KURSEVI c4f Annexiitechspeciiitechoffer En-Lot 1

ANNEX II + III : TECHNICAL SPECIFICATIONS + TECHNICAL OFFER
Publication reference:
Contract title: Supply of equipment for institutions in the area of justice and home affairs with the following LOT:
LOT 1 - Supply of Interoperability and ICT equipment
Columns 1-2 should be completed by the Contracting Authority

Columns 3-4 should be completed by the tenderer
Column 5 is reserved for the evaluation committee
Annex III - the Contractor's technical offer
The tenderers are requested to complete the template on the next pages:
 Column 2 is completed by the Contracting Authority shows the required specifications (not to be modified by the tenderer),
 Column 3 is to be filled in by the tenderer and must detail what is offered (for example the words “compliant” or “yes” are not sufficient)
 Column 4 allows the tenderer to make comments on its proposed supply and to make eventual references to the documentation
The eventual documentation supplied should clearly indicate (highlight, mark) the models offered and the options included, if any, so that the evaluators can see the
exact configuration. Offers that do not permit to identify precisely the models and the specifications may be rejected by the evaluation committee.
The offer must be clear enough to allow the evaluators to make an easy comparison between the requested specifications and the offered specifications.
Unless otherwise specified, the requirements in these Technical Specifications are presented as a minimum standard which the offered goods must meet in
order to be compliant. Tenderers may not submit a variant solution for the items required in these Technical Specifications. When brand names are used in
the technical specifications, they are “used in descriptive purposes only” since there is no other comprehensive description possible. The tenderer is
expected to submit documentary evidence (brochures, technical data sheets etc.) of the technical compliance of his offer.
15 January 2016 Page 1 of 169

406772580.doc
1. Abbreviation List
The following abbreviations are used consistently throughout the document:
AC Alternating current
CAT5 cables Category 5 cabling
CD Compact disc
CE Conformité Européenne
CEE Euro plug
CPU Central Processor Unit
CV Curriculum Vitae
DC Direct current
DMZ Demilitarized Zone
FAC Final Acceptance Certificate
HDD Hard Disk Drive
HW Hardware
ICT Information-communication Technologies
IEC International Electrotechnical Commission
IP Internet Protocol
iSCSI Internet Small Computer System Interface
ISO International Organization for Standardization
KVM Keyboard Video Mouse
LAN Local Area Network
LDAP Lightweight Directory Access Protocol
LV power cables Low Voltage
MIM2 Message Information Model 2
NAT/PAT Network Address Translation/Port Address Translation
OCR Optical character recognition
RAID Redundant Array of Inexpensive Disks
RDBMS Relational database management system
RoHS Restriction of Hazardous Substances
SAS Serial Attached SCSI
SATA Serial Advanced Technology Attachment

406772580.doc
SHA-1 Secure Hash Algorithm
SIEM Security information and event management
SLA Service Level Agreement
SSL Secure Socket Layer
SW Software
TCO Total Cost Owner
TFT Thin Film Transistor
UPS Uniform Power Supply
VAT Value Added Tax
VPN Virtual Private Network
WAN Wide Area Network
XML Extended Markup Language
2. Description and general Requirements
0 General requirements for hardware and system software
0.1 Project context:

a. provide competent national Institutions with an indispensable national system serving to proactively prevent and combat corruption, organised and serious crime as well as
to effectively counteract other forms of crime;
b. effectively and efficiently enhance cooperation both at national and international scale with relevant counterparts.
c. allow timely and efficient information exchange among all institutions that - in order to comply with their legal mandate - must rely on data owned by other national
Institutions;
d. enable relevant national Institutions to directly search and extract available predefined set of standardised qualitative data from other systems.
The project outcome will certainly assist Beneficiary country to assure justice, freedom and security as well as public order within the country, improving in the meantime both
domestic and international police and judicial relations.
0.2 Current status:
The requirements for the National Interoperability Platform were defined through previous projects - The Ministry of Information Society and Administration through twinning
project coordinated the definition of the Interoperability Framework (IF), in collaboration with the Austrian interoperability experts. Through EU funded project interoperability
platform were implemented and first institutions were connected.
More details for the National Interoperability Platform can we found in the following Macedonian Interoperability Framework (MIF) Documents for Macedonian public services on

406772580.doc
the following location: http://www.mio.gov.mk/files/pdf/Macedonian_Interoperability_Framework MIF_v2.0.pdf. The existing MIF platform is based on Microsoft BizTalk central
communication server, with SSL VPN connections to the communication clients.
The existing status of ICT in the potential Project’s Beneficiary institutions is inadequate to support planned project objectives. The ICT infrastructure is commonly outdated and out
of support, the number of ICT employees is insufficient for daily operations, without resources for new project implementation, and there are no written ICT strategies and policies
with action plans which would consist common methodology and projects needed for achieving defined goals and targets.
From this reason, improvement of general ICT equipment for institutions is planned within the project.
Currently, from institutions included in the project only Custom Administration is using Interoperability Platform for secure data exchange. In order to increase efficiency of combat
against corruption, organised and serious crime as well as to effectively counteract other forms of crime, it is needed to increase amount of data which civil servants can obtain on
their workplaces.
0.3 Project Objectives:
a. Allows the interconnections of relevant pre-identified national databases or systems (at this stage disconnected) containing useful information and intelligence with the aim to
effectively support competent bodies to both prevent and fight organised crime and other forms of crime;
b. Consents competent national authorities to queries and simultaneously obtain pre-defined set of data contained in a wide range of disconnected systems owned, stored and
administrated by different national Institutions;
c. Contributes to the automated data exchange - without human interface - of pre-defined set of data among concerned national Institutions in accordance to each Institution’s legal
mandate (competence);
d. Permits automated compilation and retrieval of unified national and sectorial statistical data;
e. Consents to flag certain data via an early warning system.
Thus, the project result is going to be an interagency intelligence system based on a common Interoperability platform serving:
a. competent national law enforcement agencies to directly retrieve pre-defined set of data from other non-owned systems so as to proactively undertake effective investigations to
tackle corruption, organized and serious crime and other forms of crime.
b. no-law enforcement agencies to directly retrieve certain set of data from other non-owned systems with the aim to professionally and promptly fulfil their legal mandates
respectively.
As Ministry of Information Society and Administration (MISA) is responsible for operation of National Interoperability Platform, so this platform based on MIM2 model will be
used. For installation of Communication Clients (CC) for new institutions MISA will perform the configuration and registration of appropriate CC upon delivery of requested HW
and SW licences, after which MISA will take full control of CC (HW, network equipment and SW).
Therefore, the overall common objective is:
a. to have a broaden access and use across the country;
b. to use the Interoperability platform as a secure interagency tool throughout certified information are made available among the competent national Institutions in accordance to
the level of access, reflecting specific competencies.

406772580.doc
Interoperability architecture concept diagram - exchanging the unclassified data:
The interoperability platform consists of central communication server and communication clients. Every involved participant (state institution or authority) disposes his own
communication client. Concept of the Interoperability system is shown on picture below left. On a picture below right the architecture of network connection of one institution to the
Communication client is presented.
Communication clients (CC)
Every participant possesses his own communication client (CC). In order to be interconnected to the interoperability platform, the participants must be registered on the CS, through
central management portal.
The communication client is server, installed with an appropriate software application. The CC provides access to the approved web services in order to obtain the certain information
(data or/and document). The CCs are installed in the participants’ environment.
The mentioned information (data and/or documents) can be exposed and shared through appropriate web services, which are hosted within the information provider participants’
environment. The web services must be registered centrally towards be accessible to the information consumer participants. The web services registration is performing separately by
the information provider participants through central management portal.
Currently, the registered information consumer participants can use certain web services only if they have approved access (to the concrete web services) by the authorized CS
administrator or administrator from service provider institution. The authorization for the information (data or/and document) exchange between the participants is non-functional
administrative process, referring to the interoperability system. The access authorization is acquiring and managed on CS level, under the signed bilateral contract for collaboration
for concrete information exchange between the involved participants. Based on the contract the authorized institution administrator assign the consumer access to the certain web
services in charge by the certain providers.

406772580.doc
Communication principle
Security is the essential point of the interoperability system. The inter-communication between the entities within the interoperability system framework is on the highest security and
reliable level. The communication channel of the information distribution between the participants (institutions and authorities) relies on the established VPN connections and SSL
authentication protocol, which provides authentication over the encrypted communication channel. Every communication client (CC) communicates with the central communication
server (CS) standardly and consistently, as described before.
Additionally, every participant dispose unique digital certificate, issued by the MPKI Platform within the Ministry of Information Society and Administration. The digital certificates
are installed on the participants’ communication clients, respectively. The communication client digitally signs, encrypts and decrypts each message, sent and received through the
system.
The interoperability system keeps a detailed audit log of all transactions, accompanied with a time stamp at every communication point.

406772580.doc
0.4 Institution list:
The hardware and software must be delivered, installed and implemented at the location of the following institutions:
1. Ministry of Interior of RM (MoI); Forensic Department (FD), Department for the Fight against Serious and Organised Crime (DFSOC) and IT Department – CC already
installed;
2. Ministry of Justice of RM (MoJ);
3. Financial Police Office (FPO);
4. Financial Intellegence Office (FIO);
5. State Commission for the Prevention of the Corruption (SCPC);
6. Supreme Court of RM (SC); Public Prosecutor’s Office of RM (PPO);
7. Agency for Management of Confiscated Property (AMCP);
8. Ministry of Finance; Customs Administration (CA) – CC already installed;
0.5 Project scope:
The delivery includes psychical installation of the hardware and installation of the appropriate system and application software in order to be provided all prerequisites for the
further project deliveries:
 Installation and configuration (rack, server, storage, networking)
 Operation system installation and server virtualization and storage systems initialization
 SSL/VPN links configuration between the entities of the Interoperability system
 Installation and implementation of the software for data protection
 Training
Software is to be installed in appropriate office at location receiving such equipment. The exact locality of software installation will be agreed with the Beneficiary at the time of the
commencement of the delivery.
Delivery of all equipment’s, installations, implementation, integration with existing systems, training and documentation must be in 365 days according to the annexes to the LOT1
(Annex 1: Delivery locations and Annex 2: Distribution of items per location)
Regarding safety requirements, equipment must have necessary operational warnings as well as mechanical interlocks on the equipment operating/generating more than 30 Volts AC

406772580.doc
or DC, in accordance with current IEC and EU standards.
Equipment to be provided must not be hybrid consisted of “of-the-shelve” single items, but rather “designed-as-a-unit”, registered brand name, so-called “turnkey system”.
Software must be licensed to the Beneficiary in order to allow trained personnel of the Beneficiary to perform software installation, update/upgrade, repair/debug and/or
diagnosis/report activities without Contractor assistance.
Equipment allowing capacity upgrading must be provided in a way that upgrades can be performed by installing additional capacity, without discarding the already installed
capacities.
Equipment delivery, including final installation must include all miscellaneous but needed items for equipment delivery and installation in order that the supplies are left in place
fully operational and ready for use. Consumables used during delivery, installation and during testing time before provisional acceptance, must be anticipated and calculated in the
offer. It shall be the sole responsibility of the Contractor to check all site dimensions for completeness of equipment delivery before the commencement of delivery.
The Contractor must provide compatibility of the new equipment with the existing Beneficiary’s IT systems. The delivery of new equipment must not jeopardize functionality or
security of existing Beneficiary’s IT systems and services.
The Contractor must provide necessary measures to prevent any damage during any/all delivery and installation stage(s). If damage occurs it must be rectified in an appropriate way
by the Contractor, which must keep the work site clean and safe against fire and/or other hazards during any/all delivery and installation stage(s) until formal acceptance.
Equipment must conform and/or be compatible with any standards, or with the commonly accepted best production practices currently in force, including any ISO, IEC or other
relevant standards that may apply to each specific category of equipment. The Contractor must deliver a certificate of conformity (issued by a quality control independent regulatory
agency of recognized competence) for each equipment item or group of items.
Equipment must conform to the relevant CE regulation; all equipment must be CE compliant and fully authorised for use in Europe.
All HW equipment must be certified with RoHS standards.
Mains power supply should operate on 220V ± 20V, 50Hz - 60Hz, and be suitable for direct connection to the standard power outlets in Beneficiary country.
User interface language should be in English for all delivered software. For Document management software (DMS), user interface should be in Macedonian language.
User manuals for delivered goods should be in English language for all delivered software.
The tenderer is required to demonstrate that offered specifications are responsive to the tender dossier requirements identifying model and manufacturer of each individual item in
tenderer technical offer and providing necessary documentation such as catalogues, brochures, manuals and/or booklets that provide detailed technical specifications of equipment
being offered thus enabling the contracting authority to check the information provided in the offer
As a minimum the following deliverables have to be elaborated and implemented:

1. Enterprise architecture description document of complete offered solution for the Interoperability system, other software’s and hardware’s items as described in the
Technical Specification, with documented description of implemented systems and subsystems, functionalities and Schema of project implementation
2. Detailed implementation plan document for the Interoperability system, other software’s and hardware’s items described in the Technical Specification. The Contractor
should provide details of his proposed implementation methodology, as well as the project realization plan in as much detail as possible, including all relevant activities, activity
carriers, deadlines, potential bottlenecks and key points. The Contractor is expected to deliver the Interoperability system implementation plan in five phases, as follows:
- Analysis

406772580.doc
- New system design
- Customization and development of new functionalities
- Testing and verification, and
- Go-live (pilot locations and rollout in waves).
3. Detailed test specification and Test plan as described in the Technical Specification (Items 83.3, 84.6, 90.8 and 100.16).
4. End-user manuals should be provided in Macedonian language
5. Detailed Training Plan describing in detail the training modules and topics as well as its duration (submission within 4 months from the commencement
date)
6. The source code developed during the implementation of the solution should be handled to the Beneficiary with detailed technical description.
LOT 1 - Supply of Interoperability and ICT
5.
3. Specifications 4. Notes, remarks, ref to Evaluation
1. Item Number 2. Specifications Required
Offered documentation Committee’s
notes
1. Tower Server Quantity: 6 Tower Server - Quantity: 6
Manufacturer’s name: Manufacturer’s name: DELL
Product type, model: Product type, model: PowerEdge T630
1.1. Format of housing: Tower server Format of housing: Tower server Dell PowerEdge T630 Data Sheet
Chipset: minimum Intel C610 series Dell PowerEdge T630 Data Sheet
1.2. Chipset: Intel C610 series chipset
chipset or equivalent
Processor: 2 x Server Class CPU, Dell PowerEdge T630 Data Sheet

Processor: 2 x Server Class CPU Intel Xeon E5-2650
1.3. minimum 2.2 GHz, 30MB Cache, 12
v4, minimum 2.2 GHz, 30MB Cache, 12 Cores
Cores

406772580.doc
5.
notes
Operational memory: minimum 32GB Dell PowerEdge T630 Data Sheet

Operational memory: 32GB DDR4 installed, support
1.4. DDR4 installed, support for 24 DIMM
for 24 DIMM slots, upgradeable to 1.5TB
slots, upgradeable to minimum 1.5TB
Hard disks: minimum 2 x 300GB 15K Dell PowerEdge T630 Data Sheet
Hard disks: 2 x 300GB 15K RPM and 3 x 2TB 7.2K
1.5. RPM and 3 x 2TB 7.2K RPM 2.5” Hot-
RPM 2.5” Hot-plug Hard Drives
plug Hard Drives
Raid controller: support for RAID levels Dell PowerEdge T630 Data Sheet
Raid controller: DELL PERC H730P, support for
1.6. 0, 1, 10, 5, 50, 6, 60 and at least 2GB of Dell PowerEdge Raid controller
RAID levels 0, 1, 10, 5, 50, 6, 60 and 2GB of cache
cache H730P
Disk space: The model must support the Dell PowerEdge T630 Data Sheet
Disk space: The model supports the ability to upgrade
1.7. ability to upgrade space for up to
space for up to 32 x 2.5"HDD
minimum 32 x 2.5"HDD
1.8. Optical disk: DVD RW Optical disk: DVD RW Dell PowerEdge T630 Data Sheet
Network on board: Ethernet adapter 2 x Network on board: Ethernet adapter 2 x 1Gbit LAN Dell PowerEdge T630 Data Sheet
1.9.
1Gbit LAN ports ports
Additional network card: Ethernet Additional network card: Ethernet adapter 4 x 1 Gbit Dell PowerEdge T630 Data Sheet
1.10.
adapter 4 x 1 Gbit LAN ports LAN ports
1.11 Dell PowerEdge T630 Data Sheet

Connections: minimum 8 USB ports,
Connections: 9 USB ports, 2xVGA Dell PowerEdge T630 USB Ports
1xVGA
Dell PowerEdge T630 VGA Ports
1.12 Expansion slots: minimum 8 PCIe slots Expansion slots: 8 PCIe slots Dell PowerEdge T630 Data Sheet

406772580.doc
5.
notes
1.13 Power supply: minimum two redundant Dell PowerEdge T630 Data Sheet
Power supply: two redundant hot plug power supplies
hot plug power supplies
1.14 12 x Windows Server 2016 Standard per Core 2 lic

Licensing Windows Server 2016
The server has 2 processors, with 12 cores per
Microsoft Server Standard license 2016 processor. The total number of cores is 24 per server. Chapter: Windows Server 2016
or equivalent Since each Windows Server 2016 Standard license Standard and Datacenter: Core-based
covers 2 cores, the total number of licenses per server licensing- table
is 12.
2. Rack Server Type I Quantity: 3 Rack Server Type I - Quantity: 3
Product type, model: Product type, model: PowerEdge R730
Supporting documents for Dell

2.1. Format of housing: 2U Rack server Format of housing: 2U Rack server
PowerEdge R730
Chipset: minimum Intel C610 series Supporting documents for Dell

chipset or equivalent PowerEdge R730
Processor: Server Class CPU, minimum Processor: Server Class CPU Intel Xeon E5-2690 v4, Supporting documents for Dell
2.3. 2.5 GHz, 35MB Cache, 14 Cores, 2.6 GHz, 35MB Cache, 14 Cores, upgradable to 2 PowerEdge R730
upgradable to 2 processors processors
2.4. Operational memory: minimum 64GB Operational memory: 64GB DDR4 installed, support Supporting documents for Dell
DDR4 installed, support for 24 DIMM for 24 DIMM slots, upgradeable to 3TB PowerEdge R730

406772580.doc
5.
notes
Hard disks: minimum 2 x 300GB 15K Supporting documents for Dell

Hard disks: 2 x 300GB 15K RPM and 3 x 2TB 7.2K
2.5. RPM and 3 x 2TB 7.2K RPM 2.5” Hot- PowerEdge R730
RPM 2.5” Hot-plug Hard Drives
plug Hard Drives
Raid controller: support for RAID levels Supporting documents for Dell
2.6. 0, 1, 10, 5, 50, 6, 60 and at least 2GB of PowerEdge R730
cache
Disk space: The model must support the Supporting documents for Dell
2.7. ability to upgrade space for up to PowerEdge R730
space for up to 16 x 2.5 "HDD
minimum 16 x 2.5 "HDD

2.8. Optical disk: DVD RW Optical disk: DVD RW
PowerEdge R730
Network on board: Ethernet adapter 4 x Network on board: Ethernet adapter 4 x 1Gbit LAN Supporting documents for Dell
2.9.
1Gbit LAN ports ports PowerEdge R730
Additional network card: Ethernet Additional network card: Ethernet adapter 4 x 1Gbit Supporting documents for Dell
2.10.
adapter 4 x 1Gbit LAN ports LAN ports PowerEdge R730
Connections: minimum 5 USB ports, Supporting documents for Dell

2.11. Connections: 5 USB ports, 2xVGA, 1xSerial Port
1xVGA, 1xSerial Port PowerEdge R730

2.12. Expansion slots: minimum 7 PCIe slots Expansion slots: 7 PCIe slots
PowerEdge R730
2.13. Power supply: minimum two redundant Power supply: two redundant hot plug power supplies Supporting documents for Dell

406772580.doc
5.
notes
hot plug power supplies PowerEdge R730
Quantity:
3. Rack Server Type II a 10
Rack Server Type II a - Quantity: 10
Rack Server
4. Quantity: 4 Rack Server Type II b - Quantity: 4
Type II b

PowerEdge R730

Processor: 2 x Server Class CPU, Processor: 2 x Server Class CPU Intel Xeon E5-2690 Supporting documents for Dell
4.3. minimum 2.5 GHz, 35MB Cache, 14 v4, 2.6 GHz, 35MB Cache, 14 Cores, upgradable to 2 PowerEdge R730
Cores processors
Operational memory: minimum 192GB Supporting documents for Dell

4.4. DDR4 installed, support for 24 DIMM PowerEdge R730
for 24 DIMM slots, upgradeable to 3TB

406772580.doc
5.
notes
Hard disks: minimum 2 x 400GB SSD Supporting documents for Dell

4.5. Hard disks: 2 x 400GB SSD Hard Drives
Hard Drives PowerEdge R730
4.6. 0, 1, 10, 5, 50, 60 and at least 2GB of PowerEdge R730
cache

PowerEdge R730
Network on board: Ethernet adapter Network on board: Ethernet adapter 2x10Gbit and Supporting documents for Dell
4.9.
2x10Gbit and 2x1Gbit LAN ports 2x1Gbit LAN ports PowerEdge R730
4.10.


PowerEdge R730
Power supply: minimum two redundant Supporting documents for Dell

4.13. Power supply: two redundant hot plug power supplies
4.14. VMware vSphere Enterprise Plus – total VMware vSphere Enterprise Plus – total qty 8 (4 Supporting documents for Dell
qty 8 (4 servers with 2 CPU – 8 CPU

406772580.doc
5.
notes
total) or equivalent servers with 2 CPU – 8 CPU total) PowerEdge R730

4.15. FC HBA adapters 8Gb - total qty 8 FC HBA adapters 8Gb - total qty 8
PowerEdge R730
Licences for SUSE Linux Enterprise Supporting documents for Dell

Licences for SUSE Linux Enterprise Server, x86 &
Server, x86 & x86-64, 1-2 Sockets with PowerEdge R730
4.16. x86-64, 1-2 Sockets with Unlimited Virtual Machines
Unlimited Virtual Machines for total 4
for total 4 physical machines
physical machines, or equivalent
Rack Server
5. Quantity: 2 Rack Server Type II c - Quantity: 2
Type II c

PowerEdge R730

Processor: 2 x Server Class CPU, Processor: 2 x Server Class CPU Intel Xeon E5-2690 Supporting documents for Dell
5.3. minimum 2.5 GHz, 35MB Cache, 14 v4, 2.6 GHz, 35MB Cache, 14 Cores, upgradable to 2 PowerEdge R730
Cores processors
5.4. Operational memory: minimum 128GB Operational memory: 128GB DDR4 installed, support Supporting documents for Dell

406772580.doc
5.
notes
DDR4 installed, support for 24 DIMM PowerEdge R730

Hard disks: minimum 2 x 400GB SSD Supporting documents for Dell

Hard disks: 2 x 400GB SSD Hard Drives and 6 x
5.5. Hard Drives and 6 x 900GB SSD Hard PowerEdge R730
960GB SSD Hard Drives
Drives
5.6. 0, 1, 10, 5, 50, 60 and at least 2GB of PowerEdge R730
cache

PowerEdge R730
Network on board: Ethernet adapter Network on board: Ethernet adapter 2x10Gbit and Supporting documents for Dell
5.9.
2x10Gbit and 2x1Gbit LAN ports 2x1Gbit LAN ports PowerEdge R730
5.10.


PowerEdge R730

406772580.doc
5.
notes
Power supply: minimum two redundant Supporting documents for Dell

VMware vSphere Essentials Plus Kit or Supporting documents for Dell

5.14. VMware vSphere Essentials Plus Kit
equivalent PowerEdge R730

5.15. FC HBA adapters 8Gb - total qty 4 FC HBA adapters 8Gb - total qty 4
PowerEdge R730
Licences for SUSE Linux Enterprise Supporting documents for Dell

Licences for SUSE Linux Enterprise Server x86 &
Server x86 & x86-64, 1-2 Sockets or 1-2 PowerEdge R730
5.16. x86-64, 1-2 Sockets or 1-2 Virtual Machines for total
Virtual Machines for total 4 virtual
4 virtual machines
machines or equivalent
6. Rack Server Type III Quantity: 2 Rack Server Type III - Quantity: 2
7. Rack Server Type IV Quantity: 5 Rack Server Type IV - Quantity: 5
8. Rack Server Type V Quantity: 1 Rack Server Type V - Quantity: 1
Converged
9. Quantity: 2 Converged architecture solution - Quantity: 2
architecture solution

406772580.doc
5.
notes
Rack cabinet system

Rack cabinet system with servers and storage -
10. with servers and Quantity: 1
Quantity: 1
storage
Manufacturer’s name: Manufacturer’s name: TRITON
Product type, model: Product type, model: RMA 27
10.1. Rack cabinet with accessories Rack cabinet with accessories Free Standing Cabinets
10.2. Format of housing: 24U Rack cabinet Format of housing: 27U Rack cabinet Free Standing Cabinets
Standard equipment: minimum Rack Free Standing Cabinets

casters kit, rack levelling feet, side Standard equipment: Rack casters kit, rack levelling
10.3. panels, front door, adjustable vertical feet, side panels, front door, adjustable vertical
mounting rails, roof, keys, split mounting rails, roof, keys, split perforated rear door
perforated rear door
Features: Adjustable depth, integrated Features: Adjustable depth, integrated cable Free Standing Cabinets
10.4.
cable management management
PDUs: minimum 2 x Rack PDU with 24 Free Standing Cabinets

10.5. PDUs: 2 x Rack PDU with 24 Output Connectors
Output Connectors
10.6. KVM Switch: 4 port, rackable KVM Switch: 4 port, rackable Free Standing Cabinets
10.7. KVM console: minimum LCD 18.5", KVM console: Dell LED KMM, 18.5", LCD 18.5", Free Standing Cabinets
resolution 1366 x 768 WXGA, USB 2.0 resolution 1366 x 768 WXGA, USB 3.0 Hub with 2
Hub with 2 ports, 1U, International

406772580.doc
5.
notes
English Keyboard ports, 1U, International English Keyboard - DELL
11. UPS device Quantity: 2 UPS device RIELLO SDU5000 - Quantity: 2
11.1. Rack mountable Rack mountable RIELLO UPS Sentinel Dual 5-10kVA
11.2. On-line double conversion On-line double conversion RIELLO UPS Sentinel Dual 5-10kVA
11.3. 5000VA/4500W 5000VA/5000W RIELLO UPS Sentinel Dual 5-10kVA
11.4. Pure sinewave Pure sinewave RIELLO UPS Sentinel Dual 5-10kVA
11.5. 8 output connections 8 output connections RIELLO UPS Sentinel Dual 5-10kVA
11.6. Hot swappable batteries Hot swappable batteries RIELLO UPS Sentinel Dual 5-10kVA
Connection ports: 1x USB, 1x RS-232, RIELLO UPS Sentinel Dual 5-10kVA

11.7. Connection ports: 1x USB, 1x RS-232, 1x SNMP
1x SNMP
11.8. panel, with status indication panel, with status indication RIELLO UPS Sentinel Dual 5-10kVA
Management software for monitoring RIELLO UPS Sentinel Dual 5-10kVA

11.9. Management software for monitoring and control
and control
12. Servers Quantity: 2 Servers DELL PowerEdge R730 - Quantity: 2
12.1. Format of housing: 2U Rack server Format of housing: 2U Rack server Dell PowerEdge R730 Data Sheet

406772580.doc
5.
notes
Chipset: minimum Intel C610 series Chipset: minimum Intel C610 series chipset or Dell PowerEdge R730 Data Sheet
12.2.
chipset or equivalent equivalent
Processor: 2 x Server Class CPU, Processor: 2 x Server Class CPU Intel Xeon E5-2690 Dell PowerEdge R730 Data Sheet
12.3. minimum 2.5 GHz, 35MB Cache, 14 v4, 2.6 GHz, 35MB Cache, 14 Cores, upgradable to 2
Cores processors
Operational memory: minimum 128GB Dell PowerEdge R730 Data Sheet

12.4. DDR4 installed, support for 24 DIMM
Hard disks: minimum 2 x 400GB Solid Hard disks: 2 x 400GB Solid State 2.5” Hot-plug Dell PowerEdge R730 Data Sheet
12.5.
State 2.5” Hot-plug Hard Drives Hard Drives
Raid controller: support for RAID levels Dell PowerEdge R730 Data Sheet
12.6. 0, 1, 10, 5, 50, 6, 60 and at least 2GB of
cache
Disk space: The model must support the Dell PowerEdge R730 Data Sheet
12.7. ability to upgrade space for up to
12.8. Optical disk: DVD RW Optical disk: DVD RW Dell PowerEdge R730 Data Sheet
Network on board: 2 x 1Gbit and 2 x Network on board: 2 x 1Gbit and 2 x 10Gbit LAN Dell PowerEdge R730 Data Sheet
12.9.
10Gbit LAN ports ports
Additional network card: Ethernet Additional network card: Ethernet adapter 2 x 10Gbit Dell PowerEdge R730 Data Sheet
12.10.
adapter 2 x 10Gbit LAN ports LAN ports

406772580.doc
5.
notes
Power supply: minimum two redundant Dell PowerEdge R730 Data Sheet
hot plug power supplies
13. SAN switches Quantity: 2 SAN switches DELL N4032 - Quantity: 2
13.1. Number of ports: minimum 24 Number of ports: 24
Port type: 24x 10GbE RJ45 auto-sensing Port type: 24x 10GbE RJ45 auto-sensing
13.2. Dell Networking N400 series
(10Gb/1Gb/100Mb) fixed ports (10Gb/1Gb/100Mb) fixed ports
Traffic-port features: Auto-negotiation Dell Networking N400 series

for speed and flow control, Auto Traffic-port features: Auto-negotiation for speed and
MDI/MDIX, Port mirroring, Flow-based flow control, Auto MDI/MDIX, Port mirroring, Flow-
13.3. port mirroring, Broadcast storm control, based port mirroring, Broadcast storm control, Energy
Energy Efficient Ethernet per port Efficient Ethernet per port settings, Port Profile
settings, Port Profile support including support including Admin profiles
Admin profiles
Switch attributes: Line-rate Layer 2 Switch attributes: Line-rate Layer 2 switching, Line- Dell Networking N400 series
13.4.
switching, Line-rate Layer 3 routing rate Layer 3 routing
13.5. CPU memory: minimum 2GB CPU memory: 2GB Dell Networking N400 series
13.6. Flash memory: minimum 256MB Flash memory: 256MB Dell Networking N400 series
Switch fabric capacity: minimum Dell Networking N400 series

13.7. Switch fabric capacity: 640Gbps (full duplex)
640Gbps (full duplex)
13.8. Forwarding rate: minimum 476 Mpps Forwarding rate: 476 Mpps Dell Networking N400 series

