Scope of Work

Aruba Clearpass Wireless NAC

Refresh/Upgrade

Version: 2.3
Date: 03/09/2023

Upgrade Cisco ASA with Cisco FPR2130

1
Revision History

VERSION NO. REVISION DATE CHANGE REFERENCES & SUMMARY

Mohammad Islam 15/05/2023 Initial Draft 1.0
Mohammad Islam 10/06/2023 Initial Draft 2.3
Mohammad Islam 31/08/2023 Initial Draft 2.4

Approvals

NAME DESIGNATION SIGNATURE DATE VERSION

Anis Oumlil Manager, Security Operations 06/06/2023 2.1
Anis Oumlil Manager, Security Operations 03/09/2023 2.4

Upgrade Cisco ASA with Cisco FPR2130

2
Table of Content
1. INTRODUCTION/BACKGROUND....................................................................................................................
2. DESCRIPTION OF CURRENT DESIGN AND CONTROLS.....................................................................................
3. SCOPE OF WORK...........................................................................................................................................
4. PROCUREMENT OF HARDWARE AND SOFTWARE..........................................................................................
5. DELIVERABLES...............................................................................................................................................
6. EVALUATION CRITERIA/RESPONSE REQUIREMENTS......................................................................................

Upgrade Cisco ASA with Cisco FPR2130

3
 1. INTRODUCTION/BACKGROUND
The Wireless Network Access Control (WNAC) security solution has been deployed to ensure a safe and secure
wireless LAN network as it enabled AAA (Authentication authorization and accounting) services, which basically
accept connections only from authorized endpoints belongs to Sidra employees or Sidra Medicine’s own assets.

The main components and goals of this technology upgrade project are:
 Design review of current implementation of WNAC solution and address necessary enhancement needs.
 Migrate existing deployment to new deployment without any service impact.
 Professional deployment and integration of the solution according to the vendor best practices.
 Professional trainings and knowledge transfer.

2. DESCRIPTION OF CURRENT DESIGN AND CONTROLS

Sidra wireless Networks is secure using a mix of hardware and software Aruba ClearPass appliances. The
current deployment consists of 4 Hardware and 4 virtual appliances with 82200 Access licenses, 1200
Onboard licenses and 4200 OnGuard licenses. The breakdown of the platforms and their role is the
following:
 Two Aruba C3000 ClearPass 25K virtual appliances. These two virtual machines are configured as
publisher in high availability cluster.
 Two Aruba C2000 ClearPass 5K virtual appliances.
 Four Aruba C2000 ClearPass 5K HP DL20 Gen9 Hardware appliance.
Different authentication and authorization services along with posture and enforcement policies are
configured on the policy manager nodes, which are deployed in cluster fashion to ensure high-availability.
Today Wireless setup allow the enablement of the below security NAC controls:
 Centralized Policy Management
 Device Profiling and Visibility
 Access Control
 Authentication and Authorization
 Device profiling and posturing
 Policy enforcement, Reporting and analytics.

Upgrade Cisco ASA with Cisco FPR2130

4
 3. SCOPE OF WORK
The scope of this engagement is for a bidder to propose an upgrade and renewal of existing hardware and
software solutions as per Option-1 or propose a new technology as per option-2. For both options the
support validity should be for 3 years.

Hardware/Software/Solution Delivery:
Option -1:

 Replace the list of Aruba Clear Pass platforms that are declared End Of life and listed in Appendix B.
The new platforms either Aruba Clear Pass or from other vendor need to be seamlessly integrated
with the CP Publisher and other products still not end of support listed in appendix A.
 Extension of the current licenses for 3 years duration for the existing products in Appendix A.

Option -2:

 Propose new solution (Hardware/software) with same capacity of licensing and deployment
mentioned in Appendix A and B. The new solution must have similar or better functionalities and
performance compare to the existing product/solution mentioned in Appendix A and B.
 Provide the necessary advanced training courses and their certification for three Sidra engineers to help
Sidra support the new platform and streamline the migration process.

Technical requirement

 The bidder must propose a mapping between current WNAC solution deployed modules against the
proposed appliances/solution.
 The new solution must at least implement all features and capabilities of current deployed solutions.
 Integrate the new security platforms according to the vendor Best Practices.
 The proposed solution must be included at least once in the last 5 years as Leaders, Challengers or
Visionaries in Magic Quadrant for wired/wireless Network Admission/Access Control(NAC).
 The bidder needs to share the datasheet of all proposed platforms and services.
 The bidder must highlight any limitation on and proposed Hardware or software.
 The bidder must have experienced working with similar technologies for more than 3 years and
have implementation engagement for at least 3 projects references in bigger scale (more than 5000
end points).
 The solution must be scalable to support WLCs/Switches from Cisco/Aruba and other standard
vendors in the market.
 The solution should have flexible rule builder based on different profiles. endpoint, user, ip, role,
group etc.
 The solution should have all feature set to help Sidra Medicine complying with data privacy and data
protection mandates by GDPR, HIPAA or Sarbanes Oxley(SOX).

