Request for Tender No.

SEHA-G/RFP/18/2012

SEHA Microsoft Centralization Program Development, Implementation and Support

Last Date to Purchase: 05/07/2012 Note: In order to participate in this RFP you have to pay 2000 AED as a fee.

Issue date: 24/6/2012

Submit Tender to: Attn: Procurement and Services Manager Abu Dhabi Health Services Company (SEHA) Executive Building Das Tower, 9th Floor, Sultan Bin Zayad Street (32nd Street), Khalidiyah Abu Dhabi, UAE Tel: +971 2 410 2000

Closing date and time: Tenders must be received by 12:00 P.M. on 12/7/2012

Note: kindly mention the tender no. (SEHA-G/RFP/18/2012) in the subject of your email.

SEHA-G/RFP/18/2012

Page 1 of 103

Table of Contents
1. 2. 3. 4. 5. 6. Background ................................................................................................................................................ 5 SEHA, Vision, Mission, Values:................................................................................................................... 5 Purpose ...................................................................................................................................................... 6 Definitions ................................................................................................................................................. 7 Eligible Bidders .......................................................................................................................................... 7 Scope of Services ....................................................................................................................................... 8 6.1 Platform, IT Services & Technologies Required................................................................................. 8 6.2 6.3 6.4 7. a. b. 8. 9. Scope of Implementation Services .................................................................................................. 12 Network Design requirements ........................................................................................................ 14 Integration & Interface requirements (to non-MSFT systems) ....................................................... 14

Vendor Evaluation Criteria ...................................................................................................................... 14 Vendor Capabilities.............................................................................................................................. 14 Vendor Criteria .................................................................................................................................... 15

Requirements .......................................................................................................................................... 16 Project Approach, Design & Delivery Methodology & Milestones ......................................................... 17 a. Program and Change Management .................................................................................................... 17 i. ii. iii. iv. v. b. i. ii. iii. c. i. ii. iii. d. e. f. i. ii. Project Management Methodology ................................................................................................ 17 Business transition and change management................................................................................. 18 Program Milestones ........................................................................................................................ 18 Program Planning Requirements..................................................................................................... 20 Program Documentation Acceptance Criteria ................................................................................ 21 Planning & Design Phase ..................................................................................................................... 21 Requirements Management............................................................................................................ 21 Business Analysis ............................................................................................................................. 21 Sizing, Growth and Capacity Planning ............................................................................................. 22 Build & Testing Phase Requirements .................................................................................................. 23 Build Staging Environment .............................................................................................................. 24 Component and End-to-End (systems integration) testing ............................................................. 24 Operational Readiness Testing & Launch Services .......................................................................... 25 Deployment Phase Requirements ....................................................................................................... 25 Stabilization Phase Requirements ....................................................................................................... 27 Additional Delivery Considerations ..................................................................................................... 28 Data Migration & Cutover: Design, Planning & Requirements Management................................. 28 Stress testing ................................................................................................................................... 29

SEHA-G/RFP/18/2012

Page 2 of 103

iii. iv. v.

Training and Knowledge Transfer.................................................................................................... 29 Security Requirements & Penetration Testing ................................................................................ 29 Branding Requirements ................................................................................................................... 29

10. Vendor Warranties, Support and Maintenance .................................................................................. 29 11. Schedule of Event ................................................................................................................................ 29 12. Evaluation Criteria and Process ........................................................................................................... 30 13. RFP Follow-up Communications .......................................................................................................... 31 14. Correspondence .................................................................................................................................. 31 15. Pre Bid Conference (If applicable) ...................................................................................................... 31 16. Letter of Intent to Bid .......................................................................................................................... 31 17. Closing Date/Time ............................................................................................................................... 32 18. Proposal Preparation Costs ................................................................................................................. 32 19. Proposal Preparation and Submission................................................................................................. 32 20. Delivery of Proposals ........................................................................................................................... 33 21. Late Proposals...................................................................................................................................... 33 22. Irrevocability of Proposal..................................................................................................................... 34 23. Validity of Proposal.............................................................................................................................. 34 24. Currency and Taxes ............................................................................................................................. 34 25. Presentation of Offers ......................................................................................................................... 34 SEHA may, at its own discretion, invite the top three short-listed Vendors to present their proposals to a SEHA panel. The purpose of the presentation is to clarify any ambiguities in the proposal and help SEHA evaluation team in the selection process. ....................................................................................................... 34 26. Award .................................................................................................................................................. 34 27. SEHAS Right and Options .................................................................................................................... 34 28. Terms and Conditions .......................................................................................................................... 35 29. General Terms and Conditions ............................................................................................................ 35 30. Appendices .......................................................................................................................................... 40 Requirements Matrix....................................................................................................................................... 40 1. 1 Project & Program Management ............................................................................................ 41 1.2 1. 3 1. 4 1. 5 1. 6 1. 7 1. 8 1. 9 1. 10 1. 11 Vendor Capabilities.................................................................................................................. 42 Design & Development ............................................................................................................ 43 Delivery requirements specific to Microsoft Technologies ..................................................... 44 Data Centre: Shared Services Infrastructure deployment ...................................................... 50 Disaster Recovery .................................................................................................................... 58 Security Requirements ............................................................................................................ 59 SEHA IT Operations ................................................................................................................. 71 Network Infrastructure Management ..................................................................................... 79 End User Knowledge Management & Enterprise Search services .......................................... 80 Data Migration......................................................................................................................... 83

Attachment 2: SEHA IT Services Heat Map & IT Services Matrix .................................................................... 85 1. SEHA Group capabilities ...................................................................................................................... 86 1.1 1.2 AD Forests & Domains for Cerner & Dynamics ............................................................................... 86 WAN Network details ...................................................................................................................... 86

SEHA-G/RFP/18/2012

Page 3 of 103

2. 3. 4. 5. 6. 7. 8. 9. 10.

SEHA Headquarters ............................................................................................................................. 88 AHS ...................................................................................................................................................... 88 SKMC.................................................................................................................................................... 90 Corniche............................................................................................................................................... 91 Al-Rahba Hospital ................................................................................................................................ 92 Tawam Hospital ................................................................................................................................... 93 Al-Ain Hospital ..................................................................................................................................... 94 Al-Mafraq Hospital .............................................................................................................................. 95 Al-Gharbia Hospitals ........................................................................................................................ 96

Attachment3: Data Center Hardware Bill of Quantities (BoQ) ....................................................................... 97

SEHA-G/RFP/18/2012

Page 4 of 103

1. Background
The Abu Dhabi Health Services Company PJSC, whose marketing identity is SEHA, was launched on 29 th November 2007 under Emiri Decree #10 issued April 2007. SEHA is a registered independent Public Joint Stock Company (PJSC) whose stock is currently 100% owned by the Government of Abu Dhabi. While the full name of the company is Abu Dhabi Health Services Company, the marketing name is SEHA. The word SEHA represents an English phonetic spelling and translation of the Arabic word for Health. SEHA was created to manage and develop the curative activities of the public hospitals and clinics of Emirates of Abu Dhabi and help shift their operating stance from one supported entirely by the government to one financed more like that of the private sector where employers and insurance pay for healthcare. While still a work in progress, the company has been quite successful migrating its operating model to the point where we are approaching fiscal independence. While audited financial results are disclosed only to the government, SEHA management has moved from a disjointed collection of former, MOH, HAAD and municipality sponsored hospitals and clinics with no common policies, no standard accounting practices, no operational commonality and few standards of care, to an integrated health system that is one of the largest in the Middle East and the only one with a fully integrated Healthcare Information System that produces an electronic medical record on every one of the 5 million patient visits handled each year. SEHA operates 12 hospitals with 2,644 beds, 62 Primary and Ambulatory Health Clinics and 2 blood banks. It employs about 17,000 physicians, nurses, technicians, allied health and administrative personnel. SEHA is working to earn the trust of the public and be their healthcare partner for life. We are partnered with healthcare leaders internationally recognized for their outstanding performance in their markets. Our partners include Johns Hopkins Medicine, Cleveland Clinic, Fresenius Medical Care, VAMED, and Medical University of Vienna. SEHA communicates to the public both externally and internally through a number of vehicles including required report filings to the government, an annual report to the public, various public documents that reflect our position on certain matters of policy and position in relation to our mission, vision and values, speeches and scripting of responses on matters of policy for senior managers, our web site information, social media information and corporate communications of various types contributed to hospital newsletters, conference.

2. SEHA, Vision, Mission, Values:

Vision: To provide our patients and communities with world-class healthcare. Mission: To continuously improve patient care to recognized international standards. Values: SEHA is an ethical organization. Accountable Equitable Efficient Responsible Transparent SEHA is a patient centered organization. Quality outcomes Comprehensive care Compassionate

SEHA-G/RFP/18/2012

Page 5 of 103

Culturally sensitive Respectful Reliable Accessible Affordable SEHA is an innovative organization. Research and education Partnerships and alliances Collaborative teamwork Empowered and satisfied staff

3. Purpose
SEHA is seeking proposals from qualified vendors to provide Systems Integrator and Implementation services for its intended Shared Services Infrastructure, an initiative designed to consolidate multiple discrete IT domains into a single managed IT environment. Its technology focus is exclusively Microsoft technologies operated by SEHA entities and extends beyond the installation and deployment of technology to include the operational readiness of SEHA to use the new platform. The Abu Dhabi Health Services Company (SEHA) intends to rationalize its IT infrastructure, a process which is serviced in part by this RFP. The successful vendor will take responsibility for all aspects of the platform development, test and deployment and also the migration and cutover of SEHAs end users from legacy environments to the Shared Services Platform. Additionally, the vendor will take responsibility for assuring the ability of SEHA to operate and maintain the platform and for SEHA users to use the services effectively with minimum disruption during the migration and cutover process. Currently the SEHA organization operates discrete and separate IT management domains and infrastructures across all of its business entities. Each of SEHAs business entities effectively has its own IT department which provides IT services to its own users. These IT departments operate in isolation from each other and provide overlapping sets of services. The intent of SEHAs rationalization initiatives is to achieve cost, efficiency and end user experience benefits through the consolidation and centralization of key IT servicesas defined in this RFP documentinto a single managed environment, whereby the following become true: Significant reduction in the operational, support and maintenance costs associated with providing and maintaining IT services to SEHA end users Measureable efficiency gains related to providing end user service from a ubiquitous SEHA-wide service catalogue Consolidation strategy intended to leverage maximum benefit from existing SEHA investments in Microsoft technologies Measureable end user productivity gains through a single IT environment providing communication and collaboration tools and knowledge management capabilities based on Microsoft assets Consistent availability of a single managed IT feature set to SEHA end users providing security, identity management, anti-virus, spam detection and other Enterprise features as described in this document

SEHA-G/RFP/18/2012

Page 6 of 103

A key component of this initiative is to build a foundation IT Shared Services Infrastructure which reaches from the central data center into all the SEHA business entities and their users, and then to build and provide end user services on that platform. To that end, a current project is underway to procure and deploy hardware for single consolidated data center architecture: supply of data center server hardware, therefore, is outside the scope of this RFP.

4. Definitions
The following words and expressions shall have the meanings hereby ascribed to them except where the context otherwise requires:

RFP SEHA

Means this Request for Proposal and all integrated parts of it including annexure, schedules, and attachments. Means Abu Dhabi Health Services Company (SEHA) of P.O. Box 109090-Abu Dhabi, established pursuant to the Amiri Decree no. 10 of year 2007. means any person or persons, firm, partnership, corporation or combination engaged in this RFP

Bidder(s)

Site Representative

Means the person or persons appointed by SEHA to coordinate in this RFP, and supervise as well as follow the performance of the awarded bidder. Das Tower, khalidiya street, next to women and children garden from the 9th to the 16th floor, total of 8 floors

Site location

5. Eligible Bidders
Responsive bidders must: The bidder must submit the necessary documents in the proposal. Failure to submit the necessary documents will lead to disqualification of the offer. Recognized enterprise in provision of network equipment maintenance services with success stories in past Demonstrate recognized experience and good international reputation in provision of systems integrator services globally. To include demonstrable evidence of delivery excellence, of the ability to design world-class end-to-end multi-component systems solutions, and of the ability to explicitly deliver solutions benefits in TCO, process efficiency and optimum User experience. Demonstrate a track record of successful large-scale delivery of complex programs of work specifically in Healthcare IT environments. Be able to mobilize assigned staff to work on site in the UAE for the duration of the contract. Preferably have experience conducting business in the UAE.

SEHA-G/RFP/18/2012

Page 7 of 103

Be able to legally operate in the UAE. Have office in UAE.

6. Scope of Services
6.1 Platform, IT Services & Technologies Required SEHA Shared Services Platform needs to enable agility and efficiency by allowing hospitals to take advantage of the benefits of an automated and optimized virtualized datacenter. The Shared Services Platform refers to a style of computing where scalable and elastic IT-enabled capabilities are delivered as a utility-like service to internal and external customers. SEHA Shared Services Platform needs to share the core attributes of contemporary cloud computing: Scalable Elastic Multi-tenant Metered by use Self-service The SEHA Shared Services Platform should enhance or renew IT operational processes and make IT more agile and efficient. For example, instead of waiting weeks/months to get new hardware for a new business unit IT application, in the SEHAs new environment the business unit should request and self-provision new resource via a self-service mechanism and the IT department should be able to immediately service the business requirement. This will be possible because the IT staff will manage a single shared services environment as deployed in response to this RFP, leveraging a set of pooled resources (see Figure 1 below).

Figure 1: SEHA Shared Services Infrastructure With SEHA Shared Services Platform, IT Operations resources are to be managed as a single pool of resources, able to supply the needs of the business and Business Entities as necessary, similar to how we use electricity as a resource; always available, instantly on, and with as much capacity as needed, like any other service.

SEHA-G/RFP/18/2012

Page 8 of 103

The SEHA Shared Services Platform will deliver application services, not just virtual machines. The successful delivery of these applications is within the scope of this RFP. Additionally, the assured and demonstrable ability of SEHA to operate these services is within the scope of this RFP and a responsibility of the selected Vendor. SEHA operates a number of Microsoft technologies across its Business Entities, and is seeking to extract optimum value from its Enterprise Agreement through their consolidation into a single shared services environment. The use of Microsoft technologies will centralize and enable multiple IT services for SEHA and its Business Entities. This list of IT services includes (but is not limited to):

SEHA-G/RFP/18/2012

Page 9 of 103

E-mail

Enterprise-wide E-mail services using Exchange and Outlook clients

SharePoint Services

Instant Messaging

Enterprise-wide IM services using Lync

Digital Rights Management Distributed File Sharing Services

File and service access using Active Directory DRM Enterprise-wide file sharing capabilities

Identity Enterprise-wide user access Management & rights and permissions Authentication managed on Forefront Identity Manager, Active Directory and related components File Sharing & Platform-based file sharing Print Services and print services for the Enterprise Desktop Management Software Deployment Centralized IT Operational management of End User client hardware Centralized management of application updates and other software deployment

Collaboration and document management services for local, Enterprise-wide and special interest groups IP Enterprise-wide IP Management management services for (DHCP service) Microsoft Technology components DNS DNS services for the Shared Services platform Network Platform and Client network Access access control for Platform Protection & and Client hardware and Compliance applications Services Public Key Set-up, configuration and Infrastructure management capability of PKI elements of Platform security in relevant Microsoft components Desktop Services Centralized desktop services covering provision of applications and services, updates, etc. Systems Centralized IT Operational Management management of Platform systems components Operations Centralized IT Operational Management & monitoring, dashboards, Monitoring alarm handling, diagnostics Services and other related capabilities Database Provision and management Service of Platform Virtual Machines and related database services

Enterprise Voice Services

Enabling of Voice services on Lync and related components, including Enterprise-wide voice mail services and integration with SEHAs IP Voice capabilities Intranet & Set-up, configuration and Extranet maintenance of collaboration Collaboration & environments and their Portals supporting templates and workflows, based on SharePoint and related components

End User Set-up, configuration and Computing maintenance of UserServices accessible services including feature enablement, application installation, service enablement, and so on

SEHA-G/RFP/18/2012

Page 10 of 103

Shared Services Management capabilities for Infrastructure the Shared Services platform and related components

Self Service Enterprise-wide User portals Portals for an agreed range of userdriven service capabilities (e.g. password reset)

Disaster Shared Services Platform Recovery and capabilities for backup and Backup/Restore restoration of Platformhosted data. Additional setup, configuration and maintenance of SEHAs Disaster Recovery capability for the Shared Services platform Table 1: Scope of SEHA Shared Services It is intended that the Shared Services Platform will provide a centralized library of services, applications, features, profiles and templates from which SEHA Business Entities can select a tailored portfolio aligned to their specific needs. While no individual entity is expected to operate all Platformhosted services and features, any Entity should be able to access any service or feature enabled on the platform. With the view to improving its operational efficiency SEHA expect the vendor to propose an end-to-end value proposition to SEHA that will not only minimize the overall operational costs for SEHA but will also provide designed, predictable and guaranteed IT Operations service levels to ensure that the returns on IT investments are maximized. The vendor response should provide an outline on the overall approach, scope of work, service levels, fees and agreement to the associated terms and conditions. The associated Microsoft technologies within the scope of this RFP are as follows: Technology / System Windows 2008 R2 Active Directory with DNS, Active Directory Federation Services, Forefront Identity Manager Exchange 2010 with Forefront Protection for Exchange Forefront TMG with Web Protection Service Related IT Service(s)

