DAN PERKHIDMATAN BERKAITAN UNTUK MAJLIS PERBANDARAN SUBANG JAYA

39  muat turun (0)

Tekspenuh

(1)

TENDER DALAM TALIAN

MAJLIS PERBANDARAN SUBANG JAYA DOKUMEN TENDER

(JILID 2/2) BAGI

CADANGAN MEMBEKAL, MEMASANG, MEMBANGUN, MENGUJI SERTA MENTAULIAH DISASTER RECOVERY CENTRE (DRC)

DAN PERKHIDMATAN BERKAITAN UNTUK MAJLIS PERBANDARAN SUBANG JAYA

NO. TENDER MPSJ.KUB.400-10/3/138 (2016)

TARIKH BUKA 13 OKTOBER 2016

TARIKH TUTUP 02 NOVEMBER 2016

MASA TUTUP 12.00 TENGAHARI

YANG DIPERTUA

MAJLIS PERBANDARAN SUBANG JAYA, USJ 5, PERSIARAN PERPADUAN,

47610 SUBANG JAYA, SELANGOR D.E.

www.mpsj.gov.my

(2)

CADANGAN MEMBEKAL, MEMASANG, MEMBANGUN, MENGUJI SERTA MENTAULIAH DISASTER RECOVERY CENTRE (DRC)

DAN PERKHIDMATAN BERKAITAN UNTUK MAJLIS PERBANDARAN SUBANG JAYA

NO. TENDER : MPSJ.KUB.400-10/3/138 (2016)

ISI KANDUNGAN

BIL BUTIRAN MUKA SURAT

1.0 SPESIFIKASI TEKNIKAL 3

2.0 RESPOND TIME 6

3.0 DOKUMEN PERJANJIAN 7

4.0 TERMA PEMBAYARAN

. 10

ARAHAN

Petender adalah dilarang sama sekali meletakkan tanda pengenalan syarikat atau apa jua maklumat berkaitan seperti chop syarikat, nama kakitangan syarikat atau tanda tangan pada mana-mana bahagian di dalam Jilid 2/2 ini.

Kegagalan petender untuk mengikuti arahan sedemikian boleh menyebabkan penyertaan di dalam TENDER ini terbatal.

(3)

MAJLIS PERBANDARAN SUBANG JAYA SPESIFIKASI TEKNIKAL

JENIS PERKHIDMATAN : CADANGAN MEMBEKAL, MEMASANG, MEMBANGUN, MENGUJI SERTA MENTAULIAH

DISASTER RECOVERY CENTRE (DRC) DAN

PERKHIDMATAN BERKAITAN MAJLIS PERBANDARAN SUBANG JAYA NO. TENDER : MPSJ.KUB.400-10/3/138 (2016)

A. OBJEKTIF DAN SKOP

Objektif tender ini adalah untuk Membekal, Memasang, Membangun, Menguji serta Mentauliah Disaster Recovery Centre (DRC) serta Perkhidmatan Berkaitan untuk MPSJ seperti berikut:

1. Cloud DRC Infrastructure 2. Storage DRC Infrastructure

3. Backup DRC Infrastructure (Cold Site)

4. Equipments and softwares required to support the DRC operations with the ability to divert/take over operations when needed during disaster.

5. Direct Over Metro-E Connection 6. Membekal Lesen MySQL

7. Perkhidmatan instalasi system yang sedia ada ke server DRC yang di DRC site yang cadangkan (minimum 25km radius)

8. Perkhidmatan Preventive Maintenance dua kali setahun.

Syarat-syarat berikut perlu untuk penilaian yang mesti disertakan oleh Petender di dalam dokumen cadangan dengan jelas. Kegagalan Petender memenuhi setiap syarat-syarat perlu untuk penilaian akan mengakibatkan cadangan tersebut tidak akan dipertimbangkan.

a. Petender wajib menyatakan dengan jelas spesifikasi setiap komponen peralatan yang ditawarkan, berdasarkan spesifikasi MPSJ di ruangan

‘TECHNICAL SPECIFICATION AND REQUIREMENT’ (please specify)’. Jika ruang tidak mencukupi, Petender boleh menggunakan Lampiran sebagai rujukan dan mestilah ditandakan/dinamakan dengan jelas.

b. Petender mestilah menyediakan senarai alat (‘Bill of Quantities – BQ’)

secara terperinci untuk setiap peralatan dan perkhidmatan yang

dicadangkan di setiap Item, sebagai dokumen sokongan wajib bagi

mempastikan peralatan dan perkhidmatan yang ditawarkan betul dan

(4)

mencukupi. (sertakan sebagai lampiran – rujukan item pada Jilid 1/2;

JADUAL KADAR HARGA dan Jilid 2/2; JADUAL TEKNIKAL).

c. Petender mestilah menyertakan gambarajah skematik yang dapat menerangkan secara konseptual dengan jelas cadangan rekabentuk sistem DRC MPSJ yang dicadangkan.

d. Petender mestilah menyertakan Jadual Perancangan (Work Shedule) untuk pembekalan, penghantaran, pemasangan, pengujian dan pentauliahan dengan jelas.

e. Semua item utama yang dibekalkan mesti disertakan brosur asal

yang mengandungi maklumat teknikal mengenainya.

