OFFICIAL RECORD DOCUMENT # PRDE-OSIATD-2018-003 …intraedu.dde.pr/2018003Wireless Equipment and Services RFP/DOC GROUP 4. VENDOR...(Cisco Meraki Cloud Managed Wireless and Fortinet

OFFICIAL RECORD DOCUMENT # PRDE-OSIATD-2018-003-WIRELESS EQUIPMENT AND SERVICES

Owner

Typewritten Text

Owner

Typewritten Text

Owner

Typewritten Text

Owner

Typewritten Text

4.C-1_IBM PROPOSAL_TAB 1 COVER PAGE

TAB 1 Cover Letter

TAB 1: Cover Letter Proposers shall include a cover letter signed by an authorized representative of the Proposer. The cover letter must contain a commitment to provide the services described in the Proposer’s proposal, and a written acknowledgement to agree to enter into a written contract with the Department for the proposed equipment and services, if selected. The letter shall also include a brief narrative description of the Proposer and its service offerings.

IBM Cover Letter attached on following pages.

654 Munoz Rivera Ave. San Juan, PR 00918

January 11, 2019

José L. Narváez Figueroa Office of Information Systems and Technology Support (OSIATD) Puerto Rico Department of Education Corrections Building, 4th Floor Tte. César González, Esquina Kalaf Urb. Industrial Tres Monjitas Hato Rey, PR 00926

Dear Mr. Narváez,

International Business Machines Corporation (IBM) is pleased to submit this proposal in response to the Commonwealth of Puerto Rico Department of Education’s RFP: PRDE-OSIATD-2018-003-WIRELESS EQUIPMENT AND SERVICES. We understand the intent of this RFP is to provide robust wireless access with 100% coverage in every school and non-instructional facility. By providing technology parity to the students of Puerto Rico, the PRDE will allow educators to effectively integrate technology into the daily student curriculum, thus expanding the teaching capabilities of every teacher and the learning potential of every student, and is harmonious with the PRDE four main goals:

§ Improve student academic achievement § Attend to the needs of the whole child, not just academics § Access to high quality professional development for teachers and principals § Right size the system for better use of resources, immediate response and effective problem

solving

Our proposed solution incorporates the PRDE core values, innovation, excellence, equity, accountability and transparency, leadership and co-responsibility, and is consistent with your requirements in the RFP which at a high level are:

§ Procurement, configuration and installation of up to 70,000 access points (56,000 indoor and 14,000 outdoor) and enclosures

§ Provide a fully Cloud Managed solution § Provide managed services including on-site warranty support § Provide training to OSIATD technicians

Based upon our knowledge of your business, functional and non-functional requirements coupled with a sincere desire to deliver value, IBM thoroughly compared multiple wireless solutions and vetted 2 solutions (Cisco Meraki Cloud Managed Wireless and Fortinet FortiCloud) in the form of a Proof of Concept (POC) at PRDE School, 60038 - Julian Blanco. As a result of this due diligence, IBM recommends the Cisco Meraki Cloud Managed Wireless Solution (Meraki), which performed optimally and proved to be stable, reliable, scalable, manageable and available network.

The Meraki Solution is utilized worldwide across many industries, inclusive of K-12 Education. Meraki boasts an impressive install base of over 3 million access points and 1.8 million networks. Meraki’s popularity is driven by its capabilities, ease of use and cost of ownership. Some of these high-level capabilities are:

§ Highly available, redundant cloud "wireless controller" with SLA of 99.99 percent up time § Centralized management with network-wide visibility and control in one central dashboard § Automatic, built-in monitoring and alerts via email, SMS, or even push-notifications via a mobile

application

§ Automatic firmware upgrades for the entire network

§ Remote, robust troubleshooting tools § Ability to create separate service set identifiers (SSIDs) for network access based on usage § Multiple languages on per user basis including English, Spanish, French and Dutch § Built in customizable guest Splash page (captive portal) and social media login § Integration with Azure Active Directory § Robust reporting available on demand or schedule for automatic delivery at a frequency desired by

