Tender for Wireless Network and Network Access Control
Wireless Network Solution. This may be an expansion or a replacement of the current Juniper system (215 APs). It is envisaged that a total in excess of 1 000 APs will be necessary to provide the coverage and capacity required.
United Kingdom-Stirling: Ethernet network
Section I: Contracting authority
University of Stirling
Procurement Services, Finance Office, Room 2B10, Cottrell Building
For the attention of: Colin Elliott
FK9 4LA Stirling
Telephone: +44 1786467104
General address of the contracting authority: http://www.stir.ac.uk
Address of the buyer profile: http://www.publiccontractsscotland.gov.uk/search/Search_AuthProfile.aspx?ID=AA00112
Electronic access to information: www.publiccontractsscotland.gov.uk
Electronic submission of tenders and requests to participate: www.publiccontractsscotland.gov.uk
Further information can be obtained from: The above mentioned contact point(s)
Specifications and additional documents (including documents for competitive dialogue and a dynamic purchasing system) can be obtained from: The above mentioned contact point(s)
Tenders or requests to participate must be sent to: The above mentioned contact point(s)
Section II: Object of the contract
Main site or location of works, place of delivery or of performance: Stirling, Scotland, UK.
NUTS code UK
Duration of the framework agreement
Duration in years: 4
A key theme of the University of Stirling Information Strategy is enabling users to access core University services via their own mobile devices, at any time, from any location. Since wireless networking is often the sole connectivity option for such devices, it is imperative that the University offers a comprehensive, high-quality wireless service in all its buildings which include teaching, administration and residence buildings. Now that Wi-Fi offers throughput exceeding that of wired Fast Ethernet, many users choose it instead of a fixed network connection, whilst still demanding comparable levels of performance and reliability. The University already has ‘hot-spot’ wireless coverage in selected areas of some buildings, but now requires the coverage to encompass all areas mentioned above, and capacity in teaching spaces to be increased to satisfy the possible maximum demand.
Another high priority for the University is preserving the security of the network, and data held on systems connected to it. It is required that only authorised users and devices are allowed to connect to the wired and wireless networks and that any device which is found to be a threat to network security can be suitably quarantined to prevent possible disruption to other users, whilst offering the user options for remediation. To achieve this goal, the University requires a flexible Network Access Control (NAC) system to be introduced, that will be integrated with the wired and wireless network infrastructure, and user authentication databases.
Both aspects of this project – Wireless Network and Network Access Control – are to be completed by the end of July 2014.
Wireless Network Solution
This may be an expansion or a replacement of the current Juniper system (215 APs). It is envisaged that a total in excess of 1 000 APs will be necessary to provide the coverage and capacity required. It is required that the solution that is implemented will be supported for a minimum of five years and can be expanded by the addition of the most current hardware available at the time of the expansion throughout the lifetime of the original system. It is estimated that a further 250 APs may be required for new builds during this period. This, and any other expansion requirements, will be purchased via the framework.
The minimum standard for the solution is IEEE 802.11n though there may be a case for “pockets” of IEEE 802.11ac. Bidders are expected to propose the appropriate AP and antenna hardware for the coverage and capacity specified for each defined location.
The key objective for the wireless network is that the end result is a single manufacturer system, administered by only one management product. The solution will provide a minimum basic coverage throughout virtually every building on the Stirling campus, and some off-campus residential accommodation in Stirling and Bridge of Allan. The scope of this tender excludes the Inverness and Stornoway campuses.
In some specified parts of the included properties the wireless infrastructure will need to provide adequate capacity (over and above basic coverage) for the numbers of users who may require concurrent connectivity e.g. lecture theatres. For these spaces the required capacities will be provided in the ITT.
The solution must be a centrally managed system such that:
— firmware updates and configuration information can be distributed to APs from a single source using the management tool
— client roaming is possible wherever there is contiguous wireless coverage
— automatic load balancing of clients amongst adjacent APs
— APs operate collaboratively to ensure optimal performance for clients of the system as a whole, for example in response to localised changes in the RF environment
Network Access Control Solution
This is required to:
— work on both wired and wireless networks and cover all points of access to the University network
— provide a mechanism for posture checking any device connected to the network but allow granularity of specification (e.g. by device type, functionality, or specific device) as to what devices must be posture checked, what checks must be performed, and what actions should be taken according to the results including placing the device into a remedial network
— identify when a device that is connected is a domain machine and allow a user of it free access to network resources to which they are entitled on submission of their user credentials
— for non-domain devices (BYOD), provide for:
o devices being used by individuals with logon credentials – in these circumstances the device will be ‘associated’ to the user the first time they log on using their credentials. They will be offered the opportunity to ‘onboard’ the device (providing the device is capable of it) so that in future they will not necessarily be required to enter their personal credentials when they reconnect to the network. University IT security policy may require that even users of onboard devices must personally authenticate periodically.
