Request for Proposal MDM0031012338. Offeror s Questions for RFP for Virtual Private Network Solution (VPN)



Similar documents
Evaluating the Cisco ASA Adaptive Security Appliance VPN Subsystem Architecture

What s New in Juniper Networks Secure Access (SA) SSL VPN Version 6.4

Interact Intranet Version 7. Technical Requirements. August Interact

GRAVITYZONE HERE. Deployment Guide VLE Environment

Proof of Concept Guide

NCP Secure Enterprise Management Next Generation Network Access Technology

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

ERP Infrastructure Guide APPENDIX B

Security Overview Enterprise-Class Secure Mobile File Sharing

City of Coral Gables

Cisco Secure ACS. By Igor Koudashev, Systems Engineer, Cisco Systems Australia 2006 Cisco Systems, Inc. All rights reserved.

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

JOHNSON COUNTY COMMUNITY COLLEGE College Blvd., Overland Park, KS Ph Fax

Data Sheet. NCP Secure Enterprise Management. Next Generation Network Access Technology

PHD Virtual Backup for Hyper-V

enicq 5 Technical FAQ

Cisco Identity Services Engine

Storage Sync for Hyper-V. Installation Guide for Microsoft Hyper-V

Interworks. Interworks Cloud Platform Installation Guide

How To Choose A Network Firewall

ACME Enterprises IT Infrastructure Assessment

Veeam Cloud Connect. Version 8.0. Administrator Guide

Ignify ecommerce. Item Requirements Notes

Re-Tender RFP for Providing Dedicated Web Hosting Services for IBA Pre-Bid Queries

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI

California Department of Technology, Office of Technology Services WINDOWS SERVER GUIDELINE

Security Considerations for DirectAccess Deployments. Whitepaper

vshield Administration Guide

Addendum 03. This is the Final Extension in response and due to the above received request:

Williamson County Technology Services Technology Project Questionnaire for Vendor (To be filled out withprospective solution provider)

Who s Endian?

Terminal Server Software and Hardware Requirements. Terminal Server. Software and Hardware Requirements. Datacolor Match Pigment Datacolor Tools

External authentication with Astaro AG Astaro Security Gateway UTM appliances Authenticating Users Using SecurAccess Server by SecurEnvoy

Hardware/Software Guidelines

White Paper. The risks of authenticating with digital certificates exposed

Secondary DMZ: DMZ (2)

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Hardware and Software Requirements for Server Applications

Hosting Solutions Made Simple. Managed Services - Overview and Pricing

Mobile Admin Architecture

ADDENDUM 1 September 22, 2015 Request for Proposals: Data Center Implementation

Server Software Installation Guide

Request for Proposal Infrastructure Hosting

Getting Started with HC Exchange Module

Upgrade to Webtrends Analytics 8.7: Best Practices

Cloud Optimize Your IT

Virtual Server and Storage Provisioning Service. Service Description

Bosch Video Management System High Availability with Hyper-V

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Virtual Private Servers

YubiRADIUS Deployment Guide for corporate remote access. How to Guide

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

HP Client Automation Standard Fast Track guide

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

System Requirements. 60GB free after OS and Updates, Raid 5 or Hybrid SSD array

NetScaler VPX FAQ. Table of Contents

HP JETADVANTAGE SECURITY MANAGER

Cisco Secure Control Access System 5.8

For windows erver, Which edition of Windows server 2008 is required ( i. e. Web / Standard / Enterprise )?? Kindly suggest.

How To Set Up A Shared Insight Cache Server On A Pc Or Macbook With A Virtual Environment On A Virtual Computer (For A Virtual) (For Pc Or Ipa) ( For Macbook) (Or Macbook). (For Macbook

VMware vcloud Air Networking Guide

Request for Quotation For the Supply, Installation, and Configuration of Firewall Upgrade Project

Service Descriptions

VMware Workspace Portal Reference Architecture

Junos Pulse Supported Platforms

KEMP Exchange Overview

HP E-PCM Plus Network Management Software Series

DIR Contract Number DIR-SDD-2263 Appendix C Pricing Index (per Amendment 6)

Next Generation Network Firewall

CounterACT 7.0 Single CounterACT Appliance

Virtual Web Appliance Setup Guide

A Guide to New Features in Propalms OneGate 4.0

Restricted Document. Pulsant Technical Specification

Infrastructure solution Options for

SolarWinds Log & Event Manager

ACE Management Server Deployment Guide VMware ACE 2.0

Backup Exec Private Cloud Services. Planning and Deployment Guide

How To Create A Virtual Desktop In Gibidr

MAYA ANGELOU PUBLIC CHARTER SCHOOL

Cisco WebEx Meetings Server System Requirements

F-Secure Messaging Security Gateway. Deployment Guide

Policy Management: The Avenda Approach To An Essential Network Service

SAN RFP Questions and Answers

Getting Started with ESXi Embedded

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Dell SonicWALL and SecurEnvoy Integration Guide. Authenticating Users Using SecurAccess Server by SecurEnvoy

Transcription:

