Germany - Software package and information systems

For more information and to make a bid you will need to go to the third party website.

Details

Provided by Open Opps
Opportunity closing date
05 February 2022
Opportunity publication date
07 January 2022
Category
48000000: So
Value of contract
£5m-50m
Your guide to exporting
Report opportunity

Description

The state administration of North Rhine-Westphalia intends to expand the use of mobile teleworking on the basis of existing technologies.The solution "Telearbeit NRW" currently exists. The network connection is currently made using VPN technology via the Internet. The VPN infrastructure and the transition to the protected state administration network are operated centrally at IT.NRW. From here, forwarding takes place via the state administration network to the respective designated authority network, also using VPN technology. External terminals can be connected via the Internet using any type of connection (e.g. DSL, UMTS, WLAN). In addition to stationary PCs and laptops, smartphones and tablets will also be used.Once the contract has been awarded, a framework agreement will be concluded for each lot, enabling all eligible authorities and institutions in the state to access the services, which are described in more detail below and relate to mobile teleworking, via IT.NRW. The service package includes:In LOS 1:- VPN products (hardware and software, also appliances, client- and server-side) of the company NCP- Including management components (software and licenses) of the company NCP for the efficient administration of the VPN infrastructure- Including software maintenance / update subscription, security updates for download, patches for error corrections, update to current software versions released by the manufacturer- Support services Telephone support by the manufacturer NCP (standard 5*8 and increase to 7*24)- Personnel services (e.g. installation, integration, integration, and maintenance).e.g. installation, integration and support services) by the company NCP, also in case of direct contact bypassing the service line of the Contractor- Personnel services (e.g. installation, integration and support services) by the Contractor. If required, the Contractor must be able to provide security-checked personnel ("simple security check" in accordance with the Security Surveillance Act of North Rhine-Westphalia (Sicherheits-überwachungsgesetz NRW), the Federal Security Check Act (Sicherheitsüberprüfungsgesetz Bund) or other federal states (Bundesländer)).Support ServicesAs support for security-critical devices and software is contracted, the support hotline must be positioned at the Contractor's business premises in Germany (no outsourced call center). Calls, electronic tickets or e-mails must be received and answered in German.Should the requirements of customers make this necessary for IT.NRW, it must be optionally possible, after an appropriate lead time of three months, to extend the times for receiving and responding to messages to 00:00 to 24:00 seven days a week with identical response times. This change must be possible for a package of components to be defined in the process, while other components remain in standard support. It must be possible, with reasonable lead time, to return individual components to standard maintenance as defined above.Personnel ServicesIn the event of critical malfunctions in which the VPN infrastructure fails to such an extent that it no longer permits communication relationships, it must be possible to provide on-site support by a German-speaking and qualified technician within 4 hours of contacting the Düsseldorf or Hagen locations.In the case of special events (e.g. trade fairs), it must be possible to organize support, by telephone or on-site, even at weekends or on public holidays, with at least four weeks' notice.In LOS 2:- Digital certificates for VPN clients (with smart card, and/or software certificate). Only the certificates without e-mail functionality are part of this lot 2.- Smart card readerIn LOS 3:- Appliances as administration instances for OTP tokens for authentication of the tokens, for user administration including all necessary licenses, hardware maintenance.
The state administration of North Rhine-Westphalia intends to expand the use of mobile teleworking on the basis of existing technology. The network connection is currently made using VPN technology via the Internet. The VPN infrastructure and the transition to the protected state administration network are operated centrally at IT.NRW. From here, forwarding takes place via the state administration network to the respective designated authority network, also using VPN technology. External terminals can be connected via the Internet using any type of connection (e.g. DSL, UMTS, WLAN). In addition to stationary PCs and laptops, smartphones and tablets are also used.Once the contract has been awarded, a framework agreement will be concluded for each lot, which will enable all eligible authorities and institutions in the state to access the services, which are described in more detail below and relate to mobile teleworking, via IT.NRW. The service package includes:In LOS 1:- VPN products (hardware and software, also appliances, client- and server-side) of the company NCP- Including management components (software and licenses) of the company NCP for the efficient administration of the VPN infrastructure- Including software maintenance / update subscription, security updates for download, patches for error corrections, update to current software versions released by the manufacturer- Support services Telephone support by the manufacturer NCP (standard 5*8 and increase to 7*24)- Personnel services (e.g. installation, integration and maintenance of the VPN infrastructure).e.g. installation, integration and support services) by the company NCP, also in case of direct contact bypassing the service line of the Contractor- Personnel services (e.g. installation, integration and support services) by the Contractor. If required, the Contractor must be able to provide security-cleared personnel ("simple security clearance" in accordance with the Security Clearance Act of North Rhine-Westphalia (Sicherheitsüberwachungsgesetz NRW), the Federal Security Clearance Act (Sicherheitsüberprüfungsgesetz Bund) or other federal states).