Windows 2008 R2 File and Print Services Lync 2010 Windows 2008 R2 DHCP Active Directory RMS Windows 2008 Protection R2 Network Access

Identity and Authentication Services Internal DNS Server/Client Hardening Email Services Email antimalware and antispam Web Browsing Service Also publishing client access to Internet for: Email Instant Messaging; Digital Rights Management Distributed File Sharing Services Print Services Instant Messaging and Rich Presence Service Enterprise Voice Service (including Voicemail) DHCP Service Digital Rights Management Service Network Access Protection & Compliance Services Antimalware Service

Forefront Endpoint Protection

SEHA-G/RFP/18/2012

Page 11 of 103

Forefront OPE Windows 2008 R2 Certificate Services System Centre Configuration Manager 2012 System Centre Operations Manager 2012 System Centre Service Manager 2012 System Centre Orchestrator 2012 SQL Server 2008 R2 SharePoint Server 2010 Data Protection Manager 2012 Shared Services Infrastructure (Windows Server 2008 R2 Hyper-V with System Centre Virtual Machine Manager System Centre Service Manager System Centre Orchestrator)

Public Key Infrastructure (PKI) Desktop Services Software Services Systems Management Operations Management and Monitoring Service Service Management Implementation of IT processes Database Service Intranet and Extranet Collaboration and Portals Disaster recovery Backup Solutions Computing Service (Central) Computing Service (Hospitals)

Table 3: Technologies and related Services 6.2 Scope of Implementation Services The scope of this RFP covers the installation and launch of the SEHA Shared Services Infrastructure and the IT Services & Technologies detailed in the previous section. SEHA is seeking proposals from qualified system integrators for the delivery and commissioning of the entire Shared Services Platform at one of its Central Data Centers. However, it is necessarily not limited to the installation of platform or client-side hardware and software: it must also address the ability of SEHAs IT Operations personnel and End Users to successfully use the delivered solution in such a way that the target benefits of the platform are realized, and the End User experience is quantifiably better than was the case previously. Therefore, the Shared Services platform must deliver quantifiable benefits to IT Operations and end users as follows: Enhanced performance of core IT Operational functions, such as service provision, feature enablement, update and upgrade processes, end-to-end reporting, dashboards and other business intelligence functions The ability to provide a deploy once, use anywhere approach wherever feasible, such that Business Entities can choose to deploy templates, configurations, profiles and so on from a standardized superset available on the platform to all Business Entities Agreed and validated deployment designs for all server and infrastructure hardware for the Shared Services Platform and for SEHA sites (e.g. local routers, servers, load balancers, domain controllers and other equipment necessary to operate the Shared Services infrastructure within each Business Entity domain No impediment to individual Business Entity operational and strategic IT operations resulting from the convergence of Business Entity IT services on to one single management domain

SEHA-G/RFP/18/2012

Page 12 of 103

The introduction of agreed Service Level Agreements (SLAs) resulting from the vendors requirements management process with SEHA stakeholders for agreed and validated service provision and IT process lead times, along with demonstrable evidence of the platforms ability to support such lead times during design and testing activities. The demonstrable ability of the designed solution to service all the discrete Business Entities IT requirements, both in terms of day-to-day IT operations and in terms of each Entitys ongoing schedule of service configuration, enabling of new templates and profiles, updates, upgrades, new feature introduction and/or enablement, without incurring implementation delays through queuing of development, test or implementation activities by other Entities activities An enhanced and improved SEHA IT Operations Model reviewed and implemented by the vendor in response to SEHA requirements, and which leverages the full value of the Shared Services infrastructure from an IT Operations perspective The ability of SEHA IT Operations and End Users to operate/use the Shared Services platform efficiently and with minimum ramp-up post-Launch and/or Cutover

The selected vendor is expected to deliver the following services: A. Commissioning of Data Centre Hardware

Hardware is already procured by SEHA via a separate initiative. Therefore, hardware supply and delivery is not in the scope of this RFP. Rack cabinet, power socket, ventilation and network access points will be provided. Hardware will be available commissioned and connected, but without Server OS installed. The vendor is expected to set up and configure all hardware at the specified Data Centre, including base builds of Server OS and all Server applications and services (refer to hardware bill of quantities in Attachment 5 of this document). B. Hardware Configuration

The vendor is required to perform any hardware component configurations required for the operations of all servers and other hardware components agreed to be in scope of this RFP. C. Software Installation

The vendor is required to install the servers OS in collaboration with SEHA IT personnel; the vendor is also required to install management software and drivers that are required for operating and maintaining the servers. The vendor is required to install application and other software within the Shared Services Infrastructure as agreed to be within the scope of this RFP. D. Hardware Testing

The vendor is expected to provide details of all the test activities that are to be performed to assure the quality of the server, network and other infrastructure component installation and configuration. Those details include a test/diagnostics plan (recommended by the manufacturer) and conducting the activities of the plan in the presence of a SEHA IT personnel and reporting the results of those activities. The Vendor should ensure an end-to-end approach in supporting SEHA regarding function of existing hardware dependencies outside of the direct scope of this RFP. E. Software Licenses

SEHA intend to manage Microsoft software licenses through their existing EA agreement with Microsoft. For all other licensed items supplied as part of an agreed project scope, the vendor is required to provide original software/ firmware CDs in addition to software keys and ownership documents.
SEHA-G/RFP/18/2012 Page 13 of 103

F.

Implementation & Deployment

The vendor is required to perform all implementation and deployment of the shared services infrastructure, its platform, software systems and related systems integration covering all IT services and technologies under the scope of this RFP. The vendor is also required to perform migration and cutover of SEHA users from existing Business Entity environments to the new Shared Services environment. G. Solution Support Services

The vendor is required to provide on-call basis standard support for the solution, its integration and supporting configuration and documentation, and any solution components not already covered by Support from SEHA IT Operations, Microsoft and/or any other relevant Vendors and Suppliers. H. Operational Readiness & Training

The Vendor will construct, validate and agree a plan of activities concerning the launch of the solution at logical points of delivery of functionality, services and/or cutover/migration activity. The vendor is required to provide System Administration and Operations Training. 6.3 Network Design requirements The Vendor is expected to validate the dimensioning of SEHA network requirements to assure the efficient and satisfactory performance of platform-hosted applications and IT Services by connected end users anywhere in the SEHA Business Entity domains. The Vendor must ensure that Business-Entity specific network hardware (e.g. local hubs, routers, domain controllers and so on) is dimensioned correctly to ensure efficient operation of platform-hosted IT Services in each Business Entity. 6.4 Integration & Interface requirements (to non-MSFT systems) The Shared Services platform needs to maintain and update interfaces between non-Microsoft systems and the existing Microsoft installations within each Business Entity. The Vendor is expected to validate the existing systems interfaces with SEHA and produce a proposal for consolidating systems interfaces where feasible, and otherwise to maintain the existing Business Entity interfaces on the Microsoft systems on the new platform. Systems interface definition and realization must be accommodated within the timelines and agreed scope of the project, and is expected to be driven by the Vendor as a planned activity up to and including full systems integration testing. Vendors are expected to work with SEHA to ensure that any necessary development or re-configuration work on the non-Microsoft side of each interface is tracked and managed within the project management process as project dependencies.

7. Vendor Evaluation Criteria

a. Vendor Capabilities The intent of this RFP is to identify a suitable vendor to SEHA who will be able to provide the following: Implementation of a consolidated Shared Services Infrastructure combining the 9 IT domains within SEHA in to one logical and centrally managed IT environment and Implementation of defined key IT

SEHA-G/RFP/18/2012

Page 14 of 103

services into the SEHA centralized IT environment, without adversely impacting the on-going operation of business critical healthcare applications and business functions Software systems and solutions drawn from the Microsoft portfolio of products that optimizes SEHAs existing investment in Microsoft technologies Low-level component and end-to-end integration designs in alignment with a high-level solution design and architecture to be provided by Microsoft. Definition and implementation of suitable process designs, functional decompositions, information flows and data models to support systems development and/or configuration, per-system interface design, and end-to-end integration Capacity and Dimensioning planning and rules to size hardware, processing, storage and network connectivity and provide SEHA with both initial validation of current capacities to support launch of the shared services platform, and capacity management processes to support on-going management and growth Recommendations regarding future hardware, accommodation and network growth suitable to support SEHAs budget assignment and purchasing processes Optimization of SEHAs operational model with respect to the efficiency of IT Operations, and the changes inor addition ofskills and role definitions prompted by the Shared Services Infrastructure environment (according to the Vendors experience) Management of SEHA requirements capture, validation, version control and traceability through the life cycle of the program Implementation of network management solutions consistent with SEHAs data center consolidation requirement End-to-end systems integration design, test and implementation End-to-end and component testing, systems integration testing and user acceptance testing services Definition and implementation of a business change management strategy and plan to assure operational readiness and end user readiness to use the centralized SEHA IT service portfolio Program and Project Management services governing the creation of the Shared Services Platform, its service management and IT operations, and the cutover of SEHA business entities to that environment as well as all requirements management, design, development, testing and business change management activities related to the Program Definition and implementation of a Migration strategy and plan to cut over existing Business Entities to the new centralized environment (including systems, applications and data) A Benefits Realization strategy that clearly demonstrates actual achievement of target benefits, including the retirement of legacy systems and cessation of related current support and maintenance costs Definition and implementation of a business and operational intelligence and reporting solution using Microsoft assets, to provide a full suite of reports, dashboards, KPIs and other data feeds to service SEHAs operational and business management requirements Training and user familiarization services focused on maximum and early take-up of new centralized services and their enhanced potential by end users

b. Vendor Criteria Vendors will be selected based in part on the following criteria: Demonstrated experience of delivering similar centralized end-to-end systems architectures and services provided for similar industries or environments, at similar or greater deployment scale Demonstrated evidence of delivering complete and whole solutions, beyond the delivery of technology capabilities alone: this should include a demonstrated ability to create businessSEHA-G/RFP/18/2012 Page 15 of 103

centric solutions that liberate the full value of technology, including either optimization of, or alignment to, o business and operational processes, o procedures/work instructions; o operational models; o solution-wide data models; o SLA management; o Business and operational measures and KPIs; o Knowledge Management assets including documentation for technology and software configurations, policy definitions, guidelines, support processes, exception handling processes, diagnostic processes, and so on Vendor should confirm they have at least Gold partnership status with Microsoft, and must otherwise demonstrate a thorough understanding of Microsoft technologies within the scope of this document, their deployment and implementation, and their live operation by End Users, administration/management functions and IT operations Vendors must submit the resumes of the people who will be assigned to the contract. See more details in requirements section. Vendors must assure SEHA that key project roles and functions will be delivered by on-site personnel working in SEHA premises for the duration of the project Vendor must have successfully implemented similar solutions globally in large healthcare organizations. Please provide references.

See details in section 11 on the evaluation scoring criteria.

8. Requirements
SEHAs requirements for compliance against this RFP document are laid out in Attachment 3 Requirements Matrix. The requirements are laid out in sympathy with the main sections of this document, and cover the following areas: Delivery-related attributes of the Vendor and their project management processes and approaches Design & development considerations Build and Deploy factors for the central Shared Services Platform Disaster Recovery requirements A specific section covering Security requirements, which SEHA encourages Vendors to treat as an end-to-end systemic and solution-wide design consideration IT Operational requirements Integration of the Shared Services Platform with other systems Requirements relating to network connectivity Testing and Stabilization of the new platform Migration of system configuration, server and end user data to the new platform, as well as end user service The following sections of this document describe SEHAs expectations of a vendor and seek to establish the qualitative elements of a successful delivery, and a preceding successful bid. While compliance statements are contained in Attachment 3 of this document, vendors are encouraged to understand that selection of the successful vendor will also take in to account alignment with (or improvement upon) with the overall content of this document.

SEHA-G/RFP/18/2012

Page 16 of 103

9. Project Approach, Design & Delivery Methodology & Milestones

The Vendor will detail its proven approach and delivery methodology to delivering infrastructure and services of this type, with examples. The Vendor will be responsible for project, program and change management of deliveries arising from this RFP, and will be selected in part on the basis of quality of their delivery proposals. a. Program and Change Management i.Project Management Methodology Vendors are required to follow SEHAs Project Management Framework which is largely based on PMBOK methodology. SEHA will provide the successful Vendor with the required project management templates and expected deliverables in due time. However, for the purpose of this proposal, Vendors are requested to submit their own project plan with timelines detailing the project activities in the following stages: Initiation Planning Execution Monitor & Control Closure The Vendor is expected to engage with SEHA in order to validate and agree a fit-for-purpose delivery approach and project structure. The information in this section is provided based on current SEHA findings: evidence of excellence in program governance and project management capability on the part of the Vendor will be used as part of the selection process. The program shall be delivered in the following phases: Planning & Design Phase Includes planning and design activities, sufficient to ensure that a fit-for-purpose, right-first-time Solution delivery is achieved. The definition of fit for purpose is required to be validated against initial SEHA requirements, and also against the researched and validated requirements of SEHA stakeholders during the initial planning and design stages of the project. Build & Testing Phase Includes building the server infrastructure, the centralized application environment and services, and operational readiness of SEHA IT Operations and End Users to use and operation the central environment Deploy Phase Includes deploying the solution to production status and launching thereof. Also includes deployment to the related business entities, including the migration of end users to IT services on the Shared Services platform and all testing activities associated with successful deployment of the services. Also includes covering user familiarization and training of which the planning will have been completed in the Planning phase. Stabilize Phase Includes stabilizing the solution and resolving deployment related issues, and handing over solution to operations team. This includes operational readiness activities to run and manage the environment across the Business Entities.

SEHA-G/RFP/18/2012

Page 17 of 103

ii.

Business transition and change management

In SEHAs view, a successfully delivered solution does not stop with the software and hardware technology. It must also necessarily include the ability of users and user groups to use the new solution effectively, thereby enabling maximum productivity post launch and the earliest possible realization of the agreed business and operational benefits the solution is designed to deliver. To this end, SEHA requires the inclusion of a separate work stream within the project plan dedicated to the task of stakeholder engagement and measureable adoption. This work stream must be staffed by experts in the fields of business transformation and change management, and they will realize their own specific transformation objectives while supporting other project functions such as requirements management, project and program management, project/program governance, stakeholder management and buy-in, internal and external user engagement, test and trial activity, user acceptance, business intelligence and reporting, and so on. Specific transformation and business change management deliverables should also include: Planned and measureable schedules and business cases driving platform adoption Definition of success and acceptance criteria with SEHA IT and user stakeholder groups Benefits Realization plan Familiarization, knowledge management and user engagement activities (in addition to standard training) Stakeholder management activities in support of the Program Manager Change management of SEHA and supplier/partner KPIs, reporting, balanced scorecards and other management decision support activities, that are impacted or benefited by the project Project-specific activities designed to assure the successful engagement with and approval of stakeholders and user groups at each stage of the projects schedule (e.g. by assuring timely engagement and decision-making with users prior to base-lining a requirement, finalizing a design or testing a developed system) Support for evolution of SEHAs evolving operating model with respect to amending standard operating processes and producing roles and responsibilities definitions that inform talent acquisition suitable for operating the new shared services infrastructure.

iii. Program Milestones While the final content and structure of the Program delivery and its supporting contractual obligations must be agreed between SEHA and the selected Vendor, SEHA have the following expectations with respect to program milestones:

SEHA-G/RFP/18/2012

Page 18 of 103

Figure 2: Program Delivery Milestones For the purposes of this section, the milestones shown above are taken to include at least the following deliverables: Project Initiation Detailed scope and project planning Vision and detailed statement of scope Detailed project plan Stakeholder Analysis Definition of roles and responsibility Operational Model Review

Design Build Development & build of the shared services foundational platform Development and build of production, development and test environments o Development of the services components o Documentation of configurations and build specifications o Platform integration Functional and technical specifications High Level solution architecture Low Level Architecture design Process Analysis and design Operational Model Design Migration Strategy

SEHA-G/RFP/18/2012

Page 19 of 103

Testing and Stabilization Performance Stabilization Functional Stabilization End-to-end Systems Integration Testing Migration Testing User Acceptance Testing Operational readiness and handover

Hospital/End User Migration Execution of migration processes by agreed phase Testing and validation of migration data Testing and validation of performance Testing and validation of functionality Post Ready-For-Service stabilization activities

iv. Program Planning Requirements The Program Timeline is required to be 1 year or less. The following diagram documents an approximate required program timeline based on current understanding, which will have to be validated and agreed by the Vendor and SEHA stakeholders. Durations are estimates only.

Figure 3: Project Timeline Structure The Vendor is responsible for the entire program but is required to involve Microsoft Consulting Services for High-level Solution Design and Architecture. The Vendor is required to provide a complete plan for the program both as part of the proposal and also as part of the program. SEHA Microsoft Heat Map and specific Business Entity details have been provided in attachment 4 of this document to help facilitate the planning of this program in relation to migration needs, delivery timeframes and wan usage considerations. All of these and more are expected to be taken into account by the vendor when planning for this program. The must have program deliverables are as follows: Project Schedule - The complete project schedule.(.mpp) Updated functional specification and overall solution architecture schematic. A document defining all components included in the solution. Static & Dynamic Data/Information Models. A document defining all data items and their use in relation to defined processes and workflows, to which all systems and systems integration must align. Process designs. A document describing solution support for SEHA operational and business processes, to which data models can be mapped and from which process-related business benefits can be targeted and measured.

