Professional Documents
Culture Documents
A. Cloud Infrastructure Indicate 1 / 0: Technical Requirement - Format T1 SR No
A. Cloud Infrastructure Indicate 1 / 0: Technical Requirement - Format T1 SR No
4
The data-center's ability to scale up or down the servers/compute resources on-
demand/ as desired without significant technical down time and pay as per usage
The IT infrastructure should be hosted on cloud. The cloud should have following
capabilities:
5 All the virtual machines should be auto scalable in terms of RAM and CPU.
6 The cloud platform should ensure high availability across virtual machines.
7 Cloud platform to support horizontal load balancing along with vertical load balancer to
balance network traffic.
8 Cloud provider should provide dashboard of all virtual machines to monitor resources
allocated and used by the applications deployed.
9 Cloud dashboard should permit generation of reports for trend analysis of system
usage.
10
There should be provision to generate historical reports of resources utilization.
11
There should be admin panel to create, delete, start, stop, and copy virtual machines.
12 There should be provision to take snapshots of machines so that working images of
machines can be taken.
14
Disaster Recovery Services to ensure continuity of operations in the event of failure of
primary data centre to meet the RPO and RTO requirements as specified by CGTMSE.
15 RPO should be less than or equal to 30 minutes and RTO shall be less than or equal to
4 hours
16 During the change from Primary DC to DR or vice-versa (regular during drill or
restoration after disaster), there should not be any data loss.
17 There shall be asynchronous replication of data between Primary DC and DR and the
Cloud Service Provider will be responsible for sizing and providing the DC-DR
replication link so as to meet the RTO and the RPO requirements.
18
Normally Primary Data Center will be the active server. The Disaster Recovery Site will
remain on standby with minimum possible compute resources required for a functional
DR as per the solution offered. The application environment shall be installed and ready
for use. DR Database Storage shall be replicated on an ongoing basis and shall be
available in full (100% of the PDC) as per designed RTO/RPO and replication strategy.
The storage should be 100% of the capacity of the Primary Data Center site.
19 In the event of a site failover or switchover, DR site will take over the active role, and all
requests should be routed through DR site.
20 During failover from primary DC to secondary (DR), compute environment for the
application at DR site shall be equivalent to DC including all the security features and
components of DC, without the failover components.
21
The installed application instance and the database shall be usable and the same level
of uptime of 99.5% as stipulated for DC shall be provided, when DR is activated.
22
The bandwidth at the DR shall be scaled up to the level of Data center when DR is
activated and other times it shall be adequate only to ensure replication of DC at DR.
23
The service provider shall conduct live DR drill for two days at the interval of every six
months of operation wherein the Primary DC has to be deactivated and complete
operations shall be carried out from the DR Site. However, during the change from DC
to DR or vice-versa (regular planned changes), there should not be any data loss. The
pre-requisite of DR drill should be carried out by 3rd party security testing company as
selected by CGTMSE and bidder jointhly. Certificate for DR drill should be submitted to
CGTMSE for compliance. Cost of such drill by 3rd party, needs to be borne by bidder.
24
The service provider shall clearly define the procedure for announcing DR based on the
proposed DR solution. The service provider shall also clearly specify the situations in
which disaster shall be announced along with the implications of disaster and the time
frame required for migrating to DR. The service provider shall plan all the activities to be
carried out during the Disaster Drill in consultation with CGTMSE.
25 The disaster recovery plan needs to be provided by the service provider which needs to
be updated half-yearly.
26
On successful award of the cobtract, the bidder will submit BCP plan to CGTMSE.
28 Cloud service provider should enable CGTMSE to provision / change cloud resources
through self service provisioning portal.
29
The user admin portal should be accessible via secure method using SSL certificate.
30
CGTMSE should be able to set threshold of cloud resources of all types of scalability.
31 CGTMSE should be able to provision all additional storages required for cloud services.
32 CGTMSE should be able to predict his billing of resources before provisioning any
cloud resources.
33
CGTMSE should be able to get list of all cloud resources from provisioning portal.
