Transcription
BRISTOL HOUSING AUTHORITY REQUEST FOR PROPOSALIT & COMPUTER SUPPORT SERVICESI.INTRODUCTIONIT SUPPORT SERVICES AND NETWORK UPGRADE INSTALLATIONThe Bristol Housing Authority (BHA) is seeking proposals (Proposal or Proposals) from qualifiedfirms (Proposers) for ongoing Information Technology (IT) Support Services provided in aproactive method through Help Desk support as well onsite support. The initial term of theContract (Contract) shall be two (2) years with options of one (1) year extensions.BHA is not looking for a simple break fix service provider. We are seeking a company to partnerwith us to not only manage and maintain our IT Infrastructure but to provide us a trulyconsultative experience. We want the vendor chosen to be proactive with our systems from amanagement and monitoring perspective. Bring new technologies and new trends in theindustry to our attention for evaluation and possible inclusion. Lastly, assist us in understandinghow to leverage technology to help us reach our goals faster, more completely, and with lessexpense.The BHA is a public housing authority authorized under state law and funded by the U.S.Department of Housing and Urban Development (HUD) and the Connecticut Department ofHousing. All BHA data is highly sensitive and must be kept secure and strictly confidential. Theselected Proposer(s) will be subject to a Confidentiality Agreement.Bristol Housing Authority – IT & Computer Support ServicesPage 1 of 28
BHA INFORMATION TECHNOLOGY CURRENT ENVIORNMENTMAIN OFFICEThe main office is located at:Cambridge Park164 Jerome AvenueBristol, CT 06010II.The Main office acts as the central point for BHA. There are approximately twenty (20) userslocated here along with the server room.Internet ConnectionsBHA has two (2) main internet connections, a Frontier fiber circuit, and a Comcast cableconnection.The Frontier fiber connection is specifically used for Voice over IP connectivity into theBroadview/Winstream environment. The Remote PBX service is designed to only allowconnectivity if it originates from the specified IP addresses associated with this circuit. TheFrontier Fiber Circuit terminates on a Cisco CPE router managed by Frontier.The Comcast Internet circuit is the Primary internet circuit for the main office. The circuitprovides outbound internet access, terminates the remote access vpn, and site-to-site vpnconnections. The Comcast cable connection terminates in a SMC broadband business routerwhich is managed by Comcast.FirewallThe BHA main office firewall is a Dell SonicWALL UTM device. All security services are licensedand enabled providing advanced security services for the main office helping to protect andsecure the network. Both internet connections terminate in the firewall. The firewall acts as thedefault gateway for both the data and voice vlans. Routing and policy-based routing providestraffic steering to properly direct outbound traffic to the right internet service.WAN/Site-to-Site VPNBHA utilizes a Hub and Spoke VPN Site-to-Site Connectivity. With the main office being the hubsite. All remote sites that either has BHA Staff located remotely or requires camera connectivitywill have a VPN connection terminating in the main office.Server ClusterThe BHA Server Cluster consists of two (2) HP Servers running ESXi and one (1) HP iSCSI storagearray. There consists a pair of dedicated ethernet switches in the cluster to provide the ESXiServers access to the storage array, ILO, and network access. The ESXi environment consists ofseveral windows servers, acting as domain controller, file server, application server, SQL server,and remote desktop server, and vCenter server. Several of these servers will bedecommissioned with a change in the public housing software that the housing authority isBristol Housing Authority – IT & Computer Support ServicesPage 2 of 28
using.The ESXi servers are configured as a cluster with HA, DRS, vMotion, and Storage vMotion. Acloud-based backup system is currently used as an offsite cold backup copy of the system.Wired LANBHA’s wired LAN Consists of two (2) ethernet POE switches and housed in the main office’sserver room. These switches provide POE power to both the IP Phone and wireless accesspoints. There are two (2) vlans that exist on the switch one (1) for PC access and one (1) forVoice Access. QOS is utilized to prioritize the voice communications over the datacommunications.Wireless LANAt the main office BHA has a full access SSID as well as an additional guest SSID. The full accessSSID is the same for the main office as well as remote offices. It allows full network access forall services as if the device was connected to the wired network. The guest SSID allows onlyaccess to the internet. The Wireless LAN consists of two (2) or three (3) Ubiquiti access pointsspread out throughout the main office.Wireless WANThe Wireless WAN is specifically designed and deployed to maintain IP connectivity for theBristol Housing Authority – IT & Computer Support ServicesPage 3 of 28
