1

The Madison Metropolitan Sewerage District requests proposal for

Network Upgrade: IP Addressing Scheme Update and Dual Firewalls Implementation

Proposal The Madison Metropolitan Sewerage District (District), as part of its ongoing improvements to its network infrastructure, is soliciting proposals for a consultant to migrate the District’s network from a 126.0.0.1 IP address format, and then integrate this new addressing scheme into a new dual firewall installation. These proposals should identify services, equipment, scope, process, schedule, and not-to-exceed cost estimates. The District understands that proposers may have questions that cannot be answered by the information contained within this RFP. Proposers are welcome to contact the District with questions about this RFP in advance of submitting proposal documents. Questions should be submitted via email and addressed to:

Laurie Dunn lauried@madsewer.org

The deadline for asking or submitting (via phone or email) questions is end of the day on April 20th, 2017. Proposals should also be submitted via email. When submitting a proposal, please consider using an automated receipt confirmation. The District reserves the right to reject any or all proposals. When submitting a proposal the email shall clearly state in the subject line that you are sending an RFP for: IP Addressing Scheme Update and Dual Firewalls Implementation. Proposals should be sent to:

Laurie Dunn lauried@madsewer.org

The deadline for submitting proposals is end of the day on May 8th, 2017.

2

I - Introduction and Background ......................................................................................................................... 3

II – Overview of Current Technology Conditions ................................................................................................ 3

Network Infrastructure Overview .................................................................................................................. 3

IP Addressing Schemes ................................................................................................................................... 3

Current Firewall .............................................................................................................................................. 4

District Technology Staff and Culture ............................................................................................................. 4

III - Objectives ..................................................................................................................................................... 5

Request for Proposal Objectives .................................................................................................................... 5

Project Objectives ........................................................................................................................................... 5

IV - Deliverables .................................................................................................................................................. 5

V - District Provided Resources .......................................................................................................................... 6

VI - Submittal Requirements .............................................................................................................................. 7

Contract Details .............................................................................................................................................. 7

Contract Terms ........................................................................................................................................... 7

Project Kick-Off Meeting ............................................................................................................................ 7

Conflict of Interest ...................................................................................................................................... 7

Removing Employee of Contractor for Misconduct or Security Reasons .................................................. 7

Proposal Format ............................................................................................................................................. 8

Functional Requirements ........................................................................................................................... 8

Other Required Information ....................................................................................................................... 9

VII - Evaluation and Interviews ......................................................................................................................... 10

Network Upgrade Team ............................................................................................................................... 10

Evaluation Process and Criteria .................................................................................................................... 11

Appendix A – Network Technology Current State ............................................................................................ 15

Appendix B – Firewall Evaluation and Cost Summary Forms ........................................................................... 20

3

I - Introduction and Background The Madison Metropolitan Sewerage District (District) is a wastewater treatment facility committed to resource recovery and protection of the public health in central Wisconsin. The District serves 38 communities and processes approximately 42 million gallons of wastewater a day. The District is governed by a 9-member Board of Commissioners appointed by the communities that we serve. In 2016 the District developed a Strategic Technology Plan. Included with this plan were recommendations for changes to our network design and infrastructure. This proposal is to address two of the high priority recommendations: updating our Administrative network’s IP addressing scheme (we currently use a 126.1.1.0 format) and the purchase, configuration, and installation of dual firewalls.

II – Overview of Current Technology Conditions Network Infrastructure Overview The District’s Information Systems Group supports both an Administrative Network for general staff uses and a separate Process Network dedicated to the plant process control system. Both networks use Microsoft Windows Server operating systems and they use VMware for server virtualization. The Process Network does not have access to the Internet. The Administrative Network supports the needs of 110+ users. It currently includes: 10 physical servers, 4 hosts, 26 VMs, 23 switches, 1 firewall, 1 router, 15 wireless access points, 120+ desktops/laptops, a Unitrends backup appliance, and an EqualLogic SAN. The Administrative network also includes 5 wireless networks, one for guests (internet only) and another that connects to the regular administrative network resources. The others include the Process Control Network, 3CX Phone Network, and mobile network (internet only). The Process Network serves a large plant process control system. It includes: 3 physical servers, 3 hosts, 21 VMs, 45 switches, a Unitrends backup appliance, 22 thin clients, and an EqualLogic SAN. A variety of plant process control devices (about 1000) communicate over this network. Fiber makes up a notable part of the infrastructure with 400 terminations (currently 25% usage) and a length of approximately 5 miles. For security reasons, this network is not exposed to the internet. Thin client and remote access are done using Citrix Receiver. The District’s voice system is a 3CX Phone System for Windows. This software-based IP PBX was installed in 2015 and it supports approximately 140 phones. The system provides an optional desktop softphone application that is used by approximately 50% of the District staff. Additional detailed information about our networks can be found in Appendix A Current State.

