Cisco Firewall and Network Security

StatementofWork

Installationservices

CiscoFirewallandNetworkSecurity

Presentedby:

NetXperts

1777BotelhoDrive,#102WalnutCreek,CA94596

Ph:(925)806-0800Fax:(925)806-0899

1PreparedbyNetXpertsInc.-Confidential

Contents

PROPOSEDSTATEMENTOFWORK 2

1. NETXPERTSMETHODOLOGYOVERVIEW 3

2. EXECUTIVESUMMARY 4

3. SCOPEOFWORKWAN 4

4. SCOPEOFWORKNGFW 7

5. NETXPERTSRESPONSIBILITIES 12

6. CUSTOMERRESPONSIBILITIES 12

7. PAYMENTMILESTONES 14

8. SCHEDULEASSUMPTION 15

9. CUSTOMERSIGNATURE 16


PROPOSEDSTATEMENTOFWORK

NetXperts,Inc.(NetXperts)ispleasedtodeliverthisProposedStatementofWork(SOW),whichdefinestheservicesanddeliverablesthatNetXpertsshallprovidePeraltaCCD(referredtoas"Customer"or“Peralta”fortheremainderofthisdocument)underthetermsoftheagreement.ThetermsofthisProposalarelimitedtothescopeofthisSOW(statementofwork)andshallnotbeapplicabletoanyotherSOWs,whichmaybeexecutedandattachedtotheAgreement.

CustomerInformation

SiteName Address Contact RolesandResponsibility

PeraltaCCD [email protected](510)823-4788

PeraltaDirectorofNetworkServices

PeraltaCCD Jason Cole [email protected] 510-466-5398

Peralta Vice Chancellor of IT

NetXperts Jason Blick [email protected] (925) 999-5474

NetXperts - Project Coordinator

NetXperts Chris Hynes [email protected] (925) 895-5866

NetXperts - Project Manager

NetXperts Jitendra Siyag [email protected] (424) 346-4978

NetXperts - Lead Network Engineer


1. NetXpertsMethodologyOverviewNetXpertsleveragesaservicesmethodologyapproachthatistermedPPDIOO:

• Preparation • Planning• Design• Implementation• Operation• Optimization

Byleveragingthisframeworktosuccessfullyplan,design,implement,andsupporttechnologysolutions,NetXpertshashelpedmanycustomersinthesuccessfuladoptionandevolutionofbusinessnetworkingandcommunicationsolutions.

Preparationandplanningincludediscoveryofbusinesschallengesandreviewingpossiblesolutionsthatcanaddresstheseissues.Wewillleveragesubjectmatterexpertstoworkthroughthesephases.Wewillhavesuccesscriteriadevelopedatthistime.

Planninganddesigncometogetherinmappingbusinesssolutionsthatactuallyaddressobjectiveneeds.Thesephaseslookatdifferentanglestoseeifactualissueshavebeenaddressed,takingintoaccountcost,timing,andROIevaluation.

Designandimplementationincludefinalreviewofdesignandtimelines,beginningstagesofprojectmanagementcomeintoplayaswemapoutprojectplan,resources,obstacles,impendingeventsandrisks.

Implementationandoperationiswheretherubberhitstheroad.Wehavecometoagreementsonthefollowingareas:solution,design,costs,timelineandrisks.Webeginimplementationandstartimplementingoperatingproceduresandtraining.

OperationandOptimizationiswhenthesolutionisdeployedandeithercutoverorreadytobecutoverandtrainingiscomplete;staffisreadytobeginday-to-dayoperationsofthedeployedsolution.Operation,monitoring,andmaintenanceisnowinplay.Wenowbeginmeasureoursuccesscriteria.Optimizationwillbeanongoingprocessthathappenswhenwefindbetterwaystomanageoroperateyoursolution.Thisphaseneverends.


