· Web viewHow have you handled training for a large software rollout on the ... (ie Cisco Unity,...

[Internal note – numbering in Column 1 to be redone after Legal approves – Start with Number #2 as #1 has already been posted

Q&A document posted for procurement RFQ 16-19 - Cloud Email, Communications, Collaboration, and Productivity Suite Services (Software-as-a-Service) on the following statewide contracts: I ITS19 (Oracle), ITS41designatedITD (IBM); ITS53 (solutions providers and technical specialists); and ITS58 (software publishers willing to provide software as a service (“SaaS”) through statewide contract ITS58 (software resellers)).

Questions & Answers, Posted November 17, 2015

This document contains MassIT’s responses to questions submitted via CommBuys to MassIT’s RFQ 16-19 (Bid number 5719) through the deadline posted on CommBuys. Important Notes:

Questions have been sorted by category and merged where duplicates appear; the second column contains the original question number(s).

Some questions have been deleted as irrelevant to the Pilot envisioned in this RFQ. MassIT is currently evaluating responses to a separate procurement, RFQ/RFR 16-09 (CommBuys Bid numbers 5598, 5599 and

5601), whose aim is to inventory and plan a consolidation of two Active Directory environments, respectively in MassIT and the Department of Revenue (DOR). The Q&A for that procurement is included in this document below, beginning at page X. MassIT has determined that answers to appropriate questions on Active Directory, existing domains, forests, sites and objects are included in those answers. We have not included separate answers in the Q&A for this procurement, RFQ 16-19.

Q&A RFQ 16-19 Email, Communications, Collaboration, and Productivity Suite Services SaaSSort

Sequence

Original # Category Question Answer

1 108 3rd party applications What 3rd party applications have you implemented relying on Exchange servers aside from the ones specified as priority in RFQ?

NA for pilot project.

2 97 Access control/permissions

Describe mailbox permissions requirements? Are permissions/delegations used heavily in your environment? Folder Level Permissions in Outlook?

Delegation is heavily used throughout the Commonwealth. Folder level permissions are sometimes used.

3 MULTIPLE

Active Directory Answers to all questions on Active Directory deemed appropriate by MassIT for this procurement are included in table below containing answers posted for RFQ/RFR


Sequence


16-09, a concurrent procurement.22 39 Active Directory

ForestsAre the AD Forests that contain the 5300 accounts integrated into the primary forest through directory replication or maintained separately? Please elaborate. If there is active co-existence can you detail that solution?

See table for RFQ/R 16-09 below.

18 90 Active Sync Does the state have any ActiveSync restrictions? If restrictions are in place, can you describe how they were implemented?

We use native Exchange tools to manage ActiveSync devices. We have limited restrictions (we require a password). We will be using Airwatch MDM in the future.

19 71 – 73 AD Architecture Is the State in the process of, or anticipate being in the process of any:

On-Premises Exchange Network Active Directory Upgrades, Schema Extensions, Consolidations or Migrations Storage Integrated Application

during the timeframe of this project?

Development of MassIT’s capacity and configurations is ongoing . RFQ 16-09, a separate procurement, envisions planning for an AD consolidation in the near term future. Responding vendors should be able to accommodate changes in user groups / AD structure and/or network configurations, as well as the addition of applications and object interrelationships as they occur.

24 105 Address Books How many Address Books exist in Exchange? Default only

25 162 Adoption (Users) How many training locations and where are they? For end users involved in the pilot, fewer than 5 locations. For the MassIT administrators, the Mass. Information Technology Center (MITC) in Chelsea, and MassIT at Ashburton Place in Boston.

27 164 Adoption (Users) Do they currently have an Executive Sponsor identified for the project?

Yes

29 166 Adoption (Users) How have you handled training for a large software rollout on the past?

Agency- or project-specific.

31 168 Adoption (Users) Is there a formal training department within your organization?

No.


Sequence


32 169 Adoption (Users) Is there a designated training room that could be used for onsite training? If so what is the capacity?

None for MassIT.

36 173 Archives Do you require archived data to be migrated for any users? In choosing users to participate in the pilot, MassIT will only pick users who are employed by agencies that are not currently using an email archive other than informal archiving of emails using .pst files. We will not require migration of pilot user .pst files to the cloud solution. However, the winning bidder must propose a means by which pilot users can access all of their pre-existing emails, in the form of .pst files, without losing any of their current functionality including the ability to create .pst files and move items from their mailboxes to such files. l

23 104 Archives/Add-Ons Have you deployed or do you expect to deploy any custom mail client add-ons?

SourceOne, which is a dedicated central archive.

38 126 Attachment policies Do you have an attachment size policy in place? If yes what is it for internal vs external emails?

15MB

39 93 Authentication Do users currently use their Windows credentials to sign in to their mailbox or do you use a different solution such as ADFS?

Windows credentials

40 175 Auto-Discover Do you currently allow auto-discover access outside of your corporate network?

Yes

41 102 Bandwidth What is your current internet bandwidth? 2Gb/s, with step-up as required.

42 103 Bandwidth What is your current "available" internet bandwidth? typically >500Mb/s

43 225 Bidder Evaluation/ Qualification

Do the ‘service provider’ (aka Microsoft with O365) and the bidder need to be ISO 20001, 27001 and 27002 certified? Or does the Commonwealth expect only the service provider to be certified?

Different qualifications required of bidders in the table set forth in section IV can be met by different members of the integrator/cloud provider team:


Sequence


Part A, Bidder certifications and affiliates, need only be met by the cloud provider.

Part B, company experience, must be met by both the integrator and the cloud provider.

Part C need only be met by the integrator.

The References section, which was inadvertently not labelled (and if labelled would have been part D) need only be met by the integrator.


