E-Government Program - United Nationsunpan1.un.org/.../documents/un-dpadm/unpan042897~1.docx · Web viewOMSAR has initiated a global Three year roadmap for the implementation of an

Republic of Lebanon

Office of the Minister of State for Administrative Reform (OMSAR) Rania FAKHOURYICT Project Manager

E-Government Program

Terms of Reference

Data Center for the Government of Lebanon

Version 0.2

DRAFT

August, 2010

E-Government Data Center TOR – 0.2 August 2010 Page 1/61

Republic of Lebanon

Office of the Minister of State for Administrative Reform (OMSAR) Rania FAKHOURYICT Project manager

Versions Management

Version Date Who Description

0.1 30th of July, 2010 Rania FAKHOURY Creation of the document based on different technical specifications collected from the Data Center RFI Study process

0.2 18th of August, 2010 Rania FAKHOURY Updates based on different meetings with Dr. Ali ATAYA

E-Government Data Centre TOR – 0.2 August 2010 Page 2/61

Republic of Lebanon


Table of Contents

1 DEFINITIONS AND ACRONYMS.................................................................................................................. 5

2 INTRODUCTION........................................................................................................................................ 6

3 BACKGROUND.......................................................................................................................................... 6

4 SUMMARY OF SOLICITED SERVICES........................................................................................................... 7

5 ASSUMPTIONS........................................................................................................................................ 10

5.1 AVAILABILITY................................................................................................................................................105.2 LOCALIZATIONS.............................................................................................................................................105.3 INTERNET ACCESS..........................................................................................................................................115.4 ENVIRONMENTS............................................................................................................................................115.5 PORTAL.......................................................................................................................................................115.6 POWER CONSUMPTION/HEAT DISSIPATION........................................................................................................115.7 STORAGE AMOUNT........................................................................................................................................125.8 GSB...........................................................................................................................................................12

6 NETWORK TOPOLOGY............................................................................................................................. 12

7 DESIGN DESCRIPTION.............................................................................................................................. 13

7.1 GENERAL.....................................................................................................................................................137.1.1 Scalability.............................................................................................................................................137.1.2 Redundancy..........................................................................................................................................137.1.3 Internet connectivity.............................................................................................................................147.1.4 End-to-end security..............................................................................................................................147.1.5 Switching capacity................................................................................................................................147.1.6 Maintainability.....................................................................................................................................147.1.7 System and Data back-up.....................................................................................................................147.1.8 End-to-end virtualization......................................................................................................................14

7.2 PLATFORM AND STORAGE ARCHITECTURE..........................................................................................................147.3 APPLICATION................................................................................................................................................157.4 NETWORK ARCHITECTURE...............................................................................................................................15

8 PHYSICAL INFRASTRUCTURE SPECIFICATIONS..........................................................................................17

9 INFRASTRUCTURE REQUIREMENT........................................................................................................... 20

9.1 SERVER TECHNICAL SPECIFICATIONS..................................................................................................................209.2 NETWORK TECHNICAL SPECIFICATIONS..............................................................................................................40


Republic of Lebanon


10 HELPDESK SYSTEM.................................................................................................................................. 49

11 OPERATIONS AND MAINTENANCE........................................................................................................... 50

12 TESTING AND COMMISSIONING.............................................................................................................. 51

13 DISASTER RECOVERY SITE........................................................................................................................ 51

13.1 OBJECTIVES..................................................................................................................................................5113.2 REQUIREMENTS.............................................................................................................................................51

14 PORTAL AND GSB SPECIFICATIONS.......................................................................................................... 52

14.1 GOVERNMENT SERVICE BUS (GSB)..................................................................................................................5214.1.1 Objectives.........................................................................................................................................5214.1.2 GSB Requirements............................................................................................................................53

14.2 PORTAL REQUIREMENTS.................................................................................................................................59


Republic of Lebanon


1 Definitions and Acronyms

Code Description

BGP Border Gateway Protocol : Protocol for backing the core routing decisions on the Internet

CMS Content Management System

DC Data Center

DHCP Dynamic Host Configuration Protocol: An auto configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network

DNS Domain Name System: hierarchical naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with domain names assigned to each of the participants

ESB Enterprise Service Bus: consists of a software architecture construct which provides fundamental services for complex architectures via an event-driven and standards-based messaging-engine (the bus)

HVAC Heating, Ventilating, and Air Conditioning: he technology of indoor or automotive environmental comfort

ITIL Information technology Infrastructure Library: A set of concepts and practices for Information Technology Services Management (ITSM), Information Technology (IT) development and IT operations. ITIL gives detailed descriptions of a number of important IT practices and provides comprehensive checklists, tasks and procedures that any IT organization can tailor to its needs

IPS Intrusion Prevention System : Network security appliances that monitor network and/or system activities for malicious activity

PKI Public Key Infrastructure: Set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates


Republic of Lebanon


Code Description

RTO Recovery Time Objective: Duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity

RPO Recovery Point Objective: Point in time to which you must recover data as defined by your organization. This is generally a definition of what an organization determines is an "acceptable loss" in a disaster situation

SOA Service Oriented Architecture: Flexible set of design principles used during the phases of systems development and integration

SOAP Simple Object Access Protocol: Protocol specification for exchanging structured information in the implementation of Web Services in computer networks

SSO Single Sign On

SLA Service Level Agreement: Part of a service contract where the level of service is formally defined.

VPN Virtual Private Network: Network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or individual users with secure access to their organization's network

XML eXtended Markup Language: Set of rules for encoding documents in machine-readable form

2 Introduction

The Lebanese Government represented by the Office of the Minister of State for Administrative Reform (OMSAR) invites solution providers to respond to the following lots:

1. Data Center (Functional Architecture, Organization and Requirements)

2. Infrastructure Requirements (Design, Preparation, Supply, Installation and Rollout)

3. Portal Requirements

4. GSB (Government Service Bus) Requirements


Republic of Lebanon


3 Background

The current Government of Lebanon Ministerial Declaration included, under the heading "Administrative Reform", a paragraph stating as follows:

"Activate, utilize and develop information technologies and set benchmarking standards for websites in departments and public institutions. Thus, it would be a preliminary step toward the establishment of e-government portal and the improvement of citizen’s access to services and information. It will also contribute to increasing the ability of financial and administrative control in addition to monitoring the flow of information and ensuring communication between departments. "

OMSAR has initiated a global Three year roadmap for the implementation of an innovative e-government program that will transform the Lebanese government by making it more accessible, effective and accountable. The e-Government program is based on the government of Lebanon e-Government Strategy validated in 2007.

The roadmap has the following parallel running tracks:

Legal and administrative prerequisites

E-government portal phasing

Infrastructure to be defined for portal components hosting

Solutions components to be defined for portal development and deployment

Interoperability between portal and different government agencies

Networking for interoperability support

The Office of the Minister of State for Administrative Reform (OMSAR) has received financing ($30,000,000) from the Arab Fund for Economic and Social Development toward the cost of the Administrative Development Project (ADP). The overall objective of the project is to contribute to the development of the performance of the Lebanese Public sector to enable the Lebanese Government to deliver better services to the citizens through technical administrative assistance to the Ministries, public institutions, autonomous services, and other government administrations.

OMSAR is committed to apply a significant portion of the funds toward the implementation of the e-government program. OMSAR is further committed to secure more funds from the Lebanese Government budget and international donors to ensure the success of the e-government program.

This RFP is a stepping stone toward the full modernization of the Lebanese government institutions. OMSAR is counting on the success of this RFI to unleash the full potential of Lebanon’s e-government program.


Republic of Lebanon


4 Summary of Solicited Services

Code Description

Data Center

Design and Architecture Data center Space and Floor layout along with Number of Racks and their design in the Data Center.

Cabling, Pipes and Ducting Plan, raised floor

Site preparation

Civil, Electrical & Mechanical works

Civil, Electrical & Mechanical requirements

Power Requirement Power Provisioning, Power Distribution panel, UPS Space and Expansion

AC Space requirement for indoor and outdoor units

Physical Security Detailed layout of CCTV and access control devices and security layer

Fire Detection and Prevention Design for installing the detectors both heat and smoke

Design for the suppression in the server farm area

Infrastructure

LAN Supply and installation of routers and switches, LAN cabling, Redundancy and Virtualization

WAN Supply and installation of Internet routers and Internet bandwidth

Logical Security Supply and installation of Redundancy, IPS, Firewalls,

Servers Supply and installation of Computing (Servers, OS, Databases etc.) infrastructure

SAN Supply and Installation of the SAN solution

Application (excluding portal and GSB)

Installation & Configuration of application

Backup solution Supply and Installation of the Backup solution

Portal

Migration Propose and execute a migration plan for informs.gov.lb to the new portal


Republic of Lebanon


Code Description

Design and Architecture Font, color scheme, layout

Portal Structure

Features and functionality Advanced Search, Personalization, News, Services, Multiple channels …

CMS Create, change and maintain by roles, levels and designations

Reporting tool Periodic reporting on the usage of different portal elements

Government Service Bus

Analysis and Requirements Define Functional requirement

Detailed Design Produce application design

Core Functions Define and install all the component for the core function

Ministry Integration Framework Define the requirement to connect the Backend systems the

solution

Integration Define and Manage transactional and operational data related the Portal and GSB and related to the e-services requirements that are managed by the GSB.

Identity and access management (IAM)

Design and implement IAM

Reporting and Dashboard Reporting, Analysis, scorecard and dashboard

Data Center Monitoring and Control

KPIs Define KPI for availability, SLA, GSB and portal

SLAs SLA commitment in terms of availability/ Helpdesk, Incident Management and Problem Management and Security Management

Software Install the Management software that integrate all components in the DC

Data Center Management

Processes/Procedures Re-engineering the process and procedure and implement change management rules

Organizational Chart Role and Function of the team who will operate the solution according to the SLA


Republic of Lebanon


Code Description

Help Desk Services Implementation of ITIL best practices

Testing and Commissioning Test the solution components and make the Data Center available to OMSAR for carrying out live operations and getting the acceptance from OMSAR

Day-to-day Operations

System Administration, Maintenance & Management Services

Support and maintain all the Systems and Servers

Network Management Services Ensure continuous operation and upkeep of the LAN & WAN infrastructure

Services Maintain and support all the services

Backup and Restore Responsible for the management of the storage solution

Server and Storage Administration & Management Services

Monitor and manage services and storage

Physical Infrastructure Management and Maintenance Services

Support and maintain all physical infrastructure management and maintenance services

Security Administration & Management Services including physical

Provide a secure environment through implementation of the security policy

Database Administration & Management

Monitor and manage database

Preventive and Corrective Maintenance Services

Troubleshoot of problems arising in the DC

Asset Management Services Create and maintain database of all the equipments/software procured/ Installed in the DC

Configuration/ Reconfiguration Management Services

Define change management procedures


Republic of Lebanon


5 Assumptions

5.1 AvailabilityThe design should ensure an uptime of 99.99% and 24/7/365 operational on a yearly basis including scheduled downtime required for maintenance and upgrades.

5.2 LocalizationsTO BE DONE for the main site and the Disaster Recovery one.

5.3 Internet AccessInitially the internet bandwidth required for running this centre will be 4 Mbps unshared bandwidth and would be increased on demand. The same should be recalculated and scalable as per application growth and expansion plans in the future.

5.4 Environmentso The production environment comprises the applications, systems and network and

supporting systems infrastructureo The pre-production environment plays a pivotal role in defining test completion criteria and

should be as close as the production environmento The testing environment includes unit, integrated and operation tests that are performed to

ensure uninterruptible and flawless systemso The development environment is established to minimize trial and error and establishment

of an efficient operation environment is possible

5.5 Portal 2011 2012 2013 2014 2015

Daily users 3332 4665 5598 6717 8061

Monthly users 99960 139944 167933 201519 241823

Yearly users 1199520 1679328 2015194 2418232 2901879

Concurrent User 333 466 560 672 806

Bandwidth (Mb/s) Monthly 4 5 6 8 9

5.6 Power consumption/Heat DissipationThe power consumption will be used to assess the UPS capacity and the Heat dissipation for the AC capacity.


Republic of Lebanon


Item QtyOutput Power (Watts)

Total Output Power

Heat Dissipation

BTU/HTotal HD

Blades 2 6801 13602 23191.41 46382.82

SAN + Switch 2 1639 3278 5588 11177

Switch-Core 2 1200 2400 4092 8184

Blade Switch 4 45 180 153.45 613.8

LAN Switch access 2 60 120 204.6 409.2

Router 2 370 740 1261.7 2523.4

Firewall 4 190 760 647.9 2591.6

IPS 2 190 380 647.9 1295.8

ADC 2 354 708 1207.14 2414.28

Totals 22168 75593

Total Power (KVA) 24.53

Total Heat Dissipation (BTU/hr) 75593

5.7 Storage amounto Minimum usable 2TB (no data is hosted locally). An assessment of the storage requirement

for the entire DC environment should also be taken into consideration.

5.8 GSBo Definition of business-centric key performance indicators (KPIs) and near-real time KPIs

calculation and presentation using dashboard based on their dependencies on incoming events, conditions warranting business actions (business situations), and outbound events that report these conditions and might trigger business actions.

6 Network Topology

The figure below depicts the network topology architecture (in the production environment) which consists of the following layers to secure the internet network.

Management/ Test and Development Zone

Application Zone: contains GSB and portal application servers


Republic of Lebanon


Secured Zone: contains GSB and portal database and directory servers

Extranet Zone for E-Gov network: contains front-end servers

Public Zone: contains web servers, application delivery controller and content caching.

Agencies Zone: contains agencies application and database servers (It is an optional zone).

7 Design Description

7.1 General

7.1.1 Scalability

Support for scalability to provide continuous growth to meet the requirements and demand of various departments. A scalable system is one that can handle increasing numbers of requests without adversely affecting the response time and throughput of the system. The Data Center should support both vertical (the growth of computational power within one operating


Republic of Lebanon


environment) and horizontal scalability (leveraging multiple systems to work together on a common problem in parallel).

7.1.2 Redundancy

Provide adequate redundancy for all components to ensure high availability of the e-Governance applications and other Data Center services. Designing for availability assumes that systems will fail, and therefore the systems are configured to mask and recover from component or server failures with minimum application outage.

7.1.3 Internet connectivity

Internet connectivity is proposed from two different service providers. BGP multi homing shall be provided.

7.1.4 End-to-end security

Provide an end-to-end security blanket to protect applications, services, data and the infrastructure from malicious attacks or theft from external (through internet), internal (through intranet) hackers and DMZ.

7.1.5 Switching capacity

All the servers would be connected to high capacity LAN Switch, which can process millions of packets within seconds, depending on the Users and Application and its contents.

7.1.6 Maintainability

The DC is designed in an efficient way to ensure an easy maintenance. It must facilitate ease of configuration, ongoing health monitoring, and failure detection that are vital to the goals of scalability, availability, and security.

7.1.7 System and Data back-up

Adopt detailed System and Data back-up processes and methodologies, using industry standard tools to provide long term storage solution.

7.1.8 End-to-end virtualization

Proposal an end to end virtualization solution is encouraged. The bidder should propose this solution and include why it is better than other alternatives.

7.2 Platform and Storage Architectureo This section outlines platform components to be deployed as part of DC project. Majority of

e- Server farm will be comprised of hardware for Directory service, Proxy Service, Antivirus software, DNS and DHCP Service, Backup service and Application Server.

o DNS/DHCP should be in highly available mode with primary and secondary servers. There should be two different views or servers for public and private DNS services.

o There should be at least one primary and secondary Directory server configured in such a way that directory services are available 100% of the time. Directory Services are to be limited to DC only.


Republic of Lebanon


o There should be a redundancy at DNS and DHCP level which can be on an application delivery controller or Primary / Secondary mode.

o Web Interface of the portal should be in a DMZ (public zone) & should be configured in active-active mode using external application delivery controller.

o All Database servers should be placed in secured zone in highly available mode.o Application servers (GSB and others) which provide business logic and work flow should be

placed in secured zone in highly available mode.o Server and Network/Security Management servers/ appliances should be located in

management zone in high availability mode.o Testing servers are used for development, testing and pre-production activities and should

be located in separate test and development zone (included in the management zone).o All procured software and hardware should have active manufacturer support and not be

at the end of its product life cycle (end-of-date sale). The hardware proposed must be delivered with all firmware, OS, patches, utilities and any other software to let the hardware function as required

o All software component and product licenses should use the latest officially stable versions to support the requirements.

7.3 Applicationo The Application servers would be accessing the database from the backend in order to

process the user/citizens queries/requests.o Application and System layer at the Data Center would be Multi-layered and designed to

adhere to the open industry standards like XML, SOAP etc.o The Data Center will provide Infrastructure Services such as storage Service, security

services, internet bandwidth, help desk etc. which would be shared among all the applications participating in the DC. Using these services, the DC ensures centralized delivery of citizen services. The DC services would be deployed as components and therefore will have a potential for re-use in launching future services, without disturbing the existing architecture.

o The business related services would also have a potential of having multi-channel access/integration in future, as the data returned by the components would be in XML/SOAP format.

7.4 Network Architectureo Network should meet requirements for various kinds of Internal & External users in the

country.o Network Architecture shall be scalable and should have high performance and low latency. o All the critical network equipment such as Core & Access Switch-stack, Routers, and

Firewalls systems should be on redundant mode and should be offered with redundant power supply.

o The connectivity between end user equipment and access layer switches over Cat6 UTP cabling should be at Gigabit speed.

o Network should be multi-tier architecture comprising collapsed Access/distribution and core.


Republic of Lebanon


o Network System infrastructure should be based on converged IP technology from the Core through to the Access layer.

o Switches shall provide dynamic load balancing on the uplinks.o Cluster of Core switches should be connected to each-other using multiple/ redundant

Gigabit links.o LAN system should provide at least 50% scalability with enough free slots in Core & Access

switches.o The security should be controlled using Firewalls and Intrusion prevention systems and well

supported and implemented with the security policy. o More specific content level scanning products like Anti-Spam, Anti-Malware, network anti-

virus gateways, XML gateway should be provisioned at appropriate points to ensure content level scanning, blocking and access.

o The DC should also endeavor to make use of the SSL/VPN technologies to have secured communication between Applications and its end users.

o The system logs should be properly stored & archived for future analysis and forensics whenever desired Pair of routers will be used for connecting the DC to Internet.

o Pair of firewalls will be used for Internet connectivity in active-active architecture.o Outside zone or public zone of Internet firewall will be connected to the Internet routero Third party servers like adapters would be placed in a separate DMZ of Internet firewall.o Second layer of Intranet firewall will be used behind the core switch.o Application and database server would be placed in inside zone of Intranet firewallo Intrusion prevention system should detect malicious traffic and further protect the DC

environment. The IPS’s should be in high availability mode.


Republic of Lebanon


8 Physical Infrastructure Specifications

Item RequirementCabling CAT 6 / fiber LAN cables should be laid up to the rack level in the Data Centre.