IP Addressing Schemes Our Administrative Network currently uses (mostly) an IP addressing scheme with a 126.1.1.0 format. The Process Network IP addressing scheme does not need to be updated. The table below presents a high-level view of our current IP addressing schemes.

4

Network IP Addressing Overview

Description Address Format DHCP DHCP Server DHCP Range

Start DHCP Range

End

Charter ISP Modem 71.13.x.x Administrative Network 126.1.1.0 Yes DC01+DC02 VMotion 10.10.x.x No Process Control Network

10.0.x.x, 10.1.x.x, 10.2.x.x, 10.3.x.x Yes PCSDC02 10.2.x.x 10.2.x.x

Trunked for switch communications 10.10.x.x

Guest Wireless 10.9.x.x Yes Checkpoint FW 10.9.x.x 10.9.x.x

Administrative Wireless 10.9.x.x Yes

Checkpoint FW 10.9.x.x 10.9.x.x

Network Management 10.10.x.x Yes

Checkpoint FW 10.10.x.x 10.10.x.x

Process Control Management 10.60.x.x VPN Inside 172.25.x.x Sonicwall VPN Outside 71.13.x.x Phone System 10.10.x.x Yes 3CX01 10.10.x.x 10.10.x.x

The Administrative Network will need all devices using the 126.0.0.1 format migrated to a network using an acceptable private network IP address format. The process for doing this must ensure that connectivity is maintained to all devices and services.

Current Firewall Our current firewall is a Checkpoint 2200. This appliance is used to perform: URL filtering, minor DHCP tasks, blocks unauthorized access, and does some packet inspection. This appliance is currently markedly undersized for our needs.

District Technology Staff and Culture This project will involve a high degree of collaboration with District Information Systems staff. These staff take great pride in their stewardship and knowledge of the District network and District needs. It will be very important that these individuals continue this tradition by playing a key role in this project. During the course of the project, knowledge of the new systems should be shared with District staff through their involvement. It is also expected that documentation appropriate for ongoing management of the systems will also be generated.

5

III - Objectives Request for Proposal Objectives The objective of this RFP is to solicit proposals from qualified consultants that have expertise in general network design and technology. These consultants should also have specific capabilities for IP addressing scheme changes, and firewall implementations. The selected consultant will also need to provide dual firewalls that are appropriately selected and sized for the District’s current and future needs. Our budget for this project cannot exceed $93,000. We present this number here to assist you in understanding the resources available for this project. This budget number should also be used to help you shape your proposal. If your proposal describes a project that will exceed this budget amount, please break the proposal into phases that will allow us to select phases/work to match our available budget. Additional phases may be addressed using budget in future years. Project Objectives The result of these network upgrades should include: • An Administrative Network where all devices are using the new IP address scheme. • The new IP Addressing scheme follows good practice for a private network. • All connectivity to devices and services available before the IP addressing scheme change are

maintained after the change. • Implemented dual firewalls support the current and future needs for: network security, email, and

monitoring. • The dual firewall implementation provides fail safe services that, should one firewall fail, minimizes the

downtime of internet and email services for District staff. • New firewalls scan email, monitor internet traffic, provide URL filtering, perform packet inspection,

contain reporting and log analysis tools; and integrate VPN capabilities with minimal performance and messaging impact on general network users. More details can be found on the Firewall Evaluation Form and Firewall Cost Summary forms found in Appendix B.

