APPENDIX UTECHNICAL ARCHITECTURE REQUIREMENTS

Existing Standards

Project Technical Standards

The Commonwealth Workforce Development System (CWDS) Project Team has set preferred standards for this project, which are listed below. As indicated, the standards are agreed-upon for specific items discussed by the CWDS Project Team. A Contractor who wants to propose software not on this list should defer to Appendix KK, L&I Enterprise Standards. Contractors, who want to propose software which is not listed in the L&I Enterprise standards, should refer to the ITB standards as discussed below. If no standards exist for a given software, the Contractor should provide justification and business value within their proposal.

Technology Component Project Standard NotesStandard Environments 1. Development and Unit Test;

2. Component Integration Test;3. User Acceptance Testing (UAT/System Test);4. Training;5. Test for Production (TFP)6. Production

Operating System Windows Server 2008 R2 Enterprise Edition*

Microsoft System Center Server Manager License*

Enterprise Virtualization VMware vSphere 4 EnterpriseDatabase Platform Microsoft SQL Server 2008Database Design CA ERwin Data Modeler

Development Framework Microsoft .NET 3.5 or newerDevelopment Toolkits We are on Visual Studio 2008 and

Team Foundation Server 2010Security Computer Associate’s (CA)

Identity and Access Management (IAM) E-Trust suite

See Appendix X, L&I Enterprise Security Standards and Requirements, and Appendix V, L&I Shared Product Environments

Content Management FileNet P8 v 5.0Desktop Capture v5.2

Datacap 8.0

See Appendix FF, L&I Content Management Requirements, and Appendix V, L&I Shared Product Environments

Load Testing Software HP LoadRunnerBusiness Integration/Middleware/

InterfacesSoftware AG webMethods v8 or

newerSee Appendix GG, L&I OIT Business Process Integration Software, and Appendix V, L&I Shared Product Environments

SOA Registry and Repository CentraSite ActiveSOA See Appendix V, L&I Shared Product Environments

Reporting SAP Business Objects XI r3 or newer

See Appendix V, L&I Shared Product

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 1 OF 14

Technology Component Project Standard NotesEnvironments

Batch Processing Orsyp $Universe See Appendix V, L&I Shared Product Environments

Web Server/Web Browser Microsoft IIS v7, v7.5/Internet Explorer v7

See interface section below .

Systems/Server Monitoring IBM Tivoli Monitoring Suite:ITM v6.2.1

ITM for Databases v6.1/6.2ITCAM for RTT v7.1

TDWTEC v3.9/OMNIbus

Tivoli Framework v4.1.1Alignsync Alarmpoint v4.1

ITCAM for SOAITCAM for Microsoft Applications

See Appendix V, L&I Shared Product Environments

Change, Asset and Help Desk Management

Remedy

Portal Collaboration Oracle WebCenter Interaction v10g R3.0.1

See Appendix V, L&I Shared Product Environments

Requirements Gathering and Management

Rational Req ProHP Quality Center

Top TeamBusiness Rules Engine Corticon See Appendix V, L&I

Shared Product Environments

Backup/Recovery Tivoli Storage Manager v6Tivoli Data Protection

* Purchased with Microsoft Software Assurance. If the Windows Server is to be a virtual guest, the virtual host machine must be licensed with a Microsoft System Center Management Suite Enterprise License. If the Contractor is proposing a new virtual host, then the Contractor is responsible for providing this license along with Software Assurance for it.

L&I Enterprise Standards

L&I has developed L&I Enterprise Standards which are outlined in Appendix KK, L&I Enterprise Standards.

Commonwealth Standards

L&I and the Commonwealth of Pennsylvania, Office of Administration, Office of Information Technology (OA-OIT) have set standards in some key technology areas. The Contractor must factor existing standards into its proposal. In addition to the standards listed in this appendix, OA-OIT also issues Information Technology Bulletins (ITBs) that govern the development and use of information systems within the Commonwealth. Proposals should adhere to all ITBs currently listed on the OIT Web site at http://www.portal.state.pa.us/portal/server.pt?open=512&objID=402&mode=2. Select "Policies & Procedures" in the left navigation bar. Contractors are advised that ITBs may be added, changed, or deleted during the course of the Project.

Shared Product Standards

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 2 OF 14

See Appendix V for information concerning shared product standards, the environments supported and available hardware and licensing. .

Commercial Off-the-Shelf (COTS) Products (3rd party COTS, open source, shareware or freeware components)

Use of established commercial off-the-shelf (COTS) products to meet continuing business needs is encouraged as long as the product is proven to meet the business need. If application support or customization is required for a COTS product, the COTS product should be written in a language that is equivalent to the language used in CWDS. Use of COTS products should be in accordance with standards listed in this appendix, Appendix KK, L&I Enterprise Standards and the OA standards listed in the ITBs discussed above.

User Interfaces

CWDS must continue to be developed with a browser-based user interface for internal, external, and partner users.

CWDS must continue to be architected to interact with the most current and future supported releases of Microsoft Internet Explorer and Mozilla Firefox browsers. Operational support capability must be maintained within the application for two back level releases of the browser software products. There must not be any requirement of specific browser option settings necessary, beyond the default settings of the browser, in order for the application to function properly. The World Wide Web Consortium (W3C) standards should be used as reference for browser specifications.

All user interfaces must meet requirements for accessibility as defined in Appendix HH, L&I Accessibility Requirements. Scripting should only be used if having it disabled does not significantly alter the function of the application.

Virtualization

Contractor’s must propose a complete server and storage infrastructure to support the proposed solution. The network zones in which those servers will reside should be identified so adequate resources are available for each component and/or environment of the Contractor’s proposed system. Note that the intent is to integrate the proposed virtual servers into L&I’s current VM and storage infrastructure. With regard to the shared product infrastructure, again, the Contractor must propose adequate servers and licensing to support the proposed solution. Upon contract award, further architectural review will be performed to determine is any of the CWDS Project proposed shared infrastructure will more economically and feasibly integrate into the existing infrastructure.

L&I has heavily invested in VMware vSphere4 technology which is to be leveraged as the host and management of server virtualization. L&I, along with all other agencies under the governor’s jurisdiction, has entered into multi-year End User License Agreement (EULA) with VMware. All VMware host licensing is covered under this EULA and the Contractor will not need to propose licensing costs.

L&I currently has an approximate 50% virtualization ratio. Internal policies and procedures have been developed to position L&I to maximize the capabilities of server virtualization. The Contractor must propose the use of virtualized servers for the solution for all lower environments as described in Appendix JJ, L&I Standard Environments. If the Contractor proposes physical hardware for any portion of the lower environments, adequate justification must be provided. For the UAT and Production environments, the Contractor should consider virtualization, particularly for non-core components of the solution.

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 3 OF 14

L&I is currently running seventeen (17) VSphere4 Enterprise host servers to support L&I processes and applications. These 17 servers are segregated into five network zones to support the existing L&I application environment. See Figure L-1 for more information. Server virtualization uses three main consumables to support the virtual infrastructure - CPU, Memory & Storage. As the virtual infrastructure expands, so have the resource needs of these three main areas. The current L&I VMware infrastructure has nearly exhausted the available resources assigned to it. Because of this, the Contractor must provide virtual host resources (hardware) including sufficient SAN storage, to support the entire proposed solution.

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 4 OF 14

Figure L-1 L&I VMware Environments

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 5 OF 14

Current Computing Environment

The current CWDS diagrams are in Appendix MM, CWDS Business Context Overview.. The shared products diagrams are located in Appendix Y, Identity and Access Management (IAM) Infrastructure Diagrams; Appendix FF L&I Content Management Requirements; and Appendix GG, L&I-OIT Business Process Integration Software.

The L&I network and hardware infrastructure is maintained by OIT’s Bureau of Enterprise Architecture (BEA) and the Bureau of Infrastructure & Operations (BIO).

The BEA Engineering and Research Division directs the engineering, design and support of the agency’s distributed systems and desktop devices. This division, along with the BIO Server Farm Operations Division operates and maintains all centralized computing distributed systems platforms and systems used within the department, including all servers and mass storage devices. These divisions ensure integrity within the operating environment; assist with application and database expansions, and conducts reorganizations, conversions and migrations. These divisions implement backup and recovery processes and procedures. These divisions act as liaisons with the OA Server Farm. Other services provided include execution and coordination of production applications, tape library management, document processing, software deployment, support for all distributed systems operating systems used within the department, provide second level technical support to the Department’s LINKS Help Desk, and third level specialized technical support to second level field technicians. These divisions perform all backup and recovery of servers, and operate a test lab in order to assess the impact of new applications upon overall systems and server operations.

There are currently approximately 700 Windows-based Intel servers that are managed by the Department. Approximately seventy percent (70%) of the Windows servers are in the L&I DataCenter and approximately twenty percent (20%) of the Windows servers are in the Scranton UAT/DR DataCenter. The remainder is located in field sites across the state. Approximately fifty percent (50%) of all Windows servers are virtualized.

The BEA Engineering and Research Division and the BIO Server Farm Operations Division are responsible architecture and management of the L&I Storage Area Network (SAN). For the purposes of this RFP, the L&I SAN environment consists of the following:

Harrisburg DataCenter One (1) IBM Enterprise DS8300 Storage Unit One (1) IBM Enterprise XIV Storage Unit Two (2) Cisco MDS 9513 Multilayer Directors One (1) IBM Model 3494 Tape Library

Scranton DataCenter One (1) IBM Enterprise DS8100 Storage Unit One (1) IBM Enterprise XIV Storage Unit One (1) Cisco MDS 9509 Multilayer Director One (1) Cisco MDS 9513 Multilayer Director One (1) IBM Model 3584 Tape Library

Detailed model and configuration information is below. Please note that usage and availability capacity information is current as of the release of this RFP and is subject to change. Contractors should plan to acquire, install and maintain all of the hardware\software needed to design, develop, and deploy their proposed solution.

Harrisburg DataCenterOne (1) IBM Model DS8300 Storage Unit

Current configuration is a combination of 300GB and 450GB drives. Available needed capacity must be proposed by the Contractor.

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 6 OF 14

Note: All storage must be proposed and will be configured as RAID-5.

One (1) IBM Model XIV Storage Unit Current configuration is a fifteen (15) module unit with no capacity to expand. A new IBM Model XIV Storage Unit with new capacity must be proposed by the Contractor.

See notes below.

Two (2) Cisco MDS 9513 Multilayer Directors Current configuration is with 288 ports (2x24 port blades and 5x48 port blades) each to

support 288 redundant connections. Both Directors are configured identically. An additional 192 ports may be added to each Director in 48-port increments (blades). To

achieve 192-port connection redundancy, incremental additions must be made to each Director. All proposed blades must be 8GB with 8GB transceivers.

The Contractor must propose expansion as required by the solution.

One (1) Tape Library IBM Model 3494 - Harrisburg Current configuration is one (1) 3494 L-12 frame with three (3) 3494 D-12 frames and six (6)

3494 D-22 frames. There are a total of eight (8) 3590 drives with 40/80Gb per drive capacity. Additionally, there are a total of twenty-eight (28) 3592 drives with 600Gb/1TB capacity.

Approximately 3.0Tb are backed up nightly. Two (2) IBM p570 Logical Partitions (LPARs) with IBM Tivoli Storage Manager (TSM)

software control Backup/Recovery.

Scranton DataCenterOne (1) IBM Model DS8100 Storage Server

Current configuration is comprised of 146GB drives. No capacity remains. An expansion requires an additional DS8100 frame. Disk expansion

should be in the form of 300Gb 15K Drive Sets. Four hundred and fifty Gb (450Gb) Drive Sets may be considered for backup requirements of the proposed solution.

One (1) IBM Model XIV Storage Unit Current configuration is a six (6) module unit with capacity to expand to fifteen (15) modules. Available needed capacity must be proposed by the Contractor.

One (1) Cisco MDS 9509 Multilayer Director Current configuration is with 192 ports (4x48 port blades) each to support 192 redundant

connections. Both this Director and the MDS 9513 discussed below are configured identically.

An additional 192 ports may be added to each Director in 48-port increments (blades). To achieve 192-port connection redundancy, incremental additions must be made to this Director and the MDS 9513 below. All proposed blades must be 8GB with 8GB transceivers.

The Contractor must propose expansion as required by the solution.

One (1) Cisco MDS 9513 Multilayer Director Current configuration is with 192 ports (4x48 port blades) each to support 192 redundant

connections. Both this Director and the MDS 9509 discussed above are configured identically..

