Section 7. Technical Specifications

Section 7.
Technical Specifications
1. Introduction
It’s all about operations! The value of a cyber range can be found in its
ability to support operations and the multiple roles that operations
personnel perform at security centers, network centers, and data centers.
The best cyber ranges are designed and developed by engineering teams
with operation experience in theater operations, security operations, and
network operations.
In essence, a cyber range is a training environment used to train cyber

warriors to operate in the cyberspace domain. This document discusses
how the realism of cyber range’s simulations and elements has a major
impact on the quality of operations training.
1.1. Operational Domains

Until recently, the U.S. military classified operational domains into air, land,
sea, and space domains. The establishment of the U.S Cyber Command
added cyberspace as a domain. The U.S. military defines cyberspace as “a
global domain within the information environment consisting of the
interdependent network of information technology, infrastructures, including
the Internet, telecommunications networks, computer systems, and embedded
processors and controllers.”
Ranges are locations where people train to accomplish a mission. Golf

ranges are used to train golfers how to improve their golf game. Shooting
ranges are used by civilians and military personnel to train how to use and
aim a firearm against a target. The U.S military has multiple ranges to train
Air Force, Navy, Army, and Marine Corps personnel. Likewise, cyber ranges
reside in a facility and provide a training environment for cyber warriors
operating in the cyberspace domain. The main function of a cyber range is to
train personnel on how to defend critical infrastructure assets and launch
attacks against simulated critical infrastructure targets.
1.2. Cyberspace Domain

When discussing cyber warfare and cyberspace, the first thing that comes to
mind is the Internet. Everyone is familiar with it. It is the most popular
computer network ever devised by man and is used by billions of people.
Security vulnerabilities and attacks that can be exploited via the Internet are
reported in the news on an almost daily basis. Applications and critical
infrastructure components connected to the Internet represent the vast
majority of exploits, but, there is more to cyber warfare than just the Internet.
Cyberspace includes networks and associated elements that do not use the
TCP/IP protocol suite that is traditionally associated with the Internet.
1.3. Cyber Range Operations

Operations are performed in multiple facilities that may include Data Centers,
Network Operations Centers (NOC) and Security Operations Centers (SOC).
In recent years there has been a trend to consolidate network operations and
security operations into a Network Operations and Security Center (NOSC).
An Incident Response Team (IRT) responsible for mitigating and neutralizing
security attacks reports to a SOC. A Director of Operations manages the
NOSC and is responsible for both network and security OPS.
The similarities between a football game and a cyber range exercise are many.
Both require good defense and offense strategies. Government and military often
use the terms red team and blue team to reference offensive and defensive
operations. Red teams play the role of attack teams and blue teams play the role of
network defenders. A cyber range that does not provide realism in its simulations
does not prepare cyber warriors to succeed in the cyber space domain.
1.3.1. Operational Views
Operational managers can leverage multiple frameworks in support of their

operations. The Department of Defense Architecture Framework (DoDAF) can be
useful in the development, capturing and streamlining for all types of operations
including security and network OPS. DoDAF defines multiple views including
operational view, systems view and technical view. Operational views are
developed by enterprise architects to capture and define operational nodes,
operational activities, and operational information exchanges performed at
operations and mission centers.
1.3.1.1. Operational Nodes Connectivity Diagram
Multiple teams are responsible for NOSC operations. The teams often reside in the
same facility and under the same management but they can also be geographically
dispersed. Successful operations require that all teams understand the roles and
responsibilities of their teammates. An Operational Nodes Connectivity Diagram is
used to facilitate understanding of the different roles and responsibilities that the
teams play. An operational node represents a team. It could be the management
team, network team, security team or IRT team. The diagram connects the nodes
that communicate with each other using what is commonly reference as “need-
lines.” The need-lines are assigned identification numbers and have labels for the
type of information that they represent.
1.3.1.2. Operational Information Exchange Matrix
Information exchanges between operational nodes are captured in an Operational

Information Exchange Matrix. The matrix includes the producer and consumer of
information. Every record in the matrix includes an information identification
number, information description, information producer, information consumer, and
associated need-lines from the Operations Nodes Connectivity Diagram.
1.3.1.3. Operational Activity Model
Operational activity models are used to capture all the activities performed at the
NOSC. A typical activity model will include over a hundred activities and will be
captured using Integration Definition for Function Modeling (IDEF) charts with flow
arrows.
1.3.1.4. Organizational Relationship Chart
An Organizational Relationship Chart is a chart that illustrates the multiple roles

performed within the organization. It could include roles for network engineers,
security engineers, satellite engineers, security analysts, and operations managers.
1.3.2. Offensive Operations
Offensive operations require a cyber range with the ability to generate security
attacks using broadband networks, wireless networks and satellite networks. A
cyber range should be able to generate security attacks that target Common
Vulnerabilities and Exposures (CVE) for application layer protocols, security layer
protocols, transport layer protocols, network layer protocols, data layer protocols,
and the physical layer spectrum. The cyber range should also be able to launch or
simulate Denial of Services (DoS), Distributed DoS (DDoS) and Botnet attacks.
Botnet attacks are the most difficult to simulate and detect since they require master
to slave transactions at different time intervals.
1.3.3. Defensive Operations

Defensive operations require a cyber range with the ability to detect, isolate and
block traffic anomalies and security attacks. This requires a cyber range
infrastructure that includes security devices including firewalls, IDS, IPS and SIEM
event managers. Defensive operations are probably more important than offensive
operations since thousands of enterprises and government agencies cannot launch
cyber attacks and are only interested in protecting their networks and mitigating
cyber attacks.
2. Cyber Range Simulations
2.1. Internet and the World Wide Web

A true cyber range should be able to simulate the entire Internet and support
operations. As mentioned previously the first thing that comes to mind when
discussing cyber attacks is the Internet. The Internet is a global network that
connects billions of people using billions of computers. It is a public network
being used by individuals, businesses, countries, governments, civilians and
military organizations. It has been widely adopted by people to conduct retail
purchases and banking transactions. Businesses rely on the Internet to
provide customer and employees services. Service providers use the Internet
to manage their infrastructure and supply chains. It is the World Wide Web
that makes it easier for criminals, terrorists and spies to commit fraud; steal
financial data, intellectual property, and state secrets and target critical
infrastructure. A cyber range without a comprehensive simulation of the
Internet is at a severe disadvantage in the operations and training domain.
2.1.1. Regional and Country Traffic

A cyber range should simulate traffic for all the countries in the world. In
order to simulate multiple countries and regions, a cyber range should
emulate real IP addresses using host and network addresses assigned by
the Internet Assigned Number Authority (IANA). Using more than one IANA
network address per country will inject additional realism and problem
solving challenges for personnel being trained. A cyber range that does not
provide realism in its simulations does not prepare cyber warriors to operate
in the cyber space domain.
2.2. Critical Infrastructure Targets

A cyber range should be able to load critical infrastructure targets and generate
security attacks against them. Traffic generators should be able to import data
to rapidly configure the target traffic profiles.
2.3. Multimedia Realism

Video and audio continue to represent a large portion of Internet traffic.
Streaming traffic from YouTube and Netflix consume a very large amount of
service providers traffic. Skype, Voice over IP (VoIP) and Voice over LTE
(VoLTE) also represent a big segment of the Internet traffic mix. Emulation of
multimedia voice and audio services should be part of next generation cyber
ranges. A cyber range should include traffic generators capable of generating
real video and audio that can be seen and heard using Internet client
applications such as browsers.
3. Cyber Range User Interface

Next generation cyber range systems should leverage graphical User
Interfaces (UI) to present information to users. The best UIs should be
intuitive and easy to use.
3.1. Background InternetTraffic Map

Cyber ranges used to train military personnel should be able to group IANA IP
addresses by regions. A cyber range UI should leverage a map of the world to
represent and select source and destination background traffic. The UI
background traffic could be selected and grouped by countries, continents,
regions or military commands. The map should allow users to select countries
or regions to include in the traffic profiles that will generate the IANA IP traffic.
User interfaces that group countries by the seven continents should display a
user selectable map of the same. Government or military personnel prefer to
group countries by military commands or geographical regions. The Figure
above illustrates a typical world map that could be use to select background
Internet traffic for countries or regions.
The advantage of using geographical regions that include North America,

Central America, South America, Europe, Middle East, Africa and Asia
Pacific is that most military commands are grouped by geography. The
United States military is perceived as the predominant military power in the
world and many countries use its military command structure as a baseline
for operations. The U.S. combatant commands are organized on a
functional or geographical basis. The present commands organized by
geography include, Northern Command, Southern Command, European
Command, Central Command, Pacific Command and Africa Command.
Some of the U.S. commands organized by functions include the Cyber
Command and Space Command. A flexible cyber range should include
default options for grouping countries into geographical regions or the U.S.
combatant commands. It should provide users with the flexibility to group
countries into their own command structure.
3.2. Critical Infrastructure UI

Cyber ranges should be able to allow users to select multiple targets
representing critical infrastructure. Targets should be grouped by their
industry classification. Industry groups should include financial, utilities,
electrical grid, ecommerce, transportation, refineries and petrochemicals,
food supply, and other critical infrastructure segments.
A critical infrastructure user interface should at the minimum include a drop

down menu that allows users to select one or multiple targets within the critical
infrastructure segment. A cyber range should be able to import target data and
simulation data to make it easier on users to simulate background and target
traffic of their choice.
4. Cyber Range Infrastructure

A cyber range environment consists of multiple infrastructure elements that
enable operations training. The first element is the traffic generator. Other
elements include event management systems, security systems, network
systems, and virtual systems, Industrial Control Systems (ICS), GNSS and
Learning Management Systems (LMS).
4.1 Traffic Generator
Cyber range need traffic generators for multiple functions. They are needed to
emulate realistic IP addresses for all the countries in the world using the pre-
defined IP blocks managed by the Internet Assigned Number Authority (IANA).
A traffic generator needs to be able to generate traffic for hundreds of IANA
country codes. Traffic generators also need to simulate thousands of server
and client computers with their respective application, security, transport and
network protocols. The ability to generate security attacks is essential to any
cyber range environment and has to be supported by the traffic generator.
4.1.1. Apps & Services Requirements

In order to simulate the entire Internet, the cyber range traffic generator needs
to generate Layers 2-7 protocols. Layer 2 protocols include the Ethernet
protocol specification. Layer 3 protocols include the IPv4 and IPv6 protocols.
In the United States, IPv4 is the most common network protocol while IPv6 is
widely used in Asia Pacific and European countries. A cyber range traffic
generator needs to simulate transport protocols including the connectionless
UDP and connection-oriented TCP protocols. In addition, a cyber range
requires the ability to generate enterprise traffic. As more than 80% traffic is
now secure hence it is imperative to have SSL/TLS and HTTPS
capability.
4.1.1.1. Social & Internet Apps
Cyber range traffic generators need to be able to generate realistic Internet

traffic. It is a phenomenon now that Video and Audio content account for most
of the Internet traffic with Netflix and YouTube making the bulk of video
streaming traffic. It is very important that a traffic generator can render real
video and audio streams from the traffic generator server ports. The ability to
simulate Netflix, Hulu, YouTube and similar traffic is a must for a cyber range
traffic generator.
The cyber range traffic generator should be able to generate traffic simulating
the most popular Internet social Apps. Web site traffic rankings for any country
show that social Apps like twitter and Facebook are always ranked in the top
five. A cyber range traffic generator should also simulate search engine traffic
for Google, Yahoo, and Bing in addition to web mail and chat services like
Gmail, Yahoo Mail, Hotmail and Yahoo Messenger. The traffic generator
should also simulate entertainment Apps and games.
4.1.1.2. Mobile Apps
Mobile Apps continue to grow, accounting for a big chunk of the Internet
traffic. A cyber range traffic generator should be able to simulate hundreds
of mobile Apps for the most popular mobile devices. The traffic generator
should generate Android and iOS client to server transactions for multiple
user agents and App IDs. The engine should also simulate VoIP, and
OTP apps communication traffic.
4.1.1.3. Enterprise Services
A cyber range traffic generator should be able to simulate the enterprise

services that an IT organization provides to their user base. These services
range from email services based on the IMAP, POP and SMTP protocols to
database services for MySQL and Oracle databases. Enterprise services
include voice services based on the SIP protocol and should be included as a
requirement for cyber range traffic generators.
4.1.2. Security Requirements

Cyber ranges need to be able to generate security attacks against critical
infrastructure targets. Attacks should exploit client and server computers,
network devices, security devices, ICS and SCADA controllers, and satellite
systems. Security attacks should target all protocol layers.
4.1.2.1. Common Vulnerabilities and Exposures
A cyber range exploit database should follow the industry Common

Vulnerabilities and Exposures (CVE) classification. Every year,
thousands of security exploits are detected. It is imperative that a traffic
generator is able to support thousands of CVE exploits in its database and
that the database is updated periodically.
4.1.2.2. Denial of Services
A cyber range should be able to generate stand-alone and Distributed Denial of

Services (DDoS) attacks. DDoS attacks should target the network layer,
transport layer and application layer protocols.
4.1.2.3. BOTNETS
A cyber range should be able to simulate the master and slave

transactions behavior of BOTNET programs. It should mimic BOTNET
master operations for scanning client and server targets, exploiting the
targets and communicating periodically with the exploited slave.
4.2 Security Systems
A cyber range environment requires security devices in order for trainees to be

able to detect, isolate and block security attacks and exploits. Perimeter
firewalls are used in the perimeter between the Internet and an enterprise
network. The firewall protects internal enterprise traffic from exploits by filtering
inbound and outbound traffic. Application level firewalls that can perform deep
packet inspection and detect social network protocols such as Facebook,
twitter, and LinkedIn should also be part of the security systems.
Intrusion Prevention Systems (IPS) should be included in the cyber range.

