INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE BAC4IGOV-2015-10-044
Page 95
Page 1 / 8
Supply, Delivery, Installation and Configuration of Modular Application Delivery Controller System
ITEM MINIMUM TECHNICAL SPECIFICATIONS STATEMENT OF COMPLIANCE 1. Background
The One (1) Lot of the Modular Application Delivery Controller System will be used for the Integrated Government Philippines (iGovPhil) project mainly for handling traffic, load balancing and firewall. This lot has one (1) chassis and two (2) blade servers as its main hardware components. These blade servers are to be configured for high availability/redundancy by the winning bidder. Also, the winning bidder must be able to setup the hardware and install the software mentioned in this terms of reference.
2. Hardware Specifications
2.1. The Module Application Delivery Controller System shall consists of one (1) chassis and two (2) blade server units.
2.2. The chassis unit shall have the following minimal specifications:
2.2.1. Dimension / Form Factor
2.2.1.1. Can support up to four (4) blade server units 4U industry standard rack-mount chassis
2.2.2. Power Supply
AC power supply
One to two 100-127 VAC (1200W)/200-240 VAC (1400W)
auto ranging (80+ Gold Efficiency) 2.2.3. Operating
EN 60950-1:2006, 2nd Edition Evaluated to all CB Countries
UL 60950-1, 2nd Edition, CSA C22.2 No. 60950-1-03 2.2.6. Certifications
EN 300 386 V1.3.2 (2003-05) EN 55022:2006 + C1:2006 EN 61000-3-2:2000
EN 61000-3-3:1995 +A1:2000 EN 55022:2006 + C1:2006 Class A EN 61000-3-3:1995 +A1:2000+ A2:2005 EN 55024:1998 +A1: 2001 +A2:2003
INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE BAC4IGOV-2015-10-044
Page 96
Page 2 / 8 ITEM MINIMUM TECHNICAL SPECIFICATIONS STATEMENT OF
COMPLIANCE 2.2.7. Accessories Two (2) pieces power cord (C13-C14 connectors)
2.3. Each blade server units must posses the following minimal specifications:
2.3.1. Intelligent Traffic Processing 1M L7 requests per second 1M L4 connections per second 400K L4 connections per second 7M L4 HTTP requests per second 24M max L4 concurrent connections 40 Gbps L4, 18 Gbps L7
400 Mbps included compression 10 Gbps maximum hardware compression
Included SSL TPS: 4,000/Blade Maximum SSL TPS: 10,000 TPS (2K keys)
Bulk crypto: 9 Gbps
2.3.2. Hardware DDoS Protection Hardware SYN cookies: 40M SYN cookies per second
2.3.3. Software Architecture 64-bit Operating System 2.3.4. Visualization (Max Number of
Guests) 32 (8 per blade)
2.3.5. Processors One (1) Intel quad core Xeon processor (total 8 hyperthreaded logical processor cores)
2.3.6. Memory 32 GB
2.3.7. Hard Drive Capacity 400 GB solid state drive
2.3.8. Network Interfaces One (1) 10/100/1,000 Mbps Ethernet management port
Eight (8) 1,000 Mbps/10 Gbps SFP+ ports
(Optional 1G SFP fiber SX or LX) or copper RJ45 transceivers, 10G SFP+ SR or LR, 10G copper direct attach)
INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE BAC4IGOV-2015-10-044
Page 97
Page 3 / 8 ITEM MINIMUM TECHNICAL SPECIFICATIONS STATEMENT OF
COMPLIANCE 2.3.9. Accessories Eight (8) pieces 10GBASE-SR 850nm
transceivers 3. Hardware upgrades
3.1. The Modular Application Delivery Controller System hardware upgrades must have the following minimum specifications:
3.1.1. Portable LCD upgrade per chassis
3.1.2. Sixteen (16) pieces 1000BASE-T SFP transceivers 4. Software Features
4.1. The Modular Application Delivery Controller System Software must provide for the following minimum features and functionalities:
4.1.1. Application Traffic
Management Intelligent load balancing
Application protocol support (HTTP 2.0, SPDY 3.1, SSL/TLS 1.3, SIP, etc.)
