/ Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR) / Rania FAKHOURY
ICT Project manager

E-Government Program

Terms of Reference

Data Center for the Government of Lebanon

Version 0.2

DRAFT

August, 2010

Versions Management

Version / Date / Who / Description
0.1 / 30th of July, 2010 / Rania FAKHOURY / Creation of the document based on different technical specifications collected from the Data Center RFI Study process
0.2 / 18th of August, 2010 / Rania FAKHOURY / Updates based on different meetings with Dr. Ali ATAYA

Table of Contents

1Definitions and Acronyms

2Introduction

3Background

4Summary of Solicited Services

5Assumptions

5.1Availability

5.2Localizations

5.3Internet Access

5.4Environments

5.5Portal

5.6Power consumption/Heat Dissipation

5.7Storage amount

5.8GSB

6Network Topology

7Design Description

7.1General

7.1.1Scalability

7.1.2Redundancy

7.1.3Internet connectivity

7.1.4End-to-end security

7.1.5Switching capacity

7.1.6Maintainability

7.1.7System and Data back-up

7.1.8End-to-end virtualization

7.2Platform and Storage Architecture

7.3Application

7.4Network Architecture

8Physical Infrastructure Specifications

9Infrastructure Requirement

9.1Server Technical Specifications

9.2Network Technical Specifications

10Helpdesk System

11Operations and Maintenance

12Testing and Commissioning

13Disaster Recovery Site

13.1Objectives

13.2Requirements

14Portal and GSB specifications

14.1Government Service Bus (GSB)

14.1.1Objectives

14.1.2GSB Requirements

14.2Portal Requirements

1Definitions and Acronyms

Code / Description
BGP / Border Gateway Protocol : Protocol for backing the core routing decisions on the Internet
CMS / Content Management System
DC / Data Center
DHCP / Dynamic Host Configuration Protocol: An auto configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network
DNS / Domain Name System: hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants
ESB / Enterprise Service Bus: consists of a software architecture construct which provides fundamental services for complex architectures via an event-driven and standards-based messaging-engine (the bus)
HVAC / Heating, Ventilating, and Air Conditioning: he technology of indoor or automotive environmental comfort
ITIL / Information technology Infrastructure Library: A set of concepts and practices for Information Technology Services Management (ITSM), Information Technology (IT) development and IT operations. ITIL gives detailed descriptions of a number of important IT practices and provides comprehensive checklists, tasks and procedures that any IT organization can tailor to its needs
IPS / Intrusion Prevention System : Network security appliances that monitor network and/or system activities for malicious activity
PKI / Public Key Infrastructure: Set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates
RTO / Recovery Time Objective: Duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity
RPO / Recovery Point Objective: Point in time to which you must recover data as defined by your organization. This is generally a definition of what an organization determines is an "acceptable loss" in a disaster situation
SOA / Service Oriented Architecture: Flexible set of design principles used during the phases of systems development and integration
SOAP / Simple Object Access Protocol: Protocol specification for exchanging structured information in the implementation of Web Services in computer networks
SSO / Single Sign On
SLA / Service Level Agreement: Part of a service contract where the level of service is formally defined.
VPN / Virtual Private Network: Network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network
XML / eXtended Markup Language: Set of rules for encoding documents in machine-readable form

2Introduction

The Lebanese Government represented by the Office of the Minister of State for Administrative Reform (OMSAR) invites solution providers to respond to the following lots:

  1. Data Center (Functional Architecture, Organization and Requirements)
  2. Infrastructure Requirements (Design, Preparation, Supply, Installation and Rollout)
  3. Portal Requirements
  4. GSB (Government Service Bus) Requirements

3Background

The current Government of Lebanon Ministerial Declaration included, under the heading "Administrative Reform", a paragraph stating as follows:

"Activate, utilize and develop information technologies and set benchmarking standards for websites in departments and public institutions. Thus, it would be a preliminary step toward the establishment of e-government portal and the improvement of citizen’s access to services and information. It will also contribute to increasing the ability of financial and administrative control in addition to monitoring the flow of information and ensuring communication between departments. "

OMSAR has initiated a global Three year roadmap for the implementation of an innovative e-government program that will transform the Lebanese government by making it more accessible, effective and accountable. The e-Government program is based on the government of Lebanon e-Government Strategy validated in 2007.

