Germany - Network components

Description

Conclusion of a framework agreement (EVB-IT system delivery) for active network components for network maintenance and network expansion in the countries where Dataport operates. The award procedure covers the entire range of switches, routers and firewall systems for the central network in the data centre area and for the WAN area as well as services required in connection with these products (operational support, support and service support as required). The relevant network structures have grown over many years and have been continuously developed and optimized. Within the scope of this invitation to tender, a framework agreement partner is to be found for each lot who will provide the services requested comprehensively and competently within the framework of a long-term partnership:- Lot 1: Components for data center and central network structures;- Lot 2: Systems for state networks in Schleswig-Holstein and Hamburg, for the transfer network and for system management networks;- Lot 3: Firewall & cryptosystems.
This lot serves the procurement of network components both for network expansion and network maintenance as well as for the replacement of defective modules and systems. For the computer center area and for the central network areas, this results in a manufacturer commitment that takes into account the preservation of the existing manufacturer homogeneity. This is necessary for the following reasons:- The internal expenditure of Dataport for the maintenance of the know-how required for the operation of the entire network is thereby minimized (familiarization, training, acquisition of routine in handling the network components, operational safety);- The prerequisite for high availability is, in addition to the reduction of the variety of components, a standardization of the components used;- Network operation in conformity with IT basic protection is only economically possible due to the documentation expenditure incurred if the components can be uniformly integrated into one (or more) central management system(s). A homogeneous product line therefore considerably reduces the effort for basic security checks and audits;- Performing network management tasks becomes easier if as few network management software solutions as possible are used;- The encryption and policy procedures must be uniform and consistent throughout the network;- Dataport operates state-of-the-art IT applications for which the establishment and maintenance of a homogeneous product line in the network brings considerable advantages. One example is NGN (Next Generation Network) telephony. The functions required for this in the areas of quality of service and service monitoring can only be used without any loss of performance if the components used in the network come from as few product lines as possible;- During the network's service life, failures and problems can occur due to faulty hardware or software or installation and configuration errors. A homogeneous product line in the network is therefore a basic prerequisite for rapid problem resolution, since a single manufacturer is responsible for resolving the problem and must assume this responsibility;- Problems that arise in connection with the introduction of products from an alternative manufacturer into the previously homogeneous network environment can no longer be solved in the short term through direct cooperation between Cisco and Dataport;- The actual problem resolution by the manufacturer responsible only begins after clear error analysis and error assignment by Dataport. This usually leads to considerable delays of several days. Dataport's service to its customers deteriorated accordingly. Under these circumstances, it would hardly be possible to adhere to the agreed repair times in terms of process technology. Accordingly, only components from the manufacturer Cisco are queried in the service specifications for lot 1. This lot serves to procure network components for the state networks in Hamburg and Schleswig-Holstein (and possibly for other carrier states), for the transfer network and for the system management networks (DCN: Data Communication Network). The required systems are needed for network expansion, network maintenance and the replacement of defective components and systems. Special features are in use for the state networks in Hamburg and Schleswig-Holstein and for the transfer network, which are already installed on a large scale. The construction of the state network in Schleswig-Holstein as an integrated network must meet both the high requirements of the BDBOS (Federal Agency for Digital Radio of Authorities and Organisations with Security Tasks) regarding signal propagation times and the security requirements of the customer for the state network regarding the encryption of communication relationships. Accordingly, the requirements of the BDBOS prohibit line encryption in the fixed network area and the only efficient measure is the use of Cisco's own feature GETVPN. This ensures that a reliable, adequately tested and any-to-any IPSec encryption approved by Dataport's clients is used in a homogeneous network structure. This encryption meets the current requirements of the BSI by implementing the SHA-2(512) standard. Due to the requirements to use consistent, uniform encryption technologies in the national and transfer networks and to ensure that the policy management is secure and consistent, only systems from the manufacturer Cisco are considered for the extension and maintenance of these networks.only devices from the manufacturer Cisco are also considered for the extension and maintenance of the system management networks, because they are absolutely necessary for the concentration and transmission of the protocol CLNP (ISO 84381, IETF-RFC 994). Traditionally, Cisco provides systems for the transmission of this very special protocol, which is the basis for the transmission of management information of the SDH components. This protocol is no longer implemented by younger manufacturers, so the specifications for lot 2 specifically and exclusively request components from Cisco. Within the scope of this lot, firewall and cryptosystems are procured that are used both centrally and decentrally. Dataport implements the recommendations of the BSI regarding the three-stage PAP firewall model. Accordingly, a second manufacturer must be considered when procuring the components. For data center control and connection networks of schools, special, very specific requirements for security and firewalling apply. The third, very complex Palo Alto firewall system, which is also the subject of this lot, has prevailed and established itself in the context of a tender in 2019. In the area of central components, the firewall systems are part of function blocks that are coordinated with each other in the existing constellation. The central networks consist, among others, of the function block location level. This location level is followed by a filter instance consisting of firewalls (FW). Like the location level itself, these firewalls are divided by logical separation, so that data traffic is also routed separately through these devices. It would be possible to use another firewall manufacturer in this area, but this would mean that the complete firewall instance would have to be replaced. If necessary, each virtual firewall could be replaced by a physical firewall only. The firewalls would have to support the technology of coupling to 2 switches and use both with equal priority. In technological terms, this represents a considerable step backwards: only components from the manufacturer Cisco can be used for the expansion and replacement of firewall structures in this area, since only these can be integrated into the existing protocol structure, thus making the replacement of numerous intact components unnecessary. GeNUA systems are already in use as a second firewall system in the BOS environment. These are to be used in accordance with the specifications of the BDBOS for the encryption of lines in the BOS network. Alternatively, another manufacturer with the necessary certification could be considered. However, since interoperability between different manufacturers does not exist, especially in the area of encryption, only GeNUA systems can be considered for expansion and system exchange in this area: only the system already established in the DCS can be used to expand firewall structures for the DCS and to improve security in the connection networks of schools. This is the only way to ensure the undisturbed functioning of the overall system, and the specifications for Lot 3 therefore specifically and exclusively require components from the manufacturers Cisco, GeNUA, and Palo Alto.

Opportunity closing date

24 July 2020

Value of contract

to be confirmed