2. ExecutiveSummary

This Statement of Work is written to cover the work effort required to provide the PeraltaCommunityCollegeDistrictwithanupgradedfirewallandnetworksecurityinfrastructure.Thedistrictisgrowing,andisexpandingtheircircuitfootprinttoprovide10Gbpsconnectivitytoeachof the campuses, aswell as theDistrict Office. Currently, there is not infrastructure in-place tosupportthiskindofupgrade.Furthermore,thecurrentinfrastructureisamixofend-of-lifeCisco,and Fortinet hardware. The level of effort required tomanage andmaintain these systems is aburdentotheITstaff,andpreventsthemfromengaging inmorestrategiceffortsto improvethestudentexperience.NetXperts recommends an end-to-end Cisco solution. It will consist of new Cisco FirePOWERappliances at all of the main campuses, and Adaptive Security Appliances at the three satellitecampuses.Thiswillprovidethedistrictwithamodernsecurityinfrastructure,capableofdetectingandblockingmodernmalwareandhackingattempts,aswellasthethroughputupgrade.

3. ScopeofworkWAN3.1 DiscoveryandPlanning

1. NetXpertsandPeraltastaffwillconductanon-siteprojectkickoffmeeting.a. Worktoidentifykeystakeholders,whowillparticipateindevelopingthedefinitionof

requirementsforsuccess.b. Identifysolutiongoals,businessdrivers,andsuccesscriteria.c. Determinethetimelineoftheindividualphasesoftheproject.d. Theunderstandingthatinallphasesoftheproject,thecurrentFirewallsandFortiClient

remoteaccessSSLVPNmustremainoperationalandallowforconnectivityuntilahardcutovertonewequipmentthatprovidesthesameservices.

e. DetermineOutagewindowsforcutover/testingneeded.Outagewindowstobescheduledinadvance.

f. WorkwithPeraltastafftoidentifythephasesoftheprojectthatmayrequireexistingequipmenttobemovedorre-cabledtomakespacefornewequipment.

2. NetXpertstoreviewexistingClientprovidedIPaddressing,WANRoutingProtocols,subnetting,networkdiagrams,andconfigurationstolookforopportunitiestoincreasefunctionality,security,andmanageability,includingleveragingnewfeaturesavailableinthemostcurrentIOSrelease.

3. Severalofthefirewallsarealsobeingusedascoreswitchandedgefirewall.NetXpertswillhavetosplittheconfigurationandmovetheedgefirewallparttothenewfirewallswithoutimpactingtheexistingtraffic,thiswillbedonefirstintheHLD’s,thenintheLLD’s.


3.2 WANRedesignandmigration3.2.1 GatherrequiredPeraltaWANnetworkinformation

1. Gatherrequirednetworkinginformation2. NetXpertsshallgatherallinformationnecessarytoredesignthePeraltaWANandtoprovide

consultationontheWANdesign,i.e.,logicalandphysicalnetworkdiagrams,currentandproposedroutingprotocols,andcurrentIPaddressspaceused.NetXpertswilltaketheleadonthiswithassistancefromthedistrict.

Deliverables:PeraltaWANnetworkinginformationsummaryreport(Logical)3.2.2 WANnetworkinginformationsummaryreport

1. OnsitereviewofexistingPeraltanetworksystems2. NetXpertsshallmakeon-sitevisitswiththedistricttothefollowingsites:CollegeofAlameda,

LaneyCollege,MerrittCollege,BerkeleyCollege,PeraltaDistrictOffice,andsatellitesites.NetXpertsshallreviewexistingnetworkingcommunicationsystemsanddevices.Theon-sitevisitsshallbeusedasafact-findingactivityandevaluatetheavailablespace,power,connections,andhardwaremountingavailableateachsite.

Deliverables:ExistingPeraltaWANsystemssummaryreport(Actualreal-timedatadocumented)3.2.3 Developconceptualdesign

1. Developconceptualdesign2. NetXpertsshalldevelopaconceptualdesignofthePeraltaWAN.Thedesignshallbepreparedin

MicrosoftVisioandwillshowadiagramlayoutofthenetworks.TheredesignedPeraltaWANmustaccommodateIPvideosharingamongPeraltaWANprojectstakeholders.

