Request for Proposals for Data Center/Mainframe Hosting
Solution
PROPOSALS DUE:
June 4, 2013 @ 5:00PM (PST)
Provided to (Company):
Accepted by (Representative):
Request for Proposals for Data Center/Mainframe Hosting Solution Page 1
Table
of
Contents
Instructions ... 2 Overview ... 3 Purpose ... 3 Requirements ... 3Respondents Business overview ... 4
Questionaire ... 5 Hardware ... 6 Software ... 6 Support ... 7 Client Management ... 8 Migration... 8 Disaster Recovery ... 9 Facility ... 10 Security ... 10
Software applications currently in use: ... 11
Request for Proposals for Data Center/Mainframe Hosting Solution Page 2
XyberNET Inc. ‐ Data Center RFP
Instructions
Deadline for submission of questions by candidates – 05/24/2013 EOD (PST)
Responses to questions to be returned no later than – 05/28/2013 10:00am (PST)
An original proposal must be signed and delivered to the address below by 5:00pm (PST)
on 06/04/2013.
An electronic copy must also be emailed to: Sales@Xyber.net
Respondents may mail or deliver three (3) printed copies of their proposals to:
XyberNET
10640 Scripps Ranch Blvd
San Diego, CA 92131
XyberNET will review completed RFP responses during the week of June 4th and contact
selected candidate companies on June 10th or June 11th to schedule interviews.
Interviews will be completed by June 21st and final candidates will be selected by June
28th. Contract negotiations will be conducted during the month of July.
XyberNET will not be responsible for any Proposal(s) that is (are) lost in the mail or not delivered by the stated deadline for any reason.
XyberNET is not held liable for any costs incurred by any respondents to this RFP, during
the preparation or delivery of their responses. Costs incurred are the sole responsibility
of the vendor.
XyberNET reserves the right, at its sole discretion, to reject any/all Proposals or to
cancel this RFP in entirety as determined to be in XyberNET’s best interests. Any
Proposal received which does not meet the requirements of this RFP, may be
considered to be non‐responsive, and the Proposal may be rejected. Proposers must
comply with all of the terms of this RFP and all applicable Federal, State and Local laws
and regulations.
XyberNET reserves the right, at its sole discretion, to waive any technicality in Proposals
provided such action is in XyberNETs best interest. Where XyberNET waives minor
technicalities in Proposals, such waiver does not modify the RFP requirements or excuse
the proposing Firm from full compliance with the RFP. Notwithstanding any minor
technicalities, XyberNET may hold any Firm to strict compliance with the RFP.
Request for Proposals for Data Center/Mainframe Hosting Solution Page 3
Overview
XyberNET is looking for the ideal outsourcing data center to meet both our current and
future needs. XyberNET has been in business for over 30 years and is the leading
provider of software and services to the insurance vertical. We specialize in, but are not
limited to, products and support for credit insurance, debt protection and P&C business.
Our client base is split between companies that license and install our software products
in their own environments and those that utilize our software products through our
Application Service Provider (ASP) services. XyberNET’s business model includes
licensing software, ASP services, annual maintenance agreements and a variety of
professional services such as custom programming, training and consultation. We
maintain a full staff of professionals that are available to do the various support work.
For our ASP clients, we provide Production Control services as well.
Overall, XyberNET has approximately 20 clients located throughout North America, with
potential for additional international clients. We are looking for a business partner that
can support us in both a production environment, servicing several clients, as well as a
full development environment. Security and connectivity reliability are both crucial to
our business as ours is a 24/7 environment.
Our core software products run on an IBM mainframe, using Cobol, VSAM and DB2. We
also have products that are run on SQL Server as well as ASP.NET web products. We are
at a crossroads and are looking for a data center that wants to move forward with us.
With less than 20 employees we are a small shop, but our client base includes some of
the biggest names in the industries we support. We are currently on older releases of
many of the software products we use, which is holding us back from some of the
projects we have on our docket. We are looking for a well‐staffed, forward thinking,
reliable and proven data center to support our needs.