406772580.doc
5.
notes
Priority queues per port: minimum 8 per Dell Networking N400 series
13.9. Priority queues per port: 8 per port
port
13.10. MAC addresses: minimum 16k MAC addresses: minimum 131,072k Dell Networking N400 series
Stacking speed (full-duplex): minimum Dell Networking N400 series

13.11. Stacking speed (full-duplex): 160Gbps
160Gbps
13.12. VLAN routing interfaces: minimum 128 VLAN routing interfaces: 128 Dell Networking N400 series
13.13. VLANs supported: minimum 4094 VLANs supported: 4094 Dell Networking N400 series
14. Storage unit Quantity: 1 Storage unit Dell SCv2020 – Quantity 1 Dell Storage SCv2000 Series
14.1. Internal storage: 24 x 2.5” drive bays Internal storage: 24 x 2.5” drive bays Dell Storage SCv2000 Series
14.2. Minimum drives supported: 150 Drives supported: 168 Dell Storage SCv2000 Series
Supported drive types HDD: 15K, 10K, Supported drive types HDD: 15K, 10K, 7.2K RPM, Dell Storage SCv2000 Series
14.3.
7.2K RPM, SSD SSD
Drive configuration requested: minimum Dell Storage SCv2000 Series

Drive configuration offered: 48 x 1.2TB, NLSAS,
14.4. 48 x 1.2TB, NLSAS, 6Gb, 2.5", 10K
6Gb, 2.5", 10K HDD
HDD
Controllers: dual controllers with min 4 Controllers: dual controllers with 4 core and 8GB Dell Storage SCv2000 Series
14.5.
core and 8GB memory per controller memory per controller
14.6. Network/server connectivity (front-end): Network/server connectivity (front-end): 2 x 10Gb Dell Storage SCv2000 Series

406772580.doc
5.
notes
2 x 10Gb iSCSI ports per controller iSCSI ports per controller
Internal drive connectivity (back-end): Dell Storage SCv2000 Series

14.7. Internal drive connectivity (back-end): 6Gb SAS ports
6Gb SAS ports
Supported server OS: Microsoft Dell Storage SCv2000 Series

Supported server OS: Microsoft Windows Server,
14.8. Windows Server, SLES, VMware, Citrix
SLES, VMware, Citrix XenServer, and Red Hat
XenServer, and Red Hat
14.9. RAID: Supports RAID 5, 6 and RAID 10 RAID: Supports RAID 5, 6 and RAID 10 Dell Storage SCv2000 Series
Licences for Snapshot and Thin Dell Storage SCv2000 Series

14.10. Licences for Snapshot and Thin provisioning
provisioning
15. Data Storage Type I Quantity: 1 Data Storage Type I - Quantity: 1
16. Data Storage Type II Quantity: 1 Data Storage Type II - Quantity: 1
17. Data Storage Type III Quantity: 1 Data Storage Type III - Quantity: 1
18. Data Storage Type IV Quantity: 1 Data Storage Type IV - Quantity: 1

406772580.doc
5.
notes
19. Tape Library solution Quantity: 1 Tape Library solution - Quantity: 1
20. Rack 42U Quantity: 6 Rack 42U - Quantity: 6
Manufacturer’s name: Manufacturer’s name: TRITON
Product type, model: Product type, model: RMA 42
20.1. 42U Rack cabinet 42U Rack cabinet Free Standing Cabinets
Standard equipment: minimum rack Free Standing Cabinets

Standard equipment: rack levelling feet, side panels,
levelling feet, side panels, front door,
20.2. front door, adjustable vertical mounting rails, roof,
adjustable vertical mounting rails, roof,
keys, split perforated rear door
keys, split perforated rear door
Features: Adjustable depth, integrated Features: Adjustable depth, integrated cable Free Standing Cabinets
20.3.
cable management, roof fans installed management, roof fans installed
PDU: minimum 2 x Rack PDU with 24 Free Standing Cabinets

20.4. PDU: 2 x Rack PDU with 24 Output Connector(s)
Output Connector(s)
KVM console: minimum LED 18.5" Free Standing Cabinets

KVM console: Dell LED KMM, 18.5", LCD 18.5",
1366 x 768 WXGA screen, Dual USB
20.5. resolution 1366 x 768 WXGA, USB 3.0 Hub with 2
3.0 Ports, 1U, International English
ports, 1U, International English Keyboard - DELL
Keyboard

406772580.doc
5.
notes
21. Rack 24U Quantity: 1 Rack 24U - Quantity: 1
22. Rack UPS 5000VA Quantity: 9 Rack UPS 5000VA - Quantity: 9
23. Rack UPS 3000VA Quantity: 1 Rack UPS 3000VA - Quantity: 1
16 port KVM switch 16 port KVM switch with 19” monitor –

24. Quantity: 1
with 19” monitor Quantity 1
4 port KVM switch 4 port KVM switch with 19” monitor –

25. Quantity: 1
with 19” monitor Quantity 1
26. Gigabit Switch 8 port Quantity: 5 Gigabit Switch 8 port - Quantity: 5
Manufacturer’s name: Manufacturer’s name: CISCO

406772580.doc
5.
notes
Product type, model: Product type, model: SG300-10PP
26.1. Type: Rackmount Type: Rackmount CISCO 300 Series Switches
No. of ports: min. 8x 10/100/1000Base- CISCO 300 Series Switches

26.2. No. of ports: 10x 10/100/1000Base-T (auto-sensing)
T (auto-sensing)
26.3. Capacity: minimum 16 Gbps Capacity: 20 Gbps CISCO 300 Series Switches
26.4. Forwarding rate: minimum 11.5 Mpps Forwarding rate: 14.88 Mpps CISCO 300 Series Switches
26.5. Priority queues: minimum 4 per port Priority queues: 4 per port CISCO 300 Series Switches
26.6. No of MAC address: minimum 16K No of MAC address: 16K CISCO 300 Series Switches
26.7. Packet buffer memory: minimum 8Mb Packet buffer memory: 8Mb CISCO 300 Series Switches
VLAN support: minimum 4096 port CISCO 300 Series Switches

26.8. VLAN support: 4096 port based VLANs
based VLANs
Gigabit Switch 24 Quantity:

27. Gigabit Switch 24 port - Quantity: 17
port 17
Manufacturer’s name: Manufacturer’s name: CISCO
Product type, model: Product type, model: SG300-28PP

406772580.doc
5.
notes
27.1. Type: Rackmount Type: Rackmount CISCO 300 Series Switches
No. of ports: min. 24x CISCO 300 Series Switches

No. of ports: 26x 10/100/1000Base-T (auto-sensing),
27.2. 10/100/1000Base-T (auto-sensing), 2x
2x SFP 1Gb Fiber ports
SFP 1Gb Fiber ports
27.3. Capacity: minimum 52 Gbps Capacity: 56 Gbps CISCO 300 Series Switches
27.4. Forwarding rate: minimum 38 Mpps Forwarding rate: 41.67 Mpps CISCO 300 Series Switches
27.5. Priority queues: minimum 4 per port Priority queues: 4 per port CISCO 300 Series Switches
27.6. No of MAC address: minimum 16K No of MAC address: 16K CISCO 300 Series Switches
27.7. Packet buffer memory: minimum 8Mb Packet buffer memory: 8Mb CISCO 300 Series Switches
VLAN support: minimum 4096 port CISCO 300 Series Switches

27.8. VLAN support: 4096 port based VLANs
based VLANs
Gigabit L3 Switch 24
28. Quantity: 1 Gigabit L3 Switch 24 port – Quantity 1
port
Gigabit L3 Switch 48
29. Quantity: 9 Gigabit L3 Switch 48 port - Quantity: 9
port

406772580.doc
5.
notes
Product type, model: Product type, model: N2048
Dell EMC Networking N2000 Series

29.1. Type: Rackmount Type: Rackmount
Switches

29.2. No of ports: minimum 48 No of ports: 48
Switches
Port type: 48 x 10/100/1000Mb auto- Dell EMC Networking N2000 Series

Port type: 48 x 10/100/1000Mb auto-sensing ports, 2x
29.3. sensing ports, 2x 10Gb uplinks, 2x Switches
10Gb uplinks, 2x stacking ports
stacking ports
Traffic-Port Features: Auto-negotiation Dell EMC Networking N2000 Series

Traffic-Port Features: Auto-negotiation for speed and
for speed and flow control, Auto Switches
29.4. flow control, Auto MDI/MDIX, Port mirroring, Flow-
MDI/MDIX, Port mirroring, Flow-based
based port mirroring, Broadcast storm control
port mirroring, Broadcast storm control

29.5. CPU Memory: minimum 1GB CPU Memory: 1GB
Switches

29.6. Flash Memory: minimum 256MB Flash Memory: 256MB
Switches
Switch fabric capacity: minimum Dell EMC Networking N2000 Series

29.7. Switch fabric capacity: 220Gbps
220Gbps Switches

29.8. Forwarding rate: minimum 164 Mpps Forwarding rate: minimum 164 Mpps
Switches
29.9. MAC addresses: minimum 16k MAC addresses: minimum 32k Dell EMC Networking N2000 Series

406772580.doc
5.
notes
Switches

29.10. Packet buffer memory: minimum 4MB Packet buffer memory: 4MB
Switches
Stacking speed (full-duplex): minimum Dell EMC Networking N2000 Series

29.11. Stacking speed (full-duplex): 84Gbps
84Gbps Switches
Fiber Channel Switch

30. Quantity: 4 Fiber Channel Switch 24 port - Quantity: 4
24 port
Manufacturer’s name: Manufacturer’s name: Dell/Brocade
Product type, model: Product type, model: 6505
Fibre Channel ports: Switch mode 12port Fibre Channel ports: Switch mode 12port
30.1. configuration (+12 port increment configuration (+12 port increment through Ports on Brocade 6505 Switch
through Ports on Demand [PoD] license) Demand [PoD] license)
Performance: Auto-sensing of 2, 4, 8, and Performance: Auto-sensing of 2, 4, 8, and 16 Gbps Brocade 6505 Switch
30.2.
16 Gbps port speeds port speeds
ISL trunking: Frame-based trunking with ISL trunking: Frame-based trunking with up to eight Brocade 6505 Switch
30.3. up to eight 16 Gbps ports per ISL trunk; 16 Gbps ports per ISL trunk; up to 128 Gbps per ISL
up to 128 Gbps per ISL trunk. trunk.
Aggregate bandwidth: 384 Gbps end-to- Aggregate bandwidth: 384 Gbps end-to-end full Brocade 6505 Switch
30.4.
end full duplex duplex

406772580.doc
5.
notes
Frame buffers: 8192 dynamically Brocade 6505 Switch

30.5. Frame buffers: 8192 dynamically allocated
allocated
Security: DH-CHAP (between switches Brocade 6505 Switch

and end devices), FCAP switch Security: DH-CHAP (between switches and end
authentication; FIPS 140-2 L2- devices), FCAP switch authentication; FIPS 140-2
compliant, HTTPS, IPsec, IP filtering, L2-compliant, HTTPS, IPsec, IP filtering, LDAP with
30.6. LDAP with IPv6, Port Binding, IPv6, Port Binding, RADIUS, User-defined Role-
RADIUS, User-defined Role-Based Based Access Control (RBAC), Secure Copy (SCP),
Access Control (RBAC), Secure Copy Secure RPC, SFTP, SSH v2, SSL, Switch Binding,
(SCP), Secure RPC, SFTP, SSH v2, SSL, Trusted Switch
Switch Binding, Trusted Switch
Management access: 10/100 Mbps Brocade 6505 Switch

Management access: 10/100 Mbps Ethernet (RJ-45),
Ethernet (RJ-45), in-band over Fibre
30.7. in-band over Fibre Channel, serial port (RJ-45), and
Channel, serial port (RJ-45), and one
one USB port
USB port
30.8. Enclosure: Rack, 1U Enclosure: Rack, 1U Brocade 6505 Switch
Point-to-point
31. Quantity: 5 Point-to-point wireless link 2.4GHz - Quantity: 5
wireless link 2.4GHz
Manufacturer’s name: Manufacturer’s name: StarTech
Product type, model: Product type, model: R300WN22OP5E
31.1. Operation distance: Minimum 4,000m Operation distance: 10,000m StarTech Outdoor 300 Mbps 2T2R
Wireless Access Point 5 HHz

406772580.doc
5.
notes
802.11a/n PoE Powered WiFi AP
StarTech Outdoor 300 Mbps 2T2R

Real Operation Throughput: Minimum
31.2. Real Operation Throughput: 300Mbps Wireless Access Point 5 HHz
100Mbps

Encryption: 128bit WEP, WPA and
31.3. Encryption: 128bit WEP, WPA and WPA2 Wireless Access Point 5 HHz
WPA2

31.4. Interfaces: 2 x 10/100 Mbps LAN Interfaces: 2 x 10/100 Mbps LAN Wireless Access Point 5 HHz

31.5. Management: HTTP, SSH, SNMP Management: HTTP, SSH, SNMP Wireless Access Point 5 HHz

Delivered with: 2 antennas, POE power Delivered with: 2 antennas, POE power inserters, and
31.6. Wireless Access Point 5 HHz
inserters, and wall mounting kit wall mounting kit
Point-to-point
32. Quantity: 5 Point-to-point wireless link 5.8GHz - Quantity: 5
wireless link 5.8GHz
Product type, model: Product type, model: R300WN22OP5E

406772580.doc
5.
notes
Operation distance: 10,000m StarTech Outdoor 300 Mbps 2T2R

32.1. Operation distance: Minimum 4,000m Wireless Access Point 5 HHz
Real Operation Throughput: 300Mbps StarTech Outdoor 300 Mbps 2T2R

Real Operation Throughput: Minimum
100Mbps
Encryption: 128bit WEP, WPA and WPA2 StarTech Outdoor 300 Mbps 2T2R
Encryption: 128bit WEP, WPA and
WPA2
Interfaces: 2 x 10/100 Mbps LAN StarTech Outdoor 300 Mbps 2T2R

32.4. Interfaces: 2 x 10/100 Mbps LAN Wireless Access Point 5 HHz
Management: HTTP, SSH, SNMP StarTech Outdoor 300 Mbps 2T2R

32.5. Management: HTTP, SSH, SNMP Wireless Access Point 5 HHz
Delivered with: 2 antennas, POE power inserters and StarTech Outdoor 300 Mbps 2T2R
Delivered with: 2 antennas, POE power
32.6. wall mounting kit Wireless Access Point 5 HHz
inserters and wall mounting kit
33. WLAN Access Point Quantity: 3 WLAN Access Point - Quantity: 3

406772580.doc
5.
notes
34. Application Firewall Quantity: 6 Application Firewall - Quantity: 6
Manufacturer’s name: Manufacturer’s name: Juniper
Product type, model: Product type, model: SRX550
Firewall appliance, enclosure 2RU Juniper SRX Series Services

34.1. Firewall appliance, enclosure 2RU
maximum Gateways for the Branch
Juniper SRX Series Services

34.2. Minimum 5 Gbps of firewall throughput 7 Gbps of firewall throughput
Gateways for the Branch

34.3. Minimum IPS throughput 800 Mbps IPS throughput 800 Mbps
Minimum 350.000 concurrent Juniper SRX Series Services

34.4. 375.000 concurrent connections
connections Gateways for the Branch

34.5. Minimum 25000 connections per second 27000 connections per second
Minimum built-in 10 x Juniper SRX Series Services

34.6. Built-in 10 x 10/100/1000Base-T RJ45 ports
10/100/1000Base-T RJ45 ports Gateways for the Branch
Minimum 2 network expansion slots with Juniper SRX Series Services

2 network expansion slots with the possibility of
34.7. the possibility of expanding with Gateways for the Branch
expanding with additional network interfaces.
additional network interfaces.

34.8. Redundant AC power Redundant AC power

406772580.doc
5.
notes
URL filtering – included minimum one Juniper SRX Series Services

34.9. URL filtering – included one year subscription
year subscription Gateways for the Branch
IPS (Intrusion Prevention System) – IPS (Intrusion Prevention System) – included one Juniper SRX Series Services
34.10.
included one year subscription year subscription Gateways for the Branch
Anti-Virus protection – included one year Juniper SRX Series Services

34.11. Anti-Virus protection – included one year subscription
subscription Gateways for the Branch
Anti-Spam protection – included one Anti-Spam protection – included one year Juniper SRX Series Services
34.12.
year subscription subscription Gateways for the Branch
SSL VPN remote access with GRE, IP-IP SSL VPN remote access with GRE, IP-IP and IPsec Juniper SRX Series Services
34.13.
and IPsec tunnels capability tunnels capability Gateways for the Branch
Bidder should provide Installation, Juniper SRX Series Services

Bidder shall provide Installation, configuration and
configuration and Implementation of Gateways for the Branch
Implementation of firewall systems,should implement
34.14. firewall systems,should implement
NGFW security feature, security policies, IPsec site-
NGFW security feature, security policies,
to-site VPN and SSL VPN
IPsec site-to-site VPN and SSL VPN
Quantity:
35. Personal Computers 131
Personal Computers - Quantity: 131
Product type, model: Product type, model: Optiplex 7050SFF

406772580.doc
5.
notes
Case: Small Form Factor Versatile business desktops designed

35.1. Case: Small Form Factor
for ultimate performance
CPU: minimum 2 cores, 64-bit CPU: Intel i3-7100, 2 cores, 64-bit technology Versatile business desktops designed
technology compatible, minimum base compatible, base frequency 3.9GHz, 3MB of CPU for ultimate performance
35.2. frequency 3.9GHz, minimum 3MB of cache (total value of all level cache combined)
CPU cache (total value of all level cache
combined)
RAM memory: minimum 8 GB DDR4 RAM memory: 8 GB DDR4 2133MHz Versatile business desktops designed
35.3.
2133MHz for ultimate performance
Hard disk drive: minimum 500GB Hard Hard disk drive: 500GB Hard Disk Drive Versatile business desktops designed
35.4.
Disk Drive for ultimate performance
Optical data drive: internal DVD-RW Versatile business desktops designed

35.5. Optical data drive: internal DVD-RW
Graphic adapter: integrated on-board, Graphic adapter: integrated on-board, dual display Versatile business desktops designed
35.6.
dual display support support for ultimate performance
Sound card: integrated, on-board Versatile business desktops designed

35.7. Sound card: integrated, on-board
Network adapter: 10/100/1000Mbps on- Network adapter: 10/100/1000Mbps on-board Versatile business desktops designed
35.8.
board for ultimate performance
35.9. Mainboard interfaces, minimum: 4 x Mainboard interfaces4 x USB 2.0 and 6 x USB 3.1 (of Versatile business desktops designed
USB 2.0 and 4 x USB 3.0 (of those those 4 USB located on front side of the workstation for ultimate performance
minimum 4 USB located on front side of case), 1xDisplay Port and 1x HDMI, 1xRJ-45
the workstation case), 1xDisplay Port

406772580.doc
5.
notes
and 1x DVI or HDMI, 1xRJ-45
Free expansion slots: minimum 1xPCIe Free expansion slots: 1xPCIe x16, 1x PCIe x4 (x1 Versatile business desktops designed
35.10.
x16, 1x PCIe x1 compatible) for ultimate performance
Input devices: Keyboard, Optical mouse Input devices: Keyboard, Optical mouse with scroll Versatile business desktops designed
35.11. with scroll function (both USB or PS/2 function (both USB type) for ultimate performance
type)
Operating System: Windows 10 Pro x64 Operating System: Windows 10 Pro x64 preinstalled Versatile business desktops designed
35.12.
preinstalled or equivalent for ultimate performance
Compliant standards: CE and/or TUVGS, Compliant standards: CE and/or TUVGS, RoHS, Versatile business desktops designed
35.13.
RoHS, EPEAT, WEEE, EnergyStar EPEAT, WEEE, EnergyStar for ultimate performance
Monitor: Size: minimum 21.5"; Monitor: DELL E2216H, Size: 21.5"; Resolution: Versatile business desktops designed
Resolution: minimum 1920x1080, 1920x1080, Response time: 5ms; Contrast: 1000:1; for ultimate performance
Response time: maximum 5ms; Contrast: Brightness: 250cd/m2; Connectivity: VGA and
35.14. minimum 1000:1; Brightness: minimum Digital port compatible with PC digital output –
250cd/m2; Connectivity: VGA and Display port
Digital port compatible with PC digital
output
Personal Quantity:
36. Personal Computers+Endpoint - Quantity: 35
Computers+Endpoint 35

406772580.doc
5.
notes
All-In-One Personal
37. Quantity: 5 All-In-One Personal Computers - Quantity: 5
Computers
Product type, model: Product type, model: XPS 27
37.1. Chassis: Integrated inside monitor Chassis: Integrated inside monitor Dell XPS 27 documentation
Display: minimum 27", 3840x2160, Dell XPS 27 documentation

37.2. Display: 27", 3840x2160, Non-Touch
Non-Touch
CPU: minimum base frequency 2.7GHz, Dell XPS 27 documentation

minimum 4 cores, 64-bit technology CPU: i7-7700, base frequency 3.6GHz, 4 cores, 64-bit
37.3. compatible, minimum 6MB of CPU technology compatible, 8MB of CPU cache (total
cache (total value of all level cache value of all level cache combined)
combined)
37.4. RAM memory: minimum 8 GB DDR4 RAM memory: 8 GB DDR4 Dell XPS 27 documentation
37.5. Hard disk drive: minimum 1TB SATA Hard disk drive: 1TB SATA Dell XPS 27 documentation
37.6. Camera: minimum 720p Camera: 720p Dell XPS 27 documentation
37.7. Graphic adapter: minimum 2GB, 128 bit Graphic adapter: AMD Radeon RX570 8GB, 128 bit Dell XPS 27 documentation
37.8. Sound card: integrated, on-board Sound card: integrated, on-board Dell XPS 27 documentation
37.9. Speakers: integrated or external speakers Speakers: integrated speakers Dell XPS 27 documentation

406772580.doc
5.
notes
Network adapter: 10/100/1000Mbps on- Dell XPS 27 documentation

37.10. Network adapter: 10/100/1000Mbps on-board
board
Connectors: minimum 5 x USB 3.0, Dell XPS 27 documentation

Connectors: 7 x USB 3.0, 1xHDMI output, 1xRJ-45,
37.11. 1xHDMI output, 1xRJ-45, audio out,
audio out, Card reader
Card reader
Input devices: Keyboard, Optical mouse Input devices: Keyboard, Optical mouse with scroll Dell XPS 27 documentation
37.12.
with scroll function function
Operating System: Windows 10 Pro x64 Dell XPS 27 documentation

37.13. Operating System: Windows 10 Pro x64 preinstalled
preinstalled or equivalent
38. Workstation Quantity:1 Workstation - Quantity:1
Dell Precision Tower 3000 Series

Product type, model: Product type, model: Precision 3620
(3620)

38.1. Case: Mini Tower PC Case: Mini Tower PC
(3620)
CPU: minimum base frequency 3.4GHz, Dell Precision Tower 3000 Series
minimum 4 cores, 64-bit technology CPU: Intel i7-6700, base frequency 3.4GHz, 4 cores, (3620)
38.2. compatible, minimum 8MB of CPU 64-bit technology compatible, 8MB of CPU cache
cache (total value of all level cache (total value of all level cache combined)
combined)

406772580.doc
5.
notes

38.3. RAM memory: minimum 32 GB DDR4 RAM memory: 32 GB DDR4
(3620)
Hard disk drive: minimum 2x 512GB Dell Precision Tower 3000 Series
38.4. Hard disk drive: 2x 512GB SSD
SSD (3620)

38.5. Optical data drive: internal DVD-RW Optical data drive: internal DVD-RW
(3620)
Graphic adapter: Discrete 4GB 128bit, Graphic adapter: AMD FirePro(TM) W5100, Discrete Dell Precision Tower 3000 Series
38.6.
4x Display port 4GB 128bit, 4x Display port (3620)

38.7. Sound card: integrated, on-board Sound card: integrated, on-board
(3620)
Network adapter: 10/100/1000Mbps on- Dell Precision Tower 3000 Series

38.8. Network adapter: 10/100/1000Mbps on-board
board (3620)
Mainboard interfaces, minimum: 4 x Dell Precision Tower 3000 Series

Mainboard interfaces: 5 x USB 2.0 and 6x USB 3.0
USB 2.0 and 6x USB 3.0 (of those (3620)
38.9. (of those 4 USB located on front side of the
minimum 4 USB located on front side of
workstation case), 1xRJ-45
the workstation case), 1xRJ-45
Free expansion slots: 3 x PCIe (1 x Full Height PCIe Dell Precision Tower 3000 Series
38.10. Free expansion slots: minimum 3 x PCIe x16 Gen 3 (wired x4); 1 x Full Height PCIe x4 Gen3; (3620)
1 x M.2 PCI Express 3.0 (22x80 mm))
Input devices: Keyboard, Optical mouse Dell Precision Tower 3000 Series
Input devices: Keyboard, Optical mouse with scroll
38.11. with scroll function (both USB or PS/2 (3620)
function (both USB type)
type)

406772580.doc
5.
notes
Operating System: Windows 10 Pro x64 Dell Precision Tower 3000 Series
preinstalled or equivalent (3620)
Compliant standards: CE and/or TUVGS, Compliant standards: CE and/or TUVGS, RoHS, Dell Precision Tower 3000 Series
38.13.
RoHS, EPEAT, WEEE, EnergyStar EPEAT, WEEE, EnergyStar (3620)
39. Monitor 55” Quantity: 1 Monitor 55” - Quantity: 1
Manufacturer’s name: Manufacturer’s name: PHILIPS
Product type, model: Product type, model: 55PUS6401
Backlight technology: LED PHILIPS 6000 series 4K Ultra Slim

39.1. Backlight technology: LED
LED TV powered by Android
Diagonal size: 55” PHILIPS 6000 series 4K Ultra Slim

39.2. Diagonal size: minimum 55”
Screen type: wide PHILIPS 6000 series 4K Ultra Slim

39.3. Screen type: wide
Resolution: 3840 x 2160 PHILIPS 6000 series 4K Ultra Slim

39.4. Resolution: 3840 x 2160
Contrast: 1000:1 PHILIPS 6000 series 4K Ultra Slim

39.5. Contrast: 1000:1

406772580.doc
5.
notes
Brightness: 350 cd/m2 PHILIPS 6000 series 4K Ultra Slim

39.6. Brightness: 350 cd/m2
Video input: Digital (HDMI) PHILIPS 6000 series 4K Ultra Slim

39.7. Video input: Digital (HDMI/DVI/DP)
Delivered with connection cables for Delivered with connection cables for both (analogue PHILIPS 6000 series 4K Ultra Slim
39.8.
both (analogue and digital) interfaces and digital) interfaces LED TV powered by Android
Compliant standards: CE, RoHS, Compliant standards: CE, RoHS, EnergyStar PHILIPS 6000 series 4K Ultra Slim
39.9.
EnergyStar LED TV powered by Android
40. Monitor 24-26” Quantity: 8 Monitor 24” - Quantity: 8
Quantity:
41. Laptop Type I Laptop Type I - Quantity: 35
35
Product type, model: Product type, model: Latitude 5580
Processor: Min. Base Frequency 2.6

Processor: Intel Core i5-7440HQ, Base Frequency 2.8
41.1. GHz, 4 Cores, 64-bit architecture, 6MB Latitude 5000 Series 5280/5480/5580
GHz, 4 Cores, 64-bit architecture, 6MB Cache
Cache

406772580.doc
5.
notes
41.2. 3D graphic card: Integrated 3D graphic card: Integrated Latitude 5000 Series 5280/5480/5580
Display: 15.6”, minimum resolution Latitude 5000 Series 5280/5480/5580

41.3. Display: 15.6”, resolution 1366x768, Antiglare
1366x768, Antiglare
41.4. Memory: min. 4GB DDR3 Memory: 4GB DDR4 Latitude 5000 Series 5280/5480/5580
41.5. HDD: min. 500GB SATA HDD: 500GB SATA Latitude 5000 Series 5280/5480/5580
41.6. Camera: min. HD webcam Camera: HD webcam Latitude 5000 Series 5280/5480/5580
Connectivity: Gigabit LAN, Wireless Latitude 5000 Series 5280/5480/5580

41.7. Connectivity: Gigabit LAN, Wireless LAN, Bluetooth
LAN, Bluetooth
Ports & Expansions: min. 1xUSB 3.0, Ports & Expansions: 1xUSB 3.0, 2xUSB 3.0 (USB Latitude 5000 Series 5280/5480/5580
41.8. 2xUSB 2.0, VGA, HDMI, RJ-45, 2.0 compatible), VGA, HDMI, RJ-45, memory card
memory card slot slot
Operating System: Windows 10 Pro x64 Latitude 5000 Series 5280/5480/5580

Quantity:
42. Laptop Type II 25
Laptop Type II - Quantity: 25
Product type, model: Product type, model: Precision 3520

406772580.doc
5.
notes
Processor: minimum base frequency

Processor: Intel Core i7-6820HQ, base frequency
2.7GHz, minimum 4 cores, 64-bit
2.7GHz, 4 cores, 64-bit technology compatible, 8MB
42.1. technology compatible, minimum 8MB Dell Precision 3520 Documents
of CPU cache (total value of all level cache
of CPU cache (total value of all level
combined)
cache combined)
42.2. 3D graphic card: minimum 2GB 128 Bit 3D graphic card: Nvidia Quadro M620 2GB 128 Bit Dell Precision 3520 Documents
Display: minimum 15.6” (1920x1080) Dell Precision 3520 Documents

42.3. Display: 15.6” (1920x1080) Antiglare
Antiglare
42.4. Memory: minimum 16GB DDR4 Memory: 16GB DDR4 Dell Precision 3520 Documents
42.5. HDD: minimum 500GB SSD HDD: 500GB SSD Dell Precision 3520 Documents
42.6. Camera: minimum HD webcam Camera: HD webcam Dell Precision 3520 Documents
42.7. Battery: minimum Li-Ion 4-cell Battery: Li-Ion 4-cell Dell Precision 3520 Documents
Connectivity: Gigabit LAN, Wireless Connectivity: Gigabit LAN, Wireless LAN, Bluetooth Dell Precision 3520 Documents
42.8.
LAN, Bluetooth 4.0 4.0
Ports & Expansions: minimum 3xUSB Dell Precision 3520 Documents

Ports & Expansions: 3xUSB 3.0, VGA, HDMI, RJ-
3.0, VGA, HDMI, RJ-45, Memory card
42.9. 45, Memory card reader, Docking connector,
reader, Docking connector, Fingerprint
Fingerprint Reader and Smart Card Reader
Reader and Smart Card Reader
Operating System: Windows 10 Pro x64 Dell Precision 3520 Documents


406772580.doc
5.
notes
Quantity:
43. Laptop Type III Laptop Type III - Quantity: 50
50
Laptop Type IV (with Laptop Type IV (with external monitor) -