Upgrade Cisco ASA with Cisco FPR2130

5
  The solution should have flexible reporting and notification option along with access logging for
audit compliance.
 The solution must be capable to have detail visibility of who and what is in the network, define
policies/rules based authentication policies based on standard protocols.
 Bidder must facilitate Migration of all currently enabled services and controls to the new Security
platforms without or with minimal downtime.

Support and Maintenance

 The bidder needs also to provide three years support and maintenance of deployed systems and licenses.
 support and maintenance support level option that include at least:
o 24x7 Technical Support by phone, email, and web.
o Defect isolation plus assistance with more complex configuration and “how to” questions
o Full access to latest software releases
o Defected Hardware replacement with all SLA options.
o All options should have a duration of three years.
 The bidder needs to propose both vendor support that allow both Hardware, Software and license support
and local support to assist Sidra during emergencies for both one year and three years options.

4. PROCUREMENT OF HARDWARE AND SOFTWARE

 Deliver the security appliance within a period of maximum 8 weeks from the date of purchase order.
 Full integration of the new security appliances within a period of maximum 14 weeks from the date of
purchase order.

5. DELIVERABLES

 Deliver and Implement the solution (installation of security appliances) that implement all security controls
currently deployed at the datacentre, and all features according to SOW.
 Provide Sidra with a comprehensive set of documentation materials that cover all software and hardware
covered under this agreement.
o Priced and Unpriced BoQ (Bill of Quantity)
o Licenses
o Training materials/KT Documentation/ SOPs

Company profile, Reference and vendor partnership level

 The bidder must submit references that confirms that the bidders have already implemented projects with
the same scale and complexity.
 The bidder must submit vendor authorization letter that confirm the partnership level with the vendor.
 In case the proposed solution is different than Aruba Clearpass the bidder must submit at least 3 reference
of successful migration from Aruba Clearpass to the proposed solution.
o

6. EVALUATION CRITERIA/RESPONSE REQUIREMENTS

Upgrade Cisco ASA with Cisco FPR2130

6
  Proposals should be very clear and self-explanatory with a straightforward, concise delineation of the
itemized price of each item, and in the same order for each component as described in this RFP request.
 The Proposal should include all associated costs.
 The vendor must comply with all technical requirements highlighted in this document.
 The vendor must engage to complete the full integration of the new solution within (14) weeks and on-site
hardware delivery within (8) weeks.
 The bidder must submit references that confirms that the bidders have already implemented projects with
the same scale and complexity.
 The bidder must submit vendor authorization letter that confirm the partnership level with the vendor.
 In case the proposed solution is different than the existing solution, the bidder must submit at least 3
references of successful migration from Aruba ClearPass to the proposed solution.

Appendix A

Product Description Support Package Description Product No. QTY Start Date End Date

HPE 3-Year Foundation Care 24x7

Aruba 3Y FC SW CP Cx000V
ClearPass Cx000V VM Appl E-LTU H9WX3E 4 01/02/2024 31/01/2027
VMAppl E-L SVC [for JZ399AAE]
Service

Aruba ClearPass OG 500 EP Lic

HPE Foundation Care NBD SVC JW569AAE 1 01/02/2024 31/01/2027
E-LTU

Aruba ClearPass OG 1K EP Lic E-

HPE Foundation Care NBD SVC JW570AAE 1 01/02/2024 31/01/2027
LTU

Aruba ClearPass OG 2500 EP Lic

HPE Foundation Care NBD SVC JW571AAE 1 01/02/2024 31/01/2027
E-LTU

Appendix B

Product Description Support Package Description Product No. Serial No. QTY

Aruba ClearPass 5K
HPE Foundation Care NBD SVC JX921A MX273500FL 1
DL20 HW Appliance
Aruba ClearPass 5K
HPE Foundation Care NBD SVC JX921A MX273500FT 1
DL20 HW Appliance
Aruba ClearPass 5K
HPE Foundation Care NBD SVC JX921A MX273500FV 1
DL20 HW Appliance
Aruba ClearPass 5K
HPE Foundation Care NBD SVC JX921A MX273500G0 1
DL20 HW Appliance

Upgrade Cisco ASA with Cisco FPR2130

7