the user § Log retention of various length depending on logs § All-inclusive licensing - No added fee for reports, log retention or 24X7 support § Limited Lifetime warranty on MR42 indoor AP with advanced replacement (replacement of

defective unit is shipped to client prior to Meraki receiving faulty unit back) § 1 Year warranty on MR74 outdoor AP with advanced replacement § Paid shipment cost to and from client location for replacement of defective devices § Product support up to 7 years from End of Sale (last order date). End of life is announced 6 months

prior to End of Sale. § 1 day on line training on Meraki at no charge

Successful deployments don’t just happen, they are planned and meticulously executed. This requires a high performing team with in depth knowledge of our client’s business, goals, culture and people. IBM brings an approach and team which is backed by years of experience in large complex project deployment and is adept at implementation and providing warranty support services for the PRDE. The IBM team consisting of IBM, Truenorth Corporation and Martel Inc. resources are ready to start delivering this most important and strategic project for the PRDE.

Keeping 70,000 access points operating optimally with minimal downtime is no easy feat. Again, as with implementation, we plan for success. Our team, experienced in providing break fix and warranty support for the PRDE, will monitor and manage the PRDE wireless access point networks. Truenorth’s Service Request Manager, WAN Monitor and Ticket System application currently used by the PRDE will be utilized to manage repairs. Also, the Meraki dashboard will be configured to send alerts when an access point is offline, alerting and even when changes are made to the configuration. While the Meraki solution includes the 24x7 phone support and advanced replacement (lifetime for indoor and 1 year for outdoor) for defective access points, we will have a spares inventory to enable faster or in some cases same day replacement.

Training of resources on new technology is critical to business operations, but with the Meraki solution there is no need for formal training or certification, it is that intuitive. However, to set each client up for success, especially on large complex projects, Meraki does offer a one (1) day online training course, at no additional charge. The PRDE technicians will have access to this course and can take it at a time convenient to them. In addition, like with IBM’s previous deployments, the IBM team will provide onsite training tailored and targeted to the PRDE environment for the OSIATD technicians.

Our approach to meeting your goals was developed using the following guiding principles:

Cost Effective - We chose technology that would provide the needed functionality, does not require additional IT staff and is easy to manage and maintain. We further leveraged deep discounts with Cisco to provide the PRDE with over 74% off list price on the wireless equipment.

Scalable - The solution can grow - it is not “topped out” and has room to expand should the Department need to do so.

Supportable - The solution is supportable by your current and future basic maintenance provider, leveraging available PRDE resources.

E-rate compliant – While the equipment and services delivered in this RFP will be paid for by Restart funding, it is important to note that the solution is also E-Rate eligible. The noted exception is the extended warranty service for external access points

Consistent - The solution is in line with PRDE standards and will interoperate with the existing and future PRDE technology.

We have worked with the PRDE for many years and are committed to your success. IBM is a company built to endure on a foundation of core values. Our core values shape everything we do and every choice we make on behalf our company and clients like the PRDE.

Our core values are:

§ Dedication to Every Client’s Success § Innovation that Matters - for our company and the world § Trust and Personal Responsibility in all Relationships

We have a demonstrated track record of dedication, innovation, trust and personal responsibility in our work with the PRDE and will continue to do so.

We believe the depth and breadth of the IBM Corporation offers advantages to the PRDE that no other solution provider can match. We have financial stability you can count on and vast resources to draw upon. We understand this project is about delivering results - not just about ordering equipment. We have skilled and experienced resources (IBM, Truenorth and Martel) to make this happen for the PRDE. While our solution may not be the lowest bid, it’s value cannot simply be judged by its upfront cost. Some studies have shown that after the initial implementation, the Meraki Cloud Managed Wireless solution continue to save clients on operational expenses year after year. We offer this solution with flexibility and with the commitment of being cost responsible throughout the entire project. We welcome the opportunity to discuss our solution approach and can adapt the solution should your needs change.

IBM acknowledges verifying the designated website (http://intraedu.dde.pr/RFP Wireless Equipment and Services/Forms/AllItems.aspx) throughout the solicitation period for important notices, responses to questions, and RFP amendments.

IBM has reviewed the terms and conditions contained in the RFP. Based upon our long-standing relationship, IBM proposes that should we be the selected contractor, the parties utilize the terms and conditions of the IBM Customer Agreement currently in place between the parties, Agreement Number HW79177, including any applicable Attachments and Transaction Documents. IBM considers this Agreement to represent a specific exception to the relevant portions of the terms and conditions contained in your RFP. In addition, IBM remains willing to negotiate additional or different terms and conditions if we are the selected vendor. IBM's failure to respond to any term, condition, or requirement should not be deemed acceptance, except as specifically provided for in this response. For clarity, IBM will provide the necessary insurance coverage, evidenced by an insurance certificate consistent with our standard policy provisions.

This proposal is valid for one hundred and eighty (180) days.

Sincerely,

Darick Rodriguez IBM Senior Location Executive [email protected] (787) 766-7600

PRDE-OSIATD-FY2018-003-Wireless Equipment and Services

IBM Corporation | January 11, 2019 1



Our Solution The IBM Company has been in existence for over 107 years. As a global leader in technology services, IBM provides solutions which meet client needs every day. For the past 35+ years, IBM has been delivering wireless infrastructure solutions to customers in many different industries and a variety of environments around the world. Under our infrastructure framework, IBM has provided wired and wireless networks to industrial manufacturers, warehouses, school systems, commercial office buildings, public venues such as hospitals, stadiums and parks and specialized environments such as steel foundries and shipping yards.

With such a broad experience basis, IBM’s team can provide the PRDE with the requisite skills to deploy and support the installation of a wireless equipment at all 857 schools and 37 non-instructional facilities.

As previously mentioned, IBM recommends the Cisco Meraki Cloud Managed Wireless Solution with an intuitive cloud-based Meraki dashboard providing complete visibility and control of the entire network.

With the Cisco Meraki Cloud Managed Wireless Solution, there is automatic optimization when users connect to the wireless network. This is a major advantage in high-density campus locations that usually have excessive interference conditions, like most of the PRDE schools. Meraki wireless networks provide excellent performance under these conditions without the congestion typical of hardware controllers. Meraki lets institutions grow flexibly based on the needs and requirements of students and faculty. Make the network compatible for future versions and leverage existing IT investments by easily integrating new devices, solutions, or entirely new campuses in the dashboard with cloud-based centralized management.

The Meraki cloud architecture delivers reliability, security, and scalability, with an SLA of 99.99 percent uptime. It offers features required for modern classrooms, including:

§ Network-wide visibility and control in one central dashboard § Centralized management for the entire IT team and guest ambassadors without additional onsite

controllers and hardware § Automatic, built-in monitoring and alerts via email, SMS, or even push-notifications via a mobile

application § Smooth, quick, and trouble-free cloud firmware upgrades for the entire network § Scalability for networks regardless of size

Meraki manages 1:1 and BYOD devices from a central dashboard. The dashboard provides live data on students and teachers connected to the network, and their activity. The network administrator can easily search for a user name or device type and get the information in seconds, giving valuable insight on network activity. Meraki Cloud Managed Solutions also makes it easy to troubleshoot remotely. Instead of requiring days to perform time-consuming tasks such as diagnostics, simple tools available on Meraki APs allow for these tasks to be completed quickly.

Additionally, separate service set identifiers (SSIDs) for network access based on usage can be created. For example, PRDE can generate a SSID for teachers, so they can access the network and have access to content defined by policies set by the PRDE for teachers. Simultaneously, PRDE can set up a SSID for the students to grant access to content defined by the policies set by the PRDE for students.

Since Meraki integrated solution is managed from a central dashboard, it’s easy to control network resources. With built-in QoS and L7 traffic rules, allows the control of bandwidth as needed, which is a major advantage for wireless networks serving high-density areas such as school districts. Simply put, the PRDE can tailor the bandwidth by user or SSID.