3. NetXpertsshallidentifyandaddresspotentialissuesandconflictsbasedontheon-sitereviews.Deliverables:PeraltaWANconceptualdesigndiagram(HLD–HighLevelDesigns)3.2.4 CONDUCTWANCONSULTATIONMEETING

1. ValidateWANDesignandRecommendationsMeetinga. NetXpertsshallmeetwiththeDistricttoevaluateandvalidatethecurrentdesignofthe

WANdetailedintheExistingandPlannedWANNetworkSystemsSummaryReportandtheWANDesignDiagram.ThismeetingwillservetovalidatetheWANUpgradeand/oridentifyrecommendationsbyNetXpertsonanyaspectoftheWAN,i.e.,networktopology,hardware,securityetc.

b. ProjectPlantobeapprovedc. Back-OutPlantobeapproved

Deliverables:WANConsultationMeetingminutes3.2.5 DEVELOPDETAILEDDESIGNS

1. DevelopDetailedPeraltaWANDesigna. NetXpertsshalldevelopadetailednetworkdesignandNetworkEquipmentListthatwill

alloweasyintegrationbetweeneachPeraltaWANnetworkandsatelliteoffices.b. TheDetailedNetworkEquipmentListwillincludetheIPAddressscheme,adetailed

specificationofallequipmentprocured.


c. ADraftDetailedPeraltaWANDesignandDetailedNetworkEquipmentListwillbeprovidedtotheDistrictandPeraltaWANprojectstakeholdersfortheirinformation,review,andcomment.

d. NetXpertsshalldevelopaFinalDetailedPeraltaWANDesignande. DetailedNetworkEquipmentListthataddressesanycommentsfromtheDistrictand

PeraltaDeliverables:DraftandFinalDetailedPeraltaWANDesign(LLD’s–LowLevelDesigns)3.2.6 INSTALL&CONFIGURENETWORKDEVICES(Cut-Over)

1. Install&ConfigurePeraltaWANEquipment2. NetXpertsshallinstallandconfiguretheprocuredPeraltaWANequipmentateachofthe

followingsites:CollegeofAlameda,LaneyCollege,MerrittCollege,BerkeleyCollege,PeraltaDistrictOffice,andsatellitesites.NetXpertsshallsurrenderallequipmentdocumentationtotheDistrictpriortoequipmentinstallation.

Deliverables:Installed&ConfiguredNetworkDevices

3.2.7 PERFORM&SUPPORTENTERPRISENETWORKTESTING

1. PerformEnterpriseTestingofthePeraltaWANa. NetXpertsshalldevelopatestplanforthePeraltaWAN.NetXpertsshallworkwiththe

PeraltaWANprojectstakeholdersduringthetestingofthePeraltaWAN,addressandresolvetechnicalissues.

b. NetXpertsshallrecordanyequipmentconfigurationchangesandmustbecapturedinthePeraltaWANRecordDrawings/Documents.AllrevisionstothePeraltaWANRecordDrawings/DocumentsshallbeapprovedbytheDistrict

Deliverables:EnterprisePeraltaWANTestingResults&Report.

3.2.8 OngoingSupport1. SupportWANEquipmentInstallationandConfiguration

a. NetXpertsshallassistandprovideconsultantserviceswhenneededastheDistrictconfiguresandinstallstheWANDevices(i.e.CiscoFirewalls,routersandnetworkswitchingdevices).

