Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project Manager
E-Government Program
Terms of Reference
Data Center for the Government of Lebanon
Version 0.2
DRAFT
August, 2010
E-Government Data Center TOR – 0.2
August 2010
Page 1/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Versions Management
Version
Date
Who
Description
0.1
30th of July, 2010
Rania FAKHOURY
Creation of the document based on
different technical specifications
collected from the Data Center RFI Study
process
0.2
18th of August, 2010
Rania FAKHOURY
Updates based on different meetings
with Dr. Ali ATAYA
E-Government Data Centre TOR – 0.2
August 2010
Page 2/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Table of Contents
1
DEFINITIONS AND ACRONYMS .................................................................................................................... 5
2
INTRODUCTION ........................................................................................................................................... 6
3
BACKGROUND ............................................................................................................................................. 6
4
SUMMARY OF SOLICITED SERVICES ............................................................................................................. 7
5
ASSUMPTIONS ........................................................................................................................................... 10
5.1
AVAILABILITY ..................................................................................................................................................10
5.2
LOCALIZATIONS ...............................................................................................................................................10
5.3
INTERNET ACCESS............................................................................................................................................11
5.4
ENVIRONMENTS ..............................................................................................................................................11
5.5
PORTAL .........................................................................................................................................................11
5.6
POWER CONSUMPTION/HEAT DISSIPATION ..........................................................................................................11
5.7
STORAGE AMOUNT ..........................................................................................................................................12
5.8
GSB .............................................................................................................................................................12
6
NETWORK TOPOLOGY ............................................................................................................................... 12
7
DESIGN DESCRIPTION ................................................................................................................................ 13
7.1
GENERAL .......................................................................................................................................................13
7.1.1
Scalability ...............................................................................................................................................13
7.1.2
Redundancy ...........................................................................................................................................13
7.1.3
Internet connectivity ..............................................................................................................................14
7.1.4
End-to-end security ................................................................................................................................14
7.1.5
Switching capacity .................................................................................................................................14
7.1.6
Maintainability.......................................................................................................................................14
7.1.7
System and Data back-up ......................................................................................................................14
7.1.8
End-to-end virtualization .......................................................................................................................14
7.2
PLATFORM AND STORAGE ARCHITECTURE ............................................................................................................14
7.3
APPLICATION ..................................................................................................................................................15
7.4
NETWORK ARCHITECTURE .................................................................................................................................15
8
PHYSICAL INFRASTRUCTURE SPECIFICATIONS............................................................................................ 17
9
INFRASTRUCTURE REQUIREMENT ............................................................................................................. 20
9.1
SERVER TECHNICAL SPECIFICATIONS ....................................................................................................................20
9.2
NETWORK TECHNICAL SPECIFICATIONS ................................................................................................................40
E-Government Data Centre TOR – 0.2
August 2010
Page 3/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
10
HELPDESK SYSTEM ..................................................................................................................................... 49
11
OPERATIONS AND MAINTENANCE............................................................................................................. 50
12
TESTING AND COMMISSIONING ................................................................................................................ 51
13
DISASTER RECOVERY SITE .......................................................................................................................... 51
14
13.1
OBJECTIVES ....................................................................................................................................................51
13.2
REQUIREMENTS ..............................................................................................................................................51
PORTAL AND GSB SPECIFICATIONS ............................................................................................................ 52
14.1
GOVERNMENT SERVICE BUS (GSB) ....................................................................................................................52
14.1.1
Objectives ..........................................................................................................................................52
14.1.2
GSB Requirements .............................................................................................................................53
14.2
PORTAL REQUIREMENTS ...................................................................................................................................59
E-Government Data Centre TOR – 0.2
August 2010
Page 4/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
1 Definitions and Acronyms
Code
Description
BGP
Border Gateway Protocol : Protocol for backing the core routing
decisions on the Internet
CMS
Content Management System
DC
Data Center
DHCP
Dynamic Host Configuration Protocol: An auto configuration protocol
used on IP networks. Computers that are connected to IP networks
must be configured before they can communicate with other
computers on the network
DNS
Domain Name System: hierarchical naming system for computers,
services, or any resource connected to the Internet or a private
network. It associates various information with domain names assigned
to each of the participants
ESB
Enterprise Service Bus: consists of a software architecture construct
which provides fundamental services for complex architectures via an
event-driven and standards-based messaging-engine (the bus)
HVAC
Heating, Ventilating, and Air Conditioning: he technology of indoor or
automotive environmental comfort
Information technology Infrastructure Library: A set of concepts and
practices for Information Technology Services Management (ITSM),
Information Technology (IT) development and IT operations. ITIL gives
detailed descriptions of a number of important IT practices and
provides comprehensive checklists, tasks and procedures that any IT
organization can tailor to its needs
ITIL
IPS
Intrusion Prevention System : Network security appliances that
monitor network and/or system activities for malicious activity
PKI
Public Key Infrastructure: Set of hardware, software, people, policies,
and procedures needed to create, manage, distribute, use, store, and
revoke digital certificates
RTO
Recovery Time Objective: Duration of time and a service level within
which a business process must be restored after a disaster (or
disruption) in order to avoid unacceptable consequences associated
with a break in business continuity
E-Government Data Centre TOR – 0.2
August 2010
Page 5/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Code
Description
RPO
Recovery Point Objective: Point in time to which you must recover data
as defined by your organization. This is generally a definition of what an
organization determines is an "acceptable loss" in a disaster situation
SOA
Service Oriented Architecture: Flexible set of design principles used
during the phases of systems development and integration
SOAP
Simple Object Access Protocol: Protocol specification for exchanging
structured information in the implementation of Web Services in
computer networks
SSO
Single Sign On
SLA
Service Level Agreement: Part of a service contract where the level of
service is formally defined.
VPN
Virtual Private Network: Network that uses a public
telecommunication infrastructure, such as the Internet, to provide
remote offices or individual users with secure access to their
organization's network
XML
eXtended Markup Language: Set of rules for encoding documents in
machine-readable form
2 Introduction
The Lebanese Government represented by the Office of the Minister of State for Administrative
Reform (OMSAR) invites solution providers to respond to the following lots:
1. Data Center (Functional Architecture, Organization and Requirements)
2. Infrastructure Requirements (Design, Preparation, Supply, Installation and Rollout)
3. Portal Requirements
4. GSB (Government Service Bus) Requirements
3 Background
The current Government of Lebanon Ministerial Declaration included, under the heading
"Administrative Reform", a paragraph stating as follows:
"Activate, utilize and develop information technologies and set benchmarking standards for
websites in departments and public institutions. Thus, it would be a preliminary step toward the
establishment of e-government portal and the improvement of citizen’s access to services and
E-Government Data Centre TOR – 0.2
August 2010
Page 6/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
information. It will also contribute to increasing the ability of financial and administrative control in
addition to monitoring the flow of information and ensuring communication between
departments. "
OMSAR has initiated a global Three year roadmap for the implementation of an innovative egovernment program that will transform the Lebanese government by making it more accessible,
effective and accountable. The e-Government program is based on the government of Lebanon eGovernment Strategy validated in 2007.
The roadmap has the following parallel running tracks:

Legal and administrative prerequisites

E-government portal phasing

Infrastructure to be defined for portal components hosting

Solutions components to be defined for portal development and deployment

Interoperability between portal and different government agencies

Networking for interoperability support
The Office of the Minister of State for Administrative Reform (OMSAR) has received financing
($30,000,000) from the Arab Fund for Economic and Social Development toward the cost of the
Administrative Development Project (ADP). The overall objective of the project is to contribute to
the development of the performance of the Lebanese Public sector to enable the Lebanese
Government to deliver better services to the citizens through technical administrative assistance to
the Ministries, public institutions, autonomous services, and other government administrations.
OMSAR is committed to apply a significant portion of the funds toward the implementation of the
e-government program. OMSAR is further committed to secure more funds from the Lebanese
Government budget and international donors to ensure the success of the e-government program.
This RFP is a stepping stone toward the full modernization of the Lebanese government
institutions. OMSAR is counting on the success of this RFI to unleash the full potential of Lebanon’s
e-government program.
4 Summary of Solicited Services
Code
Description
Data Center
Design and Architecture
Data center Space and Floor layout along with Number of Racks and
their design in the Data Center.
Cabling, Pipes and Ducting Plan, raised floor
Site preparation
E-Government Data Centre TOR – 0.2
August 2010
Page 7/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Code
Description
Civil, Electrical & Mechanical
works
Civil, Electrical & Mechanical requirements
Power Requirement
Power Provisioning, Power Distribution panel, UPS Space and
Expansion
AC
Space requirement for indoor and outdoor units
Physical Security
Detailed layout of CCTV and access control devices and security layer
Fire Detection and Prevention
Design for installing the detectors both heat and smoke
Design for the suppression in the server farm area
Infrastructure
LAN
Supply and installation of routers and switches, LAN cabling,
Redundancy and Virtualization
WAN
Supply and installation of Internet routers and Internet bandwidth
Logical Security
Supply and installation of Redundancy, IPS, Firewalls,
Servers
Supply and installation of Computing (Servers, OS, Databases etc.)
infrastructure
SAN
Supply and Installation of the SAN solution
Application (excluding portal and
GSB)
Installation & Configuration of application
Backup solution
Supply and Installation of the Backup solution
Portal
Migration
Propose and execute a migration plan for informs.gov.lb to the new
portal
Design and Architecture
Font, color scheme, layout
Portal Structure
Features and functionality
Advanced Search, Personalization, News, Services, Multiple channels
…
CMS
Create, change and maintain by roles, levels and designations
Reporting tool
Periodic reporting on the usage of different portal elements
E-Government Data Centre TOR – 0.2
August 2010
Page 8/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Code
Description
Government Service Bus
Analysis and Requirements
Define Functional requirement
Detailed Design
Produce application design
Core Functions
Define and install all the component for the core function
Ministry Integration Framework
Define the requirement to connect the Backend systems the
solution
Integration
Define and Manage transactional and operational data related the
Portal and GSB and related to the e-services requirements that are
managed by the GSB.
Identity and access management
(IAM)
Design and implement IAM
Reporting and Dashboard
Reporting, Analysis, scorecard and dashboard
Data Center Monitoring and Control
KPIs
Define KPI for availability, SLA, GSB and portal
SLAs
SLA commitment in terms of availability/ Helpdesk, Incident
Management and Problem Management and Security Management
Software
Install the Management software that integrate all components in
the DC
Data Center Management
Processes/Procedures
Re-engineering the process and procedure and implement change
management rules
Organizational Chart
Role and Function of the team who will operate the solution
according to the SLA
Help Desk Services
Implementation of ITIL best practices
Testing and Commissioning
Test the solution components and make the Data Center available to
OMSAR for carrying out live operations and getting the acceptance
from OMSAR
Day-to-day Operations
System Administration,
Maintenance & Management
E-Government Data Centre TOR – 0.2
Support and maintain all the Systems and Servers
August 2010
Page 9/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Code
Description
Services
Network Management Services
Ensure continuous operation and upkeep of the LAN & WAN
infrastructure
Services
Maintain and support all the services
Backup and Restore
Responsible for the management of the storage solution
Server and Storage
Administration & Management
Services
Monitor and manage services and storage
Physical Infrastructure
Management and Maintenance
Services
Support and maintain all physical infrastructure management and
maintenance services
Security Administration &
Management Services including
physical
Provide a secure environment through implementation of the
security policy
Database Administration &
Management
Monitor and manage database
Preventive and Corrective
Maintenance Services
Troubleshoot of problems arising in the DC
Asset Management Services
Create and maintain database of all the equipments/software
procured/ Installed in the DC
Configuration/ Reconfiguration
Management Services
Define change management procedures
5 Assumptions
5.1Availability
The design should ensure an uptime of 99.99% and 24/7/365 operational on a yearly basis
including scheduled downtime required for maintenance and upgrades.
5.2Localizations
TO BE DONE for the main site and the Disaster Recovery one.
E-Government Data Centre TOR – 0.2
August 2010
Page 10/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
5.3Internet Access
Initially the internet bandwidth required for running this centre will be 4 Mbps unshared
bandwidth and would be increased on demand. The same should be recalculated and scalable as
per application growth and expansion plans in the future.
5.4Environments
o
o
o
o
The production environment comprises the applications, systems and network and
supporting systems infrastructure
The pre-production environment plays a pivotal role in defining test completion criteria and
should be as close as the production environment
The testing environment includes unit, integrated and operation tests that are performed to
ensure uninterruptible and flawless systems
The development environment is established to minimize trial and error and establishment
of an efficient operation environment is possible
5.5Portal
2011
2012
2013
2014
2015
Daily users
3332
4665
5598
6717
8061
Monthly users
99960
139944
167933
201519
241823
1199520
1679328
2015194
2418232
2901879
333
466
560
672
806
4
5
6
8
9
Yearly users
Concurrent User
Bandwidth (Mb/s)
Monthly
5.6Power consumption/Heat Dissipation
The power consumption will be used to assess the UPS capacity and the Heat dissipation for the AC
capacity.
Qty
Output
Power
(Watts)
Total Output
Power
Heat
Dissipation
BTU/H
Total HD
Blades
2
6801
13602
23191.41
46382.82
SAN + Switch
2
1639
3278
5588
11177
Switch-Core
2
1200
2400
4092
8184
Blade Switch
4
45
180
153.45
613.8
LAN Switch
access
2
60
120
204.6
409.2
Item
E-Government Data Centre TOR – 0.2
August 2010
Page 11/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Qty
Output
Power
(Watts)
Total Output
Power
Heat
Dissipation
BTU/H
Total HD
Router
2
370
740
1261.7
2523.4
Firewall
4
190
760
647.9
2591.6
IPS
2
190
380
647.9
1295.8
ADC
2
354
708
1207.14
2414.28
Item
Totals
22168
Total Power (KVA)
24.53
Total Heat Dissipation (BTU/hr)
75593
75593
5.7Storage amount
o
Minimum usable 2TB (no data is hosted locally). An assessment of the storage requirement
for the entire DC environment should also be taken into consideration.
5.8GSB
o
Definition of business-centric key performance indicators (KPIs) and near-real time KPIs
calculation and presentation using dashboard based on their dependencies on incoming
events, conditions warranting business actions (business situations), and outbound events
that report these conditions and might trigger business actions.
6 Network Topology
The figure below depicts the network topology architecture (in the production environment) which
consists of the following layers to secure the internet network.

