Procurement of IT Hardware for KSRSAC

Procurement of IT Hardware for KSRSAC

Compliance Statement for Pre-Evaluation

SL. No. Criteria Documents Required Checklist to be filled by Bidder Remarks

1 Furnishing of the Power of Attorney Power of Attorney executed by the Bidder in favor of the Principal Officer or duly Authorized Representative, certifying him / her as an authorized signatory for the purpose of this Tender.

2 The Bidder / OEM should be in business related to Supply of IT Hardware in India for at least 03 years as on 31.03.2025 Registration Certificate issued under the Companies Act 1956 / 2003 (Certificate of Incorporation)/Registration with Commercial Tax Department. Yes Proprietary firm

3 Bidder should have a local presence and existence for a period of at least 3 years and experience in providing Supply of IT Hardware or similar services to Central / State Government/ Institutions or Public sector undertakings/Private Sectors Certificate of Incorporation / Registration with Commercial Tax Department No Partnership firm

4 The Bidder should submit copy of PAN and GST in the name of firm/individual Copy of PAN and GST registration certificate Company

5 The Bidder should submit copy of Income Tax Returns (ITR) filed for preceding three financial year (2022-23 to 2024-25) Copy of Income Tax Returns (ITR) Society

6 Bidder should have more than INR.5 Crores average annual turnover during last three financial years (i.e., 2022-23 to 2024-25) Turn over Certificate from the Chartered Accountant must be submitted with UDIN

7 Bidder must have completed at least 1 project worth minimum of INR 1.0 Crores for the Supply of IT Hardware or similar in any Central / State Government/ Institutions/Public sector undertakings or private sector. A Copy of Work Order and Client Completion / Performance and satisfactory reports for each of the projects undertaken to be submitted.

8 Bidder should not be debarred by any procurement entity in Central Government / State Government and its Departments for indulging in corrupt or fraudulent practices or for indulging in unfair trade practices for any reasons whatsoever at the time of bidding. A declaration by the authorized representative of the bidding agency to be submitted.

9 Any bidder from a country that shares a land border with India excluding countries to which the Government of India has extended lines of credit or in which the Government of India is engaged in development projects (as listed on the website of the Ministry of External Affairs) hereinafter called ‘Restricted Countries’ shall be eligible to participate in this RFP, only if the bidder is registered with the Registration Committee constituted by the Department for Promotion of Industry and Internal Trade (DPIIT) Self-Declaration

10 The bidder should have a positive net worth for latest financial year (2024-25) Certificate from CA with UDIN

11 Bidder should be authorized partner of the OEM products proposed. Bidder should have an office in Karnataka or else should give an undertaking that an office shall be established if found successful in bidding. OEM Authorization form and undertaking for office establishment if office already not established in Karnataka.

12 Compliance Excel statement of Pre-Evaluation and technical specifications Enclose Compliance statement with product brochures and specification etc and specify the make, model and version quoted against each items.

13 Bidder should fill and submit all Sections given in the RFP Fill and submit ther elevant sections mentieond in RFP in given format

14 Consortium bids are allowed with one more vendor/agency. Consortium bidders should submit relevant documentary proof.

15 Bidder should fill and submit all Annexures given in the RFP Fill and Submit Annexure I,II,III and IV I in the given format

16 Amount of Earnest Money to be Deposited with the Tender along with prime document (Technical Offer)

SAN Storage-100TB 12,00,000

Network Management Software Tool (NMS Tool)

Virtual Controller supporting 20 Access Points

Procurement of IT Hardware for KSRSAC

KARNATAKA STATE REMOTE SENSING APPLICATIONS CENTRE (KSRSAC) BANGALORE

Compliance Statement for Technical Specifications

Name Of the Firm/Vendor

SAN Storage-100 TB Technical Specifications Model

Sl. No Component Description SELECT YES/NO Item Model REMARKS

All Flash SAN Data Storage

1 Operating System & Clustering Support: a) The storage array should support industry-leading Operating System platforms including: Windows 2016 / 2019, 2022, VMware and Linux. b) Offered Storage Shall support all above operating systems in Clustering

2 Capacity & Scalability: The Storage Array shall be offered with 18 Nos x 7.68TB NVMe. One Hot spare to be included per 30 drives. All necessary cables to be supplied by OEM. The storage should be scalable to at least 60 NVMe drives or higher using additional enclosures/controller

3 Front-end Ports & Back-end Ports: a) Offered Storage system shall be supplied with 8 Nos x 32GB FC ports across controller with all the optics populated and required cables to supp b) Offered storage system shall have 4 Nos x 25G ports or NVMe for Back-end connectivity. Anything better is acceptable.

