national research centre on plant biotechnology
DESCRIPTION
TRANSCRIPT
NATIONAL RESEARCH CENTRE ON PLANT BIOTECHNOLOGYLAL BAHADUR SHASTRI BUILDING
NEW DELHI-110012
No. 6-64/08-NRCPB Dated:
Tender Notice
Sealed tender are invited on behalf of the Project Director, National Research Center on Plant Biotechnology, Pusa Campus, New Delhi-110012, India for “Internet Connectivity” from only the Authorized agencies.
The detailed specifications along with the tender forms are available with the Assistant Administrative Officer of the Center, which can be obtained on all working day upto 28-01-2009 from 10:00 a.m. to 3:00 p.m. on payment of Rs. 1000/- by cash or demand draft (drawn in favour of Project Director, NRC on Plant Biotechnology and payable at New Delhi). The tender documents must reach on OR before stipulated date.
The vendors may download Tender Documents containing detailed technical specifications and terms and condition from our website: www.nrcpb.org and submit along with the cost of the tender documents by demand draft for Rs. 1000/- and EMD amount Rs. 50,000/- If the cost of tender documents downloaded from the website and the EMD are not deposited, the submitted tender will be summarily rejected.
Complete tender (Technical and Financial bid in separate envelopes) may be dropped in Tender Box kept in Room No. 130, 1st Floor, NRCPB, LBS Building . The tender documents must reach upto 11:00 a.m. on 28-01-2009 and bid will be opened on the same day at 11:30 a.m. in Committee Room, 1 st Floor, LBS Building Pusa Campus, New Delhi-110012 in presence of bidders or their representatives.
Assistant Administrative Officer
NATIONAL RESEARCH CENTRE ON PLANT BIOTECHNOLOGYLAL BAHADUR SHASTRI BUILDING
NEW DELHI-110012
Telephone : 25841787 TENDER NO: 6-64/08-NRCPB : 25842789
Telegram : KRISHIPUSA Telex : 31-77161-IARI-IN
Fax : 91-011-25843984
Tender Notice
1. Sealed tenders for Internet Connectivity are invited on behalf of the Indian Council of Agricultural Research Institute, New Delhi.
2. Preparation of tender:-(a) The tender documents comprising of the tender form, the schedule and the Annexure
referred to therein are provided herewith.
(b) Any form of overwriting or use of more than one ink in the tender will disqualify the tender and such tenders are liable to be ignored also, a tender is liable to be ignored if complete information, as required therein, is not filled in. Rates should be quoted in words also.
3. Delivery of tenders:-
All tenders should be addressed to the Project Director, NRC on Plant Biotechnology, Lal Bahadur Shastri Building, Pusa Campus, New Delhi -110012 and should ordinarily be deposited in the tender box kept in the office for the purpose. Tenders can also be sent by Registered post but this will be at the risk and responsibility of the tenderer themselves. However, such tenders are sent by post, duly sealed, superscribed and addressed as indicated above should be made to be delivered to the Project Director NRC on Plant Biotechnology. No responsibility whatsoever will be accepted with regard to postal delays or for wrong deliver of the tenders sent by post. The tenderers are, therefore, advised to ensure that tenders are deposited in the tender box or delivered to the aforesaid officer before the last date and hour specified for receipt of tenders.
4. Latest Hour for Receipt and Opening of Tenders:- As specified in the schedule to tender, the tenders must reach this office not later than 11.00 a.m. hours on 28-01-09. The tenders will be opened at 11.30 a.m. sharp on the same date i.e. 28-01-09 in the presence of the tenderers who may choose to be present personally/or through a representative duly authorized in writing in this behalf.
Late tenders i.e. tenders received after the specified here will not be considered at all. If, however, the tenders received subsequently show attractive rates from reliable firm. The Project Director, NRC on Plant Biotechnology will have the discretion either to re-invite tenders or negotiate with the lowest tenderers. The decision of the P.D., N.R.C.P.B, IARI, shall be final and binding.
5. Period for which the offer will remain open/contract period:- As specified in the schedule to tender the tenders shall remain open for acceptance upto 90 days from the date of opening. The successful tenderer will have to completed the supply under this tender with in 20 days from the date of issue of the acceptance letter a and no further extension of time will be given on any account.
6. Earnest Money/Security Deposit/Contract Bond :-Each tender must be accompanied by an Earnest Money of Rs. 50000/- without which no tender shall be considered. The Earnest Money should be furnished in form of Bank Draft/Pay Order drawn in favour of ICAR Unit (NRCPB), New Delhi-110012, payable on Syndicate Bank, Pusa, IARI, New Delhi. Earnest Money deposited in any other form or request for treating any other dues to the tenderers from the Institute as the Earnest Money will not be accepted. The Earnest Money will be refunded to all the unsuccessful, tenderers, but in the case of successful, tenderers this money will be adjusted towards Security Deposit or refunded after the necessary security money has been deposited.
