Summary: The requires support to design, install, configure, and train for a network Cisco Identity Service Engine (ISE) software upgrade from v2.0 to v3.0.0 for Hurlburt Field, Florida. The existing routers, switches, firewalls, wireless networks and wireless LAN controllers (WLC) shall be used as part of this solution. This Statement of Work (SOW) outlines engineering services to install and configure existing government-owned Cisco ISE on the existing government-owned hardware with a level of understanding in accordance with industry best practices and DoD security requirements. 2. Requirements/Existing Equipment. The engineering and operations teams plan to use Cisco-based ISE software for a network solution that will provide security at the network edge. Layer 2/3 routing and switching infrastructure exists at the access and distribution layers. A high-density wireless LAN solution is also in place. Requirements: – Wired devices to switches will be required to use 802.1x certificates. – All devices connected to wireless access points (WAP) will require 802.1x certificates. – Non Transport Layer Security (TLS) devices may use MAC Address Bypass (MAB) authentication in place of 802.1x certificates. – Terminal Access Controller Access-Control System (TACACS) is required for network devices. – Common Access Card (CAC) usage is required on wired devices. Assist with client posture and profiles, if necessary, according to best practices. Existing Network Equipment: – Approximately 60 Cisco network switches – 3560, 3850, 9200, 9300, 9500, N9K – 145 Cisco WAPs – 9120-AXI, AIR-3702, AIR-3800 – Three Cisco 9800 WLCs – 5 Cisco routers – ASR4331, ASR1001-X – ASA devices Cisco – ASA1010, FPR2110, – Forcepoint SideWinder firewall (VMware) – Approximately 5,000 Apple iPads (aka Electronic Flight Books [EFB]) controlled by a mobile device manager (MDM) – Approximately 100 Dell and HP laptops and desktops 3. The Government will be responsible for and provide the following: – Documentation/network topology as needed. – Device configuration as needed. – Access to equipment, server(s), located in a secure area – Proper power feeds to all equipment from UPS or separate electrical outlet within the required range of the equipment. – Necessary path cables. – Access to existing network infrastructure associated with Guest Wireless Network. – Internet circuits are terminated and functioning properly. 4. The vendor/contractor engineering team will be responsible for and provide the following: – Device configuration on up to 5 of each type of hardware (see above) with configuration guides to the remaining devices. – Coordination of the implementation of the software installation to limit downtime during transition to the new gear and design. – Successful testing: o TACACS configuration o 802.1x TLS EAPoL on switches (5 switches + 3 WLCs) o 802.1x TLS (wireless) on WLC o 802.1x User/Password o Windows User Authentication (wired) deployment via Group Policy Objective (GPO) and CAC o Windows User Authentication (Wi-Fi) deployment via GPO and CAC o Mobile device Authentication (Wi-Fi) deployment via MDM platform o LAN Printer Authentication (wired) Manual certificate deployment o Templates for the above – Training up to 16 hours to include: o Management Console o Administrative functions o Best practices o Reporting o Documentation of new configurations o Walk through of configurations o Basic troubleshooting information – Creation of as-built documentation with updated diagrams and build information to include system design files, IP addressing, device names, and software versions. 5. Project schedule will be provided within ten (10) days of receipt of purchase order or signed contract. This schedule includes client milestones, design, configuration, on-site work, and customer training and is based on the assumptions listed above.
Vehicle: IT 70
RFP release date: 8/31/2021
Proposal due date: 9/10/2021
Related Attachments: