Internet Links & Firewall Tender

Internet Links & Firewall Tender

T BUS15-05

Invitation Document

Derry City & Strabane District Council

Council Offices

98 Strand Road

Derry

BT48 7NN

Email:

Web:

Table of Contents

Contents2

Introduction & Scope of Works3

Instructions to Tenderers9

Evaluation / Award Criteria17

Form of Tender20

Terms & Conditions22

Form of Assurance 23

Collusive Tendering Certificate24

Declaration of Commitment to

Promoting Equality of Opportunity25

Fair Employment Declaration27

Prompt Payment Certificate 28

Statement Relating To Good Standing 29

Freedom of Information32

Non Submittal Form33

Introduction & Scope of Works

1. Introduction

Derry and Strabane District Council have a Primary Data Centre location in Strand Road, Derry, and the Secondary Data Centre in Derry Road, Strabane.
To meet these needs for Internet connections and security at both locations, the Council seeks proposals from suitable providers for Unlimited, Unrestricted, Uncontended, Symmetrical internet connections in each location. (Managed Router to be included). Additionally the supply, training, installation, configuration and support of three UTM Firewalls and associated technologies which will make up the whole solution.

This will be signed on a One year deal; however, three and five year options are also sought by the Council and may be availed off.

The locations for the required connections are:

Council Offices, 98 Strand Road, Derry, Co Derry BT48 7NN
Council Offices, 47 Derry Road, Strabane, Co Tyrone, BT82 8DY

Internet Connection Solution Requirements:

The Council requirement is for 2 x 200mbit/s minimum commit, unlimited, unrestricted, uncontended, symmetrical leased line internet connections. One in each location: (Vendors can choose to provide a higher commit speed, however the minimum required is 200mbit/s.)

The connections must:

1. The expected day to day use is to be 200mbit/s per connection, the Council will have periods of burst activity above the minimum commit and wishes to have this capacity of 500mbit/s available on an instantaneous basis for each connection (i.e. without request from the vendor) without additional cost penalty.

1. Be in an active-active configuration i.e. both connections must be capable of operating on a day to day basis at 200mbit/s Internet traffic per connection with the 500mbit/s available at each locations also. The Council wishes to consider dividing user traffic between the two connections on a day to day basis therefore active-active connections are essential.

Note: Active- Passive solutions are not acceptable. Solutions routing solely over one connection with a passive second circuit are not acceptable.

1. Be supplied & quoted inclusive of a managed router capable and suitable for 500mbit/s Internet traffic. Vendors should detail their proposed routers which must be suitable to operate the proposed traffic levels.

1. Circuits must not be subject to traffic management by the vendor, i.e.

The vendor must not impose any restriction or prioritization measures of any types of traffic e.g. video, audio, streaming traffic, SIP or any other kind at periods of heavy use or at any other time.

IP Addressing Requirements

98 Strand Road, Derry, Co Derry BT48 7NN
27 Bit network with 30 Usable addresses is Desirable at this primary data centre location, however a minimum requirement of a 28 bit network and 14 usable addresses are the minimum acceptable.
47 Derry Road, Strabane, Co Tyrone, BT82 8DY
28 Bit network with 14 Usable addresses = minimum required.

Vendors must state the proposed provision of IP addresses

Failover

The Council wishes for the required connections to deliver failover for all traffic for all users in the event that their chosen connection for day to day use becomes unavailable. Both connections must be able to act as a failover for the other, i.e. both ways resiliency. Solutions offering a single designated primary and secondary connections are not acceptable.

IP Addressing redundancy should be built into the proposed solution in the event of a DR situation.

Automated or Manually activated solutions that can be carried out by the Council (i.e. without vendor intervention) may be proposed between these two links for failover or IP Addressing redundancy in the event of a DR situation.

The Council may give preference to the following:

-Solutions that offer automated failover (please provide a brief overview of how this will operate)

Support

A full 24/7 support service must be available for the proposed connections.

The provider should provide statistics for the service with minimum 99.5% availability per connection and a local helpdesk with proactive monitoring. The vendor must also provide the council with weekly overviews of each connection’s usage

Service levels of minimum 99.5% uptime for each circuit must be supported by an SLA. Vendors should provide their SLA as an addendum to their proposal.

Out of band monitoring & management must be included in the vendor’s proposal and costs.

A clear escalation process must be stated including providing the Council direct access to senior operational management in the event where such an escalation is required.

Vendors are requested to describe their support service, helpdesk location and support methodology in their response and how it meets the above requirements

Firewall Solution Requirements:

Derry and Strabane Council is seeking to procure

• 3 new firewalls,
• Appliance based Reporter solution,
• Secure Authentication Tokens
• Options for staff training.

The configuration will be as follows:

A pair of UTM Firewalls to work in a High Availability capacity at the primary data site and a single Firewall for the secondary data site. The potential for data thru put is significant and we require a firewall capable of up to 8Gbps with up to 6 million concurrent TCP Sessions.

