Request for Information RFI Windows Active Directory Update and IP Management East Side Union High School District 830 N. Capitol Avenue San Jose, CA 95133 Capital Projects Purchasing Department Version: 1.0 Date: 4/6/2015 RFI number: RFI-22-14-15 East Side Union High School District Page 1
Contents Confidentiality...3 Introduction and purpose of the RFI...3 Goal..3 RFI procedure...3 How to deliver the answer...3 Contacts...3 Timeframe...3 Background description of what is requested...4 Form to fill in as answer to the RFI 9 East Side Union High School District Page 2
Confidentiality All information included in this RFI is confidential and only for the recipient knowledge. No information included in this document or in discussions connected to it may be disclosed to any other party. Introduction and purpose of the RFI With this RFI we request information regarding your company and your products/services. The same information will be gathered from different companies and will be used to evaluate what suppliers we will follow up the sourcing process with a RFP or RFQ. Goal The goal of this project is for ESUHSD to upgrade their Windows 2003 domain to Windows 2012 and do a health check on their domain to get it as close to Microsoft s best practices as possible. ESUHSD would also like to switch to a physical appliance for DNS, DHCP, and IP management. RFI procedure To answer this RFI please fill in the attached form. Contact person listed below is available for assistance in case that is needed. The answers to this RFI will be evaluated by staff from different functions in East Side Union High School Information Technology Department. How to deliver the answer Send the attached form in by email to ungerj@esuhsd.org. Janice Unger, Capital Projects Purchasing Manager East Side Union High School District Capital Purchasing 408-347-5079 Contacts For questions regarding this RFI, you are welcome to contact: Nathan Nimori Systems Engineer, East Side Union High School District 408-347-5160 nimorin@esuhsd.org Timeframe This is the timeframe for the RFI and an eventual coming project: 4/6/2015 The RFI is sent out 4/10/2015 Last date for questions 4/17/2015 Last date for submission of answers (RFI due) by 4:30pm 4/24/2015 Results from the evaluation delivered from ESUHSD 5/01/2015 RFP sent to suppliers that has passed the RFI 5/15/2015 RFP due to ESUHSD Capital Purchasing Department 5/22/2015 Completion of RFP evaluation 5/28/2015 Recommendation final supplier(s) chosen 6/18/2015 Board of Trustees Approval 6/29/2015 Notice to Proceed, SOP, start of production East Side Union High School District Page 3
Background description of what is requested ESUHSD will provide a recent DCDIAG report upon request. A vendor may run other diagnostic software provided the vendor provide the software and the data can be shared with other vendors. 1. Upgrade Active Directory Domain to Windows 2012 / AD Health Check 1.1. Resolve all critical security issues and domain issues identified by Microsoft DCDIAG. 1.2. Remove and clean up any subdomains or child domains. 1.2.1. Remove any remnants of a child domain in active directory. 1.3. Remove any remnants of domain controllers no longer available in the domain. 1.4. Verify active directory replication is working properly. 1.5. Identify any applications currently in use that may not work in a windows 2012 domain. (i.e. Windows XP) 1.6. Domain controllers will be housed at the district office and removed from the remote school sites. 1.7. ESUHSD would like auditing software that would track and log changes to active directory, Windows file servers, and domain controllers. 1.7.1. Software should aggregate all logs for easy analysis. 1.7.2. Software should hold at least two months worth of data. 1.7.3. Software must be able to alert administrators of certain changes to active directory and domain controllers. 1.7.4. Software must be able to monitor and alert when user or AD permissions are changed. 1.7.5. Software must be able to alert when server permissions are changed, (example: a local account is created or given administrator access). 1.7.6. Software must be able to monitor and alert when group policy objects are created, modified, or deleted. 1.7.7. Software must be able to find directories with orphaned users attached to them (example: home directories that belong to users who have been deactivated or deleted). 1.7.8. Software must be able to show file and share permissions for file system directories. 1.7.9. Software must be able to show effective permissions for file system directories. 1.7.10. Software must be compatible with Windows Server 2008 and above. 1.7.11. Software that can show file system utilization and other statistics is preferable. 1.7.12. Software that can change file system and AD permissions would be preferred. 1.7.13. Software that can modify (add, delete, rename) AD OU s and file system directories would be preferred. East Side Union High School District Page 4