Management/ Test and Development Zone

Application Zone: contains GSB and portal application servers

Secured Zone: contains GSB and portal database and directory servers

Extranet Zone for E-Gov network: contains front-end servers

Public Zone: contains web servers, application delivery controller and content caching.

Agencies Zone: contains agencies application and database servers (It is an optional zone).
E-Government Data Centre TOR – 0.2
August 2010
Page 12/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Management
zone
Application
zone
Access Switch
External
zone for Egov network
Access Switch
Core Switch 1
Intranet
Firewall 1
Access Switch
Intranet
Firewall 2
Internet
Firewall 1
Access Switch
Core Switch 2
IPS 1
Secure zone
Internet
Firewall 2
Switch 1
Access Switch
IPS 2
Core Router 1
Webserver
DMZ zone
Switch 2
Internet
Core Router 2
7 Design Description
7.1General
7.1.1 Scalability
Support for scalability to provide continuous growth to meet the requirements and demand of
various departments. A scalable system is one that can handle increasing numbers of requests
without adversely affecting the response time and throughput of the system. The Data Center
should support both vertical (the growth of computational power within one operating
environment) and horizontal scalability (leveraging multiple systems to work together on a
common problem in parallel).
7.1.2 Redundancy
Provide adequate redundancy for all components to ensure high availability of the eGovernance applications and other Data Center services. Designing for availability assumes that
systems will fail, and therefore the systems are configured to mask and recover from
component or server failures with minimum application outage.
E-Government Data Centre TOR – 0.2
August 2010
Page 13/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
7.1.3 Internet connectivity
Internet connectivity is proposed from two different service providers. BGP multi homing shall
be provided.
7.1.4 End-to-end security
Provide an end-to-end security blanket to protect applications, services, data and the
infrastructure from malicious attacks or theft from external (through internet), internal (through
intranet) hackers and DMZ.
7.1.5 Switching capacity
All the servers would be connected to high capacity LAN Switch, which can process millions of
packets within seconds, depending on the Users and Application and its contents.
7.1.6 Maintainability
The DC is designed in an efficient way to ensure an easy maintenance. It must facilitate ease of
configuration, ongoing health monitoring, and failure detection that are vital to the goals of
scalability, availability, and security.
7.1.7 System and Data back-up
Adopt detailed System and Data back-up processes and methodologies, using industry standard
tools to provide long term storage solution.
7.1.8 End-to-end virtualization
Proposal an end to end virtualization solution is encouraged. The bidder should propose this
solution and include why it is better than other alternatives.
7.2Platform and Storage Architecture
o
o
o
o
o
o
o
o
This section outlines platform components to be deployed as part of DC project. Majority
of e- Server farm will be comprised of hardware for Directory service, Proxy Service,
Antivirus software, DNS and DHCP Service, Backup service and Application Server.
DNS/DHCP should be in highly available mode with primary and secondary servers. There
should be two different views or servers for public and private DNS services.
There should be at least one primary and secondary Directory server configured in such a
way that directory services are available 100% of the time. Directory Services are to be
limited to DC only.
There should be a redundancy at DNS and DHCP level which can be on an application
delivery controller or Primary / Secondary mode.
Web Interface of the portal should be in a DMZ (public zone) & should be configured in
active-active mode using external application delivery controller.
All Database servers should be placed in secured zone in highly available mode.
Application servers (GSB and others) which provide business logic and work flow should be
placed in secured zone in highly available mode.
Server and Network/Security Management servers/ appliances should be located in
management zone in high availability mode.
E-Government Data Centre TOR – 0.2
August 2010
Page 14/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
o
o
o
Testing servers are used for development, testing and pre-production activities and should
be located in separate test and development zone (included in the management zone).
All procured software and hardware should have active manufacturer support and not be
at the end of its product life cycle (end-of-date sale). The hardware proposed must be
delivered with all firmware, OS, patches, utilities and any other software to let the
hardware function as required
All software component and product licenses should use the latest officially stable versions
to support the requirements.
7.3Application
o
o
o
o
The Application servers would be accessing the database from the backend in order to
process the user/citizens queries/requests.
Application and System layer at the Data Center would be Multi-layered and designed to
adhere to the open industry standards like XML, SOAP etc.
The Data Center will provide Infrastructure Services such as storage Service, security
services, internet bandwidth, help desk etc. which would be shared among all the
applications participating in the DC. Using these services, the DC ensures centralized
delivery of citizen services. The DC services would be deployed as components and
therefore will have a potential for re-use in launching future services, without disturbing
the existing architecture.
The business related services would also have a potential of having multi-channel
access/integration in future, as the data returned by the components would be in
XML/SOAP format.
7.4Network Architecture
o
o
o
o
o
o
o
o
o
o
Network should meet requirements for various kinds of Internal & External users in the
country.
Network Architecture shall be scalable and should have high performance and low latency.
All the critical network equipment such as Core & Access Switch-stack, Routers, and
Firewalls systems should be on redundant mode and should be offered with redundant
power supply.
The connectivity between end user equipment and access layer switches over Cat6 UTP
cabling should be at Gigabit speed.
Network should be multi-tier architecture comprising collapsed Access/distribution and
core.
Network System infrastructure should be based on converged IP technology from the Core
through to the Access layer.
Switches shall provide dynamic load balancing on the uplinks.
Cluster of Core switches should be connected to each-other using multiple/ redundant
Gigabit links.
LAN system should provide at least 50% scalability with enough free slots in Core & Access
switches.
The security should be controlled using Firewalls and Intrusion prevention systems and well
supported and implemented with the security policy.
E-Government Data Centre TOR – 0.2
August 2010
Page 15/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
o
o
o
o
o
o
o
o
o
More specific content level scanning products like Anti-Spam, Anti-Malware, network antivirus gateways, XML gateway should be provisioned at appropriate points to ensure
content level scanning, blocking and access.
The DC should also endeavor to make use of the SSL/VPN technologies to have secured
communication between Applications and its end users.
The system logs should be properly stored & archived for future analysis and forensics
whenever desired Pair of routers will be used for connecting the DC to Internet.
Pair of firewalls will be used for Internet connectivity in active-active architecture.
Outside zone or public zone of Internet firewall will be connected to the Internet router
Third party servers like adapters would be placed in a separate DMZ of Internet firewall.
Second layer of Intranet firewall will be used behind the core switch.
Application and database server would be placed in inside zone of Intranet firewall
Intrusion prevention system should detect malicious traffic and further protect the DC
environment. The IPS’s should be in high availability mode.
E-Government Data Centre TOR – 0.2
August 2010
Page 16/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project Manager
8 Physical Infrastructure Specifications
Item
Requirement
Cabling
CAT 6 / fiber LAN cables should be laid up to the rack level in the Data Centre.
Dedicated raceways / cable-trays should be used for laying LAN.
Along with LAN cabling, fiber cables for Storage Area Network (SAN) up to the racks in the Data Centre should also be
implemented.
Additional cabling requirements on an on-going basis will also need to be catered.
All the cable raceways shall be adequately grounded and fully concealed with covers.
The cables should be appropriately marked and labeled.
There should be enough space between data and power cabling and there should not be any cross wiring of the two, in order to
avoid any interference, or corruption of data.
Certification for structured cabling on performance warranty for 25 years
Brand Name, ISO Certified
42 U Network Rack (1000x800)
Lockable Perforated Front and Rear Door
Per-Cabinet Access Control
6-fan cooling unit
1 U pull-out rack mount TFT Console with keyboard and touch pad
17” Active Matrix Liquid Crystal Display
Single USB connector for both Keyboard and Touchpad
1 U 16 port cat6 KVM Switch (KVM over IP support)
The purpose of this specification is to define the design, manufacture and testing characteristics required in view of supplying,
deploying into operation and maintaining an Uninterruptible Power Supply system (UPS). The UPS system shall be designed to
supply dependable electric power. The total load supplied by each bank of UPS system shall be equal to 25 kVA.
The UPS system shall be made up of 2 identical parallel-connected single-UPS units (same power rating), operating in doubleconversion mode (also called on-line mode); it shall as per international standard.
There will be a total of 4 UPS systems. Two UPS in each bank. Each bank should cater to each power path till the Data Center. In
Network Cabinets
UPS
E-Government Data Center TOR – 0.2
August 2010
Page 17/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
HVAC
False Ceiling
case of failure of any UPS in a particular bank the other UPS should take over the load. In case if any bank fails the other bank to
take over the total load.
Each UPS unit shall have a unit rating of 12.5 kVA (MIN) and shall comprise the following components, described below in this
specification:
o 6 pulse SCR rectifier with active/passive filter
o battery charger;
o inverter;
o battery;
o static bypass (via a static switch) for each UPS unit; manual maintenance bypass for each UPS unit user and
communications interface;
o battery management system;
o Any and all other devices required for safe operation and maintenance, including circuit breakers, switches, etc.
The UPS system shall ensure continuity of electric power to the load within the specified tolerances, without interruption upon
failure or deterioration of the normal AC source (utility power) for a maximum protection time determined by the capacity of the
backup batteries installed.
The backup time of each battery in the event of a normal AC source outage shall be 30 minutes per UPS. A cumulative back up of 60
minutes to be possible on each bank of UPS in case one of the UPS in a bank fails. The design life of each battery shall be equal to at
least 15 years. Batteries shall be selected and sized accordingly. Reliability and MTBF: The UPS has to be highly reliable with a high
MTBF.
The UPS system shall be designed to enable the extension of communications, without system shutdown, to an SNMP
communication card for connection to an Ethernet network, for connection to a computer-network management system.
To maintain indoor environment including temperature and humidity constantly to prevent faults or errors of sensitive electronic
devices, HVAC (Heating, Ventilating and Air Conditioning) system will be installed in the data center based on the following
guideline:
Designed to meet or exceed the specifications in the National Fire Protection Association standard, NFPA 70 article 645
Install to meet the local conditions and environment.
Designed to be easy to operate and maintain with good durability.
Indoor temperature condition: 22 °C ± 2 °C
Indoor humidity condition: 40% ± 5%
Ventilation
Cooling Capacity minimum 76000 BTU/h
The Air Conditioning shall be provided for the Data Center with around xxx sq.ft. area. It is suggested to provide air supply typically
through false flooring.
The top false ceiling would have 1’ 6’’ feet of space from the actual Room ceiling. This false ceiling will house AC ducting (if
required) and cables of Electrical lighting, Fire fighting and CCTV.
E-Government Data Centre TOR – 0.2
August 2010
Page 18/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Diesel Generator Set
Raised Flooring
Earthing
Fire Suppression/Detection
System
