Ncess RFP

Page 1 of 119
NATIONAL CENTRE FOR EARTH SCIENCE STUDIES

(An Institution under the Ministry of Earth Sciences, Govt. of India)
P.B. No. 7250, Akkulam, Thiruvananthapuram-695 011, Kerala.
PURCHASE DIVISION
Our Ref : PUR-PROC/337/2019-PUR-NCESS Dt. 06.11.2019

(To be quoted in all correspondence)
Phone :( 0471) 2511531
FAX: (0471) 2442280
E-mail: purchase@ncess.gov.in
ncesspurchase@gmail.com
website : ncess.gov.in
Sub: e-Procurement Tender
Dear Sirs,
Please send your offer along with descriptive catalogue/ pamphlet for the following items not later than
10.12.2019 at 06.00 PM (Tender Opening at 9.00 AM on 12.12.2019). The terms and conditions governing the
tender are given at the bottom.
SI. No DESCRIPTION QUANTITY

REQUIRED
1 Supply, Installation & Commissioning of Virtual Desktop 1 No

Infrastructure Solution in Hybrid mode
(Detailed specification and conditions are given separately)

---------------------------------------------------------------------------------------------------------------------------
INSTRUCTIONS TO THE TENDERERS AND TERMS AND CONDITIONS
1. The quotation should be submitted by e-procurement in PDF format by ‘logging on’ in the
website eprocure.gov.in/eprocure/app. The total file size of the documents submitted should
not exceed 20 MB.
2. The technical and financial bids should be submitted separately.
3. In place of a Bid security, the bidders must sign a Bid securing declaration along with the
bid saying that “We accept that if we withdraw or modify our Bids during the period of
validity, or if we are awarded the contract and we fail to sign the contract, or to submit a
performance security before the deadline defined in the request for bids document, we
will be suspended for the period of time decided by NCESS from being eligible to submit
bids for contracts with NCESS”. The bids without this declaration or Udyog Aadhar
Memorandum /NSIC will be rejected.
4. The material should be delivered at NCESS or installed at the specified location and so the quotation
should include all the charges for the delivery at NCESS/installation.
5. It should be clear whether the quoted amount is inclusive of tax or not. If the tax is extra, the current tax
rates should be specifically mentioned. We are eligible for Excise Duty Exemption through DSIR
registration and its certificates will be provided in our formats.
6. In INR orders, the Customs Duty Exemption Certificate will be given to the supplier upon
request. But the entire responsibility of customs clearance and delivery at NCESS will rest with
the supplier. High sea sale is not accepted and should not be quoted.
7. The bid should contain the Bid securing declaration, Authorization from manufacturer, Details
of Service Centre, Technical details with make, model and specification of each component,
Technical Compliance statement, List of Customers, Brochures etc., wherever applicable.
8. The bidder should enclose all relevant documents in a sequential manner as per the tender format.
9. The offer should be valid for 120 days from the due date of opening of tender.
Page 2 of 119
10. The Purchaser reserves right to accept any tender in part or full without assigning any reasons. The
enquiry is not a commitment and the purchaser reserves the right to reject or cancel any or all offers.
11. Catalogue/Brochure/Manual should be submitted along with the offer wherever necessary.
12. Warranty / Guarantee Clause needs to be mentioned necessarily wherever applicable.
13. All foreign bank charges will be to the account of beneficiary.
14. The purchase will be made on credit basis and the payment will be made after supply and
acceptance, by bank transfer.
15. In the case of imports, both FCA and CIF/CIP Trivandrum airport prices may be quoted. 90% payment
will be made against proof of dispatch documents by LC or wire transfer and balance 10% will be
released against acceptance of goods and the receipt of bank guarantee.
16. In the event of placement of order, supplier / Indian agent shall provide a Performance Bank guarantee
for 10% of the order value valid for warranty period + 60 days.
17. Any further changes in the details, like the date of opening or specification, will be posted on our web
site only.
ADDITIONAL CONDITIONS
1. Pre-bid meeting will be conducted on 20.11.2019 at 11.00 AM in NCESS Office. Interested vendors
may attend the pre-bid meeting at their own cost, after informing NCESS by e-mail to
purchase.ncess@nic.in on or before 18.11.2019, confirming their visit to the pre-bid meeting. If no such
confirmation of attending the pre-bid meeting has been received from any vendors upto this date, no
pre-bid meeting will be held. Any decision/ change regarding pre-bid meeting will be informed through
NCESS website. All the clarifications required regarding the tender, including the points to be discussed
in pre-bid meeting, should be sent to the e-mail: salaj.ss@ncess.gov.in with copy to
purchase.ncess@nic.in before the specified time. Late submission/ e-mails will not be considered.
2. Integrity Pact is applicable to this tender. The format of the integrity pact can be downloaded from the
web site of NCESS. The Integrity Pact should be filled in and printed on stamp paper worth Rs 500/-.
Signed Integrity Pact should be submitted by the bidders at purchase Section, NCESS on or before the
date of submission of bid. The bids of only those bidders who have submitted the signed integrity pact
by the specified time will be accepted during the bid opening. Late submissions will not be accepted.
3. The independent external monitors for this tender are Shri Arun Kumar, Ex Secretary, Oil Industry
Development Board (email: kumararun_53@rediffmail.com) and Shri Sushil Gupta, Ex. Chairman,
Central Ground Water Board (email: sushilanitagupta@yahoo.com).
Yours faithfully,
Sd/-
Deputy Manager (Purchase)

Page 3 of 119
Supply, Installation & Commissioning of Virtual Desktop Infrastructure Solution in Hybrid

mode
National Centre for Earth Science Studies (Herein as referred to as NCESS) invites online Bids for
supply of “Virtual Desktop Infrastructure Solution in Hybrid mode” as per the technical specifications
given in the Section V.
Section I: Introduction
1.1 ABOUT NCESS
NCESS (ESSO-NCESS) is a premier R&D institution under Ministry of Earth Sciences, Govt of India
to foster solid earth research & its applications situated in Thiruvananthapuram, Kerala.
1.2 OBJECTIVES OF THE TENDER
The objective of this tender is to select bidder/System Integrator (SI) / Managed Service Provider
(MSP) to implement VDI solution on hybrid mode (availing Cloud services from MIETY empaneled
Cloud service providers and HCI infrastructure, DC in a box from reputed OEM).
Section II: Pre-Qualification Criteria

Qualification Criteria for System Integrator /MSP
Sl. Compliance
Qualification criteria for SI Documents required
No Yes/No
Bidder must be a as a single legal entity
(Company), must be incorporated and
Copy of Certificate of
1 registered in India under the Indian
Incorporation
Companies Act 1956 and should have been in
operation in India for minimum of Five years.
Bidder must be certified for ISO 9001:2008 or Relevant Valid
2
Latest certification Certifications
Letter from Statutory
Auditors on their letter
The Bidder should have an annual turnover of
head mentioning the
INR 50 Crores. The bidder should be
3 annual turnover and profit
profitable over the last three consecutive
from IT services /
financial years.
Certificate from Chartered
Accountant.
Bidder must have executed at least 1
Copy of Client certificate,
VDI/HCI projector at least 1.5 crores of total
4 work order, or completion
value in the last Three Financial Years in any
certificate
organizations in INDIA
Bidder must have experience in migrating and
managing workloads on the Cloud Services of
proposed CSP –at least 1 client, of order value
certificate
not less than Rs. 25 lakhs in the last 3 years.
Letter of undertaking to
The Bidder must be authorized by the this effect on the CSP
6 proposed Solution providers (Cloud Service /OEM's letter head, signed
Provider and hardware OEMs). by authorized signatory of
CSP /OEM
Letter from authorized
The bidder shall not be blacklisted by any
signatory on the letter
7 Government agencies/Utilities/Departments at
head of SI regarding non-
the time of bidding.
blacklisting
Page 4 of 119
Consortium /Joint Venture is not Permitted in Letter from authorized

8 this Tender signatory on the letter
head of SI.
Successful completion of
PoC certificate (Form 6)
from authorized signatory
The bidder should carry out Proof of Concept on the letter head of SI
(PoC) in Cloud VDI instances to ascertain the and countersigned by
software used (as per Annexure 3) are Head, IT Wing, NCESS
9 compatible and the performances are Or
satisfactory with VDI instances. (Proposed Certification from
Cloud, VDI and Application Delivery Software vendors
controller should be part of the POC setup). (Annexure3) on
the compatibility with the
proposed cloud, ADC and
VDI solutions.
head of SI with supporting
The bidder should be in a position to deliver
documents. Supporting
complete end-to-end solution. Proposal has to
10 documents such as
clearly reflect the competence and capability
reference letters from
of the bidder in meeting this requirement.
clients who placed orders
on the bidder in the last 5
years.
Qualification Criteria for Cloud Service Provider (CSP). Bidder shall avail the services of a
CSP for this solution satisfying the following conditions on the CSP
Compliance
Sl.No Pre-Qualification criteria for CSP Documents required
Yes/No
The CSP, as a single legal entity
registered in India under the Indian Copy of Certificate of
1 Companies Act 1956 or a Limited Liability Incorporation or Certified
Partnership (LLP) registered under the LLP copy of Partnership Deed.
Act, 2008 or Indian Partnership Act 1932
and should have been in operation in India.
Cloud Service Provider should be STQC Letter of Empanelment
2
audited and MeitY empanelled. issued by MeitY
The CSP should have a minimum turnover
from cloud services of Rs.300 Crore in
each of the last 2 financial years i.e (2016- Certificate from the
3
17 and 2017-18). The CSP should also have Chartered Accountant.
positive Net worth in each of the last 2
financial years i.e (2016-17 and 2017-18).
The CSP must have experience of Copy of Client certificate,
provisioning of Cloud Services on their work order, completion
4 Cloud for at least 3 clients in India out of certificate or extract from
which at least one client must be the contract mentioning the
PSU/Central Govt/State Govt scope of work.
Page 5 of 119
Third party certifications of the proposed

CSP: Third Party Certificates
5 a. ISO 27001
copies
b. ISO/IEC 27017:2015
c. ISO 27018
Accreditations relevant to security,
availability, confidentiality, processing Self-Certificate by the
6 integrity, and/or privacy Trust Services authorized signatory of the
principles. CSP
 SOC 1, SOC 2, SOC 3
Availability SLA on the compute and block
storage services offered by the CSP in India
7 Proof on CSP Public Portal
as per the published SLAs should be
99.99% or better
CSP should have capability to provide
dedicated server/host using its native Cloud
8 Infrastructure (hardware) in India, which Proof in CSP Public portal
allows usage of existing software license to
deploy.
The CSP should not be black listed by Letter from authorized
9 Private/PSU/Central Govt/State Govt. in signatory on the letter head
India of CSP
Section III: SCOPE OF WORK
NCESS wishes to appoint a Bidder (SI) for providing Virtual Desktop Infrastructure Solution on
Hybrid mode (with on premise infrastructure and public cloud) for a period of 3 years. The SI
together with CSP and OEM shall provide VDI infrastructure and managed Services for the Hybrid
infrastructure during the contract period.
The proposed solution should be a true Hybrid cloud solution. The solution should have the capability
to manage servers running on Cloud and in the on-premises data center through a single interface, and
it should manage resources of FIle Storage, AutoScaling Images , CPU/Memory (limited to available
in Base Hardware for Windows and Linux operating systems running on Cloud or on-premise DC
interchangeable (Note: provided no specialized Hardware is not installed) . The proposed solution
must be scale automatically to meet the compute and storage requirement from on-premise to cloud
DC and vice versa. The proposed solution should also sync on-premises data to Cloud via Direct
connectivity and also sync from Cloud to data stored on-premises.
The brief scope of work is as follows.
a) Setting up a HCI based VDI infrastructure in On-premise Data Centre and Public Cloud.
b) Providing VDI for applications (Annexure 3) used by NCESS along with 24*7*365 days
support.
c) Application virtualization should be part of the offered solution.

d) All the existing application licenses should be made available with a dedicated on premise
Page 6 of 119
licensing server (for both on premise and cloud implemented application). All the applications
running on cloud should able to handshake with the said licensing server for authentication.
e) Supply and Installation of DC in a Box (42u Rack)
f) Supply, installation & commissioning of Virtual Desktop Infrastructure Solution in Hybrid
mode (HCI, Network, DC, Firewall, VDI etc.) and to provide Comprehensive warranty for 3
years.
g) Bidder shall provide 24x7x365 Managed Services for the proposed Virtual Desktop
Infrastructure Solution in Hybrid mode including direct P2P connectivity.
h) Provisioning Cloud services for additional quantities as per BOM.
i) Provisioning Cloud Connectivity (direct P2P) through Bandwidth Service Provider. Bidder
shall introduce eligible (proposed CSP Certified) Network Bandwidth Service Providers
(NBSP) for provisioning of Bandwidth Services under this contract. The separate purchase
order (PO) will be issued to NBSP for bandwidth portion of this RFP.
j) Bidder must provide solution to meet all the mandatory technical requirements mentioned in
the RFP
k) Provisioning Cloud Storage for Maximum capacity of 30 TB object and 50TB Archival Storage
at each location.
l) Provisioning of On premise storage for maximum capacity of 30TB and 200TB distributed
object storage.
m) The bidder shall propose the required no. of O.S, Server Virtualization, VDI and other relevant
licenses suitable to meet the specified 80 concurrent VDI user access.
n) The selected Bidder is responsible for Maintenance Services on proposed Physical and Cloud
VDI infrastructure including Resource Management, User Administration, Security
Administration & Monitoring of Security Incidents, Monitoring Performance & Service
Levels, and Backup.
o) Collaboration Software – A web application having basic functionalities for data uploading and
sharing, dynamic forms, access privileges, Document versioning, File versioning, metadata
information listings, data access privileges, needs to be incorporated. The data should be
uploaded and downloaded irrespective of its file formats and the user while uploading should
have the provision to enter the metadata information, based on which the file should be
indexed.
p) Bidders must source, install and configure Microsoft Active Directory seamlessly for the
proposed hybrid solution.
q) Bidder should use reputed Backup/replication tools to meet 12Hrs RPO and RTO at both
locations.
r) Fault ticket management solution for the proposed solution.
s) Reports providing system-wide visibility into resource utilization, audit trails,application
performance, and operational health through proactive monitoring (collect and track metrics,
collect and monitor log files, and set alarms) of the cloud resources
i. Auto-scaling rules and limits

ii. Report of all of the provisioned resources and view the configuration of each.
iii. Summary of alerts with respect to security configuration gaps such as overly permissive
access to certain compute instance ports and storage buckets, minimal use of role
segregation using identity and access management (IAM), and weak password policies
iv. Summary of security assessment report that identifies the possible improvements
(prioritized by the severity) to the security and compliance of applications deployed on
Page 7 of 119
cloud
v. Report on upcoming planned changes to provisioning, either possible optimizations, if
any.
vi. The admin user login credentials shall be provisioned for monitoring purpose
Proposed Architectural Diagram
Section iv: Unpriced Bill of Materials:
Specifications
Offered
(OEM name,
product
Sl. details, model Compliance
Item Description Qty
No numbers etc. (Yes/No)
should be
clearly listed.
Brochures to
be enclosed)
16 vCPU / 32GiB / 300GB
1 Cloud VM 1 44
SSD (900 IOPS)
16 vCPU / 32GiB / 300GB
2 Cloud VM 2 6
SSD (900 IOPS) / Cent OS
2 vCPU / 4GiB / 100GB
3 Cloud VM 3 2
SSD (300 IOPS)
30TB Usable High Available
Object Storage + 50TB
4 Cloud Storage usable Archival Storage with 1
both storage having
99.99%or better durability
3 node HCI appliance with
30TB usable All FLASH
storage ( each node with
5 HCI Appliance 1
NVIDIA Tesla p40 (24GB)
with 25 Nvidia Grid licenses,
dual Intel Xeon Platinum
Page 8 of 119
8200 series (Cascade Lake-

SP) processor 24 core each,
Processor Base frequency-
2.9 GHz or higher, 256GB
DDR4, and RPS). Dual port
10G SFP network Interface.
32 port 10GbE SFP
populated unified switch in
high availability mode.
Minimum four Node Object
Distributed storage Appliance with
6 Object Storage 200TB usable capacity and 1
for Archival dual port 10G connectivity
from day 1.
Firewall should have the
processed throughput of
350Mbps and should support
a minimum of 200 users with
7 NGFW 3year UTM subscription 2
(The offered firewall should
be from the same OEM for
On-Prem and proposed
cloud)
OS for Cloud Required Windows Server 1
8
VM 1 Data Centre Edition license Lot
Required Windows Server 1
9 OS for HCI
Data Centre Edition license Lot
Required Hypervisor license
Server 1
10 along with automatic
Virtualization Lot
resource scheduler features.
Hybrid solution with
automation and management 1
11 Hybrid Solution
with 3 years production Lot
support
Required concurrent VDI
12 VDI Software 80
Software license
Windows Remote Desktop
13 RDS CALs 80
User CAL licenses
Application Delivery
Controller having processed
throughput of 200Mbps.
14 ADC 2
(The offered ADC should be
from the same OEM for On-
Prem and proposed cloud)
15 Cooling Rack Smart Rack with UPS 1
50 Mbps point to point
16 Connectivity connect from NCESS DC to 1
Cloud for 3 years
1.2 GHz Dual-Core SOC
APU with AMD Radeon HD
Graphics r with 8GB RAM,
17 Thin Client 18.5” or higher LED 4
Monitor, USB Keyboard,
Optical Mouse, Gigabit
Ethernet port, support GPU
Page 9 of 119
based virtual desktops.

An application having basic
functionalities for data
uploading and sharing,
dynamic forms, access
Collaboration
privileges, Document
18 Software &
versioning, File versioning,
Support
metadata information
listings, data access
privileges and user login
authentications
3 years comprehensive
warranty for the complete
Warranty/
solution including
19 Implementation
Infrastructure installation,
/ Support
configuration and Managed
Services
All requisite accessories and
software/hardware licenses
to complete the
20
commissioning of the
solution is the responsibility
of the bidder.
ANY OTHER SERVICES -
21 Other
Please add Rows
4th Year & 5th Year AMC
Sl. Compliance
Item/Description
No (Yes/No)
4th and 5th year comprehensive AMC pricing for the
entire proposed On-Prem solution including licenses as
1 per BOM.
4th and 5th year Cloud Subscription pricing for the entire
2
proposed Cloud solution including licenses as per BOM.
4th and 5th year comprehensive AMC pricing for
Development, Support and Maintenance of Collaboration
3 Software.
Section V: Technical Requirements
General Requirements: Cloud
Sr. Complianc
Description
No e (Yes/No)
Cloud service provider must ensure that all compute, storage,

1 network, database and other resources are hosted within India
. region only. Cloud service provider also ensures that NCESS’s data
must reside only in India region.
CSP Should support multi-site deployment architecture, across
geographically disparate sites, with Active-Active configuration to
2
ensure fault-tolerance with high availability between two physical
sites. In case of failure, automated processes to shift application
Page 10 of 119
traffic to a secondary physical site. The said architecture should be

available in India
CSP should provide auto scaling support within the limit of total
instances purchased for all compute instances (without any manual
3
intervention) during peak demand as well as normal workloads to
maintain stable performance of applications
CSPs native service for Data Migration supporting Continuous Data
Replication. Support for homogenous (same database engine as the
4 source and target) and heterogeneous database engines (source and
target database engine are different, For eg: Oracle to PostgreSQL
or DB/2 to MySQL)
CSP should have capability to provide dedicated server/host using
5 its native Cloud Infrastructure (hardware) in India, which allows
usage of existing software license to deploy.
The Cloud Service Provider must have provision for connectivity of
6
leading ISPs
CSP have capability to Provision the Compute Instance on the fly
7
through Console within 15 minutes.
CSP Capabilities:
a. Agility - software defined configurations to add / remove
capacity
b. Customer has the full control on the environment (e.g., can
8 create a virtual private cloud) and has the ability to log, monitor,
and audit the traffic and usage
c. Published SLAs / Uptimes and pricing on the public portal
Availability of reports (e.g., personal health dashboard, security
logs, audit reports) to the customer on the portal
9 ON PREMISE & CLOUD BACKUP RPO and RTO < 12 hrs
Compute requirements: Cloud

Proposed Virtual Machines (VM1 & VM2) should
1 be offered with Intel Xeon Platinum 8200 series
(Cascade Lake-SP) processor @ 3 GHz or higher
Compute service should provide auto-scalable,
2
redundant, dynamic computing capabilities.
Compute service should have support for operating
3 systems such as, Red Hat Enterprise Linux, SuSE
Enterprise Linux, Windows Server etc.
Compute service should include instance types as
per application and database instance requirements
4
such as compute optimized, memory optimized,
storage optimized, IO optimized etc.
Compute service must allow resizing of compute
5 resources (vCPU, Memory, Storage, Network,
IOPS etc.) at any point of time.
Compute service should provide local storage for
6
compute instances in case of temporary use.
Page 11 of 119
Compute service should allow NCESS’s

authorized users to procure and provision
7 computing services or virtual machine instances
online with multi factor authentication via the SSL
through a web browser
CSP should provide self-service provisioning of
8
multiple instances concurrently.
CSP should provide ability to logically group
9 instances for applications that require low network
latency and/or high network throughput.
NCESS should able to import own images for
provisioning of compute instances over cloud.
10
Supported image format VMDK or VHD or any
other industry standard image formats.
NCESS should able to export virtual images of
running compute instances. Supported image
11
format VMDK or VHD or any other industry
standard image formats etc.
CSP should make sure that compute instances
designed in such way to avoid any outage or
12
downtime when CSP performing any maintenance
activity.
CSP should ensure that if at any point, compute
13 instance fails it should automatically restart on
healthy physical host.
Compute service should provide health status,
14 Event and notifications of instances such as a
reboot, stop/start, or retirement/terminate.
Support multiple (primary and additional) network
15 interfaces cards (NICs) to be allocated for a given
Instance/VM
Compute service should provide support for Image
16
backup (or snapshot) of compute instances.
Bidder should ensure that Compute instances
17
should have anti-virus protection.
CSP shall ensure that compute instances receive
18 OS patching, health checking, Systematic Attack
Detection and backup function.
Bidder should ensure that physical core to vCPU
ratio is not more than 1:2 for all proposed servers
19
as well as additional servers required during
contract period.
Bidder should also make available necessary tools
20
for measuring vCPU performance.
CSP must provide virtual machines only on Server
21 Class hardware for the Cloud Provisioning of
NCESS's requirements.
CSP should provide sufficient swap space for
22 servers other than proposed storage mentioned in
Price Bid
Storage requirements: Cloud
Page 12 of 119
CSP should provide ability to provision storage

1 dynamically in different options like SSD,
provisioned IOPS, File storage, cold storage etc.
CSP should provide persistent block level storage
2
volumes for compute instances.
Cloud service should support encryption of data on
3
volumes as per industry standards.
Cloud service should support point-in-time
4 snapshots. These snapshots should be incremental
in nature.
CSP should offer secure, durable, highly scalable
5 object storage for storing and retrieving any
amount of data from the web.
CSP should support an extremely low-cost storage
6 service that provides durable storage with security
features for data archiving and backup.
Cloud service should support encryption for data
7
at rest encrypt data in object storage.
Cloud Service should support managing an object's
lifecycle by using a lifecycle configuration, which
8
defines how objects are managed during their
lifetime, from creation/initial storage to deletion.
Cloud service should be able to send notifications
9 when certain events happen at the object level
(addition/deletion).
CSP should offer a solution for storing cloud data
10 from cloud backup storage or object storage to on-
premises storage.
Offered Block Storage with SSDs providing
11
minimum 3 IOPS per GB
Offered Object Storage should Support Versioning
& Multi-Factor Authentication (MFA) to prevent
12 accidental deletions. Designed to provide
durability of 99.99% or better as published in the
CSP public portal
Fault ticket management services (Incidence/Change)and
Support
CSP should Provide Support coverage 24x7 for
365 days. Feature should include Open a case
1
online with Support via email (web support), chat,
or phone
CSP should configure NCESS Severity definition
2
& response time’s definition.
Personal Health Dashboard to give personalized
3 view of the status of the services that power
applications
Tool to alerts on opportunities to save money,
4 improve system availability and performance, or
help close security gaps
Cloud provider should offer a dashboard that
5 displays up-to-the-minute information on service
availability across multiple regions.
Page 13 of 119
Cloud provider should offer 365 days of Service

