Engineering Projects (India) Limited (A Govt. of India Enterprise)

NOTICE INVITING TENDER (e-tender)

TENDER NOTICE NO: DLI/CON/ITD/622 16.07.2018

Single stage two envelope system (e-tender) is invited for “Hiring of Managed Services for Disaster Recovery (Backup Site) Site for EPI at different seismic zone through Ministry of Electronics & Information Technology (MeitY) Govt. of India empanelled Cloud Service Providers (CSPs) and Bandwidth between Data Center and Proposed Disaster Recovery Site”

The detailed description, Scope of work, technical specifications, instructions to bidders etc.

are as follows:

Annexure-I

Detailed Scope of work for Hiring of Managed Services for Disaster Recovery (Backup Site) Site for EPI at different seismic zone through Ministry of Electronics & Information Technology (MeitY) Govt. of India empanelled Cloud Service Providers (CSPs) and Bandwidth between Data Center and Proposed Disaster Recovery Site

DR Site Requirements:

Dedicated rack space scaling up to 42U standard

Built in logical separation for all the environment with respect to IT environment, Storage and backup modules & network elements

Data centre facilities including power & cooling with a minimum uptime of 99.5%

Location of the Disaster Recovery Site Should be in different seismic zone and approximate 1000 KM (± 10%) far away from existing BSNL Data Centre, Faridabad, Haryana (India).

Disaster Recovery system to be built in a different seismic zone with respect to the DC

Provision of rated power & environmental control including temperature and humidity to DC & DR facilities for rack space provisioned

Electrical systems provisioned should be backed up with N+1 redundant UPS systems and generators in case of grid failure

DR Site Capabilities:

All facilities completely confirming & certified by Uptime Institute as Tier III Datacentres.

Security – ISO 27001 and SAS70 Compliant

Centralized & automated monitoring of functionalities of entire DR site.

Flexibility in operations & management with ability to quickly add or remove space to accommodate as per requirement.

24x7 online supports must be available.

Solution Expectations:

IT Infrastructure on OPEX

Flexibility & Scalability

End-to-End Business Services including DR replication

Unambiguous service levels

Cost transparency

Entire solution can be broadly classified into three components:

Data Centre Infrastructure

IT Infrastructure which includes servers, storage, network & security, backup

Platform Managed Services including DR replication management

Detailed Hardware & Services Components for DR Site: Part 1: (Infrastructure Hosting Site)

Components Description Quantity

Infrastructure:

Physical Host 2 CPU / Growth - 2 x 6 cores + 16 GB RAM + 2 x 300 GB SAS

1

Additional Storage for Server of 50 GB-SAS 125

Additional RAM for Server of 16 GB 6

Server Management (Physical) 1

Nexus 10G Fiber with MM SFP 1

Nexus 1G Copper 1 Nexus 1G Copper 1

Router Port (L3 Ports) 4

OS - SUSE Enterprise Server (1-2 CPUs, Priority OS - SUSE Enterprise Server (1-2 CPUs, Priority

Virtualization Management 1 1

Virtual OS Management 2

Part 2: (Bandwidth Management)

Components Description Quantity

Bandwidth

Dedicated MPLS Link 2 MBPS

Dedicated Internet Link (DC-DR) 2 MBPS

Technological Platform

(i) Existing environment

S.

No. Solution Component Purpose

Configuration

Required Units

1 Development Server

VM1 : ERP IDES

VM 2 : SAP ERO Dev

VM 3 : SAP NetWeaver Ent Portal

Dev

VM 4 : BI (BW) Dev System

VM 5 : DMS Dev

Same specs :

Dell R720, 12

cores (2x6),

128GB RAM,

5x600GB SAS

disks in RAID 5,

dual port FC

HBA with FC

cables

4

2 Quality Server

VM1 : ERP Quality

VM 2 : SAP NetWeaver Ent Portal

Quality

VM 3 : BI (BW) Quality System

3 Production Server 1

VM 1 : SAP ERP DB

VM 2 : SAP NetWeaver Ent Portal

DB

VM 3 : BI (BW) Quality System DB

VM 4 : System ERP App1

VM 5 : SAP Netweaver Ent Portal

App1

VM 6 : BI (BW) Quality System

App1

VM 7 : DMS (MaxDB Database)

4 Production Server 2

VM1 : SAP ERP CI

VM 2 : SAP Netweaver Ent Portal

CI

VM 3 : BI (BW) Quality System CI

VM 4 : SAP ERP App 2

VM 5 : SAP Netweaver Ent Portal

App2

VM 6 : BI (BW) Quality System

App2

VM 7 : Solution Manager

5 Backup Server For data backup

Dell R710, 8

Cores (2x4),

32GB RAM, 5 x

600GB SAS

disks in RAID 5,

4 x 1Gbps NICs

1

6 OS / Software licenses SUSE Linux Enterprise Server for

SAP Applications 11 for AMD64 &

Intel64 (1-2 CPUs, Priority Support,

SuSE Linux

Latest Version,

Priority Support

4

Unlimited VMs) - 5 years

7 OS / Software licenses Microsoft

Windows 2008

R2 Enterprise

Server

1

8 OS / Software licenses CommVault

CommServe 10,

with unlimited

backup agents

1

9 Shared Storage Service FC Volume 5 TB for data

5 TB Usable in

RAID 5 or better

(7 TB raw)

5

10 BSNL Support GSC Support

Managed ICT

Services for

Servers - Level

3

5

11 BSNL Support GSC Support

Managed ICT

Services for

Backup - Level

3

1

Proposed Environment

The environment should not be less than following parameters and should cover 100% instances of production server of existing environment of EPI‟s Data Center.

Components Description Quantity

Infrastructure:

Physical Host 2 CPU / Growth - 2 x 6 cores + 16 GB RAM + 2 x 300 GB SAS

1

Additional Storage for Server of 50 GB-SAS 125

Additional RAM for Server of 16 GB 6

Server Management (Physical) 1

Nexus 10G Fiber with MM SFP 1

Nexus 1G Copper 1 Nexus 1G Copper 1

Router Port (L3 Ports) 4

OS - SUSE Enterprise Server (1-2 CPUs, Priority OS - SUSE Enterprise Server (1-2 CPUs, Priority

Virtualization Management 1

Virtual OS Management 2

DR Solution Parameters

No. of Drills Required At least twice annually (once in every half year) or on implementation of major changes in the primary Data Centre environment to be approved by EPIL.

DC – DR Replication Asynchronous replication for database

DR Infrastructure

Capacity

DR Health check, replication and sustenance of DR Instances

DR Drill - 2 drills annually with required compute and memory.

DR server instances compute and memory will be increased as per demand, in the event of a site failover or switchover.

DR Delivery Model Services model

DR Drill

i. DRSP would be responsible for regularly conducting the DR drill test at least twice a

year from the date of commissioning and go-live of DRsite.

ii. The DR drill exercise will encompass various scenarios such as fail-over and fall-back

from DC to DR and vice-versa.

iii. DRSP would be responsible to update the DR run-book on an on going basis.

iv. DRSP would work closely for greater integration and success of DR program.

v. DR Plan would be reviewed with EPIL annually.

Preventive Maintenance of DataCenter

i. DRSP would publish the outage maintenance calendar atleast 2months in advance. The

calendar should be communicated to EPIL through e-mail. DRSP would not execute

any unscheduled maintenance impacting the services of EPIL without prior intimation to

authorized person at EPIL. Emergency maintenance needs to be formally

communicated through an emergency RFC.

ii. DRSP would revoke the access to the premise for the dormant users and individuals.

The revised list of authorized personnel would be shared by the EPIL.

Physical Security Management System

i. DRSP would have a visitor management system in place to provide access to the data

center premises to authorized individuals only.

ii. Visitor credentials/Photo-ID and photograph shall be captured in the visitor log.

Access to the DR premises shall be given by DRSP only to the notified

individuals. EPIL would notify DRSP for such visits.

iii. DRSP would have a mechanism to scan the visitor baggage and frisk the

individual entering the Data Center premises.

Annexure-II

Service Level Agreement (SLA) between EPI and Cloud Service Providers (CSP)

Service Level Agreement (SLA) :

A contractual agreement between EPI and Service Provider where the EPI‟s requirements are specified and a service provider defines the level of service, responsibilities, priorities and security and guarantees regarding availability, performance, and other aspects of the service.

Performance and Conformance:

CSP needs to ensure that guaranteed service levels are achieved in the GI Cloud else it may affect effective service delivery.

SLA are required to be defined for each of the services that will be provided by the GI Cloud. Existing contractual agreements and SLA both with third part data centre operators, and cloud service providers, may be evaluated and customised to meet the government‟s requirements.

For failure to adhere to the service levels, proper penalty clauses must be incorporated. This will require proper interpretation of SLAs. Proper institutional mechanism should be established to resolve any conflict and provide for timely intervention (if required).

A fully functional 24x7 helpdesk may be incorporated.

Availability Availability is a key service level objective, since it describes whether the cloud service can actually be used, and it is typically necessary to specify numeric values for availability for Government Department/ Agency to identify which services/resources are to be monitored under availability and indicate the measure of availability. The indicative parameters for designing Availability linked SLAs are enlisted below:

Availability of Provisioned Resources for Pre-Production/Production environment could include VMs, Storage, OS, VLB, Security Components.

Availability of Critical Services- Some of the services such as Provisioning / De- Provisioning; User Activation / De-Activation; User Profile Management; Register Support Request or Incident; Access Utilization Monitoring Reports are critical for cloud services and hence the service levels needs to be monitored.

Service Level Agreements for Core Infra Support Services

Sl. Service Level Agreement

1. Virtual Instance

2. Operating System

3. Storage Management

4. Physical Servers

5. Network and Security Operation & Management

6. Disaster recovery services

Service-Level Agreement Components:

Description of services to be provided

Scope of the services

Location(s) where services are to be provided

Responsibilities and duties of service provider

Responsibilities and duties of service recipient

Description of acceptable performance levels

Metrics to be used for evaluating performance

Process for monitoring, tracking and evaluating performance

Process for resolving poor performance

Remedies for failure to provide acceptable performance, time frames, escalation procedures

Protection of intellectual property, as applicable

Compliance with legislation, standards, regulation, acceptable practices Termination of agreement

Support Channels - Incident and Helpdesk

Support is an interface made available by the cloud service provider to handle issues and queries raised by the Government Department/ Agency. The following are key parameters to be factored when gauging the support requirements from CSP.

Support hours: The hours during which the cloud service provider provides a support interface that accepts general inquiries and requests from the Government Department/ Agency.