The diesel generator set should be in a redundancy mode and total number of units should not exceed two.
Antistatic fire retardant with stringers and ground bonding aluminum back sheets and access ramp.
Minimum 30 cm clearance below raised floor. Minimum 2.5m clearance between top of raised floor and ceiling (false ceiling).
Panel size 600x600x36mm, core made of high density calcium sulphate, aluminum foil 0.05mm thick on lower surface, top covering
conductive vinyl 2mm thick, grey plastic semi rigid edge trim 0.6mm thick. Including galvanized steel substructure type MPM high
configuration complete with galvanized steel open U section stringers, conductive head gaskets and stringer gaskets. Before laying
the existing raised floor, flooring should be made free from dust and undulations. The finished flooring should be free from air
bubbles and thoroughly cleaned.
The work shall include the preparation of base surface, cleaning, and acid wash.
Providing and fixing 9 mm thick floor insulation below the false flooring and joints should be finished properly as per
manufacturer's specification.
All electrical components are to be earthen is to by connecting two earth tapes from the frame of the component ring will be
connected via several earth electrodes. The cable arm will be earthen through the cable glands. The entire applicable IT
infrastructure in the Data Center shall be earthed.
Earthing should be done inside the Data Centre for the entire power system and provisioning should be there to earth UPS systems,
Power distribution units, AC units etc. so as to avoid a ground differential. State shall provide the necessary space required to
prepare the earthing pits.
All metallic objects on the premises that are likely to be energized by electric currents should be effectively grounded.
The connection to the earth or the electrode system should have sufficient low resistance of less than 5 ohms for the power and
less than 1 ohm for the network to ensure prompt operation of respective protective devices in event of a ground fault, to provide
the required safety from an electric shock to personnel & protect the equipment from voltage gradients which are likely to damage
the equipment.
Recommended levels for equipment grounding conductors should have very low impedance level less than 0.25 ohm.
The Earth resistance shall be automatically measured on an online basis at a pre-configured interval and corrective action should be
initiated based on the observation. The automatic Earthing measurements should be available on the UPS panel itself in the UPS
room.
There should be enough space between data and power cabling and there should not be any cross wiring of the two, in order to
avoid any interference, or corruption of data.
The earth connections shall be properly made.A small copper loop to bridge the top cover of the transformer and the tank shall be
provided to avoid earth fault current passing through fastened bolts, when there is a lighting surge, high voltage surge or failure of
bushings.
This shall include, design, supply, installation, testing and commissioning of Automatic & Gas flooding, fire suppression system. The
suppression system used shall be FM 200 gas based fire suppression system. The successful bidder shall make detailed working
drawings and coordinate them with other agencies at site. The critical area shall be divided into number of zones, whenever fire is
detected or sensed in any of the zones, annunciation should be available on the FACP, and the suppression system in that particular
E-Government Data Centre TOR – 0.2
August 2010
Page 19/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Access Control System
Surveillance CCTV System
zone shall be automatically activated. The flooding of the gas is considered in the area above false ceiling, below false ceiling and
false floor.
The server room shall be protected with the gas based fire protection system. The system design shall be based on the
specifications contained herein, NFPA 2001 & in accordance with the requirements specified in the design manual of the agent. The
bidder shall confirm compliance to the above along with their bid.
The scope of work shall cover supply, installation, testing and commissioning of entire access control system meeting the intended
specifications and drawings.
The system generally covers control of:
Normal door entry and exit with Reader and Controllers.
Emergency exits,
Emergency Break glass units for all exit Doors to be provided.
Panic Hardware, Locking devices etc.,
The systems shall be standard products of adequate field experience and CE, UL/ FM listing.
The system shall provide a biometric Access Control for server room entrance including touch reader, door contact, door closer,
keypad, electrical lock and small battery in case of power failure.
The CCTV shall provide digital video recording of all the room and entrance including infra red vandal proof cameras, 400 GB HDD
storage DVR, LAN module, conduits, boxes, conductors and all necessary accessories.
9 Infrastructure Requirement
9.1Server Technical Specifications
Item
Software
Portal
o
o
o
o
o
o
o
Hardware
Support any H/W, any OS
Support multiple browsers (IE, FireFox,
Safari, Chrome etc)
Support JSR 168 and WSRP
Support W3C standard
Support multi-language
Support
communication
between
portals
Support reuse and change of existing
E-Government Data Centre TOR – 0.2
August 2010
Qty
2
Processor
Type
2 x 2.4 GHz or higher Quad Core Intel Xeon processor OR 2 x 2.9 GHz
or higher AMD Opteron™ processor 4-core Model.
Processor being quoted should be of latest generation with latest
Processor speed.
Chipset
ServerWorks HT or Intel Xeon 55xx or later
Page 20/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
Hardware
web contents and application
Support Web 2.0 architecture
Support various interfaces with multiple
channel
o Support duplexing for high availability
o Support API set for integrating with
different solutions such as SSO, LDAP,
unified search
o Support portlet management
o Support portal menu management
o Support design management of portlet
and portal
o Support
delegating
management
authority of portal
o Support access control of portal
resources Provide user management,
group management, role management
o Provide user logging, statistics and
graph
o Provide setting personalized screen,
menu and contents
o Provide drag & drop, pull Down menu,
screen layout management
o Provide window skin and theme
o Provide setting personal information
such as language, time zone etc
o Provide business implementation guides
based on portal
The portal requirement is described in the Portal
requirement section
Cache Level
12MB cache
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
64 GB DDR2/SDRAM/FB-DIMMMs memory scalable up to 128GB
Maximum
RAM
Up to 16 memory DIMMs
Network
Adapter
Dual Gigabit Ethernet ports (support for 10GbE)
Drive Bays
2 SFF SAS 6 GB 15krpm hot plug disk drives
Internal
Storage
2 x 300GB Hard Disks
Storage
Controller
Storage controller supports RAID 0,1
Graphics
Integrated 16 MB memory
Expansion
slots
1 or more additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux,
HyperV, VMWARE. Optional embedded virtualization
Warranty
3-year on-site, parts and labor
3-years 24x7 software phone support with upgrades and updates
o
o
E-Government Data Centre TOR – 0.2
August 2010
Page 21/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
Hardware
GSB
application
The GSB requirements are described in the GSB
section.
Qty
2
Processor
Type
2 x 2.4 GHz or higher Quad Core Intel Xeon processor OR 2 x 2.9 GHz
or higher AMD Opteron™ processor 4-core Model.
Processor being quoted should be of latest generation with latest
Processor speed.
E-Government Data Centre TOR – 0.2
August 2010
Chipset
ServerWorks HT or Intel Xeon 55xx or later
Cache Level
12MB cache
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
64 GB DDR2/SDRAM/FB-DIMMMs memory scalable up to 128GB
Maximum
RAM
Up to 16 memory DIMMs
Network
Adapter
Dual Gigabit Ethernet ports (support for 10GbE)
Drive Bays
2 SFF SAS 6 GB 15krpm hot plug disk drives
Internal
Storage
2 x 300GB Hard Disks
Storage
Controller
Storage controller supports RAID 0,1
Graphics
Integrated 16 MB memory
Page 22/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Database
Servers
Software
Hardware
The database/repository provides all the
relevant information required to process any
Citizen/Government request or to render any eGovernance services with the use of DC.
Database server would be required to store and
access data with ease. This would also be
integrated with multiple applications, residing at
DC.
E-Government Data Centre TOR – 0.2
August 2010
Expansion
slots
1 or more additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux,
HyperV, VMWARE. Optional embedded virtualization
Warranty
3-year on-site, parts and labor
3-years 24x7 software phone support with upgrades and updates
Qty
2
Processor
Type
2 x 2.4 GHz or higher Quad Core Intel Xeon processor OR 2 x 2.9 GHz
or higher AMD Opteron™ processor 4-core Model.
Processor being quoted should be of latest generation with latest
Processor speed.
Chipset
ServerWorks HT or Intel Xeon 55xx or later
Cache Level
12MB cache
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
64 GB DDR2/SDRAM/FB-DIMMMs memory scalable up to 128GB
Maximum
RAM
Up to 16 memory DIMMs
Network
Adapter
Dual Gigabit Ethernet ports (support for 10GbE)
Page 23/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Directory
services
Software
Hardware
Directory Services should be compliant with
LDAP v3
Support for integrated LDAP compliant directory
services to record information for users, and
system resources.
Should support integrated authentication
mechanism across operating system, messaging
services.
Should support directory services for ease of
management and administration/replication.
Should provide support for Group policies and
software restriction policies.
Should support security features, such as
E-Government Data Centre TOR – 0.2
August 2010
Drive Bays
2 SFF SAS 6 GB 15krpm hot plug disk drives
Internal
Storage
2 x 300GB Hard Disks
Storage
Controller
Storage controller supports RAID 0,1
Graphics
Integrated 16 MB memory
Expansion
slots
1 or more additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux,
HyperV, VMWARE. Optional embedded virtualization
Warranty
3-year on-site, parts and labor
3-years 24x7 software phone support with upgrades and updates
Qty
2
Processor
Type
2 x 2.4 GHz or higher Quad Core Intel Xeon processor OR 2 x 2.9 GHz
or higher AMD Opteron™ processor 4-core Model.
Processor being quoted should be of latest generation with latest
Processor speed.
Chipset
ServerWorks HT or Intel Xeon 55xx or later
Cache Level
12MB cache
Page 24/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
Hardware
Kerberos public key infrastructure (PKI), etc.
Should provide support for X.500 naming
standards.
Should support Kerberos for logon and
authentication.
Should support that password reset capabilities
for a given group or groups of users can be
delegated to any nominated user.
Should
support
that
user
account
creation/deletion rights within a group or groups
can be delegated to any nominated user.
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
64 GB DDR2/SDRAM/FB-DIMMMs memory scalable up to 128GB
Maximum
RAM
Up to 16 memory DIMMs
Network
Adapter
Dual Gigabit Ethernet ports (support for 10GbE)
Drive Bays
2 SFF SAS 6 GB 15krpm hot plug disk drives
Internal
Storage
2 x 300GB Hard Disks
Storage
Controller
Storage controller supports RAID 0,1
Graphics
Integrated 16 MB memory
Expansion
slots
1 or more additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux,
HyperV, VMWARE. Optional embedded virtualization
Warranty
3-year on-site, parts and labor
3-years 24x7 software phone support with upgrades and updates
E-Government Data Centre TOR – 0.2
August 2010
Page 25/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
Hardware
Proxy server
Should support caching to serve client request
Should possess features to achieve content
filtering (URL, DNS blacklists, or Content keyword
filtering)
Should support integration with LDAP for
authentication
Solution should provide for both forward and
reverse proxy capabilities
Proxy should provide for ways to block / control
access to all executable content
The solution should provide inbound and
outbound access control on User-based or
group-based access policy
Should support integration with Anti-virus
software to provide security against virus
Should support ACL based access control
Should have support for protocols IPV 6.
Should have support for various UNIX, Linux and
Windows OS platform
Should support transparent proxy
Qty
2
Processor
Type
(2) Intel® Xeon® Processor X55xx or X56xx (2.93 GHz)
Chipset
Intel 55xx
Cache Level
12MB cache
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
64 GB DDR2/SDRAM/FB-DIMMMs memory scalable up to 128GB
Maximum
RAM
Up to 16 memory DIMMs
Network
Adapter
Dual Gigabit Ethernet ports (support for 10GbE)
Drive Bays
2 SFF SAS 6 GB 15krpm hot plug disk drives
Internal
Storage
2 x 300GB Hard Disks
Storage
Controller
Storage controller supports RAID 0,1
E-Government Data Centre TOR – 0.2
August 2010
Page 26/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
