Table of Contents

1. TOR Overview and scope of work

1.1.1. TOR overview and scope .
1.1.2. RFP General Rules.
1.1.3. Acronyms and abbreviation.
2. Implementation and Operation
2.1. External Networks
2.1.1. Introduction and acknowledgment.
2.1.2. Leased lines General Specs.
2.1.3. The SLA should contain.
2.1.4. Monitoring and reporting.
2.1.5. Installation and Operation.
2.2. Internal Networks
2.2.1. Passive Components.
2.2.1.1.

Nodes.

2.2.1.2.

Horizontal Cabling system.

2.2.1.3.

UTP Cables.

2.2.1.4.

Racking System.

2.2.2. Active Components

2.2.2.1.

Core Routers: Qty (2).

2.2.2.2.

Core Switch: Qty (2).

2.2.2.3.

Access Switch: Qty (20).

2.2.2.4.

Branches WAN routers: Qty (5).

2.3. Security Solution

2.3.1. 1st stage irewall: Qty (2).
2.3.2. 2nd stage irewall: Qty (2).
2.3.3. Interconnection Switches.
2.3.4. Host Based IPS.
of Page

2.3.5. Web Security appliance with embedded URL ilter for 200 users.
2.3.6. Web Anti-Virus Gateway for 200 users.
2.3.7. Network Admission.
2.3.8. Security Management System.
2.3.8.1.

Security Management server: Qty (1).

2.3.9. UTM for Branches.

2.4. Network Management System
2.4.1. General Requirements.
2.4.2. Network Fault and Performance Management.
2.4.3. Network Configuration and Automation.
2.4.4. Network Management server: Qty (1).
2.5. Audio/Video Communication, Call Processing System
2.5.1. IP Phones.
2.5.2. Top Management IP Phones: QTY- 50.
2.5.3. Manager Level 2 IP Phones: QTY- 150.
2.5.4. MS OCS servers: Qty (3).

3. Documentation
3.1. System Acceptance.
3.2. Testing.
3.3. Testing Strategy.
3.4. Identification.
4. Training
4.1 On-hand training.
4.2 Formal training.
5.

of Page

Section 1: TOR Overview and scope of work

1.1 TOR overview and scope:

The main aim of this RFP is to design a secure overlay network that, leveraging various Internet connectivity
technologies available (Leased Line, ADSL, 3G & Metro Ethernet), will provide a private cost effective network
that will be used to run various applications and services.
The proposed network topology is a typical star centralized and managed from the Ministry of Local Development
(MLD) Data Center located in the MLD's HQ, where all the Remote Nodes (RN) will connect to using secure SSL
tunnels.
Since all the RNs will depend on the MLD Data Center (MLDC) to gain access to services hosted within the
MLDC network, it is very important that the following requirements are met:
- Availability
- Scalability
- Economical Operation
The Availability should at least imply that the services continuity as well as there are no single point of failures
which may impact the running of services or, at least, allow them to be recovered in a few minutes without human
intervention after a failure occurs.
The Scalability will allow increasing the number of RNs or the level of services offered with incremental
investments, without disturbing live network and minimizing initial investments.
The Economical operation will allow full remote management of all network devices and services, use of low-cost
and widely available Broadband services and low installation fees through implementation of automation.
The services initially offered are:
- Connectivity between RNs and MLDC over a high performance secure private network using flexible and
redundant connectivity options (ADSL, Leased Lines, 3G and Metro Ethernet).
- Secure access to Internet via local break out at Remote Nodes (RNs)
- Free IP telephony service between RNs and MLDC. Provide the possibility for central and remote
breakout to Public Switched Telephone Network (PSTN) via analogue, digital or SIP trunk lines
- Email and Domain services across the MLD.
- Local storage and processing power at RNs to be able to execute distributed Web applications, like
o Content Management s for Website & Intranet
o E-learning and E-teaching
o Collaboration (groupware, webinar, video conferencing)
o Network Access Control for wired and wireless network

Hosting of custom-built web applications

1.2 RFP General Rules:

- The attached specifications cover all the parts concerning the Design.
- All the items should be provided, installed, tested and operated for a Complete up and running system (turnkey solution).
- The proposed Hardware system must be scalable, flexible for any future expansion smoothly with cost effective without
any need for replacing the offered hardware equipments.

- All the technical specifications mentioned here in the RFP is the minimum requirements and must not less than these
specification, any more specification is a plus and will be evaluated.

- Bidder must provide, along with the submitted bid, a list of successful, similar local installations; Meaning:
- Equivalent or larger in size;
- A system installed that is roughly equivalent to Submitter's requirements.

- The Bidder must provide Bill of Materials in the technical proposal meet the same sequence presented in his financial
proposal identical to the sequence of the RFP.

- This RFP describes the requirements as well as the Bidder responsibilities.

- Failing in any of the above-mentioned items will consider the bidder disqualified.
of Page

The Bidder should provide in his response the following information:

- The itemized price for each item.
- Training courses, number of trainees, and training period.
- Responsibilities of the Bidder during the Guarantee Period.
- Maintenance and other services provided by the Bidder and cost for annual
Maintenance contract after the Guarantee Period.

1.3 Acronyms and abbreviation

The following table illustrates the organizational and technical acronyms used in the TOR
Term
ACL
AES
AN
ARP
ATM
Bps
BRI
CIR
CMP
CPE
DES
DHCP
DMS
DRDB
DSL
DSLAM
DTMF
EMES
EMS
ERD
FR
FTP
FW
HQ
HSSI
I&C
IPLR
IPLR
IPS
ISDN
Kbps
KVM
LAN
LCD
LPM
Mbps
MDC
MIS
MLD
MLS
MN
MPLS
MS OCS

Explanation
Access Control List
Advanced Encryption Standard
Access Node
Address Resolution Protocol
Asynchronous Transfer Mode
bits per second
Basic Rate Interface
Committed Information Rate
Configuration Management Plan
Customer-premises equipment
Data Encryption Standard
Dynamic Host Configuration Protocol
Document Management System
Drainage Database
Digital Subscriber Line
Digital Subscriber Line Access Multiplexer
Dual Tone Multi Frequency
Equipment Monitoring and Evaluation System
Environmental Media Services
Entity Relationship Diagram
Frame Relay
File Transfer Protocol
Firewall
Head Quarter
High Speed Serial Interface
Installation & Checkout Plan
Intelligent Packet Loss Recovery
IP Packet Loss Ratio
Intrusion prevention system
Integrated Services Digital Network
Kilo bits per second
Keyboard, Video or Visual Display Unit, Mouse
Local Area Network
Light Crystal Display
Lines Per Minute
Mega bits per second
MLD Data Center
Management Information System
Ministry of Local Development
Microwave Landing System
Master Node
Multi Protocol Label Switching
Microsoft Office Communications Server

of Page

Term
NAT
NOC
OAT
POP
PP
PPS
PRI
PSTN
PSTN
QA
QAP
OTDR
QoS
RAID
RAS
RDBMS
RFP
RN
Rpm
RSVP
SAN
SAT
SCCP
SCSI
SDD
SDDD
SIP
SLA
SNMP
SRR
ToS
URI
UTM
UTP
VoIP
VPN
WBS
WLAN

Explanation
Network Address Translator
network operations center
Operational Acceptance Test
point-of-presence
Project Detailed Plan
Packets Per Second
Primary Rate Interface
Public Switched Telephone Network
Public Switched Telephone Network
Quality Assurance
Quality Assurance Plan
Optical Time-Domain Reflect meter
Quality of Service
Redundant Array of Inexpensive Disks
Remote Access Server
Relational Data Base Management System
Request for Proposals
Remote Node(Branch)
revolution per minute
Resource Reservation Protocol
Storage Area Network
Site Acceptance Test
Skinny Client Control Protocol
Small Computer System Interface
System Design Documents
System Detailed Design Document
Session Initiation Protocol
Service Level Agreement
Simple Network Management Protocol
System Readiness Review
Type of Service
Uniform Resource Identification
Unified Threat Management
Unshielded twisted pair
Voice over IP
Virtual Private Network
Work Breakdown Structure
Wireless Local Area Network

of Page

Section2: Implementation and Operation

2.1 External Networks
2.1.1.Introduction
The MLD wide area network consists of 2 networks , the first network connect the 5
Cairo premises of MLD , the second network will connect the governorates to MLD .
The establishing of the first network is the concern of this RFP.
It so important to take in consideration that the design and installation of the network
should be scalability and extendibility.