SEHA-G/RFP/18/2012

Page 20 of 103

v. Program Documentation Acceptance Criteria Acceptance Criteria 1. Any document with less than 0 Major, 2 Minor, and 10 Cosmetic comments will be accepted. 2. Major error in understanding or design which will prevent the solution from working. 3. Minor an item or error which will not have a major impact and can be corrected in the following design documents. 4. Cosmetic incorrect spelling, grammar or formatting Note: The following sections detail some of the key requirements from each phase of the program. This of course is not a definitive list of activities and it is expected that the vendor demonstrate their program and business level change management capabilities by adding and/or amending the phase activities and steps based on their prior experiences. b. Planning & Design Phase

i. Requirements Management SEHA require the Vendor to perform an effective requirements management process, using industry best practice and including as a minimum: Effective requirements gathering and elicitation from agreed SEHA stakeholder and user groups Requirements validation with agreed SEHA stakeholders, where the implications of a requirement are studied in addition to the requirement itself. The Vendor bears responsibility for ensuring that the requirements baseline properly represents a fit-for-purpose solution in line with SEHAs needs and IT roadmap Requirements traceability through all stages of requirements gathering, base-lining, issuing, update, design, development, and testing activities Validation of existing operational process definitions, down to and including procedures and work instructions Update of existing operational processes as agreed with SEHA project steering committee, down to and including procedure and work instruction level. ii. Business Analysis The Vendor will provide suitably qualified personnel to conduct business analysis activities to cover at least the following: Process analysis describing how the solution will service agreed SEHA business and operational processes Specific work to drive Benefits Realization work from a process metric perspective Data Modeling abstracting the useful flow of data across systems with reference to process definitions Functional decomposition activities to provide low-level input in to development and test activities

SEHA-G/RFP/18/2012

Page 21 of 103

Vendors should regard this as a minimum expectation: Vendor selection will take into account demonstrated competence in proposed requirements management, design, plans and deliverables. It is expected that the Vendor will detail the deliverables for this phase. The following deliverables are expected at minimum: Updated functional specification and overall solution architecture schematic. A document defining all components included in the solution, building on high-level systems design and architecture documents supplied by Microsoft. Hyper-V based Shared Services Infrastructure Low-level Design document defining all Hyper-V Shared Services Infrastructure components included in the solution and their definitions. Windows 2008 R2 Active Directory Functional Specification Document defining all Active Directory components included in the solution. DHCP Cluster Low-Level Design Document defining the DHCP cluster included in the solution and its deployment. Exchange 2010 Low-level Design document defining the Exchange 2010 solution. File & Print and DFS low-level Design document defining the File and Print and DFS solutions and their deployment. SQL 2008 low-level design document defining the SQL 2008 solution. Lync 2010 Design document defining the Lync 2010 solution. SCCM 2012 Design document defining the SCCM 2012 solution. SCOM 2012 Design document defining the SCOM 2012 solution. Application Virtualization Design document defining the Application Virtualization solution. FEP Design document defining the FEP solution. PKI Design document defining the PKI solution Forefront TMG Design document defining the Forefront TMG solution. RMS Design document defining the RMS solution. NAP Design document defining the NAP solution. Server Hardening document with the details of the server hardening. SEHA Integration Design document defining the SEHA Integration solution. SCSM 2012 Design document defining the SCSM 2012 solution. SCORCH 2012 Design document defining the SCORCH 2012 solution. FIM 2010 Design document defining the FIM 2010 solution. SharePoint Infrastructure Design Document defining the SharePoint 2010 Infrastructure.

Note: the deliverables listed above is not a definite list and it is expected that the Vendor add and/or amend based on the requested services and their experience implementing similar solutions. iii. Sizing, Growth and Capacity Planning Vendor is required to provide Capacity and Dimensioning planning and rules to size hardware, processing, storage and network connectivity and provide SEHA with both initial validation of current capacities to support launch of the shared services platform, and capacity management processes to support on-going management and growth. Recommendations are also expected from the vendor regarding future hardware, accommodation and network growth suitable to support SEHAs budget assignment and purchasing processes.

SEHA-G/RFP/18/2012

Page 22 of 103

c. Build & Testing Phase Requirements The Vendor will undertake the Build & Testing phase of the project. The phase includes mainly of building the server infrastructure and service elements in the central Data Center including the SEHA staging platform. The Vendor will be responsible for development and configuration activities related to the hardware and software system components within the scope of this project. Vendors should regard this as a minimum expectation: Vendor selection will take in to account demonstrated competence in proposed requirements management, development, testing approaches, plans and deliverables. These builds will be based on the designs from the Planning & Design phase. The Build phase includes the following scope items (all performed in the central Data Center only): Build SQL Server 2008 Cluster Build Shares Services Infrastructure platform with Windows 2008 R2 Hyper-V and System Centre Virtual Machine Manager, System Centre Service Manager, SCOM and SCCM Build Windows 2008 R2 Active Directory including DNS Build Windows 2008 R2 DHCP Build Windows 2008 R2 File Service Build Exchange Server 2010 SP1 Build Forefront Threat Management Gateway (TMG) reverse publishing array in DMZ Build Web browsing proxy based on Forefront Threat Management Gateway (TMG) Build Lync 2010 Build System Center Configuration Manager 2012 with OS Deployment Build System Center Operations Manager 2012 Build System Center Service Manager 2012 Build System Center Orchestrator 2012 Build Forefront Endpoint protection Build PKI based on Windows 2008 R2 Certificate Services Build DRM based on Windows 2008 R2 AD Rights Management Service Build Network Access Protection Servers Create 3 Windows Images Sequence up to 5 applications for App-V Deploy SCCM and Forefront Endpoint Protection agents to all managed systems All service development, customizations, scripts, interfaces, integration work required as part of the solution to make the services ready for production and release.

The expected deliverables for this phase are as follows:

SEHA-G/RFP/18/2012

Page 23 of 103

Service Deliverable Service Deliverable Acceptance Criteria Name Descriptions Central Data Center The infrastructure and built services are deployed to the Central Data Center. SEHA Staging The SEHA staging Platform platform is built i. Build Staging Environment This environment will mimic the production environment in terms of services and functionality; however will be on a smaller scale in terms of high availability, capacity and performance. This environment will be used by the operations team for testing and managing changes to the production environment. The table below shows which systems will be built in the test environment, as well as the server architecture for each: Test Environment System Active Directory and DHCP SQL Server PKI RMS NAP Exchange Lync TMG File/Print SCCM and FEP SCOM One SEHA environment Note that the entire test environment will be built on Hyper-V as virtual servers. ii.Component and End-to-End (systems integration) testing The Vendor will provide full Testing services for the solution, including at least the following: Test Strategy, articulating approach and end-to-end assurance of the fitness for purpose of the solution for SEHA approval Test plans for system component testing and for end-to-end systems integration testing Test plans to support end user and data migration and cutover activity to the shared services environment Testing deliverables including requirements traceability, test case management, test case automation in line with industry best practice Infrastructure & Services built per the Design Documents.

Test of infrastructure build to a test SEHA environment.

SEHA-G/RFP/18/2012

Page 24 of 103

iii. Operational Readiness Testing & Launch Services The Vendor will construct, validate and agree a plan of activities concerning the launch of the solution at logical points of delivery of functionality, services and/or cutover/migration activity. This should include as a minimum: Project-specific activities designed to assure the successful engagement with and approval of stakeholders and user groups at each stage of the projects schedule (e.g. by assuring timely engagement and decision-making with users prior to base-lining a requirement, finalizing a design or testing a developed system) full set of Operational Readiness Testing activities where the End User ability to use the delivered solution is verified, and the performance of the solution is tested against actual operational and business processes Full set of Launch activities to bring the solution in to full production status Requisite agreed approvals and sign-offs from SEHA stakeholders in accordance with their researched and validated requirements Proven alignment and compliance with SEHA Operational processes (both those in place and scheduled enhancements to ITIL and MOF) Defined handover to operations & maintenance activities to SEHA and their support & maintenance partners/suppliers, including checklists, QA reviews and other quality assurance assets.

d. Deployment Phase Requirements The Vendor will undertake design, delivery and execution responsibility of the deploy phase. This shall consist of two main areas of activities; data center deployment and SEHA Business Entity deployment. Scope items for this phase are as follows: Central Data Centre Deploy Scope: o o o o o o o o Migrate DNS, DHCP to new servers Decommission Old Domain Controllers Go AD Native and Deploy Fine Grained Password Policies as per SEHAs security requirements Migrate Exchange Services (SMTP/Client Access/Public Folders) Migrate all mailboxes (approx. 18,000) Migrate File & Print to new servers Deploy App-V applications via SCCM Deploy NAP (reporting only)

SEHA Business Entity Deploy Scope o o Deployment of the Shared Services infrastructure to the SEHA Business Entities. Migration and cutover of SEHA end users by Business Entity & organizational unit, and per application/IT service type

SEHA-G/RFP/18/2012

Page 25 of 103

It is important to understand that SEHA operates multiple hospitals and healthcare services, and as a result cannot afford impact on daily healthcare operations. Therefore, Vendors will be selected in part on their understanding of how to achieve volume cutover of end users to the shared services infrastructure platform on a timely manner, without impacting essential healthcare activities. Previous experience of this kind of activity in a healthcare environmentor a similar business-critical situation should be demonstrated. The anticipated SEHA end user cutover schedule should be managed across the following dimensions: Geographic location (i.e. Business Entity) Per Business Entity organizational grouping (starting with local IT Operations, then by agreed and validated groupings of Doctors, Nurses, Administration, HR, etc.) Per Application type (e.g. Active Directory, Forefront, Exchange, SharePoint, etc.)

The Vendor will construct, socialize, validate and agree a fit-for-purpose cutover schedule with SEHA stakeholders per Business Entity in coordination with SEHA Headquarters. Cutover and migration plans should be constructed per Business Entity, and managed and coordinated at Group level. SEHA require that: The Shared Services platform is configured, functional and ready for service and network connectivity is in place Limitations to avoid interruptions to healthcare operations, meaning use of agreed planned maintenance windows. Alignment of all BEs discrete sets of IT Operational standards and processes to one agreed and validated set of standards and processes, as facilitated by the shared services platform Full fallback/rollback capabilities to be designed in to the migration solution, and tested beforehand Stakeholder Go/No Go decision points should be present and managed in the vendors relevant BE cutover plans, and demonstrable evidence of successful data & user migration should be presented for decision support at each point A total duration for all Business Entity migration of six months The vendor is responsible for identifying and resolving any issues arising from cutover activities, and providing timely notification and decision support to SEHA management.

SEHA-G/RFP/18/2012

Page 26 of 103

Figure 4: End User Cutover Roll-out approach (Illustration only).

Actual numbers of Applications is greater. It assumes migration of End User client hardware to access Legacy and Shared Services environments, followed by cutover by application. Vendor should provide an optimum cutover strategy with respect to the approach, timelines and staggered/parallel migration activities. Some deliverables include: Central Data Center deployed. The infrastructure is deployed to the Central Data center. Operational Guides - Develop operational guides for the solution which include daily/weekly/monthly operational activities. This will include both the central as well as the SEHA systems. SEHA Deployment Guide document illustrating the procedures to deploy the infrastructure to the SEHA data centers.

e. Stabilization Phase Requirements The Vendor will manage the Stabilization activities for the Shared Services platform. It shall consist of the following activities: Stabilize and fine tune solution configurations to address any deployment related issues and gaps Develop operational guides for the solution which include daily/weekly/monthly operational activities. This will include both the central as well as the SEHA systems. Training workshops to SEHAs operations team covering the following (5 days total):

SEHA-G/RFP/18/2012

Page 27 of 103

o o o o o

Solution and technology overview Solution walkthrough Operation guides walkthrough Operational Readiness Assessment (in conjunction with business transformation requirements) Operational handover

f. Additional Delivery Considerations i. Data Migration & Cutover: Design, Planning & Requirements Management The Vendor will be responsible for migration and cutover of end users and data from legacy systems to the consolidated shared services environment. SEHA require suitably qualified personnel to conduct this activity. SEHA require the use of proven data migration techniques and toolsets in support of this requirement. The Vendor must conduct a feasibility study of applications in each of the BE entities to assess their suitability & preparedness for migration to Shared Services Infrastructure on SQL Server/VM. To include costs of required adaptors and integration work. The following data is required to be migrated within the scope of this project: Data File share data Details The Vendor will develop the migration approach for the data File share data on existing file cluster in central data center, will be migrated to the new file cluster. Total data not to exceed 2TB. File will be copied within the same domain using standard Microsoft copy tools retaining all permissions and ACLs. The Vendor will develop the migration approach for the mailbox moves Approximately 18,000 Exchange mailboxes will be moved to the new Exchange 2010 servers. Mailboxes will be moved inside the same organization using standard Exchange 2010 move mailbox tools. The Vendor will develop the migration approach for these roles New domain controllers will be placed in the same domain; therefore data will be automatically replicated to new servers. FSMO roles will be transferred using built in AD tools. DNS zones are AD integrated; therefore data will be automatically replicated to new servers. DHCP scopes for workstations will be updated with new DNS entries. Static entries on servers will be updated manually. The Vendor will develop the migration approach for the DHCP scopes Existing DHCP scopes in central data center will be transferred to the new DHCP cluster using NETSH export/import tool.

Mailbox data

Active Directory data

DNS data

DHCP Scopes

SEHA-G/RFP/18/2012

Page 28 of 103

ii. Stress testing Stress testing will be required on all systems. User profiles and load will be communicated to the selected Vendor in due time. The Vendor will be responsible for remediating any technical issues that may arise as a result of the testing. iii. Training and Knowledge Transfer

Informal knowledge transfer will be provided throughout the project. Informal knowledge transfer is defined as Customers staff working alongside Microsoft staff. In addition, the Vendor will deliver a training workshop for SEHAs operations team which will cover an entire solution walkthrough. Finally, the Vendor shall deliver initial operations guides to cover typical daily/weekly/monthly operations activities for the solution. iv. Security Requirements & Penetration Testing Vendors must adhere to ISO 27001 security standards. Security hardening must be applied by the Vendor on all servers/Databases as per SEHA standards. Internal and external security-related penetration testing must be completed as per SEHA guidelines. Vendors should demonstrate their expertise and experience in this area as part of this response. Vendors are required to review and validate such requirements with SEHA. v. Branding Requirements All user-facing tools, reports, views should follow SEHA branding guidelines. Information will be made available to the selected Vendors in due course.

10. Vendor Warranties, Support and Maintenance

Vendors should attach proposed detailed proposals for Solution and Service-related warranties, support & maintenance proposals and performance-related service level agreements (SLAs) offered in conjunction with the RFP response, the delivery and implementation services proposed within it, and ongoing support and maintenance services for the delivered solution and in line with validated SEHA requirements.

11. Schedule of Event

Event Issue RFP Submit intent to bid by (to guarantee receipt of additional instructions if needed) Last day to receive written comments or to request RFP documents Last day to send additional instructions from SEHA 3:00 PM Time Date

12:00 PM 3:00 PM

SEHA-G/RFP/18/2012

Page 29 of 103

Closing date

12:00 PM

12. Evaluation Criteria and Process

SEHA will conduct a fair, impartial, and comprehensive evaluation of all complete proposals in accordance with the criteria set forth below. Proposal evaluation will be conducted by a SEHA appointed team based on the requirements stated in this RFP. Award will be made to the bidder with the highest scores. The criteria/factors for evaluating each proposal, including the overall weighted average score of each, are:

CRITERIA Solution Fit Basic Requirements Solution Quality of Proposal / Alignment to Business Needs and Innovation Future Requirements Fit /Scalability / Fit for Purpose; Flexibility of making changes / deploying more features Optimization Plan for SEHA Operations Migration & Cutover solution proposal Vendor Capabilities Experience in implementing same solutions (References) Caliber and Experience of the Personnel Experience in the UAE and local support and presence Delivery Approach, Methodology, Project Plan including Timeline, Milestones and Deliverables Experience in training / skills transfer & business transformation & change management Cost Proposal Total The cut off Point is 45 % out of 70 %.

SCORE

YES/NO

5% 5% 5% 13%

14% 10% 5% 8% 5% 30% 100%

SEHA-G/RFP/18/2012

Page 30 of 103

13. RFP Follow-up Communications

Amendments, changes, and clarifications to the RFP will be disseminated electronically to bidders who indicate their intent to bid. SEHA will not be responsible for any outcomes resulting from verbal communications regarding the RFP. Comments or questions regarding the content or requirements in this RFP must be submitted electronically in writing to the Department(s) specified on the cover page of the RFP and by any deadlines specified in the schedule of events. All questions must reference the exact RFP page or Requirements SRN and the Tender Number and Tender name must be listed in the subject line of the email. SEHA will disseminate responses to submitted questions to all responsive bidders electronically and reserves the right to determine at its sole discretion, the appropriate and adequate response to all comments. Information obtained from any other source and/or verbal communication should not be relied upon for the purpose of preparation, evaluation and/or submission of this tender. Enquiries and responses will be recorded and may be distributed to all bidders at SEHA discretion.

