

22. Should support Dynamic ARP inspection (DAI), IP source guard 23. Should support broadcast, unicast and multicast (BUM) storm control 24. Should support TACACS+ and RADIUS authentication for secure switch CLI

logon 25. Should support SSHv2 and HTTPs allowing secure access to the switch 30 Convergence and QoS 31 Should support IGMP v1, v2, v3 and IGMP snooping

32 Should support Sparse (SM), Dense (DM) and Source Specific (SSM) Protocol Independent Mutlicast

33 Should support Multicast VLAN Registration Protocol (MVR)

34 Should support Multicast Listener Discovery (MLD) snooping enables the switch to monitor MLD messages between IPv6 multicast routers and hosts

35 Should support Link Layer Discovery Protocol (LLDP)

36 Should support LLDP‐MED (Media Endpoint Discovery) with voice over IP (VoIP) integration

37 Should support per‐port Rate Limiting setting ingress enforced maximums

38 The switch should support at least 8 queues to ensure multiple level of traffic prioritization (data, voice, video)

39 Advance Features

40 The switch should have active probes to track and monitor real time traffic across the network and to investigate network problems.

41 Should support Policing/Rate‐limiting of traffic to CPU 42 Should support port security with Sticky MAC Addresses

43 Should support 802.1ag Ethernet OAM, IEEE 802.3ah Link Fault Management (LFM) and Time domain reflectometry (TDR) or equivalent

28 | P a g e

44 Should have Dynamic Host Control Protocol (DHCP) Zero Touch feature enables a device to retrieve configuration files from the remote DHCP server during initial deployment with no end‐user intervention

45

Should be able to automatically configure ports with security, QoS, and other parameters based on the type of device connected to the port with profiles like Wireless access point, PC, PC plus IP phone, Layer 3 uplink, and Layer 2 uplink.

46 Should be able to eliminate the complexities involved in configuring class of service (CoS) across the network by offering templates with preconfigured CoS values based on typical application requirements for key traffic classes

47 Should dete5ct Ethernet link failures and correcting the failures in less than 50 ms by forming a Ethernet protection ring.

48 Should support Private VLAN to split a broadcast domain into multiple isolated broadcast subdomains and Q‐in‐Q to extend a Layer 2 Ethernet connection between two customer sites

49 Manageability 50 Web User Interface, CLI

51 Should support Port mirroring and mirror traffic that is traversing interfaces or a VLAN on the switch to a different location for analysis

52 Should support IPv6 management features like neighbour discovery ( RFC 4861), Telnet, SSH, SNMP, NTP, DNS

53 Should have monitoring technology like netflow/s‐flow to randomly sample network packets and send the samples to a monitoring station

54 Should store multiple configuration and image files

55 Should have the capability to revert to the last known good state if the switch image, configuration and the backup configuration files become damaged beyond repair

56 Should support automatic configuration over the network from a pre‐existing configuration file that is created and stored on a configuration server

57 Should support automatic software download feature using the DHCP message exchange process to download and install software packages.

58 Should support standard IP‐MIB (RFC 4293) and SNMP v1, v2 & v3 59 Certifications 60 Common Criteria EAL3 / NDPP

24 Port Switch:

Switch – 24 Port Sl. No.

Detailed Technical Specifications

A The Switch should support Stacking from Day 1 via standard interfaces for a scalable solution

B c

Should provide 24‐10/100/1000 & additional 2 nos of SFPs

D Should have at least 52 Gbps switching bandwidth E Should have switching throughput of up to 39 million pps 1. MAC Address table size of 16000 entries

29 | P a g e

2. The Switch should be 19” Rack‐Mountable / 1 rack unit (RU) 3. Should be provided with 512 MB DRAM and 1GB flash memory Resiliency and high availability 4. Should support IEEE 802.3ad Link Aggregation Control Protocol (LACP) 5. Should support IEEE 802.1s Multiple Spanning Tree Protocol 6. Should support Redundant Power Supply 7. Should support load sharing algorithm for bridged and routed traffic

8. Should monitor and detect link failure on uplink interfaces and can propagate the failure to downlink interfaces so that servers connected to those downlink interfaces can switch over to secondary interfaces.

9. Layer 2 and Layer‐3 features 10. Should support IEEE 802.1Q 1000 VLAN simultaneously

11. Should support Multiple VLAN Registration Protocol (MVRP, IEEE 802.1ak) for dynamic registration and deregistration of VLANs on ports in a VLAN bridged network

12. Should support Jumbo frames of 9000 bytes 13. Should provide Static IP routing, RIP & OSPF 14. Should provide IPv6 static routing 15. Should VRRP for redundancy

16. Should support Multicast VLAN Registration (MVR) to distribute multicast streams across an Ethernet ring‐based Layer 2 network and reduce the amount of bandwidth consumed by the multicast traffic

17. Security

18. Should support MAC address limiting (per port and per VLAN) and MAC address move to detect MAC movement and MAC spoofing on access interfaces

19. Should support port and VLAN Access control lists (Ingress and Egress ) 20. Should support IEEE 802.1X ‐ Port, Multiple supplicant, VoIP VLAN

21. Should support DHCP snooping, DHCP server and relay with option 82 for Layer 2 VLANs and Layer 3 interfaces

22. Should support Dynamic ARP inspection (DAI), IP source guard 23. Should support broadcast, unicast and multicast (BUM) storm control 24. Should support TACACS+ and RADIUS authentication for secure switch CLI

logon 25. Should support SSHv2 and HTTPs allowing secure access to the switch 30 Convergence and QoS 31 Should support IGMP v1, v2, v3 and IGMP snooping

32 Should support Sparse (SM), Dense (DM) and Source Specific (SSM) Protocol Independent Mutlicast

33 Should support Multicast VLAN Registration Protocol (MVR)

34 Should support Multicast Listener Discovery (MLD) snooping enables the switch to monitor MLD messages between IPv6 multicast routers and hosts

35 Should support Link Layer Discovery Protocol (LLDP)

36 Should support LLDP‐MED (Media Endpoint Discovery) with voice over IP (VoIP) integration

37 Should support per‐port Rate Limiting setting ingress enforced maximums

30 | P a g e

38 The switch should support at least 8 queues to ensure multiple level of traffic prioritization (data, voice, video)

39 Advance Features

40 The switch should have active probes to track and monitor real time traffic across the network and to investigate network problems.

41 Should support Policing/Rate‐limiting of traffic to CPU 42 Should support port security with Sticky MAC Addresses

43 Should support 802.1ag Ethernet OAM, IEEE 802.3ah Link Fault Management (LFM) and Time domain reflectometry (TDR) or equivalent

44 Should have Dynamic Host Control Protocol (DHCP) Zero Touch feature enables a device to retrieve configuration files from the remote DHCP server during initial deployment with no end‐user intervention

45

Should be able to automatically configure ports with security, QoS, and other parameters based on the type of device connected to the port with profiles like Wireless access point, PC, PC plus IP phone, Layer 3 uplink, and Layer 2 uplink.

46 Should be able to eliminate the complexities involved in configuring class of service (CoS) across the network by offering templates with preconfigured CoS values based on typical application requirements for key traffic classes

47 Should dete5ct Ethernet link failures and correcting the failures in less than 50 ms by forming a Ethernet protection ring.

48 Should support Private VLAN to split a broadcast domain into multiple isolated broadcast subdomains and Q‐in‐Q to extend a Layer 2 Ethernet connection between two customer sites

49 Manageability 50 Web User Interface, CLI

51 Should support Port mirroring and mirror traffic that is traversing interfaces or a VLAN on the switch to a different location for analysis

52 Should support IPv6 management features like neighbour discovery ( RFC 4861), Telnet, SSH, SNMP, NTP, DNS

53 Should have monitoring technology like netflow/s‐flow to randomly sample network packets and send the samples to a monitoring station

54 Should store multiple configuration and image files

55 Should have the capability to revert to the last known good state if the switch image, configuration and the backup configuration files become damaged beyond repair

56 Should support automatic configuration over the network from a pre‐existing configuration file that is created and stored on a configuration server

57 Should support automatic software download feature using the DHCP message exchange process to download and install software packages.

58 Should support standard IP‐MIB (RFC 4293) and SNMP v1, v2 & v3 59 Certifications 60 Common Criteria EAL3 / NDPP

31 | P a g e

Network Bandwidth Optimization Tool: Introduction 1 The Technical Specifications is designed to define the Wan Optimization

Solution at hub and remote/branch locations for Application optimization and accelerated application access.

2 Purpose built platform to reduce the impact of network congestion, latency and packet loss that dramatically slows end user response times

Design Parameters Remote/Branch Locations 4 Should be dedicated appliance based solution (not router integrated module)

with purpose built hardware for high performance. 5 Branch appliance should support 4 Mbps of optimized bandwidth and 500

optimized TCP flows 6 Solution must support single instance store technology to store content on disk.

Storage support should be 500GB 7 Network Interface: 2 numbers of Inline Gigabit Ports and 2 dedicated

management ports for centralized management and monitoring. Scalability: The Appliance must be able to scale to support 10 Mbps of optimized bandwidth and 1000 TCP flows by without changing the physical appliance to a larger appliance

Design Parameters Hub Location 8 Should be dedicated appliance based solution with purpose built hardware for

high performance. 9 Branch appliance should support 300 Mbps of optimized bandwidth and 40,000

optimized TCP flows 10 Solution must support single instance store technology to store content on disk.

Storage support should be 2TB 11 Network Interface: 2 numbers of Inline Gigabit Ports and 2 dedicated

management ports for centralized management and monitoring. 12 Scalability: The Appliance must be able to scale to support 1000 Mbps of

optimized bandwidth and 100,000 TCP flows without changing the physical appliance to a larger appliance

General Features 13 Should support TCP optimization for efficient data transfer across WAN, higher

bandwidth utilization, faster recovery after any packet loss. TCP optimization must include Windows Scaling, Slow start with congestion avoidance, Fast Convergence & Selective acknowledgements to ensure efficient throughput in Long FAT Networks

14 Should support standard compression mechanism and stream based differencing to avoid transmission of content that has been previously received in the local data store.

15 The solution should be able to support & recognize repetitive byte patterns, and be able to replace the repetitive data with reference records and other metadata.

16 Network deduplication to avoid the repeated content across the WAN and to ensure efficient utilization WAN bandwidth. content should be stored on disk at both ends of the network and when similar content is seen again, messages are sent to the peer device to replay the content locally rather than re

32 | P a g e

transmitting the data across the WAN

17 content aware deduplication: solution should able to distinguish protocol used to transfer the contents for efficient disk utilization and better performance.

18 Single instance store: Solution should support single universal dictionary for maintaining larger histories without requiring per peer data store. Architecture of the solution must ensure that single copy of any content is maintained irrespective of the peer is being sent to.

19 Application acceleration blueprints: Solution should provide Layer 7 application intelligence to mitigate not only the chattiness of legacy protocols but also to improve the performance of protocols like HTTP or iSCSI when they are used over a WAN. Should support real time payload identification for de�duplication.

20 HTTP acceleration: Solution must support HTTP application blueprint address the protocol chattiness issues that affect the HTTP performance

21 Should support “Pre�Cache Acceleration” (PCA) which helps speed up the rendering of Web pages by eliminating repetitive trips over the WAN connection to validate the freshness of content. client’s browser must query the remote server with an HTTP 304 request for the “freshness value” of the object

22 HTTPs acceleration: Support for HTTPS application acceleration blueprint to address protocol chattiness and performance issues. Solution must able to intercept the HTTPS traffic for content deduplication and protocol optimization.

23 HTTPS acceleration blueprint should to break the end to end security trust model, certificates must be only loaded on datacenter/Hub location device and not on the remote location devices.

24 Acceleration device must support PFX and PKCS#12 certificate format. 25 MAPI acceleration: The solution should natively address protocol chattiness

issues for the MAPI protocol used by Exchange servers and Outlook clients using application specific blueprints

26 CIFS acceleration: The WAN optimization solution must address protocol chattiness issues for the CIFS protocol

27 The CIFS Blueprint should support multiple techniques including read ahead, write behind and directory optimizations in order to improve the throughput

27 ICA acceleration: support for ICA blueprints to address protocol chattiness and performance issues. Solution must be able to intercept ICA traffic for content deduplication and protocol optimization without any server side configuration changes.

