1.0 Managed IT Services C1/2

Transcription

1 Table of Contents Statement of Work and Business Requirements C1/2 Objective Technical Requirements C1/ C1/2 1.0 Managed IT Services C1/2 1.1 Solution Architecture C1/3 1.2 Data Centre Specifications C1/3 2.0 Managed Security Services for Hosted Systems C1/6 2.1 Implementation Deliverables C1/6 2.2 Advanced Security Monitoring C1/6 2.3 Log Management C1/8 2.4 Monitoring and Reporting C1/8 2.5 Data Management and Auditing C1/8 2.6 Log Retention/Storage C1/9 2.7 Vulnerability and remediation Management: C1/9 2.8 IT Asset Inventory C1/9 2.9 Intelligent Prioritization C1/ Reporting C1/ Service Level Management C1/ Service Delivery C1/ Service Availability Targets C1/ Support Performance Levels C1/ Priority Rules C1/ Reporting and Compliance with Agreement C1/ In-bound Logging Methods C1/ Project Team Structure C1/ Project Duration C1/ Payment, Penalty and Contract Termination Terms C1/ Service Degradation Penalties C1/ Managed IT Services Requirements C1/ ASHGHAL Initial Managed Services Requirements: C1/ VM Specifications C1/ Virtual Servers Package C1/ Minimum Bill of Materials Commitment C1/ On-Demand Managed Services C1/ Schedule of Rates for On-demand Managed Services C1/ Project Plan and Similar Projects references C1/ MANAGED SERVICES C1/15 Project ID: ISD 15/16 SS 25 G C1/ 1 April 2015

2 Statement of Work and Business Requirements Objective The Objective is to provide Managed IT services for Ashghal. The proposal from managed IT Services provider should cover industry leading environment designed to allow provision, recovery, and migration of critical production IT services. In the event of a disaster or disruption of managed IT Services, recovery will take place at Tenderer recovery location. Provide the necessary hardware infrastructure to allow the production environment and provisioning of new services as well as migration of existing critical services hosted in ASHGHAL Data Centre. Provide expert assistance in preparing for the Ashghal production environment within defined timescales. Ashghal is seeking proposals for Managed IT Services that will provide greater performance and reliability at the best cost. Technical Requirements Provide Ashghal with a comprehensive IT infrastructure offering core services such as Virtual Infrastructure based upon (Hyper-V & VMware), database engines (Oracle/SQL), and other supporting services. Professional and certified team will look after the infrastructure around the clock using advanced monitoring and management systems. Virtual servers will be built on top of Hyper-V or VMWare hypervisors offering an industry-leading virtualized platform and best-of-breed technologies to maximize the reliability and availability of ASHGHAL applications. Manage and monitor all hosted components 24x7. Manage and monitor security infrastructure to protect hosted IT systems. Harden all servers to industry best practices to ensure highest levels of security are achieved. As part of the standard server installation managed and monitored Anti-Virus and firewall software will be installed. Implement all approved, operating system upgrades, service packs and hot-fixes that may affect the stability and security of the platform. Provide Ashghal with storage on an on-demand basis, a service which will help reduce storage costs and deal with the fluctuating demands of the business. The service allows to have the benefits of an automated storage area network without the traditional significant costs associated with storage. Backup as a Service will ensure the availability of ASHGHAL data in the event that a restoration is required. Provide an automated backup facility specifically developed for the hosting environment. Provide load balancing and application Firewall for required services. 1.0 Managed IT Services Should be able to provide the following Managed IT Services:- Managed Backup and Restore Managed Hardware Physical Servers Managed OS - Windows Managed OS Linux Managed Clustering Project ID: ISD 15/16 SS 25 G C1/ 2 April 2015

3 Managed Storage Managed Site-to-Site VPN Advanced monitoring services and Utilization reports Managed SQL Server Managed security services for hosted systems Migration of Ashghal production servers and virtual machines to Tenderer s hosting environment 1.1 Solution Architecture The solution provider will take the burden of day to day support away from ASHGHAL internal IT staff allowing them to focus their time on growing ASHGHAL business. Clear upgrade paths enable a modular hosting solution to grow with needs of ASHGHAL adding capacity and resilience as required. Responsible to manage the hosted infrastructure and automate operations where possible to improve application availability, and enhance service delivery. Availability Scalability Security Manageability: The proposed architecture should provide redundancy to limit system related faults. Every component has a solution or strategy to achieve high availability. All components can be scaled to provide growth to meet user demands and business requirements. The architecture should provide an end-to-end security model that protects data and infrastructure for hosted services. Provide an end-to-end solution for deploying, monitoring, alerting, and administering the infrastructure. Ashghal will benefit from on-going health monitoring, and failure detection. 1.2 Data Centre Specifications The following will provide a high level description of all the components that will make up the hosting of Ashghal infrastructure and services. Physical Location The infrastructure will be hosted in Tier III data center located at a highly secure location in a highly-secure location, the datacenter will conforms to the global standard TIA 942 for data centre construction. This ensures that it meets the most stringent requirements for: Failsafe operation Robust protection against natural or man-made disasters Long-term reliability & scalability Network Architecture Provide and manage all network requirements for the hosted infrastructure. The data centre switches should provide 1Gbps and 10Gbps connectivity between the tiers and devices. Manages all the cabling, routing and switching in the data centre. Implement virtual local area networks (VLANs) throughout the environment. Implementing VLANs allows maximum isolation of different segments and increases security and Project ID: ISD 15/16 SS 25 G C1/ 3 April 2015