The successful tenders will have to deposit as security a sum equal to 5% of the value of the contract/ total work in the form of Bank Draft/Pay Order drawn in favour of ICAR Unit (NRCPB), New Delhi-110012, payable on Syndicate Bank, Pusa, IARI, New Delhi-110012 on Syndicate Bank, Pusa IARI, New Delhi which will be accordingly adjusted and also execute the supply within 20 days from the date of issue of the letter of acceptance, failing which the Earnest Money will be forfeited without any intimation.
Tenderer quoting the rates for equipment from aboard through their representative in India may kindly specify the commission to be paid to the Agent in India a this will have to be paid in Indian Currency only.
7. Prices and Delivery Terms:- As given in the schedule to tender the prices quoted must be net per unit/ for whole job
inclusive of all charges. Rates should be quoted for to the store of NRC on Plant Biotechnology, IARI, New Delhi-110012. All taxes will be paid in full as no C/D from will be issued by this office. The prevailing rates of all taxes, to be charged extra, should be shown clearly, without which the tender will be liable to be ignored. No packing, Forwarding or insurance charges will be allowed.
Other terms for scientific equipment will be as detailed in the schedule to the tender. The delivery of the scientific equipment will be accepted by the Project Director, NRC on Plant Biotechnology after proper inspection and verification as to their quality, quantity and conformity to the prescribed specification.
8. ITC/Trade Registration Certificates:- Every tender must be accompanied by a Photostat copy of the latest income- tax/TRC
clearance Certificate, without which the tender will be liable to be ignored.
9. Sales Tax Registration Certificates:- Every tender must be accompanied by a certificate as under:-
I. Photostat copy, duly attested of the sales-tax declaration to the effect that the firm is Registered under the Sales Tax Department and,
II. 3- GA (6) or 3, GA (2) form, as the case may be should the attached along with each bill of supply, otherwise the purchase tax as may be applicable will be deducted from each bill of supply.
III. 10. Other Terms and Conditions for Internet Connectivity:-
1. The Vendor should be category ‘A’ ISP having valid license from Govt. of India (attach a copy of the license).
2. Should have their own international gateways.3. Preferably having own last-mile-connectivity infrastructure. Liasioning (if
required) with other firm(s) for obtaining point to point connectivity between ISP node and NRCPB shall be the responsibility of quoting firm.
4. The vendor should have vast experience and should have provided similar service to atleast five other organizations in or around Delhi. The list and copies of such works orders should be attached (more than 2 mbps for ISP’s).
5. Capability to provide 1—percent back up through alternate route in case of cut/failure of primary line.
6. The Bidder shall provide and install all the hardware such as modems, converters and any other such hardware required to terminate the leased line at the organization. The Bidder should also install and commission servers and UTM at NRCPB. The maintenance and ownership of all such equipments will be with bidder only. Organization will only provide space for co-locating the hardware.
7. The Bidder shall provide end-to-end connectivity from their gateway including modem, router, cable or any other equipment required to provide uninterrupted connectivity with provision for alternative route.
8. Internet service should be dynamic and should be scaleable to higher speeds of say up to 32 MBPS on the same link without any change in equipment or downtime.
9. Any reduction in pricing during the course of contract as per TRAI orders will have to passed on to the institute.
10. Reports for performance, monitoring/usage to be submitted by the ISP on monthly basis or as per requirement of NRCPB.
11. The price should be inclusive of all taxes, delivery and installation. Payment will be released periodically, on quarterly basis for ISP.
12. The entire work should be completed and made available at site within one month from the date of placement of the work order.
13. Capability to provide 100 percent backup through alternate route in case of cut/failure of primary line.
14. The bidder shall provide and install all the hardware such as modems, converters and any other such hardware required to terminate the leased line at the organization. The bidder should also install and commission serves and UTM at NRCPB. The maintenance and ownership of all such equipments will be with bidder only. Organization will only provide space for co-locating the hardware.
15. The bidder shall provide end-to-end connectivity from their gateway including modem, router, cable or any other equipment required to provide uninterrupted connectivity with provision for alternative route.
16. The vendor will be responsible for the comprehensive maintenance during the period of contract after the acceptance of installation and testing of hardware for which NRCPB will not make extra payment.
17. The ‘ISP’ shall provide maintenance service on 24 X 7 basis to keep the Internet facility in good working order and also as and when required. For this regular networking personnel having Course Certification in Networking (CCNA) should be deployed at NRCPB on all working days between 9:00 a.m. to 5:00 p.m. The service consists of all necessary corrective maintenance and includes providing uninterrupted bandwidth. There should be online monitoring of outgoing and incoming traffic by the NRCPB through password.
18. Document to be enclosed.a) Copy of Income Tax and Sales Tax b) Copy of Trade License.c) EMD of Rs. 50000/- in favour of “ Project Director, NRCPB” payable at
New Delhi. 19. Deviations, if any, may be mentioned separately.