28 The solution should be able to define classes of application traffic and apply Quality of Service policies to each class

29 The solution should support traffic shaping and provision to allocate Guaranteed Bandwidth to each class of applications

30 The solution should be able to allocate a maximum bandwidth usage cap to each class of traffic. The solution must allow usage to burst above the maximum bandwidth usage cap if no other traffic classes attempt to utilize the available bandwidth

Deployment

33 | P a g e

31 Should support various deployment modes including inline mode, out of line mode & out of path for seamless integration with other network devices

32 Out of line mode operation must support WCCPv2 for traffic redirection. WCCP forwarding & return methods must include Generic routing encapsulation (GRE) and layer2 switching

33 Must have built in blackhole detection support should not impact traffic flow if optimization appliance is not in service.

34 Out of line mode operation should also support VRRP and policy based routing (PBR) to redirect traffic to Wan optimization appliances.

35 should support correct addressing mode of operation for out of path deployment

36 Solution should be deployed transparently into the existing/proposed WAN environment and should not modify any network characteristics like IP addresses, headers or port numbers etc.

37 Should support correct addressing with server side transparency (CAST) mode of operation. Correct Addressing with Server�Side Transparency should provide Correct Addressing mode on the WAN and Transparent Addressing on the LAN

38 The solution must support auto discovery of remote peer devices and dynamically detect the presence of any other WAN optimization devices. Peers are automatically removed from the discovered list if a connection cannot be made within 24 hours

39 OEM must have local TAC support in INDIA and must have executed at least 2 similar wan optimization projects in INDIA with minimum of 200 remote locations.

40 OEM must have presence in INDIA from last 5 years. Management 41 Solution should provide centralized management tool for centralized

configuration; monitoring provisioning and reporting. Instead managing individual devices.

42 Should allow centralized software management of WAN appliances across an entire network

43 Each appliance must have an integrated performance dashboard displaying traffic types, acceleration levels per traffic type, usage of the WAN link, and traffic statistics over time

44 A performance data export feature using NetFlow must be supported to send data to existing network management tools.

45 The solution must support RADIUS. 46 The solution must support SSH for access to the management Command Line

Interface. 47 The appliance software must also have the option to run on Windows Server

2008 which is commonly found deployed in remote offices 48 Should support remote notification capabilities, including SNMP , SMTP

notification, and syslog notifications.

34 | P a g e

Network Management & Monitoring Tool: Network Management & Monitoring System/Tool: Basic Requirements i. The proposed solution should be based on industry best practices and the OEM should have technical support center in India with at least 250 support staff. ii. The Service Management solution namely Service desk (incident and problem mgmt) and Asset Management should be built on the same platform/code and leverage the same common, shared configuration database with a unified architecture. The same platforms should be used across all modules, requiring no complex integrations to leverage the combined benefits offered by the integrated platform. iii. The service automation solution should be a unified solution supporting provisioning, configuration management and compliance assurance across servers, networks and applications and should support end to end full stack and dynamic server, network and application provisioning. i. The solution should possess capabilities that deliver self learning capabilities to virtually eliminate the ongoing costs of manual threshold, rule, and script maintenance. ii. The solution should be able to generate dynamic performance baselines and continuously update and refine these normal operational bands by automatically adapting the changes in enterprise infrastructure. The solution should have the capability to minimize manual threshold management, by performing automated dynamic threshold management. iii. The solution should have predictive analytics and intelligence in built into it so as to detect any anomaly before it could potentially hit the threshold thereby giving enough lead time to users to resolve the issues before the threshold is breached. i. The solution should have Service Management Process Model in built based on ITIL v3 best practices. ii. Should manage complete lifecycle starting with the initiation of the procurement through to retiring and (if applicable) harvesting unused software. iii. Should be integrated with Service Desk for maintenance and support of assets i. Should support all major OS and virtualization platforms ii. Should Support comprehensive and configuration level roll back for changes iii. Automated provisioning for physical, virtual, and cloud based environments iv. Policy based, Cross�Platform patch support across Windows, Linux, and Unix v. Support compliance Policies for regulatory and security standards with integrated exception documentation vi. Support Granular and environment aware configuration policies and deployment vii. Automated packaging, promotion, and deployment of applications viii. Should support cross platform and reusable packaging with built in rollback support ix. Should maintain complete configuration for all managed servers at completely granular level ensuring any minor change is also tracked and reported on x. Should support Configuration level Control of Tasks, Objects, and Policies xi. Should have ability to monitor the parameters in real time and confirm compliance to security policies

35 | P a g e

xii. Closed loop change Management workflows that monitor and track these compliance changes xiii. Should have audit capabilities that compare the server status to policies defined in real time i. The solution should be able to support configuration management across the network infrastructure, including routers, switches, firewalls, load balancers, wireless access points, and other network devices. ii. The solution should be able to instantly provide the who, what, where, and when of planned, unplanned, and unauthorized network changes iii. The solution should be able to audit and enforce configuration standards, such as those around security, performance, and routing which would help in proactively assessing the impact of change and also quickly recover from problematic changes iv. The solution should be able to dynamically create scripts to allow for changes to be pushed into the device without having to reboot the device (i.e., non disruptive rollback) v. The solution should be able to provide the mechanism to push access control lists (ACLs) into a device without exposing the device to potential security vulnerabilities" vi. Should support Standard Authentication Methods, Role Based Access Control (RBAC), Realms and Groups, Sensitive Data Masking, Telnet SSH proxy vii. The solution should support an extensible, automated import feature to collect device information from third party discovery engines and other sources. The solution should be able to dynamically create scripts to allow for changes to be pushed into the device without having to reboot the device (i.e., non-disruptive rollback) The solution should be able to provide the mechanism to push access control lists (ACLs) into a device without exposing the device to potential security vulnerabilities"

Should support Standard Authentication Methods, Role Based Access Control (RBAC), Realms and Groups, Sensitive Data Masking, Telnet SSH proxy

The solution should support an extensible, automated import feature to collect device information from third party discovery engines and other sources. Should support Configuration-level Control of Tasks, Objects, and Policies

Should have ability to monitor the parameters in real time and confirm compliance to security policies Closed loop change Management workflows that monitor and track these compliance changes Software license usage metering and License compliance management

Provide detailed compliance measurement using a flexible, rule-based license engine with wizard-based license rules creation Automate linkages between assets and software license, leases, warranty, and support contracts to optimize entitlements and ensure compliance Track TCO, including costs attributable to maintenance, incidents, changes, and depreciation The solution should come with a built-in Software library that has pre-populated list of 1000s of software along with details of their digital signatures and software categorization Provide Service Blueprints Policy-based cloud service placement

36 | P a g e

Should provide Smartmerge to auto generate change scripts for Network provisioning Should provide SmartACL management to push access control lists (ACLs) into a device w/o exposing the device to security vulnerabilities

Data Loss Prevention (DLP): Data Loss Prevention Tool (DLP)

Must provide next generation data threat prevention and information discovery functions to protect structured, semi‐structured, unstructured mission critical data in the enterprise Network Data Loss Prevention

For software based Solution, Supplier has to provide appropriate hardware keeping overall design and functional requirement under consideration and must not affect overall application performance. The proposed Solution must support 500 users & scalable to 1000 users. Solution should not require any third party proxy server (such as ICAP servers) to provide Enforcement of Information Security. Solution should cover both Active and passive FTP including fully correlating transferred file data with control information. Solution Should have the ability to monitor popular IM protocols (AIM, Yahoo, MSN, IRC etc.) and properly classify tunneled IM traffic (HTTP) Solution should be able to interface with an institution’s employee or staff directories (e.g., Active Directory, LDAP) Content Detection

Solution must have Identity and Role Based policy capabilities that integrate with AD/LDAP/HR database. Solution should enforce “Automatic Access Control” on Data and Information

Solution must be able to apply different policies to different employee groups

Solution should have ability to filter out network traffic for inspection based on protocol, IP range, or email sender/recipient email Solution should provide encryption capabilities to protect data at risk

Solution should have a comprehensive Information Classification methodology that would be readily deployable and does not dependent on fingerprint technology Solution should have Resources Qualification and experience in Information Classification Solution should have ability to create and manage policies that can be deployed across all components (Network and Endpoints) DLP Policy Creation

Solution MUST use automated policy mechanism

The network DLP Solution should have capability to test the policy on an offline data

37 | P a g e

before making it live, it helps to avoid false positives.

Solution should have built‐in Automated Policy Synthesis mechanism

Solution should be able to monitor and prevent Advanced Persistent Threats (APT)

Solution should have Built‐in Ontologies on International PII and PCI‐DSS capabilities and has the ability to add or customized new Ontologies to cater to specific Government or Defense requirements The Solution should provide ability to configure policies to detect on fingerprints and files from share/repository/date created etc. Solution should have Ability to detect and protect confidential unstructured data based on the data categorization that has been learnt Solution should have ability to Detect based on fully customizable regular expressions Solution should have Ability to detect and protect new or unseen documents, which content is similar to the data categorization which has been taught via data categorization Solution should have Ability to detect scanned documents, which contains sensitive data in text form Solution should have Ability to detect screen captures or picture formats, which contain sensitive data in text form. Solution should have Ability to learn to categorize data via providing a set of sample documents to improve accuracy of detection Solution should have Ability to configure and send multiple automated responses based on severity, match count, policy, etc Solution should have Ability to release quarantined email from notification received.

Reporting and Notification

On‐screen/ pop‐up/ e‐mail notification delivered to users during a rule/ policy violation and escalation workflow to ICT Security team or immediate manager. User’s ability to conduct self‐remediation (such as on‐screen/pop‐up/e‐mail notification prompting user to confirm whether to continue or cancel confidential data transfer). Ability to capture justification for DLP rule/policy violation as part of logs capturing all relevant incident details on a single screen/ page to allow quick user decision‐making and immediate action. Per‐user ability to customize the layout and data of the incident snapshot

Incident Management and administration

Ability for an incident to be correlated to other incidents by subject, sender, recipient, filename, file owner, user name, and policy. Solution should have ability to support real‐time incident analysis

DLP Reporting

Solution should have a list of pre‐defined template reports

Solution should Support report customization

38 | P a g e

DLP Management

Solution should have Integration with external directory for incident workflow assignment Support for role‐based access and delegated administration

Integration with Active Directory or other directory

Host DLP

Control use of all the USB devices

Track what data is saved to USB storage devices

Track what data is copied from USB storage

The proposed Solution architecture, Design and deployment, Warranty for a period of 5 (Five) Years should be certified by OEM Professional Services with relevant documents.

SSL VPN:

SSL VPN i. SSL VPN should be a hardware based purpose built appliance with minimum 4 triple speed 10/100/1000 Mbps interface ports. ii. Should support 1000 concurrent users and scalable up to 3000 users on same hardware iii. Should provide fast and easy access to all applications including Web�based, client/server, server�based architecture iv. Should support external wan optimization feature functions including TCP optimization, data deduplication, single instance store and application optimization blueprints for HTTP, HTTPS, CIFS, MAPI protocols for optimized application access through SSL VPN. v. Should support standard compression mechanism and stream based differencing to avoid transmission of content that has been previously received in the local data store. vi. Should support Active�Active High availability with stateful session failover (SSF) vii. Should support following Authentication methods: a) Username and Password, Active Directory, LDAP b) Client side digital certificates c) RSA SecurID viii. Should support at least 45 Virtual portals and support for delegated administrative management per virtual portal. ix. SSL VPN solution must provide machine authentication based on combination of HDD ID, CPU info and OS related parameters i.e. mac address to provide secure access to corporate resources. x. SSL VPN solution should provide provision for auto collect, auto approve functions for automated collection and approval of hardware ID's without any manual intervention

39 | P a g e

xi. Appliance must support workflow functionality that should allow security administrators to approve end user hardware machine before users can access the published resources xii. SSL VPN solution offers encrypted and authenticated access to internal applications from internet. Multi factor authentication is additional layer of security that ensure only authorized user can access the resources, Static passwords can be compromised having said that attacker or intruder can bypass SSL security control and gain unauthorized access to internal applications. it is highly recommended form security stand point proposed SSL solution

Server Load Balancer:

Server Load Balancer: S. no.