4 management of data flow between the different tiers. The proposed network design will provide for the reliable and efficient movement of data between devices and locations. Internet and WAN Architecture The internet links will be used for all internet services required by the infrastructure and for remote users connecting to any services published to the internet. Our initial request includes 8-10 Mbps of internet connectivity. Responsible for support and maintenance of end to end connectivity of Internet and WAN links for hosted environment. Security Architecture Provide and manage security requirements for the hosted IT systems. This managed firewalls, IPS, anti-virus. includes Firewall infrastructure - a firewall-secured network environment customized to the needs of ASHGHAL environment. Certified engineers will configure the network, firewall, IPS to support ASHGHAL business need. Once installed and configured, the solution will be monitored to proactively respond to service interruptions. The firewalls prevent access from the internet to the trusted network and provide filtered access to the un-trusted network. The firewalls also provide filtered access from the untrusted network to the trusted network. In addition to the network layer protection the applications will be protected by Application Firewalls in a high-availability configuration to provide comprehensive protection against application layer attacks. Virtual Servers Standardized on VMware virtualization and Microsoft Hyper-V technology, to host ASHGHAL virtual machines. The dynamic nature of virtual machines means that the infrastructure can grow and adapt as required. Hyper-V and VMware infrastructures can facilitate rapid growth, allowing ASHGHAL to leverage the benefits of hosting. Create Virtual Servers and Virtual machines on demand based upon the request of ASHGHAL requirements. In addition to this, liaise and work closely with ASHGHAL ISD team to provide a migration strategy to migrate productions virtual machines hosted in ASHGHAL (Hyper-V 2008 R2 / 2012 R2, VMware environment) to managed services including P2V/ V2V of physical and virtual servers. As part of this service, to provide the following: Installation Install virtual infrastructure: Hyper-V and VMware clusters Install virtual machines Configuration Configuration of virtual infrastructure: Hyper-V and VMware Configuration of virtual machines up to Operating System Configuration of shared storage Monitoring Enable secure, remote access to virtual machines Project ID: ISD 15/16 SS 25 G C1/ 4 April 2015

5 Proactive health monitoring of key services required for virtualization Capacity monitoring of physical resource utilization Management Protection from Unauthorized Access within the constraints of the overall solution and in-line with industry best practice Maintenance Backup of virtual machine images and configurations Installation of security patches to virtual infrastructure Installation of application patches to virtual infrastructure Operating Systems: The following operating systems will be installed, configured and managed the following:- Windows Server 2008 R2 Enterprise Windows Server 2008 R2 Datacenter Edition Windows Server 2012 R2 Datacenter Edition Windows Server 2012 R2 Standard Edition Citrix Licensing (based upon Request) Linux distributions (RED HAT Enterprise Linux, Oracle Linux, CentOS, SUSE) Managed Microsoft SQL Server and Oracle database Install MS SQL and Oracle database Configure MS SQL and Oracle both standalone and clustered version Monitor specific databases and clustering services and take corrective actions in the event of a failure of these services Measure capacity of data storage alerting for potential issues Management of the clustering services and associated infrastructure Management of SA user access Respond to failures of the service then apply the appropriate corrective action Manage appropriate backup and restores of data bases, archive logs, etc. Maintain appropriate patch levels and security updates Perform routine maintenance tasks Apply regular checks for database consistency upon client request Check event logs for expected and unexpected errors Storage Managed SAN service will offer ASHGHAL a high performing, highly available storage environment for their mission-critical data. This will minimize reliance on server hard disk as a point of failure, remove the risk of storage capacity management and introduce resilience at the data layer into their business solutions. Managed SAN service will be powered by an enterprise grade Disk Array designed with full internal redundancy of the disks and SAN switches to provide robust solutions. All servers will be connected and managed SAN to remove the risks of storage capacity management and provide resilience for all stored data. Project ID: ISD 15/16 SS 25 G C1/ 5 April 2015