An additional 192 ports may be added to each Director in 48-port increments (blades). To achieve 192-port connection redundancy, incremental additions must be made to this Director and the MDS 9509 above. All proposed blades must be 8GB with 8GB transceivers.

The Contractor must propose expansion as required by the solution.

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 7 OF 14

One (1) Tape Library IBM Model 3584 - Scranton Current configuration are one (1) 3584 L-23 frame and one (1) 3584 L-D23 frame. There are

a total of six (6) 3592-J1A drives with 600Gb/1Tb per drive capacity. Approximately 450Gb are backed up nightly. One (1) IBM p570 LPAR with IBM TSM software controls Backup/Recovery.

Note the additional information and requirements below for the SAN Infrastructure:

1. Contractors must propose all storage needed for the project. The Contractor must propose expansion and utilization of the DS8300 storage unit (DS8100 in Scranton) for all components which require high availability and high capacity. The XIV storage units must be used for non-production unless otherwise explained and justified by the Contractor. As detailed in Section IV-12.2.2 and Appendix R.1 the UAT environment in Scranton must mirror the production environment in size, scale and configuration. Note that all enterprise DS8300 storage will be configured as RAID-5.

2. For both the DS8300 and DS8100 Storage Units, the current base frame needs an expansion frame. Any storage proposed beyond two (2) drive sets must include an expansion frame in the proposal. Any proposed drive sets must include the expansion frame for these units.

3. Contractors must propose a new XIV storage unit with necessary capacity in Harrisburg as the current Harrisburg unit cannot be expanded.

4. At both Harrisburg and Scranton, the Contractor’s solution must include storage for disc pools used in the TSM backup/recovery processes.

5. As noted in Section IV-12.13.1 Data Conversion and Migration Requirements and Section IV-12.13.4 Media Management Requirements, the Contractor is responsible for conversion and migrations from the current storage unit to the proposed solution. Any conversion and migration to the Scranton DS8100 storage unit must also be considered and proposed.

Network Environment

Current CWDS and related servers operate at the L&I Scranton Central Office, the L&I Central Office DataCenter and eight (8) field locations. There are Ethernet/ATM/Frame Relay circuits established between the L&I building and field sites. Bandwidth ranges from 768Kbps to 45Mbps PVCs based on the number of users and requirements of each location. The Scranton CWDS Central Office has a 45Mbps PVC. The eight CWDS field sites have circuits ranging from 1024kpbs to 4Mps.

The web frontend for the application must leverage the existing L&I reverse proxy infrastructure at the COPA Web Farm and all communication from the Internet must use secure protocols such as HTTPS and SFTP. In addition, SSL Certificates (such as through VeriSign) are required for all Internet-facing web applications. There is an expectation that all traffic from the Internet to L&I headquarters will traverse the MAN. The maximum bandwidth between L&I headquarters and the Commonwealth DataCenter (web farm) is 1Gbps. Note that this connection is shared between all publicly accessible Labor and Industry applications and external data traffic from other agencies. Available bandwidth may be substantially lower during periods of high activity. Load balancing with Cisco equipment is available both at the Commonwealth Technology Center (CTC) and L&I headquarters.

L&I has a dual-purposed UAT/DR site located in Scranton, housing the User Acceptance Testing environment with server hardware that mirrors Production. The bandwidth between the DR site and L&I headquarters is 200Mbps, and the bandwidth between the DR site and CTC is 45Mbps.

L&I practices defense-in depth on our network assets. Server applications must operate on systems running Commonwealth standard anti-virus and Intrusion Detection/Intrusion Prevention software. As indicated in the logical network diagram, the L&I firewall cluster isolates internal server traffic from

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 8 OF 14

external server traffic. There is an expectation that web servers will traverse one or more firewalls to interact with application and/or database servers.

L&I has an existing secure FTP infrastructure leveraging the IPswitch MOVEit product. The only acceptable protocols for secure file transfer are HTTPS and SFTP. The FTPS protocol is not supported in the L&I environment.

As indicated in the logical diagram below, the network is segmented into isolated firewall-protected zones. The Web Zone contains web and application servers – the web/application tier of the system design. The Data Zone contains Database servers – the data tier of the system design. The L&I security policy prohibits a server from having network connections in more than one network security zone. System design must include physically independent hardware in each network zone.. Additional network isolation may also exist between servers within the same network zone. For example, Web Zone servers for one application may be isolated from servers for another application or Shared Product servers. System design must include physically independent hardware to address infrastructure expansion of a Shared Product within a network zone.