-Support ServicesAs support for security-critical equipment and software is contracted, the support hotline must be positioned at the Contractor's business premises in Germany (no outsourced call center). Calls, electronic tickets or e-mails must be received and answered in German.Should the requirements of customers make this necessary for IT.NRW, it must be opti-onally possible, after a reasonable lead time of three months, to extend the hours for receiving and responding to messages to 00:00 to 24:00 seven days a week with identical response times. This change must be possible for a package of components to be defined in the process, while other components remain in standard support. It must be possible, with reasonable lead time, to return individual components to standard maintenance as defined above.Personnel ServicesIn the event of critical malfunctions in which the VPN infrastructure fails to such an extent that it no longer permits communication relationships, it must be possible to provide on-site support by a German-speaking and qualified technician within 4 hours of contacting the Düsseldorf or Hagen locations.In the case of special events (e.g. trade fairs), it must be possible to organize support, by telephone or on-site, even at weekends or on public holidays, after prior notification with at least four weeks' notice.LOS 1 "VPN products of the company NCP":1. minimum requirements for VPN technology and its provision:Only products of the company NCP may be offered.2Minimum requirements for the call for services:The bidder must offer installation, integration and support services within the scope of implementation measures for teleworking in the local authorities. For this purpose, appropriate personnel service packages must be offered in the bid, depending on the type of task. These services are divided into two main areas:1. support of the authorities and institutions of the state in on-site implementation measures that arise in the context of activities during the commissioning or ongoing operation (optimization tasks in the network and/or the telework computers) of mobile teleworkplaces (e.g., client- and server-side as well as tasks related to the network integration in environments with different network operating systems and user administrations). Here, the components (e.g. notebook, PC, server) provided and, if necessary, preconfigured by the authorities and institutions are to be used. Support in the conceptual area, which is connected with the introduction or implementation of telework, is also to be taken into account.2 If necessary, support from IT.NRW in the further development of telework NRW. This includes, among other things, updating and optimizing the technical and security infrastructure set up for this purpose (technical and administrative) or the demand-oriented integration of new data services for the connection of teleworkplaces.3 The commissioned service must be started no later than four weeks after receipt of a call-off.Minimum requirements for the call-off of software maintenance: The Provider is expected to provide the authorities and institutions of the federal state with software maintenance for the NCP products offered and for the NCP products already in use.4 Minimum requirements for the call-off of support services: The Provider is expected to provide the authorities and institutions of the federal state with support for the NCP products offered and for the NCP products already in use.4. Support for the products offered,2. support for products already in use,With regard to support, the following is required:Telephone support by The NRW state administration intends to expand the use of mobile teleworking on the basis of existing technologies.Currently, the solution "Telearbeit NRW" exists. The network connection is currently made using VPN technology via the Internet. The VPN infrastructure and the transition to the protected state administration network are operated centrally at IT.NRW. From here, forwarding takes place via the state administration network to the respective designated authority network, also using VPN technology. External terminals can be connected via the Internet using any type of connection (e.g. DSL, UMTS, WLAN). Once the contract is awarded, a framework agreement will be concluded for each lot, enabling all eligible public authorities and institutions in the state to access the services, which are described in more detail below and relate to mobile teleworking, via IT.NRW. The service package includes:In LOS 2:- Digital certificates for VPN clients (with chip card, and/or software certificate). Only the certificates without e-mail functionality are part of this lot 2.- Smart card readersLOT 2 "Digital certificates and smart cards to hold the digital certificates and smart card readers":a) Digital certificates and smart cardsMinimum requirements for digital X.509v3 certificates and their provision:Digital certificates are to be offered for use in cooperation with software from the company NCP.Devices from the company Onmikey are currently used as card readers.The registration process of the future certificate holder required for issuing a digital certificate is to be designed analogously to the current handling as follows:A Registration Authority (RA) is set up at IT.NRW in the form of a workstation equipped with the necessary hardware and software. The certificates applied for are issued by an employee of IT.NRW, who identifies himself to the Certification Authority (CA) as authorized by means of an appropriate chip card (or comparable authentication mechanism). The digital certificates issued either on a chip card (SIM or credit card format) or as a software product comply with the X.509v3 format.The smart cards offered must be functional with the readers currently in use listed under b) and the smart card readers offered.Any costs incurred for the provision of the necessary technical equipment must be shown accordingly in the offer.IT.NRW reserves the right to use self-generated and signed certificates with a possible future CA of its own instead of the certificates offered.b) Smart card readersMinimum requirements for the smart card readers:Smart card readers must be offered for the following interfaces for PC hardware:- USB interfaceSmart card readers must be offered for the USB interface both as a desktop device for accepting smart cards in credit card format and in stick form for accepting suitable smart cards in SIM format. LOS 3 "OTP tokens and a management instance for these tokens with integrated Radius server":Currently, the "RSA SecurID" solution from RSA Security LLC is used. If another solution is offered, it is the responsibility of the contractor to replace the structure currently used at IT.NRW of two RSA SecureID Apliances 130 and four RSA SecureID Apliances 250, each in the HA network, as well as the currently approx. 53,000 tokens with the offered tokens and new administration instances on site at no cost for IT.NRW. It should be noted that the already configured users must also be taken over and the administration instances must be connected to the already configured VPN servers with software from NCP and access gateways from Citrix. The exchanged OTP tokens and the management instances must be destroyed in an environmentally friendly manner.1. minimum requirements for the management instance of the OTP tokens and their provision:All necessary management instances of the manufacturer must be offered as applications for rackmount use. The hardware of the management instance must offer the option of being equipped with internal redundancy mechanisms, in particular with redundant hard disks (RAID), redundant power supply units, redundant network connections.The operating system of the management instance must be based on Unix or Linux. Since it communicates with the Internet, it must be hardened against attacks. The Contractor shall ensure that the manufacturer of the management instance supplies updates and security patches on an ongoing basis.The management instance must offer the option of cooperating with at least three spatially separate backup management instances that can only be accessed on Layer 3 in such a way that data and status information are exchanged on an ongoing basis or at adjustable times without additional software, so that the failure of one management instance does not lead to any impairment of the function of the infrastructure.The integrated radius server must be compatible with the VPN products of the company NCP as well as with products (terminal server, access gateway and others) of the company Citrix. The administration of the individual administration instances must be possible via WEB and script interface. The latter must be comparable to Python in syntax and semantics and must be able to synchronize the configured user accounts to other devices of this type via a routable network connection (TCP/IP) using internal mechanisms. Furthermore, an interface must be available via the same scripting language that allows the automated creation and deletion of user data and their assigned OTP tokens.2Minimum requirements for the OTP tokens and their provision: All OTP hardware tokens and soft tokens must be offered by the same manufacturer as the above-mentioned administration instance.The manufacturer's price catalog may contain a graduation of the purchase quantities.The manufacturer's price catalog must contain at least the following three types of OTP tokens:- a standard hardware token- a hardware token with numeric keypad- a software token.I) The duration of all tokens must be retrievable in different lengths, in any case durations of 3, 4 or 5 years must be included in the manufacturer price catalogII) The standard hardware token must meet the following requirements without user interaction:It must display an exact six-digit numeric PIN automatically without user interactionThis PIN must change approx. change every 60 secondsThe token with numeric keypad must meet the following requirements:It must display an exact six-digit numeric value as soon as a release is requested via the numeric keypad.The PIN then displayed must be visible for approx. 60 seconds.Soft tokens must meet the following requirements:A solution must be provided for at least the following types of terminals1. Android2. BlackBerry3. iPhone and iPadAn additionally available Software Development Kit (SDK) for the mentioned environments is an advantage, but not a mandatory requirement3. Minimum requirements for calling staffing services:The bidder must provide on-site support services. For this purpose, appropriate personnel services packages must be offered in the bid. These services are divided into two main areas:Support by the bidder itself, on the one hand for technical support services such as installations, major updates and fault analysis in the event of difficult fault situations, and on the other hand for conceptual work.Support by the manufacturer of the product for similar services.The commissioned service must be started no later than four weeks after receipt of a call-off.4. Minimum requirements for the call-off of software maintenance:The bidder is expected to provide software maintenance for the appliances and for necessary software on the end devices in principle for the products offered. If management instances and tokens from RSA are offered, it is also expected that support for the existing systems will be provided.5. Minimum requirements for the provision of support services:The provider is expected to provide the authorities and institutions of the country with basic support for the products offered,If management instances and tokens from RSA are offered, support for products already in use.With regard to support, the following is required:Telephone support by the manufacturer.

Opportunity closing date
05 February 2022
Value of contract
£5m-50m

About the buyer

Address
Land NRW vertreten durch den Landesbetrieb Information und Technik NRW Mauerstraße 51 Düsseldorf 40476 Germany
Contact
ausschreibung@it.nrw.de

The deadline to apply for this opportunity has passed.
Visit the opportunities page to find another.

Is there anything wrong with this page?