Professional Documents
Culture Documents
Nodes.
2.2.1.2.
2.2.1.3.
UTP Cables.
2.2.1.4.
Racking System.
2.2.2.2.
2.2.2.3.
2.2.2.4.
2.3.5. Web Security appliance with embedded URL ilter for 200 users.
2.3.6. Web Anti-Virus Gateway for 200 users.
2.3.7. Network Admission.
2.3.8. Security Management System.
2.3.8.1.
3. Documentation
3.1. System Acceptance.
3.2. Testing.
3.3. Testing Strategy.
3.4. Identification.
4. Training
4.1 On-hand training.
4.2 Formal training.
5.
of Page
- All the technical specifications mentioned here in the RFP is the minimum requirements and must not less than these
specification, any more specification is a plus and will be evaluated.
- Bidder must provide, along with the submitted bid, a list of successful, similar local installations; Meaning:
- Equivalent or larger in size;
- A system installed that is roughly equivalent to Submitter's requirements.
- The Bidder must provide Bill of Materials in the technical proposal meet the same sequence presented in his financial
proposal identical to the sequence of the RFP.
Explanation
Access Control List
Advanced Encryption Standard
Access Node
Address Resolution Protocol
Asynchronous Transfer Mode
bits per second
Basic Rate Interface
Committed Information Rate
Configuration Management Plan
Customer-premises equipment
Data Encryption Standard
Dynamic Host Configuration Protocol
Document Management System
Drainage Database
Digital Subscriber Line
Digital Subscriber Line Access Multiplexer
Dual Tone Multi Frequency
Equipment Monitoring and Evaluation System
Environmental Media Services
Entity Relationship Diagram
Frame Relay
File Transfer Protocol
Firewall
Head Quarter
High Speed Serial Interface
Installation & Checkout Plan
Intelligent Packet Loss Recovery
IP Packet Loss Ratio
Intrusion prevention system
Integrated Services Digital Network
Kilo bits per second
Keyboard, Video or Visual Display Unit, Mouse
Local Area Network
Light Crystal Display
Lines Per Minute
Mega bits per second
MLD Data Center
Management Information System
Ministry of Local Development
Microwave Landing System
Master Node
Multi Protocol Label Switching
Microsoft Office Communications Server
of Page
Term
NAT
NOC
OAT
POP
PP
PPS
PRI
PSTN
PSTN
QA
QAP
OTDR
QoS
RAID
RAS
RDBMS
RFP
RN
Rpm
RSVP
SAN
SAT
SCCP
SCSI
SDD
SDDD
SIP
SLA
SNMP
SRR
ToS
URI
UTM
UTP
VoIP
VPN
WBS
WLAN
Explanation
Network Address Translator
network operations center
Operational Acceptance Test
point-of-presence
Project Detailed Plan
Packets Per Second
Primary Rate Interface
Public Switched Telephone Network
Public Switched Telephone Network
Quality Assurance
Quality Assurance Plan
Optical Time-Domain Reflect meter
Quality of Service
Redundant Array of Inexpensive Disks
Remote Access Server
Relational Data Base Management System
Request for Proposals
Remote Node(Branch)
revolution per minute
Resource Reservation Protocol
Storage Area Network
Site Acceptance Test
Skinny Client Control Protocol
Small Computer System Interface
System Design Documents
System Detailed Design Document
Session Initiation Protocol
Service Level Agreement
Simple Network Management Protocol
System Readiness Review
Type of Service
Uniform Resource Identification
Unified Threat Management
Unshielded twisted pair
Voice over IP
Virtual Private Network
Work Breakdown Structure
Wireless Local Area Network
of Page
NO
1
Name
Dokki Site.
administration Site
4
Dokki Site.
of Page
Dokki Site, Garden City Site, General Secretariat of the local administration Site, Sakkara Training
center , ELharam data entry Center and Kasr El Aini site will be connected Together through MPLS
IP-VPN Connections.
The following table indicates the total bandwidth required in every branch
NO
Name
Internet
B.W/Mbps
MPLS IPVPN/Mbps
Dokki Site.
The Master Node (MN) holds all records related to RNs (security certificates, accounts,
passwords and other information) and will push them down to each AN, The MN failure
does not impact the ability of RNs to connect and access to the MLDC and related
services. However recovery of the MN will be required for non-routine tasks (like
adding a new RN).
.