(5)

MAJLIS PERBANDARAN SUBANG JAYA SPESIFIKASI TEKNIKAL

A. GENERAL REQUIREMENT

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

1.0 1.1 1.2

1.3 1.4

1.5

1.6

1.7

1,8

VENDOR PRE-REQUISITE

Bidder must propose ISO/IEC 27001 certified DRC center.

Bidder must comply with Tier 2 of the Data Centre Site Infrastructure Standard (Concurrently Maintainable Site Infrastructure) or above from Uptime Institute.

Bidder must provide minimum DOME 10MB Metro-e Internet line.

Bidder must propose location of the propose DRC and minimum requirement must be 25 Kilometer radius from the existing MPSJ datacenter.

Bidder is to propose two (2) boxes of dedicated SSLVPN box to secure the connection from datacenter to propose DRC.

Bidder must provide offsite storage at the DRC, and also tape pickup services from MPSJ primary site to the DRC based on schedule requested at 3 times a week.

Bidder must propose required hardware and software as specified in scope of work.

Bidder must provide automated scheduled backup and replication solution or online data synchronization between MPSJ datacenter to the proposed DRC

(6)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

1.9

2.0 2.1

Bidder must provide transfer technology or training on product as well as on the administrative function for the proposed solution.

SCOPE OF WORKS

Bidder MUST fully comply with the scope of works, which include:

a) Provision of an alternate site i.e.: dedicated room to host critical servers and provide redundancy in terms of availability in the event of primary site at MPSJ main office is down.

b) To install and deploy the identified servers and

hardware. This shall include operating system, network and other relevant application if required as well as technical support and assistance to MPSJ.

c) To provide technical assistance (Resident Engineer) to support MPSJ staff in assuring that on-site restoration operations and end of event backup operations can be implemented in the Bidder’s Recovery Center facility.

The Bidder shall assume all cost for testing.

d) To advice and provide other required equipment or software required to support the DRC operations with the ability to divert/take over operations when needed during disaster.

e) To provide dedicated Internet services at 10MBPS (minimum).

(7)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

3.0 3.1

3.2

f) To provide preventive and scheduled maintenance for all hardware hosted at the DRC site.

g) To provide consulting services on DRC technology during project implementation to MPSJ.

h) To provide dedicated working space and required infrastructure for 5 MPSJ personnel.

i) To provide automated scheduled backup solution or online data synchronization between MPSJ datacenter, co-location and proposed DRC

j) To provide offsite storage at the DRC, and also tape pickup services from MPSJ primary site to the DRC based on schedule requested at 3 times a week.

k) Training is to be provided on product as well as on the administrative function for the proposed solution.

BIDDER’S RESPONSIBILITY

The bidder shall review this document and take full responsibility of obtaining information from MPSJ as may be required to meet the specifications and requirements.

The bidder shall review and fulfill all specifications and requirements before committing to sign the purchase agreement.

4.0 DOCUMENTATION REQUIREMENTS

MPSJ reserves the right to reproduce all or part of the document submitted by the bidder for internal use.

(8)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

5.0 5.1

5.2

5.3

5.4

DELIVERY REQUIREMENTS

Successful bidder shall complete the entire scope of works within eight (8) to twelve (12) weeks after receipt of MPSJ Letter of Acceptance (LOA).

The bidder shall describe the project management methodology to be undertaken in the project to ensure the time is met as scheduled as well as meeting the technical requirements of the project. The project management methodology shall include the tasks and activities involved as listed below:

a) Project team structure b) Point of contact

c) Implementation schedule based on proposed project delivery and timeline which indicating

- Key milestones dates and deliverables - Workday

- Staffing estimates

The customer has the authority to reject all items that are not working accordingly.

The customer has the authority to reject any kind of bugs during or after installation.

(9)

B. TECHNICAL SPECIFICATION & REQUIREMENT

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

1.0 1.1

TECHNICAL SPECIFICATION

a) Critical servers (server and hardware specification is as below or equivalent):-

EXISTING INFRASTRUCTURE AND INFOSTRUCTURE a) Critical servers (server and hardware specification is as below or equivalent): -

Server for iRMS

(i) VMWare Centos OS 4/5/6 (32GB) (ii) Processor 8vCPU

(i) 8GB RAM

(ii) Provisioned Storage 107GB a. Used Storage 28GB

Server for iFMS

(i) VMWare Centos OS 4/5/6 (32GB) (ii) Processor 8vCPU

(iii) 8GB RAM

(iv) Provisioned Storage 107GB a. Used Storage 28GB

Server for OCPS

(i) SUN OS Solaris 10 10/08 s10x_u6wos_07b X8 (ii) Processor 2x Dual-Core AMD Opteron(tm) Processor

2222 (iii) 40GB RAM (iv) HDD 2.3TB

a. Used Storage 1.1TB

Sever for Sybase Database (IRMS & IFMS)