6
Health Dashboard (SHD) history.
Cloud provider should offer a service acts like a
7 customized cloud expert and helps provision
resources by following best practices.
Monitoring tools that will enable collection and
tracking metrics, collection and monitoring log
files, set alarms, and automatically react to
changes in the provisioned resources. The
8 monitoring tools should be able to monitor
resources such as compute and other resources to
gain system-wide visibility into resource
utilization, application performance, and
operational health.
Able to define guidelines for provisioning and
configuring cloud resources and then continuously
monitor compliance with those guidelines. Ability
to choose from a set of pre-built rules based on
common best practices or custom rules (e.g.,
ensure Storage volumes are encrypted, Compute
9
instances are properly tagged, and Elastic IP
addresses (EIPs) are attached to instances) and
continuously monitor configuration changes to the
cloud resources and provides a new dashboard to
track compliance status.
Provide Audit Trail of the account activity to
10 enable security analysis, resource change tracking,
and compliance auditing
Support for third party OS support (Ubuntu
Server, Red Hat Enterprise Linux and Fedora,
SUSE Linux (SLES and open SUSE), CentOS
Linux, Microsoft Windows Server 2008, Microsoft
11 Windows Server 2008 R2, Microsoft Windows
Server 2012, Microsoft Windows Server 2012 R2,
Microsoft Windows Server 2016), web servers
(Apache, IIS, Nginx), databases (MySQL,
Microsoft SQL Server, PostgreSQL, Oracle),
N. Direct Links
SI should provide the direct link access from cloud
1 to NCESS’s Trivandrum on premises location, so
that cloud services are accessed from on premises.
SI should provide the end to end delivery of Direct
2
Links
Termination Point of Direct link at NCESS will be
3
provided and managed by MSP
Direct Link service should integrate with existing
4
MPLS network of NCESS.
Direct link should be preferably less than 15 ms
5
Latency
Cloud provider should provide mechanisms to
establish private connectivity between the cloud
6
environment and a customer datacentre, office, or
colocation environment.
Networking requirement
Page 14 of 119
Cloud platform network should provide creation of

one or more subnets within private network with a
single Classless Inter-Domain Routing (CIDR)
1
.Cloud Platform network should be robust,
scalable and secured as per the enterprise
industry standard
Cloud platform network should be provide
2 creation of DMZ for Web facing applications and
can provide public and private IP.
Cloud platform network should have low latency,
low jitter, all protocol required to run application (
3
tcp ,UDP etc.),network access list and Prevent IP
Spoofing features
CSP should provide the Public IP as per NCESS
4
requirement
Cloud platform network should have Network load
balancer and application load balancer enabled for
5
smooth network and application functions with
sufficient number of Transaction Per second
Cloud platform network solution should be
6 horizontally scalable and redundant (active –active
and active passive and clustering).
Cloud platform network solution should have
access from http, https, cli and have own
7
management console and dashboards for network
monitoring and configuration.
Cloud platform network solution should have
minimum 40 % of network resources shall free all
the time. Platform should have dashboard for
8 network Problem identification and monitoring
network issues. Platform should easy to
configurable with fewer efforts, policy based and
online configuration impact analysis.
Cloud platform network should have on demand
network enhancement, maintain confidentiality
10 and integrity of data in transit , Protect NCESS
data from unauthorized (access, authentication ,
disclosure, modification or monitoring)
CSP should provide the customer service portal for
11 call logging, view licenses, support Agreement,
update download.
Bidder must demonstrate that all the points
12
covered Under Network Solution
Security Solution Requirement
CSP should design and provide the best suitable
1 enterprise security framework to manage modern
and advance security threats.
Page 15 of 119
Cloud platform should provide firewall for

inbound and outbound network traffic with state
full policy inspection and advance threat
protection. Platform should have dashboard for
2
Security Problem identification and monitoring
security issues. Platform should easy to
configurable with fewer efforts, policy based and
online configuration impact analysis.
Cloud platform should provide the reverse proxy
3 to protect internal application on web and also
provide NAT functionality.
Cloud platform should provide edge to edge
security ,visibility and carrier class threat
management and remediation against security
4 hazards like Denial of service , distributed denial
of service, botnets etc. Also shall provide
protection against network issues such as traffic
and routing instability.
Cloud platform should provide web application
filter for OWASP top ten protection and have layer
7 application load balancing which support content
based routing (Host and path based routing), SSL
5 certificate configuration per Application, health
check of application server per port basis, SSL
offloading ,HTTP and HTTPs session management
and monitoring .End user shall not be hamper
while failover .
Cloud platform should provide the scalable
domain name system service with advance security
6 features, DNS load balance, Private DNS, DNS
failover, support multiple Zones, and DNS query
management and monitoring.
Offer a service to protect from common, most
frequently occurring network and transport layer
7 Distributed Denial of Service (DDoS) attacks,
along with ability to write customized rules to
mitigate sophisticated application layer attacks
Cloud platform security solution should have
access from http, https, cli and have own
8
management console and dashboards for security
monitoring.
Bidder must demonstrate that all the points
9
covered Under Security Solution
Hyper-Converged Infrastructure
Technical
Sl.No Description Complianc
e (Yes/No)
1 The Proposed Solution should be an hyper converged appliance.
The proposed HCI solution should be 100% software defined. The
2 solution should support Compression & De-duplication from day
one.
Page 16 of 119
The proposed solution should run on industry standard x86 HCI

3 appliance and it should leverage Virtual Storage Appliance to have
truly Software defined Storage or better technology.
HCI solution should support non-disruptive Scale-Up (Upgrade by
inserting additional drives in existing empty drive-slots &
4 increasing the RAM) whenever required without any additional
licensing cost and Scale-Out (Upgrade by adding nodes) upgrades
to grow capacity and/or performance.
HCI solution should support for increasing capacity by adding
CPU, Memory or any other devices to virtual machines on an as
5
needed basis without any disruption in working VMs running
windows and Linux operating system.
HCI solution should provide live Virtual Machine migration
6 between different generations of CPUs in the same cluster. Also
live migrate VM without any VM downtime.
The proposed solution must have capability to support nodes with
same/different CPU & Memory configurations in the same cluster,
7
The proposed solution should support either hybrid or all flash
nodes in same cluster for future scalability.
HCI solution should provide a single unified management console
for the management of the entire environment including the
8
virtualized environment as well as software defined storage
environment to simplify the manageability of the entire solution.
HCI solution should provide solution to automate and simplify the
9 task of managing hypervisor installation, configuration and
upgrades.
HCI solution should provide encryption protects unauthorized data
10
access.
11 Proposed HCI solution should support fault tolerance.
12 Proposed HCI solution should support GPUs, as required.
Required Hypervisor License along with automatic resource
13
scheduler features should be included into the solution.
The proposed solution must have capability to support all industry
14
drives available ( SSD & SAS)
HCI solution should include bare metal hypervisor with
15 functionality of High Availability, hot Add (CPU, Memory,
Storage& Network).
HCI solution should support enforcing security for virtual machines
at the Ethernet layer. Disallow promiscuous mode, sniffing of
16
network traffic, MAC address changes, and forged source MAC
transmits.
HCI solution should provide enhanced visibility into storage
17 throughput and latency of hosts and virtual machines that can help
in troubleshooting storage performance issues.
18 HCI solution should support RAID or RAIN.
HCI should have inbuilt Distributed Switch to centralize network
provisioning, administration and monitoring using data centre-wide
19
network aggregation, should provide Network QoS to define
priority access to network resources.
All the software components should have unlimited incident
support with L1, L2, L3 level technical support (Email, Phone &
Web) directly from the original OEM. The support should be
20
available 24x7x365 with unlimited updates and upgrades during the
complete tenure of the project without any additional cost during
the tenure of the complete project.
Page 17 of 119
The backup solution should support Should support backup of

various OS platforms such as Windows 2008, 2012, 2016, Linux
22 and UNIX. Backup software solution must have inbuilt capability
to protect the backed up disk volume from Ransomware or Any
other similar features
The Backup software must provide native database support for
23 Oracle, MS SQL, MySQL and PostgreSQL. The proposed backup
solution must support at least AES 256-bit encryption capabilities.
The Backup Software should have inbuilt catalog database. The
Backup Software should be able to support versioning and should
be applicable to individual backed up objects. Software shall
24
support rebuild catalogs and indexes in case of disaster. It shall be
supported through Software GUI or through Command line
utilities.
The switch should have 32 ports of 40-Gbps ports in one 1 rack
25 unit (RU) should be deployed in high availability mode. Support
for 4x10-Gbps breakout cables.
26 The switch should Bandwidth up to 2.56 Tbps.
The switch Ports capable of line-rate, low-latency, lossless 40
27
Gigabit Ethernet and Fibre Channel over Ethernet (FCoE)
Integration with NAS, FC, FCoE and iSCSI SAN and infrastructure
from leading vendors leveraging high performance shared storage
28
to centralize virtual machine file storage for greater manageability,
flexibility and availability.
The solution shall be provided with complete capacity license for
29
deduplication, compression, for entire capacity.
The OEM shall provide onsite warranty of 3 years on the proposed
30
HCI appliance.
The proposed solution like HCI appliance, Unified Switch, Backup
Solution should be leader in latest HCI Gartner Magic Quadrant
31
list. Underlying servers should also be leader in latest Magic
Quadrant Server Modular list.
HCI and its software should be compatible with proposed cloud
32
solution.
Desktop Virtualization
Compliance
Compo
Category Description (Yes/No/Pa
nents
rtial)
General Requirements
The VDI solution shall be scalable up to 10000
device connections.
The solution should support the delivery of
Windows & Linux based Virtual Desktop,
RDSH based Desktop, hosted & packaged
application from same platform and single user
General VDI
General portal.
Specifications
The solution should allow concurrent user
connection
The solution should support applications
virtualization by encapsulating application files
and registry into a single package that can be
deployed, managed and updated independently
from the underlying operating system (OS).
Page 18 of 119
The Solution should provide anytime, anywhere

secure access to desktops and applications
including SaaS/web applications, Hosted RDSH
App, packaged ThinApps and even Citrix
applications on any endpoint, including iOS,
Windows, Android and Mac
The Solution should be able to connect from
industry standard client operating systems (OSs)
and Thin client/Zero Clients.
The solution must provide in-depth monitoring
and historical usage (minimum one month)
reporting of VDI environment.
The solution should support mechanisms to
reduce disk/io latency between physical nodes
and share-storage infrastructure
The solution should provide Unified client for
consistently great experience across devices and
locations for:
-Optimized access across the WAN and LAN
through an HTML browser
-High performance multi-media streaming
-Rich virtualized graphics
-fully optimized unified communications and
real-time audio and video support.
-intuitive and contextual user experience across
devices making it easy to run Windows on
mobile.
-Access to local devices, USB and device
peripherals
The proposed solution can be hosted on multi
datacenter architecture which will allows IT to
easily move and locate broker pods across
datacenters and sites.
The proposed soultution shall provide
comprehensive visibility across a desktop
environment, allowing IT to optimize the health
and performance of desktop services and cloud
analytics.
Connection broker software should allow to
deliver virtualized or remote desktops and
applications through a single virtual desktop
Virtual
Manag infrastructure (VDI) platform and support end
Desktop
ement users with access to all of their desktops and
Management
applications through a single unified workspace
catalog.
The solution should support Instant clone
technology for fast VDI provisioning whereby a
booted-up parent VM can be quiesced, and “hot-
cloned” to produce derivative VM’s rapidly,
leveraging the same disk and memory of the
parent, with the clone starting in an already
"booted-up" state
IT should have ability to use Group policy
administrative templates (ADM files) to
optimize and secure VDI infrastructure.
Page 19 of 119
IT should have an ability to use centralized smart

pooling and auto provisioning capabilities to
provide range of automated persistent, non-
persistent and stateless desktops in the same
pane of glass.
IT should have an ability to leverage the
deployment of SOE application using
template/application stack with just few clicks.
Solution should Deliver and upgrade
applications through virtual disks in real-time,
lowering time to deploy applications from hours
to seconds and reduce the number of desktop
images to manage by allowing to create modular
app stacks.
Reduce management costs by efficiently
delivering applications from one virtual disk to
many desktops such that applications are
immediately and dynamically made available,
upon logon, while logged in, or at boot.
Solution should support Managing applications
in volumes, reducing storage capacity
Application requirements without impacting network and
Management compute resources.
In the use case of developer and L&D, users
should have flexibility to install applications on
his own and Application Management software
should provides capability to capture and deliver
the user installed application, data and profile
irrespective of the any desktop he logs in
App Management software should integrate with
storage to provide a unique DR capability of
replicating read/write volumes from primary site
to DR site. This makes end user productive as
they can start working immediately (as per RPO
policy) of the organization in case of primary
site failure.
The Solution should allows IT to set up dynamic
policies that change a user’s experience based on
things like location or device type.
The Solution should offer Easy-to-apply policy
across devices and locations and helps accelerate
User management, migrations and onboarding,
Environment including configuration settings for applications,
Management shortcuts, mappings and group policy settings.
Solution should provide Scale out services with a
single solution that supports virtual, physical and
cloud-hosted environments.
Solution should provide ability to quickly add
and remove profile and personalization services.
End to End The Solution should provides end-to-end
Monitoring visibility into the health, performance, and
Monito
software from efficiency of virtual desktop and application
ring
Datacenter to environments from the data center and the
end user network, all the way through to devices
Page 20 of 119
device. Monitoring software for VDI should allow IT to

easily troubleshoot, manage and monitor your
end-user computing environment with a single
pane of glass from datacenter to devices.
Solution should automatically track the health of
your virtual desktop infrastructure stack to
optimize performance. Monitor all storage,
compute and network resources—including
Protocol performance, Connection Servers and
Gateway Servers—across physical and virtual
boundaries. It shall be able to do root cause
analysis with log management from single pane
of glass with In-guest metrics for app
performance monitoring by Identifying over-
provisioned hardware, bottlenecks and resource
constraints.
Solution should support Advanced Analytics &
Reporting. It should Automatically learn normal
operating parameters for Desktop Virtualization
infrastructure and user workloads. Get proactive
warnings. Set alerts based on dynamic rather
than “hard” thresholds that adapt to your
environment. Receive advanced notifications
before events impact end users to proactively
manage your environment. Take advantage of
out-of-the box usage and license-compliance
reports and easily remediate your environment
with common commands.
Desktop virtualization Client should allow users
to transparently use local or network printers
from within their remote systems, yet removes
the requirement for installing proprietary printer
drivers on each View VDI desktop.
The Solutions should allow end users to uses the
self-service enterprise portal to access all the
corporate applications (RDSH, ThinApp, SaaS,
XenApp), virtual desktop and RDSH Session
based desktop which they are entitled too.
The solution should support Skype for Business
End 2013 in virtual Desktop envrionment.
User End User End user can access the latest updated
Experie Experience application needed without rebooting the
nce desktop.
End users can save data and profile settings and
the same is seamlessly available till the time
users is entitled by IT.
End users can add their applications to Favorites,
and group them in categories. The new action
menu allows end users to easily reset their
virtual desktops as well as move subscribed
applications to the top or bottom of the list,
improving usability on mobile devices.
The Solution should provide a HTML 5 based
access to the Virtual desktops and applications.
Page 21 of 119
Solution should provide inbuilt SSL VPN

capability such that Using the gateway users
should able to access virtual desktop and
applications from internet or home without any
third party VPN gateways or hardware
appliance.
Solution should provide the real time compliance
monitoring and auditing.
Desktop Virtualization software should integrate
with two factor (RSA, Symantec, SmartCard)
and radius authentication solutions.
Desktop Virtualization software provides Role
based access control to seamlessly share the
Securit same management infrastructure across different
y management team.
The Solution should support agentless anti-virus
and malware scanning/ remediation in a large-
scale virtual desktop environment without the
need for agents inside every virtual desktop and
should consolidates and offloads all
antivirus/anti-malware operations into one
centralized secured virtual appliance.
Distributed Object Storage
S. Compliance
Feature Technical Specifications / Requirement
No. (Y/N)
The vendor needs to provide Object
Storage software and the requisite
Storage capacity
Proposed Object storage must provide no-
1 High Availability
single-point of failure
Proposed object storage should be able to
scale to petabytes of unstructured data
storage and to store it over longer periods of
time and make it available over the Web
2
instantly. Proposed object storage should be
offered with minimum 200 TB of usable
storage capacity and upgradable up
to 1 PB usable.
Usable-Expandable Proposed object based storage Should be
and Scalability able to scale the compute and capacity
3 seamlessly, with zero impact
to the level of service to users and
applications.
Object storage must support intendent
scaling & decoupling of compute capacity
4 and storage capacity to allow flexibility in
expansion,. Object storage must support
adding different types of storage capacity
Page 22 of 119
such as Local capacity, SAN, S3 based on-

premises/cloud storage,
Proposed Object storage should have

WORM capability to prevent any
change/deletion of data as per the retention
requirements set by policies. Object Storage
5 Data Retention
shall have ability to set default retention
periods for different categories of
objects/content in case application(s) cannot
specify retention period.
Object storage should support
deduplication/Single Instance Storage
Deduplication/Single functionality or backup software, DBTA and
6
Instance Storage object storage should be integrated such that
object storage should receive only unique
data from DBTA.
Proposed Object based storage should be
fully distributed, symmetrical and scale-out
architecture. Minimum 4 nodes should be
provided for user data access with minimum
2 numbers of 10Gbps LAN Ports on each
7 Connectivity node. Each node should be a separate
appliance or physical servers. Bidder should
provide hardware based redundant Network
Load Balancers for equal load distribution
across the nodes with 10Gbps uplinks to
Data Centre LAN.
Object based Storage shall be managed and
8 GUI monitored via integrated UI, CLI & RESTful
APIs.
Object based Storage shall support multi-
tenant architecture including ability to apply
9 Multi-tenancy
quota limits on specific sections within the
object store.
Object Storage shall protect all objects with
Erasure Coding, Erasure coded data should
be encoded equally efficiently, regardless of
10 object size. Object Storage shall allow any
object to be accessed from any node at any
Erasure Coding site with most recent version of data always
available (strong consistency).
Object storage must have inbuilt capability
to protect the objects using erasure coding
11
method to protect against minimum 4 hard
drive failures
Should support custom metadata tagging on
Metadata indexing & objects, provide indexing for metadata and
12
querying allow querying using metadata index through
GUI as well as API.
Object Storage shall provide versioning
13 Versioning capability to protect and record Object-level
changes.
Page 23 of 119
Object Storage must provide capability to

verify integrity of objects using hashing etc,
Integrity Verification
14 and it must support automated recovery of
& Auto repair
objects from replica copy if object is found
corrupt.
Object Storage should be supplied with
replication capability to support DR solution
in future
Object Storage should have following
replication capabilities
a. Subsequent Replication should transfer
15 Replication
only difference data from previous
successful replication.
b. If needed Object storage should be able to
support geographically distributed erasure
coding with simultaneous or delayed EC
encoding at mulitple sites
Should support access through
HTTP/HTTPS, S3, NFS/CIFS, SMPT,
SWIFT API without need for additional
hardware. Should be able to integrated with
16 Accessibility custom applications and software, and
supported with major backup/archival
software, file gateway, file sync and share
application to support multiple use
cases/functionality.
Object storage should be provided with all
features available with it, and all software
17 Features
and license required to use these features
should be provided along with object
NGFW Specifications
Compliance
Sl.No General Requirements
(Yes/No)
The Firewall must be appliance based, rack mountable and it should
1
support internal or external redundant Power Supply.
The Proposed Firewall Vendor should be in the Leaders/ Challenger
2 in Quadrant of Gartner Magic Quadrant for Enterprise Network
Firewall.
NGFW must support Secure SD - WAN feature along with advance
3
routing protocols such as BGP
SD-WAN must be able to link and failover between various
4 connections such as Internet , MPLS , leash line and even Routed
based VPN interfaces.
Build-in SDWAN must be able to do load balancing of various links
5
based on source address, User group , protocol and/or applications
Device should support Static routing, RIP, OSPF,BGP, IS-IS, RIPng,
6
OSPFv3 and BGP4+
Performance Parameters
The solution should support a minimum of at least 450 Mbps IPS
1 throughput & Minimum 350 Mbps NGFW throughput on real-world
/ enterprise mix traffic test condition
Page 24 of 119
The solution should support minimum 200 Mbps threat protection

2
throughput on real-world / enterprise mix traffic test condition
3 Should support 2 Gbps IPSec VPN throughput and 1500 Tunnels
The Firewall must support at least 1,500,000 concurrent connections
4
and 30,000 new sessions per second
The platform must be having minimum of 12 interfaces with auto
5
sensing 10/100/1000 capability and 2 Gigabit SFP ports
Firewall Features
Firewall policy should be single policy where all the feature get
1 applied such as IPS, application control , URL filtering , antivirus ,
SSL inspection , logging and even NAT
Firewall must support Zoning option along with User based
2 authentication. It must have automatic option to group all the same
zone policy
There must be option to configure the said Firewall policy from GUI
of the NGFW appliance without requiring any Management solution.
3
This is in the case of emergency where management solution is no
available and policy needs to be changed.
Firewall must support NAT46, NAT66 and NAT64 along with
4
policy for such NAT along with option to configure DNS64.
Firewall must support NAT policy for multicast traffic for both IPv4
5
and IPv6
Virtualization
The proposed solution should support Virtualization (Virtual
1 Firewall, Security zones and VLAN). Minimum 5 Virtual Firewall
license should be provided.
Virtualization must be for every feature which are IPS , Application
2 control, Antivirus/Anti-malware , URL filtering , SSL inspection ,
SSL VPN , IPSec VPN , Traffic shaping and user authentication.
VPN Features
NGFW must have built in support IPSec VPN and SSL VPN. There
1
shouldn't be any user license restriction
IPSec VPN must include gateway to gateway and gateway to client
vpn. In case of gateway to client the administrator must have option
2
to assign private IP address to remote user without requiring any
additional license
Route based IPSec VPN must be supported along with SD-WAN in
3
case of two or more ISP's.
Intrusion Prevention System

1 The IPS capability shall minimally attain NSS Certification
2 The IPS detection methodologies shall consist of:
a) Signature based detection using real time updated database
b) Anomaly based detection that is based on thresholds
3 The IPS system shall have at least 7,000 signatures
IPS Signatures can be updated in three different ways: manually, via
pull technology or push technology. Administrator can schedule to
4
check for new updates or if the device has a public IP address,
updates can be pushed to the device each time an update is available
Antivirus
Page 25 of 119
1 Firewall should have integrated Antivirus solution

The proposed system should be able to block, allow or monitor only
using AV signatures and file blocking based on per firewall policy
2
based or based on firewall authenticated user groups with
configurable selection of the following services:
a) HTTP, HTTPS, b) SMTP, SMTPS, c) POP3, POP3S, d) IMAP,
IMAPS, e) FTP, FTPS
Web Content Filtering

The proposed system should have integrated Web Content Filtering
1
solution without external solution, devices or hardware modules.
The proposed solution should be able to enable or disable Web
2 Filtering per firewall policy or based on firewall authenticated user
groups for both HTTP and HTTPS traffic.
Application Control
The proposed system shall have the ability to detect, log and take
1 action against network traffic based on over 4000 application
signatures
2 The application signatures shall be manual or automatically updated
High Availability
The proposed system shall have built-in high availability (HA)
1
features without extra cost/license or hardware component
The device shall support stateful session maintenance in the event of
2
a fail-over to a standby unit.
High Availability Configurations should support Active/Active or
3
Active/ Passive
OEM should be having the following certifications/Ratings

1 Firewall module should be ICSA Labs and EAL 4 certified
Network Intrusion Prevention System (NIPS) and should be ICSA
2
Labs certified.
Functional Requirement Specification
Sl.
Complianc
N Requirements
e (Yes/No)
o
The Proposed cloud management software should be from reputed
i.
organization available in the market with maintenance support.
ii. The Solution shall be capable of allowing applications to self-service
compute, network and storage infrastructures automatically based on
workload demand
iii. The Solution shall be able to isolate and allow secure authenticated
access to infrastructure services
iv. The Solution shall be capable of orchestrating compute and storage
resource placements based on flexible policies to maximize hardware
Page 26 of 119
utilization
v. The Solution shall be able to abstract compute, network, and storage
resources for the application and user self-service regardless of
hypervisor, server, network and storage hardware
vi. The Solution shall be capable of supporting multi-tenancy to run cloud
services (compute, network, storage) for multiple consumers on a single
platform while dynamically and automatically managing the isolation
of virtual machines into secure pools.
vii. The Solutions shall be able to manage wide variety of open source and
proprietary Operating Systems
viii. OEM should provide technical hands-on training on all the solutions
proposed
ix. OEM should provide direct technical support 24/7
x. The proposed Cloud Management solution should support Multi-vendor
hypervisor, physical endpoint and public cloud support
xi. The proposed Server Hypervisor solution should Support for suspend
and resume capabilities for vGPUs, to improve host lifecycle
management. Also must Support for VM mobility and snapshot
capabilities allows migration of vGPU powered VMs to another host
during maintenance windows, reducing end-user disruption
FRS for Cloud enablement
Server Virtualization Functional Capabilities

Complianc
1 Hypervisor e
(Yes/No)
i. Virtualization software shall be in Leaders Quadrant of Gartner Magic
Quadrant for x86 Server Virtualization Infrastructure for continuous
last 4 or 5 years
ii. The Virtualization software should be based on hypervisor technology
which sits directly on top of Hardware (Bare Metal) with no
dependencies on any base OS.
iii. The solution should provide Zero downtime, Zero data loss and
continuous availability of the applications in the event of host failure,
without the cost & complexity of traditional hardware or software
clustering solutions.
iv. The solution should provide Inbuilt agentless backup and recovery
solution for VMs and In-built array-agnostic replication of VMs data
over the LAN or WAN. No extra cost should be applicable,
v. The solution should provide support or placing critical virtualization
Page 27 of 119
components (such as the hypervisor) into memory regions identified as

“reliable” on supported hardware. This would further protect
components from an uncorrectable memory error
vi. The Solution shall be able to run various operating systems like
windows client, windows server, linux (RedHat, Suse Linux etc) and
any other open source
vii. The Solution shall have the capability for creating Virtual Machines
templates to provision new servers
viii. The Solution shall continuously monitor utilization across Virtual
Machines and shall intelligently allocate available resources among the
Virtual Machines
ix. The Virtualized Machines shall be able to boot from iSCSI, FCoE and
fiber channel SAN
x. The Virtualized Infrastructure shall be able to consume Storage across
various protocols like DAS, NAS, SAN
xi. The Solution shall allow for taking snapshots of the Virtual Machines
to be able to revert back to an older state, if required
xii. The Solution shall be able to dynamically allocate and balance
computing capacity across collections of hardware resources of one
physical box aggregated into one unified resource pool
xiii. The Solution shall cater for the fact that if one server fails all the
resources running on that server shall be able to migrate to another set
of virtual servers as available
xiv. The Solution shall provide support for cluster services between Virtual
Machines
xv. The Solution shall provide patch management capabilities such that it
shall be able to update patches on its own hypervisor and update guest
operating system
xvi. The Solution shall provide the monitoring capabilities for storage,
processor, network, memory so as to ensure that the most important
Virtual Machines get adequate resources even in the times of
congestion
xvii. The Solution shall support Live Migration of Virtual Machine from
one host (Physical Server) to another another without any downtime
between the virtualization management server, across the clusters,
datacentres and virtual switches.
Page 28 of 119
xviii. The Virtualization software should be based on hypervisor technology

xix. The solution should provide Zero downtime, Zero data loss and
xx. The solution should provide Inbuilt agent /agentless backup and
recovery solution for VMs and In-built array-agnostic replication of
VMs data over the LAN or WAN. No extra cost should be applicable,
xxi. The solution should provide support or placing critical virtualization
xxii. The Solution shall deliver above listed Hypervisor capabilities using
standard server infrastructure from HP, DELL, IBM, Cisco,
Oracle,AWS, Azure etc.
xxiii. The Solution should provide security on the hypervisor, as well as
guest VMs without the need of any AV agent installation in any of the
VMs. It should provide the ability to apply security to virtual machines
and security policies that can follow the machines as they move in the
cloud.
xxiv.
Th The Solution shall provide policy-based configuration management to
ensure compliance across all aspects of the datacenter infrastructure,
including virtual and physical resources.
2 Compute
i. The Software shall have the capability to create Virtual Machines with
required number of vCPUs
ii. The Solution shall allow Virtual Machines consume RAM
dynamically in such a way that if some of the VMs in Physical
machine are not utilizing the RAM, this RAM can be utilized by some
other VM in the same physical machine which has a requirement
iii. The Solution shall be able to use power saving features like, in case of
off-peak hours, if not all servers are required to be powered on, the
solution shall shut down to save power
Page 29 of 119
iv. The solution should support for Hot Add (CPU, Memory & devices) to
virtual machines when needed, without disruption or downtime in
working for both windows and Linux based VMs
3 Storage
i. The Solution shall also integrate with FC, FCoE and iSCSI SAN and
infrastructure from leading Vendors so as to leverage high
performance shared storage to centralize Virtual Machine file storage
for greater manageability, flexibility and availability
ii. The Solution shall have the ability to thin provision disks to avoid
allocating all storage space upfront
iii. The Solution shall provide the capability to migrate the live Virtual
Machine files from one storage array to another storage without any
downtime between the virtualization management server, across the
clusters, datacentres and virtual switches.
4 Network
i. The Solution shall allow configuring each Virtual Machine with one or
more virtual NICs. Each of those network interfaces can have its own
IP address and even its own MAC address
ii. The Solution shall allow for creating virtual switches that connect
virtual machines
iii. The Solution shall support configurations of 802.1 q VLANs which
are compatible with standard VLAN implementations from other
vendors
iv. Solution shall take advantage of NIC Teaming Capabilities
v. The Solution shall deliver above listed all network capabilities with
Cisco, Juniper, 3COM, etc.
vi. The Solution shall have the capability for moving Virtual Machines
from Primary site to the Secondary site.
vii. The solution should provide a centralized virtual switch which can
span across a virtual datacenter and multiple hosts should be able to
connect to it. This in turn will simplify and enhance virtual-machine
networking in virtualized environments and enables those
environments to use third-party distributed virtual switches
Security Capability in Cloud