Support responsiveness: The maximum time the cloud service provider will take to acknowledge an inquiry or request raised by the Department. It is typical for responsiveness to vary depending on a severity level which is attached to the customer request, with a shorter response time associated with higher severity levels. (Indicative Severity Levels enclosed in Annexure 3)

Resolution time: The time taken to complete any necessary actions as a result of the request.

Response Time Response time is the time interval between an initiated event (stimulus) by the Department/ Agency and a cloud service provider initiated event in response to that stimulus. Response time can be a highly significant aspect of the user experience of a cloud service – for some critical requests such as (Service with significant number of end users or public users), response times that are greater than some threshold are regarded as unacceptable and can make the cloud service effectively unusable. A factor that needs to be considered is that many cloud services support multiple different operations and that it is likely that the response time will differ for the different operations. As a result, response time SLOs need to clearly state which operation(s) are concerned.

Performance Service Level Objectives for Performance deal with the actual mechanisms used to guarantee that the Department‟s data is available (online or offline) in case of failures forbidding access to it. Proposed SLOs allow customers e.g., to fine-tune their risk assessment and business continuity procedures.

Latency: Latency may address the storage and the time when the data is placed on mirrored storage.

Maximum Data Restoration: Time refers to the committed time taken to restore cloud service customer data from a backup. Concrete details related with to the frequency and method used by the cloud service provider‟s backup and recovery mechanism(s).

Security Incident and Management Reporting Specifying measurable security level objectives in SLAs is useful to improve both assurance and transparency.

Percentage of timely incident reports: Describes the defined incidents to the cloud service which are reported to the Department in a timely fashion. This is represented as a percentage by the number of defined incidents reported within a predefined time limit after discovery, over the total number of defined incidents to the cloud service which are reported within a predefined period (i.e. month, week, year, etc.).

Percentage of timely incident responses: Describes the defined incidents that are assessed and acknowledged by the cloud service provider in a timely fashion. This is represented as a percentage by the number of defined incidents assessed and acknowledged by the cloud service provider within a predefined time limit after discovery, over the total number of defined incidents to the cloud service within a predefined period. (i.e. month, week, year, etc.).

Percentage of timely incident resolutions: describes the percentage of defined incidents against the cloud service that are resolved within a predefined time limit after discovery.

Vulnerability Management: Vulnerability Management refers to managing a weakness of an asset or group of assets, e.g. software or hardware related, that can be exploited by one or more threats. The set of service level objectives is not exhaustive, and not all the service level objectives are applicable to all cloud services. The Information about technical vulnerabilities should be obtained in a timely fashion, the organization's exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.

Percentage of timely vulnerability corrections describes the number of vulnerability corrections performed by the cloud service provider, and is represented as a percentage by the number of vulnerability corrections performed within a predefined time limit, over the total number of vulnerability corrections to the cloud service which are reported within a predefined period (i.e. month, week, year, etc.).

Percentage of timely vulnerability reports describes the number of vulnerability reports by the cloud service provider to the Department, and is represented as a percentage by the number of vulnerability reports within a predefined time limit, over the total number of vulnerability reports to the cloud service which are reported within a predefined period (i.e. month, week, year, etc.).

Reports of vulnerability corrections is a description of the mechanism by which the cloud service provider informs the Department of vulnerability corrections applied to the provider's systems, including the frequency of the reports. Apart from the above, some key measurements required for monitoring are also indicated in Annexure 2

Indicative SLOs for MSP/SI: The following SLOs are pertinent if the Department engages a Managed Service Provider or a System Integrator for managing the cloud services.

Recovery Point Objective is the maximum allowable time between recovery points. RPO does not specify the amount of acceptable data loss, only the acceptable time window. In particular, RPO affects data redundancy and backup. A small RPO suggests mirrored storage of both transient and persistent data while a larger window allows for a periodic backup approach.

Recovery Time Objective is the maximum amount of time a business process may be disrupted, after a disaster, without suffering unacceptable business consequences. Cloud services can be critical components of business processes.

Availability of Reports (Reports such as Provisioning, Utilization Monitoring

Reports, User Profile Management etc.)

Request – Response: Percentage of successful requests.

Availability of the network links at DC and DR (links at DC / DRC, DC-DRC link) The Definitions of the Key terms used in the Section are provided in Annexure 1. The indicative Penalties against breach in Service Levels are mentioned in Annexure 2 and the severity levels for the SLAs are defined in Annexure 3. Measurement and Monitoring: The following clauses related to measurement and monitoring may be included in the RFP:

The SLA parameters shall be monitored on a <<periodic basis/ monthly basis>> as per the individual SLA parameter requirements. However, if the performance of the system/services is degraded significantly at any given point in time during the contract and if the immediate measures are not implemented and issues are not rectified to the complete satisfaction of Department or an agency designated by them, then the Department will have the right to take appropriate disciplinary actions including termination of the contract.

The full set of service level reports should be available to the Department on a monthly basis or based on the project requirements.

The Monitoring Tools shall play a critical role in monitoring the SLA compliance and hence will have to be customized accordingly. The CSP shall make available the Monitoring tools for measuring and monitoring the SLAs. The MSP may deploy additional tools and develop additional scripts (if required) for capturing the required data for SLA report generation in automated way. The tools should generate the SLA Monitoring report in the end of every month which is to be shared with the Department on a monthly basis. The Department or its nominated agency shall have full access to the Monitoring Tools/portal (and any other tools / solutions deployed for SLA measurement and monitoring) to extract data (raw, intermediate as well as reports) as required during the project. The Department or its nominated agency will also audit the tool and the scripts on a regular basis.

