NATIONAL INSTITUTE OF TECHNOLOGY, DURGAPUR
MAHATMA GANDHI AVENUE
DURGAPUR –713 209, WEST BENGAL, INDIA
FAX: 0343-2547375;E-mail:firstname.lastname@example.org; Website: www.nitdgp.ac.in
Telephones: 0343-2546397 (Director)
BID REFERENCE: NITD/ITIC/IMSS/ 2008/08/ 07.08.2008
Sub: INVITATION FOR QUOTATIONS FOR INFRASTRUCTURE MANAGEMENT AND SECURITY
1. You are invited to submit your most competitive quotation for the goods as per annexure-I
2. Bid Price
a) The contract shall be for the full quantity as described above. Corrections, if any, shall be made by crossing out,
initialing, dating and re writing.
b) All duties, taxes and other levies payable by the contractor under the contract shall be included in the total price
F.O.R. NIT Durgapur.
c) The rates quoted by the bidder shall be fixed for the duration of the contract and shall not be subject to adjustment
on any account.
d) The bid price must be quoted in Indian Rupees.
3. Each bidder shall submit only one quotation for each item. Manufacturer/authorized dealers of reputed brands of
high technical quality with adequate after-sales support facilities are eligible to apply. The bidder must have
supplied similar good to reputed organization to their full satisfaction and furnish a list of the same.
4. The bid submitted by the bidder must comprise the following:
Part – I (Techno-commercial Bid)
(a) Detailed technical specifications and literature/drawings/manuals of the goods/services to be supplied.
(b) Compliance report on quoted goods in accordance with Annexure – I.
(c) Detail Implementation plan in accordance with Annexure – I.
(d) Authorized dealership certificate from the original manufacturer as per the Annexure – III.
(e) Credentials and list of organizations where the bidder supplied similar items
(f) Warranty Certificate (comprehensive on-site).
(g) Valid sales-tax / VAT clearance certificate.
Part – II (Price Bid)
Price bid as per Annexure-II
5. Validity of Quotation
Quotation shall remain valid for a period not less than 60 days after the deadline date specified for submission.
6. Evaluation of Quotations
The Purchaser will evaluate and compare the quotations determined to be substantially responsive i.e. which
(a) are properly signed and (b) conform to the terms and conditions, and specifications.
7. Award of contract
The Purchaser will award the contract to the bidder whose quotation has been determined to be substantially
responsive and who has offered the lowest evaluated quotation price.
2. 7.1 Notwithstanding the above, the Purchaser reserves the right to accept or reject any quotations and to cancel the
bidding process and reject all quotations at any time prior to the award of contract.
7.2 The bidder whose bid is accepted will be notified of the award of contract by the Purchaser prior to expiration of
the quotation validity period. The terms of the accepted offer shall be incorporated in the purchase order.
8. Delivery shall be made at NIT, Durgapur
9. Payment shall be made immediately within 30 days after satisfactory installation, commissioning and
acceptance of the good.
10. Comprehensive onsite warranty shall be applicable to the supplied goods for a period of thirty six months from
the date of acceptance.
11. The Institute is exempted from payment of custom and excise duty on items mentioned below:
a) Scientific and technical instruments, apparatus, equipment (including computers);
b) Accessories, spare parts and consumables thereof;
c) Computer software, CD-ROM, recorded magnetic tapes, microfilms, and microchips.
d) Sales Tax, if applicable, should be charged @ 4% against ‘D’ form.
12. The successful bidder must submit before the release of payment a valid bank guarantee on any nationalized
bank of 10% of the order value towards Performance Security during the warranty period.
13. Liquidated Damage will be applicable at the rate of 0.5% per week. The purchaser has the right to cancel the
purchase order when LD accumulates to 10 %.
14. A bank draft of Rs.1000/- towards the Bid Document price payable to “Director, NIT Durgapur” at Durgapur
will be enclosed with the bid by the bidder.
15. A bank draft or bank guarantee worth 2% of the quoted value payable to “Director, NIT Durgapur” at Durgapur
will be enclosed with the bid by the bidder towards the Earnest Money Deposit (EMD). The EMD shall
remain valid for a period of 45 days beyond the final bid validity period.
16. Quotations are to be submitted in two separate sealed covers marked PART-I (Techno-commercial bid) and
PART-II (Price bid) containing relevant documents, superscripting “Bid No. - NITD/ITIC/IMSS/2008/08”.
These two sealed covers are to be placed in a separately sealed larger cover. Further the sentence ‘Not to
be opened before 16-00 hours on 28.08. 2008’ is also to be put on these envelopes.