The roadmap has the following parallel running tracks:

  • Legal and administrative prerequisites
  • E-government portal phasing
  • Infrastructure to be defined for portal components hosting
  • Solutions components to be defined for portal development and deployment
  • Interoperability between portal and different government agencies
  • Networking for interoperability support

The Office of the Minister of State for Administrative Reform (OMSAR) has received financing ($30,000,000) from the Arab Fund for Economic and Social Development toward the cost of the Administrative Development Project (ADP). The overall objective of the project is to contribute to the development of the performance of the Lebanese Public sector to enable the Lebanese Government to deliver better services to the citizens through technical administrative assistance to the Ministries, public institutions, autonomous services, and other government administrations.

OMSAR is committed to apply a significant portion of the funds toward the implementation of the e-government program. OMSAR is further committed to secure more funds from the Lebanese Government budget and international donors to ensure the success of the e-government program.

This RFP is a stepping stone toward the full modernization of the Lebanese government institutions. OMSAR is counting on the success of this RFI to unleash the full potential of Lebanon’s e-government program.

4Summary of Solicited Services

Code / Description
Data Center
Design and Architecture / Data center Space and Floor layout along with Number of Racks and their design in the Data Center.
Cabling, Pipes and Ducting Plan, raised floor
Site preparation
Civil, Electrical & Mechanical works / Civil, Electrical & Mechanical requirements
Power Requirement / Power Provisioning, Power Distribution panel, UPS Space and Expansion
AC / Space requirement for indoor and outdoor units
Physical Security / Detailed layout of CCTV and access control devices and security layer
Fire Detection and Prevention / Design for installing the detectors both heat and smoke
Design for the suppression in the server farm area
Infrastructure
LAN / Supply and installation of routers and switches, LAN cabling, Redundancy and Virtualization
WAN / Supply and installation of Internet routers and Internet bandwidth
Logical Security / Supply and installation of Redundancy, IPS, Firewalls,
Servers / Supply and installation of Computing (Servers, OS, Databases etc.) infrastructure
SAN / Supply and Installation of the SAN solution
Application (excluding portal and GSB) / Installation & Configuration of application
Backup solution / Supply and Installation of the Backup solution
Portal
Migration / Propose and execute a migration plan for informs.gov.lb to the new portal
Design and Architecture / Font, color scheme, layout
Portal Structure
Features and functionality / Advanced Search, Personalization, News, Services, Multiple channels …
CMS / Create, change and maintain by roles, levels and designations
Reporting tool / Periodic reporting on the usage of different portal elements
Government Service Bus
Analysis and Requirements / Define Functional requirement
Detailed Design / Produce application design
Core Functions / Define and install all the component for the core function
Ministry Integration Framework / Define the requirement to connect the Backend systems the
solution
Integration / Define and Manage transactional and operational data related the Portal and GSB and related to the e-services requirements that are managed by the GSB.
Identity and access management (IAM) / Design and implement IAM
Reporting and Dashboard / Reporting, Analysis, scorecard and dashboard
Data Center Monitoring and Control
KPIs / Define KPI for availability, SLA, GSB and portal
SLAs / SLA commitment in terms of availability/ Helpdesk, Incident Management and Problem Management and Security Management
Software / Install the Management software that integrate all components in the DC
Data Center Management
Processes/Procedures / Re-engineering the process and procedure and implement change management rules
Organizational Chart / Role and Function of the team who will operate the solution according to the SLA
Help Desk Services / Implementation of ITIL best practices
Testing and Commissioning / Test the solution components and make the Data Center available to OMSAR for carrying out live operations and getting the acceptance from OMSAR
Day-to-day Operations
System Administration, Maintenance & Management Services / Support and maintain all the Systems and Servers
Network Management Services / Ensure continuous operation and upkeep of the LAN & WAN infrastructure
Services / Maintain and support all the services
Backup and Restore / Responsible for the management of the storage solution
Server and Storage Administration & Management Services / Monitor and manage services and storage
Physical Infrastructure Management and Maintenance Services / Support and maintain all physical infrastructure management and maintenance services
Security Administration & Management Services including physical / Provide a secure environment through implementation of the security policy
Database Administration & Management / Monitor and manage database
Preventive and Corrective Maintenance Services / Troubleshoot of problems arising in the DC
Asset Management Services / Create and maintain database of all the equipments/software procured/ Installed in the DC
Configuration/ Reconfiguration Management Services / Define change management procedures

5Assumptions

5.1Availability

The design should ensure an uptime of 99.99% and 24/7/365 operational on a yearly basis including scheduled downtime required for maintenance and upgrades.