Feature /Specification

1. Architecture a. Able to synchronize configurations at boot time and run time, connection states

to provide stateful failover of applications. b. Able to be deployed in both Active Stand by and Active Active setups. c. Able to detect system failure, SSL card failure, process health check, cpu over

heated or shutdown/reboot, and perform failover to ensure high availability, by using either network and serial connection based heartbeat.

d. Able to be deployed in a single arm (single subnet) network topology environment.

e. Supports RPC XML scripting messages from third party applications or devices to modify configuration of the load balancer.

f. Supports both CLI via SSH and web based GUI configuration and administration.

g. Extensible policies (e Policy) scripts to implement business logic on network without any changes in application code to support complex application integration.

h. Should support global load balancing algorithms like Proximity 2. Delivery

a. Able to load balance ANY IP based application. b. Able to support both TCP and stateless UDP (User Datagram Protocol)

applications. c. Able to should support server load balancing algorithms such as round robin,

weighted round robin, least connection, Persistent IP, Hash IP, Hash Cookie, consistent hash IP, shortest response, proximity, snmp, SIP session ID, hash header etc.

d. Able to maintain server persistency based on source ip and destination ip, http header, url, cookie and SSL ID.

e. Able to support application based monitoring, such as HTTP/HTTPS,FTP (passive/active), POP3, IMAP, DNS, SMTP, telnet, RADIUS,LDAP, RTSP, RDP

f. Able to support external customized / script based health check to perform extended health�checks on the servers and other devices.

g. Able to support single arm, reverse and transparent proxy mode deployment scenarios and should support nested layer7 and l4 policies.

40 | P a g e

h. Able to support different cookie persistence methods such as, insert, rewrite and hashing.

i. Able to read into HTTP header and make traffic management decision based on HTTP host, URI, method, version, cookie and browser type etc.

j. AbletosupportamixedcombinationofIPv6and IPv4virtual addresses and nodes. k. Able to support IPv6 IPv4 and IPv4 IPv6 translations. 3. Optimization

a. Able to provide integrated SSL termination / acceleration, and SSL re encryption to the servers.

b. Able to aggregate multiple connections to a single server side connection – connection multiplexing.

c. Able to provide real time Dynamic Web Content Compression to reduce server load and selective compression for Text, HTML, XML, DOC, Java Scripts, CSS, PDF, PPT, and XLS Mime types..

d. Able to provide support for customized cache rules including max object size, TTL objects, refresh time interval etc..

e. Able to support TCP optimization options including windows scaling, timestamp & Selective Acknowledgement for enhanced TCP transmission speed.

4. Security & management a. Able to support DoS mitigation through connection reverse proxy. b. Abletosupportpacketfilteringbasedonlayer3to layer 7 information. c. Able to support Rate shaping & QoS Support so that all applications work

optimally without impacting user experience d. Role based access control for granular authentication and authorization.

Administrator should able to define multiple roles namely Admin, Security�admin, Network�Engineer, Network Monitor, Network Manager on the appliance

e. The appliance should have SSH CLI, Direct Console, SNMP, and Single Console per Cluster with inbuilt reporting.

5. General a. Shall be rack mountableintostandard19” wide rack. b. Should be appliance based solution with high performance purpose built

hardware. c. Shall be able to support the following load balancing algorithms that can be

simple to set up and configure: round robin, weighted round robin, least connection, Persistent IP, Hash IP, Hash Cookie, consistent hash IP, shortest response, proximity, snmp, SIP session ID, hash header etc.

d. Shall be able to support ‘sticky’ connections to servers based on the following switching mechanisms: URL/content switching policies URL hashing, Cookie�based, SSL ID based

e. Should provide full ipv6 support and solution should be IPv6 gold�certified. OEM should be listed vendor for ipv6 phase�2 certification.

f. OEM Shall have TAC Centre in India with 24x7 availability through toll free line g. OEM must have direct presence in India with at least 10 Nos. of Technical

Manpower direct support in India for the offered technology. 6. Physical Specification

a. ShouldhaveOptimizeThroughputofminimum5 Gbps from day one available b. Should support4Millionconcurrentconnection

41 | P a g e

c. 4*10/100/1000 copper interface with 8 GB RAM d. Future support for 2*10G SFP+ interfaces and throughput scalability up to 10

Gbps on same hardware e. Should support hardware based SSL Acceleration with SSL throughput of

3Gbps f. Should have at least 12,000 SSL TPS (transaction per seconds) and scalable

to 25,000 on same device g. Should support integrated hardware/software based compression module h. Should have Redundant Power Supply i. Proposed solution provide integrated WAF functionality to protect against

layer7 attacks j. Should support deep packet inspection of HTTP & HTTPS traffic in reverse

proxy mode. k. Application firewall should support built in rules to counter application attack,

provision should be there to customize predefined application security rules. l. Should support all kind of attacks including OWASP top 10 m. WAF module should support both detection and prevention mode and policies

should be enforced on per virtual services.

Link Load Balancer:

Link Load Balancer Hardware Should be appliance based solution with purpose built hardware and dual power supply. Intel based Quad core CPU with 8 GB RAM to support multiple features and load balancing functions. The appliance should have minimum 4 triple speed gigabit 10/100/1000 copper ports. The appliance should have 3 Gbps of system throughput and scalable to 4 gbps on same appliance. Should provide 2M concurrent connections and scalable to 4M. Load balancing Features Support for multiple internet links in Active Active load balancing and active standby failover mode. Should support Outbound load balancing algorithms like round robin, Weighted round robin, shortest response, target proximity / dynamic detection. Should support inbound load balancing algorithms like round robin, Weighted round robin, target proximity /dynamic detection. Should support Static NAT, Port based NAT and advanced NAT for transparent use of multiple WAN / Internet links. IPV6 support with IPv6 to IP4 and IPv4 to IPv6 translation and full IPv6 support. In case of link failure, device should detect it in less than 30 seconds and divert the traffic to other available links. Shall provide individual link health check based on physical port, ICMP Protocols, user defined l4 ports and destination path health checks. Should provide mechanism to bind multiple health checks, support for Application specific VIP health check and next gateway health checks.

42 | P a g e

Should support persistency features i.e. RTS (return to sender) and ip flow persistence. High Availability and Cluster Should provide comprehensive and reliable support for high availability based on Per VIP based Active�active & active standby unit redundancy mode. Statefull session failover with Connection mirroring support Appliance should not have any limitations for connection mirroring Should support USB based FFO or Ethernet based failover link to synchronize configuration at boot time of HA Support for multiple communication links for real-time configuration synchronizations including HA group, gateway health check, decision rules, SSF (stateful Session Failover) sessions etc.. and heartbeat information Must have support for secondary communication link for backup purpose should support floating IP address and group for satefull failover support. Appliance must have support 256 floating ip address for a floating group should support built in failover decision conditions including unit failover, group failover and reboot should also have option to define customized rules for gateway health check – the administrator should able to define a rule to inspect the status of the link between the unit and a gateway Configuration synchronization at boot time and during run time to keep consistence configuration on both units. Should support global load balancing algorithms like global round robin (grr), VIP based weighted global round robin, global connection overflow, global least connections, IP overflow, Proximity etc., Security and Application Performance Should provide performance optimization using TCP connection multiplexing, TCP buffering and IEEE 802.3ad link aggregation. should support TCP optimization options including windows sacling, timestamp & Selective Acknowledgement for enhanced TCP transmission speed. TCP optimization option configuration must be defined on per virtual service basis not globally. Optional software based compression for HTTP based application, SSL acceleration and high speed HTTP processing on same appliance. Should support QOS for traffic prioritization, CBQ , borrow and unborrow bandwidth from queues. Should provide QOS filters based on port and protocols including TCP, UDP and ICMP Protocols. Should support rate shaping for setting user defined rate limits on critical application. Should support integrated firewall module to protect the device itself from network based DOS and DDOS attacks. Appliance should have security features like reverse proxy firewall, Syn flood and dos attack protection features from the day of installation. Centralized Management Must provide single window centralized management for SSLVPN, Application load balancer and link load balancer. Must be appliance based centralized management solution in HA mode not software Based. Management appliance should have 4GB memory and 4*10/100/1000 copper ports

43 | P a g e

Visibility to quickly identify and isolate performance problems in the application, device or network problems Real time monitoring, over 30 different types of Layers 2�7 system status and traffic graphs with simultaneous views of multiple graphs for each managed device Perform software upgrades, rollback and patches on one or more devices. Reuse configuration templates between similar devices or device groups Should provide role based administration with different privilege levels with audit logs for troubleshooting and compliance The appliance should provide detailed logs and graphs for real time and time based statistics Load balancer appliance must support multiple configuration files with 2 bootable partitions for better availability and easy upgrade / fallback. The system should support led warning and system log alert for failure of any of the power and CPU issues

Desktop:

Desktop: Genuine Windows 8 Professional/latest equivalent Windows operating system with required software for word processing, spreadsheet, presentation etc Processor Intel Core i5 4590 3.30 Ghz processor or latest Chipset Intel Q87 chipset Memory 4 GB DDR3�1600MHz SDRAM expandable to 16GB through 4 DIMM Slots Hard drive 1 TB SATA HDD 7200RPM or more 18.5" wide LED backlit Monitor Integrated Graphics Primary Optical Drive 8X DVDRW Networking: Integrated 10/100/1000 Ethernet min 10 USB ports out of which 4 USB ports on the front panel. Integrated Audio Multimedia Keyboard with bilingual support Optical Mouse with Pad Network Interface Integrated 10/100/1000 Mbps (Ethernet) Security: Chassis intrusion lock & integrated 1.2 TPM embedded security Compliance Energy Star 5.0 compliant 85% above efficient power supply Volume: Should have space saving design & volume should not be more than 9 Litres. Tool less access for Chassis, Optical Drive and Hard drive

44 | P a g e

Thin Client with 18.5"Resistive Touch Screen Monitor:

Feature Technical Specifications Processor/ Chipset Intel Atom™ n270 1.6GHz/Intel 945 GSE + ICH7-m

Memory/ Embedded Operating System

1GB DDR2 667MHz/ Microsoft® Windows® Embedded Standard 2009

Flash Storage/ Embedded Operating System

2GB Flash Storage/Microsoft Windows Embedded Standard 2009

Graphics

Intel 945GSE Integrated Graphics Media Accelerator 950 - Dynamic Video Memory Technology (DVMT) 3.0 supports up to 224MB of video memory. Supports up to 1920X1200 32-bit color. Optional adapter at additional cost available to support dual displays (DVI + VGA)

Audio Internal 1-watt speaker USB 2.0 2 in front, 2 in rear PS/2 1 DVI-I 1 (VGA supported with included adapter) Line in 1 Line out 1 Networking 10/100/1000 Base-T Installation Options Foot stand included, optional VESA wall mount at additional cost

Security Kensington® lock slot Width/Height/ Depth 1.42 inches (36 mm)/6.14 inches (156 mm)/4.7 inches (121 mm)

Weight 1.33 pounds (.605 kg) Volume of system .69 liters

Supported Protocols

RDP, ICA, PCoIP, X11, RemoteFX (with Windows Embedded Standard 7)

Embedded Browser

Devon IT DeTOS Edition: Mozilla® Firefox with Java™ Microsoft Windows Embedded Standard: Microsoft Internet Explorer

Remote Systems Management

Devon IT Echo Management Console Dell Edition, Microsoft System Center Configuration Manager (Windows Embedded Stanadard 7)

Power Consumption 11 watts idle

Monitor 18.5"Resistive Touch Screen Monitor

45 | P a g e

InkJet Printer:

Print Speed Draft mode (Black / color)

34 PPM Draft Text Memo (A4) / Color not supported

ISO mode (Black / color) 15 ipm (ISO default 24724)

Double Sided Printing Yes (Manual)

Energy saving Technology 4.0 watts in standby mode

Interface High Speed USB 2.0 and Ethernet 10/100 Base TX & iPrint

Resolution

Black 1440 x 720 dpi (water and fade resistant prints)

Color Not supported

Input Tray capacity 100 sheets (A4 Plain) Output Tray capacity 30 sheets (A4 Plain)

Scanner

Scanner type Flatbed Color image scanner Scan Speed Black Color

2.2 msec / line (mono 300 dpi) 7.0 msec / line (color 300 dpi)

Optical resolution 1200 x 2400 dpi

Max Scan Area 8.5 inch x 11.7 inch

Features Reduction / enlargement (25% ~ 400%) while copying

2 Line LCD panel; ADF Support

iPrint Mobile printing support

Has all features of M100 printer Customer Segment For Home and Office and SOHO

Number of ink cartridges Mono Ink Tank System Printer

Cartridge Yield Black / Color 6000 pages

Cartridge order code

T7741 (Black) - Pigment ink (water and fade resistant)

