PROCURING IT INFRASTRUCTURE AND SERVER ROOM FOR THE PUBLIC PROCUREMENT AUTHORITY (PPA)
Since 2019, Lebanon has been facing one of the worst economic crises globally since the mid-nineteenth century according to the World Bank, with 2 major events intensifying its impact, the COVID-19 pandemic and the Beirut port explosion in 2020. As the financial and economic situation unfolds, the downfall can be seen in all of the country’s aspects, from the availability of state services to the functioning of public administrations. Understanding the extent of this downfall requires an overview of several key facts that could represent Lebanon’s new reality.
Lebanon has also been facing political and economic crises for several years. The country has a complex political system that is based on power-sharing arrangements among its religious sects. However, this system has led to political gridlock, corruption, and a lack of accountability, which has resulted in a deteriorating economic situation and social unrest. The political deadlock in Lebanon refers to the ongoing inability of the country's political leaders to form a functioning government. This deadlock has been repetitive and has always persisted for multiple months and sometimes years.
The country’s worsening context has severe consequences on all sectors, with Lebanese public administrations being the most affected due to the reduction of available public funds. This has affected the core of public services and the basic functioning of administrations.
A new EU Program Action started in December 2023 that aims to support progress in key areas of public administration reform in Lebanon through enhancing the integrity, transparency and accountability of its public administration aligned with the principles of a modern public administration. It consists of three outcomes:
- Safeguarding integrity of the public administration, mainly in the area of public human resources management (i.e. civil service reform);
- Enhancing transparency in public administration systems, mainly in the area of public procurement at central and local level (i.e. public financial management reform) and access to public information (i.e. accountability);
- Strengthening accountability of the administration by reinforcing the role of the main oversight bodies (i.e., Central Inspection Board, Court of Audits and National Anti-Corruption Commission) in implementing reform, fighting and preventing corruption.
The Outputs to be delivered contributing to the outcome 2 on public procurement reform are:
2.1. Centralized and decentralized public procurement systems more transparent by setting up the e-procurement platform;
2.2 Skills of procurement officers and stakeholders enhanced and public procurement function created;
2.3 The public procurement system is regulated by an independent authority committed to the principles of transparency, fair treatment of all bidders and equal opportunities to participate;
2.4 The role of civil society organizations in supervising and monitoring public procurement enhanced.
Needs justification
Albeit the financial crisis, almost all Lebanese governmental entities have suffered from budget cuts that affected negatively on their IT infrastructure and IT systems spending. The complications have multiplied with the financial crisis and political gridlock in the country, leaving most public administrations in dire need of support.
The PPA, officially established on July 29, 2022 in accordance with the law, is a public procurement regulatory authority, whose missions defined by article 76 of law 244/2021, and include:
- Assistance and control of contracting entities in their public procurement operations.
- The variation of the law in secondary legislation.
- The definition of national public purchasing policies.
- The creation of public buyers’ professions and the definition of a national training policy.
- The establishment of an e-procurement system.
- International cooperation in public procurement.
The project aims to support the IT and Capacity building needs of the public procurement authority. Digitalization and reliance on IT solutions are key to the success of the PPA, especially with the international standards for transparency in public procurement. In order to carry out the project activities, Expertise France will support the procurement of IT infrastructure and Data Center for the PPA, as per the following specifications.
- Objectives and desired results
-
- General objective
The objective of the assignment is building the IT Infrastructure of PPA including cabling, switching, VoIP Telephony, Redundant Power supply, WIFI Hot spots, Internet connection cabling and a Server room.
-
- Specific objectives
- Empower PPA in conducting its leading and focal role in supporting public administrations.
- Provide a modern and stable infrastructure much needed for the smooth operation within the PPA.
-
- Anticipated results
Delivery of the required needed infrastructure and equipment by <>
- Deliverables
-
- Scope of Work
1.1. Network Infrastructure (24/7)
- Design and deploy a structured cabling system based on industry standards.
- Provide and install high-quality network core and edge switches and related hardware.
- Ensure scalability for future expansion.
- Implement redundancy and failover mechanisms.
