technical specification of neir technical... · 3. scope of works national equipment identification...

1

Bangladesh Telecommunication Regulatory Commission 5-7th Floor, IEB Bhaban, Ramna, Dhaka-1000.

Draft Technical Specification for

Supply, Implementation and Operation of National Equipment Identity Register (NEIR) System

1. Background To provide a dependable telecommunication services, Bangladesh Telecommunication Regulatory Commission (BTRC) was formed on 31st January of 2002, under the Bangladesh Telecommunication Regulatory Act 2001. According to the Telecommunication act the Commission is assigned with various responsibilities such as establishing, operating, regulating, maintaining telecommunication establishments and providing various telecom services in the country are the major ones. One of these services is to provide Type Approval & issue NOC to all imported mobile devices and register them in the BTRC’s NOC Automation & IMEI Database (NAID). Equipment that are not imported through proper channels i.e. enters the country illegally or smuggled are not registered in this database and does not meet the standards prescribed by the Commission. Every year thousands of illegally imported or cloned handset enter into the mobile market for which government is being deprived of huge revenue. Hence there is a need for network access control to block these sub-standard mobile devices. Also, the use of telephony technology in criminal activities, also the abundance of unregistered/ substandard/counterfeit mobile devices demands better monitoring on mobile devices that are used in Bangladesh. To achieve this objective BTRC has taken initiative to implement National Equipment Identification Register (NEIR) system at BTRC, where all the existing and future mobile handsets will be registered properly using their unique identifiers like IMEI, IMSI, MSISDN etc. The NEIR systems will enable BTRC to track devices used for criminal activities, unregistered handset, categorizing users etc. 2. Objectives The objectives of this assignment are (but not limited to):

1. Register all the mobile handset with necessary information against its user so that appropriate authority can be informed about each and every handset with its user credentials.

2. Ensuring that, legally imported mobile devices are used with proper verification and registration. It will also increase the government revenue.

2

3. Through the NEIR systems BTRC will be able to check illegal activities in regard to mobile devices, clone/illegal handset, stolen handsets, categorizing users etc. The handset users will have to register their handset into the system. Any handset which is not registered will not be working in any operator’s network and thus illegal activities in handset market will be decreased significantly.

4. The main objective is to prohibit, restrict and control the use of telephony technology in criminal activities, guard the theft of mobile devices and prevent the use of unregistered mobile devices and real time monitoring on mobile devices that are used in Bangladesh.

3. Scope of Works National Equipment Identification Register (NEIR) is a central platform which is fundamentally a system to control the access permission of a mobile device into the network after necessary devices verification. It will maintain IMEI, MSISDN, NID etc. of all mobile devices and its user and will be connected with all the MNO EIRs and other related stakeholders. Besides, maintaining proper access control of all mobile devices in Bangladesh, NEIR will also monitor MNO EIRs. The bidder shall provide a NEIR System which shall comprise the following attributes:

1. Implement a central system for BTRC that will enable the authority to maintain proper access control of mobile devices.

2. Locking/ binding capability of IMEIs with MSISDN/ IMSI/ NID for monitoring and verification of users.

3. An online portal should enable users to get the facilities of the system like, registration, device blocking, complaint generation etc.

4. System will be connected to all the EIR DBs of the MNOs, CBVMP, BTRC’s IMEI DB, Global IMEI DB, NID and any other necessary systems.

5. System should be capable to check the device data & cross match with NAID DB and Global IMEI DB and allow/disallow the device to connect to the telecom network.

6. NEIR should have compatible API facility to integrate the system with the EIR systems developed by the mobile network operator

7. The bidder shall provide DC-DR server and networking hardware and install and configure them for proper operation of the NEIR system.

8. Provide support and maintenance service of the system. 9. Helpdesk/Call Center (should be provided by the bidder) have to be established and managed for

all stakeholders as per maintenance contract. 10. All necessary softwares and upgradation of softwares by the awardee as necessary for NEIR system

according to this specification and EIR directives.

4. Functional Requirements NEIR system shall incorporate all the elemental requirements of a central equipment register system to perform as a fully functional system. The below mentioned functional requirements must be supported by the software. Software provided by the awardee must be in use for the similar purpose in Bangladesh or outside Bangladesh for at least 3 years. It may be required to upgrade software as per the requirement of BTRC. Following are, but not limited to, the functional requirements:

3

SL Required

Functionalities Description

1. Access Control Whenever a mobile handset request for any network access the NEIR system will verify if it meets all the pre-requisite like- if it is a legal and registered device, if the device is bound with a registered SIM, proper user registration is completed etc.

2. Application Platform The application platform of NEIR system will handle all the device registration. The registration should be done using the device through USSD code or online portal. So, the platform should work both online and offline. System will check the device data & cross match with BTRC’s IMEI DB and Global IMEI DB and allow/disallow the device to connect to the mobile network.

3. Database Management NEIR shall have the capability to maintain all the required databases to collect or store necessary data of IMEI, MSISDN, NID, and other device information for verification.

4. Invalid IMEI detection NEIR shall be able such as: • Check IMEI format to verify it is of a valid format and range • Identify IMEIs which are not allocated • Identify IMEIs which are null, duplicate or all zero

5. Device information NEIR shall contain the information, but not limited to, of the devices that are registered with all mobile networks: • IMEIs • IMEI status (white, grey, blacklisted) • Device attributes • Date of record creation • Date of last record update • IMEI status reason (invalid, stolen, cloned, valid)

6. Other Information NEIR shall contain the following information along with Device Information • Device attributes • NID • IMSI • MSISDN

7. List Management Sample lists might be as given below: • White List

Ø Mobile devices imported through the legal channel and registered in the BTRC's NAID.

• Grey List Ø All Mobile devices which are allowed to connect to the

network with certain conditions for a definite period of time.

• Roaming List Ø Any mobile devices that is being used in a roaming

network will be listed in roaming list. • Lost/ Stolen list

Ø Mobile devices that are reported as lost or stolen with proper documents will be listed in the lost/stolen list along with the detailed device attributes.

4

• Blacklist Ø Mobile devices which are truly reported as stolen, lost or

have some specific reason not to be attach to the network. • Customized List (IMEI-IMSI paired)

Ø Mobile devices which are cloned, non-type approved, fake, illegally imported etc. but already exists in the present network. All such kind of handsets would be allowed to be paired-up with a limited number of MSISDNs. System will notify the subscribers by SMS/IVR about the status of handsets listed as Grey in the NEIR system and about the necessity of registering the handsets with certain MSISDN.

• Global Blacklist Ø This list would be updated with the help of the GSMA. In

this regard, internationally blacklisted IMEIs can also be accommodated to BTRC's Global Blacklisting provisions upon agreed by both the parties.

All above lists should be well defined. 8. Device and SIM Binding NEIR system shall have the capability to bind MSISDN, IMSI and

NID of the SIM, and Device IMEI together and store. This binding feature should incorporate all possible device and SIM Combinations. An IMEI number can be bound/ locked to multiple MSISDN/IMSI registered against a single NID, where one MSISDN/IMSI can be bound/locked with other IMEI.

When an IMEI is bound with an MSISDN/ IMSI registered under a particular NID, system should have the capability to pull all other SIM information against the same NID and bind with them automatically.

For binding the SIMs that are registered with a foreign ID/ Passport NEIR should pull necessary data i.e. passport ID, and complete the SIM-Device binding.

9. Self-Registration Module Individuals can be allowed to register their own devices which are basically bought in abroad and intended to use inside our country.

10. De-registration The system should have a de-registration feature through which a user can unbound all of his SIMs with that device and withdraw his ownership in case of ownership change or any other legal purposes.

When a device requests for network access with a valid SIM and NID, system should check if that device is already bound with other SIM registered against different NID. For this particular case an SMS will be sent to the previous owner to initiate de-registration process or to lodge a complaint. Without de-registration system will not allow binding a device with SIMs registered against multiple NID unless the device is allowed to do so by the authority.

11. Roamers/ Foreigners device Registration Module

People, who will have short stay in Bangladesh (diplomat, tourist, expatriate citizens and so on), can be subscribed with one of the MNOs by proving their situation showing necessary documentations. IMEI numbers can be matched/paired with the MSISDN numbers for

5

communication purposes on condition so that only the matched MSISDN number is used with this equipment.

12. Module for network EIRs • Records sending /or receiving modules to/or from EIRs • Detecting unregistered IMEIs • Functionality checking of each network EIRs • Preparing input for advanced cloned and fraud analyzing

13. Advanced Clone and Fraud analysis module

• Check IMEI result information from every network EIR, Correlates and set logic for the detection of the highest possible cloned and fraud cases. i.e. IMEI cloning & SIM card cloning.

• Clone analysis may be done by functional based, location based and time-based clone analysis.

• Decision to be taken about the real owner of an IMEI in case of clone detection.

14. SIM BOX detection module

Check Illegal VoIP activities conducted by the SIMBOX that could be detected by cloned or random IMEIs.

15. Type Approval module Check Type approval simply means that the product is certified to meet certain requirements for its type. Mobile Device Type Approval ensures that mobile phones to be sold meets approved guidelines and regulations.

16. Stolen Device module When a phone is reported stolen, the NEIR system can mark the IMEI number invalid, thus prompting remote action immediately like blacklisting the device, blocking the device and so on as required.

17. Incorporating Existing Mobile Subscriber

NEIR shall support existing mobile subscribers, including those with duplicate IMEI, without further addition of cloned, duplicate and fake IMEI.

18. Device blocking & unblocking

NEIR shall be able to block services to subscribers with registered devices with invalid or blacklisted IMEIs. Also, ability to unblock services when necessary.

19. Interoperability NEIR shall be interoperable with all the appropriate network elements and interfaces of MNOs.

20. Website/Portal/Mobile App

System to provide a website/portal/mobile app for end-users. The contents would be configurable by BTRC. The website should provide at least the following information: • News and announcements • Information regarding general rules and regulations • IMEI query • Individual application • Contact information • Online complaint • Links to other external web-based interfaces etc.

21. Report Generation Monitoring dashboards and customized reporting capability.

5. Integration The NEIR system will be integrated with all related stakeholders and perform smoothly in transferring data in real time or periodically as required.

6

Following are, but not limited to, the integration requirements:

SL. Integration Items Functional Features 1. Necessary Database Integration • Allowing Importers registration to the system

• Web portal which would allow the subscribers to query about the device's IMEI information.

• SMS portal which would allow the subscribers to query about the device's detailed of IMEI related information i.e. genuineness of the device, before buying the device.

2. GSMA IMEI database integration module and Worldwide Centralized IMEI database(s) integration module

NEIR shall have facility to access GSMA's IMEI database and shall have a capability to identify counterfeit IMEIs by comparing the IMEIs database provided by the GSMA. It would validate the device whether it is registered by the true manufacturer.

3. Central Biometric Verification & Monitoring Platform (CBVMP)

Integration with CBVMP to validate MSISDNs of different operator locked with NID, and thus provide ability to lock IMEI with NID.

4. Operator’s Database Integration NEIR will be integrated with all the mobile network operator’s database of Equipment Identification Register (EIR) to collect/update all the lists and device data of respective mobile network.

5. External Web interfaces For regulatory purposes, NEIR should have APIs for different external systems. (E.g. Customs, LEAs, MNOs, Users etc.)

6. SMS Gateway/Platform with all MNO connectivity

Sending SMS notifications to the subscribers.

6. Technical Specification

1. Develop a transactional database system for preservation of all device and SIM data. 2. Capability to capture detail device profiles and data. 3. Ability to verify all device data with existing SIM & NID in real-time. 4. System should have security and exception handling ability including master settings and

configuration. 5. System should have queue management. 6. System should have MIS reporting panel. 7. System should have custom report generation modules. 8. Align all commercial MNOs in a single platform thus implement NEIR / Central consent before

allowing any device in the network. 9. Connectivity with global IMEI databases. 10. Operator wise Transaction per Second (TPS) controlling. 11. Ability to handle 500 concurrent requests per a second. 12. Ability to maintain historical logs and audit logs. 13. Design and establish connectivity between all MNO-EIRs and NEIR system through fiber

network and establish redundancy of network for 99.95% uptime.

7

14. Data connectivity should be established among data center, disaster recovery site and MNOs data center and disaster recovery in layer 2/3 model.

15. Web API should be used for service integrations. 16. Database servers should be configured for concurrency, high availability, secure backup, security

and audit trail. 17. Implement real-time data synchronization between DC and DR. 18. Procurement, configuration and deployment of:

Network connectivity & equipment Storage hardware Application and database servers

19. Improvement of Data center and Power Room. 20. Data migration of all mobile phone numbers of all mobile operators with their required data for

device registration to the central NEIR platform. 7. Security Checklist 1. Input Validation: There must be proper Input Validation with the protection of cross-site scripting (XSS), SQL injection, buffer overflow, etc. Bad input can also lead to Denial of Service (DoS) attacks on the application.

2. Output Escaping/Encoding: Output escaping/encoding is required to handles output. All output data must be escaped/ encoded unless they are known to be safe for the intended destination. Must have to consider for implementing Content Security Policy (CSP) if possible.

3. Authentication & Password Management: Must be used password policy to document and address key concerns when it comes to authentication and password management including proper password strength controls, password lifecycle, password reset process, password storage, protecting credentials in transit, browser caching, number of login attempts, etc. For unauthenticated/anonymous page submits, consider using CAPTCHA technology to prevent spam and automated attacks. Enforce multi-factor authentication in high risk areas where possible.

4. Session Management: Session should be managed that ensures that authenticated users have a robust and cryptographically secure association with their session. It is recommended to use the server or framework’s session management controls whenever possible. Also, the following areas should be considered: session invalidation during authentication, re-authentication, logout, and switching from HTTPS to HTTP. HTTP header tags like timeout, domain, path, http only, and secure should also be considered with regards to session management. If using single-sign-on, make sure the application logout function calls the single-sign-on logout function. Force user re-verification, not relying only on current session state, for high-risk user transactions to prevent CSRF.

5. Authorization & Access Control: Must be implemented authentication, authorization for the decision process where requests to (create, read, update, delete, etc) a particular resource (object) should be granted or denied. Access control should be used for authorization enforcement with the most popular being role-based access control (RBAC). Centralized authorization system should be used where role membership is centrally managed and audited, then map those roles to specific permissions within the application. Implement least privilege policy between all subjects and objects. Ensure that the access control list covers

8

all possible scenarios. Enforce timely authorization checks on every request (from both server and client side) to prevent “time of check”/”time of use” (TOC/TOU) attacks.

6. Cryptographic Practices: Proper encryption should be used when handling sensitive data at any tier of the application. Choose carefully whether “two-way” shared key symmetric encryption, “two-way” public/private key asymmetric encryption, or “one-way” salted hash encryption is best for each case. Ensuring cryptographic modules is used by the application. Using of approved cryptographic modules for random number generators.

7. Error Handling, Auditing & Logging: The application should handle its own application errors and not rely on the server. Do not display sensitive, debug or stack trace information in the production environment. Ensure audit logging controls are in place to log both successful/failure security events, especially authentication/authorization attempts and access to sensitive data with useful audit information based on the “Who/What/When/Where” principal. Sensitive data should never be logged, instead use other unique and traceable identifiers. 8. Data Protection: Limit access to data based on the least privilege principal. Encrypt sensitive data and information like stored passwords, connection strings and properly protect decryption keys. All cached or temporary copies of sensitive data should be protected from unauthorized access and get purged as soon as they are no longer required. Not to allow sensitive production data in non-production environments.

9. Communication Security: When transmitting sensitive information, at any tier of the application or network architecture, encryption-in-transit should be used. SSL/TLS must be supported for data communication. Uses of trusted certificate authority to generate public and private keys whenever possible.

10. System Configuration/Hardening: Making sure that every piece of software from the OS, system components, software libraries, software framework, web servers, etc. are running the latest version and they are patched with latest security patches. Lock down the server and remove any unnecessary files and functions. Isolate implementation environments from production environments. Uses of version control software so that all code changes deployed to production are reviewed and have an audit trail.

11. Database Security: The application should use the lowest possible level of privilege when accessing the database. Locking down the database by turning off any unnecessary features. Connection strings and database passwords should be kept in secure, separate and encrypted configuration files.

12. File Management: Ensure authentication is required before file uploads. Limit file types & prevent any file types that may be interpreted by the web server as well as validate the file types by checking the file header. Scanning of uploaded files for malware where possible.

8. Deliverables 1. Inception report: In the inception report, the bidder shall document the revised scope of works,

deliverables and timeline according to the feedback and suggestions collected from the inception meeting arrange by client where all stakeholders would be present. The report will also contain the risk and mitigation plan.

2. NEIR System: Successful implementation of the NEIR system that meets all the scope detailed in the inception report.

3. Helpdesk System: The bidder will provide standard call center solution to meet the requirements of helpdesk functions. There will be two agents in helpdesk from 8:00 am to 11: pm.

9

4. Data center (DC-DR): The bidder shall develop Data Center and Power Room as per the below table and as per bidder’s data center design and provide standard data center equipments as per specification and should install and configure them for proper operation of the NEIR and provide related necessary electrical works with required electrical components. Bidder should provide Disaster Recovery Site (Co-location) with minimum Tier-3 facilities. DR shall be at a rented space (rentals to be paid by the bidder and be included in financial proposal).

5. Network Connectivity: Bidder should establish network connectivity (data connectivity) with all MNOs and DC-DR. Connectivity should be redundant from different NTTN.

6. Training: The bidder shall provide training to the BTRC officials for operating and understanding of the system. Training and user manual should also be provided.

7. 3 Years’ Operations, Maintenance and Managed service: The bidder shall provide support and maintenance service for three (3) years after the deployment. The managed services will be governed by a comprehensive service level agreement (SLA) and will commence after the successful installation and commissioning of the entire NEIR system.

8. Final Report: The bidder shall submit a final report describing the activities, findings and recommendations, source codes, other relevant documents.

9. Copy Rights After final implementation the NEIR application will be the sole property of BTRC and BRTC will own all rights to the system including the source code and any other documents related to the NEIR system.

10. Minimum Key Professional Requirement

SL Key Position Number 1. Project Manager 1 2. System Analyst 1 3. Business Analyst 1 4. Database Administrator 1 5. Information Security Expert 1 6. Interoperability Expert 1 7. Sr. Software Engineer 3 8. Software Engineer 5 9. Quality Assurance Engineer 2 10. System Administrator 1 11. Network Engineer 2 12. Trainer 2 13. Technical Documentation Expert 2 14. Support & Maintenance Engineer 2

10

11. Duration NEIR system to be installed at BTRC by the awardee within 90 days of contract signing. Operation, Maintenance & Support duration shall be 36 (Thirty-Six) months after final acceptance.

12. Training The bidder shall provide ToT training for 20 personnel. The bidder shall propose necessary training plan with relevant arrangements. 13. Maintenance & Support Bidder shall implement National Equipment Identity Register (NEIR) system at BTRC and manage the system as well as DC-DR by providing standard SLA ensuring 24 hours x 7 days x 365 days support and services. bidder shall: 1. Bidder shall provide appropriate escalation matrix for operation. 2. Bidder shall maintain DC-DR system for the proposed NEIR platform. 3. The availability of the system shall be >99.95% excluding the planned downtime. 4. The system provided by the supplier shall maintain complete redundancy with respect to all equipment

and connectivity. 5. Bidder must maintain 8.00am to 11.00 pm, 365 days a year help line, to provide troubleshooting and

support services to BTRC. 6. All planned downtime required by the bidder shall be communicated well advanced and has to be

conducted in super off-peak hour when there is no certain activity. 14. Hardware Requirements The minimum hardware that are required for the system is listed below. Bidder can add items or quantity if it is necessary for the smooth operation of the system. 1. Database Server (3 nos)

SL Item Minimum Requirement

Compliance (Yes/No) and/or response (if any)

1. Number of Rack Servers 3 (Three)

2. Qualification criteria

ISO 9001/9002 or higher for manufacturer, FCC Class A/B, Energy Star for quality assurance Bidder must submit appropriate documents for the certifications.

11



3. Make & Model The Server must be from an OEM listed among the top five brands in both shipment and revenue in near past quarters

4. Processors Rack Server shall have a minimum of two (2) Intel Scalable Platform (Skylake) 6128 CPU

5. Chipset Intel chipset compatible with the offered processors.

6. Internal Storage

The server should Support up to 8 hot-swappable 12Gbps SAS and SSD drives.

Server should be configured with 5 x 600GB SAS 12Gbps 15K 2.5in Hot-plug Drive

The Server RAID controller should support the following configurations RAID 0, 1, 5, 6, 10, 50, and 60

Server should be configured minimum with 1GB of Flash backed write cache module.

7. Memory

Should have at least 24 DDR4 DIMM slots per server and support up to 3TB of DDR4 2666 MHz memory. Should support registered ECC DDR4 DIMMs only

The Server should be configured with 512GB of DDR4 Memory (with 64GB RDIMM, 2666MT/s, Dual Rank Module) from day one

Support for advanced memory RAS Features like memory mirroring, sparing, failed DIMM isolation etc.

8. Network Should have QP (4 port) 1Gb Network Interface Card Should have 16Gb dual port FC HBA

9. PCIe Slots Should support up to 8 PCIe Gen 3 slots, maximum of 4 x 16 slots

10. Optical drive Factory fitted Internal SATA DVD+/-RW

11. Management

Should support out of band upgrades, Agentless out-of-band management, integrated diagnostics and Power monitoring and reporting.

The server should support industry standard management protocols like IPMI v2 and SNMP v3

One 1-Gbps RJ-45 management port HTML 5 based management GUI The server should support multiple management interfaces including web user interface and command line interface.

Automatic Configuration of management port, using a central repository for the configurations and XML files to configure the server

Automatic updates of all firmware, using a central repository to handle the upgrade

At the server management with Android or iOS devices where admins can configure, monitor and troubleshoot

12. Security Following security features must be available with the servers – § Should have the ability to securely erase data from

12



local storage (HDDs, SSDs, NVMs) and embedded flash devices.

§ Should prevent unauthorized or malicious change with Server Lockdown

§ Maintain data safety with cryptographically signed firmware packages and Secure Boot

13. Ports

Should have the following ports for server connectivity –

• Front ports: Video, 2 x USB 2.0, available USB 3.0, dedicated Micro-USB port for direct remote access management controller

• Rear ports: Video, serial, 2 x USB 3.0, dedicated remote access management network port

• Video card: VGA • Serial connector

14. Others

Should have 6 hot plugs fans with full redundancy Supports hot swappable energy efficient redundant power supply, maximum 750W

Rail Kit and cable management arm to be provided along with the server

System status should be viewable on the LCD panel of the security bezel

15. Operating Systems Support

Canonical Ubuntu Citrix XenServer Microsoft Windows Server with Hyper-V Red Hat Enterprise Linux SUSE Linux Enterprise Server VMware ESXi

16. Warranty 3 Years Warranty provided by OEM 17. Form Factor 2U Maximum

2. Application Server (6 nos)



1. Number of Rack Servers 6 (Six)




4. Processors Rack Server shall have a minimum of two (2) Intel

13



Scalable Platform (Skylake) 5217 CPU 5. Chipset Intel chipset compatible with the offered processors.

6. Internal Storage





7. Memory







11. Management







12. Security

Following security features must be available with the servers – § Should have the ability to securely erase data from



§ Maintain data safety with cryptographically signed

14



firmware packages and Secure Boot

13. Ports





14. Others







3. Log Server (2 nos)



1. Number of Rack Servers 2 (Two)






15



6. Internal Storage





7. Memory







11. Management







12. Security





16



13. Ports





14. Others







4. Test Server (1 nos)



1. Number of Rack Servers 1 (One)

2. Qualification criteria ISO 9001/9002 or higher for manufacturer, FCC Class A/B, Energy Star for quality assurance Bidder must submit appropriate documents for the certifications.




6. Internal Storage



17





7. Memory







11. Management







12. Security





13. Ports



• Rear ports: Video, serial, 2 x USB 3.0,

18



dedicated remote access management network port


14. Others







5. Tape Library (2 nos)



1. Number of Tape Library 2 (Two)

2. Brand To be mentioned by the bidder/should be the same as server brand

3. Model To be mentioned by the bidder

4. Feature The Offered Rack Mountable Tape Library must be with Minimum of 2 LTO-7 FC tape drive. The required Rackmount Kits & Accessories must be Supplied

5. No. of Data Slots The Offered Tape Library must be with Minimum 32 Slots

6. Tape Drive Architecture

The Tape Library must be Offered LTO-7 drive in the Library shall conform to the continuous and data rate matching technique for higher reliability. Should support Linear Tape File System (LTFS) to provide easy data access and management allowing easy file share

7. Transfer Rate and Backup Rate

Offered LTO-7 drive shall support 300MB/sec in Native transfer rate per drive (1080GB/hr)

8. Power Supply The offered Tape Library must be offered with Redundant Power supply.

9. Compatibility The Tape Library Must be compatible with earlier version of LTO like LTO-6, LTO-7 etc.

10. Connectivity The Offered Tape Library shall provide 8Gbps native FC

19



connectivity to SAN switches.

11. Partitioning

Offered Tape Library must have partitioning support so that each drive can be configured in a separate partition. The Partitioning License should be provided along with the Library.

12. Cartridges Bidder must Supply (20 Blank- New Data cartridges & 1 Cleaning Cartridges) with barcode labels.

13. Management Tape Library shall provide web based remote management.

14. Encryption

The offered tape library solution must support encryption and the encrypted keys should be managed by the ISV or the Tape library as a part of solution i.e. the Data on the LTO media must be in Encrypted form, The Encryption management should be either AME or LME, to keep the keys safe and secured.

15. Barcode Reader and Mail slots

Tape library shall support Barcode reader and min 3 mail slots to deliver easy, secure access to individual tape cartridges without interrupting library operations.

16. Other Features

1. Tape Library shall have GUI Panel. The web-based administration must be accessed via a 10/100/1000 Base-T connection through any standard web browser.

2. Valid FCC certificate to be submitted along with the bid

3. Must be with supplied with redundant power supply. 4. The Tape library must set alerts for backup and

archive events. 5. Should have Operator Control Panel to check system

status, run diagnostics, view system logs, check and set configuration, verify drive operations, run an inventory and manage the system.

6. Three years 24x7 comprehensive onsite warranty directly from OEM.

7. Manufacturer’s authorization letter to be provided.

17. Warranty 3 Years Warranty provided by OEM 6. Storage (2 nos)

SL Related Service/ Features Technical Specification and Standards

Compliance (Yes/No) and/or

response (if any)

1. Brand Must be internationally reputed brand and recognized as Leader in Gartner's Magic Quadrant.

2. Model To be mentioned by the bidder 3. Country of origin To be mentioned by the bidder 4. Manufacturing Country To be mentioned by the bidder 5. Node Type Rack Mountable unified Storage

20

Provide Unified block and file for SAN and NAS protocol.

Storage should be configured with minimum two active Controllers; each controller should have minimum 64GB cache and 128 GB cache for the whole system

6. System architecture

Provide a multi-controller full-switching architecture and services will not be interrupted when any of two controllers are faulty or removed. Should provide integrated architecture for block, file, and VMware VVols with active-active dual storage controllers. It ensures that services will not be interrupted when any of the controller is faulty or removed.

Offered storage adopts high-bandwidth and low-latency PCIe supporting 12GB SAS.

7. Expansion

Supports up to 500 disks

Storage supports expansion to higher controller with Data in Place upgrade

8. Capacity Requirements

The Storage must support SAS, SSD, FC and SATA based disks simultaneously. The storage must be supplied with 2.81TB on SSD with 800GB FLASH 3 (RAID 6), 9.28TB on SAS with 1.2TB SAS (RAID 6) in Total 12.08TB. The storage must be designed in such a way so as to provide dedicated RAID 6 storage for SSD & SAS Group groups for each controller, which must allow any 1 per drive type failure protection at any given point in time as hot spare as per configuration rules

9. Front End Ports Min. System must support up to 12 FE ports per SP. 10. FE Connectivity Provide min 4 x16FC CNA ports.

11. Storage Controller Storage should be configured with minimum two active Controllers; each controller should have minimum 64GB cache and 128 GB cache for the whole system.

12. RAID Offered storage system shall support Non-RAID Pool/Dynamic Pool supporting RAID 1, RAID 3, RAID 10, RAID 5 and RAID 6.

13. Security Must provide unique data encryption key based data encryption feature.

14. Cache acceleration

Provide the function to use small number of SSD to expand shared cache with full capacity software license. Hotspot data are automatically identified and migrated to the SSDs, accelerating services running on storage systems, so that can improve performance several times.

15. QoS

Provided storage has intelligent quality of service function with full capacity software license based on volumes or ports that uses traffic control to ensure core service quality and allocates resources for top-priority services.

16. Tier automatic migration

The storage system should provide auto tiering function with full capacity software license. It must provide three tiering with SSD, SAS and NL-SAS. The graphic automatic tiering policy adjustment tool is provided to adjust time and tiering method of data tiering and to improve utilization efficiency of storage resources.

17. Cache Data Backup in Power Failure

In case of power failure, system should ensure that there is no loss of data in case of power failure and battery backup for cache is provided. Also, the data will be de-staged to internal flash or disk drives for higher protection of data

18. Snapshots & LUN Should be provided with point in time snapshots function with full capacity software license. Up to 1000LUN per array along with System support 1000Snapshots per array.

19. Clone Should be provided with clone feature with full capacity software license that data is synchronized from the primary LUN (logical unit number) to the secondary LUN by default and can be recover

21

the latest data once the primary LUN fault. All software license required are ready from day one.

20. Compression Supports compression to improve storage space utilization efficiency

21. Reliability

Provides redundant power modules, fan modules, controllers, and caches under the power failure protection. It also provides non-disruptive online micro-code upgrades in order to ensure no single point of failure.

It should support hot plugging and hot swapping of critical components with minimal disruption

22. Replication

Supports remote replication function with full capacity software license, with Fibre Channel– and IP-based replication, and Also should supports GUI-based management page to allow users to customize intervals for remote, asynchronous data transfer (the interval is not be longer than 5 seconds)

23. Compatibility

Obtains certificates of SMI-S or later and provides screenshots and official website links.

It should support all industry leading operating systems including Windows 2003, 2008, 2012 server, Sun Solaris, IBM AIX, HP-UX, VMware, Citrix Xen, Hyper-V, Oracle Linux, Red hat, SUSE, Apple Mac OS.

The new storage should integrate the existing storage. The new system should be able to access data at native layer across old and new storage.

24. Manageability Provide standard storage device management software via GUI/Web-based and CLI (Include volume management, resource allocation, host access control, data security etc.)

25. Online upgrade

Supports the online upgrade function that automatically upgrades the version without any manual intervention after the upgrade package is manually imported. Must also support upgrade path to later platforms without having to rebuy capacity, DEA or both.

26. Installation& Commissioning

Installation, testing and commissioning with necessary accessories will be done by OEM authorized partner.

27. Warranty Mentioning Manufacturer's warranty should be quoted with minimum 3(Three) years warranty.

28. Any other features may feel necessary by the bidder

Storage Should provide Data-In-Place upgrade capability which enables storage box upgrade to higher model without the need of data migration. Offered storage also provides All Inclusive Base Software

29. Data Migration

Proposed system must support native data import (SAN Copy) from existing storage to enable critical workloads get functionality of new proposed system. This must be enabled without using any 3rd party or add-on host for migration.

30. Warranty 3 Years Warranty provided by OEM

7. SAN Switch (4 nos)



1. Number of SAN Switch 1 (One)

2. Quality Certifications ISO 9001/9002 or higher for manufacturer, FCC Class A/B, Energy Star for quality assurance Bidder must submit appropriate documents for the certifications.

3. Brand Internationally reputed Brand 4. Model To be mentioned by the bidder

22



5. Bandwidth The FC connects between Servers and the SAN Switch as well as the FC Connects between SAN Switches and SAN storage shall be of minimum 16 Gbps bandwidth

6. Active ports Twelve (12) units 16 Gbps Short wave SFP Transceiver with activated license

7. Performance Auto-sensing of 8 ,16 Gbps port speeds

8. Aggregate Bandwidth 384 Gbps end to end full duplex

9. Port types FL_Port, F_Port, M_Port (Mirror Port), and E_Port

10. Features

Shall support Error detection and fault isolation The switch must support authentication when managing from GUI, console or telnet to prevent unauthorized access.

The switch must support multilevel security on console access prevents unauthorized users from altering the switch configuration.

11. Management Switch must support out-band management via SNMP or Telnet or SSH, TFTP.

12. Peripherals and Accessories All cables and Connectors as required for the solution.

13. Form Factor Rack Mountable with Rail Kit


8. Manageable L3 Ethernet Switch (4 nos)



1. Switching Capacity Minimum 200 Gbps or higher 2. Forwarding Capacity Minimum 100 Gbps or higher 3. Forwarding Rate Minimum 65 Mbps or higher 4. MAC addresses Minimum 16000

5. QoS access control entries Minimum 600 or higher

6. Security access control entries Minimum 600 or higher

7. Network Ports 24 x RJ-45 10/100/1000 Ethernet ports, 4 x SPF Ports

8. VLAN / Networking support

IEEE 802.3, IEEE 802.3u, IEEE 802.3ab, IEEE 802.1Q, Min. 1000 VLANs and MTU: 9198 bytes, Support Switch hardware Stacking with 100 Ggbs bandwidth

23

9. L2 Features Broadcast, multicast, and unicast storm control on per-port, IEEE 802.3ad, DHCP, Port Security, Voice VLAN

10. QoS Control-plane QoS, Data plane QoS, 802.1p, 8 egress queues per port, Automatic QoS, Rate limiting, Strict priority queuing

11. Management SSH, Telnet, Multilevel security on access, SNMPv3, TFTP, ping, syslog,

12. Power Supply 110-240V AC input voltage with proper cable 13. Warranty 3 Years Warranty provided by OEM

9. Aggregation Router (4 nos)



1. Network Ports

Minimum 3 x RJ-45 Routable 1Gbps Ethernet WAN ports

Minimum 8 x RJ-45 10/100/1000Mbps Switch LAN ports (VLAN capable)

2. Firewall Performance based on Non-Drop Rate / RFC-2544 Tests

Minimum 110 Mbps for IMIX or Real network traffic

Minimum 39 kpps at 64 bytes 3. Other Ports Minimum 1 x Console Port

4. Expansion slots Minimum 4 WAN Interface slots Minimum 1 service/full width module slots

5. DRAM & Flash Min 512MB DRAM Min. 256MB Flash

6. Feature Should have Standard IP Security (IPSec) and Application inspection and control features

7. Capacity Min. 45 IPSec VPN tunnels capable

8. Security Support stateful firewall security/policy in future

9. Firewall Support Intrusion prevention in future Support TCP optimization in future

10. VPN Supports IPsec / SSL VPN, QoS for VPN Tunnel

11. Encryption Should have hardware-based encryption for 3DES. AES or SSL

12. Routing Protocol support Should have BGP, OSPF,IS-IS, RIPv2, Generic Routing Encapsulation Features

13. VLAN / Networking support IEEE 802.3, 802.1ag, 802.3ah, 802.1Q,

14. Management Telnet/SSH, SNMP, Remote Monitoring, event detection, syslog, Network Flow bases session, Packet Matching

15. Power Supply 100-240V AC input voltage with proper cable 16. Warranty 3 Years Warranty provided by OEM

24

10. Server Rack (4 nos)



1. Brand Same brand as server 2. Model To be mentioned by the bidder 3. Country of Origin To be mentioned by the bidder

4. Country of Manufacturing To be mentioned by the bidder

5. Type High Density Vented Floor Standing

6. Dimension (H x D x W) 42U x 1000mm x 600mm

7. Color Black

8. Static Loading Capacity 1000 Kgs or above

9. Front & rear Door Single panel front door and double Section Vertically Spitted rear door. All the doors should be perforated, lockable and removable.

10. Side Panels Double Section Horizontal Spited solid panel switch two security key locks and quick release latches in each panel

11. Rack PDU 2 x Basic rack PDU, 32 A, 230 V, should have at least 10 units of C13 power outlet.

12. KVM Switch and console Min 17” Rack LCD Console with Integrated 8-port KVM Switch. Bidder must provide all necessary cables for KVM connection to the servers

13. Integrated electrical grounding

The roof, side panels and front and rear doors should be provisioned to be grounded to the frame of the enclosure.

14. Enclosure adjustment tools and hardware provided

Enclosures should have been provided standard with hardware bag that includes hardware for mounting IT equipment and tools for simple enclosure adjustment.


11. Firewall (4 nos)



1. Users/Nodes Unlimited

2. Firewall Throughput Upto 2.9 Gbps

3. Firewall and IPS Throughput Minimum 850 Mbps

25



4. 3DES/AES VPN Throughput support Upto 390 Mbps

5. IP sec VPN Peers support 2450

6. Software VPN peers support Min. 2400 software base VPN user license should be offered from day 1.

7. Firewall Concurrent Connection per second

745,000 or higher

8. Firewall New Connection/second 29,000 or higher

9. Network ports Min. 7 Gigabit Ethernet or higher

10. Visual LAN Interfaces (VLANS) 299 or higher

11. IPS security features

● Security threat prevention and mitigation for known and unknown threats ● Security threat detection, blocking, tracking, analysis, and remediation for malware attacks ● Stateful firewall session, NAT ● Minimum 2,000 applications security threat signatures and support customs signature as per application ● Sandboxing and packet capturing for security threat analysis. ● Anomaly detection ● Zero-day protection ● Correlation with global security threat database

12. Security Contexts of virtual firewall (VSYS) support

Default 2 context from day 1 and upgradable to maximum 45 in future

13. High Availability Active/active and active/standby 14. Expansion slot 1 15. Expandability Port Total up to 14 Gig. Ethernet port 16. USB 2.0 Port 2 17. Serial Ports 1 RJ45, console and auxiliary 18. Memory 8GB 19. Minimum System Flash 6GB 20. System Bus Multi Bus Architecture 21. Redundancy Support Redundant power supply 22. Warranty 3 Years Warranty provided by OEM

26

12.True online UPS (2 nos)

SL Name of Item Required specifications Compliance

(Yes/No) and/or response (if any)

1. Capacity 10 KVA 2. Transfer time 0 ms

3. Mode of operation

Parallel system for redundancy & Parallel operation. (If case of failure of one UPS, the other can take over the load without any interruption and provide smooth backup)

4. Input Voltage 220-230-240 VAC 5. Input Frequency 50/60 Hz ± 5 Hz 6. Output Voltage 220-230-240 VAC selectable 7. Output Frequency 50/60 Hz selectable 8. Output Waveform 100% pure Sine wave 9. Phase single/single-phase 10. Power Factor > 0.80 11. Battery Recharging 4-6 h 12. Battery Type Maintenance-free sealed lead-acid 13. Efficiency up to 80% 14. Noise < 45 dBA at 1 m 15. Backup Time Minimum 02 hours at full load 16. Battery Box Local Made battery box

17. SNMP device/ Remote Network Interface

Included

18. Power system With electrical power distribution subsystem 19. Warranty 3 Years Warranty provided by OEM

13. Generator 25 KVA (1 nos)



1. Minimum Rating 20.0 kVA / 16.0 kW 2. Maximum Rating 25.0 kVA / 20.0 kW 3. Emissions/Fuel Strategy EUIIIa Emissions Compliant 4. Voltage 220-415 Volts 5. Frequency 50Hz or 60Hz 6. Speed 1500 or 1800 RPM 7. Engine Perkins® 8. Compression Ratio 13.3:1 9. Cooling System Ambient temperatures up to 55�C

10. QoS Control-plane QoS, Data plane QoS, 802.1p, 8 egress queues per port, Automatic QoS, Rate limiting, Strict priority queuing

27



11. Management SSH, Telnet, Multilevel security on access, SNMPv3, TFTP, ping, syslog,

12. Power Supply 110-240V AC input voltage with proper cable


14. Data Center & Power Room

SL Item Item Details Unit Qty.

Compliance (Yes/No) and/or

response (if any)

1. Civil Works for Data Center Brick Works, Tiles Works, paint works, Epoxy Paint SQT 1200

2. Insulation for Server & Power Room Good fire-retardant rigid PU foam. SQT 1200

3. Interior Decoration for Data Center Tempered Glass Partition, Tempered Glass Door, Frosted Paper, False ceiling,

SQT 1200

4. Earthing System for Data Center Boring work, PIT & Installation Nos 2

5. 400 KVA Automatic Voltage Regulator Nos 1

6. Environment Monitoring

16 external configurable sensors including Door, Water, Power, Temperature and Humidity Sensor

Nos 1

7. IP Surveillance System

IP Camera Built-in IR Illuminator LEDs/Removable IR-cut Filter /Auto Light Sensor for Day and Night

Nos 1

8. Comfort Air-Conditioning 36000 BTU, 3 Ton, Cassette /Split Type Nos 2

9. Dehumidifier for Power room 18 liter /24 Hour Nos 1 10. Door Access Control Fingerprint, Password, Card Nos 1

11. Distribution Box and Accessories

Main DB, UPS DB, Utility DB, Industrial Socket, Circuit Breaker, Cable, Manual Changer Over and necessary Power cable

Nos 1

12. Automatic Voltage Regulator 40 KVA Automatic Voltage Regulator, Admitted Load Variation up to 100%

Nos 1

13. Static Transfer Switch 8 Port Distribution STS and Dual Source redundant supplies

Nos 2

28

14. Electrical Works

All related necessary electrical works with required electrical components.

Nos 1

15. Database



1. Database Oracle Database: Enterprise Edition (24 Core) 2. Clustering Oracle RAC (16 Core) 3. Data Guard Golden Gate (24 Core) 4. Portioning Oracle Partitioning (24 Core) 5. Audit Oracle Audit Vault & Database Firewall (8 Core) 6. Diagnostic Diagnostics Pack (24 Core)

7. Performance Tuning Pack (24 Core)

8. Backup Solution

Secure Backup (2 Channel)

9. Configuration for TEST/DEV

Oracle Database Enterprise Edition (NUP - 100) Software Update License & Support Partitioning (NAP -100) Software Update License & Support CD Media Pack (1)

10. Warranty & Services 3 Years Software Update License and Support Service provided by Manufacturer

16. Operating System (8 nos)

SL Item Minimum Requirement Compliance (Yes/No) and/or response (if any)

1. Operating System License

Redhat Enterprise Linux 7 64 bit Support Service subscription must be included

2. Warranty & Services

3 Years Software Update License and Support Service provided by manufacturer

17. Load balancer (2 nos)

SL Item Minimum Requirement Compliance (Yes/No) and/or response (if any)

1. Load Balancing HTTP, TCP, and UDP load balancing

Layer 7 request routing using URI, cookie, args, and more

29

Session persistence Service discovery using DNS

2.

Security Controls Request and connection limiting Dual-stack RSA/ECC SSL/TLS offloading TLS 1.3 support Dynamic certificate loading IP address-based access control lists (ACLs)

3.

High Availability (HA) Scalable and reliable HA deployments: Active-active and active-passive HA modes Configuration synchronization with other node in a cluster

4. Others Load balancing with SSL/TLS termination

WebSocket and HTTP/2 support Session persistence and JWT authentication

5. Warranty & Services

3 Years

18. Connectivity

SL Item Unit Minimum Quantity


1.

Data Connectivity establishment with all Telecom Operators (Redundant Connectivity) Data Connectivity establishment with Data Center and Disaster Recovery Center (Redundant Connectivity) Connectivity Media :Fiber Optic Last Mile Transmission: Transmission Lease Line , MPLS based IP/Ethernet Service Connectivity Model : Layer 2/3 Layer Tunnel Supported : GRE/VPN/ L2VPN/L3VPN Tunneling

Nos 10

2. Data Connectivity Mbps 100

3. Internet Bandwidth Mbps 50

30

15. Abbreviations and Acronyms

SL Term Elaboration

1. BL : Blacklist

2. CBVMP : Central Biometric Verification Monitoring Platform

3. CR_Nb_S : Corporate Registered Never-bound SIM

4. EC : Election Commission

5. EIR : Equipment Identification Register

6. GL : Grey List

7. IMEI : International Mobile Equipment Identity

8. IMSI : International Mobile Subscriber Identity

9. IR_B_S : Individual Registered Bound SIM

10. IR_Ub_S : Individual Registered Unbound SIM

11. MNO : Mobile Network Operator

12. MSISDN : Mobile Subscriber Integrated Services Digital Network Number

13. NEIR : National Equipment Identification Register

14. NID : National ID

15. NOC : No Objection Certificate

16. R_B_D : Registered Bound Device

17. R_Ub_D : Registered Unbound Device

18. SIM : Subscriber Identity Module

19. Ur_Ub_D : Unregistered Unbound Device

20. Ur_Ub_S : Unregistered Unbound SIM

21. USSD : Unstructured Supplementary Service Data

22. VL : VIP List

23. WL : White List

technical specification of neir technical... · 3. scope of works national equipment identification...

Documents