Docstoc

APPENDIX 7 - Technical Specifications - USVIE10002 - 6 Dec 2011 - 15003236

Document Sample
APPENDIX 7 - Technical Specifications - USVIE10002 - 6 Dec 2011 - 15003236 Powered By Docstoc
					             A PPENDIX 7-T ECHNICAL S PECIFICATIONS


                          US/VIE/10/002


T ECHNICAL A SSISTANCE    TO    V IET N AM B USINESS R EGISTRATION
                                R EFORM
                PHASE A   -   MODULE II AND PHASE B

 C OMPUTERIZED N ATIONAL B USINESS R EGISTRATION S YSTEM (NBRS)




              TECHNICAL SPECIFICATIONS FOR

         TECHNICAL INFRASTRUCTURE SPECIFICATION        (HW)

              BASIC SOFTWARE SPECI FICATION     (SW)




                              5 December 2011
Appendix 7-Technical
Specifications                                                                      Viet Nam Business Registration Reform
5 December 2011                                                                            Phase A-Module II and Phase B


TABLE OF CONTENTS

1       GENERAL INFORMATION ...................................................................................................................... 3
1.1    OBJECTIVE .................................................................................................................................................. 3
1.2    AIM OF THE PROJECT ................................................................................................................................... 3
1.3    THE SCOPE OF SUPPLY ................................................................................................................................. 6
1.4    GUARANTEE REQUIREMENTS ....................................................................................................................... 7
1.4.1.   SERVICE LEVEL AGREEMENT ................................................................................................................. 7
1.4.2     DEFECT LIABILITY .................................................................................................................................. 8
1.4.3.    ACCEPTANCE TIME GUARANTEE ............................................................................................................. 8

2       GENERAL SYSTEM INFRASTRUCTURE ........................................................................................... 12
2.1         BRO LEVEL............................................................................................................................................... 12
2.2         ABR LEVEL............................................................................................................................................... 12
3       TECHNICAL ARCHITECTURE............................................................................................................. 14
3.1         ARCHITECTURE ................................................................................................................................... 14
3.2         DESIGN DIAGRAM ............................................................................................................................... 14
3.3         TECHNICAL SPECIFICATIONS FOR HARDWARE ..................................................................................... 18
3.4         TECHNICAL SPECIFICATIONS FOR BASIC SOFTWARE ................................................................................. 18
3.4.1          REQUIREMENTS FOR INSTALLATION, COMMISSIONING AND CONFIGURATION OF BASIC SOFTWARE ...... 19

4       ABBREVIATIONS AND DEFINITIONS ................................................................................................ 20
4.1         ABBREVIATIONS........................................................................................................................................ 20
4.2         DEFINITIONS ............................................................................................................................................. 22


LIST OF FIGURES
FIGURE 1: NATIONAL BUSINESS REGISTRATION SYSTEM (NBRS) ........................................................................... 4
FIGURE 2: DESIGN DIAGRAM FOR THE UPGRADED NBRS .......................................................................................... 14



LIST OF TABLES
TABLE 1 PREDICTION OF REGISTRATION TRANSACTIONS FOR THE PERIOD 2009-2014 ............................................. 7
TABLE 2 IMPLEMENTATION TIME SCHEDULE .......................................................................................................... 10




                                                                        P AGE 2 OF 24
Appendix 7-Technical
Specifications                                Viet Nam Business Registration Reform
5 December 2011                                      Phase A-Module II and Phase B


1 GENERAL INFORMATION
1.1 OBJECTIVE

This Invitation to Bid (ITB) is issued to solicit bids for the acquisition of hardware (HW),
software (SW), and network and communication equipment to upgrade the computerized
National Business Registration System (NBRS) infrastructure. The counterpart and recipient
of this United Nations Industrial Development Organization (UNIDO) project is the Ministry
of Planning and Investment, MPI, specifically the Agency for Business Registration, ABR.

The Supplier shall propose HW, SW, network and communication products that will upgrade
the NBRS infrastructure and that will be located at the ABR Data Centre (ABR DC) and MPI
Data Centre (MPI DC). HW, SW, network and communication products, after sale services,
including warranties shall fully address the functional, technical and general requirements
indicated herein.


1.2 AIM OF THE PROJECT

The Viet Nam Business Registration Reform is divided into the following phases:
   Phase A Module I      Establishment of the National Business Registration System, which
   is already completed.
   Phase A Module II Establishment of the Information Distribution System
   Phase B               Establishment of the Financial Statements Filing System

The overall objectives for the Reform Phase A are:
   1. Reduction of the cost and time for completion of the registration requirements by
      simplification and standardization of the pre-registration requirements and the
      registration procedures and steps;
   2. Reduced transaction risks and costs in execution of business activities by improving
      the information service with nationwide access to official information on the legal
      representation of enterprises;
   3. Improved quality and efficiency for public administration in relation to the
      management of information on enterprises and its activities.