The measurement methodology / criteria / logic will be reviewed by the Department.

In case of default on any of the service level metric, the SP shall submit performance improvement plan along with the root cause analysis for the Department ‟s approval.

Periodic Reviews:

The SLAs might require to be modified based on the project needs. Therefore, Departments need to ensure that the relevant clauses are included in the Agreement that would allow the Departments to modify the SLAs. The following clauses are provided as guidance to the departments while preparing the Service Level Agreement.

During the contract period, it is envisaged that there could be changes to the SLA, in terms of measurement methodology / logic / criteria, addition, alteration or deletion of certain parameters, based on mutual consent of both the parties, i.e. the Department and SP.

The Department and SP shall each ensure that the range of the Services under the SLA shall not be varied, reduced or increased except by the prior written agreement of the Department and SP in accordance with the Change Control Schedule.

The SLAs may be reviewed on an annual basis by the Department in consultation with the SP and other agencies.

Penalties

For the Departments to ensure that the Cloud Service Providers adhere to the Service Level Agreements, this section describes the Penalties which may be imposed on CSPs. In case these service levels cannot be achieved at service levels defined in the agreement, the departments should invoke the performance related penalties. Payments to the SP to be linked to the compliance with the SLA metrics laid down in the agreement. To illustrate calculation of penalties, an indicative example is provided below.

The payment should be linked to the compliance with the SLA metrics.

The penalty in percentage of the <<Periodic Payment>>) is indicated against each SLA parameter in the table.

(i) For ex: For SLA1 if the penalty to be levied is 7% then 7% of the <<Periodic Payment (monthly)>>) is deducted from the total of the <<periodic/monthly> bill and the balance paid to the SP.

(ii) If the penalties are to be levied in more than one SLA then the total applicable penalties

are calculated and deducted from the total of the <<periodic/monthly> bill and the balance paid to the SP. For ex: SLA1 =7% of the <<Periodic Payment (monthly)>>, SLA12=10% of the <<Periodic Payment (monthly)>>, SLA19=2% of the <<Periodic Payment (monthly)>> Then Amount to be paid = Total <<periodic/monthly> bill – {(19% of the <<Periodic Payment (monthly)>>)}

(iii) In case multiple SLA violations occur due to the same root cause or incident then the

SLA that incurs the maximum penalty may be considered for penalty calculation rather than a sum of penalties for the applicable SLA violations.

(iv) Penalties shall not exceed 100% of the <<periodic/monthly>> bill. If the penalties exceed more than 50% of the total <<periodic/monthly> bill, it will result in a material breach. In case of a material breach, the operator will be given a cure period of one month to rectify the breach failing which a notice to terminate may be issued by the Department.

For Systems:

SLA Achieved (%) = 100 – [(100*(system downtime – planned downtime))/Total

operating hours for the month]

Example:

Total operating hours for the month = (days of the month*24) = 31*24 hours

= 744 hours System Downtime = 80 hours

Planned Downtime = 70 hours

SLA Achieved = 100 – [100*(80-70))/744] = 98.66% The SLA would be measured on a monthly basis:

Severity

Severity Type

Description

Response Time

Resolution Time

Incident Closure Report Time

RCA Reporting Time

S1

Emergency

Services affecting core

production environments

and direct impact to business. Incidents which can

hamper the operation of

more than two infrastructure

services

15 Minutes

4 Hours

8 Hours

1 Week

S2

Major

Service affecting the supported

infrastructure with no direct impact to the operation but will affect the services if not

resolved in time

30 Minutes

8 Hours

12 Hours

2 week

S3

Minor

System and services not affecting the

overall operation

1 Hours

16 Hours

24

Hours

n/a

S4

Routine

Routine service request

4 Hours 36 Hours 48 Hours

n/a

Call Severity Definition:

Severity

Level

Report for Analysis/Evaluation of Severity Level

Severity Level S1: (During Incident stage, when DR will act as primary DC)

Severe business impact that affects a large number of users or has significant sales or revenue impact due to unavailability of core production server, core network switch and firewall/UTM.

Server Utilization and Uptime Report, Network performance monitoring Report, Root- Cause Analysis Report, Report on critical production system Availability, Performance and Capacity Usage etc.

Physical Security or access breach in Datacenter.

EPIL Visitors Summary Report, Data Center and operations area Access /Exit reports, CCTV footage.

Unavailability of production servers / Domain Server / Mail Server due to worms, malware, untested patch deployment, network error etc.

Release Management Report, Incident report including viruses, Security reports – Traffic Log Report for attack, anti-virus, malware, worms etc., Information Security Status Report

Any O/S issues related to untested patch deployment, patch deployment, unplanned patch deployment, any O/S related services etc.

Release Management Report, Configuration Management/Changes Report

Unavailability of application and database of production servers due to storage problems.

Storage Infrastructure checklist, Uptime and Performance Report

WAN connectivity - Due to any issues in cross connect.

Network performance monitoring Report, Root- Cause Analysis Report

Severity Level S2:

(During Drill time)

Unavailability of Production servers due to worms, malware, untested patch deployment, O/S and storage related issues, LAN connectivity.

Release Management Report, Incident report including viruses, Security reports – Traffic Log Report for attack, anti-virus, malware, worms etc., Information Security Status Report

Critical patch/antivirus roll out in non – production server

Release Management Report, Configuration Management/Changes Report

Back-up and restoration issues for non- production servers.