6 Data Backup Provide best of breed Backup-as-a-Service that will provide protection for the environment. The service utilizes leading technologies including but not limited to source and target based De-Duplication, agentless backup and instant restore. The backup service will operates automatically to store data on a scheduled basis, creating comprehensive data images. The size will increase on on-demand basis following the growth of data over the time. For any additional GBs, Ashghal will propose accordingly via a call off order. Note: Tenderer will be replicating the Backup to PWA Symantec NetBackup Appliances located in the DR Site. Monitoring Use a monitoring solution which validates critical indicators on a 24/7 basis to ensure that any performance or capacity bottlenecks are captured and reported. 2.0 Managed Security Services for Hosted Systems Provide Managed Security Services to all hosted systems at Tenderer s data center. The proposed Managed Security Services to Ashghal are: Advanced Security Monitoring (ASM) and Log Management (LM) Vulnerability Scanning (VS) and Remediation 2.1 Implementation Deliverables Perform the following as part of the scope of services to ensure that the implementation deliverables are on high standard provision: Liaise with Ashghal technical and project management team to ensure all prerequisites are in place Prepare, architect, and design the method of implementation and integration of the proposed security managed services using SIEM technology Carry out a backup of the deployed devices Event tuning / filters and on boarding as required On-going operation support and 24x7 monitoring, analysis and alerting 2.2 Advanced Security Monitoring Security Monitoring Service should collect and correlates security events and transforms such data into comprehensible dashboard displays, management reports, and actionable alerts. The service can detect fraud, expose internal and external threats, and identify weaknesses in security enforcement. The service will utilizes Security Incident and Event Management (SIEM) technology for monitor and alerting. This technology provides the automated collection and analysis of log data from security devices, including firewalls, intrusion detection systems, and critical hosts and applications. Provide sizing Events per Second (EPS) calculations as per industry best practices. As devices are brought on-board the sizing assumptions will need to be reviewed at regular points within the project. Project ID: ISD 15/16 SS 25 G C1/ 6 April 2015

7 Provide detailed approach and methodology for Managed security monitoring using SIEM technology and size solution. Describe in detail traffic flow of network events collection and dissemination of security monitoring services. Ashghal expects SOC security monitoring services to be delivered by certified SIEM professionals as well as other industry recognized certifications related to information security. Correlation Analysis Correlation provides the mechanism for detecting known threats that may be happening within the monitored environment. In addition to the ready-made correlations available Ashghal has the option to choose from customized correlations that can be created to fit any unique security requirements Correlation rules provide the intelligence to the service. Event correlation can be done for a single asset or by a combination of events from multiple sources to provide a holistic view of a particular incident Based on triggered correlations, the events relating to the correlation rules will be investigated to determine the validity of the event Analysis should be done by Tenderer SOC team on real-time event logs to fine-tune correlations in place to reduce false-positives and aid in creating new correlations specific to Ashghal requirements Alarming and Alerting Once a security incident is identified, the Ashghal point of contact will be notified and provided all pertinent details of the incident to help the resolving team to address the incident Reporting Incident reports will be provided to the Ashghal team via a secure communication detailing the security incident, for higher priority security incidents a telephone call will also be made to the Ashghal point of contact. Daily/Weekly/Monthly monitoring reports, alerts and analysis on security incidents that can potentially affect the business objectives of Ashghal. Monthly operational report will be provided to highlight the details of the service Monthly executive report will be provided to summarize the service provided Incident and alert reports Customized reports can be created for any unique reporting needs Project ID: ISD 15/16 SS 25 G C1/ 7 April 2015

8 Deliverables Detailed design document with network event flows and security monitoring workflows Detailed use cases for various security scenarios, anomalies detection Integration of all devices/assets to ensure all pertinent logs are sent over by the assets Event tuning / filters Install and configure the Device profiler(s) Carry out a backup of the deployed devices Phases Design phase To be defined initially during requirement capturing and planning phases and subsequently to be refined across BAU execution and monitoring phases Onsite during device on boarding As required As required As per Backup policy 2.3 Log Management: Log Management Service should provide a critical service for audit trail and regulatory compliance. Industry standards such as ISO and PCI mandate businesses to archive logs that are forensically sound and readily available for audit reporting. Tenderer should meet log retention policy and compliance adherence for log collection, storage and reporting without the management overhead and capital investment required for an enterprise solution. Log Management Service assists in application management, usage and user management, change management, network and infrastructure management, troubleshooting, and reporting: Ease of integration and collection of logs from various data sources across multiple vendors and products Consolidation and normalization of log data to maximum storage efficiency Correlation and log management of millions of events Online short term log retention Offline long term log retention Centralized log management 2.4 Monitoring and Reporting: Tenderer Security Operations Centre will monitor the devices in scope of the service to ensure the following: Verify logs are being received and stored in a forensically secure method Provide the agreed reports on a pre-defined regular schedule that will indicate the state of the assets 2.5 Data Management and Auditing All stored logs are tamper proof to provide the assurance that the logs acquired from the assets cannot be altered or deleted Logs can only be accessed by authorized staff within the SOC Project ID: ISD 15/16 SS 25 G C1/ 8 April 2015

9 Periodic audit reports of the logs can be requested by the Ashghal 2.6 Log Retention/Storage Parameter Setting Retention Period online 90 days Retention Period (archived) 1 year Tenderer will provide archived logs to Ashghal periodically as mutually agreed 2.7 Vulnerability and remediation Management Understanding security risks within the enterprise network is crucial to comprehensive IT risk management. However due to the high rate of change within enterprise networks, a constantly changing threat environment made this task increasingly difficult. Ashghal understands this risk introduced as new vulnerabilities are being discovered continuously over a period of time and expects Tenderer s vulnerability scanning service provides a solution to comprehensively assess the security of critical network, server, application and database assets. This service will help Ashghal to understand the level of threats in the hosted infrastructure. This service will aid in achieving and staying compliant with regulatory requirements for vulnerability identification and resolution. Reports will be provided as to how threats and vulnerabilities can be mitigated. Trending based on historical scans will identify the current security maturity level of the environment. This service should be based on the vulnerability score and business-relevant asset value to prioritize the vulnerabilities for remediation. Vulnerability Management Service key points: Security professionals provide recommended measures and actions to address the identified weaknesses Vulnerability Management as per industry best practice Regular scanning minimizes the chances of a security breach or intrusion Delivers actionable, risk-based insight and analytics aligned with business initiatives Provides continuous, agentless monitoring of the entire IT infrastructure Automates and assures regulatory and policy compliance Vulnerability scanning service should deliver comprehensive, agentless discovery and profiling of all assets. 2.8 IT Asset Inventory Vulnerability scanning discovers all network devices, applications, services, vulnerabilities and configurations providing a comprehensive view of the network and building the foundation for effective risk management and compliance processes. Vulnerability scanning provides host and network profiling through an agentless, non-intrusive, and low bandwidth solution. Project ID: ISD 15/16 SS 25 G C1/ 9 April 2015

10 2.9 Intelligent Prioritization Vulnerability scanning discovers an array of data about the hosts that reside on the network. The service prioritizes remediation tasks, enabling users to focus on the items that will most effectively reduce risks on critical systems Reporting Customized reports are to be generated to provide a comprehensive view of the risks available on the network. Reports can be customized for all audiences, from technicallyfocused users to executives. Vulnerability scanning service will provide: Centralized Vulnerability management platform for effective tracking and mitigation of identified vulnerabilities Automatically agentless discovery of network vulnerabilities Automatically agentless discovery of system vulnerabilities Automatically agentless discovery of application vulnerabilities Automatic auditing of configuration compliance Automatic regulatory assurance and policy compliance Automatic monitoring of file integrity across the entire network Automatic measuring and benchmarking of security performance against internal policies and industry standards Project ID: ISD 15/16 SS 25 G C1/ 10 April 2015

11 3.0 Service Level Management 3.1 Service Delivery Service Centre availability: Sunday to Thursday excluding national holidays Service Window: 8hrs per day (08:00 16:00) Priority 1 incidents will work through 24/7/365 Priority 2/3/4/5 Normal Business Hours Hours of Agreed System Availability: 24/7/365 Availability SLA %: 99.5% per month except for incidents related to events beyond Tenderer control and planned downtime maintenance periods. 3.2 Service Availability Targets Hosted Infrastructure Availability SLA %: 99.5% per month except for incidents related to events beyond Tenderer control and planned downtime maintenance periods. 3.3 Support Performance Levels The following service level packages will be provided by Tenderer for managed services: Priority Table Priority Response Resolution Service Window 1 1 Hour 4 Hours 24/7/ Hours 8 Hours Normal Business Hours 3 4 Hours 12 Hours Normal Business Hours 4 8 Hours 48 Hours Normal Business Hours 5 12 Hours Reasonable Endeavors Normal Business Hours 3.4 Priority Rules The priority of an Incident is calculated by choosing the appropriate Impact and Urgency values to define a priority. The business rules are contained in the following table: Impact High Medium Low High Urgency Medium Low Project ID: ISD 15/16 SS 25 G C1/ 11 April 2015

12 The priority of any Incident is calculated by the apportionment of agreed impact and urgency when the User logs an Interaction. The priority matrix used is as follows: Impact is defined as: a) High: Degraded service impacting 50%> of users. b) Medium: Degraded service impact for multiple users up to 50%. c) Low: Disruption of service to a single User. Urgency is defined as: a) High: Service inaccessible or unavailable. b) Medium: Core managed service functionality degraded c) Low: Degraded service functionality with known workaround 3.5 Reporting and Compliance with Agreement Provide ASHGHAL with a monthly Service Level Report. The Service Level Report will include information such as: Technical availability and capacity related information per server and network device; Performance of tickets logged with the Service Centre; The number of Interactions by type (Incident and Service Request); Volume of change requests logged and their outcome 3.6 In-bound Logging Methods The accepted logging methods within the Tenderer s Service Centre will be Telephone and e- mail. is only supported where the correct logging form is used to supply the required information. The customer will log any priority 1 and 2 interactions by phone and . Only pre-authorized named users will be able to contact the Tenderer s Service Centre. 3.7 Project Team Structure Project personnel shall be introduced to the ASHGHAL prior to commencement of their deployment. Such introduction will not be a formal review but an opportunity for ASHGHAL to meet the member(s) of the teams. Clear Team Structure managing overall Project lifecycle. ASHGHAL prefers Technical Lead & Project Manager to be in different roles. 3.8 Project Duration The duration of this project will be for 5 Years subject to renewal upon further business needs and requirements. Project ID: ISD 15/16 SS 25 G C1/ 12 April 2015