4 Architecture: The storage array should support dual, redundant, hot-pluggable, active-active array controllers for high performance and reliability.

5 No Single point of Failure: Offered Storage Array shall be configurable in a No Single Point of configuration including Array Controller card, Cache memory, FAN, Power supply etc.

6 Disk Drive Support: Offered storage array shall support for self-encrypted NVMe SSD.

7 Cache: Offered Storage Array shall be given with Minimum of 90 GB Cache per controller or higher

8 RAID Support: a) Offered Storage Subsystem shall support RAID 5 / 6 b) All RAID Sets shall support thin provisioning. Vendor shall offer the license of thin provisioning for complete supported capacity of the array from day 1. c) Should support Distributed erasure coding/RAID with dual disk failure protection that reduces rebuild times when drive failures occur.

9 Point in time and clone copy: a) Offered Storage array shall be configured with array-based Snapshot and clone functionality and shall be configured for minimum of 512 snapshot. b) Offered Storage array shall support at-least 1024 point in time copies (Snapshots)

10 Replication: Offered storage subsystem shall support storage-based replication.

11 Thin provisioning: Offered Storage shall be offered and configured with Thin Provisioning capability.

12 Global and dedicated Hot Spare: a) Offered Storage Array shall support Global hot Spare for offered Disk drives. b) At least 1 Global hot spare drive shall be configured for every 30 drives. c) Offered storage array shall have the support for distributed hot spare

13 Logical Volume & Performance: a) Storage subsystem shall support minimum of 512 mappable virtual volumes (Logical Units) per pool. b) Offered Storage shall have inbuilt performance management software. Configuration Dashboard shall show overall IOPS and MB/sec performance.

14 Drive Support: Storage should support following drives: NVMe TLC / QLC SSD FIPS certified SED drives

15 Large Pool support: Storage system should support large pool capacity of minimum 1024TB Raw capacity

16 Warranty: Offered SAN should be bundled with 3 years 24x7 onsite Warranty

17 SAN Switches- 2Nos 1.SAN Switch: 48-port, 32 Gbps FC SAN Switch that supports 32 Gbps speeds with license for 48-port active ports from Day 1 2.Transceiver with LC interface: 48 Nos of 32 Gb SFP+ Short Wave Transceivers with required cables 3.Form Factor: 1U Rack Form Factor 4.Rack Mount Kit: Includes Rack mount kit to install in Industry Standard Server Racks 5.Non-blocking Architecture: 32 Gbit/Sec Non-blocking architecture with 1:1 performance for all the 24 ports populated Port types Support: - - F-Port - E-Port - M-Port (Mirror Port) - D-Port (Diagnostic Port); - Self-discovery based on switch type (U-Port); Optional port type control - Access Gateway mode: F-Port and NPIV 6.Non-disruptive software upgrade support: Supports non-disruptive software upgrades 7.USB port: One USB port for system log file downloads or firmware upgrades 8.Management: Supports web-based management with Built-in browser management tools 9.Warranty: 3 years on site 24x7 compressive warranty

18 Cyber Security: 1. Proposed storage shall have built-in ransomware detection integrated into the storage operating system software. 2. Proposed storage can identify encrypted incoming I/O’s in real time, generating quick alerts for potential ransomware threats using anomaly detection methods. This advanced detection technology is dynamic and adaptive, capable of detecting both traditional ransomware and newer 3. Proposed storage shall support integration with third-party security solutions, including security information and event management (SIEM) and extended detection and response (XDR). 4. Proposed storage must provide the capability to create compliant, immutable, read-only snapshots, which makes it impossible to modify or delete the snapshot and its base volume by the user, a system administrator, and the manufacturer.