Makluman

Makluman

Makluman

Makluman

Makluman

Makluman

Makluman

Makluman

(10)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

1.2

(i) Linux mpsjdb1.mpsj.gov.my 2.6.32- 431.11.2.el6.x86_64

(ii) Processor 1x Intel(R) Xeon(R) CPU E7- 4850 @ 2.00GHz

(iii) 16GB RAM

(iv) Provisioned Storage 964GB a. Used Storage 18GB

Sever for MYSQL Database (OCPS)

(i) Linux 3.2.0-29-generic #46-Ubuntu SMP

(ii) Processor 1x Intel(R) Xeon(R) CPU E5620 @ 2.40GHz

(iii) 24GB RAM

(iv) Provisioned Storage 487G a. Used Storage 183GB

(v) Provisioned Storage for Data 3TB a. Used Storage 1.9TB

10TB external storage

Sybase Database License

REQUIRED INFRASTRUCTURE AND INFOSTRUCTURE (i) Config 8 core 40GB storage

a) To install and deploy the identified servers and hardware

b) P2V/V2V Migration Services c) DRC Policy and Testing

d) To provide other required equipment of software to support DRC operations during disaster

Makluman

Makluman Makluman

Makluman

Makluman Makluman

(11)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

1.3

1.4

1.5

e) Migrate, set up, install, configure and restoration of all MPSJ critical and core business application system in DRC environment.

f) All installations of MPSJ system application are based on MPSJ's request.

Telecommunication and Internet Service Redundancy a) Dedicated internet service is provided at least 10Mbps

b) Telecommunication and internet service provider is named accordingly

c) Telecommunication and internet service redundancy plan need to be explained

Physical security parameters are in place. This includes gate, security guard, manned reception and CCTV.

Physical Entry control is implemented accordingly for example biometric access or access card.

Location and parking facility.

a) Bidder is to state distance between proposed DRC site and MPSJ primary site and also the number of parking space available at the DRC.

b) The bidder shall make the DRC available to MPSJ twenty four (24) hours per day, seven (7) days per week as long as required in the event of disaster.

To provide dedicated working space and required infrastructure for 5 MPSJ personnel. The working space should be equipped with other office facilities such as laser jet printer, telephone line, fax machine, facsimile and conference room. The telephone line

(12)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

2.0 2.1

2.2

2.3

2.4

3.0

4.0 4.1

4.2

should allow divert service from MPSJ main premise to the

alternate site. Bidder should make the working space available for MPSJ usage as and when required.

Maintenance Support & Warranty Requirement

Operations and maintenance services for the server and related infrastructure supplied and commissioned by the bidder for the application at the Disaster Recovery Centre.

The bidder shall undertake regular preventive maintenance of the hardware and licensed software.

Bidder is to clearly describe the proposed methodology for both notifying of new releases and maintenance updates.

Bidder is also required to describe all cost related to maintenance releases and major version upgrades.

Warranty

The warranty of rented items shall include both parts and labor for a minimum period of three (3) years.

Insurance on Assets

The price of rental shall include all the risk insurance coverage for the hardware and software provided by bidder for the whole of tenure year.

The price of rental shall also include the risk insurance coverage for the transportation of backup tape from the main premise to alternate site for the whole of tenure year.

(13)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

5.0 5.1

5.2

6.0 6.1

7.0 7.1

Bidder Past Experiences

Bidder MUST have an experience in providing Data Centre facilities and sufficient trained personnel for the datacenter operations. Also in demonstrating their capability to provide consultation services for this project.

Bidder to provide list of client reference (latest completed or ongoing), authorized contact person and number.

Training and Transfer of technology (TOT)

Bidder to provide transfer of technology (TOT) on DRC related software and hardware include operational.

Documentation

Bidder MUST provide:

a) Finalized completed DRC Diagram b) User Manual

c) Service Operation Procedure (SOP) d) Operational Manual

e) Any other document requested by MPSJ

f) All documentation shall be submitted at the end of the project.

8 8.1

SERVER INFRASCTRUCTURE MAIN REQUIREMENT

(14)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

8.2

8.3

8.4

8.5

8.6

Supply, installation, configuration and commissioning Server for MPSJ DRC Infrastructure.

Number of unit: 3 Units

Location: Propose DRC center

Product Information Please Specify Processor

Processor: The server must be installed with Two (2) Intel E5-2660 v2 130 W 8 core processors

Quantity Processor: min 2 unit Memory

RAM: Should have at least 128GB DDR3 Memory RDIM/PC3 fully buffered DIMMs at 1866 MHz

Frequency: min. 11866 MHz

Capacity: 128GB RAM Hard Drive

Two (2) 300GB 10k 6G 2.5-inch Hot Plug SAS Hard

RAID 0/1 Controller SAS 6G 0/1

Supported Drive Type SATA, SAS, SSD

Remote Management IPMI 2.0 compliant I/O and expansion

1 x VGA, 3 slots PCI-express 2.0

6 port x Gigabit Ethernet support

1 x Dedicated Service LAN

1 x serial RS-232-C (9-pin)

Dual 800W Power Supply come with 4m Cable power cord for rack PDU.