Purpose
The purpose of this RFP is to determine whether or not the ideal business partner is out
there and available to us. It is our desire to move to completion on this process within a
3‐4 week timeframe, so, if you are interested in participating, we ask for quick
turnaround from you. If you choose not to participate, please email that information to
us and return the RFP to our attention.
Requirements
XyberNet has long relied upon mainframe processors to conduct business for itself as
well as its client base. Current mainframe processing is performed on an IBM z9
processor running OS release 1.7 in a single 100 MIP LPAR with a total memory of
Request for Proposals for Data Center/Mainframe Hosting Solution Page 4
is no longer adequate for our needs, we are looking for a larger, faster environment
closer to the 150 MIP range.
XyberNet supports multiple ASP clients with client access to multiple CICS v2.3 regions,
as well as TSO. In total there are 25 active CICS regions with another 16 regions which
may be activated for special release level activities at any time.
Clients access the system through secured VPN connections and/or TN3270 over the
internet using SSL. XyberNet provides FTPS services to its client base and it is imperative
that any new data center relationship provide this and other secured protocols to the
mainframe.
Client connectivity and online availability is critical to the success of this company. One
critical aspect of this relates to the processing of client batch cycles during off hours. As
such, XyberNet requires 24 hour production control and technical support from its
vendor of choice. This includes the monitoring and notification of batch processing
activities during second and third shifts to insure that all cycle activities and online
systems are available to our clients by their specified time.
XyberNET’s DASD farm is approximately 2TB in size, this includes volumes specifically
allocated for system services (HSM, VTS, SYSRES), development and client production
environments. These environments are SMS managed. The tape farm consists of
approximately 18,000 in‐house tapes, with the vast majority allocated to HSM and for
offsite storage. XyberNET is very interested in pursuing a tapeless environment and the
selected vendor must be able to accomplish the transition to this environment within 1
year. This would also involve the expansion of the current DASD farms for VTS, HSM
and others to conform to the new structure. As part of this transition, XyberNET is also
interested in the electronic transmission of critical production and system related files
to a secured offsite storage location.
Annually, XyberNET performs its Business Continuity testing. This testing includes not
only validating our ability to perform functions in support of our development needs,
but also functions related to the production support of our clients. We also invite our
clients to participate in the testing of their environment during this period as well. This
test normally occurs during the September to October timeframe (for a period of 2
days). It is preferable that the selected vendor have an established B.C. site to perform
this testing.
Respondents
Business
overview
Please provide an overview of your business and the solutions you provide. Include all
lines of business and a short description of each.
Request for Proposals for Data Center/Mainframe Hosting Solution Page 5
Questionaire
(We request that vendor candidates’ answers be as detailed as possible)
1. Define your corporate structure to include:
a. Ownership structure of your company, including any parent companies.
b. How many data centers to you have?
c. Where are the data centers located?
d. Where are your corporate headquarters located?
2. How long have you been in business as a data center?
3. How long has your data center, or data centers, been in their current locations?
4. How many data center related clients do you service?
a. Please provide a breakdown of how long your clients have been utilizing
your data center services.
5. What contract terms, in years, do you offer your clients?
6. What percentage of your clients renew their contracts for your services?
7. What percentage of your renewals are multiple year contract renewals?
8. How many clients do you provide combination mainframe and server based
hosting services for; meaning they themselves are service providers to their
clients?
9. Do you have existing clients that, in addition to developing mainframe
applications, host these production applications and data for their client base on
your systems?
10.What kinds of businesses do you support?
11.To what professional organizations do you belong?
12.How do you stay abreast of new ideas and current trends?
13.Are you an IBM business partner?
a. If yes:
i. What level?
ii. Explain how your company complies with IBM standards
iii. What requirements does your company fulfill in order to maintain
its partner status, and how often?
iv. How long has your company held “Business Partner” status?
b. If no:
i. Explain how your company complies with IBM standards?
ii. Explain how your company leverages 3rd party IBM partners in
support of your clients?
iii. What SLAs are in place to govern the relationship with your 3rd
party IBM partner(s)?
iv. Does your company contact IBM directly for assistance or work
solely through business partner(s)?