20. Project Director, NRC on Plant Biotechnology, RESERVE TO HIMSELF THE RIGHT TO ACCEPT OR REJECT ANY OR ALL TENDERS, OR PART OF TENDER WITHOUT ASSINGNING ANY REASON THERETO.
If the said requirements in the tender form are not fulfilled and Photostat copy of registration certificate issued by the sales tax department, is not attached with the tender form, the tender will not be accepted.
21. Quantity mentioned in the tender notice are approximate and liable to change at the discretion of the Project Director, NRC on Plant Biotechnology, New Delhi-110012.
Project DirectorNRCPB
National Research Centre on Plant Biotechnology
LBS Building, Pusa CampusNew Delhi-110012
Tender Form Tender No.6-64/08-NRCPB
From:____________________
____________________
____________________
____________________
ToThe Project DirectorNRC on Plant BiotechnologyPusa Campus, New Delhi-110012
Dear Sir,1. I/We offer to supply the stores detailed in the schedule hereto or such portion thereof as
you may specify in the acceptance of tender at the price given in the said schedule and agree to hold this letter open till the specified date. I/we shall be found by a communication of acceptance dispatched within the aforesaid date.
2. I/We have understood the instructions and condition of contract pertaining to the above mentioned tender and has thoroughly examined the specifications/drawing and/or pattern quoted in the schedule thereto and am/are fully aware of the nature of the stores required and my/our offer as to supply strictly in accordance with requirements.
3. The following pages have been added to and form part of the tender:-
A demand draft for Rs. 50000/- drawn in favour of Project Director, NRCPB, on the Syndicate Bank, Pusa, NRCPB, New Delhi, is enclosed towards the earnest money required.
4. I/We also agree to execute the contract bond/agreement as referred to in para 6 of The Tender Notice.
Yours Faithfully,
(Signature of Tenderer)Signature of Witness_________________
Address: __________________________
___________________________________
___________________________________
ANNEXURE
TENDERES SHOULD FURNISH SPECIFIC ANSWERS TO ALL THE QUESTIONS GIVEN BELOW.TENDERERS MAY PLEASE NOTE THAT IF THE ANSWERS SO FURNISHED ARE NOT CLEAR AND OR ARE EVASIVE, THE TENDER WILL BE LIABLE TO BE IGNORED.
1. Tender No. 6-64/08-NRCPB Due for opening on 28-01-09
2. Offer is open for acceptance till
3. Whether the stores offered fully confirm to the technical particulars and specifications/ Drawings, specified by the Purchaser in the Schedule to Tender, if not mention here details of deviations.
4. Brand of store offered
5. Name and address of manufacturer
6. What is your permanent income-tax A/C.
7. Station for manufacturer
8. Confirm whether you have attached your latest/ current ITCC or photo copy thereof.
9. Status
(a) Indicate whether you are LSU or SSI
(b) Are you registered with DGS&D for the item quoted? If so, indicate whether there is any monetary limit on registration
(c) If you are a small scale unit registered with NSIC under Single Point Registration Scheme, whether there is any monetary limit.
10. (a) If you are not registered either with
NSIC or with DGS&D, please state whether you are registered with Directorate of Industries of State Govt. concerned
(b) If so, confirm whether you have attached a copy of the certificate issued by Director of Industry
11. Please Indicate Name & Full address of your Banker:
12. Please state whether you have submitted the Tender Sample (if called for in the Tender Enquiry)
13. Business name and constitution of the firm. Is the firm registered under :-
(I) The Indian Companies Act, 1956
(II) The Indian Partnership Act, 1932 (Please also give names of partners)
(III) Any Act, if not, who are the owners (Please give full name and address)
14. Whether the tendering firm is/are:-
(I) Manufacturer(II)Manufacturer’s authorized Agents,(III) Holders in stock of the stores tendered forN.B. : if manufacturer’s agents, please enclose with tender the copy of manufacturer’s authorization
15. State whether Raw materials are held in stock sufficient for the manufacture of the stores.
16. Here state specifically
(i) Whether the price tendered by you is to the best of our knowledge and
belief, not more than the price usually charged by you for stores of same nature class or description to any private purchaser either foreign or as well as Govt. purchaser. If not state the reasons thereof, if any also indicate the margin of difference
(ii) In respect of indigenous items for which there is a controlled price fixed by law, the price quoted shall not be higher than the controlled price, and if the price quoted thereof should be stated.
17. Are You:(i) helding valid Industrial Licence(s) registration certificate under the Industrial Development and Regulation Act, 1981. If so, please give particulars of Industrial Income Registration Certificate.