Supply of IT Hardware for KSRSAC

KARNATAKA STATE REMOTE SENSING APPLICATIONS CENTRE (KSRSAC) BANGALORE

Compliance Statement for Technical Specifications

Name Of the Firm/Vendor

Network Switch Techical Specifications Model

Description SELECT YES/NO Item Model REMARKS

1 General Features

High Density Wire-speed Layer3 Switch

19” rack mountable - 1RU

Should have high-availability feature for active-active & active-passive operation from day-1

Wire rate 48 x 10/25GbE SFP28 ports and 4x100GbE QSFP ports.

As per solution requirement the switch should support 1G, 10G, 25G, 40G & 100G transceivers Populated with 48 nos of 25GBe SFP28 transceivers accordingly from Day 1

1 RJ45 console port, 1 RJ45 management port

HA cables to be included as part of solution

Minimum Switch Fabric Capacity: 2Tbps or better

Should have redundant hot-swap power supplies & fans

32MB packet buffer memory, 16GB RAM

Modular operating system, OpenFlow 1.3 or Open Config

CLI commit, Uplink Failure Detection, BFD, Zero Touch Deployment.

Should support Leaf/Spine fabric architecture using BGP EVPN, VXLAN.

5 High Availability

VRRP, active-active, active-passive operation

Software upgrades with minimal traffic disruption during the upgrade

LAG load balancing based on L2, IPv4 or IPv6 headers

6 Layer 2 features

128 LAG groups with 16 ports per LAG

128K ARP table, 160K MAC addresses

Port, subnet based 802.1Q VLANs. The switch should support 4000 VLANs

160K MAC addresses

The switch should support IEEE 802.1w RSTP and IEEE 802.1s MSTP

7 Routing Protocols

RIP v1/v2, BGPv4, OSPF v1/v2/v3, VXLAN routing from Day 1

IPv6 routing & VRF-Lite feature from day-1

8 Security Features

Layer 2-4 Access Control Lists

ACLs - port based/VLAN based.

Integrated security features like DHCP relay, Control Plane DoS protection

802.1X Network Security and Authentication

RADIUS, TACACS, sFLow, NTP

9 Traffic Policing

Ingress/Egress shaping and policies

Filter, mark and limit traffic flows

Minimum 8 hardware queues per port

Policy based traffic classification based on MAC Address, Port, DSCP, IP Address, VLAN

H/W based Ipv4 and Ipv6 Multicasting

IGMP v1, v2 , v3, IGMP Snooping

Protocol Independent Multicast – Sparse Mode and PIM – SSM

11 Network Management

Ansible, Puppet, Chef, SaltStack, RESTCONF APIs

IPv6 Management support telnet, FTP, TACACS, RADIUS, SSH, NTP

12 IEEE Standards

IEEE 802.3ad LACP, 802.3ab LLDP

IEEE 802.1p CoS Prioritization

802.1Qbb, 802.1Qaz

13 Power Rating & Certifications

Should operate on AC power ~50Hz. Power consumption should not be more than 650 Watts under full load.

RoHS, IPv6 ready, FCC CFR 47 Part 15, EN 61000-4-5

14 Connectivity required

The switch & transceivers should be from the same OEM

15 Warranty: 3 years On site comprehensive warranty with 24 x 7 x 365 support

16 The mentioned network switch needs to be configured and integrated with the existing firewall and network setup of the KSRSAC Server Room. The network switch ports must be delivered along with compatible network cable types as proposed by the bidder. The network switch port compatible cables must be provided by the bidder to ensure successful integration during installation and configuration with the existing KSRSAC network (including KSRSAC switches and firewall).

Procurement of IT Hardware for KSRSAC

KARNATAKA STATE REMOTE SENSING APPLICATIONS CENTRE (KSRSAC) BANGALORE

Compliance Statement for Technical Specifications

Name Of the Firm/Vendor

MDR Solution Technical Specifications Model

Items Description SELECT YES/NO Item Model REMARKS

1 The Proposed solution should be an integrated advanced endpoint protection platform designed to Prevent organizations from being hacked, Detect the execution of malicious code, ransomwares, exploits, MBR attacks, and remove and block such imminent threats, Auto rollback in case of any malicious encryption activity identified.

2 Solution should offer Real-time Scanning for Local Files and Network Shares during Read & Write operation

3 Solution must have its own proprietary scan engine.

4 Solution must have the capability to exclude applications that are normally detected as Potentially Unwanted.

5 Solution must have the application control lets you detect and block applications that are not a security threat, but that you decide are unsuitable for use in the office.Also there should be option to request for addition of applications not present under app categories ,if any.

6 Solution should have feasibility to secure the uninstallation of antivirus client by user without a password. This password should be unique for every machine and should be visible only to admin of the Management console. Also once used , the password should have a single click button/option to regenerate a random password again , so that same password cannot be used again.

7 In case a machine is deleted from management console, solution should still provide functionality to re-protect such machine and should also have mechanism to retrieve respective uninstallation password.

8 Solution should offer the real time protection to check the latest threat information from OEM online and should have the option to Automatically submit malware samples to OEM.

9 Solution should offer security options to configure access to advertisements, uncategorized sites and risky downloads

10 Solution should offer the below options for Risky downloads to the user- Allowed: Allows all risky file types. Warning: Warns the user that a file may be risky before they can download it.Blocked: Blocks all risky file types. Specify: This allows you to set a number of individual file types to Allow, Warn, or Block.

11 Should be able to monitor files when they are accessed by a process (read/write)

12 Solution must have the feature to conserve bandwidth by blocking inappropriate browsing and warns users before visiting productivity-impacting websites. Blocks site categories likely to consume high bandwidth.

13 Proposed solution should show the alert description along with User & Device

14 Solution should support command and control servers & Runtime Behaviour Analysis / HIPS

15 Solution must provide the Application Category, so as to block the Applications as required by the administrator.

16 Solution must offer the Device Control/Peripheral control, with the Option of Read Only, Allow, Block access to the device.

17 Solution must have the privilege to whitelist the USB device on the basis of Hardware ID.

18 Solution should have the option to block the website on the category basis.

19 Solution should have the flexibility of creating the policy on the basis of device or User.

20 Solution should have the data loss prevention functionality

21 Solution must have the privilege the block the usage of the applications like Torrents, VPN, Video Players, Proxy tools etc.

22 Solution should have privilege to define the time based policies

23 RBAC should be part of the solution. In addition to RBAC, all admins should have MFA functionality so that authentication into management console can be secured with dual layer. OTP for MFA should be either available on SMS/email or third part OTP apps.

24 Client should have a self-help tool to identify known issues within product if any ,along with guided reference to solution, so that team can immediately rectify such issues and make sure security is intact

25 Client should provide functionality to perform network connectivity test to corresponding update server’s management servers etc to narrow down any troubleshooting related problems instantly

26 Client should provide the functionality to simply drag and drop PE files for reputation checks, deep learning checks etc to determine the characteristics of a suspected file in Realtime.

27 Management console for endpoint should be cloud based for ease of access, but at the same time should be hosted within Indian Jurisdiction i.e OEM should mandatorily have data centre hosted in India.

28 Reports should have a scheduling option so that endpoint related reports can be received over the email in CSV,PDF formats. Also such reports frequency should be configurable to weekly , monthly, daily.

29 Solution should support robust API functionality to integrate with third part SIEM,RMM solution platforms.

30 The proposed solution should have 100% detection in the MITRE Ingenuity ATT&CK Evaluation.

31 Must have a feature that groups together suspicious events reported to help in doing forensic work.

32 Must have an option to manually create an investigation.

33 Must have the option to add notes.

34 Must include information about the attack tactics and techniques used in the detected suspicious event.

35 Must have the option to pivot data into a query or consult third-party threat analysis websites.

36 Each investigation record must have an option to:

37 Set priority

38 Change status

39 Assign the investigation to an admin account

40 Must provide a command-line interface that can remotely access devices in order to perform a further investigation or take appropriate action.

41 Must provide admins the capability to remotely connect to managed devices and get access to a command-line interface to perform actions such as:

42 Reboot a device pending updates

43 Terminate suspicious processes

44 Browse the file system

45 Edit configuration files

46 Edit configuration files

47 Must have control over which specific admin accounts have Remote Access capability.

48 Remote access sessions must be included in Audit Logs (when it started, ended or if the connection was lost)

49 Must be available on Windows11+, windows Server2019+, Mac, and Linux operating systems.

50 Must provide security analysts, and IT admins the ability to run SQL queries to answer almost any question they can think of across their endpoints and servers.