Backup & Restore report

Delay in support over the stipulated time mentioned in the table above(S1).

Incidents and resolution Report etc.

Severity Level S3: (During Cold Stage)

Error or bug in the system functionality that does not interrupt business processes due to availability of a workaround

Incidents and resolution Report, Incident Summary Report etc.

Delay in support over the stipulated time mentioned in the table above(S1).

Incidents and resolution Report etc.

Non-critical error or a cosmetic change that disrupts neither the functional nor operational flow

Incidents and resolution Report, Incident Summary Report etc.

IMAC, software and hardware installation IMAC Report

Non-critical patch/antivirus rollout Release Management Report, Configuration Management/Changes Report

Annexure-III

PRICE FORMAT

Price bid is in two parts as follows:

Part 1: (Infrastructure Hosting Site)

Part 2: (Bandwidth Management) Terms & Conditions for Price Bid Part 1 & 2: 1. The CSP has to submit their prices for Part1 & 2 separately in prescribed format only in

per annum basis.

2. The entire contract will be minimum period of 5 years for Hiring of Managed Services for Disaster Recovery (Backup Site) Site for EPI at different seismic zone through Ministry of Electronics & Information Technology (MeitY) Govt. of India empanelled Cloud Service Providers (CSPs).

3. Total price inclusive of all taxes should be indicated in word also as per prescribed format.

4. The successful CSP shall submit 5% of annual value of total order value as a security deposit in the form of Bank Guarantee on yearly basis.

5. In case of additional requirement of component, the unit price will be applicable on pro-rata rate basis and CSP will have to agree on this rate till completion of contract period.

6. After successful completion of 5 years contract period, the contract should be extended on yearly basis on mutual agreed terms & conditions.

Annexure-III A

PRICE FORMAT

Part 1: (Infrastructure Hosting Site)

Components/ Description Quantity Unit Price Total

Price per annum

Infrastructure:

Physical Host (2 CPU / Growth - 2 x 6 cores + 16 GB RAM + 2 x 300 GB SAS)

1

Additional Storage for Server of 50 GB-SAS 125

Additional RAM for Server of 16 GB 6

Server Management (Physical) 1

Nexus 10G Fiber with MM SFP 1

Nexus 1G Copper 1 Nexus 1G

Copper 1

Router Port (L3 Ports) 4

OS - SUSE Enterprise Server (1-2 CPUs, Priority

OS - SUSE Enterprise Server (1-2 CPUs, Priority

Virtualization Management 1 1

Virtual OS Management 2

One Time Charges 1

GST

Grand Total

Total Price (All inclusive including all taxes and GST) in word: ……………………………………………………….

Annexure-III B

PRICE FORMAT

Part 2: (Bandwidth Management)

Components / Description Quantity Unit Price Total Price

per annum

Bandwidth

Dedicated MPLS Link 2 MBPS

Dedicated Internet Link (DC-DR) 2 MBPS

One Time Charges 1

GST

Grand Total

Total Price (All inclusive including all taxes and GST) in word: ………………………………………………………. Note: L1 shall be decided based upon the total price of Part1 and Part2.

Annexure-IV

LIST OF ACTIVITIES FOR DR SITE

Sr. No. List of activities

1.0 One-time setup activities

Activities

EPI CSP Remark, if any

1.1 Identify authorized users of the EPIL servers ✔

1.2 Internet Connectivity to EPIL servers ✔

1.3 Provisioning of servers for primary site ✔

1.4 Provisioning of servers for DR site ** ✔

1.5 Provision Firewall and load balancer devices (if applicable) **

✔

1.6 Installation of Standard SuSE Linux image ✔

1.7 Provide root access of servers to EPIL authorized users **

✔

1.8 OS level clustering on the primary site for DB servers (if applicable) **

✔

1.9 Installation of Database ✔

1.10 OS clustering of Databases ✔

1.11 Installation of EPIL application and associated dependencies

✔

1.12 Configure database and application Backup on primary/DR site

✔

1.13 Configure database and application replication to DR site

✔

1.14 Compliance sign off on Primary and DR infrastructure

✔

2.0 Operational Activities responsibility matrix:

Activities

EPI SP Remark, if any

2.1 Connectivity issues resolution ✔

2.2 Power uptime to the cloud servers* ✔

2.3 Uptime of underlying infrastructure ✔

2.4 Uptime of Firewall and load balancer devices* ✔

2.5 Operating System uptime and maintenance ✔

2.6 Application uptime and maintenance ✔

2.7 Database uptime and maintenance ✔

2.8 Data backup and recovery ✔

2.9 Ensure application and database is available on the DR site as per the RTO and RPO expectations of EPIL**

2.10 Change DNS records for the EPIL website, as needed

✔

2.11 Change DNS records for the EPIL website during DR event**

✔

2.12 Uptime of underlying Infrastructure (hardware and software) at DR site**

✔

2.13 Bring up required services (application and database) at DR site**

✔

2.14 Test the application on the DR site, upon DR trigger**

✔

2.15 Test online traffic routing and access upon DR ✔

trigger**

2.16 Switch back to Primary site** ✔

2.17 Maintain and report connectivity SLA ✔

2.18 Maintain and report server availability SLA ✔

2.19 Maintain and report application SLA ✔

2.20 Helpdesk/contact point for complaints and fault resolution – connectivity

✔

2.21 Helpdesk/contact point for complaints and fault resolution – Infrastructure (Hardware and Server) availability

✔

2.22 Helpdesk/contact point for complaints and fault resolution - Operating System, DR, Application, Services and Database

✔

2.23 Datacentre security ✔

2.24 OS, Application and Database security ✔

Annexure-V

TERMS & CONDITIONS

(i) Delivery Schedule:

Following milestones to be achieved:

Stages Particular Duration Completion Schedule

Stage 1 Set up of Disaster Recovery/

Backup Site as per EPI‟s

requirement including

connectivity

6-8 weeks Maximum 8

weeks from the

date of

acceptance of

PO

Stage 2 First DR Drill for testing of EPI‟s satisfaction

2 weeks after the

completion of

stage 1.

