DIRECTORATE-GENERAL HUMANITARIAN AID AND CIVIL PROTECTION - ECHO
ECHO.C - Resources, Partnerships and Operational Support
C/4 - Field Network, Transport and Logistics
Clarifications N°3 to the call for tenders N°ECHO/C4/FRA/2014/04.
Title:Provision of Cloud Services for ECHO
Ref.:Open procedure, OJ Ref. 2014/S 148-265392 of05/08/2014
Date / RFP Page/ Section # / Question / Answer1 / 19/09/2014 / Page 31, 4.2 / If a tenderer wants to submit a proposal for more than one Lot, does the tenderer have to submit every section below for each lot?
Tender Submission Form, Section one: Administrative information, Section two: The exclusion criteria form, Section three: Evidence relating to the selection criteria, Section four: Technical Proposal – Addressing technical specifications and award criteria, Section five: Financial Proposal (in a separate envelope) / The tenderer has to submit for each lot:
- the submission form
- the technical proposal
- the financial proposal.
2 / 19/09/2014 / Page 9, 1.2.1 (Lot 1) / Is it correct to assume that DG ECHO will manage the OS and MS SQL layer of the database servers? / This is correct. However, please provide information if other models are available (e.g. DBaaS).
3 / 19/09/2014 / Page 9, 1.2.1 (Lot 1) / The required private network across different DG ECHO offices: is this a VPN across the internet or a private WAN backbone? / Over the internet. There is at this point no intention to use WAN for any ICT services in ECHO. The VPN between the ECHO offices has already been set up (using Cisco ASA).
4 / 19/09/2014 / Page 9, 1.2.1 (Lot 1) / AD clustering: please specify the context of the clustering, is it a trust set-up, is it a global HQ AD setup with multiple sub-domains,…? / It is a global AD forest with 1 HQ domain and 6 child domains with a trust set-up between all domains.
5 / 19/09/2014 / Page 14, 1.2.2 (Lot 2) / “Req 1. Host and manage Microsoft SharePoint Server 2013 for minimum 500 users
Req 2. Host and manage Microsoft Exchange Server 2013 for minimum 500 users.”
We need to host and manage sharepoint and exchange. What is understood under manage? / Ensure availability of the service, update for security and stability purposes, offer support according to an SLA, … Please provide information to show what is included in your SaaS model.
6 / 19/09/2014 / Page 14, 1.2.2 (Lot 2) / “Req 3. Create virtual private networks between the hosted SaaS solutions and the IaaS environment in cooperation with the IaaS provider”
What is the purpose of this request? Please explain more. Is a SSL connection sufficient? / This VPN would be used to securely access / copy user information from the Active Directory hosted in the IaaS environment to allow users to log into the SaaS solutions with their normal Echofield account.
If you would prefer to use other methods (besides VPN), please document these in addition to addressing the requirement.
7 / 19/09/2014 / Page 14, 1.2.2 (Lot 2) / “Req 37. Upon request, provide the customer access to an FTP account where the customer can download all data for both SharePoint and Exchange”
Is FTP the only allowed protocol? / No, any access method that allows ECHO to bulk-download files is allowed.
Note that SFTP or FTPS is definitely preferred to FTP.
8 / 19/09/2014 / Page 14, 1.2.2 (Lot 2) / “Req 43. Make mobile device management functionalities in Microsoft Exchange available to the customer”
Which features of MDM are expected within the solution? / This should include ActiveSync functionalities including remote wipe, device password policies & device encryption policies, and any other functionalities that are available out-of-box.
9 / 19/09/2014 / Page 14, 1.2.2 (Lot 2) / “Req 57. Offer the services in the following languages: French and Spanish”
Please specify “services”. / This refers to the SaaS services requested in this lot: Exchange and SharePoint. It would be preferred if the end-user interface of these services were available in French and/or Spanish.