13 3.9 Payment, Penalty and Contract Termination Terms Total Setup or onetime fee will be billed upon installation and commissioning Operational Services will be billed monthly for a quarterly payment Penalty as per below mentioned service credits ASHGHAL reserves the right to terminate the contract anytime upon advanced notification of 90 days Service Degradation Penalties If the Service Availability target is not met in any calendar month, the Tenderer is to reimburse to Ashghal an amount calculated using the following table: Service Availability Service Charges Discount >99.5 % Service availability is within target service level- Normal charges apply % % 10% discount of total current recurring monthly fee 98.5 % % 20% discount of total current recurring monthly fee 96.5 % % 30% discount of total current recurring monthly fee 95 % % 40% discount of total current recurring monthly fee < 95 % 50% discount of total current recurring monthly fee 4.0 Managed IT Services Requirements 4.1 Initial Managed Services Requirements: As per Ashghal s requirements, the following table depicts the proposed type of virtual servers needed to build the solution. These servers will be installed and configured on a dedicated infrastructure VM Specifications VM Types VM Specifications CPU Core Memory OS Disk One time Charges Monthly recurring Charges Server Type A Server Type B Server Type C Server Type D Server Type E Server Type F Server Type G Server Type H Server Type I Project ID: ISD 15/16 SS 25 G C1/ 13 April 2015

14 Server Type J Server Type K Server Type L Server Type M Server Type N Server Type O Server Type P Server Type Q Server Type R Server Type S Server Type T Virtual Servers Package The above table includes the 20 types of virtual servers required by Ashghal s technical team. Each virtual server includes the following: Anti-Virus and firewall License Managed Operating System (Windows Server OS, RedHat Linux, Oracle Linux, CENT- OS, SUSE Linux) Managed Network LAN Managed FC Switch port Managed SAN Storage Managed Hardware Managed Backup and Restore Security Services Minimum Bill of Materials Commitment Proposed solution includes the following components that Ashghal will commit to as a minimum initial request. Future and additional requests will be sized accordingly. Minimum Commitment Qty. Virtual Machine package 10 SAN (TB) Standard 5 Backup as a Service (TB) 5 Internet (8-10 Mbps) On-Demand Managed Services On top of the previous essential managed services, Ashghal can request additional services as needed. The following are, but not limited to, managed services that can be added to future infrastructure requirements. Managed Backup and Restore Project ID: ISD 15/16 SS 25 G C1/ 14 April 2015

15 Managed Connectivity Managed Encrypted Connectivity Managed Hardware Physical Servers Managed Network, LAN Managed OS - Windows Managed OS Linux (RHEL) Managed OS Linux (Oracle Linux) Managed OS Linux (Cent OS) Managed OS Linux (SUSE) Managed Clustering Managed Storage Managed Site-to-Site VPN Managed SQL Server / Oracle Managed Web Application Firewall- Setup Managed Application Firewall Additional Node Managed client-to-site VPN Managed P2V, V2V, V2P migration (Virtual Machine migration from AHGHAL Data Centre (Hyper-V and VMware) to Tenderers Datacenter environment) Schedule of Rates for On-demand Managed Services (Refer to Section G/Schedule B) 4.3 Project Plan and Similar projects references Provide a detailed Project Plan for the various Managed Services provided covering various phases right from project kick-off with timelines and detailed SLA (response time, resolution period). Provide detailed References for delivering similar services to other large enterprises, government sectors in Qatar 5.0 MANAGED SERVICES. Sr. No. Managed Services / Brief Description of Services On-Time Charges 5.1 Managed Services (System, OS & Applications) Including Monitoring and Backup (Excluding licenses cost) Managed Hardware Services Establishing warranty and maintenance agreements - Hardware Installation - Asset Management - Hardware monitoring - Maintenance Management Managed OS Services (Windows 2008/2012 and later versions Change management - Proactive Health checks - Respond to the failure of Critical OS services and apply corrective actions Monthly Recurring Charges Project ID: ISD 15/16 SS 25 G C1/ 15 April 2015

16 Sr. No Managed Services / Brief Description of Services Managed OS Services (Linux: Red Hat CentOS, SUSE, Oracle) Change management - Proactive Healthchecks - Respond to the failure of Critical OS services and apply corrective actions On-Time Charges Monthly Recurring Charges Managed Domain Controller services (MS AD) Change management - Proactive Healthchecks - Respond to the failure of Critical AD services and apply corrective actions Managed SQL Server Services Change management - Proactive Healthchecks - Respond to the failure of Critical SQL services and apply corrective actions (1 Applications, 1 DB instances) Managed Oracle Server Services (1 Applications, 1 DB instances) Managed Clustering Services Change management - Proactive Healthchecks - Respond to the failure of Critical SQL services and apply corrective actions (Microsoft OS clustering - SQL clustering) Managed Hyper-V Node Services Change management - Proactive Healthchecks - Respond to the failure of Critical Hyper-V services and apply corrective actions (1 HyperV node and 1 SCVMM) Managed VMware Node Services Change management - Proactive Healthchecks - Respond to the failure of Critical VMware services and apply corrective actions (1 ESX and 1 vcenter) Managed Web Servers (IIS) Services Change management - Proactive Healthchecks - Respond to the failure of Critical IIS services and apply corrective actions Project ID: ISD 15/16 SS 25 G C1/ 16 April 2015

