I . PURPOSE
The Ohio Department of Mental Health and Addiction Services (OhioMHAS) is seeking proposals from qualified contractors to modernize our wireless infrastructure.
II. BACKGROUND
OhioMHAS owns and operates an Agency wide Aruba wireless system, comprised of 9 Aruba Controllers and 1300 Access Points installed at 8 primary locations, as well as several remote locations. These access points provide wireless network connectivity for Voice, Data, and Video services at all locations. These voice, data, and video services facilitate vital 24x7 “person to person” voice functionality, access to core Agency applications, and access to intranet/internet information sources. The user count for any given 24-hour period exceeds 1000 user/nodes on the wireless network, with hundreds of gigabytes of data throughput.
OhioMHAS has the need to modernize the configuration of the wireless system to provide better security, increase visibility and troubleshooting of devices connecting to the wireless network, upgrade of the code base running on the infrastructure, and enhancement of the architecture implemented to support the wireless system.
In support of this modernization effort – OhioMHAS seeks services to modernize our wireless
infrastructure. The selected vendor will provide:
1. Project Management Oversight
2. Service Planning
3. Architecture and Design
4. Design and Configuration
5. Startup Support
6. Development
7. Validation Testing
8. As-built Documentation
9. Post Deployment (Production) Support
10. Additional Items
III. SCOPE OF WORK AND DELIVERABLES
In support of this modernization effort – OhioMHAS seeks services to modernize our wireless
infrastructure. The selected vendor will provide:
1. Project Management Oversight
2. Service Planning
3. Architecture and Design
4. Design and Configuration
5. Startup Support
6. Development
7. Validation Testing
8. As-built Documentation
9. Post Deployment (Production) Support
10. Additional Items
The delivery specification for each of the requirements are:
1. Project Management Oversight
In this phase, the selected vendor will:
• Schedule appropriate staff in a timely manner and coordinate all technical resources.
• Participate in scheduled project review meetings and conduct meetings and conference calls as required to meet the project deliverables and timelines.
• Provide a weekly activity report.
Deliverables for this Service include:
• Documented project plan with milestones for customer dependencies
2. Service Planning
In this phase, the selected Vendor’s Project Manager will coordinate the activities and activity sequence with the OhioMHAS project manager.
In this phase, the selected Vendor’s technology specialist will conduct service planning meetings with the OhioMHAS project team and share service delivery requirements and prerequisites. The selected Vendor will help collect and review information to confirm that all prerequisites have been met.
Activities during these meetings include:
• Provide and review prerequisite checklist for completion.
• Provide and review prerequisite instructions for completion.
• Review roles and responsibilities.
• Schedule High Level Design (HLD) collaboration meeting
• Discuss scheduling.
• Prerequisite readiness check
• Equipment availability/arrival
• Customer change management requirements
Deliverables for this Service include:
• Documented project plan with milestones for customer dependencies
3. Architecture and Design
In this phase, the selected vendor will
• Define the Controller Architecture, use cases, and high-level design.
• Define ClearPass Architecture, use cases and high-level design.
• Define Airwave Architecture, use cases and high-level design.
• Reviewing OhioMHAS requirements and included use cases.
• Reviewing firewall requirements with OhioMHAS’ network and security teams
• Reviewing pre-installation requirements
4. Design and Configuration
In this phase, the selected vendor will, with Customer assistance:
• Apply baseline configuration for all Aruba controllers in place at their respective geographical locations (i.e. on site at each site) which will include code upgrade to most current version possible.
• Apply baseline configuration for two (2) ClearPass nodes at a single geographical location which will include code upgrade to most current version possible.
• Apply baseline configuration for one (1) Airwave node at a single geographical location which will include upgrade to most current version possible.
• Reviewing Customer’s requirements and included use cases.
• Reviewing firewall requirements with Customer’s network and security team
• Reviewing pre-installation requirements
5. Startup Support
In this phase, the selected Vendor will:
• Provide provisioning instructions (including recommended code versions and upgrade procedures)
for virtual or physical Aruba Controllers nodes.
• Provide provisioning instructions (including recommended code versions and upgrade procedures)
for virtual or physical Aruba ClearPass nodes.
• Provide provisioning instructions (including recommended code versions and upgrade procedures)
for virtual or physical Aruba Airwave nodes.
• Provide guidance to customer on how customer can provision physical or virtual appliances and perform software upgrades if needed.
• Assist with registration and application of Aruba licenses to in scope Aruba devices.
6. Development
In this phase, the selected Vendor will:
A. Controllers
a. Configure each (all) controllers as part of the controller architecture, with a local controller at each site, connecting to the Primary Controller located at the main data center.
b. Configure the local controllers in alignment with the system architecture determined during the Architecture and Design phase.