They should be used to detect known and unknown security attacks. Known
security attacks are attacks that have already been classified as Common
Vulnerabilities and Exposures (CVEs). There are two types of IPS systems;
behavior-based and signature-based. Signature-based IPS are only good
against previously known CVEs while behavior-based are effective against
certain types of Zero-Day attacks.
In order to avoid a single point of failure, Next Generation (NG) Firewalls used
in a cyber range environment should not be configured to perform all security
functions in one appliance. Multiple layers of protection or defense-in-depth is
still the best risk mitigation architecture to protect enclaves and enterprises. A
cyber range needs to be able to detect BOTNET security attacks. BOTNETS
are programs or malware that exploit servers and other network devices.
4.3 Event Management Systems
A Security Information & Events Manager (SIEM) application is essential in a

cyber range environment. SIEMs are used to display the data collected by
network and security systems. SIEMs generate events or alarms that are used
to visualize and prioritize the workload of network engineers, security
engineers and analysts. Without a SIEM, operations personnel are flying blind.
Cyber range operators have multiple choices when selecting SIEMs

applications. Next generation SIEM applications have opened their
Application Program Interface (API) allowing developers and Network
Equipment Manufacturers (NEM) to write their own SIEM apps.
4.4 Network Systems
A cyber range requires network devices to route Internet traffic from client
computers to server computers. Network devices are also needed in order for
trainees to be able to switch and route network traffic, isolate network links
and block devices using Access Control Lists (ACL) s. ideally a cyber range
should include Layer-2 & Layer-3 switches and routers. Network devices
should support both IPv4 and IPv6 network protocols in addition to the most
popular routing protocols. OSPF, BGP, IGMP and multicast protocols should
be supported.
4.5 Virtual Infrastructure
Virtualization of data centers components offers many advantages. Virtual

components such as servers, network devices and security devices enable
Incident Response Teams (IRT) to accelerate the response time for mitigating
security attacks. In a virtual world you can stop a compromised Virtual
Machine (VM) and instantiate a good VM in a matter of minutes. The
compromised VM can easily be cloned for forensics analysis. Virtualization
requirements for cyber ranges include being able to virtualize traffic
generators, test and measurement tools as well as network and security
devices.
4.6 Learning Management System
Learning Management Systems (LMS) are often bundled with cyber ranges to
help deliver training lectures and operational exercises.
4.7 Automation/Orchestration
Automation is required to stitch all the components in cyber range mentioned above
as per the respective use cases. This will make it easier for the ranger or user to
run the use cases automatically and results would be populated accordingly.
Orchestration would support in stitching the services and topology of the
components. It will give a single view to test the use cases and generate its results.
5. Physical Lab Components
 NGFW
o Provides control and monitoring of incoming and outgoing network traffic based
on a defined set of rules (e.g. access control, advanced threat and breach
detection etc.) for both virtual and physical infrastructure.
 Physical L3 – switch
o 10G Ethernet switch for connecting to physical firewall and server and for
management.
 Physical Servers
o Physical servers with hypervisor nodes.
 Workstations
o For controlling and managing infrastructure for Red team and Blue team.
 LEDs
o Screens for monitoring the physical & virtual infrastructure.
 Physical Network Tap: Ethernet and Fiber both.
6. Virtual Lab Components
 Open Source Firewall IDS/IPS/DDoS protection.

o Provides control and monitoring of incoming and outgoing network traffic based
detection etc.) for both virtual and physical infrastructure
 Packet capturing.
o Open source, large scale, full packet capturing, indexing, and database system.
 IDS
o NIDS: Powerful network analysis framework that is much different from the
typical IDS you may know.
o HIDS: Detection of intrusion at host level.
 Load balancer
o High performance Layer-4 load balancer based on open source, large scale, full
packet capturing, indexing, and database system DPDK.
 Monitoring
o Web-based Traffic and Security Network Traffic Monitoring.
DDoS analyzer
o Very fast DDoS analyzer with sflow/NetFlow/mirror support.

 Network flow Monitoring
o Network flow Monitoring (Netflow, sFlow and IPFIX) with the Elastic Stack.
 SIEM: Security Incident and Event Monitoring
 SOC: Security Operations Centre
7. Functional Requirements of Cyber Range

The proposed Cyber Range would work as a service-based organization. It has to organize
standardized cyber defense skills development through cyber security exercises on a regular
basis as well as on special request. It has to ensure basic and advance level cyber security
skills development capabilities during its whole lifecycle. The proposed Cyber Range has to be
a platform to learn cyber security on real world scenarios. Think of a flight simulator where pilots
learn how to handle complex systems in different flight situations. The Cyber Range will be a
similar environment for cyber security staff. Cyber Range will be a sandpit environment that will
simulate the network and applications of a typical enterprise. But the solutions will not just focus
on technology; it will look into the people, skills, processes, and data and obviously at all things
that are connected to the internet. The proposed Cyber Range Services at MIST will be built
upon with the following characteristics:
 It would be operations-driven and able to bring together people, process, and

technology in responding to threat scenarios
 It would leverage threat focused, visibility driven, and platform based security tools
 It would be capable of simulating various attack scenarios including the latest attack and
threat scenarios
 It would use a virtual environment that can be accessed remotely from any place in the
world
The deployed solution should ensure attack zone and defense zone which will be separated
through an internet border gateway so that cyber-attack simulation can be done from an
external environment and not from within the organization. The solution is meant to test real life
cyber war exercises and accordingly identify and define incident response practices, thereby,
the proposal should include necessary subscription services to update the simulation
environment with threat intelligence once every year for a minimum of 3 years. After the
warranty period the approximate yearly licensing fee for each solution to be clearly mentioned in
BOQ. If MIST does not renew the yearly subscription, existing system would continue without
the updates as it is an educational institute. A special discount for yearly renewal fee may be
considered and proposed after the expiry of warranty period.
The solution should preferably be a proven and validated solution by OEM. The System
Integrator (SI) will be responsible for implementing the simulation environment and then
engaged for up to 3 years with effect from the date of issuance of Final Acceptance Certificate
(FAC) by MIST for updating installed equipment with appropriate threat intelligence updates.
The SI is responsible for providing latest attack and threat scenarios at least once every year.
The SI will also ensure a handover workshop and training detailing the installed simulation
environment and attack defense scenarios, which can be simulated in the environment.
8. Objectives of the Cyber Range Solution
The objectives of the Cyber Range will be the following:
a) Simulate Various Attack Scenarios; To be used as a simulator of large-scale virtual

networks and attacks based on previous real-world incidents.
b) Provide Cyber Warrior Training; to be used as a scaled model of the real world with
standardized curriculum for the real-world exercises needed to build skills and hone
cyber warrior instincts. Using self-paced training and hands-on cyber range exercises,
personnel can be transformed into cyber warriors. Provide a training ground to exercise
the operational scenarios to understand and defend cyber attacks.
c) Serve as a Validation Tool; to be used as a validation tool where organizations can

evaluate their security infrastructure and find out the exact equipment’s that fit their
cyber security needs.
d) Test Application Performance; to be used as a tool to test application performance

over the network.
e) Asses Skills and Knowledge; to be used for assessment team’s skills and knowledge
in defending cyber attacks.
f) Cyber War Games; to be used as a platform for red, blue and white teams to test their
offensive and defensive skills and strategies.
g) The objective design should fulfill both the requirements of attack-based simulation of
various situations for students/ financial sector professionals and war game training for
military.
h) SOC and SIEM Operations: First hand working experience on incident response using
SIEM and SOC.
9. Other Goals of the Cyber Range Solution
The goals of this solution are the following:
a) Standardize – A comprehensive test solution and test plan with appropriate test cases,
which test and verify key aspects of a Cyber Range
b) Efficiency and Repeatability – A solution which provides timely testing with minimal
engineering time on a per incident basis
c) Valuable Reporting and Analysis – A solution which enables a customer to quickly
gauge performance, quantify results, and actionable information
10. Training:
 Specify training type.

 Foreign: Vendor to specify the County and duration of foreign training. Minimum two
people from MIST will attend the foreign training. w
 Local: Provide details and state your capability for conducting online/remote training
sessions.
11. Teams (The Cyber must cater to the following team composition)
SL. #. Product Description of requirements

Names/Items
1 Red Team Red team will consist of 10 members, who will be generating the
attack and try to penetrate into the network. They will try to cause
maximum damage.
2 Blue team Blue team will harden the security rules and security policies and try
to avoid the attacks. They will have security and network experts.
The team will consist of 10 team members.
3 White Team Monitoring Team will consist of 06 people. They will keep watching
the network/attacks, logs, etc
12. General Technical Requirements

The Cyber Range should be established by implementing the following Tasks:
Task - 1: Detail design of the implementation of the Cyber Range
Task - 2: Training Designing and Development of Training and Operation Manuals
Task - 3: Delivery of Hardware and Software Platforms
Task - 4: Cyber Range Installation, Configuration and Integration Services
Task - 5: Custom Training on Creation of Test Cases
Task - 6: Advanced Cyber Range Essentials Training
Task - 7: On premises support
Task - 8: Remote Support
Task - 9: Updates and Maintenance of Software Components
Task - 10: Warranty for Three Years from the date of completion of Cyber Range
Integration
13. Team Structure/Composition

To implement the Cyber Range following professionals will be required. CVs of the proposed
professional must be provided with the bid.
I. Team leader
II. Training Platform expert
III. IT infrastructure specialist
IV. Cybersecurity Security Expert
14. Cyber Range Capabilities (The bidder must comply 100% with the requirements
stipulated hereinafter)
Infrastructure Attack Visibility and Control
 Wired, Wireless and  Day 0 Attack/New  Global Threat