Each leased line connection presented as Ethernet interface will terminate directly on
HQ Appliance where load-balancing and bandwidth aggregation will be provided.
The connection between the MN and the two ANs will use a VLAN segregated from the
VLAN used to route traffic between RNs connected to different ANs.
of Page
The two ANs will terminate the tunnels and provide to their connected RNs basic
services like AAA and internal DNS.
If one of the ANs goes down for maintenance or failure, all the RNs will reconnect to the
second active AN.
Each remote site is equipped with one RN. Depending on the Broadband connectivity
utilized at each remote site, the Appliance will be equipped with required Broadband
WAN support.
The connections of RNs to ANs will follow a load-balancing criteria and in normal
conditions (i.e. when both ANs are active), its expected that the number of nodes
connected to each AN will be about the same.
- Logical topology:
The logical connectivity for the data MPLS VPN will be any to any such that every site will
communicate directly with the HQ as well as any other site (if required) without the need to
communicate firstly with the HQ as shown in figure.
Any combination of logical connection could be done during the implementation phase.
The above diagram represents a generic functional layout of the network and the bidder has the full
freedom to propose alternative architecture that delivers similar functionalities.
of Page
1- The Bidder should explain how the offered bandwidth (both of the internet traffic as a dedicated bandwidth as well
as the IP VPN MPLS traffic) can be granted end-to-end from the MLD Router to the ISP international gateway
router and how he can perform necessary IP routing for connecting with Internet and MPLS IP-VPN and should
explain in details how complete separation of the Internet as well as MPLS IP-VPN traffic from the commercial
Internet traffic can be ensured to achieve the dedicated bandwidth condition.
2-
The Bidder should provide the solution to ensure the traffic needs and support all kinds of service (i.e. QoS for
voice and video and data communications between The HQ and all branches).
3- The Bidder should present all the legal documents and licenses that prove its capability of delivering this service.
4- The Bidder international gateway facility should be explained in details. This should include the following:
a-
4- The Bidder Point of Presence (POPs) from which the MLD internet traffic can be granted exchange should be
explained. This includes:
a- How many routers , their technical specifications and redundancy.
b- Uplinks Bandwidth, utilization and backup links.
c- DSLAMS types, utilization and uplinks speed
5- Any other Bidder Point of Presence used throughout the MLD internet traffic path to reach the Bidder international
gateways should be explained. This includes:
a-
6- Site Survey is a must in order to achieve the availability and the integrity of the offered bandwidth.
7- If any Bidder POP throughout the offered solution will be upgraded to offer the needed service by the MLD, all the
guarantees should be submitted by the Bidder to ensure this upgrade. This includes links contracts, devices bills,
8- The Bidder should guarantee that the MLD offered bandwidth will not exceed 3 HOPs to reach the ISP international
links i.e. first HOP from the MLD site at the exchange that will provide the bandwidth or any other POP (according
to the Bidder offered solution), second HOP from the ISP POP to another intermediate POP and the 3rd and HOP to
the Bidder international links.
of Page
9- The offered bandwidth at the exchange that will provide the bandwidth should be distributed over separate local
loops any more added loops for redundancy is a plus. Also, distributing the bandwidth over the exchange that will
provide the bandwidth POP and any other POP for redundancy is a plus.
`
10- Real IPs for all serials should be provided in order to facilitate the monitoring procedures.
11- At least 1 class C subnets from the ISP IP Pool should be offered. Any more offered class C subnets are a plus.
12- The solution should be integrated i.e. no extra hardware or software should be requested to assure the connectivity
between sites and the internet.
5- Minimum time to response to a fault reported to the ISP NOC or customer care.
6- Minimum time to resolve a fault reported to the ISP NOC or customer care.
7- Maximum notification period before any Maintenance procedure carried out by the Bidder that may cause any
degradation or outage for the normal operation of links
8- MLD must get a 24X7 service and will not accept any downtime on any of its links.
9- The SLA should cover the Bidder international links, internal network and the local loops ,CPEs and the routers
to the MLD sites i.e. all the MLD offered bandwidth path to the international links.
10- Each Bidder should explain how he identifies link failure and degradation of service.
11- Each ISP should explain penalties and deduction in monthly fees in case of link failure and/or degradation in
service. This should be categorized as down time /Day, cumulative down time/Day, cumulative downtime /Month,
degradation of service /Day, cumulative degradation of service /Day, cumulative degradation of service/ Month.