14.What technical certifications do you require your staff to obtain and maintain?
15.Please provide an overview of your current staff that would be supporting our
business, broken down by primary functions.
16.What is your Full Time Employee to Contractor ratio?
Request for Proposals for Data Center/Mainframe Hosting Solution Page 6
18.What data management and datacenter environment certifications does your
company have?
19.Does your facility meet SAS70/SSAE16 requirements?
a. Please explain
b. How often do you complete SAS70/SSAE16 audits?
20.Does your facility meet ISO9000 requirements?
a. Please explain
21.Is your facility PCI compliant?
a. Please explain
22.Is your facility HIPPA compliant?
a. Please explain.
23.Will you allow XyberNET or a XyberNET specified third party vendor to perform
regularly scheduled audits for the purposes of validating adherence to mutually
agreed upon SLAs for hardware, software, mainframe and network topology
configurations and updates?
24.Are your facilities completely redundant?
Hardware
1. Please describe your hardware maintenance philosophy related to mainframe,
server and network appliances.
2. Please describe your mainframe processing capabilities
a. How many and what type of mainframe computers are installed at your
facility?
b. How many of these systems are shared, versus client specific?
3. Describe your peripheral environment
4. For shared mainframe systems, please describe your methodology for dividing
up the system and ensuring enough processing power for normal, peak and
excessive processing demands.
5. Can you provide, and support, a XyberNET specific LPAR with multiple
development and production regions?
6. Do you allow clients to perform regularly scheduled audits to confirm hardware
maintenance, updates and configurations meet the agreed to SLA requirements?
7. Can you provide Network Time Server services on the mainframe and NTP? Software
1. Please describe your software maintenance philosophy as it relates to:
a. Mainframe, network, peripheral, data center firmware
b. IBM operating system updates
c. Mainframe utilities
d. All other programs running on the mainframe.
2. Do you have currently installed security certificates issued based on 2048 bit
Request for Proposals for Data Center/Mainframe Hosting Solution Page 7
3. What is the highest level of security encryption and what algorithms are
supported for SSL certificates?
4. Do you notify clients when software applications such as operating systems,
system utilities and other “data center managed” applications are due for
upgrades?
5. Will you allow XyberNET or a XyberNET specified third party vendor to perform
regularly schedule audits to validate software applications meet agreed to SLA
requirements?
6. How would you structure XyberNET access to enterprise software licenses?
7. How do you manage recommendations for software; i.e. if there is a software
package that could perform better or better suit our needs, how would you bring
this to our attention?
8. How do you manage software inventory in production and dormant and provide
consultation on the usage of these applications?
Support
1. Do you provide on‐site 24X7 support?
a. If yes, please explain your existing support structure for
i. Mainframe services
ii. Hosted server services
iii. Network services
iv. Monitoring of operating system consoles
v. Monitoring of jobs and critical applications
vi. Supporting scheduled processing of batch jobs and backups
inclusive of re‐run/re‐start procedures and problem resolution
vii. Documenting cause and nature of both scheduled and
unscheduled outages
viii. Responding to system messages and requests for resources as
required
ix. Reporting equipment malfunctions and contacting client when
appropriate
x. Daily incremental backups and full volume backups.
2. Will you provide on‐site operational support for our production cycles 24/7?
3. What are your standard response commitments to system administration and
ongoing engineering change requests?
4. Please provide an example of your standard SLA’s for hosting services to include:
a. Response times on issues resolution
b. System availability
c. Change requests, such as port assignments
d. Updating network settings on the mainframe, including but not limited
to:
i. DNS server settings
Request for Proposals for Data Center/Mainframe Hosting Solution Page 8
iii. IP addresses/subnet mask
iv. Gateway
5. Do you support “Defense in Depth”, mainframe security through host‐based
firewall, credentialing and permissions?
6. Will you respond to regular security questionnaires submitted by XyberNET?
7. Do you provide SSL Services utilizing security certificates issued by commercial
Certificate Authorities to support:
a. FTPS (Port 992)
b. TN3270 (Port 990)
c. HTTPS for web and CICS
d. Other services
8. Can your company support:
a. Taking custody of XyberNET’s equipment in the current datacenter and
spearhead its migration to your facility?
b. Ongoing shipping and packaging, on request, of network appliances,
peripherals and servers?
c. Provide, as needed, installation of XyberNET owned servers, network
appliances, power management and peripherals and comply with and
maintain a documented network topology?
d. Provide power cycles to XyberNET hardware 24x7 upon request?
e. Supplying rack systems for Dell rapid rails, standard racks and rack
support for XyberNET appliances?
9. Do you foresee the need to add staff to support our business?
10.What metrics do you provide to your customers for monitoring system
performance and processing times for both mainframe and non‐mainframe
applications and hardware?
11.Provide a list of performance monitoring tools used at your data center.
12.Describe the reporting that can be generated and provided to your clients and
on what frequency.
13.Describe your process for validating fixes, prior to implementation into your
clients production environments.
14.Do you have an on‐site test lab which would enable your engineers to trouble‐
shoot outside of the production environments?
15.Please explain your change management process.
ClientManagement
1. What is your overall approach to managing your clients?
2. What are your overall goals of Client Management?
3. Do you assign an Account Manager to each client? If so, please elaborate on the
role of this individual. Migration
1. Describe how your company would manage the migration of XyberNET’s
Request for Proposals for Data Center/Mainframe Hosting Solution Page 9 a. Hardware b. Software c. DASD farm d. Tape silo e. Servers f. Network equipment
2. If the migration includes any form of electronic data transmission, how would
you ensure the security of the data during transmission?
3. What security measures would be invoked for the physical transfer of data
contained on tape or other medium, between facilities?
4. When was your last client migration?
a. What was involved?
b. How how long did the exercise take to complete?
c. Was the migration completed as scheduled?
d. What were some of the challenges faced?
e. Please describe the team your company assembled to handle the
migration (Please include number of team members, roles and
responsibilities).
DisasterRecovery
1. Please provide an overview of your disaster recovery capabilities to include:
a. Do you provide 24 hours disaster recovery response?
i. Please describe.
b. What disaster recovery certifications are in place?
c. Where is your disaster recovery facility located?
d. Type of mainframe and server hardware located at your disaster recovery
facility.
e. Staffing
2. Does your disaster recovery facility maintain mirror images of production
systems and data, or just backup data?
3. If mirror images are maintained, how often are the images refreshed from
production?
4. In the event of a disaster, can full production services be switched over to the
disaster recovery systems, and how quickly?
5. Does your company have a documented disaster recovery and business
continuity plan?
a. Please provide a summary of how applications/system functionality and
data would be restored for XyberNET Inc. and its clients according to this
plan.
6. How do you determine priority order for bringing your client base up?
7. How often are your disaster recovery procedures tested and what is your test
execution success criteria?
Request for Proposals for Data Center/Mainframe Hosting Solution Page 10
Facility
1. Does your facility provide direct fiber connection from the hosted mainframe to
XyberNET’s firewall and from XyberNET’s firewall to a supplied ISP?
2. Please provide an overview of your facilities electrical power capabilities in
relationship to power consumption needs, including emergency backup power
resources.
3. Will you supply dedicated power circuits to XyberNET’s equipment and maintain
IBM standards for clean and sufficient power to the mainframe?
4. Please explain how your facility complies with (ESD) Electro Static Dissipation
standards.
5. Describe your fire suppression systems in detail.
6. What are the standard room temperature and humidity operating levels of your
facility?
7. What tier level is your data center?
8. Is your facility a “bunker” or “silo”?
Security
1. Describe how your facility protects stored data (data‐at‐rest) from unauthorized
access?
a. Is this protection enabled by default, or is it optional?
b. If encryption is used, please describe the algorithm or bit strength.
2. What methods are employed to protect data being transferred between systems
installed within your facility (i.e. mainframe data being transferred to a database
server).
