FLORIDA DEPARTMENT OF LAW ENFORCEMENT ADDENDUM #1
Size: px
Start display at page:

Download "FLORIDA DEPARTMENT OF LAW ENFORCEMENT ADDENDUM #1"

Transcription

1 Solicitation Number: RFP #1427 FLORIDA DEPARTMENT OF LAW ENFORCEMENT ADDENDUM #1 Solicitation Title: Opening Date: Federated Query System Project April 24, 2:00 PM ET Addendum Number: One (1) Date: April 16, 2014 This addendum serves as notice of the following change(s): Deletions are indicated by strikethrough or reference. Additions, updates or replacements are indicated by underscore, reference or highlighting. 1. Response to written questions and attachment of requested forms in MS Word format. THIS ADDENDUM NOW BECOMES A PART OF THE ORIGINAL RFP. THE ADDENDUM ACKNOWLEDGEMENT FORM SHALL BE SIGNED BY AN AUTHORIZED COMPANY REPRESENTATIVE, DATED AND RETURNED WITH THE RFP RESPONSE AS INSTRUCTED IN SECTION 3.3, ADDENDA. ADDENDUM ACKNOWLEDGEMENT COMPANY NAME: FEDERAL TAX IDENTIFICATION NUMBER: ADDRESS: CITY: STATE: ZIP: RESPONDENT: TITLE: AUTHORIZED SIGNATURE: DATE: PHONE: FAILURE TO FILE A PROTEST WITHIN THE TIME PRESCRIBED IN FLORIDA STATUTE (3) OR FAILURE TO FILE A BOND OR OTHER SECURITY WITHIN THE TIME ALLOWED FOR FILING A BOND SHALL CONSTITUTE A WAIVER OF PROCEEDINGS UNDER CHPATER 120 FLORIDA STATUTES. Page 1 of 10

2 FLORIDA DEPARTMENT OF LAW ENFORCEMENT WRITTEN ANSWERS TO QUESTIONS ADDENDUM 1 RFP #1427 Federated Query System Project Question #1 Answer #1 Question #2 Answer #2 Question #3 Answer #3 Question #4 Answer #4 Will the FDLE be providing a Word Version of the solicitation RFP 1427 for a Federated Query System to aid in Vendor s preparation of their responses? The Vendor Bid System will not allow for word versions of documents to be uploaded. Word documents will be sent to all vendors who submitted written questions. For ease of use when responding to the table in Appendix A, could you please send me the MS Word version of the Federated Query System Project RFP#1427? See response to Question #1. In a response to this RFP, will Florida consider and negotiate possible changes to the RFPs stated terms and conditions? FDLE may not negotiate the terms and conditions of the formal solicitation after a contract is awarded. FDLE may, however, clarify or correct errors or omissions in a formal solicitation. A Respondent s proposal must meet the specifications in the solicitation in order to be considered responsive. In a response to this RFP, will Florida consider and negotiate possible changes to terms and conditions referenced within the RFP (e.g. PUR 1000, PUR1001, etc.)? Pursuant to Rule 60A-1.002(7), Florida Administrative Code, Forms PUR 1000 and PUR 1001 must be included in all formal solicitations and must be part of any resulting contract. Under the (7)(a) and (b) of the rule, the only authorized modifications to the provisions in these forms are the agency s Special Instructions to Respondents (Section B of the Request for Proposals) and Special Conditions (Section D of the Request for Proposals). The hyperlink to the rule follows: doc Question #5 Answer #5 Question #6 Answer #6 Can FDLE provide a Microsoft Word file format of the RFP document? Or provide mandatory attachments, appendices and forms in such a file format? See response to Question #1. Question on Contractor use of the ASM library/api: Will FDLE provide the contractor the specs for authentication and delivery of user information/roles via the ASM web service? Is that the preferred mechanism for interfacing with ASM to meet requirement SA-5? Yes, FDLE will provide the specifications to the vendor who is awarded the contract. Currently the ASM provides three mechanisms to integrate with in-house applications. 1 -.NET via SOAP web services, limited to authentication only. 2 Legacy applications via REST web services, limited to authentication only. 3 JAVA API library to authenticate, create, and define user roles. ASM integration is not required in the initial implementation of the federated query system. Page 2 of 10

3 However, it is the preferred method for authentication of in-house systems (systems residing on the FDLE network). Hence, the system must have a capability to integrate with ASM using Web Service or Java API s in the future. The ASM allows the FDLE users to have one set of credentials for the multiple in-house systems that they access. Question(s) on user management and user authorizations management: - Does FDLE expect that user roles will be maintained in ASM, or in the contractor system? Question #7 - If user roles are to be maintained in ASM: Is the existing FDLE ASM Application (and its Admin user GUI interface) sufficient for creating users, assigning them access to the Federated Query System, and assigning their role (Admin or User) in the Federated Query System or does FDLE expect the contractor to replicate this ASM functionality in the Federated Query System? If this functionality is to be replicated in the Federated Query System, does the ASM Web Service API provide all the necessary functionality to implement all the required administrative features (add users, delete users, assign roles, etc), and if not, is there another mechanism by which the contractor is to achieve the results (direct access to the ASM database, includable library, etc)? - If user roles are to be maintained in the Federated Query System (i.e. not in ASM) but authentication is performed via ASM: In this case it is necessary that there be account information in both systems (ASM and the Federated Query System, linked by an account name or account number). Is it acceptable to FDLE that synchronization of the accounts in ASM and the Federated Query System will be manually performed (i.e. username changes would have to be manually done in each system (ASM and FQS), deciding if a username for a new account on the Federated Query System is the same user as an account that exists with that same username in ASM would be a manual process, etc.)? It will be optional for the contractor system to maintain user roles in the ASM. The ASM JAVA API is the only method for creating/maintaining users, and establishing roles of ADMIN and USER. The ASM does not delete users; the users are marked as inactive. Answer #7 FDLE prefers that the user roles and privileges not be replicated between ASM and the contractor system. The preference is that roles and privileges be in ASM or the contractor system, but not both. FDLE will not allow direct access to the ASM database. Access will only be allowed via defined web services or JAVA API library. FDLE ASM does not allow for user name changes. It does allow for USER-ID (account number) changes via add and delete only. If the contractor system uses ASM to authenticate only, it could utilize the JAVA API library to check if the same user name exists, and if so use that account information (user-id). If the Page 3 of 10

4 user name does not exist in ASM, the contractor system may use the JAVA API library to create the account information (user-id). Question #8 Answer #8 Question #9 It is not acceptable for the account synchronization to be done manually between ASM and the contractor system. Question on Active Directory/LDAP authentication: Assuming the ASM will be used for authentication, is it a correct assumption that if the Federated Query System user is authenticated via ASM, which in turn authenticates internal users via Active Directory, then the requirement of SA-1 is met? If ASM is used by the contractor system for authentication, then requirement SA-1 will be met for FDLE internal users that are on the FDLE network and in Windows Active Directory. If ASM is not used to authenticate FDLE internal users, then requirement SA-1 is not met. The contractor system must authenticate against FDLE s Windows Active Directory (LDAP). Question on User Access to End Systems: Is it a correct assumption of the Federated Query System requirements that it provides no direct User interactions with the end-application's GUI? That is, the Federated Query System will identify the source of the information resulting from query or subsequent drilldown query as obtained from AIM, Insite, or FCIC database/webservice interfaces, but the user will not subsequently be provided any automated signin access to the AIM, Insite, or (for example) eagent applications to look at the the data as presented on the screens of those applications. e.g. once the user has the results of the federated query or subsequent drill-down query and wishes to pursue the information within AIM, Insite, or eagent, they will use whatever credentials and access rights they currently have to sign into and navigate those applications. The Federated Query System users will not have access via the FQS system to other applications GUI s. The purpose of the Federated Query System is to replace the multiple logins to multiple disparate systems by FDLE users. Answer #9 Question #10 Answer #10 The FQS system is not intended to be a pointer system that simply informs the users what other systems they need to go access. The federated Query system must query different applications/systems/databases using various integration methodologies as provided in the RFP. The data that results from the various FQS inquiries, access, and retrieval of the other applications/systems/databases must be combined and displayed in the Federated Query System. When the user views the data results via the FQS system, and the user wants more information for a particular record, the Federated Query system must retrieve more detailed information from other systems and display the detailed results on the Federated Query System itself. Question on Request Generation: Is the assumption correct that: - FQ-14 refers to generating the SOAP-WS XML request for Insite, and - FQ-15 refers to generating the SQL statement for AIM, and - FQ-16 refers to generating the request and monitoring for the response from FCIC? Yes, the assumption is correct. FQ-14, FQ-15, and FQ-16 are generic requirements that will apply to additional systems in the future that are yet to be identified as well as FQ-14 through FQ-16 which apply to INSITE, AIM and FCIC for the initial implementation. The Page 4 of 10

5 Question #11 Answer #11 Federated Query System must have these capabilities to convert the search criteria into a search request using the defined formats and protocols of the target systems. The initial system integrations of the Federated Query System are specified in the section 4 of the RFP. Question on User selection of Applications/Systems/Databases for query: Not all input criteria make sense to be applied to every system/subquery. For example, a search screen with name-dob input fields would not be appropriate for spawning an Article search from FCIC. Is it a correct interpretation of the requirements that the user that performs mapping in conjunction with functional requirement MP-4 will limit the systems/subqueries from which an analyst/user has to chose from for each search screen designed? The contractor is responsible for working with the end user of the FQS system to map the input screens search fields to the target systems data exchange formats, web service elements and or data base fields in conjunction with the FQS end-user (Fusion Center SME) and the target system SME (subject matter expert) in the initial implementation. If the contractor system provides easy to use, well defined administrative functionality that an end-user could easily understand (intuitive) to perform the mappings of database fields, web service elements and data exchange formats, the contractor should explain how that is accomplished within the FQS system (or other tools) in the comments section. Question(s) on monitoring a table in the database: - Does this refer to a table in the Federal Query System audit database? If so, how is it expected that the criteria for such a monitor is generated would it be sufficient to have the ability for an admin user to enter a sql statement, and a schedule on which that query is run? What is the expected outcome if records are found from such a monitor alert? One time, or continuing on the monitoring interval? Question #12 - What is the functionality that is desired here? Is this monitoring for the purpose of health check? Or is it monitoring for some particular data entry? In either case, what would the scheduled process do with its results, and under what conditions? (e.g. on a schedule, poll the audit database for the query that a Federated Query has been performed on a certain name, and if it is found send an to...,, or an example of a health check perhaps poll for a table being accessible and if it is not, send an admin alert every hour until the system is restored?) Answer #12 Question #13 FQ-26 requirement. This requirement states The federated system must provide the capability to schedule a process that can monitor a table in the database. This capability must exist in the FQS system to allow exchange of information for those target systems that might provide this method for accessing data results. The table to be monitored could either be in the FQS database where the target system is placing results to searches, or the table to be monitored could be in the target database. The requirement FQ-26 does not refer to a table in the FQS system for audit. Nor is it for the purpose of a health check. Question on Workflow: What workflow is envisioned beyond that described in WF-5 ( The federated query system Page 5 of 10

6 Answer #13 must provide the capability to configure iterative query/request. ) There is no workflow envisioned beyond that described in WF-5. The workflows must be configurable as the business need changes. Question on Capacity and Scalability: - The required capacity seems to vastly exceed the initial number of users (Watch Desk Analysts and Admins) and the number of applications/databases to be searched. It is understood that the system is expected to grow to accommodate additional search systems, but the sizing appears to far exceed capacity that would be achieved in the hardware lifecycle thus increasing acquisition cost of hardware and software, and requiring the extra cost of mocking up as-yet unknown applications/databases for proof-of-capacity testing. Would FDLE wish to reevaluate this capacity requirement? Question #14 - Please clarify if, in the capacity demonstration, the expectation is that each of the 200 concurrent users is querying ALL of the 50 applications/databases at the same time or does this requirement mean: 1. each of the 200 concurrent users is querying a representative sample of applications/databases on each query (and what is that number of applications/databases for each user?) 2. each of the 200 concurrent users has a staggered submission over a given time period (and what is that staggered time period or total duration of capacity demonstration time?) 3. each of the 200 concurrent users submits only one federated query for the purposes of the capacity demonstration test or is there an ongoing capacity demonstration period (e.g. 24 hours) and if so what is the average interval expectation for each user submission NO, FDLE does not wish to re-evaluate the capacity requirement CS-1. The expectation is as the requirements CS-1 and CS 2 are written. Answer #14 The requirement means 200 concurrent users each performing a search against a minimum of 50 applications/databases simultaneously without degradation of performance or response time. Question #15 Do all the systems have the capability of accepting multiple module queries simultaneously? Yes, AIM, INSITE, and FCIC systems have a capability to handle multiple queries Answer #15 simultaneously. The RFP seems to indicate that the only users of the Federated Query System will be watch Desk personnel located at the Fusion Center. Are there going to be users: Question #16 - Located outside of the fusion center (e.g. command post, other LE agency, etc.)? - Using Remote Access as defined by CJIS Security Policy (V5.2) Section 5.5.6? - Outside of a Physically Secure Location as defined by CJIS Security Policy (v5.2) Section 5.9.1? Page 6 of 10

7 The initial implementation will be limited to Watch Desk Fusion Center staff users. Answer #16 Question #17 Answer #17 Question #18 Answer #18 Question #19 If the initial implementation is successful, the future expansion of the system may include trusted partners outside of FDLE and must provide single sign on capabilities. With future expansion of the FQS system, users may be located outside of the Fusion Center and or use Remote Access. NLETS is not listed in C.2.5 External Stakeholders (Interface Systems and Agencies) and is in inconsistent with verbiage in C.2 (p. 27 and 4.1 (p.68) Comment please. Page 68, section 4.1 explains the FCIC system and a few of its interfaces. The initial implementation of the Federated Query System must integrate only with AIM, FCIC, and INSITE. The Federated Query System will utilize the features provided by the above systems. The Federated Query System will only connect to FCIC via one of the connection methods described. Although NLETS and DHSMV are not explicitly listed as Stakeholders, the FQS will be expected to implement the FCIC message keys as described in requirement FS-4. The FQS will generate message keys and submit them to FCIC and depending on the message key, FCIC will route those messages to NLETS, DHSMV, DMVR, III, NCIC, etc. In the same section, it states that electronic versions of the response may be submitted in read only format on CD, DVD-ROM or USB thumb drive. Are electronic copies able to be submitted only on CD or is it permissible to submit on the media listed here? May the redacted version also be submitted on a thumb drive or is a CD preferred? It is permissible to submit the electronic version of the response and the redacted version in read only format on CD, DVD-ROM or USB thumb drive. Are Contractors required to include comments for each and every requirement? Yes, Contractors must include comments for every requirement listed in the RFP and included in the RFP response. Answer #19 Question #20 Please see appendix A, section 2. (copied for convenience here) Respondents must follow these instructions regarding the completion of the Requirements table. The table below is comprised of two sub-sections: functional requirements and nonfunctional requirements. The Respondent will be required to complete the four (4) columns on the right-hand side of the table. The Respondent s response will be either Yes or No. The Custom column must be selected when the customization is required to accomplish the requirement. Contractor must complete the Comments column, and concisely describe how the product meets that requirement. This information will be considered as part of the evaluation process. Beyond the user interface reflecting the results of these queries in the UI, how does the FDLE envision further using XML and SQL statements generated in the system? Answer #20 See response to Question #10 Question #21 Answer #21 Question #22 Within the Non-Functional Requirements section, there are several items (such as AV-2 and PR-1) that require the Contractor to provide different types of documentation. Are Contractors required to submit these documents with their RFP response or can these be submitted after a contract is awarded? The Contractor must supply the information requested in Appendix A along with the response to this RFP. Has FDLE previously seen any solution or solutions from any vendors which meet the requirements and objectives listed in the RFP? Page 7 of 10

8 Answer #22 Question #23 Answer #23 Question #24 Answer #24 Question #25 While FDLE staff have previously seen solutions that are similar, none meet all of the requirements and objectives listed in the RFP. Did FDLE work with any vendor(s) who provide this type of solution when defining the requirements and objectives listed in the RFP? No vendor-provided information was used by FDLE to define the requirements and objectives listed in the RFP. Section B.34.1, Tab 3, point 4 on page 16 of 111, indicates the need to include a demo of the solution. Given that any vendor bidding will not have actual responses from the data sources FDLE wants to have queried, is it okay if the demo shows the solution configured and working within another environment? Yes. Appendix A, requirement FQ-16 (page 54 of 111) mentions putting XML generated from the search screen input control (mentioned in FQ-14) into a request table and monitor a response table for results. This implies FDLE already has a specific method in mind for how a vendor s solution would work. Is this method based on a solution FDLE has already seen from a vendor? Does a vendor s solution have to work in this manner, or are other ways of processing searches and results acceptable? Please see the Section 4 of Appendix A. This section details the integration required to communicate with FCIC, AIM, and INSITE. Answer #25 Question #26 Answer #26 Question #27 Answer #27 Question #28 Answer #28 Question #29 Answer #29 Question #30 Answer #30 Question #31 The requirement to write requests to a table and read results from a table are one of the options available for communicating, querying, and retrieving results from FCIC. It is also a generic requirement for future expansion to other target systems that may require a similar method for exchanging data. Does the overall solution need to comply with any special rules regarding information considered to be intelligence information or criminal intelligence, such as the rules specified by 28 CFR Part 23? The overall solution should be 28 CFR Part 23 compliant and should also comply with FBI CJIS Security Policy. Please explain what is meant by "inherent limitation of the target system" - or provide an example. Example: If a target system has a problem (inherent limitation of the target system) and the search cannot be completed for that target system, the FQS system should complete the searches and retrieval of results from all other systems and return that to the user with some indication that the target system failed to respond. See Appendix A, FQ-23 and FQ-25. Please explain or provide an example of a hierarchical search/query and an iterative search/query Please see Appendix A, requirement WF-5. Data grid or data table have broadly defined features in the requirements - but is the structure of the grid subject to design parameters to be established during the project? Yes. Does drilling down in a row to perform additional search (about a particular record) encompass the concept of hierarchical refinement of facets? Yes. Is the purpose of generating a SQL statement in order to query the AIM System? Does the AIM System have an existing search capability that can be federated? Or can the system only be queried via SQL? Page 8 of 10