DNS/DHCP
Software
o
o
o
o
o
o
Hardware
Should support conditional DNS
forwarders e.g. forwarding based on a
DNS Domain name in the query.
Should allow clients to dynamically
update resource records secure and
non-secure
Should Support incremental zone
transfer between servers
Should provide security features like
access control list
Should support several new resource
record (RR) types like service location
(SRV), etc.
Should support Round robin on all
resource record (RR) types
E-Government Data Centre TOR – 0.2
August 2010
Graphics
Integrated 16 MB memory
Expansion
slots
1 or more additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux,
HyperV, VMWARE. Optional embedded virtualization
Warranty
3-year on-site, parts and labor
3-years 24x7 software phone support with upgrades and updates
Qty
2
Processor
Type
(2) Intel® Xeon® Processor X55xx or X56xx (2.93 GHz)
Chipset
Intel 55xx
Cache Level
8MB cache
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
32 GB (DDR3-1333) Registered DIMMs
Maximum
RAM
12 memory DIMMs
Page 27/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Management
server
Software
Hardware
The management server would help in
administration of distributed systems at DC. The
management server would help in efficient and
reliable administration of all the distributed
computing devices and enable:
Inventory Management
Patch management
Monitor the availability of Services
E-Government Data Centre TOR – 0.2
August 2010
Network
Adapter
Dual Gigabit Ethernet ports
Drive Bays
2 * SAS 15krpm non-hot plug disk drives
Internal
Storage
2 x 146.8GB Hard Disks
Storage
Controller
Storage controller supports RAID 0,1
Graphics
Integrated 32 MB memory
Expansion
slots
1 additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux HyperV –VMWARE. Optional embedded virtualization
Warranty
3-year on-site, parts and
3-years 24x7 software phone support with upgrades and updates
Qty
2
Processor
Type
(2) Intel® Xeon® Processor X55xx or X56xx (2.93 GHz)
Chipset
Intel 55xx
Cache Level
8MB cache
Page 28/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Testing
Software
Hardware
Fault Management
Performance Management
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
32 GB (DDR3-1333) Registered DIMMs
Maximum
RAM
12 memory DIMMs
Network
Adapter
Dual Gigabit Ethernet ports
Drive Bays
2 * SAS 15krpm non-hot plug disk drives
Internal
Storage
2 x 146.8GB Hard Disks
Storage
Controller
Storage controller supports RAID 0,1
Graphics
Integrated 32 MB memory
Expansion
slots
1 additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux HyperV –VMWARE. Optional embedded for virtualization
Warranty
3-year on-site, parts and
3-years 24x7 software phone support with upgrades and updates
Qty
2
It would be required to deploy a separate server
E-Government Data Centre TOR – 0.2
August 2010
Page 29/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
Hardware
server
as testing server where all the new services are
deployed on this testing server before it is
brought on to the production servers.
Processor
Type
(2) Intel® Xeon® Processor X55xx or X56xx (2.93 GHz)
Chipset
Intel 55xx
Cache Level
8MB cache
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
32 GB (DDR3-1333) Registered DIMMs
Maximum
RAM
12 memory DIMMs
Network
Adapter
Dual Gigabit Ethernet ports
Drive Bays
2 * SAS 15krpm non-hot plug disk drives
Internal
Storage
2 x 146.8GB Hard Disks
Storage
Controller
Storage controller supports RAID 0,1
Graphics
Integrated 32 MB memory
Expansion
slots
1 additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux -
E-Government Data Centre TOR – 0.2
August 2010
Page 30/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
Hardware
HyperV –VMWARE. Optional embedded for virtualization
Anti-Virus
o
o
o
o
o
o
o
o
o
o
o
o
Should restrict e-mail bound Virus
attacks in the real time without
compromising the performance of the
system
Should be capable of providing multiple
layer of defense
Should have installation support on
both gateway and Mailing server.
Should be capable of detecting and
cleaning virus infected attachments as
well
Should support scanning for ZIP, RAR
compressed files, and TAR archive files
Should support online upgrade, where
by most product upgrades and patches
can be performed without bringing
messaging server off-line.
Should use multiple scan engines during
the scanning process.
Should support in-memory scanning as
to minimum disk I/O.
Should
support
Multi-threaded
scanning.
Should support scanning of a single
mailbox or a one off scan.
Should support scanning by file type for
attachments.
Should support scanning of nested
E-Government Data Centre TOR – 0.2
August 2010
Warranty
3-year on-site, parts and
3-years 24x7 software phone support with upgrades and updates
Qty
2
Processor
Type
(2) Intel® Xeon® Processor X55xx or X56xx (2.93 GHz)
Chipset
Intel 55xx
Cache Level
8MB cache
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
32 GB (DDR3-1333) Registered DIMMs
Maximum
RAM
12 memory DIMMs
Network
Adapter
Dual Gigabit Ethernet ports
Drive Bays
2 * SAS 15krpm non-hot plug disk drives
Internal
Storage
2 x 146.8GB Hard Disks
Storage
Storage controller supports RAID 0,1
Page 31/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
o
o
o
o
o
o
o
o
o
o
o
Hardware
compressed files.
Should be capable of specifying the logic
with which scan engines are applied;
such as the most recently updated scan
engine should scan all emails etc.
Should support heuristic scanning to
allow rule-based detection of unknown
viruses.
Updates to the scan engines should be
automated and should not require
manual intervention.
Updates should not cause queuing or
rejection of email.
Updates should be capable of being
rolled back in case required.
Should support content filtering based
on sender or domain filtering.
Should provide content filtering for
message body and subject line, blocking
messages that contain keywords for
inappropriate content.
File filtering should be supported by the
proposed solution; file filtering should
be based on true file type.
Common solution for anti-spyware and
anti-virus infections; and anti-virus and
anti-spyware solution should have a
common web based management
console.
Should support various types of
reporting formats such as CSV, HTML
and text files.
Should be capable of being managed by
E-Government Data Centre TOR – 0.2
August 2010
Controller
Graphics
Integrated 32 MB memory
Expansion
slots
1 additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux HyperV –VMWARE
Optional embedded for virtualization
Warranty
3-year on-site, parts and
3-years 24x7 software phone support with upgrades and updates
Page 32/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
Hardware
a central management station.
Should support client lockdown feature
for preventing desktop users from
changing real-time settings.
o Should support insertion of disclaimers
to message bodies.
o Should support protection for servers
across multiple platforms / Internet /
Intranet / SMTP / HTTP/FTP gateways.
The proposed Backup Solution should be
available on various OS platforms such as
Windows and UNIX platforms and be capable of
supporting SAN based backup / restore from
various platforms including UNIX, Linux, and
Windows.
o Proposed backup solution shall be
offered with Cluster license of server. A
virtualization solution is preferred and
the bidder shall provide a solution for
virtualization.
o Proposed backup solution shall have
same GUI across heterogeneous
platform to ensure easy administration.
o The proposed backup solution should
allow creating tape clone facility after
the backup process.
o The proposed Backup Solution has inbuilt frequency and calendar based
scheduling system and supports
Clustering the Backup Server and Media
Server on Windows and UNIX.
o The proposed backup Solution supports
the capability to write multiple data
o
Backup
Servers
E-Government Data Centre TOR – 0.2
August 2010
Qty
2
Processor
Type
(2) Intel® Xeon® Processor X55xx or X56xx (2.93 GHz)
Chipset
Intel 55xx
Cache Level
8MB cache
Storage
Adapter
Dual Fibre Channel with 8Gb/s per port storage expansion card
Installed
RAM
32 GB (DDR3-1333) Registered DIMMs
Maximum
RAM
12 memory DIMMs
Network
Adapter
Dual Gigabit Ethernet ports
Drive Bays
2 * SAS 15krpm non-hot plug disk drives
Internal
2 x 146.8GB Hard Disks
Page 33/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
o
o
o
o
o
o
o
o
Hardware
streams to a single tape device or
multiple tape devices in parallel from
multiple clients to leverage the
throughput of the Drives using
Multiplexing technology.
The proposed backup solution support
de-multiplexing of data cartridge to
another set of cartridge for selective set
of data for faster restores operation to
client/servers
The proposed backup solution should
be capable of taking back up of SAN
environment as well as LAN based
backup.
The proposed solution also supports
advanced Disk staging.
The proposed Backup Solution has inbuilt media management and supports
cross platform Device & Media sharing
in SAN environment. It provides a
centralized scratched pool thus ensuring
backups never fail for media.
Backup Software is able to rebuild the
Backup Database/Catalog from tapes in
the event of catalog loss/corruption.
The proposed Backup Software shall
offer OPEN File Support for Windows
based servers.
The proposed Backup Solution has
online backup solution for different type
of Databases such as Oracle, MS SQL,
etc. on various OS.
The Proposed backup solution shall
E-Government Data Centre TOR – 0.2
August 2010
Storage
Storage
Controller
Storage controller supports RAID 0,1
Graphics
Integrated 32 MB memory
Expansion
slots
1 additional I/O expansion slots (free after all configuration)
OS Support
64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux HyperV –
VMWARE
Optional embedded for virtualization
Warranty
3-year on-site, parts and
3-years 24x7 software phone support with upgrades and updates
Page 34/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Software
o
o
o
Hardware
provide granularity of single file restore.
The Proposed backup solution shall be
designed in such a fashion so that every
client/server in a SAN can share the
robotic tape library.
Backup Solution shall be able to copy
data across firewall.
Backup solution should also provide
report writer that allows designing of
report templates which can be used to
generate meaningful reports in CSV /
HTML / XML / Text format / PDF.
E-Government Data Centre TOR – 0.2
August 2010
Page 35/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Rack Cabinet (2) - Blade
Blade Enclosure
Hardware
Type
Brand-name, ISO-certified
Capacity
42U, width=60cm, depth=100cm
Cabinet
Industry standard, 19" wide
Front Door
Lockable, glass or perforated
Side Doors
Lockable, removable
Rear Door
Lockable, removable
Power Input
Internal distribution unit, 19" rack-mounted with 7 sockets (minimum), same type as cabinet
Certification
ISO Certified
Warranty
3- year on-site, parts and labor with 4 hours repair time
Form
Rackmount blade enclosure
Capacity
Holds up to 14 full height Blade servers in one or more chassis
Connectivity
Redundant midplane or backplane
Management Module
Redundant management module
Interconnect
8 x Integrated 10 Gigabit Ethernet switches (hot plug) (the description of the requirement is
in the network section)
Two redundant 8Gb/s full duplex hot plug Storage switches. All SFPs and cables to be
provided.
FCoE usage is highly preferable.
Redundant hot swappable power and cooling option
SAN Switch Module
Power Supply/Cooling
E-Government Data Centre TOR – 0.2
August 2010
Page 36/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Hardware
Power Distribution
2x PDUs (should be dedicated only for the blade enclosure)
Accessories
All Power cords and cables for a full solution
Warranty
3-year on-site, parts and labor with commitment to repair any failed equipment within 6
hours
3-years 24x7 software phone support with upgrades and updates
o Systems Management and deployment tools to aid in Blade Server configuration and
OS deployment,
o Remote management capabilities through internet browser
o Software for Vulnerability assessment.
o Ability to measure power historically for servers or group of servers for optimum
power usage
o Ability to monitor performance of servers over time
o Blade enclosure should have display console for local management like trouble
shooting, configuration, system status/health display
o Dedicated NIC for management
o Remote management & monitoring (browser accessible). It should provide Secure
Sockets Layer (SSL) 128 bit encryption and Secure Shell (SSH) Version 2 and support
VPN for secure access over internet.
o Supports Power & Thermal management & Analysis
o Supports Fast and simultaneous provisioning of servers including O/S and
applications remotely
Management
Software
Item
Hardware
Storage Array (Qty=1)
The required solution must provide a highly available storage infrastructure with No Single Point of Failure (NSPOF), This
requires that all critical system components be redundant (power supplies, fans, Fiber Channel switches, host bus adapters
for Automatic fail over, RAID controllers, cache, disks, and cooling etc.).
It should support Non-disruptive component replacement of controllers, disk drives, cache, power supply, fan subsystem