10 / 19/09/2014 / Page 8, 1.2 / Could you provide RTO/RPO for applications? If not, perhaps at least identification of allowed down time for each application. / In the IaaS environment we expect 99.9% uptime. For the SaaS solutions, this is 99.5%, and for UCaaS 95%.
Servers in the IaaS environment need to be back up within 4 hours. For SaaS / UCaaS: 1 working day.
Additional KPIs can be provided as part of the SLA.
11 / 19/09/2014 / Page 8, 1.2 / Is there a current Network diagram? – if so, please provide. / There is no diagram available. The new network will be designed largely independent of the current situation.
12 / 19/09/2014 / Page 9, 1.2.1 (Lot 1) / How large is each DB and what is the structure of each? / 60GB and it should grow in the future
13 / 19/09/2014 / Page 9, 1.2.1 (Lot 1) / What security software / appliances does DG ECHO currently have installed and what does DG ECHO want in the data centre? Will DG ECHO install this or should the contractor install/configure? / Please provide suggestions based on best practices. The tenderer is partially responsible for security (e.g. req 16 page 10).
14 / 19/09/2014 / Page 14, 1.2.2 (Lot 2) / What type of participation will DG ECHO provide during the migration effort? / It is expected from the tenderer to lead the migration, ECHO ICT can however support the process.
15 / 19/09/2014 / Page 14, 1.2.2 (Lot 2) / Are there any business critical calendar events that would prohibit the contractor from working on the new site or Going Live with the migrated applications? / No.
16 / 22/09/2014 / Page 8, 1.1 / Can you share a network diagram of the current infrastructure IaaS/SaaS and connections to field offices (this replaces the question in the 2nd bullet below, as this one is a bit more specific) / Currently the 4 environments are standalone environments. This results in 4 different user directories. As it is the intention to redesign & integrate the ICT landscape, no additional AS-IS information is provided.
17 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / “Req 1. Provide virtualised servers within 24 hours
Req 2. Change characteristics (CPU, RAM, storage) of a server within 24 hours”
Should this be read as the time is required for a Service Provider employee to activate the creation of a server, or the time it take until a server is created after the task has been initiated in the system? / Independent of whether the action requires human intervention, it must be possible to provide virtualised servers / change characteristics within 24 hours. This timeframe starts after the request is sent by ECHO and ends with ECHO receiving confirmation (in the control panel or per email) + being able to verify that the changes have been made in the system.
18 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / The amount of storage mentioned in the requirements is that local attached storage or is there any shared storage (SMB/NFS or SAN) needed in the infrastructure. / This storage can either be local attached or shared storage, as long as access to the data on the drives is fast and fluent. Please provide information about the available storage models and their performance.
19 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Req 9: Is a cheaper on-site backup an alternative or is an off-site backup a hard requirement? Is a file based backup, not using hypervisor based snapshots, a viable solution? / ECHO is looking for a mix between snapshots and file based backup to allow both instant system restoration (using an image) and recuperation of specific files.
The specific backup and retention schedule still needs to be determined. Based on the cost, a mixed model using both on-site and off-site storage can be considered.
For the financial proposal, please only provide prices for off-site storage.
20 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Req 10+12: What is the average/maximum required throughput for one site-2-site VPN tunnel? Will those 150 RDP users connect over 1 VPN tunnel? / All users connect over 1 VPN tunnel. There is no information available about the required throughput; please provide information if specific pricing applies to VPN bandwidth.
For req 12, please refer to the question n°6
21 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Req 26: The described volume throughout the RFP indicated 20 TB of data. What generates this volume? RDP user surfing the web? Public facing websites? Is the VPN traffic part of this 20TB, if yes, how much percentage? Is this volume per month? / 20 TB is a ballpark estimate of the required monthly bandwidth, and is used only for the financial proposal.
We cannot provide detailed information about bandwidth requirements at this point. As unlimited bandwidth is an optional requirement, the tenderer can decide to not provide this option.