5.2Localizations

TO BE DONE for the main site and the Disaster Recovery one.

5.3Internet Access

Initially the internet bandwidth required for running this centre will be 4 Mbpsunshared bandwidth and would be increased on demand. The same should be recalculated and scalable as per application growth and expansion plans in the future.

5.4Environments

  • The production environment comprises the applications, systems and network and supporting systems infrastructure
  • The pre-production environmentplays a pivotal role in defining test completion criteria and should be as close as the production environment
  • The testing environment includes unit, integrated and operation tests that are performed to ensure uninterruptible and flawless systems
  • The development environment is established to minimize trial and error and establishment of an efficient operation environment is possible

5.5Portal

2011 / 2012 / 2013 / 2014 / 2015
Daily users / 3332 / 4665 / 5598 / 6717 / 8061
Monthly users / 99960 / 139944 / 167933 / 201519 / 241823
Yearly users / 1199520 / 1679328 / 2015194 / 2418232 / 2901879
Concurrent User / 333 / 466 / 560 / 672 / 806
Bandwidth (Mb/s) Monthly / 4 / 5 / 6 / 8 / 9

5.6Power consumption/Heat Dissipation

The power consumption will be used to assess the UPS capacity and the Heat dissipation for the AC capacity.

Item / Qty / Output Power (Watts) / Total Output Power / Heat Dissipation BTU/H / Total HD
Blades / 2 / 6801 / 13602 / 23191.41 / 46382.82
SAN + Switch / 2 / 1639 / 3278 / 5588 / 11177
Switch-Core / 2 / 1200 / 2400 / 4092 / 8184
Blade Switch / 4 / 45 / 180 / 153.45 / 613.8
LAN Switch access / 2 / 60 / 120 / 204.6 / 409.2
Router / 2 / 370 / 740 / 1261.7 / 2523.4
Firewall / 4 / 190 / 760 / 647.9 / 2591.6
IPS / 2 / 190 / 380 / 647.9 / 1295.8
ADC / 2 / 354 / 708 / 1207.14 / 2414.28
Totals / 22168 / 75593

Total Power (KVA)24.53

Total Heat Dissipation (BTU/hr)75593

5.7Storage amount

  • Minimum usable 2TB (no data is hosted locally). An assessment of the storage requirement for the entire DC environment should also be taken into consideration.

5.8GSB

  • Definition of business-centric key performance indicators (KPIs) and near-real time KPIs calculation and presentation using dashboard based on their dependencies on incoming events, conditions warranting business actions (business situations), and outbound events that report these conditions and might trigger business actions.

6Network Topology

The figure below depicts the network topology architecture (in the production environment) which consists of the following layers to secure the internet network.

  • Management/ Test and Development Zone
  • Application Zone: contains GSB and portal application servers
  • Secured Zone: contains GSB and portal database and directory servers
  • Extranet Zone for E-Gov network: contains front-end servers
  • Public Zone: contains web servers, application delivery controller and content caching.
  • Agencies Zone: contains agencies application and database servers (It is an optional zone).

7Design Description

7.1General

7.1.1Scalability

Support for scalability to provide continuous growth to meet the requirements and demand of various departments. A scalable system is one that can handle increasing numbers of requests without adversely affecting the response time and throughput of the system. The Data Center should support both vertical (the growth of computational power within one operating environment) and horizontal scalability (leveraging multiple systems to work together on a common problem in parallel).

7.1.2Redundancy

Provide adequate redundancy for all components to ensure high availability of the e-Governance applications and other Data Center services. Designing for availability assumes that systems will fail, and therefore the systems are configured to mask and recover from component or server failures with minimum application outage.

7.1.3Internet connectivity

Internet connectivity is proposed from two different service providers. BGP multi homing shall be provided.

7.1.4End-to-end security

Provide an end-to-end security blanket to protect applications, services, data and the infrastructure from malicious attacks or theft from external (through internet), internal (through intranet) hackers and DMZ.

7.1.5Switching capacity

All the servers would be connected to high capacity LAN Switch, which can process millions of packets within seconds, depending on the Users and Application and its contents.

7.1.6Maintainability

The DC is designed in an efficient way to ensure an easy maintenance. It must facilitate ease of configuration, ongoing health monitoring, and failure detection that are vital to the goals of scalability, availability, and security.