Also, all the penalties should be categorized as per link and per total number of links.
of Page
Bidder should submit action plan for the installation procedures including milestones
and deliverable reports. The Bidder should explain in details in the action plan how he
can guarantee full operation of the new installed lines with the existing MLD lines from
the routing perspective and to ensure minimum or no down time during the transition
process to the new links.
of Page
of Page
Minister's office in Dokki building and each one has an internal network which will be
connected through UTP Uplinks based on a star topology as shown in figure.
of
the
Ministry
Dokki
switch will has 70 nodes distributed in all Rooms connected to the main switch.
-
Minister's office in Garden City will have 50 nodes distributed in all Rooms and will be
aggregated in one rack, which contains the edge switch and router connection to the main
switch.
General Secretariat of the local administration will have 68 nodes distributed in all Rooms
and will be aggregated in one rack , which contains the edge switch and router
connection to the main switch.
ELharam data entry Center will have 40 nodes distributed in all Rooms and will be aggregated
in one rack, which contains the edge switch and router connection to the main switch .
Sakkara Training center will have 40 nodes distributed in all Rooms and will be aggregated
in one rack, which contains the edge switch and router connection to the main switch.
Organization for Reconstruction and Development of the Egyptian Village will have 90 nodes
distributed in all Rooms and will be aggregated in one rack, which contains the edge switch.
of Page
The proposed network should support Virtual LANs (VLANs) to allow grouping of users in any logical
combination, not restricted by their physical locations or sub-networks. All
routing between VLANs should be achieved internally through the Layer 3 core switch.
The bidder should conduct a requirement study after the award of the tender to clarify
and confirm user requirements prior to the actual design and development of the system.
The bidder should provide, install and configure all equipment including switches, racks and any other
necessary accessories.
The bidder should mount the proposed switches on to new racks to be supplied by bidder in this works
, complete with proper cable management and power distribution units.
Bidder should highlight any constraint with the proposed solution especially pertaining
scalability.
Bidder should propose upgrade path as the network requirement increases.
The bidder should be responsible for patching all the network cables from the switches and
all other network equipment to the proposed core and edge switches.
of Page
to
The bidder should ensure that The MLD network has healthy operations after the patching exercise.
The bidder should label all new equipment and cables (both data and power) according to The MLD
standards of labelling.
Routes
The bidder should agree the routes to be taken by trucking in particular the main containment
systems, in consultation with representatives of MLD.
MLD recommends the location of concentrationpoints to be used in the installation.
MLD will also identify any exceptions to the rules governing the number of workplaces outlets t
o be installed in each area of the installation.
Concentration points
Each installation will involve establishing or expanding one or more network
concentration point.
Each concentration point will consist of one rack or multiple racks, Contains up
to around 50 premises cable terminations per rack, one or more data uplinks,
active data equipment units, and ancillary equipment such as power supply
protection and cable management units
The bidder will be responsible for the movement & replacement of all furniture and other items
required , in negotiation with the MLD.
The bidder is obliged to ensure that no premises cable has a length of more than 90m from con
centration point to workplace outlet. Where a choice of concentration point location presents a
significant risk that this 90m limit will be exceeded, the bidder must obtain approval from
MLD prior to the beginning of the installation.
Upon completion of the initial cabling Any damages in the buildings by the bidder Should be
fixed by the bidder and an his own, all holes and methods of entry should befilled with
a suitable firebreak material.
It is preferred that a material is used which can be easily removed and reused when required.
Where access holes are drilled into workplace areas from major trunking areas, the size of the
holes made should be sufficient for an additional 20% cables to be installed at a later date.
The bidder will need to ratify the planned layout before installation workbegins.
Location of outlets and Quantity
The location of outlets in office space should be chosen to achieve maximum distribution of do
uble outlets around the usable space, for the convenience of the office users.
Where cables in offices are not contained in multi-compartment trunking, the location of outlet
of Page
Complete ties and strips package should be provided for the cable management.
of Page
2.2.1.4
Racking System
All hardware must provide vertical and horizontal cable organizers for cross connects wire and
should be wall mounted Where the bidder has a choice of equally acceptable
concentration points, the bidder is expected to choose those which offer to MLD the highest
performance , lowest over all installation, and maintenance costs and suitable
for all active components installation. MLD must approve such choices.
of Page
Architecture
2.