22 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Req 29: Please specify the background of the request to move a volume from one server to another server. What is the intended use case (in functionality) for this request? / If it is not possible to upgrade or downgrade servers (except by replacing the old server with a new server), it might be necessary to move the attached storage volume between these servers.
23 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Req 31-32: Is there any idea on the needed IOPS for specific servers in the infrastructure (such as Database servers). / ECHO expects a scalable IaaS environment which can handle a high amount of I/O requests. It is the tenderer’s responsibility to provide enough capacity at any moment.
24 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Is there a minimum requirement for distance between the two datacentres. Primary DC with IaaS platform and primary backup solution and the secondary DC with a backup storage location? / No minimum requirements are defined, but documentation can be provided to demonstrate usage of best practices.
25 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / What is ECHO’s policy for maintenance/service windows? / There is no policy defined, but it is expected that these windows have minimal impact on ECHO’s activities.
26 / 22/09/2014 / Page 8, 1.1 / What is the current anti-virus solution? Does ECHO want to keep this solution? / The current antivirus solution used on servers and workstations in the offices is Kaspersky. The management server is hosted at HQ and might move to the IaaS environment. No changes to other solutions are planned.
27 / 22/09/2014 / Page 8, 1.1 / What is the current monitoring tool used at ECHO? Does ECHO want to keep this solution? Who manages the tool currently? / The tool, Eyes-On-Network, is managed at HQ and will likely remain in HQ. It might also be moved to the IaaS environment. No changes to other tools are planned.
28 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Is ECHO willing to evaluate the move of the field offices servers to regional datacentres of the provider? This will optimize the WAN latency, security of the data and standardisation of the environment. Between the different global datacentres we provide WAN optimisation. / Servers in field offices are only used for local tools (e.g. print server and file storage). No changes are planned to this setup, except for the backup server possibly moving to the IaaS environment.
29 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / ECHO preferred solution is a public cloud environment, where resources are shared? / Usage of a public cloud environment is acceptable as long as performance, availability and scalability are guaranteed.
30 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / What does ECHO mean with “The provider offers unlimited bandwidth”. Is it inbound and/or out-bound traffic to the internet? Does this mean that Echo requires the possibility to burst? Is an additional cost acceptable? / This optional requirement includes both in- and outbound traffic, and may come at an extra price. Please provide information (including pricing).
Burst transmissions are unlikely, but the tenderer should provide infrastructure that includes high bandwidth.
31 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Is it required that the resources CPU, memory and disk can be changed granularly and independent from each other? / While this is the preferred option, other models may be accepted, e.g. servers with predefined combinations of CPU/RAM/storage as long as enough combinations are provided within the required range (req 3-4, page 9) and as long as changes can be made according to req 1-2 (page 9).
32 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Must the IaaS platform provide the ability to store customer images, from where new virtual servers can be deployed? / As defined in req 6 (page 9), it is not required to have this capability, but it is preferred.
33 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Is it required that the cloud platform supports full self-service?Are there specific requirements for automation and orchestration of new VM’s? / As defined in req 17 (page 10), this is optional.
34 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Providing a first backup in a primary datacentre gives the possibility to restore faster. Is it required to provide a backup storage location in the primary datacentre? / While the backup & retention strategy has not yet been determined, ECHO is open for suggestions. At least 1 backup should be stored off-site.
For the financial proposal & assessment, please provide pricing for off-site storage.
35 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Is it allowed that the backup environment and the production VM’s are using the same physical network infrastructure and / or storage infrastructure? / For some backups this might be allowed. For the tender, please focus on backup storage using separate infrastructure / data centre.
36 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Would ECHO require self-restoration of backup data at the IaaS platform? / Yes. ECHO requires access to the backups at all time.
This requirement does not count for additional backups created by the tenderer as part of the standard service level.
37 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Is it required to store also physical servers next to the IaaS platform? / No, everything can be virtualized.