Dedicated raceways / cable-trays should be used for laying LAN.Along with LAN cabling, fiber cables for Storage Area Network (SAN) up to the racks in the Data Centre should also be implemented.Additional cabling requirements on an on-going basis will also need to be catered.All the cable raceways shall be adequately grounded and fully concealed with covers.The cables should be appropriately marked and labeled.There should be enough space between data and power cabling and there should not be any cross wiring of the two, in order to avoid any interference, or corruption of data.Certification for structured cabling on performance warranty for 25 years

Network Cabinets

Brand Name, ISO Certified42 U Network Rack (1000x800)Lockable Perforated Front and Rear DoorPer-Cabinet Access Control6-fan cooling unit1 U pull-out rack mount TFT Console with keyboard and touch pad17” Active Matrix Liquid Crystal DisplaySingle USB connector for both Keyboard and Touchpad1 U 16 port cat6 KVM Switch (KVM over IP support)

UPS

The purpose of this specification is to define the design, manufacture and testing characteristics required in view of supplying, deploying into operation and maintaining an Uninterruptible Power Supply system (UPS). The UPS system shall be designed to supply dependable electric power. The total load supplied by each bank of UPS system shall be equal to 25 kVA.The UPS system shall be made up of 2 identical parallel-connected single-UPS units (same power rating), operating in double-conversion mode (also called on-line mode); it shall as per international standard.There will be a total of 4 UPS systems. Two UPS in each bank. Each bank should cater to each power path till the Data Center. In case of failure of any UPS in a particular bank the other UPS should take over the load. In case if any bank fails the other bank to take over the total load.


Republic of Lebanon


Item RequirementEach UPS unit shall have a unit rating of 12.5 kVA (MIN) and shall comprise the following components, described below in this specification:

o 6 pulse SCR rectifier with active/passive filtero battery charger;o inverter;o battery;o static bypass (via a static switch) for each UPS unit; manual maintenance bypass for each UPS unit user and

communications interface;o battery management system;o Any and all other devices required for safe operation and maintenance, including circuit breakers, switches, etc.

The UPS system shall ensure continuity of electric power to the load within the specified tolerances, without interruption upon failure or deterioration of the normal AC source (utility power) for a maximum protection time determined by the capacity of the backup batteries installed.The backup time of each battery in the event of a normal AC source outage shall be 30 minutes per UPS. A cumulative back up of 60 minutes to be possible on each bank of UPS in case one of the UPS in a bank fails. The design life of each battery shall be equal to at least 15 years. Batteries shall be selected and sized accordingly. Reliability and MTBF: The UPS has to be highly reliable with a high MTBF.The UPS system shall be designed to enable the extension of communications, without system shutdown, to an SNMP communication card for connection to an Ethernet network, for connection to a computer-network management system.

HVAC

To maintain indoor environment including temperature and humidity constantly to prevent faults or errors of sensitive electronic devices, HVAC (Heating, Ventilating and Air Conditioning) system will be installed in the data center based on the following guideline:Designed to meet or exceed the specifications in the National Fire Protection Association standard, NFPA 70 article 645Install to meet the local conditions and environment.Designed to be easy to operate and maintain with good durability.Indoor temperature condition: 22 °C ± 2 °CIndoor humidity condition: 40% ± 5%VentilationCooling Capacity minimum 76000 BTU/hThe Air Conditioning shall be provided for the Data Center with around xxx sq.ft. area. It is suggested to provide air supply typically through false flooring.

False Ceiling The top false ceiling would have 1’ 6’’ feet of space from the actual Room ceiling. This false ceiling will house AC ducting (if required) and cables of Electrical lighting, Fire fighting and CCTV.


Republic of Lebanon


Item RequirementDiesel Generator Set The diesel generator set should be in a redundancy mode and total number of units should not exceed two.

Raised Flooring

Antistatic fire retardant with stringers and ground bonding aluminum back sheets and access ramp. Minimum 30 cm clearance below raised floor. Minimum 2.5m clearance between top of raised floor and ceiling (false ceiling).Panel size 600x600x36mm, core made of high density calcium sulphate, aluminum foil 0.05mm thick on lower surface, top covering conductive vinyl 2mm thick, grey plastic semi rigid edge trim 0.6mm thick. Including galvanized steel substructure type MPM high configuration complete with galvanized steel open U section stringers, conductive head gaskets and stringer gaskets. Before laying the existing raised floor, flooring should be made free from dust and undulations. The finished flooring should be free from air bubbles and thoroughly cleaned.The work shall include the preparation of base surface, cleaning, and acid wash.Providing and fixing 9 mm thick floor insulation below the false flooring and joints should be finished properly as per manufacturer's specification.

Earthing

All electrical components are to be earthen is to by connecting two earth tapes from the frame of the component ring will be connected via several earth electrodes. The cable arm will be earthen through the cable glands. The entire applicable IT infrastructure in the Data Center shall be earthed. Earthing should be done inside the Data Centre for the entire power system and provisioning should be there to earth UPS systems, Power distribution units, AC units etc. so as to avoid a ground differential. State shall provide the necessary space required to prepare the earthing pits.All metallic objects on the premises that are likely to be energized by electric currents should be effectively grounded.The connection to the earth or the electrode system should have sufficient low resistance of less than 5 ohms for the power and less than 1 ohm for the network to ensure prompt operation of respective protective devices in event of a ground fault, to provide the required safety from an electric shock to personnel & protect the equipment from voltage gradients which are likely to damage the equipment.Recommended levels for equipment grounding conductors should have very low impedance level less than 0.25 ohm.The Earth resistance shall be automatically measured on an online basis at a pre-configured interval and corrective action should be initiated based on the observation. The automatic Earthing measurements should be available on the UPS panel itself in the UPS room.There should be enough space between data and power cabling and there should not be any cross wiring of the two, in order to avoid any interference, or corruption of data.The earth connections shall be properly made.A small copper loop to bridge the top cover of the transformer and the tank shall be provided to avoid earth fault current passing through fastened bolts, when there is a lighting surge, high voltage surge or failure of bushings.

Fire Suppression/Detection System

This shall include, design, supply, installation, testing and commissioning of Automatic & Gas flooding, fire suppression system. The suppression system used shall be FM 200 gas based fire suppression system. The successful bidder shall make detailed working


Republic of Lebanon


Item Requirementdrawings and coordinate them with other agencies at site. The critical area shall be divided into number of zones, whenever fire is detected or sensed in any of the zones, annunciation should be available on the FACP, and the suppression system in that particular zone shall be automatically activated. The flooding of the gas is considered in the area above false ceiling, below false ceiling and false floor.The server room shall be protected with the gas based fire protection system. The system design shall be based on the specifications contained herein, NFPA 2001 & in accordance with the requirements specified in the design manual of the agent. The bidder shall confirm compliance to the above along with their bid.

Access Control System

The scope of work shall cover supply, installation, testing and commissioning of entire access control system meeting the intended specifications and drawings. The system generally covers control of:Normal door entry and exit with Reader and Controllers.Emergency exits, Emergency Break glass units for all exit Doors to be provided.Panic Hardware, Locking devices etc.,The systems shall be standard products of adequate field experience and CE, UL/ FM listing.The system shall provide a biometric Access Control for server room entrance including touch reader, door contact, door closer, keypad, electrical lock and small battery in case of power failure.

Surveillance CCTV System The CCTV shall provide digital video recording of all the room and entrance including infra red vandal proof cameras, 400 GB HDD storage DVR, LAN module, conduits, boxes, conductors and all necessary accessories.

9 Infrastructure Requirement

9.1 Server Technical SpecificationsItem Software Hardware

Portal o Support any H/W, any OSo Support multiple browsers (IE, FireFox,

Safari, Chrome etc)o Support JSR 168 and WSRPo Support W3C standard

Qty 2

Processor Type

2 x 2.4 GHz or higher Quad Core Intel Xeon processor OR 2 x 2.9 GHz or higher AMD Opteron™ processor 4-core Model.

Processor being quoted should be of latest generation with latest


Republic of Lebanon


Item Software Hardware

o Support multi-languageo Support communication between

portalso Support reuse and change of existing

web contents and applicationo Support Web 2.0 architectureo Support various interfaces with multiple

channelo Support duplexing for high availabilityo Support API set for integrating with

different solutions such as SSO, LDAP, unified search

o Support portlet managemento Support portal menu managemento Support design management of portlet

and portalo Support delegating management

authority of portalo Support access control of portal

resources Provide user management, group management, role management

o Provide user logging, statistics and graph

o Provide setting personalized screen, menu and contents

o Provide drag & drop, pull Down menu, screen layout management

o Provide window skin and themeo Provide setting personal information

such as language, time zone etco Provide business implementation guides

based on portal

Processor speed.

Chipset ServerWorks HT or Intel Xeon 55xx or later

Cache Level 12MB cache

Storage Adapter

Dual Fibre Channel with 8Gb/s per port storage expansion card

Installed RAM

64 GB DDR2/SDRAM/FB-DIMMMs memory scalable up to 128GB

Maximum RAM

Up to 16 memory DIMMs

Network Adapter

Dual Gigabit Ethernet ports (support for 10GbE)

Drive Bays 2 SFF SAS 6 GB 15krpm hot plug disk drives

Internal Storage

2 x 300GB Hard Disks

Storage Controller

Storage controller supports RAID 0,1

Graphics Integrated 16 MB memory

Expansion slots

1 or more additional I/O expansion slots (free after all configuration)

OS Support 64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux, HyperV, VMWARE. Optional embedded virtualization


Republic of Lebanon



The portal requirement is described in the Portal requirement section

Warranty 3-year on-site, parts and labor 3-years 24x7 software phone support with upgrades and updates

GSB application

The GSB requirements are described in the GSB section.