Application health monitoring
Application connection state management 4.1.2. Application
Delivery Optimization Symmetric adaptive compression
RAM cache and compression
Bandwidth controller
TCP optimization
HTTP 2.0 and SPDY gateway 4.1.3. Secure Application
Delivery SSL connection and session mirroring
SSL/TLS encryption offload (hardware
accelerated)
Algorithm agility (GCM, ECC, Camellia, DSA, RSA)
Suite B support including Forward Secrecy
Internal/Network/Cloud HSM (FIPS 140-2)
SSL visibility (inbound/outbound) 4.1.4. Application
Visibility and Monitoring Analytics dashboard
Performance dashboard
High-speed logging
sFlow telemetry
SNMPv(1,2c,3) support
Syslog support
INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE BAC4IGOV-2015-10-044
Page 98
Page 4 / 8 ITEM MINIMUM TECHNICAL SPECIFICATIONS STATEMENT OF
COMPLIANCE 4.1.5. Programmable
Infrastructure Support for scripting to provide data plane programmability
Support for event-based control-plane scripting
Support for app-level configuration management and deployment
Provides SOAP and REST Management API
Support for programmable monitors 4.1.6. Scalable
Infrastructure On-demand scaling
All-active application clustering
Operational scaling (multi-tenant and virtualization)
Advanced Routing (BGP, RIP, OSPF, ISIS, BFD)
SDN Services license (VXLAN, NVGRE) 4.1.7. Web Application
Firewall (WAF) Deployment
Rapid deployment wizard with self-help hints
Manual and automated unified learning and policy building
Route domain support
4.1.8. WAF Security L7 DoS and DDoS detection (HASH DoS, Slowloris, floods, Keep dead, XML bomb)
Web scraping prevention
OWASP top 10 prevention
Automated attack defense and bot detection
Advanced protections against threats (web injections, data leakage, session hijacking, HPP attacks, buffer overflows, shellshock)
Geolocation blocking
IP Intelligence
SSL termination with re-encryption
Security incident and violation correlation
Client-side certification support
LDAP, RADIUS client authentication
Database security
Response checking
Violation risk scoring
Web Service encryption and decryption with signature validation
Device-ID detection and finger printing
Live signature updates
INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE BAC4IGOV-2015-10-044
Page 99
Page 5 / 8 ITEM MINIMUM TECHNICAL SPECIFICATIONS STATEMENT OF
COMPLIANCE
4.1.9. WAF Reporting,
Analytics and Others Customizable charts and reports
Security overview report
Combined network and application attack report
WAF health monitoring
Compliance support (PCI-DSS, HIPAA, SOX, Basel II)
Central management and reporting with role-based access control
Automatic Policy sync between WAF devices
Fast cache integration
SNMP Reporting
REST API
ICAP Support
DAST Integration Fraud protection
Multi-tenancy
High-availability
Application acceleration
TCP optimization
Advanced rate shaping and QoS
IPv6 gateway
IP port filtering
VLAN support
Secure SSL certificates 4.1.10. Application Traffic
Optimization Manager DNS prefetch
Concatenation
Smart Browser Referencing
Intelligent Smart Client Cache
Image optimization
Content reordering
Dynamic caching/deduplication
Multi-protocol optimizations (HTTP, FTP, MAPI, UDP)
Forward error correction
Parking Lot (GET request queuing)
MultiConnect
PDF Dynamic Linearization
Pre-defined and generic acceleration policies for ease of configuration
Performance dashboard
Flexible deployment (system and asymmetric)
Scalable clustering
INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE BAC4IGOV-2015-10-044
Page 100
Page 6 / 8 ITEM MINIMUM TECHNICAL SPECIFICATIONS STATEMENT OF COMPLIANCE
4.1.11. Firewall Protection and Management
Protocol anomaly detection
(SYN/ICMP/ACK/UDP/TCP/IP**/DNS/ARP)
L4 DoS and DDoS protection
SSL DoS and DDoS protection
DNS and DDoS protection
HTTP DoS and DDoS protection
SSL reverse proxy
IP reputation and geolocation (including identifying Tor proxies, malware, and command-and-control servers)
Central management with role-based access control
SNMP reporting
DDoS traffic sampling 4.1.12. IPsec