The computerized National Business Registration System (NBRS) is operated by the Agency
for Business Registration through its ABR DC, in collaboration with 65 Business Registration
Offices (BRO) located in 63 provinces in Viet Nam. The following objectives have been
achieved during implementation of Phase A. Module I:
   a) Nationally harmonized single-point-registration services performed by the 65 BROs at
      provincial level, securing the same service regardless of business location through the
      computerization of the work flows;
   b) Single-point-registration by submission of a consolidated application form covering
      the requirements for Tax code registration, notification to GSO and MPS, as required;
   c) Unique ID of enterprises by use of the Tax code for this purpose;
   d) Web-enabled services for optional submission of registration applications;


                                       P AGE 3 OF 24
Appendix 7-Technical
Specifications                                  Viet Nam Business Registration Reform
5 December 2011                                        Phase A-Module II and Phase B


   e) National Business Registry comprising of legally valid enterprise data from the BROs,
      which is technically operated at the national level by the Agency for Business
      Registration, MPI;
   f) Improved efficiency and quality of registration procedures and reduced risks for
      duplication of the use of business names;
   g) Time for the completion of the registration procedures reduced to 1-2 days
The NBRS facilitates efficiency and quality in the registration process of documents and data
about enterprises and provides decision support when processing applications for registration.
Logical checks are performed to support correct data entry.




                      Figure 1: National Business Registration System (NBRS)

The following types of enterprises are registered in the system:
           •   Limited liability companies with one member;
           •   Limited liability companies with two or more members;
           •   Shareholding companies;
           •   Partnerships;
           •   Sole proprietorships;
           •   Branches of registered entities and representative offices

Phase A Module II Output:
   1. Capacity of ABR and 65 BROs is strengthened to establish and operate web-enabled
      enterprise information services;
   2. Computerized systems for provision of web-enabled enterprise information services
      are fully deployed and operational nationwide.

Phase A Module II Targets:
   1. Additional HW is installed at the NBRS by March 2012
   2. ABR and BRO staff are fully trained and functional by July 2012
   3. Training programs are launched by April 2012


                                         P AGE 4 OF 24
Appendix 7-Technical
Specifications                                Viet Nam Business Registration Reform
5 December 2011                                      Phase A-Module II and Phase B


   4. Roll out the fully functioning services is completed by August 2012
   5. Capacity building assistance, particularly on organization development is launched by
      April 2012
   6. Operation system “beta version” is functional as of March 2012
   7. Operation procedures and manuals are complete as of April 2012
   8. Systems and staff are fully enabled to support enterprise information services by
      August 2012
   9. Enterprise information services generate revenues that are at least equivalent in
      amount to 75% of revenues generated by registration service by mid 2013

The overall objectives for the Reform Phase B are:
   1. To smooth the implementation of the new financial statements recording system and
      to support the future operation for the different user to obtain the optimal benefits.
   2. All registered shareholding companies will be made aware of new regulation on
      financial statements requirement, contents and process

Phase B Outputs:
   1. Capacity of ABR and 65 BROs is strengthened to establish and operate a
      computerized annual financial statements filing and financial statement information
      dissemination system by December 2012;
   2. Computerized business processes and operation system for financial statement filing is
      completely rolled out to and operational in 65 BROs;

Phase B Targets:
   1. Legal framework for filing of financial statements clarified between MPI and MOF to
       ensure single reporting requirement from enterprises, if necessary by issuance of an
       inter-ministerial circular, and is in place in October 2011;
   2. Additional ABR hardware is operational in March 2012
   3. Stakeholder awareness campaign on filing of financial statements and use of
       information on financial statements is completed by December 2012;
   4. ABR and BRO staff training on financial statements handling is completed by
       December 2012;
   5. Recommendations on pricing schemes developed and submitted for consideration by
       October 2011;
   6. BRO communities operational, performance management system established, client
       orientation training completed by December 2012;
   7. Financial statement filing operation system “beta version” is operating on ABR
       hardware within May 2012;
   8. Operation procedures and manuals supporting the execution of financial statement
       filing at the BROs are complete according to the governing legal framework by June
       2012;
   9. Customization of financial statements operation system is completed by June 2012;
   10. Financial statements operation system national roll-out starts in October 2012 and is
       completed in 63 provinces in the same month;
   11. ABR staff are fully capable of operating and maintaining the financial statements
       systems by July 2012 and all BRO staff are fully capable of operating and maintaining




                                       P AGE 5 OF 24
Appendix 7-Technical
Specifications                                Viet Nam Business Registration Reform
5 December 2011                                      Phase A-Module II and Phase B


       the financial statement systems by September 2012 and supported with refresher
       training until December 2012;
   12. ABR concludes at least one fee earning information service contract based on NBRS
       with an external institution by end of 2012
   13. Information services provided by various means from BROs increase by 50% from its
       average national level in 2007 by mid 2013.


    1.3       THE SCOPE OF SUPPLY

The document describes:

     The upgraded NBRS infrastructure;

     The network architecture at the ABR level;

     The specification of requirements for the computer hardware, software, network and
      communication equipment at the ABR DC and MPI DC to establish the upgraded
      NBRS technical infrastructure;

It shall be noted that the HW and basic SW described in this terms of reference shall be
provided, installed and commissioned by the Supplier.