etc.
E-Government Data Centre TOR – 0.2
August 2010
Page 37/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
SAN Switches (Qty=2)
E-Government Data Centre TOR – 0.2
Hardware
Redundant storage array controllers (2 Controllers).
Minimum 4GB Cache per controller pair.
Minimum usable 2TB after RAID 6 using Hot Pluggable 300GB 4Gb/s FC 15Krpm Hard Drives plus two hot spare drives of
same capacity
Storage Box shall have at least 154,000 Cache read IOPS
Support for RAID 1, RAID 0+1, RAID 5 and RAID 6 configurations.
Ready to Support intermix between 4Gb/s FC hard drives and SATA/FATA without any extra license.
Storage Must Support SSD Drives for future applications requirements.
Ready to Support Operating Systems - AIX, HP-UX, Windows Servers 2003/2008, Linux, VMWare.
Support up to 128 Hosts.
The storage must be ready to connect the maximum number of servers supported by the storage system (Host Group) with
all needed license
Support internal iSCSI connectivity for future applications requirements
Throughput disk read >=1500 MB/sec
Support point in time copy and full copy.
Support data replication in both synchronous and asynchronous modes across heterogeneous storage arrays from different
OEMs.
The storage should be configured with 2TB (raw capacity) using FC disk & should capable to scaling up to 10TB (raw
capacity). The scalability should be considered with FC disks.
Storage management software and other software required for redundant solution.
At least 8 host ports per controller FC Host Interface Speed 8Gbps autosensing 1,2,4 Gbps
At least two 4 GB/s Device ports per controller for high availability and performance.
Fans and power supplies Dual-redundant, hot-swappable
Rack support 19" industry-standard rack
The SAN Switch solution should be highly available with no single point of failure
Switch should support non disruptive Microcode/Firmware upgrade
>=24 Active Ports per Switch
Hot swap components SFP optical transceivers
Redundant SAN Switches.(2 Switches)
Universal Fibre Channel interfaces
Port Bandwidth >=8Gb/sec
Hot Plug and redundant Fans and power supplies.
Rack support 19 inch, 1U industry standard rack
August 2010
Page 38/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Hardware
The SAN switch should have capability to interface with HBA of different makes and model from multiple OEM, supporting
multiple Operating Systems, including, but not limited to HP-UX, IBM AIX, Linux, MS-Window, Sun Solaris etc. The SAN
switch should support all leading SAN disk array and tape libraries including, but not limited to, EMC, Hitachi, HP, IBM, Sun,
NetApp etc.
The switch shall support roll based administration by allowing different administrators different access rights to switch
Support GUI management software
Three Years warranty.
E-Government Data Centre TOR – 0.2
August 2010
Page 39/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project Manager
9.2Network Technical Specifications
Following are the different types of equipment configurations that shall be required for the Data
Center (DC).
As per recommended best practices, the components shall preferably be appliance based
(wherever applicable) and the intranet and internet firewalls shall be from the same OEMs. The
multiple solution components shall not be provided in a single chassis e.g. firewalls, IPS, ADC etc.
shall not be provided as a single chassis solution and should ensure that all the network
components should support IPv6.
The
warranty
for
network
equipment
is
3-year
3-years 24x7 software phone support with upgrades and updates.
on-site,
parts
and
a
The switches (core and blades) should provide support for FCoE or/and IEEE Data Center Bridging
standards or equivalent, delivering the capability to consolidate and connect servers and storage
devices through high-speed, highly scalable, and highly available converged SAN and LAN fabrics, a
unified fabric. The bidder should propose this solution or any compatible one and include why it is
better than other alternatives.
Item
LAN Switch
Core
Requirement
–
Qty= 2
High backplane speed (550 Gbps or more)
19’’ rack mountable
Active switching bandwidth should be 550 Gbps or more with offered modules.
The forwarding rate should be scalable to 400 Mpps.
Should have at least 1 x 48 x 10/100/1000BaseT auto sensing ports
The switch should have minimum of 7 payload slots with two free slots
Should be a single chassis
4 * 10 SFP-based Gigabit ports
Should have redundancy at various levels:
Should have redundant Power Supply.
Should have redundant Switching engine. With failure of one of the switching engines, there
should be no performance degradation.
In the event of the failure of one of the engines, the forwarding should not stop and the failover
from one engine to the other should be statefull.
Layer 2 Features
Layer 2 switch ports and VLAN trunks
IEEE 802.1Q VLAN encapsulation
Support for at least 4000 VLANs
Spanning tree support
Port trunking capability
Port mirroring capability
Layer 3 features
VRRP
Static IP routing
E-Government Data Center TOR – 0.2
August 2010
Page 40/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Blades Switch
Requirement
IP routing protocols
Open Shortest Path First
IPv6 support
Routing Information Protocol
BGP
MPLS capable
Standards
Ethernet : IEEE 802.3, 10BASE-T
Fast Ethernet : IEEE 802.3u, 100BASE-TX
Gigabit Ethernet: IEEE 802.3z, 802.3ab
IEEE 802.1D Spanning-Tree Protocol
IEEE 802.1w rapid reconfiguration of spanning tree
IEEE 802.1s multiple VLAN instances of spanning tree
IEEE 802.1p class-of-service (CoS) prioritization
IEEE 802.1Q VLAN encapsulation
IEEE 802.3af
IEEE 802.3ad
IEEE 802.3ae: 10 Gigabit Ethernet
IEEE 802.1x user authentication
1000BASE-X (small form-factor pluggable)
High Availability
Shall support Redundant Power supply
Shall support On-line insertion and removal for cards, power supply and fan tray
Shall support multiple storage of multiple images and configurations
QoS Support
Rate Limiting based on source/destination IP/MAC, L4 TCP/UDP
Security Features
AAA support using RADIUS and/or TACACS.
Unicast MAC filtering
IP Access list support.
Multiple privilege level authentication for console and telnet access
IEEE 802.1x support for MAC address authentication
Shall support per port Broadcast Multicast and unicast storm control.
Shall support time based ACLs
Management
Shall have support for Web based management, CLI, Telnet and SNMPv1, v2 and v3
Shall support SSH
Should support multiple levels of administration roles to manage and monitor the device.
Should support Network Time Protocol.
Should be able to send and receive Syslog and SNMP traps from devices
Qt=4
Switch Architecture
Uplink: Support 8 X 10/100/1000BASE-T ports and 2 x 10 SFP-based Gigabit ports
Downlink to each blade: Support 14 * 1 GB
Redundant power supply.
Capability to virtualize x switches into 1
Layer 3 support
Switch Throughput
E-Government Data Centre TOR – 0.2
August 2010
Page 41/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
LAN Switch
Access
Requirement
–
128 Gbps or more throughput providing non-blocking architecture.
Protocol and standards support
IPv6 support
Shall be able to support private vlans or equivalent feature.
Ethernet : IEEE 802.3, 10BASE-T
Fast Ethernet : IEEE 802.3u, 100BASE-TX
Gigabit Ethernet: IEEE 802.3z, 802.3ab
IEEE 802.1D Spanning-Tree Protocol
IEEE 802.1w rapid reconfiguration of spanning tree
IEEE 802.1s multiple VLAN instances of spanning tree
IEEE 802.1Q VLAN encapsulation
IEEE 802.3ad
IEEE 802.3ae: 10 Gigabit Ethernet
IEEE 802.1x port-based security
Routing protocols : RIP, OSPF
QoS support
Rate Limiting based on source/destination IP/MAC, L4 TCP/UDP
Manageability
Built in Web based management support
Built in Console port
SNMP v1, v2, v3
Should support auto-sensing and auto-negotiation on each non-GBIC port
Network Timing Protocol (NTP)
Configuration replacement and roll back functionality
Security Features supported
Private Vlan or equivalent feature
TACACS+ and RADIUS (planned future software support)
MAC-based port-level security prevents unauthorized stations from accessing the switch
Per-port broadcast, multicast and unicast storm control
Qty=2
Switch Architecture
19’’ rack mountable
12 X 10/100/1000 port switch
Switch shall be modular or stackable to be able to accommodate more number of ports in future
for scalability
Port mirroring capability
Multicast support (PIM,SM,DM and IGMP Snooping)
Redundant power supply
Switch Throughput
240 Gbps or more throughput providing non- blocking architecture
Protocol and standards support
IPv6 support
Shall be able to support private vlans or equivalent feature
Ethernet : IEEE 802.3, 10BASE-T
Fast Ethernet : IEEE 802.3u, 100BASE-TX
Gigabit Ethernet: IEEE 802.3z, 802.3ab
IEEE 802.1D Spanning-Tree Protocol
IEEE 802.1w rapid reconfiguration of spanning tree
E-Government Data Centre TOR – 0.2
August 2010
Page 42/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Internet Router
Requirement
IEEE 802.1s multiple VLAN instances of spanning tree
IEEE 802.1Q VLAN encapsulation
IEEE 802.3ad
IEEE 802.1x user authentication
Routing protocols : RIP, OSPF
QoS support
Rate Limiting based on source/destination IP/MAC, L4 TCP/UDP
Manageability
Built in Web based management support
Built in Console port
SNMP v1, v2, v3
Should support auto-sensing and auto-negotiation on each non-GBIC port
Network Timing Protocol (NTP)
Configuration replacement and roll back functionality
Security Features supported
Private Vlan or equivalent feature
TACACS+ and RADIUS (planned future software support)
MAC-based port-level security prevents unauthorized stations from accessing the switch
Per-port broadcast, multicast and unicast storm control
Qty=2
Router Architecture
19’’ rack Mountable
Modular chassis
High Availability Requirements
VRRP
High Mean Time between Failure values should be available to ensure long life of router
hardware
The router should be capable of booting from a remote node or external flash memory, where
the router image is present
The Router should have redundant power supply
All the modules, power supply should have support for hot swappable functionality.
On-line insertion and removal for cards
Miscellaneous Hardware Requirements
Sufficient RAM must be available for proper router operation to keep IGP and EGP routes
(Minimum 1GB and support for 2 GB)
Extensive debugging capabilities to assist in hardware problem resolution
Interface Modules have/ support
4 X Ethernet Port - 10/100/1000 Mbps
Shall support variety of interfaces like E3, Ch-E1, E1 G703 Interfaces as per ITU-T Standard.
Packet over SONET (POS) connectivity and channelized Packet over SONET (cPOS) OC-3 STM-1
interfaces to meet continuous bandwidth requirements
Shall be able to support variety of other interfaces
Performance requirement:
Minimum of 3 Mpps throughput
Router Software Features
Should support the standard routing protocols with QOS
Backplane Capacity
Mimimum 16 Gbps
E-Government Data Centre TOR – 0.2
August 2010
Page 43/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Requirement
IP Routing Protocols
Static Routing Protocols
RIP v1 and v2
OSPF v2 and v3
Policy Routing support
BGP, IS-IS
Route redistribution between any of the above protocols
Protocols
PPP
Multilink PPP
Load Balancing Protocol
Support for URL Filtering
IPv4, IPv6
MPLS L2 & L3
VRRP
Congestion
Random Early Detection and Weighted RED
Weighted Fair Queuing
Priority Queuing
Accounting
Network Time Protocol
Packet & Byte Counts
Start Time Stamp & End Time Stamps
Input & Output interface ports
Type of service, TCP Flags & Protocol
Source & Destination IP addresses
Source & Destination TCP/UDP Addresses
Security
Support for Standard Access Lists and Extended Access Lists to provide supervision and control
Controlled SNMP Access
Control SNMP access through the use of SNMP with authentication
Multiple Privilege Levels
Support for Remote Authentication Dial-In User Service (RADIUS) and AAA
GRE and IP Sec 3DES/AES VPN for configuration of VPN tunnels.
Support for IPSEC Site-to-Site and Remote Access VPNs.
NAT, PAT
Access control – Multilevel
Support ACL’s to provide supervision and control.
Multiple Privilege Levels for managing & monitoring
Support for Remote Authentication User Service (RADIUS) and AAA
Support for Standard Access Lists to provide supervision and control.
Controlled SNMP Access using ACL on router to ensure SNMP access only to identified
management systems
DoS prevention through TCP Intercept & DDoS protection
High Availability (Active-Active)
Other required features
Ethernet Interface of the Router should support 802.1Q
Support for additional Ethernet Interface card
Should have automatic route optimization and load distribution over multiple service provider
E-Government Data Centre TOR – 0.2
August 2010
Page 44/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Firewall Intranet
and Internet
Requirement
networks
Management Requirements
Telnet and SSH
SNMP V1, V2, V3
Shall have Console port for local management
Configuration replacement and roll back functionality
Preplanned reboot
Qty=4
The Firewall should be appliance based
Hardware Architecture
Modular chassis
19’’ rack mountable