NO
1

Name
Dokki Site.

Garden City Site.

General Secretariat of the local

administration Site
4

Dokki Site.

Kasr El Aini Site.

Sakkara Training center

ELharam data entry Center

of Page

Dokki Site, Garden City Site, General Secretariat of the local administration Site, Sakkara Training
center , ELharam data entry Center and Kasr El Aini site will be connected Together through MPLS
IP-VPN Connections.

The following table indicates the total bandwidth required in every branch
NO

Name

Internet
B.W/Mbps

MPLS IPVPN/Mbps

Dokki Site.

Garden City Site.

General Secretariat of the local administration Site.

Kasr El Aini site.

Sakkara Training center.

ELharam data entry Center.

Phase II: Governorates Remote Sites:

Phase II (second network) RFP will be launched after completing the Phase I (first network)
while considering the scalability and expendability of both phases
Starting from phase I, scalability in terms of capacity and resilience can be increased by
adding one more AN at MDC, as show in the picture below:

The Master Node (MN) holds all records related to RNs (security certificates, accounts,
passwords and other information) and will push them down to each AN, The MN failure
does not impact the ability of RNs to connect and access to the MLDC and related
services. However recovery of the MN will be required for non-routine tasks (like
adding a new RN).
.
Each leased line connection presented as Ethernet interface will terminate directly on
HQ Appliance where load-balancing and bandwidth aggregation will be provided.
The connection between the MN and the two ANs will use a VLAN segregated from the
VLAN used to route traffic between RNs connected to different ANs.
of Page

The two ANs will terminate the tunnels and provide to their connected RNs basic
services like AAA and internal DNS.
If one of the ANs goes down for maintenance or failure, all the RNs will reconnect to the
second active AN.
Each remote site is equipped with one RN. Depending on the Broadband connectivity
utilized at each remote site, the Appliance will be equipped with required Broadband
WAN support.
The connections of RNs to ANs will follow a load-balancing criteria and in normal
conditions (i.e. when both ANs are active), its expected that the number of nodes
connected to each AN will be about the same.

- Logical topology:
The logical connectivity for the data MPLS VPN will be any to any such that every site will
communicate directly with the HQ as well as any other site (if required) without the need to
communicate firstly with the HQ as shown in figure.
Any combination of logical connection could be done during the implementation phase.

The above diagram represents a generic functional layout of the network and the bidder has the full
freedom to propose alternative architecture that delivers similar functionalities.

of Page

2.1.2 leased lines General Specs:

1- The Bidder should explain how the offered bandwidth (both of the internet traffic as a dedicated bandwidth as well
as the IP VPN MPLS traffic) can be granted end-to-end from the MLD Router to the ISP international gateway
router and how he can perform necessary IP routing for connecting with Internet and MPLS IP-VPN and should
explain in details how complete separation of the Internet as well as MPLS IP-VPN traffic from the commercial
Internet traffic can be ensured to achieve the dedicated bandwidth condition.
2-

The Bidder should provide the solution to ensure the traffic needs and support all kinds of service (i.e. QoS for
voice and video and data communications between The HQ and all branches).

3- The Bidder should present all the legal documents and licenses that prove its capability of delivering this service.

4- The Bidder international gateway facility should be explained in details. This should include the following:
a-

How many routers, their technical specifications and redundancy

b- International links bandwidth, utilization and backup links.

4- The Bidder Point of Presence (POPs) from which the MLD internet traffic can be granted exchange should be
explained. This includes:
a- How many routers , their technical specifications and redundancy.
b- Uplinks Bandwidth, utilization and backup links.
c- DSLAMS types, utilization and uplinks speed

5- Any other Bidder Point of Presence used throughout the MLD internet traffic path to reach the Bidder international
gateways should be explained. This includes:
a-

How many routers, their technical specifications and redundancy.

b- Uplinks Bandwidth redundancy, utilization.

c-

DSLAMs types, utilization and uplinks speed

6- Site Survey is a must in order to achieve the availability and the integrity of the offered bandwidth.

7- If any Bidder POP throughout the offered solution will be upgraded to offer the needed service by the MLD, all the
guarantees should be submitted by the Bidder to ensure this upgrade. This includes links contracts, devices bills,

8- The Bidder should guarantee that the MLD offered bandwidth will not exceed 3 HOPs to reach the ISP international
links i.e. first HOP from the MLD site at the exchange that will provide the bandwidth or any other POP (according
to the Bidder offered solution), second HOP from the ISP POP to another intermediate POP and the 3rd and HOP to
the Bidder international links.

of Page

9- The offered bandwidth at the exchange that will provide the bandwidth should be distributed over separate local
loops any more added loops for redundancy is a plus. Also, distributing the bandwidth over the exchange that will
provide the bandwidth POP and any other POP for redundancy is a plus.

`
10- Real IPs for all serials should be provided in order to facilitate the monitoring procedures.
11- At least 1 class C subnets from the ISP IP Pool should be offered. Any more offered class C subnets are a plus.

12- The solution should be integrated i.e. no extra hardware or software should be requested to assure the connectivity
between sites and the internet.

2.1.3 Service Level Agreement (SLA) Proposal:

The SLA should contain:
1- Detailed description for the level of service provided as well as the technical support that the Bidder will provide to
MLD during the period of contract, indicating if a special treatment can be offered such as a dedicated number for
technical support, high priority in responding to problems or requests reactive and/or proactive.

2- Maximum network availability should be granted.

3- Minimum Network latency and Packet loss should be granted.

4- Minimum Response time in case of any link failure.

5- Minimum time to response to a fault reported to the ISP NOC or customer care.

6- Minimum time to resolve a fault reported to the ISP NOC or customer care.

7- Maximum notification period before any Maintenance procedure carried out by the Bidder that may cause any
degradation or outage for the normal operation of links

8- MLD must get a 24X7 service and will not accept any downtime on any of its links.

9- The SLA should cover the Bidder international links, internal network and the local loops ,CPEs and the routers
to the MLD sites i.e. all the MLD offered bandwidth path to the international links.

10- Each Bidder should explain how he identifies link failure and degradation of service.

11- Each ISP should explain penalties and deduction in monthly fees in case of link failure and/or degradation in
service. This should be categorized as down time /Day, cumulative down time/Day, cumulative downtime /Month,
degradation of service /Day, cumulative degradation of service /Day, cumulative degradation of service/ Month.
Also, all the penalties should be categorized as per link and per total number of links.

of Page

2.1.4 Monitoring and reporting:

1- The ISP should provide MLD with an online 24x7 access to monitoring tools (from the ISP side) to ensure
that the SLA is met. ISP should elaborate on the tools he employs for such purposes and how the MLD
Engineers can get access to them.
2- In addition to the online monitoring, ISP should submit to MLD monthly reports and graphs indicating
capacity, utilization and its monthly distribution.
3- In case of any type of link failure or degradation of service, a report should be submitted to MLD.

2.1.5 Installation and Operation:

1- The effective date for operating all links is ...........
2- All links should be installed and tested 2 weeks prior to the effective date of operation.
3- All the DSL unites, cables and CPEs from both sides, the Bidder side and the MLD side, should be
provided by the Bidder and should be a well known and tested brand by MLD. Also any local loop
installation or fees will be the responsibility of the Bidder.