34 CGTMSE should be able to set the scaling parameters.
35 CGTMSE should be able to set percentage / quantity of RAM consumption to trigger
new virtual machines.
36 CGTMSE should be able set percentage / quantity of CPU consumption to trigger new
virtual machines.
37 CGTMSE should be able to set percentage / quantity of network bandwidth to trigger
new virtual infrastructure.
D. Data Management
38 Service provider should always ensure that data is destroyed whenever any cloud
virtual machine is recycled or deleted.
39
Service provider should clearly define policies to handle data in transit and at rest.
40 Service provider should not delete any data at the end of contract period without
consent from CGTMSE.
41
In case of scalability like horizontal scalability, the service provider should ensure that
additional generated data is modified/deleted with proper consent from CGTMSE.
42 Service provider should ensure secure data transfer between Primary Data Center and
Disaster Recovery site.
43 Service provider should ensure data leakage protection and prevention.
E. Operational Management
44
Service provider should upgrade its hardware time to time keeping in tune with EOL of
the hardware to recent configuration to deliver expected performance for CGTMSE.
45 Investigate outages, perform appropriate corrective action to restore the hardware,
operating system, and related tools.
46 Service provider should manage their cloud infrastructure as per standard ITIL
framework in order to deliver appropriate services to CGTMSE.
47 Service provider should deliver cloud resources with system for real time detection of
resource requirement and automatic adjustments.
51 In case of scalability like horizontal scalability, the Service provider should ensure that
additional requirement of network is provisioned automatically of same network
segment.
52 Service provider must ensure that there is console access to cloud VMs, if CGTMSE
requires to access it using IPSEC/SSL or any other type of VPN.
53
Service provider should ensure that cloud VM network is IPV6 enabled and all public
facing devices are able to receive and transmit IPV6 data in addition to IPV4.
54 Service provider should have provision of dedicated virtual links for data replication
between their multiple datacentre in order to provide secure data replication for DR
services.
55 Service provider should ensure use of appropriate load balancers for network request
distribution across multiple cloud VMs.
G. Datacenter specifications
56 The primary and DR Site data-centers must be in India. No data should be transferred
out side India by the hosting service provider.
57 The primary and DR site datacentres should be located in different seismic zones and
not on same fault lines.
58 The data centre (both primary and DR) should be MEITY empanelled.
59 Proper Data Leak Prevention policies and processes must be in place
60
The datacentres should have adequate physical security in place.
61 The data-centers should conform to at least Tier-3 standards (certified under TIA942 or
Uptime Institute certifications by a 3rd party) and implement tool-based processes based
on ITIL standards.
62 Data Centres should allow the access to physical audit of the data centres by CGTMSE
or any other third party authorised by CGTMSE.
63 Data Centres have to be PCI/DSS compliant.
95 Service provider should give provision to monitor the uptime of cloud resources. The
report should be in exportable form.
96 Service provider should make provision to monitor the running process of
Linux/Windows servers. This will help CGTMSE to take the snapshot of processes
consuming resources.
97 Service provider must ensure that there should be historical data of minimum 6 months
for resource utilization in order to resolve any billing disputes if any.
98 Service provider must ensure that audit logs of scalability i.e. horizontal and vertical is
maintained so that billing disputes can be addressed.
99 Service provider must ensure that log of reaching thresholds used to trigger additional
resources in auto provisioning are maintained.
100 Service provider must ensure that there are sufficient graphical reports of cloud
resource utilization and available capacity.
101
Service provider should provide network information of cloud virtual resources.
102 Service provider should offer provision to monitor latency to cloud virtual devices from
its datacenter or CGTMSE should be able to set monitoring of latency to cloud VMs
from outside world.
103 Service provider must offer provision to monitor network uptime of each cloud virtual
machine.
104 Service provider must provide utilization reports for Internet bandwidth, load balancers
etc.
M. Backup Services
110
Service provider must provide backup of cloud resources. Backups should be
maintained at both off-site and on-site locations in secure fire proof and environmentally
controlled environments so that the backup media are not harmed.