(ii) Exempted from the licensing provision of the Act for the manufacture of item quoted against this tender. If so, please quote relevant orders and explain your position
(iii) Whether you possess the requisite license for manufacture of the stores and/or for the procurement of raw material belonging to any controlled category required for the manufacture of the store? In the absence of any reply it would be assumed that no license is required for the purpose of raw materials and/or that you possess the required licence
18. State whether business dealings with you have been banned by Min./Deptt. Of Supply/NRCPB
19. Please confirm that you have read all the instruction carefully and have complied with accordingly
20. Please indicate guarantted date by which date delivery can be completed. Also indicate monthly rate of supplies and also time required for commencement of supplier from the date of formal orders
21. Please state whether you agree to submit advance sample free of cost if called upon to do so within a specified period of seven days
22. ABBRITRATION: (i) In the event of any question/dispute of difference arising under these conditions or any special conditions of contract or in connection with this contract, the same shall be referred to the sole arbitration of an officer, appointed to be the arbitrator by the Director, NRCPB.
(ii) In the event of the Arbitrator neglecting or refusing to act or resigning or being unable to act for any reason, or his award being set a side by the court for any reason, shall be lawful for the Director, NRCPB to appoint another arbitrator in place of the outgoing arbitrator.
(iii) It is further a term of this contract that no person other than the person appointed by the Director, NRCPB as aforesaid should act as arbitrator and that if for any reason that is not possible, the matter is not to be referred to arbitration at all.
(iv) The arbitrator may from time to time with the consent of all the parties to the contract enlarge the time for making the award.
(v) Upon every and any such reference, the assessment of the costs
incidental to the reference and award respectively shall be in the discretion of the arbitration.
(vi) Subject as Aforesaid, the arbitration Act, 1980, and the rules there under and any statutory modification thereof for the time being in force shall be deemed to apply to the Arbitration proceeding under this clause.
(vii) If the value of the claim in a reference exceeds Rs. 1.00 lakh, the arbitrator shall give reasoned award.
(viii) The venue of arbitration shall be the place from which the acceptance note is issued or such other place as the Director, NRCPB at his discretion may determine.
Signature of Witness Signature of Tenderer
Full Name & Address of 1. Full Name & Address of the Person signing (IN BLOCK LETTERS)
2.Whether signing as proprietor/Partner/constituted attorney/duly authorized by the Company
TECHNICAL BID
COMPLIANCE STATEMENT
Name of the item: Internet Connectivity to NRCPB with accessories Please must fill all the columns.
Specifications asked for Specification offered
Compliance Yes/No
If deviation, is it on higher side or
lower side Higher/Lower
A) Specification for band widthFibre last mile through a service provider having its own last mile (Fibre optic Network)Fibre optic network as the ISP's Back boneLatency to US under 350 ms.Separates rates forBandwidth of 2mbps. 1:1 dedicated channelBandwidth of 4mbps. 1:1 dedicated channelBandwidth of 8mbps. 1:1 dedicated channelProviding one networking personnel on 24X7 from 9.00Am to 5.00Pm to maintain internal connectivityOne time chargesAnnual Recurring ChargesModem Pair, Rental, Annual Recurring chargeswireless local loopPort for terminating the bandwidthBlock of 8 IP addressConverter charges
B) Specification for Web Server64 bit RISC Processor system having at least 16 cores. Processor speed should be 1.2 GHz or higher with an architechture of Multicore Chip Multithreading or better optimized for Web Serving workloads, Space optimized, rack mounted 1RU designMemory: 16 GB DDR2 with DRAM Sparing, ECC registered DIMMs upgradable to maximum of 64 GBInternal disc may be provided with 2 x 146 GB Hot Plug SAS disks. At least one empty bay for adding additional disk, optical hard drive,
System should come with Integrated Open Source based Virtualization capability software with 19” TFT monitor and keyboardPower supply:2 x Hot Swappable Power Supply providing N+1 redundancy. Power Consumption and BTU/Hr rating to be providedOperating system: Pre loaded 64 bit Unix/ Linux Operating System supporting following features like Multi-threading awareness, the OS should support Security features like File Integrity, User and Process Rights Management, Network service protection using IP filter firewall, TCP
C) Specification for Firewall (Unified Threat Management Appliances) UTMA
Appliance Requirements1. The proposed system should be capable of supporting:2. 2 number of 100 mbps Ethernet ports and 2 number of Tri speed 10/100/1000 Gigabit Ethernetport3. Should comply FCC and CE norms4. LAN Bypass facility in Bridge mode5. Appliance should support web cachingAdministration, Authentication & Configuration1. User Data & Policies export and import facility in CSV Format2. User Authentication with Windows NTLM Database, LDAP, & ActiveDirectory and in built database of the appliance3. Single Sign-on Integration with Windows Authentication4. Bandwidth Utilization Graphs (like MRTG) of Multiple ISP Links on Day,Month, Week, Yearly basis5. Message Broadcasting to Individual Logged in Users via Web Based or throughLogin client software6. Network admin must be able to view amount of upload and download Datatransfer done by each user separately in real time basis7. Network admin must be able to view bandwidth consumed by each individualuser in the network in real time basis
8. System should be provide real time traffic reports by Application wise & userwise9. Web-based & secure console based remote administration
Identity based Policy ControlsSurfing Policy Quota1. Facility to create Weekly Cyclic quota of limited period of internet surfingbased on Individual usernames & groups2. Surfing Policies can be allocated on shared basis between group of users orindividual user wise3. Surfing policies based on combination of Hours & Validity in term of Day,Week, Month & Yearly (ex: 8 Hours of Daily surfing valid till 1 Year)4. Policies based on time quota (ex: 100 Hours, 200 Hours) should be possiblebased on Individual Users & GroupsAccess Time Policy Quota5. Policies to control Internet access time for users & groups should be availablebased on time and days of week. (ex: Internet access to be only allowed tospecific users or group during Working hours 9:00 AM to 6:00 PM fromMonday to Saturday)Data Transfer Policy Quota6. Facility to allocated Data transfer Quota (1 GB, 2 GB, 100 MB etc) toindividual user policies or group policies based on User Identity7. Should provide feature to create separate upload and download based policiesfor Daily, Weekly, Yearly Quota on user & group basis (ex. 1 GB Upload & 1GB Download of Data transfer allowed every Month or Year)8. Data transfer Quota should also be allocated on shared basis on usersFirewall Requirements.1. The firewall should be dedicated standalone appliance2. Firewall rules can be created based on usernames and not on Hosts/ Subnets (eg.
