Ocean Park IT Cloud Solution Request for Expressions of Interest for Design, Implementation and Maintenance of Ocean Park IT Cloud Solution The Ocean Park Corporation (the Corporation) invites expressions of interest to propose technology solutions with the associated services for the Design, Implementation and Maintenance of a Hybrid Cloud Solution that forms the IT infrastructure to support existing business applications and increasing usages of social media, mobile applications and business analytics applications. The Corporation plans to commission the selected vendor for the above implementation, as well as the provision of subsequent managed services. This cloud service should allow the Park to consume managed IT resources in an as-a-service model. The hybrid cloud should aim to minimize the Park s capital expenditure, operation risks, and allow on-demand consumption of capacity especially during peak seasons. The cloud services should enhance the agility, availability, reliability, expandability and mobility of the IT services resulting in performance improvement among current Business Information Systems. The Park is seeking for best-in-class technologies that can fulfil the above requirements. The Corporation is looking for a specialist vendor to carry out the following tasks: 1. To build a hybrid cloud including a dedicated private cloud hosted on the Park s premises (with potential redeployment of existing hardware); whereas workloads can be managed across different cloud environments (Private Cloud and Public Cloud); 2. To migrate selected Business Information Systems to applicable Hybrid Cloud Services in phases with proper transition and change management; 3. To operate all cloud components and maintain up-to-date security and patches policy with continuous improvement of service; 4. To propose the financial model of the implementation and operation of the hybrid cloud solution, including detail line items of hardware, software & services; 5. To work with various departments in the Park in analysing/providing required capacity for different applications; 6. To assist the Park to setup and transit potential workloads from application hosted on IaaS to public SaaS services as needed. (A high-level methodology/example is encouraged to be included); 1
7. To allow portability and exit strategy to ensure that workloads can be easily moved out of the proposed hybrid cloud. The response should include all service catalogue items, assumptions and limitations of each service. Please see below high level requirements for the design of the proposed OPC solution to be included in the expression of interest: 1. Physical infrastructure The vendor must detail the necessary physical infrastructure for each data center, the Park currently has two data centers on campus. 2. Infrastructure as a service (IaaS) 2.1 Core network High speed local area network (at least 10Gbps) Multiple virtual NICs and network segments including public and private networks that in connect with existing Park s network Provide an integrated IPAM and DNS management solution Load balancing service to support at least Web-, SSL- and TCP-based scaleout for high-volume applications Support QoS on network traffics capability Support for hosting multiple application environments (e.g. Dev, Test & Production) Network traffic encryption outside of date center, between private and/or public clouds Integration with on-premises Active Directory (AD) Support for automatic failover of network connectivity and components that is transparent to users 2.2 Security components Antivirus, Firewalls, VPN service and intrusion detection and intrusion prevention system following the Park IT security policy 2.3 Hypervisor Computing resources shall include: Hot-swappable/resize virtual hardware while VM online Support moving VM from one physical host to other without interruption Be a commercial product that is maintained and supported by manufacturer/vendor Perform general cloud maintenance without VM downtime Support VM failure recovery and local resilience Support VM anti-affinity and restart in definable priority VM placement limitation, the vendor should provide support and solution in occasion that a software license is limiting customer VM to be placed on specific host. Support dedicated host Must allow console-level access to VM 2
2.4 Storage service Support bulk data import/export Support snapshots Support RAID group protection Provide multi-tiers of storage based on IOPS performance The storage pool shall: Support hot-swappable/pluggable disks without service interruption Support on-line disk volume expansion to a VM without service interruption Provide full capacity that the Park has acquired without over allocation of disk storage The Park must be able to increase size of an existing data volume without having to provision a new volume and copy the data Perform data sanitation process (e.g. DoD 522022M or NIST SP 80088) for deletion of sensitive data Perform services for sanitation include degaussing service for hard disks and any other magnetic storage before retires or disposes storage device The overall cloud usage storage capacity to customer must be at least 30% above customer s half year forecast 2.5 Cloud management software Service Orchestration: Provisioning and de-provisioning which includes: Rapid, self-service provisioning with workflow approval VM Image template customization Support import/export user own image Two-generation OS provisioning support Capability of deploy integrated multi-tier applications Provisioning and catalog action logging Self-service portal which includes: GUI management console support Self-service incident logging system Password reset from a secure interface Support display VM resource utilization monitor with threshold and send alert to customer Conversion tools that meet the followings: Physical to Virtual (P2V) Virtual to Virtual (V2V) Hybrid Cloud characteristics: Transparently & securely extend private cloud to public cloud Single pane of glass management portal Support legacy application integration SaaS integration Security and IT compliance 2.6 Backup as a Service (BUaaS) Must include all HW, SW, implementation and operation services Must backup to virtual tape library or disk with deduplication Full VM image recovery RTO at 24 hours and RPO at 24 hours Flexible retention policy 3