9 FQ -14 is for the purpose of generating a SQL statement in order to query and retrieve the AIM system data. Answer #31 It is also a generic requirement for future expansion to other target systems that may require a similar method for exchanging data. The AIM system currently does not provide for an external system to send federated queries. For the initial implementation of the FQS, AIM is providing database access only. Question #32 Could you please provide more information on the specific use case for this question? FQ-16 Answer #32 Please see response to question #10. Explain the nature of the database to which the request is to be stored? Question #33 Is the question asking where will queries be stored? Or, is the question asking where will the result set be stored? FQ-19 This would be the contractors FQS database. For audit purposes, the inquiry and the results Answer #33 must be stored. Also see requirements RM-1 and RM-2. How many levels of iteration are required? Question #34 How is this requirement different than FQ-11? The levels of iteration are not defined at this time. Answer #34 FQ-11 (2) requires configurable options for an administrator to define the searches and FQ- 21 is the search performed by the users. Is the purpose of monitoring the database table to refresh the search index when changes Question #35 occur to the table? If monitoring is not the purpose, than please add additional clarification on this requirement. FQ-26 Answer #35 Please see response to Question #12. Question #36 Please define or provide an example of a footprint. PD-5 Answer #36 Definition of footprint; the amount of space a particular unit of software occupies. Example of a footprint : A system requires software to be installed on each users/clients work station. Each install of software consumes 5 MB storage on each users/clients work station. FDLE requires that NO installed software be required on each users/clients work station. The question calls for performance metrics. Can we assume the requirements are looking for Question #37 those metrics in generic terms based on certain assumptions from prior non-fdle benchmarks? Answer #37 Yes. Will the servers in the FDLE environment be dedicated to the FQS? Question #38 Aside from access to crawl or query other federated systems, will there be a need for any other integrations with those systems? Yes. (to question 1) Answer #38 Question 2 is unclear. Question #39 Section 9 - Policies. Can we review this so that we can properly respond. Answer #39 FBI s CJIS Security policy can be viewed at Page 9 of 10

10 Question #40 Answer #40 policy-resource-center/view. FDLE s Information Technology Policies 2.5, 2.6 are being updated and are attached to this addendum in Draft format. Policy 3.1 is attached as part of this addendum. How much data would be searched from local sources, rather than federation? (i.e. 500 GB, 2 TBs? 5 TBs? 50 TBs? 1 PBs? etc.) 300 GB for AIM database. The initial implementation requires searching of AIM database directly. No other direct database searches/target systems have been identified at this time. What are the number of: Question #41 * Internal sources * External sources For initial implementation, there are 3 internal sources/systems. Answer #41 No external sources have been selected for the future expansion as of this date Question #42 What is the total amount of internal data that would be searched; GB's, TB's or PB's Answer #42 See response to question #40. Question #43 What is the anticipated number of concurrent users? For the initial implementation there will be 10 concurrent users. See LC-1. Answer #43 For future expansion FDLE requires 200 concurrent users. See CS-1. Question #44 What is the anticipated number of concurrent queries per second (QPS)? Answer #44 1 per second. Is there a particular response time that is expected (< 1 second, < 3 seconds, < 10 seconds, Question #45 etc.) (Keep in mind that not all federated sources will return data at the same time) FDLE does understand that all target systems have various response times. Answer #45 Once a search is submitted by the user from the FQS search screens, a response < 1 second back to the user is desirable to inform the user that the search has been received by the FQS system and forwarded to the target systems. Based on the target systems response time, the FQS should wait (configurable) for a specified duration before timing out the target system. Once the results are combined for presentation to the user, if any target system timed out, that information should be included as a part of the results. Question #46 Is there a similar solution in place that FDLE is trying to replace? Answer #46 No. Prior to this RFP, did any vendor provide a presentation or demo of a similar solution? If so, Question #47 which vendor(s)? Yes. Within approximately the last 24 months, SAS Institute, Inc., SEARCH, Cody Systems, Answer #47 Datamaxx & Google have provided presentations and/or demonstrations for FDLE staff. All written questions are reproduced in the same format as submitted by the Respondent. Page 10 of 10

Similar documents
2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback | Do Not Sell My Personal Information