Complianc
1 Security Capabilities
e (Yes/No)
i. The Solution shall offer Automated and Approval based Upgrades
Page 30 of 119
for Virtual Machines delivered through cloud infrastructure

ii. The Solution shall be able to extend existing malware protection
solution in the NCESS for Virtual Machine
iii. The Solution shall be able to provide existing Firewall protection for
the virtual machine.
iv. The Solution must offer Identity, Authentication and Role based
access to User Departments Infrastructure - Machines (Virtual or
Physical), Application or Common Services
v. The Solution must offer Policy based administration by putting User
Departments Machines (Virtual or Physical) in logical groups and
apply relevant policies.
vi. The Solution shall have the ability to not just enforce policies but
also track and report non-conformance
vii. The Solution shall generate reports on non-conformance and
escalation for privileged access by unauthorized roles/ identities
viii. The Solution shall support VLAN isolation by supporting multiple
networks per resource pool
ix. The Solution shall support secure communication between guest
VMs and Hypervisor and intra-VMs.
x. The Solution must offer ability to Copy, convert, or migrate an
image (P2V, V2V, V2P).
xi. The Solution must offer ability to utilize existing Intrusion detection
System / Intrusion Protection system to seamlessly extend into
Virtualization environment
Service Provisioning Capabilities

Complianc
1 Service Portal Capabilities e
(Yes/No)
i. The Solution should provide a simple to use intuitive Web and
experience for NCESS Cloud Administrator and User Departments
and should have extensibility to deliver Infrastructure as a Service.
ii. The Solution shall have self-service capabilities to allow Users
Departments to log service requests - in the portal.
iii. The Solution shall be able to offer choice of various Service offering
on multiple hypervisors (such as XEN, Hyper-V, VMware, KVM)
with an option to select multi operating systems such as Windows
2003, 2008, RHEL / SUSE Linux, etc., VLAN , Storage, Backup and
Page 31 of 119
quickly compute associated price for the same as well as shows the
deduction for overall Tenant approved infrastructure Quota
iv. The Solution shall offer Service catalog listing availability of Cloud
infrastructure like Virtual Machines offered by NCESS IT.
v. The Solution shall provide comprehensive service catalog with
capabilities for service design and lifecycle management, a web-based
self-service portal for users to order and manage services
vi. The solution shall provide an on-boarding mechanism for the new
tenants (Department) on the cloud infrastructure that automatically
creates the tenant, the tenant administrators, allocates specific
resources for the tenant like storage pools, server pools.
vii. The Solution shall offer Registration, Signup, Forgot Password and
other standard pages (Profile, Billing or Contact information)
viii. The Solution shall enforce password policies and allow to personalize
the look & feel and logo on the user-interface panels
ix. The Solution shall automate provisioning of new and changes to
existing virtual infrastructure with approvals
x. The Solution shall track ownership and utilization of virtual machines,
Physical machines, and common services
xi. The Solution shall allow for implementing workflows for
provisioning, deployment, decommissioning all virtual and physical
assets in the cloud datacenter
xii. The Solution shall allow easy inventory tracking all the physical &
virtual assets in the Private Cloud. It shall provide capabilities to track
usage and non-compliance situations.
xiii. The Solution shall have the ability to manage & monitor Virtual
Assets across multiple cloud platform like Microsoft, AWS etc.
xiv. The Solution shall allow the ability to identify non-compliant systems
(both Virtual and Physical) in terms of Desired Configuration (e.g.
Lack of a Firewall or a file system policy on a VM etc.) and
automatically remediate the same wherever possible
xv. The Solution shall be able to dynamically allocate and balance
computing capacity across collections of hardware resources
aggregated into one unified resource pool with optional control over
movement of virtual machines like restricting VMs to run on selected
physical hosts.
Page 32 of 119
xvi. The Solution shall have Show-Back (to check the usage patterns and
reporting for the user department) and the same solution shall have the
capability to be updated into Charge-Back whenever this
functionality is required by the NCESS IT.
xvii. The Solution shall offer usage report by tenant, by region, or by
virtual machine reporting usage of memory consumption, CPU
consumption, disk consumption
xviii. The solution shall allow the users to schedule a service creation
request in a future date/time; the solution shall check if a request
scheduled for a future time can be fulfilled and reject the request in
case of projected resources shortage or accept the request and reserve
the resources for that request
xix. The Solution shall have web-based interface for administration
xx. The Solution shall have the ability generate customize report as well
as the native ability to export to common formats
xxi. Whenever the Charge Back mechanism is enabled, the Solution must
satisfy the following requirements:
- The Solution shall support different cost models like allocated
or reserved cost per virtual machine. It shall also allow
tracking usage of resources
- The Solution shall allow mixing of different cost model/
policies
- The Solution shall have the ability to charge differently for
different level of services
- The Solution shall support cost calculation of shared/ multi-
tenant application
xxii. The Solution shall provide service catalog with capabilities for service
offering design and lifecycle management, a self-service portal for
users to order and manage services
xxiii. The solution should be able to provide intuitive point-and-click
interface for customizable scripts, enabling customers to override
configurations and execute deployments with the click of a button and
should also be able to automatically generate deployment execution
plans which would enable organizations to perform audits before
deploying regulated applications
xxiv. The solution should have comprehensive deployment execution plans
Page 33 of 119
which would provide the ability to call-out custom scripts to fix

security-related vulnerabilities during deployments would assists in
troubleshooting deployment failures
xxv. The solution should provide resource reclamation functionality which
identifies and reclaims inactive and abandoned resources by
automating the decommissioning and reuse of retired resources. It
should also provide reclamation savings reports which would enable
organizations to quantify its cost savings
xxvi. The solution should provide visual drag-and-drop interface for
developing custom workflows. The visual workflow designer should
enable activities to be easily inserted into a workflow and also ensures
visual drag-and-drop interface for automatic error-checking logic
ensuring that each activity’s parameters are configured correctly,
further simplifying the customization process without code changes
2 NCESS Private Cloud Administrator Requirement
i. Administrators shall be able to automatically scale and/or manage
resources unilaterally (as also termed in the NIST definition) for
tenant services without manual intervention as and when required by
the SLA requirements of the service
ii. Private Cloud Administrators shall be able to easily configure, deploy,
and manage services through a highly intuitive service-centric
interface, while using a library of standard templates
iii. Private Cloud Administrators shall easily be able to commission &
decommission VMs at Private & Public Cloud.
iv. Private Cloud Administrators/Application Owners shall be able to
create, manage, services using a web-based interface that presents a
customized view of resources based on your role in the organization
3 Capacity Management
i. The Solution shall be able to determine how many more virtual
machines can fit the environment
ii. The Solution shall identify idle, underutilized capacity to provide
inputs to the capacity management function such that informed
decisions can be taken
iii. The Solution shall support to identify and determine optimum sizing
and placement of virtual machines
iv. The Solution shall provide forecast reports demonstrating forecasted
Page 34 of 119
utilization
v. The Solution shall support all of the following modeling scenarios:
Physical to Virtual, Virtual to Virtual, Virtual to Physical
vi. The Solution shall provide a mechanism to automatically assess high
volumes of workloads and determines optimal placement on virtual
machines across the enterprise’s shared resource pools
4 Log Management
i. The solution shall support collecting logs from storage, server,
network & operating systems
ii. The solution shall support event correlation by integrating the log
management solution with the monitoring solution.
iii. The solution shall provide dashboard and reporting capabilities
Automation, Orchestration and Monitoring

Compliance
1 Process Automation
(Yes/No)
i. The Solution shall demonstrate a way to comprehensively model cloud
datacentre process end to end across multiple Vendors software and
hardware thus enforcing Operational Best Practices and Procedures
ii. The Solution shall allow automating best practices, such as those found in
Information Technology Infrastructure Library (ITIL) through workflow
processes that coordinate management tools to automate incident response,
change and compliance, and service-lifecycle management processes
iii. The Solution shall have capabilities to create workflows to automate
common admin challenges
iv. The Solution shall have the ability to develop highly customized workflows
and easy user interface.
v. The Solution shall have web-based interface
vi. The solution should provide ready to use templates covering security best
practices, vendor hardening guidelines.
vii. The solution should be able to map application services, visualize
relationships and map dependencies of applications on virtualized compute,
storage and network resources
viii. The proposed solution should be able to provide business continuity and
disaster recovery planning by using automated application discovery and
mapping.
2 Integration Capabilities
Page 35 of 119
i. The Solution should be able to create processes across multiple vendors’

software and hardware. Integrate monitoring dashboards for vSphere, as
well as third-party infrastructure management Packs
ii. The Orchestration Solution shall be open and interoperable and has rich
integration capabilities that support interfaces from command line interface
and web services
iii. The Solution shall provide resource-level operations through a single
management across compute resource with physical and cloud
environments. It shall support provisioning for multiple platforms including
Windows, Linux, & ESX on x86 (32 and 64 bit)
iv. The Solution shall provide capability for orchestrating tasks across systems
for consistent, documented, compliant activity
v. The Solution shall be able to audit and monitor execution of processes and
report on violations against the same
vi. The Solution shall be able to accelerate adequate utilization of subsystems
(not limited to but including) the backup solution, the service
manager/helpdesk module, the operations modules, the virtual asset
provisioning modules etc
vii. The solution should be able to integrate Management Packs for third-party
infrastructure vendors for server and storage. It should be able to Monitor
and manage from a single console both infrastructure and application.
Ability to correlate unstructured log data with structured metrics and KPIs
for faster root cause analysis and comprehensive visibility.
viii. The solution should provide discovery of application and would provide
visualization of same which would bring application-level awareness to
infrastructure and operations teams to ensure service levels and disaster-
recovery protection for all critical application services.
3 Monitoring Capabilities
i. The Solution shall be able to monitor User Department Virtual Resources
independent of the platform & solution/service they are running
ii. The Solution shall be able to monitor key performance characteristics of the
virtual resource.
iii. The solution should provide self-learning performance analytics and
dynamic thresholds which can adapt to the environment to simplify
operations management and eliminate false alerts. Integrated smart alerts for
health, performance and capacity degradation to identify building
Page 36 of 119
performance problems before they affect end users. Based on Historical data
and trending, solution should be able to send proactive smart alerts to avoid
potential downtime. Ability to create custom views and reports for single
pane of glass access to the data required for informed, intelligent operational
decisions and capacity management
iv. The solution should be able to map virtual infrastructure resources such as
virtual machines, web servers, mail servers, database servers, application
servers, cache servers, messaging servers, application management servers,
and virtualization management servers
v. The solution should have deep configuration data collection, change
tracking, and compliance assessment across virtual infrastructure with
unified reporting of configuration data and compliance assessment results
for virtual environment
vi. The Solution shall monitor all the critical operating system level services
and shall check for their status like running, not running, paused. In
addition, deviations from a defined Configuration shall be detectable and
reported
vii. The Solution shall give User Department ability to select performance
counters and duration for which they want to view the performance data
viii. The Solution shall have the mechanism to store the historical data for
problem diagnosis, trend and analysis
ix. The Service level dashboard provided with the Solution shall have a web
based interface
x. The Solution shall be able to send the reports through e-mail to predefined
user with pre-defined interval as attachment ( PDF, Excel, etc)
xi. The Solution shall trigger automated actions based on incoming events /
alerts
xii. The Solution shall provide a Knowledge base to store history of useful
incident resolution
xiii. OEM should provide direct technical support 24/7
xiv. OEM should provide hands-on technical training for all modules of the
solution
Collaboration Software
Compliance
Sl. No Description
(Yes/No)
Page 37 of 119
An application having basic functionalities for data

uploading and sharing, dynamic forms, access
privileges, Document versioning, File
versioning, metadata information listings, data
1 access privileges, user login authentications,
backend privileged administrative assess for
content updations, data visualisation through maps,
statistical analysis through charts, plots etc needs
to be incorporated.
The data should be uploaded and downloaded
irrespective of its file formats and the user while
2 uploading should have the provision to enter the
metadata information, based on which the file
should be indexed.
The data uploaded/ downloaded /shared through
the application will be of spatially referenced
resources, Satellite images, toposheets, Thermal
3
images, aerial images, statistical data etc and will
be in different file formats and the application
should support the same.
3 year Support needs to provided for software
4 development, maintenance and hosting . Hands on
Training and Documentation needs to be provided.
Application can be hosted either on-prem or in
5 Cloud instances or both as per the requirement of
NCESS.
Software will be uploading files in multiparty
resumable mode. All uploads and downloads will
have to be done using secure protocol https or
6 TLS. Custom searchable attributes can be added to
file uploaded. The Admin screens will be accessed
through SSL Certificate (HTTPS). SSL Certificate
should be arranged by the vendor.
BLOB Store - Object Store with capability to store
7 BLOBs upto 1 Tb each in size with the option to
download the data in original format.
Metadata(ISO 19115) - Metadata is stored for
each document. Metadata may, for example,
include the date the document will be stored and
the identity of the user storing it. The DMS may
also extract metadata from the document
automatically or prompt the user to add metadata.
8 The text can be used to assist users in locating
documents by identifying probable keywords or
providing for full text search capability, or can be
used on its own. Extracted text can also be stored
as a component of metadata, stored with the
document, or separately from the document as a
source for searching document collections.
Indexing - Indexing tracks documents. Indexing
may be as simple as keeping track of unique
document identifiers; but often it takes a more
9
complex form, providing classification through the
documents' metadata or even through word
indexes extracted from the documents' contents.
Page 38 of 119
Indexing exists mainly to support information

query and retrieval. Also At the time of ingestion
of spatially enabled data it should also be spatially
indexed along with other indexes and made
available for search based along with metadata and
spatial footprints too.
The index should be refreshable manually as well
as triggered on data update.
Retrieval- Retrieve the electronic documents from
the storage. Simple retrieval of individual
documents can be supported by allowing the user
to specify the unique document identifier, and
having the system use the basic index (or a non-
indexed query on its data store) to retrieve the
document. More flexible retrieval allows the user
to specify partial search terms involving the
document identifier and/or parts of the expected
10 metadata. Typically return a list of documents
which match the user's search terms. Some
systems provide the capability to specify a
Boolean expression containing multiple keywords
or example phrases expected to exist within the
documents' contents. The retrieval for this kind of
query may be supported by previously built
indexes, or may perform more time-consuming
searches through the documents' contents to return
a list of the potentially relevant documents.
Collaborations - Work faster and smarter with
anyone inside or outside your organization.
11
Securely share files and work together in real-
time.
Versioning - Versioning is a process by which
documents are checked in or out of the document
management system, allowing users to retrieve
previous versions and to continue work from a
12
selected point. Versioning is useful for documents
that change over time and require updating, but it
may be necessary to go back to or reference a
previous copy.
File sharing - Share files with relevant team
13 members with links which are secure and
timestamped with time validity.
Any device accessibility - Accessibility from
14
Desktop, Mobile devices, tablets.
Online back-up & file recovery - Backup for files
15
with 99.99% data reliability.
File transfer - Transfer files from local to object
16 storage and back using multi-part and resumable
points securl via udp ,tcp.
Third party integration - API integration and
17
documentation.
Application integration - Integrate seamless with
18
applications to be used by the organization.
Email integration - Connect and email document
19
directly / as a link from object store.
Page 39 of 119
SSL security - Secure access via https, sftp. SSL

20 Certificate should be provided by the vendor for
the whole project period.
Secure login - Access only via login integrated
21
with AD, LDAP, SSO .
Secure data storage - Data at rest encryption with
22
atleast 256 bit.
Document storage - Store documents with type
like Txt, Video, Audio, BLOB. For larger
documents like satellite imageries, videos and
23 miscellaneous content which is not practically
storable in data base should be stored as a object
storage and their corresponding links to be stored
in data base.
History tracking - Track history and versions of
24
documents.
Activity audit - Audit of all access and lifecycle of
25
document.
26 Auditing - Audit features.
API - API interface to the stored object with
27
security and audit trail.
Download Control - Access control with RBAC to
28
document.
Document management - Central console to
29
manage repository of documents.
Version history - Version history of the
30
document
Full text search - Search for document along with
31
metadata.
File & version recovery - Recover older version of
32
the object / document.
Team folder manager - Group access management
33
for document and teams.
34 Permission management - RBAC/FGA
Password management - Password complexity and
35
rules.
Group management - Connect to ad Groups/ local
36
groups and management.
Organization-wide collaboration - Collaboration in
37
local AD / LDAP.
256-bit AES encryption security - DATA at rest
38
encryption with atleast 256 bit.
External sharing - Trackable sharing to external
39 users with time limit as well as provision of fully
public link.
OGC compliance - OGC Compliance Services
including but not limited to WMS, WFS, WCS,
OWS, WPS etc. These services should be exposed
to Geo server or any other capable map servers.
40 Each and every spatially enabled data should be
published to expose these services. Along with
OGC services the vendor should be able to
provide custom services, if needed, in future as per
NCESS requirements. The application should be
Page 40 of 119
developed in such a way that user can perform free

text search as well as spatial search. Spatial search
should be available on a map as well as connected
to admin level such as state and district in an easy
to use manner.
Open Source Web Mapping Libraries - Open
source web mapping libraries like leaflet or
openlayers or equivalent should be considered for
41
front end and user interaction. This should be used
as a mainstream data searching tool harnessing
spatial index of each layer.
Auto Scale - The application should be network
optimized with high availability to concurrent
users, if needed the application should auto scale
in event of increased load. Latest technologies like
42
docker, nginx can be evaluated for possible
scalling, also the user experience should be
seamless without any hindrance due to the scaling
factor.
SEO Friendly - The application should be able to
get indexed well by SEO engines and get
43
recognized for the content it is hosting. The
content hosted should be easy searchable.
Source Code Policy - NCESS reserves the right on
source code of application and source code should
be handed over to NCESS periodically or on
44
request from NCESS along with the user and
development documentation. Application should
be hosted on a backup server in NCESS.
Application should be open for
update/upgrade/additions of capabilities in future
and should be developed in such a way that its
45 component can be further upgraded for
improvements as per NCESS requirements. SRS
Document for the collaboration software should be
provided along with the technical bid.
Cyber Security - After satisfactory completion of
the application development & testing and after
clearance from IT Wing, NCESS, the vender has
to obtain security clearance certificate by any of
the Cert-In empanelled agencies
46 (http://www.certin.org.in/PDF/Empanel_org.pdf).
The vendor will bear expenses for obtaining cyber
security clearance. The mobile app for the same
should also be listed in Google and Apple play
store. The vendor has to bear the expenses and
to carry out necessary procedures for the same.
Thin Client
Compliance
Sr. No. Description
(Yes/No)
Thin client should support Dual core processor

1
with at least 1.2 GHz with 8GB RAM , 64 GB
Page 41 of 119
Flash, Win10 embedded
2 18.5” or higher LED Monitor

3 Thin client to support HD Graphics
Thin Client to support Local and Network
4
Printing
Thin client to support local and network
5
scanning
6 Thin client to be able to redirect USB ports
Thin client to be supported by a unified device
7
management software
Thin client to be able to support 1920x1200
8
Pixels @ true color (24bit)
9 Thin client to be energy star certified.
10 USB Keyboard with Mechanical Keys
Communication features:
Citrix® ICA
Citrix® HDX
11 Microsoft RDP
Microsoft RemoteFX (RFX)
VMware® Horizon View™ through RDP
VMware® Horizon View™ through PCoIP
12 Optical Mouse
13 Thin client to have Gigabit Ethernet port
Thin client must support GPU based virtual
14
desktop
15 Wifi Support
Application Delivery Controller

1 Physical Specification
1.1 System must be VM based and must support KVM and VMware hypervisor
2 Performance
2.1 System must support 200 Mbps of L7 throughput
3 Application delivery partition/Virtual Context
3.1 System must support 32 Application delivery partition/Virtual Context
3.2 System must support dedicated configuration file for each Virtual context
System must support resource allocation to each context including throughput, CPS,
3.3
Concurrent connection, SSL throughput
System must be able to modify the resource allocation on the fly without
3.4
restarting/rebooting any context
3.5 All the virtual context must be available from day-1
4 DDOS
4.1 System must support protection from Fragmented packets
4.2 System must support protection from IP Option
4.3 System must support protection from Land Attack
4.4 System must support protection from Packet Deformity Layer 3
4.6 System must support protection from Ping of Death
4.7 System must support protection from TCP No Flag
4.8 System must support protection from TCP Syn Fin
4.9 System must support protection from TCP Syn Frag
4.1 System must support connection limit based on source IP
4.11 System must support connection rate limit based on source IP
Page 42 of 119
4.12 System must support request rate limit based on source IP

5 Load-balancing and IPv6 Migration features
5.1 System must support Layer4-Layer7 load-balancing
System must support load-balancing algorithums including round-robin, least
5.2
connection, service least connecttion, fastest reponse, hash etc
System must support active-active and active-backup server configuration for load-
5.3
balancing
System must support reverse proxy functionality of hosting multiple http/https
5.4
service behind single IP
5.5 System must support Source-NAT for SLB traffic
5.6 System must have flexibility to config VIP as Source NAT IP
System must support X-forwarder option. The appliance should have option to
5.7
enable x-forwarder option per service to log actual client IP in web server log.
5.8 System must have ICSA certified WAF
5.9 System must support HTTP Compression and SSL offfloading
5.10 System must support Global Server load-balancing
System must support Authentication offloading from back-end servers using SAML,
5.11 Kerberos, NTLM, TDS SQL Logon, LDAP, RADIUS, Basic, OCSP stapling,
HTML Form- based
5.12 System must support graceful activation and disabling of the backend server
5.13 System must support NAT44 and NAT444
5.14 System must support NAT 64
5.15 System must Support DNS 64
5.16 System must Support NAT 46
5.17 System must Support Full NAT log in syslog format
5.18 System must support IPv4 to IPv6 and IPv6 to IPv4 SLB-PT
6 Web application Firewall
6.1 System must support cookie encryption
6.2 System must support protection from SQL injection
6.3 System must support protection from cross-site scripting
6.4 System must support protection from BOT generated requests
6.5 System must support HTTP protocol compliance check
6.6 System must support Cloaking to hide server responses/error status codes
6.7 System must support Credit Card numbers/US SSN masking
6.8 System must support PCRE based masking
6.9 System must support CSRF check and XSS check
6.1 System must support filtering of http methods
6.11 System must support learning, passive and active mode of WAF deployment
6.12 System must support protection from buffer overflow
6.13 System must support URL blacklisting and whitelisting
6.14 System must support TCL based scripts for custom rules
7 Redundancy
7.1 System must support VRRP based redundancy
7.2 System must support active-active and active-backup configuration
7.3 System must support automatic and manual configuration sync
System must support dynamic VRRP priority by traffic interface, server, nexthop
7.4
and routes
System must support scale-out configuration upto 8 devices to support higher
7.5
throughput
7.6 System must support dedicated VRRP setting per virtual context
8 Management
8.1 System must have Web-based Graphical User Interface (GUI)
8.2 System must have Industry-standard Command Line Interface (CLI)
8.3 System must support Granular Role-based\Object-based Access Control
Page 43 of 119
System must support SNMP, Syslog, email alerts, NetFlow v9 and v10 (IPFIX),
8.4
sFlow
8.5 System must support REST-style XML API (aXAPI) for all functions
System must support external authentication including LDAP, TACACS+,
8.6
RADIUS
Controller Specifications
Should provide detailed information for Provider associated the ADC devices and
9.1
its Cluster with resource utilization.
9.2 Should provide Tenant and User list.
The analytics dashboard should have time selection bar to analyse the historical
traffic stats for selected time frame. It also have pre-defined intervals set for 30
9.3
mins, 1 Hour, 6 Hours, 1 day, 3 day, 1 Week, month and up to 1 Year with custom
option.
9.4 Should provide per-app analytics with detailed traffic visibility and connection logs.
Should provide real time tickers for throughput, connection, requests, errors and
9.5
latency for every 1 min interval.
Should have ability to extract real-time end-to-end latencies details for all
9.6 applications (VIPs) including Client RTT, Server RTT,Request Transfer time,
Response Transfer time, and Application response time.
Should provide Client Request Geo-Location details with HTTP Request Methods
9.7
and Response codes.
Should provide Client visibility including, Client Country location, Client OS,
9.8
Device type, Browser type.
Should have ability to collect connection logs for applications with various
9.9
predefined filters.
It should be possible to collect performance metrics for analytics from
9.10
identified clients to aid troubleshooting and performance improvement measures.
Should provide real-time detailed ADC Service health, client connections, load
9.11
distribution metrics, throughput, and performance statistics.
Should provide Application Response time in real time with details on Top URLs,
9.12 Domains, End-to-end App Latency and Slow Transactions with real-time client &
server connection logs.
Should provide ADC cluster health, CPU, Memory and bandwidth utilization time
9.13
serial graph.
Should provide App Server health details graph for each server with response time
9.14
and connection time series graph.
Cooling Rack
DC in a Box
Technical
SN Component Description Compliance
(Yes/No)
Ultra smart, compact 'plug- n-play' data center
infrastructure should be easy to deploy and
Precision cooling enabled -
effectively manageable integrated IT
1 42U Integrated
Infrastructure without being restricted by
Infrastructure Solution
building systems, such as fire suppression and
cooling.
IT load capacity ranging upto 10 KVA IT load