Bidder should submit action plan for the installation procedures including milestones
and deliverable reports. The Bidder should explain in details in the action plan how he
can guarantee full operation of the new installed lines with the existing MLD lines from
the routing perspective and to ensure minimum or no down time during the transition
process to the new links.

of Page

2.2 Internal Networks

2.2.1 Passive Components
2.2.1.1 Nodes
This following table indicates the LAN Number of nodes

of Page

Minister's office in Dokki building and each one has an internal network which will be
connected through UTP Uplinks based on a star topology as shown in figure.

The server room in The Cabinet

of

the

Ministry

Dokki

which contains the main

switch will has 70 nodes distributed in all Rooms connected to the main switch.
-

Minister's office in Garden City will have 50 nodes distributed in all Rooms and will be
aggregated in one rack, which contains the edge switch and router connection to the main
switch.

General Secretariat of the local administration will have 68 nodes distributed in all Rooms
and will be aggregated in one rack , which contains the edge switch and router
connection to the main switch.

ELharam data entry Center will have 40 nodes distributed in all Rooms and will be aggregated
in one rack, which contains the edge switch and router connection to the main switch .

Sakkara Training center will have 40 nodes distributed in all Rooms and will be aggregated
in one rack, which contains the edge switch and router connection to the main switch.

Organization for Reconstruction and Development of the Egyptian Village will have 90 nodes
distributed in all Rooms and will be aggregated in one rack, which contains the edge switch.

of Page

The proposed network should support Virtual LANs (VLANs) to allow grouping of users in any logical
combination, not restricted by their physical locations or sub-networks. All
routing between VLANs should be achieved internally through the Layer 3 core switch.
The bidder should conduct a requirement study after the award of the tender to clarify
and confirm user requirements prior to the actual design and development of the system.
The bidder should provide, install and configure all equipment including switches, racks and any other
necessary accessories.
The bidder should mount the proposed switches on to new racks to be supplied by bidder in this works
, complete with proper cable management and power distribution units.
Bidder should highlight any constraint with the proposed solution especially pertaining
scalability.
Bidder should propose upgrade path as the network requirement increases.
The bidder should be responsible for patching all the network cables from the switches and
all other network equipment to the proposed core and edge switches.
of Page

to

The bidder should ensure that The MLD network has healthy operations after the patching exercise.
The bidder should label all new equipment and cables (both data and power) according to The MLD
standards of labelling.

2.2.1.2 Horizontal Cabling system

INSIDE CABLING
General
The general guideline for installing inside wiring for all buildings MLD should
require the bidder to provide all labor and materials for installation of the interior infrastructure.
The bidder will install the interior infrastructure in accordance with the Standard Cabling System.

Routes
The bidder should agree the routes to be taken by trucking in particular the main containment
systems, in consultation with representatives of MLD.
MLD recommends the location of concentrationpoints to be used in the installation.
MLD will also identify any exceptions to the rules governing the number of workplaces outlets t
o be installed in each area of the installation.
Concentration points
Each installation will involve establishing or expanding one or more network
concentration point.
Each concentration point will consist of one rack or multiple racks, Contains up
to around 50 premises cable terminations per rack, one or more data uplinks,
active data equipment units, and ancillary equipment such as power supply
protection and cable management units
The bidder will be responsible for the movement & replacement of all furniture and other items
required , in negotiation with the MLD.
The bidder is obliged to ensure that no premises cable has a length of more than 90m from con
centration point to workplace outlet. Where a choice of concentration point location presents a
significant risk that this 90m limit will be exceeded, the bidder must obtain approval from
MLD prior to the beginning of the installation.
Upon completion of the initial cabling Any damages in the buildings by the bidder Should be
fixed by the bidder and an his own, all holes and methods of entry should befilled with
a suitable firebreak material.
It is preferred that a material is used which can be easily removed and reused when required.
Where access holes are drilled into workplace areas from major trunking areas, the size of the
holes made should be sufficient for an additional 20% cables to be installed at a later date.
The bidder will need to ratify the planned layout before installation workbegins.
Location of outlets and Quantity
The location of outlets in office space should be chosen to achieve maximum distribution of do
uble outlets around the usable space, for the convenience of the office users.
Where cables in offices are not contained in multi-compartment trunking, the location of outlet
of Page

s should be chosen so as to minimize the number of holesdrilled in the office fabric.

By default, outlets in office space are to be located wherever it is reasonable to
place equipment that has a data requirement.

2.2.1.3 UTP Cables

All horizontal cabling system must be UTP Cat 6 with the following specification:

UTP 4 pairs cabling with Cat6 performance at 4 connectors channel.

Support Class B applications.
TIA/EIA Specifications.

All internal building Network Operations Infrastructure should adhere to ANSI/EIA/TIA

568B (Commercial Building Telecommunications Cabling Standards) and ANSI/EIA/TIA
569 (Commercial Building Standard for Telecommunications) Pathways and Spaces.
The cable must be installed so that mechanical strain does not reach the jack. Only one colour scheme should
be used throughout the project.
UTP Patch Panel QTY (20)

UTP RJ45 connectors with Cat6 performance at 4 connectors channel.

24 ports per single rack unit 19".

Support TIA/EIA Class B applications.

Include labelling paper frame.

One Horizontal organizer should be provided for each Patch Panel.

Complete ties and strips package should be provided for the cable management.

UTP Network patch cord QTY (400)

UTP RJ45 Patch cord with cat 6 performance at 4 connector's channel.

Support TIA/EIA class B applications.
Strained copper pre assembled.
1M length.

UTP User patch cord QTY (400)

UTP RJ45 Patch cord with cat 6 performance at 4 connector's channel.

Support TIA/EIA class B applications.
Strained copper pre assembled.
3M Length.

External UTP Face Plates QTY (400)

UTP RJ45 connector with cat 6 performance at 4 connector's channel.

External wall mount support box.

Support TIA/EIA Class B application.

of Page

Single Gang type.

Number to cover all active and stand by ports.

2.2.1.4

Racking System

All hardware must provide vertical and horizontal cable organizers for cross connects wire and
should be wall mounted Where the bidder has a choice of equally acceptable
concentration points, the bidder is expected to choose those which offer to MLD the highest
performance , lowest over all installation, and maintenance costs and suitable
for all active components installation. MLD must approve such choices.

HQ Rack 42U (Qty: 2)

Rack 19U (Qty: 9)
All Racks must be grounded to the isolated ground bar.
All Racks must have one shelf and glass door with lock.
All Racks must have Proper ventilation fans.
All Racks must have a 19" power strip with 8 outlets at least.

RACK (TBD) (Qty: 1)

RACK - TBD (To Accommodate All Servers)
It's Must to be the same brand as the servers
Minimum two separate Power Distribution Unit with (Main & Female Power Connector)
Power Cables Servers & PDU
KVM Switch Input Ports (At least 8 Port)
Output Port
All Needed Cables & Accessories
Accessories

Integrated Rack able monitors TFT At least 17", Keyboard, Mouse

Preferable Fan Unit for proper ventilation

Preferable Stability Kit
Blanking Kit
Grounding kit (If Needed)

of Page

2.2.2 Active Components

2.2.2.1 Core Routers: Qty (2)
1.

Architecture

2.

Configuration

3.

Support Interface Backup, Link Backup and Route Backup

Dial-on-Demand Routing for Dial Backup
Hot Standby Router Protocol/Virtual Router Redundancy Protocol (HSRP/VRRP)
Should Support Redundant power supply

Security Features

7.

Supports PQ, CQ, WFQ, CAR, GTS, WRED.

Support resource reservation protocol (RSVP)
Destination-based load sharing among equal and none equal cost paths
Supports 802.1 p and L2 CoS
Auto configuration of QoS

Redundancy

6.