Remote Access Threats Intelligence (Cloud)
 Network and Routing  DDoS
 Client Simulator  Network  Firewall and IDS/IPS
 Server Simulator Reconnaissance  Signature based
 detection
 Application Simulator Application Attacks
  Behavior based
 Traffic Data Loss
detection
Generation(Applicati  Computer Malware
 Data Loss prevention
on and Network  Mobile Device
traffic) Malware  Web and Mail Security
 TAP and Aggregator  Wireless Attacks  Application visibility
 and Control
Network packet  Evasion techniques
broker  Wireless Security
 Botnet Simulation
 Switch  Identity and Access
 Open Source attack
 Router management
Tools
  Event Correlation
Firewall  Virtual Network
 Next Generation Attacks  Packet capture and
Firewall Analysis
 IDS/IPS  Virtual Network
Security
 Cache
 Network Group
 Transparent and
Security
Explicit Proxy
 Software Defined
 Load Balancer
Network
 Incident Response and
Malware analysis
 Anti DDoS System
 Full device installation and configurations inside Cyber Range environment, including:
a. Next Generation Firewall
 Provides control and monitoring of incoming and outgoing network traffic based
detection etc.) for both virtual and physical infrastructure
b. IPS (Intrusion Prevention System)
 Provides application visibility and control, threat protection, real-time contextual
awareness, intelligent security automation with optional subscription licenses of
Advanced Malware Protection (AMP) for both virtual and physical infrastructure
c. Network Net Flow and Behaviour Security
 Detect anomalous traffic and behaviours, including zero-day malware, distributed
denial-of-service (DDoS) attacks, insider threats, and advanced persistent
threats (APTs) on both virtual and physical infrastructure
d. Web Security
 Provide proxy service that combines traditional URL filtering with dynamic
content analysis in real time to mitigate compliance, liability, and productivity risk
for corporate users and applications.
e. Email Security
 Provides preventive and reactive measures of various viruses, spam,
ransomware, phishing (fraud), spoofing, data leakage and advanced malware
attack to strengthen email security.
f. Network Access Control and Policy
 Allow to see and control users and devices connecting to the corporate network.
It does all this from a central location.
g. Threat Generator
 Simulating real-world legitimate traffic, distributed denial of service (DDoS),
exploits, malware, and intrusions
h. SIEM and Data Analytics System
 Provides a single pane of glass interface into correlated security data.
i. SOC (Security Operations Centre)
Once the Cyber Range is established, it should be capable enough to train personnel from
private and public organizations like:
• Financial Sectors
• Enterprises
• Universities and Polytechnics
• Science and Technology Research Institutions
 With the increase of internet facing corporate networks, risk exposure to state-
sponsored and threat actors are often inevitable.
Established Cyber Range should be capable of providing Training to specialized teams:
- Information Technician (IT)

- Network Operations Center (NOC)
- Security Operations Center (SOC)
- DevOps -SecOps -DevSecOps –Cyber Incident Response Team (CIRT)
- Forensic
- Computer Emergency Response Team (CERT)
- All levels -Beginner -Intermediate –Professional
15. Capable to Project Scenarios as follows:
15.1 Single Vector
Type 01–Denial of Service (DoS)
Type 02–Distributed Denial of Service (DDoS)
Type 03–Network Reconnaissance
Type 04–Application Reconnaissance
Type 05–Data Leakage
Type 06–Server Side Vulnerabilities and Exploits
Type 07 –Web Application Exploits
Type 08–Web Shells Type
Type 09–Client Side Vulnerabilities and Exploits
Type 10–Web Exploit Kits
Type 11–Malicious Domains
Type 12–Spams
Type 13–Malicious Websites
Type 14–Phishing Websites
Type 15–Newly Emerging and Known Malware

Type 16–Malicious SPAM
Type 17–Botnet Communications
15.2. Multi Vector – Parallel Mode
In a Hybrid Cyber Range, Cyber Test Systems should be able to generate advanced type of
cyber attack scenarios. Multi Vectors Attack is the combination of multiple types of Single
Vectors.
15.3. Campaign Mode
 Reproduce the behavior of cyber attack media campaign like APT (Advanced Persistent
Threat) including Malicious Domains, Malicious Websites, Botnet Communications and Web
Exploit Kits. Identifying who introduced malware into your system. The aim is to place teams
into the exact environment as during the original campaign.
 An advanced persistent threat is a set of stealthy and continuous computer hacking

processes, often orchestrated by a person or persons targeting a specific entity. An APT
usually targets either private organizations, states or both for business or political motives.
APT processes require a high degree of covertness over a long period of time.
16. Work plan and Design of the Cyber Range
The implementation part of assignment mentioned in this invitation for bids must be completed
within 6 calendar months from the date of signing the contract, and implementation timeline is
180 Calendar days from the date of signing of contract. (Implementation time should be reduced
preferably to six months).
Detailed technical designs and relevant documentation must be provided including physical,
logical and service oriented layout designs, test case designs, etc.
Roles and responsibilities of all stakeholders regarding the activities and services must be
provided in details with clear separation of duties.
16.1. Implementation Schedule
SL. # Task Description Duration (T +No. of Days)

1 Signing of Contract T = Date of Contract Signing
2 Detail design of the implementation of the T1 = T + 60
Cyber Range
3 Deliver of Hardware and Software Platforms T1
4 Training Designing and Development of T1
Training and Operation Manuals
4 Cyber Range Installation, Configuration and T2= T1 + 15
Integration Services
5 Custom Training on Creation of Test Cases T3= T2 + 15
6 Go Live T3
7 Advanced Cyber Range Essentials Training T4 =T3 + 30
8 On Premises Support T5= T4 + 60
9 Remote Support and Local Support (Level I T6 = T5 + 180
and Level II support)
10 Updates and Maintenance of Software and Three (3) years from the date of
Hardware Components go-live of the cyber range
11 Warranty Three (3) for Years from the date
of go-live of the Cyber Range.
17. Detailed Technical Specifications
Note: Specify if applicable, if any/each of the following software or tools is open source or
proprietary.
Specify the quantity or for which team a specific tool might be provided (Bidder must provide
BOQ for each material).
Item No. 1: L4-L7 Traffic and attack generator (Application and Security Testing
Appliances) (Qty – 1 Set)
SL. Specifications Compliance QTY
1 Brand: To be mentioned by Bidder
Model: To be mentioned by Bidder
Country of Origin: To be mentioned by Bidder
Country of Manufacturer: To be mentioned by

Bidder
The appliance should support minimum 8x1G 1

Interface. The appliance must have future
scalability option to support 10G/40G/100G
operations by changing the NIC card.
2 Flexi Configuration option:-
Able to configure the unit to generate the user

defined traffic for ex. Mix Application Traffic ,
Service Provider scenario etc.
Ability to import PCAP or modify existing scenario

description to creating new user desired traffic
Ability to define and use variables in imported

traffic or in client emulated traffic
Ability to import and use millions of real user data

when emulating traffic
Applications protocols database and auto

3
update support:-
 Should have 12000+ real Applications
scenarios with 850+ discreet protocols, with
more than 40% mobile device (iOS,
Android) traffic types included and also for
Window OS.
 New Real Applications scenarios should be
published on regular basis and database
should be upgraded till the Cloud
subscriptions validity
4 Published Vulnerability support:-
Has 3300+ published vulnerability attack database

including IPV4 and IPv6 raw/stateless/Stateful
attacks
Verify security effectiveness with real

attacks and exploits
Supports negative testing and security assessment

with signature-based vulnerabilities
5 Replay Capability :-
Able to replay the Stateful traffic from trace file

(PCAP format) at 1gbps line rate.
Able to replay traffic following its original sequence
from a PCAP file size up to 10GB size.
6 Replay Method:-
Stateless and Stateful Traffic generation
7 DDoS Testing:-
Support one arm and two arm DDoS Attack

Emulation
Support DDoS attack vectors across volumetric

based vectors (UDP flood, ICMP flood, etc),
protocol based vectors (SYN flood, etc).
Should support DDoS with ATTACK only mode

and legitimate clients Application Traffic and DDoS
Traffic Together
Should support Line-rate DDoS Attack (at multi-1G
speeds) simulations
Support mixing DDoS traffic and Legitimate traffic,

with identification on DDoS blocking rate and
legitimate traffic pass rate.
8 Number of concurrent connections:-
 Should support > 5 Million HTTP open

Concurrent Transactions per Chassis
 Should support > 200K HTTP 1.0 Transactions
Per second per chassis
 Should support > 150K HTTP 1.1 Transactions
Per second per chassis
 SSL and TLS session initiation to be supported
9 TCP Stack Realism:-
Full TCP stack implementation including accurate

retransmissions and window size control
Support multiple TCP congestion control algorithm:

Reno, SACK, Vegas.
Support network realistic emulation, including

packet latency setting, packet loss/drop setting,
and speed control setting.
10 General Features:-
Should support user friendly GUI so that user can

access the testing solution from any machine with
their own account
Support organizing test cases with test projects
Support scheduling multiple tests in sequence with

the same test port resources.
Solution should support Realism to simulate Real

field scenarios
11 Easy-to-use drag-and-drop GUI to setup tests:-

 Easily configure complex multi-stage attacks &
malware infected host behaviour with complex
fuzzing.
 Re-usable test elements can be drag-n-drop to
quickly assemble new tests in minutes.
 Stable HTML5-based GUI supports multiple
browsers
 Run methodology-based tests from a browser
on any device
 Online Test Cloud delivers latest apps, attacks
and malware
 Download the latest profiles and configurations
to import to another system
12 Multi Protocols Support:-
Should be able to generate Layer 4 - Layer 7 traffic

on the same chassis and should be able to run
Multi-Protocols on single port at the same time
13 Type of simulation:-
I. Client & Server Mode

ii. Only Client Mode
iii. Packet Capture replay.
14 IP Version:-
Both IPV4 and IPV6 or a mix of IPV4 or IPV6 traffic

support
15 Transport protocol Support :-
TCP
UDP
SSLv2
SSLv3
TLSv1
TLSv1.2
TLS 1.3
QUIC
16 Data Protocol :-
HTTP 1.0 , 1.1, HTTP 2.0
HTTPS
17 Traffic Generation
Should have the facility to create integrated traffic

streams from multiple sources along with the
proprietary replay traffic(from trace file).(Traffic
generation, traffic replay)
18 Graphic Display
i. Should have integrated GUI to view and

configure actions.
ii. Display of received and transmitted traffic
statistics
19 Report Generation :-
Should be able to generate standard and user

configurable reports and graphical representations
Support exporting test reports for archive and

backup
20 NetSecOpen Standard support:-
Test Equipment should support Network Security

Industry Group i.e. NetSecOpen Standard for
Application Testing.
These standards will provide guidelines and best
practices for testing modern network security
infrastructure.
It should support Approximately 1000 FQDNs

including CDN, sub apps, trackers, etc. Some
Application slices have 100+ unique connections.
The traffic mix has been painstakingly constructed

using tool to recreate the real-world content from
over 10,000 URLs.
This represents approximately 1,000 fully-qualified

domain names (FQDNs) and 400 unique
certificates for the HTTPS traffic.
21 Malicious traffic generation:-
 Should support 30000+ latest malware

scenarios with online access to Test Cloud
database. Malware types cross Trojan, viruses,
worms, key logger, spyware, etc.
 Malware Database should be updated on
regular basis
22 Malware Category:-
Primary Malware Categories :-

>Worms
>Virus
>Trojan
>Spyware
>Root Kits
>File Infector
>Adware
>Bots
>Backdoors
> Zero-day malware
> Command and Control Malware Emulation
23 Fuzzing:
Appliance H/W should be capable enough to have

upgrade in future with the following features, if
required:
Easily configure complex multi-stage attacks &

malware infected host behaviour with complex
fuzzing.
1. Solution should uncover unknown vulnerabilities
by sending malformed packets to DUT/SUT
2. Should support both end point and pass through
mode
3. Should support the following protocols: -
IPv4, IPv6, TCPv4, TCPv6, UDPv4, UDPv6, ARP,
ICMPv4, ICMPv6, HTTP, HTTP2, FTP, TLS 1.2,
SIP, RTP
Item No. 2: Automation tool (Qty-1 Set)
Sl.N Technical Specifications Compliance QTY

o
1 Should work as vendor-agnostics solution. Global

instantaneous access to lab resources
2 Lab automation solution should support Actionable

utilization information and dashboards
3 Lab automation solution should support Physical, virtual

and hybrid test beds with automated stand-ups
4 Lab automation solution should be Built-in automated

workflows
5 Lab automation solution should support Fully

automatable and extensible with REST API. integrates
tightly with Dev Ops tool chains via its REST API
6 Lab automation solution should provide resource,

topology, workflow and information management, all in a
globally accessible, browser-based user interface
7 Lab automation solution should have Detailed, always k

up-to-date resource utilization
data provided via reports and dashboards empowers
effective decision making
8 Lab automation solution should Maximize resource

utilization and eliminate stranded resources
9 Lab automation solution should have over 15 Built-in