- Conduct testing and optimization for optimal network performance using Use tools such Wireshark, SolarWinds, or PRTG to measure current network performance metrics such as latency, throughput, packet loss, and jitter.
- Configure QoS to prioritize critical traffic and ensure that important applications
- Use VLANs to segment network traffic and reduce congestion have the necessary bandwidth.
- Properly subnet the network to improve routing efficiency and reduce broadcast traffic.
1.2. Server Room
- Design and build PPA Server room
- Install and configure servers, storage systems, and backup solutions.
- Implement virtualization technologies.
- Set up environmental monitoring, cooling, and power distribution systems.
- Ensure compliance with industry standards (TIA-942) and regulations.
1.3. Security (24/7)
- Integrate intrusion detection/prevention systems/firewalls, and antivirus solutions to protect against internal and external cybersecurity threats.
- Implement access controls, encryption protocols, and secure network communication.
- Conduct regular security audits and vulnerability assessments.
- Develop and implement an incident response and disaster recovery plan.
- Ensure compliance with Lebanese security regulations and procedures.
-
- Technical Requirements
2.1. Cabling
- Cat6 or higher structured cabling for data and voice.
- Power cables
- Proper labeling and documentation of cabling infrastructure with a well-documented map in AutoCAD and JPG formats to be delivered to PPA as part of the sign off process.
- Labeling should follow the below guidelines:
- Use Durable Labels
- Material: Use labels made from durable materials that can withstand environmental conditions like heat, moisture, or abrasion (e.g., vinyl or polyester).
- Print Quality: Use a label printer that provides clear, smudge-proof, and fade-resistant text.
- Consistent Naming Convention
- Identifier Code: Develop a standard naming convention that includes unique identifiers, such as:
- Location: Include room number, rack number, or panel number.
- Cable Type: Specify if it's a power cable, network cable, etc. (e.g., CAT6, HDMI, Fiber, etc.).
- Source and Destination: Clearly state where the cable starts and ends (e.g., SW01-P01 to SW02-P10).
- Sequence Number: Include a sequential number for similar cables (e.g., Cable 1, Cable 2, etc.).
- Example: RACK1-SW01-PORT01-TO-SW02-PORT10
- Identifier Code: Develop a standard naming convention that includes unique identifiers, such as:
- Label Both Ends
- Ensure that each cable is labeled at both ends with the same identifier. This makes it easier to trace cables through pathways or bundles.
- Visible Placement
- Positioning: Place the label close to the connector but not on it, ensuring it remains visible and accessible.
- Orientation: Ensure that the label text is easy to read without needing to twist or turn the cable.
- Use Color Coding
- Consider color-coded labels to distinguish between different types of cables, purposes, or priorities (e.g., red for power cables, blue for network cables).
- Documentation
- Keep a detailed record of all cable labels in a master document, mapping each label to its corresponding cable route, type, and purpose. This documentation is crucial for PPA later on maintenance and troubleshooting.
- Use Durable Labels
2.2. Network Edge Switches
- Gigabit Ethernet Managed edge switches with PoE ready capabilities + dedicated UPS of 10 to 15 minutes backup time for each
- Proposed switches and Network components should support SFP interfaces.
- VLAN support and QoS features.
- Redundant power supplies and high availability features.
- Web-based or command-line interface (CLI) for easy configuration and management
- Operating temperature range suitable for the installation environment
2.3. Core Switch
Managed Layer 3 Core Switch with 48 Gigabit Ethernet ports, supporting advanced routing protocols, redundancy features (e.g., VRRP, HSRP), and high-speed uplinks (10G/40G/100G), including rack-mount kit, power supply, and necessary licenses.
- Form Factor: Rack-mountable, 1U/2U chassis
- Ports:
- Ethernet Ports: Minimum of 48 x 10/100/1000 Mbps Gigabit Ethernet ports.
- Uplink Ports: Minimum of 4 x 10G SFP+ (or higher) uplink ports, with optional 40G or 100G uplink support.
- Expansion Slots: Support for modular expansion (e.g., additional SFP+ or QSFP+ modules).
- Redundancy: Dual redundant, hot-swappable power supplies and fans.