Operating Systems

Must support the followings OS:

(15)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

8.7

8.8

8.9

Windows Server 2012, Redhat Enterprise Linux, Ubuntu, Centos, FreeBSD or Solaris for Intel x86.

Support Services & Warranty:

All proposed item must comes with at minimum 1 (one) year warranty.

Bidder shall provide minimum one (1) year labor on-site support and maintenance.

Documentation:

Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.

Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT),

commissioning & operation procedure for the installed equipment(s).

TRAINING:

The supplier shall include an administrator training and a training documentation plan. The training documentation plan shall include:

- A syllabus for the training - A number of training days

- A training for 3 pax for JTM technical staff

9.0 9.1

DATA STORAGE SOLUTION

MAIN REQUIREMENT

Supply, installation, configuration and commissioning MPSJ DRC Data Storage.

Number of unit: 1 unit

(16)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

9.2

9.3

Location: Propose DRC center

Product Information: (please specify)

Model:

Brand:

Country of Origin :

Bill of Quantity (BQ) : (please attach appendix) Unified Storage Requirement:

RAW Storage Capacity Required : 16 TB RAW

Comes with 16 x 1TB SAS 10K RPM HDD to achieve at least 1100 IOPS with performance RAID 10 configurations

Offered RAID 5 Storage Capacity: (Please Specify) Storage Specification :

The Proposed Storage should be configured with these following requirement :

o Minimum Six Core CPUs o 16GB Main Memory

o Minimum 4 x 1Gbe + 2 x 10Gbe front end ports per controller

o Dual Controller

The Proposed Unified Storage must be rack mounted (Adequate rack should be proposed)

The Proposed Unified Storage should be configured with redundancy of Disk Drives, Fans & Power Supplies

The Proposed Unified Storage should be able to support minimum 16 disks in the array

The above-mentioned Usable Capacity requirements are exclusive of all necessary required hot spares. Hence each spindle capacity type required above should have independent pool of minimum required hot spares

The Proposed Unified Storage should support RAID Levels: 0, 1, 1/0, 3, 5 & 6.

(17)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

9.4

9.5

(If any of the mentioned Raid Groups are not supported by the Tenderer’s, then kindly propose equivalent features, with supporting whitepaper validation documents from third party agencies)

The Proposed Unified Storage should support for

Windows 2000/2003, HP-UX, IBM AIX, LINUX, Solaris OS

The Unified Storage Management software should be array based and provide GUI / web based management with complete Reporting features like LUN Usage, Empty Space etc.

The Proposed Unified Storage should support Web based, Email facility for remote service & also support dial-in / dial-out to report errors and warnings

The initial connectivity is for 2 Servers scalable to 64 high availability hosts

Must support asynchronous mode remote replication

Must be able to replicate between two Unified Storage at the remote site, either LAN or WAN connection.

Ability to copy data (LUNs) to while systems is running

Ability to switch RAID types.

Disk Shelf Subsystems :

Controller – 3U Rack-mountable form factor with min 16 slots Hot-Swap 3.5" HDD

Dual 6Gb/s SAS 2.0 I/O Controller

Support 600 GB/450 GB/300 GB (15,000 rpm) 3.5 " SAS disk drives

Support 4 TB / 3 TB / 2 TB/1 TB (7,200 rpm) 3.5 " SAS disk drives

Support 800 GB/400GB/200GB/100GB SSD (Solid State Drives)

Redundant ( 1+1 ) Dual output Power Supply Storage capabilities :

(18)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

9.6

9.7

Support the following data redundancy (RAID) features:

o Mirroring

o Striping with Single Parity RAID o Striping with Double Parity RAID

Must come with these File serving protocol enabled:- o NFSv4 and NFSv3

o CIFS o WebDAV2 o FTP o RSYNC

Must come with iSCSI block protocol enabled

Support user authentication from Open LDAP, Active Directory

Storage Management

The storage subsystem must support management via — HTTP, HTTPS (Ajax based remote console); CLI-based — SSH, Serial; SMI-S management

Support Services & Warranty:

All proposed item must comes with at minimum 1 (one) year warranty.

Bidder shall provide minimum one (1) year labor on-site support and maintenance.

Documentation :

Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.

Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT),

commissioning & operation procedure for the installed equipment(s).

(19)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

10 10.1

NETWORK SWITCH

MAIN REQUIREMENT

Supply, installation, configuration and commissioning MPSJ DRC Network Switch.

Number of unit : 1 unit

Location : Propose DRC center

Product Information : (please specify)

Model :

Brand :

Country of Origin :

Bill of Quantity (BQ) : (please attach appendix)

Each Network Switch must include the following specifications :

Shall come with min 24-port 10/100/1000BaseTx ports.

Shall come with min 4-port 10/100/1000Base SFP ports.

Shall come with dedicated min 2-port 10GbE SFP ports inclusive 10GBase-SR SFP+ per switch .