1.7.14. Please explain the system requirements to run the software that would be required for this project. 1.8. Misc. Information 1.8.1. ESUHSD currently has one forest (esuhsd.org) and one sub-domain (piedmont.esuhsd.org). 1.8.2. ESUHSD has domain controllers running in VMWare. 1.8.3. Our Domain Controllers are distributed between our District Office and school sites. 1.8.4. Many of our windows workstations do have Deep Freeze from Faronics running on them which reset the workstation back to an image after every reboot. 1.8.5. Using CSVDE -f with no filters or switches, ESUHSD s AD shows 167,571 objects in Active Directory. 1.8.6. ESUHSD estimates approximately 26,000 networked devices currently using our Windows DHCP/DNS servers district wide. 2. DNS, DHCP, and IP Management 2.1. Deploy appliances at the district office and remote sites. Devices at all sites should be able to get IP numbers even if the connection to the district office is severed. ESUHSD would prefer redundant master servers at the district office and single slave servers at each site. 2.2. All master and slave servers should be manageable and act at management stations. 2.3. It should fully integrate with Windows 2012 domain so ESUHSD will no longer need to run Windows DNS or DHCP servers (unless Microsoft recommends at least one or two). 2.4. Appliance should be able to manage windows 2012 DHCP and DNS servers. 2.5. Recommend any changes to our organization s current DNS structure that would optimize performance and implement them if accepted by ESUHSD. 2.6. The appliance should not be a Microsoft Windows or Apple OS based server. The operating system and database should not require root access or any administration. 2.7. ESUHSD would like a dedicated physical appliance. Appliances should not be general purpose servers with PC style I/O ports (such as keyboard and monitor ports) or I/O devices (such as CDROM or floppy drives). 2.8. At least two months of historical data should be retained so that ESUHSD can determine which MAC address had which IP address at a certain point in time. Information on the type of device that had the lease would be a plus. 2.9. ESUHSD currently has DNS servers for both our public (internet) and private (inside) networks. ESUHSD would like to continue providing DNS services for both networks. 2.10. Appliance should have an undelete or recycle bin function that will allow data to be recovered in the case of accidental deletion. 2.11. Appliance should allow recovery of data and objects without having to overwrite current zones or scopes (selective recovery). 2.12. Appliances should have an audit log that tracks all changes made to the device. 2.13. Appliances should be tied to active directory so privileges can be assigned using AD users and groups. East Side Union High School District Page 5
2.14. Appliance should be able to allow certain users access to only certain subnets. For example, ADuser1 may have access to view DHCP subnets 1 and 2 and able to modify DHCP subnets 4 and 5. ADgroup1 may have access to add DNS entries for subnets 4 and 5. Only sysadmins should have access to modify scope or zone options. 2.15. Appliances should be able to alert administrators of certain events such as system failures, system errors, or DHCP scopes running out of leases. Please list the types of alerts that the appliance can recognize and the method(s) the appliance can use to notify administrators. 2.16. The appliance should be able to identify rogue IP s in use on the network to avoid assigning duplicate IP s. An appliance that could provide information on a rogue device would be preferred (i.e. a printer that was assigned a static IP which is part of a DHCP scope). 2.17. Appliance should have the capability to join or split existing subnets without having to recreate each subnet. Reserved entries should be retained and gateway and mask information should be automatically be updated to match the new subnet. 2.18. The appliance should support both IPV4 and IPV6. 2.19. The appliance should have access control lists for Zone Transfers and recursive queries. 2.20. The appliance should be able to manage both the forward and reverse DNS entries for an IP address automatically. Modifying or deleting an entry in either the forward or reverse zone should update the corresponding entry in the other. 2.21. Reverse DNS zones should be created automatically. 2.22. Ability to perform automatically updated DNS Blacklisting with Client Identification and historic DHCP Lease History preferred. 2.23. Sites 2.23.1. Andrew Hill 2.23.2. Calero 2.23.3. Evergreen Valley 2.23.4. Foothill 2.23.5. Independence and Independence Adult Center 2.23.6. James Lick 2.23.7. Mount Pleasant 2.23.8. Oak Grove 2.23.9. W. C. Overfelt and Overfelt Adult Center 2.23.10. Piedmont Hills 2.23.11. Silver Creek 2.23.12. Santa Teresa 2.23.13. Yerba Buena 2.23.14. Education Center (District Office) 2.24. Current issues with DHCP/DNS using Windows 2003 server: 2.24.1. DHCP not working with DNS efficiently. Many times DHCP entries are not propagated to DNS especially when it comes to printing devices. 2.24.2. Some DNS entries are not removed in a timely fashion while others are removed too quickly. Even some static entries sometimes disappear. East Side Union High School District Page 6