Rule can be created in the name of network admin (like john, harry) to allowcertain privilege access such as ftp, ssh without need of providing hostnames, IPor Subnets)3. The firewall should have stateful packet filtering technology & must supportoneto-one and dynamic user based NAT with an facility to create rules based onusernames, Source & Destination IP address, Hosts, network, IP Range.4. The firewall should be based on a hardened OS, which is capable of deliveringnetwork protection services at all layers along with options of network gatewaylevel anti virus, anti Spam, intrusion detection and prevention, content filtering,multiple ISP load balancing and failover solutions.
5. The firewall should support transparent mode/Bridge mode for Seamlessdeployment into an existing network without changing IP configurations in thenetwork.6. The firewall should provide multi-zone security architecture as follows:a. User assignable zones on different physical interfacesb. Different IDP policies between different zonesc. Anti Virus, Anti Spam, IDP, Web filter between different zones.7. The firewall should at least provide the following system performance:a. Concurrent session: 4,00,000b. New sessions: 10,000c. Firewall throughput at least: 500 Mbps8. Provide Pre-defined services based on port numbers and Layer 7 applicationsignatures and ability to create user-definable services, which can be used todefine firewall rules.Bandwidth Management1. The proposed system should have integrated Bandwidth Management2. The proposed system should be able to set
guaranteed and burstablebandwidth per User and group of Users3. System should be able to create Bandwidth Policies based on applications andnot on IP or Ports4. The proposed system should provide user based and layer 7 based visibilityand bandwidth utilization for every connection established through thatsystemIntrusion Detection and Prevention (IDP)1. The proposed system should have signature and anomaly base intrusiondetection and prevention system2. The proposed system should be able to provide multiple IDP policies and allowAttaching an IDP policy to a firewall rule. This should help the administrator indefining customized IDP policies as per his requirements of security and alerts3. Reporting of internal alerts should be based on username and not on hostnamesorIP addresses.4. The attack signatures should be automatically updated from a central databaseServer.
Gateway Anti-Virus1. The proposed system should have an integrated Anti-Virus solution and shouldbe able to provide real-time detection of viruses and malicious code at thegateway for HTTP, SMTP, POP3, IMAP and FTP over HTTP Internet traffic2. The Basic Virus Signature Database should comprise of the complete Wild ListSignatures and variants as well as malware like phishing mails and spyware.The antivirus system should not be share-ware, free-ware3. Facility to add signature / Disclaimer in emails4. Facility to provide notification of email virus information to admin email id5. Facility to store infected emails in Quarantined section in the appliance itself6. The proposed system should have
configurable policy options to block differentfile types such as Executables, Dynamic7. The proposed system should have configurable policy options to blockcustomized file type attachments like .exe, .ini etc.8. In SMTP Antivirus scanning subsystem, if email message is either infected,suspicious or protected attachment, then following options should be there toeither deliver original email, Do not deliver or remove attachment and deliver.Similarly notification to administrator on either of the above options should beavailable9. In terms of SMTP the Proposed system should not act as mail relay or MTA byitself unless configured10. In SMTP system, it should be support facility to create customized scanningrules11. Customized scanning rules should allow policies to be applicable onsender/recipient email addresses or address groups for notification settings,quarantine settings and file extension blocking12. The proposed system should be able to update with the frequency less than 1hour its signature database automatically at a preconfigured interval andthrough manual update action13. In terms of POP3 & IMAP system, if virus is detected in the email, the virusaffected attachment should be stripped from the message and the message bodyshould be replaced with a notification message.14. The HTTP Anti Virus gateway should be able to scan sites based on source,destination and URL regular expressions for Virus scanning15. The HTTP Anti Virus system should be able to bypass source & destinationHosts16. The HTTP Anti Virus should have scanning options of real mode and batchmode with option to restrict file size for