Configuration
3.
Security Features
7.
Redundancy
6.
Quality of Services
5.
One E3 Port
2-ports 10/100/1000Base-TX Gigabit Ethernet LAN interfaces
At least 4 Interface card slots with free slots to accommodate future upgrades
Supports up to four network modules
1 slot for VPN Acceleration Modules
2 slot for Voice Processing Modules
Console cable, power cables and operating manuals
Protocols Support
4.
Management
of Page
Embedded web-based device-management tool for WAN access and security features
supports Telnet, TFTP, NTP and SNTP
Core Switch should be equipped with 24 RJ-45 10/100/1000 Port, and four SFP ports.
Switch should support full duplex operation on all ports with minimum of 32 Gbps
Switching fabric
Forwarding rate based on 64-byte packets :38 Mpps
Should Support Stacking
The switch should support per VLAN Rapid Spanning Tree.
Should support Inter-VLAN IP routing for full Layer 3 routing between VLANs.
The switch should be managed via SNMP protocol (preferably web -based Management
and configuration interface)
Per-port broadcast , multicast , and unicast storm control to prevent faulty end station
from degrading overall systems performance
The Switch should support four egress queues per port to enable differentiated
management of up to four traffic types across the stack.
Power supply requirements; 220VAC, 50Hz
All Manuals, Original CD's console cable, power cable, any other needed accessories
and software should be included.
Edge Switches with 24 Ethernet 10/100 ports and two dual Purpose port (10/100/1000 or SFP)
8 PoE Ports
1 RU fixed-configuration
LAN Lite image installed
Switch should support full duplex operation on all ports with minimum of 16 Gbps Switching
fabric
Forwarding rate based on 64-byte packets :6.5Mpps
The switch should support per VLAN Rapid Spanning Tree
Should support Inter-VLAN IP routing for full Layer 3 routing between VLANs.
The switch should be managed via SNMP protocol (preferably web -based Management and
configuration interface)
of Page
Per-port broadcast , multicast , and unicast storm control to prevent faulty end station from
degrading overall systems performance
The Switch should support four egress queues per port to enable differentiated management of
up to four traffic types across the stack.
Power supply requirements; 220VAC, 50Hz
All Manuals, Original CD's console cable, power cable, any other needed accessories and
software should be included.
of Page
Provide proactive threat defense to stop attacks before they spread through the network
Control network activity and application traffic
Multifunction appliance including:
Full-featured, high-performance firewall
Should be equipped with IPS
Performance
Interfaces
8 ports 10/100
1 T/SFP-based Gigabit Ethernet port
Management console port
of Page
Security
Manageability
CLI support
Embedded Web browser for initial switch configuration
Support extensive management using SNMP network-management platforms
SNMP v1, v2c, and v3 and Telnet interface support
VLAN trunks based on 802.1Q tagging
At least 255 VLANs per switch
At least 128 spanning-tree instances per switch
Group Management Protocol server functions
IGMPv3 snooping
TFTP Software Upgrade
Auto-sensing, Auto-negotiation and Auto-MDIX on all 10/100/1000 port
Dynamic Trucking Protocol (DTP)
Link Aggregation Control Protocol (LACP) that conforms to IEEE 802.3ad.
Performance
Standards
IEEE 802.1s, IEEE 802.1w, IEEE 802.1x, IEEE 802.3ad, IEEE 802.1D, IEEE 802.1p, IEEE 802.1Q
IEEE 802.3x full duplex on 10BASE-T, 100BASE-TX, and 1000BASE-T ports
RMON I and II standards
SNMPv1, SNMPv2c, and SNMPv3
of Page
Bidder should propose Host IPS for application servers & desktops.
Proposed solution should be easy to deploy, easy to configure, and easy to manage via a single
console.
The ability to aggregate and extend multiple endpoint security functions-the Security Agent
provides host intrusion prevention, distributed firewall, malicious mobile code protection,
operating system integrity assurance, and audit log consolidation, all within a single agent
Preventive protection against entire classes of attacks, including port scans, buffer overflows,
Trojan horses, malformed packets, malicious HTML requests, and e-mail worms
Should Support data loss prevention (DLP) feature
Zero update" prevention for known and unknown attacks
Industry-leading protection for servers and desktops, Unix and Windows
Application-specific protection for web servers and databases
An open and extensible architecture with the ability to define and enforce security according to
corporate policy
An enterprise scalable architecture-the Security Agent is scalable to 100,000 agents per manager
Future support of Integrated solution architecture with Network Admission or Access Control
(NAC)
2.3.5 Web Security appliance with embedded URL ilter for 200 users:
Support user authentication based on: LDAP, NTLM (single sign on) and active directory ( single
sign on ), radius, X509 certificate , built in username/group database, RSA Secur ID ( OTP), web
identity management systems, substitution realm, guest authentication, permit specific
authentication errors.