44. Quantity: 7
external monitor) Quantity: 7
Laptop Type IV (with

Quantity: Laptop Type IV (with external monitor)
45. external monitor) 10 +Adobe+MS Office - Quantity: 10
+Adobe+MS Office
46. Tablet Quantity: 3 Tablet - Quantity: 3
Laser Printer B&W

47. Quantity: 8 Laser Printer B&W A4 - Quantity: 8
A4

406772580.doc
5.
notes
Multifunction Laser Multifunction Laser Printer B&W A4 - Quantity:

48. Quantity: 5
Printer B&W A4 5
Manufacturer’s name: Manufacturer’s name: HP
Product type, model: Product type, model: M426fdw
Functions: Printing, copying, faxing, Functions: Printing, copying, faxing, scanning and
48.1. HP LaserJet Pro MFP M426 Series
scanning and scan to email scan to email
48.2. Print technology: Monochrome Laser Print technology: Monochrome Laser HP LaserJet Pro MFP M426 Series
48.3. Print Resolution hardware: 600 x 600 dpi Print Resolution hardware: 600 x 600 dpi HP LaserJet Pro MFP M426 Series
48.4. Print Speed A4: Minimum 25 pages/min Print Speed A4: 38 pages/min HP LaserJet Pro MFP M426 Series
48.5. Time to first page: Maximum 9 seconds Time to first page: 5.6 seconds HP LaserJet Pro MFP M426 Series
48.6. Memory: Minimum 256 MB Memory: Minimum 256 MB HP LaserJet Pro MFP M426 Series
Maximum Monthly Duty Cycle: Maximum Monthly Duty Cycle: 80,000 pages per HP LaserJet Pro MFP M426 Series
48.7.
Minimum 30,000 pages per month month
Paper input capacity: Minimum input HP LaserJet Pro MFP M426 Series
Paper input capacity: 350-sheet, manual feed slot 10-
48.8. 250-sheet, manual feed slot 1-sheet, ADF
sheet, ADF for 50 sheets
for minimum 40 sheets
Paper output capacity: Minimum 100 HP LaserJet Pro MFP M426 Series
48.9. Paper output capacity: 150 pages
pages

406772580.doc
5.
notes
Duplex (two-sided) printing: Integrated HP LaserJet Pro MFP M426 Series

48.10. Duplex (two-sided) printing: Integrated Duplex
Duplex
Connectivity: USB 2.0, Ethernet Connectivity: USB 2.0, Ethernet (10/100/1000), Wi-Fi HP LaserJet Pro MFP M426 Series
48.11.
(10/100), Wi-Fi b/g/n b/g/n
48.12. Copy speed A4: 25 pages / min Copy speed A4: 38 pages / min HP LaserJet Pro MFP M426 Series
Scan Speed A4: Minimum 40 pages per HP LaserJet Pro MFP M426 Series
Scan Speed A4: 47 pages per minute (black), 30 pages
48.13. minute (black), a minimum of 15 pages
per minute (colour)
per minute (colour)
48.14. Scan resolution: 1200 X 1200 dpi Scan resolution: 1200 X 1200 dpi HP LaserJet Pro MFP M426 Series
48.15. Scanner Type: Flatbed scanner with ADF Scanner Type: Flatbed scanner with ADF HP LaserJet Pro MFP M426 Series
Toner: Initial toner capacity of at least HP LaserJet Pro MFP M426 Series
48.16. Toner: Initial toner capacity of 3100 pages
1500 pages
Multifunction Laser Quantity: Multifunction Laser Printer Colour A4 - Quantity:

49.
Printer Colour A4 10 10
Manufacturer’s name: Manufacturer’s name: Xerox
Product type, model: Product type, model: 6515 DNI
49.1. Functions: Scan, print, copy, fax and scan Functions: Scan, print, copy, fax and scan to email Xerox Phaser 6510 Color Printer and
to email Xerox WorkCentre 6515 Color

406772580.doc
5.
notes
Multifunctional Printer
Xerox Phaser 6510 Color Printer and

49.2. Print technology: Colour laser Print technology: Colour laser Xerox WorkCentre 6515 Color

49.3. Print Resolution: 1200 x 1200dpi Print Resolution: 1200 x 2400dpi Xerox WorkCentre 6515 Color

49.4. Print Speed A4: Minimum 25 pages / min Print Speed A4: 28 pages / min Xerox WorkCentre 6515 Color

49.5. Time to first page: Maximum 15 seconds Time to first page: 12 seconds Xerox WorkCentre 6515 Color

49.6. Memory: Minimum 2 GB Memory: 2 GB Xerox WorkCentre 6515 Color

Maximum Monthly Duty Cycle:
49.7. Maximum Monthly Duty Cycle: 50,000 Pages Xerox WorkCentre 6515 Color
Minimum 50,000 Pages
Paper input capacity: Minimum input of Xerox Phaser 6510 Color Printer and
Paper input capacity: 250 sheets, bypass tray 50-sheet,
49.8. 250 sheets, bypass tray 50-sheet, single- Xerox WorkCentre 6515 Color
single-pass DADF 50 sheets
pass DADF 50 sheets Multifunctional Printer
49.9. Duplex (two-sided) printing: Integrated Duplex (two-sided) printing: Integrated Duplex Xerox Phaser 6510 Color Printer and

406772580.doc
5.
notes
Xerox WorkCentre 6515 Color

Duplex
Connectivity: USB 2.0; Wi-Fi direct; Xerox Phaser 6510 Color Printer and
Connectivity: USB 3.0; Wi-Fi direct; Gigabit Ethernet
49.10. Gigabit Ethernet 10/100/1000; Wi-Fi Xerox WorkCentre 6515 Color
10/100/1000; Wi-Fi 802.11n
802.11n Multifunctional Printer

49.11. Screen: Touch screen Screen: Touch screen Xerox WorkCentre 6515 Color

Copy Speed A4 mono: Minimum 25
49.12. Copy Speed A4 mono: 25 pages / min Xerox WorkCentre 6515 Color
pages / min

Scanner Type: Flatbed, single-pass
49.13. Scanner Type: Flatbed, single-pass DADF Xerox WorkCentre 6515 Color
DADF
Toner: Set of cartridges for minimum Xerox Phaser 6510 Color Printer and
Toner: Set of cartridges for 8,000 B&W pages and
49.14. 8,000 B&W pages and minimum 5,000 Xerox WorkCentre 6515 Color
5,300 Colour pages
Colour pages Multifunctional Printer
Multifunction Laser
Printer B&W A4 with Quantity: Multifunction Laser Printer B&W A4 with
50.
authentication 10 authentication Software - Quantity: 10
Software

406772580.doc
5.
notes
Multifunction Laser Multifunction Laser Printer B&W A3 - Quantity:

51. Quantity: 7
Printer B&W A3 7
52. Photo printer Quantity: 2 Photo printer - Quantity: 2
Manufacturer’s name: Manufacturer’s name: EPSON
Product type, model: Product type, model: SureLab SL-D700
52.1. Print Technology: InkJet Colour Print Technology: InkJet Colour EPSON SureLab SL-D700
52.2. Printing resolution: 720 x 720 dpi Printing resolution: 720 x 720 dpi EPSON SureLab SL-D700
Print Speed: minimum 350 (dimension Print Speed: 360 (dimension 10cm x 15cm) prints in EPSON SureLab SL-D700
52.3.
10cm x 15cm) prints in hour hour
52.4. Paper size: Up to A4 Paper size: Up to A4 EPSON SureLab SL-D700
52.5. Media Handling: Roll Paper Media Handling: Roll Paper EPSON SureLab SL-D700
Minimum of 600ml for each ink colour 600ml for each ink colour delivered EPSON SureLab SL-D700
52.6.
delivered

406772580.doc
5.
notes
53. Mobile Printer Quantity: 6 Mobile Printer - Quantity: 6
54. Mobile Scanner Quantity: 8 Mobile Scanner - Quantity: 8
Relational database
management system Relational database management system Microsoft
55. Microsoft SQL Server Quantity: 3 SQL Server 2016 for 35 users (CAL)
2016 for 35 users - Quantity: 3
(CAL) or equivalent
56. Shredder Quantity: 5 Shredder - Quantity: 5
57. Projector Type I Quantity: 1 Projector Type I - Quantity: 1
58. Projector Type II Quantity: 1 Projector Type II - Quantity: 1

406772580.doc
5.
notes
Quantity:
59. Mobile Phone 10
Mobile Phone - Quantity: 10
Manufacturer’s name: Manufacturer’s name: ASUS
Product type, model: Product type, model: ZenFone 3 Max
Display: Size minimum 5,2”, resolution

59.1. Display: Size 5,2”, resolution 1280 x 720 ASUS ZenFone 3 documentation
minimum 1280 x 720
Internal Storage: 32GB, Support for up to Internal Storage: 32GB, Support for up to 32gb SD ASUS ZenFone 3 documentation
59.2.
32gb SD Card Card
59.3. Processor: Quad Core 64 bit Processor: Quad Core 64 bit ASUS ZenFone 3 documentation
59.4. Internal Memory: 3GB Internal Memory: 3GB ASUS ZenFone 3 documentation
59.5. Rear Camera: 13 Megapixel Rear Camera: 13 Megapixel ASUS ZenFone 3 documentation
59.6. Front Camera: 5 Megapixel Front Camera: 5 Megapixel ASUS ZenFone 3 documentation
Wireless Technology: 802.11 b/g/n, ASUS ZenFone 3 documentation

59.7. Wireless Technology: 802.11 b/g/n, Bluetooth v 4.0
Bluetooth v 4.0
59.8. Built-in speaker Built-in speaker ASUS ZenFone 3 documentation
59.9. Navigation: GPS Navigation: GPS ASUS ZenFone 3 documentation
59.10. Sensors: Accelerator, E-Compass, Sensors: Accelerator, E-Compass, Fingerprint ASUS ZenFone 3 documentation

406772580.doc
5.
notes
Fingerprint
Quantity:
60. Barcode Reader 30
Barcode Reader -Quantity: 30
Manufacturer’s name: Manufacturer’s name: ZEBRA
Product type, model: Product type, model: LS1203
60.1. Type: Handheld bar code reader Type: Handheld bar code reader ZEBRA LS1203 Spec Sheet
60.2. Scanner Type: Bi-directional Scanner Type: Bi-directional ZEBRA LS1203 Spec Sheet
60.3. Light Source (Laser): 650nm laser diode Light Source (Laser): 650nm laser diode ZEBRA LS1203 Spec Sheet
60.4. Scan Rate: 100 scans per second Scan Rate: 100 scans per second ZEBRA LS1203 Spec Sheet
Typical Working Distance: From contact ZEBRA LS1203 Spec Sheet

Typical Working Distance: From contact to min. 20
60.5. to min. 20 cm on 100% UPC/EAN
cm on 100% UPC/EAN symbols
symbols
Decode Capability: UPC/EAN, ZEBRA LS1203 Spec Sheet

UPC/EAN with Supplementals, Decode Capability: UPC/EAN, UPC/EAN with
UCC/EAN 128, Code 39, Code 39 Full Supplementals, UCC/EAN 128, Code 39, Code 39
60.6. ASCII, Code 39 TriOptic, Code 128, Full ASCII, Code 39 TriOptic, Code 128, Code 128
Code 128 Full ASCII, Codabar, Full ASCII, Codabar, Interleaved 2 of 5, Discrete 2 of
Interleaved 2 of 5, Discrete 2 of 5, Code 5, Code 93, MSI, Code 11, IATA, RSS variants
93, MSI, Code 11, IATA, RSS variants

406772580.doc
5.
notes
60.7. Connection: USB, Plug and Play Connection: USB, Plug and Play ZEBRA LS1203 Spec Sheet
61. Forensic SAS Bridge Quantity: 1 Forensic SAS Bridge - Quantity: 1
Forensic SATA/IDE
62. Quantity: 1 Forensic SATA/IDE Bridge - Quantity: 1
Bridge
63. 3.5” Hard drives Set Quantity: 1 3.5” Hard drives Set - Quantity: 1
64. 2.5” Hard drives Set Quantity: 1 2.5” Hard drives Set - Quantity: 1
External Hard Disk

65. Quantity: 5 External Hard Disk Case 3.5" - Quantity: 5
Case 3.5"
Dock station for Hard

66. Quantity: 5 Dock station for Hard Disks - Quantity: 5
Disks

406772580.doc
5.
notes
External 3.5” Hard

67. Quantity: 1 External 3.5” Hard drives Set - Quantity: 1
drives Set
External 2.5” Hard

68. Quantity: 1 External 2.5” Hard drives Set - Quantity: 1
drives Set
SDHC Memory Card Quantity:

69. SDHC Memory Card 64GB - Quantity: 20
64GB 20
Manufacturer’s name: Manufacturer’s name: KINGSTON
Product type, model: Product type, model: MicroSDHC 64GB
Type: SDHC or SDXC memory card (or Type: microSDHC with adapter KINGSTON MicroSDHC / Micro
69.1.
microSDHC/SDXC with adapter) SDXC Class 10 UHS-I card
Capacity: 64GB KINGSTON MicroSDHC / Micro

69.2. Capacity: min. 64GB
SDXC Class 10 UHS-I card
Class: 10 KINGSTON MicroSDHC / Micro

69.3. Class: 10

406772580.doc
5.
notes
SDHC Memory Card Quantity:

70. SDHC Memory Card 128GB - Quantity: 20
128GB 20
Manufacturer’s name: Manufacturer’s name: KINGSTON
KINGSTON MicroSDHC / Micro

Product type, model: Product type, model: MicroSDHC 128GB
Type: SDHC or SDXC memory card (or Type: SDHC or SDXC memory card (or KINGSTON MicroSDHC / Micro
70.1.
microSDHC/SDXC with adapter) microSDHC/SDXC with adapter) SDXC Class 10 UHS-I card

70.2. Capacity: min. 128GB Capacity: 128GB

70.3. Class: 10 Class: 10
Server Expansion
71. Quantity: 4 Server Expansion Memory - Quantity: 4
Memory
CAT5E RJ45 Quantity:

72. CAT5E RJ45 Modular Plug - Quantity: 500
Modular Plug 500
Manufacturer’s name: Manufacturer’s name: Telegartner

406772580.doc
5.
notes
Product type, model: RJ45 Connecting hardware Document for

Product type, model:
Item 72
Type: RJ-45 (Male) connector Connecting hardware Document for

72.1. Type: RJ-45 (Male) connector
Item 72
Cat5e Ethernet Cable

73. Quantity: 3 Cat5e Ethernet Cable 300m - Quantity: 3
300m
Manufacturer’s name: Manufacturer’s name: DRAKA
Product type, model: Product type, model: UC300 Cat.5e DRAKA UC300 Cat.5e u/UTP - CPR
73.1. Type: Ethernet cable Cat5e Type: Ethernet cable Cat5e DRAKA UC300 Cat.5e u/UTP - CPR
73.2. Cable length: 300m Cable length: 300m DRAKA UC300 Cat.5e u/UTP - CPR
1-Port Gigabit High-

Power PoE+ Injector Quantity: 1-Port Gigabit High-Power PoE+ Injector Power
74.
Power output of up to 20 output of up to 30 watts - Quantity: 20
30 watts
Product type, model: Product type, model: POEINJ1GW

406772580.doc
5.
notes
Type: Gigabit PoE+ Injector StarTech 1-Port Gigabit Midspan -

74.1. Type: Gigabit PoE+ Injector
PoE + Injector – 802.3at and 802.3af
Number of ports: min.1 StarTech 1-Port Gigabit Midspan -

74.2. Number of ports: min.1
Power output: min. 30W StarTech 1-Port Gigabit Midspan -

74.3. Power output: min. 30W
1-Port Gigabit High-

Power PoE+ Injector Quantity: 1-Port Gigabit High-Power PoE+ Injector Power
75.
Power output of up to 10 output of up to 60 watts - Quantity: 10
60 watts
Product type, model: POEINJ1GI StarTech 1-Port Gigabit PoE + Power

over Ethernet Injector (30W) w / Non-
Standard PoE Boost (60W) and
Redundant Power
Type: Gigabit PoE+ Injector StarTech 1-Port Gigabit PoE + Power

75.1. Type: Gigabit PoE+ Injector
Redundant Power
75.2. Number of ports: min.1 Number of ports: min.1 StarTech 1-Port Gigabit PoE + Power

406772580.doc
5.
notes
Redundant Power
Power output: min. 60W StarTech 1-Port Gigabit PoE + Power

75.3. Power output: min. 60W
Redundant Power
76. Coaxial cable 300m Quantity: 2 Coaxial cable 300m - Quantity: 2
Manufacturer’s name: Manufacturer’s name: DRAKA
Product type, model: Product type, model: Coax RG 59
76.1. Type: Coaxial cable Type: Coaxial cable DRAKA RG 59 type B/U 75 Ohm Eca
76.2. Cable length: 300 m Cable length: 300 m DRAKA RG 59 type B/U 75 Ohm Eca
BNC to RCA Quantity:

77. BNC to RCA connector - Quantity: 300
connector 300
Product type, model: Product type, model: BNC to RCA Inter-series Adaptors
77.1. Type: BNC (Male) to RCA (female) Type: BNC (Male) to RCA (female) connector Inter-series Adaptors

406772580.doc
5.
notes
connector
Quantity:
78. BNC connector 300
BNC connector - Quantity: 300
Telegartner BNC Straight Plug G2

Product type, model: Product type, model: RG-59B/U
RG-59B/U
Leased line
79. Quantity: 7 Leased line connection - Quantity: 7
connection
Object-relational
database
Object-relational database management system
80. management system Quantity: 1
Oracle Database - Quantity: 1
Oracle Database or
equivalent
81. Institution and Quantity: 6 Institution and authorities’ interconnection within

authorities’ the existing Interoperability system - Quantity: 6

406772580.doc
5.
notes
interconnection
within the existing
Interoperability
system
Designing the secure

connection of the
Beneficiary back-end
systems via ICT
platform for Designing the secure connection of the Beneficiary
connecting the back-end systems via ICT platform for connecting
82. institution to the Quantity: 1 the institution to the MIM2 via Communication
MIM2 via Client environment and the existing
Communication Interoperability system (MIM2) - Quantity: 1
Client environment
and the existing
Interoperability
system (MIM2)
Web Service
Development (for the Quantity: Web Service Development (for the Interoperability
83.
Interoperability max. 40 system purposes) - Quantity: 40
system purposes)
Manufacturer’s name: Nextsense

406772580.doc
5.
notes
Web Service Development (for the Interoperability

system purposes)
83.1. In line with the needs for exchange of We will implement forty new Web Services which Document: Web Service
data among the institutions, it is foreseen will be registered in the MIM2 Service Catalogue. Development, subchapter Business
that all institutions will be connected to analyses
The process of implementation is process of:
the MIM2 service bus (so-called EU
platform) from the national platform for 1. Business analysis
interoperability for the exchange of 2. Development
unclassified data. The exact web service 3. Registration
publishing reorganization will be done in
In the phase of business analysis, we will detect which
business analysis phase.
of the current services are interesting for institutions
The project includes implementation of which are part of this project, which data from current
maximum forty (40) new Web services, institution registered on the MIM2 platform is
which involve: interested for institutions which are part of this project
and for this data we will developed new service. Also,
Business analysis
we will be analyses back end systems of institution
Conducting detail business analysis in from this project and detect interesting data and
the involved institution in order to be document which is candidate for develop new web
defined the following information: service.
 Web Service Consumer and web All measures and parameter which are part of item
Service Provider participants 83.1 will be part of business analysis.
 Consumer participant’s requirements
 Defining unclassified data which can
be exchanged between the
participants in accordance with the
obligation law and regulations
 Identifying which of the defined
unclassified data are stored in the
Provider participant’s DB
 Providing detail information about
the Web services, defined for further
development and implementation:

406772580.doc
5.
notes
 Web service name

 Purpose
 Input and Output parameters
(support complex object –
datatype and binary data
(document))
 Consumer participants (which
Consumer will use the given
Web service, this value will be
configured in a service
catalogue where web service
will be registries)
 Users (who has privilege to
access the given Web service on
the Consumer participant level,
the set of users from consumer
institution, which will be
consume web service, will be
configure in the service
catalogue where web service
will be registries. Administrator
from the provider institution
will be choose user for
consumer institution configure
in the previous step).
83.2. Development For development of web services detect in the phase Document: Web Service
of business analysis we will user: Development, subchapter
The web services must be developed in
Development and registration
accordance with the MIM protocol. The 1. SOAP ASMX Service
web services must be developed on the 2. WCF Service
Development environment.
With the custom configuration of this technology we
Every new web services must support the will be implemented services with next criteriums:
IOP-T and MIM2 specific standards and
protocols:  SOAP 1.2

406772580.doc
5.
notes
 SOAP 1.2  Single WSDL with all complex datatype

 Single WSDL with all complex After developed of web service with above one of the
datatype technology and registered service as a relay party on
SSO platform we will transform service with the WS
 The SOAP message must Federation binding, after registered on SSO the
include security header service will achieved and next criteriums:
containing claim data for
consumer user. This header  The SOAP message must include security
must be encrypted and digital header containing claim data for consumer
signed according with OASIS user. This header must be encrypted and
Standard digital signed according with OASIS
Standard
 The claim user data must be
included as a SAML Token  The claim user data must be included as a
SAML Token
 The web service must be
registries as a relying party in  Implementation of web service must support
the single sign on, and configure the flowing standards and protocols
SSO to provide data for
o WS Federation
authentication and authorization
of the consumer user o WS Security
 The web service must o WS Trust
implement MIM header with
data for routing the message o WS Addressing
through interoperability o WS Policy
platform
After registration web service in the MIM2 service
 Implementation of web service catalogue, we will be implement method for
must support the flowing automatically injection of MIM header structure in the
standards and protocols initial WSDL.
o WS Federation
o WS Security
o WS Trust

406772580.doc
5.
notes
o WS Addressing
o WS Policy
Implementation and registration

The developed web services must be
For implementation this requirement, at first, we will
implemented and registered on the
add functionality in the MIM2 service catalogue to
production environment as a test web
mark web service as a test service.
service (marked as test) and as the
production web service. The current implementation of MIM2 service
catalogue support registration service through user
The process of registration of web
interface and MIM meta data service. We will use that
service will be doing through user
technology for registered web service in MIM2 Document: Web Service
interface (service catalogue) or MIM
83.3. service catalogue. Development, subchapter
meta data service. After registration web
service, end user can be test registered Web services will be testing with the web form Development and registration
web service with the dynamically generated from MIM2 service catalogue and proxy
generate form. The web services must be class generated from downloaded WSDL from service
hosted in the participant’s environment, catalogue.
respectively.
For all developed service in this phase will be
Before implementation and registration implemented testing process with specific testing
in the production Interoperability scenarios.
environment, every web service must be
tested and verified.
83.4. Asynchronous communication We propose two types of asynchronous method of Document: Web Service
communication: Development, subchapter
To implement Asynchronous
Asynchronous communication
communication through the MIM2 1. Consumer requests service, the provider
platform, two services have to be gives response with unique identifier of the
developed: (1) one from the provider side message. Than consumer again requests for
for the requestor to submit the request for final response and the provider responses
data and (2) one from the requestor side with finial response state.
for the provider to deliver the data. 2. Consumer requests service, the provider

406772580.doc
5.
notes
gives response with unique identifier of the

message. When the finial response is ready
the provider responses with response
information of the requested service
In the current implementation of service catalogue, we

can have authorized all users from one institution to
Administration consume service of other institution. The feature to
Document: Web Service
Updating users’ privileges in Service authorized specific user for institution to consume
83.5. Development, subchapter User
catalogue, based on conducted business specific service to other institution, in this version of
authentication
analyses. service catalogue is not implemented. In the upgrade
of service catalogue, we will be implemented this
feature.
Document Management
System implementation
1. eArchive Module
(users: 50 per institution) * Ministry of Interior.can use Module 2 and
Module 3 which will be implemented as part of the
2. Module for integration Interoperability platform
with external systems for Quantity:
84.
8 institutions 3 *Module 1 will be implemented only in three
institutions: AMCP, FPO, SCSP
3. Module for electronic
document exchange
between the connected
institutions on the
interoperability platform
for 8 institutions

406772580.doc
5.
notes
Manufacturer’s name: Nextsense
Nextsense Document Management System

Product type, model: implementation
84.1. Subject to the requirement for public DMS system together with eArchive functionalities Each functionality is covered in
procurement is development, will be implemented for 3 institutions: AMCP, FPO, details in below items and explained
implementation, software maintenance, SCPC. in technical documentation
and user support for a Document
Document: Document Management
Management System for the following 3
Separate repository will be deployed for each System
public institutions:
institution. The solutions will be web based and could
1. AMCP be managed from central location.
2. FPO
a. The DMS will support working and exchanging
3. SCPC
documents as well as attaching workflow a.
The solution has to provide processes on events on documents
Implementation of specific repositories b. System will be integrated with multiple
for each of these 3 institutions and has to gateways that offer communication with various
enable the work and administration of the external systems.
system for managing documents, content c. The system will be based on the latest platforms
and business processes to be carried out offering modern technology and user interface.
from any location with web based access Latest technologies for authentication and role
to the central system. based authorization will be implemented on top
of SAML 1.1 standard as well as support for
The DMS system will be implemented
LDAP (ex. Active Directory)
separately in each of the 3 above listed
d. Powerful ECM and DMS system will cover all
institutions. Following are the key
the requirements about document storage on
characteristics of the required EDMS
different local and remote repositories. eArchive
system:
module for storing document records will be
a. The system must provide interface to implemented in the DMS. DMS Search will be
exchange documents and trigger responsible for indexing content and metadata
workflow processes without loss of information.

406772580.doc
5.
notes
metadata or structure
e. The system will contain a software that cover
b. System must be capable of
powerful and easy to use application for
exchanging documents and
scanning documents. Processing them with OCR
information with external systems
and manual indexing if required, they will end
c. System must provide modern user
up in the document management system.
interface and support comprehensive
f. DMS system will support storing documents in
authorization and user certification
document libraries with versioning functionality.
procedures, allowing for the security
Each document will have major and minor
and reliability of the corporate
version, with possibility to present only
information. Functionality of the
“approved” documents with major version to
system must be determined through
certain user roles.
user roles
g. As modern system, comprehensive XML
d. System must provide for integrated
support and open integration standard will be
document repository capable of
used trough-out the system.
managing electronic records and
h. The DMS have own built-in search service
store document indexes and
application which is responsible for crawling ,
metadata information
indexing and processing content. Later offers
e. System must support input via
this index to be searched by the users taking care
scanners and use of Optical
of the permissions that each user have on
Character Recognition
particular content.
f. System must support document
System as well as Search offer no-coding
versioning including the major,
capabilities to add new metadata fields to
minor and branch version control.
documents, and index them back into index so
g. System must provide comprehensive
they and be searched and filtered by.
XML support
DMS with Views capabilities can be customized
h. System must have comprehensive
to present different fields and data to different
indexing facilities, built in indexing
roles and can be customized per user base.
server for indexing documents,
i. DMS will support a variety of authentication
metadata and content. It must
methods and authentication providers for the
support comprehensive and flexible
following authentication types: Windows
profiling system that allows for a
authentication, Forms-based authentication and
maximum level of fields and format
SAML token-based authentication. SharePoint
presentation customization.
support so called “modern authentication
i. System must provide for user
mechanisms” like Claim-based authentication
authentication using standard
based on SAML 1.1 and oAuth. All mentioned

406772580.doc
5.
notes
credentials and be able to assign user

authentication mechanisms above also support
rights on the level of the system
single sign on.
objects. The encrypted
DMS as web based solution will provide
communication between the system
encrypted communication between the system
and the users should be provided.
and user’s computer through standard web
j. System must include tools for
encryption (SSL/TLS) Encryption algorithm
system audit and logs
based on the Advanced Encryption Standard
The DMS frameworks delivery involves (AES)
implementation of the following j. The audit feature will let tracking of user actions
segments: on a site's content types, lists, libraries,
documents, list items, and library files within
1. e-Archive module, with 50 users per
site collections. Knowing who has done what
institution;
with which information is critical for many
2. Module for integration with external
business requirements, such as regulatory
systems for 8 institutions with
compliance and records management. Audit
development of maximum 10
reports with query and filter capabilities will be
distinct web services for exchanging
offer on DMS UI for certain roles.
documents via Interoperability
system. Those web services will be
used for receiving the documents,
1. Yes - eArchive module for support of 50 users
validation of document type –
per institution will be delivered. More details
digitally signed PAdES and XAdES
about its capabilities is explained in the
standard PDF-A before document
technical offer
recipient, confirmation of document
2. Yes - Interoperability infrastructure and services
recipient which includes document
will be connected and used by the system in
number and integration with archive
order to provide with integration with external
module of DMS;
systems. It will support exchange of digitally
3. Module for electronic document
signed PAdES and XAdES standard PDF-A
exchange between the connected
documents
institutions through the
3. Yes – module for electronic document exchange
interoperability platform for 8
between the connected institutions will be
institutions with development of
implemented in the system.
maximum 4 distinct web services for
exchange of documents and related
metadata between the below

406772580.doc
5.
notes
described institutions.
84.2. Within each module the following a. The e-Archive system supports import, classification and Document: Document Management System
recording of both Hard copy and soft copy documents.
requirements and functionalities needs to Chapter: e-Archive (Corporate Document
be fulfilled: b. Institutions can capture and index information from both paper Repository)
and e-source documents and convert it into electronic information
I. e-Archive module delivered to the back-end system/content repository. а. Article: Document entry / distribution to
relevant person/s
a. Module for import, classification c. The e-Archive system comes with a Record Book which is
and recording of incoming compliant with the latest regulating law and office operations. b. Article: Document entry / distribution to
documents (both Hard and soft relevant person/s
d. The e-Archive system comes with a
copy). Registry/Confirmation/Internal book compliant with the latest c. Article: Record Book
b. This module must enable regulating law and office operations.
institutions to capture and index e. The electronic postal book gives preview of the documents that d. Article: Registry Book
information from virtually any are send through post office to the clients. By using a search option,
paper or electronic source, one can search through the sent documents by the following e. Article: Postal Book
parameters. Article: Report- List of documents by
transform it into electronic document type
Additional books by document type are supported like book of
information, and deliver it into the contracts. Article: Book of Invoices
back-end system. The aim of this f. Article: Preview of deeds inventory
module is to connect and delivers The system support entering data and reporting of the Invoices. The
separate Book of Invoices will be available to the users. g. Article: e-Archive
electronic data and documents to a
content repository. f. With the option: “Preview of deeds inventory” one is enabled to h. Article: Document entry / distribution to
have an overall display of all documents that are maintained under relevant person/s
c. Electronic record book and same deed inventory, respectively referring to the same subject Article: Distribution of the scanned documents
archiving module in accordance matter as they are one entirety. from the registry
with the regulating law and office Article: Notifications
g. Each institution will be completly independent with own views
operations. of documents, own reports and seach.
d. Electronic registry book and i. Article: Adding new users
h. System offer document distribution, starting at the moment what
archiving module in accordance is is entered into system, but also later when users in responsible j. Article: Document lists by status and role
with the regulating law and office organization unit receive the document. They can deistibute the Article: Search
operations document furher in the organization.
e. Electronic postal/invoices/contracts When distributing documents, the affected users in the process of
document archiving receives notification by mail, which informs k. Article: Document entry / distribution to
book the user that has been added in one of the groups. relevant person/s
f. Preview of deeds inventory book
(registry of acts) i. Depending on the user role within one document and its response l. Article: Document entry / distribution to
g. Implementation of views, reports („Receive “or „Not for me “), users may add other persons in relevant person/s
different roles to the document thus providing manual workflow of Article: Open
and metadata search of this module the same document to different employees and departments in the
for all 3 institutions enrolled in the organisation. The process of adding users in one of the sections m. Article: Open