- Throughput: Minimum of 1 Tbps switching capacity and high packet forwarding rate.
- Latency: Ultra-low latency for high-performance environments.
- Routing Protocols: Support for advanced Layer 3 routing protocols (e.g., OSPF, BGP, EIGRP, RIP).
- Switching Features:
- VLAN support (802.1Q)
- Link Aggregation Control Protocol (LACP, 802.3ad)
- Spanning Tree Protocol (STP, RSTP, MSTP)
- Quality of Service (QoS) for traffic prioritization.
- Security Features:
- Access Control Lists (ACLs)
- Port Security
- 802.1X authentication
- DHCP snooping
- MAC address filtering
- Licensing and Software
- Operating System: Include the core switch OS with all required features unlocked (Layer 3 features, security, QoS, etc.).
- Licenses: All necessary software licenses for advanced features (e.g., routing, security, virtualization).
- Firmware: Latest firmware version pre-installed, with future upgrade paths.
2.4. Firewall
Performance Specifications
- Firewall Throughput: Minimum of 1 Gbps.
- VPN Throughput: Minimum of 500 Mbps for encrypted traffic (IPsec VPN).
- Intrusion Prevention System (IPS) Throughput: Minimum of 500 Mbps.
- Concurrent Sessions: Ability to handle at least 200,000 concurrent sessions.
- New Sessions per Second: Capable of initiating 5,000 new sessions per second.
Interface and Connectivity
- Ports:
- Minimum of 4 x 1GbE (Gigabit Ethernet) ports.
- Optional 2 x 10GbE SFP+ ports (for future scalability or uplinks).
- WAN Connectivity: Support for dual WAN interfaces for load balancing and failover.
- Redundancy: Single power
Security Features
- Stateful Packet Inspection (SPI): Basic firewall functionality with stateful inspection.
- Intrusion Prevention System (IPS): Integrated IPS with real-time threat detection and prevention.
- Application Control: Ability to identify and control applications regardless of port or protocol.
- Content Filtering: URL and web content filtering to block access to inappropriate or harmful websites.
- SSL Inspection: Ability to inspect SSL/TLS encrypted traffic.
VPN Capabilities
- Site-to-Site VPN: Support for IPsec VPN with at least 10 tunnels.
- Remote Access VPN: SSL VPN support for up to 25 concurrent remote users.
- Encryption: Support for AES-256 encryption and secure VPN protocols.
Management and Monitoring
- User Interface: Web-based GUI and CLI for easy management.
- Centralized Management: Option to connect to a centralized management system.
- Logging and Reporting: Integrated logging and reporting tools with basic analytics.
- Real-Time Monitoring: Support for SNMP and Syslog for monitoring network activity and integrating with other management tools.
Scalability and Futureproofing
- Scalability: Ability to handle an increase in users and traffic (e.g., easily upgradeable license for more users).
- Software Updates: Ensure regular firmware and security updates are available.
Support and Warranty
- Technical Support: 24/7 support with SLA-based response times.
- Warranty: Minimum 3 years hardware warranty, with options for extended warranty or support packages.
Physical and Environmental Requirements
- Form Factor: 1U rack-mounted appliance.
- Power Consumption: Low power consumption, suitable for SMB environments.
- Environmental: Operating temperature between 0-40°C, humidity tolerance of 10-90% non-condensing.
2.5. Server room Equipment
1. Infrastructure
- Purpose-built facility with redundant power and cooling systems.
- High-security physical access controls, including biometric authentication supporting face and fingerprint recognition.
- Fire suppression systems compliant with industry standards.
2. Power Distribution
- Redundant power supply that can support the Server room for 30 to 40 minutes of power outage.
3. Cooling Systems
- Air conditioning systems to maintain optimal temperature and humidity levels.
- Redundant cooling units for failover and efficiency are desirable and must be quoted separately.
4. Security
- Multi-layered security protocols, including 24/7 surveillance, access logs, and intrusion detection systems.
5. Rack and Cabinet Specifications
- Standardized server racks with cable management and airflow optimization.
- Dual power feeds and redundant network connections for each rack.
- Environmental monitoring sensors within each rack.