Deliverable:30DaysofCutoverSupportasneeded3.2.9 Documentation

1. NetXpertswillprovideClientdetailedLowLevelDiagramsshowingupdatedinterfaceandVLAN,andequipmentandservices.

2. NetXpertswillprovidesystemsettings,deviceconfigurations,andoverallarchitecturedocumentationtotheClient.

Deliverables:HLD,LLD,Configurations

3.2.10 CONDUCTTRAININGSESSIONS

1. ConductTrainingSessionsforthePeraltaWANa. NetXpertsshallprovideoperation,administration,andmaintenancetrainingforall

PeraltaWANprojectstakeholdersattheDistrict’sfacilityforuptotwoeight(8)hour


days,asneeded.Itshallbecomprehensiveandcoverallaspectsoftheoperation,configuration,andtroubleshootingfortheequipmentinstalledaspartofthisproject.

b. Trainingshallincludeanexplanation/documentationoftheequipmentsetupandfeature“hands-on”training.

Deliverables:UptoTwoEight(8)HourDaysofTraining,asneeded

4. ScopeofworkNGFW

4.1 DiscoveryandPlanning1. NetXpertsandPeraltastaffwillconductanon-siteprojectkickoffmeeting.

a. Worktoidentifykeystakeholders,whowillparticipateindevelopingthedefinitionofrequirementsforsuccess.

b. Identifysolutiongoals,businessdrivers,andsuccesscriteria.c. Determinethetimelineoftheindividualphasesoftheproject.d. Theunderstandingthatinallphasesoftheproject,thecurrentFirewallsandFortiClient

remoteaccessSSLVPNmustremainoperationalandallowforconnectivityuntilahardcutovertonewequipmentthatprovidesthesameservices.

e. DetermineOutagewindowsforcutover/testingneeded.Outagewindowstobescheduledinadvance.

f. WorkwithPeraltastafftoidentifythephasesoftheprojectthatmayrequireexistingequipmenttobemovedorre-cabledtomakespacefornewequipment.

2. NetXpertstoreviewexistingClientprovidedIPaddressing,SecurityRoutingProtocols,subnetting,networkdiagrams,andconfigurationstolookforopportunitiestoincreasefunctionality,security,andmanageability,includingleveragingnewfeaturesavailableinthemostcurrentIOSrelease.

3. Severalofthefirewallsarealsobeingusedascoreswitchandedgefirewall.NetXpertswillhavetosplittheconfigurationandmovetheedgefirewallparttothenewfirewallswithoutimpactingtheexistingtraffic,thiswillbedonefirstintheHLD’s,thenintheLLD’s.

4.2 NextGenerationFirewall,RedesignandMigration1. NetXpertswillreviewdesignofNGFWimplementationbasedonexistingarchitectureand

businessrequirements.2. NetXpertswillperformanobjectivereviewoftheexistingFortinetandASAfirewallenvironment

intermsofcurrentfunctionalityandimplementation.3. NetXpertswillworkwithClienttocreateaconfiguration,asrelatedtoindustrybestpractices,

securitycapabilities,andlatestfeaturesavailableforthenewequipmentusingthelateststablerelease.

4. NetXpertswilldocumentexistingFortinetandASAFWcharacteristics.5. NetXpertswillevaluateareasofimprovementandprovidefeedbackontheseareas.6. NetXpertswillintegrateCiscoIdentityServicesEngine(ISE)intonewNGFWforidentity

awareness,context,andforAnyConnectRemoteAccessSSLVPNauthentication.7. NetXpertswilldeveloptherolloutplanwithPeralta.


8. NetXpertswillconfigureinterfacesonPeraltaCoreswitchtointegrateNGFWequipmentintothenetwork.NetXpertswillalsodorackingofNGFW,cablingandconfig.

9. NetXpertstoreviewthefinalizedimplementationplanwiththeClient.ClientwillapproveplanspriortoNetXpertsbeginningtheNGFWimplementation.

4.2.1 Developconceptualdesign1. NetXpertsshalldevelopaconceptualdesignofthePeraltaWAN.Thedesignshallbepreparedin

MicrosoftVisioandwillshowadiagramlayoutofthenetworks.TheredesignedPeraltaWANmustaccommodateIPvideosharingamongPeraltaWANprojectstakeholders.