We require an SSL VPN thru-put of minimum 350Mbps. IPS thru put of 2.8Gbs. Anti-Virus thru put of up to 2.5Gbps.

Due to the network setup at the new council, there is a minimum requirement of physical ports in the following setup 4 x Gigabit SFP slots and 6 x Gigabit RJ45 interfaces. Due to the redundant nature of the configuration, 8x5 vendore subscription support will be sufficient. Proposals should be for 1, 3 and 5 year options.

An Option for purchasing 10 and 50 One Time Authentication Tokens must also be included in the tender with the firewall having the provision to securely authenticate these tokens/remote users.

Please include the costs and locations for training of IT staff in relation to your proposed solution, also the frequency of dates available for this training. These courses should be in respect of both Admin and Engineer levels

Specification requirements

The Firewall requirement MUST meet all specification listings below. Suppliers should state if the proposed solution will meet these or not:

• Must provide integrated Web Filtering, Antimalware and Application control on a single device
• Must support both Proxy and Flow Antimalware
• Antimalware must support all traffic types, i.e. HTTP, HTTPS, Email, FTP etc
• Antimalware must have a local on box and Cloud based sandbox option
• Must support HTTPS inspection
• Must have a Proxy avoidance detection solution that includes HTTP based proxies and client application, specifically Ultrasurf
• Must be capable of being deployed as a Transparent Proxy, in both L2 or L3 Transparent Proxy
• Must be able to apply bandwidth control per application using Application Control
• User Quotas must be supported, by time and download limit
• User override must be possible
• Integrated IPS solution with the ability to identify, monitor and if required block IPv6 tunnelling such as Teredo.
• Must support IP reputation for both external and internal clients
• Must be capable of identifying end user devices and applying differing policies dependent on device in use
• Requirement for a hardware accelerated solution.
• The ability to virtualize the product to provide a minimum of 10 virtual units that function as multiple independent units. Each virtualized device must be configurable independently, must provide separate firewall rules / policies and routing capabilities and support overlapping IP addresses
• Must be able to seamlessly integrate with Active Directory to provide policy based authentication.
• Requirement for multiple authentication methods including: LDAP, RADIUS, TACACS+, Certificate (X.509), RSA/ACE (Secure ID) and potentially session based authentication.
• Ability to authenticate via the following protocols: HTTP, HTTPS, FTP, and Telnet.
• Requirement for full IPv4 and IPv6 support.
• Requirement for full Multicast support.
• Requirement for IPSEC and SSL VPN solution providing a user portal with virtual desktop provision to include 2 Factor authentication option within the box
• Full reporting on users showing
• Browse Time
• Sites visited
• Blocked Sites
• Bespoke reports when required
• Automatically generation of monthly reports and emailed to department heads showing activity of users in their department

The diagram above represents the envisaged setup for the new Firewalls. (Note, the size of the internet links depicted are for diagram purposes only, but it is envisaged that the secondary links could be availed off using the current Network NI links supplied to the Council)

Suitable System Integrators must have excellent knowledge of Firewall skills and the ability to migrate seamlessly from the current two site setup which currently employ a Cisco ASA Firewall at the Primary Data Centre at Strand Road Derry and a Sonicwall at the Secondary Data Centre in Derry Road Strabane.

Support and maintenance

The Council requires vendor support and maintenance on the above products – options for 1, 3 and 5 year 8x5 support options with the vendor. These options are to be vendor specific support packages, however, the Council wish to avail of the ability to call and log any problems with the chosen System Integrator to take care of all correspondence under the same SLA’s.

Internet Links Requirement

Firewall Solution Requirements

Optional

Instructions to Tenderers

1. Invitation To Tender

1.1Derry City & Strabane District Council principally invites detailed and costed proposals for Tender brief defined in Introduction & Scope of Works. Please ensure your submission includes all details as per section 19 of Instructions to Tenderers.

2Explanation of Documents / queries during the tender period / registration of intent to tender

2.1It is the responsibility of prospective facility/service providers (hereafter referred to as ‘tenderers’) or parties submitting ‘expressions of interest’ to obtain for themselves at their own expense any additional information necessary for the preparation of their proposals (hereafter referred to as ‘tenders’) or ‘expressions of interest’.

2.2Tenderers are advised to ensure that they are fully familiar with the nature and extent of the obligations to be accepted by them if their tender is accepted.

2.3Should any tenderer be in doubt as to the interpretation of any part of the contract documents, the Procurement shall endeavour to answer written enquiries. All queries must be submitted in writing to arrive with Procurement not later than 12Noon 30th October 2015by email to:

Email –

2.4All copies of written queries received, together with written replies will be sent to all tenderers not later than 5days before the date of return of tenders. All responses will also be posted on the Councils.

2.5In order to ensure receipt of written replies, all prospective tenderers are therefore requested to register their intent to tender in writing to Procurementby email as noted in Clause 2.3 above, including full contact details and indicating tender will be submitted.