14. Correspondence
All correspondences between SEHA and prospective Bidders must be channeled through the SEHA Procurement Department. SEHA will only acknowledge written correspondence. By submitting a proposal the Bidder agrees to the terms and conditions of this RFP, including the following General contract terms and conditions. Consultants who have obtained the RFP electronically must not alter any portion of the document; to do so will invalidate the proposal. Conditional offers or offers containing bidders conditions in conflict with RFPs terms and conditions will not be considered.

15. Pre Bid Conference (If applicable)

SEHA may hold a pre-bid conference at the facility to answer any inquiries from prospective bidders. The date and time of the conference will be presented in the schedule of events if it is required. Questions and answers from the Pre Bid conference will be available for download in the relevant tender section of the Hospitals website.

16. Letter of Intent to Bid

Prospective bidders are requested to send their Intent to Bid to the Purchasing Department of SEHA by the date indicated in the schedule of events to ensure they receive RFP related communications.

SEHA-G/RFP/18/2012

Page 31 of 103

The Intent to Bid should highlight the Contractors capabilities and expertise as well as a statement indicating acceptance of RFPs terms and conditions. The letter must be printed on the companys letterhead signed by the authorized representative and indicate the relevant Tender Number and Name in the subject line. bidders

17. Closing Date/Time

The proposal must be submitted by 12:00 PM on xx/xx/2012, UAE Local time. Proposals will only be considered if they are received by the closing date and time as stated within the RFP. Late proposals will not be accepted.

18. Proposal Preparation Costs

Prospective Bidders shall assume full responsibility for all expenses associated with preparing the proposal, including travel, communications, consultation or subsequent negotiations with SEHA. If SEHA elects to reject all proposals, SEHA will not be liable to pay and/or reimburse any Bidders for any claims, whether for costs or damages incurred by the Bidder with respect to the preparation, evaluation and/or submission of this RFP.

19. Proposal Preparation and Submission

SEHA discourages overly lengthy and costly proposals; however, in order for SEHA to evaluate proposals fairly and completely, bidders must follow the format set out in this RFP and provide all requested information. Bidders should submit a sealed technical proposal containing one (1) original, four (4) copy, and a separate sealed cost proposal containing one (1) original and one (1) copy. The language of the proposal shall be English. The contents of the two proposals shall be prepared and submitted in accordance with the following outline: A. Technical Proposal The technical proposal should contain the following information with no pricing details: 1. Copy of the Contractors Business license. 2. Letter of intent highlighting the Vendors capabilities and expertise as well as a statement indicating acceptance of RFPs terms and conditions. The letter must be printed on the companys letterhead signed by the authorized Vendors representative. 3. Copy of the Vendors Business license (i.e. documented license to operate in Abu Dhabi) 4. Completed Requirements Compliance Matrix 5. Full details of the scope of work and services that are included in the service agreement. 6. Vendors experience in performing similar work. 7. Description of the Vendors capabilities and resources that would be made available to support the project, both locally and globally. 8. Names and contact information for three references (preferably related to similar contracts within the Health Care industry and regional). SEHA reserves the right to call the references at its own discretion.

SEHA-G/RFP/18/2012

Page 32 of 103

9. CVs and bios of all assigned staff.

B.

Cost Proposal 1. The financial proposal shall include staff costs as well as other direct costs as described in the pricing section of the RFP. (Including all expenses) 2. 5% Bid Bond of the total tender value exceeding AED 50,000 (Fifty Thousand Dirhams) to be submitted as a Bank Guarantee (To be Enclosed in the Financial Offer Envelop). The financial proposal shall be presented in accordance with the program management phases detailed in chapter 7 and specifically the high level milestones outlined in section 9 9.a.iii payment of each milestone will be linked to the successful delivery of each milestone based on the acceptance criteria defined and agreed with SEHA. The bidder must quote only for the following: Hardware configuration, commissioning, testing and documentation of hardware solution Additional software licenses if any in order to deliver this solution (if non Microsoft) Professional Services costs split by Planning & Design, Build & Test, Deployment (detailed by BE) and Stabilize (Everything except hardware related services). This includes all related migration activities and costs. Official Training & Knowledge sharing including Operational Readiness & Documentation. Licensing, Warranty and support.

20. Delivery of Proposals

All proposals must be delivered or mailed to the address specified on the cover page of the RFP. Proposals sent by facsimile or e-mail or unsolicited proposals will not be accepted. All proposals must be delivered or mailed to the following address: Abu Dhabi Health Services Company, PJSC (SEHA) Procurement and Services Department P.O. Box 109090, Abu Dhabi, UAE Request for Proposal for SEHA Microsoft Centralization Program Development, Implementation and Support (SEHA-G/RFP/xx/2012) Tel: 00 971 2 410 2000 Fax: 00 971 2 410 2580 Proposals sent by facsimile or e-mail or unsolicited proposals will not be accepted.

21. Late Proposals

Proposals will only be considered if they are received by the closing date and time as stated on the schedule of events. Late proposals will not be accepted and will be returned un-opened to Bidders.

SEHA-G/RFP/18/2012

Page 33 of 103

22. Irrevocability of Proposal

By submission of a clear and detailed written notice, the bidder may amend or withdraw its proposal prior to the closing date and time. However, upon the elapse of the closing date and time, all proposals become irrevocable. By submission of a proposal, the Bidder agrees that should his/her proposal be deemed successful, the Bidder will enter into a contract with SEHA.

23. Validity of Proposal

Proposals shall remain valid for a period of 120 calendar days from the RFPs closing date.

24. Currency and Taxes

Prices quoted are to be in United Arab Emirates Dirham or USD ($); inclusive of tariffs and/or taxes, where applicable.

25. Presentation of Offers

SEHA may, at its own discretion, invite the top three short-listed Vendors to present their proposals to a SEHA panel. The purpose of the presentation is to clarify any ambiguities in the proposal and help SEHA evaluation team in the selection process.

26. Award
This project will be awarded through a formal contractual agreement. The agreement will be developed jointly by SEHA and the Vendor based on the scope described in the RFP, the bidders offer, and RFPs terms and conditions. Each party shall assume responsibility for any legal fees incurred in the preparation of the agreement. (10% Performance Guarantee of the total award value to be submitted upon award of the tender). Bidders requesting advanced payments will be required to submit a bond of equal amount issued by a UAE Bank with one (1) year validity.

27. SEHAS Right and Options

SEHA expressly reserves the right to: 1. Modify, amend, or substitute the RFP at any time. 2. Cancel RFP. 3. Issue additional instructions or requests to prospective bidders. 4. Conduct investigations about the qualifications and experience of responsive bidders. 5. Request additional information from selected bidders if deemed necessary for the proposal evaluation or award selection. This may include asking bidders to present their proposals to SEHA Management.

SEHA-G/RFP/18/2012

Page 34 of 103

6. Waive any irregularities in received proposals. 7. Discuss or negotiate with selected bidders proposals terms and conditions. 8. Accept or reject any or all proposals, including awarding all or part of the required services without issuing further solicitations. 9. Procure services specified in the RFP by any other means. 10. Accept other than the lowest fee proposal and shall not be bound to give any reason for nonacceptance of any proposal it may receive. 11. Have and retain all copies of proposals or information submitted to support a proposal. 12. Require the selected Bidder to participate in negotiations on the terms and conditions of a contract and to submit revisions, including price revisions that may result from such negotiations. 13. The proposal, once evaluated, shall be considered a public record except for the material that the Bidder specifically requests to be considered a trade secret.

28. Terms and Conditions

By submitting a proposal the Bidder agrees to the terms and conditions of this RFP, including the general contract terms and conditions (Attachment 1). Bidders who have obtained the RFP electronically must not alter any portion of the document; to do so will invalidate the proposal. Conditional offers or offers containing bidders conditions in conflict with RFPs terms and conditions will not be considered.

29. General Terms and Conditions

The following terms and conditions will be incorporated in any contractual agreement between SEHA and the selected Contractor. Governing Law: This Contract shall be governed in all respects by the laws of the United Arab Emirates and the laws of the Emirate of Abu Dhabi and any dispute hereunder shall be subject to the exclusive jurisdiction of the courts of the Emirate of Abu Dhabi. Independent Contractor: In performing the tasks described in the Contract, the Contractor is considered an independent contractor and shall be wholly responsible for the work to be performed under the Contract and for the supervision of its employees. The Contractor shall, at its own expense, secure all personnel required in performing the services under this Contract. Such employees shall not be employees of, or have any individual contractual relationship with SEHA. Key Personnel: The Contractor shall not substitute key personnel, including interim management staff, assigned to the performance of this contract without SEHAs prior written approval. Subcontracting: The Contractor shall not subcontract any portion of the work to be performed under this contract without the prior written approval of SEHA.

SEHA-G/RFP/18/2012

Page 35 of 103

Performance and Default: If, through any cause, the Contractor shall fail to fulfil in timely and proper manner the obligations under this Contract, SEHA shall thereupon have the right to terminate this contract by giving written notice to the Contractor and specifying the effective date thereof. In that event, all completed or uncompleted deliverable items under this contract prepared by the Contractor shall, at the option of SEHA, become its property, and the Contractor shall be entitled to receive just and equitable compensation for any satisfactory work completed on such materials. Notwithstanding, the Contractor shall not be relieved of liability to SEHA for damages sustained by SEHA by virtue of any breach of this Contract, and SEHA may withhold any payment due the Contractor for the purpose of setoff until such time as the exact amount of damages due SEHA from such breach can be determined. In case of default by the Contractor, SEHA may procure the services from other sources and hold the Contractor responsible for any excess cost incurred thereby. SEHA reserves the right to require a performance bond or other acceptable alternative performance guarantees from successful bidder without expense to SEHA. In addition, in the event of default by the Contractor under this contract, SEHA may immediately cease doing business with the Contractor, immediately terminate for cause all existing contracts SEHA or its facilities has with the Contractor, and de-bar the Contractor from doing future business with SEHA or its facilities. If the Contractor files a petition for bankruptcy or if a judgment of bankruptcy is entered by or against the Contractor, SEHA may immediately terminate, for cause, this contract and all other existing contracts the Contractor has with SEHA or its facilities, and de-bar the Contractor from doing future business with SEHA or its facilities.

Force majeure: If as a result of Force Majeure (e.g. war, hostile foreign action, nuclear explosion, riot, strikes, civil insurrection, earthquake, hurricane, tornado, or other catastrophic natural event or act of God) either Party is rendered unable, wholly or in part, to carry out its obligations under this Contract, then the obligations of the Party giving such notice, so far as and to the extent that the obligations are affected by such Force Majeure, shall be suspended during the continuance of any inability so caused and for such reasonable period thereafter as may be necessary for the Party to put itself in the same position that it occupied prior to the Force Majeure, but for no longer period. The Party claiming Force Majeure shall notify the other party of the Force Majeure promptly after the occurrence of the facts relied on and shall keep the other Party informed of all significant developments. Such notice shall give reasonably full particulars of the Force Majeure, and also estimate the period of time which the Party will probably require to remedy the Force Majeure. The affected Party shall use all reasonable diligence to remove or overcome the Force Majeure situation as quickly as possible in an economic manner. If such circumstance of Force Majeure continues in effect for a continuous period of 180 days or more either party may terminate this Contract forthwith by notice in writing to the other. Suspension: SEHA shall have the right to suspend partly or as a whole at any time the performance of the SERVICES. In such event, SEHA shall determine if any extra payment is to be made to the Contractor in respect of such suspension. The Contractor shall bind himself not to suspend or delay partly or as a whole for any reason the performance of the Services notwithstanding any dispute arising between him and SEHA. Termination: SEHA may terminate this Contract at any time by thirty (30) days notice in writing from SEHA to the Contractor. In that event, all completed or uncompleted deliverable items

SEHA-G/RFP/18/2012

Page 36 of 103

prepared by the Contractor under this contract shall, at the option of SEHA, become its property. If the contract is terminated by SEHA as provided herein, the Contractor shall be paid for services satisfactorily completed, less payment or compensation previously made. Inspection and Acceptance: SEHA shall provide the Contractor with any information reasonably required for the performance of the service s within a reasonable time of the Contractor's request provided that the Contractor shall at all times give adequate notice of its requirements to SEHA. No inspection or failure to inspect on the part of SEHA or no approval, consent, instruction or recommendation given by SEHA shall release the Contractor from its obligations or liabilities under this Contract or at law. Payment Terms: Payment terms are Net not late r than 40 days after receipt of correct invoice(s) or acceptance of services, whichever is later, or in accordance with any special payment schedule identified in the RFP. Payments are made by check or wire transfer only. Taxes: The Contractor shall be liable for all taxes, imposts, duties, withholding taxes, charges or other assessments of whatsoever nature, whether levied by the Government of Abu Dhabi or the UAE, or any other Government elsewhere. Confidentiality: All information, data, methods, instruments, documents, studies or reports given to or prepared or assembled by the Contractor under this contract shall be kept as confidential and not divulged or made available to any individual or organization without the prior written approval of SEHA. Personnel Data: In the event of the Contractor and its Agents are permitted access to personal data held by SEHA for any reason or are supplied with or otherwise provided personal data by SEHA for any purpose the Contractor and its agents shall: a. use and/or hold such personal data only for the purposes and in the manner directed by SEHA and shall not otherwise modify, amend or alter the contents of such personal data or disclose or permit the disclosure of such personal data to any third party unless specifically authorized in writing by SEHA and shall take all such steps as may be necessary to safeguard such personal data; b. comply in all respects with Applicable Law and the instructions of SEHA issued to the Contractor from time to time and shall not do or permit anything to be done which might contravene SEHA's instructions; c. return the personal data to SEHA on termination of this Contract. Care of SEHA Property: The Contractor agrees that it shall be responsible for the proper custody and care of any property furnished it for use in connection with the performance of this contract or purchased by it for this contract and will reimburse SEHA for loss of damage of such property. Copyright: No deliverable items produced in whole or in part under this Contract shall be the subject of an application for copyright by or on behalf of the Contractor. Access to Persons and Records: The Contractor shall grant SEHA Auditors access to contract personnel and contract if requested by SEHA. The Contractor shall retain all related contract records for a period of three years following completion of the contract.

SEHA-G/RFP/18/2012

Page 37 of 103

Assignment and Subcontracting: The Contractor shall not without the prior written consent of SEHA assign, sub-contract, transfer or otherwise dispose of any part of its rights or obligations under this Contract. If the Contractor shall be permitted to appoint any sub-contractors the sub-contract will include a provision specifically giving the right to the Contractor to assign the sub-contract to SEHA (and the Contractor agrees to make such assignment in accordance with SEHAs instructions). Such appointment shall be without prejudice to the Contractor's obligations under this Contract and the Contractor shall be responsible for and actively supervise its sub-contractors. If requested by SEHA, the Contractor shall promptly provide SEHA with copies of any sub-contracts. In the event that the Contractor appoints a sub-contractor it shall warrant that such sub-contractor is fully equipped experienced qualified organized and financed to undertake the work contracted to it.

SEHA shall not assign, transfer or otherwise dispose of its rights or obligations under this Contract without the consent of the Contractor, which consent shall not be unreasonably withheld. Compliance with Laws: The Contractor shall comply with all pertinent UAE laws, codes, rules, regulations, and licensing requirements that are applicable to the conduct of its business. Indemnities and Insurance: The Contractor shall keep SEHA indemnified against claims, actions or proceedings brought or instituted against SEHA, by any of his employees or any other third party in connection with, relating to, or arising out of the performance of the services under this Contract. The Contractor will at all times be solely responsible for any instance of professional malpractice, i.e. damage arising out of bodily injury or mental injury to or death of any p caused by or alleged to have been caused by any negligent act of commission or omission including refusal to perform a duty, error, failure, negligence in the services rendered or which should have been rendered by the Contractor or any of its personnel or other contractors. The Contractor shall indemnify SEHA against any liability for any accident, death or injury to any person (including the servants and agents of SEHA) or against any loss of or damage to any property belonging to SEHA, its servants or agents which shall arise out of the performance of the services under this Contract and against all costs, claims, demands and damages involved therewith. During the term of the contract, the Contractor at its sole cost and expense shall provide commercial insurance of such type and with such terms and limits as may be reasonably associated with the contract. As a minimum, the Contractor shall provide and maintain the following coverage; where applicable: a. Malpractice Insurance b. Workers Compensation covering all of Contractors employees who are engaged in any work under the contract. If any work is subcontracted, the Contractor shall require the subcontractor to provide the same coverage for any of its employees engaged in any work under the contract. c. Commercial General Liability d. Automobile Liability Insurance, to include liability coverage, covering all owned, hired and non-owned vehicles, used in connection with the contract. e. Health insurance. All deductibles or liabilities in excess of the indemnities provided under the insurance arranged by the Contractor shall be for the account of and paid by the Contractor. SEHA shall not accept any

SEHA-G/RFP/18/2012

Page 38 of 103

responsibility whatsoever for any loss of or damage to any property or personal effects belonging to the Contractors employees. Advertising: The Contractor shall not use any work assignment or contract in relation to this RFP as part of any news release or commercial advertising. Entire Agreement: This contract and any documents incorporated specifically by reference in the contract represent the entire agreement between the parties and supersede all prior oral or written statements or agreements. Amendments: The agreed contract for the project may be amended only by written amendments duly signed by SEHA and the Contractor. Outsourcing: The Contractor shall not outsource any portion of the contract to a third party without SEHAs prior approval.