17. Settlement of any dispute will be made under the jurisdiction of Durgapur Court.
18. You are requested to provide your offer latest by 16-00 hours on 28.08. 2008.
19. The purchaser will open the bids at 16:30 hours on 28.08. 2008.
20. Pre – Bid Conference on the bid will be on 21.08.2008 at 10:30 AM at Library Building 1st floor.
21.1 At any time prior to the deadline for submission of bids, the Purchaser may, for any reason, whether at its own
initiative or in response to a clarification requested by a prospective bidder, modify the bidding documents by
21.2 In order to allow prospective bidders reasonable time in which to take the amendment into account in preparing
their bids, the Purchaser, at its discretion, may extend the deadline for the submission of bids.
22. The bid document must be signed and sealed and enclosed with the bid as a token of acceptance of all terms and
conditions in the bid document by the bidder.
23. The items/services must be delivered within 60 days from the date of placement of purchase order at the
24. All other terms and conditions of GFR 2005 of the Government of India will be applied.
25. We look forward to receiving your quotations and thank you for your interest in this project.
3. Chairman, IT Infrastructure Committee
National Institute of Technology
The bid must be addressed to: Durgapur, West Bengal – 713209
Prof. A. K. Mitra Mobile: +91-97347-34317, Email: email@example.com
4. Annexure - I
Infrastructure Management and Security Services for Campus Wide Networking
NIT Durgapur is having an extensive network consisting of over 3500 nodes. The network is built over two
core switches of Extreme Networks and a combination of distribution access switches of 51 Extreme Networks
and 95 DAX Switches. There are 4 Wireless Access Points to link Wireless enabled Laptops. Part of this
Network is even extended to the Student Hostels. A high efficiency Internet bandwidth is taken from BSNL &
Reliance. BSNL is providing 32 + 2 Mbps and Reliance is providing 20 Mbps. Internet browsing access is
provided throughout the network through Proxy Services. Email Server and Email Service are hosted from
respective servers. Further the IT infrastructure of NIT Durgapur is well equipped with number of servers,
software and LRs, which are used for several academic and management purpose.
NIT Durgapur being an academic institute of INI status must have open approach with focus on clean and
efficient access of web, institute email, resources and other services (like Office Automation, Update and patch
management services and INDEST services). We must see that network resource is not being wasted due to
anomalous activities and the resources are provided with protection for basic sanity. A good monitoring facility
is also required for a responsible network.
Recent IT Act had given legal status to digital data and digital identity. Therefore, maintaining compliance
diligence is becoming necessary responsibility for large networks like NIT Durgapur.
In view of the above facts NIT Durgapur must set the strategy for infrastructure management and security at
gateway as well as endpoint level to have a clean, efficient and responsible network.
1. Gateway Level Security
As a structure of infrastructure and security management we must divide the network logically into Zones. Each
zone shall have defined levels of accessibilities depending on their functions. Zones are as follows,
• External Untrusted Zone
• De-Militerised Zone (DMZ)
• Administrative Zone
• Academic Zone
• Hostel Zone
• Residential Zone
A firewall should be used at gateway level to segregate External Untrusted Zone, DMZ and Internal LAN.
VLAN should be defined based on this zone division to limit broadcast at Layer 2. The firewall must be
evaluated based on the following criteria: -
• Firewall having IPS with deep packet inspection
• Creation of Security Zones
• Intelligent Intrusion Detection System
• Gateway antivirus engine on web and email traffic
• Cryptography Public Key & VPN Infrastructure
• Host Security
• Application Security
• Access Control
• Disaster recovery and Continuity Plan
• Event Log Management
As a policy no service from Internal LAN should go directly to Internet. All out going services must go through
respective proxy services. The DMZ should host all services that are in direct connection to the Internet.
Therefore, DMZ should host Web Server, Mail Server, Proxy Server etc. The policy in the firewall should be
defined that will allow only the services offered. The performance of the firewall also should be sufficient
function in full load. Intrusion Detection capability is also an important criteria for the firewall (Fig – I).
5. Firewall, Antivirus,
Anti-spam, IPS etc.
Fig – I: Gateway Security
II. Resource and Access Management
A resource management application will be of immense help for the manageability of the nodes. Such a
centralized facility will bring in manageability, accountability and compliance.
The first strategy to defending nodes is to have an antivirus, anti-spam and personal firewall installed in every
node by policy. Measures must be in place to keep them updated with latest patches. Therefore, more than just
installing, an update enforcement policy is also imperative.
Secondly, every threat that poses a network utilizes the weakness in the applications themselves to break in. The
application and operating system OEMs constantly remedies these weaknesses whenever they are discovered
and posts them as patch updates. The OS and the applications update are to be given equal importance to have a
safe and clean working environment. Centralized patch update facility can push install the updates by policy.