Routing via Static Routing, RIP-v1, RIP-v2, OSPF, & BGP-4

Supports TCP, UDP
Supports Telnet, SNMP, FTP, TFTP, Trace Route
IP Multicast: PIM (sparse and dense mode) and DVMRP

Quality of Services

5.

One E3 Port
2-ports 10/100/1000Base-TX Gigabit Ethernet LAN interfaces
At least 4 Interface card slots with free slots to accommodate future upgrades
Supports up to four network modules
1 slot for VPN Acceleration Modules
2 slot for Voice Processing Modules
Console cable, power cables and operating manuals

Protocols Support

4.

Supports high-quality simultaneous services at wire speed up to multiple T3/E3

Performance up to 500 Kpps
Supports wide variety of field upgradeable LAN, WAN & service modules
Supports common feature and command set structure and interface modules with other Routers
with software upgradeable feature sets
Supports ADSL and G.SHDSL interfaces for backup

Should Support either hardware or software based security features

Access Control Lists L3/L4
Supports Dial-In User Service (RADIUS), Kerberos V, and TACACS+ with authentication,
authorization, and accounting (AAA), PAP & CHAP.
Embedded hardware-based VPN encryption acceleration
Supports VPN using L2TP, GRE and IPSec (DES, 3DES, AES 128, AES 192, and AES 256) site-tosite and remote access
Supports Dynamic Multipoint VPN
Software Firewall, intrusion prevention, IPSec VPN, advanced application inspection and control,
SSH v2.0, and SNMPv3

Management

Command Line Interface (CLI)

Network Management Application (SNMP, RMON)

of Page

Embedded web-based device-management tool for WAN access and security features
supports Telnet, TFTP, NTP and SNTP

2.2.2.2 Core Switch: Qty (2)

Core Switch should be equipped with 24 RJ-45 10/100/1000 Port, and four SFP ports.

The switch should support at least the following protocols :

IEEE 802.3z 1000Base -SX/LX/TX

IEEE 802.1P
IEEE 802.1Q
IEEE 802.1D
IEEE 802.3af

Switch should support full duplex operation on all ports with minimum of 32 Gbps
Switching fabric
Forwarding rate based on 64-byte packets :38 Mpps
Should Support Stacking
The switch should support per VLAN Rapid Spanning Tree.
Should support Inter-VLAN IP routing for full Layer 3 routing between VLANs.
The switch should be managed via SNMP protocol (preferably web -based Management
and configuration interface)
Per-port broadcast , multicast , and unicast storm control to prevent faulty end station
from degrading overall systems performance
The Switch should support four egress queues per port to enable differentiated
management of up to four traffic types across the stack.
Power supply requirements; 220VAC, 50Hz
All Manuals, Original CD's console cable, power cable, any other needed accessories
and software should be included.

2.2.2.3 Access Switch: Qty (20)

Edge Switches with 24 Ethernet 10/100 ports and two dual Purpose port (10/100/1000 or SFP)
8 PoE Ports
1 RU fixed-configuration
LAN Lite image installed

The switch should support at least the following protocols :

IEEE 802.3z 1000Base -SX/LX/TX

IEEE 802.1P
IEEE 802.1Q
IEEE 802.1D
IEEE 802.3af

Switch should support full duplex operation on all ports with minimum of 16 Gbps Switching
fabric
Forwarding rate based on 64-byte packets :6.5Mpps
The switch should support per VLAN Rapid Spanning Tree
Should support Inter-VLAN IP routing for full Layer 3 routing between VLANs.
The switch should be managed via SNMP protocol (preferably web -based Management and
configuration interface)

of Page

Per-port broadcast , multicast , and unicast storm control to prevent faulty end station from
degrading overall systems performance
The Switch should support four egress queues per port to enable differentiated management of
up to four traffic types across the stack.
Power supply requirements; 220VAC, 50Hz
All Manuals, Original CD's console cable, power cable, any other needed accessories and
software should be included.

2.2.2.4 Branches WAN routers: Qty (5)

Performance that supports bidirectional high-quality simultaneous services throughput

of 120 KPPS
Should have at least 3 empty slots
Should support one slot for any Network modules
Should be equipped with 2 Serial ports
The ability to aggregate the connected WAN lines through multi-link PPP
All software licenses should be included
All needed cables should be included
AC power supply 200 to 240 VAC (autoranging) 50 Hz
2-ports 10/100 Base-TX Ethernet LAN interfaces
Console cable, power cables and operating manuals
WAN protocols and media: Leased Lines, Frame Relay, MPLS
Routing via Static Routing, RIP-v1, RIP-v2, OSPF, & BGP-4
Supports TCP, UDP
Supports Telnet, SNMP, FTP
IP Multicast: PIM and DVMRP
Supports for multiple routing tables
Support resource reservation protocol (RSVP)
Auto configuration of QoS
Virtual Router Redundancy Protocol (VRRP)
Support External Redundant Power Supply
Web-based device-management
Network Management Application (SNMP, RMON)
Command Line Interface (CLI)
Supports VPN using SSL, L2TP, GRE and IPSec (DES, 3DES, AES 128, AES 192, and AES
256) site-to-site and remote access
Software Firewall, intrusion prevention, IPSec VPN, advanced application inspection and
control, SSH v2.0, and SNMPv3 should be supported

of Page

2.3 Security Solution

2.3.1 1st stage irewall: Qty (2)
Features

Provide proactive threat defense to stop attacks before they spread through the network
Control network activity and application traffic
Multifunction appliance including:
Full-featured, high-performance firewall
Should be equipped with IPS

Performance

Firewall Throughput at least: 300 Gbps

IPS throughput at least: 140 Mbps
Concurrent Sessions: 120000
New connections per second: 8500
Users/Nodes Unlimited
VPN Throughput: Up to 170 Mbps
SSL VPN sessions: 250

Interfaces

2-port Gigabit Ethernet

3-port Fast Ethernet
100 Virtual Interfaces (VLANs)
High Availability
Active/Active and Active/Standby configurations supported (Active/Active proposed)

2.3.2 2nd stage firewall: Qty (2)

The firewall should be support the following minimum requirements:

It should be a different vendor from the first stage

The firewall should be ASIC based.
The Firewall should support at least 10 integrated 10/100/1000 Ethernet ports.
Supports expansion module for future increase in number of interfaces
Support Firewall performance of at least 8 Gbps Throughput.
Support IPSec VPN throughput of at least 6 Gbps.
A minimum of 600 000 concurrent sessions
Minimum of 20 000 new sessions/sec
Should Support IPS, Antivirus on the same appliance
Should Support long term logs
Should support logging, analysis, and reporting
In case of adding Antivirus it should be ASIC based
All manuals, console cable, power cables, any other needed accessories and software should be
included.

2.3.3 Interconnection Switches:

Configurations

8 ports 10/100
1 T/SFP-based Gigabit Ethernet port
Management console port

of Page

Availability and Scalability

IEEE 802.1d Spanning Tree Protocol

IEEE 802.1w Rapid Spanning Tree Protocol (RSTP)
IEEE 802.1s Multiple Spanning Tree Protocol (MSTP)
Switch port auto recovery
Per-port broadcast, multicast, and unicast storm control
VLAN Trucking Protocol (VTP) pruning
IGMPv3 Snooping for IPv4 and IPv6 MLD v1 and v2 Snooping
IGMP filtering

Security

IEEE 802.1x port-based security

IEEE 802.1x with VLAN assignment
IEEE 802.1x with voice VLAN
IEEE 802.1x with ACL assignment
Port-based ACLs
Unicast MAC filtering
Unknown unicast and multicast port blocking
SSHv2, and SNMPv3
Bidirectional data support on the Switched Port Analyzer (SPAN) port
MAC Address notification.
DHCP snooping
MAC Address aging feature
Multilevel authorization on console access and Web-based Management
User-selectable address-learning mode
IGMP filtering.
Dynamic VLAN assignment
RADIUS authentication in addition to support for Local Database

Manageability

CLI support
Embedded Web browser for initial switch configuration
Support extensive management using SNMP network-management platforms
SNMP v1, v2c, and v3 and Telnet interface support
VLAN trunks based on 802.1Q tagging
At least 255 VLANs per switch
At least 128 spanning-tree instances per switch
Group Management Protocol server functions
IGMPv3 snooping
TFTP Software Upgrade
Auto-sensing, Auto-negotiation and Auto-MDIX on all 10/100/1000 port
Dynamic Trucking Protocol (DTP)
Link Aggregation Control Protocol (LACP) that conforms to IEEE 802.3ad.