End of RFP

SEHA-G/RFP/18/2012

Page 39 of 103

30.

Appendices

1. Requirements Matrix
This section provides a Requirements Matrix with which responsive Vendors can state their compliance against SEHA requirements. Requested Information Respondents to this RFP shall provide a description of how their proposed solution satisfies SEHAs requirements and whether the requirement is met as standard based on the following: No. 1 2 3 4 5 No Yes Compliance Response Description Proposed Solution does not support the requirement. Meets the requirement out of the box (OOB). No software changes or customizations are required beyond normal configuration.

Yes, but requires Software Changes Meets the requirement OOB; however, software changes or Customization or customizations are required. 3rd Party Customize Meets the requirement through use of third party products or services. The functionality is not available OOB. Functionality is not available, but can be provided through custom code.

If configuration or customization is needed, a description of the work should be provided including SEHA and/or vendor resources required and level-of-effort expressed in people days. A cost per day of the required resources should be included in a separate resource sheet.

SEHA-G/RFP/18/2012

Page 40 of 103

6.4.1

Project & Program Management

Requirement 1. Program Governance

Functional Specification The Vendor will implement program governance in line with industry best practice and in alignment with the requirements stated in Section 9.a of this RFP document. This will include management of Steering Committee meetings, relevant stakeholder project reporting and updates, and stakeholder management as agreed with SEHA sponsors and stakeholders The Vendors Program Manager and delivery team undertake to work with relevant SEHA stakeholders to validate and agree the project Acceptance Criteria. The Vendor undertakes to formulate and agree a fit-for-purpose, right-first-time solution design and delivery, aimed not only at the delivery of hardware and software systems, but also a proven and tested capability of SEHA users and user groups to use the Solution effectively in line with agreed SEHA target business benefits The Vendor will provide a fully staffed PMO office to drive delivery of the project. They will operate according to demonstrated industry best practice and in alignment with the requirements stated in Section 9.a of this RFP document

Compliance

2. Solution Acceptance Criteria

3. Project Management Office

4. Project Delivery The Vendor will comply and provide all delivery related considerations detailed in Chapter 9 of this document referenced Project Approach, Design & Delivery Methodologies & Milestones. Where service will not be provided as requested please indicate the deviations and reasons. This should cover all sections within this chapter. 5. Microsoft Quality Assessment In undertaking this project, the vendor agrees to engage Microsoft in regular agreed Quality Assessments during the lifecycle of the project, in line with SEHA requirements

SEHA-G/RFP/18/2012

Page 41 of 103

6.4.2 Vendor Capabilities

Requirement 1. Experience Functional Specification Experience of delivering similar centralized end-to-end systems architectures and services provided for similar industries or environments, at similar or greater deployment scale Demonstrated evidence of delivering complete and whole solutions, beyond the delivery of technology capabilities alone: this should include a demonstrated ability to create business-centric solutions that liberate the full value of technology, including either optimization of, or alignment to, business and operational processes, procedures/work instructions; operational models; solution-wide data models; SLA management; Business and operational measures and KPIs; Knowledge Management assets including documentation for technology and software configurations, policy definitions, guidelines, support processes, exception handling processes, diagnostic processes, and so on Compliance

2. Delivery Evidence

3. Gold Partner

Vendor should confirm they have at least Gold partnership status with Microsoft, and must otherwise demonstrate a thorough understanding of Microsoft technologies within the scope of this document, their deployment and implementation, and their live operation by End Users, administration/management functions and IT operations. Vendors must submit the resumes of the people who will be assigned to the contract. Vendors must assure SEHA that key project roles and functions will be delivered by on-site personnel working in SEHA premises for the duration of the project. Vendor resources must have successfully implemented similar solutions globally in large healthcare organizations. Please provide references.

4. Roles / Resources

SEHA-G/RFP/18/2012

Page 42 of 103

6.4.3 Design & Development

Requirement 1. High-Level Solution Design & Architecture Functional Specification The vendor agrees to engage with Microsoft in the use and implementation of Microsofts supplied high-level solution design and architecture Compliance

Service Mapping:
All 2. Design deliverables The vendor agrees to provide low-level design, systems integration, process, data model and other documentation as described in Section 9 of this RFP document.

Service Mapping:
All

SEHA-G/RFP/18/2012

Page 43 of 103

6.4.4 Delivery requirements specific to Microsoft Technologies

Requirement 1. Active Directory Consolidation Functional Specification SEHA want to transform the below current separate multiple domain architecture to single forest, multiple domain architecture that should include: 1. local1.domain (SEHA Corporate Office) 2. local2.domain (AHS) 3. local3.domain (Al Gharbiya hospital) 4. local4.domain (Mafraq hospital) 5. local5.domain (Al Rahba hospital) 6. local6.domain (Al Ain Hospital) 7. local7.domain (Corniche hospital) 8. local8.domain (Sheikh Khalifa Medical Center) 9. local9.domain (Tawam Hospital) 10. local10.domain (Microsoft Dynamics*) 11. local11.domain (Cerner HIS*) The design should enable Hospitals to manage their domain independently SEHA HQ (Forest admins) will set the overall security and access policy across seha.ae (All hospitals) (* not email enabled) SEHA want to design and implement Enterprise DNS. The Vendor should design a solution that meets the following SEHA requirements: Centrally Managed Service management tools across all entities o All users are managed in a single area, updates, security fixes, polices are driven by a single entity Compliance

Service Mapping:
Identity & authentication

3. Enterprise DNS

Service Mapping:
Internal DNS

Single Exchange GAL o No synchronization required for multiple GAL instances

Free/Busy Calendaring Information Sharing o o All data will be in real time (Free/ busy) Task sharing

Native Enterprise Single Sign on Moves all entities onto single standardized platform based on the latest available productivity & efficiency tools. o Unified Communication Full Unified Communications solution to enhance communication and collaboration across hospitals and geographic boundaries All communications are secure and encrypted with a centralized policy

SEHA-G/RFP/18/2012

Page 44 of 103

Requirement 4. Microsoft Exchange Consolidation

Functional Specification No VPN required Single Phone extension unified phone directory Straight forward Multi conference ability with the ability to host 3rd party conferences Public DNS Domain Name Hosting

Compliance

Service Mapping:
Email; Antimalware & Antispam

Design and implementation of a consolidated single Exchange 2010 architecture for SEHA and its entities. The scope of this project will be comprised of four major tasks: 1. Requirements capture & sign-off 2. Exchange Solution Design (Low-level) 3. Exchange Implementation 4. Exchange cutover & migration (users and data) from legacy platforms 5. End User service provision & activation in line with the shared services platform operational processes and integration with business HR applications The tasks will include the following items: Requirements validation Consolidated Exchange architecture and solution design Implementation planning and execution Mailbox migration End-user and Administrator training Post-implementation support

5. Information Rights Management

SEHA aims to implement an Information Rights Management solution based on Microsoft Active Directory Rights Management Service (RMS) that will provide the following capabilities: SEHA must protect such sensitive information as business strategy, patients reports, product specifications, customer data, and e-mail messages from getting into the wrong handsintentionally or accidentally. SEHA must comply with a wide range of corporate and industry regulations to protect confidential data even as the cost of compliance increases. With information in more places and users working in a more mobile fashion, SEHA will face growing risks of data leaks, and the costs of data breaches are growing. Leaks of

Service Mapping:
Identity & Authentication; DRM

SEHA-G/RFP/18/2012

Page 45 of 103

Requirement

Functional Specification confidential information can result in loss of intellectual property, compromised ability to compete, and diminished customer confidence. The proposed solution must be designed and configured in such a way as to provide comprehensive protection for the Microsoft Platform including Microsoft Exchange and SharePoint for secure communications and secure collaboration and Office Documents whether documents, spreadsheets, presentations, or e-mailno matter where it goes or how its stored/distributed to ensure that only those individuals who need to access and use a file can do so and to prevent sensitive information- such as financial reports, customer data and confidential e-mail messages from intentionally or accidently getting into the wrong hands. Vendors are expected to provide requirements management, business analysis and design services sufficient to properly define and agree the required policies and configurations of this service The solution should provide an optimized ability to define, set up, change and implement user policies covering access rights and permissions

Compliance

SEHA-G/RFP/18/2012

Page 46 of 103

Requirement 6. Identity & Access (including Single SignOn)

Functional Specification SEHA aims to implement an Identity and Access solution based on three Microsoft product components: Microsoft Forefront Identity Manager 2010 (FIM), Microsoft Forefront Unified Access Gateway 2010 (UAG) and Active Directory Federation Services (to aid the migration from legacy platforms during user/site migration, and to facilitate the future reach of the Shared Services Infrastructure to external users or entities in the future). The solution must be designed, configured and implemented in such a way that it will provide the following: Enhance the current SEHA end user experience in ordering and using offered IT services by offering web single sign on and selfservice tools for password reset and profile management, designed and constructed against user requirements the Vendor will gather, validate and sign-off and which will be designed with the intent to delight and innovate, as well as follow best practice. Manage the identity lifecycle management across the different systems and applications while providing the end users with self-service tools to manage their personal information and self-service password resets and group management. Streamline and enhance IT operations by automating and standardizing identity management operations. Empower users with self-service password reset and embeds self-help tools in Office so users can manage routine aspects of identity and access Provide the IT professionals in SEHA with rich administrative tools and enhanced automation, and must deliver .NET and Web Services-based extensibility for developers

Compliance

Service Mapping:
Identity & Authentication

The proposed solution must support integration with the SEHA Shared Services Infrastructure and integrate with Active Directory, Exchange, SharePoint, Office 2010 and Windows 7 out of the box as well as SEHAs corporate applications. 7. Microsoft Effective communication between users in SEHA is very important

SEHA-G/RFP/18/2012

Page 47 of 103

Requirement Enterprise Unified Communicati on (Voice, Exchange, instant messaging, presence, conferencing & collaboration)

Functional Specification and it plays critical role in employee & departmental productivity. Communicating to off site employees and those on the production sites across the UAE. As part of the IT offered services to employees, the need has been identified to roll out new ways of communication between users using Microsoft Lync 2010, Exchange 2010 and related components, which should provide: communication and collaboration across users and groups of users independent of site location Provide Presence information Ability to do Enterprise Instant Messaging Integration with office applications such as Outlook, Word and Excel Information Sharing between PCs using Lync 2010 PC to PC communications with Audio and Video Extending Conferencing features across the business units Access to the environment from outside SEHA Corporate network PSTN integration Exchange Unified Messaging integration (EXUM) Voice mail The production deployment should be on the existing production environment and any AD upgrades should be part of the scope The vendor must validate the HW sizing requirements for this implementation, and the required network throughput and policy control The vendor should enable LYNC EDGE servers for external communication and allow for mobility clients (Blackberry, iPhone, Android, Windows Phone) The vendor should include systems administration and end user training The vendor should adhere to the SEHA internal rules governing internal, on-net and off-net and international dialing The vendor should enable federation services with the other companies within the SEHA group The design should encompass all sites within the SEHA organization, and should additionally include a migration and cutover proposal for transitioning users from current legacy platforms The Vendor will conduct an assessment to assure the optimum re-use of existing SEHA telephony assets (PABX, terminals, desk phones, voice-related failover & backup mechanisms, etc.) A key element of SEHA user experience is keeping them productive and finding a way to reduce and eliminate risks associated with desktop environments such as misconfigurations and malware. This

Compliance

Service Mapping:
Instant Messaging & Rich presence; Enterprise Voice (inc. Voice Mail)

8. Enterprise Service Management:

SEHA-G/RFP/18/2012

Page 48 of 103

Requirement Microsoft System Center Configuration Manager 2012

Functional Specification should be done across multiple physical locations and managed centrally. SEHA want to use System Center Configuration Manager as single solution to manage client environments across all hospitals and to deploy new software, maintain secure settings, and update systems against vulnerabilities, and as an endpoint protection solution to make sure the latest threats dont damage information or resources. SEHA want to design a solution to provide significant efficiencies by combining these complementary technologies on a single infrastructure This solution should be designed for desktop/Server configuration management, security to help SEHA improve protection and lower operational costs across physical, virtual, and mobile environments. Minimally, the following the features need to be enabled on SCCM at a Group-wide level (independent of actual BE take-up): Software Inventory Hardware Inventory Software Metering Software Deployment Windows Updates Disk Imaging Power Management Remote control Desktop Management Reporting plus other requirements on SCCM configuration as agreed with SEHA, or otherwise as a logical consequence of requirements in this document

Compliance

9. Enterprise Service Management: Microsoft System Center Operation Manager 2012

Service Mapping:
Ops mgt & Monitoring

SEHA wants to build end-to-end service-management solution across its datacenter(s) to deliver reliable datacenter services to meet SEHA shared services increasing demands including SLAs defined by performance and availability across SEHA applications, datacenter infrastructure and users working environments. In addition SEHA wants to deploy a single environment from which to perform software deployment, including desktop client OS (i.e. management of centralized disk images) The SCOM features required to be enabled include (but is not limited to): Server CPU monitoring Server Memory monitoring Network Interface Card-level monitoring Server hard disk & disk array monitoring

SEHA-G/RFP/18/2012

Page 49 of 103

Requirement 10. Hosted Business Services

Functional Specification Monitoring of platform IT Services Activity Logs & Audit Trails Reporting & Dashboards (in line with validated SEHA requirements) The Vendor will establish with SEHA stakeholders those business-level servicese.g. document review, correspondence management, document management, approval processes, records management & retention, surveys, resource/skills management, knowledge management, and other hosted business servicesthat will benefit from being hosted as a shared service in line with researched and validated SEHA user requirements. Related templates, workflow definitions, access policies etc. will be configured on SharePoint & related Microsoft technologies

Compliance

Service Mapping:
File sharing; Collaboration & Portals

6.4.5 Data Centre: Shared Services Infrastructure deployment

Requirement 1. SEHA Data Center Server Infrastructure Design Service Mapping:
Computing Service (Central & Hospitals)

Functional Specification
Design for single shared services Windowsbased virtualization server infrastructure hosting virtual machines running the following services: Directory Services with DNS File/Print with DFS replication to datacenter Unified Communications Email (Including Internet Access) Instant Messaging (Including Internet Access) Digital Rights Management(Including Internet Access) Distributed File Sharing Services Identity Management Instant Messaging and Rich Presence Service Enterprise Voice Service DHCP Service Digital Rights Management Service Network Access Protection & Compliance Services Antimalware Service Public Key Infrastructure (PKI)

Compliance

SEHA-G/RFP/18/2012

Page 50 of 103

Requirement

Functional Specification
Desktop Services (SCCM) Software Services (SCCM) Systems Management Operations Management and Monitoring Service Database Service Intranet and Extranet Collaboration and Portals End-User Computing Service

Compliance

2. Shared Services Infrastructure & Provisioning Service Mapping:

Computing Service (Central & Hospitals)

SEHA want to build a shared services infrastructure and enable Services upon it across its departments and hospitals The Vendor will be required to design and implement Microsoft Hyper-V infrastructure based on the latest Microsoft Windows Server version. The implementation should utilize Microsoft Clustering services to provide high availability whenever application level clustering/high availability is not possible. The design should enable live migration of virtual machines if application level clustering is not utilized. The environment should be fully Managed by Virtual Machine Manager 2012 to provide the ability to establish standard configurations for host servers and automate compliance to these configurations, simplifying operational management and reducing errors due to mis-configurations The solution should enable the flexibility of creating shared computing resource pools and should enable Self Service based on a roles-based security model and to enable delegation across multiple Hospitals / teams The Vendor need to build basic server operating system images as well as service templates for SEHA reusable applications The design must enable and use intelligent placement of virtual workloads on physical host serves that match workload requirements SEHA want to have a unified data protection for Windows servers such as SQL Server, Exchange, SharePoint, Virtualization and file servers as well as Windows desktops and

3. Backup & Restore Service Mapping:

Computing Service (Central SEHA-G/RFP/18/2012 & Hospitals)

Page 51 of 103

Requirement

Functional Specification
laptops. The Vendor should utilize Microsoft Data Protection Manager 2012 to protect roaming laptops by having centrally managed policies around desktop protection The design should enable Desktop/laptops protection even with connectivity issues within hospitals or the case of roaming laptops The solution should support the continuous protection of Microsoft Exchange, SQL and SharePoint to provide zero data loss restores for those applications The design should provide a centrally managed system state and bare metal recovery SEHA deployment will be based on a staging environment in the central datacenter. Each of SEHAs virtual machines will be fully built (and replicated, updated, etc.) in the staging environment. All parts of the above process will be automated using scripts and product features wherever possible to minimize manual activities for deploying SEHA services. The Staging platform will be accompanied with step-by-step guidance for SEHA rollout teams. The Vendor will design & implement the architecture for a test environment which will simulate the production environment being deployed. This environment will allow SEHAs operations team to correctly test and manage changes to their production after the solution is rolled out.