Shall be mountable on standard 19” equipment rack.

Shall support IP-based Network Management system and SNMP Protocol.

Shall support automatic medium-dependent interface crossover (Auto-MDIX) ports on all copper.

Shall support min 4094 active VLANs

Shall support VLAN configuration up to port level.

Shall support 802.1Q, VLAN tagging

Shall support per VLAN Spanning Tree (STP) IEEE

Shall support stacking architecture

(20)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

Support Services & Warranty:

All proposed item must comes with at minimum 1 (one) year warranty.

Bidder shall provide minimum one (1) year labor on-site support and maintenance.

Documentation :

Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.

Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT),

commissioning & operation procedure for the installed equipment(s).

11 11.1

VPN AND FIREWALL APPLIANCE

MAIN REQUIREMENT

Supply, installation, configuration and commissioning MPSJ DRC VPN APPLIANCE.

Number of unit : 2 unit

Location : Propose DRC center

Product Information : (please specify)

Model :

Brand :

Country of Origin :

Bill of Quantity (BQ) : (please attach appendix)

(21)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

11.2

11.3

PERFORMANCE AND HARDWARE BUILT REQUIREMENTS

The proposed system appliance shall come with o minimum of 4 x 1GE

o minimum mass storage of 40 GB (SSD) o minimum log space of 20 GB

The proposed system shall support minimum:

o 1.9 Gbps firewall throughput

o 800 Mpbs firewall + Application Detection throughput

o 300 Mbps Firewall + application Detection & IPS throughput

o 200 Mbps VPN throughput o 60,000 concurrent connections o 8,000 new sessions per second

The proposed system shall support the recommended number of users based on the following features:

o 200 users for Firewall + Application Detection &

VPN turned on

o 100 users for Firewall + Application Detection + VPN and IPS turned on

FIREWALL REQUIREMENT

For security reasons, the proposed firewall system must be based on a proprietary application controlled packet forwarding firewall engine and not on a form of open source firewall packet implementation.

Application control must be configurable for each individual firewall rule.

Application control functionality must be configurable in conjunction or as a dependency of at least the following criteria:

o User / User group

o Time of day / Day of week o Source / Destination

(22)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

11.4

The proposed system must include an unlimited protected IP addresses license (unlimited box license).

The proposed system must provide an Intrusion

Prevention System (IPS) including unlimited protected IP‘s for every unit at no extra charge.

The included IPS system must be based on thousands of signatures.

The signatures for the IPS system must be updated at least on a weekly basis or in case of a newly discovered vulnerability on demand.

The IPS system must be able to detect and prevent attacks based on the following evasion and obfuscation techniques:

o IP Fragmentation

o TCP Stream Reassembly o RPC Defragmentation o FTP Evasion Protection o URL Decoding

o HTML Decoding and Decompression o TCP Split Handshake

The proposed system must be based on a dedicated proprietary, linux- based operating system to prevent inheriting common OS vulnerabilities.

The proposed system must support NAT/PAT on all interfaces.

The proposed system shall be able to operate on either transparent (bridge) mode to minimize interruption to existing network infrastructure or NAT/route mode. Both modes must also be available concurrently.

APLICATION PROXIES REQUIREMENT

The proposed system must provide application proxies for the following services:

o Caching DNS

(23)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

o NTP o HTTP o VPN

The proposed system must provide an authoritative DNS server for inbound load balancing.

The proposed system must provide the ability to create predefined reusable objects for networks that include network / IP, MAC, and interface.

The proposed system must provide the ability to create predefined reusable network objects based on existing predefined objects as well as existing custom defined objects.

The proposed system must provide the ability to create predefined reusable objects for services that include protocol, port range, label, and timeou

The proposed system must provide the ability to create predefined reusable service objects based on existing predefined service objects.

The proposed system must provide the ability to create predefined reusable objects for connections that include NAT type, interface, weighting, failover, and load

balancing settings for up to four balanced interfaces.

The proposed system must provide the ability to create predefined reusable objects for users and groups that include user and group pattern matching.

The proposed system must provide the ability to create predefined reusable objects for date and time ranges granularity shall be at least one hour.

High availability - The proposed solution shall provide the ability to deploy two units in a hot standby mode so that if one fails the other takes over all concurrent sessions for forwarding and VPN network traffic.

(24)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

High availability - Deploying a unit as a standby unit in high availability mode shall take no longer than 5 minutes and use a graphical user interface wizard to get the standby unit up and running.

The proposed system must provide application control per firewall rule for more than 900 applications such as:

o All well-known Instant Messaging applications o All well-known Peer-2-Peer file sharing applications o All well-known streaming portals

o All well-known VoIP applications

The proposed system must be capable of utilizing interface groups per firewall rule to enhance IP-spoofing protection.

The proposed system must support VLAN’s according 802.1q standard for up to 4,096 VLANs.

The proposed system must support static and/or dynamic NAT/PAT configuration per firewall rule.