Workflows for Lab Management and Continuous Test
10 Lab automation solution should Support automation

languages including Python, Bash and many others
11 Lab automation solution should reveal insights into
resource availability, utilization, and conflicts
12 Real-time analytics regarding test processes and

effectiveness
13 Technical and executive dashboards for trending

analysis
14 Lab automation solution should Rapidly find/reserve any

resource or topology that meets user’s requirements.
Automatically power on and off based on known usage
patterns
15 Lab automation portal Makes topologies portable,

reusable, scalable and maintainable
16 switch should support Copper & Optic interface
17 switch should support 1G, port capacity
18 switch should have minimum 48 X 1G ports switching

capacity in one module
19 switch should have latency less than 50 ns
20 Test automation solution should be able to do Test Case

Abstraction for Reusability
21 Test automation should integrates directly into DevOps

tool chains thus providing the speed necessary for
continuous testing to succeed
22 Administrative Roll-Back Policy Enforcement
23 Test automation should operate just as efficiently on

physical devices as well as virtual network functions
(VNF) and combinations of physical and virtual (Hybrid)
24 Test automation should interactively control the most

commonly used devices, software APIs, physical or
virtual environments, traffic generators, test tools, and
GUI and web browser automation software
25 Test automation solution should be integrated with Robot

framework
26 Test engineers and/or automation engineers create
automation following their natural workflow by capturing
every action during a manual test and replaying the
captured steps within automated tests
27 Test automation solution should be able to generate

Python test case
28 Lab automation solution should Guarantees repeatable,

predictable test bed stand ups by eliminating human
errors
29 Automation solution should support callable libraries/

procedures/ quick calls
30 Test reports consolidate all disparate responses, such as

devices under test and traffic generators, into a single
unified test report
31 Test automation solution should be able to resolve

parameters to use the same test case for multiple test
beds
32 Test automation should support TCL
33 Test automation should support 30 different session

types
34 Test automation should support SSH, telnet, Web, GUI,

based automation on single framework
35 Test automation should be integrated with Chat,

Database, Mail
36 Should support Automated Data Abstraction with

Response Maps
37 Should support Single Test Reports Unifying All

Responses
38 Should Empower DevOps Continuous Test
39 Supports Automated Data Extraction
40 Should Support at-least 10nos. of users
41 Tool should support 10 test scenario execution in parallel

42 Tool should be capable of scheduling the test scenario
activities
43 In case 10 test scenario execution is in parallel, other

users can schedule further test scenarios. The same
should execute as per the schedule defined by the other
users, after the initial 10 test scenarios are executed.
Item No. 3. Packet Capture and Replay Tool / hardware (Qty - 1)
SL. Technical Specifications Compliance QTY
1 Brand: To be mentioned by bidder
Model: To be mentioned by bidder
Country of Manufacturer: To be mentioned by bidder
Ports
a. Device should have at least 2x 1 G ports
2 Interface
a. 1 G Interface
3 Time Stamp resolution
a. 1nS or better
4 Storage Size
a. Greater than 8 TB
Should Support Filtering, Packet Slicing, PTP/1PPS

5 Sync.
Hardware Configuration: Should support Spec.
6 mentioned below or Higher:
CPU: 1 x Intel® Xeon® E-2124
Network Port: 10/100/1000Base -T ×2
OS: Ubuntu 16.04
System Config: Integrated Unit (Control＆Storage

unit)(2U)
Operating Environment(Temperature/Humidity): 10-

35℃/8%-85% （Without dew condensation）
Power Supply: AC: 350W X 2 (minimum)
Item No. 4: Network TAP (Qty - 4)
Sl.No Technical Specifications Compliance QTY
Brand: To be mentioned by bidder

bidder
1 Interface:
1G
2 Ports
1G Ethernet
Item No. 5: Network Packet Broker (Qty – 1)


bidder
Aggregate network traffic to a single or multiple

1 tools (1:1, 1:N, N:1, N:N)
2 Supports 1G network speeds
3 OpenFlow/SDN enabled
4 IPv4/IPv6 and UDF Filter support
32+ fully supported ports - no additional per-port

5 license fees
7 Supports jumbo frames
Hot swappable, dual power supplies AC standard,

8 DC available
9 Session/flow aware load balancing
10 1k filters
11 Session/flow aware load balancing
12 Configurable hash-based load balancing
13 Flow replication and port mirroring
14 Data burst buffering
15 Management through GUI, and SNMP
16 User defined filters for Layer 2, 3, and 4
IPv4/IPv6, MAC, L4Port, VLAN, Ether type, IP

17 protocol
18 Supports GRE Tunnelling & termination
19 Supports VLAN stripping, QinQ support
20 Full line rate filtering

21 Packet modification
Item No. 6: Router/Switch with routing capability (Qty-3)
Bidder’s
Description Required Technical Specification
Response
Quality
ISO, FCC, UL, CE or To be mentioned by the bidder
Certification
Brand To be mentioned by the bidder
Model To be mentioned by the bidder
Qty Three (03)
Country of Origin To be mentioned by Bidder
Country of
Assemble / To be mentioned by the bidder
Manufacture
Enclosure Type Rack-mountable
The router should be modular in architecture with a

Architecture
services-based hardware architecture
Router Processor
High-performance multi-core processors
Type
Service Support Device should support data and voice services
Routing Minimum throughput of 1Gbps from day one.
Performance: Should be upgradable to 2 Gbps in future.
Module-to-Module communication without compromising

router performance at speed up to 10 Gbps
DRAM Minimum 4 GB (installed) and upgradeable to 16 GB
Flash Memory Minimum 8 GB (installed) and upgradeable to 32 GB

Server
Virtualization Should support minimum 4 core double wide
platform
Status Indicators Link activity, power
Should have minimum 4 x 10/100/1000Base Dual mode (T

/ SFP) onboard Routing Ports and total 16 x
10/100/1000Base Dual mode (T / SFP) Routing port from
Day 1.
Interfaces
Management : 1 x console
Serial : 1 x auxiliary - RJ-45
USB : minimum 1 x USB 2.0 Type B
Should support Stateful Firewall. Should have VPN feature

Security
enable from day 1.
Voice & Video Should support digital signal processor
Data Link Protocol Ethernet, Fast Ethernet, Gigabit Ethernet.
IPv4, IPv6, static routes, Open Shortest Path First (OSPF),

Border Gateway Protocol (BGP), BGP Router Reflector,
Intermediate System-to-Intermediate System (IS-IS),
Multicast Internet Group Management Protocol (IGMPv3),
Protocols Protocol Independent Multicast.
Generic routing encapsulation, Ethernet, 802.1q VLAN,

Point-to-Point Protocol, High-Level Data Link Control
Encapsulations (HDLC), Serial (RS-232, RS-449, X.21, V.35)
QoS, Class-Based Weighted Fair Queuing, Weighted

Random Early Detection, Hierarchical QoS, Policy-Based
Traffic Routing (PBR), Performance Routing, and Network base
management Application inspection and treatment.
Minimum 3 WAN/LAN Interface Slots

Expansion Slots
Minimum 2 Service module Slots
Should have SNMP, RMON, Syslog,
GUI Management, Telnet and SSH
Monitoring Should have capability to monitor events and take

informational, corrective,
Should have Network Flow Statistic , IP Service Level

feature
Power Device Power supply – internal
Redundant power
Should have redundant power supply from day one.
supply
Rack-mount Standard 19 inch rack mountable
Bidder should submit BOQ of proposed device including

the details part numbers and Manufacturer warranty.
Manufacturer part
number
Bidder should submit the required performance document
for the proposed device.
Bidder should quote mentioning manufacturer's warranty

Warranty and part number and minimum 3 (Three) years full
replacement warranty should be provided.
Item No. 7: Firewall (Qty - 3 Nos)

bidder
1 Built-in Logging and Reporting

Security Performance:
32 Gbps or higher Firewall (1518-byte RFC 2544)

throughput
12 Gbps or higher Firewall IMIX throughput
8 Gbps or higher IPS throughput
6 Gbps or higher NGFW Firewall throughput
3 Gbps or higher VPN throughput
Minimum New connections/Sec >= 200,000 (200k)
2 Maximum licensed users should be unrestricted/unlimited
Interface:
3
The device should have at least 8 x 1GbE built-in
Copper, 2 x 1G SFP and 4x 10GbE SFP+ interfaces from
day 1 and should be freely configurable as LAN, WAN &
DMZ ports. 4x Dual Rate 10GBase-SR 10GbE Fiber
Transceiver (GBIC) should be from the same vendor.
The device should have 1x Flexi port/LAN module slots

for future extension of 1G Copper, 1G SFP, 10G SFP+
with 1G LAN Bypass Ports
The device should have 2 x USB, 1x management ports

(eth0/eth1), 1x COM (RJ45)
4 Power Supply: AC
Integrated Sandbox Protection against APT & Zero-day

5 attacks
The following security subscriptions should be provided

to cover all mentioned features & specifications from day
1:
Next Generation Firewall with VPN, Routing, WAN Link

Load Balancing, Link Aggregation, Traffic Shaping &
Quota (Bandwidth Management), Layer-8 User Identity,
Authentication, Built-in Wireless Controller with self-
service user portal, captive portal, VPN, 2FA
6 Network Protection Subscription includes Next-Gen IPS,

RED, HTML5, ATP, Dual Anti-malware, Security
Heartbeat
Web Protection Subscription includes Enterprise-grade

SWG, Proxy, Advanced Web Threat Protection, URL
Filtering, App control, Web & Application traffic shaping &
quota (Bandwidth Management), Dual AV, Web Content
Caching,
Integrated Next-Generation Sandbox Protection

Subscription includes zero-day threat protection with
dynamic malware behavior analysis, Inspection of over
40 file types, Support of one time links, Integration into
security dashboard, Coverage of Windows, Mac, iOS and
Android environments
Warranty: Mentioning manufacturer warranty part number

should be quoted, minimum 3 (Three) years warranty. It
should be provided for this unit from the date of
successful commissioning.
24x7 Enhanced Support via telephone & email with

remote access support by manufacturer directly
Free Security Updates, Patches, Software Features

7 Updates & Upgrades
Item No. 8: Monitoring Tool (Qty – 1)
Sl. Technical Specifications Compliance QTY

No
1 GUI
a Histograms, line graphs, pie charts, sunbursts, etc.

Also support search feature
2 Location data, custom layers and vector shapes.
Capable to Perform advanced time series analysis

3 with curate time series UIs.
4 Describe queries, transformations, and

visualizations with powerful, easy-to-learn
expressions
Detect the anomalies in data and machine learning
5 features.
6 Secure Spaces
7 Encrypted communications
8 Role-based access control (RBAC)
9 Field- and document-level security
10 Security realms
11 Single sign-on (SSO)
12 Security APIs
13 Log shipper (File beat)
14 Logs dashboards
15 Logs app
16 Uptime monitor (Heartbeat)
17 Uptime dashboards
18 Uptime app
19 Forecasting on time series
20 Anomaly detection on time series
21 Alerting on anomalies
22 Population/entity analysis
23 Log message categorization
24 Root cause indication
25 Data Visualizer
26 Data frames
Item No. 9: Work-Station (Qty – 20 nos)


bidder
1 32GB DDR4 at 2666MHz; Expandable up to 64GB
2G Graphic Card or Higher / Nvidia GTX 1060(6

GB) or GTX 1050Ti (4 GB) or equivalent with dual
2 display support
256GB M.2 SATA SSD (Boot) + 1TB 7200RPM

3 SATA 6Gb/s or batter
Tray load DVD Drive (Reads and Writes to

4 DVD/CD)
5 Desktop type, might be integrated with a monitor
9th Gen Intel® Core™ i7 9700 (8-Core, 12MB

6 Cache, up to 4.7GHz or batter
7 OEM Branded 2 x 24” IPS Monitor
8 OEM Branded Keyboard and Mouse
9 Windows 10 Pro or alternative or Equivalent
10 At least 1920x1080 pixels, display size at least

21,5” (16:9) with DVI, HDMI, including cable should
be 24” Display
Item No. 10: Application Server (Should be of 1U Rack Size) (Qty -1)
Sl. Technical Specifications Compliance QTY

No

2 Model: To be mentioned by bidder

bidder
3 Processor: 2 X Intel® Xeon® Silver 4110 2.1G,

8C/16T, 9.6GT/s, 11M Cache, Turbo, HT (85W)
DDR4-2400
4 RAM: Installed Min. 64 GB (2 x 32 GB Module)

2133MT/s, Dual Rank, x8 Data Width The system
should support maximum 1.0 TB DDR4 memory (24
Slots)
3 SSD 480 GB Enterprise Grade x 02 Nos.
4 10K RPM HDD 1.2 TB
5 RAID Controller 1GB or Higher Cache
6 Power Supply Dual
Microsoft Windows Server Standard Edition 2016

64Bit with 10 Users Terminal Server License
7 Upgradable to Windows Server 2019 Standard
8 4 x 10/100/1000-Base-T Ethernet port
Item No. 11: Hypervisor Server (Server should support HyperV. VMware and Xen) (Qty –
3 nos.)

bidder
3 Processor: 2 X Intel® Xeon® Gold 6212
2.4G,24C/48T HT (150W) or equivalent
4 RAM: Installed Min. 1TB 2133MT/s, Dual Rank, x8

Data Width The system should support maximum
1.0 TB DDR4 memory (24 Slots)
5 Hard Drives:
1) Caching tier :Minimum 5x 1.9TB SSD SAS

Write Intensive 12Gb 512n 2.5in Hot-plug
Drive,
Performance Classes for SSDs >=D.
Endurance Classes for SSDs >=B.
2) Capacity tier: Minimum 15 x 1.9 TB SSD

SATA Read Intensive 6Gbps 512n 2.5in Hot-
plug Drive
Performance Classes for SSDs >=C.
Endurance Classes for SSDs >=A.
6 Drive bay: 24 Drive Supported; SAS, SATA, SSD

drive supported.
Optical drive: DVD+/-RW, SATA, Internal (Factory

7 fitted)
8 Boot drive: Boot optimize storage controller card

with 2x 120G (RAID 1) for Hypervisor
9 Storage: 24 Drive Supported; SAS, SATA, SSD

drive supported. Storage Controller
a. Queue depth minimum 512 with 12Gbps

interface speed.
b. Must work in either pass-through, RAID-0 or
both modes. Must support the full bay.
10 :Power SupplyHot-plug, Energy efficient

Redundant Power Supply (1+1)
11 I/O slots: Minimum 6 PCI Express slots), One x16

full-length, full-height, Three x 8 full-length, full-
height. Three x 8 half-length, half-height
12 Network Interface Card

1 x 4 Ports 1GbE adapter
2 x 4 Ports 10Gb Base T adapters.
Note: 10 Gbps ports must be compatible with 10

Gbps network switch ports (copper, RJ-(45
13 Hypervisor support: VMware ESXi Min 6.7, vSAN

Min 6.7 (From Day 1)
VMware Integrated OpenStack 6 Data Center

Edition for 1 processor (3yrs)
Production Support/Subscription for VMware

Integrated OpenStack 6 - Data Center Edition
for 1 processor for 3 years
VMware vSAN 6 enterprise for 1 processor
Production Support/Subscription for VMware

vSAN 6 Enterprise for 1 processor for 3 years
VMware vCenter Server 6 Enterprise for

vSphere 6 (Per Instance)
Production Support/Subscription VMware

vCenter Server 6 Enterprise for vSphere 6 (Per
Instance) for 3 year
14 Operating system support: Microsoft Windows

Server 2016, Red Hat Enterprise Linux (RHEL),
VMware Vsphere 6.7. Should support all major
cluster solution
15 Server Management:
Remote management feature via dedicated remote

management port True agent-free monitoring
independent of OS
Server should send an alert notification on the

system front panel for failure of any component like
Processors, voltage regulator modules (VRMs),
memory, power supplies, fans, HDDs, adapters and
system temperature which will allow system
administrator to identify the component failure
Supports automated governing of part's firmware
level through the Lifecycle controller's policy. All
remote management features should be available
from day one.
16 Warranty& support: Three (3) years OEM branded

support and parts replacement services. The
manufacturing should have own parts exchange
center /ware-house in Dhaka city
Item No. 12: Backup Server (Qty – 1)

bidder
3 Processor: 2 X Intel® Xeon® Silver 4110 2.1G,

8C/16T, 9.6GT/s, 11M Cache, Turbo, HT (85W)
DDR4-2400
4 RAM: Installed Min. 64 GB (2 x 32 GB Module)

2133MT/s, Dual Rank, x8 Data Width The system
should support maximum 1.0 TB DDR4 memory (24
Slots)
5 Hard Drives: 10 X 8TB 7.2K NLSAS
6 Drive bay: 16 Drive Supported; SAS, SATA, SSD

drive supported.
7 Optical drive: DVD+/-RW, SATA, Internal (Factory

fitted)
8 Boot drive: 2x 200G SAS or SSD Driver (RAID 1)

for Hypervisor
9 Storage Controller:
a. Queue depth minimum 512 with 12Gbps

interface speed.
b. Must work in either pass-through, RAID-0 or
both modes.
Must support the full bay.
10 Power Supply: Hot-plug, Energy efficient

Redundant Power Supply (1+1)
11 I/O slots:
Minimum 6 PCI Express slots)
· One x16 full-length, full-height
· Three x8 full-length, full-height
· Three x8 half-length, half-height
12 Network Interface Card:
a. 1 x 4 Ports 1GbE adapter

b. 1 x 2 Ports 10Gb Base T adapters.
Note: 10 Gbps ports must be compatible with 10

Gbps network switch ports (copper, RJ-45)
13 Hypervisor support: VMware ESXi Min 6.7, VSAN

Min 6.7
14 Operating system support: Microsoft Windows

Server 2016, Red Hat Enterprise Linux (RHEL),
VMware Vsphere 6.7. Should support all major
cluster solution
15 Server Management :Remote management feature

via dedicated remote management port True agent-
free monitoring independent of OS
Server should send an alert notification on the

system front panel for failure of any component like
Processors, voltage regulator modules (VRMs),
memory, power supplies, fans, HDDs, adapters and
system temperature which will allow system
administrator to identify the component failure
Supports automated governing of part's firmware
level through the Lifecycle controller's policy. All
remote management features should be available
from day one.
16 Availability:
Hot-plug Power supply
Interactive LCD panel enables users to set up,

monitor, and maintain their servers while standing at
the server
Quick resource locator (QRL)/Equivalent
Single/Dual SD card support for failsafe

virtualization
Hot-plug Hard disk drive
Redundant Fans
capability to operate at excursion-based

temperatures beyond the industry standard of 35°C
(95°F)
17 Quality Certifications:
ISO 9001/9002 or higher for manufacturer, FCC

Class A/B, Energy Star for quality assurance Bidder
has to submit appropriate documents for the
certifications.
18 Form Factor:
2U Rack mountable with Rail Kit and cable

management arm
19 Warranty& support:
Three (3) years OEM branded support and parts

replacement services. The manufacturing should
have own parts exchange center /ware-house in
Dhaka city
Item No. 13: L2 Switch (Qty – 3 nos)
ITEM DESCRIPTION TECHNICAL SPECIFICATIONS Bidder’s

Response
ISO 9001/9002 for manufacturer, FCC Class A/B for quality

Quality
assurance
Brand To be mentioned by the bidder
Model To be mentioned by the bidder
Country of Manufacturer To be mentioned by the bidder
Environmental Maintain International Quality Environmental Safety standard
Form factor Rack Mountable with Rack Mounting Kit
Quantity 3 (Three)
Should have minimum of 24 x 1GE switch ports and 4x10G

SFP Based Uplink Ports. Bidder has to provide minimum 2
10GBASE-SR SFP transceiver module OEM original from day
1.
Switch should have 4 GB RAM and 4 GB Flash.
Shall have minimum 32K MAC Addresses and 4096 active

Vlans.
Switch should support slot/ports(excluding uplinks) for

minimum 160 Gbps of stacking bandwidth with dedicated
stacking ports and cables with minimum 8 switch in stack
Performance Features
Switch should support minimum 1550 ACL entries & minimum
6MB packet buffer.
Switch should be able to support 4000 IPV4 & 2000 IPV6

routing entries.
Switch should support minimum 1000 Switched Virtual

Interfaces.
The switch should support Jumbo frames of 9198 bytes
Minimum Switching capacity 120 Gbps full duplex or more
Minimum Forwarding Throughput 95 Mpps or more

Proposed switch should be enterprise grade switch with x86
based CPU architecture
Switch should have Layer 2, Routed Access (RIP, EIGRP

Stub, OSPF - 1000 routes), PBR, PIM Stub Multicast (1000
routes), PVLAN, VRRP, PBR, CDP, QoS, FHS, 802.1X,
MACsec-128, CoPP, SXP, IP SLA Responder features from
day 1
The proposed switch should be software defined networking

capable and be able to at least integrate easily with the SDN
controller from the same OEM.
The Switch stack should be based on Distributed forwarding

Architecture, where in each stack member forwards its own
information on network.
General Features
Switch should have unique secure identity so that its
authenticity and origin can be confirmed with OEM. Switch
BIOS, software image should be cryptographically signed to
ensure integrity and switch should not boot with modified
software regardless of user's privilege level.
Switch shall support application visibility and traffic monitoring

with minimum 16 K NetFlow/sflow/jflow entries.
Switch should support both front and back beacon LEDs for
easy identification of the switch being accessed.
Switches should have hardware support to connect a

Bluetooth dongle to your switch, enabling you to use this
wireless interface as an IP management port interface.
Switch should have redundant power supplies from Day 1.
Switch should support redundant fans.
Switch should support cross-stack ether channel.

High availability &
Resiliency
Switch should support embedded event manager scripts
After a reboot when power is restored to a switch, switch

should start delivering power to endpoints without waiting for
the operating system to fully load.
The switch should support Automatic Negotiation of Trunking

Protocol, to help minimize the configuration & errors
L2 Features
The switch should support IEEE 802.1Q VLAN encapsulation
The switch should support Spanning-tree PortFast and
PortFast guard for fast convergence
The switch should support Uplinkfast & Backbone Fast

technologies to help ensure quick failover recovery,
enhancing overall network stability and reliability
The switch should support Spanning-tree root guard to

prevent other edge switches becoming the root bridge.
The switch should support Voice VLAN to simplify IP

telephony installations by keeping voice traffic on a separate
VLAN
The switch should support Auto-negotiation on all ports to

automatically selects half- or full-duplex transmission mode to
optimize bandwidth
The switch should support Automatic media-dependent

interface crossover (MDIX) to automatically adjusts transmit
and receive pairs if an incorrect cable type (crossover or
straight-through) is installed.
The switch should support Unidirectional Link Detection

Protocol (UDLD) and Aggressive UDLD to allow for
unidirectional links caused by incorrect fiber-optic wiring or
port faults to be detected and disabled on fiber-optic
interfaces.
The switch should support IGMP v1, v2 Snooping
Switch should support IPv4 and IPv6The Switch should be

able to discover (on both IPv4 & IPv6 Network) the
neighbouring device giving the details about the platform, IP
Address, Link connected through etc, thus helping in
troubleshooting connectivity problems.
The switch should support IEEE 802.1x providing user

authentication, authorization and CoA.
The switch should support SSHv2 and SNMPv3 to provide

network security by encrypting administrator traffic during
Network security Telnet and SNMP sessions.
features
The switch should support TACACS+ and RADIUS
authentication enable centralized control of the switch and
restrict unauthorized users from altering the configuration.
The switch should support MAC address notification to allow

administrators to be notified of users added to or removed
from the network.
The switch should support MACSec-128 from day 1.
Switch should support 802.1p Class of Service (CoS) and

Differentiated Services Code Point (DSCP) field classification,
Quality of Service
Shaped Round Robin (SRR) scheduling, Committed
Information Rate (CIR), and eight egress queues per port.
The Switch should support routing protocols such OSPF,

BSR, IS-ISv4, LISP, VXLAN, VRF.
The Switch should support IPv6 Routing capable protocols

such as OSPFv3 in hardware.
The Switch should support IP Multicast and PIM, PIM Sparse

Mode, & Source-Specific Multicast for Wired and Wireless
Clients.
The Switch should support basic IP Unicast routing protocols

Layer-3 Features should (static, RIPv1 & RIPv2).
be supported post a
license upgrade from L2 The Switch should support IPv6 & IPv4 Policy Based Routing
to L3 (PBR)
The Switch should support Inter-VLAN routing.
The Switch should support HSRP for IPv4 & IPv6.
The Switch should support VRRPv3.
The Switch should support uRPF for IPv4 and IPv6.
Support SNMP, Syslog, NetFlow or SFlow, Data telemetry

collection and correlation for performance monitoring.
Support sampled NetFlow/SFlow, Switched Port Analyzer,

Remote SPAN, shared NetFlow/SFlow policy, RSPAN and
packet capture tool like Wireshark for troubleshooting and
network visibility.
The switch must have at least 525,000 hours Mean Time

Between Failure (MTBF) for hardware reliability.
Management features
Should support centralize management platform for
configuration rollout, change, backup, troubleshooting and
performance analysis feature.
Bidder should submit BOQ of proposed device including the

details part numbers and Manufacturer Warranty.
Manufacturer’s warranty part number should be mentioned,
Warranty minimum 3 (Three) years warranty for OEM support, Patch &
New Software Upgrade should be provided
Item No. 14: L3 Switch (Qty – 3nos)
Bidder's
Component/ Item Required Technical Specification
Response
Brand Internationally Reputed Brand
Model To be mention by bidder
Country of
To be mentioned by bidder
Manufacturer
ISO 9001/9002 for manufacturer, FCC Class A/B for quality

Quality
assurance
Environmental Maintain International Quality Environmental Safety standard
Enclosure Type Rack mountable Modular Chassis
The Switch should have 24x1Gigabit Ethernet Rj45 ports with 8 x

10GE SFP Based Uplink Ports. Bidder have to provide minimum
2 10GBASE-SR SFP transceiver module and 2 1000BASE-T
SFP transceiver module OEM original from day 1 .
The Switch should have redundant power supplies and modular

fans providing redundancy from Day 1.
The Switch should support Stacking with Stack Power

capabilities.
Architecture
The Switch Architecture should be able to stack at least 8
switches in a single stack.
The Switch stack should be based on Distributed forwarding

Architecture, where in each stack member forwards its own
information on network.
The Switch Stack Architecture should have centralized control

and Management plane with Active Switch and all the information
should be synchronized with Standby Switch.
The Switch should support Stateful Switchover when switching
over from Active to Standby switch in a Stack
The Switch Stack Architecture should be Plug & Play for

attaching or removing any switch from the stack without any
downtime.
The Switch Stack Architecture should allow the end user to stack
24 Port Switch with 48 Port of the same model.
Shall be based on a Modular OS Architecture capable of hosting

applications.
Shall have RJ-45 & Mini USB Console Ports for Management
Shall have USB 2.0 for OS Management (uploading,

downloading & booting of OS and Configuration)
Shall have Multicore CPU Architecture.
Shall have Front to Back Airflow system.
Shall have at least 15 GB of Flash for storing OS and other Logs.
Shall have at least 7 GB of DRAM.
Shall have at least 1 10/100/1000 dedicated Ethernet

Management Port.
The switch should be rack mountable and should not take space
more than 1 Rack Unit.
The Switch should have at least 206 Gbps of non-blocking

switching bandwidth.
The switch should have at least 150 Mpps of forwarding

rate.
The Switch should support at least 32000 MAC

Addresses.
Switch Performance The Switch should support at least 32000 IPv4 routes and
16000 IPv6 routing entries.
The Switch should support at least 4000 VLAN ID's &

1000 Switched Virtual Interface's.
The Switch support 9198 bytes of Jumbo Frames.
Shall support 64,000 flows to have full visibility of traffic to

identify users and user traffic flows in order to identify
potential attackers.
The switch should have static Routing protocols such as

RIP.
The switch should have basic IP Unicast routing protocols

(static, RIP v1 & RIP v2), BGP.
The switch should support IP v6 & IP v4 Policy Based

Routing (PBR).
The Switch should be able to discover (on both IP v4 & IP

v6 Network) the neighbouring device giving the details
about the platform, IP Address, Link connected through
etc., thus helping in troubleshooting connectivity problems.
The switch should support Detection of Unidirectional

Links (in case of fiber cut) and to disable them to avoid
Layer 3 Features problems such as spanning-tree loops.
The switch should support centralized VLAN

Management; VLANs created on the core switch should
be propagated automatically.
The switch should support 802.1 d, 802.1 s, 802.1 w

Spanning-Tree & its Enhancement for fast convergence.
The switch should support 802.1 Q VLAN encapsulation.
The switch should support 802.3 ad (LACP) to combine

multiple network links for increasing throughput and
providing redundancy.
The switch should have IOT integration like AVB, PTP,

CoAP or similar type of features
The Switch should be able to discover the neighbouring

device of the same vendor giving the details about the
platform, IP Address, Link connected through etc., thus
helping in troubleshooting connectivity problems
Should support Local Proxy or Address Resolution

Protocol.
Layer 2 Features
The switch shall have an intelligent feature to allow
unidirectional links caused by incorrect fiber-optic wiring or
port faults to be detected and disabled on fiber-optic
interfaces.
Support Dynamic Trunking Protocol (DTP).

Support Port Aggregation Protocol (PAgP) automates the
creation of Fast Ether Channel groups or Gigabit Ether
Channel groups to link to another switch, router or server.
Support Link Aggregation Control Protocol (LACP) allows

the creation of Ethernet channelling with devices that
conform to IEEE 802.3ad.
Support UDLD and Aggressive UDLD protocol
Support (IGMP) Snooping for IPv4 and IPv6 MLD v1 and

v2 Snooping.
Support Per-Port Broadcast, Multicast, and Unicast Storm

Control.
Support Voice VLAN.
Support VLAN Trunking Protocol (VTP)
Support RSPAN
Support (BPDU) Guard & STRG
Support Dynamic VLAN Assignment
Support Flex link provides link redundancy& VLAN Flex

Link load-balancing
Support IEEE 802.1s/w Rapid Spanning Tree Protocol

(RSTP) and Multiple Spanning Tree Protocol (MSTP)
Support Per-VLAN Rapid Spanning Tree (PVRST+)
Support Switch-Port Auto recovery
Support Cross Stack QOS
The switch should have Port security to secure the access

to an access or trunk port based on MAC address to limit
the number of learned MAC addresses to deny MAC
address flooding
Network Security The switch should support DHCP snooping to prevent

Features malicious users from spoofing a DHCP server and
sending out rogue addresses
The switch should support Dynamic ARP inspection (DAI)

to ensure user integrity by preventing malicious users from
exploiting the insecure nature of ARP.
The switch should support IP source guard to prevent a
malicious user from spoofing or taking over another user’s
IP address by creating a binding table between the client’s
IP and MAC address, port, and VLAN
The switch should support Unicast Reverse Path

Forwarding (RPF) feature to mitigate problems caused by
the introduction of malformed or forged (spoofed) IP
source addresses into a network by discarding IP packets
that lack a verifiable IP source address
The switch should support Bidirectional data support on

the SPAN port to allow the intrusion detection system
(IDS) to take action when an intruder is detected
The switch should support flexible & multiple

authentication mechanism, including 802.1 X, MAC
authentication bypass, and web authentication using a
single, consistent configuration
The switch should support RADIUS change of

authorization and downloadable Access List for
comprehensive policy management capabilities.
The switch should support Private VLANs to restrict traffic

between hosts in a common segment by segregating
traffic at Layer 2, turning a broadcast segment into a non-
broadcast multi-access like segment to provide security &
isolation between switch ports, which helps ensure that
users cannot snoop on other users’ traffic
The switch should support Multi-domain authentication to

allow an IP phone and a PC to authenticate on the same
switch port while placing them on appropriate voice and
data VLAN
The switch should support MAC address notification to

allow administrators to be notified of users added to or
removed from the network
The switch should support IGMP filtering to provide

multicast authentication by filtering out nonsubscribers
and limits the number of concurrent multicast streams
available per port
The switch should support VLAN ACLs on all VLANs

prevent unauthorized data flows from being bridged within
VLANs
The switch should support IPv6 ACLs that can be applied

to filter IPv6 traffic
The switch should support Port-based ACLs for Layer 2

interfaces to allow security policies to be applied on
individual switch ports
The switch should support Secure Shell (SSH) Protocol,

Kerberos, and Simple Network Management Protocol
Version 3 (SNMPv3) to provide network security by
encrypting administrator traffic during Telnet and SNMP
sessions
The switch should support TACACS and RADIUS

authentication to facilitate centralized control of the switch
and restricts unauthorized users from altering the
configuration
The switch should support Multi level security on console

access to prevent unauthorized users from altering the
switch configuration
The switch should support Bridge protocol data unit

(BPDU) Guard to shut down Spanning Tree PortFast-
enabled interfaces when BPDUs are received to avoid
accidental topology loops
The switch should support Spanning Tree Root Guard

(STRG) to prevent edge devices not in the network
administrator’s control from becoming Spanning Tree
Protocol root nodes
The Switch should support IP version 6 RA Guard, DHCP

v6 guard, IP v6 Snooping to prevent any Man-in-middle
attack.
The Switch should support Dynamic VLAN, Downloadable

ACLs, Multi-Auth VLAN Assignment, MAC Based Filtering
& Web Authentication security mechanism.
Switch should support port security, DHCP snooping, ARP

inspection, IP source guard
Switch should support flexible multiple authentication

using 802.1x, MAC Authentication bypass, WEB
authentication
The switch should support for comprehensive policy

management capabilities using RADIUS Change of
Authorization
The switch should Support 802.1x Supplicant with NEAT
The switch should also provide support for Private VLAN

Edge.
Support Multi-domain Authentication.
Support Port-Based ACLs
Support Secure Shell (SSH) Protocol
Support TACACS+ and RADIUS Authentication
Support MAC address Notification
Support Multilevel Security on Console Access
The Switch should be capable of deploying QoS policies

at multiple levels based on AP, Radio, SSID & clients who
are directly connected to the switch
The Switch should be capable of Downloading

Downloadable Access List from network security engine
based on user identity
The Switch should be capable of Queuing, Policing,

Shaping and marking Wired Traffic based on Class of
Service (CoS) or DSCP
The switch should support IP SLA feature set to verify

services guarantee based on business critical IP
Applications
Quality of Services The switch should support Auto QoS for certain device
types and enable egress queue configurations
The switch should support 802.1 p CoS and DSCP Field

classification using marking and reclassification on a per-
packet basis by source and destination IP address, MAC
address, or Layer 4 Transmission Control Protocol/User
Datagram Protocol (TCP / UDP) port number
The switch should support shaped round robin (SRR)

scheduling to ensure differential prioritization of packet
flows by intelligently servicing the ingress queues and
egress queues. Weighted tail drop (WTD) to provide
congestion avoidance at the ingress and egress queues
before a disruption occurs. Strict priority queuing to ensure
that the highest priority packets are serviced ahead of all
other traffic.
The Switch should support Rate limiting based on source
and destination IP address, source and destination MAC
address, Layer 4 TCP/UDP information, or any
combination of these fields, using QoS ACLs (IP ACLs or
MAC ACLs), class maps, and policy maps
The Switch should support Eight egress queues per port

for wired traffic to enable differentiated management of
different traffic types across the stack for wired traffic
The switch shall allow administrators to remotely monitor

ports in a Layer 2 switch network from any other switch in
the same network
The management feature shall have ease of

troubleshooting by identifying the physical path that a
packet takes from source to destination
Manageability Shall provide for Embedded Remote Monitoring (RMON)

software agent supporting four RMON groups (History,
Statistics, Alarms and Events) for enhanced traffic
management, monitoring, and analysis Web browser
setup utility allows one-click initialization for IP addresses
and passwords.
Shall provide support for TFTP (Trivial File transfer

protocol) for the easy software upgrades on the network
Auto-configuration for ease of deployment of switches in

the network by automatically configuring multiple switches
across a network via a boot server
Auto-sensing on each non-GBIC port detects the speed of

the attached device and automatically configures the port
for 10-, 100-, or 1000-Mbps operation, easing the
deployment of the switch in mixed 10, 100, and 1000
BaseT environments
Auto-negotiating on all ports automatically selects half- or

full-duplex transmission mode to optimize bandwidth
Auto Smart ports provide automatic configuration as

devices connect to the switch port, allowing auto detection
and plug and play of the device onto the network
Support Stacking Master Configuration Management
Support four RMON groups (history, statistics, alarms, and

events)
Support Network Assistant software for network
management application for users up to 250
Support SNMPv1, v2c, and v3
Bidder should submit BOQ of proposed device including

the details part numbers and Manufacturer’s Warranty part
number.
Manufacturer’s part
Bidder must submit the required performance document
number
and compliance reference document for the proposed
device. If the additional accessories are essential, vendor
will provide by this additional accessories according to the
proposed model.
Mentioning manufacturer warranty part number should be

Warranty quoted, minimum 3 (Three) years warranty should be
provided.
Item No. 15: Monitor (Qty – 3 nos)
1 42" or higher
Ports: USB x 03, HDMI x 2, VGA x 01, Lan Port x 01,
2 Display port x 01
Item No. 16. White Board (Qty – 2 nos)

1 Dimension should be at least 10 feet X 4 Feet
Item No. 17. UPS - 15KVA (Qty – 1)
1 Output
Output Power Capacity 15.0 KW / 15.0 kVA
Max Configurable Power (Watts) 15.0 KW / 15.0 kVA
Nominal Output Voltage 230V
Output Voltage Distortion Less than 2%
Output Frequency (sync to mains) 50/60Hz +/- 3 Hz
Other Output Voltages 220, 240V
Crest Factor 3 : 1
Crest Factor Double Conversion Online
Waveform Type Sine wave
Output Connections (1) Hard Wire 3-wire (H N + G)

(Battery Backup) , (3) IEC Jumpers (Battery Backup) ,
(4) IEC 320
C19 (Battery Backup) , (6) IEC 320 C13 (Battery
Backup)
Bypass Internal Bypass (Automatic and Manual)
2 Input
Nominal Input Voltage 230V , 400 3PH
Input Frequency 40 - 70 Hz (auto sensing)
Input Connections Hard Wire 3 wire (1PH+N+G) , Hard

Wire 5-wire (3PH + N + G)
Input voltage range for main operations: 160 - 275 V
Input voltage adjustable range for mains operation

100 - 275 (half load)V , 173 - 476 (half load)V
Other Input Voltages 220 , 240 , 380 , 415
3 Batteries & Runtime
Battery Type Maintenance-free sealed Lead-Acid

battery with suspended electrolyte : leak proof
Typical recharge time 1.5 hour(s)
RBC Quantity 2
Nominal Battery Voltage +/-192 V (split battery

referenced to neutral)
4 Backup
30 mins on full load
Item No. 18. Racks (Qty – 3 nos)
1 RACK, 19" 42U/1000D"
A. Top and bottom cover for cable entry - 1 each
B. Depth Members - 2 pairs
C. 19" Mounting angles (Numbered "U" marking 2 pairs)

D. Integral Base Frame
E. Exhaust fan
2 Single front door, steel 600W, 42U, perforated full
3 Double rare door, Steel, 600W, 42U, perforated full
4 Base Frame, 600MMW X 1000MMD, CY
5 HRDWARE, FRNT PNL, SQR, PKT of 20
6 Channel; with cable Loops 42U
7 Blanking Plate 19" 1U
8 Blanking Plate 19" 2U
9 PDU with 200-240V Input, Single Phase, Minimum Two

(2) IEC C19 receptacles and Minimum Twelve (12) x
IEC C13 receptacles for Connecting the servers with
IEC C-13/C-14 jumper cords, 1. Minimum Two Circuit
Breakers One for “IEC C13 receptacles" and One for”
IEC C19 receptacles" 2. 3 meter cable un-terminated (6
Sq. mm Source cable and 4 Sq. mm internal cable.
Item No. 19: Virtual Network Devices (Open Source/Proprietary) (Qty – 1 each)
1 Analysis
Public Threats - Public clients with a poor IP reputation

that are reaching private addresses.
At-Risk Servers - Private Servers that are being

reached by clients with a poor IP reputation.
High-Risk Clients - Private clients that are accessing

public servers which have a poor reputation.
There are separate Geo Location dashboards for

Client/Server and Source/Destination perspectives.
Provides a view of traffic to and from Autonomous

Systems (public IP ranges)
2 Firewall
Firewall and Router
Stateful Packet Inspection (SPI)
Geo IP blocking
Anti-Spoofing
Time based rules
Connection limits
Dynamic DNS
Reverse proxy
Captive portal guest network
Supports concurrent IPv4 and IPv6
NAT mapping (inbound/outbound)
VLAN support (802.1q)
Configurable static routing
IPv6 network prefix translation
IPv6 router advertisements
Multiple IP addresses per interface
DHCP server
DNS forwarding
Wake-on-LAN
PPPoE Server
3 Packet capturing
Packet capturing and storage with smart capturing and
analysis.
4 load balancer
High Availability
High Throughput.
Low Latency
Preserve source IP address
Static IP support
Elastic IP support
TLS Offloading
5 SIEM (Apache Metron or Splunk)
Support for Apache and Nginx redirectors. Fully

tested and working file beat and log stash configuration
files that support Apache and Nginx based redirectors.
Solve Rsyslog max log line issue. Rsyslog (default

Syslog service on Ubuntu) breaks long Syslog lines.
Depending on the CS profile you use, this can become
an issue. As a result, the parsing of some of the fields
are properly parsed by log stash, and thus not properly
included in elastic search.
Ingest manual IOC data. When you are uploading a

document, or something else, outside of Cobalt Strike, it
will not be included in the IOC list. We want an easy
way to have these manual IOCs also included. One way
would be to enter the data manually in the activity log of
Cobalt Strike and have a log stash filter to scrape the
info from there.
Ingest e-mails. Create input and filter rules for IMAP

mailboxes. This way, we can use the same easy ELK
interface for having an overview of sent emails, and
replies.
DNS traffic analyses. Ingest, filter and query for
suspicious activities on the DNS level. This will take
considerable work due to the large amount of
noise/bogus DNS queries performed by scanners and
online DNS inventory services.
Other alarm channels. Think Slack, Telegram,

whatever other way you want for receiving alarms.
Fine grained authorisation. Possibility for blocking

certain views, searches, and dashboards, or masking
certain details in some views. Useful for situations
where you don't want to give out all information to all
visitors.
Item No. 20: Training Platform Module (Qty – 1)

SL. #. Product Description of Compliance QTY
Names/Items requirements
Solution name: Training Platform Module

encompasses Cyber
Range functionalities.
1 Classroom Should allow to manage
management centrally workstations with
the following futures:
Centralized Remotely deploy, execute,
software and control software on
management windows based managed
workstations
Snapshot Snapshot of operating
system and its
configuration and reverting
upon special remote
command execution
Preventing Prevent unauthorized
unauthorized administrators from
access accessing or controlling a
computer
2 Monitoring To install, configure and
maintain distributed
monitoring solution with
the following futures:
Deployment Deployment to selected
VM located in Server
Permissions Secure user
management authentication and
availability to limit
accessibility to
components for
authenticated users
Data gathering Availability checks,
performance checks,
SNMP (both trapping and
polling), IPMI, JMX,
VMware monitoring,
custom checks, gathering
data at custom intervals.
Both modes: server/proxy
mode or by agents
Ability to gather data from
Linux and Windows
machines, including binary
daemons
Ability to track activity of
MODBUS protocol
Data storing and Gathered data should be
API stored in a database and
be accessible through API
for Automated scoring
system module
Alerting Customisable notifications
(by email and in
application) with ability to
use macro variables.
Ability to configure semi-
automated and automated
management actions,
including execution of
remote commands
Real-time data Monitored items should be
representation in immediately displayed in
visual format visuals located in
Command and control
center module and
Automated scoring system
module
Custom graphs, network
maps, custom screens are
needed as well as slide
shows for a dashboard-
style overview reports
Advanced web Must have functionality to
monitoring simulate mouse clicks on
capabilities a monitored web site and
check it for availability and
measure response time
Templates It should be possibility to
create and deploy
monitoring templates on
selected servers
3 Scoring system Deployed Cyber defence
calculation exercise scoring system
should contain the
following futures:
Retrieve continuous
monitoring information
from Command and
control center module
Execute team scoring
algorithms for every type
of cyber defence exercise
Be unlocked to modify
deployed automated
scoring algorithms
Be unlocked to develop
and deploy new types of
automated scoring
algorithms for new cyber
defence exercises
Algorithms source code
should be stored, be
documented and
maintained in the Exercise
repository module
Display team scores in
team displays
Display team scores in
Command and control
center module
4 Team Full HD TV 42“ inches with
performance HDMI and USB
displays with connectors with the
functionality following futures:
Hanged pared on the
walls in 2 separate rooms
Be configured to display
team score and score
details in one monitor
Be configured to display
status of score calculation
parameters in the second
monitor: is the service
(defendable component)
running, stopped, etc.
Both monitors have to
have possibility to be
configured to display
special messages from
Command and control
center module, like:
additional mission goals,
special warnings and
other gamification factors
relevant to the running
scenario
Displays configurations
should be stored, be
documented and
maintained in the Exercise
repository module
5 Version control To install, configure and
Capability maintain cyber defense
exercise source code
version control solution
with the following futures:
Deployment Deployment to selected
VM located in Server
Permissions Secure user
management authentication and
availability to limit
accessibility to stored
components for
authenticated users
Repository Ability to store and control
capabilities versions of custom,
programmable or
configurable scenario
items: source code,
configurations, exploits,
injections, attacks scripts,
configurations, schedules,
scoring parameters,
deployment scripts.
WikiDocs Ability to prepare, store
capability or and control various
similar playbooks for trainees and
trainers for whole
infrastructure and every
cyber defense exercise
scenario
Item No. 21: Cyber Defence Exercise Module (Qty – 1)
SL. #. Product Description of Compliance QTY

Names/Items requirements
Cyber Defence Exercise

Module provides the
exercise scenarios
modules
Cyber defence exercise

module 1: entry level (blue
teams competition mode)
1 Scenario To prepare cyber defence

preparation and exercise scenario “entry
deployment level (blue teams
competition mode)” and
deploy it to a mode ready
to execute with the
following scenario
conditions and
functionality:
Legend for Each blue team has to
defendable defend a network
infrastructure consisting of vulnerable
assets: VLANs, web
applications, FTP,
Windows and Linux based
legacy systems, DNS,
virtual printer, etc.
Preconfigured
infrastructure should be
backed up by using
Platform infrastructure and
management module
Configurable scenario
items have to be stored
and unlocked for
modification in Exercise
repository module
Legend for Attacks to the blue teams’

attacking vulnerable infrastructure
should be executed in an
automated and
preconfigured way from
Training Platform Module
in parallel for both teams.
Staged attack scenarios
should be executed, for
example:
Stage 1 ‐ attacking
websites.
Stage 2 ‐ attacking DMZ.
Attack types should be at

least:
 Vulnerability
exploitation
 SQL injections
 DDoS
It should be possibility to
run advanced attacks
manually in addition to the
automated attacking
baseline if blue teams are
performing well.
Scripts for automated and

manual attacks, exploits,
attacks execution baseline,
time schedule
configurations have to be
stored and unlocked for
repository module
Legend for Scores should be

scoring system calculated at least for
service availability (SLA),
proactive defence, and
incident reporting and
information sharing.
Scoring system algorithm

and its configurable items
have to be stored and
unlocked for modification
in Exercise repository
module
Exercise To provide blue team

playbook playbook with objectives,
scenarios, goals to
achieve, reporting
procedures, network and
system architecture, and
tools.
WikiDocs capability or
similar from Exercise
repository module should
be used to document a
manual.
Exercise To provide management

management playbook material in order
to understand architecture,
playbook setup and to be able to
modify and tune the
exercise in the future.
manual.

module 2: entry level for
a small group

preparation and exercise scenario “entry
deployment level for a small group” and
to execute with the
following scenario
conditions and
functionality:
Legend for One blue team has to

defendable defend a network
infrastructure consisting vulnerable
assets: web applications,
FTP, Windows based
legacy system, etc.
Preconfigured
backed up by using
management module
and unlocked for
repository module
Legend for Attacks to the blue team’s

automated and
Training Platform Module.
Attack types should be at

least:
 Anonymous access
to a FTP
 Vulnerability
exploitation
 SQL injections
 DDoS
automated attacking
baseline if blue team is
performing well.

time schedule
repository module

information sharing.

module

scenarios, goals to
achieve, reporting
tools.
manual.

playbook to understand architecture,
setup and to be able to
modify and tune the
manual.

module 3: basic and
professional level (blue
teams competition
mode)

preparation and exercise scenario “basic
deployment level (blue teams
competition mode)” and
to execute with the
following scenario
conditions and
functionality:

defendable defend and attack an
infrastructure identical network
consisting of assets:
servers, workstations, web
and legacy systems, DNS,
email, FTP, file servers,
domain controller, virtual
printer, databases, etc.
Preconfigured
backed up by using
management module
and unlocked for
repository module
Extended Each team should have

defence possibility to deploy during
functionality scenario execution their
own (private) virtual
machines (VMs) with their
own security tools (up to 2)
Legend for Attacks to the blue teams’

automated and
Training Platform Module
in parallel for both teams.
Staged attack scenarios
should be executed, for
example:
websites.
Stage 2 ‐ attacking DMZ.
applications and private
network zones
Stage 4 ‐ avalanche (mass

destruction with maximum
damage attempt)
automated attacking
baseline if blue teams are
performing well.

time schedule
repository module

information sharing. 

module

scenarios, goals to
achieve, reporting
tools.
manual.

modify and tune the
manual.

module 4: basic and
professional level
(capture the flag)
4 Scenario To prepare cyber defence Set 1

preparation and exercise scenario “basic
deployment level (capture the flag)”
and deploy it to a mode
ready to execute with the
following scenario
conditions and
functionality:
Legend for blue Each team will play the

teams defender role for their own
system and the attacker
role for another team's
system

exercise defend and attack an
infrastructure identical network
consisting of at least 30
assets: servers,
workstations, web and
legacy systems, DNS,
email, FTP, file sharing,
etc.
VMs should be different

from other exercises.
Preconfigured
backed up by using
management module
and unlocked for
repository module
Extended Each team should have

attacking/defence possibility to deploy during
functionality scenario execution their
own (private) virtual
machines (VMs) with their
own defensive and
offensive security tools (up
to 2)
Legend for Every blue team must try

attacking to “capture the flag”
located in other’s team
infrastructure by using
offensive tools.

information sharing. 

module
scenarios, goals to
achieve, reporting
tools.
manual.

modify and tune the
manual.
Item No. 22: Center Operations Manual and Self-Organising Capabilities Module (Qty – 1)
SL. #. Product Description of requirements UoM QTY

Names/Items
Center Operations Manual and Self-Organising

Capabilities Module ensure quality of the Training
operations.
1 Operations Center’s operations manual has to be prepared. Set 1

manual
preparation
It should include technical and organizational

setup, highly skilled or advanced work
procedures like infrastructure preparation to run
an exercise, updating an exercise (versioning,
backing up, testing and deploying)
WikiDocs capability or similar from Exercise
repository module should be used to prepare
needed documentation
2 Module To prepare self-assessment exercise with zero or Set 1

preparation entry level cyber security skills with the following
and scenario conditions and functionality:
deployment
Steps based Trainee is following scenario steps where

scenario prepared tasks on Windows/Linux VM should be
accomplished. After each task some test
questions should be answered and success
score automatically calculated
Tasks to Scenario shall include entry and basic level real

accomplish live tasks with additional material to read. Tasks
include: assessment of effectiveness of incident
detection, handling and response, phishing
emails where user clicks on infected attachment,
vulnerabilities detection, patching activities,
system hardening, and configuration
management. It should be prepared at least 20
tasks and 20 questions
Legend for Test-based scoring algorithm and its configurable

scoring system items have to be stored and unlocked for
modification in Exercise repository module
Module Self-exercise management playbook material

management should be prepared in order to understand
playbook architecture, setup and to be able to modify and
tune the exercise in the future.
WikiDocs capability or similar from Exercise

repository module should be used to prepare
needed documentation.
Item No. 22: Training Center Operations Functionality Warranty (QTY – 1 Work)
SL. #. Product Description of requirements UoM QTY

Names/Items
Training Center Operations Functionality

Warranty must be provided to ensure that
whole training center is delivering expect
Functionality. It incorporates Skills
deployment activities for centre’s manager
and trainers, as well as Operating the
Exercises.
1 Skills Selected center manager and trainers should Set 1

deployment be prepared to run the center by conducting
activities the following activities:
Detail explanation on every project item

onsite for at least 5 working days
Switching team accounts into privileged
Unit running sessions by following Center

operations manual for the whole delivery
period for item Running exercises, including
5 working days before and after execution
2 Exercise Pilot Every exercise shall be executed with Set 8

Execution Consultant’s presence for external
constituency at least for 2 times.
Quality Feedback for the exercise setup, execution

improvement and results should be collected after every
event, then summarized, discussed with the
Purchaser and infrastructure and exercise
setup improvement actions should be
conducted when necessary
3 Exercise Every exercise shall be executed with Week 72

Provisioning Consultant’s presence for external
constituency, per week there should be at
least two exercises provisioned when
requested and executed, where supplier staff
must provide at least one person full time for
whole week period to instruct, prepare, run
and lead the training. Additional assistants
(up to 3) are possible to inquire via Client
from Academia
Item No. 23: Lab Infrastructure (Qty – 1 Work)
SL. #. Product Description of requirements Compliance QTY

Names/Items
Cyber Range Lab
1. Furniture Bidder should provide good quality

Furniture for the following area:
a. Red Team: 15 Nos. of Table &

Chairs with power 4x 5 Amp power
Socket, and 2 LAN ports each.
b. Blue Team: 15 Nos. of Table &

Socket, and 2 LAN ports each.
c. White Team: 06 Nos. of Table &

Socket, and 2 LAN ports each
d. Meeting room: A conference/

meeting table with 12-16 no of seating
capacity.
2 Server Room A sound proof server room is required

with at least 04 nos. of 2tonn ACs,
10KVA Online UPS power supply,
Access Control Infrastructure, 03 Nos.
of 19”42 U racks. Server room should
have visibility from outside the server
room.
3 Practice Area Practice area should be fitted with the

02 X 42-43” Monitors where
participants can monitor the activities,
06 Nos of 2 ton ACs, White board, etc
18. Warranty and Maintenance
 Warranty Service: Three (3) years OEM branded support and parts replacement warranty
to be provided for all equipment, systems and software items.
 Technical Assistance: Supplier should provide Technical assistance on call basis during
warranty period.
 Support for hardware: faulty part replacement, for software – new software releases, and
fixes provision, support for bugs.
19. Supporting Personals
 01 (one) Number of on premises support personnel

 L1 and L2 (non critical) from within Bangladesh
 L2 (critical) and L3 by remote
20. Faulty Hardware Replacement
 The Supplier shall not use as replacements, any parts/components which are not original,
parts/components which have not been approved by the Manufacturers of the
server/equipment unless he has the prior consent of the purchaser.
 In the case where the substitute equipment or components require interfacing software
drivers, the Supplier shall immediately provide the purchaser at his own expense, with such
software, subject to the purchaser’s satisfaction, for the period during which the substitute
equipment or part remains in operation at premise. The substitute equipment or part thereof
must be of equivalent or higher performance to the original equipment or part.
 The Supplier shall not remove/replace any server or part(s) thereof without the consent of
the purchaser or its appointed representative.
 Any defective part that is removed from the equipment is the property of the purchaser. It
must be returned to the purchaser or its appointed representative.
 There must be a Non Disclosure Agreement (NDA) between the selected bidder and the
purchaser.
21. Service Requirements
System Integration: All equipment including software should need to be installed in the
designated location by BCC. Vendor must install, implement, and integrate all the systems
supplied and required for functioning of Training Center. The following requirements must be
performed by the supplier:
 The Supplier shall conduct the tests on the System in the testing and production
environments to ensure that the equipment and systems have been installed and setup
properly.
 The supplier must verify and ensure that all related systems maintain data integrity and can
operate in coordination with other systems in the same environment. The supplier must
ensure that all components are integrated successfully to provide expected results.
 Vendor should provide necessary subscription services to update the simulation environment
with threat intelligence once every year for a minimum of 3 years. After the warranty period the
approximate yearly licensing fee would to be clearly mentioned in BOQ for each service. If
MIST does not renew the yearly subscription, existing system would continue without the
updates as it is an educational institute. A special discount for yearly renewal fee may be
considered and proposed after the expiry of warranty period.
 The solution should preferably be a proven and validated solution by OEM. The System
Integrator (SI) will be responsible for implementing the simulation environment and then
engaged for up to 3 years with effect from the date of Final Acceptance Certificate (FAC) by
MIST or updating installed equipment with appropriate threat intelligence updates. The SI is
responsible for providing latest attack and threat scenarios at least once every year. The SI will
also ensure a handover workshop and training detailing the installed simulation environment
and attack defense scenarios, which can be simulated in the environment.

Section 7. Technical Specifications

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Section 7. Technical Specifications

Uploaded by

Copyright:

Available Formats

Section 7.

In essence, a cyber range is a training environment used to train cyber

1.1. Operational Domains

Ranges are locations where people train to accomplish a mission. Golf

1.2. Cyberspace Domain

1.3. Cyber Range Operations

1.3.1. Operational Views

Operational managers can leverage multiple frameworks in support of their

1.3.1.1. Operational Nodes Connectivity Diagram

1.3.1.2. Operational Information Exchange Matrix

Information exchanges between operational nodes are captured in an Operational

1.3.1.3. Operational Activity Model

1.3.1.4. Organizational Relationship Chart

An Organizational Relationship Chart is a chart that illustrates the multiple roles

1.3.2. Offensive Operations

1.3.3. Defensive Operations

2. Cyber Range Simulations

2.1. Internet and the World Wide Web

2.1.1. Regional and Country Traffic

2.2. Critical Infrastructure Targets

2.3. Multimedia Realism

3. Cyber Range User Interface

3.1. Background InternetTraffic Map

The advantage of using geographical regions that include North America,

3.2. Critical Infrastructure UI

A critical infrastructure user interface should at the minimum include a drop

4. Cyber Range Infrastructure

4.1 Traffic Generator

4.1.1. Apps & Services Requirements

4.1.1.1. Social & Internet Apps

Cyber range traffic generators need to be able to generate realistic Internet

4.1.1.2. Mobile Apps

4.1.1.3. Enterprise Services

A cyber range traffic generator should be able to simulate the enterprise

4.1.2. Security Requirements

4.1.2.1. Common Vulnerabilities and Exposures

A cyber range exploit database should follow the industry Common

4.1.2.2. Denial of Services

A cyber range should be able to generate stand-alone and Distributed Denial of

A cyber range should be able to simulate the master and slave

4.2 Security Systems

A cyber range environment requires security devices in order for trainees to be

Intrusion Prevention Systems (IPS) should be included in the cyber range.

4.3 Event Management Systems

A Security Information & Events Manager (SIEM) application is essential in a

Cyber range operators have multiple choices when selecting SIEMs

4.4 Network Systems

4.5 Virtual Infrastructure

Virtualization of data centers components offers many advantages. Virtual

5. Physical Lab Components

o Physical servers with hypervisor nodes.

o Screens for monitoring the physical & virtual infrastructure.

 Physical Network Tap: Ethernet and Fiber both.

6. Virtual Lab Components

 Open Source Firewall IDS/IPS/DDoS protection.

o Very fast DDoS analyzer with sflow/NetFlow/mirror support.

7. Functional Requirements of Cyber Range

 It would be operations-driven and able to bring together people, process, and

8. Objectives of the Cyber Range Solution

The objectives of the Cyber Range will be the following:

a) Simulate Various Attack Scenarios; To be used as a simulator of large-scale virtual

c) Serve as a Validation Tool; to be used as a validation tool where organizations can

d) Test Application Performance; to be used as a tool to test application performance