7.1.7System and Data back-up

Adopt detailed System and Data back-up processes and methodologies, using industry standard tools to provide long term storage solution.

7.1.8End-to-end virtualization

Proposal an end to end virtualization solution is encouraged. The bidder should propose this solution and include why it is better than other alternatives.

7.2Platform and Storage Architecture

  • This section outlines platform components to be deployed as part of DC project. Majority of e- Server farm will be comprised of hardware for Directory service, Proxy Service, Antivirus software, DNS and DHCP Service, Backup service and Application Server.
  • DNS/DHCP should be in highly available mode with primary and secondary servers. There should be two different views or servers for public and private DNS services.
  • There should be at least one primary and secondary Directory server configured in such a way that directory services are available 100% of the time. Directory Services are to be limited to DC only.
  • There should be a redundancy at DNS and DHCP level which can be on an application delivery controller or Primary / Secondary mode.
  • Web Interface of the portal should be in a DMZ (public zone) & should be configured in active-active mode using external application delivery controller.
  • All Database servers should be placed in secured zone in highly available mode.
  • Application servers (GSB and others) which provide business logic and work flow should be placed in secured zone in highly available mode.
  • Server and Network/Security Management servers/ appliances should be located in management zone in high availability mode.
  • Testing servers are used for development, testing and pre-production activities and should be located in separate test and development zone (included in the management zone).
  • All procured software and hardware should have active manufacturer support and not be at the end of its product life cycle (end-of-date sale).The hardware proposed must be delivered with all firmware, OS, patches, utilities and any other software to let the hardware function as required
  • All software component and product licenses should use the latest officially stable versions to support the requirements.

7.3Application

  • The Application servers would be accessing the database from the backend in order to process the user/citizens queries/requests.
  • Application and System layer at the Data Center would be Multi-layered and designed to adhere to the open industry standards like XML, SOAP etc.
  • The Data Center will provide Infrastructure Services such as storage Service, security services, internet bandwidth, help desk etc. which would be shared among all the applications participating in the DC. Using these services, the DC ensures centralized delivery of citizen services. The DC services would be deployed as components and therefore will have a potential for re-use in launching future services, without disturbing the existing architecture.
  • The business related services would also have a potential of having multi-channel access/integration in future, as the data returned by the components would be in XML/SOAP format.

7.4Network Architecture

  • Network should meet requirements for various kinds of Internal & External users in the country.
  • Network Architecture shall be scalable and should have high performance and low latency.
  • All the critical network equipment such as Core & Access Switch-stack, Routers, andFirewalls systems should be on redundant mode and should be offered with redundant power supply.
  • The connectivity between end user equipment and access layer switches over Cat6 UTP cabling should be at Gigabit speed.
  • Network should be multi-tier architecture comprising collapsed Access/distribution and core.
  • Network System infrastructure should be based on converged IP technology from the Core through to the Access layer.
  • Switches shall provide dynamic load balancing on the uplinks.
  • Cluster of Core switches should be connected to each-other using multiple/ redundant Gigabit links.
  • LAN system should provide at least 50% scalability with enough free slots in Core & Access switches.
  • The security should be controlled using Firewalls and Intrusion prevention systems and well supported and implemented with the security policy.
  • More specific content level scanning products like Anti-Spam, Anti-Malware, network anti-virus gateways, XML gateway should be provisioned at appropriate points to ensure content level scanning, blocking and access.
  • The DC should also endeavor to make use of the SSL/VPN technologies to have secured communication between Applications and its end users.
  • The system logs should be properly stored & archived for future analysis and forensics whenever desired Pair of routers will be used for connecting the DC to Internet.
  • Pair of firewalls will be used for Internet connectivity in active-active architecture.
  • Outside zone or public zone of Internet firewall will be connected to the Internet router
  • Third party servers like adapters would be placed in a separate DMZ of Internet firewall.
  • Second layer of Intranet firewall will be used behind the core switch.
  • Application and database server would be placed in inside zone of Intranet firewall
  • Intrusion prevention system should detect malicious traffic and further protect the DC environment. The IPS’s should be in high availability mode.

E-Government Data Centre TOR– 0.2 / August 2010 / Page 1/62
/ Republic of Lebanon
Office of the Minister of State for Administrative Reform (OMSAR) / Rania FAKHOURY
ICT Project manager

8Physical Infrastructure Specifications