Page 1 Rev. 03/07/2016
DEPARTMENT OF INFORMATION TECHNOLOGY
IT STRATEGIC SOURCING OFFICE
https://it.nc.gov/resources/it‐strategic‐sourcingSolicitation Addendum
Solicitation Number: 100049 Solicitation Description: RFI for Utility‐Based Computing and Cloud Computing Services Solicitation Opening Date and Time: June 7, 2016 at 2:00pm EST (New, see M1 below) Addendum Number: 01 Addendum Date: May 23, 2016 Purchasing Agent: Leroy Kodak, Contract Specialist leroy.kodak@nc.gov 1. This addendum does not need to be returned. 2. The solicitation is hereby modified as follows: M1. The Opening Date for this RFI has been changed to Tuesday, June 7, 2016 at 2:00pm EST 3. Following are questions received about the solicitation and the State’s answers to the questions. [If no questions were received, delete this section.] Q1. In the event the Department decides to move forward with procurement, is there an estimated time frame available for when the solicitation might be issued? A1. Not at this time. Q2. Has any funding been allocated and if so, from where (budget, grant, etc)? If not, where does the Department anticipate looking for funding? A2. No funding has been allocated. Information provided by responses to this RFI will inform the potential future direction. Q3. Does the Department have an estimated cost, or desired not to exceed contract amount in mind for this and if so, how much? A3. Not at this time. Q4. Who is the project manager/technical contact? A4. N/A, this is an RFI only. Q5. How is the State currently managing the need? A5. Limited exposure at this time to utility‐based computing and cloud computing service models. Q6. FedRamp – What portions of the infrastructure will require specific requirements around HIPPA, PCI and FedRamp? A6. Respondents to any potential future Request for Proposals (RFPs) would need to ensure compliance with FedRAMP standards; see https://www.fedramp.gov/.Q7. Hybrid Model – Would the preference of the State be to act as the cloud broker, or have the vendor act as the cloud broker – hybrid, dedicated, public. A7. The State is looking at all models and to understand the benefits of all cloud models and cloud roles. Q8. AWS & Azure Integration – Will cloud computing vendor be required to integrate with existing SoNC AWS & Azure architecture? If so, how? A8. The State is interested in how this might occur. Q9. Enterprise Architecture – Does being on‐net with a cloud and hosting provider provide any added benefit as the State continues to build your Enterprise Architecture? A9. Although not required, the State acknowledges some additional benefits of an On‐Net relationship with a cloud vendor and is interested in learning how these may be realized. Q10. Is the State looking for the vendor to provide managed applications i.e. SQL Server, Citrix, Oracle, WebLogic, ERP? A10. The State is interested in hearing about service offerings within the market for IaaS, PaaS, and SaaS solutions. Q11. Is the state looking for a vendor to host and manage equipment and applications that don’t virtualize well i.e. Hybrid IT? A11. While the RFI is focused on cloud services, the vendor may include traditional hosting services if desired. Q12. Can the state provide an application flow diagram? If not, is the State interested application infrastructure design assessment? A12. Not at this time; not within scope of RFI. Q13. What are the State's policies with respect to requirements for where data resides? Are there requirements for the data to remain?
A13. See http://it.nc.gov/statewide‐resources/cybersecurity‐and‐risk‐management, Statewide Information Security Manual, http://it.nc.gov/document/statewide‐information‐security‐manual; North Carolina General Statute § 143B (including but not limited to 143B‐1376),
http://www.ncleg.net/gascripts/statutes/Statutes.asp. Data must also reside within the United States.
Q14. What are your requirements for CJIS (Criminal Justice Information Services) workloads?
A14. See FBI CJIS Security Policy: https://www.fbi.gov/about‐us/cjis/cjis‐security‐policy‐resource‐center;
https://www.fbi.gov/about‐us/cjis/RequirementsDocument.pdf. Q15. Please describe your current use of Cloud providers with regards to IaaS, PaaS, SaaS, and BPaaS, both hosted by the State and hosted by third party providers? A15. Limited exposure at this time to utility‐based computing and cloud computing service models. Q16. Do you currently have a services catalog and if so, how is it deployed (on premise, SaaS Shared, SaaS Dedicated)? If so, are there any concerns or challenges you have experienced with it? A16. See http://it.nc.gov/services/service‐directory.