If a Bidder is acting as systems integrator, must it enter a CJIS Agreement with the Commonwealth, or is the fact that Microsoft (i.e., the service provider) has signed a CJIS Agreement sufficient?

Only the cloud provider need enter a CJIS agreement.


Can a Bidder suggest modifications to the Commonwealth’s Standard Contract Form or is it expected to sign it as-is? The wording on page 18 of the RFQ suggests that Bidder must execute and return the Standard Contract Form to the Commonwealth as part of its RFQ response. Is this correct or is this a document that the Commonwealth would expect Bidder to sign after Bidder’s proposal has been chosen and accepted?

The Commonwealth’s Standard Contract Form must be signed as is and included in the bid. The “blanks” in the Standard Contract Form will be filled in by mutual agreement of the parties during and after the negotiation.


Are the Commonwealth Terms and Conditions another name for the Commonwealth’s Standard Contract Form or are they separate? If the latter, where can a bidder locate the Commonwealth Terms and Conditions?

No. There are two different documents, the Commonwealth’s Standard Terms and Conditions and the Commonwealth’s Standard Contract Form. Both documents are available at: http://www.mass.gov/anf/budget-taxes-and-procurement/oversight-agencies/osd/osd-forms.html explain two different docs

http://www.mass.gov/anf/budget-taxes-and-procurement/oversight-agencies/osd/osd-forms.html




Sequence



Are both primary and subcontractor expected to comply with all rules and regulations required in the RFQ or is it sufficient that they comply with the regulations together as one entity?

This question is impossible to answer in the abstract. Some rules, by their nature, can only be complied with by the integrator, others by the cloud provider, and yet others can and must be complied with by both. For example, FedRAMP requirements will only apply to the cloud provider. See 225 above for further information.

48 118 Blackout dates Are there any blackout periods when migrations cannot occur?

No PST migrations are expected; MassIT will migrate all pre-existing emails of pilot users to .pst files prior to the migration of their mailboxes to the cloud. Pilot users will be migrated from MassIT’s on-premises MassMail solution to the cloud. MassIT does have a change freeze around the calendar year-end holidays.

49 1 Build versus Buy Is there a budget and timeline? Does the vendor provide the product/solution as well as the staff for implementation and training for this solution?

The budget limit is specified in the RFQ. The bidder should supply a complete solution with flexibility responsive to planning. We would like to have this completed as quickly as possible

50 21 Central Requirement What qualifies as 'Central Requirement' on page 20 of RFQ document?

A “central requirement” is a feature or function without which an application, service, element of hardware or software will not be able to do its work.

51 100 & 107

Clients What percentage of MassIT's user population are currently utilizing Mac OS?

<1%

53 80 Coexistence Is there any coexistence between messaging systems? Either for shared SMTP Namespace or Federation.

Shared SMTP Namespace, routing, hygiene.

54 2 Complete Solution acceptance

Please confirm MassIT’s willingness to accept bids for and purchase the complete Solution (as defined in the RFQ)

MassIT will accept bids from bidders on any of the identified statewide contracts, with


Sequence


from Eligible Bidders through the listed statewide contracts, notwithstanding identified specialties or restrictions that might otherwise limit portions of the Solution in those contract.

the understanding that certain statewide contracts will require MassIT to procure the bidder’s recommended solution or services through a second contract. For instance, RFRITS53 does not permit vendors on that contract to sell SaaS. If the winning bidder is an ITS53 vendor, MassIT will have to acquire the SaaS solution through ITS58, the statewide reseller contract.

Regardless of whether MassIT needs to use a second contract to acquire goods or services recommended by the winning bidder, the winning bidder will be responsible for the performance of all vendors recommended by it as part of the total solution.

55 106 Conference Rooms Are you using Conference Rooms? Yes

56A Current Environment The Exhibit diagram shows E2K7/E2K10 CAS servers. Have all of CAS servers been upgraded to E2K13 already? No.

56B

Are the E2K13 CAS Servers multi-role CAS/Mailbox, or have E2K13 mailbox servers been deployed [needed for Public Folder Migration] ? Multi-role

56C

Have the AutoDiscover and OWA and Offline Address Book (OAB) been migrated to the E2K13 CAS servers? [needed for OWA redirection and Outlook configuration] Yes

56D

Approximately what % of users will have been migrated from MassMail E2K7 to E2K13 by the projected start date of March, 2016? ? 25%

56E

How many TB of email are stored in MassMail E2K7 and E2K13? ? How many TB of Public Folder storage is being used for the 3100+ Public Folders?

NA – to be researched and provided to selected vendor as appropriate.


Sequence


57A Current Environment Are dynamic distribution lists used? Approximately how many of the 7,000 DLs are dynamic?

Yes. <100

57BApproximately how many users will access the new mail platform from Outlook 2007? Unknown

57CWhat software is used as an application proxy for OWA to MassMail? None

57DWhat hardware load-balancers are used within the Exchange Environment? NA

57EWhat software is used to deploy Office to workstations today? varies by agency

57FWill Windows XP workstations access Office 365 [requires Chrome/Firefox browsers]? unknown, but possible

57G

Is unified messaging (ie Cisco Unity, Avaya) currently being used within MassMail? If so, do UM dial plans need to be configured? No

57H

How many AD Forests does the Commonwealth have with user accounts that have MassMail mailboxes to be migrated? One

158 Pilot/Future Environment

Is upgrading Office to 2016 Office Pro Plus part of this Pilot engagement? If Office 365 is chosen, will Massachusetts choose E3, E4, or E5 SKUs?

MassIT expects the bidder to provide us with these recommendations.

59 176 Data size How much data is currently on mail system(s)? (Estimate) ~13 TB.

