ServiceForKenya Physical security and restricted access.• Management of climate

ServiceForKenya National Highways Authority(KeNHA)Tender No: KeNHA/R/1847/2018ByiWayAfrica Kenya LimitedOverviewThis document defines the data center (DC) collocation services proposed to Kenya Highways Authority as per tender no: KeNHAR/R/1847/2018 by iWayafrica Kenya Limited.Service descriptioniWayAfrica Kenya Limited provides state-of-the-art co-location Datacentre for customers and also in-house ISP infrastructure. This secure DC provides:•    Server co-location space: Raised floor room equipped with server cabinets, network switches, network connections, and power distribution equipment.•    MPLS/ Internet connectivity.•    IT Services to support system administrators in setting up and supporting systems.•    Systems monitoring and notification at the customer’s request.•    Physical security and restricted access.•    Management of climate control, fire suppression, and power systems..Server Co-LocationThe raised floor space in our Data Center provides an environmentally controlled DC for housing servers and related IT equipment including:•    Server cabinets.•    Top-of-rack switches for redundant connections to the campus network.•    Power strips and power distribution equipment for redundant connections to power supply.•    Patch cables for connecting servers to top-of-rack switches.Power and Backup PoweriWayAfrica DC provides clean power to all colocated equipment through two 40KVA online UPS systems with backup batteries. Mains power has an auto start generator backup and a hot standby generator.  Each is capable of running for 24 hours.Proposed Rack SpaceiWayAfrica will lease half a 42u server rack, which is lockable with a separate door from the other half.  The rack space will be equipped with 8 way Power Distribution Units(PDU), 24 port layer 3 switch & cable organizer.Depending on the configuration of the system, all ancillary equipment will be proximate to service equipment and ideally will be located within the same rack. Examples of ancillary equipment include:•    Firewalls•    Load balancers•    Tape backup systems (internal or external)•    External storage/fibre channel connections•    IP-based KVM (keyboard, video, mouse) switches•    IP-based serial console serversNetwork ConnectivityiWayafrica will provide dedicate MPLS 15mbps connectivity between the leased rack switch and KeNHA datacenter though iWayAfrica MPLS metro network. The customer can opt to install a backup link though any other carriers. We currently have 6 of the major carriers present in our DC. See proposed network diagram below. IT ServicesThe iWayafrica DC is equipped with Services for system administrators:•    A visitor work area and break room outside of the raised floor space, equipped network ports, wireless access, and power outlets.SecurityPhysical SecurityThe data center has a state-of-the-art security system and stringent security processes. FirewallFor equipment not managed by iWayAfrica, the customer needs to provide firewall service.Technical supportAll requests for technical support will be logged using the iWayAfrica centralized ticketing system.SupportAll requests for technical support will be logged using the iWayAfrica centralized ticketing system to enable us to appropriately assign and track the progress of your request. Staff will coordinate with customers to complete all tasks. Customers will be informed by e-mail from the ticketing system when requests have been completed.•    For service requests that do not require immediate attention, send an e-mail message to [email protected] This will create a ticket and will follow the standard initial response time of 30minutes.•    For any issue requiring immediate attention (less than 30 minutes), such as the reboot of a server or other troubleshooting activity, call 020-6190000. The customer support are on duty 24/7 to support you. Monitoring and NotificationiWayafrica will monitor systems in the Co-location DC and send email alerts for outages to NOC support and cc customer on request. MaintenanceiWayAfrica will notify customers about both scheduled and unscheduled maintenance of service availability and service delivery issues. Services may not be available during the maintenance periods.Scheduled maintenanceiWayafrica strongly recommends that all systems have a scheduled maintenance window.  This would allow the system to be updated for security patches, changing of failed hardware and updating of systems software.  It is strongly recommended that all maintenance work be done during scheduled maintenance windows.Unscheduled maintenanceUnscheduled maintenance tasks that require service downtime will be announced as soon as possible.Change notificationiWayAfrica will maintain a mailing list of customer contacts who will be notified of planned maintenance and unplanned events. Customers must notify iWayAfrica of any changes to contact information as part of providing escalation path information. Contact lists will be reviewed periodically.Access to DataCentreLevel 0•    Remote Access – Systems Administration•    Preferred method of systems access, however, this access could be paired with Level 1, 2 or 3 access.•    Can include serial console access, KVM console access, remote power (toggle PDU ports), VM console access and remote media capabilitiesLevel 1•    Escorted Access – Secondary/Vendor Support•    Closely monitored access given to people who have a legitimate business need for infrequent access to the Data Center, where “Infrequent access” access is defined as less than 15 days per year.•    A person given Escorted Access to the DC must have assigned supervision by a person with Controlling Access•    A person with Escorted Access must not allow any other person to enter or leave the area.Level 2•    Unescorted Access – Primary Support Staff•    Granted to a person who has a legitimate business reason for unsupervised access – An example of this would be a Systems Administrator designee)who requires physical access to work on their system(s).•    Unescorted access personnel must seek approval by personnel with Controlling Access authority to grant escorted access to visitors. •    The grantor (Unescorted Access person seeking approval) is responsible for the visitor(s) and must escort them in the Core DC at all times.Level 3•    Controlling Access – Server/Equipment Owner•    Controlling Access is generally granted to staff whose job responsibilities include managing and supporting the DC’s core infrastructure.•    These individuals also have the authority to grant temporary access to IT Services and to authorize others..Customer responsibilitiesCustomers agrees to:•    Provide vendor name, model number, and specifications for equipment to be co-located.•    Follow documented communications and ticketing process.•    Properly configure systems to use the redundant network equipment provided in the DC.•    Develop disaster recovery plans for servers and services.•    Identify staff authorized for remote and on-site (escorted) access to the DC and systems co-located therein.•    Define an escalation path outlining who should be contacted and when in the event of problems with systems that are monitored by iWayAfrica staff.•    Abide by security procedures that control access to the DC.