2 Scale and Density
in 1/2 Racks configurations.
3 Inbuilt redundancy Compliant to Tier 2/3 guidelines, inbuilt N+N

Page 44 of 119
compliant to Tier 3 redundancy on UPS system providing high

guidelines availability
Solution should has a DB panel mounted inside

cabinet with all internal cabling integrated into
the same. Adequate precaution and
Main Electrical Panel & compliances have been taken care for
4
Cabling sizing/ratings of cables and switchgear inside
Smart Cabinet. Customer only needs to provide
power (Mains with back up arrangements) at
Room with appropriate size of MCB.
An on line double conversion UPS (10 KVA
with 30 Min Backup Time) has been provided
Uninterrupted Power with smallest footprint in industry, PDU,
5
System offering up to 95% efficiency and 0.9 output
power factor. Solutions should be with default
N+N configuration.
It should be a Rack Based Cooling, unit which
is a self, contained Precision Cooling Unit
6 Cooling System
designed for cooling racks in 1 TR. Solutions
should be with default N+N configuration.
Copper piping with insulation tube of
elastomeric, nitrile foam between each sets of
outdoor & indoor unit as per specification.
7 Out Door Unit
Piping to be properly supported by MS clamp.
All transmission wiring between indoor to
outdoor unit is kept in PVC conduit.
Solution should uses advanced technology in
access control - Biometric reader which is
connected to access control panel. Cabinet
containment rack doors have electromagnetic
8 Access Control
lock (each door 02 nos.) to permit only
authorized persons to open the door through
finger print reader. Existing access control
systems should also be integrated.
Intelligent Fire Security Cabinet must be with intelligent Fire detection,

9
System Alarm system.
Local Camera Surveillance need to be

10 Camera surveillance
considered.
Solution should continuously collects critical

information from network connected devices,
temperature, humidity, door sensors and other
11 Remote Monitoring
dry contact monitoring. Based on pre-set
parameters, automated alerts and messages
should sent to the intended recipients.
Best in class IT Rack with containment, High
12 Racks & Containment density with 42U as standard, complete with
shelf, cable manager & blanking panels with
Page 45 of 119
PDU. Rack should be 42 U 19'' mounting type

with 2000 (Height) x 800 (Width) x 1000
(Depth). Rack design is sturdy frame section,
corners are stiffened with welded MS die cast,
Frame is, scalable and modular with safe load
carrying capacity of 1000 Kg on enclosure
frame and 1000 Kg on 19'' mounting angles.
Rack should provide with all basic accessories
like, blanking panels, baying kit, sliding
keyboard trey, vertical cable manager as well
as horizontal cable manager, earthing copper
strip with insulators, Rack 32 amp PDU
vertical mounting with IEC type socket with 12
nos of IEC C13 Sockets & 4 nos IEC C19
Socket with 2.5 mtr power chord with 32A
MCB RAL 9005 ( rack should have two
PDU's).
1.5 Ton Inverter Split AC with Copper
Condenser for maintaining server room
temperature(Indoor Unit Level should be
13 1.5 Ton Inverter Split AC
below 25dB) along with corresponding
Voltage stabilizers and a separate timer relay
switch for automatic switching of two ACs. 2
The vendor shall ensure that the specifications
of the racks and its accessories are compatible
14
with computer hardware being populated in the
rack.
15 Support 24x7 support should be provided
General Terms and Conditions (Bidder needs to certify compliance to all the below points)
1. Bidder should provide a cool off period of 3 months from the contract ending date to transfer
the data back to NCESS’s preferred data storage location. Data back up and machine instance
backup should be in an open standard industry-based data format which should be compatible
with other VDI technologies.
2. The Cloud VMs as part of the Solution Should be offered with dedicated / bare metal instances.
NCESS should have flexibility to increase or decrease the configuration of the cloud VM in
each of the dedicated / bare metal instance quoted.
3. The Cloud solution should support application virtualization (As per the Annexure 1)
4. Bidders should quote upfront along the bill of materials the data transfer in and out charges,
broadband/Internet usage/over usage charges inside the cloud VM instances , over usage of
cloud VM instances etc. for entire 3years and no recurring charges for the same are allowed.
5. Static IPs needs to be provided to all 80 concurrent instances.
6. Bidders should include reputed (vendor agnostic) backup / replication tools to replicate data
between on premise and cloud.
7. The VDI instance running in Public cloud can be restored or backed up and should be able to
run in private cloud also.
8. Bidders should also include an on premise license server to implement software licenses.
9. Bidders should include the cost for 50mbps direct p2p connectivity between on premise and
Cloud DC for 3years.
Page 46 of 119
10. Warranty/Support – 3years comprehensive warranty should be provided by the firm from the
date of the satisfactory installation/commissioning of complete end to end VDI Solution.
Bidder should also provide 4th and 5th year comprehensive AMC pricing for the entire On-
Prem solution including licenses, Cloud subscription pricing for the entire proposed Cloud
solution including licenses and Support & Maintenance of Collaboration Software. This will be
considered in the total bid amount while considering L1, but the amount will be released as
advance for six months starting from the 4th year. NCESS reserves the right to not enter into the
AMC after three years comprehensive warranty.
11. No recurring charges are allowed during or after the contract period and all payments should be
quoted upfront for 3 years for the entire VDI Solution for unlimited 24*7 usages.
12. Service Manual/Circuit Diagram: It is specifically required that the bidders will supply all the
operating & service manuals and circuit diagrams along with the equipment.
13. NCESS reserves the right to procure additional quantity of Cloud VM 1 & 2 and also additional
object & archival storage, thinclients, if needed, during the contract period with a price validity
for 3years. The bidder should be able to provide the additional quantities as per the quoted per
unit price in the bill of material during the contract period without any price variation.
14. Bidders should also include required numbers of 10g switches with redundancy.
15. The trial licenses for the software as per Annexure 3 to carry out PoC needs to be arranged by
the bidder.
16. Bidder/System Integrator (SI) / Managed Service Provider (MSP) should comply with MeitY
guidelines(MSA, SLA) for procuring cloud services for Government departments.
17. Exit Management / Transition Out Services: Provide necessary handholding and transition
support to ensure the continuity and performance of the Services to the complete satisfaction of
NCESS. The bidder should provide Data back up and machine instance backup from the cloud
instances as per the requirement of NCESS. All data including migrated data, incremental data,
stored in storage /backup tape libraries which are sole property of NCESS shall be handed over
to NCESS in a suitable media during the time of exit. Any copy of the same shall not be
preserved/recorded in any manner once exits. The ownership of the data generated upon usage
of the system, at any point of time during the contract or expiry or termination of the contract,
shall rest absolutely with NCESS.
18. A provision for mandatory filling up of metadata information form for the user needs to be
provided and indexed along with data whenever the user uploads data for optimized usage of
storage space. Usage statistics of the storage by the users shall be made dynamically available
to the administrator.
19. Acceptance test for System Performance: Upto 14 days non-stop acceptance test has to be run
on the delivered VDI solution with all the users simultaneously running GUI applications
and/or video streaming. There should be no perceivable lag when working on the VDI
instances, even when running graphics heavy applications (such as web browsing, video
playing, MATLAB, etc.) simultaneously by 80 concurrent users. When all users
simultaneously invoke any application, such as C compiler or MATLAB program, etc. the
response time at the user end must not exceed that of a stand-alone machine by more than 5%.
20. Training of Personnel: The supplier shall provide the technical training to the personnel
involved in the use of the equipment at the Institute premises, immediately after completing the
installation of the equipment at the company cost.
21. Indemnity: The vendor shall indemnify, protect and save NCESS against all claims, losses,
costs, damages, expenses, action suits and other proceeding, resulting from infringement of any
law pertaining to patent, trademarks, copyrights etc. or such other statutory infringements in
respect of all the materials supplied by him.
22. Service Facility: Bidder should mention about the service set up in India and how capable they
are to provide after sales services. Escalation matrix for any issues pertaining to the solution
Page 47 of 119
should be provided.
23. Any update/upgrade of HCI software is to be done by OEM.
24. The solution provider shall ensure that there is no single point of failure for the whole solution.
All accessories of hardware and software necessary to ensure this shall be included in the
solution.
25. The proposed Hybrid solution should be compatible to use our existing data center storage, if
required.
26. Any other additional spares/solutions anticipated should also be mentioned along with the
quote.
27. The detailed specification of the product along with pictures/diagrams should be provided
along with the quote.
28. ADC and Firewall should be provided to both on-Prem and Cloud. The proposed ADC or
Firewall should also have the features for link aggregation and link load balancing.
29. The Supply, Installation & Commissioning of Virtual Desktop Infrastructure Solution should
be completed within 6 months from the date of receipt of purchase order including the period
of securing satisfactory acceptance certificate. For every week delay, a penalty at the rate of
1% of project cost will be levied and maximum penalty will be 10%.
Service Level Agreements & Penalties.

Service provider/supplier shall provide the Call logging & Help Desk support on 24*7*365 basis for
all devices and Cloud Services. Bidder/System Integrator (SI) / Managed Service Provider (MSP)
should comply with MeitY guidelines(MSA,SLA) for procuring cloud services for Government
departments.
Measurement and Monitoring
a. The SLA parameters shall be monitored on quarterly basis as per the individual SLA parameter
requirements. However, if the performance of the system/services is degraded significantly at any
given point in time during the contract and if the immediate measures are not implemented and issues
are not rectified to the complete satisfaction of NCESS or an agency designated by them, then NCESS
will have the right to take services form another bidder and by termination of the contract.
b. The full set of service level reports should be available to NCESS on a quarterly basis or based on
the project requirements.
c. The Monitoring Tools shall play a critical role in monitoring the SLA compliance and hence will
have to be customized accordingly. The selected bidder shall make available the Monitoring tools for
measuring and monitoring the SLAs. The bidder may deploy additional tools and develop additional
scripts (if required) for capturing the required data for SLA report generation in automated way. The
tools should generate the SLA Monitoring report in the end of every quarter which is to be shared with
NCESS on a Quarterly basis. NCESS or its nominated agency shall have full access to the Monitoring
Tools/portal (and any other tools/solutions deployed for SLA measurement and monitoring) to extract
data (raw, intermediate as well as reports) as required during the project. NCESS or its nominated
agency will also audit the tool and the scripts on a regular basis.
d. The measurement methodology/criteria/logic will be reviewed by NCESS.
e.In case of default on any of the service level metric, the selected bidder shall submit performance
improvement plan along with the root cause analysis for NCESS approval.
Periodic Reviews
a. During the contract period, it is envisaged that there could be changes to the SLA, in terms of
measurement methodology/logic/criteria, addition, alteration or deletion of certain parameters, based
on mutual consent of both the parties, i.e. NCESS and selected bidder.
Page 48 of 119
b. NCESS and MSP shall each ensure that the range of the Services under the SLA shall not be varied,
reduced or increased except by the prior written agreement of NCESS and CSP in accordance with the
Change Control Schedule.
Penalties
Performance bank guarantee to be linked to the compliance with the SLA metrics laid down in the
agreement.
a. The payment will be linked to the compliance with the SLA metrics.
b. The penalty in percentage of the Performance bank guarantee is indicated against each SLA
parameter in the table.
Service Level Agreement Cloud (SLA)

Bidder shall provide an uptime of 99.9% for the provisioned cloud services, which shall be calculated
on quarterly basis. The Uptime is equal to total contracted hours in a quarter less downtime. The
Downtime is the time between the non-availability of services and time of restoration of services
within the contracted hours. For Service Levels purpose a quarter will be treated as 90 days. If the
bidder fails to maintain guaranteed uptime of 99.9% on quarterly basis, NCESS shall impose penalty.
If the uptime is below 95%, the NCESS shall have full right to terminate the contract and forfeit
Performance bank guarantee.
Uptime SLA Sl.no. Performance Requirement Penalty
1 Baseline 99.9 % to 100 % None
uptime on a
quarterly basis
2 Lower performance 99-99.9% uptime 5%
calculated on a
quarterly basis
3 Breach Less than 99% 10%
calculated on a
quarterly basis
Note
1. The selected bidder is required to implement the requisite tools to automatically
generate reports on up-time
2. The up-time SLA will be implemented only during the maintenance phase
3. In case of breach condition, NCESS may issue a show cause notice seeking
explanation from the implementation agency.
4. The total penalty shall not exceed 10% of the project cost.
Timely Ticket Resolution SLA

Average Time taken to acknowledge and respond, once a ticket/incident is logged through one of the
agreed channels. This is calculated for all tickets/incidents reported within the reporting quarter.
Sl.no. Performance Requirement Penalty
1 Baseline 95 % to 100 % of None
the tickets
responded within
60 minutes on a
quarterly basis
2 Lower 85-95% of the 5% of quarterly
performance tickets responded payment
within 60 minutes
on a quarterly basis
3 Breach Less than 85% 10% of quarterly
Page 49 of 119
calculated on a payment
quarterly basis
Note
1. The implementation agency is required to implement the requisite tools to
automatically generate reports on up-time
2. The up-time SLA will be implemented only during the maintenance phase
3. In case of breach condition, NCESS may issue a show cause notice seeking
explanation from the implementation agency.
Exit Management / Transition-Out Services

Continuity and performance of the Services at all times including the duration of the Agreement and
post expiry of the Agreement is a critical requirement of IT Department, NCESS. It is the prime
responsibility of MSP to ensure continuity of service at all times of the Agreement including exit
management period and in no way any facility/service shall be affected/degraded. Responsibilities of
the MSP & CSP with respect to exit management / transition-out services include:
a. Provide a comprehensive exit management plan

b. Provide necessary handholding and transition support to ensure the continuity and performance of
the Services to the complete satisfaction of IT Department, NCESS.
c. Ensure that all the documentation required by NCESS for smooth transition (in addition to the
documentation provided by the Cloud Service Provider) are kept up to date and all such documentation
is handed over to NCESS during regular intervals as well as during the exit management process.
d. Migration of the VMs, data, content and any other assets to the new environment created by the
department or any Agency (on behalf of NCESS) on alternate cloud service provider’s offerings to
enable successful deployment and running of the applications / websites on the new infrastructure by
providing a mechanism to Department for the bulk retrieval of large amounts of data, scripts, software,
virtual machine images, and so forth using secure appliances into and out of the CSP's cloud without
incurring high network costs, long transfer times and security concerns.
e. The ownership of the data generated upon usage of the system, at any point of time during the
contract or expiry or termination of the contract, shall rest absolutely with NCESS.
f. Ensure that all the documentation required by IT Department, NCESS for smooth transition
including configuration history are and all such logs are handed over to IT Department, NCESS during
the exit management process.
g. Shall not delete any data at the end of the agreement (for a maximum of 120 days beyond the expiry
of the Agreement) without the express approval of IT Department,
h. Once the exit process is completed, remove the Department’s data, content and other assets from the
cloud environment and certify that the VM, Content and data deletion to NCESS.
i. There shall not be any additional costs associated with the Exit / Transition-out process. The
managed services cost to support the exit management / transition should be factored in the
commercial bid of the bidder.
j. Support and assist the NCESS for a period of 120days so that the NCESS is able to successfully
deploy and access the services from the new environment.
k. The CSP shall not delete any data at the end of the agreement (for a maximum of 120 days beyond
the expiry of the Agreement) without the express approval of the Department. Any cost for retaining
the data beyond 120days shall be paid by NCESS based on the cost indicated in the commercial quote.
l. Provide the tools for import / export of VMs & content and the MSP shall be responsible for
preparation of the Exit Management Plan and carrying out the exit management / transition
m. The MSP shall provide NCESS or its nominated agency with a recommended exit management
plan ("Exit Management Plan") or transition plan indicating the nature and scope of the CSP’s
Page 50 of 119
transitioning services. The Exit Management Plan shall deal with the following aspects of the exit
management in relation to the Agreement as a whole or the particular service of the Agreement:
n. Transition of Managed Services
o. Migration from the incumbent cloud service provider’s environment to the new environment.
p. The MSP is responsible for both Transitions of the Services as well as Migration of the VMs, Data,
Content and other assets to the new environment.
q. The format of the data transmitted from the cloud service provider to the new environment created
by NCESS or any other Agency (on behalf of the NCESS) should leverage standard data formats (e.g.,
OVF…) whenever possible to ease and enhance portability. The format will be finalized by NCESS.
r. Transitioning from the CSP including retrieval of all data in formats approved by NCESS
s. The MSP shall ensure that all the documentation required by NCESS for smooth transition (in
addition to the documentation provided by the Cloud Service Provider) are kept up to date and all such
documentation is handed over to NCESS during regular intervals as well as during the exit
management process.
t. The MSP will transfer the organizational structure developed during the Term to support the delivery
of the Exit Management Services. This will include:
u. Document, update, and provide functional organization charts, operating level agreements with
Third-Party contractors, phone trees, contact lists, and standard operating procedures.
v. Transfer physical and logical security processes and tools, including cataloguing and tendering all
badges and keys, documenting ownership and access levels for all passwords, and instructing
Department or its nominee in the use and operation of security controls.
w. Some of the key activities to be carried out by MSP for knowledge transfer will include:
x. Prepare documents to explain design and characteristics.
i. Carry out joint operations of key activities or services.
ii. Briefing sessions on process and process Documentation.
iii. Sharing the logs, etc.
iv. Briefing sessions on the managed services, the way these are deployed on cloud and integrated.
v. Briefing sessions on the offerings (IaaS/PaaS) of the cloud service provide.
vi. Transfer know-how relating to operation and maintenance of the software and cloud services.
Page 51 of 119
Annexure – I
Form: 1 Authorization Form
(To be submitted on the Letterhead of CSP)
To,
Senior Manager, NCESS
Sub:- CSP Authorization Form for availing Cloud services to VDI infra towards Tender Enquiry Number:
NCESS/……………………………..
Dear Sir,
I/We confirm that as on the date of this letter <<Agency Name>>, located at <<Business Address>>, has due
authorization from us to use our cloud services for the purposes of the above referenced RFP.
Yours faithfully,
Name and Title of Signatory:
M/s……………………………….
(Name of CSP)
Company Name: Company Seal
Address:
Place:
Date:
Page 52 of 119
Form: 2 Declaration on not being blacklisted /defaulter

(To be submitted on the Letterhead of the Company)
To,
Dear Sir,
We confirm that our company is not blacklisted/defaulter for any fraudulent actions by NCESS or by any
state/central Government institution or any Public Sector Organization.
It is hereby confirmed that I/We are entitled to act on behalf of our company/ corporation/firm/ organization
and empowered to sign this document as well as such other documents, which may be required in this
connection.
Signature
Name & Designation
For and on behalf of
(Name of Applicant or Bidder)
Company Seal:
Place:
Date:
Page 53 of 119
Form: 3 Declaration of Acceptance of Terms and Conditions in Tender

(To be submitted on the Letterhead)
To,
Sub.: “RFP for availing VDI infrastructure to NCESS.
Dear Sir,
I have carefully gone through the Terms & Conditions contained in the RFP document [Tender no.
…………………………………..] for availing hybrid Infrastructure to NCESS for VDI setup.
I declare that all the provisions of this RFP/Tender Document are acceptable to my company. I further certify
that I am an authorized signatory of my company and am, therefore, competent to make this declaration.
Yours faithfully,
Authorized Signature [In full and initials]
Address:
Place:
Date:
Page 54 of 119
Form: 4 Letter of Proposal Submission

To,
Dear Sir,
We, the undersigned, offer for RFP for availing Hybrid IT infra to NCESS VDI implementation in accordance with
your Request for Proposal dated [Insert Date] and our Proposal. We are hereby submitting our Proposal, which
includes
a) Financial Proposal(Price to be uploaded only in e-proc portal).
b) Technical Proposal (should also include Bill of Material {BOM})
c) Bid securing declaration is given.
We hereby declare that all the information and statements made in this Proposal are true and accept that any
misinterpretation contained in it may lead to our disqualification.
If negotiations are held during the period of validity of the Proposal, we undertake to negotiate on the price bid,
specified in form 7. Our Proposal is binding upon us and subject to the modifications resulting from Contract
negotiations.
We understand you are not bound to accept any Proposal you receive.
Yours faithfully
,
Address:
Place:
Date:
Page 55 of 119
Form: 5 FORMAT FOR MANUFACTURER’S AUTHORISATION LETTER TO

To,
, India
Sub.: Authorization Letter.

Dear Sir,
We,_______________________, who are established and reputed manufacturers of____________________,

having factory at____________________, hereby authorize M/s._______________________________ (name
& address of Indian distributor /agent) to bid, negotiate and conclude the order with you for the above goods
manufactured by us.
We shall remain responsible for the tender / contract / agreement negotiated by the said
M/s. ______________________,jointly and severely.
We ensure that we would also support / facilitate the M/s ___________________________on regular basis
with technology / product updates for up-gradation / maintains / repairing / servicing of the supplied goods
manufactured by us, during the warranty period.
In case duties of the Indian agent / distributor are changed or agent / distributor is changed it shall be
obligatory on us to automatically transfer all the duties and obligations to the new Indian Agent failing which we
will ipso-facto become liable for all acts of commission or omission on the part of new Indian Agent /
distributor.
Yours faithfully,
[Name & Signature]
for and on behalf of M/s. ___________________ [Name of manufacturer]

Page 56 of 119
Form: 6 POC Report (To be submitted on the Letterhead)

Tender Ref :
POC OBJECTIVE
Ascertain whether the software used by NCESS Scientists is compatible with Proposed Cloud VDI and
test the performance.
List of Applications need to be tested (Annexure 1)
1 ArcGis 10.3 or 10.5
2 Envi 5.5
3 FEFLOW
4 MATLAB
5 GMS 10.3
6 MIKE 21 and MIKE 3
7 GeoSoft 7.0
8 WPS
9 Adobe Creative Cloud
POC SCOPE
• Create required infrastructure on Cloud platform
• Install list of software in Cloud VM and configure the software to get the license from the on
premise licensing server
• Test the Compatibility and performance of the list of applications.
TEST REPORT
Software Compatibility on Cloud VDI VM – _____________
Software Performance on Cloud VDI VM – _____________
Proposed Cloud Service Provider - _____________
Proposed VDI Software-__________________
Proposed Application Delivery controller (ADC)-____________________________
We have successfully tested and completed the POC with proposed Cloud VDI infrastructure for all
the application.
Yours faithfully,
[Name & Signature]
For and on behalf of M/s. ___________________
Countersigned by Head, IT Wing, NCESS
1)
2)
Page 57 of 119
Annexure 2:
ABBREVIATIONS
NCESS National Centre for Earth Science Studies
MSP Managed Service Partner
SI System Integrator
CSP Cloud Service Provider
OEM Original equipment manufacturer
ADC Application Delivery Controller
RTO Recovery Time Objective
RPO Recovery Point Objective
DC Data Centre
HCI Hyperconverged Infrastructure
Annexure 3: Software List

1 ArcGis 10.3 or 10.5
2 Envi 5.5
3 FEFLOW
4 MATLAB
5 GMS 10.3
7 GeoSoft 7.0
8 WPS
Any other compatible software within the
10
resources
Page 58 of 119
NATIONALCENTRE FOR EARTH SCIENCE STUDIES

P.B. No. 7250, MEDICAL COLLEGE P.O., AKKULAM, THIRUVANANTHAPURAM-695 011, INDIA
Tel: 91-471-2511531 Fax: 91-471-2442280 e-mail: purchase@ncess.gov.in
TENDER FORM
Tender No. & Date : PUR-PROC/337/2019-PUR-NCESS Dt. 06.11.2019.

Due Date : 10.12.2019 (06.00 AM).
Date of Opening : 12.12.2019 (09.00 AM).