17 Sr. No. Managed Services / Brief Description of Services On-Time Charges Managed WSUS Services Change management - Proactive Healthchecks - Patch management in coordination with the customer Managed AV Services Change management - Proactive Healthchecks - Respond to the failure of Critical services and apply corrective actions Managed Exchange Services Change management - Proactive Healthchecks - Respond to the failure of Critical services and apply corrective actions Managed SharePoint Services Change management - Proactive Healthchecks - Respond to the failure of Critical services and apply corrective actions Managed Customer Backup Infra Services Manage backup infrastructure - Manage tape rotation - Manage and monitor backup jobs - Manage backup policy - Perform regular restore tests (Per the following setup: 1TB, 1 tape library, 50 clients - s/w: Symantec NBU, 3PAR). Every 50 servers (Physical or virtual this managed service needs to be reordered, provided the required HW is available Managed Storage for physical and Virtual machines 1 TB Storage provisioning and management per terabyte Managed Backup service for physical and Virtual Machine 1 TB Backup as a service per terabyte 5.2 Managed Services (Network/ Security) Managed Load Balancing Services (per pair in HA mode) Change Management (add, delete, modify web servers entries, ports, monitored URL) - MACDs - Patch/software updates following an incident and as requested by the support - Configuration management (backup, Healthcheck, configuration review, ) Per two devices, active standby/active active configuration. Monthly Recurring Charges Project ID: ISD 15/16 SS 25 G C1/ 17 April 2015

18 Sr. No. Managed Services / Brief Description of Services On-Time Charges Monthly Recurring Charges Managed Firewall Services Change Management - Patch/software updates following an incident and as requested by the support - Configuration management (policy, backup, Healthcheck, configuration review, ) - MACDs Managed SAN Switches Services Change Management - Patch/software updates following an incident and as requested by the support - Configuration management (backup, Healthcheck, configuration review, ) - MACDs Managed Network switches Services Change Management - Patch/software updates following an incident and as requested by the support - Configuration management (backup, Healthcheck, configuration review, ) - MACDs Managed IPS Services Change Management - Signature updates - Configuration management (policy, backup, Healthcheck, configuration review, ) - MACDs Managed VPN encryption (Site to Site) Change Management - Configuration management (backup, Healthcheck, configuration review, ) This service is for Site to Site VPN tunnel management over the Internet Migration Services VMs with Storage space of 500 GB o Physical to Virtual (P2V) o Virtual to Virtual (V2V) This will be consisting of Assessment - Pre migration Migration Post migration Migration Support for VMware and Microsoft Hyper-V X VMs with Storage space of 1 TB o Physical to Virtual (P2V) o Virtual to Virtual (V2V) This will be consisting of Assessment - Pre migration Migration Post migration Migration Support for VMware and Microsoft Hyper-V X Project ID: ISD 15/16 SS 25 G C1/ 18 April 2015

19 Sr. No. Managed Services / Brief Description of Services On-Time Charges Monthly Recurring Charges VMs with Storage space of 2 TB o Physical to Virtual (P2V) o Virtual to Virtual (V2V) This will be consisting of Assessment - Pre migration Migration Post migration Migration Support for VMware and Microsoft Hyper-V X VMs with Storage space of 3 TB o Physical to Virtual (P2V) o Virtual to Virtual (V2V) This will be consisting of Assessment - Pre migration Migration Post migration Migration Support for VMware and Microsoft Hyper-V X Project ID: ISD 15/16 SS 25 G C1/ 19 April 2015

20 SECTION C SCHEDULE A: PROJECT BRIEF PART 2 AUTHORITY S REQUIREMENTS

21 SECTION C SCHEDULE A: PROJECT BRIEF PART 2: AUTHORITY S REQUIREMENTS Page Number C2 / TABLE OF CONTENTS 1. DEFINITIONS, ABBREVIATIONS AND ACRONYMS Interpretation Defined Terms Internal Priority OVERALL REQUIREMENTS Resource Requirements Schedule Schedule of Deployed Employees Programming Reporting Final Transition Strategy and Project Close-out Report Meetings Document Control and Information Management Technology Stakeholder Management and Public Involvement, Communications Submissions QUALITY ASSURANCE PLAN CONSULTANT S ORGANISATION Personnel Qualifications & Conditions Staff Mobilisation Process Consultant Staff Requirements...6 Project ID: ISD 15/16 SS 25 G April 2015