B. ClearPass
a. Configure all ClearPass server(s) in alignment with the system architecture determined during the Architecture and Design phase.
b. Configure up to four (4) nodes in a single cluster3.
c. Configure one (1) node as the Publisher and one (1) node as the Backup Publisher
d. Configure the cluster for RADIUS, TACACS and Guest authentication.
e. Configure up to four (4) ClearPass-based Virtual IP addresses (VIPs) to support high availability.
f. Configure the cluster with one (1) external location or server for automated configuration backup.
g. Configure the cluster with up to one (1) Active Directory (AD) authentication source.
h. Apply up to two (2) customer-provided server certificates: one (1) SSL for ClearPass guest4 and administration, and one (1) for RADIUS 802.1X use cases on up to four (4) ClearPass nodes.
i. Configure up to three (3) wireless Network Access Devices (NADs)5 and three (3) wired NADs.
j. Configure up to two (2) TACACS services, with up to two (4) AD groups configured for read and read/write role derivation.
k. Configure one (1) wired service for 802.1X, with or without MAC Authentication Bypass (MAB), to include one (1) authentication type and up to two (2) VLAN mappings.
l. Configure one (1) wired service for MAC authentication to include one (1) authentication type and up to two (2) VLAN mappings.
m. Configure one (1) wireless service for 802.1X (Secure SSID) to include one (1) authentication type and up to two (2) VLAN mappings.
n. Configure one (1) wireless service for open or PSK MAC authentication to include one (1) authentication type and up to two (2) VLAN mappings.
o. Configure one (1) wireless Guest self-registration workflow, utilizing ClearPass guest webpage templates4 for self-registration and a downloadable receipt.
p. Configure the cluster data retention settings.
C. Airwave
a. Configure the Airwave server in alignment with the system architecture determined during the Architecture and Design phase.
D. Additional Configuration Items
a. In cases where unforeseen configuration items are discovered, or some configuration items exceed the limits as described in parts 6A, 6B, and 6C, those configuration items will be completed to meet the Architectural Design (as described within part 3) and be validated accordingly in accordance to part 7.
7. Validation and Testing Phase
In this phase, the selected vendor will:
• Create and provide a standard validation checklist encompassing all configured use cases/scenarios as defined within the Architecture and Design Phase
• Assist with the execution of each test in the checklist to validate the use cases, defined in the Design and Architecture Phase, are being met.
8. As Built Documentation Phase
In this phase, the selected vendor will provide:
• A topology diagram describing the logical interconnection of the in-scope Aruba devices.
• A diagram showing the configured Aruba Controllers, ClearPass services, Airwave services and their relationship to each other.
• A list of configured IP addresses for in scope Aruba devices and TACACS/RADIUS shared keys used during the configuration phase.
9. Post Deployment (Production) Support
In this phase, the selected vendor will provide:
• 40 hours of post-production remote support for all configuration items described in part 6.
• The support window will be in effect for 6 months after phase 7 is completed.
• Support to be consumed (billed) in 6-minute increments (10 increments per hour possible)
• Support duration will be communicated at the completion of each request, via email for confirmation regarding the call duration, and so that duration can be tracked.
• Support calls would be limited to normal business hours, 8:00AM-5:00PM E.S.T.
• Support responsiveness will be 8x5 NBD (meaning, normal business hours Monday – Friday with an expected response window not to exceed next business day (but may be sooner if available)
IV. MINIMUM QUALIFICATIONS OF CONTRACTOR
In support of this modernization effort – OhioMHAS seeks services to modernize our wireless infrastructure. The selected vendor will provide:
1. Project Management Oversight (Project Manager)
2. Service Planning (Project Manager)
3. Architecture and Design (ACDP or ACMX)
4. Design and Configuration (ACMP or ACDP or ACMX)
5. Startup Support (ACMP)
6. Development (ACMP)
7. Validation Testing (ACMP)
8. As-built Documentation (ACMP)
9. Post Deployment (Production) Support (ACMP)
10. Additional Items
The minimum qualifications of the project staff shall be:
10. Project Management Oversight – by a PMP certified project manager with at least 5 years of experience managing technology projects.
11. Architecture and Design – by an Aruba Certified Design Professional (ACDP), or an Aruba Certified Mobility Expert (ACMX) with at least 5 years of experience architecting Aruba wireless network solutions which include Clearpass authentication.
12. Design and Configuration – by an Aruba Certified Mobility Professional (ACMP) or higher- level Aruba Certification (ACMX or ACDP) with at least 5 years of experience.
13. Startup Support– by an Aruba Certified Mobility Professional (ACMP) or higher-level Aruba Certification (ACMX or ACDP) with at least 5 years of experience
14. Development – by an Aruba Certified Mobility Professional (ACMP) or higher-level Aruba Certification (ACMX or ACDP) with at least 5 years of experience
15. Validation and Testing Phase– by an Aruba Certified Mobility Professional (ACMP) or higher-level Aruba Certification (ACMX or ACDP) with at least 5 years of experience
16. As-built Documentation – by an Aruba Certified Mobility Professional (ACMP) or higher- level Aruba Certification (ACMX or ACDP) with at least 5 years of experience
17. Post Deployment (Production) Support – by an Aruba Certified Mobility Professional (ACMP) or higher-level Aruba Certification (ACMX or ACDP) with at least 5 years of experience.
** Aruba certifications may not be required if vendor can show demonstrative experience
implementing the Clearpass and Airwave technology and are willing to provide references the
OhioMHAS is permitted to contact for verification.
Contractor shall not be subject to an “unresolved” finding for recovery under Section 9.24 of Ohio Revised Code.