Venue of Opening : National Centre for Earth Science Studies, P.B.No.7250,
Medical College P.O., Thiruvananthapuram – 695 011.
Description of stores : Supply, Installation & Commissioning of Virtual Desktop
Infrastructure Solution in Hybrid Mode
Quantity : 1 No
Sirs,
The Senior Manager on behalf of the Director, National Centre for Earth Science
Studies (NCESS), invites bids for the supply of stores mentioned above. The tender documents are
classified as Annexure-A and Annexure-B. Annexure-A is a specimen tender form meant for suppliers
and the bid should contain all the details specified therein. The instructions to the tenderers and the
general terms and conditions applicable to the Purchase Orders placed by NCESS are given under
Annexure-B. Those who are able to quote for the stores in accordance with the above requirements,
may please furnish their offer through eprocurement, on or before the last date and time specified in
the tender.
Any deviations from the terms and conditions of the Annexure-B must be clearly indicated in
the offer.
Yours sincerely,
Sd/-
Senior Manager
Page 59 of 119
ANNEXURE A
The Senior Manager,

National Centre for Earth Science Studies,
P.B.No.7250, Akkulam, Medical College PO,
Thiruvananthapuram – 695 011.
Kerala, India
Sir,
Sub: Your Tender No .…………………Dated………………
I/We hereby offer you to supply the stores detailed below at the price hereunder quoted and
agree to hold this offer open till …………………………I/We shall bind to supply the stores hereby
offered, upon the issue of the purchase order communicating the acceptance thereof on or before the
expiry of the delivery date therein. You are at the liberty to accept any one or more of the items of
such stores. I/We, notwithstanding that the offer in this tender has not been accepted in whole shall be
bound to supply to you such items and such portion or portions of one or more of the items as may be
specified in the purchase order communicating the acceptance.
1. We accept that if we withdraw or modify our Bids during the period of validity, or if we
are awarded the contract and we fail to sign the contract, or to submit a performance
security before the deadline defined in the request for bids document, we will be
suspended for the period of time decided by NCESS from being eligible to submit bids for
contracts with NCESS.
2. Technical specifications
Section I: Supply, Installation & Commissioning of Virtual Desktop Infrastructure Solution in

Hybrid mode
Section II: Pre-Qualification Criteria

Qualification Criteria for System Integrator /MSP
Sl. Compliance
Qualification criteria for SI Documents required
No Yes/No
Bidder must be a as a single legal entity
Copy of Certificate of
1 registered in India under the Indian
Incorporation
Companies Act 1956 and should have been in
operation in India for minimum of Five years.
Bidder must be certified for ISO 9001:2008 or Relevant Valid
2
Latest certification Certifications
Letter from Statutory
Auditors on their letter
The Bidder should have an annual turnover of
head mentioning the
INR 50 Crores. The bidder should be
3 annual turnover and profit
profitable over the last three consecutive
from IT services /
financial years.
Certificate from Chartered
Accountant.
Page 60 of 119
Bidder must have executed at least 1

VDI/HCI projector at least 1.5 crores of total
value in the last Three Financial Years in any
certificate
organizations in INDIA
Bidder must have experience in migrating and
managing workloads on the Cloud Services of
proposed CSP –at least 1 client, of order value
certificate
not less than Rs. 25 lakhs in the last 3 years.
Letter of undertaking to
The Bidder must be authorized by the this effect on the CSP
6 proposed Solution providers (Cloud Service /OEM's letter head, signed
Provider and hardware OEMs). by authorized signatory of
CSP /OEM
The bidder shall not be blacklisted by any
7 Government agencies/Utilities/Departments at
head of SI regarding non-
the time of bidding.
blacklisting
Consortium /Joint Venture is not Permitted in Letter from authorized
8 this Tender signatory on the letter
head of SI.
Successful completion of
PoC certificate (Form 6)
from authorized signatory
The bidder should carry out Proof of Concept on the letter head of SI
(PoC) in Cloud VDI instances to ascertain the and countersigned by
software used (as per Annexure 3) are Head, IT Wing, NCESS
9 compatible and the performances are Or
satisfactory with VDI instances. (Proposed Certification from
Cloud, VDI and Application Delivery Software vendors
controller should be part of the POC setup). (Annexure3) on
the compatibility with the
proposed cloud, ADC and
VDI solutions.
head of SI with supporting
The bidder should be in a position to deliver
documents. Supporting
complete end-to-end solution. Proposal has to
10 documents such as
clearly reflect the competence and capability
reference letters from
of the bidder in meeting this requirement.
clients who placed orders
on the bidder in the last 5
years.
Qualification Criteria for Cloud Service Provider (CSP). Bidder shall avail the services of a
CSP for this solution satisfying the following conditions on the CSP
Compliance
Sl.No Pre-Qualification criteria for CSP Documents required
Yes/No
The CSP, as a single legal entity
registered in India under the Indian Copy of Certificate of
1 Companies Act 1956 or a Limited Liability Incorporation or Certified
Partnership (LLP) registered under the LLP copy of Partnership Deed.
Act, 2008 or Indian Partnership Act 1932
and should have been in operation in India.
Page 61 of 119
Cloud Service Provider should be STQC Letter of Empanelment

2
audited and MeitY empanelled. issued by MeitY
The CSP should have a minimum turnover
from cloud services of Rs.300 Crore in
each of the last 2 financial years i.e (2016- Certificate from the
3
17 and 2017-18). The CSP should also have Chartered Accountant.
positive Net worth in each of the last 2
financial years i.e (2016-17 and 2017-18).
The CSP must have experience of Copy of Client certificate,
provisioning of Cloud Services on their work order, completion
4 Cloud for at least 3 clients in India out of certificate or extract from
which at least one client must be the contract mentioning the
PSU/Central Govt/State Govt scope of work.
Third party certifications of the proposed
CSP: Third Party Certificates
5 d. ISO 27001
copies
e. ISO/IEC 27017:2015
f. ISO 27018
Accreditations relevant to security,
availability, confidentiality, processing Self-Certificate by the
6 integrity, and/or privacy Trust Services authorized signatory of the
principles. CSP
 SOC 1, SOC 2, SOC 3
Availability SLA on the compute and block
storage services offered by the CSP in India
7 Proof on CSP Public Portal
as per the published SLAs should be
99.99% or better
CSP should have capability to provide
dedicated server/host using its native Cloud
8 Infrastructure (hardware) in India, which Proof in CSP Public portal
allows usage of existing software license to
deploy.
The CSP should not be black listed by Letter from authorized
9 Private/PSU/Central Govt/State Govt. in signatory on the letter head
India of CSP
3. Section III: SCOPE OF WORK
Compliance
Sl.No Pre-Qualification criteria for CSP
Yes/No
NCESS wishes to appoint a Bidder (SI) for providing Virtual Desktop
Infrastructure Solution on Hybrid mode (with on premise infrastructure and
public cloud) for a period of 3 years. The SI together with CSP and OEM
shall provide VDI infrastructure and managed Services for the Hybrid
1
infrastructure during the contract period.
The proposed solution should be a true Hybrid cloud solution. The solution
should have the capability to manage servers running on Cloud and in the on-
premises data center through a single interface, and it should manage resources
Page 62 of 119
of FIle Storage, AutoScaling Images , CPU/Memory (limited to available in

Base Hardware for Windows and Linux operating systems running on Cloud or
on-premise DC interchangeable (Note: provided no specialized Hardware is not
installed) . The proposed solution must be scale automatically to meet
the compute and storage requirement from on-premise to cloud DC and vice
versa. The proposed solution should also sync on-premises data to Cloud via
Direct connectivity and also sync from Cloud to data stored on-premises.
The brief scope of work is as follows.
t) Setting up a HCI based VDI infrastructure in On-premise Data Centre

and Public Cloud.
u) Providing VDI for applications (Annexure 3) used by NCESS along with
24*7*365 days support.
v) Application virtualization should be part of the offered solution.

w) All the existing application licenses should be made available with a
dedicated on premise licensing server (for both on premise and cloud
implemented application). All the applications running on cloud should
able to handshake with the said licensing server for authentication.
x) Supply and Installation of DC in a Box (42u Rack)
y) Supply, installation & commissioning of Virtual Desktop Infrastructure
Solution in Hybrid mode (HCI, Network, DC, Firewall, VDI etc.) and to
provide Comprehensive warranty for 3 years.
z) Bidder shall provide 24x7x365 Managed Services for the proposed
Virtual Desktop Infrastructure Solution in Hybrid mode including direct
P2P connectivity.
aa) Provisioning Cloud services for additional quantities as per BOM.
bb) Provisioning Cloud Connectivity (direct P2P) through Bandwidth
Service Provider. Bidder shall introduce eligible (proposed CSP
Certified) Network Bandwidth Service Providers (NBSP) for
provisioning of Bandwidth Services under this contract. The separate
purchase order (PO) will be issued to NBSP for bandwidth portion of
this RFP.
cc) Bidder must provide solution to meet all the mandatory technical
requirements mentioned in the RFP
dd) Provisioning Cloud Storage for Maximum capacity of 30 TB object and
50TB Archival Storage at each location.
ee) Provisioning of On premise storage for maximum capacity of 30TB and
200TB distributed object storage.
ff) The bidder shall propose the required no. of O.S, Server Virtualization,
VDI and other relevant licenses suitable to meet the specified 80
concurrent VDI user access.
gg) The selected Bidder is responsible for Maintenance Services on
proposed Physical and Cloud VDI infrastructure including Resource
Management, User Administration, Security Administration &
Page 63 of 119
Monitoring of Security Incidents, Monitoring Performance & Service

Levels, and Backup.
hh) Collaboration Software – A web application having basic functionalities
for data uploading and sharing, dynamic forms, access privileges,
Document versioning, File versioning, metadata information listings,
data access privileges, needs to be incorporated. The data should be
uploaded and downloaded irrespective of its file formats and the user
while uploading should have the provision to enter the metadata
information, based on which the file should be indexed.
ii) Bidders must source, install and configure Microsoft Active Directory
seamlessly for the proposed hybrid solution.
jj) Bidder should use reputed Backup/replication tools to meet 12Hrs RPO
and RTO at both locations.
kk) Fault ticket management solution for the proposed solution.
ll) Reports providing system-wide visibility into resource utilization, audit
trails,application performance, and operational health through proactive
monitoring (collect and track metrics, collect and monitor log files, and
set alarms) of the cloud resources
vii. Auto-scaling rules and limits

viii. Report of all of the provisioned resources and view the
configuration of each.
ix. Summary of alerts with respect to security configuration gaps
such as overly permissive access to certain compute instance
ports and storage buckets, minimal use of role segregation using
identity and access management (IAM), and weak password
policies
x. Summary of security assessment report that identifies the
possible improvements (prioritized by the severity) to the
security and compliance of applications deployed on cloud
xi. Report on upcoming planned changes to provisioning, either
possible optimizations, if any.
xii. The admin user login credentials shall be provisioned for
monitoring purpose
Page 64 of 119
Proposed Architectural Diagram
Section iv: Unpriced Bill of Materials:
Specifications
Offered
(OEM name,
product
Sl. details, model Compliance
Item Description Qty
No numbers etc. (Yes/No)
should be
clearly listed.
Brochures to
be enclosed)
16 vCPU / 32GiB / 300GB
1 Cloud VM 1 44
SSD (900 IOPS)
16 vCPU / 32GiB / 300GB
2 Cloud VM 2 6
SSD (900 IOPS) / Cent OS
2 vCPU / 4GiB / 100GB
3 Cloud VM 3 2
SSD (300 IOPS)
30TB Usable High Available
Object Storage + 50TB
4 Cloud Storage usable Archival Storage with 1
both storage having
99.99%or better durability
3 node HCI appliance with
30TB usable All FLASH
storage ( each node with
NVIDIA Tesla p40 (24GB)
with 25 Nvidia Grid licenses,
5 HCI Appliance dual Intel Xeon Platinum 1
8200 series (Cascade Lake-
SP) processor 24 core each,
Processor Base frequency-
2.9 GHz or higher, 256GB
DDR4, and RPS). Dual port
Page 65 of 119
10G SFP network Interface.

32 port 10GbE SFP
populated unified switch in
high availability mode.
Minimum four Node Object

Distributed storage Appliance with
6 Object Storage 200TB usable capacity and 1
for Archival dual port 10G connectivity
from day 1.
Firewall should have the
processed throughput of
350Mbps and should support
a minimum of 200 users with
7 NGFW 3year UTM subscription 2
(The offered firewall should
be from the same OEM for
On-Prem and proposed
cloud)
OS for Cloud Required Windows Server 1
8
VM 1 Data Centre Edition license Lot
Required Windows Server 1
9 OS for HCI
Data Centre Edition license Lot
Required Hypervisor license
Server 1
10 along with automatic
Virtualization Lot
resource scheduler features.
Hybrid solution with
automation and management 1
11 Hybrid Solution
with 3 years production Lot
support
Required concurrent VDI
12 VDI Software 80
Software license
Windows Remote Desktop
13 RDS CALs 80
User CAL licenses
Application Delivery
Controller having processed
throughput of 200Mbps.
14 ADC 2
(The offered ADC should be
from the same OEM for On-
Prem and proposed cloud)
15 Cooling Rack Smart Rack with UPS 1
50 Mbps point to point
16 Connectivity connect from NCESS DC to 1
Cloud for 3 years
1.2 GHz Dual-Core SOC
APU with AMD Radeon HD
Graphics r with 8GB RAM,
18.5” or higher LED
17 Thin Client 4
Monitor, USB Keyboard,
Optical Mouse, Gigabit
Ethernet port, support GPU
based virtual desktops.
Collaboration An application having basic
18 Software & functionalities for data
Support uploading and sharing,
Page 66 of 119
dynamic forms, access

privileges, Document
versioning, File versioning,
metadata information
listings, data access
privileges and user login
authentications
3 years comprehensive
warranty for the complete
Warranty/
solution including
19 Implementation
Infrastructure installation,
/ Support
configuration and Managed
Services
All requisite accessories and
software/hardware licenses
to complete the
20
commissioning of the
solution is the responsibility
of the bidder.
ANY OTHER SERVICES -
21 Other
Please add Rows
4th Year & 5th Year AMC
Sl. Compliance
Item/Description
No (Yes/No)
4th and 5th year comprehensive AMC pricing for the entire proposed
On-Prem solution including licenses as per BOM.
1
4th and 5th year Cloud Subscription pricing for the entire proposed
2
Cloud solution including licenses as per BOM.
4th and 5th year comprehensive AMC pricing for Development,
3 Support and Maintenance of Collaboration Software.
mm) Section V: Technical Requirements
General Requirements: Cloud
Sr. Compliance
Description
No (Yes/No)
Cloud service provider must ensure that all compute, storage,

1 network, database and other resources are hosted within India region
. only. Cloud service provider also ensures that NCESS’s data must
reside only in India region.
CSP Should support multi-site deployment architecture, across
geographically disparate sites, with Active-Active configuration to
ensure fault-tolerance with high availability between two physical
2
sites. In case of failure, automated processes to shift application
traffic to a secondary physical site. The said architecture should be
available in India
Page 67 of 119
CSP should provide auto scaling support within the limit of total
instances purchased for all compute instances (without any manual
3
intervention) during peak demand as well as normal workloads to
maintain stable performance of applications
CSPs native service for Data Migration supporting Continuous Data
Replication. Support for homogenous (same database engine as the
4 source and target) and heterogeneous database engines (source and
target database engine are different, For eg: Oracle to PostgreSQL or
DB/2 to MySQL)
CSP should have capability to provide dedicated server/host using its
5 native Cloud Infrastructure (hardware) in India, which allows usage
of existing software license to deploy.
The Cloud Service Provider must have provision for connectivity of
6
leading ISPs
CSP have capability to Provision the Compute Instance on the fly
7
through Console within 15 minutes.
CSP Capabilities:
d. Agility - software defined configurations to add / remove
capacity
e. Customer has the full control on the environment (e.g., can
8 create a virtual private cloud) and has the ability to log, monitor,
and audit the traffic and usage
f. Published SLAs / Uptimes and pricing on the public portal
Availability of reports (e.g., personal health dashboard, security logs,
audit reports) to the customer on the portal
9 ON PREMISE & CLOUD BACKUP RPO and RTO < 12 hrs
Compute requirements: Cloud

Proposed Virtual Machines (VM1 & VM2) should be offered
1 with Intel Xeon Platinum 8200 series (Cascade Lake-SP)
processor @ 3 GHz or higher
Compute service should provide auto-scalable, redundant,
2
dynamic computing capabilities.
Compute service should have support for operating systems such
3 as, Red Hat Enterprise Linux, SuSE Enterprise Linux, Windows
Server etc.
Compute service should include instance types as per application

4 and database instance requirements such as compute optimized,
memory optimized, storage optimized, IO optimized etc.
Compute service must allow resizing of compute resources

5 (vCPU, Memory, Storage, Network, IOPS etc.) at any point of
time.
Compute service should provide local storage for compute
6
instances in case of temporary use.
Compute service should allow NCESS’s authorized users to
procure and provision computing services or virtual machine
7
instances online with multi factor authentication via the SSL
through a web browser
CSP should provide self-service provisioning of multiple
8
instances concurrently.
Page 68 of 119
CSP should provide ability to logically group instances for

9 applications that require low network latency and/or high network
throughput.
NCESS should able to import own images for provisioning of
10 compute instances over cloud. Supported image format VMDK or
VHD or any other industry standard image formats.
NCESS should able to export virtual images of running compute
11 instances. Supported image format VMDK or VHD or any other
industry standard image formats etc.
CSP should make sure that compute instances designed in such
12 way to avoid any outage or downtime when CSP performing any
maintenance activity.
CSP should ensure that if at any point, compute instance fails it

13
should automatically restart on healthy physical host.
Compute service should provide health status, Event and

14 notifications of instances such as a reboot, stop/start, or
retirement/terminate.
Support multiple (primary and additional) network interfaces

15
cards (NICs) to be allocated for a given Instance/VM
Compute service should provide support for Image backup (or

16
snapshot) of compute instances.
Bidder should ensure that Compute instances should have anti-
17
virus protection.
CSP shall ensure that compute instances receive OS patching,
18 health checking, Systematic Attack Detection and backup
function.
Bidder should ensure that physical core to vCPU ratio is not more
19 than 1:2 for all proposed servers as well as additional servers
required during contract period.
Bidder should also make available necessary tools for measuring
20
vCPU performance.
CSP must provide virtual machines only on Server Class

21
hardware for the Cloud Provisioning of NCESS's requirements.
CSP should provide sufficient swap space for servers other than
22
proposed storage mentioned in Price Bid
Storage requirements: Cloud
CSP should provide ability to provision storage dynamically in
1 different options like SSD, provisioned IOPS, File storage, cold
storage etc.
CSP should provide persistent block level storage volumes for
2
compute instances.
Cloud service should support encryption of data on volumes as
3
per industry standards.
Cloud service should support point-in-time snapshots. These
4
snapshots should be incremental in nature.
Page 69 of 119
CSP should offer secure, durable, highly scalable object storage

5
for storing and retrieving any amount of data from the web.
CSP should support an extremely low-cost storage service that

6 provides durable storage with security features for data archiving
and backup.
Cloud service should support encryption for data at rest encrypt
7
data in object storage.
Cloud Service should support managing an object's lifecycle by
using a lifecycle configuration, which defines how objects are
8
managed during their lifetime, from creation/initial storage to
deletion.
Cloud service should be able to send notifications when certain

9
events happen at the object level (addition/deletion).
CSP should offer a solution for storing cloud data from cloud
10
backup storage or object storage to on-premises storage.
Offered Block Storage with SSDs providing minimum 3 IOPS per

11
GB
Offered Object Storage should Support Versioning & Multi-
Factor Authentication (MFA) to prevent accidental deletions.
12
Designed to provide durability of 99.99% or better as published
in the CSP public portal
Fault ticket management services (Incidence/Change)and Support
CSP should Provide Support coverage 24x7 for 365 days. Feature
1 should include Open a case online with Support via email (web
support), chat, or phone
CSP should configure NCESS Severity definition & response
2
time’s definition.
Personal Health Dashboard to give personalized view of the status
3
of the services that power applications
Tool to alerts on opportunities to save money, improve system
4
availability and performance, or help close security gaps
Cloud provider should offer a dashboard that displays up-to-the-

5
minute information on service availability across multiple regions.
Cloud provider should offer 365 days of Service Health
6
Dashboard (SHD) history.
Cloud provider should offer a service acts like a customized cloud
7
expert and helps provision resources by following best practices.
Monitoring tools that will enable collection and tracking metrics,
collection and monitoring log files, set alarms, and automatically
react to changes in the provisioned resources. The monitoring
8
tools should be able to monitor resources such as compute and
other resources to gain system-wide visibility into resource
utilization, application performance, and operational health.
Page 70 of 119
Able to define guidelines for provisioning and configuring cloud

resources and then continuously monitor compliance with those
guidelines. Ability to choose from a set of pre-built rules based on
common best practices or custom rules (e.g., ensure Storage
volumes are encrypted, Compute instances are properly tagged,
9
and Elastic IP addresses (EIPs) are attached to instances) and
continuously monitor configuration changes to the cloud
resources and provides a new dashboard to track compliance
status.
Provide Audit Trail of the account activity to enable security
10
analysis, resource change tracking, and compliance auditing
Support for third party OS support (Ubuntu Server, Red Hat
Enterprise Linux and Fedora, SUSE Linux (SLES and open
SUSE), CentOS Linux, Microsoft Windows Server 2008,
11 Microsoft Windows Server 2008 R2, Microsoft Windows Server
2012, Microsoft Windows Server 2012 R2, Microsoft Windows
Server 2016), web servers (Apache, IIS, Nginx), databases
(MySQL, Microsoft SQL Server, PostgreSQL, Oracle),
N. Direct Links
SI should provide the direct link access from cloud to NCESS’s
1 Trivandrum on premises location, so that cloud services are
accessed from on premises.
2 SI should provide the end to end delivery of Direct Links
Termination Point of Direct link at NCESS will be provided and
3
managed by MSP
Direct Link service should integrate with existing MPLS network
4
of NCESS.
5 Direct link should be preferably less than 15 ms Latency
Cloud provider should provide mechanisms to establish private
6 connectivity between the cloud environment and a customer
datacentre, office, or colocation environment.
Cloud platform network should provide creation of one or more

subnets within private network with a single Classless Inter-
1 Domain Routing (CIDR) .Cloud Platform network should be
robust, scalable and secured as per the enterprise industry
standard
Cloud platform network should be provide creation of DMZ for
2
Web facing applications and can provide public and private IP.
Cloud platform network should have low latency, low jitter, all
3 protocol required to run application ( tcp ,UDP etc.),network
access list and Prevent IP Spoofing features
4 CSP should provide the Public IP as per NCESS requirement
Cloud platform network should have Network load balancer and

application load balancer enabled for smooth network and
5
application functions with sufficient number of Transaction Per
second
Page 71 of 119
Cloud platform network solution should be horizontally scalable

6
and redundant (active –active and active passive and clustering).
Cloud platform network solution should have access from http,

7 https, cli and have own management console and dashboards for
network monitoring and configuration.
Cloud platform network solution should have minimum 40 % of

network resources shall free all the time. Platform should have
8 dashboard for network Problem identification and monitoring
network issues. Platform should easy to configurable with fewer
efforts, policy based and online configuration impact analysis.
Cloud platform network should have on demand network

enhancement, maintain confidentiality and integrity of data in
10
transit , Protect NCESS data from unauthorized (access,
authentication , disclosure, modification or monitoring)
CSP should provide the customer service portal for call logging,
11
view licenses, support Agreement, update download.
Bidder must demonstrate that all the points covered Under

12
Network Solution
Security Solution Requirement
CSP should design and provide the best suitable enterprise
1 security framework to manage modern and advance security
threats.
Cloud platform should provide firewall for inbound and outbound
network traffic with state full policy inspection and advance threat
protection. Platform should have dashboard for Security Problem
2
identification and monitoring security issues. Platform should
easy to configurable with fewer efforts, policy based and online
configuration impact analysis.
Cloud platform should provide the reverse proxy to protect

3
internal application on web and also provide NAT functionality.
Cloud platform should provide edge to edge security ,visibility

and carrier class threat management and remediation against
4 security hazards like Denial of service , distributed denial of
service, botnets etc. Also shall provide protection against network
issues such as traffic and routing instability.
Cloud platform should provide web application filter for OWASP
top ten protection and have layer 7 application load balancing
which support content based routing (Host and path based
5 routing), SSL certificate configuration per Application, health
check of application server per port basis, SSL offloading ,HTTP
and HTTPs session management and monitoring .End user shall
not be hamper while failover .
Page 72 of 119
Cloud platform should provide the scalable domain name system

service with advance security features, DNS load balance, Private
6
DNS, DNS failover, support multiple Zones, and DNS query
management and monitoring.
Offer a service to protect from common, most frequently

occurring network and transport layer Distributed Denial of
7
Service (DDoS) attacks, along with ability to write customized
rules to mitigate sophisticated application layer attacks
Cloud platform security solution should have access from http,

8 https, cli and have own management console and dashboards for
security monitoring.
Bidder must demonstrate that all the points covered Under
9
Security Solution
Hyper-Converged Infrastructure
Technical
Sl.No Description Compliance
(Yes/No)
1 The Proposed Solution should be an hyper converged appliance.
The proposed HCI solution should be 100% software defined. The
2 solution should support Compression & De-duplication from day
one.
The proposed solution should run on industry standard x86 HCI
3 appliance and it should leverage Virtual Storage Appliance to have
truly Software defined Storage or better technology.
HCI solution should support non-disruptive Scale-Up (Upgrade by
inserting additional drives in existing empty drive-slots &
4 increasing the RAM) whenever required without any additional
licensing cost and Scale-Out (Upgrade by adding nodes) upgrades
to grow capacity and/or performance.
HCI solution should support for increasing capacity by adding
CPU, Memory or any other devices to virtual machines on an as
5
needed basis without any disruption in working VMs running
windows and Linux operating system.
HCI solution should provide live Virtual Machine migration
6 between different generations of CPUs in the same cluster. Also
live migrate VM without any VM downtime.
The proposed solution must have capability to support nodes with
same/different CPU & Memory configurations in the same cluster,
7
The proposed solution should support either hybrid or all flash
nodes in same cluster for future scalability.
HCI solution should provide a single unified management console
for the management of the entire environment including the
8
virtualized environment as well as software defined storage
environment to simplify the manageability of the entire solution.
HCI solution should provide solution to automate and simplify the
9 task of managing hypervisor installation, configuration and
upgrades.
HCI solution should provide encryption protects unauthorized data
10
access.
Page 73 of 119
11 Proposed HCI solution should support fault tolerance.