Performance

16 Gbps switch fabric

Forwarding rate based on 64-byte packets up to 2.7 Mpps
At least 6,000 MAC addresses

Standards

IEEE 802.1s, IEEE 802.1w, IEEE 802.1x, IEEE 802.3ad, IEEE 802.1D, IEEE 802.1p, IEEE 802.1Q
IEEE 802.3x full duplex on 10BASE-T, 100BASE-TX, and 1000BASE-T ports
RMON I and II standards
SNMPv1, SNMPv2c, and SNMPv3

of Page

2.3.4 Host Based IPS:

Bidder should propose Host IPS for application servers & desktops.
Proposed solution should be easy to deploy, easy to configure, and easy to manage via a single
console.
The ability to aggregate and extend multiple endpoint security functions-the Security Agent
provides host intrusion prevention, distributed firewall, malicious mobile code protection,
operating system integrity assurance, and audit log consolidation, all within a single agent
Preventive protection against entire classes of attacks, including port scans, buffer overflows,
Trojan horses, malformed packets, malicious HTML requests, and e-mail worms
Should Support data loss prevention (DLP) feature
Zero update" prevention for known and unknown attacks
Industry-leading protection for servers and desktops, Unix and Windows
Application-specific protection for web servers and databases
An open and extensible architecture with the ability to define and enforce security according to
corporate policy
An enterprise scalable architecture-the Security Agent is scalable to 100,000 agents per manager
Future support of Integrated solution architecture with Network Admission or Access Control
(NAC)

2.3.5 Web Security appliance with embedded URL ilter for 200 users:

Support user authentication based on: LDAP, NTLM (single sign on) and active directory ( single
sign on ), radius, X509 certificate , built in username/group database, RSA Secur ID ( OTP), web
identity management systems, substitution realm, guest authentication, permit specific
authentication errors.
Supports at least HTTP, HTTPS, FTP, DNS, P2P, Telnet, IM, TCP-Tunnel, Windows Media, Quick
Time, Filtering Capabilities, P2P control proxy services.
Support operation in Proxy, transparent (cookies and IP), Bridging, WCCP modes.
Should support the hardware-based SSL termination (may be added in future)
Should be fail open if any hardware failure happen in the box for internet services continuity
Support multiple filtering policies based on: user based policies (user, group), location based
policies (IP, network) Service based policy (Protocol, Destination port), flexible destination based
policies (Domain, URL, Wild card URL, HTTP method), time of day.
Support controlling bandwidth management based on : client address, Content-type, Time,
Protocol via deploying multiple bandwidth classes (Minimum guaranteed bandwidth, Maximum
Bandwidth, and priority)
Support HTTP compression, Bandwidth optimization and protocol optimization
Managed via HTTP and HTTPS, CLI, Telnet, SSHv2 and support auto logout enforcement.
User-friendly GUI interface administration tool to create and maintain policies, view statistics,
Upgrade appliance OS.
Support Object caching, and Byte caching
Pre-defined policies
Content policy language to create custom text-based policies
Support configuration backup on a centralized FTP server and restore via HTTP, FTP and TFTP.
Support event tracking and notification alerts via e-mail, SNMP, Event log, and combined tracking
and notification
Send a SNMP trap and email notification incase of DOS attack events with date, time and level of
severity (Severe, Resource errors, Informational, Verbose).
Support user authentication to view specific reports for delegated management.
Enables administrators to generate reports that:
o Identify possible security holes
o Track potentially dangerous user activity
o Report on blocked traffic by category and URL
o Conserve network bandwidth resources by identifying abuse patterns
o Report on web usage by user, group location, URL, and other factors
o Real time reporting tool
o Historical reporting tools with the ability to customize and schedule reports for distribution by email.
Supports ICAP protocol, the bidder should mentions any other protocols supported

of Page

Equipped with at least 2x320GB SATA disk space and 2GB of RAM.
Should equipped with at least 2 10/100/1000 network interfaces

2.3.6 Web Anti-Virus Gateway for 200 users:

Should be fully integrated with above security appliance, highly recommended be from same
vendor, if possible
Providing protection against:
o Infected Web Email
o Spyware & SPAM Trojans
o Internet Worms
o Malicious HTTP & FTP Content
Scan HTTPS traffic to remove viruses from encrypted browser session downloads
Automated Virus updates
Definable update time frequency settings.
Must support the ability to:
o set timeout duration
o drop file if errors in scanning occur
o define trusted sites
o Heuristics fingerprint recurring files as infected or clean for non-cacheable content
o allow/deny lists with extensions along with file size and content type restrictions
o Customized alerts can notify administrators when a virus is found, AV updates are successful,
AV updates fail, subscriptions expire, files are dropped, or files pass without scanning.
o "Log files can be customized using standard logging formats and sent off-box via TCP or UDP
for processing"
o New firmware updates and release notes are sent to the appliance for administrator approval
and installation.
Should equipped with at least 2 10/100/1000 network interfaces
At least 70GB SCSI hard disk, with minimum 2GB RAM

2.3.7 Network Admission:

Recognizes users, their devices, and their role in the network. Occurs at the point of
authentication, before malicious code can cause damage.
Evaluates whether machines are compliant with security policies. Security policies can vary by
user type, device type, or operating system.
Enforces security policies by blocking, isolating, and repairing noncompliant machines. Machines
are redirected into a quarantine area, where remediation occurs at the discretion of the
administrator.
Can apply posture assessment and remediation services to LAN-based user devices, wireless
users, and remote users connecting through VPN concentrators or dial-up servers.
Deployed in out-of-band. Deployment of the solution is in-band only during the process of
authentication, posture assessment, and remediation. Once a user's device has successfully
logged on, its traffic bypasses the appliances and traverses the switch port directly.
Manager provides port- or role-level control by assigning ports to specific VLANs, assigning
users to specific roles that map to specific VLANs, and providing a time-based session timeout
per role.
Enforced security policies by making compliance a condition of access
Minimized vulnerabilities on user machines through periodic evaluation and remediation
Significant cost savings by automating the process of repairing and updating user machines
Supports single sign-on for remote access users using certain IPSEC VPN and WebVPN clients
Configured to offer checks for from known Security Vendors Computer Associates International,
Inc. F-Secure Corporation McAfee, Inc. Microsoft Symantec Trend Micro Zone Labs

Authentication Integration with Single-Sign-On for VPN Users:

of Page

Serves as an authentication proxy for most forms of authentication,

Natively integrating with Kerberos, Lightweight Directory Access Protocol (LDAP), RADIUS,
Active Directory, S/Ident, and others.
Supports Roles-based access control, enabling administrators to maintain multiple user profiles
with varying degrees of access.