406772580.doc
5.
notes
project consists of few straightforward steps.

h. Distribution of documents and
monitoring using notification j. Users can review their documents, received ones as well as ones n. Article: Document entry / distribution to
waiting to be received by them in role based and security aware relevant person/s
mechanisms. lists at the web application homepage Article: Reserve a number
i. Manuel Workflow for document
By using the advanced search option available, one can review the
distribution to employees in received/entered documents based on several criteria, such as:
different departments/ units: o. Article: Document entry / distribution to
dates, status and other relevant parameters.
relevant person/s
- according users’ priorities, k. During the process of document entry, the document being Article: Related documents
entered can appropriately be categorized, numbered and sent to the
- by organizational units, appropriate organizational unit.
p. Article: Search
- by employees. l. Any given document in the e-Archive system can be assigned a
specific confidentiality status (internal, public, confidential or
j. Record and review of received/ strictly confidential) in order to express the document’s q. Article: Administration module / Document
entered documents and their confidentiality level. types
Additionally the document can be assigned as secret, which restricts Article: Report- List of documents by
overview by dates, status and other even role Archiver to read “document content” document type
key parameters
m. The e-Archive system comes with an electronic stamp built-in
k. Categorization, numeration and functionality. The stamp design can be specifically tailored to meet r. Article: Record Book of conscription
the company’s needs.
recording under organizational archives
units n. The system automatically suggests the next available archival
number when importing or adding new documents to the repository. s. Article: Record Book of conscription
l. Identification/declaring the archives
document as a secret The same functionality is present when entering number with same
ordinal number. In that case the subsequent sub-number is t. Article: Document details
Article: Document details / Document action
m. Electronic stamp that includes the automatically proposed by the system.
history
entire archive number and the The e-Archive system has an option to reserve an archival number.
receipt date o. Related documents in the e-Archive system are linked together.
When one document is connected with an already existing u. Article: Document Lists by status and role
n. Automatic proposal of subsequent document in the system and the same document is also connected
available archive number with with other documents in the repository, then the new document is
automatically linked to the corresponding related documents. v. Article: Open
possibility to reserve archive
number p. Documents in the e-Archive can be searched through a standard
fast search or advanced search by several criteria: w. Article: Receive/Not for me
o. Linking archive numbers from
 Regional unit
previous years  Keywords – (search by content and all metadata) x. Article: Send by mail
 Archival number
p. Enabling advance search per:  Year
 Direction (incoming, outgoing, internal)
y. Article: Alarms

406772580.doc
5.
notes
- archive number  Document type

 Filing sign
 Case
-subject  Consignor / Addressed to z. Article: Delete Document
 Reception date from Article: Administration modules
 Reception date to Article: Cases
-case file,  Number and date
aa. Article: Document Geo-location
- company/business q. Each document is in the system with localization key of the bb. Article: Cases
partner/client, document type (English phrase for the document type), name of the
document type showing if it is active. Documents can also be cc. Article: Cover Document
previewed by specific document types.
- document type, dd. Article: Discussion
r. The system comes with an option to define ”archive signs” with
ee. Article: Users, Access and Roles
number of years until which certain documents have to be
- date physically maintained according to the years of storing that are
ff. Article: Functionalities and navigation
defined in the “Plan of archive signs”. After that date these
- year. documents can be destroied. This kind of functionality is offered in gg. Article: Administration modules
the software trough the Administration module and is accessible for
roles like Archivist and Administratior. hh. Article: Notifications
q. Defining types of documents with
s. Once each document has a predefined length during which it ii. Article: Document Details
possibility to review by document
should be kept and stored, then after this date is due, a list of all
types documents that need to be dissolved can be generated through the jj. Article: Users, Access and Roles
e-Archive.
r. Dissolution of documents kk. Article: Actions on the document
t. The e-Archive comes with a history of actions functionality,
s. Review and print a list of ll. Chapter: e-Archive (Corporate Document
which shows all actions that were made in the particular document,
Repository)
documents that have to be which gives exact info on which date, in what hour and by which
destroyed user the particular changes/actions are made.
u. In the e-archive system are listed the documents that refer to all mm.
t. History of actions that were made the persons (subordinates) that in the organisation hierarchy are Article: Functionalities and navigation
on the archived document managed by the logged in user (this is set up in AD) Article: Administration modules
u. Review of documents for my v. In order to preserve and emphasize the confidentiality/secrecy of nn. Article: Administration modules
subordinates any given document within the organization, an electronic stamp of
confidentially is added on each document page.
v. Electronic Stamp for w. Once a document is sent to a particular user, the user can either
confidentiality degree of the deny or accept the document. The user confirms the document’s
document and to be placed on each reception by selecting the option “It’s for me”.
document page x. The system supports sending documents by mail. It also comes
with a built-in Mailing Book which keeps record of all documents
w. Confirmation of document receipt sent by mail.
in archive

406772580.doc
5.
notes
y. The e-Archive Alarms are one type of notification about a

x. Sending output document by mail document. Depending on the people who are involved in the alarm
setting there are individual or group alarms available to the user.
y. Create alarms as reminders for
executing certain activities z. All documents that had been deleted from the electronic archive
(either intentionally or by accident) are logged into the section
z. Document deletion of inserted Administration -> Deleted documents. Here you can see all the
documents in the system by deleted documents and filter through them.
mistake with history log about the
activity aa. The system supports management of document geo-location.
Through this option a user can define new locations for any
aa. Definition and management of document in the archive thus manage their physical location.
document geo-location
bb. The system allows more documents to be grouped in one case
bb. Possibility for creation of “case file. This case file has its own number. Each case can be tracked
file”. Connecting archived based on its status.
documents under one case file,
cc. With this option the users who are part of the groups Archivists
under the same case number, with and Sub-archivists or the users which have privileges above the
additional sub number. Track the document can print a cover page of the document.
case status and dissolution of case
to be on disposal as additional dd. Discussions are defined for every document individually.
functionalities. Access to the discussion have only users that have privileges over
the documents. Every user can add a comment.
cc. Generate a cover page for those
documents that are electronically ee. The access to each archive module is defined based on the user
role in the system. The functionalities and options available to each
signed
user are dependent on the role assigned to the particular user.
dd. Discussion for the entered
document or created case ff. Authorized archivists are the only users that have full access of
the repository database. All other users in the system have limited
ee. Access rights for archive module to access to certain functionalities based on their delegated role.
be defining by all levels and gg. The e-archive module, as part of the Central Document
activities according delegated role. Repository is fully available only to an authorized Archivist and
technical Administrator should there be need of any interventions.
ff. The full access of database should
hh. Upon document status change all users affected by the
be limited only to authorized document receive an e-mail as means of information. E-mails are
archivists. also being sent to users about alarm notifications and discussions as
well.
gg. The access to the administration
module is limited only to ii. In Document details there is a history of all actions that were

406772580.doc
5.
notes
authorized technical system made on the particular document, which gives exact info on which
date, in what hour and by which user the particular changes/actions
administrators and need to prevent are made. Users or administrator cannot change this data
access to information by
unauthorized persons. jj. The system authorization mechanism is tightly integrated with
Active Directory. This offers Single Sign-On experience for all
hh. Submission of e-mail (notification) users that are logged on to their computers with corporate Active
Directory credentials.
as a result of each document phase
(distribution, reminder of subject kk. The e-archive can be integrated with other systems, so the
file’s status and alarm document from the electronic archive is send to the other system
with its metadata and they can be reused into the other system. This
notifications) actions are defined for a specific document type and are defined
user roles that can make this actions. Also there is an option for
ii. Control of history of all data integration of documents from other systems to be added into the
modifications/changes. Relevant electronic archive. Powerful and full-features Web Services are
logs should be maintained in a exposed for integration
secure way thus the control of
saved records, data modifications ll. As a web based solution with direct online access, the electronic
as well as records entered in the archive enables process standardization and digitalization of
database by the end users should archiving for the incoming/outgoing documents which enter into
the Archive. All major browsers are supported to work wilh, like IE,
be with timestamp. Chrome, Mozzila
jj. Integration with Microsoft Active mm. The e-Archive has multilingual User Interface, supporting
Directory as well as possibility for both English and Macedonian language.
use of one unique user name and nn. The e-archive system’s administration module consists of the
password. following sub-modules:
kk. Possibility to integrate with other  Entity management (Sender)

internal systems  Localization management
 Managers
ll. Web based software with direct  Document Types
online access enabled by user  Geo-Locations
 Archive years
interface supported by Internet  Filling marks
Explorer Mozilla Firefox and  Deleted documents and cases
Google Chrome with their higher  Changing location of documents
versions.  Documents that can be destroyed
 Documents with permanent value
mm. Multilingual UI with support for
Macedonian and English language.

406772580.doc
5.
notes
nn. Administration of the system with

the following characteristics:
- organization and employees
management
- Defining and managing of
rights and roles,
- Defining of access to system’s
function through certain rights
and roles,
- Assigning and maintaining of
data access through certain
rights and roles,
- planning and archiving signs
list management
- Listing, creating and managing
of archive years, adding or
changing archiving year
- Subject management
- Localization management
- Document types management
- Clients management,
- Data and system back – up and
restore
84.3. Module for integration with external Institutions that do not have their own business Document: Document Management
systems information system application solution will still be System, Chapter: Module for
able to access and interact with the MIM2, integration with external systems
This requirement is for integration
requesting access to use the available services,
among different institution for using their

406772580.doc
5.
notes
external service with permission on user through the customized software solution. The
level. solution will provide presentation layer for the
Interoperability Information Portal (IIP), through
This module should enable:
which all authorized users will be able to interact
a. The user that is already with the MIM2. Depending on the level of access
authenticated can consume only for the authorized user can access configurable
web services for which has an group of service interfaces and end points that are
authorization already available. The IIP will increase the
flexibility of the overall solution, promoting the data
b. Adding of new web services
exchange through the presentation layer solution.
should be handled automatically
and dynamically without the need In context of the IIP users will be classified as:
of solution reprogramming
 Institution Manager. This type of user can
c. In order to enable automatic act on behalf of the institution with in the
addition of new web services the IIP.
solution should be able to  Institution Employee. User given access to
automatically parse WSDL of new the set of service interfaces/endpoints
web services and generate forms available on the IIP.
for service invocation, for web
services that have registered The basic functionalities that the Institution Manager
WSDL’s in the service catalogue will have regarding the user management of the
on the Interoperability platform: entitled institution can be defined as follows:
a. As part of this module  Registration of a new institution user

should be implemented a (Institution Employees)
form provider component  Managing access level for specific set of
which will be able to read services
previously build and  Managing user account statuses (lock,
defined form definitions unlock, delete, etc.)
in order to dynamically
generate client side Forms provider component is component which acts
validations, type checking as bridge between MIM2 and rest of the sub
etc. for the end users component on which Forms module is built. This
module provides end user forms that are required for
b. As part of this module successful invocation of any service defined in the
should be implemented a

406772580.doc
5.
notes
form generator component MIM2.

which will be able to
Forms Generator module is module where various
generate form definitions
types of forms can be defined from WSDL file of
based on parsing the web
service.
services’ WSDL
document. Forms processor module is module which is
responsible for accepting the user input generated
c. As part of this module
using the predefined form and route this user data to
should be implemented a
appropriate end point for further processing or storing.
form processor
It also serves as validation module for user input and
component which will be
storage for user inputs and generated responses for
able to parse and validate
each form if necessary.
user input data and
provide output of the web All the transactions from the IIP are implemented
service through MIM2 interoperability platform.
d. All web services invocations must
be trough the Interoperability
platform
84.4. Module for electronic document The module for electronic document exchange Document: Document Management
exchange between the connected between the connected institutions through the System, Chapter: Module for
institutions through the interoperability platform makes sure that listed electronic document exchange
interoperability platform institution have the possibility for document and data
exchange in accordance with the law, satisfying legal
Electronic document exchange main
criteria for digital signatures, digital seal and proof for
objective is to ensure that listed state
request delivery that ensure interoperable secure and
institutions have possibility for document
reliable communication following the EU standards
and data exchange in accordance with
for digitalization.
law, satisfying legal criteria for digital
signatures, digital seal and proof for The module for electronic document exchange is built
request delivery that ensure upon the latest technologies providing excellent
interoperable, secure and reliable performance and very intuitive user interface for easy
communication following the EU document exchange between the institutions. It’s
standards for digitalization. designed and will be implemented on the MIM2
Interop platform infrastructure that complies with the

406772580.doc
5.
notes
The Module for electronic document MIM standards for interoperability.

The module for electronic document exchange is
institutions through the interoperability
compliant with the Law on general administrative
platform shall be implemented on the
proceedings, Law on electronic management and
MIM2 Interop platform infrastructure
relevant sub laws.
that complies with the MIM standards for
interoperability, security, reliability. The module for electronic document exchange will
have exposed web services to the Interop platform
The Module for electronic document
that supports SOAP 1.2 and has additional MIM
Header standard that defines:
institutions through the interoperability
platform shall be compliant with the Law  Vendor sender of the message
on general administrative proceedings,  Vendor receiver of the message
Law on electronic management and  Transaction id, unique for each request
relevant sub laws. (message)
Developing and exposing following web  Correlation id, id for correlation of messages
services via Interoperability system  Service name that needs to be invoked by the
catalogue of web services: sender
 Routing token for the message
- For receiving the documents
 Information for certified electronic document
- For validation of document exchange
o Institution that sends the message
type – digitally signed PDF-A
o Institution that needs to receive the
before document recipient. message
- Confirmation of document The web service that is exposed on the interop
recipient which includes platform via Interoperability catalog of web services
document number. defines:
- Method for receiving digitally signed PDF-A
- BAM have to handle audit standard documents who are checked for
trails of the messages valid digital signature
exchanged. - Method for sending confirmation of
document recipient which includes document
number

406772580.doc
5.
notes
- Integration with archive module of DMS for

archiving received documents and
- Integration with archive
documents before send, and also reading
module of DMS. documents from archive
- Includes Business Activity Monitor that audit
trails of messages being exchanged
84.5. The Document management system will The document management system will be installed in Document: Document Management
perform independently in each of the each of the mentioned institutions independently, and System, Chapter: Module for
mentioned institutions. will perform as independent unit. electronic document exchange
The need of communication between two When institutions need to exchange documents (and
systems appears in the moment of related metadata) between them, they will connect to
exchanging a document from one the module for electronic document exchange to
institution to another institution and perform the exchange.
related metadata.
The exchange of documents will be provided for all 3
Exchange of documents and metadata institutions enrolled in the project: AMCP Agency for
must be provided form all the 3 Management of Confiscated Proprietary, FPO
institutions enrolled in the project: financial police office and SCPC State Commission
AMCP Agency for Management of for the Prevention of Corruption.
Confiscated Properties, FPO – Financial
Additional web services will be developed for
Police Office and SCPC State
exchange of document and relevant metadata between
Commission for the Prevention of
the above mentioned institutions and the following
Corruption.
institutions:
Implementation of appropriate web
1. CA
services for exchange of documents and
2. MoI
related metadata must be also provided
3. MoJ
between the above-mentioned institutions
4. FIU
and the following institutions, where
5. PPO
business analysis shows that exchange of
documents is needed: The module will be developed in a way that the
documents can be protected and controller regardless
1. CA
where they reside.
2. MoI

406772580.doc
5.
notes
3. MoJ
The module for electronic document exchange will
4. FIU
provide a web service for each of the above
5. PPO
mentioned institutions that is compliant with the
The integration must be developed in a information systems certification requirement in the
way that enables documents to be compliance with the Law on Electronic Management
protected and controlled regardless of and related by laws, because the module for electronic
where they reside – within or beyond the document exchange is certified solution that passed
firewall. the process of certification by the Law on Electronic
Management, and related laws
In order to obtain the required
functionalities, a web-service for
exchanging data with all the listed
institutions must be provided.
The module for electronic document
exchange shall be compliant with the
Information Systems certification
requirements in compliance with the Law
on Electronic Management and related
by laws.
Infrastructure environment The architecture for the DMS solution is designed to

The contractor is obliged to create: satisfy all the technical and functional requirements,
but also to adhere to well-known principles and best
a. Production environment practices in the IT industry. We’ll provide separate Document: Document Management
84.6. b. A test environment identical with the development, test and production environment. The System, Chapter: System
production, without content; development environment will be used to develop Architecture
c. A development environment that will new functionalities and make changes or upgrades to
be used by contractor to test the new the existing ones, which then will be tested in the test
solutions, changes etc. environment before releasing them to production.
84.7. The DMS delivery includes: We’ll provide all the necessary prerequisites Document: Document Management
including: System, Chapter: System
i. System platform prerequisite
Architecture
providing: - hardware (servers, storage and network)

406772580.doc
5.
notes
 Hardware installation, adjusting and

configuration:
o Servers
o Storages
o Networking installation, adjusting and configuration.
 System software implementation - Software implementation (Database,
o Database Installation and Application, Management and administration
configuration servers) installation and configuration
o Platform/Application server
Installation and configuration Appropriate backup procedures will be configured for
o User administrator server each module.
installation and configuration
Creating and applying back up
procedures.
1. The DMS will support working and exchanging

84.8. The mandatory requirements which have Document: Document Management
documents as well as attaching workflow
to be supported by the new system are System, Chapter: SharePoint 2013
processes on events on documents
the following:
2. Yes, DMS will support Google Chrome,
I. User Interface Internet Explorer, Firefox, Mozilla browser 1. Article: Document management
The mandatory requirements which have 3. Yes, DMS will support role creation without Article: Workflows
to be supported by the new system are additional programming and user membership
the following: management. Certain features will be available 2. Article: Browser support
1. The system must provide to certain user roles
interface to exchange documents 4. Users will have possibility to define global 3. Article: Security
and trigger workflow processes (shared) or user specific views of the content in Article: Roles, role definitions,
without loss of metadata the system and role assignments
2. Web interface must support 5. The DMS offer possibility of creating virtual or
following browsers: Google compound documents (VD). This provide 4. Article: Views
Chrome, Internet Explorer, Firefox, functionality for user to create virtual folders
Mozilla and link documents inside these folders. In 5. Article: Document management
3. Client functionality is every moment, links to these documents are
determined through user role, leading to the latest version of the document, 6. Article: Document management
enabling certain client functions to regardless of who is author or modified the Article: Document Library

406772580.doc
5.
notes
be turned on or off depending on document.

user role with no additional 6. Document Library is an object that can be used
7. Article: Document Management
programming to store multiple documents as a virtual folder
Article: Web part pages
4. The web interface shall provide 7. The system will implement possibility to
Article: Web Services / REST
multiple views of the content reference documents from external systems
Services
according to user preference and IT trough links. Links List and Web Part will be
permission sets. used to present this links to the user.
8. Article: Security / Inheritance
5. The interface shall provide Additionally, the system will be opened for
Article: Document Management
support for the creation, editing integration with external systems through Web
/ Permissions
and management of virtual or Services, both as service and client towards
compound documents (VD). The external services
9. Article: Online document
system shall provide the features to 8. DMS will provide possibility to granularly
viewers
link documents into virtual define access rights to content
document folder while providing 9. The DMS system offer content online viewer
10. Article: Document Management
capabilities to automatically update 10. System will support content reuse trough the
Article: Web part pages
the version of the linked document use of links to single document or virtual
whenever the original is updated document folder.
11. Article: Web Services
6. Virtual document folder may be Links List with appropriate Web Parts will be
composed of multiple documents used to present reusable content and documents
12. Article: SharePoint server
from the repository to users.
architecture
7. The system should be able to 11. The system offer core functionalities to be
reference virtual document by available over web services
13. Article: Security
external systems through links and 12. Separate Web Application for each institution
Article: Central Administration
web service interface will be created and will be accessible on
Article: Web Services / REST
8. The security model must allow different url. Additionally, content of each
Services
to granular access rights to content institution will be stored in different database
9. Must allow ability to seamlessly 13. The security model of the DMS will be same
14. Article: Document Library
view content in its native form for all institutions and members could interact
using a built-in viewer from different institutions.
15. Article: Web Services / REST
10. Shall support content reuse The Central Administration web will be
Services
through management of links as available as a single point for administration
points to a single document or APIs that are exposed by the system are defined
architecture
virtual document folder. to target institution against which client want to
11. The system must provide its manipulate with data
17. Article: Overview
core functionality available via 14. As documents will be stored in Document

406772580.doc
5.
notes
web services Library, the core functionality will prevent from

II. Architecture duplicate document or multiple copies of one
12. Must provide separate document.
architecture
repositories for each institution Appropriate metadata will be applied to
13. The system should have one documents that will hold unique keys to enforce
19. Article: SharePoint API and
security model, one administrative uniqueness in one document library
SDK
module, one API sets per 15. The system is designed and implemented in
institution multi-tier architecture, with separation of
14. No multiple copies of one server-side and client-side components. Document: Document Management
document are allowed There are exposed API services with client tier System, Chapter: Image Capture
15. Support for multi-tier interfaces to the underlying core services Component
architecture with client tier 16. The system will be installed and configured in
interfaces to the underlying core architecture to support built-in fault tolerance,
20. Article: Kofax core components
content services via vendor load balancing and high availability
/ Main features and capabilities
supplied APIs 17. The system is designed in object-oriented
16. Must have built-in fault model, where each object has it’s own
21. Article: Image Capture
tolerance, load balancing and high functionalities. Additionally, there is object
component
availability hierarchy and objects that are child to other
Article: Kofax core components
17. System’s architecture shall be objects are inheriting some common
/ Scalability
based on object-oriented model and functionalities, like permissions. Starting from
concepts. Describe the key features the top, the main artefacts / objects of the DMS
of the object-oriented model are Web Applications, multiple Site collections
/ Scalability
architecture in one Web Applications, Multiple Sites in one
Article: Kofax core components
18. Must support distributed Site collection and multiple Document Libraries
/ Distributed capture
repositories (architecture). in each Site.
Allowing the system to be 18. DMS system will support distributed
configured such that access by architecture with distributed repositories,
users to these repositories is separated for each institution. Also separate web
transparent and navigation intuitive application will be created for each institution
19. System must provide a storing its content in separate database
Article: Scan module
comprehensive API (Application (repository)
Program Interface) or SDK 19. The system offer comprehensive API
25. Article: Validation module
(Software Development’s Kit) to (Application Program Interface) or SDK
Article: Recognition server
allow interfacing and integration (Software Development’s Kit) to allow
module
with existing systems. interfacing and integration with existing

406772580.doc
5.
notes
III. Image Capture systems

20. The capture product must
26. Article: Image Capture
support scanner/copier and fax
component
input 20. Scanning solution based on Kofax Capture will
Article: Export module
21. The capture product must be support input documents into the processing
able to handle volumes ranging system both from scanner and copier as well as
from workgroup to production from fax
capture 21. Kofax Capture is a modular application that can
Article: PDF generation module
22. The capture product must be be used right out of the box to meet the
able to support centralized and information capture needs of a specific
distributed capture environments department, and expanded to meet the complex
28. Article: Export module
23. The capture product must requirements of a high-volume, mission-critical
provide image clean-up capabilities enterprise. From hundreds to millions of
(de-skew, noise reduction, etc.) documents per day, Kofax Capture can capture
24. The capture system must be able it all.
to handle multiple pages and 22. Scanning software, event as it is seed as one
double sided documents system/application it can function on one
25. The capture product must machine / PC or be distributed across multiple
enable users to index manually server and client workstations depending on the
(key from image) and volume of documents that need to be processed. Document: Document Management
automatically through the use of System, Chapter: SharePoint 2013
OCR (Optical Character It can also capture documents from multiple
32. Article: Search / Search features
Recognition) technology and locations, connected locally or remotely with
templates the server/s. Kofax Capture’s modules allow
33. Article: Search / Search
26. The capture product must export work to be done where it’s most convenient,
architecture
images and index information to a and eliminates the common and costly practice
document management repository of shipping documents from remote offices to a
27. The capture product must central site for processing.
support export images in a variety 23. The scanning software will support scanning
35. Article: Security / Inheritance
of file formats, including PDF, documents image clean-up with Black border
Article: Document Management
PDF with hidden text and TIFF removal,Noise reduction, Deskew, Deshade,
/ Permissions
28. Upon export, the capture Despeckle, Destreak, Horizontal and Vertical
product must be able to trigger Line removal, Character reconstruction
processes 24. The scan solution trough scan module and/or
/ Security Trimming
29. Upon export, the capture import functionalities will handle scanning and

406772580.doc
5.
notes
product must be able to attach processing of multiple documents with multiple

lifecycles pages. Additionally it will support scanning,
37. Article: Security
30. Upon export, the capture importing and processing document that are
Article: Roles, role definitions,
product must be able to assign the double-sided (duplex)
and role assignments
correct security profile 25. System through the Validation module will offer
Article: Search / Search features
31. Upon export, the capture possibility to manually (key data) or trough
/ Security Trimming
product must be able to export OCR (tool) to index data into fields that were
images to the correct folder not recognized automatically in Recognition
38. Article: Security /
location and create a folder if module.
Authentication providers
necessary If Forms (templates) are defined, the automatic
indexing will occur in Recognition module
39. Article: Web hosting (IIS with
IV. Retrieval/Search Facilities based on defined template and use of OCR
SSL)
32. Content in the repository can be 26. Kofax Capture core uses standard release scripts
indexed by object properties and/or to connect seamlessly to business systems from
40. Article: Security /
full text IBM®, Oracle®, Microsoft®, Open Text®,
Authentication providers
33. The system must have built-in Hyland®, Interwoven®, EMC, and many other
indexing server indexing DMS systems out of the box and to other
41. Article: Audit log
documents metadata and content systems of choice.
34. Users can search for content via 27. Scanning system will support exporting images
selection of properties and/or into major user formats like TIFF, PDF and
words, phrases PDF with hidden text
43. Article: Audit reports
28. After releasing and storing exported document
V. Security and Auditing and metadata on a document management
35. Users should be able to assign system, the document management system will
Article: Audit reports
rights to objects at any time trigger processes (workflows) on item added
Specifically: (document) Export modules for calling web
45. Article: Central administration
o users should be able to assign services on document management systems for
rights to individual users or triggering workflow processes on exported
groups of users documents is another option that is supported.
o it should be possible to assign 29. With use of Export connections and supported
47. Article SharePoint server
the access levels to individual integration with document management
architecture
users and groups of users systems, correct document lifecycle will be
36. If documents are secured, the assigned to exported document on the DMS.
presence of documents should not This will reflect in firing document events, like
architecture
be visible when a user without document added, or document updates and

406772580.doc
5.
notes
access rights undertakes any manage properties value depending on the

searches on the document store document type, etc.
37. Must also provide support for 30. With use of Export connections and supported
architecture
role-based security integration with document management
38. Ability to authenticate users systems, correct security profile will be
using standard credentials and/or assigned to exported document on the DMS
architecture
advanced means of authentication 31. Scanning software will support exporting
leveraging industry leading images to the correct folder location and create
authentication and single sign on a folder if necessary
frameworks
39. Provide capabilities to encrypt 32. System implement rich and powerful search
communication between the engine that support crawling and indexing
system and user’s computer documents both by content in the document
through standard web encryption (full-text) and metadata (document fields)
(SSL) Encryption algorithm used 33. System search architecture is divided in
must be based on the Advanced multiple components. One of them is the built-
Encryption Standard (AES) in crawl component and content processing
40. Ability to authenticate user component which together create index from
against LDAP (Lightweight the dms content
Directory Access Protocol) 34. The Search functionality will offer to users to
directory services search by keyword which search in whole
41. Must provide ability to capture index, both content and metadata, or choose to
all operations on documents in a search only in selected metadata (property)
audit trail 35. Rights can be assigned to individual users or
42. Audit trail must contain groups of users
information such as event Rights can be assigned on each object in the
performed on document, user who hierarchy, individually and as group
performed the action, and date time 36. SharePoint Search always takes care of the
stamp permissions that user has over an item or
43. Audit system shall be capable to document in the SharePoint. Items returned in
be queried and reports generated the results from the search are always trimmed
44. Audit system must have the for the user that executed the query.
capability to audit the following: 37. Search and DMS in general will work with Role
o All occurrences of a particular based security, where items and functionalities
event on a given object or given will be available for users depending on their

406772580.doc
5.
notes
object type role in the system.

o All occurrences of a particular 38. DMS supports a variety of authentication
event in the repository, methods and authentication providers for the
regardless of the object to which following authentication types: Windows
it occurs authentication, Forms-based authentication and
VI. Administrator Tools SAML token-based authentication. SharePoint
45. System must provide web-based support so called “modern authentication
administration tool and provide a mechanisms” like Claim-based authentication
single point of access for managing based on SAML 1.1 and oAuth. All mentioned
and administering all repositories, authentication mechanisms above also support
servers, users and groups single sign on.
regardless of their location across 39. DMS as web based solution will provide
the enterprise encrypted communication between the system
46. Provides ability to log and audit and user’s computer through standard web
system events, such as file access, encryption (SSL/TLS) Encryption algorithm
deletions and process activities, for based on the Advanced Encryption Standard
reporting, analysis and compliance (AES)
purposes 40. System will offer full support for authentication
of the users against LDAP (Lightweight
VII. General Scalability Directory Access Protocol) directory services as
Requirements well as Active Directory services
47. Architecture shall provide 41. The audit feature will let tracking of user
provisions for scaling up (vertical actions on a site's content types, lists, libraries,
scaling) and/or scaling out documents, list items, and library files within
(horizontal scaling) site collections. Knowing who has done what
48. Provide inherent load balancing with which information is critical for many
between servers if clustering is business requirements, such as regulatory
employed compliance and records management.
49. It should be possible for the 42. Audit log will capture events on documents and
architecture to allow for multiple items like open/view, edit, check-out, move or
data stores at local and remote copy and delete. Additionally for each event
locations information for who take the action and when
VIII. Platform and Industry Standards will be supplied
50. Supported for Windows 43. Audit log reports will be available in the system
platform and virtualisation on VM presenting all logged information. They can be

