Point Of Contact Not Available
2. Scope of Work 1. Scope of Work Provide appropriately sized Hyper-Converged Infrastructure (HCI) solution and installation services to replace the current data center server infrastructure that hosts the City’s VMWare vSphere environment. The HCI solution and associated hardware to be installed by the proposing firm at the City’s data center located in City Hall. See Exhibit H for an RVTools report of existing virtual guests that would need to be migrated to the proposed HCI cluster. Additionally, provide a fully integrated, cloud-hosted DR solution that will replace the current DR infrastructure and move all services for DR for compute, storage and networking currently hosted in a colocation facility, to be fully hosted in the Cloud. The HCI design shall provide flexibility, resiliency, enhanced security, and future expandability of the City’s server infrastructure. Minimum Requirements and Qualifications Please provide a narrative description of your proposed solution’s capability to comply with each item in this section, as appropriate. Each description should refer to the item number being addressed. To ensure proper review and evaluation, respondents are encouraged to include diagrams, rack elevations, and any other supporting information to demonstrate a clear understanding of the requirements, the specifications for the proposed solution, and that the proposed solution is a complete turn-key system. 1. Proposing firm must be an authorized partner of the HCI solution they are proposing with demonstrated expertise in performing the required services for successful implementation. 2. Proposing firm must include the proposed design of the solution, post-implementation support, manufacture approved training, installation and integration services, warranty, and customer support information for minimum of three (3) years, and two (2) year option of renewal of one (1) year each. 3. Proposals must include professional services to implement the solution, including forecasted delivery and travel costs if applicable. 4. The proposed solution must include an itemized list delineating material and labor included in the proposal. 5. Proposing firm must demonstrate previous successful experience of their proposed solution with other municipalities similar in size to the City of Santa Monica. 6. Proposing firm shall describe its project management process included with their response. 7. Proposing firm must provide a detailed Project Plan with activity and phasing timelines required for executing the project with the details of deliverables and milestones including the delivery of hardware components. The firm shall designate a Project Manager who would be the single point of contact during the complete project implementation. 8. In addition to reviewing the RVTools report provided Exhibit C, proposing firm must analyze, review, and gather performance metrics and ensure the proposed system performs optimally – equivalent or better to the current HPE 3PAR SAN, in terms of IOPs. 9. To ensure the efficient use of storage, the solution must support data deduplication, compression on a per data store basis with the ability to disable the deduplication and/or compression at any time. 10. The HCI solution must support end-to-end data encryption for data in use, in flight, and at rest. 11. Ensure necessary security features are built in to the proposed HCI solution. Provide distributed security for both on-premises and in the Cloud for DR as a service (DRaaS). Provide ability to protect resources at the control, data, and management plane. Support micro segmentation. Provide configurable role-based access control, support single sign-on for administrators and end users, if applicable. Capable of supporting multi-cloud security if applicable. 12. Proposing firm shall be responsible for installing, configuring of all patches, updates, upgrades required for the proposed solution without any extra cost to the City during the warranty period. 13. All service requests for the HCI equipment before final acceptance should be received, managed, executed, and tracked to closure by the proposing firm. 14. The successful firm will provide system administration overview and knowledge transfer and documentation to the City’s IT staff on the implemented solution. 15. Proposing firm at no additional charge will coordinate returns with the manufacturer for any reason (i.e., damaged equipment, etc.) 16. Proposing vendor is responsible for insurance of equipment until it is delivered and signed for by the City contact. 17. Unless otherwise specified in the specifications, all items on which a vendor submits a proposal shall be new, of the latest model or manufacture and shall be at least equal in quality to that specified in the bidding document. 18. The proposed solution must integrate hardware, storage, networking, hypervisor, management, and replication tools. 19. The proposed HCI solution must allow data store to be migrated from any host to any other host in the configured environment. 20. The proposed HCI solution must support storage snapshots, minimum of 30min intervals, with a capability to roll-back and restore a virtual machine (VM) or a file to previous point-in-time, up to 14 days. 21. All proposals must include three (3) year of 24x7x365 system support and maintenance. The support coverage should account for hardware, hypervisor, and management software with a single escalation point for all incidents and problems. 22. The successful solution must demonstrate the ability to scale compute and/or storage capacity quickly and easily in response to future system or data growth. 23. The proposed solution must provide ease of expandability for resources assigned to virtualized systems running on the proposed platform. 24. The proposed solution should have High-Availability (HA) capability to ensure that systems will be available without interruption. It must be considered 99.999% reliable with no single point of failure, fully redundant, and hot swappable components wherever possible. The HCI hardware must provide N+1 resilience such that in the event of a component or node failure, there will be no loss of performance and or no data loss. 25. The proposed solution must be able to provide fully redundant multi-path capability to both storage and networking, both on-premises and to the Cloud. 26. The DRaaS part of the solution should remain geographically outside the State of California, preferably, and provided by way of a DRaaS. However, the DRaaS must reside in the United States. 27. The proposed solution must support the integration with cloud data upload, backup, recovery, and/or DR services and capabilities. 28. The solution must be manageable from a secure web-based interface, preferably TLS v1.2 or later. 29. The proposed solution must offer centralized management of compute, storage, networking, and preferably, disaster recovery. 30. Any separate management devices or software required must be included in the proposed solution. 31. The proposed solution must be capable to provide detailed reporting on current and historical utilization. 32. The management system must include comprehensive online and remote monitoring capability with the solution including any necessary hardware or software. 33. The proposed solution must be capable of generating email alerts for any critical hardware or software events that may occur. 34. The proposed solution must support minimum 10GbE network connectivity. 35. The proposed solution must support non-disruptive updates and upgrades. 36. Proposing firm must demonstrate that their proposed solution will reduce and simplify the effort of system management and administration tasks. 37. Vendor must complete the City’s VISA Form (Exhibit D) and provide the City with a copy of the latest System & Organization Controls (SOC) Type 2 Audit Report or Third-Party Cybersecurity Assessment Report and ISO27001 certification, NIST 800-53 and FedRAMP compliant. Security Requirements: Access Control • Cloud providers should support third party identity and access management technologies to allow for better integration and control with the City (i.e. SAML) • Provide a means to connect to the City’s Privilege Access Management solution in both appliance and in the cloud Network Connection • Connect private and public clouds through VPN or Direct Connect to ensure high-speed, low-latency, stability, and secure network communication. • Adopt well-established cryptographic algorithms and security standards. • Secure transmission protocols such as HTTPS and TLS should be used to encrypt channels to ensure the confidentiality and integrity of data, applications, APIs, and images during cross-cloud transmission. • Adopt well-established cryptographic algorithms and secure standards. Refrain from using custom algorithms as it may not be robust and may create interoperability issues. Data Storage • Provide appropriate storage and encryption options based on data sensitivity and information classification. This applies at the disk, file, table storage, or database level, depending on requirements. • Use cryptographic technologies or other technical means to protect data across cloud storage to prevent unauthorized access and tampering. Compute Resources • The appropriate data at rest encryption controls should be put in place. Disk encryption is the minimum to protect the VMs. • Data is Encrypted when stored and transmitted to/from the cloud • Secure communication techniques between the City and cloud services used (e.g., by deploying VPN, HTTPS, or similar encryption techniques). Disaster Recovery (DR) • Sync data between on-premises and cloud resources eliminating single points of failure while ensuring quick access. • Data is encrypted using strong encryption (such as 256-bit AES). • Provides integrity check technology to verify integrity data during Disaster Recovery • Provide solution that meets the City Recovery Time Objective (RTO) and Recovery Point Objective (RPO) and provides efficient data recovery. • Use cross-cloud data DR to avoid potential CSP major failure and ensure data usability and stability. • Train personnel and participate in the City’s DR scenarios to ensure efficiency and effectiveness of the recovery process. Identity Authentication • Perform unified identity authentication on public and private clouds. • Support multiple security authentication modes, such as password authentication, digital certificate authentication, and two-factor authentication. Physical Controls • All critical, high, and medium vulnerabilities detected on Cloud IaaS services are remediated prior to the go-live of the service. • Catalogue and track all relevant physical and logical assets located at all of the CSP's sites within a secured system. • Implement physical security perimeters to safeguard personnel, data, and information systems. Establish physical security perimeters between the administrative and business areas and the data storage and processing facilities areas. • Use equipment identification as a method for connection authentication. • Allow only authorized personnel access to secure areas, with all ingress and egress points restricted, documented, and monitored by physical access control mechanisms. Retain access control records on a periodic basis as deemed appropriate by the organization. • Implement, maintain, and operate datacenter surveillance systems at the external perimeter and at all the ingress and egress points to detect unauthorized ingress and egress attempts. • Train datacenter personnel to respond to unauthorized ingress or egress attempts. • Define, implement and evaluate processes, procedures and technical measures that ensure a risk-based protection of power and telecommunication cables from a threat of interception, interference or damage at all facilities, offices and rooms. • Implement and maintain data center environmental control systems that monitor, maintain and test for continual effectiveness the temperature and humidity conditions within accepted industry standards. • Secure, monitor, maintain, and test utilities services for continual effectiveness at planned intervals. Network Controls • There is a review and approval process to validate the physical and logic separation of networks and data within the vendor's cloud environment. It must be clear that City data or infrastructure is not comingled with other vendors or tenants • City must review and approve the physical and logical flow of information in the cloud environment to protect the City’s information and to avoid regulatory issues associated with data protection and privacy.
Bid Protests Not Available