60 96 Distribution Groups Do you currently make use of Distribution groups, Dynamic Distribution Groups, Query Based distribution groups, etc.

Yes.

61 131 Distribution Groups How are distribution lists managed (e.g., Membership, Requiring authentication, delivery management?)?

Varies by agency.

62 132 Distribution Groups Do you allow end-users to manage distribution lists they own directly using the Outlook client (in Address Book)?

Yes

63 133 Distribution Groups Do you have a requirement for the manual creation of mailing lists using administrative tools? Generally, in a

This functionality should match what we currently have in place with Exchange.


Sequence


federated environment (SSO and directory synchronization) distribution lists are managed in the on-premises environment. Is there a requirement for synchronized distribution lists and distribution lists that exist solely in the cloud?

64 83 DNS What DNS configuration does MassIT currently make use of, i.e. Split Brain, Single Label, Zone Transfer, etc.?

Split Brain

65 99 DNS Does MASSIT maintain ownership and delegation control of every SMTP domain in the organization?

Yes

66 177 Double Relay Do you have a requirement to allow a mail relay server to route traffic to another mail relay server which in turn delivers that email to the target email address?

No

67 13 Duration of Pilot What is the duration of the pilot? (How long would the pilot be running for?).

Because MassIT is amending the RFQ to indicate that the initial term of the contract will be 1 year, the duration of the pilot will be no longer than one year. The first pilot mailboxes must go live no later than by June 1, 2016.

69 178 Dynamic Distribution Groups

Do you have nested Dynamic Distribution lists? No

70 58 Electronic Faxing Please elaborate on Biscom software integration with Outlook client. Is it only Outlook client side integration or server side?

Not integrated with Exchange servers. Uses SMTP and queries AD for user information.

71 59 Electronic Faxing We suggest to migrate up to 1,500 users as part of the Pilot implementation. Is MassIT acceptable to this?

Yes, but subject to and limited by the Price Cap

72 109 & 110

Email Access How do users access their mailboxes internally/remotely? Outlook, OWA, Active-sync, and VPN with remote desktop access.

74 122 Email systems Can you clarify what is/are the non-MassMail email systems?

MassIT is unsure what information you need or why it is relevant.

75 50 EMC Source One Which of these functionalities will MassIT require for users in Exchange online?1. Provide users with automated permanent historical

archiving,1.We are not piloting users who are

currently on any archiving system other


Sequence


2. Provide users with automated permanent journaling ?3. Provide users with recall of email messages with

stubbed attachments?4. Provide users with centralization of .pst files through an

ingestion process5. Has any of the above functionality been evaluated with

Exchange Online?

than informal use of PSTs. We expect users of the cloud email system to be able to access their .pst files, and to create, access and use their PST file folders, as they do today. However, MassIT expects the winning bidder to work with MassIT, via a conference room pilot, a laboratory exercise, or some other experimental method, to determine how the Commonwealth’s SourceOne archive can be integrated, in a manner seamless to users, with the cloud email solution. .

2.Journaling for 120 days.

3.The pilot users will not be at agencies that have implemented the SourceOne archive, so they will not need messages with stubbed attachments. However, in the experimental environment described in the first bullet above, we expect the winning bidder to demonstrate how the Commonwealth’s SourceOne solution can be integrated, in a manner seamless to users, with the cloud email solution. .

4.No.5.No.

76 48 Encryption/DLP Are there any other mechanisms other than Secure mail responsible for encryption or DLP functionality.

No


Sequence


77 94 End users Can you refer to what types of self-administration options do customers currently have with their respective Exchange organization? Self Service Password Reset? Group Management?

None. (However, this is agency specific)

78 134 End users self service

Do users have self-services options to perform tasks such as resetting their domain password and/or perhaps modifying membership for distribution lists?

Passwords can be changed through OWA with Exchange 2013. Any other options, if any, are agency specific. We do allow DL modification through Outlook.

81 85 Exchange Do you make use of linked mailbox in your Exchange organization?

Yes

82 91 Exchange Federation Does the state currently make use of Exchange federation with any other federated Exchange organizations?

We have ADFS enabled but it is not in use.

83 84 Exchange segregation

Are MassIT’s ~58,000 users in a single Exchange Organization with different Exchange versions?

No. Approximately 40,000 mailboxes are within a single Exchange Organization. The rest are currently not managed by MassIT and are not in scope for the pilot.

85 63 & 64 Executive Department MassMail users

It is not clear if Executive Department MassMail users represent entire pilot or they are just part of pilot. Please clarify this statement: "Conduct a PILOT, for a limited number of Executive Department MassMail users"?

All of the pilot users will likely be at 1 agency. The number of users will be driven both by the requirement that we have sufficient users to show success in the pilot and the requirement that the project operate within the Price Cap.

86 82 GAL Segmentation Does MassIT have a requirement to create multiple Address List that allow specific users to only see a subset of other users in the GAL (Global Address list)?

Yes, there are currently 100+ address lists in our environment.

87 46 Global Address List/ Calendar Sharing

Will this be a requirement between Office 365 and non-MassMail agencies?

Yes

88 43 Hosted Mailbox Can MassIT provide additional information around hosted 17,000 non-MassMail mailboxes and their relevance to the Pilot implementation? Example: Access and mail-flow requirements.

The only significance of these non-MassMail mailboxes is that each of them be visible in the GAL; otherwise they have no relevance to this pilot.


Sequence


89 117 Identity provisioning Does MassIT have a central tool to automate user account provisioning (e.g. issuing new accounts, changing passwords, synchronizing permissions, enabling access to business applications?

No. This is decentralized.

91 67 Interoperability Is MassIT ready to perform any integration work required specifically on desktop level (if any) or will prefer Bidder to take on this task?