network cameras deployed in and around the main office facility. The Wireless WAN isdeployed using Ubiquiti Wireless WAN access points and mesh devices. The network DVR is inthe server room of the main office. The DVR, along with the cameras, are managed by a 3rdparty. However, the wireless WAN operation is part of the RFP.Remote Access VPNBHA utilizes remote access VPN for remote file access as well as other services. The terminationpoint is the main office Dell Sonicwall and the mobile devices are loaded with the standardSonicWall VPN Client. There are some desktops that use an always-on VPN connection foraccess to the BHA network.TYPICAL REMOTE OFFICEThere are three (3) remote sites that fall in this category:Bonnie Acres59 Vance DriveBristol, CT 06010J.F.K. Apartments70 Gaylord StreetBristol, CT 06010Komanetsky Estates81 grove Ave.Bristol, CT 06010Each remote site consists of one (1) or two (2) office staff and one (1) property manager. Eachstaff member has a desktop and the manager has a laptop computer with docking station. Asmall multifunction printer/copier/scanner shared by the office staff and manager is located ina common area. At times the manager will also have a personal size printer at their desk. Siteconnectivity is typically handled with an internet connection by Comcast and terminates into aDell SonicWall wireless UTM device. The Dell Sonicwall UTM will have all security serviceslicensed and enabled to provide protection at the branch. This device will have a VPN tunnelback to the main office and any traffic not destined for the main office will flow directly on theinternet. There is a wireless SSID that mimics the main site for staff and manager use. Theirdesk phones are part of the overall housing authority phone system (described later) andutilizes the Dell SonicWall for internet access to Broadview/Winstream. There is also a timeclock for time and attendance located at each site. Depending on the number of ports requiredthere may be a small secondary ethernet switch at the location.Bristol Housing Authority – IT & Computer Support ServicesPage 4 of 28
SHARED/COMMON SERVICESDesktops and LaptopsBHA computers are either standard desktop or laptop. Currently a combination of HP and IBMare used. The standard configuration consists of windows 10 operating system being domainconnected to the BHA AD domain. All systems have the Microsoft Suite installed, as well as thesoftware for the housing management system. Outlook is used for e-mail connecting back toOffice365. Based on the particular needs of the individual or their direct responsibilities othersoftware may need to be installed and maintained.Mobile DevicesBHA has a variety of mobile devices which may be BHA owned or employee owned. For themost part these devices may only need assistance with access and setup of the individual’s email account. There are a couple inspection devices that are specifically for use with the publichousing software used by BHA.Phone SystemBHA currently uses an IP Based phone system provided by Broadview/Winstream. All servicesterminate on the internet. There is a dedicated internet circuit for the phones brought in fromFrontier on fiber. This circuit terminates into a Cisco CPE Router that is monitored and managedby Frontier. The ethernet handoff from this router terminates into a Dell Sonicwall firewall (thesame one mentioned and detailed under the internet/firewall section). All phones at the mainBristol Housing Authority – IT & Computer Support ServicesPage 5 of 28
office utilize power over ethernet from the access switches. The phones are segregated on aseparate VLAN for QOS and security concerns. The phones, The Cisco router and theBroadview/Winstream service are managed under a separate contract and will require onlyminimal interaction. The selected company will have to interact with the Frontier,Broadview/Winstream, and our phone representative for basic troubleshooting, connectivityissues, on-site testing, vendor meets and full maintenance and management of the DellSonicwall firewall.Printers and CopiersBHA has two (2) classes of printers and/or copiers. There are large printer/copiers at the mainoffice and Komanetsky. Interaction with these printers will include basic network connectivityand basic configuration with the selected printer/copier vendor currently under contract. Thismay include assisting them with e-mail configuration and network share configuration forscanning and other options.There are several other smaller printers and multifunction printers throughout the facilities.These are considered expendable devices and as they age out of service, or new functions at aspecific area are required, they are replaced. These are typically purchased through the vendorselected by this RFP or other means as we see fit. For these devices you will need to provide fullinstallation and configuration needed.Miscellaneous IOT ConnectivityBHA has miscellaneous systems that may connect to the network such as the HVAC system.These systems have limited network access and may contain a software component that maybe loaded on one or more workstations or as a server component hosted on the serverinfrastructure.Time and Attendance SystemBHA currently utilizes a biometric time system for time and attendance of staff andmaintenance team members. This system requires internet connectivity and softwaremaintained on a limited number of workstations, (currently two (2)). There are several (lessthan ten (10) internet connected clocks located throughout various housing authority facilities.Physical Security – Access Control SystemThe physical ayccess control system is network connected and two (2) to three (3) workstationshave software to control the system that will need to be maintained.Web SiteBHA currently engages with a 3rd party to manage, maintain, and host the bristolhousing.orgwebsite. There are integrations with other BHA systems such as our public housing softwaresystem and tenant rent payment system.Bristol Housing Authority – IT & Computer Support ServicesPage 6 of 28
SERVICES REQUESTEDBHA has no preference with on-site vs remote site support as long as problems and issues areresolved effectively and in a timely manner. It will be up to the vendor to ensure that theirneeded methods of connectivity are secure and that they are taking effective means to ensuresecurity of the housing authority and its assets. There will be times when attending on-sitemeetings will be required.III.The below table outlines the scope of services requested. This guide is only an outline and not acomplete list of the services required.CategoryServer Environment 2 HP Servers running ESXi 1 HP SAN Connectivity via iSCSI Microsoft Windows Servershosted on ESXiScope of ServicesManage HP ServersEnsure appropriate support contracts are in placeEnsure proper operationWork with HP as needed to resolve issuesManage All Server OSsEnsure appropriate support contracts are in placeWork with Microsoft as needed to resolve issuesManage Active DirectoryManage all functions of ADNew users, computers Etc.Manage ESXi EnvironmentEnsure appropriate support contracts are in placeWork with VMWare as needed to resolve issuesBackup and Recovery SystemEnsure there is a proper backup system in placeEnsure the functionality of that systemMonitor system to ensure operationInternet/FirewallDell SonicWallEnsure appropriate support contracts are in placeEnsure appropriate security subscriptions are in placeEnsure proper operationEnsure proper securityEnsure proper routing for phones and laptopsManage and configure devices as neededWork with Dell as needed to resolve issuesWAN/Site-to-site VPNDell SonicwallEnsure appropriate configuration for S2S VPNfunctionality and connectivityManage and configure devices as neededWork with Dell as needed to resolve issuesRemote Access VPNDell SonicwallEnsure appropriate Configuration for RAS VPNBristol Housing Authority – IT & Computer Support ServicesPage 7 of 28
functionality and connectivityManage and configure devices as neededEnsure client functionality on devices as neededWork with Dell as needed to resolve issuesWired LANUbiquiti and Netgear SwitchesEnsure appropriate support contracts are in placeManage and configure devices as neededEnsure proper VLAN configuration/separationWireless LANUbiquiti Wireless APsEnsure proper functionalityManage and configure devices as neededEnsure proper Ssecurity and separation on WLANWireless WAN/MeshUbiquiti Wireless WANSystem used for sole purpose of camera connectivityEnsure proper functionalityManage and configure devices as neededEnsure proper securityCamera SystemCamera NVCR/ServerServer is managed by a 3rd PartyWork With 3rd Party on network connectivitytroubleshooting with responsible vendorLoad client software on PCs as NeededCamerasCameras are managed by 3rd PartyWork with 3rd party on network connectivitytroubleshooting with responsible vendorDesktops/LaptopsLaptops/DesktopsMicrosoft Office (ensure license subscription)Housing Authority softwareDesktop and OS troubleshootingVirus protectionAnti-Malware ProtectionPersonal firewall/HIPS functionalityDevice encryptionMobile DevicesPhones/TabletsCombination of home and BHA owned devicesEnsure wireless connectivityEnsure needed applications are installed andconfiguredEnsure needed VPN connectivityEnsure security of endpointsBristol Housing Authority – IT & Computer Support ServicesPage 8 of 28