Supports at least HTTP, HTTPS, FTP, DNS, P2P, Telnet, IM, TCP-Tunnel, Windows Media, Quick
Time, Filtering Capabilities, P2P control proxy services.
Support operation in Proxy, transparent (cookies and IP), Bridging, WCCP modes.
Should support the hardware-based SSL termination (may be added in future)
Should be fail open if any hardware failure happen in the box for internet services continuity
Support multiple filtering policies based on: user based policies (user, group), location based
policies (IP, network) Service based policy (Protocol, Destination port), flexible destination based
policies (Domain, URL, Wild card URL, HTTP method), time of day.
Support controlling bandwidth management based on : client address, Content-type, Time,
Protocol via deploying multiple bandwidth classes (Minimum guaranteed bandwidth, Maximum
Bandwidth, and priority)
Support HTTP compression, Bandwidth optimization and protocol optimization
Managed via HTTP and HTTPS, CLI, Telnet, SSHv2 and support auto logout enforcement.
User-friendly GUI interface administration tool to create and maintain policies, view statistics,
Upgrade appliance OS.
Support Object caching, and Byte caching
Pre-defined policies
Content policy language to create custom text-based policies
Support configuration backup on a centralized FTP server and restore via HTTP, FTP and TFTP.
Support event tracking and notification alerts via e-mail, SNMP, Event log, and combined tracking
and notification
Send a SNMP trap and email notification incase of DOS attack events with date, time and level of
severity (Severe, Resource errors, Informational, Verbose).
Support user authentication to view specific reports for delegated management.
Enables administrators to generate reports that:
o Identify possible security holes
o Track potentially dangerous user activity
o Report on blocked traffic by category and URL
o Conserve network bandwidth resources by identifying abuse patterns
o Report on web usage by user, group location, URL, and other factors
o Real time reporting tool
o Historical reporting tools with the ability to customize and schedule reports for distribution by email.
Supports ICAP protocol, the bidder should mentions any other protocols supported
of Page
Equipped with at least 2x320GB SATA disk space and 2GB of RAM.
Should equipped with at least 2 10/100/1000 network interfaces
Should be fully integrated with above security appliance, highly recommended be from same
vendor, if possible
Providing protection against:
o Infected Web Email
o Spyware & SPAM Trojans
o Internet Worms
o Malicious HTTP & FTP Content
Scan HTTPS traffic to remove viruses from encrypted browser session downloads
Automated Virus updates
Definable update time frequency settings.
Must support the ability to:
o set timeout duration
o drop file if errors in scanning occur
o define trusted sites
o Heuristics fingerprint recurring files as infected or clean for non-cacheable content
o allow/deny lists with extensions along with file size and content type restrictions
o Customized alerts can notify administrators when a virus is found, AV updates are successful,
AV updates fail, subscriptions expire, files are dropped, or files pass without scanning.
o "Log files can be customized using standard logging formats and sent off-box via TCP or UDP
for processing"
o New firmware updates and release notes are sent to the appliance for administrator approval
and installation.
Should equipped with at least 2 10/100/1000 network interfaces
At least 70GB SCSI hard disk, with minimum 2GB RAM
Recognizes users, their devices, and their role in the network. Occurs at the point of
authentication, before malicious code can cause damage.
Evaluates whether machines are compliant with security policies. Security policies can vary by
user type, device type, or operating system.
Enforces security policies by blocking, isolating, and repairing noncompliant machines. Machines
are redirected into a quarantine area, where remediation occurs at the discretion of the
administrator.
Can apply posture assessment and remediation services to LAN-based user devices, wireless
users, and remote users connecting through VPN concentrators or dial-up servers.
Deployed in out-of-band. Deployment of the solution is in-band only during the process of
authentication, posture assessment, and remediation. Once a user's device has successfully
logged on, its traffic bypasses the appliances and traverses the switch port directly.