22 SECTION C SCHEDULE A: PROJECT BRIEF PART 2: AUTHORITY S REQUIREMENTS 1. DEFINITIONS, ABBREVIATIONS AND ACRONYMS 1.1 Interpretation For the purposes of the Project Brief, defined terms shall have the meaning set out in the General Conditions of Engagement. Additional defined terms necessary for interpretation of the Project Brief are set out below. 1.2 Defined Terms 1.3 Internal Priority The documents forming Schedule A: Project Brief are to be read and construed as a composite whole and shall be taken as mutually explanatory of one another. In the event of an ambiguity, discrepancy or inconsistency within the documents, the order of precedence shall be as follows: A. Part 1: Scope of Services; B. Part 2: Authority s Requirements; C. Part 3: Project Data. Project ID: ISD 15/16 SS 25 G April 2015

23 SECTION C 2. OVERALL REQUIREMENTS 2.1 Resource Requirements Schedule SCHEDULE A: PROJECT BRIEF PART 2: AUTHORITY S REQUIREMENTS For planning purposes, the programme of the works is described in Key Stages or activities. The Consultant shall plan each Key Stage or activity to ensure the required outcome The Consultant shall provide resource schedules in accordance with a Service Delivery Plan in the format required, and non-objected, by the Project Co-ordinator that reflects the requirements of each Key Stage activity The Consultant shall provide a look-ahead for the subsequent Key Stage resource schedule to facilitate advanced planning The resource schedule, Schedule C: Resource Schedules: Part 2: Resource Allocation is a detailed statement of the resources estimated to be required to undertake the activities contained in the Service Delivery Plan for each Key Stage or activity. The schedule identifies the duration location and purpose of the assignment for each of the personnel proposed for each Key Stage or activity of the Agreement The Project Co-ordinator may require changes to be made to the Services at any stage of the Agreement in response to emerging knowledge, and the Consultant shall provide further forecasts of resources in response to instructions for Changes. 2.2 Schedule of Deployed Employees The Consultant shall maintain a schedule of all the employees it mobilises for the Services, which shall be available to the Project Co-ordinator upon request The schedule shall contain for each person the name, position, grade, qualifications, capabilities and skills and the proposed role. 2.3 Programming The Consultant shall be responsible for the effective co-ordination of the Agreement and its interdependencies, and the management of risks and issues that arise The Consultant shall be responsible for the overall integrity and coherence of all elements of the Agreement schedule. Within fourteen (14) Days of the Commencement Date the Consultant shall submit for the Project Co-ordinator s non-objection; the Baseline Programme Master Schedule, developed from the level 1 programme in Schedule C: Resource Schedules: Part 1: Master Programme and a detailed first Service Delivery Plan to be used as the primary planning tool for managing the Services. As the Services develop, further detailed Service Delivery Plans for future stages will be submitted for the Project Co-ordinator s non-objection. These rolling planning activities will be used primarily to plan the activities and the resources necessary to deliver the Project Objectives The detailed first Service Delivery Plan shall comprise a comprehensive planning package based on the Key Stages and identifying issue dates and titles for the further detailed Service Delivery Plans. This package shall include full details of the arrangements and methods which the Consultant proposes to adopt for the performance of the Services including planning, progress monitoring, manpower levels and scheduling Service Delivery Plans shall not be subject to amendment in any manner whatsoever without the Project Co-ordinator s non-objection. Any amendments proposed by the Consultant shall be submitted in writing, with supporting justifications, for the Project Coordinator s non-objection. Project ID: ISD 15/16 SS 25 G C2/ April 2015

24 SECTION C 2.4 Reporting SCHEDULE A: PROJECT BRIEF PART 2: AUTHORITY S REQUIREMENTS The Consultant shall monitor the progress of its activities and those of its Sub-contractors in carrying out Services and shall report this progress to the Project Co-ordinator in progress reports as set out below The Consultant shall prepare and submit reports throughout the duration of the Agreement at periods identified in Schedule A: Project Brief, Part 1: Scope of Services that cover progress of the Consultant work by reference to the appropriate Service Delivery Plan, including status, issues and risks associated including but not limited to the following items: Progress review of the Consultant s activities, detailing achievements, progress against programme, key issues and risks. Where progress is behind plan recovery plans shall be included; Progress against all KPIs (if applicable); Progress of the Programme against plan; where progress is behind plan, recovery plans shall be included; Proposed changes to the Service Delivery Plans; Changes to the Agreement, both current and proposed; The cost for the Services provided to date and forecasts of the cost to completion measured against plan; Proposed personnel changes and other personnel issues; Summary report of the performance of other Consultants for whom the Consultant is responsible for managing Within three (3) Days from the Commencement Date the Consultant shall submit draft report formats for each type of report required under Schedule A: Project Brief, Part 1: Scope of Services for the Project Co-ordinator s non-objection. Once the Project Co-ordinator s non-objection has been attained the Consultant shall no change the report formats unless otherwise instructed by the Project Co-ordinator All reports shall be delivered in accordance with the requirements of the Authority s reporting periods, and shall be submitted within five (5) Days of the end of the period being reported unless otherwise stated in Schedule A: Project Brief, Part 1: Scope of Services As applicable, reporting shall continue until the Consultant has completed the Services, and the Project Co-ordinator was issued the Completion Certificate. 2.5 Final Transition Strategy and Project Close-out Report Where applicable at least thirty (30) Days prior to the Completion Date, the Consultant shall develop, for the Project Co-ordinator s non-objection, and implement a Final Transition Strategy. The Final Transition Strategy shall include inter alia: a) Plans to transfer to the Authority the management of the Services; b) Transition plans with respect to any business unit personnel; c) Plans to transfer operations to the Authority or any Authority delegated party; d) Plans for the transfer to the Authority of master copies for all Deliverables developed in relation to the Services. Project ID: ISD 15/16 SS 25 G C2/ April 2015