12 Proposed HCI solution should support GPUs, as required.
Required Hypervisor License along with automatic resource
13
scheduler features should be included into the solution.
The proposed solution must have capability to support all industry
14
drives available ( SSD & SAS)
HCI solution should include bare metal hypervisor with
15 functionality of High Availability, hot Add (CPU, Memory,
Storage& Network).
HCI solution should support enforcing security for virtual machines
at the Ethernet layer. Disallow promiscuous mode, sniffing of
16
network traffic, MAC address changes, and forged source MAC
transmits.
HCI solution should provide enhanced visibility into storage
17 throughput and latency of hosts and virtual machines that can help
in troubleshooting storage performance issues.
18 HCI solution should support RAID or RAIN.
HCI should have inbuilt Distributed Switch to centralize network
provisioning, administration and monitoring using data centre-wide
19
network aggregation, should provide Network QoS to define
priority access to network resources.
All the software components should have unlimited incident
support with L1, L2, L3 level technical support (Email, Phone &
Web) directly from the original OEM. The support should be
20
available 24x7x365 with unlimited updates and upgrades during the
complete tenure of the project without any additional cost during
the tenure of the complete project.
The backup solution should support Should support backup of
various OS platforms such as Windows 2008, 2012, 2016, Linux
22 and UNIX. Backup software solution must have inbuilt capability
to protect the backed up disk volume from Ransomware or Any
other similar features
The Backup software must provide native database support for
23 Oracle, MS SQL, MySQL and PostgreSQL. The proposed backup
solution must support at least AES 256-bit encryption capabilities.
The Backup Software should have inbuilt catalog database. The
Backup Software should be able to support versioning and should
be applicable to individual backed up objects. Software shall
24
support rebuild catalogs and indexes in case of disaster. It shall be
supported through Software GUI or through Command line
utilities.
The switch should have 32 ports of 40-Gbps ports in one 1 rack
25 unit (RU) should be deployed in high availability mode. Support
for 4x10-Gbps breakout cables.
26 The switch should Bandwidth up to 2.56 Tbps.
The switch Ports capable of line-rate, low-latency, lossless 40
27
Gigabit Ethernet and Fibre Channel over Ethernet (FCoE)
Integration with NAS, FC, FCoE and iSCSI SAN and infrastructure
from leading vendors leveraging high performance shared storage
28
to centralize virtual machine file storage for greater manageability,
flexibility and availability.
The solution shall be provided with complete capacity license for
29
deduplication, compression, for entire capacity.
The OEM shall provide onsite warranty of 3 years on the proposed
30
HCI appliance.
Page 74 of 119
The proposed solution like HCI appliance, Unified Switch, Backup

Solution should be leader in latest HCI Gartner Magic Quadrant
31
list. Underlying servers should also be leader in latest Magic
Quadrant Server Modular list.
HCI and its software should be compatible with proposed cloud
32
solution.
Desktop Virtualization
Compliance
Compon
Category Description (Yes/No/Pa
ents
rtial)
General Requirements
The VDI solution shall be scalable up to 10000
device connections.
The solution should support the delivery of
Windows & Linux based Virtual Desktop,
RDSH based Desktop, hosted & packaged
application from same platform and single user
portal.
The solution should allow concurrent user
connection
The solution should support applications
virtualization by encapsulating application files
and registry into a single package that can be
deployed, managed and updated independently
from the underlying operating system (OS).
The Solution should provide anytime, anywhere
secure access to desktops and applications
including SaaS/web applications, Hosted RDSH
App, packaged ThinApps and even Citrix
applications on any endpoint, including iOS,
Windows, Android and Mac
General VDI
The Solution should be able to connect from
General Specification
industry standard client operating systems (OSs)
s
and Thin client/Zero Clients.
The solution must provide in-depth monitoring
and historical usage (minimum one month)
reporting of VDI environment.
The solution should support mechanisms to
reduce disk/io latency between physical nodes
and share-storage infrastructure
The solution should provide Unified client for
consistently great experience across devices and
locations for:
-Optimized access across the WAN and LAN
through an HTML browser
-High performance multi-media streaming
-Rich virtualized graphics
-fully optimized unified communications and
real-time audio and video support.
-intuitive and contextual user experience across
devices making it easy to run Windows on
mobile.
-Access to local devices, USB and device
peripherals
Page 75 of 119
The proposed solution can be hosted on multi

datacenter architecture which will allows IT to
easily move and locate broker pods across
datacenters and sites.
The proposed soultution shall provide
comprehensive visibility across a desktop
environment, allowing IT to optimize the health
and performance of desktop services and cloud
analytics.
Connection broker software should allow to
deliver virtualized or remote desktops and
applications through a single virtual desktop
infrastructure (VDI) platform and support end
users with access to all of their desktops and
applications through a single unified workspace
catalog.
Virtual
The solution should support Instant clone
Desktop
technology for fast VDI provisioning whereby a
Management
booted-up parent VM can be quiesced, and “hot-
cloned” to produce derivative VM’s rapidly,
leveraging the same disk and memory of the
parent, with the clone starting in an already
"booted-up" state
IT should have ability to use Group policy
administrative templates (ADM files) to
optimize and secure VDI infrastructure.
IT should have an ability to use centralized smart
Manage
pooling and auto provisioning capabilities to
ment
provide range of automated persistent, non-
persistent and stateless desktops in the same
pane of glass.
IT should have an ability to leverage the
deployment of SOE application using
template/application stack with just few clicks.
Solution should Deliver and upgrade
applications through virtual disks in real-time,
lowering time to deploy applications from hours
to seconds and reduce the number of desktop
images to manage by allowing to create modular
app stacks.
Reduce management costs by efficiently
delivering applications from one virtual disk to
many desktops such that applications are
immediately and dynamically made available,
Application
upon logon, while logged in, or at boot.
Management
Solution should support Managing applications
in volumes, reducing storage capacity
requirements without impacting network and
compute resources.
In the use case of developer and L&D, users
should have flexibility to install applications on
his own and Application Management software
should provides capability to capture and deliver
the user installed application, data and profile
irrespective of the any desktop he logs in
Page 76 of 119
App Management software should integrate with

storage to provide a unique DR capability of
replicating read/write volumes from primary site
to DR site. This makes end user productive as
they can start working immediately (as per RPO
policy) of the organization in case of primary
site failure.
The Solution should offer Easy-to-apply policy
across devices and locations and helps accelerate
User management, migrations and onboarding,
Environment including configuration settings for applications,
Management shortcuts, mappings and group policy settings.
Solution should provide Scale out services with a
single solution that supports virtual, physical and
cloud-hosted environments.
Solution should provide ability to quickly add
and remove profile and personalization services.
The Solution should provides end-to-end
visibility into the health, performance, and
efficiency of virtual desktop and application
environments from the data center and the
network, all the way through to devices
Monitoring software for VDI should allow IT to
easily troubleshoot, manage and monitor your
end-user computing environment with a single
pane of glass from datacenter to devices.
Solution should automatically track the health of
your virtual desktop infrastructure stack to
optimize performance. Monitor all storage,
compute and network resources—including
End to End Protocol performance, Connection Servers and
Monitoring Gateway Servers—across physical and virtual
software boundaries. It shall be able to do root cause
Monitori
from analysis with log management from single pane
ng
Datacenter of glass with In-guest metrics for app
to end user performance monitoring by Identifying over-
device. provisioned hardware, bottlenecks and resource
constraints.
Solution should support Advanced Analytics &
Reporting. It should Automatically learn normal
operating parameters for Desktop Virtualization
infrastructure and user workloads. Get proactive
warnings. Set alerts based on dynamic rather
than “hard” thresholds that adapt to your
environment. Receive advanced notifications
before events impact end users to proactively
manage your environment. Take advantage of
out-of-the box usage and license-compliance
reports and easily remediate your environment
with common commands.
Page 77 of 119
Desktop virtualization Client should allow users

to transparently use local or network printers
from within their remote systems, yet removes
the requirement for installing proprietary printer
drivers on each View VDI desktop.
The Solutions should allow end users to uses the
self-service enterprise portal to access all the
corporate applications (RDSH, ThinApp, SaaS,
XenApp), virtual desktop and RDSH Session
based desktop which they are entitled too.
The solution should support Skype for Business
2013 in virtual Desktop envrionment.
End user can access the latest updated
application needed without rebooting the
desktop.
End users can save data and profile settings and
End
the same is seamlessly available till the time
User End User
users is entitled by IT.
Experien Experience
End users can add their applications to Favorites,
ce
and group them in categories. The new action
menu allows end users to easily reset their
virtual desktops as well as move subscribed
applications to the top or bottom of the list,
improving usability on mobile devices.
The Solution should provide a HTML 5 based
access to the Virtual desktops and applications.
Solution should provide inbuilt SSL VPN
capability such that Using the gateway users
should able to access virtual desktop and
applications from internet or home without any
third party VPN gateways or hardware
appliance.
Solution should provide the real time compliance
monitoring and auditing.
Desktop Virtualization software should integrate
with two factor (RSA, Symantec, SmartCard)
and radius authentication solutions.
Desktop Virtualization software provides Role
based access control to seamlessly share the
same management infrastructure across different
Security
management team.
The Solution should support agentless anti-virus
and malware scanning/ remediation in a large-
scale virtual desktop environment without the
need for agents inside every virtual desktop and
should consolidates and offloads all
antivirus/anti-malware operations into one
centralized secured virtual appliance.
Page 78 of 119
Distributed Object Storage
S. Compliance
Feature Technical Specifications / Requirement
No. (Y/N)
The vendor needs to provide Object
Storage software and the requisite
Storage capacity
Proposed Object storage must provide no-
1 High Availability
single-point of failure
Proposed object storage should be able to
scale to petabytes of unstructured data
storage and to store it over longer periods of
time and make it available over the Web
2
instantly. Proposed object storage should be
offered with minimum 200 TB of usable
storage capacity and upgradable up
to 1 PB usable.
Proposed object based storage Should be
Usable-Expandable able to scale the compute and capacity
3 and Scalability seamlessly, with zero impact
to the level of service to users and
applications.
Object storage must support intendent
scaling & decoupling of compute capacity
and storage capacity to allow flexibility in
4 expansion,. Object storage must support
adding different types of storage capacity
such as Local capacity, SAN, S3 based on-
premises/cloud storage,
Proposed Object storage should have
WORM capability to prevent any
change/deletion of data as per the retention
requirements set by policies. Object Storage
5 Data Retention
shall have ability to set default retention
periods for different categories of
objects/content in case application(s) cannot
specify retention period.
Object storage should support
deduplication/Single Instance Storage
Deduplication/Single functionality or backup software, DBTA and
6
Instance Storage object storage should be integrated such that
object storage should receive only unique
data from DBTA.
Proposed Object based storage should be
fully distributed, symmetrical and scale-out
architecture. Minimum 4 nodes should be
provided for user data access with minimum
2 numbers of 10Gbps LAN Ports on each
7 Connectivity node. Each node should be a separate
appliance or physical servers. Bidder should
provide hardware based redundant Network
Load Balancers for equal load distribution
across the nodes with 10Gbps uplinks to
Data Centre LAN.
Page 79 of 119
Object based Storage shall be managed and

8 GUI monitored via integrated UI, CLI & RESTful
APIs.
Object based Storage shall support multi-
tenant architecture including ability to apply
9 Multi-tenancy
quota limits on specific sections within the
object store.
Object Storage shall protect all objects with
Erasure Coding, Erasure coded data should
be encoded equally efficiently, regardless of
10 object size. Object Storage shall allow any
object to be accessed from any node at any
Erasure Coding site with most recent version of data always
available (strong consistency).
Object storage must have inbuilt capability
to protect the objects using erasure coding
11
method to protect against minimum 4 hard
drive failures
Should support custom metadata tagging on
Metadata indexing & objects, provide indexing for metadata and
12
querying allow querying using metadata index through
GUI as well as API.
Object Storage shall provide versioning
13 Versioning capability to protect and record Object-level
changes.
Object Storage must provide capability to
verify integrity of objects using hashing etc,
Integrity Verification
14 and it must support automated recovery of
& Auto repair
objects from replica copy if object is found
corrupt.
Object Storage should be supplied with
replication capability to support DR solution
in future
Object Storage should have following
replication capabilities
a. Subsequent Replication should transfer
15 Replication
only difference data from previous
successful replication.
b. If needed Object storage should be able to
support geographically distributed erasure
coding with simultaneous or delayed EC
encoding at mulitple sites
Should support access through
HTTP/HTTPS, S3, NFS/CIFS, SMPT,
SWIFT API without need for additional
hardware. Should be able to integrated with
16 Accessibility custom applications and software, and
supported with major backup/archival
software, file gateway, file sync and share
application to support multiple use
cases/functionality.
Object storage should be provided with all
features available with it, and all software
17 Features
and license required to use these features
should be provided along with object
Page 80 of 119
NGFW Specifications
Compliance
Sl.No General Requirements
(Yes/No)
The Firewall must be appliance based, rack mountable and it should
1
support internal or external redundant Power Supply.
The Proposed Firewall Vendor should be in the Leaders/ Challenger
2 in Quadrant of Gartner Magic Quadrant for Enterprise Network
Firewall.
NGFW must support Secure SD - WAN feature along with advance
3
routing protocols such as BGP
SD-WAN must be able to link and failover between various
4 connections such as Internet , MPLS , leash line and even Routed
based VPN interfaces.
Build-in SDWAN must be able to do load balancing of various links
5
based on source address, User group , protocol and/or applications
Device should support Static routing, RIP, OSPF,BGP, IS-IS, RIPng,
6
OSPFv3 and BGP4+
Performance Parameters
The solution should support a minimum of at least 450 Mbps IPS
1 throughput & Minimum 350 Mbps NGFW throughput on real-world
/ enterprise mix traffic test condition
The solution should support minimum 200 Mbps threat protection
2
throughput on real-world / enterprise mix traffic test condition
3 Should support 2 Gbps IPSec VPN throughput and 1500 Tunnels
The Firewall must support at least 1,500,000 concurrent connections
4
and 30,000 new sessions per second
The platform must be having minimum of 12 interfaces with auto
5
sensing 10/100/1000 capability and 2 Gigabit SFP ports
Firewall Features
Firewall policy should be single policy where all the feature get
1 applied such as IPS, application control , URL filtering , antivirus ,
SSL inspection , logging and even NAT
Firewall must support Zoning option along with User based
2 authentication. It must have automatic option to group all the same
zone policy
There must be option to configure the said Firewall policy from GUI
of the NGFW appliance without requiring any Management solution.
3
This is in the case of emergency where management solution is no
available and policy needs to be changed.
Firewall must support NAT46, NAT66 and NAT64 along with
4
policy for such NAT along with option to configure DNS64.
Firewall must support NAT policy for multicast traffic for both IPv4
5
and IPv6
Virtualization
The proposed solution should support Virtualization (Virtual
1 Firewall, Security zones and VLAN). Minimum 5 Virtual Firewall
license should be provided.
Virtualization must be for every feature which are IPS , Application
2 control, Antivirus/Anti-malware , URL filtering , SSL inspection ,
SSL VPN , IPSec VPN , Traffic shaping and user authentication.
Page 81 of 119
VPN Features
NGFW must have built in support IPSec VPN and SSL VPN. There
1
shouldn't be any user license restriction
IPSec VPN must include gateway to gateway and gateway to client
vpn. In case of gateway to client the administrator must have option
2
to assign private IP address to remote user without requiring any
additional license
Route based IPSec VPN must be supported along with SD-WAN in
3
case of two or more ISP's.
Intrusion Prevention System

1 The IPS capability shall minimally attain NSS Certification
2 The IPS detection methodologies shall consist of:
a) Signature based detection using real time updated database
b) Anomaly based detection that is based on thresholds
3 The IPS system shall have at least 7,000 signatures
IPS Signatures can be updated in three different ways: manually, via
pull technology or push technology. Administrator can schedule to
4
check for new updates or if the device has a public IP address,
updates can be pushed to the device each time an update is available
Antivirus
1 Firewall should have integrated Antivirus solution
The proposed system should be able to block, allow or monitor only
using AV signatures and file blocking based on per firewall policy
2
based or based on firewall authenticated user groups with
configurable selection of the following services:
a) HTTP, HTTPS, b) SMTP, SMTPS, c) POP3, POP3S, d) IMAP,
IMAPS, e) FTP, FTPS
Web Content Filtering

The proposed system should have integrated Web Content Filtering
1
solution without external solution, devices or hardware modules.
The proposed solution should be able to enable or disable Web
2 Filtering per firewall policy or based on firewall authenticated user
groups for both HTTP and HTTPS traffic.
Application Control
The proposed system shall have the ability to detect, log and take
1 action against network traffic based on over 4000 application
signatures
2 The application signatures shall be manual or automatically updated
High Availability
The proposed system shall have built-in high availability (HA)
1
features without extra cost/license or hardware component
The device shall support stateful session maintenance in the event of
2
a fail-over to a standby unit.
High Availability Configurations should support Active/Active or
3
Active/ Passive
OEM should be having the following certifications/Ratings

1 Firewall module should be ICSA Labs and EAL 4 certified
Page 82 of 119
Network Intrusion Prevention System (NIPS) and should be ICSA

2
Labs certified.
Functional Requirement Specification
Sl.
Complianc
N Requirements
e (Yes/No)
o
The Proposed cloud management software should be from reputed
xii.
organization available in the market with maintenance support.
xiii. The Solution shall be capable of allowing applications to self-service
compute, network and storage infrastructures automatically based on
workload demand
xiv. The Solution shall be able to isolate and allow secure authenticated
access to infrastructure services
xv. The Solution shall be capable of orchestrating compute and storage
resource placements based on flexible policies to maximize hardware
utilization
xvi. The Solution shall be able to abstract compute, network, and storage
resources for the application and user self-service regardless of
hypervisor, server, network and storage hardware
xvii. The Solution shall be capable of supporting multi-tenancy to run cloud
services (compute, network, storage) for multiple consumers on a single
platform while dynamically and automatically managing the isolation
of virtual machines into secure pools.
xviii. The Solutions shall be able to manage wide variety of open source and
proprietary Operating Systems
xix. OEM should provide technical hands-on training on all the solutions
proposed
xx. OEM should provide direct technical support 24/7
xxi. The proposed Cloud Management solution should support Multi-vendor
hypervisor, physical endpoint and public cloud support
xxii. The proposed Server Hypervisor solution should Support for suspend
and resume capabilities for vGPUs, to improve host lifecycle
management. Also must Support for VM mobility and snapshot
capabilities allows migration of vGPU powered VMs to another host
during maintenance windows, reducing end-user disruption
FRS for Cloud enablement
Server Virtualization Functional Capabilities

Page 83 of 119
Complianc
1 Hypervisor e
(Yes/No)
xxv. Virtualization software shall be in Leaders Quadrant of Gartner Magic
Quadrant for x86 Server Virtualization Infrastructure for continuous
last 4 or 5 years
xxvi. The Virtualization software should be based on hypervisor technology
xxvii. The solution should provide Zero downtime, Zero data loss and
xxviii. The solution should provide Inbuilt agentless backup and recovery
solution for VMs and In-built array-agnostic replication of VMs data
over the LAN or WAN. No extra cost should be applicable,
xxix. The solution should provide support or placing critical virtualization
xxx. The Solution shall be able to run various operating systems like
windows client, windows server, linux (RedHat, Suse Linux etc) and
any other open source
xxxi. The Solution shall have the capability for creating Virtual Machines
templates to provision new servers
xxxii. The Solution shall continuously monitor utilization across Virtual
Machines and shall intelligently allocate available resources among the
Virtual Machines
xxxiii. The Virtualized Machines shall be able to boot from iSCSI, FCoE and
fiber channel SAN
xxxiv. The Virtualized Infrastructure shall be able to consume Storage across
various protocols like DAS, NAS, SAN
xxxv. The Solution shall allow for taking snapshots of the Virtual Machines
to be able to revert back to an older state, if required
xxxvi. The Solution shall be able to dynamically allocate and balance
computing capacity across collections of hardware resources of one
physical box aggregated into one unified resource pool
Page 84 of 119
xxxvii. The Solution shall cater for the fact that if one server fails all the
resources running on that server shall be able to migrate to another set
of virtual servers as available
xxxviii. The Solution shall provide support for cluster services between Virtual
Machines
xxxix. The Solution shall provide patch management capabilities such that it
shall be able to update patches on its own hypervisor and update guest
operating system
xl. The Solution shall provide the monitoring capabilities for storage,
processor, network, memory so as to ensure that the most important
Virtual Machines get adequate resources even in the times of
congestion
xli. The Solution shall support Live Migration of Virtual Machine from
one host (Physical Server) to another another without any downtime
between the virtualization management server, across the clusters,
datacentres and virtual switches.
xlii. The Virtualization software should be based on hypervisor technology
xliii. The solution should provide Zero downtime, Zero data loss and
xliv. The solution should provide Inbuilt agent /agentless backup and
recovery solution for VMs and In-built array-agnostic replication of
VMs data over the LAN or WAN. No extra cost should be applicable,
xlv. The solution should provide support or placing critical virtualization
xlvi. The Solution shall deliver above listed Hypervisor capabilities using
standard server infrastructure from HP, DELL, IBM, Cisco,
Oracle,AWS, Azure etc.
xlvii. The Solution should provide security on the hypervisor, as well as
guest VMs without the need of any AV agent installation in any of the
VMs. It should provide the ability to apply security to virtual machines
Page 85 of 119
and security policies that can follow the machines as they move in the
cloud.
xlviii.
Th The Solution shall provide policy-based configuration management to
ensure compliance across all aspects of the datacenter infrastructure,
including virtual and physical resources.
2 Compute
v. The Software shall have the capability to create Virtual Machines with
required number of vCPUs
vi. The Solution shall allow Virtual Machines consume RAM
dynamically in such a way that if some of the VMs in Physical
machine are not utilizing the RAM, this RAM can be utilized by some
other VM in the same physical machine which has a requirement
vii. The Solution shall be able to use power saving features like, in case of
off-peak hours, if not all servers are required to be powered on, the
solution shall shut down to save power
viii. The solution should support for Hot Add (CPU, Memory & devices) to
virtual machines when needed, without disruption or downtime in
working for both windows and Linux based VMs
3 Storage
iv. The Solution shall also integrate with FC, FCoE and iSCSI SAN and
infrastructure from leading Vendors so as to leverage high
performance shared storage to centralize Virtual Machine file storage
for greater manageability, flexibility and availability
v. The Solution shall have the ability to thin provision disks to avoid
allocating all storage space upfront
vi. The Solution shall provide the capability to migrate the live Virtual
Machine files from one storage array to another storage without any
downtime between the virtualization management server, across the
clusters, datacentres and virtual switches.
4 Network
viii. The Solution shall allow configuring each Virtual Machine with one or
more virtual NICs. Each of those network interfaces can have its own
IP address and even its own MAC address
ix. The Solution shall allow for creating virtual switches that connect
virtual machines
x. The Solution shall support configurations of 802.1 q VLANs which
Page 86 of 119
are compatible with standard VLAN implementations from other

vendors
xi. Solution shall take advantage of NIC Teaming Capabilities
xii. The Solution shall deliver above listed all network capabilities with
Cisco, Juniper, 3COM, etc.
xiii. The Solution shall have the capability for moving Virtual Machines
from Primary site to the Secondary site.
xiv. The solution should provide a centralized virtual switch which can
span across a virtual datacenter and multiple hosts should be able to
connect to it. This in turn will simplify and enhance virtual-machine
networking in virtualized environments and enables those
environments to use third-party distributed virtual switches
Security Capability in Cloud

Complianc
1 Security Capabilities
e (Yes/No)
xii. The Solution shall offer Automated and Approval based Upgrades
for Virtual Machines delivered through cloud infrastructure
xiii. The Solution shall be able to extend existing malware protection
solution in the NCESS for Virtual Machine
xiv. The Solution shall be able to provide existing Firewall protection for
the virtual machine.
xv. The Solution must offer Identity, Authentication and Role based
access to User Departments Infrastructure - Machines (Virtual or
Physical), Application or Common Services
xvi. The Solution must offer Policy based administration by putting User
Departments Machines (Virtual or Physical) in logical groups and
apply relevant policies.
xvii. The Solution shall have the ability to not just enforce policies but
also track and report non-conformance
xviii. The Solution shall generate reports on non-conformance and
escalation for privileged access by unauthorized roles/ identities
xix. The Solution shall support VLAN isolation by supporting multiple
networks per resource pool
xx. The Solution shall support secure communication between guest
VMs and Hypervisor and intra-VMs.
xxi. The Solution must offer ability to Copy, convert, or migrate an
image (P2V, V2V, V2P).
Page 87 of 119
xxii. The Solution must offer ability to utilize existing Intrusion detection
System / Intrusion Protection system to seamlessly extend into
Virtualization environment
Service Provisioning Capabilities

Complianc
1 Service Portal Capabilities e
(Yes/No)
xxvii. The Solution should provide a simple to use intuitive Web and
experience for NCESS Cloud Administrator and User Departments
and should have extensibility to deliver Infrastructure as a Service.
xxviii. The Solution shall have self-service capabilities to allow Users
Departments to log service requests - in the portal.
xxix. The Solution shall be able to offer choice of various Service offering
on multiple hypervisors (such as XEN, Hyper-V, VMware, KVM)
with an option to select multi operating systems such as Windows
2003, 2008, RHEL / SUSE Linux, etc., VLAN , Storage, Backup and
quickly compute associated price for the same as well as shows the
deduction for overall Tenant approved infrastructure Quota
xxx. The Solution shall offer Service catalog listing availability of Cloud
infrastructure like Virtual Machines offered by NCESS IT.
xxxi. The Solution shall provide comprehensive service catalog with
capabilities for service design and lifecycle management, a web-based
self-service portal for users to order and manage services
xxxii. The solution shall provide an on-boarding mechanism for the new
tenants (Department) on the cloud infrastructure that automatically
creates the tenant, the tenant administrators, allocates specific
resources for the tenant like storage pools, server pools.
xxxiii. The Solution shall offer Registration, Signup, Forgot Password and
other standard pages (Profile, Billing or Contact information)
xxxiv. The Solution shall enforce password policies and allow to personalize
the look & feel and logo on the user-interface panels
xxxv. The Solution shall automate provisioning of new and changes to
existing virtual infrastructure with approvals
xxxvi. The Solution shall track ownership and utilization of virtual machines,
Physical machines, and common services
xxxvii. The Solution shall allow for implementing workflows for
provisioning, deployment, decommissioning all virtual and physical
Page 88 of 119
assets in the cloud datacenter
xxxviii. The Solution shall allow easy inventory tracking all the physical &
virtual assets in the Private Cloud. It shall provide capabilities to track
usage and non-compliance situations.
xxxix. The Solution shall have the ability to manage & monitor Virtual
Assets across multiple cloud platform like Microsoft, AWS etc.
xl. The Solution shall allow the ability to identify non-compliant systems
(both Virtual and Physical) in terms of Desired Configuration (e.g.
Lack of a Firewall or a file system policy on a VM etc.) and
automatically remediate the same wherever possible
xli. The Solution shall be able to dynamically allocate and balance
computing capacity across collections of hardware resources
aggregated into one unified resource pool with optional control over
movement of virtual machines like restricting VMs to run on selected
physical hosts.
xlii. The Solution shall have Show-Back (to check the usage patterns and
reporting for the user department) and the same solution shall have the
capability to be updated into Charge-Back whenever this
functionality is required by the NCESS IT.
xliii. The Solution shall offer usage report by tenant, by region, or by
virtual machine reporting usage of memory consumption, CPU
consumption, disk consumption
xliv. The solution shall allow the users to schedule a service creation
request in a future date/time; the solution shall check if a request
scheduled for a future time can be fulfilled and reject the request in
case of projected resources shortage or accept the request and reserve
the resources for that request
xlv. The Solution shall have web-based interface for administration
xlvi. The Solution shall have the ability generate customize report as well
as the native ability to export to common formats
xlvii. Whenever the Charge Back mechanism is enabled, the Solution must
satisfy the following requirements:
- The Solution shall support different cost models like allocated
or reserved cost per virtual machine. It shall also allow
tracking usage of resources
Page 89 of 119
- The Solution shall allow mixing of different cost model/

policies
- The Solution shall have the ability to charge differently for
different level of services
- The Solution shall support cost calculation of shared/ multi-
tenant application
xlviii. The Solution shall provide service catalog with capabilities for service
offering design and lifecycle management, a self-service portal for
users to order and manage services
xlix. The solution should be able to provide intuitive point-and-click
interface for customizable scripts, enabling customers to override
configurations and execute deployments with the click of a button and
should also be able to automatically generate deployment execution
plans which would enable organizations to perform audits before
deploying regulated applications
l. The solution should have comprehensive deployment execution plans
which would provide the ability to call-out custom scripts to fix
security-related vulnerabilities during deployments would assists in
troubleshooting deployment failures
li. The solution should provide resource reclamation functionality which
identifies and reclaims inactive and abandoned resources by
automating the decommissioning and reuse of retired resources. It
should also provide reclamation savings reports which would enable
organizations to quantify its cost savings
lii. The solution should provide visual drag-and-drop interface for
developing custom workflows. The visual workflow designer should
enable activities to be easily inserted into a workflow and also ensures
visual drag-and-drop interface for automatic error-checking logic
ensuring that each activity’s parameters are configured correctly,
further simplifying the customization process without code changes
2 NCESS Private Cloud Administrator Requirement
v. Administrators shall be able to automatically scale and/or manage
resources unilaterally (as also termed in the NIST definition) for
tenant services without manual intervention as and when required by
the SLA requirements of the service
vi. Private Cloud Administrators shall be able to easily configure, deploy,
Page 90 of 119
and manage services through a highly intuitive service-centric

interface, while using a library of standard templates
vii. Private Cloud Administrators shall easily be able to commission &
decommission VMs at Private & Public Cloud.
viii. Private Cloud Administrators/Application Owners shall be able to
create, manage, services using a web-based interface that presents a
customized view of resources based on your role in the organization
3 Capacity Management
vii. The Solution shall be able to determine how many more virtual
machines can fit the environment
viii. The Solution shall identify idle, underutilized capacity to provide
inputs to the capacity management function such that informed
decisions can be taken
ix. The Solution shall support to identify and determine optimum sizing
and placement of virtual machines
x. The Solution shall provide forecast reports demonstrating forecasted
utilization
xi. The Solution shall support all of the following modeling scenarios:
Physical to Virtual, Virtual to Virtual, Virtual to Physical
xii. The Solution shall provide a mechanism to automatically assess high
volumes of workloads and determines optimal placement on virtual
machines across the enterprise’s shared resource pools
4 Log Management
i. The solution shall support collecting logs from storage, server,
network & operating systems
ii. The solution shall support event correlation by integrating the log
management solution with the monitoring solution.
iii. The solution shall provide dashboard and reporting capabilities
Automation, Orchestration and Monitoring

Compliance
1 Process Automation
(Yes/No)
ix. The Solution shall demonstrate a way to comprehensively model cloud
datacentre process end to end across multiple Vendors software and
hardware thus enforcing Operational Best Practices and Procedures
x. The Solution shall allow automating best practices, such as those found in
Information Technology Infrastructure Library (ITIL) through workflow
Page 91 of 119
processes that coordinate management tools to automate incident response,

change and compliance, and service-lifecycle management processes
xi. The Solution shall have capabilities to create workflows to automate
common admin challenges
xii. The Solution shall have the ability to develop highly customized workflows
and easy user interface.
xiii. The Solution shall have web-based interface
xiv. The solution should provide ready to use templates covering security best
practices, vendor hardening guidelines.
xv. The solution should be able to map application services, visualize
relationships and map dependencies of applications on virtualized compute,
storage and network resources
xvi. The proposed solution should be able to provide business continuity and
disaster recovery planning by using automated application discovery and
mapping.
2 Integration Capabilities
ix. The Solution should be able to create processes across multiple vendors’
software and hardware. Integrate monitoring dashboards for vSphere, as
well as third-party infrastructure management Packs
x. The Orchestration Solution shall be open and interoperable and has rich
integration capabilities that support interfaces from command line interface
and web services
xi. The Solution shall provide resource-level operations through a single
management across compute resource with physical and cloud
environments. It shall support provisioning for multiple platforms including
Windows, Linux, & ESX on x86 (32 and 64 bit)
xii. The Solution shall provide capability for orchestrating tasks across systems
for consistent, documented, compliant activity
xiii. The Solution shall be able to audit and monitor execution of processes and
report on violations against the same
xiv. The Solution shall be able to accelerate adequate utilization of subsystems
(not limited to but including) the backup solution, the service
manager/helpdesk module, the operations modules, the virtual asset
provisioning modules etc
xv. The solution should be able to integrate Management Packs for third-party
infrastructure vendors for server and storage. It should be able to Monitor
Page 92 of 119
and manage from a single console both infrastructure and application.

