October 7
th, 2015
Subject: Philadelphia Works
To All Interested Vendors:
Philadelphia Works (“Client”) has retained Watchdog Real Estate Project Managers
(“Watchdog”) in connection with the construction/renovation project taking place at 5847
Germantown Ave in Philadelphia PA.
This Request for Proposal consists of providing the IT Infrastructure Setup and Ongoing
Support RFP requirements outlined in this RFP.
The completed Request for Proposal must be submitted no later than October 16
th, 2015 by
COB (5pm EST). We anticipate awarding the contract on or before October 20
th, 2015 by COB
(5pm EST).
Please submit one (1) PDF copy of your proposal to the following email address:
[email protected]
Sincerely,
Peter Kilty
Project Manager
Philadelphia Works Set Up & Recurring Service RFP
Invitation to Respond to Request for Proposal (RFP) I. Background:
A. “Client” is interested in acquiring IT Infrastructure Setup and Ongoing Support for their real estate project at 5847 Germantown Ave Philadelphia PA. The selected firm will enter into a contract with “Client” to provide complete requirement as outlined in this RFP.
B. Scope of Work:
Install, Configure, and Support:
1ea Cisco 2921 Integrated Services Router w/ 1ea Cisco EHWIC-1GE-SFP-CU and Cisco GLC-LH-SMD
1ea Cisco ASA 5515-X
1ea Barracuda Web Filter 410 - Security appliance
7ea Cisco Catalyst WS-C2960X-48FPS-L 48 port PoE+ switches w/ 12ea 10GB SFP Modules
1ea Dell VRTX Server with 3ea Blade Servers, Integrated Storage and Switch, w/ VMware vSphere 6 Essentials plus, Microsoft Windows Server 2012r2 Datacenter and Standard, and Dell AppAssure Advanced Data Protection Software (server configuration described below in “Exhibit-A”)
13ea Aerohive AP230 Wireless Access Points with Cloud Management 2ea APC Smart-UPS X 2200 Rack/Tower LCD – UPS for Network and Server
Equipment
5ea ASUS Desktop PC CHROMEBOX-M004U for Digital Signage using the Rise Vision Platform.
210 PC’s, w/ Windows 7 Pro OEM Licensing, Symantec Endpoint Protection - (v. 12.1) Clients, and Microsoft Office 2013 Pro (desktop configuration specifications below in “Exhibit-B”)
Ongoing monthly server and network support will be required to maintain the environment. This will include: Ongoing maintenance, patching and updates of the server hardware, VMware hosts, Windows Server OS’s, applications utilized to ensure the environment is backed up and recoverable, switches, router, firewall, web filter, wireless access points, security camera system, and scheduling desktop/server updates via the WSUS/WDS/VMware Update Manager servers.
Provide tier 2 and tier 3 support for the onsite tier 1 helpdesk support technician. The tier 1 helpdesk support technician is not part of this contract.
C. Point of Contact for this project will be: Watchdog Real Estate Project Managers
Peter Kilty Project Manager Tel: 215-625-8550 Cell: 267-322-1640
Email: [email protected]
II. Selection Requirements – Submission of Bids: A. RFP Response
received by or before the response deadline. It is essential that each prospective vendor submit its best response to this RFP on time.
a. The deadline for your electronic response to this RFP is October 16th 2015 U.S. Eastern
Standard Time
1) One (1) PDF copy of your proposal must be sent to the following email address: [email protected]
b. Requests for Information (RFI’s) about the details or scope of this RFP should be addressed to [email protected]
2. Please note a site visit to the project location is not required to respond to this RFP. B. General Response Requirements
1. All bidders are required to provide lump sum pricing for the specifications outlined in this RFP.
2. Provided for each bidder’s information in exhibit “A” is are the specifications for the server setup and support required in this RFP.
3. Provided for each bidder’s information in exhibit “B” is are the specifications for the desktop standardized image and support required in this RFP.
4. Provided for each bidder’s information in exhibit “C” is are the specifications for the network equipment setup and support required in this RFP
5. Your firm’s proposal shall include all labor, material, equipment and supervision necessary to complete the work as specified and referenced for the completion of the “Client” project. The following items clarify, but do not limit, the intent of this scope.
6. It is not intended that the drawing or scope of work cover every minor detail associated with the project. If a bidder determines the drawings are in error or incomplete, Watchdog should be contacted prior to submitting the bid. Additional costs for work required which is apparent will not be accepted.
7. By providing a proposal for this project, the contractor verifies that it has familiarized itself with the building regarding access, existing conditions, etc., and any costs associated with same are included in this bid.
C. Proposal Clarifications:
1. Exhibits A, and B of this RFP, the Scope of Work and the submitted Proposal will become part of the selected Vendors contract.
2. A proposal may not be modified, withdrawn or canceled by the bidder for a period of sixty (60) days following the aforesaid time and date designated for the receipt of the proposals. 3. “Client” shall have the right to reject any and all proposals.
4. Any exceptions to this RFP must be proposed in writing during the initial proposal submission period.
6. “Client” will not be liable for any proposal preparation costs or any delay in acting upon proposals.
7. “Client” will engage in individual negotiations with potential vendors deemed fully qualified, responsible and suitable on the basis of initial response.
D. Involved Parties:
a. Philadelphia Works; its Affiliates & Subsidiaries – Tenant b. Watchdog USA LLC – Project Manager
2. Certificates of insurance originals shall be delivered to “Client” prior to start of construction. Notification shall be provided to Watchdog and additional insured thirty (30) days prior to the expiration of the current policy(ies). Any material change or cancellation shall not be valid without thirty (30) days prior written notice to “Client”.