The proposed system must support firewall authentication for the following authentication methods:

o MS Active Directory o RADIUS

o LDAP

o x.509 certificates

o VPN group membership

The proposed system must support firewall authentication either inline (browser-based authentication pop-up) or offline (works for any protocol).

The proposed system must provide a connector between the system and Microsoft Domain Controllers that allows for transparent means to find out the user to IP context (a.k.a., “DC Agent“).

The proposed system must provide an offline firewall rule tester.

(25)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

The proposed system must provide real-time monitoring for active sessions through the user interface.

The proposed system must provide one-click session abortion through the user interface without sending TCP RST.

The proposed system must provide one-click session termination in the user interface.

The proposed system must provide session detail information in the user interface.

The proposed system must provide firewall history cache with following entry types and information:

o BLOCK (no rule matching, block by rule, block by rule interface mismatch)

o DROP (TCP packet belongs to no active session, ICMP packet belongs to no active session, ICMP packet is ignored, IP header checksum is invalid, IP header is incomplete, IP packet is incomplete, TCP header has an invalid ack number, forwarding not active)

o Traffic Type (Application) o ALLOW ( by rule “name”)

o FAIL (accept timeout, connect timeout, denied by filter, host unreachable, network access denied, port unreachable, protocol unreachable, routing triangle)

The proposed firewall system must be manageable via a secure web-based user interface.

The port over which the web interface port of the proposed firewall system is accessible must be modifiable via the user interface.

Wi-Fi: The proposed system must provide an optional 802.11n-based Wi-Fi access point with up top three distinct Wi-Fi networks.

(26)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

11.5

Wi-Fi: The proposed system must provide a function to display a landing page (click-thru) that has to be accepted for network traffic originating from the Wi-Fi network.

Wi-Fi: The proposed system must provide a function to display a logon page where users connected via Wi-Fi need to log on before being able to access the Internet.

Wi-Fi: For the logon page functionality (as above) of the proposed system, an easy-to-use web portal shall generate logons for the Wi-Fi networks.

VPN AND CONNECTIVITY REQUIREMENTS

The proposed system must provide at least the following encryption methods:

o DES, 3DES o AES, AES-256 o Blowfish o CAST

The proposed system must provide capability to create dedicated VPN site-to-site tunnels, hub and spoke, and fully meshed VPN connections.

The proposed system must provide an IPsec-based VPN infrastructure.

The proposed system must be IPSEC interoperability certified by the VPNC (VPN Consortium).

The proposed system’s manufacturer must be member of VPNC.

The proposed system must provide client-to-site VPN clients for Windows, MAC OS, and most common Linux derivates.

The proposed system must provide client-to-site VPN support for the built-in clients in iOS (iPhone, iPad) and Android devices.

(27)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

11.6

11.7

The proposed system must be capable of terminating PPTP and IPsec client connections.

The proposed system must support user interface- based VPN tunnel termination.

The proposed system must support user interface- based VPN tunnel monitoring.

The proposed system must be capable of automatic ISP backup link activation in case of line loss.

The proposed system must be capable of session- based load balancing over multiple ISP uplinks.

Load balancing over multiple ISP/VPN connections must be redundant with automatic fallback after original connection status has been restored.

Traffic shaping must be available within the VPN tunnel (application-, source-, and destination-based).

The proposed system must support UMTS/3G uplinks and the vendor must provide a 3G Modem for use worldwide and available for all firewall units.

All VPN configuration settings must be available through user interface. No command-line interface shall be needed.

Support Services & Warranty:

All proposed item must comes with at minimum 1 (one) year warranty.

Bidder shall provide minimum one (1) year labor on-site support and maintenance.

Documentation :

Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.

Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT),

(28)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

commissioning & operation procedure for the installed equipment(s).

12.0 12.1

ENTERPRISE DATABASE FOR OCPS System

MAIN REQUIREMENT

Supply, installation, configuration and commissioning of Enterprise Database System for MPSJ.

Number of unit : Enterprise Edition Subscription (1-4 socket server 1 Year)

Location : Propose DRC

Product Information : (please specify)

Model

Brand :

Country of Manufacture :

Bill of Quantity (BQ) : (please attach appendix)

Propose Enterprise Database must come with the following features :

High Performance & Scalability to meet the demands of exponentially growing data loads and users.

Self-healing Replication Clusters to improve scalability, performance and availability.

Online Schema Changes to meet changing business requirements.

Performance Schema for monitoring user & application level performance and resource consumption.

SQL & NoSQL Access for performing complex queries and simple, fast Key Value operations.

(29)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

12.2

Platform Independence giving you flexibility to develop and deploy on multiple operating systems.

Big Data Interoperability using MySQL as the operational data store for Hadoop and Cassandra.

Propose Enterprise Database must come with replication tools for replication of data from production to DRC site.

Must include 1 pair of replication agents.

The backup replication must use Continuous Data Protection (CDP) technology that that continuously captures or tracks data modifications by saving a copy of every change made

The replication solutions must use the technique of saving byte or block-level differences rather than file-level differences

Must provide fine granularities of restorable objects ranging from crash-consistent images to logical objects such as files, mailboxes, messages, and database files and logs.