Qty 2

Processor Type


Processor being quoted should be of latest generation with latest Processor speed.



Storage Adapter


Installed RAM


Maximum RAM


Network Adapter



Internal Storage


Storage Storage controller supports RAID 0,1


Republic of Lebanon



Controller


Expansion slots




Database Servers

The database/repository provides all the relevant information required to process any Citizen/Government request or to render any e-Governance services with the use of DC. Database server would be required to store and access data with ease. This would also be integrated with multiple applications, residing at DC.

Qty 2

Processor Type





Storage Adapter


Installed RAM


Maximum RAM



Republic of Lebanon



Network Adapter



Internal Storage


Storage Controller



Expansion slots




Directory services

Directory Services should be compliant with LDAP v3Support for integrated LDAP compliant directory services to record information for users, and system resources.Should support integrated authentication mechanism across operating system, messaging services.Should support directory services for ease of management and administration/replication.

Qty 2

Processor Type





Republic of Lebanon



Should provide support for Group policies and software restriction policies.Should support security features, such as Kerberos public key infrastructure (PKI), etc.Should provide support for X.500 naming standards.Should support Kerberos for logon and authentication.Should support that password reset capabilities for a given group or groups of users can be delegated to any nominated user.Should support that user account creation/deletion rights within a group or groups can be delegated to any nominated user.


Storage Adapter


Installed RAM


Maximum RAM


Network Adapter



Internal Storage


Storage Controller



Expansion slots




Republic of Lebanon




Proxy server Should support caching to serve client requestShould possess features to achieve content filtering (URL, DNS blacklists, or Content keyword filtering)Should support integration with LDAP for authenticationSolution should provide for both forward and reverse proxy capabilitiesProxy should provide for ways to block / control access to all executable contentThe solution should provide inbound and outbound access control on User-based or group-based access policyShould support integration with Anti-virus software to provide security against virusShould support ACL based access controlShould have support for protocols IPV 6.Should have support for various UNIX, Linux and Windows OS platformShould support transparent proxy

Qty 2

Processor Type

(2) Intel® Xeon® Processor X55xx or X56xx (2.93 GHz)

Chipset Intel 55xx


Storage Adapter


Installed RAM


Maximum RAM


Network Adapter



Internal Storage



Republic of Lebanon



Storage Controller



Expansion slots




DNS/DHCP o Should support conditional DNS forwarders e.g. forwarding based on a DNS Domain name in the query.

o Should allow clients to dynamically update resource records secure and non-secure

o Should Support incremental zone transfer between servers

o Should provide security features like access control list

o Should support several new resource record (RR) types like service location (SRV), etc.

o Should support Round robin on all resource record (RR) types

Qty 2

Processor Type


Chipset Intel 55xx


Storage Adapter


Installed RAM

32 GB (DDR3-1333) Registered DIMMs

Maximum 12 memory DIMMs


Republic of Lebanon



RAM

Network Adapter

Dual Gigabit Ethernet ports

Drive Bays 2 * SAS 15krpm non-hot plug disk drives

Internal Storage

2 x 146.8GB Hard Disks

Storage Controller



Expansion slots

1 additional I/O expansion slots (free after all configuration)

OS Support 64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux - HyperV –VMWARE. Optional embedded virtualization

Warranty 3-year on-site, parts and 3-years 24x7 software phone support with upgrades and updates

Management server

The management server would help in administration of distributed systems at DC. The management server would help in efficient and reliable administration of all the distributed computing devices and enable:Inventory Management

Qty 2

Processor Type


Chipset Intel 55xx


Republic of Lebanon



Patch managementMonitor the availability of ServicesFault ManagementPerformance Management


Storage Adapter


Installed RAM


Maximum RAM

12 memory DIMMs

Network Adapter



Internal Storage


Storage Controller



Expansion slots


OS Support 64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux - HyperV –VMWARE. Optional embedded for virtualization



Republic of Lebanon



Testing server

It would be required to deploy a separate server as testing server where all the new services are deployed on this testing server before it is brought on to the production servers.

Qty 2

Processor Type


Chipset Intel 55xx


Storage Adapter


Installed RAM


Maximum RAM

12 memory DIMMs

Network Adapter



Internal Storage


Storage Controller



Expansion slots



Republic of Lebanon



OS Support 64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux - HyperV –VMWARE. Optional embedded for virtualization


Anti-Virus o Should restrict e-mail bound Virus attacks in the real time without compromising the performance of the system

o Should be capable of providing multiple layer of defense

o Should have installation support on both gateway and Mailing server.

o Should be capable of detecting and cleaning virus infected attachments as well

o Should support scanning for ZIP, RAR compressed files, and TAR archive files

o Should support online upgrade, where by most product upgrades and patches can be performed without bringing messaging server off-line.

o Should use multiple scan engines during the scanning process.

o Should support in-memory scanning as to minimum disk I/O.

o Should support Multi-threaded scanning.

o Should support scanning of a single mailbox or a one off scan.

Qty 2

Processor Type


Chipset Intel 55xx


Storage Adapter


Installed RAM


Maximum RAM

12 memory DIMMs

Network Adapter



Internal Storage



Republic of Lebanon



o Should support scanning by file type for attachments.

o Should support scanning of nested compressed files.

o Should be capable of specifying the logic with which scan engines are applied; such as the most recently updated scan engine should scan all emails etc.

o Should support heuristic scanning to allow rule-based detection of unknown viruses.

o Updates to the scan engines should be automated and should not require manual intervention.

o Updates should not cause queuing or rejection of email.

o Updates should be capable of being rolled back in case required.

o Should support content filtering based on sender or domain filtering.

o Should provide content filtering for message body and subject line, blocking messages that contain keywords for inappropriate content.

o File filtering should be supported by the proposed solution; file filtering should be based on true file type.

o Common solution for anti-spyware and anti-virus infections; and anti-virus and anti-spyware solution should have a common web based management console.

Storage Controller



Expansion slots


OS Support 64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux - HyperV –VMWARE

Optional embedded for virtualization



Republic of Lebanon



o Should support various types of reporting formats such as CSV, HTML and text files.

o Should be capable of being managed by a central management station.

o Should support client lockdown feature for preventing desktop users from changing real-time settings.

o Should support insertion of disclaimers to message bodies.

o Should support protection for servers across multiple platforms / Internet / Intranet / SMTP / HTTP/FTP gateways.

Backup Servers

The proposed Backup Solution should be available on various OS platforms such as Windows and UNIX platforms and be capable of supporting SAN based backup / restore from various platforms including UNIX, Linux, and Windows.

o Proposed backup solution shall be offered with Cluster license of server. A virtualization solution is preferred and the bidder shall provide a solution for virtualization.

o Proposed backup solution shall have same GUI across heterogeneous platform to ensure easy administration.

o The proposed backup solution should allow creating tape clone facility after the backup process.

o The proposed Backup Solution has in-built frequency and calendar based

Qty 2

Processor Type


Chipset Intel 55xx


Storage Adapter


Installed RAM


Maximum RAM

12 memory DIMMs

Network Adapter



Republic of Lebanon


Item Software HardwareClustering the Backup Server and Media Server on Windows and UNIX.


Internal Storage


Storage Controller



Expansion slots


OS Support 64 bit Microsoft Windows Server 2008 R2 std & Enterprise, Linux - HyperV –

VMWARE

Optional embedded for virtualization



Republic of Lebanon


Item Hardware

Rack Cabinet (2) - Blade Type Brand-name, ISO-certified

Capacity 42U, width=60cm, depth=100cm

Cabinet Industry standard, 19" wide

Front Door Lockable, glass or perforated

Side Doors Lockable, removable

Rear Door Lockable, removable

Power Input Internal distribution unit, 19" rack-mounted with 7 sockets (minimum), same type as cabinet

Certification ISO Certified

Warranty 3- year on-site, parts and labor with 4 hours repair time

Blade Enclosure Form Rackmount blade enclosure

Capacity Holds up to 14 full height Blade servers in one or more chassis

Connectivity Redundant midplane or backplane

Management Module Redundant management module

Interconnect 8 x Integrated 10 Gigabit Ethernet switches (hot plug) (the description of the requirement is in the network section)

SAN Switch Module Two redundant 8Gb/s full duplex hot plug Storage switches. All SFPs and cables to be provided.FCoE usage is highly preferable.

Power Supply/Cooling Redundant hot swappable power and cooling option


Republic of Lebanon


Item Hardware

Power Distribution 2x PDUs (should be dedicated only for the blade enclosure)

Accessories All Power cords and cables for a full solution

Warranty 3-year on-site, parts and labor with commitment to repair any failed equipment within 6 hours3-years 24x7 software phone support with upgrades and updates

Management Software

o Systems Management and deployment tools to aid in Blade Server configuration and OS deployment,

o Remote management capabilities through internet browsero Software for Vulnerability assessment. o Ability to measure power historically for servers or group of servers for optimum

power usageo Ability to monitor performance of servers over timeo Blade enclosure should have display console for local management like trouble

shooting, configuration, system status/health displayo Dedicated NIC for managemento Remote management & monitoring (browser accessible). It should provide Secure

Sockets Layer (SSL) 128 bit encryption and Secure Shell (SSH) Version 2 and support VPN for secure access over internet.

o Supports Power & Thermal management & Analysiso Supports Fast and simultaneous provisioning of servers including O/S and

applications remotely

Item Hardware

Storage Array (Qty=1) The required solution must provide a highly available storage infrastructure with No Single Point of Failure (NSPOF), This requires that all critical system components be redundant (power supplies, fans, Fiber Channel switches, host bus adapters for Automatic fail over, RAID controllers, cache, disks, and cooling etc.).


