4254-BID-RFP ADDENDUM REV.09procurement.dadeschools.net/bidsol/pdf/bids/add2_rfp-18... · 2019-05-09 · 1. Is there a preference of manufacturer for the Anti-Virus & Endpoint Protection

THE SCHOOL BOARD OF MIAMI-DADE COUNTY, FLORIDA SCHOOL BOARD ADMINISTRATION BUILDING

Procurement Management Services 1450 N.E. 2nd Avenue, Room 650

Miami, FL 33132

BID/RFP ADDENDUM

Direct All Inquiries To Procurement Management Services

Buyer's Name: PHONE: (305) 995- Email:

TDD PHONE: (305) 995-2400

Date:

Addendum No.

BID/RFP No. BID/RFP TITLE:

This addendum modifies the conditions of the above-referenced BID/RFP as follows:

All information, specifications terms, and conditions for the above-referenced BID/RFP, are included on the document posted on the Procurement Management website at http://procurement.dadeschools.net

The attached pages containing clarifications, additional information and requirements constitute an integral part of the referenced bid. If your bid/proposal has not been submitted, substitute the pages marked REVISED and mail your entire bid/proposal package.

I acknowledge receipt of Addendum Number

PLEASE NOTE: If your firm has forwarded a copy of this bid/proposal to another vendor, it is your responsibility to forward him/her a copy of this addendum.

(PLEASE TYPE OR PRINT BELOW)

LEGAL NAME OF BIDDER:

MAILING ADDRESS:

CITY, STATE ZIP CODE:

TELEPHONE NUMBER: E-MAIL I.D. FAX #

BY: SIGNATURE (Manual): OF AUTHORIZED REPRESENTATIVE

NAME (Typed): OF AUTHORIZED REPRESENTATIVE

TITLE:

FM-4254 Rev. (09-17)

Delvin Padilla

[email protected]

05/09/19

2

RFP-18-053-DP Anti-Virus & Endpoint Protection

The attachment provides answers to the questions received. All other terms and conditions of the RFP remain the

same.

2


Questions & Answers

Page 1 of 14

1. Is there a preference of manufacturer for the Anti-Virus & Endpoint Protection

software? I am looking at Falcon Endpoint Protector and Microsoft Forefront

Endpoint Protection Antivirus.

No, we do not have a preference.

2. How many netapp servers are in the environment?

There are 8 NetApp appliances

3. How many users are connecting to the netapp servers?

45,000, faculty staff

4. How many workstations vs. servers are in the entire environment? Out of the 270,000

endpoints listed, are any of those servers? If so, how many and what are the operating

systems?

The District has approximately 315,000 clients which include about 4,100 servers.

However, the scope of this RFP may only cover a small subset of the population,

constrained by the allocated budget. In order of priority, the District wants to secure

the SAN, SharePoint servers, Internet facing web servers, and then other

servers/workstations as budget permits.

5. Does MDCPS intend to run the proposed solution alongside the current solution

(Microsoft) or completely replace it?

Depending on the solution.

6. Is MDCPS able to review and accept a 5yr proposal or should the pricing be

presented as an initial 3yr purchase/quote, then 1yr renewal costs for both option

years after?

We are looking for a solution to be implemented on an annual basis.

7. Will the purchase be for 3 years upfront or 1 year at a time?

The initial purchase will be for one year and will be extended/renewed each year as

necessary.


Questions & Answers

Page 2 of 14

8. How many admins/users require training for the solution and management console?

Approximately 12

9. Are there any legacy XP machines or Windows 2003 servers in the environment still?

If so, how many XP machines and how many 2003 servers are there in the

environment?

Windows XP and Windows 2003 devices should be considered in the response (not to

exceed 800 devices total).

10. What are the expectations for deployment assistance e.g. remote or on-site?

No preference

11. What Anti-Virus solution are you using on your servers?

Microsoft System Center Endpoint Protection

12. Can you provide a copy of the sign in sheet?

Please see attachments.

13. What is the total number of school-owned devices to be covered by the proposed

solution?

See response to question #4

14. What are the types of operating systems and number of computers per OS?

Operating systems range from end-of-life to current OS.

15. What is the current District SIEM?

Solution should support industry standard syslog

16. What is the estimated cost of the RFP #RFP-18-053-DP for Anti-Virus & Endpoint

Protection?

The District has allocated $450,000 over 3 years


Questions & Answers

Page 3 of 14

17. Has the Department allocated funding for the RFP #RFP-18-053-DP for Anti-Virus &

Endpoint Protection yet? If so, through which source (budget, CIP, state/federal

grant, etc.)? If no funding is secured, which sources will be sought and when? If

utilizing a grant, would you be able to specify which one?


18. When does the Department want this solution to be implemented by?

Within a reasonable timeframe from the selection of a solution

19. What other systems will have to integrate or interface with the RFP #RFP-18-053-DP

for Anti-Virus & Endpoint Protection, and what vendor provides each system?

Solution should support industry standard syslog

20. Does the Department need to replace or upgrade any of the integrated systems in the

next 5 years? If so, which system and when?

All relevant systems have been considered and included within the RFP; future

replacements or upgrades are irrelevant at this time.

21. What vendor provides the current Solution? When does the contract expire?

Microsoft. This RFP is not necessarily a replacement of the current solution, but

rather a targeted approach to increase security where needed.

22. At the point of the closure, who will be the technical point of contact for the RFP

#RFP-18-053-DP for Anti-Virus & Endpoint Protection project?

ITS Network Services department

23. Does the Department anticipate any professional or consulting services may be needed

through separate procurements to accomplish this effort? (i.e. project

planning/oversight, PM, QA, IV&V, staff augmentation, implementation services

etc.)? If so, what services does the Department desire and how do they anticipate to

procure?

All services necessary for implemention should be included within this proposal; no


Questions & Answers

Page 4 of 14

additional professional or consulting services should be considered necessary at this

time.

24. Aside from this solicitation, is the Department looking into any other technology

projects within the next 3 years? No relevant projects to be considered at this time. If

so, what kind?

• What are the drivers for these project(s)?

• How does the Department plan to procure the potential project(s)?

• When does the Department want them to be implemented?

25. As it relates to antivirus/Malware/Security protection for a NetApp Clustered

ONTAP CIFS environment, could you elaborate on the intended goal? Is it for

example to scan the repository?

The primary objective will be to scan the repository

26. What end of life operating systems are part of the project?

End of life operating systems may include the following:

Windows XP

Windows 2003 Server

Windows 8

27. What is the projected date to retire such EOL operating systems?

There is no hard date to retire such EOL OS

28. How many total systems are to be part of the scope of the project?


29. Is this a budgeted project?


30. When will M-DCPS make a decision?


Questions & Answers

Page 5 of 14

Our goal is to make a decision by the end of September 2019, depending on how long

the evaluation process lasts.

31. Once a decision is made, how long before a purchase order is issue and project

begins?

This will be determined at the time of award.

32. The document does not classify high value assets nor does it require a different level

of protection for such. Are high value asset part of the scope of this project and if so,

will M-DCPS require a different set of features/abilities to protect such?

High value assets may be in scope for this project and, as such, should be considered.

Integrated features with this consideration in mind will be considered.

33. We did not find a clear approach to EDR (Endpoint Detection and Response) nor a

defined strategy. In addition to the brief hash search requirement, are there any other

requirements on threat hunting and/or EDR to include remediation?

Please clarify this question.

34. Could you add additional detail on the requirements for the forensic utilities request?

The solution should ideally provide information regarding the origin/entry

point/infection vector/lateral communcations/etc of a malware infection/outbreak.

35. Please list all operating systems versions that are part of the scope.

The following operating systems should be considered:

Mac OSX

Windows Server 2019

Windows Server 2016

Windows Server 2012 R2

Windows Server 2012

Windows Server 2008 R2

Windows Server 2008

Windows Server 2003

Windows 10

Windows 8.1

Windows 8

Windows 7


Questions & Answers

Page 6 of 14

Windows Vista

Windows XP

36. As it relates to “The solution should have an option to escalate support or mitigation

concerns to security analysts at no additional cost or at a reasonable cost”, could you

elaborate? Are the security analysts park of the M-DCPS staff or external? Do you

require an incident response team be ready to engage?

The RFP refers to an external support or incident response team.

37. What are the requirements around false positives?

False positives should be kept to a minimum.

38. As it relates to “Deployments should have forensic utilities that allow staff to research

the origin of a malware infection.”, what utilities are required?

The solution should ideally provide information regarding the origin/entry

point/infection vector/lateral communcations/etc of a malware infection/outbreak.

39. On Section 2.3.h, what are the specific requirements?

There is no specific set of requirements other than information should be provided

regarding typical operating parameters for the solution; a solution cannot have a

significant impact of the operation of a device or render a device useless due to high

resource usage.