The Third and most important issue is policy based access control mechanism for network resource and services
with the compatibility with IEEE802.1X standard. If a user is not authenticated they will not be allowed entry
into the network from the Layer 2 switch ports. If the user is not compliant by the policy (including the security
policies), the user will be connected but without the access to regular resources, rather he will quarantined to a
remedial VLAN, where he get access to the redial Server for Patch update, personal antivirus update and client
Fig – II: Access Management
1. Gateway Level Security
Feature Description Performance
Maximum Performance Multi-bus System Architecture Preferable
and Capacity Firewall throughput (large packets) 1+ Gbps
Advanced DES/AES throughput 500 Mbps (min)
Maximum concurrent sessions 2,50,000 (min)
New sessions/second 15,000 (min)
Maximum security policies, Packets Per Second, Specify
Maximum users supported. Unrestricted
Network Connectivity 10/100/1000 GBE Ports 10
SFP (Mini GBIC) Ports 2
USB (preferable) 2
Firewall Network attack detection, DoS and D DoS Required
protection, TCP reassembly for fragmented packet
protection, SYN cookie protection, Zone-based IP
spoofing, Malformed packet protection.
Unified Threat IPS: Protocol anomaly detection, Stateful protocol Required
Management signatures, IPS/DI attack pattern obfuscation.
Gateway Antivirus: Signature database based with Required
automatic update ficilities, Anti-spyware, Anti-
adware, Anti-keylogger, Protocols to be scanned
POP3 – HTTP –SMTP – IMAP – FTP
Gateway Anti-spam Required
Integrated URL filtering Required
External URL filtering Required
IPSec VPN Concurrent VPN tunnels 1000 (Min)
Encryption: DES, 3DES and AES (256-bit) MD-5 Required
and SHA-1; Manual key, Internet Key Exchange
public key infrastructure (PKI) (X.509); Perfect
forward secrecy (DH Groups) 1,2,5; Prevent replay
attack; Remote access VPN; Layer 2 Tunneling
Protocol (L2TP) support within IPSec; Auto-Connect
VPN; Redundant VPN gateways support
User Authentication and Local Database support; Third-party user Required
Access Control authentication RADIUS and LDAP; Windows
Domain Control & Active Directory Integration;
Support for Single Sign On, VPN authentication,
Web-based authentication, 802.1X authentication;
User/ Group access control;
Networking Virtualization: Support of min 50 nos security Required
zones, min 150 nos pf VLNs; Routing: OSPF routes,
RIP v1/v2 Routes, Static routes, Policy based routes,
Multicasting, Multicast inside IPSec tunnel; IP
Address Assignment: Static IP, DHCP, PPPoE;
Address Translation: NAT / PAT, Policy-based
NAT/PAT, Support for MIP, Virtual IP, VLAN
802.1Q Trunking, MIP/VIP Grouping. Preferable:
IGMP v1/v2, IGMP Proxy, Standard Encapsulation
Mode of Operation Support for Layer 2 (transparent) and Layer 3 (route Required
and/or NAT) mode
Traffic and Bandwidth Policy based Guaranteed and Maximum bandwidth; Required
Management Quality of Ingress traffic policing; Priority-bandwidth
Service (QoS) utilization; Committed and burstable bandwidth by
hierarchy/ departments/ groups & users
7. High Availability (HA) Active/passive Mode (at L3 or Transparent Level) Required
with Configuration synchronization, Session
synchronization for firewall and VPN, Session
failover for routing change, Device failure detection,
Link failure detection
Multiple ISP Link Management and Load Balancing Required
Voice over IP (VoIP) Security (H.323. Application-level gateway (ALG), Network Preferable
Address Translation (NAT) for VoIP protocols)
System Management WebUI (HTTP and HTTPS) , Command line Required
interface (console, SSH and telnet), SNMP, OEM
Specific management Studio/console/interface
Administration Support for Local administrator database, External Required
administrator database through RADIUS, RSA
SecureID, LDAP, Restricted administrative
networks, multiple level of users, software upgrades
Logging/Monitoring System log (multiple servers), Email Reports, Required
Graphical real-time and historical monitoring,
Traceroute, SNMP, VPN tunnel monitor.
On Appliance Reporting Intrusion events reports, Policy violations reports, Required
Web Category reports (user, content type), Search
Engine Keywords reporting, Virus reporting by User
and IP Address, Compliance Reports.
Certification ICSA Firewall, VPN, FCC, CE, UL Required
2. Infrastructure Management
(a) Centralized Resource Management:
Policy based resource management; Support for Windows desktop Imaging; Application management;
Application self-healing; IT asset discovery, inventory & classification; Remote control, Enterprise web
reporting based on BusinessObject.