6. Real-time monitoring of temperature, humidity, and air quality
- Automated alerts for environmental anomalies.
7. Fire Detection and Suppression
- Early detection systems for smoke and heat.
- Fire suppression systems using gas or other industry-approved methods.
8. Servers
-
- 2 Enterprise-grade rack servers (Active /Passive Mode) with HW supporting Virtualization and encompassing 2 or 3 VMs as follows:
- VM 1: Active Directory
- VM 2: File Server with local shared folders
- VM 3: IP Telephony server hence the suggested solution requires that otherwise this VM can be disregarded.
- Virtualization software with the following requirements:
- Virtualization Platform:
- The solution should support leading hypervisors such as VMware vSphere, Microsoft Hyper-V, or KVM.
- Must be compatible with the required operating systems and applications.
- Management Tools
- Centralized management console (e.g., VMware vCenter, Microsoft System Center) for monitoring, provisioning, and managing VMs.
- Tools for automation and orchestration (e.g., scripts, Ansible) to streamline operations.
- Virtualization Platform:
- Necessary licenses are to be provided to support the above requirements.
- 2 Enterprise-grade rack servers (Active /Passive Mode) with HW supporting Virtualization and encompassing 2 or 3 VMs as follows:
9. Backup
- 10 TB RAID 5 NAS storage
- Enterprise grade backup software with the following requirements:
- Core Backup and Restore Capabilities
- Full, Incremental, and Differential Backups: Support for various backup types to optimize storage use and performance.
- Granular Recovery: Ability to restore individual files, databases, applications, or entire systems.
- Application Awareness: Ensure consistent backups for critical applications like databases,….
- Scalability and Performance
- Scalability: Capable of scaling to handle growing data volumes and supporting large, distributed environments.
- High Performance: Efficient data transfer and minimal impact on production systems during backup and restore operations.
- Deduplication and Compression: Reduce storage requirements and improve backup efficiency.
- Security and Compliance
- Data Encryption: Encrypt backup data both in transit and at rest using strong encryption standards (e.g., AES-256).
- Compliance: Ensure adherence to industry regulations (e.g., GDPR, HIPAA), with audit trails and data retention policies.
- Automation and Orchestration
- Automated Backup Scheduling: Set up and manage backup schedules, including custom frequencies for different data sets.
- Orchestration: Manage complex backup workflows, including automated pre- and post-backup tasks.
- Monitoring and Alerts: Real-time monitoring with alerts for backup failures, missed schedules, or anomalies.
- Disaster Recovery Integration
- Replication: Support for data replication to secondary sites or cloud environments for disaster recovery.
- Failover and Recovery: Integrate with disaster recovery solutions to automate failover and orchestrate recovery processes.
- Multi-Environment Support
- On-Premises and Cloud: Support for hybrid environments, enabling backups of on-premises, cloud-based, and virtualized resources.
- Virtualization: Native support for backing up and restoring virtual machines (e.g., VMware, Hyper-V).
- User Interface and Management
- Centralized Management Console: Provide a single interface for managing backups across all environments.
- User-Friendly Interface: Intuitive and easy-to-use UI for both administrators and end-users.
- Reporting and Analytics: Comprehensive reporting tools with customizable dashboards and analytics.
- Support and Maintenance
- Vendor Support: Access to 24/7 support and regular software updates.
- Documentation and Training: Provide detailed documentation, user guides, and training resources.
10. Antivirus/ Anti-SPAM protection
- Kaspersky is currently installed at PPA premise, yet its subscription has expired with no budget to renew it. A suitable quotation for 30 users is to be included for a 3-years renewal. Hence the Vendor has an alternative protection that is of more suitable price, please feel free to include an alternative offer with the same number of seats (30)
2.5. LAN Access point
- 60 LAN access points distributed over around 15 rooms (Please refer to annex 1 for a floor map)
- Each access point should fall under the category of a "Smart" or "Intelligent" outlet, which refers to outlets that go beyond traditional power supply by having LAN (RJ45), VoIP Telephony, USB-C (USB Type-C) , Power, and UPS outlets.