Warranty One year

46 | P a g e

Laser Jet Printer:

Printing Function Printing, Network Scanning, Faxing, Copying,

Color Scanning Display Lexmark e-Task 10.2-inch (25.9 cm) color

touch screen Print Speed: Up to4 Black: 70 ppm Time to First Page: As fast as Black: 4.0 seconds Print Resolution Black: 600 x 600 dpi, 1200 Image Quality,

2400 Image Quality, 1200 x 1200 dpi Memory / Processor Standard: 1024 MB / Maximum: 3072 MB /

Processor: Dual Core, 800 MHz Hard Disk Option available Recommended Monthly Page Volume2 5000 - 25000 pages Maximum Monthly Duty Cycle: Up to3 300000 pages per month Copying Copy Speed: Up to4 Black: 70 cpm Time to First Copy: As fast as Black: 4.0 seconds Color Scanning Scanner Type / ADF Scan Flatbed scanner with ADF / DADF (Single

Pass Duplex) / 150 pages 20 lb or 75 gsm bond

Duplex Scan Speed: Up to A4/Ltr, Black: 70 / 72 sides per minute - A4/Ltr, Color: 66 / 68 sides per minute

Simplex Scan Speed: Up to A4/Ltr, Black: 67 / 70 sides per minute - A4/Ltr, Color: 67 / 70 sides per minute

Optical Scanning Resolution 600 X 600 ppi (black), 300 X 300 ppi (color) Faxing Modem Speed ITU T.30, V.34 Half-Duplex, 33.6 Kbps Supplies5 Laser Cartridge Yields 45,000¹-page Extra High Yield Cartridge,

25,000¹-page High Yield Cartridge, 6,000¹-page Cartridge

Cartridge(s) Shipping with Product 25,000¹-page High Yield Return Program Toner Cartridge

Paper Handling Included Paper Handling Integrated Duplex, 550-Sheet Input, 100-

Sheet Multipurpose Feeder, 550-Sheet Output Bin

Optional Paper Handling 550-Sheet Lockable Tray, 250-Sheet Lockable Tray, 2100-Sheet Tray, 250-Sheet Tray, 550-Sheet Tray

Paper Input Capacity: Up to Standard: 650 pages 20 lb or 75 gsm bond / Maximum: 3300 pages 20 lb or 75 gsm bond

Paper Output Capacity: Up to Standard: 550 pages 20 lb or 75 gsm bond /

47 | P a g e

Maximum: 550 pages 20 lb or 75 gsm bond Media Types Supported Refer to the Card Stock & Label Guide,

Paper Labels, Integrated Labels, Dual Web Labels, Card Stock, Envelopes, Transparencies, Plain Paper

Media Sizes Supported A6, Oicio, Universal, Statement, Folio, DL Envelope, B5 Envelope, A4, 7 3/4 Envelope, 10 Envelope, 9 Envelope, A5, C5 Envelope, Executive, JIS-B5, Legal, Letter

General Standard Ports Rear USB 2.0 Speciication Hi-Speed Certiied

Port (Type A), One Internal Card Slot, Front USB 2.0 Speciication Hi-Speed Certiied Port (Type A), USB 2.0 Speciication Hi-Speed Certiied (Type B), Gigabit Ethernet (10/100/1000)

Optional Network Ports / Optional Local Ports

Internal MarkNet N8350 802.11b/g/n Wireless / Internal 1284-B Bidirectional Parallel, Internal RS-232C serial

Noise Level, Operating Printing: 58 dBA / Copy: 58 dBA / Scan: 57 dBA

Product Warranty 1-Year Onsite Service, Next Business Day Size (in. - H x W x D) / Weight (lb.) 28.6 x 21.6 x 22.8 in. / 95.4 lb.

A3 Copier cum Printer cum Scanner:

S. No.

TECHNICAL SPECIFICATIONS

1 Print Engine a • Black and white Xerographic engine b • Print Speeds A4 125 ppm B4 78 ppm A3 62 ppm SRA3 34 ppm c • First-copy-out time 3 seconds d • Simplex or duplex printing

e

• Resolution Up to 1200 x 1200 dpi RIP resolution and up to 2400 x 2400 dpi resolution with halftone screen 106 lpi (default) or 150 lpi (high quality mode)

f • Front to back registration +/- 1.0 mm

g • Duty Cycle

20,00,000 Pages Per Month

48 | P a g e

h • USB Support

Scan/Save to and Print from USB 2 Print Features a • Automatic two-sided b • Secure print c • Delay print d • Sample set e • Booklet creation f • Cover selection g • Paper selection by attribute h • N-up i • Watermarks j • Banner sheets k • Fit to new paper size l • Output tray selection

m • Print from and Scan to USB

3 Document Storage

Min 80 GB Hard Drive with 14.6 GB for document storage

4 Scanner/Document Handler

a • Dual Head Scanner

200 ipm colour and black and white scanning, simplex/duplex

b • Scan resolution Optical 600 x 600 dpi 8-bit Grey (256

shades)

c • Scan Formats

PDF, JPEG, TIFF or multipage TIFF; supports LDAP

d • Scan to Email with Mail Delivery Notification

e • Scan to Network File Server f • Duplex Automatic Document Feeder 250-sheet capacity g • Throughput Sizes: A5 to A3

Weights:

Simplex or duplex: 52 to 200 gsm 5 Paper Handling Stock weights and capacity: a • Tray 1: 1,100 sheets – A4 b • Tray 2: 1,600 sheets – A4

49 | P a g e

c • Tray 3-4:

550 sheets each – 140 x 182 mm (A5) to 330 x 488 mm (SRA3)

d • Tray 5 Bypass Tray:

250 sheets – 100 x 148 mm to 330 x 488 mm; 52 gsm to 253 gsm

e • Oversized High-Capacity Feeder: 1

2,000 sheets – 182 x 210 mm to 330 x 488 mm (SRA3); 64 to 253 gsm

f • Oversized High-Capacity Feeder: 2

4,000 sheets 182 x 182 mm to 330 x 488 mm (SRA3); 52 to 253 gsm

g

• Coated Stocks: Supported - Refer to Customer Expectation Document for approved Xerox® coated stocks

6 Standard Finisher

a • Stapling

Multi-position stapling: single or dual 100-sheet variable length

b • Hole Punch 2- and 4-hole punch; 4-hole Swedish

punch

c • Stacker capacity:

3,000 sheets (80 gsm); Top tray: 500 sheets (80 gsm)

d • 200-sheet interposer for pre-printed and full bleed sheets

A4 to A3; 52 to 220 gsm

7 Data Security a Standard Secure Print

b Authentication with LDAP/ Kerberos/SMB/CAC

c Password Protected PDF d FIPS 140-2 encryption e S/MIME Encrypted Email f IPsec g 802.1X h SNMP v3.0 i Email over SSL

j

Image Overwrite (3x or 1x, Immediate, Scheduled, On Demand) Hard Disk Data Encryption

k Secure Access Unified ID System® l • IPv6 Ready

50 | P a g e

m • 256 Bit Encryption n • Common Criteria Certified

8 Print Servers - Integrated Copy/Print Server

a Hardware Specifications 80 GB Hard Disk Drive, 2 GB RAM

264 mm colour, touch screen flat-

panel display

Ethernet interface (10 MBTX/sec and

100 MBTX/sec)

Books Scanner: Specifications 1 Size and Scanning Specifications Scan Area : A3 + � Up to 560mm x 370mm (open book), 280mm x 370mm (per page) Optical Resolution : 400ppi optical Maximum Book Thickness : up to 170mm Color Tone : 24bit color; 8bit grey; 1bit b/wFile Formats : JPEG, TIFF, RAW, BMP,GIF, PDF, PDF OCR, XML 2 Capture Technology Specifications 36MP Dual CMOS Sensors capture systemCarl Zeiss 50mm Makro Planar Lenses Easy to upgrade, exchange and maintain 3 Cradle Specifications V�Shape minimum 80 degree book cradle with soft spine support Automated pressure controlled book support flaps Anti slip mats for perfect stability Anti Glare Glass plate to flatten the pages and optimize curvature free scanning Glass to be automated movement and pressure controlled Easy change between modes � no second unit to scan covers or problematic pages or books. 4 Page Turning Specifications Automated Bionic Finger system with secure page separation and turning Nearly touch free: not more than 5 mm² point of contact to the book Double Page control system based on laser light measure tool Every page to be measured with a light density sensor. Never turn more than one page5 Light System Specifications LED cold light with constant illumination No UV emission Easy to upgrade, exchange and maintain 6 Computer Specifications Integrated Computer System with multicore processing, 4TB storage and 24 inch Flat Screen

51 | P a g e

Biometric: Item Minimum technical specification

Fingerprint Sensor Type

Optical

Image Resolution Ultra Precise, FBI Compliant 500dpi +/- 2% or better

Auto On Automatically Detect Finger Verification Time Less than 1 minute Latent Fingerprint Check Delay

0.01 second

Image Size 258x336 pixels Lifetime 60,000 hrs or higher Ambient Light tolerance

5000 Lux or higher

Image Capture Speed

0.1 seconds in smart capture mode (continuous), 0.80 seconds(snapshot)

Image Gray Scale /Image type

8 Bit gray level, 256 shades

Image type Non – Loosy Image compression support

8 bit RAW, WSQ Support desirable

Platen Size 16.1 mm * 18.2 mm Effective Sensing Area

12.7 mm * 16.8 mm

Sensing Prism Hardness

750 Hk (6.8 Mohs)

Certification and Compliance

FCC,CE , ROHS

Features Scratch proof /hardened fingerprint area, maintenance free, long life

Monitor Integrated 64 bit Software for single and batch mode capturing, processing, image enhancement, on the fly OCR and workflow management 7 Other Specifications Is a table top system, easy to install, place and reposition System should work around the book, leaving it in place, not stressing the binding, the pages or the covers Easy to use Automated Operations, with minimum operator interference A modular system, that in current form has a life expectancy of 10 years and parts availability of 12 years Can be easily upgraded in time in terms of image quality Fully customisable to suit project requirements

52 | P a g e

Multiple Device Connectivity

Allows multiple fingerprint devices to be connected to one computer at the same time

Operating Humidity < 90% relative, non-condensing Electrical Supply Via USB/Serial port, No separate power supply, 5V +/- 5%

Communication, speed

USB 2.0 High speed, 12mbps or higher

Supported Operating System

Windows 7,Win XP, Win Server 2008 R2 or higher compatible, Linux, Suse, Red Hat, Fedora ,Supporting Windows 64 Bit Drivers and SDK

Device Drivers Microsoft Windows Drivers should be certified Microsoft Certification and

Should be Designed for Microsoft Windows Server 2003" and "Designed for Microsoft Windows XP" approved product

Microsoft Hardware Quality

Should be Microsoft Windows Hardware Quality Lab's compatible

Standards supported & for Fingerprint Minutiae Format for Data Exchange

Standards supported & for Fingerprint Minutiae Format for Data Exchange - ANSI-INCITS378 and BiOSDK710 SDKs required

Standards supported BIOAPI, CBEFF UID UID/e-Governance, Govt. of Karnataka Compliance/Certified

The device should have FAP20 for single finger point authentication.

Security Analytics & Secure Web gateway:

S. No Malware Analysis and Security Analytics Platform

A Malware Analysis and Security Analytics Platform

1 The proposed solution should be an Appliance Based solution to Protect Against Advanced and unknown Threats

2 The solution shall do the Malware analysis through usage of dedicated on-premise sandbox appliance and no file shall be sent outside network for Analysis.

3 Complete network visibility through high speed packet capture and analysis. 4 Should provide minimum 1Gbps sustained packet capture performance. 5 Should be able to classify, extract and reconstructs network activity. 6 Should capture all packets from network in real time.

7 Should do multi-dimension indexing of packets based on layer-2 to layer-7 header information.

8 Database should support minimum 500K input/output operations per second (IOPS).

9 Should have storage with minimum 25-Terabytes scalable to 60TB. 10 Should have minimum 2 x 1 Gb ECopper interfaces. 11 Solution should be able to decrypt and capture HTTPS trafficat 1Gbps

53 | P a g e

throughput.