Request for Proposal MDM0031012338 Offeror s Questions for RFP for Virtual Private Network Solution (VPN) 1. How much throughput must the VPN support long-term? Answer: 10 GB firewall, 4 GB 3DES/AES VPN 2. How much throughput must the IPS support long-term? Answer: 3 GB IPS 3. Are all interfaces for VPN / IPS connections expected to be copper 10/100/1000 Mbps? Answer: Gigabyte 4. Does the customer have existing switches that these devices (IPS, VPN, servers) will connect into, or do switches have to be provided? If so, what are the requirements for the switches? Answer: No, MHBE does not have switches. All ports must be Gigabit capable with uplink capacity. 5. The RFP required that the VPN support 4500 VPN users. Many VPN solutions are licensed by concurrent connected users, which is typically a smaller percentage of the maximum number of potential users. Should the VPN solution be quoted to license for 4500 users? Answer: No, the solution should be quoted for a minimum 500 concurrent users, expandable to 4500 users 6. Are redundant IDS/IPS required? Answer: Yes. Needs to be separate devices 7. Would it be possible to provide guidance on how many years of licensing / maintenance for all vendors to bid? For example, if multiple Offeror s pass technical review, an Offeror priced for one year will come in cheaper than an Offeror bidding three years, even though a multi-year discount may be a better solution for MHBE. Answer: MHBE is requiring 3-5 year license/maintenance from vendor warranty. In addition, MHBE is requiring only one year management, service, and maintenance from Offerors. 8. Will MHBE remediate the data center to accommodate all of the systems (appropriate cooling, rack space, power)? Are there any constraints? Answer: Yes MHBE has appropriate space, cooling and power 9. What are the rack requirements (open/closed, size, etc.)? Answer: Closed

10. What are the minimum requirements of the server besides 12TB of disk space? Are there specific CPU / RAM requirements? Offerors want to make sure that they provide ample capacity if future virtual machines are anticipated. Answer: CPU Quad core capable with minimum RAM 96 GB. HP servers are preferred. Integrated management NIC (i.e. ILO) 11. For a virtual solution, should the Offeror provide all virtualization licensing? Are there any specific requirements for the virtualization environment in terms of preferred vendor (VMware, Microsoft, RedHat, and Citrix), functionality, etc. Answer: Yes, VMware. Two physical virtual hosts are required with Vmotion capability. Vsphere should be installed and configured according RFP. 12. Are the two domain controllers to be on separate physical servers to start with? Or can they be virtualized on a single server to start and in the future have a purchase for a second server for the other location outside the scope of this bid? Answer: DC should be on 2 separate virtual hosts 13. What are the requirements for the backup solution, for ex, retention, backup/restore performance, deduplication, etc.? Answer: Backup solutions should allow portable media to be stored at an offsite location. Retention should be at least 3 years. 14. What platforms are required for anti-malware check - Windows only, or Mac, etc.? Answer: All platforms 15. There is a requirement for Network Access Control for VPN users. If the VPN appliances can support this functionality, is it adequate that the solution does not include a separate dedicated NAC system? Answer: NAC should be separate/dedicated 16. How many internal computers are on the network? Answer: Varies 17. The RFP states the need for a high availability VPN appliance. Does this include the backend hardware needed to support the RSA solution as well? Answer: Yes

18. The RFP also states that the offer shall provide endpoint virus protection and security for all OS based systems. Is this only required for items being added to the environment or items that are currently in place? Answer: Only items proposed in the RFP 19. Do you have a dedicated set of HW for VPN today? Answer: No 20. If so could you please provide the manufacturer? Answer: n/a 21. SW based VPN typically requires HW for termination at the head in. Do you have a manufacturer in mind or would you like us to make the best recommendation? Answer: Cisco 22. The Offeror shall provide installation of a two-factor token based VPN access solution for, at minimum, 4500 users. Question: Are we looking for a solution which is scalable to a higher user count in near future? VPN termination appliance can allow up to 10000 users. We can either procure a license to cater 4500 users and have a device capable to accommodate a higher number or have a device and license only considering 4500 users. Answer: No, we need 500 currently with expandability for 4500 5000 users 23. The Offeror shall have the ability to install VPN Client software to serve MHBE and partners throughout the state of Maryland. Question: Will we be shipping the RSA physical token to all users? Answer: No, the Offeror will provide the token at the time of the installation of the client software at remote sites 24. Will end user be contacting us directly for support in case of issues with installation & provisioning? Answer: Yes, for the 1 st year of service 25. A solution that provides a high Availability VPN appliance cluster on the Maryland Statewide Government Intranet (SwGI) network for access to the HIX Application. The VPN solution will need to provide DNS, DHCP, and Network Time Protocol services to clients. MHBE will provide the VPN security setting policy for the VPN appliances. Question: Do we have DNS, DHCP and NTP server in the network already? If not, do we need to setup these servers as part of the solution offering?