38 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / The new central ICT location will be the IaaS platform, does this mean that all (HQ and field) locations are directly connected to the new IaaS platform? What type of connection will be used for the HQ office and field offices (MPLS or VPN)? / All offices will be connected with the IaaS environment through VPN to allow access to the ERP solution and to move files to a centralized backup location.
39 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Is there an overview of all the required VPN connections (ECHO offices and SaaS / UCaaS environments)? / All ECHO offices need to be connected with the IaaS environment for access to an ERP / backup storage. SaaS and UCaaS need to be connected to access / copy user data from the Active Directory.
40 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Will the IT department of ECHO deploy and / or manage the IaaS servers? / Yes. ECHO is looking for a classic IaaS model, although advisory / monthly maintenance support can be offered through an SLA or a fee / hour.
41 / 22/09/2014 / Page 8, 1.1 / Who manages and maintains the ECHO offices infrastructure (file and backup servers), does ECHO has local IT employees? / ECHO has 6 regional support offices with each 2 (or 3) local ICT employees. They manage and maintain the infrastructure for all offices in that region.
42 / 22/09/2014 / Page 8, 1.1 / Will the file and backup servers stay at the field locations? / The file server will normally stay at the field location as internet connection is not always stable (to ensure continuous access to files). The backup server is also likely to stay at the field office, although it may be copied to the IaaS environment.
43 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Does the automatic backup need to provide only backups for the IaaS platform? / Yes. If backups are copied from the field offices (see above question) they will be stored on a server in the IaaS environment. From there, they can be picked up by the automatic backup.
44 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / What is the purpose of the backup space of minimum 20TB in a secondary datacentre? Will that be used to store off-site backups of the field offices or only for the IaaS platform? / It will certainly be used for IaaS, and likely for both (see above question).
45 / 22/09/2014 / Page 8, 1.1 / Which backup tool is used at the field offices? / Acronis.
46 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / For file back-up: what is the backup interval? Is the “snapshot” taken on the OS level or on the virtualization level? In the first case does this mean the “previous versions” feature in Windows? / Backup strategy still needs to be determined. Snapshots are linked to the virtualization level to easily restore a full image of a server.
47 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Who needs to have access to the backup data stored in the second datacentre? The ECHO server administrators? / ECHO server administrators indeed need access to that backup data.
48 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Is it allowed to store backup data of the IaaS platform out-site Europe? / No, all servers need to be located within Europe.
48 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Is it required that during the deployment of a new server the storage tier can be selected (slow, standard, high performance disks)? / No, but this would be preferred. If this choice is not available, all storage should be on performant disks.
50 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Are there VM’s that don’t need to run 24/7? The test servers are running only during business hours, you pay only when the servers are running, during shutdown period we calculate only the storage cost. Is there an overview available of the resources optimisation possibilities (uptime / down time of servers)? / This might be useful for certain servers. Please provide information about this option.
51 / 22/09/2014 / Page 9, 1.2.1 (Lot 1) / Does ECHO require high availability in hardware (N+1) to be setup, or also in software (e.g. clusters)? / We expect an IaaS environment with failover capabilities (requirement 42, page 12). The technicalities are left up to the IaaS provider (please provide information about what is possible).
52 / 22/09/2014 / Page 35, 4.2.5 / Is there a min resource consumption commitment that ECHO will consume during a month? / No, although the numbers provided on page 35 are a fair estimate.
53 / 24/09/2014 / Page 9, 1.2.1 (Lot 1) / 1.2.1.1 - In item #7 you require internal and external VLANs with private and public addresses. Could you be more specific about term VLAN or under VLAN you mean network subnet? / VLAN refers to the layer-2 network partition (while subnets are a layer-3 concept). Additional information about this concept can be found on Wikipedia:
54 / 24/09/2014 / Page 9, 1.2.1 (Lot 1) / 1.2.1.1 - In item #8 and #9 related to backup you request automatic backup in remote DC. From the question in not clear whether need backup space and backup software under your control or you want backup as a service. Could you explain it? / Both options are acceptable. ECHO does require access to the backup space.