Description of the general infrastructure explains how the computer equipment is organized
on the network, and what kind of equipment is required.

The network architecture consists of the system design diagram and the description of the
different system zones.

From a technical infrastructure point of view, Phase A Module II and Phase B will
concentrate on the following:

      The establishment of Information Services where enterprise registration information
       can be distributed to and accessed by the public as well as the concerned governmental
       institutions and agencies; Online Business Registration Service to allow applicant to
       submit registration dossiers online; Financial Statements Filing Service to allow
       Shareholding Companies to submit annual financial statements in compliance the
       Enterprise Law. The above services are also supported and made convenient and more
       secured with the implementation of electronic payment and electronic signature
       services;

      The strengthening and expanding of the NBRS technical capacities to handle the new
       services and the increased number of business registration dossiers submitted at 65
       BROs and through the online registration service.

      The establishment of a backup site located at MPI Data Centre to reduce the risk of
       disruption to service and loss of enterprise registration data.




                                       P AGE 6 OF 24
     Appendix 7-Technical
     Specifications                                   Viet Nam Business Registration Reform
     5 December 2011                                         Phase A-Module II and Phase B


     The technical infrastructure specifications take into account the following:

            The NBRS is accessible and highly available to all 65 BROs located in 63 provinces;

            The BROs will function as offices for registering information and to issue Business
             Registration Certificates;

            All official registrations are stored at ABR Data Centre, although the certificates will
             be printed in the respective BRO;

            The ABR will exchange information with General Department of Taxation (GDT),
             Ministry of Public Security (MPS) and General Statistics Office (GSO);

            Information and security checks to ensure that the data on the issued Business
             Registration Certificate is properly stored at the ABR Data Centre and is correctly
             presented and issued at the BRO;

            On-line registration services available on 24/7 basis.

     The capacity of the network operation is based on the following predictions for the volume of
     registrations:

     Table 1 Prediction of registration transactions for the period 2009-2014

Services/products
                         2009       2010         2011          2012      2013       2014
BROs
New registrations        60,000     65,000       80,500        87,700    92,000     97,000
Amendments               107,250    160,875      241,313       361,969   542,953    814,430
Total No. Enterprises    445,000    510,000      624,000       712,000   805,000    902,000


          1.4. GUARANTEE REQUIREMENTS
     The Supplier shall, in writing, indicate its full agreement with at least the requirements
     indicated below for the detailed Service Level Agreement to be provided, Defect Liability and
     Acceptance Time Guarantee in its offer.

          1.4.1. SERVICE LEVEL AGREEMENT
     The Supplier shall define a detailed Service Level Agreement (SLA) for the total duration of
     the warranty period covering the maintenance and support services for the delivered
     equipment and basic software and resulting at least in:

         -   A single point of contact for all support calls. All problems will initially be screened
             by the NBRS technical personnel who will then make contact with the
             maintenance/support contact. The Supplier shall indicate the structure of its
             Maintenance/Support organization, including the names of its relevant staff to be
             made available in Hanoi, Viet Nam in its bidding documents.




                                               P AGE 7 OF 24
Appendix 7-Technical
Specifications                                Viet Nam Business Registration Reform
5 December 2011                                      Phase A-Module II and Phase B


   -   Ability of the NBRS technical personnel to report problems immediately to the
       Supplier's nominated specialist support personnel at least between 08:00 am and 17:00
       pm, Monday through Friday. The call acceptance and response initiation should be
       confirmed in no more than 4 hours of notification. Ability for the NBRS’s technical
       personnel to report problems by e-mail or phone or otherwise to a nominated contact
       within the Supplier's organization also outside of these hours is required.
   -   During the warranty period, the Supplier must remedy defects or damage according to
       the equipment specification requirements for the warranty or within 48 (forty eight)
       hours of notification whichever is less;
   -   Warranty will cover updates/maintenance of patches/bug fixes (available from the
       original hardware vendor) for firmware (of hardware equipment) and patches/bug
       fixes (available from the original software vendor) for basic software.
   -   In addition to equipment support actions required to correct problems, regular
       preventative maintenance shall be carried out according to a schedule which shall be
       agreed between the parties.
   -   Well-defined and responsive escalation procedures which will facilitate the smooth
       running of the support service shall be indicated by the Supplier.
   -   The warranty period should be a minimum of 3 years from the date of Purchaser's
       acceptance of the deliveries.
   -   On-site support;
           o At ABR: shall be less than 4 hours reaction on-site
   -   Final SLA is very important and may be discussed during the negotiations of the
       contract. Therefore, the Supplier is advised to provide the best possible conditions
       available to his Organization.