Shall be able to restore to physical disk or the software snapshot.

Retention of CDP shall support o Time-based Retention o Space-based Retention

o Time and Space based Retention o Sparse Retention

Support Bandwidth Optimization

Support Encryption communication from host to Server and Server to target

Replication Info-structure Management System :

(30)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

12.3

Must come with web-based UI, where tasks such as backup, restore, monitor et al. This server also generates reports, trend graphs, e-mail and SNMP trap alerts

Must be able to handle activities like data transfer, generating log files for trend graphs, compressing data on its way to the Secondary server.

Agents Operating Systems Support:

o Windows

o RedHat Enterprise Linux o SuSE Linux Enterprise Server

o Community Enterprise Operating Systems o Open SuSE

o Debian

o Oracle Enterprise Linux o Solaris

o HP-UX o AIX

o Virtualization : Citrix XenServer, VMware vSphere &

Hyper-V

Scope of Services for Disaster Recover (DR) OCPS must cover the following :

Installation of MySQL Enterprise server on dedicated server

Import of production MySQL data to DR MySQL

Establish, maintain, and monitor real-time MySQL replication with production MySQL data to DR MySQL

Schedule regular automated snapshots of MySQL data

Installation of OCPS System on DR Server

Configuration of OCPS System on DR server to match configurations in production environment

Establish, maintain, and monitor replication of raw production email data to DRC storage

(31)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

12.4

12.5

12.6

Perform scheduled DR OCPS environment tests as and once a year.

Scope of Services for H/A Active-Active MySQL DB

Setup MySQL DB Active-Active Clustering

Migration of the existing OCPS database (400GB) to the new Active-Active Cluster environment.

Testing of new Active-Active MySQL cluster on OCPS System environment

Support Services & Warranty:

All proposed item must comes with at minimum 1 (one) year warranty.

Bidder shall provide minimum one (1) year labor on-site support and maintenance.

Documentation :

Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.

Bidder shall provide complete documentation on configuration, User Acceptance Test (UAT), commissioning & operation procedure for the installed equipment(s).

13 13.1

ENTERPRISE DATABASE FOR IRMS and IFMS System

MAIN REQUIREMENT

Supply, installation, configuration and commissioning of Enterprise Database System for MPSJ.

Number of unit : Enterprise Edition Subscription (4 socket server 1 Year)

(32)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

13.2

13.3

Location : Propose DRC

Product Information : (please specify)

Model

Brand :

Country of Manufacture :

Bill of Quantity (BQ) : (please attach appendix) Replication Info-structure Management System :

Must come with web-based UI, where tasks such as backup, restore, monitor et al. This server also generates reports, trend graphs, e-mail and SNMP trap alerts

Must be able to handle activities like data transfer, generating log files for trend graphs, compressing data on its way to the Secondary server.

Agents Operating Systems Support:

o Windows

o RedHat Enterprise Linux o SuSE Linux Enterprise Server

o Community Enterprise Operating Systems o Open SuSE

o Debian

o Oracle Enterprise Linux o Solaris

o HP-UX o AIX

o Virtualization : Citrix XenServer, VMware vSphere &

Hyper-V

Shall comes with a tape library with a minimum of 12TB of capacity using mini SAS connectivity.

Scope of Services for Disaster Recover (DR) must cover the following :

Installation of Existing SAP Enterprise server on dedicated server

(33)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

13.4

Import of production data to DR MySQL

Establish, maintain, and monitor real-time replication with production data to DR.

Schedule regular automated snapshots of data

Installation of IRMS and IFMS System to DR Server

Configuration of IRMS and IFMS System on DR server to match configurations in production environment

Establish, maintain, and monitor replication of raw production email data to DRC storage

Perform scheduled DR OCPS environment tests as and once a year.

Scope of Services for Host Based Replication System must cover the following :

Installation of New or Existing Enterprise Backup System Management server on related server

Installation of New or Existing Enterprise Backup System server on related server

Installation of New or Existing Enterprise Backup Software Agents on related server. (please specify the number of agents included)

The backup replication must use Continuous Data Protection (CDP) technology that that continuously captures or tracks data modifications by saving a copy of every change made

The backup solutions must use the technique of saving byte or block-level differences rather than file-level differences

Must provide fine granularities of restorable objects ranging from crash-consistent images to logical objects such as files, mail boxes, messages, and database files and logs.