Shall Support more or equal to 6 Security Zones physically with 1 Gbps ports isolated from each
other
Console Port 1 number
Statefull
Redundant power supply
>= 6 Gigabit Ethernet Interface
Performance
The firewall throughput performance should be at least 2 Gbps or more
Should support 3DES/AES VPN Throughput of at least 1 Gbps
The firewall should provide at least 1,000,000 or more concurrent connections
Should support 802.1Q trunking
Should have Application inspection for standard applications like DNS, FTP, HTTP, HTTP, ICMP,
NetBIOS Name Service, SMTP, TFTP, rtSP, SiP and H.323 (including Q.931, H.245 and rtP/rtCP)
Firewalling at layer 2 and layer 3 of the OSI layer
Static route, RIPv2, and OSPF
NAT and Port Address Translation feature
Optional support to perform intelligent packet filtering, URL filtering.
Should support IPv4 and IPv6.
Support to be able to detect, respond to and report any unauthorized activity.
Firewall features shall include:
Application/Protocol Inspection Engines
L2 transparent firewalling
Advanced HTTP Inspection Engine
Time-based ACLs
VPN feature shall support:
3DES/AES VPN Throughput above 120 Mbps
SSL VPN
IPsec VPN Peers above 5000
IPSec, ESP, PPTP, L2TP, L2TP/IPSec,NAT Transparent IPsec, IPsec/UDP, IPsec/TCP
Key Management: Internet Key Exchange (IKE)-Aggressive and Main Mode (Digital certificates)
Diffie-Hellman (DH) Groups 1, 2, and 5 Perfect Forward Secrecy (PFS) Rekeying
IPsec (ESP) using Data Encryption Standard (DES)/Triple DES (3DES) (56/168-bit) or AES
(128/256-bit) with MD5 or SHA
Client Software: support for Microsoft Windows 7 and before, Unix Systems, MAC OS, Solaris
VPN Clustering and load balancing
Authentication
E-Government Data Centre TOR – 0.2
August 2010
Page 45/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
IPS
Requirement
Remote Authentication Dial-In User Service (RADIUS)
Active Directory authentication
Security Dynamics (RSA SecurID Ready)
External user authorization information may be obtained via LDAP or RADIUS
High Availability (Active-Active)
Management
Embedded web based configuration / management support
Should have Management access through console, SSH and GUI for managing the firewall
Should have the capability of restricting the access through the Console and out-of-band
management interface to protect the devices from local threats
Qty=2
The IPS should be appliance based.
The IPS should have the following Interfaces
The IPS should have minimum of 4 pairs of 10/100/1000 ports to support up to 4 inline
protected segment support.
Scalability: Fiber and Copper
1 Dedicated Management port
Performance and Availability
The IPS device should provide a throughput of at least 2 Gbps
Attack Detection Techniques
The IPS System should have the following attack detection techniques
Vendors Signature Database of at least 1000 signatures.
Shall be able to support user defined signatures.
Zero day attack protection using protocol and traffic behaviour analysis.
Backdoor Detection
DoS/ DDoS / SYN-flood/ TCP-flood /UDP-flood
Monitoring of protocols such as TCP/IP, ICMP, FTP, SMTP etc.
Attacks filters on spyware, VoIP vulnerabilities, Phishing, malware, virus, network worms,
Trojans, peer-to-peer applications etc.
Action on Attacks
The IPS system should be able to do the following in the event of detecting an attack:
Drop/Block/Terminate attacks in real time without logging.
Block/Drop/Terminate attacks in real time and log.
Reset connections without logging.
Reset connections and log.
None (Log only)
Other Capabilities
Should be capable of handling fragmentation and TCP reassembly etc.
Shall be able to support user defined signatures.
Shall be able to support automatic signature update from the OEM over the internet using a
secure communication mechanism in the case of emergencies.
Default security policy.
High Availability
The device should support fail-open.
The device should support redundant power supply.
Deployment Modes
The IPS should be deployable in the following modes:
in-line mode
E-Government Data Centre TOR – 0.2
August 2010
Page 46/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Application
delivery
controller
Requirement
Management and Monitoring Capabilities
The IPS Systems should have a Management Console and remote telnet, SSH and Web
capabilities for basic configuration of the device
The IPS should have a dedicated port for Out-of-Band Management and should not use any
traffic ports for the management purpose
Should have the capability to store the attack logs and view them in the form of reports.
The system should have pre-defined reports.
The system should also have the capability to fully customize the reports as desired by the user.
The system should be able to support log file, Syslog and SNMP v1, v2,v3.
Shall support role based administration for various administrator and user levels.
Qty=2
Architecture
19’’ rack mountable
Should be appliance based.
Server load balancer should have ASIC based architecture & not PC based architecture
Should have min 4 x 10/100/1000 Base T Ports.
Should support minimum 2 Gbps L7 throughput and upgradeable to 4 Gbps without change in
hardware or any new addition in hardware
Support Layer 4 load balancing and Layer 7 content switching technologies
Should support logical interfaces
Should support Port Aggregation IEEE 802.3ad
Should support VLAN Trunk IEEE 802.1Q
Should have 1GB RAM.
Should support 500,000 connections
Should support virtual devices
Should support SSL acceleration
Should support following deployments
Routing Mode : where client-side and server-side VLANs are on different subnets
Bridge Mode: where client-side and server-side VLANs are on the same subnets.
Load Balancing Features
Should support minimum 200 or more real Servers for load balancing.
Should support minimum 200 or more Virtual servers.
Should support following load balancing algorithms
Cyclic - Round Robin
Hash
Weighted Cyclic
Least Connections
Least number of users.
Least Bandwidth
Least Response time
Hash address/cookie/header/URL
Server load balancing based on SNMP parameter like CPU load, Memory utilization etc.
Should support Client NAT & Server NAT
In case of Server / Application failure device should detect it in not more than 30 seconds.
Should support following content based Load balancing features
It should be able to support global load balancing in future with the help of software or
internal/external hardware upgrade.
HTTP Header based redirection
URL-Based Redirection
E-Government Data Centre TOR – 0.2
August 2010
Page 47/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
XML Firewall
Requirement
Browser Type Based Redirection
Preferential Treatment (Cookie Based)
Caching:
Should provide at least 1 GB
Support for dynamic caching technology
Compression
Support for hardware-accelerated data compression
Server Management Features
Should support Graceful shutdown of Servers
Should support Graceful Activation of Servers
Should able to redirect traffic based on Source IP, Destination IP & TCP PORT
Health Monitoring
Should provide individual health checks for real servers & farms
Should allow monitoring protocol like HTTP, HTTPS, SMTP, POP, FTP, UDP etc.
Should allow to configure Customize health probes based on TCP & UDP parameters
Should provide GUI to configure Health Monitoring
Support for user defined / custom health checks as per the requirement.
Redundancy
Should support industry standard redundancy protocol like VRRP.
Should support transparent failover between 2 devices
Should Supports active-standby and active-active redundancy.
Management
Should support the following Management Applications
SSH
HTTPS
Console
SNMP (V1, V2 and V3)
Should support GUI for configuration & monitoring
Qty=2
Architecture
19’’ rack mountable
Should be appliance based.
Should have min 4 x 10/100/1000 Base T Ports.
Should have 2GB RAM.
Should support virtual devices
Should support XML acceleration
Provides native integration with directory and identity systems such as Lightweight Directory
Access Protocol (LDAP), Kerberos and Microsoft Active Directory, CA Netegrity, and IBM Tivoli
Access Manager etc.
Threats
Defends against XML threats
Protects against identity, content-based, personnel, response compliance, message transport,
and XML denial-of-service (XDoS) attacks
Cost-effectively enforces XML schema at runtime and prevents structural attacks
Transformation
XSLT
Xpath
GUI mapping
E-Government Data Centre TOR – 0.2
August 2010
Page 48/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Item
Requirement
SDK
Standards
Simple Object Access Protocol (SOAP) 1.1 and 1.2
SOAP With Attachment (SWA) 1.1
Web Services Description Language (WSDL) 1.1
Xpath
E-business XML (ebXML)
Representational State Transfer (REST)
Extensible Stylesheet Language Transformation (XSLT) 1.0
Web Services Addressing (WS-Addressing)
Server Management Features
Should support Graceful shutdown of Servers
Should support Graceful Activation of Servers
Should able to redirect traffic based on Source IP, Destination IP & TCP PORT
Message formats
XML
SOAP 1.1 and SWA
SOAP 1.2
Message Transmission Optimization Mechanism (MTOM)
Flat file
Many industry-standard document styles
Redundancy
Should support industry standard redundancy protocol like VRRP.
Should support transparent failover between 2 devices
Should Supports active-standby and active-active redundancy.
Management
Should support the following Management Applications
SSH
HTTPS
Console
SNMP (V1, V2 and V3)
Should support GUI for configuration & monitoring
10 Helpdesk System
An ITIL based Helpdesk system would be used for assisting the service delivery for the DC. Helpdesk
system would automatically generate the incident tickets and log the call. Such calls are forwarded
to the desired system support personnel. These personnel would look into the problem, diagnose
and isolate such faults and resolve the issues timely. The helpdesk system would be having
necessary workflow for transparent, smoother and cordial DC support framework.
o
o
o
Provide flexibility of logging incident manually via windows GUI and web interface.
The web interface console of the incident tracking system would allow viewing,
updating and closing of incident tickets.
System should provide Knowledge base
E-Government Data Centre TOR – 0.2
August 2010
Page 49/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
o
o
o
o
o
o
o
o
o
Provide seamless integration to events/incident automatically from the management
console.
Allow categorization on the type of incident being logged.
Provide classification to differentiate the criticality of the incident via the priority levels,
severity levels and impact levels.
Each incident could be able to associate multiple activity logs entries manually or
automatically events / incidents from other security tools.
Provide audit logs and reports to track the updating of each incident ticket.
Proposed incident tracking system would be ITIL compliant.
It should integrate with Enterprise Management System event management and
support automatic problem registration, based on predefined policies.
It should be able to log and escalate user interactions and requests.
It should provide status of registered calls to end-users over email and through web.
11 Operations and Maintenance
Provide 24x7 operating and maintenance services for a period of 3 years from the date of
commissioning of the data center. The scope of the services for overall Physical and IT
infrastructure management as per ITIL framework during this period shall include 24X7 Monitoring,
Maintenance and Management of the entire Data Center, along with providing Helpdesk services.
The scope of work during the operations phase is divided into following areas which are tabled
below:
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
o
System Administration, Maintenance & Management Services
Network Management Services
Backend Services (Mail, messaging etc.)
Server and Storage Administration & Management Services
Security Administration & Management Services
Backup & Restore Services
Physical Infrastructure Management and Maintenance Services
Helpdesk Services
Database Administration & Management
Physical Security Services
Preventive Maintenance Services
Corrective Maintenance Services
Asset Management Services
Configuration/ Reconfiguration Management Services
Vendor Management Services
Virus Management
Electricity & Diesel management
Certifications
Patch Release Update management Etc.
E-Government Data Centre TOR – 0.2
August 2010
Page 50/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
12 Testing and Commissioning
Commissioning shall involve the completion of the Data Center site preparation, supply and installation
of the required components and making the Data Center available to OMSAR for carrying out live
operations and getting the acceptance. All the components would be tested by the oMSAR. Acceptance
Test procedure has to be submitted by the bidder and approved by OMSAR. If required additional test
may be proposed by OMSAR and the same need to be carried out by the bidder. Any tools and
equipment required to carry out tests has to be arranged by bidder at their own cost.
Acceptance testing shall be carried out before the commencement of Live Operations. The Data Centre