Republic of Lebanon


Item Hardware

It should support Non-disruptive component replacement of controllers, disk drives, cache, power supply, fan subsystem etc.Redundant storage array controllers (2 Controllers).Minimum 4GB Cache per controller pair.Minimum usable 2TB after RAID 6 using Hot Pluggable 300GB 4Gb/s FC 15Krpm Hard Drives plus two hot spare drives of same capacityStorage Box shall have at least 154,000 Cache read IOPS Support for RAID 1, RAID 0+1, RAID 5 and RAID 6 configurations.Ready to Support intermix between 4Gb/s FC hard drives and SATA/FATA without any extra license.Storage Must Support SSD Drives for future applications requirements.Ready to Support Operating Systems - AIX, HP-UX, Windows Servers 2003/2008, Linux, VMWare.Support up to 128 Hosts.The storage must be ready to connect the maximum number of servers supported by the storage system (Host Group) with all needed licenseSupport internal iSCSI connectivity for future applications requirements Throughput disk read >=1500 MB/secSupport point in time copy and full copy. Support data replication in both synchronous and asynchronous modes across heterogeneous storage arrays from different OEMs.The storage should be configured with 2TB (raw capacity) using FC disk & should capable to scaling up to 10TB (raw capacity). The scalability should be considered with FC disks. Storage management software and other software required for redundant solution. At least 8 host ports per controller FC Host Interface Speed 8Gbps autosensing 1,2,4 GbpsAt least two 4 GB/s Device ports per controller for high availability and performance. Fans and power supplies Dual-redundant, hot-swappableRack support 19" industry-standard rack

SAN Switches (Qty=2) The SAN Switch solution should be highly available with no single point of failureSwitch should support non disruptive Microcode/Firmware upgrade>=24 Active Ports per Switch Hot swap components SFP optical transceiversRedundant SAN Switches.(2 Switches)Universal Fibre Channel interfaces Port Bandwidth >=8Gb/sec


Republic of Lebanon


Item Hardware

Hot Plug and redundant Fans and power supplies.Rack support 19 inch, 1U industry standard rackThe SAN switch should have capability to interface with HBA of different makes and model from multiple OEM, supporting multiple Operating Systems, including, but not limited to HP-UX, IBM AIX, Linux, MS-Window, Sun Solaris etc. The SAN switch should support all leading SAN disk array and tape libraries including, but not limited to, EMC, Hitachi, HP, IBM, Sun, NetApp etc.The switch shall support roll based administration by allowing different administrators different access rights to switchSupport GUI management softwareThree Years warranty.


Republic of Lebanon


9.2 Network Technical SpecificationsFollowing are the different types of equipment configurations that shall be required for the Data Center (DC).

As per recommended best practices, the components shall preferably be appliance based (wherever applicable) and the intranet and internet firewalls shall be from the same OEMs. The multiple solution components shall not be provided in a single chassis e.g. firewalls, IPS, ADC etc. shall not be provided as a single chassis solution and should ensure that all the network components should support IPv6.

The warranty for network equipment is 3-year on-site, parts and a 3-years 24x7 software phone support with upgrades and updates.

The switches (core and blades) should provide support for FCoE or/and IEEE Data Center Bridging standards or equivalent, delivering the capability to consolidate and connect servers and storage devices through high-speed, highly scalable, and highly available converged SAN and LAN fabrics, a unified fabric. The bidder should propose this solution or any compatible one and include why it is better than other alternatives.

Item RequirementLAN Switch – Core

Qty= 2High backplane speed (550 Gbps or more)19’’ rack mountableActive switching bandwidth should be 550 Gbps or more with offered modules.The forwarding rate should be scalable to 400 Mpps.Should have at least 1 x 48 x 10/100/1000BaseT auto sensing portsThe switch should have minimum of 7 payload slots with two free slotsShould be a single chassis4 * 10 SFP-based Gigabit portsShould have redundancy at various levels:Should have redundant Power Supply. Should have redundant Switching engine. With failure of one of the switching engines, there should be no performance degradation.In the event of the failure of one of the engines, the forwarding should not stop and the failover from one engine to the other should be statefull.Layer 2 FeaturesLayer 2 switch ports and VLAN trunksIEEE 802.1Q VLAN encapsulationSupport for at least 4000 VLANsSpanning tree supportPort trunking capabilityPort mirroring capabilityLayer 3 featuresVRRP


Republic of Lebanon


Item RequirementStatic IP routingIP routing protocolsOpen Shortest Path FirstIPv6 supportRouting Information ProtocolBGPMPLS capableStandardsEthernet : IEEE 802.3, 10BASE-TFast Ethernet : IEEE 802.3u, 100BASE-TXGigabit Ethernet: IEEE 802.3z, 802.3abIEEE 802.1D Spanning-Tree ProtocolIEEE 802.1w rapid reconfiguration of spanning treeIEEE 802.1s multiple VLAN instances of spanning treeIEEE 802.1p class-of-service (CoS) prioritizationIEEE 802.1Q VLAN encapsulationIEEE 802.3afIEEE 802.3adIEEE 802.3ae: 10 Gigabit EthernetIEEE 802.1x user authentication1000BASE-X (small form-factor pluggable)High AvailabilityShall support Redundant Power supplyShall support On-line insertion and removal for cards, power supply and fan trayShall support multiple storage of multiple images and configurationsQoS SupportRate Limiting based on source/destination IP/MAC, L4 TCP/UDPSecurity FeaturesAAA support using RADIUS and/or TACACS.Unicast MAC filteringIP Access list support.Multiple privilege level authentication for console and telnet accessIEEE 802.1x support for MAC address authenticationShall support per port Broadcast Multicast and unicast storm control.Shall support time based ACLsManagementShall have support for Web based management, CLI, Telnet and SNMPv1, v2 and v3Shall support SSHShould support multiple levels of administration roles to manage and monitor the device.Should support Network Time Protocol.Should be able to send and receive Syslog and SNMP traps from devices

Blades Switch Qt=4Switch ArchitectureUplink: Support 8 X 10/100/1000BASE-T ports and 2 x 10 SFP-based Gigabit portsDownlink to each blade: Support 14 * 1 GBRedundant power supply.Capability to virtualize x switches into 1Layer 3 support


Republic of Lebanon


Item RequirementSwitch Throughput128 Gbps or more throughput providing non-blocking architecture.Protocol and standards supportIPv6 supportShall be able to support private vlans or equivalent feature.Ethernet : IEEE 802.3, 10BASE-TFast Ethernet : IEEE 802.3u, 100BASE-TXGigabit Ethernet: IEEE 802.3z, 802.3abIEEE 802.1D Spanning-Tree ProtocolIEEE 802.1w rapid reconfiguration of spanning treeIEEE 802.1s multiple VLAN instances of spanning treeIEEE 802.1Q VLAN encapsulationIEEE 802.3adIEEE 802.3ae: 10 Gigabit EthernetIEEE 802.1x port-based security Routing protocols : RIP, OSPFQoS support Rate Limiting based on source/destination IP/MAC, L4 TCP/UDPManageabilityBuilt in Web based management supportBuilt in Console portSNMP v1, v2, v3Should support auto-sensing and auto-negotiation on each non-GBIC portNetwork Timing Protocol (NTP)Configuration replacement and roll back functionalitySecurity Features supportedPrivate Vlan or equivalent featureTACACS+ and RADIUS (planned future software support)MAC-based port-level security prevents unauthorized stations from accessing the switch Per-port broadcast, multicast and unicast storm control

LAN Switch – Access

Qty=2Switch Architecture19’’ rack mountable12 X 10/100/1000 port switchSwitch shall be modular or stackable to be able to accommodate more number of ports in future for scalabilityPort mirroring capabilityMulticast support (PIM,SM,DM and IGMP Snooping)Redundant power supplySwitch Throughput240 Gbps or more throughput providing non- blocking architectureProtocol and standards supportIPv6 supportShall be able to support private vlans or equivalent featureEthernet : IEEE 802.3, 10BASE-TFast Ethernet : IEEE 802.3u, 100BASE-TXGigabit Ethernet: IEEE 802.3z, 802.3abIEEE 802.1D Spanning-Tree Protocol


Republic of Lebanon


Item RequirementIEEE 802.1w rapid reconfiguration of spanning treeIEEE 802.1s multiple VLAN instances of spanning treeIEEE 802.1Q VLAN encapsulationIEEE 802.3adIEEE 802.1x user authenticationRouting protocols : RIP, OSPFQoS support Rate Limiting based on source/destination IP/MAC, L4 TCP/UDPManageabilityBuilt in Web based management supportBuilt in Console portSNMP v1, v2, v3Should support auto-sensing and auto-negotiation on each non-GBIC portNetwork Timing Protocol (NTP)Configuration replacement and roll back functionalitySecurity Features supportedPrivate Vlan or equivalent featureTACACS+ and RADIUS (planned future software support)MAC-based port-level security prevents unauthorized stations from accessing the switchPer-port broadcast, multicast and unicast storm control