2. NetXpertsshallidentifyandaddresspotentialissuesandconflictsbasedontheon-sitereviews.3. HLD/LLDtoinclude:

a. Licensesb. Connectivityofsmallform-factorpluggables(SFPs)fornetworkconnectivity.c. IPaddressing,subnetting,gateway,andinterface.d. Detailadministratorusernamesandpasswords.e. DetailSimpleNetworkManagementProtocol(SNMP).f. DetailthedefaultvaluesofSNMPcommunitystrings.g. DetailthedefaultvaluesforSNMPv3users.h. DetailCiscoISEintegrationforIdentityAwareness(context)andforAnyConnectremote

accessSSLVPN.i. Detailmulticast.j. DetailQualityofService(QoS).k. DetailtheCiscoDiscoveryProtocol.l. DetailauthenticationandNetworkTimeProtocol(NTP)server.m. DetailStaticandDynamicRouting,includingproperfailoversetupforCENICredundant

circuits.n. DetailfirewallACLsforeachinterfaceo. DetailNATp. DetailAMPq. DetailNGIPSr. DetailAVCs. Detailgraphingandreporting.t. DetailVPNACLs,groupconfigurationandintegratingexistingVPNIP,subnet,gateway

andDHCPscopesDeliverables:PeraltaWANconceptualdesigndiagram(HLD&LLD–HighLevelDesigns&LowLevelDesigns)4.2.2 NetXpertstotakereceiptofFirepowerappliancesandASA5500-xappliancesto:

a. Installconfigurationsandtestforanyequipmentanomalies.b. NetXpertstoinformClientofneedtoreplaceanyequipmentthatdoesnotburnin

correctly.


c. NetXpertstoconfigureCiscoFTDlicensing,subscriptionservices,AnyConnectlicensing,andSMARTnetforhardwareandsoftware,andassociatetoClientaccounts.

2. IfClientprefersNetXpertstopre-delivertheequipmenttostaginglocationforstorageuntilinstallation,thenClientwillidentifyandprovidethislocation.

Deliverables:InventorySheet4.2.3 Implementation

1. NetXpertstoworkwithClienttocreatetheNGFWconfiguration,includingbutnotlimitedto:a. WorkwithClienttounderstandandimplementcurrentIPaddressingscheme,andany

newIPaddressingandVLANorfirewallinterfaceschemesrequired.b. Reviewnamingconventions.c. CreateavirtualLAN(VLAN)planbasedonexistingandplanneduse.d. DiscussQualityandClassofService(QoS/CoS)configurationsnecessarytosupport

multipleclassesoftrafficandqueueprioritizationbasedondocumentedbestpractices.e. DiscussconfigurationoptionsforincreasedNGFWsecurity,reliabilityandperformance.f. CreateandReviewback-outplan

2. NetXpertstoinstallandconfigureTenFirepowerappliances,threeASA5500xappliances,aswellastheFiresideManagementCentervirtualapplianceandIFnecessary:

a. Installandconfigurelicenses.b. Installsmallform-factorpluggables(SFPs)fornetworkconnectivity.c. WorkwithPeraltastaffforIPaddressing,subnetting,gateway,andinterface.d. Configureadministratorusernamesandpasswords.e. ConfigureSimpleNetworkManagementProtocol(SNMP).f. ChangethedefaultvaluesofSNMPcommunitystrings.g. ChangethedefaultvaluesforSNMPv3users.h. ConfigureCiscoISEintegrationforIdentityAwareness(context)andforAnyConnect

remoteaccessSSLVPN.i. Configuremulticast.j. ConfigureQualityofService(QoS).k. ConfiguretheCiscoDiscoveryProtocol.l. ConfigureauthenticationandNetworkTimeProtocol(NTP)server.m. StaticandDynamicRouting,includingproperfailoversetupforCENICredundant

circuits.n. ConfigurefirewallACLsforeachinterfaceo. ConfigureNATp. ConfigureAMPq. ConfigureNGIPSr. ConfigureAVCs. Configuregraphingandreporting.t. VPNACLs,groupconfigurationandintegratingexistingVPNIP,subnet,gatewayand

DHCPscopes.3. Migratelegacyinterfaces/VLANstonewInterfaces/VLANsonNewequipment.


a. DeterminelegacyvLANandInterfacescomponentstomigrate.b. Createmigrationtestingandrollbackplan.c. Backuplegacyconfigurations.d. Migratefeatures.e. TestnewInterfacesandvLANs.