Vendor should be prepared to do all work.

92 179 IT operations IT operations distributed or centralized? E.g. decisions made by central IT group or by multiple IT groups?

Distributed

90 73031

Individual vs team qualifications

Mandatory Requirement C. states that ALL staff must have the listed experience and qualifications. Does this mean the each person on the team must have every experience and qualification listed? Or can the team as a whole possess the experiences and qualifications as combined from all the team members?

Please see the answer to question 225 above.

95 152 Journaling Approximately how many journaling endpoints are being used today? To clarify, how many journaling target addresses are being used today to collect journal reports?

6

96 121 LDAP Is there a Smart Host involved that can do LDAP look-ups? Active Directory

97 148 List Server Does it only perform outbound sending functionality or also inbound receiving?

Outbound sending

98 98 Locations of supporting resources

At the MassIT Bidders Conference on 10/21/2015 for RFR 16-21 IaaS/PaaS, MassIT Legal Counsel Linda Hamel stated in response to a question that resources supporting the IaaS/PaaS environments could be located outside the United States, while the environments themselves must be within the continental US. I recognize that these are two different solicitations, however, would it be possible to clarify if Attorney Hamel’s position on RFR 16-21 would also apply to this solicitation as well?

MassIT requires that all customer data remain in the US. MassIT recognizes that there are many employee roles entailed in the delivery of cloud services. The concern about Bidder resource locations relates to data access. All individuals delivering or supporting the Bidder’s services who will have access to data must be located in the US. For example, a technical support person who is involved with service troubleshooting on a cloud email solution


Sequence


and has access to sensitive data would have to be located in the US. However, someone in a Technical Support role who does not have access to or ‘touch’ any data, may work outside of the U.S.

MassIT expects that bidders’ responses will describe all roles involved in delivering the proposed services, their locations through the daily cycle and their respective access to data.

99 141 Logon Names Do users User Principal Names (UPN) values match their primary SMTP address?

No

100 142 Logon Names Do you currently make use of non-routable UPN suffixes across any of the MassIT active directory environment (Example: contoso.local, contoso.corp)

Yes

125 53 Lync What version of Lync is currently implemented? 2013

126 54 Lync How many servers and what roles implemented? NA

127 55 Lync Is two-factor authentication enabled? No

128 56 Lync How is external access being controlled? NA

101 180 Lync Do you have any business partner(s) with whom you would like to federate so they can see your presence?

No

102 181 Lync Do you have a full SQL 2008 or 2012 instance On-Premises?

Yes

103 182 Lync Do you have a separate dedicated SQL back-end for Lync?

Yes

104 183 Lync Do you have a High Availability (HA)? Yes


Sequence


105 184 Lync Do you have a Monitoring and/or Archiving solution for Lync?

We have Monitoring, not Archiving.

106 185 Lync Do you have Lync Mobility? Yes

107 186 Lync For Lync Enterprise Voice (VoIP) No

108 187 Lync If Exchange 2010 or 2013, is Unified Messaging enabled? No

109 188 Lync Define current & future sip addressing strategy? If relevant to this pilot, MassIT would ask the bidder to provide a best practices strategy.

110 88 Mail flow / security Do you restrict email communication to external recipients? Not at the current time.

111 86 Mail routing Are there any mail-user/contact objects in your Exchange organization to allow routing to the other Exchange organizations? If so, were they added manually or programmatically?

Yes – programmatic

112 189 Mailbox size What is the approximate total/average mailbox size of mailboxes to be migrated in the entire organization

Average mailbox size is unknown but estimated at 500MB

113 4 Mailbox size range For the existing mailboxes associated with the potential user group for the pilot, please provide mailbox size range (smallest to largest) and the average mailbox size.

TBD

114 69 Managing the Infrastructure

Will MassIT provision infrastructure for the purposes of Pilot and for the duration of the Pilot or MassIT expects Bidder to manage it? Example: Directory Synchronization, Active Directory Federation Services, additional Exchange (Hybrid) servers etc.?

MassIT is currently unaware of any infrastructure that is required for this project.

115 16 Mandatory Service Requirements

What are the mandatory services requirements? Please describe characteristic of a mandatory services requirements.

Mandatory requirements include those requirements in an RFP that, if not met, will disqualify a vendor from consideration.


Sequence


116 35 MassMail As per Current environment information MassMail is being transitioned from Exchange 2007 to Exchange 2013. When is the transition scheduled to be completed?

Jun-16

117 36 MassMail As per Current environment information MassMail is being transitioned from Exchange 2007 to Exchange 2013. Is MassIT planning to decommission any of Exchange 2007 servers as part of transition to Exchange 2013.

Yes

118 143 Message Hygiene Are there any anti-spam rules currently in place to QUARANTINE low-confidence and/or high confidence spam messages?

Yes

119 144 Message Hygiene Do you currently make use of a quarantined spam messages or are all spam message currently routing to a user's 'junk mail' folder?

Quarantine.

120 145 Message Hygiene If quarantine is utilized, do users have self-service options to manage their own quarantine?

No

121 124 Message size What is the current message receive size restriction if different from default?

15 MB

123 79 Messaging systems/Domain Names

Are there any other separate mail systems (i.e. Exchange, Lotus Notes, Groupwise) currently using a shared SMTP domain name across the separate mail platforms?

Yes

124 147 Microsoft Azure Are there any objections by MassIT to a solution based on Microsoft's cloud-based Windows Azure service?

If the proposed solution meets the requirements of the RFQ, we will consider it.

129 119 Migration timelines What are the available windows for email migrations? Evenings? Weekends? Between which times each day?