Internet Router Qty=2Router Architecture 19’’ rack MountableModular chassisHigh Availability RequirementsVRRPHigh Mean Time between Failure values should be available to ensure long life of router hardwareThe router should be capable of booting from a remote node or external flash memory, where the router image is presentThe Router should have redundant power supplyAll the modules, power supply should have support for hot swappable functionality.On-line insertion and removal for cardsMiscellaneous Hardware RequirementsSufficient RAM must be available for proper router operation to keep IGP and EGP routes (Minimum 1GB and support for 2 GB)Extensive debugging capabilities to assist in hardware problem resolutionInterface Modules have/ support4 X Ethernet Port - 10/100/1000 MbpsShall support variety of interfaces like E3, Ch-E1, E1 G703 Interfaces as per ITU-T Standard.Packet over SONET (POS) connectivity and channelized Packet over SONET (cPOS) OC-3 STM-1 interfaces to meet continuous bandwidth requirementsShall be able to support variety of other interfacesPerformance requirement:Minimum of 3 Mpps throughputRouter Software FeaturesShould support the standard routing protocols with QOSBackplane Capacity


Republic of Lebanon


Item RequirementMimimum 16 GbpsIP Routing ProtocolsStatic Routing ProtocolsRIP v1 and v2OSPF v2 and v3Policy Routing supportBGP, IS-ISRoute redistribution between any of the above protocolsProtocolsPPPMultilink PPPLoad Balancing ProtocolSupport for URL FilteringIPv4, IPv6MPLS L2 & L3VRRPCongestionRandom Early Detection and Weighted REDWeighted Fair QueuingPriority QueuingAccountingNetwork Time ProtocolPacket & Byte CountsStart Time Stamp & End Time StampsInput & Output interface portsType of service, TCP Flags & ProtocolSource & Destination IP addressesSource & Destination TCP/UDP AddressesSecuritySupport for Standard Access Lists and Extended Access Lists to provide supervision and controlControlled SNMP AccessControl SNMP access through the use of SNMP with authenticationMultiple Privilege LevelsSupport for Remote Authentication Dial-In User Service (RADIUS) and AAAGRE and IP Sec 3DES/AES VPN for configuration of VPN tunnels.Support for IPSEC Site-to-Site and Remote Access VPNs. NAT, PATAccess control – MultilevelSupport ACL’s to provide supervision and control.Multiple Privilege Levels for managing & monitoringSupport for Remote Authentication User Service (RADIUS) and AAASupport for Standard Access Lists to provide supervision and control.Controlled SNMP Access using ACL on router to ensure SNMP access only to identified management systemsDoS prevention through TCP Intercept & DDoS protectionHigh Availability (Active-Active)Other required featuresEthernet Interface of the Router should support 802.1Q


Republic of Lebanon


Item RequirementSupport for additional Ethernet Interface cardShould have automatic route optimization and load distribution over multiple service provider networksManagement RequirementsTelnet and SSHSNMP V1, V2, V3Shall have Console port for local management Configuration replacement and roll back functionalityPreplanned reboot

Firewall Intranet and Internet

Qty=4The Firewall should be appliance basedHardware Architecture Modular chassis19’’ rack mountableShall Support more or equal to 6 Security Zones physically with 1 Gbps ports isolated from each otherConsole Port 1 numberStatefull Redundant power supply>= 6 Gigabit Ethernet InterfacePerformanceThe firewall throughput performance should be at least 2 Gbps or more Should support 3DES/AES VPN Throughput of at least 1 Gbps The firewall should provide at least 1,000,000 or more concurrent connections Should support 802.1Q trunkingShould have Application inspection for standard applications like DNS, FTP, HTTP, HTTP, ICMP, NetBIOS Name Service, SMTP, TFTP, rtSP, SiP and H.323 (including Q.931, H.245 and rtP/rtCP)Firewalling at layer 2 and layer 3 of the OSI layerStatic route, RIPv2, and OSPFNAT and Port Address Translation featureOptional support to perform intelligent packet filtering, URL filtering.Should support IPv4 and IPv6.Support to be able to detect, respond to and report any unauthorized activity.Firewall features shall include:Application/Protocol Inspection Engines L2 transparent firewalling Advanced HTTP Inspection Engine Time-based ACLs VPN feature shall support:3DES/AES VPN Throughput above 120 MbpsSSL VPN IPsec VPN Peers above 5000IPSec, ESP, PPTP, L2TP, L2TP/IPSec,NAT Transparent IPsec, IPsec/UDP, IPsec/TCPKey Management: Internet Key Exchange (IKE)-Aggressive and Main Mode (Digital certificates) Diffie-Hellman (DH) Groups 1, 2, and 5 Perfect Forward Secrecy (PFS) RekeyingIPsec (ESP) using Data Encryption Standard (DES)/Triple DES (3DES) (56/168-bit) or AES (128/256-bit) with MD5 or SHAClient Software: support for Microsoft Windows 7 and before, Unix Systems, MAC OS, Solaris


Republic of Lebanon


Item RequirementVPN Clustering and load balancingAuthenticationRemote Authentication Dial-In User Service (RADIUS) Active Directory authenticationSecurity Dynamics (RSA SecurID Ready)External user authorization information may be obtained via LDAP or RADIUSHigh Availability (Active-Active)ManagementEmbedded web based configuration / management supportShould have Management access through console, SSH and GUI for managing the firewallShould have the capability of restricting the access through the Console and out-of-band management interface to protect the devices from local threats

IPS Qty=2The IPS should be appliance based.The IPS should have the following InterfacesThe IPS should have minimum of 4 pairs of 10/100/1000 ports to support up to 4 inline protected segment support.Scalability: Fiber and Copper1 Dedicated Management portPerformance and AvailabilityThe IPS device should provide a throughput of at least 2 Gbps Attack Detection Techniques The IPS System should have the following attack detection techniquesVendors Signature Database of at least 1000 signatures.Shall be able to support user defined signatures.Zero day attack protection using protocol and traffic behaviour analysis.Backdoor DetectionDoS/ DDoS / SYN-flood/ TCP-flood /UDP-flood Monitoring of protocols such as TCP/IP, ICMP, FTP, SMTP etc.Attacks filters on spyware, VoIP vulnerabilities, Phishing, malware, virus, network worms, Trojans, peer-to-peer applications etc.Action on AttacksThe IPS system should be able to do the following in the event of detecting an attack:Drop/Block/Terminate attacks in real time without logging.Block/Drop/Terminate attacks in real time and log.Reset connections without logging.Reset connections and log.None (Log only)Other CapabilitiesShould be capable of handling fragmentation and TCP reassembly etc.Shall be able to support user defined signatures.Shall be able to support automatic signature update from the OEM over the internet using a secure communication mechanism in the case of emergencies.Default security policy. High AvailabilityThe device should support fail-open. The device should support redundant power supply.Deployment Modes


Republic of Lebanon


Item RequirementThe IPS should be deployable in the following modes:in-line modeManagement and Monitoring CapabilitiesThe IPS Systems should have a Management Console and remote telnet, SSH and Web capabilities for basic configuration of the deviceThe IPS should have a dedicated port for Out-of-Band Management and should not use any traffic ports for the management purposeShould have the capability to store the attack logs and view them in the form of reports.The system should have pre-defined reports.The system should also have the capability to fully customize the reports as desired by the user.The system should be able to support log file, Syslog and SNMP v1, v2,v3. Shall support role based administration for various administrator and user levels.

Application delivery controller

Qty=2Architecture19’’ rack mountableShould be appliance based.Server load balancer should have ASIC based architecture & not PC based architectureShould have min 4 x 10/100/1000 Base T Ports.Should support minimum 2 Gbps L7 throughput and upgradeable to 4 Gbps without change in hardware or any new addition in hardware Support Layer 4 load balancing and Layer 7 content switching technologiesShould support logical interfacesShould support Port Aggregation IEEE 802.3adShould support VLAN Trunk IEEE 802.1QShould have 1GB RAM.Should support 500,000 connectionsShould support virtual devicesShould support SSL acceleration Should support following deploymentsRouting Mode : where client-side and server-side VLANs are on different subnetsBridge Mode: where client-side and server-side VLANs are on the same subnets.Load Balancing FeaturesShould support minimum 200 or more real Servers for load balancing.Should support minimum 200 or more Virtual servers.Should support following load balancing algorithmsCyclic - Round RobinHash Weighted CyclicLeast ConnectionsLeast number of users.Least BandwidthLeast Response timeHash address/cookie/header/URLServer load balancing based on SNMP parameter like CPU load, Memory utilization etc.Should support Client NAT & Server NATIn case of Server / Application failure device should detect it in not more than 30 seconds.Should support following content based Load balancing featuresIt should be able to support global load balancing in future with the help of software or


Republic of Lebanon


Item Requirementinternal/external hardware upgrade.HTTP Header based redirectionURL-Based RedirectionBrowser Type Based RedirectionPreferential Treatment (Cookie Based)Caching:Should provide at least 1 GBSupport for dynamic caching technologyCompressionSupport for hardware-accelerated data compressionServer Management FeaturesShould support Graceful shutdown of ServersShould support Graceful Activation of ServersShould able to redirect traffic based on Source IP, Destination IP & TCP PORTHealth Monitoring Should provide individual health checks for real servers & farmsShould allow monitoring protocol like HTTP, HTTPS, SMTP, POP, FTP, UDP etc.Should allow to configure Customize health probes based on TCP & UDP parametersShould provide GUI to configure Health MonitoringSupport for user defined / custom health checks as per the requirement.RedundancyShould support industry standard redundancy protocol like VRRP.Should support transparent failover between 2 devicesShould Supports active-standby and active-active redundancy.Management Should support the following Management ApplicationsSSHHTTPSConsoleSNMP (V1, V2 and V3)Should support GUI for configuration & monitoring