(b) Centralized Patch Management
Should support Individual application vulnerability scanning, E-mail agent configuration for sending
vulnerability notifications, Comprehensive vulnerability and compliance reporting, Role-based administrative
account creation, Automatic vulnerability package downloads—as soon as they are available, System
vulnerability base lining for an agent group containing a validated group of mandatory patches, Vulnerability
package deployment to groups of clients, Server tuning guidelines, Successful patch deployment verification
using reporting functions.
OS Patch should support Redhat Linux 2.1 to 4.0 Enterprise Edition, Windows 9xWindows XP SP1 / SP2,
Windows 2000 and 2003 server, Windows Vista, Sun Solaris 10.0, IBM AIX 5.1 to 5.3, Novell, Novell SuSe
Application Patch should support Adobe Acrobat Reader, Adobe Flash Player for Internet
Explorer, Adobe Flash Player for FireFox/Netscape, Adobe Macromedia Plug-In (Internet Explorer, Firefox),
Apple QuickTime, Computer Associates eTrust Antivirus, McAfee VirusScan Engine, McAfee VirusScan
Enterprise Engine, McAfee VirusScan DAT, Microsoft .NET Framework, Microsoft ActiveSync, Microsoft
Content Management Server, Microsoft Data Access Components (MDAC), Microsoft DirectX, Microsoft
Frontpage Server Extension (FPSE), Microsoft Internet Explorer, Microsoft Internet Security and Acceleration
Server (ISA), Microsoft Jet, Microsoft Malicious Software Removal Tool, Microsoft MSDE Microsoft MSN
Messenger, Microsoft MSN Messenger Exchange IM Client, Microsoft Internet Information Service (IIS),
Microsoft MSXML, Microsoft Office 2003 and 2007 (Access, Excel, FrontPage, InfoPath, OneNote, Outlook,
PowerPoint, Project, Publisher, Visio, Word), Microsoft Outlook 2003 Junk E- mail Filter, Microsoft Outlook
2007 Junk E- mail Filter, Microsoft Outlook Express Microsoft SharePoint Service, Microsoft SQL Server
Microsoft Visual Studio .NET Microsoft Visual Studio, Microsoft Windows Installer, Microsoft Windows
Mail Junk E- mail Filter, Microsoft Windows Media Player, Microsoft Windows Messenger, Microsoft
Windows Update, Mozilla Firefox, Real Networks RealPlayer for RedHat, Real Networks RealPlayer for
Windows, Sophos Antivirus Sun Java Runtime Engine Sun Java for Mac OS X, Symantec Antivirus Corporate
Edition for 64 bits, Symantec Norton Antivirus Symantec Norton Antivirus Trend Micro OfficeScan Trend
Micro ServerProtect, WinZip etc.
8. 3. Implementation:
(i) Implementation and Integration of the item 1 and item 2 must be done at NIT Durgapur with the scalability
provision of adding more resources, services and users in the network.
(ii) Provision of virtualization of server resources must be present.
(iii) User policy and Access policies of different resources and services must be made as per the instruction
given by the competitive authority from NIT Durgapur.
(iv) Implementation must be done with the perspective of atleast 5000 users.
(v) Resource Management must be implemented for atleast 2000 users (Hostel and Residential zone will not get
4. Techno – Commercial Requirements:
(i) THREE YEARS on site warranty of the supplied goods from the date of acceptance. For Software the
license and support will be for 3 years including updates and version upgrade with unlimited web and telephonic
support from the OEM.
(ii) Services should be provided with posting of ONE no of Qualified, Certified and Experienced engineer at
NIT Durgapur for the period of THREE years.
(iii) Bidder must have performed atleast THREE numbers of similar type of jobs with atleast 75% of the
valuation of this quotation.
(iii) Equipments and Software must be with licenses and will be in the name of NIT Durgapur. Software
licensing will be perpetual licensing.
(iv) Delivery Period: 60 days from the date of placement of purchase order
(v) Place of Delivery: Internet Server Room, NIT Durgapur
(vi) Installation / commissioning / demonstration requirement: Installation, commissioning, complete
demonstration and successful running at Internet Server Room, NIT, Durgapur
10. Annexure – III
MANUFACTURERS' AUTHORIZATION FORM
Prof. A. K. Mitra
Chairman, IT Infrastructure Committee
National Institute of Technology
Durgapur, West Bengal - 713209
We who are established and reputable manufacturers of (name and descriptions of goods
offered) having factories at (address of factory) do hereby authorize M/s (Name and address of Agent) to submit a bid, and sign the
contract with you for the goods manufactured by us against the above Bid.
We hereby extend our full guarantee and warranty as per Clause 10 of the General section and Clause 4.(i) of Technical Specification for the goods and services
offered for supply by the above firm against this bid.