406772580.doc
5.
notes
Ware or HyperV queried and filtered by specific value and

i. System has to support for MS exported in formats like CSV / Excel
SQL 44. The system will audit all occurrences of a
particular event on a given object or given
object type and all occurrences of a particular
event in the repository
45. System will offer web-based administration
console as a single point for managing and
administering all features, settings and services
of the system
46. Actions taken on the content and documents
stored in the DMS system, by any user, even the
administrator trough administration tools will
be logged in the Audit log as any other
document accessed by user
47. The system is designed to support enterprise
architecture that offer easy scaling with scale-up
(vertical) and scale-out (horizontal) scaling
48. The system will offer Load-Balancing and
clustering capabilities on different server roles
in the system. Web Front-Ends will be load
balanced to support better performance as well
as redundancy, and on the database level
Failover clustering will be a solution for high-
availability
49. The system offer possibility for multiple data
stores, both on local and remote locations. The
data store can be divided in multiple content
databases on different SQL Serves. Additionally
with the use of SQL Server, both Failover
Cluster and Failover Mirroring Server, both
hardware and data redundancy is supported
50. The system support virtualisation both on VM
Ware and HyperV. As a database store, SQL
Server will be used

406772580.doc
5.
notes
Software tool for

protection and Software tool for protection and sharing data by
85. Quantity: 8
sharing data by using using encryption software - Quantity: 8
encryption software
Manufacturer’s name: Symantec
Product type, model: 30 x File Share Encryption
85.1. Subject: The Central security management system software Symantec File Share Encryption
will be implemented in the following institutions: Datasheet
The Central security management system
software should be implemented in the  Ministry of Interior of RM (MoI);
following institutions:
1. Ministry of Interior of RM (MoI);  Ministry of Justice of RM (MoJ);
2. Ministry of Justice of RM (MoJ);  Financial Police Office (FPO);
3. Financial Police Office (FPO);  Ministry of Finance; Office for Prevention of

Money Laundering and Financing of Terrorism
4. Ministry of Finance; Office for (AML/CTF Office);
Prevention of Money Laundering
and Financing of Terrorism  State Commission for the Prevention of the
(AML/CTF Office); Corruption (SCPC);
5. State Commission for the Prevention  Public Prosecutor’s Office of RM (PPO);

of the Corruption (SCPC);
 Agency for Management of Confiscated Property
6. Public Prosecutor’s Office of RM (AMCP);

406772580.doc
5.
notes
(PPO);
7. Agency for Management of

Confiscated Property (AMCP);
8. Ministry of Finance; Customs

 Ministry of Finance; Customs Administration
Administration (CA).
(CA).
Licenses required:
The offered licenses are perpetual for 30 nodes (30
 Perpetual licenses for 30 nodes (30 users/computers) per institution (8 institutions) with 1
users/computers) per institution (8 year maintenance
institutions)
Official manufacturers maintenance 30 x File Share Encryption
required:
 Installed software will include appropriate
 1 year from the order date number of licenses.
 Miscellaneous:
 Installed software must include
appropriate number of licenses.
Minimum functional and technical
requirements as stated in following
items:
Subject: Software tool with management

The offered solution is a software tool with Symantec File Share Encryption
console that provides multiple ways to
management console that provides multiple ways to Datasheet, topics: Protect Data in
protect and share your data by using
protect and share your data by using encryption, to let Collaborative Space - Including the
85.2. encryption, to let authorized users share
authorized users share protected files in a shared Cloud; Persistent File Encryption on
protected files in a shared space--such as
space--such as a file server, shared folder, or USB Desktops, Laptops, Network, and
a file server, shared folder, or USB
removable drive. Cloud Servers
removable drive.
Enterprise Architecture:
85.3. The offered solution has enterprise architecture with - Symantec Encryption Management
 Supported Management Server:
the requested features: Server Install Guide, chapter 5: About
"Soft Appliance" model that is self-

406772580.doc
5.
notes
contained and installs on choice of  Supported Management Server: "Soft Appliance"

Installing Symantec Encryption
various certified hardware or model that is self-contained and installs on choice Management Server, topic: System
virtualization software of various certified hardware or virtualization Requirements
 Clustering that can scale to meet any software
business needs  Clustering that can scale to meet any business - SEMS Administrator’s Guide,
 Supports endpoint communication of needs chapter 45: Clustering your Symantec
Encryption Management Servers,
status to the management server(s)  Supports endpoint communication of status to the
topic: Overview
securely (with SSL) over domain or management server(s) securely (with SSL) over
internet domain or internet - Symantec Encryption Desktop for
 Able to integrate with domain  Able to integrate with domain directory server Windows 10.4.1 User Guide, chapter
directory server without schema without schema changes or complicated data 7: Securing Email Messages, topic:
changes or complicated data export Symantec Encryption Desktop and
export requirements - Active Directory or Open-
SSL/TLS
requirements - Active Directory or LDAP based directory services
Open-LDAP based directory  Supports content aware encryption of protected - SEMS Administrator’s Guide,
services files and folders for Data in Motion and Data at chapter 28: Using Directory
 Supports content aware encryption Rest locally and on network shares through Synchronization to Manage
of protected files and folders for integrated plugin with Data Loss Prevention Consumers
Data in Motion and Data at Rest solution - Symantec Encryption Desktop for
locally and on network shares  Capability to encrypt database contents with a Windows 10.4.1 User Guide, chapter
through integrated plugin with Data separate key; physical or soft 11, topic: About Symantec File Share
Loss Prevention solution  Utilizes very secure web server for client Encryption, subtopic: Integrating with
 Capability to encrypt database communications Symantec Data Loss Prevention
contents with a separate key;  Offers automated backups of the management - SEMS Administrator’s Guide,
physical or soft server configuration locally or to a configurable chapter 2: The Big Picture, topic:
 Utilizes very secure web server for remote destination Symantec Encryption Management
client communications  Supports internal or external placement (DMZ) Server Features - ignition keys
 Offers automated backups of the  Supports managing of multiple domains, - SEMS Administrator’s Guide,
management server configuration including subdomains for managing email chapter 2: The Big Picture, topic:
locally or to a configurable remote encryption Installation Overview, step8: Create
destination  Administrative control of encryption and an SSL/TLS certificate or obtain a
 Supports internal or external compression of Encryption Management Server valid SSL/TLS certificate.
placement (DMZ) backups - SEMS Administrator’s Guide,
 Supports managing of multiple

406772580.doc
5.
notes
chapter 2: The Big Picture, topic:

Symantec Encryption Management
Server Features – backup and restore
- SEMS Administrator’s Guide,
chapter 2: The Big Picture, topic:
Symantec Encryption Management
Server Features – server placement
chapter 8: Managed Domains, topic:
domains, including subdomains for About Managed Domains
managing email encryption
 Administrative control of encryption chapter 42: Backing Up and Restoring
and compression of Encryption System and User Data, topic:
 Supports virtualization - VMware vSphere
Management Server backups Configuring the Backup Location
Hypervisor ESXi 5.1
 Supports virtualization - VMware
 Supports VMware VMotion for high availability - SEMS 3.3.2 Install Guide, chapter 5:
vSphere Hypervisor ESXi 5.1
of Encryption Management Server About Installing Symantec Encryption
 Supports VMware VMotion for high Management Server, topic: System
 Supports SHA-2 for Keys & Certificates
availability of Encryption Requirements, subtopic: Symantec
 FIPS 140-2 validated
Management Server Encryption Management Server on a
 Supports SHA-2 for Keys & VMware ESX Virtual Machine
Certificates
- SEMS 3.3.2 Install Guide, chapter 5:
 FIPS 140-2 validated
About Installing Symantec Encryption
Management Server, topic: System
Requirements, subtopic: Symantec
Encryption Management Server on a
VMware vSphere System
- Symantec Encryption Desktop for
Windows 10.4.1 User Guide, chapter
A: Setting Symantec Encryption
Desktop Options, topic: Advanced
Options

406772580.doc
5.
notes
85.4. Management Console and Experience: The offered solution has management console with - SEMS Administrator’s Guide,
the requested management experience: chapter 5: Understanding the
 Allow for management of the Administrative Interface, topic:
encryption product suite within a  Allow for management of the encryption product System Requirements
single console that includes all suite within a single console that includes all
management tasks for the project management tasks for the project lifecycle in one - SEMS Administrator’s Guide,
lifecycle in one easy to navigate easy to navigate interface. This console is web chapter 40: Managing Administrator
interface. This console is web based based and accessible via a secure SSL connection Accounts, topic: Overview
and accessible via a secure SSL and compatible with any standard internet - SEMS Administrator’s Guide,
connection and compatible with any browser. chapter 2: The Big Picture, topic:
standard internet browser.  Allow for granular role-based administration Symantec Encryption Management
 Allow for granular role-based  Management Console should be easy to use, Server Features
administration familiar to the encryption administrators, and - SEMS Administrator’s Guide,
 Management Console should be easy allow tasks to be carried out with minimal chapter 25: Managing Devices
to use, familiar to the encryption administration via automated tasks
administrators, and allow tasks to be  Management Console should provide necessary
chapter 11: Administering Managed
carried out with minimal controls for Help Desk staff to assist users of Keys
administration via automated tasks encrypted endpoints
 Management Console should  Centralized single console policy administration - SEMS Administrator’s Guide,
provide necessary controls for Help  Centralized administration leveraging Active chapter 10: Managing Organization
Desk staff to assist users of Keys, topic: About Organization keys;
Directory and other Open-LDAP directories
encrypted endpoints  Centralized administration of users and - SEMS Administrator’s Guide,
 Centralized single console policy computers that are not members of any network chapter 12: Managed Trusted Keys
administration domain and Certificates, topic: Overview;
 Centralized administration  Support for automated key management such as - SEMS Administrator’s Guide,
leveraging Active Directory and key renewal, expiration, and revocation with chapter 13: Managing Group Keys,
other Open-LDAP directories built-in CRL support topic: Overview;
 Centralized administration of users  Centralized management of user and group keys, - SEMS Administrator’s Guide,
and computers that are not members trusted keys and certificates, organization keys, chapter 41: Protecting Symantec
of any network domain and ignition keys Encryption Management Server with
 Support for automated key  Simplified and intuitive interface for configuring Ignition Keys, topic: Overview
management such as key renewal, and managing clusters and replication status
expiration, and revocation with - SEMS Administrator’s Guide,

406772580.doc
5.
notes
built-in CRL support

 Centralized management of user and
group keys, trusted keys and
chapter 45: Clustering your Symantec
certificates, organization keys, and
Encryption Management Servers,
ignition keys
topics: Overview, Cluster status
 Simplified and intuitive interface for
configuring and managing clusters
and replication status
Group & User Administration:

 Offers granular control for creating The offered solution provides group & user
and managing user groups administration with the requested features:
 Supports automatic assignment of
 Offers granular control for creating and managing
users to groups based on specific user groups
criteria (i.e. location in LDAP and/or - SEMS Administrator’s Guide,
 Supports automatic assignment of users to groups
Active Directory, dictionary and chapter 24: Managing Groups, topic:
based on specific criteria (i.e. location in LDAP Understanding groups
wildcard, and user type)
and/or Active Directory, dictionary and wildcard,
 Offers granular ability for creating - SEMS Administrator’s Guide,
and user type)
and managing of group keys chapter 13: Managing Group Keys,
 Offers granular ability for creating and managing
 Provides granular controls over topic: Overview
85.5. of group keys
creating and managing internal and
 Provides granular controls over creating and - SEMS Administrator’s Guide,
external users and their associated chapter 29: Managing User Accounts,
managing internal and external users and their
keys topic: Understanding User Account
associated keys
 Ability to monitor Individual Types; topic: Managing Internal User
 Ability to monitor Individual internal users,
internal users, including user name, Account; topic Managing External
including user name, assigned policy group, keys,
assigned policy group, keys, e-mail User Accounts
e-mail addresses
addresses
 Provides simple method for viewing and
 Provides simple method for viewing
managing individual external users, including
and managing individual external
mail quota, permissions, group assignment, and
users, including mail quota,
keys.
permissions, group assignment, and
keys.

406772580.doc
5.
notes
Drive Encryption Computers (Devices)

Administration:
The offered solution provides Drive Encryption
 Provides ability to view lists of all Computers (Devices) Administration:
endpoints, encrypted disks, and
 Provides ability to view lists of all endpoints, - SEMS Administrator’s Guide,
managed devices
encrypted disks, and managed devices chapter 37: System Graphs, topic:
 Provides granular details for Whole Disk Encryption
 Provides granular details for individual
85.6. individual endpoints, including
endpoints, including computer name, operating - SEMS Administrator’s Guide,
computer name, operating system,
system, last communication, desktop client chapter 38: System Logs, topic:
last communication, desktop client
version, disks/partitions encrypted, login failures, Overview
version, disks/partitions encrypted,
and authorized users
login failures, and authorized users
 Ability to export endpoint activity logs and
 Ability to export endpoint activity
authentication failure logs separately
logs and authentication failure logs
separately
85.7. Consumer policy: The offered solution provides consumer policy: - SEMS Administrator’s Guide,
chapter 26: Administering Consumer
 Provides simplified method for  Provides simplified method for creating, Policy, topic: Managing Consumer
creating, assigning, and managing assigning, and managing new and existing Policies
new and existing encryption policies encryption policies
 Ability to notify users and  Ability to notify users and automatically - SEMS Administrator’s console
automatically download new client download new client versions screenshots
versions  Option to enable or disable access to desktop - SEMS Administrator’s Guide,
 Option to enable or disable access to client features, including messaging, file chapter 28: Using Directory
desktop client features, including encryption, protected folders and Drive Synchronization to Manage
messaging, file encryption, protected Encryption configured per policy Consumers, topic: How Symantec
folders and Drive Encryption  Ability to control visibility and user control Encryption Management Server Uses
configured per policy desktop client in system tray Directory Synchronization
 Ability to control visibility and user
control desktop client in system tray
 Supports policy changes to end users
dynamically

406772580.doc
5.
notes
 When LDAP properties change and

a new policy should be applied, this
occurs automatically based on
LDAP attributes
85.8. Reporting: The offered solution provides reporting with the - SEMS Administrator’s Guide,
requested features: chapter 37: System Graphs, topic:
 Real-time graphical reports and Overview
statistics for server activity (CPU,  Real-time graphical reports and statistics for
messaging, encryption) server activity (CPU, messaging, encryption) - SEMS Administrator’s Guide,
 Searchable, granular logs for many  Searchable, granular logs for many activities and chapter 38: System Logs
activities and processes the processes the management server (i.e. Backups, - SEMS Administrator’s Guide,
management server (i.e. Backups, endpoint activity, administrative actions, and chapter 39: Configuring SNMP
endpoint activity, administrative messaging activity) Monitoring, topic: Overview
actions, and messaging activity)  Offers query tool and dynamic log fetching on
 Offers query tool and dynamic log management server chapter 40: Managing Administrator
fetching on management server  SNMP Monitoring available to track, monitor and Accounts, topic: Daily Status Email
 SNMP Monitoring available to track, alert on management server metrics (CPU, Disk
Space, Memory, etc) - SEMS Administrator’s console
monitor and alert on management
screenshots
server metrics (CPU, Disk Space,  Available daily status email sent from
Memory, etc) management server to administrators
 Available daily status email sent  Ability to export to CSV highly detailed logs
from management server to showing detailed information on each desktop
administrators endpoint, Logs are exportable to external tools
 Ability to export to CSV highly via syslog's
detailed logs showing detailed  Searchable view to find specific devices and
information on each desktop associated product attributes
endpoint, Logs are exportable to  Simple and easy navigation to determine which
external tools via syslog's users and devices are receiving which specific
 Searchable view to find specific policy
devices and associated product
attributes
 Simple and easy navigation to

406772580.doc
5.
notes
determine which users and devices

are receiving which specific policy
85.9. Desktop Client: The offered solution provides desktop client: - Symantec Encryption Desktop
10.4.1 for Windows – System
 Supported Client OS: Windows 7, 8,  Supported Client OS: Windows 7, 8, 8.1, 10, 10 Requirements, topic: supported
8.1, 10, 10 Anniversary Update Anniversary Update platforms
 Supported Server OS: Windows  Supported Server OS: Windows Server 2008 R2,
Server 2008 R2, 2012, 2012 R2 2012, 2012 R2 - Symantec Encryption Desktop
10.4.1 for Windows User Guide,
 Simple and intuitive configuration of  Simple and intuitive configuration of client install
chapter 3: Installing Symantec
client install settings/policies settings/policies
Encryption Desktop, topic: Installing
 Client software and default install  Client software and default install and Configuring Symantec Encryption
policies/settings included in single policies/settings included in single install Desktop
install package. package.
 Client Software uses standard  Client Software uses standard installation format - Symantec Encryption Desktop
10.4.1 for Windows User Guide,
installation format (.MSI) can be (.MSI) can be delivered and installed using
chapter C: Using Symantec
delivered and installed using existing existing software delivery infrastructure and
Encryption Desktop with Symantec
software delivery infrastructure and processes (e.g. SMS, Altiris, GPO, etc) Encryption Server, topic: Overview
processes (e.g. SMS, Altiris, GPO,  Single MSI package installs multiple encryption
etc) applications managed via a central key and policy
 Single MSI package installs multiple server
encryption applications managed via  Able to customize install-time policies for
a central key and policy server different groups of client machines
 Able to customize install-time  Client deployment methodology scalable to meet
policies for different groups of client the projected deployment plans
machines  Silent installation of client software supported
 Client deployment methodology  Client software installation and setup does not
scalable to meet the projected require Domain Administrator privileges
deployment plans  Software installation and setup does not require
 Silent installation of client software the creation of network shares or other changes to
supported the LAN infrastructure
 Client software installation and setup  Policies can be updated post client installation
does not require Domain

406772580.doc
5.
notes
Administrator privileges
 Software installation and setup does
not require the creation of network
shares or other changes to the LAN
infrastructure
 Policies can be updated post client
installation
 File Encryption:
85.10. The offered solution provides file Encryption with the - Symantec Encryption Desktop
 Provides encryption of files and requested features: 10.4.1 for Windows User Guide,
folders on local endpoints and chapter 11: Using Symantec File
network shares  Provides encryption of files and folders on local Share Encryption, topic: About
 Offers some support for Microsoft endpoints and network shares Symantec File Share Encryption
SharePoint explorer based folders  Offers some support for Microsoft SharePoint
explorer based folders - Symantec File Share Encryption
 Supports encryption of protected with WebDAV Support
files and folders (local and network  Supports encryption of protected files and folders
share) to users' keys and/or group (local and network share) to users' keys and/or - Symantec Encryption Desktop
keys group keys 10.4.1 for Windows User Guide,
 Supports deferred encryption to ensure files chapter 11: Using Symantec File
 Supports deferred encryption to
locked by an application are immediately Share Encryption, topic: Authorized
ensure files locked by an application
encrypted when application closes User Keys
are immediately encrypted when
application closes  Supports Microsoft temp file process to ensure - Symantec Encryption Desktop for
 Supports Microsoft temp file process currently encrypted Microsoft files (Word, Excel, Windows 10.4.1 User Guide, chapter
to ensure currently encrypted etc), remain encrypted at all times 11: Using Symantec File Share
Microsoft files (Word, Excel, etc),  Supports role based access permissions of Encryption, topic: Working with
protected folders Protected Folders
remain encrypted at all times
 Supports role based access  Prevents access to files and folders for users that - SEMS Administrator’s Guide,
permissions of protected folders have access to endpoints with protected folders chapter 30: Recovering Encrypted
 Prevents access to files and folders and files, but do not have specific permissions to Data in an Enterprise Environment,
for users that have access to the protected data. topic: Using a Special Data Recovery
endpoints with protected folders and  Supports encryption of protected folders to an Key
files, but do not have specific Additional Decryption Key for administrative - SEMS Administrator’s Guide,
permissions to the protected data. access and forensics chapter 13: Managing Group Keys,

406772580.doc
5.
notes
 Supports encryption of protected  Supports granting and removing of access to

topic: Overview
folders to an Additional Decryption group key encrypted folders by adding or
Key for administrative access and removing users from the associated group - Symantec Encryption Desktop
forensics  Offers granular policy controls over users ability 10.4.1 for Windows User Guide,
 Supports granting and removing of to create individual protected files and folders chapter 11: Using Symantec File
Share Encryption, topic: "Blacklisted"
access to group key encrypted  Supports granular policy controls for forcing or
and "Whitelisted" Files, Folders, and
folders by adding or removing users preventing encryption of files in administrator
Applications
from the associated group specified folders
 Offers granular policy controls over  Supports granular policy for enforcing file - Symantec Encryption Desktop
users ability to create individual encryption for specific end-user applications (i.e. 10.4.1 for Windows User Guide,
protected files and folders Word, Excel, Acrobat, etc). All files encrypted as chapter 11: Using Symantec File
Share Encryption, topic: Accessing
 Supports granular policy controls for a result are encrypted to the user key and ADK
Symantec File Share Encryption
forcing or preventing encryption of  Supports preventing encryption for files created Features using the Shortcut Menu
files in administrator specified by specific applications (i.e. backup solutions,
folders ftp, etc)
 Supports granular policy for  Files in a protected folder and protected folders
enforcing file encryption for specific will show a visual cue to the end user (blue and
end-user applications (i.e. Word, white padlock icon overlaying the regular file
Excel, Acrobat, etc). All files icon)
encrypted as a result are encrypted to  Encryption of files and folders with user and/or
the user key and ADK group keys is completely transparent to users
 Supports preventing encryption for  Offers single-click encryption of files and folders
files created by specific applications to current users key.
(i.e. backup solutions, ftp, etc)  Supports prevention of accessing files offline that
 Files in a protected folder and are encrypted by only group key(s)
protected folders will show a visual
cue to the end user (blue and white
padlock icon overlaying the regular
file icon)
 Encryption of files and folders with
user and/or group keys is completely
transparent to users
 Offers single-click encryption of

406772580.doc
5.
notes
files and folders to current users key.

 Supports prevention of accessing
files offline that are encrypted by
only group key(s)
Bidder should provide Installation,

The offer provides installation, configuration and
configuration and Implementation of
85.11. implementation of software tool for protection and Not Applicable
Software tool for protection and sharing
sharing data by using encryption software.
data by using encryption software.
DLP central
management DLP central management platform and DLP for
86. Quantity: 8
platform and DLP for endpoint software - Quantity: 8
endpoint software
Manufacturer’s name: Symantec
Data Loss Prevention

Product type, model: SDLP – Endpoint Prevent
SDLP – Endpoint Discover
86.1. Subject: The Data Loss Prevention (DLP) management Symantec Data Loss Prevention
platform and DLP Endpoint software will be Datasheet.pdf
The Data Loss Prevention (DLP)
implemented in the following institutions:
management platform and DLP Endpoint
software should be implemented in the  Ministry of Interior of RM (MoI;
following institutions:
1. Ministry of Interior of RM (MoI;  Ministry of Justice of RM (MoJ);

406772580.doc
5.
notes
2. Ministry of Justice of RM (MoJ);  Financial Police Office (FPO);
3. Financial Police Office (FPO);  Ministry of Finance; Office for Prevention of

Money Laundering and Financing of Terrorism
4. Ministry of Finance; Office for
(AML/CTF Office);
Prevention of Money Laundering
and Financing of Terrorism  State Commission for the Prevention of the
(AML/CTF Office); Corruption (SCPC);
5. State Commission for the Prevention  Public Prosecutor’s Office of RM (PPO);

of the Corruption (SCPC);
 Agency for Management of Confiscated Property
6. Public Prosecutor’s Office of RM (AMCP);
(PPO);
 Ministry of Finance; Customs Administration
7. Agency for Management of (CA).
Confiscated Property (AMCP);
The offered licenses are perpetual licenses for 30
8. Ministry of Finance; Customs nodes (30 users/computers) per institution (8
Administration (CA). institutions) with 1 year maintenance:
Licenses required:
30 x SDLP – Endpoint Prevent
 Perpetual licenses for 30 nodes (30 30 x SDLP – Endpoint Discover
users/computers) per institution (8
institutions)
Official manufacturers maintenance  Installed software will include appropriate
required: number of licenses.
 1 year from the order date
 Miscellaneous:
 Installed software must include
appropriate number of licenses.

406772580.doc
5.
notes
Minimum functional and technical

requirements as follows:
To be recognized as one of the industry Symantec DLP - A Decade of

Recognized as industry leader for data loss prevention
86.2. leaders for data loss prevention for at Leadership Symantec Data Loss
for tenth consecutive time by Gartner.
least three years Prevention
Running on Windows or Linux RHEL Symantec DLP 14.6 System

Server Requirements Guide.pdf – chapter2
The offered solution runs on Windows or Linux
Supporting all the following browsers: RHEL Server, supports the browsers: Internet System requirements and
Internet Explorer, Firefox, Firefox Explorer, Firefox, Firefox Enterprise, and runs on recommendations; topics: Operating
86.3. Enterprise Oracle 11g or 12c database. It supports Vmware and system requirements for servers;
HyperV virtualization environment. Oracle database requirements;
Running database: Oracle 11g or 12c Browser requirements for accessing
Virtualization environment supported: the Enforce Server administration
Vmware and HyperV console; Virtual server support
Agent integration
The offered solution provides agent integration and
A single agent performs all the functions Symantec Data Loss Prevention
uses a single agent which performs all the functions
86.4. including endpoint scanning and Datasheet.pdf – topic: Keep Data Safe
including endpoint scanning and monitoring/blocking
monitoring/blocking data leaving the on Traditional Endpoints
data leaving the endpoint.
endpoint
Management integration The offered solution provides management integration Symantec Data Loss Prevention
Single management console for policy and uses single management console for policy Datasheet.pdf – topic: Define and
86.5.
configuration and editing, policy configuration and editing, policy deployment, and Enforce Policies Consistently across
deployment, and policy enforcement policy enforcement. Your Entire Environment
86.6. Data integration The offered solution provides data integration and Symantec DLP 14.6 Admin Guide.pdf
shares data and report on policy compliance and event – chapter 1: Introducing Symantec
Share data and report on policy
activity. Data Loss Prevention, topic: About

406772580.doc
5.
notes
The Enforce Server administration console provides a

centralized, web-based interface for deploying
detection servers, authoring policies, remediating
incidents, and managing the system. The Enforce
platform provides you with the following capabilities:
- Build and deploy accurate data loss prevention

policies. You can choose among various detection
technologies, define rules, and specify actions to
include in your data loss prevention policies. Using
provided regulatory and best-practice policy
templates, you can meet your regulatory compliance,
data protection and acceptable-use requirements, and
address specific security threats.
- Automatically deploy and enforce data loss the Enforce platform
compliance and event activity prevention policies. You can automate policy
enforcement options for notification, remediation
workflow, blocking, and encryption.
- Measure risk reduction and demonstrate compliance.
The reporting features of the Enforce Server enables
you to create actionable reports identifying risk
reduction trends over time. You can also create
compliance reports to address conformance with
regulatory requirements.
- Empower rapid remediation. Based on incident
severity, you can automate the entire remediation
process using detailed incident reporting and
workflow automation. Role-based access controls
empower individual business units and departments to
review and remediate those incidents that are relevant
to their business or employees.

406772580.doc
5.
notes
- Symantec Data Loss Prevention

Unified enterprise DLP management Datasheet.pdf – topic: Protecting Your
platform for discovering, monitoring and The offered solution provides unified enterprise DLP Information in a Mobile, Cloud-
protecting confidential data wherever it is management platform for discovering, monitoring and Centered World
stored and used with coverage on protecting confidential data wherever it is stored and
86.7. - Symantec DLP 14.6 Admin
endpoint, network and storage levels. used with coverage on endpoint, network and storage
levels. It has multi-tier architecture that scales to Guide.pdf – chapter 2: Getting started
Multi-tier architecture that scales to multiple detection servers administering Symantec Data Loss
multiple detection servers Prevention, topic: About Symantec
Data Loss Prevention administration
The offered solution has web-based console, without

Web-based console having to install any software on the systems. Symantec Data Loss Prevention
Anywhere access to console without The single web-based console is used to define data Datasheet.pdf – topic: Define and
86.8.
having to install any software on the loss policies, review and remediate incidents, and Enforce Policies Consistently across
systems perform system administration across all of your Your Entire Environment
environment.
86.9. Customizable dashboard The offered solution has customizable dashboard with Symantec Data Loss Prevention
the requested features: Datasheet.pdf – topic: Define and
 Custom dashboard view presented at Enforce Policies Consistently across
user login via a web browser - Custom dashboard view presented at user login via a
Your Entire Environment
web browser
 Reports compiled to become Symantec DLP 14.6 Admin Guide.pdf
- Reports compiled to become dashboards
dashboards – chapter 49: Managing and reporting
- Every report on the dashboard can be clicked on to
view the details
 Every report on the dashboard can
be clicked on to view the details - Dashboards can be created by each user and shared
with other users
Dashboards can be created by each user “It uses a single web-based console to define data loss
and shared with other users policies, review and remediate incidents, and perform
system administration across all of your endpoints,
mobile devices, cloud-based services, and on-premise

406772580.doc
5.
notes
network and storage systems.