111 Service provider should perform backup and restore management in coordination with
CGTMSE’s policy & procedures for backup and restore, including performance of daily,
weekly, monthly, quarterly and annual backup functions (full volume and incremental)
for data and software maintained on the servers and storage systems using Enterprise
Backup Solution.
112 Backup and restoration of Operating System, application, databases and file system
etc. in accordance with defined process / procedure / policy.
113
Monitoring and enhancement of the performance of scheduled backups, schedule
regular testing of backups and ensure adherence to related retention policies
114 Ensuring prompt execution of on-demand backups & restoration of volumes, files and
database applications whenever required.
115
Real-time monitoring, log maintenance and reporting of backup status on a regular
basis. Prompt problem resolution in case of failures in the backup processes.
116 Media management including, but not limited to, tagging, cross-referencing, storing
(both on-site and off-site), logging, testing, and vaulting in fire proof cabinets if
applicable.
117 Generating and sharing backup reports periodically
118 Coordinating to retrieve off-site media in the event of any disaster recovery
119 Periodic Restoration Testing of the Backup
120 Maintenance log of backup/ restoration
O. Managed Services
Network and Security Management: Monitoring & management of network link
proposed as part of this solution.
132 Bandwidth utilization, latency, packet loss etc.
133
Call logging and co-ordination with vendors for restoration of links, if need arises.
134 Redesigning of network architecture as and when required by CGTMSE
135
Addressing the ongoing needs of security management including, but not limited to,
monitoring of various devices / tools such as firewall, intrusion protection, content
filtering and blocking, virus protection, and vulnerability protection through
implementation of proper patches and rules. vi) Ensuring that patches / workarounds for
identified vulnerabilities are patched / blocked immediately
136
Ensure a well-designed access management process, ensuring security of physical and
digital assets, data and network security, backup and recovery etc.
137 Adding/ Changing network address translation rules of existing security policies on the
firewall
138 Diagnosis and resolving problems related to firewall, IDS /IPS.
139 Managing configuration and security of Demilitarized Zone (DMZ) Alert / advise
CGTMSE about any possible attack / hacking of services, unauthorized access /
attempt by internal or external persons etc
R. Miscellenous
178
The Bidder should have the capability to provide various other services like Database,
Cache, Search, Analytics, Mobile, Backend, Queues, Tables, Backup, Identity
Management, CDN, Client Application Analytics as a Service on pay as per usage
mode backed by monthly SLAs of minimum 99.5% availability.
179
The Bidder should support auto scalability to increase or decrease the compute
resources as per demand in order of minutes based on CPU/RAM utilization and
charge only for resources being used on a per minute, hourly or daily basis.
180
The Bidder should provide mechanisms to allow provisioning/de provisioning of Virtual
Machines on demand and should not charge for them when de provisioned.
181 The Bidder will support and allow users to encrypt their data at rest using customer’s
own key
182 The Bidder should ensure that their network is protected against DDOS attacks at no
extra cost
183 The Bidder should support logical separation of the infrastructure pieces provisioned on
the cloud in multiple setups
184 The Bidder should publish the real-time status of all the services refreshed atleast at a
frequency of 5 min
185 Bidder must provide a UAT (User Acceptance Test) for the failover/failback scenarios
after the deployment
186
The DR automation software should be provided as a part of the overall DR-as-a-
Service. The software must be provided under a usage model or subscription model
187 Any server/storage networking/security requirement to support the DR solution at the
DR Site should be provisioned by the Bidder and billed to CGTMSE on a "Per Usage
Model" Only.
188 Bidder should be able to provide High IOPS Storage (greater than 50,000 IOPS per
VM).