12 Should be able to filter the captured packets based on layer-2 to layer-7 header information.

13 Should provide insight by a. Classifying 1000+ protocols and applications

b. Reconstructed file such as a Word document, image, Web page, or system files

c. Locating each network host on world map d. Deep-packet inspection. e. Log Analysis & Aggregation f. Malware Analysis

14 Should provide following investigative techniques: a. Establish a timespan b. Apply "path bar" filters c. Apply filters to the resulting display d. Reconstruct sessions and analyze artifacts: i. Preview artifacts and attachments ii. Review reputation information iii. Explore root causes e. Set real-time alerts and actions

15 Should provide Reports with Single-attribute views with extensive sorting and filtering capabilities.

16 Should provide configurable and pre-defined timespan filter for reporting. 17 File system should contain minimum following attributes:

a. Layer-2/3: ethernet_address,ethernet_source,ethernet_destination,ip_protocol, ethernet_protocol,vlan_id

b. IPv4: ipv4_address, ipv4_initiator, ipv4_responder, ipv4_conversation c. IPv6: ipv6_address, ipv6_initiator, ipv6_responder, ipv6_conversation d. Layer-4: port, port_initiator, port_responder e. TCP: tcp_port, tcp_initiator, tcp_responder f. UDP: udp_initiator, udp_port,udp_responder g. Geolocation/ Country: country,country_initiator,country_responder h. Application: application_group, application_id i. Email: subject, email_address, email_recipient, email_sender j. Query type: dns_query, database_query, web_query

k. HTTP Parameters: http_method,http_forward_addr,http_code,http_uri,http_server,referrer, web_server

l. Other Parameters: interface,packet_length, filename,mime_type,social_persona, password,user_agent, ssl_common_name

18 Should have following Boolean operation modes for attributes:AND, OR, RANGE, NOT, CONTAINS, NULL

19 Should provide classification, search and real-time file extraction for instant delivery of recognizable evidence of a security breach or malware attack.

54 | P a g e

20 Should have direct integration with best-of-breed IPS, DLP, SIEM, log management, next-generation firewalls and malware detonation products.

21 Should provide comprehensive deep packet inspection (DPI) to classify over 900 applications and thousands of descriptive metadata details.

22 Should provide descriptive information about a network session including application, personal identity, intended actions, content types, file names and more.

23 Should automatically extracts and analyzes any file—including the most prevalent and malicious file types.

24 Should be able to do deep packet inspection for minimum 1Gbps of SSL Traffic on traffic on any TCP port including HTTPS, FTPS, SMTPS.

25 Should provide immediate, automatic identification and alerting of advanced and zero-day threats.

26 Solution should have capability to detect any malicious traffic on HTTP, FTP and Mail protocols.

27 Should provide a variety of analytics to strengthen security incident response with comprehensive and conclusive analysis.

28 Should provide security-related analytics such as session reconstruction, reputation look up, media panel, root cause explorer and artifacts etc.

29 Should be able to analyze following application types: a. Web pages: HTML, HTTP-�GET, HTTP-�POST, HTTP-�RESP b. Email and attachments: EML c. Document files: DOC, DOCX, XLS, XLSX, PPT, PPTX, PDF, WPD d. Unencrypted IMs: AOL, Jabber, Yahoo, MSN, Pidgin e. Images: JPG, BMP, GIF, PNG

f. Audio/video: ASF, AVI, MOV, MPG, WMV, RIFF, FLV, VJPEG, WAV, RA

g. Config, system files: REG, DLL, CONF, CPP, ELF, EXE h. Compressed archives: ZIP, GZIP, RAR B Advanced Malware Analysis and Sandboxing

1 The Anti-Malware Solution must possess antimalware functionality, which makes the analysis of files accessed by antimalware engines on dedicated physical appliance.

2 Solution design should consider that all new objects, for which any intelligence is not available, accessed on the web will be analyzed by sandboxing engine.

3 Solution should detect Stealthy and polymorphic malware which evades traditional AV/ IPS.

4 The antimalware solution must create an analysis result cache, reusing these cached results if the same file needs to be analyzed within a short time period.

5 Solution should provide behavior based malware classification and risk�based scoring to generate actionable threat intelligence.

6 Solution should have integration with Virus Total. 7 Solution should analyze unknown files for malware. 8 Solution should be able to analyze 12000 samples per day for malwares. 8 Solution should have integration facility with YARA.

10 Solution should have customize-able virtualized environment for detonating

55 | P a g e

unknown malwares.

11 Solution should have Bare-Metal-Emulator for analysis and detection of VM-evasive malware

12 Should have capability to create virtual machine profiles to mirror different types of custom environments to detect anomalies and differences in behavior that unveil advanced malware evasion techniques.

13 Solution should provide malware detonation to execute files within the simulator as they would on a real system, loading into real memory, or communicating with any other physical system components.

14 Solution should simulate working at the kernel level, exercise the malware, intercepting behavior and converting it into step-by-step forensic intelligence.

15 Solution should provide a map of the damage the threat would cause if allowed to run on a real machine.

16 Solution should turn unknown threats into known threats and sharing that information across the security infrastructure increases the scalability and effectiveness of the defense.

C SSL Visibility

1 The Solution should able to do deep packet inspection for minimum 1Gbps of SSL Traffic on traffic on any TCP port including HTTPS, FTPS, SMTPS.

2 The Solution should have Hardware Based SSL Decryption.

3 The Solution should have capability to exclude SSL inspection for certain URL category or particular URL

4 The Solution should support Multiple output stream support for integration with with IDS/IPS, Forensics, Logging, Compliance, Malware, solutions etc

A Secure Web gateway

1

The Secure Web gateway offering should be purpose build dedicated appliance based solution designed for secure proxy and active content caching services and should not be based on Windows, Linux, BSD or Unix platforms or UTM appliances.

2 The solution should be having the capabilities of content/ web filtering for 6000 concurrent users.

3 Proposed appliance must have support up to 100 Mbps of Bandwidth.

4 The appliance should be supplied with minimum 16GB RAM

5 Appliance should have minimum 3TB Storage capacity for Caching

6 Proposed appliance must provide minimum of 4 x 10/100/1000 Base-T ports with bypass option. Appliance should have upgrade option available for 10G ports in future.

7 The appliance should haveDual redundant and hot swappable power supplies.

8 The Secure Web Gateway Solution OEM Must be positioned in Gartner’s leader quadrant of Web Security Gateway solution

9 The solution should have option for perpetual licensing.

A.1 Web Security

56 | P a g e

1 The solution should support the following proxies- HTTP, FTP, ICAP

2 The solution should support Web caching

3 The solution should support ICAP integration to integrate with DLP or AVG kind of appliances.

4 The solution should have a simple control mechanism to deny all traffic control to deactivate all internet services to be used in case of an outbreak, hacking attempt, etc

A.2 WEB PROTECTION

1

The solution in addition to category based filtering should support reputation based technology. It should have the capability to provide reputation based score on the security risk posed, enabling administrators to apply very granular rules about what to permit or deny

2 The solution should have multiple URL database sources, for blacklists like Phishing, Malicious, etc URL categories.

3 The solution should identify and block :

a. Malicious JavaScript / VB Script

b. Malicious (or unauthorized) ActiveX applications

c. Block Potentially Unwanted Programs (PUPs)

4 The solution should have the ability to do a cloud based lookup to check for malicious content for any suspicious file

5 The solution should have multiple URL database sources, for blacklists like Phishing, Malicious, etc URL categories.

6 The solution should provide HTML filtering. It should filter HTML pages and removes embedded objects from them.

7

The solution should be updated automatically with the new signatures from the web at frequent interval including but not limited to -Virus, -Whitelist/Blacklist URLs database -System patches

8 The solution must detect and protect against anonymizing websites, anonymizing tools

9

The Solution should have minimum two Antivirus and Antimalware engines for scanning Viruses and other malwares on the web traffic. Antivirus and Antimalware gateway engine OEM should be from recent Gartner Leader Quadrant for Endpoint security.

10 The solution should provide decryption of unverified encrypted traffic for scanning and then re- encrypt it before sending (SSL decryption).

A.3 USER MANAGEMENT AND POLICY ADMINISTRATION

1 The solution should integrate with LDAP directory like Active Directory, Novell e-Directory and Radius server for user authentication and authorization.

57 | P a g e

2 The solution should have ability to create Local User Database: Creation of user / multiple users / Group / Multiple Groups - based on user-ID & password for authentication

3 The solution should have the capability to manage access for specific user / users / group/groups /client /clients to access on specific Time/Day / Date / Weekly /Monthly etc.

4 The solution should allow allocation of Bandwidth (Kbps) limit: Assign download/upload, internet browsing bandwidth limit to user / users / group /groups /client/clients etc.

5

The solution should provide customizable (but not limited to) - default error pages, - Messages to users, - Alerts

6 The solution should provide authenticated session control to configure how long users can access once authenticated.

7 The solution should provide to identify and configure intranet domains (IP/URL), for which requests should not go to the internet. (To specify all intranet sites at a single point, rather than at client level)

A.4 CACHING AND PROXY FUNCTION

1 The solution should support caching

2

The solution should provide the administrator the option to clear the cache: a. Entire Cache b. Selectively by: - URL - URI (Uniform Resource Identifier) - Name or string

3 The solution should selectively cache internet content.

4 The solution should be to bypass cache for certain URL

5 The solution should provide Live Stream Splitting capability to save bandwidth

A.5 POLICY CREATION AND MANAGEMENT

1

The solution should provide detailed policy definition and management such as (but not limited to): - Assign Users/User group - Assign Allowed and Denied URL categories - Assign Time of access

2

The solution should provide policy compliance triggers such as (but not limited to) -Alert user and Allow -Allow and Log -Block and Log

3 The solution should intimate users when they attempt to access unauthorized sites during work hours.

A.6 APPLIANCE ADMINISTRATION AND MANAGEMENT

58 | P a g e

1 The solution should provide remote management for the device and administrative purposes.

2 The solution should perform regular configurable health check to verify status of the device

3 The solution should provide multiple administrator roles for configurable administrative functions

4 The solution should provide Command-Line access for administrative purposes.

5 The solution should support secure SNMP V3 for administrative purposes.

A.7 LOG MANAGEMENT

1 The solution should log all the events within the appliance and be configurable to be pushed to external syslog server

2

The solution should be able to automatically collect configurable log files and push it into external syslog server through: - HTTP/HTTPS - FTP/SFTP

3 The solution should have the capability store logs in the appliance memory for a minimum of 30 days before being pushed into an external syslog server.

4 The solution should log all configuration/changes made by administrators (Audit Trail) and should be configurable to be pushed into a central log server

A.7 REPORTING

1

The solution should provide real time System/Appliance Monitoring / Utilization - HDD/RAM utilization - Cache used - Memory status - Web Traffic

2

The solution should create custom reports on a granular and/or enterprise level such a s (but not limited to): - Usage Report of Specific User/IP/Group based on Time/Date - Report for all users who have been accessed the specific URL - Usages report based on Time & Date - Top service user - Most requested service

3 The solution should provide ad hoc reports including histories and trends

4 The solution should provide automated Real- Time Live reports to assess the performance and volume of traffic being utilized.

5

The solution should provide Real- Time reporting to track - Volume of HTTP, - HTTPS and - Non-HTTP traffic flowing through the network.

59 | P a g e

End Point Analytics:

Requirement

Solution should provide enterprise-wide, continuous, real-time End-user IT Analytics and security monitoring for 500 users and should be scalable for 1000 users

Proposed solution should be modular and scalable - Lightweight, non-invasive kernel-driven footprint on end-user targets helps define trouble spots in real time

Proposed solution should Collect and integrate end-user IT data into a unique real-time analytics platform with matchless visualizations and intelligence for informed decisions and immediate actions

Proposed solution should integrate with leading SIEM, help desk, PCLM like splunk, LanDesk, BMC Remedy, Citrix VDI etc..

Solution should detect anomalies: -Infrastructure issues - Zero-day exploits/attacks - Non-compliant use - Abnormal behavior

Proposed solution should analyze continuously in real-time, from the endpoint, “ALL ACTIVITY” between the end-user and the infrastructure: • Application/binary executions • Identify {Local, USB, Remote} • Binary & domain threat levels • App crashes & freezes • System crashes (BSOD) • Hard reset, reboot, log on/off • IT service & port • Network connections & failures • Destinations & domains • Bandwidth usage • TCP, HTTP, TLS response time • HTTP, TLS duration • Print #pages, errors • Virtual app streaming • Package installations & updates Risk and compliance: situation at risk because not compliant with configuration (versions, AV, patch,…) and usage (no reboot, bit torrent, teamviewer, admin accounts, cloud storage,..)