• New firewalls are easily managed and administered by District network staff. • Documentation and training for ongoing support of both the IP addressing scheme and the firewalls is

complete and easily available.

IV - Deliverables Deliverables • Project Kick-off Meeting • Detailed project plan describing the steps for removal of the District’s old firewall and the

implementation and configuration of the new dual firewalls. This plan will need to be approved by District Network Staff before being considered final and it should clearly call out times when District staff will be involved.

• Detailed project plan describing the steps for the IP Addressing Scheme Update work. This plan will need to be approved by District Network Staff before being considered final and it should clearly call out the times when District staff will be involved.

• Network IP addresses for all devices and services on the District’s 126.0.0.1 network are updated to a new good-practice IP addressing scheme, with connectivity maintained to all devices and services.

6

• Documentation describing the new IP address scheme and a list of devices and services that have hard-coded/static IP addresses.

• Documentation of all DNS changes completed during the IP address change process. • Dual firewalls are installed, configured properly, and are running in high availability configuration. • Support contracts for the firewalls are engaged and affective for at least the next calendar year. • Administrative training for District Network Staff on both the new firewalls and the new IP addressing

scheme. This training should include: o How to configure, manage, support, and update the firewalls. This should also include

instruction on how to generate reports that will assist with this management and support. o Step by step instruction on how to make configuration changes to the firewalls for: security,

networking, reporting features, and VPN services. o Review and overview of the new IP addressing scheme. This should include recommendations

for ongoing management of the scheme to support our network and needs. o Documentation to support this training.

The Contractor shall provide all final written document deliverables directly to the Project Manager or designee in an electronic version (Microsoft Word or PDF), no hard copy document needs to be submitted. The District’s Network staff, Project Manager, and other persons designated by the District will review all final deliverables to ensure overall compliance with RFP requirements. The District will consider errors, misleading statements, incomplete information, or repetition as deficiencies and the Contractor shall make corrections at no additional cost. Timeline The District has established the following tentative high-level timeline for this project. These dates are subject to change at the District’s discretion and will be discussed and negotiated with the selected consultant when the final contract is negotiated.

• Proposals received deadline: May 8th • Consultant selected: May 10th • Presentation to District Commission for approval: June 15th • Negotiate and Finalize contract: June 23rd • Contract legal approval: July 7th • Project start date: between July 17th and August 21st • Project Complete: December 31st

V - District Provided Resources The following resources will be available: • The District will provide the Consultant access to staff, work space, internet access, network diagrams,

network configuration documents, and any other available technology documentation. • District staff will be available to attend and participate in scheduled meetings. This update/upgrade

project will be given high priority by the Information Systems group. • District Information Systems Staff will be available to provide assistance to the Consultant during all

phases of this project.

7

• The District’s Administrative network will be available to the consultant while on site. Due to security concerns, remote access to the network may not be possible during all times, though every effort will be made to accommodate the needs of the selected consultant if remote work is desired.

VI - Submittal Requirements Contract Details Contract Terms Following the selection of a qualified firm for the work of this RFP, the District and the firm will begin a good faith effort to negotiate a Professional Services Contract for the work. The firm will supply the basic contract for the negotiations, and this will include Terms & Conditions as well as the Scope of Services for performance. The requirements of this RFP shall be and hereby are fully incorporated in the Professional Services Contract, unless expressly agreed to by the District. If a mutually satisfactory contract cannot be agreed upon with the selected vendor within a reasonable period of negotiation, as determined solely by the District, then the District may cease negotiations with the selected vendor and commence negotiations with alternate vendors in accordance with their respective ranking, and the contract may be awarded to such an alternate vendor. Notwithstanding any provision in this RFP to the contrary, the District fully reserves the right to cancel procurement of the professional services pursuant to this RFP, at the District’s sole discretion. Project Kick-Off Meeting The Contractor shall schedule a Kick-Off Meeting with the Project Manager and the District’s Network Administration Team. The purpose of the Kick-Off Meeting, which will be led by the Contractor, will be to identify primary points of contact, discuss roles and responsibilities, review the project schedule, and discuss the technical and contracting objectives of this project. The Kick-Off Meeting will be held at the District’s facility. Conflict of Interest During the course of its performance of the project through completion, and for a period of 6 months after completion of the project, the Contractor shall not employ any person who is an employee of the District. If Contractor breaches this requirement, and the District incurs legal fees to enforce this provision, Contractor shall be obligated to reimburse the District for the actual attorney fees and costs incurred in any such enforcement by the District. Reimbursement by Contractor shall be made in full within 60 days of the later of the date incurred by the District or the date reimbursement is requested by the District. Contractor acknowledges that the District may request and obtain an injunction to enforce this provision, as well as monetary damages. Removing Employee of Contractor for Misconduct or Security Reasons The District may, at its sole discretion, direct the Contractor to remove any Contractor employee or independent contractor affiliated with the Contractor from the project or the District’s facilities for misconduct or security reasons. Misconduct includes, but is not limited to, harassment, discrimination, violence or threat of violence, dishonesty, unethical behavior, willful negligence in performing duties, unauthorized disclosure of District information, falsifying records, working under the influence of drugs or