All backup data shall: Be replicated offsite (outside the primary data center) and stored in an encrypted manner Be erased upon VM de-provision and contract termination Provide data integrity check functions & daily backup report Support archive Service 2.7 Disaster recovery as a Service (DRaas) The vendor shall develop and maintain the DR plan which covers the recovery approaches and operational procedures The DR plan shall cover identification of disaster scenarios, associated risks, impact assessment, recovery approaches, operational procedures and testing strategy of the DR plan Provide all necessary services for annual DR drill and DR execution The DR environment shall: Provide sufficient capacity to achieve the same Service Levels as required in the production environment Use DR management tools that streamline DR testing, DR failover and verification of the recovery process Execution of DR Plan, the vendor shall: Manage all stages of a DR Recovery of the Cloud Infrastructure and verification thereof; Recovery of Business Information Systems and verification thereof; Upon completion of the DR drills or execution of a DR plan, the vendor shall identify areas for improvement, review the time duration taken for each DR stage for each Business Information System and report the results of the drills or execution of the DR, and review and update the DR plan accordingly RPO=0 - hours, RTO=30minutes to hours, please propose according to best practice Call center DR services including relocation plan 2.8 Carrier services Internet Connection Services Performance with at least 100 Mb/s for local and 20Mb/s overseas traffic respectively Public IPv4/v6, Utilization report, private leased circuit, cross data center service (DR) 2.9 Optimal management and operation support services The vendor should provide details and highlight the differences (if any) between the support services to be provided and the requirements listed below. Service based on ITILv3 service management model Operation and Management Service 24/7/365 support, 30 minute response time Service uptime availability SLA of 99.95% or higher Live support and online self-service support Online error/bug reporting, centralized logging with maintain sufficient logging information for administrative and operational activities such as 4
incidents investigation, detection of security events, analysis of security breaches and attack attempts. All planned and unplanned failure should log and notify to the Park All transactional and system log must be kept for at least 3 months in tamper proof central system and be accessible by the Park online Regular service reports including inactive VM report should be generated, notification of reclamation of resource should be sent out to both Users and IT department for right sizing activities Must provide at least 6 months for customers to migrate their data and applications out of the system in case of vendor default. Identity management with granular role-based authorization in both the service interfaces and management console Real-time performance monitoring service which must support storage metrics and network metrics Real-time performance health checks, thresholds and alerts Support automates patch management and eliminates manual tracking and patching of hosts and VM Integration with existing OPC service management process Must publish the Cloud infrastructure details to customers Must not have obsolescence or out of maintenance components in the cloud The Contract Period is estimated to be sixty (60) months The Park shall have the option to extend the Contract Period for up-to twenty-four (24) months with the same terms and conditions The Implementation Services shall be completed within six months from the Contract Date. The migration of the selected Park Information Systems should be in phases with accommodation to business requirements and timeline. 2.10 Charging Model The vendor should specify the charging model for the implementation, managed services and utility to the Park Service penalty must be in the form of service credits or refunds, and must not cap at less than 100% of the previous month's bill Provide details of Cloud components (HW and SW) and services to the Park 2.11 Existing Capacity: 60~100 Physical servers with 1-2 physical CPU, 4-32GB Ram, 64+ TB of storage ~100 VMs with 300+ vcpu, 900+ GB Ram, 22+ TB of storage 3. Functional requirements for Software as a service (SaaS): Analytics requirements The cloud solution should provide full business intelligence capabilities and auto-suggest for best data visualization. All contents should be accessible from web browsers or mobile device with native mobile applications. The cloud solution should have a dynamic and secured connection from Microsoft Office and be able to perform complex predictive analytics from the same user interface. Data sources requirements 5
Business users should easily combine enterprise data with personal data and be able to upload data manually. The cloud solution should also support the automation of data loading from on premise, SaaS and web sources. Additional Information Required The vendor is expected to provide the following information to support their proposal for the implementation of cloud solution. Company background Engaged sub-contractor(s) and respective responsibilities Previous hybrid cloud experience, with reference highlighting the solution sizes, service scope and team structure provided locally and/or overseas Policy, processes and standards Engagement models (account relationships, issues, improvement, penalties and incentives) Audited financial statements for the last financial years (the latest financial statement should be no earlier than year 2013) for demonstrating healthy financial conditions. The submission must be deposited into our tender box situated at the Administration Building Annex of Ocean Park, Aberdeen, Hong Kong, on or before 3:30 pm on 30 April 2015 (Hong Kong time). Late submission will not be considered. Expressions of interest must be contained in a sealed envelope marked with the following details: Expressions of Interest for Design, Implementation and Maintenance of Ocean Park IT Cloud Solution Ocean Park Corporation Aberdeen Hong Kong Attention: Deputy Chief Executive & Chief Financial Officer Submissions by fax or e-mail will not be accepted. The Corporation reserves an absolute discretion to invite or not to invite any firm to submit tender proposals or to execute the tender process or not after this expressions of interest exercise. The Corporation is one of the public bodies listed under the Prevention of Bribery Ordinance. It is an offence in law for anybody to offer advantages to any employees or consultants of the Corporation in connection with this expressions of interest exercise or the subsequent tender exercise. Should you have any further queries, please feel free to contact Mr. Joey Cheng at phone no. (852) (852) 3923 2897 or email joey.cheng@oceanpark.com.hk 6