scanning17. Support Personalized Individual User Quarantine support.18. The proposed system should be able to provide alerts and reports based onusername, protocol, IP address, sender, recipient, subject and virus-namesGateway Anti-Spam1. The proposed system should have an integrated Anti-Spam solution in theAppliance2. Should have ability to filter SMTP, POP3 and IMAP traffic3. The proposed system should have configurable policy options to select whattraffic to scan for Spam4. Facility to mark a copy of all incoming and outgoing emails to administratordefined email address5. The proposed system should have an option of having a configurable Spampolicy per email address or address group6. The propose solution should be able to tag email subject based on the Spamfilter match criteria7. The proposed system should minimally provide SPAM filtering base on:8. IP address Black/White list9. Real-time black hole List (RBL) or Open Relay Database List (ORDBL) servers10.The proposed system should be able to provide alerts and reports based onusername, mail protocol IP address, sender, recipient, subject and Spam categoriesWeb Filtering and Application control1. The proposed system should have integrated Web Filtering solution in theappliance2. Websites & its category information should be locally stored inside theAppliance & it should not query third party or Remote Hosted Servers on Datacentres3. System should have facility to block Web based upload of file attachments4. The web content filtering solution should also be able to work as an independent
HTTP proxy server5. The proposed system should provide web content filtering features as follows:a. URL database should have at least 8 million sites and 60+ default categories.b. Should block URLS based on regular expressionsc. Should have support for URL exclusion list based on regular expressionsd. Should be able identify & Block Google cached links based on its categoriese. Should be able to block websites which are hosted on akamaif. Should be able to identify requests behind a proxy server and block byrequests by IP addresses and username, which are even behind a proxy serverg. Should be able to identify URL Translation Web server and block requests tosuch servers6. The proposed system should provide application control features as follows:a. Should be able to block famous chat and instant messaging communicationlike yahoo, jabber, msn, AOL messenger etc and other applications based onsignatures and independent of ports.b. Should be able to block file upload through IM, FTP protocols.c. Should be able to block users from accessing public HTTP proxies runningon port 80 as well as any other port7. The proposed system should have support for user authentication fromWindows PDC, Windows AD, LDAP server and Internal Database8. Should be able to customize block message for each categories9. Should be able to log and report usernames, request IP address, domain name,URL, website category and category type10.Should be able to identify traffic based on productive, neutral & unproductivewebsites as specified by admin.Multiple ISP Load Balancing and Failover1. The proposed system should have integrated multiple ISP load balancing and
failover for outbound traffic2. Multiple link load balancing and failover should be possible for more than 2 ISPLinks3. The proposed system should be able to do weighted round robin based loadbalancing of traffic over multiple links based on the weight assigned to eachlink4. The proposed system should be able to detect link failure based on userconfigurable set of rules based on ICMP, TCP and UDPReporting solution1. The proposed system should have integrated reporting solution running on thesame appliance. The reports should be accessible through HTTP or HTTPS2. Reports should be available based on individual users download & Uploadtraffic3. The proposed system should provide user based, group based and IP addressbased reports for traffic discovery, Gateway level Anti Virus & Anti Spam,Intrusion detection and prevention and Web Content Filter4. The proposed system should provide reports in HTML, Graphical and CSVformat5. The proposed system should have configurable options to send the reports onmail to designated email addresses6. The proposed system should have options to create users with different accessrights (E.g. users who can only view reports and not manage the system)7. The proposed system should be able to provide connection wise reports for user,application, source and destination IP address and source and destination portand protocol8. The reporting solution should be able to provide detailed reports about the mailactivity passing through the system
PRICE BIDName of the item: - Internet Connectivity to NRCPB with accessories
(Submit separate Technical and Price bids in sealed envelopes)SPECIFICATIONS PRICE OFFERED A) Specification for band widthFibre last mile through a service provider having its own last mile (fibre optic Network)Fibre optic network as the ISP's Back boneLatency to US under 350 ms.Separates rates forBandwidth of 2mbps. 1:1 dedicated channelBandwidth of 4mbps. 1:1 dedicated channelBandwidth of 8mbps. 1:1 dedicated channelProviding one networking personnel on 24X7 from 9.00Am to 5.00Pm to maintain internal connectivity One time chargesAnnual Recurring ChargesModem Pair, Rental, Annual Recurring charges wireless local loopPort for terminating the bandwidthBlock of 8 IP addressConverter charges
B) Specification for Web Server64 bit RISC Processor system having at least 16 cores. Processor speed should be 1.2 GHz or higher with an architechture of Multicore Chip Multithreading or better optimized for Web Serving workloads, Space optimized, rack mounted 1RU designMemory: 16 GB DDR2 with DRAM Sparing, ECC registered DIMMs upgradable to maximum of 64 GBInternal disc may be provided with 2 x 146 GB Hot Plug SAS disks. At least one empty bay for adding additional disk, optical hard drive,System should come with Integrated Open Source based Virtualization capability software with 19” TFT monitor and keyboardPower supply:2 x Hot Swappable Power Supply providing N+1 redundancy. Power Consumption and BTU/Hr rating to be providedOperating system: Pre loaded 64 bit Unix/ Linux Operating System supporting following features like Multi-threading awareness, the OS should support Security features like File Integrity, User and Process Rights Management, Network service protection using IP filter firewall, TCP