8

alcohol, engaging in illegal activity, etc. Removal does not relieve the Contractor of the responsibility to continue providing the services required under any task order awarded. Submission Instructions and Deadlines The District reserves the right to reject any or all proposals or to waive any technicality and accept any proposal that may, in its opinion, be advantageous to the District. The District reserves the right to call for more proposals and is not required to use one of the vendors that respond to this initial RFP. The District will not reimburse costs for preparation of proposal or demonstrations pre-contract. Pre-Proposal Questions Any specific questions or comments concerning the RFP maybe emailed to lauried@madsewer.org.

• Questions must be received no later than the end of the day on April 20th, 2017. • Questions or comments received by the deadline above will receive a response by April 26th, 2017.

Proposers shall note that only the written answers provided will be binding on the District. These answers shall represent the District’s official position and supersede any previous oral statements or written statements by District staff. Questions and their respective answers which may have relevance for other proposers shall be posted to the District’s website. Deadline for Submitting Proposals The Contractor shall submit their proposal via email, directly to the Project Manager in an electronic version (Microsoft Word or PDF); no hard copy need be submitted. Please submit proposals to:

Laurie Dunn lauried@madsewer.org

The email, with the proposal attached, should have a subject line that clearly states: Network Upgrade: IP Addressing Scheme Update and Dual Firewalls Implementation. The deadline for receipt of this submittal at the District is the end of the day on May 8th, 2017. An authorized representative of the Proposer shall sign the proposal. It is recommended that the Proposer confirm receipt of the electronic submittal. The District will not consider any proposals received after the official deadline. Proposal Format Functional Requirements Present a high-level work plan, including the methodology and processes to be followed to meet the Objectives and Deliverables found in this document. Also include a timeline that starts from the award of contract to project completion. We do not want to set a limit on the number of pages for your proposal, but we do want to encourage you to be concise and direct. Brevity and clear explanations are highly valued by all District staff who will be reviewing your proposal. If you want to expand upon certain elements of your core proposal document, please feel free to include this information as an appendix to your document.

9

Other Required Information Beyond the functional requirements, the proposal should include the following information: Statement of Interest - This statement shall indicate your firm’s general interest and capability to

provide the District with the services and equipment to meet the requirements in this RFP.

Contact Person - Include the name, title, address, telephone number, and e-mail of the key contact person for any questions regarding your proposal.

Pricing – Please provide an estimated price and breakdown for all components and equipment for this project. Show billable rates and estimated hours for each individual to be involved with the project. Define any additional expenses that will be billed. List all other product, material, and equipment expenses with any markup for the work in your proposal. Details of costs for the firewalls should be included on the Firewalls Costs Summary form mentioned below. Travel costs should be estimated and included on your pricing schedule.

Firewalls Evaluation Form – This form will be used to confirm that the proposed firewalls meet the District’s requirements; it also allows you to note additional features that may provide additional value. One form should be completed for the pair of firewalls listed in your proposal. If you will be submitting more than one firewall option, then a form must be completed for each of those options. Accurate completion of this form is essential for meeting the requirements of this RFP. The Firewalls Evaluation Form is available at the end of this RFP in Appendix B and in an Excel format on the District’s Projects web page where you found the link to this RFP (http://www.madsewer.org/Projects/Current-Professional-Services-Projects). If you have any questions related to this form, please contact the District’s Project Manager.