Phone SystemSystem Hosted Off-SiteManaged by 3rd partyEnsure proper routing of traffic across SonicWallWork with 3rd party on phone configurationWork with 3rd party on troubleshooting phoneconnectivityEnsure QOS capabilities to ensure sound qualityLoad software as needed on PC’s as neededPrinters and CopiersLarge Centralized PrintersManaged by 3rd partyWork with 3rd party on network connectivitytroubleshootingWork with 3rd party to load driversWork with 3rd party on printer functions such asscanning capabilitiesSmall/Personal CopiersManage copiers and printersEnsure network connectivityLoad driversEnsure all printer functions such as scanningcapabilitiesMisc. IOT ConnectivityTime and Attendance SystemVariousManaged by 3rd partyEnsure network connectivityInstall supporting desktop softwareTroubleshooting with responsible vendorBiometric Time-Clock SystemManaged by 3rd partyConfigure/mount devices as neededWork with 3rd party on network connectivitytroubleshootingLoad software as neededWork with vendor to troubleshoot software as neededPhysical SecurityAccess Control SystemManaged by 3rd partyEnsure network connectivityInstall supporting desktop softwareTroubleshooting with responsible vendorWeb SiteManaged and Hosted by 3rd PartyMay need to provide assistance and act as a bridgebetween other vendors for integration of functions andBristol Housing Authority – IT & Computer Support ServicesPage 9 of 28
capabilities into the websiteBristol Housing Authority – IT & Computer Support ServicesPage 10 of 28
IV.SYSTEM AND DATA SECURITYBHA in the normal course of operations collects and maintains various items of data that areconsidered confidential, proprietary, or Personally Identifiable Information (PII) of tenants,staff, vendors and others. This information is for the sole use of BHA to conduct its day to dayoperations. This information is to be maintained in a secure state at all times.BHA makes every effort to secure this data through its systems and methods of operations. Theselected vendor should ensure that any system, either existing or new, maintain high securitystandards. Implementation or changes to any system provide either similar or better securitystandards. At any time if the vendor discovers weak security, based on industry best practicesor potential security risks, they should immediately bring it to the attention of their vendorliaison.We understand that the selected vendor may directly or indirectly gain access to this data inthe normal course of providing the services outlined in this RFP. All information accessed by thevendor must be maintained in a secure state at all times and at no time may this information beused in any other manner than to fulfill the services requested by this RFP or in the normalcourse of supporting BHA Systems.At no time should this data be removed from a BHA facility without written consent from a BHArepresentative authorized to give such permission. If the vendor is unsure of the type ofinformation that may be contained in files, backups, or disks you should default to assumingthat it does contain PII or other confidential information and seek written permission. Thiswritten request should include details of how the information is being transmitted, serialnumbers, or other identifying information of any hardware devices.When the vendor is finished with the information or devices containing potentially sensitivedata the vendor must ensure either the return or the destruction of data including any copies(physical or logical), backups, e-Mails, etc. In the case of data destruction DOD 5220.22M is thestandard currently recognized by BHA as sufficient to ensure data destruction without theability to recover. If for any reason a device cannot be successfully destroyed physicaldestruction must occur of a complete nature or the return of the media. When destructionoccurs, you must provide certification of such destruction to your vendor liaison.If at any time BHA requests data destruction, or at the end of a contract the vendor has 30 daysto provide the housing authority with certification that all sensitive information has beenproperly destroyed and purged from their systems.Bristol Housing Authority – IT & Computer Support ServicesPage 11 of 28
V.GENERAL INSTRUCTIONSCONTACT INFORMATIONThis RFP is being requested by the office of the CEO of BHA:Mitzy Rowe, CEOBristol Housing Authority,164 Jerome Avenue, Bristol, CT 06010PROPOSAL SUBMISSIONBHA Solicits Proposals to be received by 1:00 PM (EST) Friday July 6, 2018 in the format outlinedbelow. Late submittals will not be accepted.1. Proposals must be submitted by mail carrier/courier service (USPS, FedEx, UPS) or Hand-delivered on or before the due date and time outlined above. All proposals will becomeproperty of BHA. Submit proposals to:Mitzy Rowe, CEO – IT & Computer Support ServicesBristol Housing Authority,164 Jerome Avenue, Bristol, CT 060102. All proposals must be contained in a sealed catalog type envelope. The outside of theenvelope should be clearly marked “IT & Computer Support Services” including yourcompany name and full contact information. Please include three (3) hard copies andone (1) electronic copy either on CD or USB Drive.3. If the proposal is mailed in, please ensure there is a separate sealed envelope inside asindicated above.4. For questions regarding proposal submission only, please contact Yvonne Tirado,Procurement / Special Projects Manager, at ytirado@bristolhousing
Phone System BHA currently uses an IP Based phone system provided by Broadview/Winstream. All services terminate on the internet. There is a dedicated internet circuit for the phones brought in from Frontier on fiber. This circuit terminates into a Cisco CPE Router that is