Manager provides port- or role-level control by assigning ports to specific VLANs, assigning
users to specific roles that map to specific VLANs, and providing a time-based session timeout
per role.
Enforced security policies by making compliance a condition of access
Minimized vulnerabilities on user machines through periodic evaluation and remediation
Significant cost savings by automating the process of repairing and updating user machines
Supports single sign-on for remote access users using certain IPSEC VPN and WebVPN clients
Configured to offer checks for from known Security Vendors Computer Associates International,
Inc. F-Secure Corporation McAfee, Inc. Microsoft Symantec Trend Micro Zone Labs
of Page
Vulnerability Assessment:
Support scanning of all Windows-based operating systems, Mac OS, and Linux machines.
Conducts network-based scans or can use custom-built scans as required.
Device Quarantine
Can place non compliant machines into quarantine to prevent the spread of infection while
maintaining access to remediation resources.
Quarantine can be accomplished by using small subnets, or by using quarantine VLAN
Security Policy Updating
Automatic security policy updates
Provides predefined policies for the most common network access criteria, including policies that
check for critical operating system updates and common antivirus software virus definition
updates.
Management
The Web-based centralized management console allows administrators to define the types of
scans required for each role and the related remediation packages necessary for recovery.
One management console can manage several servers.
Remediation and Repair
Quarantining gives devices access to remediation servers that can provide operating system
patches and updates, virus definition files, or endpoint security solutions
Administrators have the option of guiding and overseeing these fixes using the Appliance
enforcement agent.
Discretionary Certified Devices List
Supports creation of The Certified Devices List to simplify access for devices known to be clean
through other means.
If the Certified Devices List is empty, all machines are subject to scanning each time they enter
the network.
The Certified Devices List can be cleared either on scheduled bases or with one click during times
of high virus and worm activity.
Adapt to the flow of malicious code incidents by adjusting the scans required, the roles subject to
scans, the use of the Certified Devices List, and the types of remediation required. They can also
limit bandwidth and protocols used based on user roles.
VPN Provisioning
of Page
Supports Dynamic Multipoint VPN and generic routing encapsulation (GRE) IP Security (IPSec),
both with dynamic IP and hierarchical certificates.
VPN and Easy VPN services can be configured remotely
Configurations for automatic failover and load-balancing for head-ends are supported.
Firewall Provisioning
Enables administrators to configure policies for Firewall appliances, modules and Software-based
The software provides a single rule table for all platforms.
Reports firewall rules that overlap or conflict with other rules.
Group objects of a similar type so that a single access rule can apply to all objects in the group.
The software helps identify and delete rules that have no effect on the network.
The access control list (ACL) hit count feature checks to ensure traffic is flowing correctly.
Displays which rules match a specific source, destination, and service flow, including wildcards.
Device information can be imported from a device repository, imported from a configuration file,
or added in the software. Additionally, firewall policies can be discovered from the device itself.
Allows a user to apply a rule policy on groups of interfaces in a scalable manner.
IPS Provisioning
Enables administrators to configure policies for IPS appliances, modules and Software-based
Single-Interface, Multi-VLAN IPS Configuration- with inline support,
Gives the user the ability to assign VLAN pairs to a single interface.
Rate Limiting Configuration
Auto-Apply Signature Update IPS sensors with signature updates, minor releases, and patches.
Able to copy signature tunings from one device to many devices.
Global Event Configurations to all IPS sensors.
Detects out-of-band configuration changes made to devices by other management components.
Management Services
Device Grouping
Users can create and define device groups based on business function or location to. Devices
in a group can be managed as a single device.
Rollback
Provides the ability to roll back to a previous configuration
Workflow
Allows assigning specific tasks to each administrator during the deployment of a policy, with
formal change control and tracking.
Operational Management
Software distribution,
Device inventory reporting
of Page
of Page
of Page
An enterprise class solution that tracks and regulates configuration and software changes across
routers, switches, firewalls, load balancers, and wireless access points.
Provides visibility into network changes, enabling MLDs IT staff to identify and correct trends
that could lead to problems, while mitigating compliance issues, security hazards, and disaster
recovery risks.
Captures full audit trail information about each device change.
Automation of the complete operational lifecycle of network devices from provisioning to policybased change management, compliance, and security administration
Introducing the process-powered automation.