Compliance

4. SEHA Staging and Deployment Planning Service Mapping:

Computing Service (Central & Hospitals)

5. Operations Test Environment Service Mapping:

Computing Service (Central & Hospitals)

6. Database Consolidation Assessment & Feasibility Study Service Mapping:

Computing Service (Central & Hospitals)

There are three main options for consolidating database services on the Microsoft SQL Server platform: Multiple Databases (Multi-Tenancy). Multiple databases consolidated to a single SQL Server instance Multiple Instances. Multiple SQL Server instances per physical server Virtualization. Multiple virtual machines per

SEHA-G/RFP/18/2012

Page 52 of 103

Requirement

Functional Specification
physical server Vendor must conduct a feasibility study of applications in each of the 9 entities to assess their suitability & preparedness for migration to the shared services platform on SQL Server/Virtualization. To rd include costs of any required 3 party adaptors to complement the solution. The Vendor is required to assess the optimum consolidation roadmap for migration of SEHA line-ofbusiness applications to the shared services platform. Please describe process of migration from currently distributed environments to new centralized infrastructure The Vendor should take into consideration current SEHA application landscape and evaluate and consider the following factors: Supportability of virtualization Current supported SQL Server versions Current Service Pack and patching levels Migration of relevant end user data (See Section 6.4.11 for specific Compliance statements) SEHA anticipates a combination of SQL Server Virtualization approach along with separate physical environment that would cater for applications that dont support this approach or that require a separate environment from governance point of view. Proposed solution deployment plan must assure the efficient and timely migration of end users from current Business Entity IT environments to the new shared services platform, while providing minimized impact to daily IT operations and zero impact to patient healthcare operations. The Vendor must provide: Evidence of previous success in similar migration scenarios Proposed migration and cutover schedules, risk management plans, roll-back & fallback mechanisms, data quality assessment, validation and data cleansing activities, and credible planning proposals for cutover per user group and/or per application/IT service type, in line with SEHAs required timelines

Compliance

7. Cutover process & Data Migration Shared Services Platform Service Mapping:
Computing Service (Central & Hospitals)

8. Cutover Process & User Migration Business Service Entities Mapping:

Computing Service (Central & Hospitals)

SEHA-G/RFP/18/2012

Page 53 of 103

Requirement 9. DB Service creation & activation Service Mapping:

Computing Service (Central & Hospitals)

Functional Specification
Proposed solution must support Database provisioning and Automation allowing SEHAs stakeholders to create, upgrade and purge database services on demand

Compliance

10. DB Service provisioning Service Mapping:

Computing Service (Central & Hospitals)

The provisioning layer must support Web based selfprovisioning interface allowing authorized users to choose database templates to be automatically provisioned in the shared SQL database service infrastructure.

11. Self-provisioning Service Mapping:

Computing Service (Central & Hospitals)

System Center-based provisioning solution will provide approval workflows and/or templates for the self-provisioning in certain cases (configurable by system administration) for Platform-hosted application services

12. Server specifications: standard builds Service Mapping:

Computing Service (Central & Hospitals)

Self Service approach should standardize the server builds and assign identical set of policies and configurations for each newly provisioned database\environment. Refer to Attachment 5 for more details.

13. DB Systems Management Service Mapping:

Computing Service (Central & Hospitals)

The proposed Solution should integrate with System Center 2012 suite of products and allow for full monitoring capabilities of the centralized SQL infrastructure

SEHA-G/RFP/18/2012

Page 54 of 103

Requirement 14. DB Systems Monitoring Service Mapping:

Computing Service (Central & Hospitals)

Functional Specification
Solution should reduce management overhead with a single-point of monitoring, auditing, configuration, and diagnostics for all database servers. The solution should utilize the standard management packs for SCOM Server

Compliance

15. DB Back-up & Restore Service Mapping:

Computing Service (Central & Hospitals)

Proposed SQL Server shared services infrastructure should allow for centralized and automated backup strategy across all databases.

16. DB High Availability Service Mapping:

Computing Service (Central & Hospitals)

Proposed solution needs to support high availability for the database services that will be automatically enabled for each provisioned database. Proposed architecture needs to consider full high availability of the hosted databases using clustering and mirroring minimized planned and unplanned downtime

17. Multiserver DB Management Service Mapping:

Computing Service (Central & Hospitals)

Solution will enable advanced manageability through MultiServer management features offered in SQL Server 2008 R2. In case of SQL Server 2005 databases and earlier these should be still managed through a central 2008 R2 instance.

18. DB Configuration Management & Policy Control Service Mapping:

Computing Service (Central & Hospitals)

Vendor should propose a Policy Based management approach to ensure uniform configuration and set of management policies to all database instances in the private could

SEHA-G/RFP/18/2012

Page 55 of 103

Requirement 19. Usage elasticity Service Mapping:

Computing Service (Central & Hospitals)

Functional Specification
The proposed solution should have ability to control elasticity and dynamically allow usage. The Vendor is expected to provide validated & agreed dimensioning rules and capacity management processes for providing and managing this

Compliance

20. DB Systems Monitoring Service Mapping:

Computing Service (Central & Hospitals)

Unified Database Monitoring Dashboard the Vendor must provide validated & agreed design and implementation of such a dashboard in accordance with SHEA IT requirements, using the relevant Microsoft product assets

21. Dimensioning Server farm performance Service Mapping:

Computing Service (Central & Hospitals)

Vendor needs to propose elastic principles to ensure that databases that need more processing power at peak times or over time will be dynamically allocated the necessary resources and at the same time ensure correct utilization of the current HW and keeping the right levels of VM density.

22. Disaster Recovery Service Mapping:

Computing Service (Central & Hospitals)

Vendor needs to provide a Disaster recovery approach for the SQL Server Shared Services Infrastructure that is in line with the overall consolidated SEHA DR strategy for its data center (See Section6.4.6). In addition further measures should be taken on the database level such as mirroring, replication, log shipping and others to ensure right level of business continuity and prevent data loss. Please describe process of patching and upwards to SQL Server instances as well as underlying operating systems and highlight suggested approach for ensure ring high availability and business continuity for the database service.

23. SQL Server upgrade & update Service Mapping:

Computing Service (Central & Hospitals)

SEHA-G/RFP/18/2012

Page 56 of 103

Requirement 24. Platform Operations dashboards & reporting Service Mapping:

Computing Service (Central & Hospitals)

Functional Specification
The Shared Services platform must provide for management reporting as defined in Section 6.4.8, Requirement 29.

Compliance

SEHA-G/RFP/18/2012

Page 57 of 103

6.4.6 Disaster Recovery

Requirement 1. Centralized Disaster Recovery capability Service Mapping:
Computing Service (Central & Hospitals)

Functional Specification
SEHA want to have a Centralized Disaster Recovery solution based on Data Protection Manager 2012 to protect SEHA shared services implementation The design should provide native site-tosite replication for Disaster Recovery to another DPM 2012 server All workloads shall be designed such that they are in hot or warm standby configuration for optimum Disaster Recovery, where Warm backups are those which are turned on periodically to receive backups of data from the production servers. For example, warm backups are used in mirroring, replication, and log-shipping scenarios and hot backups are those which are frequently turned on and ready to move into production mode immediately. These are typical in failovers within a cluster Servers The solution should support host based backup of Virtual guests. Using a single host based DPM 2012 agent to provide application consistent backups of any and all guests residing on a host.

Compliance

SEHA-G/RFP/18/2012

Page 58 of 103

6.4.7 Security Requirements

Requirement 1. Secure development and deployment, program for Secure Practices & Methodologies Functional Specification The Vendor has published guidelines and mandate for secure development and deployment of their respective solutions, and will provide this for SEHA review The Vendor has a formal structured program for education and training for Security procedures in secure solutions and will provide this for SEHA review Compliance

Service Mapping:
All

2. Security best practices and compliance with SEHA policies

Service Mapping:
All

Security best practices like least privilege, segregation of duties (roles), defense in depth, fail safe, complete mediation, sound identity management should be put in place, aligned with SEHA policies Vendor will document the procedures necessary to implement security best practices, especially for least privilege principle with Active Directory administration and delegation. Vendor will assure the ability of SEHA IT Operations to deploy BitLocker Drive Encryption on all notebooks, laptops and desktop computers It should be possible to encrypt all partitions (OS and data) using BitLocker Drive Encryption. Microsoft BitLocker Administration and Monitoring will be enabled to define encryption policies, get compliance results, allow administration of recovery keys,

3. Client hard disk encryption

Service Mapping:
All

SEHA-G/RFP/18/2012

Page 59 of 103

Requirement

Functional Specification present reports BitLocker Drive Encryption will be enabled such that it can be deployed automatically to all new machines that match the technical requirements for BitLocker Drive Encryption (right OS, BIOS, TPM, right partitioning). Vendor will define a procedure to define a machine as exempted from BitLocker Drive Encryption. Reports on compliance should be available for the entire organization or for just one single entity (like a specific hospital) The Vendor will issue a recommendation on the use of a Data Recovery Agent in the context of SEHA. The recovery process should be defined to allow some administrative users the ability to recover encrypted partitions for some specific machines The Vendor will help SEHA establish a user identification policy to verify which computers in the organization belong to which users before issuing any recovery password. The Vendor will propose a procedure to identify users before issuing recovery keys. The procedure should leverage existing products like Service Manager, Forefront Identity Manager, etc. To avoid compromising of keys while machine is online, appropriate security hardening will be applied to the extent it does not interfere with normal operations: blocking of SBP-2 driver, policy to hibernate

Compliance

SEHA-G/RFP/18/2012

Page 60 of 103

Requirement

Functional Specification machine (no or limited standby) The Vendor will clearly document the changes to existing procedures (like informing the hardware team that extra steps need to be taken before updating BIOSes) and new procedures (recovery, TPM activation, adding machines to the list of capable machines on MBAM servers, last known state of a computer, compliance at the organization level, who and when keys have been accessed and when new hardware has been added, etc.) The Vendor will identify decommissioning requirements and propose a decommissioning procedure compliant with SEHA policies. The Vendor will list user roles that own each incident resolution. A pilot deployment will be done with representative hardware configurations before full deployment.

Compliance

SEHA-G/RFP/18/2012

Page 61 of 103

Requirement 4. Windows 7 DirectAccess (secure & transparent connectivity)

Functional Specification Defined mobile Windows 7 domain machines will be deployed as DirectAccess clients Forefront UAG (Unified Access Gateway) will be the DirectAccess gateway servers. UAG DirectAccess will be deployed for high availability on the server side. UAG DirectAccess will implement NAT64 support DirectAccess connections to the second tunnel will be established based on machine identity and user identity (first with Windows logon/password only and with an option to later deploy strong authentication) and NAP (Network Access Protection) compliance.

Compliance

Service Mapping:
All

SEHA-G/RFP/18/2012

Page 62 of 103

Requirement 5. Network Access Protection (NAP)

Functional Specification NAP (Network Access Protection) will be implemented to support DirectAccess on client PCs, and otherwise for defined nonWindows devices, using full enforcement and autoremediation when available and relevant. Vendor will advise which System Health Agents and Validators (SHA/SHV) will be used to comply to SEHA policies and leverage the components deployed (System Centre for instance) like having a firewall enabled, an up-to-date antimalware and all the critical updates that where approved in SCCM/WSUS the last 24 hours. NAP will be later extended to clients in the internal network based on the quarantine capabilities of the network (IPsec or 802.1X), first as reporting only, then as full enforcement. The NPS servers will be deployed for high availability. A procedure to disable NAP enforcement will be documented for troubleshooting purpose. Vendor will design and deployment IPv6 transition technologies for the internal network (ISATAP) Vendor will implement all necessary IPv6 transition technologies for the Internet side of the gateway. Vendor will manage the relevant & timely retirement of legacy NAC platforms per SEHA entity as part of their migration/cutover strategy

Compliance

Service Mapping:
Network Access Protection & Compliance

SEHA-G/RFP/18/2012

Page 63 of 103

Requirement 6. Public Key Infrastructure (PKI)

Functional Specification Active Directory Certificate Services (AD CS) will be deployed to support infrastructure requirements (certificates required for IT services). PKI hierarchy should be based on a minimum of 2 levels with an offline root Certificate Authority (root CA). Vendor will define the depth of the hierarchy and the number of subordinated CA based on current and future requirements (functional or entities based). Vendor will design the PKI based on the state of the art to allow current and reasonable future scenarios (like strong authentication with smartcards, based on Forefront Identity Manager)

Compliance

Service Mapping:
PKI

7. Microsoft Identity Management 8. Microsoft Identity Federation

(Refer to Section 6.4.1 Requirement 6)

(Refer to Section 6.4.1 Requirement 6)

SEHA-G/RFP/18/2012

Page 64 of 103

Requirement 9. Security Hardening

Functional Specification Vendor will define security hardening profiles for workstations and servers based on published best practices in Microsoft Security Compliance Manager tool. Hardening baselines should provide an increase in security (like the attack surface reduction) and no side effects. Baselines will be defined for laptops, desktops and servers based on their roles. Every potential negative side effect must be validated by SEHA. Active Directory and System Centre will be used to deploy these baselines and monitor the drift from the baselines (with System Centre Configuration Manager Compliance Manager) that contain settings that are not mandatorily enforced but yet are desired configurations.

Compliance

Service Mapping:
All

SEHA-G/RFP/18/2012

Page 65 of 103

Requirement 10. Applications whitelisting and blacklisting

Functional Specification On servers that have dedicated and well-defined applications, Vendor will enable Windows AppLocker whitelisting. If kiosk machines are deployed, they will also enable AppLocker whitelisting. Vendor will also document the procedure to blacklist an application from some or all domain members. Typical applications that will be used are the ones that are inventoried by System Centre Configuration Manager and forbidden by SEHA policies (for instance, some customers ban P2P applications and define AppLocker blacklisting rules for this) Vendor will design the rules to be easy to manage and maintain (using whenever its possible signature based rules rather than hashes or path rules) Vendor will propose SEHA a way to sign in-house developed applications that are used on machines that implement AppLocker whitelisting. A pilot deployment will be done with representative hardware configurations before full deployment.

Compliance

Service Mapping:
All

SEHA-G/RFP/18/2012

Page 66 of 103

Requirement 11. Compliance & Audit

Functional Specification Vendor will deploy System Centre Operations Manager Audit Collection System (ACS) on sensitive machines to collect the significant security logs that the Vendor will have to define based on SEHA policies. Vendor will design the solution to not negatively impact the performance of monitored machine in a significant way Vendor will document how to access the collected logs when necessary. A recommendation should also be made on how to interface this repository with a correlation tool.

Compliance

Service Mapping:
All

SEHA-G/RFP/18/2012

Page 67 of 103

Requirement 12. Email security: Antispam and Antivirus

Functional Specification The Vendor will design and implement an antispam protection based on Forefront Online Protection for Exchange (FOPE) and Forefront Protection for Exchange (FPE) The bulk of the antispam filtering should happen at FOPE level to avoid SEHA network having to carry unsolicited emails. The antispam policy will be defined in compliance to SEHA policies regarding deletion of spams, retention of spams, access to quarantined emails by admin or user, outbound message filtering, directory and contacts synchronization, etc. Antivirus protection will be activated on FOPE and deployed on Exchange servers various roles with FPE. Based on SEHA policies and Exchange servers baseline performance the FPE antimalware policy will be tuned to balance security and performance. Vendor will provide a recommendation on configuration of the solution, including notifications to users Vendor will document how delegation of administration can be achieved.

Compliance

Service Mapping:
Email antispam & antivirus

SEHA-G/RFP/18/2012

Page 68 of 103

Requirement 13. Email security: automatic persistent protection and use control of classified emails or emails sent to specific groups

Functional Specification Vendor will document how to have automatic protection with Active Directory Rights Management Services (AD RMS) based on relevant criteria (classification found in the email, specific distribution group requiring systematic AD RMS protection for all emails). With SEHA confirmation, Vendor will implement in Service Manager and / or Forefront Identity Management the option of enforcing AD RMS for a particular distribution group.

Compliance

Service Mapping:
Email; Identity & Authentication; DRM 14. SharePoint antimalware protection

Vendor will deploy Forefront Protection for SharePoint Vendor will document how to implement file filtering in case SEHA needs to implement it.

Service Mapping:
Antimalware

15. Information Security Management System

Service Mapping:
All

Vendor solutions (technologies and processes) should allow SEHA to reach a state for these solutions where an ISO 27001 auditor would not flag any major noncompliance. It is not the purpose of this RFP to have the Vendor help SEHA achieve ISO 27001, however this is the kind of quality level that is expected from the submitted solutions and processes. Any significant risk to SEHA that the Vendor has identified should be reported as commanded by due diligence.