Firewalls Costs Summary – This form will be used to organize and summarize total costs for the

proposed firewalls. While we are asking to see 5 year support and licensing costs, only the first year’s costs will need to fit into our current project budget of $93,000. However, please be aware that 5 year costs will be used to compare the cost of ownership among all proposed firewalls. One costs summary form should be completed for the pair of firewalls listed in your proposal. If you will be submitting more than one firewall option, then a form must be completed for each of those options. Accurate completion of this form is essential for meeting the requirements of this RFP. The Firewalls Costs Summary form is available at the end of this RFP and in an Excel format on the District’s Projects web page where you found the link to this RFP (http://www.madsewer.org/Projects/Current-Professional-Services-Projects). If you have any questions related to this form, please contact the District’s Project Manager.

Project Plan – Include the project plan as it will be managed by you. This should include tasks, task

durations, resource assignments, and expectations for resources from the District. Please ensure availability of your key team members.

Project Approach - Include an overview of your planning approach, with details on the tasks and involvement of different staff and the involvement of District staff.

10

Subcontracting - Any subcontracting for completing the work of this RFP must be identified in the proposal submittal. In the event that unanticipated subcontracting for services or material becomes necessary during the execution of the Contract, then that engagement must be approved by the District’s Project Manager.

Qualifications o Firm – Please provide an overview of your firm’s experience and qualifications for the

project and this technical work. o Team – Identify your project manager and other team members. Provide a summary of

experience and skills of key team members. Include resumes (limited to 2 pages per team member) in an appendix.

o Past Performance Project Summaries – Please include at least 2 project summaries (no more than 1 page) illustrating your experience with similar projects in the past. These summaries should include experiences related to firewall implementation and IP addressing work. Ideal candidates for this project will have experience in both areas.

o Past Performance References – Please include contact information for three customer references for which you performed similar work. Customer references for organizations similar to the District in staffing and infrastructure are highly encouraged.

Statement of Proposal Life - Your proposal shall have a proposal life of at least 180 days from the date of the RFP due date. This shall represent the time during which the proposal is a firm offer and a contract can be implemented.

Contact Person - Please include the name, title, address, telephone number, and e-mail of the key contact person for any questions related to your proposal.

Signature of Authorized Representative - An authorized representative of the Contractor shall sign the Proposal.

VII - Evaluation and Interviews Network Upgrade Team The District’s Network Upgrade Team will evaluate, review, and score the submitted proposals. Team members will also attend and evaluate interviews, and they will participate in the process to select the final consultant. Network Upgrade Team members may include:

• Project Manager/Information Systems Manager • Network Technicians/Administrators (2) • External Network Design Consultant • Other District technology staff who have an interest in this project

11

Evaluation Process and Criteria All proposals will be evaluated by the District’s Network Upgrade Team. This team will use following process to appraise the consultant firms. Preliminary Selection and Evaluation: The Evaluation Team will review all proposal responses and qualifications. Proposals will be scored, and then 2 - 3 firms will be selected for interviews. The evaluation criteria used for this preliminary selection are as follows:

Preliminary Selection and Evaluation Criteria Points Allocation

Ability. The ability of the firm's project team to meet requirements of this RFP in a way that reflects an understanding of the technical requirements while also delivering a successful project. Higher scores will be given to firms proposing value-added right-sized approaches that would blend well with the District’s current infrastructure and available resources. 0-35 Experience. Higher scores will be given to firms having experience with organizations of a similar size, technology, and scope as the District. Experience with IP addressing, IP addressing changes, firewall technologies, and firewall configuration will also result in a higher score in this area. Also important will be past record of performance on contracts with particular attention given to control of costs, quality of work, and ability to meet deadlines. 0-25 District Involvement. Preference will be given to firms having proposals that ensure appropriate interaction with District staff during project execution. Especially important will be a plan that includes: knowledge transfer to District Network staff, integration with the District’s technology, a commitment to documentation, and an ability to collaborate/communicate with people of varied technical backgrounds. 0-15 Pricing. Proposal pricing will be reviewed for both hourly rate and total estimated cost. The District has a limited budget for this project, so proposals with the highest value will be given higher consideration, however, the selected firm does not necessarily need to be the one with the least cost proposal. 0-10 Implementation. Capability of the firm to perform the work using an approach that involves collaborative processes, good communication, is right-sized for the District, and meets the deadlines proposed in the offered project schedule. 0-15