2.6. IP Telephony System
Devices: 20
The desired IP Telephony system should support the following:
- Protocols and Standards
- SIP (Session Initiation Protocol) and H.323 for call signaling.
- RTP (Real-time Transport Protocol) for voice packet transmission.
- LDAP (Lightweight Directory Access Protocol) for directory services.
- HTTPS for secure web-based administration.
- Call Control
- Centralized call control managed by a dedicated server for efficient call routing, call setup, and tear-down.
- Support for features like call forwarding, call waiting, call transfer, and call hold.
- Voicemail and Messaging
- Voicemail system with customizable greetings, message storage, and retrieval.
- Integrated messaging platform for voice, email, and fax.
- Conferencing
- Multi-party conferencing capabilities with support for ad-hoc and scheduled conferences.
- Secure and encrypted conferencing options for sensitive discussions.
- Quality of Service (QoS)
- Prioritization of voice traffic through the implementation of Quality-of-Service protocols.
- Bandwidth management to ensure optimal voice quality.
- Security
- Encryption of signaling and voice traffic to prevent eavesdropping.
- Authentication mechanisms for user access and device registration.
- Firewall compatibility for secure external communication.
- Integration
- Seamless integration with existing IT infrastructure, including LDAP directories, CRM systems, and other business applications.
- API support for custom integrations with third-party software.
- Management and Monitoring
- Web-based administration interface for easy configuration and monitoring.
- Real-time monitoring tools for tracking system performance, call quality, and user activity.
The selected Vendor should integrate the provided IP telephony system with the newly provisioned PPA OGERO line.
2.7. WIFI Hotspots
- Location
- Identify and install WiFi hotspots in specific locations as per the floor plan depicted in Annex 1
- Infrastructure Requirements
- Propose and install the necessary infrastructure for the WiFi hotspots, including access points, controllers, switches, and any other required hardware.
- The proposed deployment is desirable to support SPFP/Fiber interfaces, please mention any price variation, if any, from standard deployment.
- Coverage and Capacity
- Design the WiFi network to provide seamless coverage in the specified areas.
- Ensure sufficient capacity to support the expected number of concurrent users.
- Network Security
- Implement robust security measures including encryption to safeguard the WiFi network and users' data.
- Authentication and Access Control
- The solution must support various authentication mechanisms for users accessing the WiFi network including public users limited access. The vendor will be responsible for creating multiple WIFI networks including a guest one as per PPA advice.
- Implement access controls to restrict unauthorized access.
- Quality of Service (QoS):
- Implement QoS policies to prioritize and optimize network traffic, ensuring a high-quality user experience.
- Remote Management:
- Provide a remote management system for monitoring, troubleshooting, and configuration adjustments.
-
- Professional Services
The selected vendor shall provide comprehensive professional services for the installation, configuration, and validation of the PPA infrastructure. This includes:
- Installation Services
- Install and physically mount all necessary equipment, including firewalls, switches, sensors, control panels, and other provided devices.
- Ensure proper cabling and labeling according to standards.
- Configuration
- Configure all installed devices, including setting up security policies, user access levels, and network parameters as advised by the PPA team.
- Integrate PPA infrastructure with existing systems (e.g., networking, security, IT management systems).
- Implement and configure advanced features like threat detection, automation protocols, and remote monitoring.
- Functional Testing
- Perform comprehensive testing of all components to ensure they are operating correctly and according to the specifications.
- Validate communication between integrated systems.
- Conduct failover and redundancy tests to ensure system reliability.
- Security Testing
- Conduct security assessments including vulnerability scans, penetration testing, and simulation of threat scenarios.
- Verify the effectiveness of the installed firewalls, intrusion detection systems (IDS), and other security measures.
- Documentation
- Provide detailed documentation including network diagrams, configuration files, and user manuals.
- Document any custom configurations or integrations for future reference.
- Training
- Conduct onsite training sessions for the in-house IT team on system operation, maintenance, and troubleshooting.
- Provide training materials and resources for future reference.
-
- General Requirements
- All proposed equipment must be available in stock or within 4 – 6 weeks of the onsite delivery time frame.