40. On Section 2.3.k, how long do you require this retention period?

This parameter should be configurable, potentially for up to 12 months.

41. On Section 2.3.1.i, do you require a custom SLA? If so, could you please provide

details?

A custom SLA is not required; however, if there is a custom SLA, variances from a

standard SLA must be specified.

42. What SIEM solutions are used by M-DCPS?

Must support SYSLOG output.


Questions & Answers

Page 7 of 14

43. On Section 3.1 PRICE PROPOSAL, could you please indicate the number of devices

under each of the requested Solutions 1 through 4?

The number of devices for each solution may be anywhere from 10 to 315,000 devices.

44. How many Windows, Mac, and Linux endpoints does Miami Dade Public Schools

have? (both client and server)


45. Which end-of-life operating systems is Miami Dade Public Schools looking to

support?

Windows Server 2003

Windows XP

46. What is the projected budget for this project?


47. Section 2.3.b mentions the deployments should have forensic utilities but doesn't

define capabilities further than researching the origin of a malware infection.

• Are there any specific forensics that we should aim to collect? The solution

should ideally provide information regarding the origin/entry point/infection

vector/lateral communcations/etc of a malware infection/outbreak.

• Is Process Lifecycle monitoring and recording a requirement? Not a

requirement

48. Based on the complexity of this RFP, will Miami-Dade consider an extension for all

vendors to either 5/10 or 5/14?

The due date was extended to May 21, 2019.

49. Training – We understand that MDCPS is not looking for long term managed services

but can MDCPS provide more detail regarding expectation for training services

associated with this solution? The specific RFP wording is for training “..during

installation/migration process and beyond.” Can MDCPS clarify how beyond is

defined? Are you looking for training just within the time of implementation? Would


Questions & Answers

Page 8 of 14

MDCPS like to have an expert on site for a set period of time to be available to

monitor and provide support to staff after implementation? Is MDCPS looking for

someone to be available through the possible 5 year contract period for training?

Training should be provided during implementation and migration, and potentially

available on an as-needed basis beyond that period (for example, during upgrades

and/or major release changes) M-DCPS is not looking for a long term dedicated

training resource.

50. Sample Agreement – Can MDCPS provide the sample agreement in Word format so

vendors can review and provide comments as needed? Currently section 6 is an image

and it is not editable.

Please see attachments. The sample agreement has been provided in PDF format.

51. Solution 1 – Antivirus/Malware/Security protection for a NetApp Clustered ONTAP

CIFS environment

• What is the count NAS systems?

The CIFS environment consists of 26 Storage Virtual Machines (SVM)

• What is the count of users per NAS?

It varies due to authorization. Some shares are available to all employees.

• What is the NAS systems the attached storage in TB’s?

70TB

Solution 2 – Anitivirus/Malware/Security protection for the enterprise Microsoft

Sharepoint system

• How many users for Sharepoint should be in scope for this RFP response?

TBD, could include total user population up to 400,000+

Solution 3 – Antivirus/Malware/Security protection for public-facing web and

application servers hosted in the District data center (may include end-of-life

operating systems)

• How many servers are in scope for this RFP response including the end-of-

life server OS’s?



Questions & Answers

Page 9 of 14

• What OS are the EOL servers running? How many of each EOL OS?

Windows Server 2003

Windows XP

Approx 800 EOL devices in total

Solution 4 – Antivirus/Malware/Security protection for desktop operating systems as

needed (may include end-of-life operating systems)

• For the end-of-life operating systems, what are the OS’s and how many of

each would need to be included in this request?

Windows Server 2003

Windows XP

Approx 800 EOL devices in total

52. 2.3.2 TECHNICAL SPECIFICATIONS

“Server and desktop solution must support Windows Client & Server, and Mac OS,

possibly to include End-Of-Life OS versions.”

• What is the count of each of the End-of-life Operating Systems?

Microsoft Windows XP

Microsoft Windows Server 2003

“Interoperability with the District’s current endpoint solution may be required

(Microsoft Endpoint Protection).”

• What interoperability is required?

The proposed solution should not disable or hinder the existing solution,

should those solutions be required to co-exist.

53. 3.1 PRICE PROPOSAL

“Solution 4 – Antivirus/Malware/Security protection for desktop operating systems

as needed (may include end-of-life operating systems)”

• What is the FTE (full time equivalent) # at MDCPS? (Typically, the same

number provided to Microsoft for their EA)

The FTE is approximately 356,000.