10 weeks from

the date of PO

Stage 3 Assessment Report on

successful setup of Disaster

Recovery/ Backup Site as per

EPI‟s requirement

5 weeks after

completion of

stage 2.

15 weeks from

the date of PO

(ii) Payment Terms (Part-1 & 2) on yearly basis

25% of per annum charge After successful completion of 3 months

25% of per annum charge After successful completion of 6 months

25% of per annum charge After successful completion of 9 months

25% of per annum charge After successful completion of 12 months

The same method should be followed in further year after getting satisfactory services.

(iii) Price

Price shall remain fixed during the contract period of 5 years. There shall be no increase in price for any reason whatsoever. Therefore, no request for any escalation of the cost / price shall be entertained. Other terms & conditions

Payment of all managed services shall be payable at the end of each quarter after providing successful services.

EMD shall be refunded after acceptance of the order.

One-time installation charge, if any, will be paid after successful completion of installation & set-up of servers & DR site on full satisfaction of EPI Official.

Minimum Contract Period is for 5 years for all managed services included in Contracts.

Any additional hardware commercials will be calculated at given commercial & price break-up in submitted offer by bidders and can be added during contract period.

Contract Period if for 5 years and if services found satisfactory, EPIL may continue after discussion on mutually agreed terms& same price as mentioned on Annexure V.

In case EPI does not want to continue after 5 years contract then dedicated hardware for this will be transferable as per prevailing book value.

Backup will be done on a local backup server on disks. No tape based backup is in scope. Frequency of backup and number of backups will be as advised by EPIL and as agreed by successful bidder. . Under backup services, the responsibility of ensuring that the data is duly backed up and tested for restore at critical time is responsibility of successful bidder.

Firewall, Network and Storage Services are shared backend infrastructure services, shared here applies only to the extent that EPIL doesn‟t have to setup or pay for the switches, routers, firewalls, storage appliances etc, Shared doesn‟t mean anything else and in terms of security considerations entire infrastructure remain dedicated and isolated for EPIL.

Proposed IDC infrastructure should be scalable, secured and monitored 24x7x365 days and should be available over the phone or e-mail.

FORCE MAJEURE Any delay or failure of the performance of either party hereto shall not constitute default hereunder to give rise to any claims for damages, if any to the Extent such delay or failure of performance is caused by occurrences such as Acts of God or the public enemy, expropriation, compliance with any order or request of Government authorities/ courts, acts or war, rebellions, sabotage fire, floods, illegal strikes, or riots (other than Contractor‟s employees). Only extension of time shall be considered for Force majeure conditions as accepted by EPI. No adjustment in contract price shall be allowed for reasons of force majeure.

Arbitration Clause/ Dispute Resolution Before restoring arbitration as per the clause given below, the parties if they so agree may

explore the possibility of conciliation as per the provisions of Part III of the Arbitration and

Conciliation (Amendment) Act 2015. When such conciliation has failed, the same shall be

referred to the Sole Arbitrator appointed by the Chairman & Managing Director (CMD) of

Engineering Projects (India) Ltd. (EPI) or any other person discharging the functions of CMD

of EPI. The person approached for appointment as Arbitrator shall disclose in writing

circumstances, in terms of Sub-Section (1) of Section (12) of the Arbitration and Conciliation

(Amendment) Act 2015thereof.

The Arbitrator shall be appointed within 30 days of the receipt of letter of invocation of

arbitration duly satisfying the requirements of this clause.

The language of the Arbitration shall be English.

The Venue of the Arbitration Proceedings shall be New Delhi.

Annexure-VI

Data Sheet: Brief information related to services, clarification and submission of Tender document:

Sr. No. Description Details

1. Estimated cost of the tender (for five years)

Rs. 1,25,88,470/- (exclusive of all taxes)

2. Cost of Tender document (tender Fee)

Rs.2,360 (Non-refundable) inclusive of 18% GST in the form of crossed demand draft from any nationalized/scheduled Bank in favour of “Engineering Projects (India) Ltd‟, payable at New Delhi.

3. EMD Rs. 2,51,769/- in the form of crossed demand draft from any nationalized/scheduled Bank in favour of “Engineering Projects (India) Ltd‟, payable at New Delhi.

4. Solvency Bidder should have solvency of Rs. 50,35,388/- issued by his bankers in the name of the bidder. The solvency certificate should not have been issued earlier than one year of the last date of submission of the tender.

5. Publishing of the Tender

16.07.2018 from 06:00 pm

6. Last date for submission of queries to Tenders by post or fax or E-mail.

27.07.2018 upto 05:00 pm

7. Address for submission of Tender document

Executive Director (Contracts) Engineering Projects (India) Ltd, 3rd floor, Core 3, Scope Complex, 7, Lodhi Road, New Delhi – 110003, Ph: 011- 24361666, extn 2313 Fax: 011 - 24363426 E-mail: contracts@engineeringprojects.com

8. Document available for download. Date & Time

16.08.2018 from 06:00 pm

9. Last date and time of

06.08.2018 upto 05:00 pm

Please note carefully Instructions to the bidders, the requirements for submitting Tenders and the date and time for submittal. The Tenders must be submitted online not later than the specified date and time. Tenders received after the due date and time or those which are incomplete are liable to be rejected. Further, corrigendum/ addendum, if any, issued to the tender document, shall also be published on the website. It is the bidder‟s responsibility to submit the completed tender document taking into account all addenda/corrigenda issued. EPI reserves the right to accept or reject any or all Tenders received or annul this Tender process at its absolute discretion without assigning any reason whatsoever.

Annexure-VII

Eligibility Criterion for Hiring of Managed Services for Disaster Recovery /Backup Site for EPI at different seismic zone through Ministry of Electronics & Information Technology (MeitY) Govt. of India empanelled Cloud Service Providers (CSPs) The CSP should possess the requisite experience, resources and capabilities in providing the services necessary to meet the requirements, as described in the tender document. The Bid must be complete in all respects and should cover the entire scope of work as stipulated in the document. Bidders not meeting the Eligibility Criteria will not be considered for further evaluation. The invitation to bid is open to all Bidders who qualify the Eligibility Criteria as given below:

Sr. No. Criteria Supporting Documents (Documentary evidence to be submitted along with Technical Bid)

1. The bidder should be an Indian Company registered under the Companies Act 1956 for the last 5 years and having its sales office in Delhi/NCR.

Copy of proof of Certificate of Incorporation to be enclosed

2. Average Annual financial turnover during the last 3 years (i.e. 2017-18, 2016-17 and 2015-16), ending 31st march of the previous FY should be atleast 50% of the estimated cost.

In support of this firm shall submit copies of Audited Financial statements consisting of Balance Sheet, statement of profit and loss, CA certificate for turnover.

procurement of tenders

10. Last date and time for submission of Tenders

07.08.2018 upto 12:00 pm

11. Techno-Commercial Bid Opening, Date & Time

07.08.2018 at 03:00 pm

12. Date & Time for demonstrate the suitability of the proposed product

Will be informed to the bidders separately.

13. Price Bid Opening Date & Time

Will be informed to the technically qualified bidders separately.

3. Bidder should have three similar works costing not less than the amount equal to 40% of the estimated cost

OR Two similar works costing not less than the amount equal to 60% of the estimated cost

OR One similar work costing not less than the amount equal to 80% of the estimated cost.

Copy of Work Order/completion Certificate to be enclosed.

4. The bidder should be empanelled as Cloud Service Provider (CSP) with Ministry of Electronics & Information Technology, Govt. of India (MeitY).

Copy of proof to be enclosed.

5. The bidder should not have been blacklisted by any Government department/PSU/CPSE. Self-declaration to that effect should be submitted along with the technical bid.

(Attach Undertaking).

6 The bidder should have registration under GST& should have valid GSTIN number. The bidder must submit as compliances of GST Act, the invoices in GST compliant format, failing which the GST amount shall be recovered/ adjusted by EPI without any prior notice from the next invoices or available dues with EPI. The bidder is requested to update/ upload the GST/ Taxes data periodically so as to avail Input Tax Credit (ITC) by EPI, failing which it shall be recovered/ adjusted by EPI without any prior notice from the next invoices or available dues with EPI

(Attach copy of certificate)

7. PAN No. is to be indicated (Attach Copy)

8. CSP must have Tier-III certified Copy of proof to be enclosed.

9. The CSP should have minimum cloud stack at least two locations in India in different Seismic Zone.

Copy of proof to be enclosed.

10. The CSP should have at least two data center in different Seismic Zone.

Copy of proof to be enclosed.

11. The Date Center building should be owned by the bidder or should be on long term (not less than 5 years) lease directly

Copy of proof to be enclosed.

12. Bidders have to submit confirmation letter whether they are registered under MSME Act or not and if yes, then relevant copies of the registration letter (Registered under single point registration scheme of NSIC, Govt. of India, Ministry of MSME, New Delhi vide Gazette Notification dated 26.03.2012 along with the form of Memorandum-2 with the concerned DIC) to be enclosed in Technical Bid and a request letter for exemption from submission of Tender fee and EMD

(Attach Copy)

13. Bidders should give a notarized/self certification that during last 10 years they have not been debarred/ reprimanded by any of their client.

(Attach Original)

Failure to provide the desired information and documents as mentioned above may lead to disqualification of the bidder.

If any of the credentials are proved to be false/forged that shall lead to disqualification and forfeiture of EMD besides debarring the fraudulent bidder from future EPIL tenders.

Insufficient Tender fee or Tender fee without GST shall lead to disqualification.

Annexure-VIII

A. Instruction to Bidders

(i) Clarifications of Bidding Documents

A prospective Bidder requiring any clarification of the Bidding Documents may

notify EPI in writing through email at contracts@engineeringprojects.com any time

prior to the deadline for receiving such queries as mentioned in Annexure –VI.