would be tested for the following parameters:
o Electrical Requirements
o Cooling & Environmental Control
o Smoke & Fire Detection, Prevention & Suppression requirements
o Surveillance & Physical Security
o LAN Passive and Active Components
o Logical Security
o Training on the Data Center infrastructure.
All documentation generated during design, installation, commissioning and training phase shall be
mandatory and be made available to the Tendering Authority.
13 Disaster Recovery Site
13.1 Objectives
The main objectives are:
o
o
o
Maintain all IT service active in case of a major failure at the main site.
Restore the services back to normal quickly and efficiently.
Automate failover and fallback processes.
The included infrastructure is:
o
o
o
o
o
o
Applications
Operating Systems
Hardware
Network Infrastructure
Monitoring and Management Solution
Backup and Storage solution
13.2 Requirements
o
The site will be hosted in a major city other than Beirut where fiber optic is available at
nearby Central Office.
E-Government Data Centre TOR – 0.2
August 2010
Page 51/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
o
o
o
o
o
o
o
o
o
o
o
o
o
Ensure that the solution (hardware, software and network) is functionally equivalent to
the main site and that it meets the sizing parameters and the performance
requirements.
The site must be designed to act as warm disaster recovery site in active standby mode
with the main site.
Proposal for end to end virtualization solution are encouraged. The bidder should
propose this solution and include why it is better than other alternatives.
The solution architecture should be based on service oriented architecture (SOA) and
open standard and should identical to the main site system. It should be high scalable
and enable high performance and availability.
Provide the same software for all software (GSB and portal etc.) which are functionally
equivalent to the GSB production environment.
The hardware solution should ensure no single point of failure in terms of hardware,
software and network components and high availability and provide redundancy.
The hardware solution must satisfy the security requirement at the main site.
The hardware solution must be integrated and compatible with the backup and storage
solution SAN at the main site.
The solution monitoring component should be integrated with the main site monitoring
solution.
The solution must achieve a Recovery Time Objective of xxxh and a Recovery Point
Objective of xxxh in Active/Passive scenario.
Capability of automatic and manual Failover (partial or complete) from and to the main
site.
The administrator should be able to remotely access all the components from the main
site and from the Internet.
The same guidelines (General, Hardware & Software and Network) should be applied for
the disaster recovery site.
14 Portal and GSB specifications
14.1 Government Service Bus (GSB)
14.1.1 Objectives
The goal of the is to become the principal platform of integration of services for the provision of
various government electronic services and transactions, a provider of common value-added
shared services used by all connected government ministries and entities and to standardize and
simplify the mutual data exchange. The connected governmental entities will use a common
infrastructure for integration, sharing of data and the use of centralized shared services. The GSB
standards ensure that the exchange between parties will run safely, reliable and efficiently.
The Enterprise Service Bus (ESB) is the core engine that enables deploying the OMSAR GSB
platform.
E-Government Data Centre TOR – 0.2
August 2010
Page 52/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
14.1.2 GSB Requirements
14.1.2.1 General Design Requirement
o The solution software and hardware design should be based on a consolidated GSB and
Portal as a single entity.
o Unified software (out-of-the-box solution) product for implementing and deploying a
Service-Oriented Architecture (SOA).
o Bus-related engines that provide data transformation, XML and intelligent routing
services and the communications bus.
o Support for the standard forms of connectivity such as Web services, J2EE connectors
and JMS etc.
o Support for highly distributed deployment: services shall be accessed in a standard way
without the need to understand the underlying technologies or global location.
o Fault avoidance, Fault tolerance and ease of use are major aspects of the ESB
o Scalability is essential to enable ESB to deal not just with current projects but can also
provide an extensible, adaptable platform for future growth
o Interoperability of the ESB messaging product with other messaging products.
o A high level of performance is essential to ensure that newly integrated and automated
operations can be carried out effectively and efficiently, despite the inevitable spikes in
demand for particular services
o Support integration with a wide range of third-party and legacy systems and services.
o Support for extensibility (and extensions indistinguishable from the out-of-the-box
options). Provide entities to add capabilities themselves. For example: The capability to
talk to an aging legacy system using a home-grown messaging system.
o An IAM (Identity Access Management) solution shall be proposed that has proven to
have industrial-strength capabilities and is highly resilient, highly scalable and flexible in
delivery.
o The integration between OMSAR GSB and remote ministries and agencies depends on
the level of e-services readiness and can be deploy using the adapters or the web
services if any.
14.1.2.2 ESB Requirements
The ESB shall be compliant to the following minimum features:
Category
Capability
Description
Messaging
Content Based Routing
Content-based routing seeks to
route messages, not by a
specified destination, but by the
actual content of the message
itself
Asynchronous actions
Asynchronous actions are actions
executed
in
non-blocking
scheme, allowing the main
program flow to continue
E-Government Data Centre TOR – 0.2
August 2010
Page 53/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
processing
Synchronous Messaging
Ability to simulate synchronous
communications, whereby the
calling program waits for a result
before continuing processing.
Message
Validation is to simply verify that
an incoming message contains a
well-formed XML document and
conforms to a particular schema
or
WSDL
document
that
describes the message.
Validation
E-Government Data Centre TOR – 0.2
Publish/subscribe messaging
and
Store-and-forward
messaging in real time.
Under
publish/subscribe,
information is published to any
subscriber authorized to receive
on a topic where a publisher is
sending messages. Filters can be
added to let subscribers further
refine the information that
matches their registered interest,
a highly efficient way to operate
in a many-many environment.
Store-and-forward
holds
messages in situations where
variable levels of availability are
likely, such as in operations that
cross many time zones. The
information can be stored until
the next step in the service is
open for business
Protocol Translation
Ability to translate from one type
of communication protocol to
another
Guaranteed Delivery
WS-ReliableMessaging -describes
a protocol that allows messages
to be delivered reliably between
distributed applications in the
presence
of
software
component, system, or network
failures.
Message Throttling
Configuration to allow only a
specific number of messages to
August 2010
Page 54/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
reach the service in a specific
period of time
Adapters
Failed Message Routing
When a message fails on a
receive port it is routed to a
location where additional action
can be taken
Load Balancing
Ability deploy multiple instances
of a service and use a load
balancer to dispatch requests
and spread out the service
request traffic
FTP/HTTP/SMTP/POP3/IMAP
Support of multiple protocols
Framework for Custom
Existing
documentation/examples and or
framework for creating custom
adapters
Adapters
EDI Support
Transfer of structured data, by
agreed message standards, from
one computer system to another
without human intervention
Message
Transformation
Schema Mapping
GUI tool to enable the mapping
of schema’s and allows record
mappings to be manipulated
through the use of cut-and-paste
or drag-and-drop.
Business
Process
Management
(service
orchestration
and others.)
Rule Separation / Rule Reuse
Across Processes
Dynamic Reconfiguration
Dynamically add new service
producers and consumers to a
scenario (orchestrations) at
runtime, without requiring a
recoding of a process or service
E-Government Data Centre TOR – 0.2
Exception Handling
Mechanism
for
handling
exceptions occurring within an
orchestration gracefully
Long Running Transactions
Orchestrations that take a long
time to complete
August 2010
Page 55/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Web Service Generation
Ability to publish/generate web
services from orchestrations
Atomic Transactions
Centers
around
short-lived
operations, or in other words,
processes were the success or
failure of a transaction is needed
to be known rapidly.
WSCoordination
Extensible
framework
for
providing
protocols
that
coordinate the actions of
distributed applications.
Support BPEL (Business
Process Execution Language)
Design, simulation, and execution
of business
processes
using
BPEL4WS
Version 1.1 and WS-BPEL Version
2.0 specification
Manageability
(Operations
and
Management,
Deployment
and others)
Extensible API Support
Ability
to
programmatically
interact with Service externally.
The services are the web services
published within the ESB
Logging
Logging of messages and ease of
access to these messages
Poison Message
A poison message is a message
that has exceeded the maximum
number of delivery attempts to
the application. This situation can
arise when a queue-based
application cannot process a
message because of errors.
Handling
Resubmission)
(Repair,
A comprehensive
handling mechanism
error
Performance Monitoring
E-Government Data Centre TOR – 0.2
August 2010
Uniform
mechanisms
for
identifying,
managing,
and
monitoring both technical and
business errors, with the ability
to customize specific error
behavior as needed.
Tool for monitoring system
behavior and performance
Page 56/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Message Tracking
Tool to track messages as they
flow through the Services Layer
High Availability
Constant availability of a service
regardless of the status of the
hosting or dependent servers on
which it runs.
Tracking and Debugging
GUI tool to allow for tracking and
debugging of process flow.
Flows
Statistics
Allow the information to be
gathered dynamically in a live
environment and monitor all
business process by user-defined
Key Process Indicator (KPI)
Service Provisioning
Ability to compose new services
and register them in a
configuration-based
fashion.
Users can add or modify flows
without having to restart
components.
And Registration
Data Archiving and Purging
Mechanism to archive data, as
well set parameters to purge
data.
Ease
of
Application
Deployment and migration
Tool to assist in deployment or
migration of services, maps etc
Complex Event
Processing
Prebuilt integrations for own
and
third-party
event
processing engines
Tool to manage publication
management of business events
A
business
rules engine
Rule Authoring/Definitions
GUI to be able to author business
rules.
Versioning
Ability to deploy new versions of
business rules, ability to have
several versions that can be
deployed.
API (Design
Published API for interacting with
Business Rules from external
applications
and Runtime)
Security
E-Government Data Centre TOR – 0.2
Content
Support
August 2010
for
encryption
Page 57/62
of
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
Encryption/Decryption
message contents.
WS-Security
WS-Security
describes
enhancements to SOAP
messaging to provide quality of
protection through message
integrity,
message
confidentiality,
and
single
message authentication
Content
Authentication
Authorizations
based
and
based on the content of the
messages
Digital Signatures
Ability to use digital signatures to
grant permissions
Non-Repudiation
Ensure
message
received
to have
message
Access & Single Sign On
Security
Federated
Management
E-Government Data Centre TOR – 0.2
Authentication or Authorization
Identity
August 2010
that a transferred
has been sent and
by the parties claiming
sent and received the
ASSO Security Layer was
designed to achieve single access
point for e-Services and to
support federated authentication
request in the interregional
domain. The layer of regional
security has the priority to
consolidate the system of
Identity
and
Access
Management,
by
making
available authentication services
through various authentication
mechanisms
(i.e.
user
id/password, smart card, etc.)
and through the use of protocols
such as WSS (security token
X.509), SAML2.0 and XACML.
An SOA approach that allows
many forms of user credentials to
support identity assertion and
transformation based on open
standards
Page 58/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
14.2 Portal Requirements
Category
Design,
Development
Layout
Description