Answer: No, we do not have the server in the network already. Yes, you must set up these severs. 26. Virtual technology should be used for servers and other hardware systems where applicable. Question: Do we have any existing virtual infrastructure which can be leveraged to deploy servers? Answer: No 27. NAC/NAS security appliances that provide a secure scan of VPN client computers. MHBE will provide the security policy of the NAC/NAS. Question: Will it be okay, if we provision secure scan on VPN appliance as a perpetual & onetime cost for all users. Or we need a NAC device to perform posture assessment to get end point details and perform secure scan. To perform secure scan using a NAC/NAS solution involves: 1. Recurring cost for license depending on user count 2. License available for minimum 3 yrs. (1yr not available) Answer: The Offeror will propose the best solution 28. From attachment 1: A solution that includes acquiring and registering any and all digital Certificates needed for this VPN solution and accompanying systems. Question: Are you looking forward for 3 rd party CA service for our PKI requirements or setup an enterprise PKI infrastructure for device certificates and user certificates? Answer: Third-party CAs are required 29. Upon notification of two or more simultaneous connections established by the same device certificate, the Certificate Authority Administrator must revoke the device certificate and provide an updated Certificate Revocation List (CRL) to the Security Administrator. The Security Administrator must immediately drop the session upon notification of two or more simultaneous connections established by the same device certificate. Question: As per the requirement, we are doing 2 factor authentication using domain password and RSA token. Are we intending to use certificates also? Answer: Yes, third-party CAs are required 30. Any escalation of user privileges must be logged on a continuous basis. Please elaborate more on this requirement. Answer: The system must be able to log user actions 31. A backup solution for server and system data that will provide the ability for offsite storage data. Question: Are we including the 12 TB file log server for back up as well? Answer: A file server is not to be included as part of the backup solution

32. Endpoint virus protection and security for all OS based systems. Question: Do we need to provision anti-virus/malware solution on all user endpoints? Answer: No, EVP must be installed on systems included in the RFP 33. An Intrusion Detection System/Protection System solution. This must be a unique hardware device. Question: Please elaborate on unique hardware device. Are we looking for a standalone device or hardware/software module on VPN appliance is acceptable? Answer: Standalone Device 34. What is the actual due date of this RFP? Section 1.12 says the 17 th and section 2.1 says the 21 st. Answer: January 17 th is the due date 35. What is your current firewall appliance? Answer: None 36. What level of support are you requesting for the warranty? How long should the warranty be? Answer: MHBE is requiring 3-5 year license/maintenance from vendor warranty. In addition, MHBE is requiring only one year management, service, and maintenance from Offerors. 37. Are you looking for a redundant, high-available solution? Active/Active or Active/Standby? Answer: Based on vendor options and proposition from Offerors 38. How many tokens are needed for the RSA solution? Answer: Approximately 500 39. How many concurrent VPN sessions are you expecting? Answer: Approximately 500 40. What is your internet throughput? Answer: 100 MB Circuit 41. Time between receiving the answers to questions so you can complete the proposal is extremely short. Would like to request moving the date to the 20th. This would allow a weekend for packaging and final review. Answer: N/A

42. Are two Domain controllers part of the solution? Answer: Yes. 43. Page 17: What format is the user data being provided that is to be used for auto import. Answer: Based on format supported by Vendor. 44. Page 17: The requirement is for RSA style tooks. Please eliberate on the use of digital Certificates. Answer: See question 29 above. 45. Does the solution have to map to the products listed in the "Guidance for Secure Remote Access" document? Answer: Yes 46. You require three client references for staff who are currently licensed to install the proposed solution. Will you allow a company with a successfully history of VPN deployments to use those references? Will you allow vendor references of successful deployments? Answer: Yes 47. You require three client references for staff who are currently licensed to install the proposed solution. Does license mean the same as certified? Answer: Yes, Licensed means the same as Certified. 48. What is the size of the Internet connection to your ISP? Answer: 100 MB 49. What is the total number of concurrent VPN connections do want the solution to support? Answer: 500 users, expandable to 5000 users. 50. Are you open to SSL and IPSEC based VPN solutions? Answer: IPSEC is the preferred method 51. Is a FIPS certified client really required since the algorithms in FIPS are not the latest? Answer: Yes - FIPS140-2 is the requirement

52. Endpoint virus protection and security for all OS based systems. Are you asking for an A/V solution and also want a posture assessment performed by the VPN client? Answer: refer to question # 19. Answer: The proposals are due on January 17th 53. A Light Weight Directory Access Protocol (LDAP) directory for user authentication. (This will be the first of the Microsoft active directory domain for MHBE). MHBE needs at least two domain controllers, both of which will need to be located at 750 E. Pratt Street, with one of the Domain Controllers must be designed to be relocated to a separate facility in the future. Could you please provide a bit of clarity around this requirement, are we to include an AD environment? Answer: Possibly- An AD environment is one example of a LDAP environment. The RFP is requesting two Domain Controllers to meet the redundancy requirements. Each Domain Controller shall be a virtual server and reside on separate physical hosts. 54. {See page 18} Are bids due on the 17 th, or the 21 st? These two dates are in the document. Which of the above is correct? Answer: The proposals are due on January 17 th 55. Please Note Proposal Submission Requirements: Proposals may only be submitted in person or via postal/delivery service. Proposals may not be submitted by emm, email or facsimile.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information