Vulnerability Assessment:
Support scanning of all Windows-based operating systems, Mac OS, and Linux machines.
Conducts network-based scans or can use custom-built scans as required.
Device Quarantine
Can place non compliant machines into quarantine to prevent the spread of infection while
maintaining access to remediation resources.
Quarantine can be accomplished by using small subnets, or by using quarantine VLAN
Security Policy Updating
Automatic security policy updates
Provides predefined policies for the most common network access criteria, including policies that
check for critical operating system updates and common antivirus software virus definition
updates.
Management
The Web-based centralized management console allows administrators to define the types of
scans required for each role and the related remediation packages necessary for recovery.
One management console can manage several servers.
Remediation and Repair
Quarantining gives devices access to remediation servers that can provide operating system
patches and updates, virus definition files, or endpoint security solutions
Administrators have the option of guiding and overseeing these fixes using the Appliance
enforcement agent.
Discretionary Certified Devices List
Supports creation of The Certified Devices List to simplify access for devices known to be clean
through other means.
If the Certified Devices List is empty, all machines are subject to scanning each time they enter
the network.
The Certified Devices List can be cleared either on scheduled bases or with one click during times
of high virus and worm activity.
Adapt to the flow of malicious code incidents by adjusting the scans required, the roles subject to
scans, the use of the Certified Devices List, and the types of remediation required. They can also
limit bandwidth and protocols used based on user roles.

2.3.8 Security Management System:

General Features

Uses policy-based management techniques.

Provides client graphical user interface
Provides multiple views into the application to accommodate different tasks and user experience
levels.
Provides interactive tutorial helps users quickly come up to speed on features and concepts.
Allows security policies to be configured per device, per device group, or globally.

Scalable Network Management

Able to scale to efficiently manage large number of security devices.

Supports policy-based management techniques, defining settings once and the settings to
individual devices, or groups of devices.
Provides flexible device-level overrides which allows taking advantage of policy re-use and
sharing, but still has the ability to customize device-specific settings as necessary.

VPN Provisioning

Configuration of site-to-site, hub-and-spoke, full-mesh and extranets VPNs.

of Page

Supports Dynamic Multipoint VPN and generic routing encapsulation (GRE) IP Security (IPSec),
both with dynamic IP and hierarchical certificates.
VPN and Easy VPN services can be configured remotely
Configurations for automatic failover and load-balancing for head-ends are supported.

Firewall Provisioning

Enables administrators to configure policies for Firewall appliances, modules and Software-based
The software provides a single rule table for all platforms.
Reports firewall rules that overlap or conflict with other rules.
Group objects of a similar type so that a single access rule can apply to all objects in the group.
The software helps identify and delete rules that have no effect on the network.
The access control list (ACL) hit count feature checks to ensure traffic is flowing correctly.
Displays which rules match a specific source, destination, and service flow, including wildcards.
Device information can be imported from a device repository, imported from a configuration file,
or added in the software. Additionally, firewall policies can be discovered from the device itself.
Allows a user to apply a rule policy on groups of interfaces in a scalable manner.

IPS Provisioning

Enables administrators to configure policies for IPS appliances, modules and Software-based
Single-Interface, Multi-VLAN IPS Configuration- with inline support,
Gives the user the ability to assign VLAN pairs to a single interface.
Rate Limiting Configuration
Auto-Apply Signature Update IPS sensors with signature updates, minor releases, and patches.
Able to copy signature tunings from one device to many devices.
Global Event Configurations to all IPS sensors.
Detects out-of-band configuration changes made to devices by other management components.

Management Services

Manage Integrated Security Services

Enables the management of integrated security services, including quality of service (QoS) for
VPN, routing, and Network Admission Control (NAC).

Device Grouping
Users can create and define device groups based on business function or location to. Devices
in a group can be managed as a single device.

Multiple Application Views

Provides multiple views into the application to support different use cases and experience
levels. Device view for single device management, Map View for visualizing the topologies,
and Policy View for performing highly-efficient and scalable multi-device management.

Policy Object Manager

Objects can be defined once and used any number of times to avoid manually entering values.

Deployment Manager-Flexible Deployment Options

Supports both on-demand and scheduled deployments to a device or to files.

Rollback
Provides the ability to roll back to a previous configuration

Role Based Access Control

Define Access rights for multiple administrators, with appropriate controls.

Workflow
Allows assigning specific tasks to each administrator during the deployment of a policy, with
formal change control and tracking.

Distributed Deployment and Update

Simplifies updates to large numbers of remote firewalls, which may have dynamic addresses
or NAT addresses.

Operational Management
Software distribution,
Device inventory reporting

of Page

Health and Performance Monitoring

Provides health and performance monitoring data for network devices and specific security
services.

2.3.8.1 Security Management server: Qty (1)

Product feature : Brand Name

Processor: Intel Xeon 5500 series
Number of processors: 1
Chipset: Intel 5520 Chipset
Graphics: Integrated graphics
Memory Type: DDR3 Registered (RDIMM) or Un buffered (UDIMM)
Memory size: NOT LESS 4 GB
Hard disk: 3.5 inch SAS (10K rpm): I TB SATA (1 x 500GB) SAS
Optical drive: DVD RW SATA Drive
Network Controller: 1GbE NC362i 2 Ports Gigabit
Form Factor (fully configured): RAKE MOUNTED
Accessories: Keyboard USB , Mouse USB
Ports: BCM 5709 GbE Duel Port -TOE IPV6 and BCM 5709 GbE Duel Port -TOE IPV6
ISCSI Boot, with iSCSI Offload
Option Tape Drives: Power Vault 100T, DAT72 Tape Backup device

2.3.9 UTM for Branches:

It should support the following minimum requirements:

The firewall should be ASIC based.

The Firewall should support at least two integrated 10/100/1000 & eight 10/100 Ethernet ports.
Supports expansion module for future increase in number of interfaces
Support Firewall performance of at least 500 Mbps Throughput.
Support IPSec VPN throughput of at least 100 Mbps.
A minimum of 350 000 concurrent sessions
Minimum of 10 000 new sessions/sec
Should Support IPS, Antivirus on the same appliance
Should Support long term logs
Should support logging, analysis, and reporting
In case of adding Antivirus it should be ASIC based
All manuals, console cable, power cables, any other needed accessories and software should be
included.

2.4 Network Management System:

We are looking in this section for the following management disciplines to cover the following:
1. Network Service Management for MTCs Environment.
2. Performance Management for MTCs Environment.
3. Automated Network Configuration Environment.

of Page

The network management tool should provide:

1. Same look and feel for the tools provided.
2. Role based definition and delegation of administrators for certain regions or tasks.
3. Secure communication between the network nodes and the managing servers using SNMP v3 (In
addition to SNMP v1 and v2).
We are looking for the following service level for the implementation for the proposed EMS:
1. Architecture Design
2. Implementation for the proposed EMS
3. Hands on Training during the implementation for the proposed EMS.
4. Local reference list with necessary contacts.

2.4.1 General Requirements

Centralized console for all network monitoring.

Supports Automated actions on all managed network.
GUI Console for Administration, Configuration Set-up and Reporting
Ability to expand EMS solution to include Advanced Reporting, Capacity Planning and Trend
Analysis for later phases.

2.4.2 Network Fault and Performance Management

Single management software is concerned with all network management.