&











Navigation
Architecture

E-Government Data Centre TOR – 0.2
The portal categorize the following type of users:
- National Citizens: Lebanese nationals
- Government employee
- Visitors
- Residents
- Immigrants
- Companies (registered within the
ministry of economy)
Citizen friendly design and layout so all categories of visitors find it
comfortable and easy to access the desired information with
minimum hassle.
A Standardized format and enhanced graphical look for all pages;
thereby establishing a unified theme throughout the portal.
Find Locate and access the desired information easily with minimum
training.
Color scheme of the portal and the positioning as well as consistency
of the design elements has to be such that it allows for legibility and
easy reading. Different colors can be used for multiple profiles.
Design different views/profile per category/type of visitors Layout
based on templates. The centrally-controlled site design and usability
through templates enables separation of the design of the site and
the content that needs to be posted on the site.
Dynamic content repository
Multilanguage support (Arabic, French, English and Portuguese and
more). Normally Arabic is the default language of the website but
language can be customized by visitor location.
Spell check: to ensure that the content on the site is checked before
publishing
Revision tracking and history
Support for a Service Oriented Architecture that facilitated
development on the SOA model using XML Web Services
Support for the open Internet standards, such as HTTP, XML and
SOAP which are used to exchange data between the portal and the
remote applications within the ministries shall be built into the
Portal’s architecture.
A clear and unique navigation scheme across all pages and sections.
The navigation scheme should formulate and regulate the use of the
combination of the following:
- Top Menu
- Breadcrumb
- Left and Right Menus with dropdown
and drilldown functionality
August 2010
Page 59/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
-
Accessibility






Reliability



Content










E-Government Data Centre TOR – 0.2
Shortcut links to most popular or
essential pages (Highlight new
information in a prominent manner)
Link to a “Site Map” page
Universal accessibility of the Portal through web, mobile, PDA … to
the entire cross-section of the target visitors including people with
certain disabilities.
Portal must be functional on as many browsers as possible without
being technology or platform dependent.
Portal must be conformant to the Web Content Accessibility
Guidelines 1.0 developed by the World Wide Web Consortium (W3C)
High-speed upload/download response times for low-end to high end
users (consider the ADSL speed available in Lebanon ex: 128kbps to
256kbps) that are used by the average citizen.
Online search result via Google or any search engine should appear
first in the search results. SEO or search engine optimization is a
practice to making the portal attractive to search engine.
Disclaimers, privacy and security policies, terms and conditions and
copyright information to encourage people to use e-government
services and information
All access to the portal must be logged and auditable
IT monitoring—Capabilities to observe the resources to ensure
they’re running properly
Public Administration Structure Profile (General Description,
Organization Chart, Mandate of each entity…)
Government initiatives (E-Government roadmap publication and
updating, E-government strategy,...)shown in a prominent manner
Government accomplishment in terms of e-government (GIS portal,
COOP, Government repository, Government Forms Standardization
Project...) shown in a prominent manner.
Procurement Section (tenders...)
Latest news (can include both above section, Media releases,
speeches and other relevant public information released by the
entities or be presented in different sections...)
Classification or Segmentation of information according to citizens,
companies, residents and visitors or immigrants etc…. Each section
has a different kind of information for each type of visitor.
Categorization of content by topics, services, sector or profession (: AZ index, Services, ministries, entities, NGO etc...)
List all ministries with complete contact details (phone, fax, e-mail,
address, interactive maps, contact person ...)
List
relevant
Lebanese
laws
section
(or
direct
to
www.lebaneselaws.com)
Personalize some areas of the portal to a visitor’s area of interest. A
August 2010
Page 60/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager













Content
management
system (CMS)




E-Government Data Centre TOR – 0.2
section “Do it at Anywhere, Anytime” instead of “Do it Online”.
Update the sites on a regular basis specifically dynamic section like
“latest news”.
Section for citizen suggestions, complaints and feedback using online
surveys or other means of delivery.
Advanced search features and search tips with search for information
in other government services to allow visitors to easily find services
and content.
It should support standards based open interfaces
such as XML and HTTP. It shall also support content in multiple
formats such as Microsoft Office (Word, PowerPoint, Excel), html,
pdf, etc. It should enable users to restrict search to specific data types
Location locator (hospital, ministries ...)
Live web chat/blogs Careers section for government jobs.
Audio and video clips..?
Ads for government entities (initiatives, news, jobs...)
Basic Authentication to open up access to personalized pages. We
intend to use Username/Password based authentication for citizens.
Provision for integration with a single sign-on application with the
latest industry standards-based security protocols and algorithms.
Site Tutorial.
Site Map
FAQ
The page must carry the date the page was last modified. The
modified date must be displayed in full text format and should also be
included in the page metadata.
Provide link on all pages to mandatory elements of the website, i.e.,
all pages shall contain the following links to these elements of the
web site:
o About us
o Contact us
o Feedback
o Sitemap
o Search
Support for standard, proven, commercially off the shelf available
software for Content Management System.
Implement content management application for managing publishing
of content that will include the whole workflow and tasks such as
Authoring, Aggregating, Reviewing, Approving and Publishing of
content.
Ensure that pre-defined approval process is implemented for
accurate content in consistent format. Identify Content Owner(s) is
necessary to maintain different versions and publish content on the
web portal for the defined time interval only
Shall offer complete feature sets for content contribution and
delivery, site development, and enterprise site management such as
August 2010
Page 61/62
Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR)
Rania FAKHOURY
ICT Project manager
content creation for non-technical business users, content delivery to
multiple audiences and devices, and site development.
E-Government Data Centre TOR – 0.2
August 2010
Page 62/62