3. Do you have clients that generate data requiring physical storage, outside of
their active systems, in excess of one year (i.e. tape, disk, reporting, feeds)?
4. Does your company have a formal, written information security policy and
program? If so, please provide a copy of any supporting documentation.
a. Please provide a brief summary of what is covered in the policy and
program.
b. How is this policy communicated to employees and contractors?
c. How often is the policy updated?
5. Does your company use the following Information Security Technologies on all
platforms that will host, process, transmit or store XyberNET’s or its clients data:
a. Network Firewalls
b. Network Intrusion Detection/Intrusion Protection Systems
c. Host Intrusion Detection/Intrusion Protection Systems
d. Anti‐virus software
6. Does your company employ or contract with external auditors and/or external
security companies to perform regular information security tests (penetration
tests)?
Request for Proposals for Data Center/Mainframe Hosting Solution Page 11
7. Has your company undergone a third party audit of its IT control policies and
procedures such as a SAS70/SSAE16?
a. If yes please attach a summary of the findings and any relevant
documentation.
8. Are you PCI compliant?
9. Does your company have a formal process for tracking and remediation of
security vulnerabilities and security patches?
a. Please describe.
10.Provide the methods that would be used to physically, or logically, segregate
XyberNET or its clients’ data from other clients data.
11.Provide frequency and rotation schedule for backups of your customers data,
including offsite storage procedures and controls used to ensure media is
accounted for during transport and storage.
12.Provide the method by which you would perform a data breach notification as it
relates to your customers.
13.Does your company have a tool that enables you to create a discrete data
snapshot for archived storage if needed? Snapshot should only contain
identified data; it should not be a full server backup that includes unneeded
data.
14.Do you have a procedure in place for complying with legal or audit hold requests
to suspend data destruction? Provide the procedure or describe the process for
notifying you of a hold and for monitoring items placed on hold.
15.Do you have a documented procedure to destroy or securely delete confidential
or sensitive data and the media types on which they reside at the end of their
lifecycle?
a. If yes, describe or attach or attach your information and media
destruction policies
16.List all physical locations where XyberNET Inc. and its clients’ data will be
processed or stored, and controls that secure against unauthorized access and
removal from those facilities (card readers, palm readers, electronic gates, video
surveillance, iris/retina scanners, etc.).
Software
applications
currently
in
use:
Detail Do you
Currently
Own (Y/N)
Interprise
License (Y/N) ASG‐TMON for CICS/ESA
ASG‐TMON for MVS (z/OS) ASG‐OASIS
ASG‐ZEBB ASG‐ZEKE ASG‐SmartScope
Request for Proposals for Data Center/Mainframe Hosting Solution Page 12
BMC MAINVIEW SRM (STOPX37) CA ADVANTAGE CA‐DADS PLUS for CICS CA ALLFUSION CA‐OPTIMIZER/II
CA BRIGHTSTOR CA – 1 TAPE MGMT
CA BRIGHTSTOR CA – ISM CA‐EXTEND/DASD VSAM Compression
CA BRIGHTSTOR CA – ISM‐FAVER VSAM Protection CA BRIGHTSTOR CA – ISM CA MASTERCAT VSAM Catalog Management – N/A
CA BRIGHTSTOR CA – ISM CA‐VSAMAID VSAM Tools CA Common Services (CA90s)
CA UNICENTER CA – EASYTRIEVE PLUS REPORT
GENERATOR
CA – JCLCHECK CA – View CA – Vtape
Chicago Soft MVS Quick Ref Compuware File – AID/MVS Compuware – Xpediter/TSO Compuware – Xpediter/CICS CSI fka BIMoyle BIMEDIT Mackinney VtamSwitch PKWare – PKZIP SAS Institute Base SAS SEA $avers
Innovation Data Processing – IAM VSAM performance enhancement tool.
For the above listed software applications; if you currently do not have licensed copies
available, what would your proposal be for obtaining them to meet our business needs?
Pricing
1. Please provide your standard pricing models and terms with lists of included
products and services.
2. Please provide your detailed solution proposal for our unique data center needs.