Bringing networks into compliance with corporate or regulatory standards is a non-trivial, laborintensive, and ultimately difficult task
Will help MLD in meeting compliance standards through a network compliance model that maps
device information, including configurations and run-time diagnostics, as well as policies and
user roles, into a normalized structure to prevent compliance violations before they occur.
Providing MLD powerful capabilities for managing compliance with government regulations and
industry standards for IT processes and best practices.
Will help to determine the compliance status of MLDs network resources.
Detailing the current compliance status of MLD network infrastructure with respect to the
government regulations and industry standards.
Generate detailed Visio diagrams MLD network automatically, greatly improving network
troubleshooting.
Providing valuable insight for troubleshooting and understanding layer 2 and layer 3
relationships.
The combination of layer 2 and 3 diagramming provides MLD with insight that cannot be matched
with one view.
Allow MLD to Automate large scale tasks and changes through template-based provisioning,
Automate software upgrades with image analysis & upgrade recommendation, Define who can
make which changes and when, and allow MLD to Update images and feature sets quickly,
reliably, and easily.
Reduce costs by automating time-consuming manual compliance checks and configuration tasks.
Pass audit and compliance requirements easily with proactive policy enforcement and out-of-thebox audit and compliance reports (ITIL, CISP, HIPAA, SOX, GLBA and others).
Improve network security by recognizing and fixing security vulnerabilities before they affect the
network, using an integrated security alert service.
Increase network stability and uptime by preventing the inconsistencies and mis configurations
that are at the root of most problems.
Use process-powered automation to deliver application integrations, which deliver full IT lifecycle
workflow automation, without scripting.
Support SNMPv3 and IPv6, including dual-stack IPv4 and IPv6 support. HP Network Automation
supports both of these technologies to provide flexibility in your protocol strategy and
implementation.
Use automated software image management to deploy wide-scale image updates quickly with
audit and roll-back capabilities.
of Page
of Page
Do Not Disturb: Extensions set to DND should not be interrupted by any calls except for
emergencies.
Call Announcement: Visual and/or audible alert when a busy station receives another
call.
Single Button Barge end users can press a single line key to join a call in progress. If the
line has multiple calls connected, then the authorized users can view the calls
simultaneously on the phone screen and determine which one to enter.
Conference Calls: At least 3 parties (internal and/or external) can get into a conference.
The system should also allow for the conference chairperson to drop off certain
members.
Call by Name: Extensions can be replaced by names.
Call Coverage: A call ringing at one extension can ring on a group of covering
extensions, and can be answered by any extension.
Call Privacy: Prevents any user from accidentally or deliberately bridging onto a live
call.
Authorization Code: Allows authorized users to override access restrictions assigned to
any station.
Hunt Groups: Groups of extensions can be established to answer multiple /
simultaneous calls placed to a certain DID number.
Trunk Groups: The system should support trunk groups
Automatic Line Selection: Incoming / outgoing calls should automatically select the
proper line to go through.
Multiple Lines assignment: Multiple extensions and/or CO lines can be assigned to the
same station.
Join across Lines users can join calls across different lines that appear on their phone.
The feature enables the executive staff and other users to swiftly connect different
parties into a conversation.
Directory dial from phone, Corporate and personal: The user can search for his/her
contacts through the phone's screen & can dial the number directly
Directories: Missed, placed, and received calls list stored on the IP phones
Arabic Language: The CPS should support Arabic Language on the IP phones (beside
the English Language)
In case of more than one CPSs are connected within the same system, a uniform
numbering plan should be maintained.
The system should support silence suppression as well as echo cancellation. The bidder
should describe the mechanisms used to provide both features.
The bidder should demonstrate the QoS capabilities of the proposed system in order to
guarantee the voice quality. Factors like packet loss, delay and delay variation are
minimal to be described.
The system should also provide call admission control to keep track of bandwidth
utilization as well as bandwidth allocation for new calls.
The systems should support open standards to allow integration with third-party
applications.
The bidder should describe backup procedures recommended for his offered system.
Bidder should also specify the backup media (floppy, tape, CD, etc).
The CPS should be managed via CLI, SNMP protocol (preferably SNMPv3) or web-based
management and configuration interface.
of Page
Each CPS should be supplied with latest software release, original user and installation
manuals as soft-copies (CDs), console cable, power cables, and any other needed
accessories for mounting the system into a data cabinet.