o devices being used by individuals unknown to the University for network access purposes. The users of these devices must register (provide a minimum amount of personal information e.g. mobile phone number or email address) and accept an AUP statement in order to obtain limited access to network resources
o all of the above functionality to be implemented on a self-service basis
— for network attached equipment, such as printers, CCTV cameras, IP telephone handsets, a facility to pre-register the devices within the NAC system such that they will work immediately on first connection
— completely deny access to any device/user combination which does not conform to one of the above requirements
— provide for an appropriate number of authenticated devices (based on initial user numbers of approximately 12 731 staff and students, plus an unknown number of sponsored users to whom logon credentials will be issued, and a further unknown number of casual users who will not be granted logon credentials. Each user may wish to authenticate up to three devices simultaneously). The NAC solution must be capable of expanding above this number by 20 % per annum over its lifetime, and such expansion with be catered for through the framework
— process authentications from a minimum of 600 wired network switches plus the number of authenticators provided as part of the wireless network solution
— have a role-based configuration and management interface which provides for multiple levels of admin users, such as the network team, help desk staff, and guest account sponsors each having different system control permissions.
The wireless network and NAC solutions must work together and ideally share a common management platform for configuration and monitoring.
Both wireless network and NAC solutions must fully integrate with, and exploit the functionality of, the existing Cisco wired network infrastructure.
In addition to wireless hardware and the NAC solution the successful bidder will be providing the overall solution design, project management services, structured cabling installation (Brand-Rex, Cat5e) for the wireless access points, equipment and software configuration, training, and post installation maintenance services.
The appointed framework supplier is not required to supply edge switching equipment.
Infrastructure hardware on which the software components of the solutions will run may be supplied to the University as appliances. Alternatively bidders may provide detailed system requirements (minimum and recommended) for server hardware which the University will then procure independent of this tender. The University will not accept proposals for “servers” to be provided by the bidder.
There should be no loss of Wireless Network coverage in the event of the failure of any single AP.
Likewise, there should be no failure of Wireless Network service owing to the failure of a component other than an AP (e.g. an appliance, a server, an edge network switch, or the power supply to a network cabinet). Therefore high availability of appliances/servers and diversity of cabling routes must be considered.
NOTE: To register your interest in this notice and obtain any additional information please visit the Public Contracts Scotland Web Site at http://www.publiccontractsscotland.gov.uk/Search/Search_Switch.aspx?ID=283064
The buyer has indicated that it will accept electronic responses to this notice via the Postbox facility. A user guide is available at http://www.publiccontractsscotland.gov.uk/sitehelp/help_guides.aspx
Suppliers are advised to allow adequate time for uploading documents and to dispatch the electronic response well in advance of the closing time to avoid any last minute problems.
— System design including specification of AP types for each location, appropriate cabling routes to meet resilience requirements, specification of edge port numbers and power requirements
— Prior to installation, a comprehensive RF survey of the site to validate the proposed design
— Supply, installation and configuration of Wireless Access Points, any associated additional hardware and required structured cabling as per the University’s Generic Cabling Specification
— A Wireless Network Management System to configure, administer and monitor the Wireless Network
— A post-installation RF survey to provide evidence that the coverage meets the stated requirements
— Seamless integration with the NAC solution
Scope of NAC
— System design
— Supply, installation and configuration of the hardware and software components
— A Network Access Control Management System to configure, administer and monitor the NAC solution
— Implement new NAC system to replace legacy VPN NAC solution (all of the wireless network, and the wired network in residences and public access locations) by the end of July 2014
— Demonstrate operation of the solution on the wired network infrastructure to members of the Systems and Network Services team, such that this element can be deployed on the remainder of the wired network beyond the end of the initial project
— Seamless integration with the wireless solution
For both elements
— In conjunction with the Systems and Network Services team, develop an IP addressing and VLAN plan
— Conduct pre-staging of all equipment as necessary
— Train relevant staff in the use of the Management Software package(s) for the management, administration and troubleshooting of the systems
— Provide comprehensive system and configuration documentation
— Provide comprehensive hardware and software maintenance services as specified
— Provide a comprehensive technical support service
Section III: Legal, economic, financial and technical information
All information required will be stipulated in the pre-qualification questionnaire (PQQ) which should be downloaded at the address of the buyer profile shown at 1.1 of this notice. The PQQ must be completed and returned together with all the supporting documents no later than the deadline shown at IV3.4 of this notice.
Section IV: Procedure
Objective criteria for choosing the limited number of candidates: Financial capacity, technical capacity, relevant experience, accreditations and business probity.
Section VI: Complementary information
Prior to any contract award, the Contracting Authority reserves the right to verify that the economic and financial standing of the economic operator which submitted the most economically advantageous tender has not materially deteriorated from that disclosed by that economic operator’s responses to the pre-qualification questionnaire. Where such verification identifies that the economic and financial standing of that economic operator is no longer as previously described to the Contracting Authority and that any of the grounds for rejection specified in Regulation 23 of the Public Contracts (Scotland) Regulations 2006 apply to the economic operator or the economic operator no longer satisfies the intimated minimum standard of economic and financial standing required, then the Contracting Authority shall be under no obligation to award a contract to that economic operator and will have the right to award a contact to the economic operator whose tender following evaluation received the next highest score.
University of Stirling
Procurement Services, Finance Office, Cottrell Building
FK9 4LA Stirling
VI.5)Date of dispatch of this notice:22.11.2013