4. NetXpertswillprovideengineeringresourcesforastagedcutover,basedonclientscheduling.NetXpertsandClientwilldeterminethescheduleforcutovereventsandanyrequiredoutagesatleast2weeksinadvanceofanytwotofour-houroutagewindowsneeded.Insomecases,outageswindowsmayrequireafterhourswork,orworkonweekends.

Note:Clientwillberesponsibleforprovidingavailable1/10Ginterfacesrequiredtointegrateequipmentintothenetworkandwillalsoberesponsibleforanyfacilitiespowerthatmayberequiredforthesuccessfulimplementationoftheproject.

4.2.4 Validation1. NetXpertswillconductavalidationofpost-deploymentconfigurationofinterfaces,andACLs

withClient.2. TestFailovertouseprimary/standbytoshowproperflowofcampustraffic.3. VerifyClientAnyConnectRemoteAccessSSLVPNconnectivity4. NetXpertstodocumentfindingsofpostverificationdeploymentstoconfirmfunctionaland

performancegoalsaremet.5. NetXpertswillreviewthefindingsandreceivesign-offonwirelessconfigurationsand/orany

modificationsbeforeanyfurtherchangesareimplemented.

Deliverables:Detaileddataintheformofavalidationreport

4.2.5 Documentation3. NetXpertswillprovideClientdetailedLowLevelDiagramsshowingupdatedinterfaceandVLAN,

andequipmentandservices.4. NetXpertswillprovidesystemsettings,deviceconfigurations,andoverallarchitecture

documentationtotheClient.Deliverables:HLD,LLD,Configurations

4.3 FirewallAdministratorTraining1. NetXpertswillconductarequirementmeetinganddiscoveryforFWAdministratortraining.2. NetXpertswillworkwithClienttodefinethespecifictrainingtopicsandagenda(s)relatedtothe

projectthatwillinclude:a. Familiarizationwithfeaturesofallcomponentsprovided.b. Specificsofequipmentfeaturesindeployedproducts.c. Configurationdetailsofequipment.d. Howtoreinstallandreconfigureincaseoffailure.e. Descriptionofprofessionalservicesmonitoringperiod,warrantyandservicing

proceduresforallcomponentsprovided.f. Explanationofwhereandhowtoobtainsupport,includingothertoolsorresources.


g. ExplanationofmosteffectivemethodstotestandmaintaincomponentsofNGFWandoverallnetwork.

3. Trainingmaybebrokenupintodifferentagendasandprovidedin1-2hourtimeperiodsbasedontopicandphaseofproject.

4. IfitisdeterminedduringthediscoveryoftopicsthatthetrainingrequirementsforClientwillexceedeighthours,additionalhoursmaybepurchasedatanadditionalhourlyrate.

5. ItisunderstoodthattheNetXpertsisprovidinginformaltrainingandknowledgetransferbasedontheagendascreated,andthatthistrainingisnotintendedtocoveralltopicsofNGFWadministration,operation,ormaintenance,ofdeployedtechnology.Itisfurtherunderstoodthatformaltrainingisnotpartofthescopeoftheproject,andthattheClientcouldlookintosendingFWadministratorstoCiscoNGFWclassesforoptimalknowledgeofthedeployedtechnologyusingCiscolearningcredits.