Network Visibility and Control

Figure 1:Summary of Network Health Across the Organization

Network Resources Allocation

Figure 2: Know Who is Connected to the Network and Resource Usage



User Connected to the Network

Figure 3: Know Who is Connected to the Network and Where They are Going

About the technology IBM recommends the Cisco Meraki MR42 indoor (the world’s bestselling access point) and MR74 outdoor wireless access points. In addition, IBM recommends Oberon access point enclosures models 1047-MR42, 1015-00 and 1021-00. Following are visuals of our proposed equipment with links to much more detailed information:

§ Cisco Meraki MR42: https://meraki.cisco.com/lib/pdf/meraki_datasheet_MR42.pdf

Figure 4: Cisco Meraki MR42 Cloud Managed Access Point – Indoor



§ Cisco Meraki MR74: https://meraki.cisco.com/lib/pdf/meraki_datasheet_MR74.pdf

Figure 5: Cisco Meraki MR74 Cloud Managed Access Point – Outdoor

§ Oberon 1047-MR42 Locking suspended ceiling tile Wi-Fi access point enclosure: https://oberoninc.com/index.php?option=com_content&view=article&id=5340&Itemid=399

Figure 6: Oberon 1047-MR42 Indoor AP Enclosure –

Closed

Figure 7: Oberon 1047-MR42 Indoor AP Enclosure –

Open



§ Oberon 1015-00 11” Skybar Plastic Wi-Fi access point lock box enclosure with opaque door

enclosure: https://oberoninc.com/index.php?option=com_content&view=article&id=1258&Itemid=399

Figure 8: Oberon 1015-00 wall mount Indoor AP

enclosure – Closed

Figure 9: Oberon 1015-00 wall mount Indoor AP

enclosure – Open

§ Oberon 1021-00 21” Skybar NEMA-4 Plastic Wi-Fi access point enclosure with opaque screw-on cover: https://oberoninc.com/index.php?option=com_content&view=article&id=4838&Itemid=399

Figure 10: Oberon 1021-00 Outdoor AP Enclosure –

Closed

Figure 11: Oberon 1021-00 Outdoor AP Enclosure –

Open



Meraki Networks Worldwide

Figure 12: Meraki has an install base of over 3 million access points worldwide

Through the use of a cloud-based wireless controller that is provided by the MR42 and MR74 licenses, the Meraki technology is capable of supporting the wireless network requirements specified in this RFP and outlined in the following table:

RFP Requirements Meraki Compliance Details

§ Wireless coverage for 100% of classrooms, offices and sports & recreational areas

- Indoor Access points should be at least 3x3 MIMO or better

- Outdoor Access points should be at least 2x2 MIMO or better

- The Access points must have the integrated Omni-directional antennas

- VLAN capabilities (802.1q)

� Must be able to forward the TCP/IP and UDP traffic

§ MR42 (Indoor) is a four radio, cloud-managed 3x3 MU-MIMO Wave 2 access point with Integrated omni-directional antennas

§ MR74 (outdoor) is a four-radio, cloud-managed 2x2 MIMO Wave 2 access point with 4 external antennas. The 4 antennas are included with the unit at no additional charge.

§ Both MR42 and MR74 access points have VLAN capabilities and forward TCP/IP and UDP traffic.

§ Both MR42 and MR74 have a dedicated third radio which supports real-time WIDS/WIPS with automated RF optimization

§ Access Points radios compatibility: 802.11a/n/ac and 802.11b/g/n

- All the access points radios must operate concurrent on that frequencies band: 2.4GHz & 5GHz

§ Both MR42 and MR74 radios operate concurrently on frequency bands 2.4GHz & 5GHz. In addition, both are wave 2 access points that supports 802.11ac.

- 2.4 GHz 802.11b/g/n client access radio

- 5 GHz 802.11a/n/ac client access radio

§ All the access points should be PoE (Power over Ethernet) with alternate DC input

§ The MR42 is powered by POE and also have alternative 12 V DC input.



RFP Requirements Meraki Compliance Details § The MR74 is powered by POE ONLY. § Power over Ethernet injector and DC

adapter sold separately

§ All the Access points must have a 10/100/1000Base-T Ethernet Interface

§ Both MR42 and MR74 have 1x 10/100/1000Base-T Ethernet (RJ45)

§ All the Access Points and equipment should be rugged enough to operate in the school environment.