Exhibit “A” Server Setup and Support
The server setup consists of a Dell PowerEdge VRTX server chassis, which will contain 3 blade servers. 2 identical blade servers to be configured with VMware ESXi 5.5 or 6 hypervisor OS. The 3rd blade will be
a dedicated server for the Dell AppAssure Backup, Replication and Recovery function. The VRTX chassis built in storage array will be split between the virtual and backup environment to ensure that there’s ample storage for backups. The 2 ESXi servers will be managed by a vCenter Server Appliance (vCSA). It will be configured with vSphere HA and DRS, to ensure failover capabilities between the 2 hosts. The network configuration should be configured using vSphere’s Distributed Switch (VDS).
AppAssure backup server configuration: NW-911; OS: Microsoft Windows 2012r2 Server Standard, Applications: Dell AppAssure.
VMware Environment: OS - Microsoft Windows 2012r2 Server Datacenter; FQDN: NWCL.ORG Servers: 2ea domain controllers (NW-DC01 & NW-DC02) configured with the following services: AD Services, DNS, DHCP, and other required services/functions. Domain OU’s will be configured as follows: Computer OU will contain a Staff Computer OU, individual classroom/computer room OU’s. Users OU will be organized into a separate sub OU’s for “Staff” and “Clients”. Passwords policies will be set to enforce a minimum of 8 characters in length, with a complexity of at least 1 each upper and lower case letter, a number, and a special character. Passwords will be forced to changed every 60 days.
Print Server: NW-vPRINT. Printer mappings will be configured by group policy and security groups. vCenter Server Appliance (vCSA): NW-VCSA
DFS Servers: NW-SHARED01 & NW-SHARED02 (DFS Namespace should be “NWCL”). This will house staff home shares (H: drive), departmental shares, staff NWCL shares (S: drive), and a read only drive for “Clients” of the center (X: drive). All mappings will be configured through group policies and secured solely by security groups.
Symantec Endpoint Protection Server: NW-SHIELD, Symantec clients will be install on all servers an computers.
Radius Server: NW-ADFS01. WiFi authentication configured with Aerohive Hive cloud management. WSUS & WDS Server: NW-SUPPORT01. Desktop/Server imaging and OS patching
IT Supportive Server: NW-SUPPORT02. NetWrix Account Lockout Examine, Spiceworks for in-house trouble ticketing, and any other additional services needed to support the environment.
This is the minimum server requirement listing. As long as these minimum server requirements are met, and the VM environment resources are available, additional VM’s may be stood up to support the domain only with approval of Philadelphia Works IT manager. All server installations will be setup using industry best practices. This is to ensure a tight standardization between centers.
Exhibit “B” Desktop Setup and Support
The NE CareerLink desktops will be setup using 1 of 2 standardized Windows 7 Pro 64bit images. 1 image for “Staff” use, and 1 for “Client” use. These images will be setup and maintained by this contracted IT support vender. The image used for “Staff” computers will have installed: Windows 7 Pro x64 OEM, MS Office 2013 Pro x32, Symantec Endpoint Protection Client, IE11, Chrome Browser, latest Adobe: Reader, Flash (active-x and plugin), latest Java. Printers will be mapped via group policy using security groups. Client computers that will be located in computer labs, resource centers, and job clubs, will be configured with the same software as the Staff computer image, but will only have one mapped drive linked to a read-only share. The Client computer image will have the PA CareerLink logo for the desktop wall paper, and group policies to disable any attempted modifications to the computers, unless made by the centers network administrators in alignment with industry best practices.
Staff and Client users will not have any administrative rights on any center computes. All installation, updates, and patching will only be conducted by the centers onsite helpdesk support technician and/or this contracted tier 2 and 3 network administrators.
Exhibit “C” Network Equipment Setup and Support
The NE CareerLink network infrastructure will be setup in alignment with industry best practices. There will be 2 service routers at this site - 1 provided and maintained by the hosted VoIP provider for voice only, and 1 Cisco 2921 Integrated Services Router for the 100MB /29 fiber hand-off for internet
connectivity. The 2 routers will connect into a Cisco ASA 5515-X with FirePOWER Services. The Cisco ASA will be configured to an internal NAT of: LAN 10.x.x.x /16 (Hardwired LAN), Guest Wireless VLAN 200 /24(Isolated guest wireless internet), LAN Wireless (Internal LAN access from wireless), and MGMT. Intrusion, malware, and threat defense protection will be configured on the Cisco ASA using the
FirePOWER services. The ASA will connect into the Barracuda Web Filter 410 - Security appliance, which will be configured to secure internet access and monitor traffic. The web filter will then feed into 7 Cisco Catalyst WS-C2960X-48FPS-L 48 port PoE+ switches, and connected via 10GB SFP’s. The switches will require a configuration to support 84 PoE VoIP phones and over 210 computers. The VoIP phones will feed network access to 84 of the 210+ computers by daisy chaining 1 computer off 1 phone. The phones will be isolated on 1 VLAN, and the computers will be on a separate VLAN. Patch cables will be supplied by the network cable/low voltage contractor, and will be this contracts responsibility to patch the network equipment together in a neat and professional appearance, so as to promote good airflow and easy access to the equipment. 13 Aerohive AP230 Wireless Access Points with hosted online Hive Manager will be installed and configured by this contractor. The access points will be configured with 2 SSID’s (CareerLink-STAFF and CareerLink-GUEST) CareerLink-GUEST SSID will only have access to external internet (VLAN 200), but will still be managed by the Barracuda Web Filter. CareerLink-STAFF SSID will have normal LAN access. All wireless users will be taken to a login page to which will inform the user that they will be monitored while accessing this connection.