(ii) Zero Deviation This is a ZERO Deviation Bidding Document. Bidder is to ensure compliance of all

provisions of the Bidding Document and submit their bid accordingly. Bids with any

deviation to the bid conditions shall be liable for rejection. Corrigenda/Addenda, if

any, shall also be available on TCIL Portal, EPI website & CPPP. Further, bidder

shall give an undertaking on their letter head that the terms and conditions of this

TENDER are acceptable.

(iii) Amendment of Bidding Documents

a) At any time prior to the deadline for submission of bids, EPI may for any

reason, whether at its own initiative or in response to a clarification requested

by a Bidder, amend the Bidding Documents.

b) Amendments will be provided in the form of Addenda/corrigenda to the

Bidding Documents, which will be posted on TCIL Portal, EPI‟s website and

CPPP. Addenda will be binding on Bidders. It will be assume that the

amendments contained in such Addenda/corrigenda had been taken into

account by the Bidder in its Bid.

c) In order to afford Bidders reasonable time in which to take the amendment into

account in preparing their bids, EPI may, at its discretion, extend the deadline

for the submission of bids, in which case, the extended deadline will be posted

in TCIL Portal, CPPP &EPI‟s website.

d) From the date of issue, the Addenda to the tender shall be deemed to form an

integral part of the TENDER.

B: Preparation of Bid

(i) Price Bid

Prices must be quoted in Indian Rupees only and should include all costs and taxes

including Goods & Service Tax (GST).

(ii) Period of Validity of Bids

Bids shall remain valid for a period of 180 days after the date of price Bid opening or as

may be extended from time to time. EPI holds the right to reject a bid valid for a period

shorter than 180 days as non-responsive, without any correspondence.

(iii) Signing of Bid

The Bid shall be signed by a person or persons duly authorized to sign on behalf of the Bidder. All pages of the bid, except for printed instruction manuals and specification sheets shall be initiated by the person or persons signing the bid.

The Bid shall contain no interlineations, erasures, or overwriting, except to correct errors

made by the Bidder, in which case such corrections shall be initialed by the person or

persons signing the Bid.

The Bid shall be signed by a person or persons duly authorized to bind the Bidder to the

contract. Such authority shall be either in the form of a written and duly stamped Power of

Attorney or a Board Resolution duly certified by the company‟s competent authority, extract

of which duly certified as true copy should accompany the Bid.

C. Other instructions with respect to e-tendering

(i) Interested bidders have to necessarily register themselves on the portal https://www.tcil-india-electronictender.com through M/s Telecommunications Consultants India Limited, New Delhi to participate in the bidding under this invitation for bids. It shall be the sole responsibility of the interested bidders to get them registered at the aforesaid portal for which they are required to contact M/s Telecommunications Consultants India Limited, New Delhi at following address to complete the registration formalities:

M/s Telecommunications Consultants India Limited, 6th Floor, TCIL Bhawan, Greater Kailash – 1, New Delhi – 110 048 Contact No. : 011-26241790, 98683 93717/75/92 Email-ID: ets_support@tcil-india.com

(ii) They may obtain further information regarding this tender from ED(Contracts) at the address given below from 10:00 hours to 17:00 hours on all working days till the last date of online submission of Bidding Documents.

Executive Director (Contracts)

Engineering Projects (India) Limited

Core -3, Scope Complex, 7 Lodhi Road,

New Delhi – 110 003

Phone: +91 11 24361666 extn 2301

Fax: +91 11 24363426

Email: contracts@engineeringprojects.com

(iii) For proper uploading of the bids on the portal namely https://www.tcil-india-electronictender.com (hereinafter referred to as the „portal‟), it shall be the sole responsibility of the bidders to apprise themselves adequately regarding all the relevant procedures and provisions as detailed at the portal as well as by contacting M/s Telecommunications Consultants India Limited, New Delhi directly, as and when required, for which contact details are mentioned above. The Employer in no case shall be responsible for any issues related to timely or properly uploading/submission of the bid in accordance with the relevant provisions of Section Instruction to Bidders of the Bidding Documents.

(iv) Bidders can download the bid document from the portal without registering or paying document fees in advance, any time from 18:00 Hrs. on 16.07.2018; however interested bidders have to pay tender fees for participating in the tendering and submitting the bid.

(v) E-Bids must be submitted/ uploaded along with scanned copies of relevant documents pertaining pre-qualification criteria under “Single Stage Two Envelope Bidding Procedure” on the TCIL portal on or before last date and time of online bid submission. Late bids will not be accepted. Under the above procedure, only Technical Part shall be opened in the presence of the bidders‟ representatives who choose to attend in person at the address given in clause above on schedule date and time of bid opening or may be viewed by the bidders by logging into the portal as per features available to them. Price part shall be opened of technically qualified bidders.

(vi) The price bid of those bidders whose bid has been technically accepted on the basis of documents submitted shall be opened with prior intimation to them. However, it is made clear that the offer of the L-1 bidder shall be accepted subject to the confirmation of the authenticity of the PQ documents/BG from the concerned department/Bank.

(vii) Tender fee, EMD, NSIC/MSME certificate as per pre-qualification criteria if bidder is claiming Tender fee/EMD exemption, Affidavit Annexure-I and Pass Phrase (Both for technical and financial bid in separate envelope) to decrypt the bid must be submitted in physical form at the address given above on or before Last date and time of online bid submission. If the above documents are not received in time then their offer shall not be considered and EPI shall not be responsible for any postal delay in respect of submission of hard copy part of the bids.