The Scranton UAT\Disaster Recovery (DR) site follows the same architecture of firewall-protected zones as Production. System design must include identical hardware for the UAT\DR site environment as proposed for the Production environment.

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 9 OF 14

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 10 OF 14

File Transfers

L&I is committed to the protection of critical and sensitive electronic data whether at rest or in transit. To insure that data in transit does not contain vulnerabilities that could infect/affect L&I’s data the following methods will be used.

L&I internal FTP traffic and MAN FTP traffic will be able to access the Enterprise FTP server via HTTPS and SFTP only. FTP transfers will be completed using L&I’s enterprise solution, IPSwitch’s MOVEit DMZ & MOVEit Central.

Internet originating traffic will not be allowed to directly access any of L&I’s servers or workstations. All internet originating traffic will need to be sent via proxy through the ESF ISA servers directly to L&I’s FTP server.

Security of Data at Rest:

Data at rest is a phrase that is used to refer to all data in computer storage, excluding information traversing a network or temporarily residing in computer memory. Data at rest can reside in static files that rarely or never change or can be subject to regular change. Refer to OA ITB-SEC020: Encryption Standards for Data at Rest, and OA ITB-SEC031: Encryption Standards for Data in Transit. It is essential to identify sensitive, protected, and exempt data according to the procedures set forth in OA ITB-SEC019: Policy and Procedures for Protecting Commonwealth Electronic Data.

L&I requires that all data that is transmitted via FTP and resides outside the SSF to be encrypted. The solution implemented by L&I provides security of data during transmission and at rest. All files and messages resident on the system are automatically encrypted at rest using FIPS 140-2 validated 256-bit AES.

Access:

Direct access to the FTP servers is only allowed for administrator functions. All FTP users will only have access by their user name and password using the URL’s dliftp.state.pa.us (Production) & dliftpua.state.pa.us (Staging).

Transmission Solutions:

HTTPs (Hypertext Transfer Protocol over a Secured Socket Layer) – This method leverages L&I’s existing Web/Internet infrastructure to enable L&I clients to send or receive encrypted files via their existing Web browser.

HTTPS Factors: No additional software at the client site is required No firewall configurations are required; uses standard TCP/443 for HTTPs Traffic Completely interactive interface; all sessions are initiated by the client Sessions are authenticated through a combination of client log-on ID & password. Authentication is VIA CWOPA AD, Managed AD, or local DMZ Server authentication.

Comment: This method allows you to use your browser as a file transfer client. You can send or receive data interactively by opening your Web browser, entering a URL and logging into a Website to upload and download data.

SFTP (Secure FTP over SSH)

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 11 OF 14

SSH2 (Secure SHell 2) is a popular standard on Linux/UNIX hosts. It is used by Secure FTP over SSH (SFTP) and Secure Copy Protocol 2 (SCP2) clients. MOVEit DMZ servers support SSH2-based file transfers by a variety of third-party SFTP and SCP2 clients. SSH offers enhanced security by having the entire file transfer session, including all session control commands, entirely encrypted at all times. Another widely used feature of SSH is Secure Copy (SCP2). It provides interoperability across multiple operating systems, platforms and includes desktops, servers and mainframes. It should be noted that such transfers will be slower than those done using clients that use the HTTPS protocol .

SFTP Factors:

MOVEit DMZ can require a valid username and any of the following one or two factor combinations when clients attempt to authenticate to its SFTP (SSH) interface.

Password SSH Key (aka “fingerprint”) SSH Key and Password

The above common security protocols help secure and increase the reliability of data transfer, Secure Sockets Layer (SSL) and Secure Shell (SSH), are specifically designed to encrypt file transfers and associated administration network traffic. Both SSL and SSH enhance the security and reliability of file transfer by using encryption to protect against unauthorized viewing and modification of high risk data during transmission across open networks such as the Internet.

L&I’s solution goes directly to a distributed platform within the “Web-Zone” (a secure space between L&I’s external and internal firewalls). As an additional precaution, all files transmitted via this solution go through virus scanning prior to internal distribution at L&I.