Ability to correlate unstructured log data with structured metrics and KPIs
for faster root cause analysis and comprehensive visibility.
xvi. The solution should provide discovery of application and would provide
visualization of same which would bring application-level awareness to
infrastructure and operations teams to ensure service levels and disaster-
recovery protection for all critical application services.
3 Monitoring Capabilities
xv. The Solution shall be able to monitor User Department Virtual Resources
independent of the platform & solution/service they are running
xvi. The Solution shall be able to monitor key performance characteristics of the
virtual resource.
xvii. The solution should provide self-learning performance analytics and
dynamic thresholds which can adapt to the environment to simplify
operations management and eliminate false alerts. Integrated smart alerts for
health, performance and capacity degradation to identify building
performance problems before they affect end users. Based on Historical data
and trending, solution should be able to send proactive smart alerts to avoid
potential downtime. Ability to create custom views and reports for single
pane of glass access to the data required for informed, intelligent operational
decisions and capacity management
xviii. The solution should be able to map virtual infrastructure resources such as
virtual machines, web servers, mail servers, database servers, application
servers, cache servers, messaging servers, application management servers,
and virtualization management servers
xix. The solution should have deep configuration data collection, change
tracking, and compliance assessment across virtual infrastructure with
unified reporting of configuration data and compliance assessment results
for virtual environment
xx. The Solution shall monitor all the critical operating system level services
and shall check for their status like running, not running, paused. In
addition, deviations from a defined Configuration shall be detectable and
reported
xxi. The Solution shall give User Department ability to select performance
counters and duration for which they want to view the performance data
xxii. The Solution shall have the mechanism to store the historical data for
Page 93 of 119
problem diagnosis, trend and analysis

xxiii. The Service level dashboard provided with the Solution shall have a web
based interface
xxiv. The Solution shall be able to send the reports through e-mail to predefined
user with pre-defined interval as attachment ( PDF, Excel, etc)
xxv. The Solution shall trigger automated actions based on incoming events /
alerts
xxvi. The Solution shall provide a Knowledge base to store history of useful
incident resolution
xxvii. OEM should provide direct technical support 24/7
xxviii. OEM should provide hands-on technical training for all modules of the
solution
Collaboration Software
Compliance
Sl. No Description
(Yes/No)
An application having basic functionalities for data

uploading and sharing, dynamic forms, access
privileges, Document versioning, File
versioning, metadata information listings, data
1 access privileges, user login authentications,
backend privileged administrative assess for
content updations, data visualisation through maps,
statistical analysis through charts, plots etc needs
to be incorporated.
The data should be uploaded and downloaded
irrespective of its file formats and the user while
2 uploading should have the provision to enter the
metadata information, based on which the file
should be indexed.
The data uploaded/ downloaded /shared through
the application will be of spatially referenced
resources, Satellite images, toposheets, Thermal
3
images, aerial images, statistical data etc and will
be in different file formats and the application
should support the same.
3 year Support needs to provided for software
4 development, maintenance and hosting . Hands on
Training and Documentation needs to be provided.
Application can be hosted either on-prem or in
5 Cloud instances or both as per the requirement of
NCESS.
Software will be uploading files in multiparty
resumable mode. All uploads and downloads will
6
have to be done using secure protocol https or
TLS. Custom searchable attributes can be added to
Page 94 of 119
file uploaded. The Admin screens will be accessed

through SSL Certificate (HTTPS). SSL Certificate
should be arranged by the vendor.
BLOB Store - Object Store with capability to store
7 BLOBs upto 1 Tb each in size with the option to
download the data in original format.
Metadata(ISO 19115) - Metadata is stored for
each document. Metadata may, for example,
include the date the document will be stored and
the identity of the user storing it. The DMS may
also extract metadata from the document
automatically or prompt the user to add metadata.
8 The text can be used to assist users in locating
documents by identifying probable keywords or
providing for full text search capability, or can be
used on its own. Extracted text can also be stored
as a component of metadata, stored with the
document, or separately from the document as a
source for searching document collections.
Indexing - Indexing tracks documents. Indexing
may be as simple as keeping track of unique
document identifiers; but often it takes a more
complex form, providing classification through the
documents' metadata or even through word
indexes extracted from the documents' contents.
Indexing exists mainly to support information
9
query and retrieval. Also At the time of ingestion
of spatially enabled data it should also be spatially
indexed along with other indexes and made
available for search based along with metadata and
spatial footprints too.
The index should be refreshable manually as well
as triggered on data update.
Retrieval- Retrieve the electronic documents from
the storage. Simple retrieval of individual
documents can be supported by allowing the user
to specify the unique document identifier, and
having the system use the basic index (or a non-
indexed query on its data store) to retrieve the
document. More flexible retrieval allows the user
to specify partial search terms involving the
document identifier and/or parts of the expected
10 metadata. Typically return a list of documents
which match the user's search terms. Some
systems provide the capability to specify a
Boolean expression containing multiple keywords
or example phrases expected to exist within the
documents' contents. The retrieval for this kind of
query may be supported by previously built
indexes, or may perform more time-consuming
searches through the documents' contents to return
a list of the potentially relevant documents.
Collaborations - Work faster and smarter with
11 anyone inside or outside your organization.
Securely share files and work together in real-
Page 95 of 119
time.
Versioning - Versioning is a process by which
documents are checked in or out of the document
management system, allowing users to retrieve
previous versions and to continue work from a
12
selected point. Versioning is useful for documents
that change over time and require updating, but it
may be necessary to go back to or reference a
previous copy.
File sharing - Share files with relevant team
13 members with links which are secure and
timestamped with time validity.
Any device accessibility - Accessibility from
14
Desktop, Mobile devices, tablets.
Online back-up & file recovery - Backup for files
15
with 99.99% data reliability.
File transfer - Transfer files from local to object
16 storage and back using multi-part and resumable
points securl via udp ,tcp.
Third party integration - API integration and
17
documentation.
Application integration - Integrate seamless with
18
applications to be used by the organization.
Email integration - Connect and email document
19
directly / as a link from object store.
SSL security - Secure access via https, sftp. SSL
20 Certificate should be provided by the vendor for
the whole project period.
Secure login - Access only via login integrated
21
with AD, LDAP, SSO .
Secure data storage - Data at rest encryption with
22
atleast 256 bit.
Document storage - Store documents with type
like Txt, Video, Audio, BLOB. For larger
documents like satellite imageries, videos and
23 miscellaneous content which is not practically
storable in data base should be stored as a object
storage and their corresponding links to be stored
in data base.
History tracking - Track history and versions of
24
documents.
Activity audit - Audit of all access and lifecycle of
25
document.
26 Auditing - Audit features.
API - API interface to the stored object with
27
security and audit trail.
Download Control - Access control with RBAC to
28
document.
Document management - Central console to
29
manage repository of documents.
Version history - Version history of the
30
document
Full text search - Search for document along with
31
metadata.
Page 96 of 119
File & version recovery - Recover older version of

32
the object / document.
Team folder manager - Group access management
33
for document and teams.
34 Permission management - RBAC/FGA
Password management - Password complexity and
35
rules.
Group management - Connect to ad Groups/ local
36
groups and management.
Organization-wide collaboration - Collaboration in
37
local AD / LDAP.
256-bit AES encryption security - DATA at rest
38
encryption with atleast 256 bit.
External sharing - Trackable sharing to external
39 users with time limit as well as provision of fully
public link.
OGC compliance - OGC Compliance Services
including but not limited to WMS, WFS, WCS,
OWS, WPS etc. These services should be exposed
to Geo server or any other capable map servers.
Each and every spatially enabled data should be
published to expose these services. Along with
OGC services the vendor should be able to
40
provide custom services, if needed, in future as per
NCESS requirements. The application should be
developed in such a way that user can perform free
text search as well as spatial search. Spatial search
should be available on a map as well as connected
to admin level such as state and district in an easy
to use manner.
Open Source Web Mapping Libraries - Open
source web mapping libraries like leaflet or
openlayers or equivalent should be considered for
41
front end and user interaction. This should be used
as a mainstream data searching tool harnessing
spatial index of each layer.
Auto Scale - The application should be network
optimized with high availability to concurrent
users, if needed the application should auto scale
in event of increased load. Latest technologies like
42
docker, nginx can be evaluated for possible
scalling, also the user experience should be
seamless without any hindrance due to the scaling
factor.
SEO Friendly - The application should be able to
get indexed well by SEO engines and get
43
recognized for the content it is hosting. The
content hosted should be easy searchable.
Source Code Policy - NCESS reserves the right on
source code of application and source code should
be handed over to NCESS periodically or on
44
request from NCESS along with the user and
development documentation. Application should
be hosted on a backup server in NCESS.
45 Application should be open for
Page 97 of 119
update/upgrade/additions of capabilities in future

and should be developed in such a way that its
component can be further upgraded for
improvements as per NCESS requirements. SRS
Document for the collaboration software should be
provided along with the technical bid.
Cyber Security - After satisfactory completion of
the application development & testing and after
clearance from IT Wing, NCESS, the vender has
to obtain security clearance certificate by any of
the Cert-In empanelled agencies
46 (http://www.certin.org.in/PDF/Empanel_org.pdf).
The vendor will bear expenses for obtaining cyber
security clearance. The mobile app for the same
should also be listed in Google and Apple play
store. The vendor has to bear the expenses and
to carry out necessary procedures for the same.
Thin Client
Complia
Sr. No. Description nce
(Yes/No)
Thin client should support Dual core processor with at least 1.2 GHz with 8GB
1
RAM , 64 GB Flash, Win10 embedded
2 18.5” or higher LED Monitor
3 Thin client to support HD Graphics
4 Thin Client to support Local and Network Printing
5 Thin client to support local and network scanning
6 Thin client to be able to redirect USB ports
7 Thin client to be supported by a unified device management software
8 Thin client to be able to support 1920x1200 Pixels @ true color (24bit)
9 Thin client to be energy star certified.
10 USB Keyboard with Mechanical Keys
Communication features:
Citrix® ICA
Citrix® HDX
11 Microsoft RDP
Microsoft RemoteFX (RFX)
VMware® Horizon View™ through RDP
VMware® Horizon View™ through PCoIP
12 Optical Mouse
13 Thin client to have Gigabit Ethernet port
14 Thin client must support GPU based virtual desktop
15 Wifi Support
Application Delivery Controller

1 Physical Specification
1.1 System must be VM based and must support KVM and VMware hypervisor
2 Performance
2.1 System must support 200 Mbps of L7 throughput
3 Application delivery partition/Virtual Context
3.1 System must support 32 Application delivery partition/Virtual Context
Page 98 of 119
3.2 System must support dedicated configuration file for each Virtual context
System must support resource allocation to each context including throughput, CPS,
3.3
Concurrent connection, SSL throughput
System must be able to modify the resource allocation on the fly without
3.4
restarting/rebooting any context
3.5 All the virtual context must be available from day-1
4 DDOS
4.1 System must support protection from Fragmented packets
4.2 System must support protection from IP Option
4.3 System must support protection from Land Attack
4.6 System must support protection from Ping of Death
4.7 System must support protection from TCP No Flag
4.8 System must support protection from TCP Syn Fin
4.9 System must support protection from TCP Syn Frag
4.1 System must support connection limit based on source IP
4.11 System must support connection rate limit based on source IP
4.12 System must support request rate limit based on source IP
5 Load-balancing and IPv6 Migration features
5.1 System must support Layer4-Layer7 load-balancing
System must support load-balancing algorithums including round-robin, least
5.2
connection, service least connecttion, fastest reponse, hash etc
System must support active-active and active-backup server configuration for load-
5.3
balancing
System must support reverse proxy functionality of hosting multiple http/https
5.4
service behind single IP
5.5 System must support Source-NAT for SLB traffic
5.6 System must have flexibility to config VIP as Source NAT IP
System must support X-forwarder option. The appliance should have option to
5.7
enable x-forwarder option per service to log actual client IP in web server log.
5.8 System must have ICSA certified WAF
5.9 System must support HTTP Compression and SSL offfloading
5.10 System must support Global Server load-balancing
System must support Authentication offloading from back-end servers using
5.11 SAML, Kerberos, NTLM, TDS SQL Logon, LDAP, RADIUS, Basic, OCSP
stapling, HTML Form- based
5.12 System must support graceful activation and disabling of the backend server
5.13 System must support NAT44 and NAT444
5.14 System must support NAT 64
5.15 System must Support DNS 64
5.16 System must Support NAT 46
5.17 System must Support Full NAT log in syslog format
5.18 System must support IPv4 to IPv6 and IPv6 to IPv4 SLB-PT
6 Web application Firewall
6.1 System must support cookie encryption
6.2 System must support protection from SQL injection
6.3 System must support protection from cross-site scripting
6.4 System must support protection from BOT generated requests
6.5 System must support HTTP protocol compliance check
6.6 System must support Cloaking to hide server responses/error status codes
6.7 System must support Credit Card numbers/US SSN masking
6.8 System must support PCRE based masking
6.9 System must support CSRF check and XSS check
Page 99 of 119
6.1 System must support filtering of http methods

6.11 System must support learning, passive and active mode of WAF deployment
6.12 System must support protection from buffer overflow
6.13 System must support URL blacklisting and whitelisting
6.14 System must support TCL based scripts for custom rules
7 Redundancy
7.1 System must support VRRP based redundancy
7.2 System must support active-active and active-backup configuration
7.3 System must support automatic and manual configuration sync
System must support dynamic VRRP priority by traffic interface, server, nexthop
7.4
and routes
System must support scale-out configuration upto 8 devices to support higher
7.5
throughput
7.6 System must support dedicated VRRP setting per virtual context
8 Management
8.1 System must have Web-based Graphical User Interface (GUI)
8.2 System must have Industry-standard Command Line Interface (CLI)
8.3 System must support Granular Role-based\Object-based Access Control
System must support SNMP, Syslog, email alerts, NetFlow v9 and v10 (IPFIX),
8.4
sFlow
8.5 System must support REST-style XML API (aXAPI) for all functions
System must support external authentication including LDAP, TACACS+,
8.6
RADIUS
Controller Specifications
Should provide detailed information for Provider associated the ADC devices and
9.1
its Cluster with resource utilization.
9.2 Should provide Tenant and User list.
The analytics dashboard should have time selection bar to analyse the historical
traffic stats for selected time frame. It also have pre-defined intervals set for 30
9.3
mins, 1 Hour, 6 Hours, 1 day, 3 day, 1 Week, month and up to 1 Year with custom
option.
Should provide per-app analytics with detailed traffic visibility and connection
9.4
logs.
Should provide real time tickers for throughput, connection, requests, errors and
9.5
latency for every 1 min interval.
Should have ability to extract real-time end-to-end latencies details for all
9.6 applications (VIPs) including Client RTT, Server RTT,Request Transfer time,
Response Transfer time, and Application response time.
Should provide Client Request Geo-Location details with HTTP Request Methods
9.7
and Response codes.
Should provide Client visibility including, Client Country location, Client OS,
9.8
Device type, Browser type.
Should have ability to collect connection logs for applications with various
9.9
predefined filters.
It should be possible to collect performance metrics for analytics from
9.10
identified clients to aid troubleshooting and performance improvement measures.
Should provide real-time detailed ADC Service health, client connections, load
9.11
distribution metrics, throughput, and performance statistics.
Should provide Application Response time in real time with details on Top URLs,
9.12 Domains, End-to-end App Latency and Slow Transactions with real-time client &
server connection logs.
Should provide ADC cluster health, CPU, Memory and bandwidth utilization time
9.13
serial graph.
Page 100 of 119
Should provide App Server health details graph for each server with response time
9.14
and connection time series graph.
Cooling Rack
DC in a Box
Technical
SN Component Description Compliance
(Yes/No)
Ultra smart, compact 'plug- n-play' data center
infrastructure should be easy to deploy and
Precision cooling enabled -
effectively manageable integrated IT
1 42U Integrated
Infrastructure without being restricted by
Infrastructure Solution
building systems, such as fire suppression and
cooling.
IT load capacity ranging upto 10 KVA IT load

2 Scale and Density
in 1/2 Racks configurations.
Inbuilt redundancy Compliant to Tier 2/3 guidelines, inbuilt N+N

3 compliant to Tier 3 redundancy on UPS system providing high
guidelines availability
Solution should has a DB panel mounted inside

cabinet with all internal cabling integrated into
the same. Adequate precaution and
Main Electrical Panel & compliances have been taken care for
4
Cabling sizing/ratings of cables and switchgear inside
Smart Cabinet. Customer only needs to provide
power (Mains with back up arrangements) at
Room with appropriate size of MCB.
An on line double conversion UPS (10 KVA
with 30 Min Backup Time) has been provided
Uninterrupted Power with smallest footprint in industry, PDU,
5
System offering up to 95% efficiency and 0.9 output
power factor. Solutions should be with default
N+N configuration.
It should be a Rack Based Cooling, unit which
is a self, contained Precision Cooling Unit
6 Cooling System
designed for cooling racks in 1 TR. Solutions
should be with default N+N configuration.
Copper piping with insulation tube of
elastomeric, nitrile foam between each sets of
outdoor & indoor unit as per specification.
7 Out Door Unit
Piping to be properly supported by MS clamp.
All transmission wiring between indoor to
outdoor unit is kept in PVC conduit.
Solution should uses advanced technology in
access control - Biometric reader which is
connected to access control panel. Cabinet
containment rack doors have electromagnetic
8 Access Control
lock (each door 02 nos.) to permit only
authorized persons to open the door through
finger print reader. Existing access control
systems should also be integrated.
Page 101 of 119
Intelligent Fire Security Cabinet must be with intelligent Fire detection,

9
System Alarm system.
Local Camera Surveillance need to be

10 Camera surveillance
considered.
Solution should continuously collects critical

information from network connected devices,
temperature, humidity, door sensors and other
11 Remote Monitoring
dry contact monitoring. Based on pre-set
parameters, automated alerts and messages
should sent to the intended recipients.
Best in class IT Rack with containment, High
density with 42U as standard, complete with
shelf, cable manager & blanking panels with
PDU. Rack should be 42 U 19'' mounting type
with 2000 (Height) x 800 (Width) x 1000
(Depth). Rack design is sturdy frame section,
corners are stiffened with welded MS die cast,
Frame is, scalable and modular with safe load
carrying capacity of 1000 Kg on enclosure
frame and 1000 Kg on 19'' mounting angles.
12 Racks & Containment
Rack should provide with all basic accessories
like, blanking panels, baying kit, sliding
keyboard trey, vertical cable manager as well
as horizontal cable manager, earthing copper
strip with insulators, Rack 32 amp PDU
vertical mounting with IEC type socket with 12
nos of IEC C13 Sockets & 4 nos IEC C19
Socket with 2.5 mtr power chord with 32A
MCB RAL 9005 ( rack should have two
PDU's).
1.5 Ton Inverter Split AC with Copper
Condenser for maintaining server room
temperature(Indoor Unit Level should be
13 1.5 Ton Inverter Split AC
below 25dB) along with corresponding
Voltage stabilizers and a separate timer relay
switch for automatic switching of two ACs. 2
The vendor shall ensure that the specifications
of the racks and its accessories are compatible
14
with computer hardware being populated in the
rack.
15 Support 24x7 support should be provided
General Terms and Conditions (Bidder needs to certify compliance to all

the below points)
Page 102 of 119
Technical
SN Description Compliance
(Yes/No)
1. Bidder should provide a cool off period of 3 months from the contract
ending date to transfer the data back to NCESS’s preferred data
storage location. Data back up and machine instance backup should
be in an open standard industry-based data format which should be
compatible with other VDI technologies.
2. The Cloud VMs as part of the Solution Should be offered with

dedicated / bare metal instances. NCESS should have flexibility to
increase or decrease the configuration of the cloud VM in each of the
dedicated / bare metal instance quoted.
3. The Cloud solution should support application virtualization (As per
the Annexure 1)
4. Bidders should quote upfront along the bill of materials the data
transfer in and out charges, broadband/Internet usage/over usage
charges inside the cloud VM instances , over usage of cloud VM
instances etc. for entire 3years and no recurring charges for the same
are allowed.
5. Static IPs needs to be provided to all 80 concurrent instances.
6. Bidders should include reputed (vendor agnostic) backup / replication

tools to replicate data between on premise and cloud.
1 7. The VDI instance running in Public cloud can be restored or backed

up and should be able to run in private cloud also.
8. Bidders should also include an on premise license server to

implement software licenses.
9. Bidders should include the cost for 50mbps direct p2p connectivity
between on premise and Cloud DC for 3years.
10. Warranty/Support – 3years comprehensive warranty should be

provided by the firm from the date of the satisfactory
installation/commissioning of complete end to end VDI Solution.
Bidder should also provide 4th and 5th year comprehensive AMC
pricing for the entire On-Prem solution including licenses, Cloud
subscription pricing for the entire proposed Cloud solution including
licenses and Support & Maintenance of Collaboration Software. This
will be considered in the total bid amount while considering L1, but
the amount will be released as advance for six months starting from
the 4th year. NCESS reserves the right to not enter into the AMC after
three years comprehensive warranty.
11. No recurring charges are allowed during or after the contract period
and all payments should be quoted upfront for 3 years for the entire
VDI Solution for unlimited 24*7 usages.
12. Service Manual/Circuit Diagram: It is specifically required that the
bidders will supply all the operating & service manuals and circuit
Page 103 of 119
diagrams along with the equipment.

13. NCESS reserves the right to procure additional quantity of Cloud VM
1 & 2 and also additional object & archival storage, thinclients, if
needed, during the contract period with a price validity for 3years.
The bidder should be able to provide the additional quantities as per
the quoted per unit price in the bill of material during the contract
period without any price variation.
14. Bidders should also include required numbers of 10g switches with
redundancy.
15. The trial licenses for the software as per Annexure 3 to carry out PoC
needs to be arranged by the bidder.
16. Bidder/System Integrator (SI) / Managed Service Provider (MSP)
should comply with MeitY guidelines(MSA, SLA) for procuring
cloud services for Government departments.
17. Exit Management / Transition Out Services: Provide necessary
handholding and transition support to ensure the continuity and
performance of the Services to the complete satisfaction of NCESS.
The bidder should provide Data back up and machine instance backup
from the cloud instances as per the requirement of NCESS. All data
including migrated data, incremental data, stored in storage /backup
tape libraries which are sole property of NCESS shall be handed over
to NCESS in a suitable media during the time of exit. Any copy of the
same shall not be preserved/recorded in any manner once exits. The
ownership of the data generated upon usage of the system, at any
point of time during the contract or expiry or termination of the
contract, shall rest absolutely with NCESS.
18. A provision for mandatory filling up of metadata information form
for the user needs to be provided and indexed along with data
whenever the user uploads data for optimized usage of storage space.
Usage statistics of the storage by the users shall be made dynamically
available to the administrator.
19. Acceptance test for System Performance: Upto 14 days non-stop
acceptance test has to be run on the delivered VDI solution with all
the users simultaneously running GUI applications and/or video
streaming. There should be no perceivable lag when working on the
VDI instances, even when running graphics heavy applications (such
as web browsing, video playing, MATLAB, etc.) simultaneously by
80 concurrent users. When all users simultaneously invoke any
application, such as C compiler or MATLAB program, etc. the
response time at the user end must not exceed that of a stand-alone
machine by more than 5%.
20. Training of Personnel: The supplier shall provide the technical
training to the personnel involved in the use of the equipment at the
Institute premises, immediately after completing the installation of the
equipment at the company cost.
21. Indemnity: The vendor shall indemnify, protect and save NCESS
against all claims, losses, costs, damages, expenses, action suits and
other proceeding, resulting from infringement of any law pertaining to
patent, trademarks, copyrights etc. or such other statutory
infringements in respect of all the materials supplied by him.
22. Service Facility: Bidder should mention about the service set up in
India and how capable they are to provide after sales services.
Page 104 of 119
Escalation matrix for any issues pertaining to the solution should be

provided.
23. Any update/upgrade of HCI software is to be done by OEM.
24. The solution provider shall ensure that there is no single point of
failure for the whole solution. All accessories of hardware and
software necessary to ensure this shall be included in the solution.
25. The proposed Hybrid solution should be compatible to use our
existing data center storage, if required.
26. Any other additional spares/solutions anticipated should also be
mentioned along with the quote.
27. The detailed specification of the product along with pictures/diagrams
should be provided along with the quote.
28. ADC and Firewall should be provided to both on-Prem and Cloud.
The proposed ADC or Firewall should also have the features for link
aggregation and link load balancing.
29. The Supply, Installation & Commissioning of Virtual Desktop
Infrastructure Solution should be completed within 6 months from the
date of receipt of purchase order including the period of securing
satisfactory acceptance certificate. For every week delay, a penalty at
the rate of 1% of project cost will be levied and maximum penalty
will be 10%.
Service Level Agreements & Penalties.