After business hours

130 41 Mobile Device Management

Is MassIT planning to keep AirWatch long term? Yes


Sequence


131 75 Network Infrastructure

Does MassIT currently make use of Global Load Balancer/ Global Traffic Manager appliances in current environments? If so, what kind?

Not in the Exchange Environment

132 76 Network Infrastructure

Does the state currently have existing hardware load balancer solution? What is currently in use?

Yes

133 194 Network management

Do you outsource your network management? The WAN is not outsourced but for some agencies the constituent LANS are.

134 101 Networking How is your network configured? Do you have any MPLS? The network is complex. We do utilise MPLS.

135 190 Networking Do you use Network Address Translation of Network IPs by each SMTP Domain?

No

136 191 Networking Are there WAN optimization devices in use? If so, where and what are they?

No

137 6 Office 365 licensing Does MassIT already have an Enterprise License Agreement with Microsoft that covers Office 365 Government licenses? Should the bidder include Office 365 licensing in the scope of the pilot?

There is no current EA with Microsoft that includes cloud services. The Bidder must include Office 365 licensing in the scope of the pilot

138 192 Office 365 tenant Do you already have Office 365? If you have Office 365, what is the name of default domain?

Yes, a pilot environment

139 193 Office 365 tenant If a tenant already exists, was it established under your Enterprise Agreement with Microsoft?

No

140 15 One Drive Who will be responsible for working on OneDrive, etc ? Can you describe the skill set for those people, so we can determine resources during the integration to these solutions.

TBD – No.

142 200 OneDrive How do users connect to their data? File shares/Windows Explorer, Web portals?

Primarily file shares though as stated in the RFQ we will be using OneDrive/SharePoint as a cloud file.

143 201 OneDrive What is the total content size of your data to be moved to OneDrive?

TBD


Sequence


144 202 OneDrive What percentage of your content is shared externally (with users not managed by your directory services)?

Unknown

145 203 OneDrive Please describe briefly about the layout of your folders or collaboration points. How many shares are present, how many of them are used for external collaboration? How are permissions managed?

Unknown and agency-specific.

146 204 OneDrive How many folders in your shares contain more than 5000 items?

Unknown

147 205 OneDrive Does your organization employ data loss prevention and information rights management

No

148 206 OneDrive How many files and folders path length exceed greater than 260 characters?

Unknown

149 207 OneDrive What custom solutions is your organization using to manage files and collaboration?

Probably none, though this is agency specific.

150 208 OneDrive Please fill out if there is any other additional information that you would like to share.

None.

151 199 Outlook Do users access Outlook mostly via domain-joined computers or workgroup computers?

Yes

152 87 Outlook anywhere Do you allow users to use Outlook both internally and externally? To clarify, do you allow Outlook anywhere connections Externally for Exchange users? If restrictions are in place, can you describe how they were implemented?

Yes

153 140 Outlook OST files If cached mode is utilized with Outlook clients, how are OST's stored relative to where Outlook application is running? To clarify, is it stored locally or on a shared drive?

Locally

154 89 Outlook Web Access Does the state have any OWA restrictions for Exchange users? If restrictions are in place, can you describe how they were implemented?

No

155 62 Pilot Are there parallel Pilots running evaluating other platforms? Both Application and Infrastructure.

No


Sequence


156 60 Pilot cap How many agencies to be included in the Pilot? This is still being determined but ideally we will keep this to one agency.

157 61 Pilot cap How many AD Forests to be included in the pilot? One

158A 10 Pilot/Future Environment

Is upgrading Office to 2016 Office Pro Plus part of this Pilot engagement?

If Office 365 is chosen, will Massachusetts choose E3, E4, or E5 SKUs?

Does the Pilot Cap of $552,572 less 10% change orders include the subscription cost of the software?

If so, for how many years?

NA – Bidder should propose the best solution.

NA – as above.

Yes

One year.

158B 10 Pilot/Future Environment

There is a requirement to specify how many users can be configured/migrated within the Cap of $552,572 (less 10% change orders). The RFP also says that the bidder will specify the number of users for the Pilot.Does the Commonwealth want a single bid for the Pilot Cap that specifies the number of users migrated, or a bid for a ‘standard’ pilot? (ie 1,000 users) at a cost lower than the cap, with a projection of the number of users migrated within the cap?

User estimates were provided as a guide to bidders. The Commonwealth requires the most cost-efficient solution that does not exceed the Price Cap. Either of the approaches proposed in this question could work.

159 11 Pilot/Future Environment

1. Will Skype Voice (PBX integration) or Skype Online Voice (Cloud-based PBX) be implemented as part of the pilot?

2. Is a Lync Hybrid Migration or Cutover migration desired?

3. EMC Source One email stubs (shortcuts) will not migrate to Office 365. Will the Commonwealth restore those shortcuts prior to mailbox migration or should that be included in the services?

4. ProofPoint, EMC Source One, and AirWatch have to be configured to work with Office 365. Will the Commonwealth configure those applications with Vendor guidance, or should that be included in the

1. No2. Bidder should propose the best

solution, but the pilot agency or agencies might not be Lync users.

3. Pilot users will not have stubs, but, through the experimental process described in the answer to question 50 above, the winning bidder must demonstrate that its proposed cloud solution can work, in a manner seamless to the user, with the Commonwealth’s SourceOne solution. Therefore, the winning bidder must


Sequence


services?5. Does the Commonwealth wish to deploy single sign-

on capabilities for messaging and IM [Active Directory Federation Services]?

show that its solution will support the use of the stubs required by SourceOne

4. The winning bidder must demonstrate, through the experimental process described in the answer to question 50 above, that SourceOne can be configured to work with its proposed cloud email solution.

5. Yes

160 195 PKI and Certificates Are SSL certificates in use on existing servers (Lync, web, SharePoint, etc...)?

Yes

161 196 PKI and Certificates Are SAN certificates in use? Yes

162 197 PKI and Certificates Are certificates home-grown or purchased from a CA? Depends on the certificate

163 198 PKI and Certificates Is there an internal Public Key Infrastructure in the environment?

Yes

164 14 Post Pilot Plans What is the plan for post-pilot phase ? Would MASS IT want to take over activities such as customization / integration / training? If so, please provide the details.

MassIT expects that the Pilot will provide us with the ability to make these decisions.

165 20 Post Pilot Plans What is the plan for post-pilot phase ? Would MASS IT want to take over activities such as customization / integration / training? If so, please provide the details.

MassIT expects that the Pilot will provide us with the ability to make these decisions.

166 42 ProofPoint Does ProofPoint provide Data loss prevention (DLP) functionality? If so, how extensive?

Yes

167 111 Protocols Are IMAP and POP3 being used in the environment? Yes

168 95 Proxy Is Microsoft ISA/TMG/UAG or any other comparable Yes


Sequence


servers/Gateway Appliance

reverse proxy products currently being used for external access to your Exchange environment(s)?

169 5 Public Folder clarifications

Exhibit E shows that there are Exchange public folders on Exchange 2007. Are any Exchange public folders included in the scope of the pilot? If so, what is the number and size of those public folders?

This will depend on which agency is selected for the pilot.

170 37 Public Folders Are you currently looking to address migration of any existing Public Folder data? Will Pilot users be required to have visibility into Public Folder data?

This will depend on which agency is selected for the pilot.

171 211 Public Folders How much data in Public Folders: how many top level folders and the size distribution of these public folders?

NA at this time. Data to be provided as/when appropriate.

172 223 Public Folders Are there any custom workflows built into the State's deployment of Public Folders?

None within MassIT’s environment. Future users will have different content and configurations.

173 224 Public Folders Would the State Consider migrating public folders to SharePoint Online or Shared Mailboxes where applicable?

MassIT expects the bidder to provide us with a best-practices approach.

174 135 Retention of data Describe how you address retention of mailbox data in a user's mailbox? Provide specific example of use cases for implementing retention policies

SourceOne, which is in process of being adopted, will provide agencies with tools with which to address their retention concerns. Prior to being migrated to the archive agencies are applying retention policies using means other than SourceOne. Specific examples of use cases would not be helpful because each agency is subject to different retention rules dependent upon the type of records that it creates or receives, its funding sources, the Federal and state retention rules it is subject to, and the retention provisions of the contracts that it enters.


Sequence


175A 25 RFQ / Exhibits Does this mean (as seems to be the case) that the proposed price should be at most 90% of the Pilot Cap with a Change Order Margin specified for the other 10% or is the 10% over & above the Pilot Cap?

The former.

175B 25 &28

RFQ / Exhibits Can the Commonwealth provide a minimum and maximum number of users for the pilot as well as any other requirements such as # departments/agencies to include, required departments/agencies, etc.

The pilot must be large enough to demonstrate the technology, process, and value of the winning bidder’s proposed solution, but within the Price Cap. We are targeting 1000 users for the pilot but could pilot with more or fewer users depending on the Bidder’s pricing. We intend to pilot a single agency but may wish to test across agency lines.

176 26 RFQ A. Background Information: Pilot and Pilot Cap

Does the Commonwealth desire the Pilot Instant Messaging solution to integrate with the current Lync solution using the same user namespace/domain?

MassIT expects the bidder to provide us with a best practices approach.

177 27 RFQ B. Services Required

Please define the standalone desktop features that the Commonwealth desires to move to the cloud? Is the plan to run these applications in the cloud or on the desktop? What is the current suite?"

We are targeting productivity tools such as word processing and spreadsheet software. We anticipate using both desktop and cloud deployments. The current tools are Microsoft Office based and the version varies by agency.

179 29 RFQ B. Services Required

Please provide current Active Directory design information. Can you clarify whether you mean One Drive for Business or One Drive for Consumer?

To be provided if/when appropriate.

180 139 Roaming profiles Do you currently utilize any sort of roaming profile and/or persistent profile setup?

Agency specific

181 113 RPO What is the acceptable RPO? None established


Sequence


182 112 RTO What is the acceptable RTO? None established

183 22 Safety Issue Please define/describe 'safety issue' in more detail on page 20 of RFQ document?

Answer is context-based: The term “safety issue” appears in a definition of severity levels for system defects or nonconformities. The question of whether a particular defect or nonconformity creates a “safety issue” is in part dependent upon context. A one day loss of all email communication between doctors at a public hospital could constitute a safety issue; a one day loss of all email communication in the research division of an environmental agency may not.

184 66 Scalability MassIT specifies that Solution will need to easily scale up to the entire Executive Departments of up to 58,000 users. Should we assume that a) infrastructure components provisioned during Pilot phase in MassIT’s environment should be ready to serve 58,000 users, or b) infrastructure components provisioned during Pilot phase in MassIT’s environment should serve only Pilot users and have flexibility to add additional infrastructure components in Phase I when and as applicable to serve 58,000 users.

b).

185 51 Scattered Files The RFQ makes reference to "Scattered Files" referring to PST data located throughout the organization. Is systematic consolidation and re-ingestion of that PST data within the scope of this Pilot?

No

186 52 Scattered Files Has the State purchased or own any Tools related to "Scattered Files?"

No

187 128 Secure access What are the secure remote access methods implemented within the enterprise for accessing email?

We allow access via HTTPS (OWA and Outlook), ActiveSync, and VPN with remote desktop access


Sequence


188 47 Secure mail What action does the recipient need to perform in order to open Secure email that came from MassMail? Example: login to Sentrion portal, register etc?