    1.4.2      DEFECT LIABILITY
The Supplier shall warrant that:

   -   The equipment is free from defects in the design, engineering, materials, and
       workmanship that prevent the equipment and/or any of its components from fulfilling
       the technical indicator's requirement or that limit in a material fashion the equipment
       performance, reliability, or extensibility.
   -   The equipment supplied under the contract is new, unused, and incorporates all recent
       improvements in design that materially affect the equipment’s ability to fulfill the
       technical requirements.
   -   (i) all equipment to be incorporated into the NBRS forms part of the Supplier’s and/or
       its Subcontractor’s/Supplier’s current product lines, (ii) they have been previously
       released to the market.
   -   If during the warranty period any defect should be found in the design, engineering,
       materials, and workmanship of the equipment supplied or of the services provided by
       the Supplier, the Supplier shall promptly, in consultation and agreement with the
       Purchaser regarding appropriate remedying of the defects, and at the Supplier’s sole
       cost, repair, replace, or otherwise make good. Any defective parts that have been
       replaced by the Supplier shall remain the property of the Supplier.

    1.4.3. ACCEPTANCE TIME GUARANTEE
The Supplier guarantees that:


                                        P AGE 8 OF 24
Appendix 7-Technical
Specifications                                Viet Nam Business Registration Reform
5 December 2011                                      Phase A-Module II and Phase B



   -   It shall complete the delivery, installation, commissioning, and achieve acceptance of
       the equipment within the time periods specified in the Implementation Schedule table.

1.5 DELIVERY PERIOD
The Supplier shall deliver both the HW and basic SW within five (5) weeks from dispatch of
the purchase order by UNIDO. Both HW and SW shall be delivered at the same time.


1.6     INSTALLATION, COMMISSIONING AND
        ACCEPTANCE
Installation of HW, basic SW, network and communication products shall be conducted in 4
(four) distinct stages: installation, commissioning, acceptance testing and acceptance.

Installation:

The Supplier will deliver the equipment; the basic software, licenses and perform standard
installation and commissioning for both hardware equipment and basic software:

   -   In the allocated development environment at the ABR DC and MPI DC;
   -   The equipment and basic software shall be installed at the ABR DC and MPI DC;
   -   The Purchaser shall, within fifteen (15) days upon receipt of the Supplier’s notice
       either approve installation or notify the Supplier in writing of any defects and/or
       deficiencies, including, but not limited to, defects or deficiencies in the
       interoperability or integration of the various equipment components or compatibility
       of the basic software with the provided hardware equipment. The Supplier shall use all
       reasonable means to promptly remedy any defect and/or deficiencies of which the
       Purchaser has notified the Supplier. The Supplier shall then promptly carry out
       retesting of the equipment, compatibility of the basic software with the equipment and,
       when in the Supplier’s opinion the equipment is ready for commissioning and
       acceptance testing, shall notify the Purchaser in writing. The procedure shall be
       repeated, as necessary, until the installation is approved.

   Commissioning:

   -   Commissioning of the equipment and basic software shall be commenced by the
       Supplier immediately after the installation approval is issued by the Purchaser.
   -   The Purchaser shall supply the operating and technical personnel and information
       reasonably required to enable the Supplier to carry out its obligations with respect to
       commissioning.
   -   The Supplier shall notify the Purchaser in writing as soon as the deliveries have been
       commissioned and are ready for acceptance testing

   Acceptance testing:




                                        P AGE 9 OF 24
  Appendix 7-Technical
  Specifications                                     Viet Nam Business Registration Reform
  5 December 2011                                           Phase A-Module II and Phase B


      -      The acceptance tests (and repeats of such tests) shall be the primary responsibility of
             the Purchaser, but shall be conducted with the full cooperation and presence of the
             Supplier during commissioning of the equipment to ascertain whether the equipment
             components and basic software conform to the technical requirements and meets the
             standard of technical performance quoted in the procurement specification. The
             acceptance tests will also be performed on replacement equipment, upgrades and
             equipment components that are added or modified after acceptance of the equipment.

  Acceptance:

       - Acceptance shall occur, only when the acceptance tests have been successfully
          completed and the Purchaser has accordingly notified the Supplier in writing
      - The Supplier shall use all reasonable means to promptly remedy any defect and/or
         deficiencies and/or other reasons for the failure of the acceptance tests of which the
         Purchaser has notified the Supplier. Once such remedies have been made by the
         Supplier, the Supplier shall notify the Purchaser, and the Purchaser, with the full
         cooperation of the Supplier, shall use all reasonable means to promptly carry out
         retesting of the equipment, compatibility of the basic software with the equipment.
         Upon the successful conclusion of the acceptance tests, the Supplier shall notify the
         Purchaser of its request for the acceptance. The Purchaser shall then make an
         acceptance, or shall notify the Supplier of further defects, deficiencies, or other
         reasons for the failure of the acceptance tests. The procedure shall be repeated, as
         necessary, until an acceptance is issued.
      - If the equipment fails to pass the acceptance tests within the specified time period then
         the Purchaser may consider issuing penalties or terminating the contract.