Q17. Has the State deployed on premises any other Cloud Suite or Ecosystems such as VMWare or OpenStack? If so, please describe your deployment and use; ‐ within the state? ‐ within a State owned/run data center? ‐ other? A17. Not at this time; not within scope of RFI. Q18. Is cost the main driver for the State to be considering Cloud? A18. Cost is one factor, however, the purpose of this RFI is to help identify other potential drivers. Q19. Can you please let us know the backup software, e.g., Symantec NetBackup, CommVault Simpana, etc., used by the North Carolina DIT? A19. The State is interested in learning what cloud backup solutions are available in the marketplace. Q20. Is it North Carolina DIT’s intent to establish a chargeback mechanism for agencies or will agencies be able to contract for services directly? Or will it be a combination of the two? A20. Yes, primarily chargeback. However, the State is interested in learning about all options available and benefits. Q21. Would the North Carolina DIT please consider extending the due date to Tuesday, 7 June? A21. Yes, see M1 above. Q22. What NC Utilities will be using these services? Can you provide the following information on these Utilities: ‐ Location ‐ Number of customers served ‐ Number of Meters – how many are AMI and how many are AMR? ‐ Number of Users ‐ Number of Mobile Technicians A22. Please review the specific information requested in the solicitation. Q23. Will this RFI consider both on premise as well as off premise Cloud solutions? A23. Yes. Q24. Is a fully managed offering by the vendor a requirement? A24. There are no requirements, this is an RFI. Q25. What cost factors/pricing should be used to calculate savings and TCO/ROI for the implementation of utility computing (compute, network, storage, backup, etc) in comparison to the chargeback cost model used today by DIT in the current data centers? A25. Information learned here will be used to inform future rate structures. Q26. Can the state specify key uses cases, volumes and timelines for their utility computing applications (e.g. seasonal processing fluctuations or offsite backups) so that vendors can respond with the most appropriate service offerings to meet the State’s needs? A26. Not at this time.
Q27. Does the state have a hybrid cloud breakout of private cloud versus public cloud usage and a plan / timeline for migrating specific applications and workloads into the cloud? A27. No timeline has been established. Q28. What is the states timeline for implementing a solutions that would deliver an offering as described within? A28. No timeline has been established. Q29. How many agencies will this encompass throughout the State? A29. See North Carolina General Statute § 143B (including but not limited to 143B‐6), http://www.ncleg.net/gascripts/statutes/Statutes.asp. Q30. Will this be a centrally managed practice that you are looking to implement, or would this be focused and managed by individual agencies or locations? A30. The State will be considering all delivery and service models. Q31. Would you like to include other OEM's equipment into such a model as well, or would this be just [Manufacturer Name] equipment only? A31. The State has no specific requirement for a particular brand of equipment. Q32. You state that "A comprehensive, detailed equipment list including hardware and software required for the proposed solution should be provided. All equipment identified in the response must be commercially available and in general distribution." We would need to know where, how, and at what kind of capacities you are going to be needing in order to begin any hardware recommendations. Are you able to provide your full detailed list of your datacenter, and agency locations, and all other locations to be included within scope, including make and model, so we would have a better understanding of what would be needed? A32. The intent of this RFI is to understand what the deployed solution might look like from the vendor’s perspective. Q33. Will preference be given to a comprehensive utility‐based computing that offers compute (servers and blades, storage, networking, SAN, converged (compute, storage, networking), hyper‐converged, and other platforms (hardware, software, installation, services, and support) as a monthly per unit usage cost? A33. There will be no evaluation or preference given, this is an RFI only. Q34. What is the form of the agreement the State anticipates for receiving utility‐based computing ‐ amendment to existing master purchase or service agreement, Statement of Work, etc.? A34. This is an RFI only. Q35. Will the State require that the supplier own the equipment used to provide utility‐based compute to the State? A35. There is no requirement at this time. Q36. Are any up‐front, true‐up, or other fees outside the monthly per unit usage cost acceptable to the State? Will the State require that unit costs are disclosed up‐front for the term duration? A36. There is no rate structure established at this time. Q37. Will suppliers be allowed to source any or all of the utility‐based capacities from sources external to the supplier?
Q38. Does the scope include delivering utility‐based computing as a managed service (operations and other services provided beyond infrastructure‐as‐a‐service) to the State? A38. The State is interested in hearing about service offerings within the market for IaaS, PaaS, and SaaS solutions. Q39. By participating in this RFI, will [Vendor Name] be conflicted out of any resulting procurements relating to this subject? A39. No. Q40. Is the State looking for sample terms and conditions to go along with informational responses, or is the State’s intention to utilize DIT’s standard terms? A40. There are no Terms and Conditions associated with this RFI. Q41. Are there any legal restrictions or statues that will prohibit the State of NC from using hosted services that are located out of the State of NC?
A41. See http://it.nc.gov/statewide‐resources/cybersecurity‐and‐risk‐management, Statewide Information Security Manual, http://it.nc.gov/document/statewide‐information‐security‐manual; North Carolina General Statute § 143B (including but not limited to 143B‐1376), http://www.ncleg.net/gascripts/statutes/Statutes.asp. Data must also reside within the United States. FBI CJIS Security Policy, https://www.fbi.gov/about‐us/cjis/cjis‐security‐policy‐resource‐center; https://www.fbi.gov/about‐us/cjis/RequirementsDocument.pdf. Failure to acknowledge receipt of this addendum will not result in rejection of the response. Check ONE of the following options: ☐ Bid has not been mailed. Any changes resulting from this addendum are included in our bid response. ☐ Bid has been mailed. No changes resulted from this addendum. ☐ Bid has been mailed. Changes resulting from this addendum are as follows: