Tech Specs 90338 - Annexurea75prnbpdcl

Annexure ‘A’- (Technical Specification): 75/PR/NBPDCL/2023
Table of Contents
Considarations while desiging the DC and DR ........................................................................................ 1
1. Stand Alone Server.......................................................................................................................... 2
2. SAN .................................................................................................................................................. 3
3. SAN Switch ...................................................................................................................................... 6
4. File Management & Sec .................................................................................................................. 9
5. Leaf Switch .................................................................................................................................... 11
6. OOB(Mangagement) Switch ......................................................................................................... 13
7. API Gateway .................................................................................................................................. 15
8. HSM ............................................................................................................................................... 17
9. EMS-NMS ...................................................................................................................................... 20
10. APM-Specs ................................................................................................................................ 29
11. Internal Firewall ........................................................................................................................ 35
12. HIPS ........................................................................................................................................... 39
13. File Monitoring .......................................................................................................................... 41
14. DMS ........................................................................................................................................... 42
15. Server Load Balancer ................................................................................................................ 49
CONSIDARATIONS WHILE DESIGING THE DC AND DR
 Bidder needs to supply required devices/solutions at DC & DRC as per proposed solution
design meeting all the requirements.
 Bidder needs to consider all devices/solution in High availability mode so that required
services can be delivered without any interruption.
 All the proposed solution/ device shall be onsite warranty for 7 years from Go-live of the
proposed ERP solution.
 Some device/ solutions required at DC & DRC has been mentioned below however bidder
needs to deploy any additional device/solution if required to deliver the services as per scope
of work of RFP.
 Purchaser is in the process of RMS billing solution (NIT 51/PR/NBPDCL/2023). In that NIT,
there are ICT infrastructure like Link Load Balancer, DDoS Protection, External Firewall,
SSLI, Router, Spine Switch, Border Leaf Switch, Switching Fabric, Backup Software, Tape
Page 1 of 51
Library, EDR, IDAM, WAF, DAM, Logger, etc. bought out. Barring these, if a solution is
reusable, the bidder can use that ICT infrastructure with additional cost.
 The proposed solution should be purpose build, unified agent for end point protection. The
unified agent should offer threat prevention, attack investigation, access control, Sandboxing
, Data protection/encryption & web protection capabilities.
 The proposed solution shall be licensed for client machines & must leverage both signature
based and signature less security controls leveraging advance AI/ML based models.
 The proposed solution EDR solution must be integrated with external firewall and should
have the following protection mechanism:
o Anti-Ransomware protection
o Behaviour based protections
o Anti-exploit / HIPS
o Anti Bot
o Anti-malware
o Forensics Collection & automated reports
o Web Protection
 The bidder must provide the following ICT infrastructure with minimum technical
specifications of proposed device/solutions has been mentioned below and bidder needs to
comply the same.
1. STAND ALONE SERVER

Sr. Compliance
Requirements
No (Yes/No)
Proposed server should be rack/Chassis based and it must be supplied
1 with a minimum two socket and min 2 x Intel Xeon-Gold 6430 2.1GHz
32-core 270W Processor or AMD equivalent Scalable Processors with
latest Intel Chipset.
2 Proposed server should support at least 8x 3.5” or 2.5” hot-plug SSD

internal storage with RAID 0, 1, 5, 6 & 10
3 Should support Boot-from-SAN for Fiber Channel (FC), Fiber Channel

over Ethernet (FCoE), and iSCSI storage
4 Proposed server should support minimum 16 x 64GB (1x32GB) Dual

Rank x8 DDR5-4800 memory
5 Proposed server should have expansion Slot min Minimum of 3 Nos of

PCIe 3.0
10/25Gb 2-port SFP28 Adapter, 32Gb 2-port Fibre Channel Host Bus
6
Adapter with Transreceiver and patch cords
Proposed server should support 1 USB 3.0 ports, power buttons and
7 status LEDs, 1 video graphics adapter (VGA) port & Rear I/O 2 USB 3.0
ports, 1 VGA port, 1 RS232 serial port, 1 MicroSD slot
Proposed server should have onboard RAID controller
8
Proposed server should have 1+1 high-efficiency, redundant hot-plug
min 800 watt each power supply unit (PSU) min 800 watt each
10 The proposed solution must be supplied with at least 900 GB SSD on

RAID 1.
Page 2 of 51
Proposed server should have at least 2 dual-rotor fans

11 Proposed server should have video Integrated. video memory or
equivalent
Proposed server should support System Management Baseboard
12 management controller IPMI v2.0 compliant, onboard “KVM over IP”
support
GPU support: Server should support latest NVIDIA or AMD GPU for
graphics intensive applications. Should be able to attach a graphics
13 expansion module to accommodate two high end Graphics modules
Security Trusted Platform Module 2.0, UEFI Secure Boot, Cryptographic

14
Signed BIOS
System Security
15 Power-on password
16 Administrator's password
17 Keyboard password (Quick Lock)
18 TPM (Trusted Platform Module) 1.2 or 2.0 option
OS Support
19 Microsoft Windows Server 2022
20 Red Hat Enterprise Linux (RHEL)
21 SUSE Linux Enterprise Server (SLES)
22 Vmware ESXi 8.0 or latest
23 Oracle Linux and oracle VM
24 Keyboard, Mouse and 17 Inch LCD Display, Mounting Kit for all devices
and other assoseries.
25 The bidder to provide all required Fiber and Transreceiver for the
solution
26 OEM Manufacturing Authoriztion Form is mandatory
2. SAN
Compliance
S.No. Specification
Yes/No
Offered Storage must have scale-up and scale-out
architecture for SAN and NAS protocols asked, it must scale
to 8 or more controllers for future expansion. It must
support mixing of controllers within same generation and
across generation of controller models, it must also support
data in place upgrades for the Storage controllers to higher
1 generation of controllers while data is intact in old NVMe
media.. Storage must be offered with purpose built single
operating system supporting all of the block, file protocols
and Object (S3) API asked.
Page 3 of 51
Offered Storage must support Symmetric or Asymmetric

Active/Active architecture for block access, it also must
support file shares to be accessible from all available
controllers. Storage must support upto 10PB file share
2 within a single namespace where data is spanning across 2
or more controllers and data is accessible from all of the
controllers.
Offered Storage must be supplied with minimum 60 TB of

usable capacity after concurrent dual drive failure
protection and spare drives as per OEM's best practices.
Offered storage must be based on end to end NVMe
architecture. Offered Storage must also support Triple
3
parity protection for higher resillance from concurrent
NVMe drive failure, the offer storage should be able to
scale to 2PB in Scale out architecture
Offered Storage must be configured with minimum of 12

Cores per Controller. Storage must be configured with
minimum 64 GB DRAM based Global/Federated
4 Cache/Memory per controller. Writes in the cache must be
protected in the event of unplanned power outage by
destaging to persistent storage or battery backed cache.
Offered Storage configuration must be sized to support

minimum 200K IOPS of 8KB block size(Read:Write ratio of
70:30) using NVMe Protocols alongwith data reduction
5 enabled.. Offered solution must support 4X scalability of
performance by leveraging scale up and scale out
architecture.
Array must be offered with minimum 2x32Gbps FC and

6 2x25Gbp Ethernet ports across controllers supporting
asked protocols.
Offered Storage must support scalability minimum of 24
7 NVMe Drives
Offered Storage must support minimum of 1000 Redirect
on write snapshots per volume, Production SAN and NAS
Volumes must be protected with point-in-time copies.
8 Administrator must be able to setup a policy to take
snapshots every 1 hour and retaining it for one month
without any performance impact to host IO.
Page 4 of 51
Offered Storage must provide application consistent data

protection within the datacenter (Snapshots & Thin clones)
or by replicating to the remote datacenter. It must support
9 VMware, MS SQL, Mongo DB, Oracle, MS Exchange, SAP
HANA, SAP MaxDB, PostgreSQL, DB2 etc.
The storage operating system must provide FC, NVMe-oF,

NVMe/TCP,iSCSI, pNFS, NFS (NFSv3, NFSv4, NFSv4.1 ),
CIFS/SMB protocols natively to support heterogeneous
10 application environment. In addition to the above, Object
(S3 compatible) protocol should also be supported natively.
Offered Storage must provide Inline as well as Post-Process

deduplication, compression for both Block and File data.
11 Data reduction must be maintained while Tiering and
replicating the data.
Storage must support data in place conversion of block LUN
to NVMe Namespace conversion and vice versa for moving
12 workloads from traditional SCSI protocols to NVMe
Protocols.
The storage system should offer capability to identify and
remediate ransomware attacks using autonomous
ransomware protection within the controllers. The offered
system should support ransomware and insider threat
13 detection to protect data with early detection and
actionable intelligence on ransomware and other malware
incursions.
Offered Storage must be configured with required Licenses

to configure:
1) Synchronous and Asynchronous Replication between 2
DCs for both Block and File Protocols.
2) 3DC Replication with Zero RPO across 3 DCs where 2
Sites are within Metro Distance and 3rd Site can be
14 >1000km away for both block and file Protocols.
4) Replication solution must support bi-directional
replication to minimum 3 meity compliant public clouds,
replication traffic must be encrypted during replication to
public cloud.
Offered Storage replication should be secured by end-to-

end encryption and bandwidth optmization over a WAN
15 link. All the necessary hardware & licenses should be
quoted from day 1 in Highly available configuration.
Page 5 of 51
The proposed storage array must support data-at-rest

encryption in compliance with FIPS 140-2 certification
16 managed by On-board Key Manager or External Key
Manager.
The storage system should offer high-performance
compliance solution in accordance to various industry
standards to meet regulations such as Securities and
Exchange Commission (SEC) 17a-4, HIPAA, Financial
Industry Regulatory Authority (FINRA), Commodity Futures
Trading Commission (CFTC), and General Data Protection
Regulation(GDPR).
The storage should be configured to comply with SEC Rule

17a-4 for File data in order to protect the data with WORM
protection.
Offered Storage must have capability to implement Quality
of Service which must allow administrators to limit IOPS
and throughput for certain Block Luns and File shares.
Required HW and SW must be offered.
The system should provide capabillity to tier cold file and

block data to Object storage within the Data Centre or to
the object storage in the public cloud (AWS, Azure and
Google) while preserving data efficiencies and single name
space. Traffic between primary to object storage must be
encrypted.
Storage system must be offered in a No-Single-Point of

Failure offering upto six 9s of availability with scale up and
17 scale out architecture for all protocols asked .
Warranty & AMC The Hardware and software quoted

16 should have 7 years support along with upgrade and
updates.
3. SAN SWITCH
Compliance
Sr. No. Parameters Requirements
(Yes/No)
The fibre channel switch must be
1 Formfactor
rack mountable with 1U/2U.
The proposed SAN switch should
be supplied with 24 x FC ports for
Fibre Channel
2 device connectivity should be
Ports
32/64 Gbps auto- sensing Fibre
Channel ports. All the necceray
Page 6 of 51
cables, transreceivers should
Full-fabric architecture with a man

3 Scalability
of 20 switches
Certified
4 support 5000 active nodes; 50
Maximum
switches, 15 hops
support below:
Fibre Channel: 4.25Gb/s line
speed, full duplex; 8.5Gb/s line
5 Performance
speed, full duplex; auto-sensing of
4, 8, 16, and 32G port speeds.
support Frame-based trunking
with up to eight 32G SFP+ ports
per ISL trunk; up to 256Gb/s per
6 ISL Trunking
ISL trunk. Exchange-based load
balancing across ISLs with DPS
included in Brocade Fabric OS
fabrics
Aggregate
7 support 768Gb/s Aggregate
Bandwidth
Bandwidth
Maximum Fabric support Maximum Fabric Latency
8
Latency for locally switched ports should
be <780 ns (including FEC)
Maximum Frame
9 support Frame Size up to 2112-
Size
byte payload
10 Frame Buffers support 2000 dynamically
allocated frame buffers
support below classes of services:
11 Classes of Service
Class 2, Class 3, Class F (inter-
switch frames)
support below port types:
12 Port Types F_Port, E_Port, M_Port, D_Port
(ClearLink Diagnostic Port) on 24
SFP+ ports
13 Data Traffic Types Fabric switches supporting unicast
32G FC SFP+ LC connector
14 Media Types
16G FC SFP+ LC connector
15 USB One USB port for system log file
Page 7 of 51
downloads or firmware upgrades

Credit Recovery; Advanced Zoning
(Default Zoning, Port/WWN
Zoning, Peer Zoning);
Congestion Signaling; Dynamic
Path Selection (DPS); Extended
Fabrics; Fabric Performance
Impact
Notification (FPIN); Fabric Vision;
16 Fabric Services FDMI; Flow Vision; F_Port
Trunking; FSPF; Integrated
Routing;
ISL Trunking; Management Server;
Name Server; NPIV; NTP v3; Port
Decommission/Fencing; QoS;
Registered State Change
Notification (RSCN); Target-Driven
Zoning; VMID and AppServer
HTTP/HTTPS; SNMP v1/v3 (FE MIB,
FC Management MIB); SSH;
Brocade Advanced Web Tools;
Brocade SANnav Management
17 Management
Portal and SANnav Global View;
Command Line Interface (CLI);
RESTful API; trial licenses for add-
on capabilities
DH-CHAP (between switches and
end devices), FCAP switch
authentication; HTTPS, IP filtering,
LDAP with IPv6, OpenLDAP, Port
18 Security Binding, RADIUS, TACACS+, User-
defined Role-Based Access Control
(RBAC), Secure Copy (SCP), Secure
Syslog, SFTP, SSH v2, SSL, Switch
Binding, Trusted Switch
10/100/1000 Mb/s Ethernet (RJ-
Management 45), in-band over Fibre Channel,
19
Access serial port (RJ-45) and one USB
port
Active Support Connectivity (ASC)
and Brocade Support Link (BSL);
built-in flow generator; ClearLink
optics and cable diagnostics,
including electrical/optical
20 Diagnostics loopback, link
traffic/latency/distance; Fabric
Performance Impact Monitoring
(FPI); flow mirroring; Forward
Error Correction (FEC); frame
viewer;
Page 8 of 51
Monitoring and Alerting Policy

Suite (MAPS); nondisruptive
daemon restart; optics health
monitoring;
POST and embedded
online/offline diagnostics,
including environmental
monitoring, FCping and
Pathinfo (FC traceroute); power
monitoring; RAStrace logging;
Rolling Reboot Detection (RRD);
Syslog/
Audit Log; VM Insight
Temperature: 0°C to 40°C/32°F to
Operating
21 104°F Humidity: 10% to 85% (non-
Environment
condensing)
Temperature: –25°C to 70°C/–13°F
Non-operating
22 to 158°F Humidity: 10% to 90%
Environment
(non-condensing)
23 Heat Dissipation 24 ports at 215 BTU/hr
Base switch includes a power
24 Power Supply supply with four integrated system
cooling fans
The bidder to provide all required
Fiber and Transreceiver for the
25 Others solution
OEM Manufacturing Authoriztion
Form is mandatory
4. FILE MANAGEMENT & SEC

Compliance
S.No. Specification
Yes/No
File upload security solution to protect web
applications from harmful file uploads. The solution
should be at the gateway level & support both ICAP &
API based integration for file upload protection. The
1 solution should be able to scan the files with minimum
5 different anti-malware engines, sanitize the files
including archive files using content disarm &
reconstruction technology & provide real time
sandboxing of suspicious files within a single platform.
A secure managed file transfer solution to exchange
files between users within & outside the organizations
and also encrypt the data at rest. It should be able to
scan the files at the time of upload with a minimum of
2
5 different anti-malware engines, sanitize the files
including archive files using content disarm &
reconstruction technology at the time of upload &
block malicious files from being exchanged.
Page 9 of 51
File upload security solution to protect applications

3
from harmful file uploads:
The solution should inspect traffic / files in line with
4 real time blocking of advanced malware and
ransomware.
The solution should have ICAP & API based
5
integration/service.
The solution should be running at Gateway level & able
6 to scan and validate the file before the file is uploaded
to the production server.
The solution should support scanning of files with at
7 least 10 different Anti-Malware engines to achieve
close 100% detection rate for known threats.
The solution should sanitize files with content disarm &
reconstruction (CDR) to sanitize files by removing
8
active/embedded contents to protect against zero-day
threats & should be configurable.
The solution should be able to scan archive files &
9
password protected files.
The solution should be able to perform real time
10
sandboxing of suspicious files.
Secure Managed File Transfer solution to exchange
11
files between users within & outside the organizations:
The solution should provide web based managed file
12
transfer capability.
The solution should be able to scan files with at least
13 10 different Anti-Malware engines at the time of
upload
The solution should be able to sanitize the files with
content disarm & reconstruction (CDR) to sanitize files
by removing active/embedded contents to protect
14
against zero-day threats & should be configurable &
only sanitized files should be available for the user to
download.
The solution should be able to scan archive files &
15
password protected files.
The solution should be able to perform real time
16
sandboxing of suspicious files
The solution should be able to check for sensitive /PII
17
data in the files
The solution should be able to provide supervisory
approval process to enforce controls on file transfer &
18
supervisors should be able to preview supported file
types before approval
The solution should support HA & encrypt the files at
19
rest with atleast AES-256 bit encryption.
Page 10 of 51
5. LEAF SWITCH
Sr. Paramete Compliance
Product Specification
No. rs (Yes/No)
The Switch should support line rate & non-
blocking Layer 2 switching and Layer 3
routing
There switch should not have any single
Solution point of failure like power supplies and fans
1 Requirem etc should have 1:1/N+1 level of redundancy
ent and must be hot swappable.
Switch and optics must be from the same
OEM
Switch should support the complete STACK
of IP V4 and IP V6 services.
Switch should have the following interfaces:
48*1/10/25G SFP+ port populated with
24*10/25G Multi Rate LR transceivers (If
any OEM don’t have Multi Rate SFP, they
should supply 24 Qty of 25G LR SFP and 8
Hardware Qty of 10G SFP+). The bidder has to supply
and all the neccsary transreceiver, patch cords,
2 Interface and breakout cables from day 1 either all of
Requirem them or whichever is applicable
ent 8/12*100GbE QSFP ports populated with
2*100G 5 Meter DAC cable and 6*100G
Single Mode (Supporting 10KM) SFP's
Switch should support IEEE Link Aggregation
for redundancy across two switches in
active-active mode
The switch should support 128k IPv4 routes
or above
Performa
The switch should support hardware based
nce
3 load balancing at wire speed using LACP and
Requirem
multi chassis ether channel/LAG
ent
Switch should support minimum 4Tbps of
throughput capacity
Switch should support minimum 128,000 no.
of MAC addresses
Switch should support Jumbo Frames up to
Layer2 9K Bytes on all Ports
4
Features Support storm control to prevent
degradation of switch performance from
storm due to network attacks and
vulnerabilities
Switch should support Policy Based Routing
Layer3
5 Switch should provide multicast traffic
Features
reachable using:
Page 11 of 51
a. PIM-SM
b. PIM-SSM
d. Support RFC 3618 Multicast Source
Discovery Protocol (MSDP)
e. IGMP V.2 and V.3
Switch should support Multicast routing
Switch should support for BFD For Fast
Failure Detection
Switch should support VXLAN with EVPN
control plane
Advance
6 Switch must support symmetric VXLAN
Features
integrated routing and bridging with EVPN
active-active multihoming support.
Should support 8 queues per port, priority
queuing, round-robin queuing
Quality of Should support QoS classification, policing

7 and shaping, DSCP and COS.
Service
Should support WRED, Explicit Congestion
Notification, priority flow control, data
center bridging.
Switch should support control plane i.e.
processor and memory Protection from
unnecessary or DoS traffic by control plane
protection policy
Switch should support for external database
for AAA using:
a. TACACS+
8 Security b. RADIUS
Switch should support for Role Based access
control (RBAC) for restricting host level
network access as per policy defined
Switch should support MAC ACLs
Should support Standard & Extended ACLs
using L2, L3 and L4 fields
Switch should support minimum IEEE 1588
PTP boundary clock mode
Should support telnet, ssh, https, SNMPv3,
TWAMP, event manager, scheduler and
configuration rollback for ease of operations
and management
Managea
9 device should support on-device execution
bility
of python script, bash script and docker
containers for automation and
programmability support
Switch should support onboard Packet
Capture using Wireshark/tcpdump in real
time for traffic analysis and fault finding
Page 12 of 51
All relevant licenses for all the above

features and scale should be quoted along
with switch
Should have hot swappable and field
replaceable internal redundant power
supply and FAN from day one, should be
provided with AC power supply and India
power cords. Power Consumption should
not be more than 400 W
All licences should be provided with the
devices for the mentioned features. The
licences should be perpetual in nature should
be provided or 10 years from day-1 in case of
subscription based licencing. Hardware
warranty 84 months from the Date of
Installation Sign off.
Visibility & Automation: Spine/Core,
Leaf/Distribution, Access switches, Router,
Data Center Network Manager & SFP's
should be from same OEM and should be
provided along with software for unified
monitoring, provisioning and telemetry
10 General solution from the same OEM. Should support
telemetry with time-series database view,
traffic flow analytics, PSIRT/BUG visibility,
configuration compliance, endpoint tracking,
POAP/ZTP, device resource utilization, auto
topology view, alerts, Change workflow
management, congestion monitoring,
notification through email & msg, 3rd party
integration. SI will factor required VM's to
install the software in HA cluster, if any
OEM wants to supply their Appliance they
allowed to in HA Cluster. Specification
mentioned above are minimum, OEM/SI can
quoted more Advanced features for software
and Hardware.
Minimum Qty Required - 6 at DC & 6 at DR.
This is the minimum Qty should be quoted
by Bidder, Bidder need to size and quote as
per solution requirement and factoring future
scalability for next 8 years.
Others OEM Manufacturing Authoriztion Form is
11 mandatory
6. OOB(MANGAGEMENT) SWITCH
Compliance
Sr. No. Product Specification
(Yes/No)
Hardware platform and architecture
Page 13 of 51
Switch should have 48 x 10/100/1000M ports and

minimum 4 numbers of 10/25G SFP28 or higher
uplinks ports, uplink ports should be populated with
4* 10/25G multirate SFP or higher (if OEM does not
1 have a SFP which supports 10 and 25G both, then 2
numbers of 10G & 4 numbers of 25G SFPs may be
supplied). The bidder has to supply all the neccsary
transreceiver, patch cords, and breakout cables from
day 1 either all of them or whichever is applicable
Switch should support non-blocking wire rate L2 and
2 L3 forwarding and switch should have minimum
throughput of 296 Gbps & 220 MPPS
Stacking and High Availability
Switch should support stacking/MLAG to support
POD/STACK of minimum 5 switch. Necessary ports
3 must be available from day-1. If Stacking modules is
proposed then stacking modules along with required
cables should be supplied
The stack/POD should support all active forwarding
4
on the uplinks and interconnecting links
Minimum 25Gbps of bandwidth should be available
5
per device within POD/Stack.
Shall support modern modular operating system
6 supporting fault isolation with stateful repair and live
patching.
Switch should support redundant Power Supply and
7
redundant Fans
L2 and L3 features
Switch should support 64K mac address, MSTP, per
8
vlan RSTP, LLDP, LACP and private-vlan
Switch should support Layer-2 interface, SVI and L3
9
sub-interfaces
10 Should support 9K Bytes jumbo frames
Switch should support static routing, dynamic
11
routing with ISIS, OSPF and BGP, VRRPv3 and VRF
Switch should support Bidirectional forwarding
12
detection, unicast-RPF, policy based routing and GRE
should support latest IETF open standard for
VXLAN+EVPN with support for routed multicast,
13
multihoming, distributed anycast gateway and
symmetric routing.
14 should support PIM-SM, PIM-BiDir and anycast-RP
15 Should support up to 12K IPv4 routes
16 Should support up to 4K IPv6 routes.
QoS and Security
Device should support port ACL to filter traffic based
17
on L2, L3 and L4 parameters
Page 14 of 51
Switch should support root guard, loop guard and

18
bridge assurance
7. API GATEWAY
Compliance
(Yes/No)
Design APls, gather developers' feedback before
1
implementing
Design from the publishing interface or via importing
2
an existing Swagger 2.0 definition
Deploy a prototyped API, provide early access to APls,
3
and get early feedback
Mock API implementation using JavaScript or similar
4
convenient scripting language
Supports publishing SOAP, REST, JSON, and XML style
5
services as APls
TCP/IP adaptors support. Legacy protocols can be
6
supported using custom TCP/IP adaptors
API manager should support custom adaptors based
7
on service standards such as OSGi or similar standards
Supports grouping of multiple APls based on the
8
version, Category etc.
Publish APls to external consumers and partners, as
9
well as to internal users
Ability to publish APIs to a selected set of gateways in
10
a multi-gateway instance environment
Support enforcement of corporate policies for actions
11 like subscriptions, application creation, etc. via
customizable workflows
Manage API visibility and restrict access to specific
12
partners or customers
Manage API lifecycle from cradle to grave: create,
13
publish, block, deprecate, and retire
Publish production and sandbox keys for APls to
14
enable easy developer testing
Manage API versions and deployment status by
15
version
16 Support custom lifecycles
Apply security policies to APls (authentication,
17
authorization)
Rely on OAuth2 standard for API access (implicit,
18
authorization code, client, SAML)
19 Restrict API access tokens to domains/Ips
Page 15 of 51
In-built Key Management features - application

20
registration, token generation & token validation
Supports plugging in third-party key servers for
21 application registration, token generation & token
validation
Configure Single Sign-On (SSO) using SAML 2.0 for easy
22
integration with existing web apps
23 Provision API keys
Subscribe to APls and manage subscriptions on per-
24
application basis
Subscriptions can be at different service tiers based on
25
expected usage levels
26 Test APls directly from the web console
27 View API consumer analytics
28 Support to act as SSL termination point
Track consumer analytics per API, per API version, per
29
tiers, and per consumer
30 Monitor SLA compliance
31 Alerting, real-time dashboards
32 Publish own events and create own dashboards
OOB support for events based on throttling, faults,
33
latency within and from gateway to target
34 REST API with an extensible security mechanism
Role-based access control for managing users and
35
their authorization levels
Governance Features:
Access and manage assets via a REST API, supporting

36 the integration with enterprise initiative such as
DevOps
Describe relationships between assets such as
37 dependencies, usage or associations and perform
impact analysis
Attach custom life cycle to assets and engage custom
38 actions when an asset transitions from one state to
the next
Store different type of data or metadata as resources
39 including contracts, models, workflows, WSDLs, Word
documents, server configurations and more
Revisions, versions with check pointing and rollback
40
for any resource or resource collections
Customizable dashboards that give users an at-a-
41
glance view as well as details
Real-time alerts (email, sms, push notification,
42 physical sensor alarms, etc.) for instant condition
reporting
43 Expose event tables as an API
Page 16 of 51
Expose Data Source as Web Services or REST Resources

- Supported data sources: RDBMS, CSV, Excel, ODS,
44 Cassandra, Google Spreadsheets, RDF, Web page via
Odata
- Supported databases: MSSQL, DB2, Oracle,
45 OpenEdge, Teradata, MySQL, PostgreSQL/Enterprise
DB, H2, Derby or any database with a JDBC driver
- Supported transports: HTTP, HTTPS, JMS, SMTP, FTP,
46
FTPS, SFTP and TCP
47 - Support for both JSON and XML media types
48 - Built-in validators for standard data types
49 - Customizable validators via Java extensions
API management platforms provide documentation,
50 security, sandbox environment, backward
compatibility, high availability, etc.
API management platforms provide usage reporting.
51
Analytics will provide information about API traffic.
General functions which API management tools
provide are listed below:
· Protection of API from getting misused.
· Memory management.
· Traffic monitoring.
52 · Automating and controlling the connection of
APIs and the applications which are using the APIs
· Ensuring the uniformity in multiple API
implementations and versions.
· Provide application security by detecting
vulnerabilities in the code or during run-time
8. HSM
Must Support encryption, digital signing, key generation and
1
protection
Must Support load balancing, failover and High availability within the
2
same cluster of HSMs
Must have an ability to provide a secure environment for running
3
sensitive applications within HSM boundaries
Support for Asymmetric algorithms: RSA, Diffie-Hellman, ECMQV,
4
DSA, ECDSA, ECDH, Edwards (Ed25519,Ed25519ph)
Support for Symmetric algorithms: AES, Arcfour, ARIA, Camellia,
5
CAST, Triple DES, SEED, Tiger HMAC
Support for Hash/message digest: MD5, SHA-1, SHA-2 (224, 256, 384,
6
512 bit), HAS-160, RIPEMD160, SHA-3
Page 17 of 51
Full Suite B implementation with fully licensed ECC, including

7
Brainpool and custom curves
Supported OS - Windows, RHEL, SUSE, Oracle Ent. Linux, Solaris
8 (SPARC), IBM AIX, HP-UX and major cloud service providers running
as virtual machines or in containers
Support for Containerization environments - Kubernets, Docker,
9
Openshift
Supported APIs - PKCS#11, OpenSSL, nCore, Java (JCE), Microsoft
10
CAPI and CNG, Web Services Crypto API
11 Networking - Dual Gigabit Ethernet ports
Security Compliance - FIPS 140-2 Level 3 certified appliances, BIS
12
(India) for proposed model, BSI AIS 20/31 compliant
13 IPv6 certified and USGv6 Ready
Safety and Environmental standards - UL, CE, FCC, RCM, Canada ICES
14
RoHS2, WEEE
Must include field serviceable components like Fan, power supply
15
etc.
Must support Secure audit logging with an ability to generate signed
16
logs from device.
Must support Syslog diagnostics support and Windows performance
17
monitoring
18 Must support SNMP monitoring
19 Must support remote configuration and management.
There should not be any limit on no. of Keys to be protected by HSM
20
in accordance with FIPS 140-2 and CCA guidelines.
There should not be any limit on number of virtual partitions that
21 can be created in HSM and number of keys that can be managed per
partition. Each partition must support at least 2 FA.
Perfromnace - Preferable flexible scaling within the given range -
RSA (2048) signing - 300 TPS to scalable to 8000 TPS from Day One.
22 ECC (ECDSA 256) Signing - 1000 TPS to 12000 TPS
*The higher limit to be considered in absence of dynamic scaling
ability
Must support multiple and multi-level administration with Two
23
factor authentication using smart cards on the same HSM device.
Must support interactive front panel and full remote support for
24
configuration of HSM.
Application keys should be securely backed up at min. three
25 different locations other than DataCenter. Any extra hardware
required for the same should be included in the solution.
The HSM OEM should have FIPS 140-2 Level 3 certification on its own
26
name.
The HSM appliance and crypto card should be from the same OEM
27
only and not as a bundled or assembled device.
Page 18 of 51
The HSM should provide minimum 6 RSA 2048 key generations per
28
second.
Key Management Solution
Key Management Solution should provide a centralized management
1 console to control the lifecycle and permission of the keys using REST
API, Command Line Interface
KMS solution must be able to support at least Public cloud platforms:

2 Amazon Web Services (AWS), IBM Cloud, Microsoft Azure, VMware
Cloud (VMC) on AWS, Google Cloud Platform (GCP).
Must be able to support at least Hypervisor Platform: ESXi, AWS,

3
Azure, KVM, GCP
KMS solution must support at least Private cloud platforms: vSphere,
4
vCloud Air (OVH), VxRail, Pivot3, NetApp, Nutanix
Key Management Solution should include FIPS 140-2 Level 3 certified
network attached HSM with multi-factor authentication support. The
5
Network HSM and KMS should be from the same OEM to ensure
smoother integration.
Key Management Solution should support TLS 1.2 between all
6
registered clients
7 Key Management Solution should support KMIP 1.1 – 3.0
Key Management Solution should support High availability (HA)
8
support with active-active cluster (up to 8 KMS servers per cluster)
KMS solution must be certified and on the Certified KMS list for
9
VMWare
KMS solution should support for Hold Your Own Key (HYOK) with
10
AWS XKS and Google EKM
KMS solution must support for secrets vault usage for custom
11
applications. Custom applications using REST API based
KMS solution must support multitenancy for secrets vaults to
12 maintain separation of applications and groups/departments
managing the secrets.
KMS solution must support secrets type including credentials, API

13
keys, SSH keys, tokens, certificate private keys, and encryption keys.
14 KMS solution should support for SSH secret creation and storage.
Tokenization
1 The solution should support vault-less tokenization and not vaulted.
The solution should Pseudonymize and masks sensitive data while

2
maintaining data format.
The solution should support RESTful API to enable integration with
3 multiple
programming language environments.
Page 19 of 51
The solution should support multiple character sets, (including

alphanumeric, numeric, Chinese, Japanese, Korean, Thai, and
4
Vietnamese) and check digit algorithms (including credit card luhn
algorithm check, national ID/ passport number)
The solution should support OpenAPI Specification (OAS) integration
5
and highly-scalable microservices architecture
The tokenization solution should support strong key protection using
6 FIPS
140-2 Level 3 HSM.
The solution should support mutiple platforms like Windows and
7
Linux.
8 The solution should support high availability.
The solution should provide Data Masking capability where users and
9 processes need to export data to third parties where sensitive
information can be masked for privacy purposes.
The solution should provide detailed logging of common operations

(e.g. tokenization, de-tokenization, masking, etc.) as well as audit
10
logging for critical operations (e.g. failure attempt or amending
tokenization settings).
9. EMS-NMS
Compliance
(Yes/No)
Network Management Software is a graphical network monitoring
and management tool providing integrated fault, performance
1
Monitoring, Configuration & compliance Management together in
one tool.
Should automatically create a complete topology map for switches,
2
firewalls and wireless Access Points (APs), Camera etc.
Should Facilitate simple management of many, or all, network
devices at once. It should monitor up-to- date network status, and
3
provides actionable reporting for the timely resolution of any
network problems.
Support add intuitive usability, with an overview dashboard,
4
simplified navigation and more network information.
Should automatically-generated network topology map show a
5
device list, and gives the ability to search for specific devices.
Should have Status display for all devices alerts users of any
6
problems.
Should provide direct connectivity to one, many, or all devices for
7
configuration updates.
Page 20 of 51
Should provide management of device backup and firmware

8
upgrades.
9 Should be additional wireless APs can be registered and configured.
Should support comprehensive log management and should have

10 the feature of bi-directional integration between proposed EMS and
log Management Software
Comprehensive event log provides network issue resolution.
11 Solution should be inclusive with hardware, OS, patches, database,
and any other licenses for their monitoring etc.
The solution should be scalable to meet the requirement for the
12 entire project period. And the cost for scalability for the period of
the project should be built in.
The proposed EMS Software should be SNMP v1, v2, v3 and MIB-II ,
13
FIPS140-2 /CIS compliant or equivalent.
The proposed Helpdesk tool must be certified on at least 6 or more
following ITIL v4 processes: Incident management, Problem
Management, Change Management, Knowledge Management,
14
Service Level Management, Service Asset and Configuration
management, Service Catalogue and Request Fulfilment, etc. The
certification copy to be submitted.
Filtering of events should be possible, with advance sort option
15 based on components, type of message, time etc. Automated trend
analysis of unstructured data.
16 Should support Web / Administration Interface.
Should provide accessibility to database of the EMS via the
17
Application GUI.
Solution should be open, distributed, and scalable and open to third
18
party integration.
Should provide fault and performance management for multi-
19
vendor TCP/IP networks.
Should be able to provide secured windows-based consoles
20
/secured web-based consoles for accessibility to EMS.
Should have web browser interface with user name and Password
21
Authentication.
Administrator/ Manager should have privilege to
22
create/modify/delete user.
23 Support discriminated polling.
Should be able to update device configuration changes such as re-
24
indexing of ports.
Should be able to get fault information in real time and present the
25 same in alarm window with description, affected component, time
stamp etc.
Should be able to get fault information from heterogeneous devices
26
— routers, switches, servers etc.
Page 21 of 51
Event related to Servers should go to a common enterprise event

27 console where a set of automated tasks can be defined based on the
policy.
Should have ability to correlate events across the entire
28
infrastructure components of Data Centre.
Should support automatic event correlation in order to reduce
29
events occurring in Data Centre.
Should support advanced filtering to eliminate extraneous data /
30
alarms in Web browser and GUI.
Should be configurable to suppress events for key systems/devices

31
that are down for routine maintenance or planned outage.
Should be able to monitor on user-defined thresholds for warning/

32 critical states and escalate events to event console of enterprise
management system.
Should be able to document connectivity changes that were
33
discovered since the last update.
Should provide out of the box root cause analysis with multiple root
34
cause algorithms inbuilt for root cause analysis.
Should have self-certification capabilities so that it can easily add
35
support for new traps and automatically generate alarms
Should provide enough reports pertaining to asset and change
36 management, alarms and availability of critical network resources as
well as network response times for critical links
The proposed EMS solution should be an integrated, modular and

scalable solution from single OEM with single support function
across all the modules (i.e. all Network Monitoring, server
Monitoring including application and database monitoring, Log
37 Management and Service Management tools should be from single
OEM) to provide comprehensive fault management, performance
management, traffic analysis and business service management, IT
service desk\ help desk \trouble ticketing system & SLA monitoring
functionality.
Should provide an integrated performance view for all the managed

systems and networks along with the various threshold violations
38
alarms in them. It should be possible to drill-down into the
performance view to execute context specific reports
Should provide the following reports for troubleshooting, diagnosis,
39 analysis and resolution purposes like Trend analysis, utilization,
forecasting reports or equivalent etc.
Should be able to auto-calculate resource utilization baselines for
40 the entire managed systems and networks and allow user to set
corresponding upper and lower threshold limits
Should provide accurate discovery of layer 3 and heterogeneous
41
layer 2 switched networks for Ethernet.
Page 22 of 51
42 Manual discovery can be done for identified network segment.

Should be able to discover links with proper color status
43
propagation for complete network visualization.
Should support dynamic object collections and auto discovery. The

44
topology of the entire Network should be available in a single map.
Should give user option to create his /or her map based on certain
45
group of devices or region.
Should provide custom visual mapping of L2 and L3 devices
46
connectivity and relationships.
Should monitor various operating system parameters such as
47 processors, memory, files, processes, file systems etc. where
applicable on the servers to be monitored.
Provide performance threshold configuration for all the
agents/monitors to be done from a central GUI based console that
48 provide a common look and feel across various platforms in the
enterprise. These agents/monitors could then dynamically
reconfigure them to use these threshold profiles they receive.
Should be able to monitor/ manage large heterogeneous systems
49
environment continuously.
50 Should monitor / manage following
50.1 Event log monitoring
50.2 Virtual and physical memory statistics
50.3 Paging and swap statistics
50.4 Operating System
50.5 Memory
50.6 Logical disk
50.7 Physical disk
50.7 Process
50.8 Processor
50.9 Paging file
50.1 IP statistics
50.1 ICMP statistics
50.1 Network interface traffic
50.1 Cache
50.1 Active Directory Services
Should be capable of view/start/stop the services on windows
51
servers
51.1 Unix / Linux
51.2 Should monitor with statistics
51.3 CPU Utilization, CPU Load Averages
51.4 System virtual memory (includes swapping and paging)
51.5 Disk Usage
51.6 No. of nodes in each file system
51.7 Network interface traffic
Page 23 of 51
51.8 Critical System log integration

51.9 IIS / Tomcat / Web server statistics
51.1 HTTP service
51.1 HTTPS service
51.1 FTP server statistics
51.1 POP/ SMTP Services
51.1 ICMP services
Database Services – Monitor various critical relational database
52 management system (RDBMS) parameters such as database tables /
table spaces, logs etc.
53 Should able to generate reports on predefined / customized hours.
Should be able to present the reports through web and generate

54
―pdf‖ / CSV / ASCII reports of the same.
Should provide user flexibility to create his /or her custom reports
55
based on time duration, group of elements, custom elements etc.
Should provide information regarding interface utilization and error

56
statistics for physical and logical links.
Should create historical performance and trend analysis for capacity
57
planning.
Should be capable to send the reports through e-mail to pre-defined
58
user with pre-defined interval.
Should have capability to exclude the planned-downtimes or
59
downtime outside SLA.
60 Should be able to generate all sorts of SLA Reports.
Should be able to generate web-based reports, historical data for
61 the systems and network devices and Near Real Time reports on the
local management console.
Should be able to generate the reports for Server, Application,
62 infrastructure services and Network devices in Data Centre
environment
63 Availability and Uptime – Daily, Weekly, Monthly and Yearly Basis
63.1 Trend Report
63.2 Top N report
63.3 Custom report
63.4 MTBF and MTTR reports
63.5 Device Performance – CPU and Memory utilized
63.6 Interface errors
63.7 Server and Infrastructure services statistics
63.8 Trend report based on Historical Information
63.9 Top N report
63.1 Custom report
63.1 SLA Reporting
63.1 Computation of SLA for entire Data Centre Infrastructure
Page 24 of 51
Automated Daily, Weekly, Monthly, Quarterly and Yearly SLA

64
reports
65 For reporting, required RDBMS to be provided with all licenses.
Should have enough Storage capacity should to support all reporting
66
data for the period of the Project
Should be able to receive and process SNMP traps from
67
infrastructure components such as router, switch, servers etc.
68 Should be able integrate with Helpdesk system for incidents.
Should be able to send e-mail or Mobile –SMS to pre-defined users
69
for pre-defined faults.
Should trigger automated actions based on incoming events / traps.
70
These actions can be automated scripts/batch files.
The Network Management function must monitor performance
71 across heterogeneous networks from one end of the enterprise to
the other.
It should proactively analyze problems to improve network
72
performance.
73 It should provide traffic management capabilities
The Network Management function should create a graphical
74
display of all discovered resources.
The Network Management function should have extensive reporting
75 facility, providing the ability to format and present data in a
graphical and tabular display.
The Network Management function should collect and analyze the
data. Once collected, it should automatically store data gathered by
76 the NMS system in a database. This enterprise-wide data should be
easily accessed from a central location and used to help with
capacity planning, reporting and analysis.
The Network Management function should also collect traffic
77 statistics on client/server sessions, which cross the LAN on which it
is running.
The Network Management function should also provide information
on performance of Ethernet segments, including capacity utilization
78
and error statistics for the segment and the top contributing hosts,
WAN links and routers.
Alerts should be shown on the Event Management map when
thresholds are exceeded and should subsequently be able to inform
79
Network Operations Center (NOC) and notify concerned authority
using different methods such as pagers, emails, etc.
It should be able to automatically generate a notification in the
80 event of a link failure to ensure proper handling of link related
issues.
The Systems and Distributed Monitoring (Operating Systems) of
81
EMS should be able to monitor:
Page 25 of 51
Processors: Each processor in the system should be monitored for

82 CPU utilization. Current utilization should be compared against user-
specified warning and critical thresholds.
File Systems: Each file system should be monitored for file system
83 space used, which is
compared to user- defined warning and critical thresholds.
Log Files: Logs should be monitored to detect faults in the operating
system, the communication subsystem and in applications. The
84
function should also analyze the files residing on the host for
specified string patterns.
System Processes: The System Management function should provide
real-time collection of data from all system processes. This should
85 identify whether an important process has stopped unexpectedly.
Critical processes should be automatically restarted using the
System Management function.
Memory: The System Management function should monitor
86
memory utilization and available swap space.
Event Log: User-defined events in the security, system, and
87
application event logs must be monitored.
EMS should integrate with the application software component of
88 portal software that measures performance of system against the
defined SLA in RFP along with following SLA parameters:
88.1 Response times of Portal;
88.2 Uptime of data center;
88.3 Meantime for restoration of Data Centre etc.;
EMS should compile the performance statistics from all the IT

89 systems involved and compute the average of the parameters over a
quarter and compare it with the SLA metrics laid down in the RFP.
The EMS should compute the weighted average score of the SLA
90 metrics to help in arriving at the quarterly service charges payable to
the Agency.
The SLA monitoring component of the EMS should be under the

91 control of the authority that is nominated to the mutual agreement
of Director the partner to ensure that it is in a trusted environment.
The Reporting and Analysis tool should provide a ready-to-use view

into the wealth of data gathered by Management system and
service management tools. It should consolidate data from all the
92 relevant modules and transform it into easily accessible business-
relevant information. This information should be presented in a
variety of graphical formats that can be viewed interactively (slice,
dice, drill- down, drill through).
Page 26 of 51
The tool should allow customers to explore the real-time data in a

93 variety of methods and patterns and then produce reports to
analyze the associated business and service affecting issues.
The presentation of reports should be in an easy to analyze
graphical form enabling the administrator to put up easily
summarized reports to the management for quick action
94
(Customizable Reports). The software should be capable of
supporting the needs to custom make some of the reports as per
the needs of the organization.
Provide Historical Data Analysis: The software should be able to
provide a time snapshot of the required information as well as the
95
period analysis of the same in order to help in projecting the
demand for bandwidth in the future.
Management layer should provide ability to determine which part of
96
application is creating performance issue.
97 Ability to determine network roundtrip times of your user groups.
98 Ability to do usage trend analysis.

Effective service level management: Service levels are important
measures of business performance. The management layer should
provide the right measures for the service level agreements for
business continuity and operational efficiency. It should monitor
99
service availability, performance, usage, measure availability and
performance from representative key user locations, determine root
cause and impact of service failures on overall service level
agreement.
Application performance management: The management

framework should help in enhancing system performance and
100
reliability of the system to ensure improvement in the overall
operational efficiency.
Proactive monitoring: The management framework should provide

101
for proactive, unattended monitoring of the database system.
Configuration and patch management: Management platform must

provide a tool which tracks and analyzes hardware, database, OS
and application server software configurations and lowers the cost
102
of complex operations such as applying software patches, enforcing
operational policies and cloning core IT infrastructure systems (such
as databases and application servers).
Heterogeneous platform Monitoring support: The management

platform must provide support to monitor multiple middle tier
103
application servers, multiple database servers, multiple directories
servers, multiple Operating Systems and multiple firewalls.
Page 27 of 51
The Helpdesk system should provide flexibility of logging incident

104
manually via windows GUI and web interface.
The web interface console of the incident tracking system would
105
allow viewing, updating and closing of incident tickets.
The trouble-ticket should be generated for each complaint and given
106
to asset owner immediately as well as part of email.
Helpdesk system should allow detailed multiple levels/tiers of
107
categorization on the type of security incident being logged.
It should provide classification to differentiate the criticality of the
108 security incident via the priority levels, severity levels and impact
levels.
It should maintain the SLA for each item/service. The system should
109 be able to generate report on the SLA violation or regular SLA
compliance levels.
It should be possible to sort requests based on how close the
110
requests are to violate their defined SLAs.
111 It should support work shifts for SLA & automatic ticket assignment
It should support the holiday definition & SLA clock should stop on
112 holiday or non-working days. SLA clock should stop after the analyst
shift is over case of non 24x7 support environment.
It should allow the helpdesk administrator to define escalation
113 policy, with multiple levels & notification, through easy to use
window GUI / console.
System should provide a Knowledge base to store history of useful
114
incident resolution.
It should have an updateable knowledge base for technical analysis
115 and further help end-users to search solutions for previously solved
issues.
It should be able to provide web-based knowledge tools that
provides the flexibility to search based on filter noise words
116 methods, list the commonly used security knowledge article
methods and deduction methods using a series of questions and
answers.
It should the web-based knowledge tool would allow users to
117 bookmark their favorite security knowledge articles for quick
references.
The knowledge tools should provide grouping access on different
119
security knowledge articles for different group of users.
Proposed Helpdesk solutions should provide seamless bi-directional
120 integration to generate events/incident automatically between EMS
and Log management solutions.
It should be able to provide detail asset information on hardware
121 and software inventory through seamless integration with asset
management software.
Page 28 of 51
Each incident could be able to associate multiple activity logs entries

122 manually or automatically events / incidents from other security
tools or EMS / NMS.
123 Allow categorization on the type of incident being logged.
Provide classification to differentiate the criticality of the incident
124
via the priority levels, severity levels and impact levels.
Provide audit logs and reports to track the updating of each incident
125
ticket.
The proposed EMS must be an industry standard solution from an
126
OEM that is ISO 27001 & ISO 9001 certified.
It should be possible to do any customizations or policy updates in
127
flash with zero or very minimal coding or down time.
It should integrate with Enterprise Management System event
128 management and support automatic problem registration, based on
predefined policies.
129 It should be able to log and escalate user interactions and requests.
It should support tracking of SLA (service level agreements) for call

130
requests within the help desk through service types.
It should be capable of assigning call requests to technical staff
131 manually as well as automatically based on predefined rules, and
should support notification and escalation over email, web etc.
It should provide status of registered calls to end-users over email
132
and through web.
The solution should provide web-based administration so that the
133
same can be performed from anywhere.
It should have customized Management Reports for senior
134
executives with live reports from helpdesk database.
It should have an integrated CMDB for strong Change Management

135
capabilities. Should integrate with existing Helpdesk deployed.
CMDB should populate the relationship between CI (Configuration

136
Items)
The EMS OEM must be an industry standard, enterprise grade
137
solution available in India Market for last 3 years.
10. APM-SPECS
Compliance
Sr.No Specificaitons
(Yes/No)
Generic Monitoring Capabilities
Software should be able to act as the single place to analyse multiple types of Technology
1 Operations data (across Business Transactions, Business Applications and IT
Infrastructure)
Page 29 of 51
Software solution should be able to monitor real user business workload (transactions)
within the data center & at end user level.
2
o Volume (Overall & Individual type)
o Response Time
o Performance / Status
Software solution should be able to monitor various channel transactions hitting from
3
other dependent applications through different interfaces.
Software solution should be able to collect & monitor the time series data around
o Application performance metrics for web, app, middleware and DB type components
for all popular technologies
o Metrices for JVM / JMX based health & performance
4
o IT Infrastructure performance metrics for host-based or cloud native infrastructure
o Configuration Changes
o Critical System and application logs
o Errors and exceptions in Applications
o Critical Network parameters within Application Infrastructure
Software solution must extend API’s / connectors to configure and ingest application
specific custom KPI (like Tablespace, diskspace, connectivity, port status, connection
status, ping status, service availability e.t.c.) for specific application environment
5 parameters, which are critical to complete the end-to-end monitoring solution. This is to
prevent or minimize proliferation of agents or data collection agents within the same
component. Such Conenctors should be able to ingest the data from other existing
monitoring tools also.
Software should provide flexible options to source / discover and maintain application
deployment architecture data on application topology and dependencies
o Software should include tools / agents to perform initial discovery of dependencies in

host-based infrastructure
o It should be possible for the software to import application topology or dependency

6
data from 3rd party CMDB or Discovery tools
o Software should also have pre-built capability to perform ongoing discovery of new
dependencies.
o For Cloud Native infrastructure, the software should have the necessary integrations
with popular tools (like Kubernetes) to maintain application topology data.
Solution should support monitoring of all standard OS like Windows, AIX, Linux, HP-UX,
7
Solaris etc.
Page 30 of 51
Solution Should support monitoring of standalone programs built on Java, C, Node.js,

8
Angular.JS etc
Should support all major software like IBM WAS, MQ, TOMCAT HTTP
9
Server, WebLogic, Oracle DB, .NET etc
Transaction & Deep Dive Monitoring Capabilities

Software should provide code level diagnostics (class & method-level visibility) of poorly
10
performing business transactions.
11 Software should identify slow SQL queries and corelate with calling application code
12 Identify deadlocks at Database

Analytical (Machine Learning) Capabilities
Software should be able to perform simultaneous learning of workload patterns seen by

13 business applications, as well as corresponding IT Operations Performance (behavior)
data exhibited by the application components and underlying IT Infrastructure
Software should be able to use this learning to build and maintain smart workload-linked
14 capacity models. Such models must use a business transaction linked baseline of capacity
usage levels seen for business applications
Software should be able to use workload-linked capacity models to generate predictive

15
scenarios on capacity throttle points, based on simulated growth in business transactions
Software should use workload linked capacity models to predict upcoming capacity
16
throttle points based on trends seen in workload growth
Software should highlight underutilized parts of distributed business applications using

17
such workload-linked capacity models
18 The tool should have the capability to reduce the noise in the alerts & point the IT team
to the right root event / deviations having critical impact on the IT environment which can
cause downtime.
19 Software should Automatically baseline all critical metric measured by the solution.
To save time and risk of erroneous configuration, software should have the capability to
use machine learning based methods to automatically detect anomalies without requiring
rule configurations or manual thresholds based methods
20
o In case required, software should provide capabilities for data scientists to tune
hyperparameters of models used for the purpose.
Page 31 of 51
o In situations where machine learning based approach may not give desired results, for
specific performance metrics, if desired by the operations teams, Software should also
provide for rule based methods to override Machine Learning based methods
Software should provide capabilities to manage the alert flood that is possible by machine
21
learning based methods to generate anomalies on application performance.
To cut the time taken to pinpoint hotspots, software should use causation models to
transform the alert flood into timelines of possible causes and symptoms.
o Such causation models should utilize dependency maps of internal components of

business applications
22
o Such causation models should utilize pre-built and purpose-packaged knowledge on
specific components across the application stack
o Software should have provision for updating such pre-built knowledge in causation
models
Software should have models for unified operations intelligence, so that related
23
anomalies can be highlighted together, and across the silos of operations
Software should use Machine Learning models in pluggable or modular way so that the
24 models can be updated separately without requiring high cost and time-consuming
update to entire deployment.
Troubleshooting and Root Cause Analysis Capabilities
Performance problems highlighted by the software solution should carry adequate

actionable information – as may be desired and/or configured - such as the suspect KPI or
25
problem layer (Web, App, or DB) to enable faster MTTR (Mean Time To Restore) as well
as faster MTTI (Mean Time to Isolate)
Proposed Solution should highlight application/infrastructure configuration changes as

26
part of incident management and RCA.
Proposed Solution should utilize ML based method to analyse real user workload,
27 resultant IT Operations Performance data, and inter-service dependencies to anticipate &
identify transaction performance issues in real time.
Proposed solution should suggest probable suspected “Root Cause” for application wide
problems. Root Cause suggestions should be such that application operation team can
28
use them as starting point to save the time taken to pinpoint where the problem may
have started.
Proposed solution should be able to improve its “Root Cause” suggestions by machine
29
learning pattern of systems.
Page 32 of 51
Solution should utilize pre-built Machine Learning (ML) models to intelligently link
30 together multiple related incidents to identify an application wide problem that is
impacting real user business transactions.
Self-Healing & other Cognitive Capabilities
Software should provide a Single visualization of the entire application topology with all
31
components & services with inter dependencies.
Proposed solution should have internal diagnostics for self-health monitoring & self-
32 healing capabilities like self-kill and self-restart to minimize the impact on monitored
application as well as ensure continuous monitoring is not impacted
Software should have the capability to provide action triggers whenever machine learning
33
models detect anomalies in application performance
Software should have the capability to use the triggers generated by anomaly detection
models to collect just-in-time additional diagnostics data
o Software should come pre-built with scripts to collect useful diagnostic data, and these
34
scripts should be pre-wired to use triggers generated by anomaly detection models
o Software should include a secure extension mechanism where administrators can also
provide their own scripts for collected custom types of just-in-time diagnostics data
Software should have the capabilities to use the triggers generated by anomaly detection
35
models to initiate automatic healing actions.
Software should not necessarily include any pre-wired automatic healing actions, but
36 should definitely provide a clear documentation and scripting environment for
administrators to write and provide their own healing actions
Software should be able to use historic data on workload, and performance exhibited by
37
application and underlying IT Infrastructure to build Workload Surge prediction models.
Software should provide the feature for admins to write scripts that can be wired to run
38
for action triggers provided by such Workload Surge Prediction Models.
Application Visibility & Control Capabilities
Software should provide a Single visualization of the entire application topology with all
39
components & services with inter dependencies.
Software Solution should act as the single repository of time series data on real user
40 business workload as well as IT Operations performance data for creating new Machine
Learning models using the same repository.
Page 33 of 51
Software solution should extend single UI incorporating Analytics dashboards and APM
41
dashboards.
Software while spotting slowdown in business transactions, should present all-in-one-

place summary of the Issue, with an approach to all information and troubleshooting
assistance in a single pane of glass as an Suggestive RCA, like:
o A clear mention of business transactions that are impacted.

42
o A simple timeline of all incidents or anomalies as appropriate.
o Starting points for experts to start their root cause analysis, as Visual RCA feature
o All just-in-time additional diagnostics that may have been collected
End User Experience Monitoring

43 Support for modern desktop browsers
44 Support for mobile browsers
45 Monitor all page requests
46 Monitor all AJAX requests
47 Full support for monitoring single page applications properly
48 Automatically detect JavaScript errors
49 Display response time on Geo Map
50 Provide usage based analytics showing browser types and versions
51 Provide usage based analytics showing device and OS types
The Proposed Solution must have capability to clearly project the problem cause by
52
the JavaScript was due to incompatibility of browser or JavaScript code error.
Mobile EUM Capabilities

53 Support for hybrid or native mobile applications
54 Support for mobile browsers
55 See mobile app performance, http errors, and network error information
56 Track crashes and exception
57 Provide usage and performance analytics based upon device type
58 Provide usage and performance analytics based upon OS type
59 Provide usage and performance analytics based upon OS version
60 Provide unified user interface for mobile and server diagnostics
61 Provide Device and Carrier metrics
62 Display response time status on Geo Map
63 Alert based upon deviation from normal behaviour for mobile metrics
67 Should be able to collect mobile analytics data using uni-directional connection to cloud
using purchaser provided internet connection.
Advance ML analytics for ITSM Integration
Page 34 of 51
68 The proposed tool should have the capabilities to integrate with ITSM tools to -
1. Extract the events / alerts using API"s / connectors

2. Correlate the extracted events for acccurate causation analysis
3. Rank Alerts /events appropriatetly so that right Alerts can be hightleted to Opreations
Team for taking right discisions / actionalble
4. Reduce redudency by highlighting alert similarities for faster solution identifications

5. Suggest Quick fix actionables
E Technical Preference / Eligibility Criteria
E1 The solution should be implemented and operational in at least 3 Govt/PSU/Indian banks.
The Software OEM should have presence in India – both development & support center –
E2 to help address issues on time and proven track record of providing APM solutions in the
Indian Banking industry for over 7 years at least,
Indian Govt norms under “Make in India” initiatives will be applicable, please refer
E3
annexure.
Bidder should provide proof that the proposed APM solutions has been monitoring at an
E4 Indian Govt/PSU/bank with at least 2000 branches & minimum transaction load of 1000+
Transactions per second overall in that environment.
11. INTERNAL FIREWALL

Sl. No. Product Specification Compliance
The OEM must have been evaluated with AAA rating in 2021
1 report with a block rate of more then 99% for Enterprise
Firewall Segment by CyberRatings.Org
OEM must have TAC support Center in India .The firewall

shall achieve the following industry recognized security
2 certification standards:
1. FCC part 15,CE, EN55022,EN55024
2. FIPS 140-2
3. IPv6
NGFW solution should have the security features including
IPS,Application Awareness,Anti-Bot, DDOS prevention, Anti-
3 Malware, AETs including routing features to be managed
from the same Central console.
On Premise Central Management Console

4 appliance/software/vm to be provided which should support
high availabilty from Day1 with atleast 1 TB HDD
The solution should come with a web based administration
5
interface or GUI console.
Page 35 of 51
6 The appliance should support SNMP ( V1 , V2 and V3 ) to

monitor the system Health like load etc
Solution must allow segmentation of the Management

environment into multiple virtual domains. Each domain
7 Admin in its virtual domain should only be able to see its
respective Appliances and its policies & not for other
domains, This functionality to be provided in future if
required with the license addition
Soultion must support Documented API enabling easy third-
8 party product and service integration Using REST
architecture where data can be XML or JSON coded
9 Solution must be able to define the Custom roles in addition

to predefined roles (e.g., Owner, Viewer, Operator,Editor,
Super User) to control permissions flexibly and accurately
10 Solution must allow administrator to forward alerts from the

system using email, SNMP trap and custom scripts
Log Servers must be able to monitor third party devices.Log

server must recieve SNMP statistics information, NetFlow
(v5 and v9) and IPFIX data from third-party devices. Admin
11
must view this information as part of his Overviews or
create reports based on the received data.From day 1
solution should be able to monitor minimum 10 appliances
and in future with a simple license upgrade solution should
be able to monitor upto 50devices
The Solution must be able to generate report in PDF/HTML

Formats for all the Security Fuctionalities including IPS,
12 AV,ABOT,Evasions and Applications , And should be able to
export logs in csv format. Log Sever should be able to send
the logs to SIEM solution of the organisation and
implementation of the same should be done from day1.
The Solution must be ble to support 10 Virual Contexts from
13 day-1 and should be scalable to 100 in future with additon of
license if required
The Solution must be able to create live overviews of VPN
tunnel traffic including Jitters, packet loss and
14 Latencies,QOS,ISP usage and Application usage per VPN
Tunnel. And also there not be any license dependencies on
the client to site VPN count supported.
The NGFW device must be non-ASIC based and should have
Multi core architecture to mitigate against the sophisticated
15 threats. If option to disable ASIC is there than OEM must
mention the performance numbers in datasheet ( without
ASIC )
Page 36 of 51
The Firewall appliance should include the ability to support

16 high availability of different model /appliances and versions
within the same HA cluster
The NGFW should Support L3 protocol functionality like
17 Static Routes,OSPFv2/OSPFV3,BGP V3/V4,Policy Based
routing ,Tunneling and NAT from day of connectivity.
18 The NGFW should Support IPv4 and IPv6 from day one.
Solution should suppot NAT66 , NAT44 and PAT from day 1.
The solution should support IPv6 capability including Dual
19 stack IPv4/IPv6, ICMPv6, DNSv6,IPv6 static, SLAAC, DHCPv6
relay
The firewall shall support minimally 5 independent ISP/WAN
20 connections concurrently and the ability to combine
multiple ISP/WAN link. (not just active/standby)
The solution must be able to support 7000+ Applications for

21 better control and visibility throughout the environment so
that solution should be able to understand applications like
4sync,4tube,bizible,facebook,youtube etc
Solution must support client based agent to check the

security posture of endpoints and must be able to employ
policies basis the attributes.Policy must be defined on NGFW
22 for discarding the user requests if AV is not updated,OS
version is Obsolete, Load on Endpoint is high or any users is
using the obsolete browsers and should not have any
dependencies on the number of client supported & there is
should not be any license attached to it.
The solution must support high availability and load

23 balancing between multiple ISPs, including VPN
connections,Multi-Link VPN link aggregation, QoS-based link
selection,admin should be able to manipulate the sensitivity
of an application based on jitter,packetloss & latency
VPN capabilities in solution must support
• Policy-based VPN, flexible route-based VPN including
within customer domains
24 • Hub and spoke, full mesh, partial mesh topologies
• Multi-Link fuzzy-logic-based dynamic link selection
• Multi-Link modes: load sharing, active/standby, link
aggregation
25 The solution must be able to perform priority queuing in

order to prioritize packet flows for each traffic class.
Page 37 of 51
Solution must support Full-Steam Deep Inspection, Anti-

Evasion Defense, Dynamic Context
Detection, Protocol-Specific Traffic Handling/Inspection,
Granular Decryption of SSL/TLS Traffic,
26
Vulnerability Exploit Detection, Custom Fingerprinting,
Reconnaissance, Anti-Botnet, Correlation, Traffic Recording,
DoS/DDoS Protection, Blocking Methods and Automatic
Updates
27 Firewall Services with Access Lists and Time based Access

lists to provide supervision and control.
Firewall for statefull blocking,Anti-Spoofing, IP Reputation,
28 Geo-Protection, Dropping Invalid Connections
29 The NGFW may support DDoS functionality and protect

DDOS attack like UDP Flood, Ping of Death.
The Firewall must support configuration rollback feature to
30 detect and recover from software and configuration errors
by reverting back to previously active software or
configuration.
The solution should support deep inspection of double-
31 tagged VLAN (QinQ) traffic with layer 2 interfaces in inline or
capture mode
IPS must deliver more than 10000 fingerprint situations for

32 detecting exploit attempts against known vulnerabilities in
protocol specific tcp/upd port number
IPS/ Anti-Bot must employ the below inspection
technologies
1. Multilayer traffic normalization
2. Vulnerability-based fingerprints
33 3. Evasion and anomaly logging
4. Decryption-based detection
5. Message length sequence analysis
34 The IPS/Anti-Bot must be able to detect botnets based on

signatures, cipher algorithms and analyst of communications
channels C&C with bigger granularity of geolocation
Solution must support SSH Proxy to restrict the types of
traffic and the commands that can be used with
35 SSH connections.For example, you can use the SSH Proxy to
block port forwarding or to restrict the commands allowed
in file transfers using the SSH protocol
Solution must support FTP and DNS Proxy to restrict the
36 types of traffic and the commands that can be used with
DNS and FTP connections
Page 38 of 51
The proposed solution VPN links that are used for Multi-Link
traffic from applications and protocols, and traffic associated
37 with QoS classes automatically selected based on quality
metrics defined for the network applications, protocols, and
QoS classes.
38 Solution should support RFC 7383 Fragmentation support for

VPN Client
39 Soluton should support Elasticsearch Integration.
40 Solution should support Custom script upload via Centralize

manager so that same script can be used on multiple NGFW
41 Solution should support Re-authentication when using

browser-based user authentication
Any of the asked functionality not supported within the
42 same appliance then equalant solution to be provided from
day 1
The Appliance must handle the Next Generation throughput
43
of minimum 15 Gbps
Appliance should deliver 75 Gbps of IPSEC AES-GCM-256
44
throughput from day 1
Appliance should deliver minimum 5 Gbps of TLS inspection
45
throughput
The Appliance should have minimum 8* Rj45 , 8 * 10 Gig
SFP+, interfaces to be provided from day 1, and should have
46 also minimum 1 additional Slots to add 2x 40G QSFP+ ports
in future if required
The Appliance should support Concurrent Sessions of 65
47
Million
The Appliance should support minimum New TCP
48 Connections/sec of 700K
12. HIPS
Compliance
(Yes/No)
Protect against distributed DoS attacks and have the
1. ability to lock down a computer (prevent all
communication) except with the management server.
Support stateful Inspection Firewall, Anti-M alware,
Deep Packet
2. Inspection with HIPS, Integrity Monitoring, Application
Control, and Recommended scan in single module
with agentless and agent capabilities
Page 39 of 51
Firewall rules should filter traffic based on source and

destination IP address, port, MAC address, etc. and
should detect reconnaissance activities such as port
3.
scans and Solution should be capable of blocking and
detecting IPv6 attacks and Product should support CVE
cross referencing when applicable for vulnerabilities.
Provide automatic recommendations against existing
4.
vulnerabilities
Host IPS should be capable of recommending rules
based on vulnerabilities with the help
5.
of virtual patching and should have capabilities to
schedule recommendation scan.
It has virtual patching of both known and unknown
6. vulnerabilities until the next scheduled maintenance
window.
Provide automatic recommendations against existing
vulnerabilities, dynamically
tuning IDS/IPS sensors (Selecting rules, configuring
7.
policies, updating poIicies)provide automatic
recommendations of removing assigned policies if
vulnerability no longer exists
Security Profiles allows Integrity Monitoring rules to
8. be configured for groups of systems, or individual
systems.
Should have pre and post execution machine Learning
9. and should have Ransomware Protection in Behavior
Monitoring.
Compliance with a number of regulatory requirements
10.
including PCI DSS, HIPAA, NIST, SSAE 16
Machine Learning: Analyses unknown files and zero-
11. day threats using machine learning algorithms to
determine if the file is malicious
HIPS Solution Should not has the need to provision
12. HIPS Rules from the Policy Server as the Rules should
be automatically provisioned and de provisioned
Automatically submit unknown files/suspicious object
samples with On-Premise
13. sandbox solution for simulation and create IOC's on
real time basis as per sandboxing analysis and revert
back to server security
14. Advanced Behavioral Analytics
15. Detection capabilities of network filtering
Monitor running processes, files and registry keys and
support multiple ranges of OS(Windows, Linux, Solaris,
16. Citrix, VMware, CentOS, SUSE etc.) with versions
(32Bit, 64 Bit, Windows Server 2008, 2012,2016, 2019
etc.)
17. Single Platform with multiple Dashboard view
Page 40 of 51
Enable Self - Defense and firewall capabilities with

18.
deep packet inspection
19. Enable Protected Service
20. Enable Advanced memory scanner
21. Antivirus and anti-malware
22. Anti-Ransomware
23. Intrusion prevention systems(I P S )
Traffic Analyses with capabilities of inter-VM level
24.
traffic
User-Friendly web-based Dashboard with a
25. summarized view of security-related events with
Prevention and detection mode option
Protection against vulnerable applications, including
26.
Database, Web, Email and malicious websites
27. Signature-bases detection
Support all IP protocols(TCP,UDP,IGMP etc.), frame
28.
types(IP, ARP etc.)
Centralize management for Physical, Virtual, and even
29.
on-cloud infra.
Zero Day protection with ISO compliance 9001,
30.
27001, 22301, 27034, PA-DSS, PCI and NIST.
13. FILE MONITORING

Compliance
(Yes/No)
Monitor Alter critical files related by reviews the current file against a
1 baseline
2 Reviewing the file logs.
3 Detecting a cyberattack on files
4 Stopping the breach before significant or costly damage is done
5 Identify vulnerabilities
6 Folder Monitoring
7 Monitoring particular folder
8 Create, Delete or Modify any particular Folder
9 Shared folder monitoring
10 Drive monitoring( file and Folder tracing)
11 Content awareness( Prevent file to move outside the network)
12 Read- Only Access Logs Capturing
File attributes monitoring, including file size, content, access settings,
13 privileges, credentials and configuration values.
Applying the cryptographic hash signature making it easy to detect file
14 updates and alterations.
Page 41 of 51
15 Monitoring, analyzing and verifying file integrity

16 Reporting purposes.
14. DMS
Compliance
Sr No. Product Specification Yes/No
The system should be platform independent and should
support both
1
Linux and Windows platform. It should support both
these platforms with or without virtualization.
The system shall support separate Document/Image
server for better management of documents and store
2
only metadata information in
database.
Support open, scalable, multi-tier architecture with each
3 tier fully independent with support for clustering.
Inter-operability - The systems must seamlessly
integrate with any or all of the existing legacy and Core
4
applications and shall support
interface with other open-standard systems.
The proposed System should support CI/CD Pipeline
6 and be available on Micro Services & Container based
architecture.
Document Management System
Document Scanning Features
Should provide an integrated scanning engine with
capability for centralized and decentralized Scanning &
Document Capturing. The scanning and document
1
management solution should be from same OEM so as
to provide an integrated solution right from capture to
archival of documents
The scanning solution should have the capability to
2 capture the document through mobile devices.
The mobile based document capture application and
3 scanning solution should be from the same OEM.
Should have a well-defined capture module for support
4 of document processing, validation, index building, and
image enhancements.
Should be able to support the capture of digital records
of at least the following formats:
5  Emails and attachments
 OCR documents
 Images - .tiff, jpeg, gif, PDF etc.
Page 42 of 51
The proposed solution should provide for automatic

correction of parameters like format/ compression not
proper, skew, wrong orientation, error in automatic
cropping, punch hole marks etc. during scanning. The
scanning solution should provide support for automatic
6 document quality analysis so that any bad quality
document doesn‟t get uploaded to the repository. There
should be an independent software quality check service
available as part of overall scanning solution which can
be used to audit scanned documents for resolution,
format/ compression, orientation etc.
Support all the special image enhancement functionality
7 offered by the scanner through the driver interface.
Solution shall support Bulk Import of image and
8
electronic documents
Should have capability of automatic segregation of
9 documents/records based on Barcode, Blank page,
Fixed page, and auto Form recognition
Should have the capability of scanning on Linux
10
platform.
Provide Image processing libraries that support image
enhancements such as changing contrast, zoom
11
in/out, cleaning etc. and other imaging features like
compression and extraction etc.
The software solution should include the Rubber band
feature for the extraction of the data using OCR
12 technology so that user can mark a zone on image at
runtime during scanning stage & map the extracted data
with the indexing field.
Scanning solution should be natively integrated with
Document & Records Management System and
13
Business Process Management
engine.
Enterprise Content Management system should
be in the Leaders‟/Challengers‟ quadrant of
14
Gartner Reports or appearing in Leaders/Strong
performers wave of Forrester wave
Architecture & Scalability
System should be platform independent and should
1 support both Linux and Windows for application server
Solution should have been built using server-side java
2
and J2EE technologies.
Solution should be multi-tier, web-based solution (having
web-based front-end for users and as well as for system
3
administrative functions) having centralized database,
web and application server with support for clustering
The system should store only index information in
4 database while images should be stored in separate file
server.
Solution should be compliant to ODMA, WebDav, CMIS,
5 BPMN 2.0, BPEL, WFMC open standards.
Solution should be available on Micro Services based
6
architecture.
Page 43 of 51
Archival of Electronic documents

The System shall support categorization of documents in
folders- subfolders just like windows interface. There
1
should not be any limit on the number of folder and
levels of sub folder
The System shall provide facility to link cross-related
2 documents like Application form and Field report,
Grievance and reply sent etc.
The system shall provide search facility to in the same
3 interface, so that users are able to search the documents
to be linked
The system shall support versioning of documents with
4 facility to write version comments
The system shall allow Locking of documents for editing
5 and importing it back into the system through check-
in/Check-out features
6 Repository should be format agnostic.
System should support configuration of verification
processes for different business types. It should be able
to handle multi-user environment for processing files
related to different business types. While processing a
7
file, all the data and images for each transaction should
be displayed to processing users and processing users
should
be allowed to accept, reject or send the files for review
Document View
The System shall support Applet for viewing Image
documents- No third-party viewers should be there for
1 viewing of scanned images. Please specify if third party
applets are used and the licensing terms together with
cost implication
Even for multi-page document. The download and view
2 should be page by page.
The system shall facilitate zoom-in/zoom-out, zoom
3 percentage and Zoom lens to zoom in on a part of image
and other image operations like Invert, rotate etc.
Support archival & view of PDF/A format documents
4 (open ISO standard for long term archival of documents)
Document view shall have the provision to draw a line,
5 insert arrows etc over image document.
The system should support viewing and rendering of
6 PDF/A documents in inbuilt viewer.
Document view shall have the provision to highlight or
7 hide certain text by drawing line rectangle and solid
rectangle.
The System shall support for viewing documents in
8
native application.
The system shall provide facility of putting text, graphic
9 and image annotations on scanned document pages.
The system should have mobile application for retrieval
10 and archiving of documents
Page 44 of 51
Annotations
The Image applet shall support comprehensive
annotation features
1 like highlighting, marking text, underlining, putting sticky
notes on documents, and support for text and image
stamps etc.
The system shall support automatic stamping of
2 annotations with user name, date and time of putting
annotations.
The system shall provide facility for securing annotations
3
for selective users.
The system shall store annotations as separate file and
at no time, the original image shall be changed. The
4
system shall provide facility of taking print outs with or
without annotations
Indexing
The System shall provide facility to index folders, files
1 and documents on user-defined indexes like
department, ministry, file number, year etc.
The system shall facilitate manual and automatic
2 indexing using OCR functionality or from other
applications
The System shall support Automatic full text indexing for
3
Text search
Search and Retrieval
The system shall provide extensive search facility to
1 retrieve documents or Folders/Files
The system shall support saving of search queries and
2
search results
The system shall support search for documents or
folders on
3 document or folder on profile information such as name,
created, modified or accessed times, keywords, owner
etc.
Security & User Management
The Document management system shall support
1 definition of Users, Groups and Roles relation in the
system
The system shall support access permissions on
2 Folders, documents and object level
The system shall support multiple levels of access rights
3 (Delete/ Edit/ View/ Print/ Copy or Download).
4 System shall support for application based rights
The system shall support system privileges like
5 Create/Delete Users, Define indexes etc.
The system shall support secure login id and passwords
6 for each user and passwords shall be stored in
encrypted format in database
Page 45 of 51
The system shall have a facility to define password

policy with extensive password validations like
passwords must be of minimum 8 characters, shall be
7
alphanumeric, locking of user-id after three unsuccessful
attempts, password expiry, password history so that
passwords are not same as previous passwords etc.
The system shall provide LDAP support for integrating
8 with directory services and shall support single sign on
The system shall support Extensive Audit-trails at
document, Folder
9
and for highest levels for each action done by particular
user with user name, date and time
The System shall support integration with database-
10
based authentication.
The system shall support integration with PKI
11 infrastructure as well as bio-metric solution for enhanced
security.
Administration
The system shall support web-based administration
1 module for the complete management of system.
The Admin module shall support Users/Groups/Role
2 definition and granting Access Rights to them and set
password expiries
The Admin module shall provide easy to use interface
3 for Index structure definition that can be used by
different users.
The Admin module shall provide interface for purging old
audit trail and do selective logging i.e. select the system
4
or application features for, which the audit trails have to
be generated.
The Admin module shall provide facility to take complete
and
5
incremental backups and shall be able to integrate with
third party backup solutions.
Reports and Audit Trails Features
The System shall support extensive Reports and audit
1 trails and shall also provide data points and facility to
design new reports
The system shall support Extensive Audit-trails at user,
2 Folder and Cabinet levels
The system shall provide facility to generate Audit trails
3 on separate actions, and between specific date/times
The system shall support extensive reporting facility at
document, folder and user level. Please specify all inbuilt
4
reports available in the system and also provide effort
estimates for new Custom reports to be designed
The System shall have audit trail to maintain history of
5 all transactions performed on the system.
The system shall give flexibility to administrator to do
selective logging
6
i.e. suspend and resume audit trail generation for
specific system and user activities.
Page 46 of 51
The application shall log all the actions done by

individual users with
7 username, date and time and the administrator shall be
able to generate detailed audit logs and history of the
process instance.
Reminders and Alarms
The system should have the capability to set automatic
1 reminders and alarms to concerned users.
Integration and Web Services
Should be based on open standards and have API
1 support for data import & export.
The System shall provide support to invocation of
external programs to
2
perform activities of a process like legacy application
screen for data entry.
The System shall support integration based on
3
standards such as XML
The System shall support message-based collaboration
4 based on protocols such as HTTP, FTP and SMTP.
5 The System shall support integration with Email Servers.
The System shall provide fully functional APIs for
6
Integration.
7 The System shall support Web based interfaces.
Record Management System
The system should be certified to Record Management
1 standard like DoD 5015.02 or equivalent standard.
Solution should include Records Management
2 component to comply with regulatory and legal policies
for long-term archival of content.
Solution should manage lifecycle of documents through
3 record retention, storage, retrieval and destruction
policies.
Solution should support managing and tracking of
4 physical location of documents
Solution should have facility to export / import electronic
5 record with metadata in XML format
Solution should provide the configurable capability of
record
6
classification as per the record keeping structure (File
Plan) of department.
Solution should have a provision to define physical
7 location of record management facility
Solution should have a facility to define disposition
8 schedule / policies for record
Solution should provide the capability for only authorized
individuals to view, create, edit, and delete disposition
9 schedule components of record categories. The
complete schedules would be as per the
organizational policies.
Solution should have a provision to move & track a
10 record among users within office/across locations
Page 47 of 51
When record is moved out of the facility, system should

11 have a capability to capture the transport / courier detail
Solution should provide report on the Records in the
selected file plan component such as such as number of
records present, number of record folder, Record
creation date, etc
 Report on activities of the selected user
12  Report on the Request/Return activities
 Report on overdue items
 Report on items borrowed
 Reports on records, whose retention period are
getting over in specified time
 Reports on disposition schedule
The record management system should allow mapping
13 of physical record location with the box in the system.
The RMS system shall allow assignment of box storage
14 locations in advance or on-the-fly.
The system shall provide a graphical representation of
the record centre with at least the following information:
 Total number of units
15  Total number of racks/shelves
 Occupied space
 Available space
The system should displays the quantitative data

16 corresponding to the physical storage space.
The system should display the numbers assigned to
17
each shelf
The system should distinguish the empty space and
18 available space by highlighting in different color.
The graphical visualization of record room shall be
19 configurable as per the available infrastructure of the
record room.
The graphical representation should provide space view
20 for both the front and back of a rack.
The graphical representation should present the data
21 pertaining to the record room space with option for
configuring additional information.
The system should allow bar code to be generated with
22 information of physical location.
The space management component shall be accessible
23 to the record manager role users only.
The system should allow record manager to manage
24 records from a central location with a single interface.
RMS should have the capability for defining the barcode
policy definition based on given below parameters:
 Office/Warehouse Code
25  Unit Code
 Rack Code
 Shelf Code
Page 48 of 51
Generation of barcode in given below format:

26 <Office Code><Unit Code><Rack Code><Shelf Code>
(In Selected Color Code)
Selection of color code for different categories of
barcode:
 Red
27
 Green
 Yellow
 Blue
Linking of barcodes with the barcode field for:
28  Filepart
 Box
Generation of barcode in PDF Format in printable format
29 i.e. Barcode Stickers etc.
30 Capability for viewing the barcodes in printable formats
15. Server Load Balancer

Complia Cross-
Sr. No. Minimum Requirement Specification nce Referen
(Yes/No) ce
1 The proposed Network Function Appliance should be multi-tenanted
appliance and have capabilities to run multiple 3rd parties and open
source independent virtual instance of Network functions with dedicated
Hardware resources for future requirements and scalability in the same
appliance. Each virtual instance contains a complete and separated
environment of resources, configuration, management, OS and has
capability to host open source virtual network Functions and CentOS &
Ubuntu to incorporate new technologies in the same appliance.
2 The appliance should have minimum 8 x 10G SFP+ interfaces with
compatibility to 1G/10G and required transceivers should be provided to
support copper connectivity too in case required. Should have built in
64GB RAM, 4 TB Hard disk and capability to create at least 15 virtual
Network functions from Day 1. Device to provide 60 Gbps throughput
from Day1.
3 The solution should support 10M L7 requests per second, 50M L4
concurrent connections & 4M L4 connections per second.
4 It should provide Secure online application delivery using hardware-
based high performance SSL acceleration with minimum 60 Gbps SSL
Bulk Encryption throughputs & 50 Gbps SSL Compression throughputs.
The appliance should have 50K SSL TPS (RSA 2K) and 35K ECC TPS
(ECDSA P256).
5 It should support L2-L7 Load balancing, Server Persistence, Content
Routing & Switching, SSL offload, ePolicy L7 Application Scripting,
eRoute L4 Routing
6 It should support advance functions Authoritative name sever, DNS
proxy/DNS NAT, full DNS server with DNSEC, DNS DDOS,
application load balancing from day one. It should be capable of
handling complete Full DNS bind records including A,MX, AAAA,
CNAME, PTR, SOA etc.
Page 49 of 51
7 Appliance should provide full ipv6 support and OEM should be IPv6
gold- certified. OEM should be listed vendor for ipv6 phase-2
certification
8 Application, Server & Link Health Checks - ARP, ICMP, TCP,
HTTP/HTTPS, DNS, Radius, MySQL, MsSQL, RTSP, SIP single
port/protocol, Multi-port, physical port, ICMP and user defined L4 –
Next gateway health checks
9 It should maintain server persistency based on source ip and destination
ip, http header, url, cookie and SSL ID. The appliance should support
multi-port, scripted and custom health check with content verification
10 The appliance should provide application delivery controllers with
features like round robin, weighted round robin, least connection,
Persistent IP, Hash IP, Hash Cookie, consistent hash IP, shortest
response, proximity, SNMP, SIP session ID, hash header etc. and
support for policy nesting at layer7 and layer4, Should also have Script
based functions support for content inspection, traffic matching and
monitoring of HTTP, SOAP, XML, diameter, generic TCP, TCPS. Load
balancer should support ePolicies to customize new features in addition
to existing feature/functions of load balancer.
11 Should support one arm, reverse and transparent proxy mode
deployment scenarios and should support nested layer7 and layer4
policies.
12 Device to have capabilities to run ADC and SSL VPN as independent
Network Function and not an integrated solution to ensure required
performance. Should also provide machine authentication based on
combination of HDD ID, CPU info and OS related parameters to provide
secure access to critical resources.
13 The solution should support enterprise remote desktop control role based
desktop publishing
14 The solution should able to enforce data leakage protecton policies for
secure VDI to allow/deny copy-paste, clipboard, drive, port and print
redirection
15 The Solution should able to mitigate a range of attacks, including key-
logging, shoulder surfing, brute force, dictionary, interception, cross-site
scripting, replay, automated attacks, sniffing and stored browser
password.
16 It shall support built-in failover decision/health-check conditions. It shall
also support failover and High Availability (HA) requirements. It shall
have redundant power supplies. Shall support script-based functions
support for content inspection, traffic matching and monitoring
of HTTP, SOAP, XML, diameter, generic TCP, TCPS
17 Should provide mechanism to bind multiple health checks, support for
Application specific VIP health check and next gateway health checks.
Should support persistency features including RTS (return to sender) and
ip flow persistence.
18 Should provide comprehensive and reliable support for high availability
with Active- active & active standby unit redundancy mode. Should
support both device level and VA level High availability for using
standard VRRP protocol (No Proprietary protocol).
19 Technical Assistance Centre must be available in India since 8 years
with tollfree number
20 OEM should be listed among top 3 in IDC for ADC vendor in India
(Year 2021-2022).
Page 50 of 51
21 Warranty – Seven (07) years 24 x 7, Onsite Comprehensive Warranty

from Hardware OEM
22 OEM should have presence in india from last Eight (8) years.
Minimum full Solution Qty Required - 2 at DC & 2 at DR. This is the
minimum Qty should be quoted by Bidder, Bidder need to size and
23 quote as per solution requirement and factoring future scalability for
next 8 years. Bidder need to factor the required numbers of Sensor
hardware / Appliance / Data fetching Unit as per solution requirement.
Page 51 of 51

Tech Specs 90338 - Annexurea75prnbpdcl

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Tech Specs 90338 - Annexurea75prnbpdcl

Uploaded by

Copyright:

Available Formats

Annexure ‘A’- (Technical Specification): 75/PR/NBPDCL/2023

CONSIDARATIONS WHILE DESIGING THE DC AND DR

1. STAND ALONE SERVER

2 Proposed server should support at least 8x 3.5” or 2.5” hot-plug SSD

3 Should support Boot-from-SAN for Fiber Channel (FC), Fiber Channel

4 Proposed server should support minimum 16 x 64GB (1x32GB) Dual

5 Proposed server should have expansion Slot min Minimum of 3 Nos of

10 The proposed solution must be supplied with at least 900 GB SSD on

Proposed server should have at least 2 dual-rotor fans

Security Trusted Platform Module 2.0, UEFI Secure Boot, Cryptographic

Offered Storage must support Symmetric or Asymmetric

Offered Storage must be supplied with minimum 60 TB of

Offered Storage must be configured with minimum of 12

Offered Storage configuration must be sized to support

Array must be offered with minimum 2x32Gbps FC and

Offered Storage must provide application consistent data

The storage operating system must provide FC, NVMe-oF,

Offered Storage must provide Inline as well as Post-Process

Offered Storage must be configured with required Licenses

Offered Storage replication should be secured by end-to-

The proposed storage array must support data-at-rest

The storage should be configured to comply with SEC Rule

The system should provide capabillity to tier cold file and

Storage system must be offered in a No-Single-Point of

Warranty & AMC The Hardware and software quoted

cables, transreceivers should

Full-fabric architecture with a man

downloads or firmware upgrades

Monitoring and Alerting Policy

4. FILE MANAGEMENT & SEC

File upload security solution to protect applications

Quality of Should support QoS classification, policing

All relevant licenses for all the above

Switch should have 48 x 10/100/1000M ports and

Switch should support root guard, loop guard and

In-built Key Management features - application

Access and manage assets via a REST API, supporting

Expose Data Source as Web Services or REST Resources

Full Suite B implementation with fully licensed ECC, including

KMS solution must be able to support at least Public cloud platforms:

Must be able to support at least Hypervisor Platform: ESXi, AWS,

KMS solution must support secrets type including credentials, API

1 The solution should support vault-less tokenization and not vaulted.

The solution should Pseudonymize and masks sensitive data while

The solution should support multiple character sets, (including

The solution should provide detailed logging of common operations

11 OEM Manufacturing Authoriztion Form is mandatory

Should provide management of device backup and firmware

9 Should be additional wireless APs can be registered and configured.

Should support comprehensive log management and should have

Event related to Servers should go to a common enterprise event

Should be configurable to suppress events for key systems/devices

Should be able to monitor on user-defined thresholds for warning/

The proposed EMS solution should be an integrated, modular and

Should provide an integrated performance view for all the managed

42 Manual discovery can be done for identified network segment.

Should support dynamic object collections and auto discovery. The

51.8 Critical System log integration

53 Should able to generate reports on predefined / customized hours.

Should be able to present the reports through web and generate

Should provide information regarding interface utilization and error

Automated Daily, Weekly, Monthly, Quarterly and Yearly SLA

Processors: Each processor in the system should be monitored for