C) Specification for Firewall (Unified Threat Management Appliances) UTMA
Appliance Requirements1. The proposed system should be capable of supporting:2. 2 number of 100 mbps Ethernet ports and 2 number of Tri speed 10/100/1000 Gigabit Ethernet port3. Should comply FCC and CE norms4. LAN Bypass facility in Bridge mode5. Appliance should support web cachingAdministration, Authentication & Configuration1. User Data & Policies export and import facility in CSV Format2. User Authentication with Windows NTLM Database, LDAP, & Active Directory and in built database of the appliance3. Single Sign-on Integration with Windows Authentication4. Bandwidth Utilization Graphs (like MRTG) of Multiple ISP Links on Day, Month, Week, Yearly basis5. Message Broadcasting to Individual Logged in Users via Web Based or through Login client software6. Network admin must be able to view amount of upload and download Data transfer done by each user separately in real time basis7. Network admin must be able to view bandwidth consumed by each individual user in the network in real time basis8. System should be provide real time traffic reports by Application wise & user wise9. Web-based & secure console based remote administration
Identity based Policy ControlsSurfing Policy Quota1. Facility to create Weekly Cyclic quota of limited period of internet surfing based on Individual usernames & groups2. Surfing Policies can be allocated on shared basis between group of users or individual user wise3. Surfing policies based on combination of Hours & Validity in term of Day, Week, Month & Yearly (ex: 8 Hours of Daily surfing valid till 1 Year)4. Policies based on time quota (ex: 100 Hours, 200 Hours) should be possible based on Individual Users & Groups Access Time Policy Quota5. Policies to control Internet access time for users & groups should be available based on time and days of week. (ex: Internet access to be only allowed to specific users or group during Working hours 9:00 AM to 6:00 PM from Monday to Saturday)Data Transfer Policy Quota6. Facility to allocated Data transfer Quota (1 GB, 2 GB, 100 MB etc) to individual user policies or group policies based on User Identity7. Should provide feature to create separate upload and download based policies for Daily, Weekly, Yearly Quota on user & group basis (ex. 1 GB Upload & 1 GB Download of Data transfer allowed every Month or Year)8. Data transfer Quota should also be allocated on shared basis on users Firewall Requirements.
1. The firewall should be dedicated standalone appliance2. Firewall rules can be created based on usernames and not on Hosts/ Subnets (eg. Rule can be created in the name of network admin (like john, harry) to allow certain privilege access such as ftp, ssh without need of providing hostnames, IP or Subnets)3. The firewall should have stateful packet filtering technology & must support oneto-one and dynamic user based NAT with an facility to create rules based on usernames, Source & Destination IP address, Hosts, network, IP Range.4. The firewall should be based on a hardened OS, which is capable of delivering network protection services at all layers along with options of network gateway level anti virus, anti Spam, intrusion detection and prevention, content filtering, multiple ISP load balancing and failover solutions.
5. The firewall should support transparent mode/Bridge mode for Seamless deployment into an existing network without changing IP configurations in the network.6. The firewall should provide multi-zone security architecture as follows: a. User assignable zones on different physical interfaces b. Different IDP policies between different zones c. Anti Virus, Anti Spam, IDP, Web filter between different zones.7. The firewall should at least provide the following system performance: a. Concurrent session: 4,00,000 b. New sessions: 10,000 c. Firewall throughput at least: 500 Mbps8. Provide Pre-defined services based on port numbers and Layer 7 application signatures and ability to create user-definable services, which can be used to Define firewall rules.Bandwidth Management1. The proposed system should have integrated Bandwidth Management2. The proposed system should be able to set guaranteed and burstable bandwidth per User and group of Users3. System should be able to create Bandwidth Policies based on applications and not on IP or Ports4. The proposed system should provide user based and layer 7 based visibility and bandwidth utilization for every connection established through that systemIntrusion Detection and Prevention (IDP)1. The proposed system should have signature and anomaly base intrusion detection and prevention system2. The proposed system should be able to provide multiple IDP policies and allow attaching an IDP policy to a firewall rule. This should help the administrator in defining customized IDP policies as per his requirements of security and alerts3. Reporting of internal alerts should be based on username and not on hostnames orIP addresses.4. The attack signatures should be automatically updated from a central database Server.