SEHA-G/RFP/18/2012

Page 69 of 103

Requirement 16. Remote Access Gateway

Functional Specification Vendor will deploy Forefront UAG so SEHA may grant remote access to non-domain Windows 7 machines, and other devices running non Windows operating systems. Applications published through UAG will check the username and device capabilities and compliance with security policy to grant an adequate level of access to the application. SSL VPN feature will be implemented. Vendor will deploy Forefront TMG to protect access to web content TMG clients will be deployed to all compatible client computers HTTPS traffic inspection will be enabled except for a list of exemptions that the Vendor will document how to administer and maintain Vendor will deploy System Centre Endpoint Protection Vendor will provide full documentation of recommended configuration parameters in line with SEHAs validated requirements Vendor will document how exceptions to the policy can be implemented if needed Reporting should be designed to allow full organization view or single entity reports.

Compliance

Service Mapping:
Identity & Authentication

17. Web access and security

Service Mapping:
Web Browsing; Internet access; DRM

18. Endpoint protection

Service Mapping:
Antimalware

SEHA-G/RFP/18/2012

Page 70 of 103

Requirement 19. Network isolation and security

Functional Specification Vendor must provide documented evidence and references of their previous experience in setting up and maintaining IPSec server and domain isolation in Enterprise environments Vendor will implement server isolation using IPsec on servers containing sensitive information to restrict establishment of network connections to only known and authenticated machines and/or users Vendor will implement domain isolation using IPsec for domain joined machines that will only accept incoming connections from authenticated machines.

Compliance

Service Mapping:
Network access protection & compliance

6.4.8 SEHA IT Operations

Scope Item (Planning/Design of) 25. Microsoft SCOM Functional Specification SEHA needs to design System Center Operation manager 2012 to efficiently monitor Multiple Datacenter environment SEHA need a monitoring solution design that enables IT to reliably monitor applications and infrastructure in a single pane of glass end-to-end view while working with other components of systems management tools. SEHA want the SCOM design to work across SEHA HQ onpremises datacenter resources as well as off-premises (Other hospitals) resources & be able to project information for individual hospitals as well as across all shared services in SEHA The design should provide deep visibility into the health, performance and availability of SEHA datacenter environments across applications, operating Compliance

Service Mapping:
Operations Management & Monitoring

SEHA-G/RFP/18/2012

Page 71 of 103

Scope Item (Planning/Design of)

Functional Specification systems, hypervisors and even hardware through a single interface. The design should provide support for heterogeneous environments. SEHA want the Vendor to utilize Operations Manager 2012 to offer use reporting and authoring capabilities to track performance against SLAs. The design should include AVIcode to provides a comprehensive suite of application monitoring capabilities Including server/component monitoring, end user monitoring, transaction monitoring, dependency discovery, and integrated reporting and analysis that enables a complete keyboard-toeyeball view of application health and behavior. The design should simplify management with automatic discovery of application dependencies addresses SEHA LOB monitoring without the need for extensive MP authoring The deployment should include graphical application topology view displays dependency between distributed components The Vendor should utilize distributed application monitoring in Systems Center 2012 to be able to monitor applications and infrastructure across organizational and logical units and boundaries, i.e. hospital view, multi-hospital view, overall view

Compliance

26. Microsoft SCCM

Service Mapping:
Desktop & software SEHA-G/RFP/18/2012 services; System management

SEHA wants to utilize Microsoft System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection

Page 72 of 103

Scope Item (Planning/Design of)

Functional Specification to provide a unified infrastructure to manage and protect physical, virtual, and mobile client environments, helping SEHA IT:

Compliance

Empower users to be productive from anywhere, on whatever device they choose. Provide a unified infrastructure for client management and protection. Make it easier and faster to administer client systems and maintain system compliance

The design should be able to enables users to be productive from anywhere. The solution should be able to evaluate device and network capabilities to determine the optimal mechanism for delivering an application to a specific user. This could be a local installation, streaming through application virtualization, or use of a presentation server The solution should authorize users across SEHA to selfprovision applications securely from any hospital with an easyto-use web catalog. Users should be only shown only the software they have permission to request The solution should reduce SEHA management and operating costs through a single, integrated platform for managing desktop security and Compliance. And provide a single solution for malware protection, vulnerability remediation, and update management while giving visibility into noncompliant systems.
Page 73 of 103

SEHA-G/RFP/18/2012

Scope Item (Planning/Design of)

Functional Specification The Vendor should utilize Systems Center 2012 Collections to be able to manage specific logical nodes across organizational and logical units and boundaries, i.e. per hospital, multi-hospital, overall SEHA want to utilize System Center Service Manager 2012 to deliver an integrated platform for automating and adapting IT Service Management across SEHA hospitals. The design of SEHA Service manager should increase productivity, reduce costs, improve resolution times, and meet compliance standards. It should be based on industry best practices such as those found in Microsoft Operations Framework (MOF) and the IT Infrastructure Library (ITIL). The design/implementation should include core management packs for incident and problem resolution, change control, and configuration and knowledge management.

Compliance

27. Microsoft Service Manager

Service Mapping:
Service management

The design should include configuration management database (CMDB) and process integration that automatically connects knowledge and information from System Center Operations Manager, System Center Configuration Manager, and Active Directory Domain Services. The design should consider 2 main deliverables User-centric support SEHA wants to improve user productivity and satisfaction

SEHA-G/RFP/18/2012

Page 74 of 103

Scope Item (Planning/Design of)

Functional Specification while reducing user support costs with self-service experiences combined with deep integration with other System Center products. The Vendor should design and enable self-service with Service Manager 2012 so that SEHA endusers are able to resolve many issues on their own at any time, thereby reducing the number of service desk calls. SEHA needs the capability to analyze and quickly resolve issues through an integrated platform that connects organizational knowledge to core IT processes. The design should integrate the information from System Center Configuration Manager, forming a baseline configuration management database (CMDB). The CMDB establishes relationships among the reason, priority, and impact of changes and incidents, which helps reduce the risk of change to SEHA IT and informs decisions to quickly restore service. The increased responsiveness helps SEHA endusers work more efficiently and increases their overall satisfaction with SEHA IT services.

Compliance

Datacenter management efficiency SEHA needs to build an integrated platform that facilitates centralized incident, problem, and change management with Microsoft Service Manager 2012 to help restore service more quickly and reduce downtime, while improving the reliability of IT services running within SEHA Shared Services Infrastructure. The design should leverage

SEHA-G/RFP/18/2012

Page 75 of 103

Scope Item (Planning/Design of)

Functional Specification information gathered from sources such as Active Directory Domain Services and System Center into its configuration management database (CMDB) The design should use templates and easily defined workflows to automate the creation and coordinated management of incident resolution, problem and change management work items.

Compliance

28. Microsoft Orchestrator

Service Mapping:
IT Process Implementation

SEHA want to enable IT Process Automation and integrated management capabilities to System Centre that enables SEHA to: Ensure SEHA Shared Services Infrastructure service predictability and compliance while lowering costs through orchestrated automation of workflows/tasks across IT systems. Automate cross-silo processes and enforce best practices for core datacenter processes like incident management, change management, and service lifecycle management.

Reduce unanticipated errors and service delivery time by automating tasks across vendor and organizational silos The solution should enable and automate end-to-end process automation incorporating System Center products

29. Operations dashboards & reporting

Service Mapping:
SEHA-G/RFP/18/2012

Reporting, dashboards and business intelligence are required to be configured across SEHAs Microsoft technologies and services in the

Operations management & monitoring

Page 76 of 103

Scope Item (Planning/Design of)

Functional Specification following areas, against SEHA requirements that must be gathered and validated by the Vendor: Process Metrics Service Metrics People Metrics Technology Metrics Service Level Achievements Capacity & Utilization Availability Reports Service Catalogue User admin Portals Service Desk Service level mgmt. Financial management and billing On-line service provisioning, Orchestration and Automation Service Metering and Chargeback Identity and Access Management Capacity Management Computer, Network and Storage Management Virtualization Service Change, Config. Management, Monitor, backup Datacenter Facilities Support Datacenter Operations

Compliance

30. Solution Operational Performance and Service Level Agreements (SLAs)

The Vendor should ensure that: Operational SLAs for end user IT service provisioning are agreed and validated with SEHA stakeholders SLAs for IT operations processes are agreed and validated with SEHA stakeholders The Solution is engineered in such a way as to allow each Business Entity to change, enable or upload

Service Mapping:
Operations management & monitoring
SEHA-G/RFP/18/2012

Page 77 of 103

Scope Item (Planning/Design of)

Functional Specification templates, configurations, profiles and/or features in line with agreed SLAs, and independently of the activities of other Business Entities Such SLAs are proven as measureable through configured dashboards, business intelligence reports and otherwise as required by SEHA

Compliance

SEHA-G/RFP/18/2012

Page 78 of 103

6.4.9 Network Infrastructure Management

Requirement 1. Network Monitoring Functional Specification Compliance SEHA IT wants to gain visibility into end-to-end network & system elements in the shared services infrastructure to reduce mean time to resolution. To achieve that the Vendor should integrate System Centre Operation Manager 2012with SEHAs preferred network monitoring solution to design a network infrastructure monitoring solution that supports: Network discovery, network monitoring, visualization, and reporting Multi-vendor support (Cisco, HP, Bluecoat, Juniper) The design should utilize network discovery to discovery finds information such as connectivity, VLAN membership, HSRP groups, server NIC discovery, port/interface details, processor details, memory Network monitoring stats include up/down, volume of inbound/outbound traffic, % utilization, drop and broadcast rates, processor % utilization, in-depth memory counters for Cisco (including fragmentation), and free memory monitor connection health (looks at both ends of the connection), VLAN health (based on switch status), and HSRP groups The Vendor should produce dashboards including network summary, network node details, network interface details, and vicinity views. The solution should be able to produce reports include memory utilization, processor utilization, port traffic volume, port error analysis, and port packet analysis.

Service Mapping:
Operations management & monitoring

SEHA-G/RFP/18/2012

Page 79 of 103

Requirement 2. DHCP

Service Mapping:
DHCP

Functional Specification SEHA want to design and deploy Dynamic Host Configuration Protocol (DHCP) to enables centralized automatic management of IP addresses and other TCP/IP settings for network clients The design should enable:

Compliance

Valid configuration parameters for all clients on the network (Physical or virtual ) Valid IP addresses maintained in a pool for assignment to clients and reserved addresses for manual assignment. The design should ensure that client configurations must be updated often (such as for laptop computers whose locations change frequently), changes can be made efficiently and automatically by clients communicating directly with DHCP servers The design should enable Address reuse: When a client computer moves between subnets, its old IP address is freed for reuse. The client reconfigures its TCP/IP settings automatically when the computer is restarted in its new location

6.4.10 End User Knowledge Management & Enterprise Search services

Scope Item (Planning/Design of) 1. Enterprise Search capabilities - server side functionality Functional Specification

Compliance

Service Mapping:
File sharing; Intranet Collaboration & Portals

The Vendor will optimally design and configure Microsoft Enterprise search facilities to fully realize their potential against validated SEHA user requirements. The Vendor is expected to provide demonstrable evidence of end user benefitsin the form of process efficiency gains and knowledge acquisition lead timesbased on creating a Search capability that is intuitive, accurate and relevant for SEHA Users (by defined User group)

SEHA-G/RFP/18/2012

Page 80 of 103

Scope Item (Planning/Design of) 2. Enterprise Search capabilities - Client side UI & systems interfaces (integration points)

Functional Specification

Compliance

The Vendor will optimally design and configure Microsoft Enterprise search facilities to fully realize their potential against validated SEHA user requirements. The Vendor is expected to provide demonstrable evidence of end user benefitsin the form of process efficiency gains and knowledge acquisition lead timesbased on creating a Search capability that is intuitive, accurate and relevant for SEHA Users (by defined User group) Prospective Vendors are invited to submit cost proposals for end user training and familiarization as part of their business transformation and change management proposal The Vendor will use their healthcare experience to configure and install SharePoint templates created for use in the Healthcare industry, and configure them for optimum operation in the SEHA business environment in line with their best practice and validated requirements The Vendor will research and validate SEHA user requirements by agreed user group to support defined Healthcare processes in operation. With the intent of increasing process efficiency and reducing lead times and overhead, these processes must utilize the potential of Microsoft SharePoint to provide optimum facilities for knowledge

Service Mapping:
File sharing; Intranet Collaboration & Portals

3. SharePoint Health Industry Template configuration

Service Mapping:
File sharing; Intranet Collaboration & Portals 4. Customization of SharePoint including workflows, approvals, notifications in support of SEHA end user requirements

Service Mapping:
File sharing; Intranet Collaboration & Portals
SEHA-G/RFP/18/2012

Page 81 of 103

Scope Item (Planning/Design of)

Functional Specification management, sharing and relevant collaboration, including reviews and approvals processes, swift and intuitive access to knowledge base materials per subject, and so forth.

Compliance

SEHA-G/RFP/18/2012

Page 82 of 103

6.4.11 Data Migration

Data File share data Details The Vendor will develop the migration approach for the File share data on existing file cluster in central data center, will be migrated to the new file cluster. File data will be copied within the same domain using standard Microsoft copy tools retaining all permissions and ACLs. The Vendor will develop the migration approach for the Exchange mailbox moves The total mailboxes to be moved to the new centralized setup are 18,050 mailboxes. Out of which 4,600 are on Exchange 2003 and 1300 mailboxes are on Exchange 2007. Mailboxes will be moved using standard Exchange 2010 move mailbox tools. The Vendor will develop the migration approach for the SharePoint data on existing SharePoint servers in each Business Entity, and their migration to the central data center. Vendors will ensure that all workflows, templates, user access rights and permissions, and other relevant configuration and user-specific data is migrated such as to provide a seamless migration experience to the end user. The availability of Print services is a business-critical aspect of SEHAs daily healthcare operations. Migration activity related to Printer settings & Configurations must provide seamless cutover with zero operational impact per Business entity. Data migration approach relating to Print services, their settings, configurations and permissions must therefore take this in to account. Compliance

Service Mapping:
File sharing

Mailbox data

Service Mapping:
Email

Sharepoint data

Service Mapping:
File sharing; Intranet Collaboration & Portals

Print Services data

Service Mapping:
Print Services

SEHA-G/RFP/18/2012

Page 83 of 103

Data Active Directory data

Service Mapping:
Identity & Authentication; Internal DNS DNS data

Details The Vendor will develop the migration approach for these roles New domain controllers will be placed in the same domain; therefore data will be automatically replicated to new servers. FSMO roles will be transferred using built in AD tools.

Compliance

Service Mapping:
DNS

DHCP Scopes

Service Mapping:
DHCP

DNS zones are AD integrated; therefore data will be automatically replicated to new servers. DHCP scopes for workstations will be updated with new DNS entries. Static entries on servers will be updated manually. The Vendor will develop the migration approach for the DHCP scopes Existing DHCP scopes in central data center will be transferred to the new DHCP cluster using NETSH export/import tool.

SEHA-G/RFP/18/2012

Page 84 of 103

2. SEHA IT Services Heat Map & IT Services Matrix

Below is represented a Heat Map describing the current deployment of Microsoft technologies across each of the SEHA Business Entities.

Figure 5: SEHA Heat Map

Below is more detailed information about IT Services deployed per SEHA Business Entity.

SEHA-G/RFP/18/2012

Page 85 of 103

1. SEHA Group capabilities 1.1 AD Forests & Domains for Cerner & Dynamics Cerner HIS Cerner HIS is located at Injazat data center and etisalat data center. Cerner HIS production is running at Injazat data center and Cerner HIS nonproduction is running at etisalat data center. There also exist dedicated Citrix farm where end users at business entities use their internet explorer to login to Cerner HIS (production & non production environments) with total users of approximately 5000 concurrent users. Cerner HIS has separate active directory forest, single domain, and 2 active directory sites. Microsoft Dynamics (Billing) Microsoft Dynamics is located at Injazat data center. There also exist dedicated Citrix farm where end users at business entities use their internet explorer to login to Microsoft Dynamics with total users of approximately 700 concurrent users. Microsoft Dynamics has separate active directory forest, single domain. 1.2 WAN Network details The diagram below represents the network topology connecting SEHA Business Entities with its Data Centers.

SEHA-G/RFP/18/2012

Page 86 of 103

Figure 6: SEHA WAN Topology

SEHA-G/RFP/18/2012

Page 87 of 103

2.

SEHA Headquarters
350 350 All Windows 7 Active Directory Windows Server 2008 R2 Exchange 2010 SP2 Installed Lync 2010, IM, Presence, Voice (through Cisco gateway) SharePoint 2010 Forefront Endpoint Protection Forefront Threat Management Gateway (TMG) 2010 WSUS System Center Configurations Manager 2007 R2 SCCM System Center Data Protection Manager 2010 Hyper-V with System Center Virtual Machine Manager Currently on SharePoint, a new ITIL Service Management Tool to be decided shortly. SEHA HQ is one location, two datacenters, SEHA HQ hosts the shared services infrastructure for enterprise applications (Health Information System HIS, Anthem BI, Microsoft Dynamics GP, and Oracle Enterprise Business Suite) A separate Active Directory Forest exist for HIS A separate Active Directory Forest exist for Billing System (Microsoft Dynamics GP) A separate Active Directory Forest exist for SEHA HQ SEHA is connected to Etisalat MPLS cloud with 100 Mbps connection

Number of Users & Mailboxes Number of PCs Desktop OS Version Identity Management Services Description Messaging Infrastructure Description BlackBerry Enterprise Service Unified Communications SharePoint Deployed/Version Anti-Malware Reverse Proxy/Forward Proxy OS Updates Services Software Batch Updates Windows 7 OS Image Deployment Tool Microsoft Data Protection Virtualization Management Service Desk Tool Additional Information

3.

