Network Computing is a technology magazine covering the enterprise and service
provider network market. We focuses on product testing and workshops in the form
of comparative reviews, Sneak Previews and technology workshops. Our editorial
staff comprises highly technical and nontechnical users. Our staff resides in
several states, and the bulk of our work is performed online via e-mail, file
transfers and Web applications. Some of our technology editors also use
Microsoft Windows and X Window applications remotely.
Network Computing is moving to enable its mobile-technology editors to have
secure, reliable access from remote locations. The Network Computing labs are
distributed across the country, and we have several contributing editors on
external networks. In addition, our editors often work from home or from other
remote locations when traveling on business. We use a series of ad hoc methods
for remote access, mostly through unsecured dial-up networks. Full-time Network
Computing personnel use local access providers when not in the office, and when
traveling they use corporate accounts with AT&T dial-up. Network Computing has a
fledgling Web-based intranet that all editors access on a regular basis, as well
as e-mail. The e-mail system is both Web-based over SSL as well as POP3 and IMAP
over SSL. All other applications travel over the Internet in the clear, and that
is unacceptable.
The Mission
Our goal is to provide seamless access for our editorial staffers to Network
Computing applications regardless of their connectivity or origin. Many
applications are Web-based. However, some are Windows 32-bit apps. All network
applications are IP-based. Network Computing has a fairly fluid environment and
we need support for existing applications, as well as temporary access for
applications used in testing. We are consolidating our user management to a
directory structure, however, that is an ongoing project. We have user databases
on Windows NT 4.0, NDS and Unix passwords. Any of these user databases may be
used to authenticate users. Each lab manages its own authentication server, and
there are no trust relationships established.
We don't want to support software running on end-user computers, so a support
line needs to be available for users regardless of where they are calling from.
For the most part, our users are in the continental United States. We
occasionally travel out of the country, so international support is a plus but
not a requirement.
Technical issues to be solved:
• Many of our users reside behind NAT'd networks or have to get pass-through
firewalls when traveling. We can't dictate firewall changes; the solution
considered must be able to work around this (or please document your
limitations).
• We have users running various versions of Windows, Linux and MacOS, all of
which must be supported.
• We can't recompile binary applications to add dynamically linked libraries
that support secure transport.
• Only the applications we wish to support must be secured end-to-end. All other
Internet access can travel from the local desktop to the Internet.
• If CPE equipment is required, we will need to know in advance the
product-infrastructure requirements.
• Many of our labs maintain separate user-authentication databases. Leveraging
the existing databases would be ideal, however, we will consider alternatives
such as hosting the remote user credentials externally.
To aid us in evaluating this RFP, we will need the following information:
• A detailed description of the NOC, specifically regarding redundant systems
and failover policies. Statements of opinion from third-party auditors would be
helpful in this regard.
• Written assurance that the service is managed in a secure and responsible
manner and in keeping with industry best practices.
• A description of support levels available, including escalation procedures and
the associated costs.
• Service-level agreements pertaining to service availability and support times.
In addition, we need a description of remediation in the event of SLA violation.
• A listing of the certifications technicians have or are actively working
towards and a percentage of the workforce with certifications.
• Pricing broken out by fixed and variable costs on a periodic basis. Please
provide pricing denoting initial installation price and on-going costs for a
user base of 1,000.
• Pricing should include the costs for service modifications, user additions and
deletions, and other ancillary costs.
We will be testing each service without applications for one week per service so
we can evaluate the impact of the service. We will make our technicians
available to support the installation of the service and get end users up to
speed. Since the bulk of our users are remote, we will not be able to bring them
together for a joint training session. Initial user configuration must support
our distributed model.
RSS