A login is required

189 127 Secure mail Does MassIT have any requirements for TLS or domain secured email between organizations?

We use TLS

190 81 Security Does the MassIT current email encryption function make use of SMIME feature in Exchange? Requires obtaining certificate and providing certificate to recipient of encrypted mail.

No

191 129 Security Can the bidder conduct remote implementation activities or bidder will be required to be on-site?

Remote implementation activities are acceptable subject to the requirement that no offshore resources (a subset of remote resources) can access the system or state data. Same answer as earlier

192 130 Security Can the bidder be provided with pre-determined approved un-attended access to MassIT’s environment or everything will be performed in attended manner?

No

193 210 Service accounts How many service mailboxes require data migration? none for the pilot

194 209 Service Readiness How will ‘service Readiness? be assessed and what is the criteria for this metric?

Term does not appear in RFQ.

195 212 Shared mailboxes Do you require migrating data for Shared Mailboxes as well or you would like to provide new shared mailboxes in Office 365; this implies service accounts as well.

We expect the vendor to provide us with guidance and a best practices approach

196 214 SharePoint Do you currently have SharePoint on-premises? Please provide some information.

Yes, for some agencies but this is not an enterprise service

197 215 SharePoint Online Are you interested in SharePoint Online? Not for this RFQ

198 136 Single Sign on / restrictions

Is ADFS used with 3rd party applications and do you restrict access via any specific claim rules?

Not yet


Sequence


199 137 Single Sign on / restrictions

If ADFS is leveraged as source of authority, do you restrict access via any specific claim rules?

N/A

200 74 Single Sign-On redundancy

For Single Sign On, would you be interested in active failover configuration or disaster recovery configuration? Disaster Recovery configuration assumes that organization will have some Recovery Time Objective (RTO) and Recovery Point Objective (RPO) established and require DNS changes.

We expect the vendor to provide us with guidance and a best practices approach

201 3 SLAs Most cloud based email providers (including Microsoft) provide SLAs of 99.9% although they typically exceed that. There is no mechanism to increase this. Is MassIT willing to accept 99.9% SLA rather than the specified 99.99%?

Yes

202 44 SMTP address re-write

Does address rewrite for @state.ma.us happen on inbound SMTP direction or outbound? Can you provide detailed mail flow diagrams?

Outbound sending

203 45 SMTP address re-write

Can you list the SMTP address to be used by agencies on and off MassMail?

We don't believe this information is necessary

204 213 SMTP domain Is the primary SMTP Address staying the same? Yes

205 70 SMTP Domain Namespace

Does the MassIT email systems have a requirement to share a single domain across multiple mail systems?

Yes. 53 top level SMTP domains and one primary SMTP for MassMail.

206 77 SMTP domains How many top level SMTP domains does MassIT currently make use of.

1

207 78 SMTP domains How many primary SMTP domains are used by the MassIT across the various mail systems?

1 Primary SMTP domain on MassMail.

208 65 Standalone desktop features

In RFQ revised document it is mentioned that MassIT seeks a solution to migrate standalone desktop features to

Productivity software such as word processing, spreadsheets, etc.


Sequence


the cloud. Please elaborate what exactly MassIT means by this?

209 123 Terminal Services Do any users access email via thin clients or terminal services only? If yes, can you describe the solution in place?

1. Yes 2. Citrix

210 138 Terminal Services Do you currently make use of Citrix/Terminal Services /VDI environments for user access to their Exchange mailbox? Do you restrict the Outlook setting of cached vs online mode?

Yes

211 17 Testing and Pilot Please expand on 'testing' and 'piloting' on page 20 of RFQ.

Section “k” on page 20 of the RFQ is a subset of the bidder’s required warranty commitments, which include warrantying the system provided by Bidder for a year after the system is put into service and used by end users other than for purposes of testing and piloting. This means that the warranty does not begin until after the pilot ends.

212 216 Testing of redundancy of new message system

Since the new mail service is shared testing failover will not be possible, will certification from the OEM be acceptable for demonstration purposes?

Yes

213 217 Tools Does the requirement for service provider to provide tools include providing licenses for tools as and where applicable?

Yes

214 149 Training Will MassIT host all how to documents, videos, etc. on an internal website / intranet?

Yes. We provide links to YouTube

215 150 Training A) What is the expected duration of the administrator training sessions? B) What is the capacity of the training room of conference room facilities to facilitate in person training for

A) We expect the vendor to provide us with guidance and a best practices approach. B) Depends on the agency selected for the pilot.


Sequence


administrators? C) What are the hours of operations for training?

C) Probably 8am - 4pm

217 222 Training Can the State clarify training that is within the scope of "customized training"

Defined to include curriculum review for both administrator and user training (separately) to ensure issues of concern to MassIT are covered in sufficient detail. MassIT expects bidders to provide details of included training courses, whether online or face-to-face.

219 40 User management and administration

Will MassIT require admins from each Agency and Department to be participating in Pilot efforts? How many admins do we expect per agency?

Pilot will include a limited number of agencies. The number of admins is unknown but not expected to be unwieldy.

226 218 Workstations What type of operating system do end users have on their workstations?

Windows, Linux, MAC OS

228 33 XII. Anticipated Duration of Contract

Please confirm that the initial term of the contract is the term of the Pilot. If not, please clarify

The initial term of the contract, after amendment, will be one year. The term of the pilot will be one year or less, at MassIT’s discretion.

229 34 XVII. Warranties and Representations

Please provide specifics regarding how a deliverable will be determined to "substantially conform”

”Substantial conformance” means that in all material respects the deliverable meets the requirements.

ANSWERS CONTINUED ON NEXT PAGE

The following Q&A table addressing specific aspects of MassIT’s current AD environment was posted for procurement RFR/RFQ 16-09 - Professional Services to Support Active Directory Consolidation on Bid numbers 5598, 5599 and 5601 on both statewide contract ITS53 and Open Market. This procurement has been closed and the original document edited to remove irrelevant material.

“RFQ/RFR 16-09, Active Directory Consultant, Amendment #1Questions & Answers, Posted October 7, 2015

1. Please provide as much information as possible on the parameters and configuration of the current AD structures in DOR and MassIT, and the expected future state as well, to the extent possible.ANSWER: See Table below

Basics of DOR & MassIT AD ForestsElement MassITActive Directory version:

Mixed 2003, 2008 and 2012; All agencies are in process (in various stages) of upgrading AD to 2012. MassIT

will upgrade the forest to when this process is complete.Exchange version Mixed 2007 and 2013 in the environments; agencies in process of migrating to

2013.Forest Structure: 1 forest, 11 domains

6 Forest-level trustsDomain Controllers: 122Subnets: ~1,300AD DNS: All internal DNS are handled by the domain controllers; public-facing sites/objects,

etc. are handles completely separately.

Applications: Each Agency controls and this will need to be determined during discovery.Mailboxes: ~47,000

Contacts: ~25,000

Groups ~7,000

Public Folders ~3,500

Objects (est.) ~215,000

Basics of DOR & MassIT AD ForestsElement MassIT

Desktops / Laptops / Servers

Desktops/Laptops are managed at the Secretariat Level; determine during discovery.

Virtual/Physical Environment:

AD both physical & virtual; Exchange is physical

Target Distribution: Chelsea & Springfield data centers; All in Massachusetts.

Data Types and Sensitivity:

May be integrated into Q#4 below.

Assume highest federal standards apply as almost all DOR data is classified as personal, financial and protected by Federal standards (IRS, health, etc.). MGL 93H defines “personal” data.

MassIT sets protection levels according to data type and client. For AD, no specific standards apply.

No articulated separation of data standards apply at present. However, it is important to note that compliance issues are likely to be significant, depending on MassIT & DOR Legal opinion and guidance once data types and object interrelationships are clarified and documented.

Cloud Services / Federated Cloud(s):

None; anticipated.

Microsoft Premium Risk Assessment:

AD in last year Exchange in past 3 years

Identify Access Management:

MassIT also has ISIM/ISAM; however, within AD, only manage MassIT – use is not widespread throughout forest.

SSO is IAM,

Products in use include:1. IBM Security Access Manager 8.x2. IBM Security Identity Manager 6.x3. Tivoli Access Manager 6.x

Basics of DOR & MassIT AD ForestsElement MassIT

4. Tivoli Identity Manager 5.x5. PingFederate 7.3 (Identity Federation)

Group Policy Management:

Same.

Encryption: None yet.Schema Extensions:

MS only – Exchange, SharePoint and Lync.

Rights Management:

None

SCCM (System Center Configuration Manager or ConfigMgr):

Distribution is by agency, one of which is ANF-IT; MassIT does not push software. Microsoft WSUS.

Discovery / Litigation Hold Management:

EMC Source One to archive EMC Discovery Manager.

Virus Detection: Desktops use MacAfee Gateway servers use multiple

Load Balancing: F5Radius Servers: Yes, but not for AD

Environment Documentation Completeness and Availability:

For MassIT and managed environments, well-documented but for other agencies, not well documented at all.

# Question/Topic Answer2 What are the dimensions of the

proposed consolidation?See table of system information included in this document above.

3 Is there overlap among elements between MassIT and other organizations within the Commonwealth?

MassIT expects but does not know that there is overlap in both IP ranges and naming conventions; Determination of precise overlap ranges, object names, etc. and proposed resolutions would be part of discovery and planning in Active Directory consolidation projects.

4 Are multiple environments connected in any way now?

No. We have directory synchronization;

5 What are the data protection compliance challenges of this project?

The data protection compliance requirements are significant and set forth in detail within the solicitation and its attachments. Please refer to the requirements specified in the RFR, without limitation, RFR sections:

4.1 Confidentiality and Security Requirements4.2 Contractor’s Compliance Agreement (see form attached to the RFR) 4.10 and subsections under Physical and Technical Security RequirementsAppendix C, Enterprise Policy and StandardsAppendix D, Section 5, Statement of Work Template Agreement

7 Is MassIT looking to enhance; freeze or change the forest environment? And if so, in what direction/structure?

The answer to this will result from future developments. It is highly likely that In a future structure, manageability, delegation flexibility, and specificity and clarity of proposed structure(s) will drive the Commonwealth’s decision-making about any consolidated environments.

8 How are governance and administration managed? How is decision-making managed? Would the vendor have to engage agencies separately?

Multiple agencies have data management and/or email/Exchange teams. On the MassIT side, decisions on the managed environments are made by the Unified Communications/Messaging team, but environments managed by the agencies may each have their own protocols.

Mass IT will commit to assist actively in data discovery with other agencies, if and when this becomes relevant.

9 What are the primary inhibitors to success in this project? What level of Stakeholder engagement is there?

The first concern in future possible consolidations is with expected overlap in names and IP ranges among individual accounts and object “sets.”Second is the extent to which applications are integrated and used by and in

# Question/Topic Answerobjects, and how impact on applications can be minimized in a consolidation. Temporary unavailability is acceptable if planned and any proposal must address each the impact(s) on each application.

Secretariat-level stakeholders are engaged and actively promoting this project.

· Web viewHow have you handled training for a large software rollout on the ... (ie Cisco Unity,...

Documents

Transcript of · Web viewHow have you handled training for a large software rollout on the ... (ie Cisco Unity,...