25 SCHEDULE A: PROJECT BRIEF SECTION C PART 2: AUTHORITY S REQUIREMENTS At least thirty (30) Days prior to the Completion Date, the Consultant shall submit for the Project Co-ordinator s non-objection in the format directed by the Project Co-ordinator an outline Project Close-out Report The Project Close-out Report shall report on the execution of the Services and shall include, inter alia, the following information: an introduction; an Agreement description; a summary overall report on the execution of the Services, including consideration of management of stakeholders, completion times, Service Delivery Plans and other relevant matters The submission of the detailed Project Close-out Report is a prerequisite to the issue of the Completion Certificate for the Services. 2.6 Meetings The Consultant shall attend meetings as required by the Project Co-ordinator The Consultant shall attend a monthly progress meeting with the Project Co-ordinator to review the progress of the work. This meeting shall consider the report prepared by the Consultant for the period under review. The meeting will be chaired by the Project Coordinator. Notes of the meeting shall be prepared by the Consultant for non-objection by the Project Co-ordinator. The Consultant shall attend other Project related meetings as directed by the Project Coordinator. 2.7 Document Control and Information Management The Consultant shall provide administrative and document control support to the Agreement The Consultant shall be responsible for managing all the documentation on the Agreement The Consultant shall ensure that a single document control system operates at all Agreement locations The Consultant shall develop for the Project Co-ordinator s non-objection a process for archival and retrieval of data All correspondence and communication in connection with the Project shall be in accordance with a comprehensive Communications and Document Management Plan, processes and procedures developed by the Consultant and non-objected by the Project Co-ordinator. 2.8 Technology The Consultant IT system shall be able to interface seamlessly with the Authority s corporate IT systems The Consultant shall develop for the Project Co-ordinator s non-objection an IT and Technology System for use in managing the Agreement The Consultant shall ensure that its personnel are trained in the use of the technology to the extent required to carry out their duties. 2.9 Stakeholder Management and Public Involvement, Communications The Consultant shall work closely with the Project Co-ordinator to ensure a coordinated approach is taken to communications during all stages of the Agreement, and shall obtain the Project Co-ordinator s non-objection for a Communications Plan and Strategy in order Project ID: ISD 15/16 SS 25 G C2/ April 2015

26 SCHEDULE A: PROJECT BRIEF SECTION C PART 2: AUTHORITY S REQUIREMENTS to address communications with personnel, the public, the media, external stakeholders and potential suppliers At all stages of the Agreement the Consultant shall adopt a policy of creating close working relationships with all external stakeholders and the media The Consultant shall confer and coordinate with relevant government agencies and departments, the various agencies within the Authority s organisation and applicable Qatari legal authorities having jurisdiction regarding the delivery of the Agreement The Consultant shall manage stakeholder engagement and interfaces arising as a result of engagement with third parties and interfacing projects Throughout the Agreement the Consultant shall: Assist the Project Co-ordinator and governance team with the resolution of disputes with stakeholders; Support the Authority in communication with the Agreement stakeholders Manage the preparation, submittal and approval of the documents required by the Project Co-ordinator for the planning of the Agreement; The Consultant shall plan for the impacts of the Agreement on existing infrastructure and organisations and shall take active steps to manage these impacts so that the Agreement proceeds as planned. This is specifically applicable for the IT infrastructure. The Consultant needs to study the existing IT infrastructure and work with the Authority IT group to ensure that the SaaS works to the expected levels The Consultant shall take account of dependencies from related bodies and projects and work toward minimal disruption to the agreed programme planning Submissions The Consultant shall submit to the Project Co-ordinator the required number of copies of all deliverables in softcopy format Documents shall be checked and approved by appropriate Consultant personnel (nonobjected by the Project Co-ordinator) 2.11 QUALITY ASSURANCE PLAN The Consultant shall prepare the Quality Assurance Plan to define the quality system for the Services to ensure and demonstrate that the Services conform to the requirements specified in the Agreement The Quality Assurance Plan shall include all activities associated with the Services. The Consultant shall indicate in the Quality Assurance Plan which quality procedure is applicable to each of the listed activities and Service Delivery Plans The Consultant shall produce an organisation chart together with a description of the responsibilities and necessary authority given to the relevant Consultant s personnel for the implementation of the Quality Assurance Plan The Consultant shall report on the implementation, monitoring and performance of the Quality Assurance Plan in each progress report SAMPLES Project ID: ISD 15/16 SS 25 G C2/ April 2015