Compatible with MS OCS to make and receive PSTN calls
Failover of MS OCS protocol to SIP protocol
2.5.1 IP Phones
IP Phones are required to be with deferent levels for Top Management, Branch Managers,
Employees, Managers Secretary and Operators. Vendors should provide his option regards
these categories. Each IP Phone should be with minimum features as follow:
MS OCS support
Pixel-based display
A pixel-base display provides supplemental information, access to applications, and
makes it easy to use telephone features.
Calling name and number display
G.711 and G.729a audio compression
Identifies incoming messages and categorizes them for users.
Allows users to quickly access diverse information such as weather, stocks, quote of the day, or
any Web-based information using extensible mark up language (XML) to provide a portal to an
ever-growing world of features and information.
Online help feature gives users information about the phone's keys, buttons, and
features
Call Waiting
Call Forward
Call Transfer
Three-way calling (conference)
On-hook dialing, Pre-Dialing, and Off-hook dialing
Redial
Call hold
Call monitor
Speed dials configurable bottoms
IP Phones can be Identified to Three different call processing for redundancy
Colour display, 16-bit colour depth, 320 x 240 effective pixel resolution
Eight phone lines support
Full-duplex speakerphone with acoustic echo cancellation
Should be equipped with at least Two 10/100/1000BaseT Ethernet ports
At least 24 defined user-selectable ring tones are available
Support local or power of Ethernet as power source
Supports differentiated services code point (DSCP) and 802.1Q/p standards.
Support secure VPN, TLS and SRTP
Support MS OCS
of Page
Section 3: Documentation
The System should not be deemed to be operational and complete until full and complete
documentation has been submitted and accepted by MLD. During Implementation, the vendor will pro
vide a full set of documentation required to operate and maintain the proposed system including
hardware, software, and training and operations users and reference guides.
The bidder will provide one electronic and paper master copy from which they may make in-house
copies. Graphical representation of equipment and network structure is to be provided on a Visio for
mat. Electronic copy must be in one continuous document and separate Visio document.
The bidder must prepare diagrams showing the locations and layout of the concentration points
of Page
any part of the documentation provided by the Bidder for its internal use.
The Bidder should provide any revised editions, supplementary materials or new
publications relevant to the System and documentation on enhancements at no
additional cost to MLD.
The above specifications should apply for documentation and manuals of Third Party hardware,
software and equipment.
As a guide, the operator manual should include, but not limited to, instructions for the following proce
dures:
As-Built Diagrams
Network Tests.
After installing the system hardware and performing appropriate diagnostic tests, the bidder
will certify that hardware is functioning correctly. MLD may request specific demonstrations
of the hardware readiness.
Upon completion of field installation of the network and training, the bidder will certify that the network is read
y for acceptance. The bidder will be required to demonstrate all system functions to MLD Satisfaction.
Any problems found during this demonstration will be immediately corrected by the bidder after which time ML
D will verify that corrections have been made and accept the system.
The bidder will then perform final system testing. Upon completion of the final system testing, the
bidder will certify that the network has passed the final system test criteria.
3.2 Testing
Prior to completion of the contract, full test results and documentation should be submitted to MLD
for approval.
The results should be delivered in native electronic format, not in a text editable format, though paper
copies must be made available on demand.
If any specialist software is required to read these results, this should be supplied free of charge by the
contractor.
The installer must give MLD less than one weeks notice for attendance when any testing is to be carried out.
of Page
umber containing the concentration or adjacent to it, if the concentration point is in a corridor space.
Where there is no obvious room adjacent to a concentration points, a scheme based on the floor
number, G for ground, 1 for first floor, etc and the geographical location, E for eastern wing, etc will be
used. Such schemes must be agreed with Ministry of Local Development.
Further, each cabinet or rack within each concentration point should have a unique identifier,
typically a letter. Concentration points should display the identification number in a prominent position using a
permanent label.
Notice should be taken of environmental conditions within which the concentration point
is located and measures taken to ensure that the label will not fail or become obscured.
Section 4: Training
4.1 On-hand training:
Onsite training is required to describe all operational tasks for proposed systems and
the troubleshooting process required for the operation for two engineers.
of Page
of Page
of Page
of Page
of Page
(SLA)
Presentation
of Page
of Page
(1.2 RFP General Rules)
of Page
2.5
2.2.1
Passive Components
(sub contractors)
(vendor warranty
UNDP
of Page
mohamedi @ mld.gov.eg
of Page