Total Possible Points 100 Interviews: Selected firms will be invited to interview with the Network Upgrade Team and other interested District staff. Time slots for individual interviews will be determined by random selection and availability. Interviews will consist of a presentation that should be no longer than 45 minutes, and this will be followed up by a question and answer period lasting no longer than 30 minutes. These time limits will be strictly enforced, so please plan accordingly. Presentations may be organized as you see fit, and may be used to supplement or expand upon any aspects of your written proposal. During the question and answer period, District staff will ask clarifying questions

12

about the details and implementation of your proposal. Firms may also ask questions of District staff in order to clarify requirements and needs. The members of the Evaluation Team will have reviewed all written proposals prior to the interviews. The District will not reimburse costs related to interviews. Interviews may be conducted in person, remotely, or using a combination of these methods. Each selected firm will determine the interview method which they believe best for presenting their ability to meet our requirements. The interview will also be used by the Network Upgrade Team to evaluate the Firm’s communication style, ease of interaction, ability to organize a presentation, and their skill in describing their technical expertise in ways that can be easily understood. Final Evaluation and Selection: After the interviews, the proposals and interviews will be evaluated and scored using the following criteria:

Selection and Evaluation Criteria (Post-Interview) Points Allocation

Ability. The ability of the firm's project team to meet requirements of this RFP in a way that reflects an understanding of the technical requirements while also delivering a successful project. Higher scores will be given to firms proposing value-added right-sized approaches that would blend well with the District’s current infrastructure and available resources. 0-25 Experience. Higher scores will be given to firms having experience with organizations of a similar size, technology, and scope as the District. Experience with IP addressing, IP addressing changes, firewall technologies, and firewall configuration will also result in a higher score in this area. Also important will be past record of performance on contracts with particular attention given to control of costs, quality of work, and ability to meet deadlines. 0-20 District Involvement. Preference will be given to firms having proposals that ensure appropriate interaction with District staff during project execution. Especially important will be a plan that includes interaction with District staff, a plan that reflects integration with our current technology, a commitment to documentation, and an ability to collaborate/communicate with people of varied technical backgrounds. 0-15 Pricing. Proposal pricing will be reviewed for both hourly rate and total estimated cost. The District has a limited budget for this project, so proposals with the highest value will be given higher consideration, however, the selected firm does not necessarily need to be the one with the least cost proposal. 0-10 Implementation. Capability of the firm to perform the work using an approach that involves collaborative processes, good communication, is right-sized for the District, and meets the deadlines proposed in the offered project schedule. 0-10 Interview. Presentation, information, and responses to questions during the interview. Higher scores will go to firms with well-organized presentations of a sound technical plan that is easily understood by all members of the Network Upgrade Team. We highly encourage you to highlight your plan and abilities, and t0 refrain from giving negative descriptions of possibly competing firms. 0-20