Service provider/supplier shall provide the Call logging & Help Desk support
on 24*7*365 basis for all devices and Cloud Services. Bidder/System
Integrator (SI) / Managed Service Provider (MSP) should comply with MeitY
guidelines(MSA,SLA) for procuring cloud services for Government
departments.
Measurement and Monitoring
a. The SLA parameters shall be monitored on quarterly basis as per the
individual SLA parameter requirements. However, if the performance of the
system/services is degraded significantly at any given point in time during
the contract and if the immediate measures are not implemented and issues
are not rectified to the complete satisfaction of NCESS or an agency
designated by them, then NCESS will have the right to take services form
another bidder and by termination of the contract.
b. The full set of service level reports should be available to NCESS on a

quarterly basis or based on the project requirements.
c. The Monitoring Tools shall play a critical role in monitoring the SLA
compliance and hence will have to be customized accordingly. The selected
bidder shall make available the Monitoring tools for measuring and
monitoring the SLAs. The bidder may deploy additional tools and develop
additional scripts (if required) for capturing the required data for SLA report
generation in automated way. The tools should generate the SLA Monitoring
report in the end of every quarter which is to be shared with NCESS on a
Quarterly basis. NCESS or its nominated agency shall have full access to the
Monitoring Tools/portal (and any other tools/solutions deployed for SLA
measurement and monitoring) to extract data (raw, intermediate as well as
reports) as required during the project. NCESS or its nominated agency will
also audit the tool and the scripts on a regular basis.
d. The measurement methodology/criteria/logic will be reviewed by NCESS.

Page 105 of 119
e.In case of default on any of the service level metric, the selected bidder
shall submit performance improvement plan along with the root cause
analysis for NCESS approval.
Periodic Reviews
a. During the contract period, it is envisaged that there could be changes to
the SLA, in terms of measurement methodology/logic/criteria, addition,
alteration or deletion of certain parameters, based on mutual consent of both
the parties, i.e. NCESS and selected bidder.
b. NCESS and MSP shall each ensure that the range of the Services under the
SLA shall not be varied, reduced or increased except by the prior written
agreement of NCESS and CSP in accordance with the Change Control
Schedule.
Penalties
Performance bank guarantee to be linked to the compliance with the SLA
metrics laid down in the agreement.
a. The payment will be linked to the compliance with the SLA metrics.
b. The penalty in percentage of the Performance bank guarantee is indicated

against each SLA parameter in the table.
Service Level Agreement Cloud (SLA)

Bidder shall provide an uptime of 99.9% for the provisioned cloud services,
which shall be calculated on quarterly basis. The Uptime is equal to total
contracted hours in a quarter less downtime. The Downtime is the time
between the non-availability of services and time of restoration of services
within the contracted hours. For Service Levels purpose a quarter will be
treated as 90 days. If the bidder fails to maintain guaranteed uptime of 99.9%
on quarterly basis, NCESS shall impose penalty. If the uptime is below 95%,
the NCESS shall have full right to terminate the contract and forfeit
Performance bank guarantee.
Uptime SLA Performance Requirement Penalty
Sl.no.
1 Baseline 99.9 % to 100 % None
uptime on a
quarterly basis
2 Lower 99-99.9% uptime 5%
performance calculated on a
quarterly basis
3 Breach Less than 99% 10%
calculated on a
quarterly basis
Note
1. The selected bidder is required to implement the requisite tools to
automatically generate reports on up-time
2. The up-time SLA will be implemented only during the maintenance
phase
3. In case of breach condition, NCESS may issue a show cause notice
seeking explanation from the implementation agency.
4. The total penalty shall not exceed 10% of the project cost.
Page 106 of 119
Timely Ticket Resolution SLA

Average Time taken to acknowledge and respond, once a ticket/incident is
logged through one of the agreed channels. This is calculated for all
tickets/incidents reported within the reporting quarter.
Sl.no. Performance Requirement Penalty
1 Baseline 95 % to 100 % of None
the tickets
responded within
60 minutes on a
quarterly basis
2 Lower 85-95% of the 5% of quarterly
performance tickets responded payment
within 60 minutes
on a quarterly
basis
3 Breach Less than 85% 10% of
calculated on a quarterly
quarterly basis payment
Note
1. The implementation agency is required to implement the requisite tools
to automatically generate reports on up-time
2. The up-time SLA will be implemented only during the maintenance
phase
3. In case of breach condition, NCESS may issue a show cause notice
seeking explanation from the implementation agency.
Exit Management / Transition-Out Services

Continuity and performance of the Services at all times including the
duration of the Agreement and post expiry of the Agreement is a critical
requirement of IT Department, NCESS. It is the prime responsibility of MSP
to ensure continuity of service at all times of the Agreement including exit
management period and in no way any facility/service shall be
affected/degraded. Responsibilities of the MSP & CSP with respect to exit
management / transition-out services include:
a. Provide a comprehensive exit management plan

b. Provide necessary handholding and transition support to ensure the
continuity and performance of the Services to the complete satisfaction of IT
Department, NCESS.
c. Ensure that all the documentation required by NCESS for smooth
transition (in addition to the documentation provided by the Cloud Service
Provider) are kept up to date and all such documentation is handed over to
NCESS during regular intervals as well as during the exit management
process.
d. Migration of the VMs, data, content and any other assets to the new
environment created by the department or any Agency (on behalf of NCESS)
on alternate cloud service provider’s offerings to enable successful
deployment and running of the applications / websites on the new
infrastructure by providing a mechanism to Department for the bulk retrieval
of large amounts of data, scripts, software, virtual machine images, and so
forth using secure appliances into and out of the CSP's cloud without
incurring high network costs, long transfer times and security concerns.
Page 107 of 119
e. The ownership of the data generated upon usage of the system, at any point
of time during the contract or expiry or termination of the contract, shall rest
absolutely with NCESS.
f. Ensure that all the documentation required by IT Department, NCESS for
smooth transition including configuration history are and all such logs are
handed over to IT Department, NCESS during the exit management process.
g. Shall not delete any data at the end of the agreement (for a maximum of
120 days beyond the expiry of the Agreement) without the express approval
of IT Department,
h. Once the exit process is completed, remove the Department’s data, content
and other assets from the cloud environment and certify that the VM, Content
and data deletion to NCESS.
i. There shall not be any additional costs associated with the Exit / Transition-
out process. The managed services cost to support the exit management /
transition should be factored in the commercial bid of the bidder.
j. Support and assist the NCESS for a period of 120days so that the NCESS is
able to successfully deploy and access the services from the new
environment.
k. The CSP shall not delete any data at the end of the agreement (for a
maximum of 120 days beyond the expiry of the Agreement) without the
express approval of the Department. Any cost for retaining the data beyond
120days shall be paid by NCESS based on the cost indicated in the
commercial quote.
l. Provide the tools for import / export of VMs & content and the MSP shall
be responsible for preparation of the Exit Management Plan and carrying out
the exit management / transition
m. The MSP shall provide NCESS or its nominated agency with a
recommended exit management plan ("Exit Management Plan") or transition
plan indicating the nature and scope of the CSP’s transitioning services. The
Exit Management Plan shall deal with the following aspects of the exit
management in relation to the Agreement as a whole or the particular service
of the Agreement:
n. Transition of Managed Services
o. Migration from the incumbent cloud service provider’s environment to the
new environment.
p. The MSP is responsible for both Transitions of the Services as well as
Migration of the VMs, Data, Content and other assets to the new
environment.
q. The format of the data transmitted from the cloud service provider to the
new environment created by NCESS or any other Agency (on behalf of the
NCESS) should leverage standard data formats (e.g., OVF…) whenever
possible to ease and enhance portability. The format will be finalized by
NCESS.
r. Transitioning from the CSP including retrieval of all data in formats
approved by NCESS
s. The MSP shall ensure that all the documentation required by NCESS for
smooth transition (in addition to the documentation provided by the Cloud
Service Provider) are kept up to date and all such documentation is handed
over to NCESS during regular intervals as well as during the exit
management process.
Page 108 of 119
t. The MSP will transfer the organizational structure developed during the
Term to support the delivery of the Exit Management Services. This will
include:
u. Document, update, and provide functional organization charts, operating
level agreements with Third-Party contractors, phone trees, contact lists, and
standard operating procedures.
v. Transfer physical and logical security processes and tools, including
cataloguing and tendering all badges and keys, documenting ownership and
access levels for all passwords, and instructing Department or its nominee in
the use and operation of security controls.
w. Some of the key activities to be carried out by MSP for knowledge
transfer will include:
x. Prepare documents to explain design and characteristics.
i. Carry out joint operations of key activities or services.
ii. Briefing sessions on process and process Documentation.
iii. Sharing the logs, etc.
iv. Briefing sessions on the managed services, the way these are deployed on
cloud and integrated.
v. Briefing sessions on the offerings (IaaS/PaaS) of the cloud service provide.
vi. Transfer know-how relating to operation and maintenance of the software

and cloud services.
Page 109 of 119
3.
Delivery Terms:
Place of Delivery: Stores, National Centre for Earth Science Studies, P.B.No.7250, Medical College
P.O., Thiruvananthapuram – 695 011, Kerala, India.
I / We understand the instructions to the tenderers and General Terms and Conditions of the
Contract governing supplies detailed in Annexure-B. I/We have thoroughly examined the
specifications of the stores referred above and my/our offer is to supply stores strictly in accordance
with and subject to the terms and conditions stipulated in Annexure-B.
Stamp and Signature of the Tenderer

Page 110 of 119
Annexure – I
Form: 1 Authorization Form
(To be submitted on the Letterhead of CSP)
To,
Sub:- CSP Authorization Form for availing Cloud services to VDI infra towards Tender Enquiry Number:
NCESS/……………………………..
Dear Sir,
I/We confirm that as on the date of this letter <<Agency Name>>, located at <<Business Address>>, has due
authorization from us to use our cloud services for the purposes of the above referenced RFP.
Yours faithfully,
M/s……………………………….
(Name of CSP)
Address:
Place:
Date:
Page 111 of 119
Form: 2 Declaration on not being blacklisted /defaulter

(To be submitted on the Letterhead of the Company)
To,
, India
Dear Sir,
We confirm that our company is not blacklisted/defaulter for any fraudulent actions by NCESS or by any
state/central Government institution or any Public Sector Organization.
It is hereby confirmed that I/We are entitled to act on behalf of our company/ corporation/firm/ organization
and empowered to sign this document as well as such other documents, which may be required in this
connection.
Signature
Name & Designation
For and on behalf of
(Name of Applicant or Bidder)
Company Seal:
Place:
Date:
Page 112 of 119
Form: 3 Declaration of Acceptance of Terms and Conditions in Tender

To,
, India
Sub.: “RFP for availing VDI infrastructure to NCESS.
Dear Sir,
I have carefully gone through the Terms & Conditions contained in the RFP document [Tender no.
…………………………………..] for availing hybrid Infrastructure to NCESS for VDI setup.
I declare that all the provisions of this RFP/Tender Document are acceptable to my company. I further certify
that I am an authorized signatory of my company and am, therefore, competent to make this declaration.
Yours faithfully,
Address:
Place:
Date:
Page 113 of 119
Form: 4 Letter of Proposal Submission

To,
, India
Dear Sir,
We, the undersigned, offer for RFP for availing Hybrid IT infra to NCESS VDI implementation in accordance with
your Request for Proposal dated [Insert Date] and our Proposal. We are hereby submitting our Proposal, which
includes
a) Financial Proposal(Price to be uploaded only in e-proc portal).
b) Technical Proposal (should also include Bill of Material {BOM})
c) Bid securing declaration is given
We hereby declare that all the information and statements made in this Proposal are true and accept that any
misinterpretation contained in it may lead to our disqualification.
If negotiations are held during the period of validity of the Proposal, we undertake to negotiate on the price bid,
specified in form 7. Our Proposal is binding upon us and subject to the modifications resulting from Contract
negotiations.
We understand you are not bound to accept any Proposal you receive.
Yours faithfully
,
Address:
Place:
Date:
Page 114 of 119
Form: 5 FORMAT FOR MANUFACTURER’S AUTHORISATION LETTER TO

To,
, India
Sub.: Authorization Letter.

Dear Sir,
We,_______________________, who are established and reputed manufacturers of____________________,

having factory at____________________, hereby authorize M/s._______________________________ (name
& address of Indian distributor /agent) to bid, negotiate and conclude the order with you for the above goods
manufactured by us.
We shall remain responsible for the tender / contract / agreement negotiated by the said
M/s. ______________________,jointly and severely.
We ensure that we would also support / facilitate the M/s ___________________________on regular basis
with technology / product updates for up-gradation / maintains / repairing / servicing of the supplied goods
manufactured by us, during the warranty period.
In case duties of the Indian agent / distributor are changed or agent / distributor is changed it shall be
obligatory on us to automatically transfer all the duties and obligations to the new Indian Agent failing which we
will ipso-facto become liable for all acts of commission or omission on the part of new Indian Agent /
distributor.
Yours faithfully,
[Name & Signature]
for and on behalf of M/s. ___________________ [Name of manufacturer]

Page 115 of 119
Form: 6 POC Report (To be submitted on the Letterhead)

Tender Ref :
POC OBJECTIVE
Ascertain whether the software used by NCESS Scientists is compatible with Proposed Cloud VDI and
test the performance.
List of Applications need to be tested (Annexure 1)
1 ArcGis 10.3 or 10.5
2 Envi 5.5
3 FEFLOW
4 MATLAB
5 GMS 10.3
7 GeoSoft 7.0
8 WPS
POC SCOPE
• Create required infrastructure on Cloud platform
• Install list of software in Cloud VM and configure the software to get the license from the on
premise licensing server
• Test the Compatibility and performance of the list of applications.
TEST REPORT
Software Compatibility on Cloud VDI VM – _____________
Software Performance on Cloud VDI VM – _____________
Proposed Cloud Service Provider - _____________
Proposed VDI Software-__________________
Proposed Application Delivery controller (ADC)-____________________________
We have successfully tested and completed the POC with proposed Cloud VDI infrastructure for all
the application.
Yours faithfully,
[Name & Signature]
For and on behalf of M/s. ___________________
Countersigned by Head, IT Wing, NCESS
1)
2)
Page 116 of 119
ANNEXURE B
INSTRUCTIONS TO THE TENDERERS AND GENERAL TERMS AND

CONDITIONS OF THE CONTRACT
1. PRICES: Tenders shall be made in ENGLISH and submitted with price for delivery at
National Centre for Earth Science Studies, Akkulam, Medical College PO,
Thiruvananthapuram-11, Kerala and in the case of Rupee bid and it shall be FCA and CIF
Trivandrum airport in the case of foreign currency bid. However, Packing & Forwarding
charges, inland freight & other related charges, freight, statutory levies etc. need to be
specifically indicated in the Quotation.
2. RIGHTS OF THE PURCHASER: The Purchaser shall be under no obligation to accept the
lowest or any other tender and shall be entitled to accept or reject any tender in part or full
without assigning any reason whatsoever.
3. VALIDITY OF OFFER: The prices quoted should be firm and quotation has to be valid for a
period of 120 days from the date of opening of tender.
4. CATALOGUE: Tenderers shall furnish Leaflet/Technical Literature of the Stores offered by

him along with the offer.
5. THE DOCUMENTS TO BE ATTACHED:
1) A list of not less than five Indian Customers who have bought the same
instrument within the last two years, with contact details, is to be furnished
along with the tender.
2) The bidders shall necessarily furnish details of Authorised Service Provider in

India. Dealers who are authorised to quote on behalf of the Principals shall
provide valid Authorised Dealership Certificate from the Principals.
6. AGENCY COMMISSION: In case the tenderer is represented for an overseas supplier in

India, he shall furnish the agency agreement / authorization certificate issued by the overseas
supplier and the offer should indicate the percentage of agency commission (on ex-works value)
included in the quoted price. The purchase order/contract will however, be placed only with the
principals concerned directly. The purchaser shall pay the amount of agency commission, which is
included in the quoted price, to the Indian Agent directly in equivalent Indian Rupee after customs
clearance and acceptance of the goods, based on a bill from the Indian Agent. The commission will
be paid at the exchange rate at which the Principals are paid.
7. INSURANCE: Transit Insurance if felt necessary, will be arranged by the purchaser directly
with his underwriters against import orders placed with the overseas principals. However, no
transit insurance is needed for the indigenous orders and stores shall be supplied under carrier’s
/supplier’s risk.
Page 117 of 119
8. MODE AND TERMS OF PAYMENT:

IMPORT ORDERS:
NET 30 days / Documents through bank / Sight Draft or Irrevocable Letter Of Credit.
However, the purchaser prefers payment on Net 30 days or Documents through Bank in the
case of imports worth below Rs.1 lakh. All bank charges outside India are to the account of
supplier.
INDIGENOUS ORDERS:
Full payment within 45 days of receipt and successful installation of stores at Purchaser’s Site.
9. WARRANTY: The supply made by the supplier shall be of best quality and workmanship
shall be in accordance with the specifications stipulated in the Purchase Order. Defects /
deficiencies shall be made good by the supplier free of cost, notified within the applicable
warranty period. Warranty shall be for a minimum period of 36 months from the date of
putting into operation of stores or 42 months from the date of delivery whichever is earlier.
10. SUBMISSION OF TENDERS: The quotation should be submitted by e-procurement in

PDF format by ‘logging on’ in the website eprocure.gov.in/eprocure/app
11. ENGINEER’S SERVICE MANUAL AND INSTRUCTION MANUAL: The Engineer’s

Service Manual including Circuit Diagram and Instruction Manual (Original Copies) of the
equipment shall be supplied along with the delivery/shipment by the supplier in the event of a
purchase order. This aspect should be clearly indicated in the offer.
12. DELIVERY/SHIPMENT:
i) The time for delivery of the stores stipulated in the purchase order shall be
deemed to be the essence of the contract and delivery must be completed
not later than the period specified therein.
ii) Failure and termination: If the contractor fails to deliver the stores or any
part thereof within the period prescribed for such delivery, the purchaser
shall be entitled at his option either;
a) to recover from the contractor as agreed liquidated damages and not by

way of penalty as mentioned in general terms and conditions or
b) to purchase elsewhere, without notice to the contractor on the account

and at the risk of the contractor, the stores not delivered or there of a
similar description (where others exactly complying with the particulars
are not in the opinion of the purchaser readily procurable, such opinion
being final) without cancelling the contract in respect of the portion of
stores not yet due for delivery.
c) to cancel the contract or a portion thereof and if so desired, to purchase

or authorize to purchase of stores not so delivered or others of\
similar description (where others exactly complying with the particulars
are not in the opinion of the purchaser readily procurable, such opinion
being final) at the risk and cost of the contractor.
13. LAW GOVERNING THE CONTRACT: The contract shall be governed by the laws of
India for the time being in force. The marking of all stores supplied must comply with the
Page 118 of 119
requirements of Indian Acts relating to Merchandise Marks and all the rules made under such
Acts.
14. JURISDICTION: The courts within the local limits of Thiruvananthapuram, the place from
the purchase order is issued, will be the jurisdiction to deal with and decide any matter arising
out of the contract subject to the clause 18 hereof.
15. INDEMNITY: The contractor shall at all, times indemnify the purchaser against all claims which
may be made in respect of stores for infringement of any right protected by patent, registration of
design or trade mark and shall take all risk of accidents or damage which may cause a failure of the
supply from whatever cause arising and the entire responsibility for the sufficiency of all the means
used by him for the fulfilment of the contract.
16. ARBITRATION: Not withstanding anything contained in clause 16 above, in the event of any
question, dispute or difference arising under these conditions or any condition contained in the
purchase order or in connection with this contract (except as to any matters the decision of which
is specially provided for by these conditions) the same may be referred to the sole arbitration of the
Director, Centre for Earth Science Studies, Thiruvananthapuram or some other person appointed by
him, there will be no objection that the arbitrator is a Govt. servant, who has to deal with matters to
which the contract relates or that in the course of his duties as a Government servant he has
expressed views on all or any of the matters in the disputes or difference. The award of the
arbitrator shall be final and binding on the parties to this contract.
Terms of this contract: -
If the arbitrator be the Director, NCESS, (i) in the event of his being transferred or vacating his
office by resignation or otherwise, it shall be lawful for his successor in the office either to
proceed with the reference himself, or to appoint another person as arbitrator to (ii) in the
event of his being unwilling or unable to act for any reason, it shall be lawful for the Director,
NCESS to appoint another person as arbitrator;
Or
If the arbitrator be a person appointed by the Director, NCESS, in the event of his dying,
neglecting or refusing to act, or resigning or being unable to act for any reason, it shall be
lawful for the Director, NCESS, to proceed with the reference himself or to appoint another
person as arbitrator in place of the outgoing arbitrator.
Subject as aforesaid, the Arbitration Act, 1940 and the rule there under and any statutory
modifications thereof for the time being in force shall be deemed to apply to the arbitration
proceeding under this clause. The arbitrator shall have the power to extend with the consent of the
purchaser and the contractor the time for making and
publishing the award. The venue of arbitration shall be the place as the purchaser in the absolute
discretion may determine.
16. EXERCISING THE RIGHTS & POWERS OF THE PURCHASER: All the rights,
discretions and power of the purchaser under the contract shall be exercisable by and all notices
on behalf of the purchaser shall be given by the Director or the Senior Manager of Centre for
Earth Science Studies and any reference to ‘the opinion of the purchasers’ in the terms and
conditions contained in this general conditions of the contract shall mean and be construed as
reference to the opinion of any of the persons mentioned in this clause.
18. EXEMPTION FROM PAYMENT OF DUTIES AND CONCESSIONAL SALES TAX:

The purchaser is eligible for availing customs duty exemption and excise duty exemption
under the relevant rules.
Page 119 of 119
19. SPARES & ACCESSORIES: offers for plant/machinery/equipment/instrument shall also

state prices or essential accessories, optional accessories and spares necessary for 5 years of
satisfactory operation of the machinery/equipment/instrument offered. Prices for
accessories and spares shall be itemised, offers where only lump sum prices are indicated are
liable to be ignored. Particular care must be taken to list out each item of spare and quantity
recommended and also individual price for these items
20. QUANTITY: The purchaser reserves the right to accept or reject lowest or any offers in
whole or in part without assigning any reason. It would therefore be in the interest of the
tenderers to clearly understand that the purchaser may accept offers for any quantity of his
choice and hence, the percentage of reduction, if any in the price quoted in case of acceptance
of tender in whole or part shall be clearly stated.
21. TRAINING: The contractor shall, in special cases, if required by the Purchaser provide
facilities for the practical training of the purchaser’s engineers and technical personnel in
respect of repair, maintenance or operation of the plant/machinery/ equipment/ instrument
offered at their manufacturing plant in India or abroad. The cost for such training (including
travelling, boarding and other related expenses) and the number of trainees and duration of
training and any other terms if any, should be indicated separately in the offer.
22. INSTALLATION & COMMISSIONING: In the event of an order, the supplier shall
arrange satisfactory installation and commissioning of the plant/machinery equipment/
instrument at purchaser’s site, free of cost.
23. SERVICE SOFTWARE/TOOLS: The service software, tools required if any for the
repair/maintenance of the plant/machinery/equipment/instrument shall be quoted separately.
………………

Ncess RFP

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ncess RFP

Uploaded by

Copyright:

Available Formats

Page 1 of 119

NATIONAL CENTRE FOR EARTH SCIENCE STUDIES

Our Ref : PUR-PROC/337/2019-PUR-NCESS Dt. 06.11.2019

Sub: e-Procurement Tender

SI. No DESCRIPTION QUANTITY

1 Supply, Installation & Commissioning of Virtual Desktop 1 No

(Detailed specification and conditions are given separately)

Deputy Manager (Purchase)

Supply, Installation & Commissioning of Virtual Desktop Infrastructure Solution in Hybrid

Section II: Pre-Qualification Criteria

Consortium /Joint Venture is not Permitted in Letter from authorized

Third party certifications of the proposed

Section III: SCOPE OF WORK

The brief scope of work is as follows.

c) Application virtualization should be part of the offered solution.

i. Auto-scaling rules and limits

Proposed Architectural Diagram

Section iv: Unpriced Bill of Materials:

8200 series (Cascade Lake-

based virtual desktops.

4th Year & 5th Year AMC

Section V: Technical Requirements

General Requirements: Cloud

Cloud service provider must ensure that all compute, storage,

traffic to a secondary physical site. The said architecture should be

Compute requirements: Cloud

Compute service should allow NCESS’s

CSP should provide ability to provision storage

Cloud provider should offer 365 days of Service

Cloud platform network should provide creation of

Cloud platform should provide firewall for

The proposed solution should run on industry standard x86 HCI

The backup solution should support Should support backup of

The Solution should provide anytime, anywhere

IT should have an ability to use centralized smart

device. Monitoring software for VDI should allow IT to

Solution should provide inbuilt SSL VPN

Distributed Object Storage

such as Local capacity, SAN, S3 based on-

Proposed Object storage should have

Object Storage must provide capability to

The solution should support minimum 200 Mbps threat protection

Intrusion Prevention System

1 Firewall should have integrated Antivirus solution

Web Content Filtering

OEM should be having the following certifications/Ratings

Functional Requirement Specification

FRS for Cloud enablement

Server Virtualization Functional Capabilities

components (such as the hypervisor) into memory regions identified as

xviii. The Virtualization software should be based on hypervisor technology

Security Capability in Cloud

for Virtual Machines delivered through cloud infrastructure

Service Provisioning Capabilities

which would provide the ability to call-out custom scripts to fix

Automation, Orchestration and Monitoring

i. The Solution should be able to create processes across multiple vendors’

An application having basic functionalities for data

Indexing exists mainly to support information

SSL security - Secure access via https, sftp. SSL

developed in such a way that user can perform free

Thin client should support Dual core processor

Flash, Win10 embedded

We,___, who are established and reputed manufacturers of,