Deliverables:Upto8hoursoftrainingasneeded

ProjectPrerequisites

1. SoWdoesnotincludeNetXpertsfulfillinganycablingorfacilitiespowerrequirements.2. Ifneeded,Clientwillengagewithaseparateapprovedwiringcontractorforinstallationofall

requiredstructuredcabling,orpowerrequirements.3. ClientwillprovideNetXpertswithnecessaryaccesstoconfigurationinformationrelatedtothe

currentenvironment.4. ClientwillprovideNetXpertscredentialstoaccessequipmentandsystemsasneededduring

executionofthisSOW,andaccesslevelwillbedeterminedbyClientandNetXperts.5. Clientwillprovideand/orconfirmIPaddressschemaanddesignspecificationsforsuccessful

deploymentoftheNGFWandFMCequipmentlistedinthisSoW.6. ClientwillmakeavailablePeraltastaffandauthorizedpersonnelwithworkingknowledgeof

existingnetworkinfrastructureforquestions,andclarificationofissues.a. PeraltastaffwillbeavailableduringCollegebusinesshours,unlessotherwise

prearranged.b. Contactdetails,andapointofescalationandprocesseswillbeprovidedifPeraltastaff

assignedtotheprojectareunavailableorNetXpertsdoesnothaveprovidedinforequestedinatimelymannerortheprerequisitesnecessarytocontinueworkingonanyphaseoftheproject.

7. Asneeded,ClientwillprovideaworkareaforNetXpertstouseduringon-siteactivitiestoincludeinternetandphoneaccess.

8. ClientwillprovideparkingpassesfortheNetXpertsprojectteamforthedurationoftheproject.


5. NetXpertsResponsibilities

Duringtheinitialinformationgatheringphase,theleadengineerfortheprojectwillassessthecurrentsystemsconfigurationtodetermineiftheyhavebeenconfiguredfollowingindustryandNetXpertsbestpractices.Ifweidentifyspecificconfigurationitemsthatareoutsidethesestandards,theinformationwillbesharedwiththecustomer’sprojectstakeholdersandengineerstodetermineremediationsteps.

• DesignateaNetXpertsProjectManagerand/orProjectEngineertobethecustomer’sprimarypointofcontactforallprojectactivities.

• CoordinatewithadesignatedcustomerProjectManagerandNetXpertsprojectpersonneltofacilitateaprojectKick-OffMeeting.KeypersonnelselectedbythecustomerProjectManagerwillattendtheKick-OffMeeting.

• NetXpertswillprovideaprojectandcommunicationplan.

• ConducttheKickoffMeetingremotelyoratasitedesignatedbythecustomer.

• ScheduleaweeklystatusandprojectreviewcallwiththePeraltaandNetXpertsteam

• ReviewNetXpertsprojectactivities,anymilestonemeetingsandoverallschedulefortheprojectactivities.

• Confirmcustomer’sbusinessgoalsandreviewitemstobecompletedpriortotheprojectstartdate.

• ProvidingMilestoneCompletionCertificatestocustomerasapplicableandtransitiontheprojectdeliverablestocustomer’sProjectManager.

• AllsuchinformationobtainedbyNetXpertsoritsemployees,agentsandrepresentatives,shallbedeemedtobetheconfidentialandproprietaryinformationofOwner.NetXpertsagreestoholdsuchinformationinstrictconfidenceandnotdisclosesuchinformationforanypurposesotherthantheprovisionofproductsandservicestoOwnerunderthisContract.

6. CustomerResponsibilities

• Overallmanagement,planning,andfunctionaldefinitionoftheplannedproject.

• DesignateaCustomerProjectManagertobeprimarypointofcontactforallactivities.Customer'sProjectManagerwillberesponsibleforcoordinatingallprojectpersonnelandCustomersupplierstoresolveanyissuesencounteredbytheprojectpersonnel.

• Attheinceptionoftheproject,definebusinessrulesimpactingCustomerbusinessfunctionality.


• RetainoverallresponsibilityforanybusinessprocessimpactandanyprocesschangeimplementationforCustomer'sBusinessUnitsandfacilities.

• DesignatethelocationwhereNetXpertson-sitepersonnelwillperformtheServicesoutlinedunderthisSOW.

• ProvideNetXpertspersonnelwith:Physicalsiteaccessandsecurityaccesstothesiteandrelevanthardwareandsoftwaresystems.

• ProvideNetXpertspersonnelwillanyandallrelevantrequestednetworkaccess.Thisincludesbutisnotlimitedtoread/writeaccesstorequestedsystemssuchasrouters,switches,andfirewalls.

• Providethesubjectmatterexpertstosupporttheconfigurationandconnectivitytoany3rdpartyproductsexcludedinthisStatementofWork,butrequiredforthesuccessfulcompletionoftheproject.Customer'sProjectManagerisresponsibleforcoordinatingthetechnicalsupportresourcesforthe3rdpartycomponents.Examplesofthistypeofcomponentareserversandtheirapplications,etc.

• Ensurethatanycustomer-providedhardwareiscertifiedandconfiguredbasedonCustomer'srecommendedhardwareconfigurationsorbetter.

• Verifytheaccuracy,correctnessandthefunctionalityoftheinformationcontentofanyapplicationsthatmayinterfacewiththeapplications.

• SECURITY:Customerisresponsiblefortheimplementationofanyphysicalsitesecurity,lossprotection,disasterorbusinessrecovery,andprotectionagainstlossescausedbynaturaldisasters,actsofviolence,andwillfuluseofforceorsabotage.Itisthecustomer'sresponsibilitytosafeguardtheinformationcontents,integrityandsecurityofhardware,softwareanddatausedinthisprojectfromanyunauthorizedpersonnel.


7. PaymentMilestones

Paypointswillincludeindividualpaymentmilestonesforthehardwareandprofessionalservices.ThepaymentmilestoneforHardwareshallbe100%dueattimeofdelivery.ThepaymentmilestonesforProfessionalServicesaredetailedbelow,andwillbebilledNet30.ApplicabletaxesandshippingwillbeaddedtotheHardwareOrdermilestoneuponbilling.

PayPoints PaymentDate PaymentAmount

1stmilestone UponCompletionofManagementServerBuild

$0

2ndmilestone UponcompletionLaneyCollege

$10,000

3rdmilestone UponcompletionofMerrittCollege

$10,000

4thmilestone UponcompletionBerkeleyCity

College

$10,000

5thmilestone UponcompletionCollegeofAlameda

$10,000

6thmilestone Uponcompletionof

SatelliteCampuses

$7,500

7thmilestone Uponfinalcutoverandacceptanceofdocumentation

anddeliverables

$33,750

See attached Quotes NetX17306, and NetQ17311-01

7thmilestone

gnordine

Typewritten Text

Upon completion and documentation

gnordine

Typewritten Text

$26291

gnordine

Typewritten Text

Totals

gnordine

Typewritten Text

$107,541.00


8. ScheduleAssumptionAllonsiteworkwillbeperformedcontinuously.WhileNetXpertsengineerisonsiteandthereisadelaythatiscausedbycustomer,NetXpertsshallchargecustomerforthelosttimeandtravelexpensesrelatedtoextravisit.


9. CustomerSignature

TheCustomer,bysigningbelow,indicatesthattheStatementofWorkhasbeenreadandthetermsoutlinedwithinhavebeenaccepted.ThisStatementofWorkispartofNetXpertsProductandServicesAgreement.PricingfortheinstallationoftheproductsforthisStatementofWorkisprovidedinNetXpertsattachedquote.AnyquestionsconcerningNetXpertsresponsibilitiesandtheworktobedoneshouldbedirectedtotheNetXpertsrepresentative.

Customer’sAuthorizedRepresentativeandTitle

Company Date

NetXperts,Inc.WalnutCreek,CA

NetXpertsAuthorizedRepresentativeandTitle

Company Date