Total Possible Points 100

13

VIII - Additional Provisions Revisions to the RFP The District may modify or amend this RFP at any time. Use, Disclosure, and Confidentiality of Information The information supplied by a Proposer as part of an RFP response will become the property of the District. Proposals will be available to interested parties in accordance with the Wisconsin Open Records Law. None of the proposal responses will be made available to the public until after negotiation and award of a contract or cancellation of the procurement. Following award, responses shall be made available in accordance with Wisconsin’s Public Records law To the extent requested by a Proposer and allowed by law, the District will treat trade secrets and confidential financial information as confidential (if designated as confidential and submitted separately in a sealed envelope). The Proposer shall request confidential status before a proposal is submitted. If the District believes that information designated as confidential should not be treated as such, the Proposer will be notified and afforded reasonable time to present objections prior to any release of the information. The District will take into consideration the possibility of harm resulting from any disclosure, but reserves the right to make the final determination in accordance with the law. Please note that pricing information cannot be considered confidential. Errors in Proposals Proposers will not be allowed to change or alter their proposals after the deadline for proposal submission. The District reserves the right, however, to correct obvious errors such as math errors in extended pricing (not unit pricing). This type of correction may only be allowed for “obvious” errors such as arithmetic, typographical, or transposition errors. Any such corrections shall be approved by the District and countersigned by the Proposer. Proposers are advised to make sure that their proposals are true and correct before submission. Taxes The District is exempt from Federal, State, and Local Taxes and will not be responsible for any such taxes in connection with this project and contract customer. Confidentiality Any data or other information regarding the District’s network infrastructure, data, customers, operations, or methods obtained by the Contractor during the course of the project shall remain confidential and shall not be released to third parties without the express written consent of the District. The contractor will be required to destroy all documents and electronic data related to the District’s infrastructure on completion of the project. Use of the District’s Name Upon entering an agreement, the successful Contractor agrees not to use the name of the Madison Metropolitan Sewerage District in relation to the agreement in commercial advertising, trade literature, or press releases to the public without the prior written approval of the District. The District has the right to enjoin the Contractor from any such use in violation of this provision, and the Contractor shall be

14

responsible for damages and reimbursement of actual reasonable legal fees incurred with regard to legal evaluation and/or legal action taken by the District because of the Contractor's violation of this provision, including fees incurred to obtain an injunction.

15

Appendix A – Network Technology Current State

16

High-level Network View

Checkpoint FW

Charter Modem

Admin Voice PCS

Distribution

Wireless Controller DCMGMT Dell SonicWallVPN VM

15 APs

Exchange Server

17

Wireless Network Overview

Headworks

GBT Polymer

CheckpointInterface is vlan’d through port 4. 10.9.x.x and 10.9.x.xHP Procurve 5120

Distribution switchProcess Control

network(9Springz)

Voice Network(Madhatter)

Wireless Controller10.9.x.x

OpsDataCenter Wireless 10.9.x.x

Shop Wireless 10.9.x.x Maint Fac Wireless

10.9.x.x

Ops2nd floor wireless 10.9.x.x

Shop2ndFloorEngPrintRm

TelRm

Lab

OpsBasement

SCB2

MaintFac1Ops1stFloorMP

MaintFac2

MaintFac3

18

Current Firewall – NAT Rules

19

Current Firewall – Rules View

20

Appendix B – Firewall Evaluation and Cost Summary Forms

21

Firewall Evaluation Form Instructions: This form will be used to confirm that the proposed firewalls meet the District’s requirements; it also

allows you to note additional features that may provide additional value. One form must be completed for the pair of firewalls listed in your proposal. If you will be submitting more than one firewall option, then a form must be

completed for each of those options. Accurate completion of this form is essential for meeting the requirements of this RFP. If needed, use the Answer and/or Additional Comments fields to further explain. If this field is not large enough for your explanation, instead reference an attached document. If you have any questions, please contact

the MMSD Project Manager.

Criteria MMSD

Importance

Yes/No (circle one)

Answer and/or Additional Comments (If not enough room, please

reference an attached document) General Information Is the firewall appliance available for loan/testing before we buy? Please include cost information if applicable. Preferred

Yes No

Rack mount with ears included? Required Yes No

Dual power supplies? Nice to have

Yes No

Monitoring

Monitors-Viruses? Required Yes No

Monitors-Spyware? Required Yes No

Monitors-Spam? Nice to have

Yes No

Monitors-Content (filtering)? Required Yes No

Monitor-IPS? Required Yes No

Monitors-Gateway anti-virus? Preferred Yes No

URL Filtering? Preferred Yes No

Administration Interface

Web GUI? Preferred

Yes No

GUI management interface? Required

Yes No

GUI interface for all features? Preferred

Yes No

GUI interface-ease of use, describe in Comments field Required

22

VPN Capabilities

VPN Fully Supported? Preferred

Yes No

VPN-Possible maximum concurrent users? Required

VPN-How many user licenses would we purchase if we need capacity for 5 users now and a future capacity for 25? Required

VPN-additional tools/software needed? Please add describe in the Comments field.