Security threats: devices compromised or misused (anomalies, malware active, access to compromised web sites, high amount of traffic or print jobs)

60 | P a g e

Proactive optimization: devices where something is not working well (long boot/login time, too many crashes, long periods in high CPU/RAM/IO, too many network access failure)

Service quality assurance: applications with too many crashes/hangs, too many network access failure, too many versions

Cost reduction: application never used, printer not used, device not used, no shutdown at night and weekends, sever not accessed,…

Key IT projects: discovery, assessments, capacity planning, delivery tracking and reporting

Data Management: SR. NO. TECHNICAL SPECIFICATION

1 The ETL tool should provide native access Industry leading RDBMS like ORACLE, DB2, SQL Server, Sybase, MYSQL and appliances like Netezza, Teradata, etc.

2 The solution should provide a pre-built transformation to use SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) to access a web service as a source for the ETL process

3 The solution should provide specialized table loaders to provide optimized bulk loading of databases such as Oracle, Teradata and DB2.

4 The solution should provide support for Message-Oriented Middleware, including Web Sphere MQ from IBM, MSMQ from Microsoft and Tibco’s Rendezvous

5 The solution should provide file reader/writer for Hadoop file system (HDFS).

6 The solution should provide a graphical development environment for authoring Hadoop-related code including Pig, Hive, MapReduce and HDFS commands

7 The solution should provide integrated workflow scheduling, automatic load balancing and grid computing support

8 The solution should be able to seamlessly call Data Quality functionalities such as data standardization (standardizing city, state etc.) as part of the ETL process flow

9 The solution should be able to seamlessly call Data Quality processes as a web service for de-duplication, as part of the ETL process flow

10 The ETL tool should provide for Multiple-user design environment with a governance mechanism to prevent corruption of data integration related objects, and also supports collaboration on large, enterprise wide projects.

11 The solution should generate code for ETL process flows created through the GUI which can be viewed / edited by the developers if required

61 | P a g e

12

The ETL tool should be rich in the set of in-built transformations and functions that should include predefined table and column-level transformations including slowly changing dimensions (SCD type1 and type2)

13 The solution should provide the ability to create User Written Code transformations, which allows leveraging custom code as part of the ETL process flow

14 The solution should provide the capability to create customized transformations which can be reused across ETL process flows

15 The solution should provide the capability to import native user-defined functions from databases such as Oracle, DB2, and Teradata and have them available for use in expressions in the ETL process flow

16 The solution should have the capability for ELT processing which facilitates execution of the process flow inside a database, providing enhanced execution and performance

17 The solution should provide a utility to check if a particular transformation can be executed inside the database

18 The solution should have the ability to perform the complete process of extracting and transforming the data and loading it into a datamart and generate reports as part of the same ETL process

19 The solution should provide an out-of-the-box transformation to support conditional processing within jobs, allowing distinct portions of a job to be defined to run conditionally

20 The solution should provide in-built analytical transformations for statistical functions such as correlations, distribution analysis, one-way frequencies, summary statistics etc. as part of the ETL process flow

21 The solution should provide an in-built analytical transformation to perform forecasting on time-series or transactional data as part of the ETL process flow

22 The solution should have the ability for Command-line job deployment options for deploying single and multiple jobs

23 The solution should provide the ability to execute external OS level commands such as call shell scripts as part of the ETL process

24 The solution should provide a single metadata repository which provides the ability to track data lineage by performing impact and reverse impact analysis visually, through a graphical user interface

25 The solution should have the ability to perform complex search (based on object name, type, date range etc.) of the metadata repository and should also be able to save search criteria for reuse.

26 The solution should have the ability to import and export relational metadata in external formats to exchange metadata with third-party applications

27 The solution should provide the ability to export metadata as a package for backup and archival and import the same through a wizard driven interface

28 The solution should have the ability to compare the metadata being imported with the existing metadata to better facilitate change

62 | P a g e

management

29 The solution should provide a wizard driven interface to perform column standardization on table metadata on column lengths, formats, and other attributes that you would like to match between the tables.

30 The solution should provide metadata reports that provide an easy-to-understand view of the metadata for users to view the content.

31 The solution should provide the capability to generate metadata reports which can provide the requisite information related to tables, process flows etc. used as part of the ETL process

32 The solution should have the ability to easily capture and display performance information such as real time, CPU time, memory use, input/output, and record count data as a table / graph

33

The solution should provide enhanced visual de-bugging capabilities: - To run a particular transformation - To run an ETL flow from / up to a particular transformation - To run an ETL flow step-wise

34 The solution should provide the capability to assign checkpoints in the ETL process flow to ensure recovery and de-bugging in case of failure, interruptions or errors

35 The solution should provide enhanced logging capabilities accessible from a log tab which can help determine the point of failure of the ETL process and the corresponding error highlighted in the code

36 The solution should provide the capability to display warnings of a job being changed since previous open, with a brief description of the change, to facilitate use in a collaborative user development environment

Data Profiling and validations

1 The solution should provide a graphical user interface to profile the data to understand and analyze the quality of data

2 The solution should provide the following capabilities w.r.t. the profiling of data:

3 Data sufficiency analysis in terms of null count, blank count, unique count etc.

4 Data Statistics such as min, max, mean, median, mode, standard deviation etc.

5 Performing structure discoveries 6 Computing frequency distributions 7 Computing pattern frequency distributions 8 Computing metadata validations and statistics 9 Identifying outliers and percentiles 10 Identifications on range and domain checks 11 Identifying referential integrity (pk/fk relationship) analysis 12 Performing redundant data analysis

13 The solution should provide the capability to create data profiling reports in the form of pie charts, bar graphs etc.

63 | P a g e

14 The solution should provide the capability to drill through to source level information in the data profiling report

15 The solution should perform the data quality functionalities without creating a copy of the data in a proprietary/external format?

Data Cleansing & Data Preparation Compliance:

1 The solution should have the ability to correct mistakes in spellings, inconsistencies, casings and abbreviations

2 The solution should have pre-built libraries for standardization of INDIA specific data

3 The solution should enable parsing of data into atomic level information for better matching

4 The solution should provide safe string encode/decode capabilities 5 The solution should provide Java code executions

6 The solution should provide a unified capability and system for both offline and online Dedupe

7 The solution should provide following transformation nodes pre-built: 8 Custering 9 Pattern Analysis 10 Basic Statistics 11 Frequency Distribution 12 Identification Analysis 13 Gender Analysis Clustering, Integration & Master Record Generation Compliance:

1 The solution should have the capability to identify duplicates and cluster records

2 The solution should have intuitive, flexible rules to identify households?

3 The solution should have the capability to provide fuzzy logic to induce tolerance during matching

4 The solution should have the ability to have options for automatic merging of clustered records

5 The solution should have the capability to enrich data from internal data sources

6 The solution should have the capability to enrich data from external/third party data sources

7 The solution should enable in-database data quality on appliances such as Teradata that helps cleanse large volumes of data, integrate all data sources before loading to the data warehouse and, in the end, empower executives to make more accurate decisions.

8 The solution functions should run within the Appliance which will help meet your data quality requirements – and, in the end, build a strong foundation for business analytics with cleansed and integrated data.

9 The solution should have the capability to enrich data from external/third party data sources

Monitoring Compliance: 1 Does the system provide audit trails? 2 Does the system have the capability to set alerts?

64 | P a g e

3 Does the system enable enforcing data governance rules?

4 Can we create customized rules to validate and audit operational processes?

5 Can we understand and refine mission-critical processes by logging exceptions and violations?

6 Can the system invoke events to correct the data? INDIA Data Specific Capabilities Compliance: 1 The solution should have INDIA specific vocabulary libraries 2 The solution should have INDIA specific grammar rule libraries 3 The solution should INDIA specific phonetics libraries 4 The solution should have INDIA specific standardization rules and libraries5 The solution should have INDIA specific regular expression libraries

6 The solution should have rules to identify individuals and organization from the customer data

7 The solution should have the ability to identify gender of individuals using the INDIA specific vocabularies

8 The solution should have the ability to be customizable in terms of the vocabularies, grammars, phonetics, standardization rules, etc.

9 The solution should have intelligent logic for INDIA names, addresses, phone numbers, national ID, passport number and other identification proof documents and demographic details

42 U Rack:

S.

No. ITEM DESCRIPTION

1 DK-PS Frame, 600W x 2000H x 1000D,Top cover with 4 x cutout of Dia 112, 2 x

cutout of Dia 112 for cable entry. Bottom cover with 4 x cutout of Dia 112 for cable

entry. All cutouts blanked with Plastic caps. 2 pairs, 42U 19" L type angle Front &

Rear on 6 x punched section. Ral 9005 a Front Perforated door, 2000H x 600W, RAL 9005 b Rear Perforated door, 2000H x 600W, RAL9005 c Side Panel 2000H X 1000D Screw Fixed, unvented RAL 9005 d Castors With Break e Castors without Break

2 RITTAL DK-PS Frame, 800W x 2000H x 1000D,Top cover with 4 x cutout of Dia 112, 2 x

cutout of Dia 112 for cable entry. Bottom cover with 4 x cutout of Dia 112 for cable

entry. All cutouts blanked with Plastic caps. 2 pairs, 42U 19" L type angle Front &

Rear on vertical cable trough{LH&RH}2 PAIR on 6 x punched section. RAL 9005 a Front Perforated door, 2000H x 800W, RAL 9005

65 | P a g e

b Rear Perforated Double door, 2000H x 800W, RAL 9005 c Side Panel 2000H X 1000D Screw Fixed, unvented RAL 9005 d Castors With Break e Castors without Break

Barcode Scanner:

Specification Physical Characteristics Dimensions: 6 in. H x 2.5 in. W x 3.34 in. D 15.2 cm H x 6.3 cm W x 8.4 cm D Weight: 5.15 oz./146 gm Voltage and Current: 5 volts +/- 10% at 130 mA typical, 175 mA max Power Sources: Host power or external power supply Color: Cash Register White or Twilight Black Performance Characteristics Scanner Type: Bi-directional Light Source: 650 nm visible laser diode Scan Element Frequency: 50Hz Scan Rate: 100 scans per second typical Nominal Working From contact to 17 in./43 cm on 100% U.P.C./EAN symbols Distance: Print Contrast: 20% minimum reflective difference Roll (Tilt):1 1 +/- 30 degrees Pitch:2 2 +/- 65 degrees Skew (Yaw):3 3 +/- 60 degrees Decode Capability: UPC/EAN, UPC/EAN with Supplementals, UCC/EAN 128, Code 39, Code 39 Full ASCII, Code 39 TriOptic, Code 128, Code 128 Full ASCII, Codabar, Interleaved 2 of 5, Discrete 2 of 5, Code 93, MSI, Code 11, IATA, RSS variants, Chinese 2 of 5 Interfaces Supported: RS232, Keyboard Wedge, Wand, IBM 468X/9X, USB, Synapse and Undecoded Regulatory Electrical Safety: Certified to UL1950, CSA C22.2 No. 950, EN60950/IEC950 EMI/RFI: FCC Part 15 Class B, ICES-003 Class B, European Union EMC Directive, Australian SMA, Taiwan EMC, Japan VCCI/MITI/Dentori Laser Safety: CDRH Class II, IEC Class 2 Environmental: Compliant with RoHS directive 2002/95/EEC Warranty The LS 2208 is warranted against defects in workmanship and materials for a period of 5 years (60 months) from date of shipment, provided that the product remains unmodified and is operated under normal and proper conditions. See full warranty for details. 1. Roll (Tilt): Controlled by rotating the wrist clockwise or counter-clockwise 2. Pitch Controlled by dropping or raising the wrist 3. Skew (Yaw): Controlled by rotating the wrist from left to right or vice versa User Environment

66 | P a g e

Operating Temperature: 32° to 122° F/0° to 50° C Storage Temperature: -40° to 158° F/-40° to 70° C Humidity: 5% to 95% relative humidity, noncondensing Drop Specification: Unit functions normally after repeated 5 ft./1.5 m drops to concrete Ambient Light Immunity: Immune to direct exposure of normal office and factory lighting conditions, as well as direct exposure to sunlight Electrostatic Discharge: Conforms to 15 kV air discharge and 8 kV of contact discharge

Security Analytics & Web gateway:

S. No Malware Analysis and Security Analytics Platform A Malware Analysis and Security Analytics Platform

1 The proposed solution should be an Appliance Based solution to Protect Against Advanced and unknown Threats

2 The solution shall do the Malware analysis through usage of dedicated on-premise sandbox appliance and no file shall be sent outside network for Analysis.