2.6No representation, explanation, or statement made to a tenderer, or anyone else, by or on behalf of the Council, as to the meaning of any of the tender documents, or otherwise in clarification as aforesaid, shall bind the Council in exercise of its powers and duties under any subsequent Contract(s).

3Accuracy of Tender

Tenders must be submitted for the supply of all the services specified in the Form of Tender. Tenders submitted for part of the services only will be rejected. Tenderers must price separately for all items listed in the Form of Tender. The Council may reject any tender that is not priced separately.

4Information to be provided

Tenderers should provide a brief description of the overall organisation of their company. Tenderers must also include subcontracting information in this section if subcontractors will be engaged. Subcontractors must be named and their roles in the project briefly described.

Tenderers should provide this general background information:

• Company Address
• Contact person (s)
• Year established and company background
• Number of customers currently being serviced
• Comprehensive list of available services
• Provide any additional background information

Tenderers must complete and return all relevant tender/pricing, assurance and declaration forms etc.

5Submission of Tender Documents (and/or Additional Proposals and Expressions of Interest)

5.1The tender(s) shall be made on the Form of Tender(s) provided, and signed by the Tenderer. All Contract Documents, together with these Instructions and completed Form of Tender(s) should be forwarded, by registered post or delivered by hand and a receipt obtained to:

Tender for“Internet Links & Firewall Tender T BUS15-05”

Mr J Kelpie,

Chief Executive,

Derry City & Strabane District Council

98 Strand Road, Derry

BT48 7NN,

so as to arrive not later than 12.00 noon on 13th November 2015

Please provide 4 copies of your tender submission and one copy on USB Stick. These copies will enable your submission to be reviewed by tender panel

No UNAUTHORISED alteration or addition should be made to the Tender Form(s), or to any other of the Contract Documents. IF ANY SUCH ALTERATION OR ADDITION IS MADE OR IF THESE INSTRUCTIONS ARE NOT FULLY COMPLIED WITH THE TENDER MAY BE REJECTED.

5.2All documents requiring a signature shall be signed.

(a)Where the Tenderer is an individual, by that individual

(b)Where the Tenderer is a partnership by the two duly authorised partners.

(c)Where the Tenderer is a company by two directors or by a director and the secretary of the company, such persons being duly authorised for that purpose.

5.3Tenders shall be submitted strictly in accordance with the tender documents.

5.4 No alteration to the text of any of the Tender Documents will be permitted, and if any are made, the tender may be rejected. Failure to complete any part of the documents may also incur rejection of the tender.

5.5 Tenderers must ensure that all requested documentation is returned with the completed tender.

5.6No name or mark, including any franking machine slogan, is to be placed on the envelope to indicate in any way the identity of the sender.

5.7Tenderers or any representatives thereof will not be permitted to be present when the tenders are opened.

5.8All prices should be quoted in pounds sterling and shall be exclusive of VAT.

6The Basis of the Tender

The rates quoted in the form of tender section shall remain fixed for the duration of this contract.

7Period of Acceptance

The Tenderer is required to hold his tender open for acceptance for a period of 150 days from the closing date for the submission of tenders.

8Evaluation of Tender

8.1Evaluation/Award Criteria are outlined in next section.

8.2Derry City & Strabane District Council is not required to accept the lowest or any tender and may wish to award the contract as a whole or individual aspects depending on the strength of the successful team.

9Contract Documents take Precedence

The information given in these Instructions for Tenderers is given in good faith for the guidance of Tenderers, but if there is any conflict, the Conditions of Contract, Specifications, and the Pricing Documents / Form of Tender shall take precedence over these Instructions.

10Pre-Selection Interviews / Presentations

Tenderers are put on notice that they may be required to attend the Council Offices, 98 Strand Road, Derry, or 47 Derry Road, Strabane for procedural and technical presentations and/or interviews during the process of tender evaluation at no charge to Council.

11Contract Commencement Date

The contract will commence in January 2016

12Questions

All questions, requests or other communications regarding this tender must be made in writing to

13Late Submissions

Tenders submitted after the closing date will not be accepted.

14Expenses and Losses

The Council shall not be responsible for, or pay for, any expenses or losses that may be incurred by any tenderer in preparing their tender proposals.

15Preparation of Tender

It is the responsibility of prospective tenderers to obtain for themselves, at their own expense, any additional information necessary for the preparation of their tenders.

16 Confidentiality

All information supplied by the Council in connection with this invitation to tender shall be treated as confidential by prospective tenderers, except that such information may be disclosed so far as is necessary for the purpose of obtaining sureties, guarantees and quotations necessary for the preparation and submission of the tender.

17 Ownership of Tender Documents

These documents are, and shall remain, the property of the Council and shall be returned with the tender. If no tender is to be submitted, the documents shall be returned pursuant to the Council’s Invitation to Tender.

18Insurances