Required

Yes No

VPN-clientless? (Y/N) Preferred

Yes No

Capacity and Performance Ethernet ports capacity, (1G min)? Required How many Ethernet ports (min 8)? Required

SFP (either 1G or 10G is ok) Required How many SFP (2 min)? Required Maximum nodes possible (min 1000) Required

Concurrent user capacity, including wireless and guests (min of 200 needed)? Required

As built throughput, min 10GB Required

Real-world throughput, please describe

Required

Expectations for performance when all features enabled? Speed? Updatable? What would we want to be aware of?

Required

Explain any other limits or licenses not addressed in this section. Required

23

Additional information on how above described capacity parameters might affect performance of the firewalls during both day-to-day and high demand periods of time Required

Reporting and Administration

Easy reporting; ability to expand down to more granular details? (Y/N and the describe)

Preferred

YesNo

Easy real-time monitoring? (Y/N and the describe)

Preferred

Yes No

Monitoring tools that allow for viewing of both aggregated and granular details? (Y/N and the describe)

Preferred

Yes No

Description of routine administration and management tasks needed after setup Required

HA - Active/Passive? Required

Yes No

HA - Load sharing? Nice to have

Yes No

HA - Without 3rd party software? (Y/N) Required

Yes No

Active Directory integration? (Y/N) Preferred

Yes No

24

Firewall Costs Summary Instructions: This schedule must be completed and returned with your quote. If you would like to submit costs for more than one model/type of firewall, please attach a separate schedule for each type. All costs associated

with the installation and configuration of the dual firewalls must be included on this schedule. If needed, use the Additional Costs and Optional Costs sections to further explain what is needed. Use the Comments field to

add details and further explanations when requested/desired. If the Comments field is not large enough, instead reference an attached document. If you have any questions, please contact the MMSD Project

Manager.

Required Items

Item Quantity Required

Total Cost

Comments (If not enough room here, please reference an attached document)

Firewall Appliance Base Firewall Unit 2 Support - for 2 firewalls, their technical support, software updates, upgrades, and patches

Support Initial Year Year 1 cost Support Year 2 Year 2 cost Support Year 3 Year 3 cost Support Year 4 Year 4 cost

Support Year 5 Year 5 cost Technical Support Details - costs are for 2 firewalls Technical support option 1, 24 x 7 support

Must provide costs for at least one of

these options. We require at least next

business day support.

Technical support option 2 (describe days, times, response expectations, and time to receive replacement firewall, in comments)

Technical support option 3 (describe days, times, response expectations, and time to receive replacement firewall, in comments)

25

Subscriptions - costs must reflected subscriptions for both firewalls; describe the subscriptions included in the comments field Subscription(s) Cost Total, initial year

Year 1 cost

Subscription(s) Cost Total, Yr 2 Year 2 cost

Subscription(s) Cost Total, Yr 3 Year 3 cost

Subscription(s) Cost Total, Yr 4 Year 4 cost

Subscription(s) Cost Total, Yr 5 Year 5 cost

Licenses - costs must reflected both firewalls; describe licenses included in the comments field

License(s) Cost Total, initial year

Year 1 cost

License(s) Cost Total, Yr 2 Year 2 cost

License(s) Cost Total, Yr 3 Year 3 cost

License(s) Cost Total, Yr 4 Year 4 cost

License(s) Cost Total, Yr 5 Year 5 cost

Installation and Configuration - describe hours and what is included in the comments field Installation and configuration cost, option 1 Must provide

costs for at least one

option

Installation and configuration cost, option 2 Installation and configuration cost, option 3 Training

Firewall Administrator training cost

6 hour min for 2 people

26

Additional Required Costs Use this section to list additional Equipment/Support/Configuration that will be required for the installation and configuration of the firewalls to meet the RFP's requirements. Expand and alter table cells as needed to clearly

communicate your costs and ideas.

Item Quantity Total Cost Explanation/Comments

Optional Costs

Use this section to list optional items or services you feel could enhance or add value to the firewall installation. Expand and alter table cells as needed to clearly communicate your costs and ideas.

Item Quantity Total Cost Explanation/Comments