3 Complete network visibility through high speed packet capture and analysis. 4 Should provide minimum 1Gbps sustained packet capture performance. 5 Should be able to classify, extract and reconstructs network activity. 6 Should capture all packets from network in real time.

7 Should do multi-dimension indexing of packets based on layer-2 to layer-7 header information.

8 Database should support minimum 500K input/output operations per second (IOPS).

9 Should have storage with minimum 25-Terabytes scalable to 60TB. 10 Should have minimum 2 x 1 Gb ECopper interfaces.

11 Solution should be able to decrypt and capture HTTPS trafficat 1Gbps throughput.

12 Should be able to filter the captured packets based on layer-2 to layer-7 header information.

13 Should provide insight by a. Classifying 1000+ protocols and applications

b. Reconstructed file such as a Word document, image, Web page, or system files

c. Locating each network host on world map d. Deep-packet inspection. e. Log Analysis & Aggregation f. Malware Analysis

14 Should provide following investigative techniques: a. Establish a timespan b. Apply "path bar" filters c. Apply filters to the resulting display d. Reconstruct sessions and analyze artifacts: i. Preview artifacts and attachments ii. Review reputation information

67 | P a g e

iii. Explore root causes e. Set real-time alerts and actions

15 Should provide Reports with Single-attribute views with extensive sorting and filtering capabilities.

16 Should provide configurable and pre-defined timespan filter for reporting. 17 File system should contain minimum following attributes:

a. Layer-2/3: ethernet_address,ethernet_source,ethernet_destination,ip_protocol, ethernet_protocol,vlan_id

b. IPv4: ipv4_address, ipv4_initiator, ipv4_responder, ipv4_conversation c. IPv6: ipv6_address, ipv6_initiator, ipv6_responder, ipv6_conversation d. Layer-4: port, port_initiator, port_responder e. TCP: tcp_port, tcp_initiator, tcp_responder f. UDP: udp_initiator, udp_port,udp_responder g. Geolocation/ Country: country,country_initiator,country_responder h. Application: application_group, application_id i. Email: subject, email_address, email_recipient, email_sender j. Query type: dns_query, database_query, web_query

k. HTTP Parameters: http_method,http_forward_addr,http_code,http_uri,http_server,referrer, web_server

l. Other Parameters: interface,packet_length, filename,mime_type,social_persona, password,user_agent, ssl_common_name

18 Should have following Boolean operation modes for attributes:AND, OR, RANGE, NOT, CONTAINS, NULL

19 Should provide classification, search and real-time file extraction for instant delivery of recognizable evidence of a security breach or malware attack.

20 Should have direct integration with best-of-breed IPS, DLP, SIEM, log management, next-generation firewalls and malware detonation products.

21 Should provide comprehensive deep packet inspection (DPI) to classify over 900 applications and thousands of descriptive metadata details.

22 Should provide descriptive information about a network session including application, personal identity, intended actions, content types, file names and more.

23 Should automatically extracts and analyzes any file—including the most prevalent and malicious file types.

24 Should be able to do deep packet inspection for minimum 1Gbps of SSL Traffic on traffic on any TCP port including HTTPS, FTPS, SMTPS.

25 Should provide immediate, automatic identification and alerting of advanced and zero-day threats.

26 Solution should have capability to detect any malicious traffic on HTTP, FTP and Mail protocols.

27 Should provide a variety of analytics to strengthen security incident response with comprehensive and conclusive analysis.

28 Should provide security-related analytics such as session reconstruction, reputation look up, media panel, root cause explorer and artifacts etc.

29 Should be able to analyze following application types: a. Web pages: HTML, HTTP-‐GET, HTTP-‐POST, HTTP-‐RESP

68 | P a g e

b. Email and attachments: EML c. Document files: DOC, DOCX, XLS, XLSX, PPT, PPTX, PDF, WPD d. Unencrypted IMs: AOL, Jabber, Yahoo, MSN, Pidgin e. Images: JPG, BMP, GIF, PNG f. Audio/video: ASF, AVI, MOV, MPG, WMV, RIFF, FLV, VJPEG, WAV, RA g. Config, system files: REG, DLL, CONF, CPP, ELF, EXE h. Compressed archives: ZIP, GZIP, RAR B Advanced Malware Analysis and Sandboxing

1 The Anti-Malware Solution must possess antimalware functionality, which makes the analysis of files accessed by antimalware engines on dedicated physical appliance.

2 Solution design should consider that all new objects, for which any intelligence is not available, accessed on the web will be analyzed by sandboxing engine.

3 Solution should detect Stealthy and polymorphic malware which evades traditional AV/ IPS.

4 The antimalware solution must create an analysis result cache, reusing these cached results if the same file needs to be analyzed within a short time period.

5 Solution should provide behavior based malware classification and risk‐based scoring to generate actionable threat intelligence.

6 Solution should have integration with Virus Total. 7 Solution should analyze unknown files for malware. 8 Solution should be able to analyze 12000 samples per day for malwares. 8 Solution should have integration facility with YARA.

10 Solution should have customize-able virtualized environment for detonating unknown malwares.

11 Solution should have Bare-Metal-Emulator for analysis and detection of VM-evasive malware

12 Should have capability to create virtual machine profiles to mirror different types of custom environments to detect anomalies and differences in behavior that unveil advanced malware evasion techniques.

13 Solution should provide malware detonation to execute files within the simulator as they would on a real system, loading into real memory, or communicating with any other physical system components.

14 Solution should simulate working at the kernel level, exercise the malware, intercepting behavior and converting it into step-by-step forensic intelligence.

15 Solution should provide a map of the damage the threat would cause if allowed to run on a real machine.

16 Solution should turn unknown threats into known threats and sharing that information across the security infrastructure increases the scalability and effectiveness of the defense.

C SSL Visibility

1 The Solution should able to do deep packet inspection for minimum 1Gbps of SSL Traffic on traffic on any TCP port including HTTPS, FTPS, SMTPS.

2 The Solution should have Hardware Based SSL Decryption.

3 The Solution should have capability to exclude SSL inspection for certain URL category or particular URL

4 The Solution should support Multiple output stream support for integration with IDS/IPS, Forensics, Logging, Compliance, Malware, solutions etc

Secure Web gateway

69 | P a g e

A Secure Web gateway

1

The Secure Web gateway offering should be purpose build dedicated appliance based solution designed for secure proxy and active content caching services and should not be based on Windows, Linux, BSD or Unix platforms or UTM appliances.

2 The solution should be having the capabilities of content/ web filtering for 6000 concurrent users.

3 Proposed appliance must have support up to 100 Mbps of Bandwidth. 4 The appliance should be supplied with minimum 16GB RAM 5 Appliance should have minimum 3TB Storage capacity for Caching

6 Proposed appliance must provide minimum of 4 x 10/100/1000 Base-T ports with bypass option. Appliance should have upgrade option available for 10G ports in future.

7 The appliance should haveDual redundant and hot swappable power supplies.

8 The Secure Web Gateway Solution OEM Must be positioned in Gartner’s leader quadrant of Web Security Gateway solution

9 The solution should have option for perpetual licensing. A.1 Web Security 1 The solution should support the following proxies- HTTP, FTP, ICAP 2 The solution should support Web caching

3 The solution should support ICAP integration to integrate with DLP or AVG kind of appliances.

4 The solution should have a simple control mechanism to deny all traffic control to deactivate all internet services to be used in case of an outbreak, hacking attempt, etc

A.2 WEB PROTECTION

1

The solution in addition to category based filtering should support reputation based technology. It should have the capability to provide reputation based score on the security risk posed, enabling administrators to apply very granular rules about what to permit or deny

2 The solution should have multiple URL database sources, for blacklists like Phishing, Malicious, etc URL categories.

3 The solution should identify and block : a. Malicious JavaScript / VB Script

b. Malicious (or unauthorized) ActiveX applications c. Block Potentially Unwanted Programs (PUPs)

4 The solution should have the ability to do a cloud based lookup to check for malicious content for any suspicious file

5 The solution should have multiple URL database sources, for blacklists like Phishing, Malicious, etc URL categories.

6 The solution should provide HTML filtering. It should filter HTML pages and removes embedded objects from them.

7

The solution should be updated automatically with the new signatures from the web at frequent interval including but not limited to -Virus, -Whitelist/Blacklist URLs database -System patches

8 The solution must detect and protect against anonymizing websites, anonymizing tools

70 | P a g e

9

The Solution should have minimum two AntiVirus and Antimalware engines for scanning Viruses and other malwares on the web traffic. Antivius and Antimalware gateway engine OEM should be from recent Gartner Leader Quadrant for Endpoint security.

10 The solution should provide decryption of unverified encrypted traffic for scanning and then re- encrypt it before sending (SSL decryption).

A.3 USER MANAGEMENT AND POLICY ADMINISTRATION

1 The solution should integrate with LDAP directory like Active Directory, Novell e-Directory and Radius server for user authentication and authorization.

2 The solution should have ability to create Local User Database: Creation of user / multiple users / Group / Multiple Groups - based on user-ID & password for authentication

3 The solution should have the capability to manage access for specific user / users / group/groups /client /clients to access on specific Time/Day / Date / Weekly /Monthly etc.

4 The solution should allow allocation of Bandwidth (Kbps) limit: Assign download/upload, internet browsing bandwidth limit to user / users / group /groups /client/clients etc.

5

The solution should provide customizable (but not limited to) - default error pages, - Messages to users, - Alerts

6 The solution should provide authenticated session control to configure how long users can access once authenticated.

7 The solution should provide to identify and configure intranet domains (IP/URL), for which requests should not go to the internet. (To specify all intranet sites at a single point, rather than at client level)

A.4 CACHING AND PROXY FUNCTION 1 The solution should support caching

2

The solution should provide the administrator the option to clear the cache: a. Entire Cache b. Selectively by: - URL - URI (Uniform Resource Identifier) - Name or string

3 The solution should selectively cache internet content. 4 The solution should be to bypass cache for certain URL 5 The solution should provide Live Stream Splitting capability to save bandwidth

A.5 POLICY CREATION AND MANAGEMENT

1

The solution should provide detailed policy definition and management such as (but not limited to): - Assign Users/User group - Assign Allowed and Denied URL categories - Assign Time of access

2

The solution should provide policy compliance triggers such as (but not limited to) -Alert user and Allow -Allow and Log -Block and Log

71 | P a g e

3 The solution should intimate users when they attempt to access unauthorized sites during work hours.

A.6 APPLIANCE ADMINISTRATION AND MANAGEMENT

1 The solution should provide remote management for the device and administrative purposes.

2 The solution should perform regular configurable health check to verify status of the device

3 The solution should provide multiple administrator roles for configurable administrative functions

4 The solution should provide Command-Line access for administrative purposes.

5 The solution should support secure SNMP V3 for administrative purposes. A.7 LOG MANAGEMENT

1 The solution should log all the events within the appliance and be configurable to be pushed to external syslog server

2

The solution should be able to automatically collect configurable log files and push it into external syslog server through: - HTTP/HTTPS - FTP/SFTP

3 The solution should have the capability store logs in the appliance memory for a minimum of 30 days before being pushed into an external syslog server.

4 The solution should log all configuration/changes made by administrators (Audit Trail) and should be configurable to be pushed into a central log server

A.7 REPORTING

1

The solution should provide real time System/Appliance Monitoring / Utilization - HDD/RAM utilization - Cache used - Memory status - Web Traffic

2

The solution should create custom reports on a granular and/or enterprise level such a s (but not limited to): - Usage Report of Specific User/IP/Group based on Time/Date - Report for all users who have been accessed the specific URL - Usages report based on Time & Date - Top service user - Most requested service

3 The solution should provide ad hoc reports including histories and trends

4 The solution should provide automated Real- Time Live reports to assess the performance and volume of traffic being utilized.

5

The solution should provide Real- Time reporting to track - Volume of HTTP, - HTTPS and - Non-HTTP traffic flowing through the network.

Data Management :

SR. NO. TECHNICAL SPECIFICATION

72 | P a g e

1 The proposed tool should be in leader's quadrant for Gartner and Forrester

2 The ETL tool should provide native access Industry leading RDBMS like ORACLE, DB2, SQL Server, Sybase, MYSQL and appliances like Netezza, Teradata, etc.