§ All the Access points must have a security mounting solution to reduce the physical damage risk.

§ Both MR42 and MR74 were designed for deployments in harsh environments such as schools, hospitals, etc. In addition, the MR74 is designed and tested for salt spray, vibration, extreme thermal conditions, shock and dust and is IP67-rated, making it ideal for extreme environments of Puerto Rico.

§ The MR42 comes with all standard mounting hardware included. It is desktop, ceiling, and wall mount capable. The MR74 mounts to walls and vertical poles. The mounting hardware is included along with screws for physical security.

§ To meet the enclosure requirements the following are recommended:

- Oberon 1047-MR42 - Ceiling tile indoor AP enclosure for schools and offices with drop ceiling.

- Oberon 1015-00 - Skybar wall mount indoor Wi-Fi AP enclosure for schools with concrete ceiling.

- Oberon 1021-00 – Skybar NEMA-4 outdoor Wi-Fi AP enclosure for outdoor areas and open hallways.

§ The solution must provide ZPT (Zero Touch Provisioning)

§ Both MR42 and MR74 use Zero Touch Provisioning (ZTP) to automatically configure and maintain an up-to-date network.

§ Both MR42 and MR74 are managed through the Meraki cloud, an intuitive browser-based interface that enables rapid deployment across multiple sites. When plugged in, the access points automatically connect to the Meraki cloud, downloads its configuration, and joins the appropriate network. If new firmware is required, it is retrieved by the AP and updated automatically. This ensures the network is maintained with bug fixes, security updates, and new features.

§ The solution must provide a Cloud Dashboard for:

§ The Meraki dashboard's Intuitive design and cloud-based management are simplified device management which



RFP Requirements Meraki Compliance Details - Simplified device management

- Monitoring

- Support with different languages (English, Spanish) minimum

- Required DOE reports (specified in Section IV, Paragraph 3)

- Auto schedule and email

means no need for expensive certifications or time-consuming trainings. A rich feature provides for complete control over devices, users, and applications, allowing for flexible access policies and security without added cost or complexity

§ A variety of tools are available to provide real-time and historic monitoring as to the network performance. For example, the Summary Report provides a high-level overview of total traffic across all devices on the network over the time period selected, enabling administrators to understand at-a-glance how the traffic is moving across the network.

§ Email alerts can be set up and sent when certain network or device events occur.

§ The firmware is automatically kept up to date via the cloud. New features, bug fixes, and enhancements are delivered seamlessly over the web. This means no manual software updates to download or missing security patches to worry about.

§ Meraki Dashboard supports multiple languages on a per-user basis including English, Spanish, French and Dutch.

§ Various reports available and can be auto schedule and email.

§ The solution must provide Cloud-Based Management System

- Centralize web base access points views

- The cloud management console must support log retention for more than one year at no additional cost

- The centralized management system should give the option of automatically scheduling and pushing new firmware to APs, to enable new features without additional costs and deliver security patches

- The management platform should allow facilitate configuration of hundreds of APs through configuration templates that allow the same configuration to be replicated to all APs on the network. In addition, these templates must allow to configure in mass,

§ Cisco Meraki cloud management architecture provides powerful and intuitive centralized management via the Meraki dashboard, while eliminating the cost and complexity of traditional on-site wireless controllers.

§ With network overview page, administrator has a birds' eye view of entire network. Intuitive visual cues and design allow for a centralized, at-a-glance assessment of current network health

§ Configuration templates can allow many Cisco Meraki devices to be deployed following a single base configuration. This makes it simple to roll out new sites/users and maintain consistency across each site's configuration. It is most useful in cases where a large number of sites exist that share a common network design. Sites as part



RFP Requirements Meraki Compliance Details by SSID or individually the characteristics of radiofrequency of the APs

- Mobile APP for managing and monitoring the system

of a template can have exceptions to the configuration, and devices that need to be treated differently can be bound to a template

§ Seamlessly manage campus-wide WiFi deployments and distributed multi-site networks with zero-touch access point provisioning, network-wide visibility and control, cloud-based RF optimization, seamless firmware updates and more. With an intuitive browser-based user interface, Meraki WLANs configure in minutes. Meraki devices self-provision, enabling large campus and multi-site deployments without on-site IT.