  The table below reflects the requirements for the implementation schedule for the delivery,
  installation and acceptance:

                                Table 2 Implementation time schedule

Activities        Weeks
                  1 2   3      4    5     6   7     8     9    10   11    12    13    14    15
Purchase          x
order
dispatched to
Supplier
Delivery              x    x   x    x     x
(HW & SW)
Installation                              x   x     x     x    x
and
commission
(HW & SW)
Acceptance                                                          x     x     x
testing
Acceptance                                                                            x     x
signed




                                              P AGE 10 OF 24
Appendix 7-Technical
Specifications                                 Viet Nam Business Registration Reform
5 December 2011                                       Phase A-Module II and Phase B


1.7. PROPOSED PAYMENT SCHEDULE
The following progress payment schedule is proposed:

Upon signature of the Purchase Order and receipt of the shipping documents:   40%

Upon installation and commissioning of hardware and basic software:           25%

Upon acceptance testing and signing of the acceptance certificate:            25%

At the end of the warranty period and upon complete delivery
of all documentation and the final report:                                    10%




                                        P AGE 11 OF 24
Appendix 7-Technical
Specifications                                 Viet Nam Business Registration Reform
5 December 2011                                       Phase A-Module II and Phase B


2 GENERAL SYSTEM INFRASTRUCTURE
The upgraded NBRS will be running in the ABR DC and MPI DC. All the BROs and the DCs
VLANs will be connected via Intranet lines provided by the Internet Service provider. The
ABR DC and MPI DC VLANs will be connected by the short distance (up to 380m) fiber
optic line. The end users at the BROs will use printers, scanners and the workstations housing
software. The Microsoft operational system software will be installed on the workstations and
the Microsoft network approach will be used in the VLAN. Each workstation and VLAN
users will use an account in the Active Directory which will be located in the ABR DC Active
Directory server. The backup Active Directory will be located in the MPI DC. The larger
BROs additionally will have their own Active Directory servers for the faster response time of
users’ and computers’ authentication and authorization in the LAN. These additional servers
will replicate the information with the ABR DC Active Directory server.



  2.1 BRO LEVEL
There are no changes from the previous NBRS setup at BRO level:


Operational systems

      Workstations – MS Windows Vista Business latest service pack and updates;

      Local servers – MS Windows Server 2008 SE.

The LAN use the twisted pair Category 5e cabling and 10/100 Mbs network switch.

   -   IP MPLS Intranet used as the primary connection between the BROs and NBRS.

   -   The BROs which have access to Internet via DPI VPN IPSec is used as the backup
       connection. The VPN IPSec client is installed on the each BROs computer.

   -   The BROs which don’t have Internet access and HCM BROs are using two MPLS
       lines. HCM city have three BROs with high capacity Intranet MPLS line each. The
       Internet access is implemented via ABR DC

   -   The Intranet NBRS data communication is protected against interference by any other
       data communications operated by the ISP.



  2.2 ABR LEVEL
ABR level will be “upgraded ABR” with the MPI DC involved as the backup solution for the
registration operation

Operational systems:



                                       P AGE 12 OF 24
Appendix 7-Technical
Specifications                                 Viet Nam Business Registration Reform
5 December 2011                                       Phase A-Module II and Phase B


      Workstations – MS Windows Vista Business 32, Windows 7 with latest service pack
       and updates;

      Central servers – MS Windows Server 2008 x64 SE and EE, Windows 2008 R2 EE,
       Sun Solaris, Oracle Enterprise Linux, VMware Vsphere latest version ESXi
       hypervisor with Enterprise version licenses;

The LAN is UTP cable based and divided into the several security zones. For the LANs
connection on longer than 100m distance, fibre optic lines are used. The security zones are
divided by means of firewall, routers and Ethernet 1Gbps switch equipment.

Intranet communication

For the Intranet communication between the ABR and MPI DC and the BROs, the IP MPLS
ISP lines are used. There is active backup line for high-availability. The backup line will be
connected to MPI DC when the primary will be connected to ABR DC. In case of both
channels’ failure, the firewalls at the ABR and MPI and the firewall clients on BROs
workstations will provide the backup connection either by IPSec VPN or SSL VPN.

Internet communication

There will be two active Internet communication groups with primary at MPI DC and
secondary at ABR DC. MPI DC will provide the redundant Internet access from 200Mbps
domestic bandwidth, 18 Mbps international and 1024 IP public address set provided by
Viettel and FPT. The ABR DC will not change the lines, speed and IP addressing scheme
which is provided by the current ISP. The firewalls, switches and routers at ABR and MPI
will provide an efficient network configuration for Internet users to use the upgraded NBRS
services

Corporate (Extranet) communication

      Via IPsec VPN access over the Internet to the ABR DC and MPI DC by using VPN
       client and firewalls of ABR DC and MPI DC;

      Via leased fibre optic lines between the ABR and the GDT – the primary line is
       connected to ABR DC firewall and the secondary line to MPI DC firewall

In both cases in/out traffic will be controlled by the firewalls at the ABR DC and MPI DC.




                                       P AGE 13 OF 24
Appendix 7-Technical
Specifications                                  Viet Nam Business Registration Reform
5 December 2011                                        Phase A-Module II and Phase B


3 TECHNICAL ARCHITECTURE
  3.1 ARCHITECTURE
The upgraded NBRS architecture will contain the principles of distributed system
architecture.

The present NBRS system is designed with 3 layers Presentation, Application and Database
levels. On the Database level NBRS it is proposed to distribute in Basic, Online, Information
and Reports (Warehouse) databases with the corresponding application on application level.
Each Database level implementation is proposed to implement on physically separated servers
with data synchronization between databases, at the same time each database will be run in
high-availability (HA) environment with the possibility to scale out when it is needed to
increase performance. There is also the core database which is implemented in Basic, “core”
means that this database will contain data from all distributed databases but processes data
with the corresponding application for the registration purposes only. The benefits of such
approach are that NBRS services will not impact on each other in terms of resources load and
at the same time allow scaling up only needed service without involving significant
development resources. Synchronization between the databases is not necessary online and
can be scheduled which allows complex tasks to be performed on the separate distributed
level without affecting reliability and performance of others. The practical implementation of
such approach with NBRS Oracle databases can be:
    - Oracle RAC Enterprise Edition (EE) for the Basic Database
    - Oracle Standard Edition (SE) for the Online, Information and Warehouse Databases

The principles of distributed architecture can be obtained in several steps. Security and
reliability of the upgraded NBRS are achieved in the first step with:
    - Oracle EE RAC database on the existing NBRS server node 1 in ABR and existing
         NBRS server node 2 in MPI for the basic registrations;
    - Standby Oracle EE database instance on the second NBRS server node 2 in MPI for
         the Basic database backup;
    - Oracle SE RAC for the Online and Information Services in MPI DC

On the application level it is proposed to use applications with the resource distribution and
higher availability features and with easy resource scalability. For this reason, virtualisation
environment solution with VMware Hypervisor and Windows OS guest installed is chosen in
the second step:

   -   Distribute Warehouse from Oracle EE RAC to Oracle SE RAC in MPI DC


  3.2 DESIGN DIAGRAM
Figure 2 below illustrates the complete logical network design for the ABR. This logical
design materializes the upgraded NBRS technical architecture presented in this section. A
functional block in the logical diagram does not necessarily correspond to a physical
server/device. In fact, several functional blocks may be consolidated into a single physical
server/device.



                                        P AGE 14 OF 24
Appendix7-Terms of Reference
5 December 2011                                                                                                                                                                                                                                                                                             Viet Nam Business Registration Reform
                                                                                                                                                                                                                                                                                                                   Phase A-Module II and Phase B


                   MPI Data Center


                 SAN Zone                        Database zone (in MPI DC)                                                Perimeter trusted zone                                                      Perimeter zone                                              Core zone
                                                                                                                                                                                                                                                                                                                                                        Payment
                                                                                                       vCenter       AD,DNS,CA        Basic NBRS      e-Payment        e-Signature                                                                                                                                                                      Gateways
                                                                                                                                                                                                                                                          Provided by MPI
                                                                                                                                                                                                                                                                                                                                                                                     Applicant on
                         SAN                                                                                                                                                                                                                                                                                                                                                           Internet
                        switch


                                                         Database VLAN                                                            Application VLAN                                                        Perimeter VLAN                                                                                                                              Internet
                                                                                                                                                                                                                                                           SiSi
                                                                                                             AD, Sec. Backup Mngt
       SAN                                                                  RAC SE
                                                                                                                                                                                                                                                                                  GDT
                                                                                                                                                                                                                                                         Multilayer
                                                                                                                                                                                                                                                          Switch       Intranet

                                                                       Online+IS DB                                                                      Report       Information
                                       Basic NBRS DB node 2                                            vSphere Cluster            NMS Online NBRS                                                          Web proxy                                    Cisco R1841                                             GDT
                                                                                                                                                         App-DB          Service
        Tape
       library




                                                                                                                                                                                                                                                                                    Intranet link
                                                                                                                                                                                      2x1Gbps Aggr.
                             2x4Gbps                                                                                                                                                     Trunking                                                                                 (FTTH 20Mbps)
                                                                                                                                                                                        Switch link



       Primary Site - ABR Data Center
                                                                                                                                                                                                                                                                                    IPSec VPN
                 SAN zone                                 Perimeter trusted zone                                                         Perimeter zone                                                      Border Public zone
                                                                                                                                                                                                                                                                                         Payment
                                                                                                                                          Email                                                                                                                                          Gateways
                                                                                                                                                                                                                                          Tx/Fx
                                                                                                                                                                                                 UTM                                              FTTH 14Mbps
                                                                                                                                                                                                               Link Load
                                                                                                                                                                                               Firewall
                                                                                                                                                                                                               Balancer
                                                                                                                                                                                               Cluster                                                                                  Internet
                                                                                                                                                                                                                                                                      ISP1                                 Applicant on
                                                                                                                                                                                                                                          Fx/Tx                                                              Internet                                      HNI and HCM BRO
                                                                                                                                                                                                                                                  FTTH 8Mbps
                                                                                                                                              Perimeter VLAN
                                                               Perimeter trusted VLAN                                                                                                                                                                                                                                                                                                                        AD