Shall be able to restore to physical disk or the software snapshot

Retention of CDP shall support o Time-based Retention o Space-based Retention

(34)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

o Time and Space based Retention o Sparse Retention

Support Bandwidth Optimization

Support Encryption communication from host to Server and Server to target

Must come with web-based UI, where tasks such as backup, restore, monitor et al. This server also generates reports, trend graphs, e-mail and SNMP trap alerts

Must be able to handle activities like data transfer, generating log files for trend graphs, compressing data on its way to the Secondary server

Install, configure and test the management server

Install, configure and test the replication agents

Configure replication pair and set the retention as per MPSJ's requirement

Develop a DR Plan specifically for the systems that will be install with agents that can comply with Information Security Management Systems standard

Test and verify the DR Plan

All proposed software including services shall comes with 1 year 24x7 (round-the-clock) unlimited telephone and email support. Hotline telephone number and helpdesk email shall be provided. Whenever deemed necessary by ICT

Department, certified technical personnel shall be assigned and fetched to perform the following tasks, but not limited to:- o Standard and advanced health checking of the supplied

system.

o Standard and advanced troubleshooting of the supplied system.

o Calibration, re-engineering and/or re-deploy of the supplied system.

o Consultation on the supplied systems.

o Migration and integration assistant of the supplied systems with other systems.

(35)

BIL. SPESIFIKASI MAJLIS SETUJU/

TIDAK SETUJU

CADANGAN SPESIFIKASI PENTENDER (SILA NYATAKAN)

13.5

13.6

13.7

o Standby during major events

o Any mitigation works required to ensure the system at MPSJ local area network runs at its optimum performance

Scope of Services for H/A Active-Active Database

Setup Active-Active Clustering

Migration of the existing database (1.4TB) to the new Active- Active Cluster environment.

Testing of new Active-Active MySQL cluster on DRC System environment

Support Services & Warranty:

All proposed item must comes with at minimum 1 (one) year warranty.

Bidder shall provide minimum one (1) year labor on-site support and maintenance.

Documentation :

Bidder shall provide comprehensive documentation on system design, system setup, IP address assignment and other information for ease of management.

Bidder shall provide complete documentation on

(36)

MAJLIS MAJLIS PERBANDARAN SUBANG JAYA

RESPOND TIME

BIL BUTIRAN PEMATUHAN * MASA *

1 Masa yang diambil untuk mengambil tindakan pembaikan sekiranya mendapat panggilan telefon atau perkhidmatan pesanan ringkas (SMS) atau aplikasi whatsApp, e-mel, atau faks daripada kakitangan Jabatan Teknologi Maklumat terhadap sebarang permasalahan berlaku ke atas pelaksanaan DRC tersebut.

Masa tersebut dikira bermula daripada saat panggilan telefon atau SMS, whatsapp, e-mel, atau faks dibuat.

Setuju / Tidak Setuju

2 jam

3 jam

4 jam

* Wajib potong mana yang tidak berkenaan

(37)

MAJLIS PERBANDARAN SUBANG JAYA DOKUMEN PERJANJIAN

BIL BUTIRAN PEMATUHAN *

1 Perjanjian

Menandatangani dokumen perjanjian di antara petender dan Majlis Perbandaran Subang Jaya (MPSJ).

*rujuk pada Arahan Kepada Pentender perkara 19.0 di Jilid 1/2.

Setuju / Tidak Setuju

* Wajib potong mana yang tidak berkenaan

(38)

MAJLIS PERBANDARAN SUBANG JAYA TERMA PEMBAYARAN

BIL BUTIRAN PEMATUHAN *

1

2

Terma Pembayaran

Terma-terma pembayaran adalah tertakluk kepada keputusan pihak MPSJ. Terma-terma pembayaran tersebut adalah seperti berikut:

 Mengikut Jadual Pembayaran.

 Setiap

tuntutan pembayaran perlu mengemukakan laporan secara bertulis dan ditandatangani oleh pihak kontraktor dan MPSJ.

 Mengisi Borang Akuan Siap Kerja MPSJ.

Jadual Pembayaran

 Pembayaran

setelah kerja-kerja penghantaran barang dan perisian diterima;

 Pembayaran

setelah kerja-kerja pemasangan, instalasi, konfigurasi dan migrasi selesai dilaksanakan;

 Pembayaran setelah pengujian

user acceptance test (UAT)

 Pembayaran setelah pengujian

final acceptance test (FAT) dilaksanakan dan;

 Pembayaran setelah dokumen perjanjian

dimeterai.

Setuju / Tidak Setuju

50%

30%

10%

5%

5%

* Wajib potong mana yang tidak berkenaan

(39)

LAMPIRAN E

Service Level Assurance (SLA)

Memastikan pematuhan pada Service Level Assurance (SLA)

1. KONTRAKTOR perlulah menyediakan kemudahan talian kecemasan / hotline, kepada MPSJ supaya dapat dihubungi dengan cepat jika berlaku sebarang

2. Masalah/insiden. Kontraktor hendaklah melakukan troubleshoot dan menyelesaikan sebarang masalah yang dihadapi dengan serta merta.

3. KONTRAKTOR mestilah menyediakan perkhidmatan sokongan yang mencukupi selama 24 jam sehari dan 7 hari seminggu.

4. Memastikan masa tindakbalas (response time) dan masa penyelesaian (resolution time) seperti yang telah dinyatakan dipatuhi.

5. Selepas menerima laporan kerosakan Perkhidmatan tersebut,

KONTRAKTOR hendaklah menjalankan Khidmat Penyenggaraan.

Figura

Updating...

Rujukan

Tajuk-tajuk berkaitan :