Controlled Auto-discovery (segment filters, time intervals, etc).
Automated scheduled rediscovery.
Automatic Topology Mapping.
Real time color-coded presentation of devices and links status.
User defined map views.
Scheduled Outages.
Customizable events forwarding and action-on an event through GUI interface on
service management platform.
User defined thresholds.
Provides predefined/User defined corrective action on event failure.
Configurable network discovery from the primary service management platform.
Distributed collector architecture to minimize network traffic.
Customizable network maps centrally on primary service management platform.
Supports unnumbered serial interfaces
Configurable SNMP polling process from primary management platform
Provides an enhanced web user interface with dynamic views
Launches targeted views from events for rapid problem resolution
Supports discovery of VLAN architecture
Manages switched layer 2 environments as well as routed layer 3 environments
Root cause problem analysis
Monitor router CPU and memory utilization performance
Report on over and underutilized links
It should support fault management functions that facilitate the detection, Isolation,
filtering & identification of abnormal operation of any managed Component.
It should be integrated to proposed Enterprise Management System.
Showing real-time faults and conducts sophisticated performance analysis and
reporting on historical data and trends for routers and switches (Should support the
Frame Relay MIB as well).
Comprehensive reports for managing the performance (including Frame Relay
devices).
Generating usage patterns reports, trends, error rates and capacity of individual
network interfaces.
Supports the most popular Frame Relay devices via the RFC 1315 management MIB.

of Page

2.4.3 Network Con iguration and Automation

An enterprise class solution that tracks and regulates configuration and software changes across
routers, switches, firewalls, load balancers, and wireless access points.
Provides visibility into network changes, enabling MLDs IT staff to identify and correct trends
that could lead to problems, while mitigating compliance issues, security hazards, and disaster
recovery risks.
Captures full audit trail information about each device change.
Automation of the complete operational lifecycle of network devices from provisioning to policybased change management, compliance, and security administration
Introducing the process-powered automation.
Bringing networks into compliance with corporate or regulatory standards is a non-trivial, laborintensive, and ultimately difficult task
Will help MLD in meeting compliance standards through a network compliance model that maps
device information, including configurations and run-time diagnostics, as well as policies and
user roles, into a normalized structure to prevent compliance violations before they occur.
Providing MLD powerful capabilities for managing compliance with government regulations and
industry standards for IT processes and best practices.
Will help to determine the compliance status of MLDs network resources.
Detailing the current compliance status of MLD network infrastructure with respect to the
government regulations and industry standards.
Generate detailed Visio diagrams MLD network automatically, greatly improving network
troubleshooting.
Providing valuable insight for troubleshooting and understanding layer 2 and layer 3
relationships.
The combination of layer 2 and 3 diagramming provides MLD with insight that cannot be matched
with one view.
Allow MLD to Automate large scale tasks and changes through template-based provisioning,
Automate software upgrades with image analysis & upgrade recommendation, Define who can
make which changes and when, and allow MLD to Update images and feature sets quickly,
reliably, and easily.
Reduce costs by automating time-consuming manual compliance checks and configuration tasks.
Pass audit and compliance requirements easily with proactive policy enforcement and out-of-thebox audit and compliance reports (ITIL, CISP, HIPAA, SOX, GLBA and others).
Improve network security by recognizing and fixing security vulnerabilities before they affect the
network, using an integrated security alert service.
Increase network stability and uptime by preventing the inconsistencies and mis configurations
that are at the root of most problems.
Use process-powered automation to deliver application integrations, which deliver full IT lifecycle
workflow automation, without scripting.
Support SNMPv3 and IPv6, including dual-stack IPv4 and IPv6 support. HP Network Automation
supports both of these technologies to provide flexibility in your protocol strategy and
implementation.
Use automated software image management to deploy wide-scale image updates quickly with
audit and roll-back capabilities.

2.4.4 Network Management server: Qty (1)

Product feature : Brand Name

Processor: Intel Xeon 5500 series
Number of processors: 1
Chipset: Intel 5520 Chipset
Graphics: Integrated graphics
Memory Type: DDR3 Registered (RDIMM) or Un buffered (UDIMM)
Memory size: NOT LESS 4 GB
Hard disk: 3.5 inch SAS (10K rpm): I TB SATA (1 x 500GB) SAS
Optical drive: DVD RW SATA Drive

of Page

Network Controller: 1GbE NC362i 2 Ports Gigabit

Form Factor (fully configured): RAKE MOUNTED
Accessories: Keyboard USB , Mouse USB
Ports: BCM 5709 GbE Duel Port -TOE IPV6 and BCM 5709 GbE Duel Port -TOE IPV6
ISCSI Boot, with iSCSI Offload
Option Tape Drives: Power Vault 100T, DAT72 Tape Backup device

2.5 Audio/Video Communication, Call Processing System

Call Processing system extends MLD telephony features and capabilities to packet telephony network
devices such as IP phones, media processing devices, voice over IP (VoIP) gateways, and multimedia
applications. Additional data, voice, and video services such as Voice messaging, multimedia
conferencing and interactive multimedia response systems interact with the IP telephony solution
through the call processing software open telephony application programming interfaces. With technical
Specifications are as follow:

Fully IP Call Handling System in Software & Hardware

The system should support at least 500 IP phones and fully redundant.
The Call Processor Server controls all the internal / external phone calls. The bidder
should provide two CPSs to be installed at the main site. The two CPSs should work in
an active / standby manner, so if one CPS fails, the phone sets should automatically
register at the redundant CPS. Bidder should explain in details.
The CPS's should be pure IP based system
Each CPS should have 10/100/1000 Mbps uplinks to be connected to the Backbone
switch
The bidder should explain in detail the hardware (CPU, memory, hard disk, etc) and
software (operating system) architecture of the proposed CPS. The bidder should
highlight the reliability / availability features supported by his system.
The proposed CPS should allow for the following basic features as minimum. The bidder
should clarify if any of the following features are not supported by the proposed system.
The bidder may also highlight other features that are not listed hereunder.
Call Hold: Both calling and called party can place a call on hold.
Music on Hold: The system has an integrated recorder to run music (or general
announcements) during call hold.
Call Pickup: A user can answer neighboring calls in his group by pressing the pickup
feature key.
Call Forward: Forwards internal and external calls to any telephone extension..
Call Park: A user can park a call for a certain period at a specific directory number so
he/she or any other user can retrieve it.
Call Back: Auto ring onto an extension that doesnt answer.
Caller ID: Display internal and external call numbers on the phone display. Also, caller
name information can be managed via LDAP server.

of Page

Do Not Disturb: Extensions set to DND should not be interrupted by any calls except for
emergencies.
Call Announcement: Visual and/or audible alert when a busy station receives another
call.
Single Button Barge end users can press a single line key to join a call in progress. If the
line has multiple calls connected, then the authorized users can view the calls
simultaneously on the phone screen and determine which one to enter.
Conference Calls: At least 3 parties (internal and/or external) can get into a conference.
The system should also allow for the conference chairperson to drop off certain
members.
Call by Name: Extensions can be replaced by names.
Call Coverage: A call ringing at one extension can ring on a group of covering
extensions, and can be answered by any extension.
Call Privacy: Prevents any user from accidentally or deliberately bridging onto a live
call.
Authorization Code: Allows authorized users to override access restrictions assigned to
any station.
Hunt Groups: Groups of extensions can be established to answer multiple /
simultaneous calls placed to a certain DID number.
Trunk Groups: The system should support trunk groups
Automatic Line Selection: Incoming / outgoing calls should automatically select the
proper line to go through.
Multiple Lines assignment: Multiple extensions and/or CO lines can be assigned to the
same station.
Join across Lines users can join calls across different lines that appear on their phone.
The feature enables the executive staff and other users to swiftly connect different
parties into a conversation.
Directory dial from phone, Corporate and personal: The user can search for his/her
contacts through the phone's screen & can dial the number directly
Directories: Missed, placed, and received calls list stored on the IP phones
Arabic Language: The CPS should support Arabic Language on the IP phones (beside
the English Language)
In case of more than one CPSs are connected within the same system, a uniform
numbering plan should be maintained.
The system should support silence suppression as well as echo cancellation. The bidder
should describe the mechanisms used to provide both features.
The bidder should demonstrate the QoS capabilities of the proposed system in order to
guarantee the voice quality. Factors like packet loss, delay and delay variation are
minimal to be described.
The system should also provide call admission control to keep track of bandwidth
utilization as well as bandwidth allocation for new calls.
The systems should support open standards to allow integration with third-party
applications.
The bidder should describe backup procedures recommended for his offered system.
Bidder should also specify the backup media (floppy, tape, CD, etc).
The CPS should be managed via CLI, SNMP protocol (preferably SNMPv3) or web-based
management and configuration interface.