AHS
1600 1131 All Windows XP except 400 Windows 7 Active Directory Windows Server 2008 R2 Single forest, single domain Exchange 2010 SP2. Installed Lync 2010, IM, Presence, Voice SharePoint 2010 Forefront Endpoint Protection Forefront Threat Management Gateway (TMG) WSUS System Center Configurations Manager 2007 R2

Number of Users & Mailboxes Number of PCs Desktop OS Version Identity Management Services Description Messaging Infrastructure Description BlackBerry Enterprise Service Unified Communications SharePoint Deployed/Version Anti-Malware Reverse Proxy/Forward Proxy OS Updates Services Software Batch Updates

SEHA-G/RFP/18/2012

Page 88 of 103

Windows 7 OS Image Deployment Tool Microsoft Data Protection Virtualization Management Service Desk Tool Additional Information

SCCM System Center Data Protection Manager Hyper-V with System Center Virtual Machine Manager The Kesaya Solution 36 branch sites, single datacenter, 120 servers. AHS is connected to Etisalat MPLS cloud with 30Mbps connection

SEHA-G/RFP/18/2012

Page 89 of 103

4.

SKMC
4500 3095 All Windows XP except 500 Windows 7 (expected 100% Win7 by June 2012) Active Directory Windows Server 2008 R2 Exchange 2010 SP1, protected by Forefront Online Protection for Exchange and Symantec Mail Security for Exchange Installed Lync 2010, IM, Presence, Cisco IPT for Voice SharePoint 2010/2007 Symantec Endpoint Protection 12 Forefront Threat Management Gateway (TMG) for Web Publishing, BlueCoat is used for Web Proxy. WSUS System Center Configurations Manager 2007 R2 Symantec Altiris 7.1 EMC Networker System Center Data Protection Manager VMware CA Unicenter Service Desk 11 Branch offices, one primary data center and one DR data center, and total number of servers of 160 servers. Data centers are connected to Etisalat MPLS cloud with 30Mbps connections

Number of Users & Mailboxes Number of PCs Desktop OS Version Identity Management Services Description Messaging Infrastructure Description BlackBerry Enterprise Service Unified Communications SharePoint Deployed/Version Anti-Malware Reverse Proxy/Forward Proxy OS Updates Services Software Batch Updates Windows 7 OS Image Deployment Tool Microsoft Data Protection Virtualization Management Service Desk Tool Additional Information

SEHA-G/RFP/18/2012

Page 90 of 103

5.

Corniche
1400 600 All Windows XP except 100 Windows 7 Active Directory Windows Server 2003 Exchange 2003 SP2, protected by Pure Message Installed Cisco IPT for Voice SharePoint 2010 Forefront Client Security No Web Publishing, Microsoft Threat Management Gateway (TMG) 2010 is used for Web Proxy. WSUS System Center Configurations Manager 2007 R2 SCCM Symantec BackupExec 2010 Hyper-V and Microsoft Virtual Server 2005 In-house developed application with basic functionalities 1 Branch offices, single data center, and total number of servers of 36 servers. Data center is connected to Etisalat MPLS cloud with 30Mbps connections

Number of Users & Mailboxes Number of PCs Desktop OS Version Identity Management Services Description Messaging Infrastructure Description BlackBerry Enterprise Service Communications SharePoint Deployed/Version Anti-Malware Reverse Proxy/Forward Proxy OS Updates Services Software Batch Updates Windows 7 OS Image Deployment Tool Microsoft Data Protection Virtualization Management Service Desk Tool Additional Information

SEHA-G/RFP/18/2012

Page 91 of 103

6.

Al-Rahba Hospital
1000 700 All Windows XP except 50 Windows 7 Active Directory Windows Server 2003 Exchange 2003 SP2 Installed Cisco IPT for Voice SharePoint 2007 Forefront Client Security No Web Publishing, BlueCoat is used for Web Proxy. WSUS System Center Configurations Manager 2007 R2 SCCM Symantec Network Backup 7.1 + Data Domain for Backup Deduplication VMware In-house developed application with basic functionalities 1 Branch offices, single data center, and total number of servers of 40 servers. Data center is connected to Etisalat MPLS cloud with 30Mbps connections

Number of Users & Mailboxes Number of PCs Desktop OS Version Identity Management Services Description Messaging Infrastructure Description BlackBerry Enterprise Service Communications SharePoint Deployed/Version Anti-Malware Reverse Proxy/Forward Proxy OS Updates Services Software Batch Updates Windows 7 OS Image Deployment Tool Microsoft Data Protection Virtualization Management Service Desk Tool Additional Information

SEHA-G/RFP/18/2012

Page 92 of 103

7.

Tawam Hospital
3000 1363 All Windows XP except 400 Windows 7 Active Directory Windows Server 2003 Exchange 2010 SP1, protected by Forefront for Exchange Installed Cisco IPT for Voice SharePoint 2010 Forefront Client Security No Web Publishing, BlueCoat is used for Web Proxy. WSUS System Center Configurations Manager 2007 R2 SCCM VERITAS Netbackup Hyper-V. No VMM In-house developed application with basic functionalities 6 Branch offices, single Datacenter. Datacenter is connected to Etisalat MPLS cloud with 30Mbps connections

Number of Users & Mailboxes Number of PCs Desktop OS Version Identity Management Services Description Messaging Infrastructure Description BlackBerry Enterprise Service Communications SharePoint Deployed/Version Anti-Malware Reverse Proxy/Forward Proxy OS Updates Services Software Batch Updates Windows 7 OS Image Deployment Tool Microsoft Data Protection Virtualization Management Service Desk Tool Additional Information

SEHA-G/RFP/18/2012

Page 93 of 103

8.

Al-Ain Hospital
2200 1190 Windows XP Active Directory Windows Server 2008 R2 Exchange 2010 SP2, protected by Sophos Email Appliance Installed Cisco IPT for Voice SharePoint 2007 Sophos 10 No Web Publishing, Sophos Appliance is used for Web Proxy. WSUS System Center Configurations Manager 2007 R2 SCCM also Ghost and Acronis are used to image the desktops. Symantec Backup Exec 2010 Hyper-V + SCVMM In-house developed application with basic functionalities 3 Branch offices, single Datacenter with 50 servers. Datacenter is connected to Etisalat MPLS cloud with 30Mbps connections

Number of Users & Mailboxes Number of PCs Desktop OS Version Identity Management Services Description Messaging Infrastructure Description BlackBerry Enterprise Service Communications SharePoint Deployed/Version Anti-Malware Reverse Proxy/Forward Proxy OS Updates Services Software Batch Updates Windows 7 OS Image Deployment Tool Microsoft Data Protection Virtualization Management Service Desk Tool Additional Information

SEHA-G/RFP/18/2012

Page 94 of 103

9.

Al-Mafraq Hospital
2700 2375 All Windows XP except 300 Windows 7 PCs Active Directory Windows Server 2008 R2 Exchange 2010 SP1 protected by Forefront for Exchange and FortiMail Installed Cisco IPT for Voice SharePoint 2007/2010 Symantec Endpoint Protection FortiGate is used for Web Publishing and Sophos Appliance is used for Web Proxy. WSUS System Center Configurations Manager 2007 R3 SCCM Symantec Net Backup and EMC Data Domain for Backup Deduplication VMware and Hyper-V BMC Remedy 3 Branch offices, single Datacenter with 60 servers. Datacenter is connected to Etisalat MPLS cloud with 30Mbps connections

Number of Users & Mailboxes Number of PCs Desktop OS Version Identity Management Services Description Messaging Infrastructure Description BlackBerry Enterprise Service Communications SharePoint Deployed/Version Anti-Malware Reverse Proxy/Forward Proxy OS Updates Services Software Batch Updates Windows 7 OS Image Deployment Tool Microsoft Data Protection Virtualization Management Service Desk Tool Additional Information

SEHA-G/RFP/18/2012

Page 95 of 103

10.

Al-Gharbia Hospitals
1300 1500 Windows XP Active Directory Windows Server 2008 R2 Exchange 2003 SP1 protected by Forefront Online Protection for Exchange Installed Lync 2010 SharePoint 2010 in progress Forefront Client Security No Web Publishing and ISA Server 2006 is used for Web Proxy. WSUS System Center Configurations Manager 2007 R2 SCCM Symantec Net Backup and Symantec Server Recovery 2010 Hyper-V Manage Engines Service Plus 8 Branch offices, single Datacenter with 60 servers. Datacenter is connected to Etisalat MPLS cloud with 30Mbps connections

Number of Users & Mailboxes Number of PCs Desktop OS Version Identity Management Services Description Messaging Infrastructure Description BlackBerry Enterprise Service Communications SharePoint Deployed/Version Anti-Malware Reverse Proxy/Forward Proxy OS Updates Services Software Batch Updates Windows 7 OS Image Deployment Tool Microsoft Data Protection Virtualization Management Service Desk Tool Additional Information

SEHA-G/RFP/18/2012

Page 96 of 103

3. Data Center Hardware Bill of Quantities (BoQ)

This section describes the hardware purchased by SEHA to populate its consolidated data center in support of the Shared Services Infrastructure initiative. Profiles A-D are sized to provide granularity of server capacities to suit specific and aggregated Business Entity needs. Profile A Quantity Role Processor Required Number of Processors Required Number of Processors Supported Memory Required Memory Supported Memory DIMM Slots Storage Controller Internal Drives Required Internal Drives Supported Network Controller Required Management Port SAN Connectivity Form Factor OS Support Power Supply Warranty 2 DFS & DHCP Cluster AMD Opteron Model 6180 SE (12 core, 2.5 GHz, 12MB L3, 105W ACP) 2 2 16 GB DDR3 Registered. Upgradable to 256 GB using same existing installed memory. 256 GB 24 1G FBWC Controller 2 x 146 GB 15K (SFF SAS) (16) SFF SAS/SATA/SSD or (6) LFF SAS/SATA 4 NICs 10 Gb Dedicated network port for full remote management functionality 2 HBAs 8-Gb 2U Rack Server Windows 2008 R2. No OS license required. Redundant power supplies 3 years on-site support including parts and labor. 4 hours response time. 24x7x365

SEHA-G/RFP/18/2012

Page 97 of 103

Quantity Role Processor Required Number of Processors Required Number of Processors Supported Memory Required Memory Supported Memory DIMM Slots Storage Controller Internal Drives Required Internal Drives Supported Network Controller Required Management Port SAN Connectivity Form Factor OS Support Power Supply Warranty

1 DC/DNS AMD Opteron Model 6180 SE (12 core, 2.5 GHz, 12MB L3, 105W ACP) 2 2 16 GB DDR3 Registered. Upgradable to 256 GB using same existing installed memory. 256 GB 24 1G FBWC Controller 2 x 146 GB 15K (SFF SAS) (16) SFF SAS/SATA/SSD or (6) LFF SAS/SATA 4 NICs 10 Gb Dedicated network port for full remote management functionality None 2U Rack Server Windows 2008 R2. No OS license required. Redundant power supplies 3 years on-site support including parts and labor. 4 hours response time. 24x7x365

SEHA-G/RFP/18/2012

Page 98 of 103

Profile B Quantity Role Processor Required Number of Processors Required Number of Processors Supported Memory Required Memory Supported Memory DIMM Slots Storage Controller Internal Drives Required Internal Drives Supported Network Controller Required Management Port SAN Connectivity Form Factor OS Support Power Supply Warranty 2 SQL Cluster AMD Opteron Model 6180 SE (12 core, 2.5 GHz, 12MB L3, 105W ACP) 2 2 64 GB DDR3 Registered. Upgradable to 256 GB using same existing installed memory. 256 GB 24 1G FBWC Controller 2 x 146 GB 15K (SFF SAS) (16) SFF SAS/SATA/SSD or (6) LFF SAS/SATA 4 NICs 10 Gb Dedicated network port for full remote management functionality 2 HBAs 8-Gb 2U Rack Server Windows 2008 R2. No OS license required. Redundant power supplies 3 years on-site support including parts and labor. 4 hours response time. 24x7x365

SEHA-G/RFP/18/2012

Page 99 of 103

Profile C Quantity Role Processor Required Number of Processors Required Number of Processors Supported Memory Required Memory Supported Memory DIMM Slots Storage Controller Internal Drives Required Internal Drives Supported 15 Hyper-V AMD Opteron Model 6180 SE (12 core, 2.5 GHz, 12MB L3, 105W ACP) 4 4 256 GB DDR3 Registered. Upgradable to 512 GB using same existing installed memory. 512 GB 48 1GB FBWC 2 x 300 GB 15K (SFF SAS) Up to eight (8) small form factor (SFF) SAS or SATA hot plug hard disk drives 3 X 10 Gb using fiber, must be compatible with below switch details: Nexus switch 48 Fixed 10GE Ports (N5K-C5596UP-FA), with SFP-10G-SR (10GBASE-SR SFP Module) for 10G servers connectivity using Fiber 4 X 1Gb using UTP, must be compatible with below switch details: N2K-C2248TP-1GE, 48x100/1000-T+4x10GE for 1Gig Server connectivity using UTP Dedicated network port for full remote management functionality 2 HBAs 8-Gb 4U Rack Server Windows 2008 R2. No OS license required. Redundant power supplies 3 years on-site support including parts and labor. 4 hours response time. 24x7x365

Network Controller Required

Management Port SAN Connectivity Form Factor OS Support Power Supply Warranty

SEHA-G/RFP/18/2012

Page 100 of 103

Profile D Quantity Role Processor Required Number of Processors Required Number of Processors Supported Memory Required Memory Supported Memory DIMM Slots Storage Controller Internal Drives Required Internal Drives Supported Network Controller Required Management Port SAN Connectivity Form Factor OS Support Power Supply Warranty SAN Storage Number of Drives Supported Number of Drives Required (450) SFF SAS or (240) LFF SAS 250 x 600 GB 6G 10K SFF Dual-port ENT SAS, 150,000 GB RAW space 146 GB 6G 15K SFF Dual-port SAS 300 GB 6G 10K SFF Dual-port SAS Drive Types Supported 450 GB 6G 10K SFF Dual-port ENT SAS 600 GB 6G 10K SFF Dual-port ENT SAS 300 GB 6G 15K LFF Dual-port ENT SAS 9 Hyper-V AMD Opteron Model 6180 SE (12 core, 2.5 GHz, 12MB L3, 105W ACP) 4 4 128 GB DDR3 Registered. Upgradable to 512 GB using same existing installed memory. 512 GB 48 1GB FBWC 8 x 300 GB 15K (SFF SAS) Up to eight (8) small form factor (SFF) SAS or SATA hot plug hard disk drives 4 NICs, 10Gb Dedicated network port for full remote management functionality None 4U Rack Server Windows 2008 R2. No OS license required. Redundant power supplies 3 years on-site support including parts and labor. 4 hours response time. 24x7x365

SEHA-G/RFP/18/2012

Page 101 of 103

450 GB 6G 15K LFF Dual-port ENT SAS 600 GB 6G 15K LFF Dual-port ENT SAS 500 GB 6G 7.2K SFF Dual-port MDL SAS 2 TB 6G 7.2K LFF Dual-port MDL SAS Capacity, Max Supported Host Interface SAN Switches Number of Disk Enclosures Supported Cache Storage Controllers 480 TB 4 FC host ports and 4 10Gb iSCSI/FCoE host ports 2 x SAN switches, 80 ports each, 48 active ports,8Gbps, with all related SFPs and cables Up to 18 are supported using 450 SFF Drives. Up to 20 are supported using 240 SFF Drives. 8 GB 2 x HSV360 HP-UX HP OpenVMS Linux Sun Solaris Supported Operating Systems Windows Server 2003 Windows Server 2008 VMware IBM AIX Apple Mac OS X Xen Warranty Tape Library Drive Type Number of Tape Drives Number of Cartridge Slots Capacity Transfer Rate Host Interface Form Factor LTO-5 Ultrium 3280 4 96 288 TB compressed 2:1, 144 TB Native 2.0 TB/hr compressed 2:1 8 Gb Fiber Channel 8U 3 years on-site support including parts and labor. 4 hours response time. 24x7x365

SEHA-G/RFP/18/2012

Page 102 of 103

Management Port Backup Software Warranty D2D Backup Form Factor Total Capacity (Raw) Total Capacity (Useable) Disk Drive Capacity, Type Number of Disk Drives Performance Device Interface Software Warranty

Dedicated network port for full remote management functionality Must include all required backup software licenses 3 years on-site support including parts and labor. 4 hours response time. 24x7x365

4U Up to 96 TB Up to 72 TB 2 TB, SAS 7200rpm, 3.5-inch 12x 4 4TB/hr (1100 MB/s) 2 x 8 Gb Fiber Channel and 2 x 10 Gb iSCSI Must include all required software licenses 3 years on-site support including parts and labor. 4 hours response time. 24x7x365

Racks Number of rack cabinets is to be confirmed. 42U racks, each with all suitable accessories ( such as redundant PDUs, Cables, KVM Switches, LCD Monitor/Keyboardetc. )

SEHA-G/RFP/18/2012

Page 103 of 103