Questions & Answers

Page 10 of 14

• Will MDCPS entertain a multiyear term as an optional price proposal if it is

beneficial to MDCPS and show substantial discounts?

Please see the answer to questions 6 and 7.

54. Must you respond to all (4) Four Solution Options in order to be considered?

No, a response to a single solution option will be considered

55. Can a response have different Manufacturer solutions for the different Solution

Option? For example, Solution Option #1 - Product ABC from manufacturer XYZ

and Solution Option #2 - Product 123 from manufacturer YYY

Yes

56. Can a response have different Manufacturer solutions for an individual Solution

Option?

• For example, Solution Option #1 – have Product ABC from manufacturer

XYZ and Product 123 from YYY

Although different solutions can be provided for different options, any single

option should consist of one recommended solution. There must be a

significant difference in operation to recommend more than one solution per

option. The District is looking for the best recommendation as part of the

bid.

• Or would you prefer we submit 2 separate bids for Solution Option #1?

57. Is the District looking for a 1year, 3year, or 5year pricing?


58. Has a budget been established for this RFP?

A budget request has been submitted

59. What is the total number of end-points looking to be protected?

• Desktop, Laptops, Mobile devices? Up to 309,461

• Servers? Up to 4,200


Questions & Answers

Page 11 of 14

• NetApp Storage? 8 Appliances


60. Pricing for Option #4, please provide a target number of endpoints to be priced? 50K,

100K, 600K?


61. References – these need to be Product References and not the reseller references,

correct?

Yes

62. Resumes - are you looking for Partner Resumes or Manufacturer Resumes?

Please see Item 5 in Section 4.1 – Contents of Proposal. This is for the proposer’s

qualification, not the manufacturer’s (unless the manufacturer is submitting a

proposal themselves).

63. Scope of Implementation – are you looking for Partner or Manufacturer to

implement and provide the services?

Assistance with implementation may be required; beyond implementation, the

solution will be managed by M-DCPS staff

64. How is the content on the Sharepoint servers accessed? Is it via HTTP and HTTPS

only?

Yes

65. How many web applications are to be protected?

Answer may vary, depending on what systems can be covered by this current bid.

At this time, the District is constrained to a fixed budget and will attempt to cover as

many systems as possible.

66. What is the total bandwidth for the web application environment?

Answer may vary, depending on what systems can be covered by this current bid.


Questions & Answers

Page 12 of 14

At this time, the District is constrained to a fixed budget and will attempt to cover as

many systems as possible.

67. What is the ratio of HTTP to HTTPS traffic?

Clarification needed on this question. Internet-facing web servers are a mix of HTTP

and HTTPS.

68. Can we get additional detail about the OS versions that need to be supported by the

solution? Approximately how many of each?

Mac OSX

Microsoft Windows Vista

Microsoft Windows 8


Microsoft Windows 8.1

Microsoft Windows 7

Microsoft Windows 10




Microsoft Windows Server 2012 R2




69. What is the average number of endpoints at each location?

Average number of endpoints is approximately 1000/location

70. What type of connectivity is between each of the sites? What is the bandwidth of the

connections?

250 mbps - 1 gbps, depending on need

71. Do each of the locations have direct access to the internet or is traffic routed through

a central datacenter?

Routed through the datacenter

72. What are the end of life O/S the district is looking to support?


Questions & Answers

Page 13 of 14

Windows XP

Windows 2003

73. What “end of life” operating systems are being used?

Windows XP

Windows 2003

74. How many users are accessing the desktops / laptops / workstations for infrastructure

you want to protect under the scope of this project?


75. What operating systems are you using?

Mac OSX

Microsoft Windows Vista

Microsoft Windows 8


Microsoft Windows 8.1

Microsoft Windows 7

Microsoft Windows 10








76. How many users access the SharePoint servers, roughly?


77. Are the servers under this project physical, or are they running virtual servers on

VMWare?

These are virtual servers on VMWare

78. SharePoint servers…how many users are accessing those SharePoint farms?


Questions & Answers

Page 14 of 14


79. Are those servers running on VMWare, or are they hosted on other hardware (if so,

how many servers are in the SharePoint farms)? How many total SharePoint servers

are there?

There are 15 SharePoint servers

Documents

4254-BID-RFP ADDENDUM REV.09procurement.dadeschools.net/bidsol/pdf/bids/add2_rfp-18... · 2019-05-09 · 1. Is there a preference of manufacturer for the Anti-Virus & Endpoint Protection