51 Must be based on Ossuary that allows administrators to understand the current running state of a device.

52 Solution must offer version control functionality to control the version of endpoint agents being deployed across organization.

53 Must be able to quickly discover IT operations issues to maintain IT hygiene and ask detailed questions to hunt down suspicious activity via SQL queries. Must have AI chatbot, and AI command line analysis tool built in.

54 Must use powerful, out-of-the-box, fully-customizable SQL queries that can quickly search up to 90 days of current and historical on-disk data. Example use cases include:

55 Proposed solution should be quoted with three years subscription option for the above cited feature/functionalities.

56 CSP platform where the security solution is hosted should be MEITY Approved in case of cloud endpoint security offering and datacentre should be within Indian jurisdiction.

57 Security hardening features as lockdown should be part of the solution.

58 Managed service should be provided along with the solution for the duration of term license.

59 24/7 Threat Monitoring and response, Full-scale incident response, Expert-led threat hunting, Root cause analysis, Containment of the threat should be part of the Managed Service. Monthly and weekly reports to be generated based on cases. Direct call in support number to reach the MDR team. Provider should offer a Breach protection warranty as well.

60 EDR/XDR and MDR platform should also have feasibility of 3 rd party product integrations to get threat telemetry from other security products.

61 Proposed solution should be at minimum MII class 2 supplier with 20% and above MII content

62 As the KSRSAC network operates under a Sophos firewall, the bidder shall supply, deploy, and integrate a Sophos-compatible Managed Detection and Response (MDR) solution that seamlessly integrates with the existing Sophos firewall infrastructure.

Procurement of IT Hardware for KSRSAC

KARNATAKA STATE REMOTE SENSING APPLICATIONS CENTRE (KSRSAC) BANGALORE

Compliance Statement for Technical Specifications

Name Of the Firm/Vendor

Network Management Software Tool (NMS Tool) Technical Specifications Model

Items Description SELECT YES/NO Item Model REMARKS

1 For effective operations and management of IT Operations, there is a need for an industry-standard Network Monitoring System (NMS). Given the expanse and scope of the project, NMS becomes very critical for IT Operations and SLA Measurement. Some of the critical aspects that need to be considered for operations of IT setup of are: Network Fault Management, Network Performance Management, Server Performance Monitoring, and unified Dashboard & Reporting.

2 The OEM of the proposed monitoring solution shall be present in latest Gartner's Market Guide Report of year 2025. The documentary proof must be enclosed with the bid.

3 The Monitoring Solution should provide Unified Architectural design offering seamless common functions including but not limited to: Event and Alarm management, Auto-discovery of the Network environment, Reporting and analytics

4 The solution must provide discovery & inventory of heterogeneous physical network devices like Layer-2 & Layer-3 switches, Routers and other IP devices and do mapping of LAN connectivity with granular visibility up to individual ports level.

5 The operator should be able to build correlation rules in a simple GUI based environment where the Operator should be able to correlate cross domain events

6 The solution shall provide future scalability of the whole system without major architectural changes.

7 The monitoring module of proposed solution must have buil-in database with OEM Support for Entire Cotract Period to store data in order to provide full flexibility and control on collected data.

8 All the required modules should be from same OEM and should be tightly integrated for single pane of glass view of enterprise monitoring

9 The platform must provide complete cross-domain visibility of IT infrastructure issues

10 The solution must offer interactive end-to-end network path mapping with hop-by-hop performance analysis, threshold-based alerting, and historical trend insights. It should correlate node-level metrics with service impact, enrich paths with metadata (e.g., ISP info, geo/IP), and support policy enforcement with contextual visualizations.

11 The platform must consolidate monitoring events from across layers such as Network, Server, Application, Database etc

12 The solution must support custom dashboards for different role users such as Management, admin, and report users

13 The solution must support custom query-based widget with multiple visualization methods including Chart, Gauge, Grid, Top N list etc. to visualize and represent collected data with ease.

14 The solution should provide superior view of infrastructure health across system,networks, application and other IT Infrastructure components into a consolidated, central console

15 The solution must provide agentless and agent-based method for managing the nodes and have the capability of storing events / data locally if communication to the management server is not possible due to some problem. This capability will help to avoid losing critical events.

16 The proposed solution platform shall provide a single integrated solution for comprehensive monitoring of the wired, wireless access, security access control devices, CCTV cameras or any pingable devices and rich visibility into connectivity and performance assurance issues.

17 The proposed solution must provide comprehensive and integrated management of IT infrastructure components to maximize the availability of IT services and SLA performance.

18 The design functionality shall facilitate creation of templates used for monitoring key network resources, devices, and attributes. Default templates and best practice designs are provided for quick out-of-the- box implementation automating the work required to use OEM validated designs and best practices.

19 The proposed solution must provide Health Monitoring reports of the network with settable periodicity -@24 Hrs, 1 week, 1 month.

20 The proposed solution must provide the graphical layout of the network element with modules drawn using different colors to indicate their status

21 The proposed solution should have multiple alerting feature to get the notification via email, sms and third-party systems

22 The proposed solution should provide alert console with alert summary such as network alert, server alert, virtualization alert, cloud alert, application alert etc.

23 The proposed NMS solution must provide agentless as well as agent-based monitoring for server infrastructure. The agents should be able to set polling interval as low as 1 second with low overhead on target server infrastructure.

24 Dashboard & widgets

25 The proposed solution should allow the application of advanced statistical transformations and functions over selected KPIs, including but not limited to:

26 Anomaly Detection

28 Moving Average

29 Median Function

30 Logarithmic Scale Transformation

31 Delta/Derivative Functionality

32 The proposed solution must have dynamic, rule-based tagging capabilities during the discovery process, enabling flexible and contextual categorization of devices based on defined criteria.

33 The proposed solution should allow creation and integration of custom monitoring plugins developed in Go and Python, capable of collecting metric data using any required protocol independent of the original discovery method, thereby extending monitoring coverage and flexibility.

34 The proposed solution should offer a wide variety of intuitive widget visualizations to represent telemetry data effectively, including: Line Chart, Area Chart, Stacked Bar, Horizontal Bar, Vertical Bar, Pie, Donut, Top-N, Grid/Table, Sparkline, Treemap, Sankey, Bubble, Heatmap, Geo-Map, and Gauge

35 The solution must support multi-telemetry correlation in a single chart, enabling simultaneous visualization of Metrics, Logs, Flows, and Alerts for contextual insights.

36 Widgets should allow advanced visualization customizations, such as:

37 Toggling legends, adding rotation and adding threshold markers

38 Conditional formatting (icon/color based on thresholds)

39 Column visibility toggles and value formatting

40 Metric/unit conversion and display customization

41 Text Widget to bifurcate sections

42 Widgets must be capable of real-time data refresh and support inline analytical operations, including: Anomaly Detection, Forecasting, Value Difference, Monotonic Difference, Moving Average, Median, Logarithmic Transformations etc.

43 For advanced needs, the solution should allow custom scripting within reports, enabling complex data manipulations, calculated fields, and enriched views.

44 The proposed NMS solution should be aligned with ITIL framework principles and certified with ITIL4 for Monitoring & Event Management process and Capacity & Performance management.

45 The OEM of the proposed Network Monitoring solution should be "Make In India" company with presence of min, 14 years in the market and the solution should be deployed in min. 5 project in Gov/PSU/SmartCities. The documentary proof should be submitted at time of the bid submission.

46 The OEM should have a support centre in INDIA.

47 The solution should be capable of running in Linux platform should be 64-bit application to fully utilize the server resources on which it is installed

48 The proposed NMS solution must comply with the following standards: CIS certification, ISO 27034-1 for application security, ISO 27001:2022 for information security management, GDPR and POPIA for data privacy, and SOC 2 Type 2 for service organization controls. This ensures robust security, regulatory compliance, and comprehensive data protection across all managed network operations. Valid supporting documents must be submitted with the bid.

49 OEM must have average annual turnover of atleast INR 30 Cr. or above in last 3 financial years Excluding the current financial year with positive net worth. CA certificate need to be submitted at time of bid submission.