It allows you to apply business intelligence to your
DLP efforts with a sophisticated analytics tool that
provides advanced reporting and ad-hoc analysis
capabilities. This includes the ability to extract and
summarize system data into multi-dimensional cubes
—and then create relevant reports, dashboards, and
scorecards for different stakeholders in your
organization.
Dashboards and executive summaries are the quick-
reference report screens that present summary
information from several incident reports.
Dashboards and executive summaries have two
columns of reports. The left column displays a pie
chart or graph and an incident totals bar. The right
column displays the same types of information as in
the left column. The right column also displays either
a list of the most significant incidents or a list of
summary items with associated incident totals. The
most significant incidents are ranked using severity
and match count. You can click on a report to see the
full report it represents.
Dashboards consist of up to six portlets, each
providing a quick summary of a report you specify.
You can create customized dashboards for users with
specific security responsibilities. If you choose to
share a dashboard, the dashboard is accessible to all
users in the role under which you create it.
Dashboards have two columns of report portlets (tiles
that contain report data). Portlets in the left column
display a pie chart or graph and the totals bar. Portlets
in the right column display the same types of

406772580.doc
5.
notes
information as those in the left. However, they also

display either a list of the most significant incidents or
a list of summary criteria and associated incidents.
The incidents are ranked using severity and match
count. The summary criteria highlights any high-
severity incident totals. You can choose up to three
reports to include in the left column and up to three
reports to include in the right column.”
LDAP synchronization
The offered solution provides LDAP synchronization Symantec DLP 14.6 System
Flexibility to collect user and group and has the flexibility to collect user and group Requirements Guide.pdf – chapter2,
86.10. information from heterogeneous information from heterogeneous directory services: topic: Third-party software
directory services: Active Directory, Active Directory and LDAP. requirements and recommendations
LDAP, NIS, NIS+
86.11. Automate daily activities The offered solution automate daily activities: Symantec DLP 14.6 Admin Guide.pdf
– chapter 49: Managing and reporting
 Reports can be automated - Reports can be automated
incidents, Topic: Scheduling custom
- Reports can be scheduled to run at any time incident reports
 Reports can be scheduled to run at
any time - Capability to export reports to HTML, CSV, or XML Symantec DLP 14.6 Admin Guide.pdf
format so they can be viewed outside the UI – chapter 49: Managing and reporting
 Capability to export reports to incidents, Topic: Using IT Analytics to
- Reports can be automatically exported and emailed.
manage incidents
HTML, CSV, or XML format so
they can be viewed outside the UI
“Optionally, you can schedule a saved report to be run
Reports can be automatically exported automatically on a regular basis.
and emailed
You can also schedule the report to be emailed to
specified addresses or to the data owners on a regular
schedule.”
“IT Analytics provides this powerful on-the-fly ad-
hoc reporting with pivot tables, pre-compiled

406772580.doc
5.
notes
aggregations for fast answers to typically long-

running queries, and easy export to .PDF, Excel, .CSV
and .TIF files.”
Drill down Symantec DLP 14.6 Admin Guide.pdf

The offered solution provides drill down on any report
Drill down on any report to get to – chapter 49: Managing and reporting
86.12. to get to additional incident details without running
addition incident detail without running a incidents, topic: About Symantec Data
new report.
new report Loss Prevention reports
Granular role-based access control

 System access can be restricted at The offered solution includes granular role-based
any group level access control. System access can be restricted at any Symantec DLP 14.6 Admin Guide.pdf
group level. Users with restricted system access – chapter 5: Managing roles and users,
86.13. Users with restricted system access cannot view other parts of the system, and their Topic: About role-based access
cannot view other parts of the system, reports, queries, and dashboards will only report on control
and their reports, queries, and dashboards the systems to which they have rights.
will only report on the systems to which
they have rights
86.14. Following Platforms should be supported The offered solution supports the requested platforms Symantec DLP 14.6 System
for Endpoints for endpoints: Requirements Guide, chapter 2:
System requirements and
 Windows 7 SP1 and later - Windows 7 SP1 and later
recommendations
- Windows 8, 8.1
 Windows 8, 8.1 - topic: Endpoint computer
- Windows 10, 10 Anniversary Update requirements for the Symantec DLP
 Windows 10, 10 Anniversary Update Agent
- Windows Server 2008 R2, 2012 R2
- topic: Virtual desktop and virtual
 Windows Server 2008 R2, 2012 R2 - OS X 10.9, 10.10, 10.11, 10.12
application support with Endpoint
The offered solution supports the requested Endpoint Prevent
 OS X 10.9, 10.10, 10.11, 10.12 Virtualization systems:

406772580.doc
5.
notes
Following Endpoint Virtualization

systems should be supported:
 Citrix XenApp 6.5 or later • Citrix XenApp 6.5 or later
 Citrix XenDesktop 5.6 or later • Citrix XenDesktop 5.6 or later

• Vmware View 5.1 or later
 Vmware View 5.1 or later
• Vmware Workstation 6.5
 Vmware Workstation 6.5 • Vmware Horizon View 6.2
• Vmware Fusion 7
 Vmware Horizon View 6.2
 Vmware Fusion 7
- Symantec Data Loss Prevention

Datasheet.pdf – topics:
- Keep Data Safe on Traditional
Protection for all potential leaking Endpoints;
The offered solution includes protection for all
channels including removable storage
potential leaking channels including removable - Discover More Data with Content-
devices, email, web, printing, clipboard,
storage devices, email, web, printing, clipboard, Aware Detection
screen capture, and network shares.
screen capture, and network shares.
Flexible detection including dictionaries, - Symantec DLP 14.6 Admin
86.15. The offered solution includes flexible detection Guide.pdf – chapter 81: Working with
regular expressions and validation
including dictionaries, regular expressions and agent configurations, topic: Adding
algorithms, fingerprinting of stored in
validation algorithms, fingerprinting of stored in and editing agent configurations,
structured or tabular format, document
structured or tabular format, document matching Paragraph: Agent Monitoring Settings
matching based on indexing, and support
based on indexing, and support for third-party, end-
for third-party, end-user classification - Symantec DLP 14.6 Admin
user classification solutions
solutions Guide.pdf – chapter 29: Detecting
email for data classification services,
topic: About implementing detection
for Enterprise Vault Classification

406772580.doc
5.
notes
Detection technology for identifying The offered solution provides detection technology
Symantec DLP 14.6 Admin Guide.pdf
documents according to their origin. for identifying documents according to their origin. It
– chapter 79: Using Endpoint Prevent,
86.16. Protect sensitive information being protects sensitive information being copied to web
topic: About Endpoint Prevent
copied to web applications, network applications, network applications, and network
monitoring
applications, and network shares. shares.
Symantec DLP 14.6 Admin Guide.pdf

Content-aware device management: – chapter 79: Using Endpoint Prevent,
Filter, monitor, and block confidential The offered solution provides content-aware device topic: About Endpoint Prevent
data on removable storage devices. management: Filter, monitor, and block confidential monitoring
data on removable storage devices. It also has the
Endpoint discovery for local drives and capability for endpoint discovery for local drives and Symantec DLP 14.6 Admin Guide.pdf
email archives to protect sensitive files email archives to protect sensitive files and emails. It – chapter 80: Using Endpoint
86.17.
and emails. allows employees to self-remediate any compliance Discover, topic: How Endpoint
violations, such as PCI, and reduces manual Discover works
Allow employees to self-remediate any
compliance violations, such as PCI, and involvement of DLP administrators. Symantec DLP 14.6 Admin Guide.pdf
reduces manual involvement of DLP – chapter 79: Using Endpoint Prevent,
administrators. topic: About monitoring policies with
response rules for Endpoint Servers
- Symantec DLP 14.6 System

Requirements Guide, chapter 2:
System requirements and
Virtualization support to protect remote The offered solution provides virtualization support to recommendations, topic: Virtual
desktops and VDI solutions. protect remote desktops and VDI solutions. It has desktop and virtual application
86.18. support with Endpoint Prevent
Customized user notification and customized user notification and business justification
business justification dialogues dialogues - Symantec DLP 14.6 Admin
Guide.pdf – chapter 41: Response rule
actions, topic: Configuring the
Endpoint Prevent: Notify action
86.19. Comprehensive device management to The offered solution provides comprehensive device - Symantec DLP 14.6 Admin
control and block confidential data management to control and block confidential data Guide.pdf – chapter 79: Using

406772580.doc
5.
notes
Endpoint Prevent, topic: About

Endpoint Prevent monitoring,
copied to removable storage devices. subtopic: About removable storage
copied to removable storage devices. It has content- monitoring
Content-aware protection for removable aware protection for removable storage devices.
storage devices. - Symantec Data Loss Prevention
Datasheet.pdf – topic: Discover More
Data with Content-Aware Detection
- Symantec DLP 14.6 Admin

Support for integration with Endpoint Guide.pdf – chapter 79: Using
solution The offered solution supports integration with
Endpoint Prevent, topic: About
86.20. Endpoint solution, File access protection for files that
File access protection for files that reside Endpoint Prevent monitoring,
reside on removable storage devices.
on removable storage devices. subtopic: About removable storage
monitoring
Monitor/block use of confidential data by

defined applications, including The offered solution supports Monitor/block use of - Symantec DLP 14.6 System
unauthorized encryption tools, IM confidential data by defined applications, including Requirements Guide, chapter 3:
programs and apps with proprietary unauthorized encryption tools, IM programs and apps Product compatibility, topic: About
86.21.
protocols. Out-of-the-box coverage for with proprietary protocols. Out-of-the-box coverage Endpoint Data Loss Prevention
Skype, Webex, LiveMeeting, Office for Skype, Webex, LiveMeeting, Office Compatibility, Endpoint Prevent
Communicator, Bluetooth, iTunes, and Communicator, Bluetooth, iTunes, and Google Talk. supported applications
Google Talk.
Windows 10
Professional 64 bit Quantity: Windows 10 Professional 64 bit Edition or
87.
Edition or equivalent 10 equivalent for existing desktops - Quantity: 10
for existing desktops

406772580.doc
5.
notes
88. Software proxy server Quantity: 1 Software proxy server - Quantity: 1
Passive network
Passive network infrastructure for SCPC –
89. infrastructure for Quantity: 1
Quantity 1
SCPC
MoI platform for

MoI platform for back-end system connection
90. back-end system Quantity: 1
Quantity: 1
connection
In order to connect MoI back-end system to exposed web services from Interoperability platform, new equipment, software and trainings should be provided
to MoI. MoI currently operates with proprietary IBM systems, and have people skilled on IBM technologies.
WebSphere is used as application server, db2 as database, IBM Protect tier with TSM as backup solution, and Rational Application Developer as a
development platform.
90.1. New platform will be designed on existing storage system, planned Rack Server type 3b with VMWare Enterprise virtualization technology, SUSE Linux
operating system, IBM db2 database, IBM WebSphere application server, Rational Application Developer and Rational Application Architect Designer.
Platform also includes backup system and enterprise SIEM solution.
In order to successfully deploy and maintain the platform, MoI requires training for upgrading skills to new version of software, which is foreseen in Item
92. - Training for MoI platform for back-end system connection.
Manufacturer’s name: IBM
Product type, model: MoI platform for back-end system connection

406772580.doc
5.
notes
Licences for DB2 Workgroup Server Supporting Document for Item 90:
Licences for DB2 Workgroup Server Edition – total
90.2. Edition – total qty. 800PVU (Processor MoI platform for back-end system
qty. 800PVU (Processor Value Units)
Value Units) connection
Licences for WebSphere Application Supporting Document for Item 90:

Licences for WebSphere Application Server – total
90.3. Server – total qty. 800PVU (Processor MoI platform for back-end system
qty. 800PVU (Processor Value Units)
Value Units) connection
Licences for Rational Application Supporting Document for Item 90:

Licences for Rational Application Developer (RAD)
90.4. Developer (RAD) v.9.6 – total qty.: 15 MoI platform for back-end system
v.9.6 – total qty.: 15 users
users connection
Licences for Rational Software Architect Supporting Document for Item 90:
Licences for Rational Software Architect Designer for
90.5. Designer for WebSphere Software – total MoI platform for back-end system
WebSphere Software – total qty.: 10 users
qty.: 10 users connection
Bidder should organize the platform into Supporting Document for Item 90:
The platform will be organized into three parts:
three parts: development, test and MoI platform for back-end system
90.6. development, test and production, with licences ratio
production, with licences ratio 1:2:4 connection
1:2:4 accordingly.
accordingly.
Supporting Document for Item 90:

Bidder should provide platform technical Platform technical documentation with detailed
90.7. MoI platform for back-end system
documentation with detailed design. design will be provided
connection
Supporting Document for Item 90:

Bidder should provide platform test plan
90.8. Platform test plan and test scenarios will be provided MoI platform for back-end system
and test scenarios
connection

406772580.doc
5.
notes
Bidder should provide Installation, Supporting Document for Item 90:

Installation, configuration and implementation of
90.9. configuration and implementation of MoI platform for back-end system
platform will be provided.
platform. connection
Interoperability
91. Quantity: 1 Interoperability Software - Quantity: 1
Software
New license for

New license for primary Forensic Tool - Quantity:
92. primary Forensic Quantity: 1
1
Tool
Mobile device Dell Digital Forensics

93. Quantity: 1
forensic
94. Not Applicable Quantity: 2
Upgrade license for

primary Upgrade license for primary Operational Analysis
95. Quantity: 2
Operational Tool - Quantity: 2
Analysis Tool

406772580.doc
5.
notes
SIEM (Security
Information Event
96. Quantity: 1
Management)
solution
Manufacturer’s name: IBM
Product type, model: IBM QRadar SIEM
96.1. ADMINISTRATION &  The IBM Security QRadar Security Intelligence Please refer to:
CONFIGURATION Platform (QRadar) integrates previously disparate
− IBM Security QRadar
functions - including SIEM , risk management ,
 The Security Intelligence solution SIEM.pdf
vulnerability management, log management ,
must provide central management of
network behavior analytics, and security event − IBM QRadar Security
all components and administrative
management - into a total security intelligence Intelligence Platform.pdf
functions from a single web based
solution with a single easy to use web based
user interface.
interface, making it the most intelligent,
 The administrator must be able to integrated and automated security intelligence
define role base access to the system solution available. QRadar offers a single all in
by device, device group or network one appliance, as well as a multi-tiered distributed
range. This includes being able solution to scale to large geographically dispersed
restrict a user’s access to information organizations and/or organizations with high
to only those systems from a specific volume of events. For distributed deployments
group of devices or network range. QRadar provides full centralized visibility and
Please describe how your solution management for the entire deployment.
meets this requirement.
 QRadar employs role-based and user permission
 The solution must support auto- models such that users can access only the
discovery of assets that are being specific functions and data they have been
protected or monitored. Please granted permissions to. Permissions can be set to
describe how your solution meets allow or deny access to complete areas of the
this requirement. product, but also detailed functionality. Examples
of these permissions are:
 The solution must support the ability
to modify communications ports o Access to primary tabs within QRadar such

406772580.doc
5.
notes
between components. Please as Dashboards, Offense Management, Event

describe how your solution meets Searching, Reports. For example, this would
this requirement. enable an administrator to create a user that
only has access to view reports.
 The solution must provide the ability
to encrypt communications between o Access to sub-functionality, such as visibility
components. Please describe how into vulnerability data, or flow content that
your solution meets this may supply more sensitive information
requirement.
o Access to view data associated to different
 The solution must integrate with 3rd areas of the network (subnets/CIDRs) or
party directory systems as an device groups
authentication method.
o Access to view data being sent from specific
log sources or groups of log sources.
 QRadar supports a wide range of auto discovery
features that greatly simplify security
management tasks. Key auto-discovery features
include a built-in Asset Profile database that
tracks assets and associated Identity Data. The
Asset Profile builds lists of services running on a
host based on how assets are responding to
network traffic through flow data. It also
incorporates vulnerability data and user identity
data from all logs and IAM data containing
identity information. The Asset Profile is used for
the purpose of monitoring asset activity and
correlating events to remove false positives or
increasing the severity of an offense for business
critical assets. The asset database is completely
integrated into the product for viewing of asset
data from anywhere in the UI (e.g. from network
activity data (flows) or directly from an event
(log).
 QRadar provides the ability to modify the ports

406772580.doc
5.
notes
used between components via a web based user

interface used by administrators to manage a
distributed QRadar deployment, called the
deployment editor.
 QRadar supports the ability to encrypt
connections between appliances to ensure security
of data in transit across the network. When
encryption is enabled, all communications
between QRadar components are encrypted using
the SSH protocol.
 QRadar supports the integration with multiple 3rd
party directory systems for authentication. The
following authentication method are supported:
o System Authentication
o RADIUS
o TACACS (+)
o LDAP
o Active Directory
96.2. OPERATIONAL REQUIREMENTS  Product that we offer is the following: Please refer to:
 The solution must have license for  Product that we offer is the following: − Overview of supported
monitoring of software offered under virtual appliances.pdf
Item 90 - MoI platform for back-end  IBM QRadar Software Install License + SW
Subscription & Support for 12 Months and − IBM Security QRadar
system connection
additional capacity licence for monitoring of all SIEM.pdf
 The solution must enable a phased software offered under Item 90 - MoI platform for − IBM QRadar Security
role out of log management and back-end system connection Intelligence Platform.pdf
security intelligence functions.
Introduction of more analysis  In addition we are including IBM Security QRadar − Delivering success that scales
capabilities should minimize the Vulnerability Manager Software 60XX Install with the largest enterprises.pdf
need for additional system License + SW Subscription and Support 12
components and be enabled through Months that senses security vulnerabilities, adds

406772580.doc
5.
notes
license key upgrades. context and helps prioritize remediation activities.

Fully integrated with the QRadar Security
 The solution must provide a Intelligence Platform, it uses advanced analytics to
framework for future expansion and enrich the results of vulnerability scans to lower
integration with other 3rd part risk and achieve compliance
solutions.
 The QRadar Security Intelligence Platform allows
 The solution must support a web- organizations to easily expand their security
based GUI for management, analysis intelligence deployment to meet expanding
and reporting. requirements and use cases, to align with
 The solution must have an increased maturity in the organizations
automated backup/recovery process. information security program. For example, an
organization can start with log management
 The solution must provide the ability features only, via QRadar Log Manager, and then
to deliver multiple dashboards that expand to incorporate more advanced threat
can be customized to meet the management capabilities via QRadar SIEM. The
specific requirements of different transition from QRadar Log Manager to QRadar
users of the system. SIEM can accomplished using the same hardware
 The solution must maintain a through a simple license key upgrade. QRadar
database of all assets discovered on Vulnerability Manager can also be deployed by
the network. This asset data must using a simple license key upgrade.
include important information about Additional QRadar Security Intelligence Platform
the asset as learned by the solutions, such as QRadar Risk Manager, also
information collected The user must leverage existing appliance infrastructure and
be able to search this database. integrate completely into the QRadar SIEM
console.
The QRadar Security Intelligence Platform
(QRadar) is built on the SIOS (Security
Intelligence Operating System). SIOS allows for
QRadar to leverage a common framework of data
collection and management, reporting, forensics
and analytics to build security intelligence
modules (such as QRadar SIEM, QRadar Risk
Manager, QRadar Vulnerability Manager, QRadar

406772580.doc
5.
notes
QFlow, etc.) that plug directly into QRadar and

fully integrate providing one console security and
visibility.
And to address the common requirement of
expanding storage and query performance, IBM
offers the QRadar Data Node, available as a
software, virtual or hardware appliance.
 The QRadar Security Intelligence Platform
(QRadar) has been built as a framework to
support future expansion and integration with 3rd
party solutions.
QRadar is built on the SIOS (Security Intelligence
Operating System). SIOS allows for QRadar to
leverage a common framework of data collection
and management, reporting, forensics and
analytics to build security intelligence modules
(such as QRadar Log Manager, QRadar SIEM,
QRadar Risk Manager, QRadar Vulnerability
Manager, QRadar QFlow, etc.) that plug directly
into QRadar and fully integrate providing one
console security and visibility.
In addition, QRadar provides bi-directional APIs
to enable integration with complementary
solutions.
 QRadar provides a web-based GUI for
administrative functions as well as all QRadar
security management functions (i.e. dashboards,
reporting, event filter, correlation, etc.)
 The QRadar architecture provides an automated
backup/restore process for mission critical data
including both configuration and collected data

406772580.doc
5.
notes
(i.e. events and flows). Backup files are

automatically compressed and archived if needed
for configuration and data restoration.
 The QRadar solution provides the ability to
deliver multiple dashboards that can be
customized to meet the specific requirements of
different users.
QRadar dashboards provide a high-level overview
of the data being collected and can be customized
by user based on their individual role. Each user
can create their own unique “workspaces” of the
events and data types they would like to be aware
of. Over 75 dashboard templates are included by
default, ranging from security offenses to device
statistics to top attackers. In addition, it is possible
to utilize any user defined event or flow searches
as a dashboard element.
QRadar provides sample dashboards that support
various users roles including security
administrator, compliance officer, and network
administrator
 QRadar integrates a comprehensive asset database
that provides a single data repository for tracking
a wide variety of important attributes of assets in
an organizations network. The asset database
tracks many attributes, learned from a broad
spectrum of network and security data collected,
about the assets on the network including:
o User activity (including actual usernames,
successful/failed logins, etc.) as reported by
event logs, network flows, and identity and
access management (IAM) solutions

406772580.doc
5.
notes
o Passive network activity and vulnerability

data, learned from network flows
o Vulnerabilities and many other attributes
such as OS, as reported by IBM and 3rd party
vulnerability scanners
o In addition, the asset database can track
many user defined information including,
department, location, etc.
The Asset database is viewed through QRadar’s
Asset Tab within the UI and allows for full
searching and filtering of the asset database on all
of an Asset’s attributes. Assets are completely
integrated into QRadar and are leveraged
throughout the solution for correlation, analytics,
and reporting.
96.3. ARCHITECTURAL REQUIREMENTS  QRadar is delivered to customer as either an Please refer to:
appliance or software based solution. Hardened
 The solution must enable − IBM Security QRadar
QRadar appliances come in a range of models that
deployments as software and/or SIEM.pdf
allow deployments to easily scale to the size of
virtual appliance.
any organization. QRadar can also be delivered as − IBM QRadar Security
 The solution must integrate with software if needed (delivered on the Red Hat Intelligence Platform.pdf
other security and network Enterprise operating system).
− Delivering success that scales
intelligence solutions.
 QRadar QFlow collectors also can be delivered as with the largest enterprises.pdf
 The solution must easily expand to a VMware virtual appliance which provides
− IBM QRadar Security
support additional demand security visibility into virtualized and cloud Intelligence Platform appliances.pdf
environments
 The solution must support a − Checking the integrity of
distributed database for event and QRadar includes several mechanisms which allow event and flow logs.pdf
network activity collection such that the solution to integrate with other security and
all information can be access from a networking products. QRadar supports the − IBM Knowledge Center -
single UI. following integration capabilities such as (but not Configuring system notifications.pdf
limited to) the following
 The solution must ensure the − Rule Response page

406772580.doc
5.
notes
o Support for forwarding log and network

integrity of the information parameters.pdf
collected. activity data from QRadar to other solutions
o Ability to collect all data from all types of − IBM Knowledge Center -
 The solution must provide intuitive security and networking products for storage Advance Search.pdf
mechanisms for troubleshooting and security analytics
such as proactive notifications, o Integration with devices that can capture
command line utilities etc. packets associated with an event (e.g. Juniper
 The solution must support user SRX, IPS etc.). QRadar tags events that have
extended taxonomy of events and relevant packet capture and allows customers
fields. The user must be able to add to pull in PCAP files directly into QRadar for
their own unique event names forensics.
o Generic Plug-in and Right Click functionality
 The solution must provide
allows organizations to customize QRadar to
transparent retrieval, aggregation,
integrate with other security operations
sorting, filtering and analysis of data
products for further investigation and context.
across all distributed components.
Offense Forwarding allows for correlated alerts to
be sent to other security or network management
related products such as McAfee EPO.
 QRadar has both a stand-alone and distributed
model. "All in One" appliances provide the full
functionality of QRadar and are well suited for
small, medium and even large organizations that
can centralize all their security and network flow
data. For organizations which are geographically
dispersed, or need to scale to large volumes of
logs and network activity monitoring, a
distributed appliance model can be deployed.
This typically includes the QRadar Console
Appliance, as well as distributed Event
Processors, Flow Processors. Event Processors
and Flow Processors distribute processing,
correlation and storage while maintaining
centralized management, global correlation as

406772580.doc
5.
notes
well as federated reporting and searching of all

data. QRadar QFlow/QRadar VFlow collectors
can be deployed (if layer 7 application visibility is
required).
QRadar collects the majority of its data through
agent-less methods, reducing the overhead
associated with having to deploy and manage
many agents, although for some log sources, an
agent may be necessary.
 QRadar’s log and network activity databases is a
purpose built and self-managing database that is
deployed out of the box on QRadar appliances.
As an organization grows in scale and adds Event
or Network Activity Processor Appliances, the
database is automatically distributed across those
processors allowing for localized storage of data
and scaling overall storage volume. QRadar’s
distributed database supports a centralized
federated searching and correlation engine that
allows data to be searched across the distributed
deployment without users needing to be aware of
where the data is stored within the deployment.
 QRadar performs hashing on all incoming log
files. QRadar supports SHA-1, SHA-2 and MD5.
In addition, QRadar provides a utility that allows
the user to run integrity checks against searched
data, which reports and warns if any files were
manipulated.
 QRadar has a built-in logging framework that
monitors all underlying processes and appliances
and sends back intuitive messages to the console
to proactively alert users of any QRadar issue. In
QRadar these are referred to as notifications.

406772580.doc
5.
notes
Notifications can be viewed by the administrator

through a notification dashboard as well as
through the Log Viewer. Other areas of the
product also provide intuitive feedback
mechanisms if users make errors in configuration,
for example when defining log sources that
require credentials, QRadar proactively checks
the credentials to ensure that they are correct and
notifies the user if there are any issues.
Capabilities like this exist throughout the entire
product and aid the user in identifying
configuration issues before they become a
problem.
 Within QRadar users can define custom properties
to extract data from logs beyond the default fields
included within QRadar. When a custom property
is created, these properties can then be leveraged
for searching and filtering, reporting and
correlation. QRadar includes many custom
properties out of the box that the existing QRadar
community has identified.
Additionally, they can add to QRadar’s taxonomy
by mapping new custom events (e.g. a snort event
based on a custom signature), to existing
taxonomy.
 A global view, as well as having the ability to
search, report and analyze data for different sites,
or organizations is a key function of security
intelligence solutions. QRadar provides a
transparent view into all data it collects, meaning
that in a distributed environment, users do not
have to know where to search for the data.
QRadar’s unique distributed database allows for

406772580.doc
5.
notes
easy scaling while providing simplified federated

searching of data across the deployment without
users having to know where the data is located.
96.4. LOG MANAGEMENT  QRadar provides a log and flow storage lifecycle, Please refer to:
REQUIREMENTS which supports both on-line, near line and off line
− Protocol configuration
storage requirements. The solution supports 3
 The solution must have a log overview.pdf
distinct phases: uncompressed, compressed, and
collection and archive architecture
archived logs. − IBM QRadar_ Agentless
that supports both short-term
Windows Events Collection.pdf
(online) and long-term (offline) Both uncompressed and compressed storage can
event storage. be “on-line” and readily available for use within − Manage backup archive.pdf
QRadar. On-Line and Near line logs can be
 The solution must provide directly on QRadar appliances which support up
capabilities for efficient storage and to 100TB of storage, or on high speed external
compression of collected data. storage solutions such as IP SANs or Fibre
 The solution must support industry Channel SANs. QRadar uses GZIP compression
log collection methods (syslog, algorithms and provides very large reductions in
WMI, JDBC, SNMP, Checkpoint the storage of events on disk.
LEA, etc.) Use of compressed on-line data in QRadar is
 The solution must provide agent-less transparent to the user. The user can specify how
collection of event logs whenever long data is retained on-line for both the
possible. uncompressed and compressed phase.
Archived (backup) data is the final phase and
provides the ability to store archived events off-
line for later use on external storage. Archives
can be saved on any 3rd party storage solution
The backup/archive process can include both the
log, network activity and configuration data, and
can be scheduled as necessary. All backups are
on-line and time-stamped. Backup data can be
imported into QRadar as necessary.
 QRadar supports the use of third party storage

406772580.doc
5.
notes
through a variety of remote file system mounting

options, including iSCSI, NFS, SAN
 QRadar automatically compresses stored data on
an on-demand basis. Data is only compressed
when additional disk space is required, so as to
maximize query performance. Typical
compression ratios are 10:1 or better.
 QRadar provides broad support across a variety of
collection methods, including :
o Syslog (TCP/UDP)
o SNMP (v.2 and v.3)
o JDBC
o OPSEC LEA
o SDEE
o WMI (Windows Agentless method of
collecting Windows Event Logs)
o ALE (Adaptive Log Exporter agent for
windows, used to collect logs not included in
Windows Event Logs for applications).
o Log File Protocol Source (Supports
collection of log files via FTP, SFTP, and
SCP)
o NVP (This is a simple name value pair
format that allows users to send logs to
QRadar in an efficient format)
o SourceFire eStreamer
 QRadar provides agentless collection options

wherever possible. However, there are certain
log sources for which an agent is required, and in
these cases QRadar’s agent can be used.

406772580.doc
5.
notes
 Each QRadar event processor is responsible for

collection, processing and storage of events for
the devices that send it data. The QRadar console
then provides the ability to query and report
against all event processors transparently through
a single interface.
96.5. LOG NORMALIZATION &  QRadar normalizes events by common event Please refer to:
CATEGORIZATION fields (including username, IP address, hostname,
and log source). In addition, QRadar classifies by
 The solution must normalize SIEM.pdf
specific (high and low level) categories, which
common event fields (i.e.
greatly simplifies event analysis. − Capabilities in your IBM
usernames, IP addresses, hostnames,
Security QRadar product.pdf
and log source device, etc.) from Normalized and categorized fields can be
disparate devices across a multi- compared across disparate devices in a multi- − IBM Knowledge Center -
vendor network. vendor network. For example, the following Advance Search.pdf
normalized/categorized events can easily be
 The solution must provide the ability searched across all systems:
− View events in real time in
to store/retain both normalized and streaming mode.pdf
the original raw format of the event o Authentication/Admin Login Success
log for forensic purposes.
o Authentication/User Account Added
 The solution must provide near-real-
o Authentication/User Password Changed
time analysis of events.
o Authentication/Privilege escalation
 The solution must provide long term
trend analysis of events. o Etc.
 The solution must provide the ability Because of these High and Low level categories,
to aggregate an analyse events based users of QRadar can easily search for similar
on a user specified filter. events across any event source.
 The solution must provide more In addition, users can create their own custom
advanced event drill down when event properties for the purpose of searching and
required. reporting on customized normalized fields.
 The solution must provide a real-  QRadar stores both the original logs and events

406772580.doc
5.
notes
time streaming view that supports along with the normalized event data.
full filtering capabilities.
 QRadar supports real-time analysis of events.
Events captured in real-time, across an entire
QRadar deployment, are available for analysis in
multiple ways including:
o Real-time viewing in the user interface
o Real-time filtering
o Real-time correlation
 QRadar supports a sophisticated time-series
interactive trend charting capability, which allows
users to specify datasets of interest and have the
system accumulate trend data over time. This
data can then be viewed and queried interactively
on demand though dashboards, views and reports
 QRadar employs a reusable and shareable search
library. Out of the box, QRadar ships with
hundreds of predefined search definitions, and
also allows users to modify or create new ones to
meet their own custom requirements. These
search criteria can be shared across multiple
QRadar users, and can be used in search views,
and reports.
 QRadar offers comprehensive drill down
capabilities. For all data sets presented in the
user interface, a user can easily click on a data to
drill into more detail. This drill down process
can be repeated all the way down to the most
specific event and flow details and the original
log message.
 QRadar allows any set of search criteria to be

406772580.doc
5.
notes
applied to both historical and real-time views.

In real-time mode the filter is applied to the
incoming stream of event data, and shows users
only those events that match. Search criteria can
be written against both the normalized fields as
well as the original log message.
96.6. REPORTING  QRadar supports custom reporting on all collected Please refer to:
and analyzed security data, including event, flow,
 The solution must provide reporting − Reports.pdf
vulnerability, offense and asset. Queries and
on all items available for
search criteria constructed in the real-time − IBM QRadar_ Content
management via the GUI.
analytical views can be referenced in reports, Extension for ISO27001.pdf
 The solution must provide which simplify workflow and reduces redundant
configurable reporting engine for configuration.
Vulnerability Manager.pdf
customized report creation.
 QRadar allows users to create custom reports
− Vulnerability reports.pdf
 The solution must provide templates from the ground up, or to modify existing report
for the easy creation and delivery of templates to suit their needs.
reports at multiple levels ranging
 QRadar delivers out-of-the-box report templates
from operations to business issues.
for a wide variety of compliance and operational
 The solution must provide ‘canned’ needs. Reports are defined through an easy to
out-of-the-box reports for specific use report wizard, and can leverage existing saved
compliance regulations (PCI, SOX, searches created in other analytical views.
FISMA) and control frameworks QRadar includes over 1600 out-of-the-box report
including (NIST, COBIT, templates.
ISO27001).
 Business and operational reports in QRadar cover
 The solution must support the ability the following categories:
to centrally deliver vulnerability o Authentication
reports. Please describe how your
solution meets this requirement. o Identity
o User Activity
o Compliance

406772580.doc
5.
notes
o Configuration and Change Management

o Executive
o Device-specific reports (Application, OS,
Database, etc.)
o Network Management
o Security
o Usage Monitoring
o Application Activity
 QRadar provides asset vulnerability reporting.

QRadar normalizes all vulnerability data from all
vulnerability scanners such as Qualys, NCircle,
Nessus, Rapid 7 etc., and stores this data in the
Asset Profile. Through the Reports interface users
can run or schedule vulnerability reports against
their assets. Vulnerability reports can be
customized to limit results to certain
vulnerabilities by risk, type and name, and can be
sorted by severity and risk.
96.7. CORRELATION AND ALERTING  QRadar provides extensive threat monitoring that Please refer to:
can alert on detected threats from monitored
 The solution must provide alerting − IBM Security QRadar
devices and network activity monitoring.
based on observed security threats SIEM.pdf
from monitored devices. Please QRadar vastly expands the capabilities of
− QRadar architecture
describe how your solution meets traditional SIEM’s by incorporating new analytics
overview.pdf
this requirement. techniques and broader intelligence. Unlike any
other SIEM in the market today, QRadar captures − IBM Knowledge Center -
 The solution must provide alerting all activity on the network for assets, users and Configuring system notifications.pdf
based on observed anomalies and attackers before during and after an exploit and

406772580.doc
5.
notes
behavioural changes in network analyzes all suspected incidents in this context. − Anomaly detection rules.pdf
activity (flow) data. Describe any New analytical techniques like behavioral analysis
− Capabilities in your IBM
pre-packaged alerts and method for are applied. QRadar notifies analysts about
Security QRadar product.pdf
adding user-defined anomaly and ‘offenses’ which are a correlated set of incidents.
behaviour alerts. All associated data such as network, asset, − IBM Security QRadar
vulnerability, forensic data and identity context Vulnerability Manager Datasheet.pdf
 The solution must provide alerting are associated to the offense. By adding business
based upon established policy. (e.g., − IBM Knowledge Center –
and historical context to suspected incidents and
IM traffic is not allowed.) Describe Policy.pdf
applying new analytic techniques, massive data
the solutions ability to alert on reduction is realized and threats that are otherwise − Assets tab
policy violations. missed will be detected and prioritized
accordingly. − IBM X-Force integration.pdf
 The solution must provide the ability
to transmit alerts using multiple − Adding custom actions.pdf
 QRadar implements anomaly detection for events
protocols and mechanisms to other and flow data. For example, QRadar will − Custom rules.pdf
management solutions automatically learn what normal event rates
 The solution must provide UI based (events per second) are on a per IP or device basis.
wizard and capabilities to minimize For example, it is acceptable to see high firewall
false positives and deliver accurate deny rates, but if QRadar starts detecting a
results significant increase in FW denies from a specific
IP, QRadar will bring this to the user's attention.
 The solution must limit the QRadar also detects anomalies in network traffic
presentation of multiple similar (i.e. new network traffic, significant increases or
alerts. Describe the solutions ability decreases in network traffic.) This can be detected
to minimize duplicate alarms. on a per application, protocol or network basis.
 The solution must support the ability QRadar is also a market leading Network
to take action upon receiving an Behavior Analysis (NBA) vendor according to
alert. For example, the solution Gartner's NBA market scope. Full details of our
should support the ability to initiate anomaly detection methods (especially behavioral
a script or send an email message modeling) can be found in our market scope
submission).
 The solution must support the ability
to correlate against 3rd party  The QRadar correlation engine allows for alerting
security data feeds These 3rd party on any data it collects. Users can establish
data feeds should be updated detailed traffic and activity policies that enable
QRadar to detect that activity and alert on any

406772580.doc
5.
notes
automatically by the solution. exceptions. QRadar allows users to add these

policies directly from easy-to-use views. For
 The solution must support the ability example, if viewing application activity, and a
to correlate against 3rd party user notices P2P traffic, they can simply click on
vulnerability scan results. the rules button to add a threshold rule that alerts
 The solution must provide an out of when P2P traffic is seen anywhere on the network.
the box mechanism to discover and  QRadar supports a number of alert forwarding
classify assets by system type (i.e. options including; Email, SNMP, syslog, and IF-
mail servers vs. data base servers) to MAP publishing.
minimize false positives associated
with poor asset classification.  False positive classification in QRadar is
performed through an easy-to-use wizard that can
 The solution must support be launched directly from the respective analytical
correlation for additive values over view. The user is prompted to describe the
time. For example, alert when any qualities of an event or flow that make it a false-
source IP sends more than 1GB of positive, and the system then uses this information
data to a single port on a single in subsequent analysis to reduce false positives.
destination IP in a one-hour period
of time.  There are two capabilities that QRadar has that
address this requirement. The first capability is
 The solution must be able to be QRadar’s unique capability to correlate many
updated regularly, to stay aware of related items into a single incident as opposed to
the latest threat information and creating multiple incidents. For instance, an
research available. attacker running reconnaissance, followed by an
attack attempt, followed by an actual exploit is all
captured in historical context within an incident.
This greatly reduces “alert clutter” and improves
prioritization. Many QRadar deployments
analyze billions of events and log messages every
day. Often, even with minimum tuning, QRadar
is able to boil down this data to twenty actionable
incidents each day.
Secondly, for alert transmission, QRadar’s
correlation engine supports a response limiter
feature, such that users can express the maximum

406772580.doc
5.
notes
number of times the alert may trigger for a

specific IP/username/application/etc.
 QRadar allows users to trigger a variety of
responses as a result of an alert firing, including:
o Create an offense record in QRadar’s incident
management system
o Fire an SNMP trap
o Send an Email
o Send a Syslog message
o IF-MAP Response
 QRadar employs a number of threat and security
sources to provide eternal security context and
geographical context. This is integrated into all
views and capabilities within the product. Sources
include but are not limited to:
Geographic: maxmind
(http://www.maxmind.com)
Top Targeted Ports: D-Shield
(http://www.dshield.org)
Botnets: Emerging threats.
(http://www.emergingthreats.net/rules/emerging-
botcc.rules)
Bogon IPs:
http://www.cymru.com/Documents/bogon-bn-
nonagg.txt
Hostile Nets:
http://www.emergingthreats.net/rules/emerging-
botcc.rules

406772580.doc
5.
notes
Smurf:
http://www.emergingthreats.net/rules/emerging-
botcc.rules
These services are updated and pushed out to our
customers through an auto-update service. This
update service also includes updates for event
mappings, vulnerability mappings (e.g. CVE,
OSBDB ID), applications mappings, new Device
Support Modules and updates.
 QRadar Vulnerability Manager allows you to
schedule vulnerability scans and gather that data
for correlation and analysis. Vulnerability data is
mapped and stored in Asset Profiles to be used by
QRadar's correlation and analytics to raise the
severity of a threat, or remove false positives.
The following VA Vendors are currently
supported:
o Nessus
o McAfee Vulnerability Scanner
o nCircle
o Rapid7
o Nmap
o Saint
o Securescout
o Beyond Security
o Digital defense
o eYe Rem
o Foundscan
o IBM AppScan Enterprise
o IBM Guardium
o IBM Endpoint Manager
o IBM SiteProtector

406772580.doc
5.
notes
o Juniper NSM Profiler

QRadar Vulnerability Manager integrates with
multiple VA Scanners simultaneously and
consolidates the obtained information. For
example, some areas of an organizations network
may leverage nCircle, while others leverage
Nessus. QRadar is able to normalize all
vulnerability data into the Asset Profile for
consistent analytics and reporting across
vulnerability solutions.
In addition, when QRadar Risk Manager is
licensed, this vulnerability data can be analyzed in
conjunction with network configuration data to
better prioritize vulnerabilities by assessing which
vulnerabilities could be compromised because of
the networks topology.
QRadar includes a built in Asset Profile database
that tracks assets by IP and User Identity Data.
The Asset Profile database builds lists of services
running on a host based on how assets are
responding to network traffic through flow data. It
also incorporates vulnerability data and user
identity data from all logs and IAM data
containing identity information.
 The Asset Profile is used for the purpose of
monitoring asset activity and correlating events to
remove false positives or increasing the severity
of an offense for business critical assets. The asset
database is completely integrated into the product
for viewing of asset data from anywhere in the UI
(e.g. from network activity data (flows) or directly
from an event (log).

406772580.doc
5.
notes
 QRadar allows users to define event searches with

built-in aggregation. The aggregation feature
allows for sum/min/max/average operations on
arbitrary fields. Additionally, custom calculations
can be created. By referencing these field values,
a threshold-based correlation rule can be
configured to alert when the sum of the bandwidth
reported exceeds a specific value.
QRadar shines, in this regard. IBM X-Force has a
long standing history as one of the best known
commercial security research and development
groups in the world. The QRadar Security
Intelligence platform takes regular feeds from X-
Force, to provide additional insight into and
context for security situations that involve IP
addresses of a suspicious nature. By categorizing
IP addresses into segments such as malware hosts,
spam sources and anonymous proxies, this IP
reputation data can be incorporated into QRadar
rules, offenses and events, allowing for quick and
accurate capturing of events.
 X-Force IP reputation data is constantly updated
and main-tained, and the content in these feeds is
given relative threat scoring. This enables QRadar
users to prioritize incidents and offenses generated
through this content. The data from these
intelligence sources is automatically incorporated
into the QRadar correlation and analysis functions
and serves to greatly enrich its threat detection
capabilities with up-to-the-minute Internet threat
data. Any security event or network activity data
seen involving these addresses is automatically
flagged, adding valuable context to security

406772580.doc
5.
notes
incident analyses and investigations.
96.8. NETWORK ACTIVITY MONITORING  QRadar automatically classifies all log and Please refer to:
network activity by application, protocol,
 The solution must display visual − Viewing normalized flow
geography, area of the network, ports, as well as
traffic profiles in terms of bytes, data from the Network Activity
many other categories and tracks all related
packet rates and number of hosts tab.pdf
traffic statistics. Views within the Log and
communicating. These displays must
Network Activity view allow users an intuitive − Network activity
be available for applications, ports,
mechanism to pivot through and monitor network monitoring.pdf
protocols, threats and each
activity date and log activity. Users can view
monitoring point in the network. All − High-level event
long time-time series trends as well as quickly
of these views must support network categories.pdf
identity top n sources of traffic. Users can
location specific view such that they
customize views to monitor specific applications − IBM Security QRadar
can present information from a
or services running in their organization. SIEM.pdf
single location, the entire network or
any other defined grouping of hosts  QRadar provides application aware network − User Behavior Analytics
monitoring, via a technology, called QRadar app.pdf
 The solution must support
QFlow. QRadar QFlow is a network activity
application definition beyond − Network activity SIEM.pdf
collector that passively collects, analyzes and
protocol and port. The system must
classifies all packets on a network segment.
support the identification of
QRadar QFlow creates detailed flow records that
applications using ports other than
include detailed layer seven application
the well-known, and applications
information and captured content for forensics.
tunnelling themselves on other ports
QRadar QFlow’s advanced application detection
 The solution must detect “zero-day” performs stateful analysis of complex
events. Describe how the solution applications such as VoIP, P2P traffic, database
detects and displays this applications and social media traffic. With deep
information. packet inspection capabilities QRadar QFlow also
provides visibility into threats such as threatening
 The solution must dynamically learn traffic disguised as other applications. QRadar’s
behavioural norms and expose network activity and application visibility are
changes as they occur. Detail the completely integrated into the core QRadar SIEM
methods used by the solution and the solution. The data is searched, correlated and
method by which anomalies are reported on consistently with all other data, such
displayed. as logs, identity, vulnerabilities, among other

406772580.doc
5.
notes
 The solution must detect denial-of- things.

service (DoS) and distributed denial-
 QRadar enables the detection of “zero day”
of-service (DDoS) attacks. Describe
malware and other threats that existing security
how the solution detects and
products miss. Core to this detection is advanced
displays this information.
behavior analytics that can quickly flag
 The solution must detect and present anomalous network activity that might signify an
views of traffic pertaining to attack.
observed threats in the network.
 QRadar dynamically learns, network and
 The solution must support traffic application, behavioral patterns and can notify on
profiling associated with logical anomalous activity that might signify a security
network design (e.g., Subnet/CIDR). incident. This behavior analysis can be
performed on both events and network activity
 The solution must identify network (flows).
traffic from potentially risky
applications (e.g. file sharing, peer- From an anomaly perspective, QRadar can be used
to-peer, etc.). to detect three various types of changes in network
traffic:
 The solution must display traffic
profiles in terms of packet rate. This The first is the detection of a new service or
capability must be available for protocols that have never been seen before, such as
simple TCP analysis (TCP Flags, a mail server being installed in the DMZ or an FTP
etc.) but rate-based information may service being installed on a server that has not had
be presented for other profiles (e.g., FTP running on it in the past.
applications). The second change involves detecting a failed
 The solution must create clearly service. An example of this could be a web server
independent and differentiated that is active 100% of the day but then suddenly
profiles from local traffic vs. traffic stops responding to all communications.
originating or destined for the The third change is looking for a change in the
internet. activity level of a commonly used service. As an
 The solution must allow the user to example, SSH may be installed on the corporate
create custom profiles and views mail server, but only used a few times a week. If a
using any property of a flow, log, malicious user was to exploit the server and then
data source or already profiled utilized the SSH service as a jumping point to
exploit other servers this would be detected and

406772580.doc
5.
notes
traffic. alerted on.

 The solution must support traffic  QRadar provides multiple out-of-the-box
profiling based on IP addresses, correlation rules to detect both denial-of-service
groups of IP addresses, (DoS) and distributed denial-of-service (DDoS)
source/destination IP pairs etc. attacks. The detection of these types of attacks
comes from looking at anomalous patterns that
would signify that one or more systems are
receiving higher than expected traffic loads.
When this type of attack has been detected by the
QRadar solution, a user can view all information
relevant to the incident via a QRadar Offense.
 QRadar provides 100’s of out-of-the-box
correlation rules that detect a wide variety of
threats that might impact a network.
When a threat has been detected by QRadar, a user
can view all information relevant to the incident
via a QRadar Offense. Additional detail can be
obtained from the Offense (i.e. events, flows,
correlated alerts, etc.).
 QRadar provides traffic profiling by both
individual IP and network range (i.e.
Subnet/CIDR). Information collected by QRadar
can be aggregated (profiled) across multiple
dimensions including source IP/network,
destination IP/network, port and protocol, among
other attributes.
 QRadar provides out-of-the-box correlation rules
that detect a wide variety of “risky” protocols and
applications.
When a risky protocol has been detected by
QRadar, a user can view all information relevant to

406772580.doc
5.
notes
the incident via a QRadar Offense. Additional

detail can be obtained from the Offense (i.e.
events, flows, correlated alerts, etc.).
 QRadar provides traffic profiling by traffic rates.
Information collected by QRadar can be
aggregated (profiled) across multiple dimensions
including bytes (source and destination), packet
counts (source and destination), among other
attributes. The information provided can be pre-
filtered across multiple attributes including TCP
flags, port, protocol, and application.
 On initial setup of QRadar, users establish or can
auto-discover what is “local” to QRadar, meaning
the internal network, and what is “remote”
internet. After this is established, QRadar
appropriately classifies all traffic and threats as
internal, internal to external, external to internal
etc.
 Views, Reports, Dashboard Items and other
monitoring elements within QRadar are all built
from a common framework that leverages
powerful searching, filtering and aggregation
capabilities across all data. QRadar users can
leverage this easy-to-use framework for
developing their own custom views of network
activity and log data leveraging any field or
property.
 QRadar automatically tracks all IPv4 and IPv6
relevant data by IP, CIDR Range, and
Customized Group. All conversations are
tracked, searchable and used for analytics
relative to monitoring network activity and

406772580.doc
5.
notes
threats.
96.9. ADVANCED THREAT  Through the monitoring of application layer Please refer to:
MANAGEMENT network flows, QRadar provides the ability of
− IBM Security Threat Content
linking applications to the ports and protocols
 The solution must provide the ability application.pdf
over which they are being communicated.
to contextually link application
QRadar’s ability to correlate this information − RESTful API overview.pdf
activity on the network with security
with data collected from security events can
events from monitored devices. − IBM QRadar_ Integrating
provide significantly better accuracy in
QRadar with Third Party Ticketing
 The solution must provide the ability validating security events and detecting
Systems.pdf
to contextually link reported security advanced threats than solutions that can only
events with real-time knowledge of leverage security event data alone. − Offenses.pdf
the assets that are being targeted.
 This is accomplished in a variety of ways in the − QRadar rules and
 The solution must provide the ability QRadar Offense Manager in QRadar SIEM: offenses.pdf
to automatically weight the severity o Vulnerability data is factored into the threat − QRadar events and flows.pdf
of reported security events according
scoring of security incidents. If a given asset
to the vulnerability of the targeted
is known to be vulnerable to the attack in
assets
question, the threat scoring will be elevated
 The solution must provide a real- accordingly.
time event view of monitored o User identity information is incorporated into
information in raw/original as well
all asset related views, allowing analysts to
as processed/parsed format.
associate actual usernames with specific
 The solution must provide embedded activity
workflow capability that security
Geographic data is also incorporated into analyst
operations staff can use to guide views, allowing for quick association of assets
their work
with their respective geographies.
 The solution must provide bi-  Through the use of CVE and OSVDB, QRadar
directional integration with 3rd party
automatically associates threat information seen
trouble ticketing/help desk systems in the event stream with vulnerabilities known to
that security operations staff may use
exist on the target assets. This vulnerability-to-
to guide their work threat mapping information is used to prioritize

406772580.doc
5.
notes
 The solution must provide a the resulting offenses.

mechanism to capture all relevant
 The QRadar log viewer allows real-time views of
aspects of a security incident in a
both the original unmodified event, as well as the
single logical view.
fully normalized version of the event. Search
 The solution must provide a criteria can be applied to both the raw event form
mechanism to track security as well as any of the individual normalized
incidents across a wide range of fields.
relevant attributes (i.e. IP addresses,
 QRadar builds Offenses (correlated incidents)
usernames, MAC address, log
based on security issues, threats, or policy
source, correlation rules, user
violations. An Offense will contain a complete
defined, etc.). The user must be able
summarization of the problem and all context
to filter incidents along these defined
(flows and logs) for the purpose of investigating.
attributes.
Offenses can be assigned to individual QRadar
users. Offenses are tagged with user assignment
so that it is obvious to the Administrator who
offenses are assigned to. Each user receives their
own "My Offenses" view, which is a prioritized
list of offenses that need to be investigated.
Users can assign notes to offenses (which are
also visualized in indicators to the admin), so
they can quickly review notes, and users can
mark offenses for follow up. Users can close
offenses, setup email notification if offenses are
updated with new information and/or dismiss
offenses that they are no longer investigating.
Dismissed offenses allow users to remove an
offense from the UI, however QRadar will
continue to keep a state of that offense and
monitor for any new information that should be
correlated to that offense for a configurable
amount of time. Each offense is assigned with
its own unique identifier and is treated as it's own
"ticket" within the QRadar operating system.

406772580.doc
5.
notes
 QRadar supports a feature called authenticated

services which allows a service such as Remedy
or another ticketing/help desk system to
authenticate API calls to QRadar for managing
offenses. QRadar leverages alerting to open
tickets in ticketing systems in conjunction with
the authentication services capability and API to
provide bi-directional integration.
 Unique to QRadar is the ability to provide an in-
depth and comprehensive view of all underlying
evidence and history of data and activity that was
correlated to an offense. QRadar’s advanced
analytics ties all activity of a threat, policy
violation or other use cases into a single view.
For example, when QRadar detects
reconnaissance activity from network flows or
logs, it begins to build up an offense where
follow on activity, such as much more targeted
reconnaissance, and follow on attack attempts
are all correlated to the same offense, proving an
end to end picture of an attempted or successful
exploit.
 QRadar’s advanced analytics and correlation
capabilities have the ability to track an attack,
called an “Offense” in QRadar SIEM, as well as
the context of what caused an attack (for
example: a user, device or an area of the
network).
Not all security issues are IP centric and need to
be viewed from the perspective of what caused
them. Each offense provides a detailed source
summary which automatically changes to reflect
the appropriate information about the source of

406772580.doc
5.
notes
the incident.
97. Migration AMCP Quantity: 1
98. E-mail software Quantity: 1 E-mail software - Quantity: 1
99. Backup Solution Quantity: 2 Backup Solution - Quantity: 2
Manufacturer’s name: Veritas
Product type, model: NetBackup Platform Complete Edition per TB
99.1. It is necessary to provide data The offered solution provides data management Document: DS-NetBackup.pdf
management software (backup, archive, software (backup, archive, etc.) which supports both
etc.) that supports both physical and physical and virtual environments, heterogeneous
virtual environments, heterogeneous operating systems (Windows, Linux, Unix) as well as Document:
operating systems (Windows, Linux, a variety of business applications (Oracle, MS SQL, NetBackup_AdminGuideI.pdf
Unix) as well as a variety of business MS Exchange). (Chapter: Introducing the
applications (Oracle, MS SQL, MS NetBackup Interfaces;
Exchange). SubChapter: About NetBackup)
(Chapter: Introducing the
NetBackup interfaces;
SubChapter: Using the NetBackup
Administration Console;

406772580.doc
5.
notes
Topic: Backup,Archive and

Restore)
99.2. The software must have a single The offered backup software has single graphical Document: DS-NetBackup.pdf
graphical administration interface that administration interface that can operate all features
can operate all features (backup the (backup the whole environment, data archiving, etc.),
whole environment, data archiving, etc.), and which is capable for reporting and notification. Document:
and which is capable for reporting and NetBackup_AdminGuideI.pdf
notification. (Chapter: Configuring Host
Properties ;
SubChapter: Global Attributes
properties ;
Topic: Setting up email notifications
about backups,
Topic: Sending messages to the
administrator about successful and
unsuccessful backups)
(Chapter:Reporting in NetBackup;
SubChapter: About the Reports
utility )
NetBackup Interfaces;
SubChapter: About NetBackup)
NetBackup interfaces ;
SubChapter: Using the NetBackup
Administration Console ;
Topic: Backup, Archive, and

406772580.doc
5.
notes
Restore)
Document: NetBackup_SCL.pdf
(Chapter: NetBackup
Administration Consoles)
(Chapter: CentOS) ,
The backup solution should be (Chapter: Microsoft Windows 7) ,

The offered backup solution is compatible with the
compatible with the major server
major server operating systems including:
operating systems including: (Chapter: Microsoft Windows8) ,
- Windows 10, 8.1, 8, 7
- Windows 10, 8.1, 8, 7
99.3. - RHEL 7.0, 6.0, 5,0 (Chapter: Microsoft Windows 10) ,
- RHEL 7.0, 6.0, 5,0
- SLES 12, 11
- SLES 12, 11
- CentOS 7.0, 6.7 (Chapter: Oracle Linux) ,
- CentOS 7.0, 6.7
- Oracle Linux 7, 6, 5 (Chapter: Red Hat Enterprise
Oracle Linux 7, 6, 5
Linux) ,
(Chapter: SUSE SUSE Linux
Enterprise Server )
The software must support integration The offered software supports integration with
99.4. Document: DS-NetBackup.pdf
with different storage systems. different storage systems.
The software must have support for The offered software provides support for backup of
99.5. Document: DS-NetBackup.pdf
backup of physical and virtual servers physical and virtual servers
99.6. The software must include agents for The offered solution includes agents for application Document: NetBackup_ACL.pdf
application consistent backup the consistent backup including the following business (Chapter: Microsoft Exchange) ,

406772580.doc
5.
notes
following business applications: Oracle (Chapter: Microsoft SharePoint) ,

DB, MS SQL, MS SQL Server Express,
MS Exchange, MS SharePoint, MS applications: Oracle DB, MS SQL, MS SQL Server (Chapter: Microsoft SQL Server) ,
Active Directory including the following Express, MS Exchange, MS SharePoint, MS Active
versions: Directory including the following versions: (Chapter: Oracle Database)
- Oracle database 12c, 11g, 10g, - Oracle database 12c, 11g, 10g,
Document:
- MS SQL Server 2016, 2014, 2012, - MS SQL Server 2016, 2014, 2012, 2008R2, 2008
NetBackup_76_db_scl.pdf
2008R2, 2008 (Chapter: Oracle Database)
- MS Exchange Server 2016, 2013, 2010, 2007
- MS Exchange Server 2016, 2013,
- MS SharePoint Server 2013, 2010
2010, 2007
- MS SharePoint Server 2013, 2010 (Chapter: Active Directory
Support)
The backup software should be

compatible with the two major The offered backup solutions is compatible with the
virtualization solutions: VMware and two major virtualization solutions: VMware and Document: NetBackup_SCL.pdf
(Chapter: Virtual Systems
Microsoft Hyper-V, including the Microsoft Hyper-V, including the following versions:
Compatibility ;
99.7. following versions:
- VMware ESXi 6.5, 6.0, 5.5, 5.1 SubChapter: VMware
- VMware ESXi 6.5, 6.0, 5.5, 5.1 Compatibility , SubChapter: Hyper-
- Microsoft Hyper-V Server 2016, 2012 R2, 2012, V Servers Compatibility)
- Microsoft Hyper-V Server 2016, 2008 R2, 2008
2012 R2, 2012, 2008 R2, 2008
99.8. The software must support de- The offered backup solution support de-duplication at Document:
duplication at source or at destination, as source or at destination, as well as other modern NetBackup_DedupeGuide.pdf
well as other modern technologies for technologies for backup and archiving: compression, (Chapter: Introducing the
backup and archiving: compression, data data encryption (it is required that offered solution has NetBackup media server
encryption (it is required that offered FIPS certified data encryption).The solution has the deduplication option; SubChapter:
solution have FIPS certified data ability to work with a large number of devices for About the NetBackup deduplication

406772580.doc
5.
notes
options)
Document:
NetBackup_AdminGuideI.pdf
(Chapter: Creating backup policies;
SubChapter: Policy Attributes tab ;
Topic: Compression (policy
attribute),
Topic: Encryption (policy
attribute))
encryption), the ability to work with a Document:

large number of devices for backup and NetBackup_SecEncryp_Guide.pdf
backup and archiving – storage systems (SAN, NAS),
archiving – storage systems (SAN, (Chapter: Data at rest key
tape drive, tape library, cloud storage (Amazon S3,
NAS), tape drive, tape library, cloud Management;
Microsoft Azure Storage, Google Cloud).
storage (Amazon S3, Microsoft Azure SubChapter: Federal Information
Storage, Google Cloud). Processing Standards (FIPS))
Document:
NetBackup_AdvDisk_Guide.pdf
(Chapter: Introducing
AdvancedDisk; SubChapter: About
the AdvancedDisk storage option)
Document : NetBackup_HCL.pdf
(Chapter: Tape Libraries) ,
(Chapter: Tape Drives )
Document: DS_NetBackup.pdf
Document:
99.9. The software should be licensed by the The offered software is licensed by the amount of data
NetBackup_AdminGuideII.pdf
amount of data to be backed up (TB - to be backed up (TB - terabytes), regardless of the
(Chapter:NetBackup licensing

406772580.doc
5.
notes
terabytes), regardless of the number of

models and then nbdeployutil
physical or virtual servers, the number number of physical or virtual servers, the number and
utility; SubChapter: About
and type of application, the type of type of application, the type of backup devices.
NetBackup licensing models)
backup devices.
Document:
The offered backup software is able to do (Chapter: Creating backup
The backup solution should be able to do simultaneous backup to disk and tape, to write the policies ;
99.10.
simultaneous backup to disk and tape, to same backup image to both mediums at the same time SubChapter: Schedule Attributes
write the same backup image to both and assign unique retention attributes to each tab ;
mediums at the same time and assign Topic: Multiple copies (schedule
unique retention attributes to each. attribute))
99.11. The backup solution should be able to do The offered solution is able to do automated Document:
automated sequential backup to disk and sequential backup to disk and tape, to write the NetBackup_AdminGuideI.pdf
tape, to write the backup image on one backup image on one medium and then copy it to the (Chapter: Creating backup policies;
medium and then copy it to the other other (disk to tape; tape to disk) with the option to Subchapter: Schedule Attributes
(disk to tape; tape to disk) with the assign unique retention attributes to each copy of the tab ;
option to assign unique retention backup image. Topic: Multiple copies (schedule
attributes to each copy of the backup attribute) ,
image. Topic: Retention (schedule
attribute))
(Chapter: Configuring storage
lifecycle policies;
SubChapter: About storage lifecycle
policies)
(Chapter: Storage lifecycle policy
options;
SubChapter: Storage Lifecycle
Policy dialog box settings)

406772580.doc
5.
notes
The backup software should have Document:

deduplication option to exploit more NetBackup_DedupeGuide.pdf
The offered backup software has deduplication option
effectively the disk space of the backup (Chapter: Introducing the
to exploit more effectively the disk space of the
server for storing the backed up data. The NetBackup media server
backup server for storing the backed up data. The
99.12. deduplication option should be able to deduplication option ;
deduplication option is able to use different types of
use different types of disk storage for SubChapter: About the NetBackup
disk storage for storing deduplicated data including
storing deduplicated data including local deduplication options,
local disk storage, SAN storage and iSCSI storage.
disk storage, SAN storage and iSCSI SubChapter: About MSDP storage
storage. and connectivity requirements)
Document:
(Chapter: Reporting in NetBackup;
SubChapter: About the Reports
The backup should be completely utility)
automated and should have a system for
The offered solution is completely automated and has
generating daily reports on the backup Document:
a system for generating daily reports on the backup
tasks, should have a system for NetBackup_AdminGuide_OpsCent
tasks. It can generate and analyse information on
99.13. generating and analysing information on er.pdf
trends regarding backup tasks (analysis of trends in
trends regarding backup tasks (analysis (Chapter: Overview of NetBackup
relation to the duration of backup tasks, the amount of
of trends in relation to the duration of OpsCenter;
backed up data, successful backup tasks, etc.).
backup tasks, the amount of backed up SubChapter: About OpsCenter)
data, successful backup tasks, etc.).
(Chapter:Reporting in OpsCenter;
SubChapter: About OpsCenter
reports )
Document:
99.14. The backup software should have option The offered backup software has option for automatic
for automatic delivery of generated delivery of generated reports and notifications to e-
(Chapter: Configuring Host
reports and notifications to e-mail mail recipients.
Properties ;
recipients.
SubChapter: Global Attributes