189
Integrated media streaming services for on-the-fly conversion of the video content to
multiple video formats required for various devices: MP4 (HTML5 Web Browser), HLS
(iOS and Android), HDS (Flash/ Adobe AIR), Smooth Streaming (iOS and Windows),
MPEG-DASH (Windows). This will insure consumption of video across PC
(Windows/Mac), Android, iOS and window devices
190
The replication should be application-consistent for single or N- Tier applications
191
The proposed DR software should take care of the pre-storing and automation of all
network configurations specific to the protected servers during the failover/failback
scenarios. These network configurations should include:a) Reserving new IP addresses
for the failover servers (physical or VM's). Bidder must explicitly mention whether the
proposed solution will ensure inheritance of the same IP addresses as that of the
primary servers. Bidder should also mention the permitted IP ranges that can be used
for the DR servers. b)Configuration of load balancers, Firewalls etc at the DC & DR site
192
Failover scenario: The proposed solution should allow pre-built of recovery plans for
various servers which includes target server configuration, IP configurations, network
configuration etc. Test DR failover scenario should not affect the primary server at all.
193 Failback Scenario: The proposed solution should ensure failback to original DC and
should take care of replication of only delta (changed data after failover) from DR to DC.
This need to be confirmed by the bidder.
194
The proposed application cloud environment should provide flexibility to scale the
environment vertically and horizontally: a. Vertically: Upscale/downscale the
solution to higher configuration Virtual Machines (i.e. VMs with different combinations of
CPU and Memory) b. Horizontally: Add more Virtual Machines of the same
configuration to a load balanced pool.
195
Bidder be compliant to the following security standards - ISO 27001, SOC1 and SOC2
196
Offer LDAP authentication services on cloud which can scale up to millions of users
197 Should use virtualization platform in public cloud which can be deployed on-premises
and the VMs can be moved from Public cloud to on-premises/private cloud seamlessly
without reformatting.
198 The cloud data center must have assured protection with security built at multiple levels
and 24x7 monitoring by provisioning physical security, biometric identification and close
The Bidder should provide mediacircuit monitoring
streaming services as a native cloud capability; It
199 should support both Live
Secure Web administration interface, which andmust
on-demand streaming.
be provided to remotely administer
200 Allow to copy or clone virtual machines images for archiving, for
the virtual instances: RDP for Windows instances and SSH Linux instances.
troubleshooting, and
201 testing.
These storages can be dynamically scalable on-demand and Virtual Machine instances
202 should be able to mount it as OS drives
203 The Bidder should deploy VM such that every virtual core should be mapped to physical
core. No hyper threading or turbo boost allowed
204 The infrastructure elements including server, storage (including backup storage) and
network of the Cloud should provide strong tenant isolation, provide granular identity
and access management capability and encryption and be logically separate from other
tenants.
205 Bidder should enable encryption of data both in rest and transit
206 The cloud service offering shall support Network and security with virtual firewall and
virtual load balancer integration for auto-scale functions
207 Bidder should have Separate VLAN provision with dedicated virtual firewall between the
VLANs and for each and every client
208
The Bidder should provide a multi-tenant, Identity management (User Authentication &
Authorization) and Directory service as a cloud service (as a native platform feature)
backed by SLA.The Identity service should allow single sign-on (SSO).
1. Each point carries one (1) mark. Bidder has to score 75% from this form to qualify technically. Additionally,
Bidder also needs to comply of getting at least 60% in each of the Blocks Mentioned above From "A to R".
2.Bidder needs to produce and submit relevant certificates and documents for the above mentioned cells where
they have put "1" as yes. 3. Bidder needs to mark "1" against all the services which it has delivered or can
deliver (With a self-declaration) 4. Bidder needs to produce all the relvant certificates/documents related to
above mentioned "Yes" at the time of presentation
1. Each point carries one (1) mark. Bidder has to score 75% from this form to qualify technically. Additionally,
Bidder also needs to comply of getting at least 60% in each of the Blocks Mentioned above From "A to R".
2.Bidder needs to produce and submit relevant certificates and documents for the above mentioned cells where
they have put "1" as yes. 3. Bidder needs to mark "1" against all the services which it has delivered or can
deliver (With a self-declaration) 4. Bidder needs to produce all the relvant certificates/documents related to
above mentioned "Yes" at the time of presentation