§ The Meraki dashboard is accessible from any web browser.

§ The Meraki dashboard is accessible via mobile App for Android and Apple devices

§ The Meraki dashboard provides access to network troubleshooting tools and includes map-based view, floor plan, heat map and analytics.

§ No need for additional training or certifications

§ Log retention of varying lengths depending on log.

§ The solution must provide all-inclusive licensing for entire solution

§ Meraki all-inclusive covers warranty, support, firmware updates, and dashboard access with no additional cost for current or future features additions.

§ Meraki licensing model is all-inclusive, and the features are equivalent for all models of MRs, including the MR42 and MR74

§ Current and future feature updates are available to licensed customers at no additional cost

§ Updates and new features are deployed quarterly to dashboard, pushed from the Meraki cloud,

§ Features included but not limited to: - 1:1 ratio of licensing and hardware

- Varying yearly durations available

- Co-termination for easy license management



RFP Requirements Meraki Compliance Details - Centralized management with network-

wide visibility and remote troubleshooting tools

- Over-the-web firmware and security updates

- Log retention of varying lengths depending on log.

- 24/7/365 enterprise support and warranty

- Location analytics

- Meshing technology

§ Security features for user’s access - Captive portal for user’s access. Custom

with PRDE Logo and colors

- Set alert and Auto notification by email

- WEP, WPA, WPA2-PSK, WPA2-Enterprise with 802.1x

The configuration must provide integration with Azure AD

§ The Meraki cloud enables: - Built-in guest splash pages with

customization

- Social media Login

- Alerts can be set and sent to multiple people.

- No user traffic passes through cloud

- Encrypted traffic to and from the cloud

- Integrated Layer 7 firewall with mobile device policy management

- Real-time WIDS/WIPS with alerting and automatic rogue AP containment with Air Marshal

- Flexible guest access with device isolation

- VLAN tagging (802.1q) and tunneling with IPsec VPN

- PCI compliance reporting

- WEP, WPA, WPA2-PSK, WPA2-Enterprise with 802.1X

- EAP-TLS, EAP-TTLS, EAP-MSCHAPv2, EAP-SIM

- TKIP and AES encryption

- Login via MS365 credentials with Azure AD integration.

§ Configure Cloud Dashboard for each site for three (3) SSIDs

- One for Students SSID

- One for Staff SSID

- One for Guests SSID

§ The Meraki Cloud Managed solution can accommodate multiple SSIDs and is complaint with this requirement.



RFP Requirements Meraki Compliance Details

§ All devices must include 3-years onsite warranty (service, installation, configuration and parts replacement)

§ Included in price and managed services support

§ Device Support - Device End of Life - The product will be

supported at least 5 years

- 24x7 phone support

- RMA (Return Merchandise Authorization) The Replacement for devices should be at least three days with shipping cost

§ The Cisco Meraki announces End of Life (EOL) is 6 months before End of Sale (last order date). Product is supported up to 7 years after End of Sale.

§ The MR42 comes with: - Limited lifetime warranty

- Advanced replacement – Replacement units is shipped to client prior to Cisco receiving faulty unit back.

- Paid shipping of replacement AP from Cisco to client location

- Paid return shipping of faulty device from client location to Cisco.

§ The MR74 comes with: - 1-year warranty

- Advanced replacement (year 1) – Replacement units is shipped to client prior to Cisco receiving faulty unit back.

- After 1-year warranty period, extended warranty is available for a fee, 8x5 Next Business Day.

- Paid shipping of replacement AP to client

- Paid return shipping of faulty device from customer to Cisco.

§ Provide technical training to OSIATD technicians

§ Cisco Meraki offers a 1 day on line training at no charge.

§ In addition, a training more tailored to the PRDE environment will be provided for a maximum of 4 sessions and 4 hours each session.

NOTE: The requirements of, and references throughout the RFP for Network Access Control devices have deleted from the RFP by the PRDE and as such no information or price is included in this proposal.