XML Firewall Qty=2Architecture19’’ rack mountableShould be appliance based.Should have min 4 x 10/100/1000 Base T Ports.Should have 2GB RAM.Should support virtual devicesShould support XML acceleration Provides native integration with directory and identity systems such as Lightweight Directory Access Protocol (LDAP), Kerberos and Microsoft Active Directory, CA Netegrity, and IBM Tivoli Access Manager etc.ThreatsDefends against XML threatsProtects against identity, content-based, personnel, response compliance, message transport, and XML denial-of-service (XDoS) attacksCost-effectively enforces XML schema at runtime and prevents structural attacksTransformation


Republic of Lebanon


Item RequirementXSLTXpathGUI mappingSDKStandardsSimple Object Access Protocol (SOAP) 1.1 and 1.2SOAP With Attachment (SWA) 1.1 Web Services Description Language (WSDL) 1.1 Xpath E-business XML (ebXML) Representational State Transfer (REST) Extensible Stylesheet Language Transformation (XSLT) 1.0 Web Services Addressing (WS-Addressing)Server Management FeaturesShould support Graceful shutdown of ServersShould support Graceful Activation of ServersShould able to redirect traffic based on Source IP, Destination IP & TCP PORTMessage formatsXML SOAP 1.1 and SWA SOAP 1.2 Message Transmission Optimization Mechanism (MTOM) Flat file Many industry-standard document stylesRedundancyShould support industry standard redundancy protocol like VRRP.Should support transparent failover between 2 devicesShould Supports active-standby and active-active redundancy.Management Should support the following Management ApplicationsSSHHTTPSConsoleSNMP (V1, V2 and V3)Should support GUI for configuration & monitoring

10 Helpdesk System

An ITIL based Helpdesk system would be used for assisting the service delivery for the DC. Helpdesk system would automatically generate the incident tickets and log the call. Such calls are forwarded to the desired system support personnel. These personnel would look into the problem, diagnose and isolate such faults and resolve the issues timely. The helpdesk system would be having necessary workflow for transparent, smoother and cordial DC support framework.

o Provide flexibility of logging incident manually via windows GUI and web interface.


Republic of Lebanon


o The web interface console of the incident tracking system would allow viewing, updating and closing of incident tickets.

o System should provide Knowledge baseo Provide seamless integration to events/incident automatically from the management

console.o Allow categorization on the type of incident being logged.o Provide classification to differentiate the criticality of the incident via the priority levels,

severity levels and impact levels.o Each incident could be able to associate multiple activity logs entries manually or

automatically events / incidents from other security tools.o Provide audit logs and reports to track the updating of each incident ticket. o Proposed incident tracking system would be ITIL compliant.o It should integrate with Enterprise Management System event management and

support automatic problem registration, based on predefined policies.o It should be able to log and escalate user interactions and requests.o It should provide status of registered calls to end-users over email and through web.

11 Operations and Maintenance

Provide 24x7 operating and maintenance services for a period of 3 years from the date of commissioning of the data center. The scope of the services for overall Physical and IT infrastructure management as per ITIL framework during this period shall include 24X7 Monitoring, Maintenance and Management of the entire Data Center, along with providing Helpdesk services. The scope of work during the operations phase is divided into following areas which are tabled below:

o System Administration, Maintenance & Management Services o Network Management Services o Backend Services (Mail, messaging etc.)o Server and Storage Administration & Management Services o Security Administration & Management Services o Backup & Restore Services o Physical Infrastructure Management and Maintenance Services o Helpdesk Services o Database Administration & Managemento Physical Security Serviceso Preventive Maintenance Serviceso Corrective Maintenance Serviceso Asset Management Serviceso Configuration/ Reconfiguration Management Serviceso Vendor Management Serviceso Virus Managemento Electricity & Diesel management


Republic of Lebanon


o Certificationso Patch Release Update management Etc.

12 Testing and Commissioning

Commissioning shall involve the completion of the Data Center site preparation, supply and installation of the required components and making the Data Center available to OMSAR for carrying out live operations and getting the acceptance. All the components would be tested by the oMSAR. Acceptance Test procedure has to be submitted by the bidder and approved by OMSAR. If required additional test may be proposed by OMSAR and the same need to be carried out by the bidder. Any tools and equipment required to carry out tests has to be arranged by bidder at their own cost. Acceptance testing shall be carried out before the commencement of Live Operations. The Data Centre would be tested for the following parameters:

o Electrical Requirementso Cooling & Environmental Controlo Smoke & Fire Detection, Prevention & Suppression requirementso Surveillance & Physical Securityo LAN Passive and Active Componentso Logical Securityo Training on the Data Center infrastructure.

All documentation generated during design, installation, commissioning and training phase shall be mandatory and be made available to the Tendering Authority.

13 Disaster Recovery Site

13.1 ObjectivesThe main objectives are:

o Maintain all IT service active in case of a major failure at the main site.o Restore the services back to normal quickly and efficiently.o Automate failover and fallback processes.

The included infrastructure is:

o Applicationso Operating Systemso Hardwareo Network Infrastructureo Monitoring and Management Solutiono Backup and Storage solution


Republic of Lebanon


13.2 Requirementso The site will be hosted in a major city other than Beirut where fiber optic is available at

nearby Central Office.o Ensure that the solution (hardware, software and network) is functionally equivalent to

the main site and that it meets the sizing parameters and the performance requirements.

o The site must be designed to act as warm disaster recovery site in active standby mode with the main site.

o Proposal for end to end virtualization solution are encouraged. The bidder should propose this solution and include why it is better than other alternatives.

o The solution architecture should be based on service oriented architecture (SOA) and open standard and should identical to the main site system. It should be high scalable and enable high performance and availability.

o Provide the same software for all software (GSB and portal etc.) which are functionally equivalent to the GSB production environment.

o The hardware solution should ensure no single point of failure in terms of hardware, software and network components and high availability and provide redundancy.

o The hardware solution must satisfy the security requirement at the main site.o The hardware solution must be integrated and compatible with the backup and storage

solution SAN at the main site.o The solution monitoring component should be integrated with the main site monitoring

solution.o The solution must achieve a Recovery Time Objective of xxxh and a Recovery Point

Objective of xxxh in Active/Passive scenario.o Capability of automatic and manual Failover (partial or complete) from and to the main

site.o The administrator should be able to remotely access all the components from the main

site and from the Internet.o The same guidelines (General, Hardware & Software and Network) should be applied for

the disaster recovery site.

14 Portal and GSB specifications

14.1 Government Service Bus (GSB)

14.1.1 Objectives

The goal of the is to become the principal platform of integration of services for the provision of various government electronic services and transactions, a provider of common value-added shared services used by all connected government ministries and entities and to standardize and simplify the mutual data exchange. The connected governmental entities will use a common


Republic of Lebanon


infrastructure for integration, sharing of data and the use of centralized shared services. The GSB standards ensure that the exchange between parties will run safely, reliable and efficiently.

The Enterprise Service Bus (ESB) is the core engine that enables deploying the OMSAR GSB platform.

14.1.2 GSB Requirements

14.1.2.1 General Design Requirement

o The solution software and hardware design should be based on a consolidated GSB and Portal as a single entity.

o Unified software (out-of-the-box solution) product for implementing and deploying a Service-Oriented Architecture (SOA).

o Bus-related engines that provide data transformation, XML and intelligent routing services and the communications bus.

o Support for the standard forms of connectivity such as Web services, J2EE connectors and JMS etc.

o Support for highly distributed deployment: services shall be accessed in a standard way without the need to understand the underlying technologies or global location.

o Fault avoidance, Fault tolerance and ease of use are major aspects of the ESBo Scalability is essential to enable ESB to deal not just with current projects but can also

provide an extensible, adaptable platform for future growtho Interoperability of the ESB messaging product with other messaging products.o A high level of performance is essential to ensure that newly integrated and automated

operations can be carried out effectively and efficiently, despite the inevitable spikes in demand for particular services

o Support integration with a wide range of third-party and legacy systems and services.o Support for extensibility (and extensions indistinguishable from the out-of-the-box

options). Provide entities to add capabilities themselves. For example: The capability to talk to an aging legacy system using a home-grown messaging system.

o An IAM (Identity Access Management) solution shall be proposed that has proven to have industrial-strength capabilities and is highly resilient, highly scalable and flexible in delivery.

o The integration between OMSAR GSB and remote ministries and agencies depends on the level of e-services readiness and can be deploy using the adapters or the web services if any.

14.1.2.2 ESB Requirements

The ESB shall be compliant to the following minimum features:

Category Capability DescriptionMessaging Content Based Routing Content-based routing seeks to

route messages, not by a specified destination, but by the actual


Republic of Lebanon


content of the message itself

Asynchronous actions Asynchronous actions are actions executed in non-blocking scheme, allowing the main program flow to continue processing

Synchronous Messaging Ability to simulate synchronous communications, whereby the calling program waits for a result before continuing processing.

Message

Validation

Validation is to simply verify that an incoming message contains a well-formed XML document and conforms to a particular schema or WSDL document that describes the message.

Publish/subscribe messaging and Store-and-forward messaging in real time.

Under publish/subscribe, information is published to any subscriber authorized to receive on a topic where a publisher is sending messages. Filters can be added to let subscribers further refine the information that matches their registered interest, a highly efficient way to operate in a many-many environment. Store-and-forward holds messages in situations where variable levels of availability are likely, such as in operations that cross many time zones. The information can be stored until the next step in the service is open for business

Protocol Translation Ability to translate from one type of communication protocol to another

Guaranteed Delivery WS-ReliableMessaging -describes a protocol that allows messages to be delivered reliably between distributed applications in the presence of software component,


Republic of Lebanon


system, or network failures.