Gateway Anti-Virus1. The proposed system should have an integrated Anti-Virus solution and should be able to provide real-time detection of viruses and malicious code at the gateway for HTTP, SMTP, POP3, IMAP and FTP over HTTP Internet traffic2. The Basic Virus Signature Database should comprise of the complete Wild List Signatures and variants as well as malware like phishing mails and spyware. The antivirus system should not be share-ware, free-ware3. Facility to add signature / Disclaimer in emails4. Facility to provide notification of email virus information to admin email id5. Facility to store infected emails in Quarantined section in the appliance itself6. The proposed system should have configurable policy options to block different file types such as Executables, Dynamic7. The proposed system should have configurable policy options to block customized file type attachments like .exe, .ini etc.8. In SMTP Antivirus scanning subsystem, if email message is either infected, suspicious or protected attachment, then following options should be there to either deliver original email, Do not deliver or remove attachment and deliver. Similarly notification to administrator on either of the above options should be available9. In terms of SMTP the Proposed system should not act as mail relay or MTA by itself unless configured10. In SMTP system, it should be support facility to create customized scanning rules11. Customized scanning rules should allow policies to be applicable on sender/recipient email addresses or address groups for notification settings, quarantine settings and file extension blocking12. The proposed system should be able to update with the frequency less than 1 hour its signature database automatically at a preconfigured interval and through manual update action13. In terms of POP3 & IMAP system, if virus is detected in the email, the virus affected attachment should be stripped from the message and the message body should be replaced with a notification message.14. The HTTP Anti Virus gateway should be able to scan sites based on source, destination and URL regular expressions for Virus scanning15. The HTTP Anti Virus system should be able to bypass source & destination Hosts16. The HTTP Anti Virus should have scanning options of real mode and batch mode with option to restrict file size for scanning17. Support Personalized Individual User Quarantine support.18. The proposed system should be able to provide alerts and reports based on username, protocol, IP address, sender, recipient, subject and virus-namesGateway Anti-Spam1. The proposed system should have an integrated Anti-Spam solution in the Appliance2. Should have ability to filter SMTP, POP3 and IMAP traffic3. The proposed system should have configurable policy options to select what traffic to scan for Spam
4. Facility to mark a copy of all incoming and outgoing emails to administrator defined email address5. The proposed system should have an option of having a configurable Spam policy per email address or address group6. The propose solution should be able to tag email subject based on the Spam filter match criteria7. The proposed system should minimally provide SPAM filtering base on:8. IP address Black/White list9. Real-time black hole List (RBL) or Open Relay Database List (ORDBL) servers10.The proposed system should be able to provide alerts and reports based on username, mail protocol IP address, sender, recipient, subject and Spam categoriesWeb Filtering and Application control1. The proposed system should have integrated Web Filtering solution in the appliance2. Websites & its category information should be locally stored inside the Appliance & it should not query third party or Remote Hosted Servers on Data centres3. System should have facility to block Web based upload of file attachments4. The web content filtering solution should also be able to work as an independent HTTP proxy server5. The proposed system should provide web content filtering features as follows: a. URL database should have at least 8 million sites and 60+ default categories. b. Should block URLS based on regular expressions c. Should have support for URL exclusion list based on regular expressions d. Should be able identify & Block Google cached links based on its categories e. Should be able to block websites which are hosted on akamai f. Should be able to identify requests behind a proxy server and block by requests by IP addresses and username, which are even behind a proxy server g. Should be able to identify URL Translation Web server and block requests to such servers6. The proposed system should provide application control features as follows: a. Should be able to block famous chat and instant messaging communication like yahoo, jabber, msn, AOL messenger etc and other applications based on Signatures and independent of ports. b. Should be able to block file upload through IM, FTP protocols. c. Should be able to block users from accessing public HTTP proxies running on port 80 as well as any other port7. The proposed system should have support for user authentication from Windows PDC, Windows AD, LDAP server and Internal Database8. Should be able to customize block message for each categories9. Should be able to log and report usernames, request IP address, domain name, URL, website category and category type10.Should be able to identify traffic based on productive, neutral & unproductive Websites as specified by admin.Multiple ISP Load Balancing and Failover1. The proposed system should have integrated multiple ISP load balancing and
failover for outbound traffic2. Multiple link load balancing and failover should be possible for more than 2 ISP Links3. The proposed system should be able to do weighted round robin based load balancing of traffic over multiple links based on the weight assigned to each link4. The proposed system should be able to detect link failure based on user configurable set of rules based on ICMP, TCP and UDPReporting solution1. The proposed system should have integrated reporting solution running on the same appliance. The reports should be accessible through HTTP or HTTPS2. Reports should be available based on individual users download & Upload traffic3. The proposed system should provide user based, group based and IP address based reports for traffic discovery, Gateway level Anti Virus & Anti Spam, Intrusion detection and prevention and Web Content Filter4. The proposed system should provide reports in HTML, Graphical and CSV format5. The proposed system should have configurable options to send the reports on mail to designated email addresses6. The proposed system should have options to create users with different access rights (E.g. users who can only view reports and not manage the system)7. The proposed system should be able to provide connection wise reports for user, application, source and destination IP address and source and destination port and protocol8. The reporting solution should be able to provide detailed reports about the mail activity passing through the system