2.25. Questions 2.25.1. What type of reporting is included with the appliance? 2.25.2. What type of information can be displayed? 2.25.3. How can information be displayed (graphs, text only, exported to csv)? 2.25.4. Can data be viewed in real time? Please explain. 2.25.5. Is it possible to track DNS queries for all or specific devices? 2.25.6. In a hub and spoke topology where the District Office is the hub and our schools are the spokes, please describe how the appliances would function in the following cases: 2.25.6.1. Link between school site A and district office goes down. Can changes be made at school site A while link is down? What happens when link comes back up? What happens if changes are made for school site A on both the site appliance and the district appliance while the link is down? 2.25.6.2. A site appliance needs replacement. How would the district office appliances take over? Please describe the steps required to bring a replacement appliance online. 2.25.7. Please describe how data can be backed up and restored from appliances. In a hub and spoke design, will data have to be backed up from all appliances or just the master appliance? 2.25.8. Is the appliance capable of discovering devices on a network? If yes, please describe the types of network discovery and whether it is included as a standard option or if it is considered an add-on. If it is an add-on, please include pricing information as an option but not included in the base cost of this project. 2.25.9. How will the appliance handle multiple administrators making changes to the same scope or zone at the same time? How will the appliance handle administrators making changes to the same IP address or DNS entry at the same time? 2.25.10. Does the appliance allow administrators to search for device names or MAC addresses and track previous IP addresses and names? For example, searching for MACaddress1 would show if it had several IP addresses and if it was renamed several times in the past month. 2.25.11. Does the appliance support DHCP Custom Options and Vendor Class Identifiers? 2.25.12. How would the appliance handle a laptop using a wired connection suddenly switching to wireless and then back to a wired connection? Would the DNS entry be updated to match the current IP address? 2.25.13. What methods are used to clean stale or orphaned DDNS records? Please explain each method. 2.25.14. Does the appliance support the ability to specify a custom list of root name servers? 2.25.15. Please list DNS record types supported by the appliance. East Side Union High School District Page 7
2.25.16. Is it possible to assign different TTL values to different DNS records within the same zone? 2.25.17. Does the appliance have the ability to enforce hostname restrictions (i.e. do not allow underscores, letters and numbers only)? 2.25.18. Does the appliance allow for additional attributes to be associated with an IP or MAC addresses? 2.25.19. Does the appliance allow for custom attributes to be created and associated with IP and MAC addresses? 2.25.20. Please describe the different types of warranties and support levels offered. Include them as options and not part of the base cost of this project. 2.25.21. Please describe the recommended training required to manage the appliances. If they have a cost to them, please include them as options and not part of the base cost of this project. 2.25.22. How would firmware updates be deployed in a live environment? East Side Union High School District Page 8
Form to fill in as answer to the RFI-22-14-15 Question Company name Company address Company web page Main products/services Main market/customers Ownership structure with ownership status in percentage Structure of mother corporation, joint ventures, subsidiaries, partnerships or other relevant relations Number of years on the market Company location(s) Environmental management system(s) Quality management system(s) Describe your business continuity management Answer Employees Production R&D Marketing and sales Quality department Financial information Last year turnover Last year gross margin Last year profit Stock markets where your company is listed Contact person and responsible for answering this RFI Telephone Email Capacity conditions today Anticipated capacity conditions within 12 months Conditions that s listed in the RFI and can t be met Description of products or services that are already delivered to customers today, and could be comparable to what is requested in this RFI Reference customers using comparable East Side Union High School District Page 9
products or services (including contact information) Reference customers using your products or services today, although they are not comparable with what is requested in this RFI (including contact information) Locations available for delivery, if not worldwide. Availability of spare parts and support worldwide East Side Union High School District Page 10