- Proposed Licenses and equipment must have at least 5 years end of life (EOL)
- The required solution might require civil works to be conducted such as wall painting, false ceiling, electrical works, ….. , interested vendors should accommodate for this and should include it within their suggested technical and commercial proposal.
- Software licenses including OS and others must be perpetual, no SaaS licenses are accepted.
- The proposed solution must include 3 years’ onsite maintenance and support with a proper SLA.
- Maintenance and Support must be conducted in Lebanon and onsite at PPA. Remote support is not acceptable.
- Detailed Infrastructure map showing all the cabling, switching and their supporting equipment in AutoCAD and image format.
- Delivery is onsite at Public Procurement Authority (PPA) premise located in Beirut - Verdun– Lebanon (location: https://maps.app.goo.gl/LGG9NVJ8J3RPe2ZG6 )
-
- Subcontracting
-
- Experience and Expertise: Subcontractors must demonstrate sufficient experience and expertise in the specific areas of work they are being contracted for. The primary contractor must ensure that all subcontractors are qualified and capable of performing the work to the required standards.
-
- Licensing and Certification: Subcontractors must hold all necessary licenses, certifications, and approvals required to perform the work in the relevant jurisdictions. The primary contractor must verify and provide documentation of these credentials.
-
- Supervision: The primary contractor is responsible for supervising the work of all subcontractors, ensuring that their work is integrated smoothly with the overall project. The primary contractor must also ensure that subcontractors adhere to the project schedule and deliverables.
-
- Coordination: The primary contractor must coordinate the activities of subcontractors to avoid conflicts and ensure that all work is performed in a timely and efficient manner.
-
- Payment Terms: The primary contractor is responsible for ensuring that all subcontractors are paid in accordance with the terms of their agreements. Delays or disputes in payment between the primary contractor and subcontractors shall not impact on the overall project schedule or the Expertise France obligations under the contract.
-
- Lien Waivers: The primary contractor must provide lien waivers from all subcontractors as part of the payment process to ensure that no claims can be made against the Expertise France.
-
- Liability: The primary contractor assumes full liability for the actions and performance of all subcontractors. Any damages or deficiencies caused by subcontractors are the responsibility of the primary contractor to rectify.
-
- Replacement: If a subcontractor fails to perform or violates any terms of the contract, the primary contractor must replace the subcontractor at no additional cost to Expertise France. Any delays caused by such a replacement must be mitigated to avoid impacting the overall project schedule.
-
- Termination Rights: Expertise France reserves the right to require the primary contractor to terminate a subcontractor if their performance is deemed unsatisfactory or if they fail to comply with contractual obligations.
-
- Service Level Support
The vendor shall describe the support procedures that are to be during & followed the end of the Warranty period, according to the below table summarizing the levels of severity and corresponding Response/Resolution times.
Level of urgency & specification
Response time
Priority A
Failure of software and hardware that causes service interruption
within 4-6 hours
Priority B
Error or problem that has caused loss of some functionality and/or may lead to service interruption
Within 1-2 Business days
Priority C
Problem during live operation that is clearly due to faulty behaviour; problem that shall have a long-term effect on production, although it shall not lead to immediate service failure
Less than 2-3 Business days
Priority D
Technical Queries from the Customer not related to a System fault and not affecting the operation and functionality of the system
Within 5 business days
How to apply
A site visit is Mandatory for the all Interested applicants will be held on 24/10/2024 at 9:30 am and they must confirm the site visit attendance by sending an email to: lebanon.procurement@expertisefrance.fr before the 23rd of ocotber.
Tender documents are can be downloaded from the below link: https://www.marches-publics.gouv.fr/?page=Entreprise.EntrepriseAdvancedSearch&AllCons&id=2637887&orgAcronyme=s2d
Intrested applicants can apply to the call through the procurement E platform:https://www.marches-publics.gouv.fr/?page=Entreprise.EntrepriseAdvancedSearch&AllCons&id=2637887&orgAcronyme=s2d
Tender deadline is the 4th of November 2024 at 17:00 Paris time
Intrested applicants are encouraged to register there info on the procurement platform upon downloading the full dossier in order to receive further information on the call.