of Page

Each CPS should be supplied with latest software release, original user and installation
manuals as soft-copies (CDs), console cable, power cables, and any other needed
accessories for mounting the system into a data cabinet.
Compatible with MS OCS to make and receive PSTN calls
Failover of MS OCS protocol to SIP protocol

2.5.1 IP Phones
IP Phones are required to be with deferent levels for Top Management, Branch Managers,
Employees, Managers Secretary and Operators. Vendors should provide his option regards
these categories. Each IP Phone should be with minimum features as follow:

MS OCS support
Pixel-based display
A pixel-base display provides supplemental information, access to applications, and
makes it easy to use telephone features.
Calling name and number display
G.711 and G.729a audio compression
Identifies incoming messages and categorizes them for users.
Allows users to quickly access diverse information such as weather, stocks, quote of the day, or
any Web-based information using extensible mark up language (XML) to provide a portal to an
ever-growing world of features and information.
Online help feature gives users information about the phone's keys, buttons, and
features
Call Waiting
Call Forward
Call Transfer
Three-way calling (conference)
On-hook dialing, Pre-Dialing, and Off-hook dialing
Redial
Call hold
Call monitor
Speed dials configurable bottoms
IP Phones can be Identified to Three different call processing for redundancy

2.5.2 Top Management IP Phones: QTY- 50

Colour display, 16-bit colour depth, 320 x 240 effective pixel resolution
Eight phone lines support
Full-duplex speakerphone with acoustic echo cancellation
Should be equipped with at least Two 10/100/1000BaseT Ethernet ports
At least 24 defined user-selectable ring tones are available
Support local or power of Ethernet as power source
Supports differentiated services code point (DSCP) and 802.1Q/p standards.
Support secure VPN, TLS and SRTP
Support MS OCS

of Page

2.5.3 Manager Level 2 IP Phones: QTY- 150

Graphical monochrome 4-bit grayscale display

Two phone lines support
Full-duplex speakerphone with acoustic echo cancellation
Should be equipped with at least Two 10/100BaseT Ethernet ports
At least 10 defined user-selectable ring tones are available
Support local or power of Ethernet as power source
Supports differentiated services code point (DSCP) and 802.1Q/p standards.
Support MS OCS

2.5.4 Servers to support MS OCS: Qty (3)

Product feature : Brand Name

Processor: Intel Xeon 5500 series
Number of processors: 2
Chipset: Intel 5520 Chipset
Graphics: Integrated graphics
Memory Type: DDR3 Registered (RDIMM) or Un buffered (UDIMM)
Memory size: NOT LESS 8 GB
Hard disk: 3.5 inch SAS (10K rpm): I TB SATA (2 x 500GB) SAS
Optical drive: DVD RW SATA Drive
Network Controller: 1GbE NC362i 2 Ports Gigabit
Form Factor (fully configured): RAKE MOUNTED
Accessories: Keyboard USB , Mouse USB
Ports: BCM 5709 GbE Duel Port -TOE IPV6 and BCM 5709 GbE Duel Port -TOE IPV6
ISCSI Boot, with iSCSI Offload
Option Tape Drives: Power Vault 100T, DAT72 Tape Backup device

Section 3: Documentation
The System should not be deemed to be operational and complete until full and complete
documentation has been submitted and accepted by MLD. During Implementation, the vendor will pro
vide a full set of documentation required to operate and maintain the proposed system including
hardware, software, and training and operations users and reference guides.
The bidder will provide one electronic and paper master copy from which they may make in-house
copies. Graphical representation of equipment and network structure is to be provided on a Visio for
mat. Electronic copy must be in one continuous document and separate Visio document.
The bidder must prepare diagrams showing the locations and layout of the concentration points
of Page

and the routes taken between Equipments.

The Bidder should provide at no cost to MLD 3 original sets of the following types of documentation:

System design and configuration documentation;

Operator manual or Users Guide/Manual.

All documentation provided by the Bidder must be written in the Arabic

Language and expressed in a clearly and easily understandable manner.
MLD reserves the right to reproduce, at no additional cost whatsoever,

any part of the documentation provided by the Bidder for its internal use.
The Bidder should provide any revised editions, supplementary materials or new
publications relevant to the System and documentation on enhancements at no
additional cost to MLD.
The above specifications should apply for documentation and manuals of Third Party hardware,
software and equipment.
As a guide, the operator manual should include, but not limited to, instructions for the following proce
dures:

System power-up and power-down procedures;

System start up and shutdown procedures;
System Configuration Backup procedures;
System failure and recovery procedures;
Day to day operations ; and
System administration operations such as the assignment, reset and deletion of
passwords, etc.

As-Built Diagrams

Contractor will provide as-built documentation within 15 days of completion of the

project.
These prints will include outlet locations, outlet numbers, trunk-cable, routing, and
legends for all symbols.

3.1 System Acceptance

of Page

System acceptance will occur in three phases:

Hardware Tests.
Network Devices Fluke Test Print

Network Tests.

Final System Acceptance.

After installing the system hardware and performing appropriate diagnostic tests, the bidder
will certify that hardware is functioning correctly. MLD may request specific demonstrations
of the hardware readiness.
Upon completion of field installation of the network and training, the bidder will certify that the network is read
y for acceptance. The bidder will be required to demonstrate all system functions to MLD Satisfaction.
Any problems found during this demonstration will be immediately corrected by the bidder after which time ML
D will verify that corrections have been made and accept the system.
The bidder will then perform final system testing. Upon completion of the final system testing, the
bidder will certify that the network has passed the final system test criteria.

3.2 Testing
Prior to completion of the contract, full test results and documentation should be submitted to MLD
for approval.
The results should be delivered in native electronic format, not in a text editable format, though paper
copies must be made available on demand.
If any specialist software is required to read these results, this should be supplied free of charge by the
contractor.
The installer must give MLD less than one weeks notice for attendance when any testing is to be carried out.

3.3 Testing Strategy

After installation, all cables must be tested for Category 6 compliance.
Cable run length should be obtained using OTDR testing, supply printed graphs, and included as part of
the documentation of the installation.

3.4 Identi ication

Each cabinet or rack within each concentration point should have a unique identifier, typically a letter.
Concentration points should display the identification number in a prominent position using a permanent
label.
Each concentration point will be identified by a combination of the building in which it is located and the room n

of Page

umber containing the concentration or adjacent to it, if the concentration point is in a corridor space.
Where there is no obvious room adjacent to a concentration points, a scheme based on the floor
number, G for ground, 1 for first floor, etc and the geographical location, E for eastern wing, etc will be
used. Such schemes must be agreed with Ministry of Local Development.
Further, each cabinet or rack within each concentration point should have a unique identifier,
typically a letter. Concentration points should display the identification number in a prominent position using a
permanent label.
Notice should be taken of environmental conditions within which the concentration point
is located and measures taken to ensure that the label will not fail or become obscured.

Only machine-generated labels will be accepted.

The mentioned Quantities are for guidance only. Bidder
should make the site survey and validate these quantities
through his technical team.

Section 4: Training
4.1 On-hand training:
Onsite training is required to describe all operational tasks for proposed systems and
the troubleshooting process required for the operation for two engineers.

4.2 Formal training:

Bidder should provide certified training courses in a training center of the vendor locally.
Bidder should provide training materials for all the proposed courses and a complete
training plan explaining the number of days, hours and the prerequisites for the audience in each
course.

of Page

of Page

of Page

of Page

of Page








(SLA)

Presentation
of Page

of Page

(1.2 RFP General Rules)

of Page

2.5

Call Processing System

2.2.1

Passive Components

(sub contractors)

(vendor warranty

UNDP

of Page

mohamedi @ mld.gov.eg

of Page