50 The OEM of the proposed solution should have certification on at least 9 or more practices for ITIL4. Documentary Proof needs to be provided during bid submission

Procurement of IT Hardware for KSRSAC

KARNATAKA STATE REMOTE SENSING APPLICATIONS CENTRE (KSRSAC) BANGALORE

Compliance Statement for Technical Specifications

Name Of the Firm/Vendor

Virtual Controller supporting 20 Access Points Technical Specifications Model

Sl. No Hardware Description SELECT YES/NO Item Model REMARKS

1 Architecture :WLAN Controller should be virtual controller in which APs acts as a virtual controller.

2 Scalability:Any type of controller quoted by bidder shall be capable of supporting minimum of 20 AP's from day one and scalable to 150 AP's for future requirements.

3 High Availability:High availability should be provided for controllers. In the event of a failure of the master access point, a standby/secondary master AP shall automatically take over.

4 WLAN Features:Should support Band Steering feature that forces the dual-band capable clients to the 5 GHz band on dual-band access points. Should have Band balancing to balance the client load on radios by distributing clients between the 2.4 GHz and 5 GHz radios.

5 Controller should involve only in management of Wi-Fi network.

6 Should support intelligent edge architecture for Wi-Fi access. Wi-Fi should be functional on the device if the link between AP and management controller or the controller itself goes down

7 Should balance wireless clients across APs on different channels, based upon the client load on the APs.

8 Should support internal DHCP server.

9 Should support IEEE 802.11r Fast BSS Transition and IEEE 802.11 802.11k Radio Resource Management neighbour reports. Should support Client load balancing to improve WLAN performance by helping to spread the client load between nearby access points.

10 Network Policy Features:WLAN solution should be able to create access policies in order to allow or block packets for inbound traffic/outbound traffic.

11 WLAN solution to support URL Filtering to block access to unwanted sites.

12 WLAN solution shall provide unique preshared keys to each and every user in single SSID. All licenses for this solution to be included.

13 WLAN solution (either integrated or through external firewall) shall have a capacity to inspect all traffic from each wireless client and allow or deny any traffic that does not satisfy specified policies.

14 It should be possible to create network access policies using Layer 2, Layer 3, Layer 4, client operating system and even whitelisting of clients.

15 WLAN Security:Should prevent users connecting to rogue AP and also prevent an outside user trying to connect to campus WLAN.

16 Should protect Wireless network from Denial of Service (DoS) attacks and Intrusion attempts.

17 Should be able to temporarily block wireless clients with repeated authentication failures for configurable timers.

18 Solution Should support L2 Client Isolation so User cannot access each other’s devices. Isolation should have option to apply on AP or SSID's.

19 Should support a router mode where Access point can provide NAT and DHCP services and acts as the gateway router.

20 The solution should support 802.1x authentication using an external radius server.

21 Should include WIPS to detect and mitigate rogue access points, Spoofing of SSID and Mac spoofing.

22 System should be able to send Email notification when Rogue AP is identified.

23 Guest and BYOD:The solution should provide a Guest Login portal to authenticate users that are not part of the organization.

24 The solution should be able to provide a web-based application that allows non-technical staff to create Guest accounts with validity for fixed duration like hours or days.

25 System should support internal and External Database for user authentication.

26 The solution should allow for guest users to enter contact information and receive authorization code to login to the guest network without the intervention of the administrator. The authorization code should be sent directly to the device or via SMS or email.

27 The solution should allow for guest users to enter contact information and receive authorization code to login to the guest network without the intervention of the administrator. The authorization code should be sent directly to the device or via SMS or email.

28 Guest login should also support sponsorship so that guest login requests have to be approved by an admin before allowing access to guest network.

29 Management:WLAN Solution should be manageable using SNMP, CLI, GUI and Mobile app

30 The controller should be able to present a dashboard with information on the status of the WLAN network and internet connectivity.

31 Licenses:All licenses required for the solution should be provided on day one. The vendor should specify if all features are available with the basic access controller pricing or if the support of some features require the acquisition of some licenses. The vendor should specify which feature requires which type of licensing including its cost.

32 Controller and access point to be provided with 24/7 tac support and warranty.

33 Warranty: 3 years On site comprehensive warranty with 24 x 7 x 365 support

34 The bidder shall supply all required network cabling and accessories as part of the scope of work, without any extra charges.