Configuration Site-to-site
Manual, Internet Key Exchange (IKEv1 and IKEv2) keying methods
Authentication methods (Preshared key, RSA signature)
Diffie-Hellman groups 1, 2, 5, 14, 15, 16, 17, 18
Encryption algorithms (3DES, 128, AES-192, AES-256,
AES-GCM-128, AES-GCM-256)
Hash/HMAC algorithms (SHA-1, AES-GMAC-128, AES-GMAC-192, AES-GMAC-256)
INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE BAC4IGOV-2015-10-044
Page 101
Page 7 / 8 ITEM MINIMUM TECHNICAL SPECIFICATIONS STATEMENT OF
COMPLIANCE
Security control in creating policies and blocking requests from rogue sites
Packet filtering
Protcol inspection and validation
High-speed response and DDoS attack protection with in-memory DNS
Authoritative DNS replication in multiple DNS service deployments
Authoritative DNS and DNSSEC (secure responses) in virtual clouds for disaster recovery and fast, secure responses
Authoritative DNS hyperscaling up to 200 percent to absorb DDoS attacks
Reducing latency and hyperscaling DNS caching
Stateful inspection (never accepts unsolicited responses)
ICSA Labs certification
Scalable across devices
DDoS threshold alerting
Blocking access to malicious IP domains
DNS caching (transparent cache, hot cache, resolver)
DNS attack protection
DNS load balancing
DNS record type ACL
DNS logging and reporting
DNSSEC response rate limits
DNSSEC signing
DNSSEC centralized key management
Global load balancing (round robin, global availability, LDNS persistence, application availability, geography, virtual server capacity, least connections, packets per second, round trip time, hops, packet completion rate, user-defined QoS, dynamic ratio, LDNS, ratio, kbps)
Dynamic ratio load balancing
Wide area persistence
Geographic load balancing
Custom topology mapping
Infrastructure monitoring
SNMP management application support
IPv6/IPv4 support
IP Anycast support
Web-based user interface and command-line interface
Automated setup and synchronization
Retrievable configuration
Data center and sync groups
Distributed application management
815,000 maximum query response per second
INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE BAC4IGOV-2015-10-044
Page 102
page 8 / 8 ITEM MINIMUM TECHNICAL SPECIFICATIONS STATEMENT OF
COMPLIANCE 4.1.14.
Virtualized Hypervisor Processing
Enables multiple virtual guWarranty and Support
Three (3) year hardware warranty and technical support
The winning bidder shall provide technical services and RMA support backed by a maintenance
agreement specifying the terms and conditions of the warranty period and coverage. The maintenance agreement shall at least provide for the following services:
5 x 10 support availability by phone or email (8 a.m.
- 6 p.m., Monday to Friday, Philippine Standard Time)
Unlimited access to the online knowledge base portal
Unlimited access to the online web support portal
est instances
Per-guest limiting for bandwidth and SSL
Multi-tenant partitions and route domains 5. Warranty and Support
5.1. Three (3) year hardware warranty and technical support
5.2. The winning bidder shall provide technical services and RMA support backed by a maintenance agreement specifying the terms and conditions of the warranty period and coverage. The maintenance agreement shall at least provide for the following services:
5.2.1. 5 x 10 support availability by phone or email (8 a.m. - 6 p.m., Monday to Friday, Philippine Standard Time)
5.2.2. Unlimited access to the online knowledge base portal 5.2.3. Unlimited access to the online web support portal
5.2.4. The winning bidder shall dispatch and respond to site down calls within 1 hour after the incident has been escalated by phone or email to the proper support channel.
6. Training
6.1. The winning bidder must include the provision of comprehensive training and professional certification to at least two (2) iGovPH staff on how to operate and maintain the platform.
Name of Company Signature Over Printed Name
Of Authorized Representative Date
INFORMATION AND COMMUNICATIONS TECHNOLOGY OFFICE BAC4IGOV-2015-10-044
Page 103