406772580.doc
5.
notes
properties ;
Topic: Setting up email notifications
about backups ,
global administrator about
unsuccessful backups only ,
administrator about successful and
unsuccessful backups)
Document:
NetBackup_AdminGuide_OpsCent
er.pdf
(Chapter: Overview of NetBackup
OpsCenter ;
SubChapter: About OpsCenter ;
Topic: About alerting in OpsCenter)
(Chapter: OpsCenter Getting

Started Feature;
SubChapter: About the OpsCenter
Getting Started feature)
(Chapter: Reporting in OpsCenter;

SubChapter: About managing
reports in OpsCenter ;
Topic: Emailing a report in
OpsCenter)
99.15. The backup software should be able to do The offered backup solution is able to do backup of
backup of live (running) virtual live (running) virtual machines, without any agent
Document:
machines, without any agent installed on installed on the guest OS and without any impact on
NetBackup_AdminGuide_VMware.
the guest OS and without any impact on their work.
pdf (Chapter:Introduction;

406772580.doc
5.
notes
SubChapter: About NetBackup for

VMware)
Document:
NetBackup_AdminGuide_Hyper-
V.pdf (Chapter: Introduction;
SubChapter: About Hyper-V,
SubChapter: NetBackup for
Hyper-V environment)
their work.
Document:
(Chapter: Creating backup policies;
The backup software should offer so-
The offered backup solution offers so-called SubChapter: Policy Attributes tab ;
called application aware backup and
99.16. application aware backup and granular restoration of Topic: Enable granular recovery
granular restoration of the application
the application data. (policy attribute))
data.
Document: DS-NetBackup.pdf
99.17. From single pass backup of a virtual From single pass backup of a virtual machine, the Document:
machine the backup solution should offer offered backup software is able to recover the NetBackup_AdminGuide_Hyper-
recovery of the complete virtual machine complete virtual machine and granular recovery of V.pdf (Chapter:Introduction;
and granular recovery of files and files and folders. SubChapter: About Hyper-V)
folders.
Document:
NetBackup_AdminGuide_VMware.
pdf (Chapter: Introduction;
SubChapter: About NetBackup for
VMware)

406772580.doc
5.
notes
Document:
NetBackup_AdminGuide_Hyper-
V.pdf (Chapter: Back up and
restore Hyper-V; SubChapter:
Notes on full virtual machine
restore)
It should provide recovery of full virtual Document:

The offered backup solution provides recovery of full NetBackup_AdminGuide_VMware.
machine to the virtualization host from
99.18. virtual machine to the virtualization host from where pdf (Chapter:Restore virtual
where it was backed up or to a different
it was backed up or to a different virtualization host machines ;
virtualization host.
SubChapter: Restoring the full
VMware virtual machine ;
Topic: Virtual Machine Recovery
dialog boxes (restore to original
location),
Topic: Virtual Machine Recovery
dialogs boxes (restore to alternate
location)
Document:
99.19. The backup software should offer The offered backup solution provides encryption
NetBackup_SecEncryp_Guide.pdf
encryption methods for backed up data methods for backed up data while it transits through
(Chapter: Increasing NetBackup
while it transits through the network and the network and when it resides on backup medium.
Security;
when it resides on backup medium.
SubChapter: About NetBackup
security and encryption)
Document:
(Chapter: Configuring Host
Properties ;
SubChapter: Encryption

406772580.doc
5.
notes
properties)
(Chapter: Creating backup

policies ;
SubChapter: Policy Attributes tab ;
Topic: Encryption (policy
attribute))
The backup solution should offer fully The offered backup solution provides fully automated Document:
99.20. automated system recovery to different system recovery to different hardware, both physical NetBackup_AdminGuide_BMR.pdf
hardware, both physical and virtual. and virtual. (Chapter: Introducing Bare Metal
Restore;
SubChapter: About Bare Metal
Restore)
Document:
99.21. The software must have a possibility for The offered backup software has a possibility for data
data replication to secondary location. replication to secondary location. (Chapter: About NetBackup
This replication should be optimized i.e. This replication is optimized to move only the new Replication;
it should can only move the new deduplicated data in order to save bandwidth on the SubChapter: About NetBackup
deduplicated data in order to save the link between the two locations replication ,
bandwidth on the link between the two SubChapter: About NetBackup
locations. Auto Image Replication ,
SubChapter: About NetBackup
Replication Director)
Document:
NetBackup_DedupeGuide.pdf
(Chapter: Configuring
deduplication ;
SubChapter: About MSDP
optimized duplication within the

406772580.doc
5.
notes
same domain)
100.
Trainings Quantity: 1 Trainings Quantity: 1
Manufacturer’s name: N/A
Product type, model: N/A
Training for the IT Department of

Ministry of Interior WA590 WebSphere
WA590 WebSphere Application Server V9
100.1. Application Server V9 Administration.
Administration for 2 participants for five days.
Training should be planned for 2
participants for five days.

Ministry of Interior WA599 WebSphere Training for the IT Department of Ministry of Interior
Application Server V9 Administration in WA599 WebSphere Application Server V9
100.2.
a Federated Environment. Training Administration in a Federated Environment for 10
should be planned for 10 participants for participants for five days.
five days.

Ministry of Interior CL413 DB2 for Training for the IT Department of Ministry of Interior
100.3. LUW Performance Tuning and CL413 DB2 for LUW Performance Tuning and
Monitoring. Training should be planned Monitoring for 2 participants for five days.
for 2 participants for five days.

406772580.doc
5.
notes

Ministry of Interior CL463 DB2 10.5 for Training for the IT Department of Ministry of Interior
LUW Advanced Database Administration CL463 DB2 10.5 for LUW Advanced Database
100.4.
with DB2 BLU Acceleration. Training Administration with DB2 BLU Acceleration for 2
five days.

Training for the IT Department of Ministry of Interior
Ministry of Interior VMware vSphere:
100.5. VMware vSphere: Optimize and Scale. Training for 2
Optimize and Scale. Training should be
planned for 2 participants for five days.

Ministry of Interior VMware vSphere: Training for the IT Department of Ministry of Interior
100.6. Troubleshooting Workshop. Training VMware vSphere: Troubleshooting Workshop for 2
five days.

Ministry of Interior for development on
100.7. for development on JAVA EE platform 7 for 10
JAVA EE platform 7. Training should be

Ministry of Interior for application Training for the IT Department of Ministry of Interior
100.8. development on JAVA SE platform 8. for application development on JAVA SE platform 8
Training should be planned for 10 for 10 participants for five days.
100.9. Training for the IT Department of Training for the IT Department of Ministry of Interior
Ministry of Interior for Web Component for Web Component Development on JSF EE7. for

406772580.doc
5.
notes
Development on JSF 2.2. Training

should be planned for 10 participants for 10 participants for five days.
five days.

Ministry of Interior for development,
for development, usage and administration of SOAP
100.10. usage and administration of SOAP and
and REST web services for 10 participants for five
REST web services. Training should be
days.

Ministry of Interior for Rational Training for the IT Department of Ministry of Interior
100.11. Application Developer (RAD) v.9.6. for Rational Application Developer (RAD) v.9.6. for
Training should be planned for 15 15 participants for five days.

Ministry of Interior for Rational Software Training for the IT Department of Ministry of Interior
100.12. Architect Designer for WebSphere for U8R14G IBM Rational Software Architect (RSA)
Software. Training should be planned for 8 for Designers for 10 participants for five days.
10 participants for five days.

Ministry of Interior for Developing of
web services and consuming web Training for the IT Department of Ministry of Interior
services in backend systems including for Developing of web services and consuming web
100.13. training for Advance web service services in backend systems including training for
development and management (Java). Advance web service development and management
(Java) for 15 participants for 5 days.
Training should be planned for 15
participants.

406772580.doc
5.
notes
User training for Web Service

Development (for the Interoperability
system purposes) item 83:
We will provide user training for Web Service
Every newly connected institution shall Development (for the Interoperability system
nominate employees to attend on two purposes) item 83.
types of training: systems engineers in
order to be familiar with the installed Two types of training will be provided for the
equipment in their premises and software nominated employees by every newly connected
developers for developing and adding institution: systems engineers in order to be familiar
new services to the MIM 2 platform with the installed equipment in their premises and
software developers for developing and adding new
Conducting training for system usage, services to the MIM 2 platform.
intended to the end-users and providing
We will conduct training for system usage, intended to Training
100.14. user manual documentation. The training
has to be provided for the participants’ the end-users and we will prepare and provide user
users and administrators. manuals according to the needs.
Minimum two users and two The training will be provided for the participants’
administrators per institution shall users and administrators - minimum two users and
participate the training. two administrators per institution.
Additionally, the administrators’ Additionally, we will conduct special workshop

education includes special workshop training for Web service developing for the
training for Web service developing, administrators’ education, according to the Provider
according to the Provider participant’s participant’s needs and based on Train-the-trainer
needs. methodology.
The education will be conducted based

on the Train-the-trainer methodology.
100.15. Request for training and knowledge We will provide training and knowledge transfer for Training
transfer for Document Management Document Management System implementation –
System implementation – item 84 for item 84 for AMCP, FPO, SCPC.
AMCP, FPO, SCPC:
The offer should include:

406772580.doc
5.
notes
a. Manuals and Instructions in

Our offer includes:
Macedonian language for all aspects
of using, administering and a. Providing Manuals and Instructions in Macedonian
maintaining the system for all language for all aspects of using, administering and
categories of users maintaining the system for all categories of users
b. User trainings (in each institution
b. Providing user trainings (in each institution
separately):
separately):
ii. Administration personnel training
for creation and management of ii. Administration personnel training for creation
users, groups and roles for up to 5 and management of users, groups and roles for up
users per institution to 5 users per institution
iii. e-Archive training for the
iii. e-Archive training for the archivist’s personnel,
archivist’s personnel, for up to 5
for up to 5 users per institution
users per institution
End user training based on train the
trainer methodology, for up to 20 users End user training will be based on train the trainer
per institution. methodology, for up to 20 users per institution.
100.16. Implementation services, consulting Implementation services, consulting services and Training
services and training services for DLP training services for DLP software – item 86 for all
software – item 86 for all Beneficiaries Beneficiaries as stated in Distribution table in Annex
as stated in Distribution table in Annex 2: 2: Distribution of items per location, will include:
Distribution of items per location:
 Preparation, Pre-Engagement,
 Preparation, Pre-Engagement, Assessment and
Assessment and Planning
Planning
 Design
 Produce a solution architecture  Design
overview  Produce a solution architecture overview
 Develop scanning schedules and
targets  Develop scanning schedules and targets
 Development and implement  Development and implement information
information protection policy protection policy
 Development and implement policy

406772580.doc
5.
notes
 Development and implement policy rules

rules
 Implement and integrate
 Implement and integrate
 Install and configure the solution  Install and configure the solution
 Configure required groups and users
 Configure required groups and users
 Tune rules and modify responses
 Develop scheduled reports  Tune rules and modify responses
Perform user acceptance testing  Develop scheduled reports
 Perform user acceptance testing
Basic software end user training for

primary Forensic tool (item 93) (software Basic software end user training for primary Forensic
features explanation with practical tool (item 93) (software features explanation with
100.17. examples) at Financial Police practical examples) at Financial Police Office, for 5
Office, minimum 5 days for 2 persons at days for 2 persons at the beneficiary site for primary
the beneficiary site for primary Forensic Forensic tool -EnCase@ Forensic.
tool -EnCase@ Forensic.
100.18. Not Applicable Not Applicable

mobile device forensic tool (Cellebrite Basic software end user training for mobile device
UFED Touch+UFED Physical Analiser, forensic tool (Cellebrite UFED Touch+UFED
item 95) (software features explanation Physical Analiser, item 95) (software features
100.19. with practical examples) at Financial explanation with practical examples) at Financial
Police Office, minimum 5 days for 2 Police Office, for 5 days for 2 persons at the
persons at the beneficiary site for mobile beneficiary site for mobile device forensic tool
device forensic tool (Cellebrite UFED (Cellebrite UFED Touch+UFED Physical Analiser).
Touch+UFED Physical Analiser).
100.20. Train-the-trainer training for IBM i2 Train-the-trainer training for IBM i2 Analyst tool –
Analyst tool – item 96. (software features item 96. (software features explanation with practical

406772580.doc
5.
notes
explanation with practical examples and

use case scenarios) at Financial Police examples and use case scenarios) at Financial Police
Office, minimum 5 days for one person Office, for 5 days for one person at the beneficiary
at the beneficiary site for IBM i2 Analyst site for IBM i2 Analyst tool.
tool.

offered SIEM solution, item 97 (software Basic software end user training for offered SIEM
features explanation with practical solution, item 97 (software features explanation with
100.21. examples) at IT department at Ministry practical examples) at IT department at Ministry of
of Interior, minimum 5 days for 2 Interior, for 5 days for 2 persons at the beneficiary site
persons at the beneficiary site for offered for offered SIEM solution.
SIEM solution.
WARRANT
101. Quantity: 1
Y
We will provide warranty for all items, for period of 1

year commence on the provisional acceptance.
101.1. Product type, model: The warranty for all
We will ensure that the System and all other items Statement for Warranty in Part 3
items must remain valid for 1 year after
complies with the given specifications from your side Documentation
provisional acceptance.
and will be of the highest quality and fit for purposes
set up in the Tender specifications.

406772580.doc
1 Annex 1: Delivery locations
No. Location Address Notice
1 Finance Police Office, FPO Kej Dimitar Vlahov No.4, floor 4 – 1000 Skopje
2 State Commission to Preventing Corruption, SCPC Dame Gruev No. 1
3 Agency for management of confiscated properties, AMCP Makedonija b.b. (broj 5) – 1000 Skopje
Gjuro Strugar n. 5, Tehnometal building 4th floor – 1000

4 Financial Intelligence Office FIO
Skopje
5 Supreme Court of RM, SC Krste Misirkov b.b – 1000 Skopje
6 Public Prosecutor Office of RM, PPO Kej Dimitar Vlahov bb – 1000 Skopje
7 Ministry of Interior of RM, MoI Dimče Mirčev 52 B – 1000 Skopje
7.1 MoI – IT department Dimče Mirčev 52 B – 1000 Skopje
MoI – Department for fight against Organize and Serious

7.2 Dimče Mirčev 52 B – 1000 Skopje
Crime, DFSOC
7.3 MoI – Forensic Department, FD Dimče Mirčev 52 B – 1000 Skopje
8 Ministry of Finance; Customs Administration CA) Lazar Licenoski St. No.13 – 1000 Skopje
9 Ministry of Justice of RM, MoJ Dimitrie Chupovski 9 – 1000 Skopje
Central Interoperability platform location - Ministry of

10 Blvd. Sv. Kiril i Metodij 54, 1000 Skopje
Information Society and Administration MIOA

406772580.doc
2 Annex 2: Distribution of items per location
MoI, DFSOC
MoI, FD
TOTAL
MoI, IT
AMCP
SCPC
Ite
FPO
PPO
MoJ
FIO
CA
SC
Item name
m
1. Tower Server 0 0 0 0 0 0 0 1 5 0 0 6
2. Rack Server Type I 1 0 0 0 0 0 0 0 2 0 0 3
3. Rack Server Type II a 2 0 2 2 0 2 0 0 0 0 2 10
4. Rack Server Type II b 0 0 0 0 0 0 4 0 0 0 0 4
5. Rack Server Type II c 0 0 0 0 0 0 2 0 0 0 0 2
6. Rack Server Type III 0 0 0 2 0 0 0 0 0 0 0 2
7. Rack Server Type IV 0 5 0 0 0 0 0 0 0 0 0 5
8. Rack Server Type V 0 1 0 0 0 0 0 0 0 0 0 1
9. Hyper-convergence solution 0 2 0 0 0 0 0 0 0 0 0 2
10. Rack cabinet system with servers and storage 0 0 0 0 0 0 0 0 1 0 0 1
11. UPS device 0 0 0 0 0 0 0 0 2 0 0 2
12. Servers 0 0 0 0 0 0 0 0 2 0 0 2
13. SAN switches 0 0 0 0 0 0 0 0 2 0 0 2
14. Storage Unit 0 0 0 0 0 0 0 0 1 0 0 1
15. Data Storage Type I 1 0 0 0 0 0 0 0 0 0 0 1

406772580.doc
MoI, DFSOC
MoI, FD
TOTAL
MoI, IT
AMCP
SCPC
Ite
FPO
PPO
MoJ
FIO
CA
SC
Item name
m
16. Data Storage Type II 1 0 0 0 0 0 0 0 0 0 0 1
17. Data Storage Type III 0 0 0 1 0 0 0 0 0 0 0 1
18. Data Storage Type IV 0 0 1 0 0 0 0 0 0 0 0 1
19. Tape Library solution 0 0 0 1 0 0 0 0 0 0 0 1
20. Rack 42U 1 1 1 1 0 1 1 0 0 0 0 6
21. Rack 24U 0 1 0 0 0 0 0 0 0 0 0 1
22. Rack UPS 5000VA 2 1 2 2 0 2 0 0 0 0 0 9
23. Rack UPS 3000VA 0 1 0 0 0 0 0 0 0 0 0 1
24. 16 port KVM switch with 19” monitor 0 1 0 0 0 0 0 0 0 0 0 1
25. 4 port KVM switch with 19” monitor 0 1 0 0 0 0 0 0 0 0 0 1
26. Gigabit Switch 8 port 0 0 0 0 0 0 0 5 0 0 0 5
27. Gigabit Switch 24 port 0 0 0 0 0 0 0 0 15 0 2 17
28. Gigabit L3 Switch 24 port 0 1 0 0 0 0 0 0 0 0 0 1
29. Gigabit L3 Switch 48 port 0 3 2 0 0 2 2 0 0 0 0 9
30. Fiber Channel Switch 24 port 2 0 0 0 0 0 2 0 0 0 0 4
31. Point-to-point wireless link 2.4GHz 0 0 0 0 0 0 0 5 0 0 0 5

406772580.doc
MoI, DFSOC
MoI, FD
TOTAL
MoI, IT
AMCP
SCPC
Ite
FPO
PPO
MoJ
FIO
CA
SC
Item name
m
32. Point-to-point wireless link 5.8GHz 0 0 0 0 0 0 0 5 0 0 0 5
33. WLAN Access Point 0 3 0 0 0 0 0 0 0 0 0 3
34. Application Firewall 1 1 1 1 0 1 1 0 0 0 0 6
35. Personal Computers 0 0 5 0 50 0 0 20 54 0 2 131
36. Personal Computers+Endpoint 0 35 0 0 0 0 0 0 0 0 0 35
37. All-In-One Personal Computers 0 0 0 0 0 0 0 0 5 0 0 5
38. Workstation 0 0 0 0 0 0 0 0 1 0 0 1
39. Monitor 55” 0 0 0 0 0 0 0 0 1 0 0 1
40. Monitor 24-26” 8 0 0 0 0 0 0 0 0 0 0 8
41. Laptop Type I 20 0 0 10 0 0 0 0 5 0 0 35
42. Laptop Type II 0 0 0 0 0 0 0 25 0 0 0 25
43. Laptop Type III 0 0 0 0 0 50 0 0 0 0 0 50
44. Laptop Type IV 0 0 0 0 0 0 0 0 0 0 7 7
45. Laptop Type IV+Adobe+MS Office 0 10 0 0 0 0 0 0 0 0 0 10
46. Tablet 0 0 0 3 0 0 0 0 0 0 0 3
47. Laser Printer B&W A4 0 0 1 0 6 0 0 0 0 0 1 8

406772580.doc
MoI, DFSOC
MoI, FD
TOTAL
MoI, IT
AMCP
SCPC
Ite
FPO
PPO
MoJ
FIO
CA
SC
Item name
m
48. Multifunction Laser Printer B&W A4 0 0 0 0 0 0 0 0 5 0 0 5
49. Multifunction Laser Printer Colour A4 0 0 0 0 0 0 0 0 10 0 0 10
Multifunction Laser Printer B&W A4 with authentication

50. 0 10 0 0 0 0 0 0 0 0 0 10
Software
51. Multifunction Laser Printer B&W A3 0 2 2 0 2 0 0 0 0 1 0 7
52. Photo printer 0 0 0 0 0 0 0 0 2 0 0 2
53. Mobile Printer 6 0 0 0 0 0 0 0 0 0 0 6
54. Mobile Scanner 8 0 0 0 0 0 0 0 0 0 0 8
55. Microsoft SQL Server 2016 for 35 users (CAL) 0 3 0 0 0 0 0 0 0 0 0 3
56. Shredder 5 0 0 0 0 0 0 0 0 0 0 5
57. Projector Type I 0 1 0 0 0 0 0 0 0 0 0 1
58. Projector Type II 0 1 0 0 0 0 0 0 0 0 0 1
59. Mobile Phone 0 0 0 0 0 0 0 10 0 0 0 10
60. Barcode Reader 0 0 0 0 0 0 0 0 30 0 0 30
61. Forensic SAS Bridge 1 0 0 0 0 0 0 0 0 0 0 1
62. Forensic SATA/IDE Bridge 1 0 0 0 0 0 0 0 0 0 0 1
63. 3.5” Hard drives Set 1 0 0 0 0 0 0 0 0 0 0 1

406772580.doc
MoI, DFSOC
MoI, FD
TOTAL
MoI, IT
AMCP
SCPC
Ite
FPO
PPO
MoJ
FIO
CA
SC
Item name
m
64. 2.5” Hard drives Set 1 0 0 0 0 0 0 0 0 0 0 1
65. External Hard Disk Case 3.5" 5 0 0 0 0 0 0 0 0 0 0 5
66. Dock station for Hard Disks 5 0 0 0 0 0 0 0 0 0 0 5
67. External 3.5” Hard drives 1 0 0 0 0 0 0 0 0 0 0 1
68. External 2.5” Hard drives 1 0 0 0 0 0 0 0 0 0 0 1
69. SDHC Memory Card 64GB 0 0 0 0 0 0 0 20 0 0 0 20
70. SDHC Memory Card 128GB 0 0 0 0 0 0 0 20 0 0 0 20
71. Server Expansion Memory 4 0 0 0 0 0 0 0 0 0 0 4
72. CAT5E RJ45 Modular Plug 0 0 0 0 0 0 0 500 0 0 0 500
73. Cat5e Ethernet Cable 300m 0 0 0 0 0 0 0 3 0 0 0 3
1-Port Gigabit High-Power PoE+ Injector Power output of

74. 0 0 0 0 0 0 0 20 0 0 0 20
up to 30 watts
1-Port Gigabit High-Power PoE+ Injector Power output of

75. 0 0 0 0 0 0 0 10 0 0 0 10
up to 60 watts
76. Coaxial cable 0 0 0 0 0 0 0 2 0 0 0 2
77. BNC to RCA connector 0 0 0 0 0 0 0 300 0 0 0 300
78. BNC connector 0 0 0 0 0 0 0 300 0 0 0 300

406772580.doc
MoI, DFSOC
MoI, FD
TOTAL
MoI, IT
AMCP
SCPC
Ite
FPO
PPO
MoJ
FIO
CA
SC
Item name
m
79. Leased line connection 1 1 1 1 0 1 0 0 0 0 2 7
Object-relational database management system Oracle

80. 0 0 1
Database or equivalent 0 0 0 1 0 0 0 0 0
Institution and authorities interconnection within the existing

81. 1 1 1 1 0 1 0 0 0 0 1 6
Interoperability system
Designing the secure connection of the Beneficiary back-end

systems via ICT platform for connecting the institution to the
82. 0 1* 1
MIM2 via Communication Client environment and the
existing Interoperability system (MIM2) 0 0 0 0 0 0 0 0 0
Web Service Development (for the Interoperability system

83. 4 10 4 4 0 4 6 0 0 4 4 40
purposes) – INDICATIVE LIST
Document Management System implementation (1.

eArchive Module - (users: 500 per institution, implemented
in 3 institution); 2. Module for integration with external
84. 1 1 1 0 0 0 0 0 0 0 0 3
systems for 8 institutions; 3. Module for electronic document
exchange between the connected institutions on the
interoperability platform for 8 institutions)
Software tool for protection and sharing data by using

85. 1 1 1 1 0 1 1 0 0 1 1 8
encryption (users: 30, implemented per institution: 8)
DLP central management platform and DLP for endpoint

86. 1 1 1 1 0 1 1 0 0 1 1 8
software (users: 30, implemented per institution: 8)
Windows 10 Professional 64-bit Edition for existing

87. 10 0 0 0 0 0 0 0 0 0 0 10
desktops

406772580.doc
MoI, DFSOC
MoI, FD
TOTAL
MoI, IT
AMCP
SCPC
Ite
FPO
PPO
MoJ
FIO
CA
SC
Item name
m
88. Software proxy server 0 1 0 0 0 0 0 0 0 0 0 1
89. Passive network infrastructure for SCPC 0 1 0 0 0 0 0 0 0 0 0 1
90. MoI platform for back-end system connection 0 0 0 0 0 0 1 0 0 0 0 1
91. Interoperability Software 0 0 0 0 0 0 0 0 0 0 1* 1
92. Upgrade license for primary Forensic Tool 1 0 0 0 0 0 0 0 0 0 0 1
93. Mobile device forensic 1 0 0 0 0 0 0 0 0 0 0 1
94. Additional AccessData FTK (Forensic Toolkit) licenses / / / / / / / / / / / /
95. Upgrade license for primary Operational Analysis Tool 2 0 0 0 0 0 0 0 0 0 0 2
96. SIEM (Security Information Event Management) Solution 0 0 0 0 0 0 1 0 0 0 0 1
97. Migration AMCP 0 0 1 0 0 0 0 0 0 0 0 1
98. E-mail software 0 1 0 0 0 0 0 0 0 0 0 1
99. Backup Solution 0 1 0 0 0 0 1 0 0 0 0 2
100. Trainings 1
101. Warranty 1
* Since Ministry of Information Society and Administration (MISA) is responsible for Interoperability platform maintaining and operations, for the items 82 and 91 end-
recipient is: Ministry of Information Society and Administration (MISA), Blvd. Sv. Kiril i Metodij 54, 1000 Skopje.

406772580.doc
3. Delivery Summary

406772580.doc
No. Item(s) Quantity
LOT1: ICT (hardware and software) equipment Supply
1 Tower Server 6
2 Rack Server Type I 3
3 Rack Server Type II 10
6 Rack Server Type III 2
7 Rack Server Type IV 5
8 Rack Server Type V 1
9 Hyper-convergence solution 2
10 Rack cabinet system with servers and storage 1
11 UPS device 2
12 Servers 2
13 SAN switches 2
14 Storage Unit 1
15 Data Storage Type I 1
16 Data Storage Type II 1
17 Data Storage Type III 1
18 Data Storage Type IV 1
19 Tape Library solution 1
20 Rack 42U 6
21 2016
15 January Rack 24U 1 of 169
Page 169
406772580.doc
22 Rack UPS 5000VA 9
23 Rack UPS 3000VA 1

KURSEVI c4f Annexiitechspeciiitechoffer En-Lot 1

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

KURSEVI c4f Annexiitechspeciiitechoffer En-Lot 1

Încărcat de

Drepturi de autor:

Formate disponibile

ANNEX II + III : TECHNICAL SPECIFICATIONS + TECHNICAL OFFER

LOT 1 - Supply of Interoperability and ICT equipment

Columns 1-2 should be completed by the Contracting Authority

15 January 2016 Page 1 of 169

The following abbreviations are used consistently throughout the document:

15 January 2016 Page 2 of 169

2. Description and general Requirements

0 General requirements for hardware and system software

0.1 Project context:

0.2 Current status:

15 January 2016 Page 3 of 169

0.3 Project Objectives:

15 January 2016 Page 4 of 169

15 January 2016 Page 5 of 169

15 January 2016 Page 6 of 169

2. Ministry of Justice of RM (MoJ);

3. Financial Police Office (FPO);

4. Financial Intellegence Office (FIO);

5. State Commission for the Prevention of the Corruption (SCPC);

6. Supreme Court of RM (SC); Public Prosecutor’s Office of RM (PPO);

7. Agency for Management of Confiscated Property (AMCP);

8. Ministry of Finance; Customs Administration (CA) – CC already installed;

0.5 Project scope:

15 January 2016 Page 7 of 169

As a minimum the following deliverables have to be elaborated and implemented:

15 January 2016 Page 8 of 169

LOT 1 - Supply of Interoperability and ICT

1. Tower Server Quantity: 6 Tower Server - Quantity: 6

Manufacturer’s name: Manufacturer’s name: DELL

Product type, model: Product type, model: PowerEdge T630

Processor: 2 x Server Class CPU, Dell PowerEdge T630 Data Sheet

15 January 2016 Page 9 of 169

Operational memory: minimum 32GB Dell PowerEdge T630 Data Sheet

1.11 Dell PowerEdge T630 Data Sheet

15 January 2016 Page 10 of 169

1.14 12 x Windows Server 2016 Standard per Core 2 lic

2. Rack Server Type I Quantity: 3 Rack Server Type I - Quantity: 3

Manufacturer’s name: Manufacturer’s name: DELL

Product type, model: Product type, model: PowerEdge R730

Supporting documents for Dell

Chipset: minimum Intel C610 series Supporting documents for Dell

15 January 2016 Page 11 of 169

slots, upgradeable to minimum 1.5TB

Hard disks: minimum 2 x 300GB 15K Supporting documents for Dell

Supporting documents for Dell

Connections: minimum 5 USB ports, Supporting documents for Dell

Supporting documents for Dell

15 January 2016 Page 12 of 169

hot plug power supplies PowerEdge R730

Manufacturer’s name: Manufacturer’s name: DELL

Product type, model: Product type, model: PowerEdge R730

Supporting documents for Dell

Chipset: minimum Intel C610 series Supporting documents for Dell

Operational memory: minimum 192GB Supporting documents for Dell

15 January 2016 Page 13 of 169

Hard disks: minimum 2 x 400GB SSD Supporting documents for Dell

Supporting documents for Dell

Connections: minimum 5 USB ports, Supporting documents for Dell

Supporting documents for Dell

Power supply: minimum two redundant Supporting documents for Dell

15 January 2016 Page 14 of 169

total) or equivalent servers with 2 CPU – 8 CPU total) PowerEdge R730

Supporting documents for Dell