                                                Basic NBRS App.                      AD AD, Backup Mngt                                                                                                         F5 BIG IP
                                                                                                                                                                                                                                                                                                                                                       DPI network
                                                                                                                                                                                              FG-620B HA

                                                                                                                                                                                                                                                                                                    IPSec VPN
                                                                                                                                                Portal

                                                                                                                                                                                                                                                                                                                                          Router LB                                        BRO Server VLAN

                                                                                                                                               Core zone                                                                                                                                                                    Fx/Tx
                                                                                                                                                                                                                                                                                                                          Converter

                                                                                                                                                                                                                                                                                                                                                                   FG-310B
                                                                                                                                                                                                                                                                                                                                                                 UTM Firewall
                                                                                                                                                                                                                                                                                                                                            Fx/Tx                (FW,VPN,IPS,
                                                                                                                                                                                                                                                                                                                                                                                       `            `             `
                     SAN                                                                                                      Core Firewall
                    switch
                                                                 Database zone                                                                                 Si                                                                                                                                                                         Converter              AV,AS,CF,TE)
                                                                                                                                 Cluster
                                                                                                                                                                                                                                                                                                                                                                                              BRO VLAN

                                                                                                                                                                          Core
                                                                  Database VLAN
                                                                                                                                                                         switch                                                                                                                                           Secondary
                                                                                                                                                                                                                                                                                                                              link                                                     `            `
                                                                                                                                                                                                                                                                                                                            (FTTH)
         SAN                                                                                                                   FG-3016B HA
                                                                                                                              (FW,IPS,VDOM)                                                                                                                                   MPLS VPN/Dedicated
                                                                                                                                                               Si                                                                                                                  Network
                                               Basic NBRS DB node 1                                                                                                                                             Intranet zone                                                                                                                                        BROs

                                                                                                                                                                                                 UTM
                                                                                                                          VLAN                                                                  Virtual
         Tape                                                                                                             trunk                                                                Firewall                                                       Intranet link                                                                            DPI network




                                                                                                                                                                                                                    Intranet VLAN
        library                                                                                                                                                                                                                                             (FTTH 20Mbps)
                                                                                                                                                                                                                                                                                                           Primary link
                                                              Test and Dep zone                                                        Administration zone                                                                                                                                                     link
                                                                                                                                                                                                                                                                                                              (ADSL)
                                                                                                                                                                                                                                                                                                                                                                      FG110C UTM
                                                    Test App.                                                                                                                                                                                                                                                                                                           Firewall
                                                                        Tester                Tester                                            Admin user               Admin user            VDOM on
                                                                                                                                                                                              FG-3016B HA                                                                                                                                                             (FW,VPN,IPS,
                                                                                                                                                                                                (FW,IPS)                                                                                                                                                              AV,AS,CF,TE)
                                                                        `                     `
                                                                                                                                                         `                        `                                                                                                                                                    ADSL
                                                                                                                                                                                                                                                                                                                                      modem
                                                                                                                                                                                                                                                                                                                                                                                       `            `             `
                                                                  Test and Dep VLANs                                                          Admin and Operation VLAN
                                                                                                                                                                                                                     GDT VLAN


                                                                                                                                                                                                                                                                                                                                                                                            BRO User LAN
                                                                                                                     Switch

                                                                        `                 `
                                                                                                                                                                                                                                    Converter                                 GDT
                                                                                                                                                  `               `                                                                   Fx/Tx                                                                                                                                            `            `
                                                                            Dep.              Dep.                                       Operator        Operator

                                                     Test DB




                                                                                                                                              Figure 2 Design diagram for the upgraded NBRS




                                                                                                                                                                                           P AGE 15 OF 24
Appendix 7-Technical
Specifications                                   Viet Nam Business Registration Reform
5 December 2011                                         Phase A-Module II and Phase B


The above figure illustrates the configuration of the extended NBRS operational environment.
In this configuration, the NBRS consists of the upgraded ABR and 63 provincial BROs with
65 offices. The ABR and MPI DC will be divided into several Zones.

The zones division in MPI DC will be adjusted during the equipment installation and
configuration phase.

In ABR, the network firewalls and core switches are the main networking equipment. The
role of the firewalls is to impose restriction on incoming and outgoing traffic protecting the
network segments from possible attacks. The firewalls have the features that allow
terminating the VPN connections from the BROs. The traffic that comes to the Basic
application and Web Proxy servers is balanced by using the Microsoft network balancing
(NLB). For the other applications, the resources are distributed by the VMware DR and HA
features.

The ABR DC Border Public Zone

It consists of UTM firewall clusters working in HA mode, Link Load balancing device and
ISP communication equipment needed to connect to the Internet. The role of this zone is to
control and balance all the incoming and out-going traffic to/from the ABR, to protect from
the network attacks and threats coming from the Internet to the other ABR zones, to establish
VPN Site-to-site communication to the BROs and to have a backup path for Intranet
connection.