Message Throttling Configuration to allow only a specific number of messages to reach the service in a specific

period of time

Failed Message Routing When a message fails on a receive port it is routed to a location where additional action can be taken

Load Balancing Ability deploy multiple instances of a service and use a load balancer to dispatch requests and spread out the service request traffic

Adapters FTP/HTTP/SMTP/POP3/IMAP

Support of multiple protocols

Framework for Custom

Adapters

Existing documentation/examples and or framework for creating custom adapters

EDI Support Transfer of structured data, by agreed message standards, from one computer system to another without human intervention

Message Transformation

Schema Mapping GUI tool to enable the mapping of schema’s and allows record mappings to be manipulated through the use of cut-and-paste or drag-and-drop.

Business Process Management (service orchestration and others.)

Rule Separation / Rule Reuse

Across Processes

Dynamic Reconfiguration Dynamically add new service producers and consumers to a scenario (orchestrations) at

runtime, without requiring a recoding of a process or service

Exception Handling Mechanism for handling


Republic of Lebanon


exceptions occurring within an orchestration gracefully

Long Running Transactions Orchestrations that take a long time to complete

Web Service Generation Ability to publish/generate web services from orchestrations

Atomic Transactions Centers around short-lived operations, or in other words, processes were the success or failure of a transaction is needed to be known rapidly.

WSCoordination Extensible framework for providing protocols that coordinate the actions of distributed applications.

Support BPEL (Business Process Execution Language)

Design, simulation, and execution of business

processes using BPEL4WS Version 1.1 and WS-BPEL Version 2.0 specification

Extensible API Support Ability to programmatically interact with Service externally. The services are the web services published within the ESB

Manageability (Operations and Management, Deployment and others)

Logging Logging of messages and ease of access to these messages

Poison Message

Handling (Repair, Resubmission)

A poison message is a message that has exceeded the maximum number of delivery attempts to the application. This situation can arise when a queue-based application cannot process a message because of errors.

A comprehensive error handling mechanism

Uniform mechanisms for identifying, managing, and monitoring both technical and business errors, with the ability to


Republic of Lebanon


customize specific error behavior as needed.

Performance Monitoring Tool for monitoring system behavior and performance

Message Tracking Tool to track messages as they flow through the Services Layer

High Availability Constant availability of a service regardless of the status of the hosting or dependent servers on which it runs.

Tracking and Debugging

Flows

GUI tool to allow for tracking and debugging of process flow.

Statistics Allow the information to be gathered dynamically in a live environment and monitor all business process by user-defined Key Process Indicator (KPI)

Service Provisioning

And Registration

Ability to compose new services and register them in a configuration-based fashion. Users can add or modify flows without having to restart components.

Data Archiving and Purging Mechanism to archive data, as well set parameters to purge data.

Ease of Application Deployment and migration

Tool to assist in deployment or migration of services, maps etc

Complex Event Processing

Prebuilt integrations for own and third-party event processing engines

Tool to manage publication management of business events

A business rules engine

Rule Authoring/Definitions GUI to be able to author business rules.

Versioning Ability to deploy new versions of business rules, ability to have several versions that can be deployed.


Republic of Lebanon


API (Design

and Runtime)

Published API for interacting with Business Rules from external applications

Security Content Encryption/Decryption

Support for encryption of message contents.

WS-Security WS-Security describes enhancements to SOAP

messaging to provide quality of protection through message integrity, message confidentiality, and single message authentication

Content based Authentication and Authorizations

Authentication or Authorization

based on the content of the messages

Digital Signatures Ability to use digital signatures to grant permissions

Non-Repudiation Ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message

Access & Single Sign On Security

ASSO Security Layer was designed to achieve single access point for e-Services and to support federated authentication request in the interregional domain. The layer of regional security has the priority to consolidate the system of Identity and Access Management, by making available authentication services through various authentication mechanisms (i.e. user id/password, smart card, etc.) and through the use of protocols such as WSS (security token X.509), SAML2.0 and XACML.

Federated Identity Management

An SOA approach that allows many forms of user credentials to support identity assertion and


Republic of Lebanon


transformation based on open standards

14.2 Portal RequirementsCategory Description

Design, Development & Layout

The portal categorize the following type of users:- National Citizens: Lebanese nationals- Government employee- Visitors- Residents- Immigrants- Companies (registered within the

ministry of economy) Citizen friendly design and layout so all categories of visitors find it

comfortable and easy to access the desired information with minimum hassle.

A Standardized format and enhanced graphical look for all pages; thereby establishing a unified theme throughout the portal.

Find Locate and access the desired information easily with minimum training.

Color scheme of the portal and the positioning as well as consistency of the design elements has to be such that it allows for legibility and easy reading. Different colors can be used for multiple profiles.

Design different views/profile per category/type of visitors Layout based on templates. The centrally-controlled site design and usability through templates enables separation of the design of the site and the content that needs to be posted on the site.

Dynamic content repository Multilanguage support (Arabic, French, English and Portuguese and

more). Normally Arabic is the default language of the website but language can be customized by visitor location.

Spell check: to ensure that the content on the site is checked before publishing

Revision tracking and history Support for a Service Oriented Architecture that facilitated

development on the SOA model using XML Web Services Support for the open Internet standards, such as HTTP, XML and

SOAP which are used to exchange data between the portal and the remote applications within the ministries shall be built into the Portal’s architecture.

Navigation Architecture

A clear and unique navigation scheme across all pages and sections. The navigation scheme should formulate and regulate the use of the combination of the following:


Republic of Lebanon


- Top Menu- Breadcrumb- Left and Right Menus with dropdown

and drilldown functionality- Shortcut links to most popular or

essential pages (Highlight new information in a prominent manner)

Link to a “Site Map” pageAccessibility Universal accessibility of the Portal through web, mobile, PDA … to

the entire cross-section of the target visitors including people with certain disabilities.

Portal must be functional on as many browsers as possible without being technology or platform dependent.

Portal must be conformant to the Web Content Accessibility Guidelines 1.0 developed by the World Wide Web Consortium (W3C)

High-speed upload/download response times for low-end to high end users (consider the ADSL speed available in Lebanon ex: 128kbps to 256kbps) that are used by the average citizen.

Online search result via Google or any search engine should appear first in the search results. SEO or search engine optimization is a practice to making the portal attractive to search engine.

Reliability Disclaimers, privacy and security policies, terms and conditions and copyright information to encourage people to use e-government services and information

All access to the portal must be logged and auditable IT monitoring—Capabilities to observe the resources to ensure

they’re running properly Content Public Administration Structure Profile (General Description,

Organization Chart, Mandate of each entity…) Government initiatives (E-Government roadmap publication and

updating, E-government strategy,...)shown in a prominent manner Government accomplishment in terms of e-government (GIS portal,

COOP, Government repository, Government Forms Standardization Project...) shown in a prominent manner.

Procurement Section (tenders...) Latest news (can include both above section, Media releases,

speeches and other relevant public information released by the entities or be presented in different sections...)

Classification or Segmentation of information according to citizens, companies, residents and visitors or immigrants etc…. Each section has a different kind of information for each type of visitor.

Categorization of content by topics, services, sector or profession (: A-Z index, Services, ministries, entities, NGO etc...)

List all ministries with complete contact details (phone, fax, e-mail, address, interactive maps, contact person ...)


Republic of Lebanon


List relevant Lebanese laws section (or direct to www.lebaneselaws.com)

Personalize some areas of the portal to a visitor’s area of interest. A section “Do it at Anywhere, Anytime” instead of “Do it Online”.

Update the sites on a regular basis specifically dynamic section like “latest news”.

Section for citizen suggestions, complaints and feedback using online surveys or other means of delivery.

Advanced search features and search tips with search for information in other government services to allow visitors to easily find services and content. It should support standards based open interfaces such as XML and HTTP. It shall also support content in multiple formats such as Microsoft Office (Word, PowerPoint, Excel), html, pdf, etc. It should enable users to restrict search to specific data types

Location locator (hospital, ministries ...) Live web chat/blogs Careers section for government jobs. Audio and video clips..? Ads for government entities (initiatives, news, jobs...) Basic Authentication to open up access to personalized pages. We

intend to use Username/Password based authentication for citizens. Provision for integration with a single sign-on application with the latest industry standards-based security protocols and algorithms.

Site Tutorial. Site Map FAQ The page must carry the date the page was last modified. The

modified date must be displayed in full text format and should also be included in the page metadata.

Provide link on all pages to mandatory elements of the website, i.e., all pages shall contain the following links to these elements of the web site:

o About uso Contact uso Feedbacko Sitemapo Search

Content management system (CMS)

Support for standard, proven, commercially off the shelf available software for Content Management System.

Implement content management application for managing publishing of content that will include the whole workflow and tasks such as Authoring, Aggregating, Reviewing, Approving and Publishing of content.

Ensure that pre-defined approval process is implemented for accurate content in consistent format. Identify Content Owner(s) is necessary to maintain different versions and publish content on the


Republic of Lebanon


web portal for the defined time interval only Shall offer complete feature sets for content contribution and

delivery, site development, and enterprise site management such as content creation for non-technical business users, content delivery to multiple audiences and devices, and site development.


Documents

E-Government Program - United Nationsunpan1.un.org/.../documents/un-dpadm/unpan042897~1.docx · Web viewOMSAR has initiated a global Three year roadmap for the implementation of an