3 The solution should provide a pre-built transformation to use SOAP (Simple Object Access Protocol) and REST (Representational State Transfer) to access a web service as a source for the ETL process

4 The solution should provide specialized table loaders to provide optimized bulk loading of databases such as Oracle, Teradata and DB2.

5 The solution should provide support for Message-Oriented Middleware, including Web Sphere MQ from IBM, MSMQ from Microsoft and Tibco’s Rendezvous

6 The solution should provide file reader/writer for Hadoop file system (HDFS).

7 The solution should provide a graphical development environment for authoring Hadoop-related code including Pig, Hive, MapReduce and HDFS commands

8 The solution should provide integrated workflow scheduling, automatic load balancing and grid computing support

9 The solution should be able to seamlessly call Data Quality functionalities such as data standardization (standardizing city, state etc.) as part of the ETL process flow

10 The solution should be able to seamlessly call Data Quality processes as a web service for de-duplication, as part of the ETL process flow

11 The ETL tool should provide for Multiple-user design environment with a governance mechanism to prevent corruption of data integration related objects, and also supports collaboration on large, enterprise wide projects.

12 The solution should generate code for ETL process flows created through the GUI which can be viewed / edited by the developers if required

13 The ETL tool should be rich in the set of in-built transformations and functions that should include predefined table and column-level transformations including slowly changing dimensions (SCD type1 and type2)

14 The solution should provide the ability to create User Written Code transformations, which allows leveraging custom code as part of the ETL process flow

15 The solution should provide the capability to create customized transformations which can be reused across ETL process flows

16 The solution should provide the capability to import native user-defined functions from databases such as Oracle, DB2, and Teradata and have them available for use in expressions in the ETL process flow

17 The solution should have the capability for ELT processing which facilitates execution of the process flow inside a database, providing enhanced execution and performance

18 The solution should provide a utility to check if a particular transformation can be executed inside the database

19 The solution should have the ability to perform the complete process of extracting and transforming the data and loading it into a datamart and generate reports as part of the same ETL process

20 The solution should provide an out-of-the-box transformation to support conditional processing within jobs, allowing distinct portions of a job to be

73 | P a g e

defined to run conditionally

21 The solution should provide in-built analytical transformations for statistical functions such as correlations, distribution analysis, one-way frequencies, summary statistics etc. as part of the ETL process flow

22 The solution should provide an in-built analytical transformation to perform forecasting on time-series or transactional data as part of the ETL process flow

23 The solution should have the ability for Command-line job deployment options for deploying single and multiple jobs

24 The solution should provide the ability to execute external OS level commands such as call shell scripts as part of the ETL process

25 The solution should provide a single metadata repository which provides the ability to track data lineage by performing impact and reverse impact analysis visually, through a graphical user interface

26 The solution should have the ability to perform complex search (based on object name, type, date range etc.) of the metadata repository and should also be able to save search criteria for reuse.

27 The solution should have the ability to import and export relational metadata in external formats to exchange metadata with third-party applications

28 The solution should provide the ability to export metadata as a package for backup and archival and import the same through a wizard driven interface

29 The solution should have the ability to compare the metadata being imported with the existing metadata to better facilitate change management

30 The solution should provide a wizard driven interface to perform column standardization on table metadata on column lengths, formats, and other attributes that you would like to match between the tables.

31 The solution should provide metadata reports that provide an easy-to-understand view of the metadata for users to view the content.

32 The solution should provide the capability to generate metadata reports which can provide the requisite information related to tables, process flows etc. used as part of the ETL process

33 The solution should have the ability to easily capture and display performance information such as real time, CPU time, memory use, input/output, and record count data as a table / graph

34

The solution should provide enhanced visual de-bugging capabilities: - To run a particular transformation - To run an ETL flow from / up to a particular transformation - To run an ETL flow step-wise

35 The solution should provide the capability to assign checkpoints in the ETL process flow to ensure recovery and de-bugging in case of failure, interruptions or errors

36 The solution should provide enhanced logging capabilities accessible from a log tab which can help determine the point of failure of the ETL process and the corresponding error highlighted in the code

37

The solution should provide the capability to display warnings of a job being changed since previous open, with a brief description of the change, to facilitate use in a collaborative user development environment

Data Profiling and validations

1 The solution should provide a graphical user interface to profile the data to understand and analyze the quality of data

74 | P a g e

2 The solution should provide the following capabilities w.r.t. the profiling of data: - Data sufficiency analysis in terms of null count, blank count, unique count etc. - Data Statistics such as min, max, mean, median, mode, standard deviation etc.- Performing structure discoveries - Computing frequency distributions - Computing pattern frequency distributions - Computing metadata validations and statistics - Identifying outliers and percentiles - Identifications on range and domain checks - Identifying referential integrity (pk/fk relationship) analysis - Performing redundant data analysis

3 The solution should provide the capability to create data profiling reports in the form of pie charts, bar graphs etc.

4 The solution should provide the capability to drill through to source level information in the data profiling report

5 The solution should perform the data quality functionalities without creating a copy of the data in a proprietary/external format?

Data Cleansing & Data Preparation Compliance:

6 The solution should have the ability to correct mistakes in spellings, inconsistencies, casings and abbreviations

7 The solution should have pre-built libraries for standardization of INDIA specific data

8 The solution should enable parsing of data into atomic level information for better matching

9 The solution should provide safe string encode/decode capabilities 10 The solution should provide Java code executions

11 The solution should provide a unified capability and system for both offline and online Dedupe

12 The solution should provide following transformation nodes pre-built: - Custering - Pattern Analysis - Basic Statistics - Frequency Distribution - Identification Analysis - Gender Analysis Clustering, Integration & Master Record Generation Compliance:

13 The solution should have the capability to identify duplicates and cluster records

14 The solution should have intuitive, flexible rules to identify households?

15 The solution should have the capability to provide fuzzy logic to induce tolerance during matching

16 The solution should have the ability to have options for automatic merging of clustered records

17 The solution should have the capability to enrich data from internal data sources

18 The solution should have the capability to enrich data from external/third party data sources

19 The solution should enable in-database data quality on appliances such as Teradata that helps cleanse large volumes of data, integrate all data sources

75 | P a g e

before loading to the data warehouse and, in the end, empower executives to make more accurate decisions.

20 The solution functions should run within the Appliance which will help meet your data quality requirements – and, in the end, build a strong foundation for business analytics with cleansed and integrated data.

21 The solution should have the capability to enrich data from external/third party data sources

Monitoring Compliance: 22 Does the system provide audit trails? 23 Does the system have the capability to set alerts? 24 Does the system enable enforcing data governance rules? 25 Can we create customized rules to validate and audit operational processes?

26 Can we understand and refine mission-critical processes by logging exceptions and violations?

27 Can the system invoke events to correct the data? INDIA Data Specific Capabilities Compliance:

28 The solution should have INDIA specific vocabulary libraries 29 The solution should have INDIA specific grammar rule libraries 30 The solution should INDIA specific phonetics libraries 31 The solution should have INDIA specific standardization rules and libraries 32 The solution should have INDIA specific regular expression libraries

33 The solution should have rules to identify individuals and organization from the customer data

34 The solution should have the ability to identify gender of individuals using the INDIA specific vocabularies

35 The solution should have the ability to be customizable in terms of the vocabularies, grammars, phonetics, standardization rules, etc.

36 The solution should have intelligent logic for INDIA names, addresses, phone numbers, national ID, passport number and other identification proof documents and demographic details

76 | P a g e

1. Para D of Priced BILL OF QUANTITIES (Commercial Offer) in the Tender Document may be read as

2. Para R, “Hardware setup for Online Examination and Answer Script

Evaluation System” of Priced BILL OF QUANTITIES (Commercial Offer) in the Tender Document may be read as

Field Level offices–Scanning/Evaluation Centers It is proposed to have one scanning center in each district and one evaluation center in each university for the smooth implementation of the proposed system. The following is the hardware and system software requirements at the district center (Scanning Station (SS)) and Evaluation Centre (EC) at every university campus for the Electronic Answer Scripts Evaluation (EASE) system.

Approximate number of items required for the project

(Hardware, System Software & Manpower)

Loc. ID. Name of the Location No. of

Locations

Rate per Unit in Rs.

(Inclusive of all Taxes)

In figures

In Words

A.

Application Development Unit at Higher Education Council 01

Sl. No. Description Qty.

I Hardware Items 01. PC/Desktop 10

02. 23 inch Monitor for the above three PCs 03

03. Rack Mount Servers 02 04. External Hard Disk of 1 TB 02

05. 7 inch Mobile/Tablet with Android OS 02

06. 10 inch Tablet with Windows OS 02 07. DSC 01 08 FIT (UID Compliant) 02 09. Thermal Printer 01 10. Inkjet Printer 01 11. Laser Printer 01 12. DMP 136 Col 01 13. DMP 80 Col 01 14. Multi Functional Unit 01

77 | P a g e

15. 24 Port L2 Switch 01 II System Software Licenses

01. Windows 2012 Server OS Std Academic License 02

02. MS SQL Server 2012 Std Academic License 02

03. Visual Studio 2013 Professional Edition with 5 User Licenses 01

04. RAD PDF Control Development License 01

05. API/SDK for Scanner integration 01

B.

Data Centre at Bengaluru 01 I Hardware Items

1 Rack Mount Servers 10 2 42 U Rack 02 3 KVM Switch with Console 02

4 Core Router, Firewall& Switch with a provision of LAN/WAN ports configuration

02

5 24 port Network L2 Switch for LAN 02 6 Server Load Balancer 02 7 Link Load Balancer 02 8 SSL VPN 02

9 SAN storage for storage and retrieval of scanned answer booklets 10 TB size

01

10 WAN/Network Optimization Appliance 01

11 Fibre channel Switch for SAN storage minimum 8 ports 01

12 External Tape drive Backup device for regular backup of SAN storage data/images

01

13 10 KVA Online UPS with 2 hours backup 02

14 20 KVA Diesel Generator 01 15 Core Switch 02 16 Firewall With IPS 02

II System Software Licenses

1. Windows 2012 Server Operating System Enterprise or higher 10

2. MS Sharepoint Portal (SPP) 2013 Enterprises or higher/latest 05

3. MS SQL Enterprise licenses 2012 or higher 02

4. Server based Antivirus Software Licenses 01

5. Data Loss Prevention System 01 6. Backup Solution 01

78 | P a g e

7. Archiving Solution 01 8. Security Analytics & Web Gateway 01 9. Data Management 01 10Document Security 01

1 Required Software’s for Email and SMS Gateway Servers 02 Each

12RADView Controller for PDF Images access through SPP 01

13

Network Monitoring System with adequate number of Hardware appliances/Servers including system software’s if any required

01

14End Point Analytics 01

2C.

Scanning Station [One at each District Headquarter] 30

I – Hardware Items

Router cum Firewall with Switching facilities with a provision to LAN/WAN ports configuration

01

4U Rack 02

Scanner (Scanning cum Bar�code reading feature) 10

24 Port Network L2 Switch for LAN 01

Windows based Desktop PC with 23 inch Monitor 10

20 KVA Online UPS with 2 hours backup 01

25 KVA diesel generator 01

WAN/Network Optimization Appliance 01

II – Man Power to manage the IT/Network Infrastructure

Network Engineer for day to day support on network related issues 01

D. Evaluation Centre [One at each University] 17

I – Hardware Items

Router cum Firewall with Switching facilities with a provision to LAN/WAN ports configuration

01

4U Rack 09 48 port Network L2 Switch for LAN 03 24 port Network L2 Switch for LAN 01

Windows based Desktop PC with 23 inch Monitor 150

20 KVA Online UPS with 2 hours backup 03

25 KVA diesel generator 02 WAN/Network Optimization 01

79 | P a g e

Appliance High End Scanner 01 each Book Scanner 01 each II – Man Power to Manage the IT/Network

infrastructure

Network Engineer for day to day support on network related issues 01

Total

Sl. No. Item of Work Unit

Rate, (In Percentage

of the Total Value)

1 AMC for 2nd year for the items. Annually 2 AMC for 3rd year for the items. Annually 3 AMC for 4th year for the items. Annually 4 AMC for 5th year for the items. Annually 5 AMC for 6th year for the items. Annually 6 AMC for 7th year for the items. Annually Total