L&I safeguards client transmission files by the following default set of rules: Removing incoming and outgoing files from the distributed platforms in the Web-Zone

once those files have been successfully transmitted to the client or collected by the receiving application at L&I.

All receiving applications are securely situated behind pairs of firewalls, and access to the data is systematically controlled and closely monitored.

Removing all incoming and outgoing files from the distributed platforms in the Web-Zone that have not been picked up within 7 days.

L&I’s LTP Solution and Policy comply with the following ITB’s.

Follow ITB-APP002 - Web Server/Application Server Standards. The FTP server is to have current patches and security fixes installed as per the ITB-

PLT002 - Desktop and Server Software Patching Policy. The FTP server is to have a supported operating system (OS) as provided per ITB-

PLT005 – Intel Based Server Operating System Policy. ITB-SEC019 - Policy and Procedures for Protecting Commonwealth Electronic Data ITB-SEC020 - Encryption Standards for Data at Rest ITB-SEC031 - Encryption Standards for Data in Transit

Workstations

L&I has no workstations to provide to the Contractor. Contractors must include complete workstations (including monitors, maintenance, etc.) they will require for use in the contract. This includes all Contractor staff and all identified L&I staff. At a minimum, all staff at the project facility, both Contractor and L&I, will require workstations. The Commonwealth will retain all workstations bought on its behalf for use in this Project. As with hardware identified above, the

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 12 OF 14

Contractor is responsible for acquiring, installing, configuring and maintaining the hardware for this Project. The hardware refresh includes workstation hardware.

Generally, L&I-OIT application and developer staff will require high-end workstations. Administrative staff use low-end workstations. The Contractor must also propose and provide any printers which will be needed by staff for the duration of the Project.

The table below lists current standard L&I workstation installed products. The Contractor must include all software licensing with the proposed workstation (desktop or laptop) hardware. Any additional software required for the solution must be proposed and licensed by the Contractor.

The Contractor is responsible for providing workstation hardware and software as well as a configuration image of the desktop software to be installed on the workstations for the project. All software that needs to reside on the workstations will then be installed by L&I-OIT staff using the current agency standard base operating system, productivity software and using an automated process. Any additional software to be placed on the workstations beyond those outlined below should be included in the Contractor’s proposal. Any software needed beyond those identified must conform to standards in Appendix KK, L&I Enterprise Standards, this appendix or conform to OA ITB Standards.

Product LicensingMicrosoft Windows ,7 and all hotfixes Contractor must propose licensing for the current

release Windows operating system (i.e. Windows 7 or beyond)*

Microsoft Office 10 Contractor must propose licensing for Office 2010* Contractor must propose licensing to cover staff not covered by MSDN licenses

Microsoft Windows Client Access License Contractor must purchase with Microsoft Software Assurance

Microsoft System Center Client Manager License

Contractor must purchase with Microsoft Software Assurance

Windows Media Player 11 L&I providedMcAfee 8.7.0 SP2 L&I providedMcAfee HIPS version 7 patch 4 L&I providedSAP GUI 7.10 patch level 16 L&I providedInternet Explorer 8 L&I provided – IE8**Java 6 update 7 L&I providedMicrosoft .NET Framework 3.5 SP1 L&I providedMSXML 6.0 Parser L&I providedWindows Installer 4.5 L&I provided

Lion link (Intranet) L&I provided

Shockwave v11.5 (L&I specific)

L&I provided

Roxio Easy CD Creator 9 L&I provided

PowerDVD L&I provided

EnCase Servlet L&I provided

Adobe Reader 9.3.2 L&I provided

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 13 OF 14

Adobe Flash Player 10.1.53.64

L&I provided

SafeBoot V5.1.2.0 (laptops only)

L&I provided

Cisco IronPort Email Encryption Plug-in for MS Outlook

L&I provided

Webex Productivity Tools L&I provided

Silverlight v3.0.50106.0L&I provided

Office Web Components 2003 and SP1 L&I provided

Visio 2007 Contractor must propose licensing to cover staff not covered by MSDN licenses

Project 2007 Contractor must propose licensing to cover staff not covered by MSDN licenses

*Note that L&I may change the current desktop standards during the life of the project.**IE8 provided with Windows 7 – expected to change during the life of the project

TECHNICAL ARCHITECTURE REQUIREMENTS PAGE 14 OF 14