The Core Zone ABR and MPI

The zone contains of core firewall clusters working in HA mode and pair of redundant core
switches. The role of this zone is to have second protection layer for the other zones, control
all traffic flow of the NBRS, to provide QoS for traffic shaping, avoid internal attacks, threats
and internet attacks, to provide VLAN infrastructure and routing schemes for the ABR and
MPI

The Perimeter Trusted Zone ABR is considered a high-security network segment. It will
contain the physical application servers. The application servers handle the business logic for
the registration service and registration of the financial statements in the system. The AD, CA
and Backup management servers will be also installed in that zone

The Perimeter Trusted Zone MPI role is the same as it described for ABR with applications
server virtualization which will provide distributed and HA virtual environment for the
applications. Backup management server will not be virtualized and will serve as the backup
proxy server for the virtual environment. The servers will be connected via fibre channel (FC)
using pair redundant FC switches.

The Perimeter Application Zone MPI hosts the applications for Online, Information and
Reporting services, e-payment and e-signature web services. The applications will run in
virtual environment is provided by physical servers and virtualization software in perimeter
trusted zone MPI with the resource distribution and high availability.




                                         P AGE 16 OF 24
Appendix 7-Technical
Specifications                                  Viet Nam Business Registration Reform
5 December 2011                                        Phase A-Module II and Phase B


The Perimeter Zone MPI is less secure than the Perimeter Trusted Zone. It is designed to
store Web Proxy servers. The Web Proxy servers will serve the NBRS services will be
accessible from Internet.

The Intranet Zone ABR will be used for handling connections from the BROs via IP-
MLPS/VPN.

The Test and Development Zone ABR will consist of test database Servers, application test
Server workstations for testing and maintenance. This zone is separated from the other VLAN
segments. Access to other zones is controlled by the core firewall module.

The Database Zone MPI consists of database server node with the proposed distributed
architecture:
    - The database server cluster node 2 for internal registration services and master data
        synchronization server for other database servers functionalities. It will synchronize
        data with Online and Information services database. Replicate data to backup server
        instance (standby database) will be installed on the same server. The changes will be
        applied by Oracle Data Guard technology.
    - The HA DB cluster for the NBRS Information and Online Services.
    - The Basic database will be stored at ABR SAN zone where storage equipment with
        the extended storage is running and regularly backups take place.

The cluster servers will be connected via fibre channel (FC) using the existing extended FC
switch in ABR and the new pair switches in MPI .

The Database Zone ABR contains the database server cluster node 1 for internal registration
services and master data synchronization server for other database servers functionalities. It
will synchronize data with Online and Information services database. Replicate data to backup
server instance (standby database) which will be installed on the cluster server node 2 in MPI.

SAN Zone ABR and DC consists of disk arrays, tape libraries connected to the FC network
using FC switches.

Administration Zone will be used for implementing administrative ABR tasks including
collecting statistic from central databases, managing network, managing devices, reporting
production, planning and other tasks which needed by computers and are not directly related
to the database information.




                                        P AGE 17 OF 24
Appendix 7-Technical
Specifications           Viet Nam Business Registration Reform
5 December 2011                 Phase A-Module II and Phase B




3.3 TECHNICAL SPECIFICATIONS FOR HARDWARE
     – APPENDIX 2 A) AND 2 B): TABLE 3 ABR DC AND MPI DC HARDWARE
     CONFIGURATION REQUIREMENTS


3.4 TECHNICAL SPECIFICATIONS FOR BASIC SOFTWARE
    – APPENDIX 2 A) AND 2 B): TABLE 4 ABR DC AND MPI DC BASIC SOFTWARE
    REQUIREMENTS




                                       P AGE 18 OF 24
Appendix 7-Technical
Specifications                                    Viet Nam Business Registration Reform
5 December 2011                                          Phase A-Module II and Phase B


3.4.1 REQUIREMENTS FOR INSTALLATION, COMMISSIONING
      AND CONFIGURATION OF BASIC SOFTWARE
The necessary configuration parameters, equipment characteristics will be provided by the
Purchaser.

The provided basic software shall be installed, commissioned and configured by the Supplier,
including but not limited to the following:

   -   Migration of Oracle EE database instances on NBRS node 1 to Oracle EE RAC on
       node 1 and node 2;
   -   Configuration of standby database on NBRS database server node 2;
   -   Performing upgrade of NetBackup (NBU) from the existing version (7.0) to the latest
       version at the time of installation;
   -   Configuration of the new version of NBU to operate within the upgraded NBRS
       architecture;
   -   Installation of NetBackup master server;
   -   Installation of NetBackup clients;
   -   Installation of Oracle Enterprise Linux on database servers;
   -   Installation of Oracle SE RAC on database servers;
   -   Installation of VMware hypervisor on application servers;
   -   Configuration of VMware environment for the virtual guests;
   -   Installation of MS Windows 2008 virtual guests;
   -   Installation of MS Windows 2008 on backup server at MPI DC;
   -   Installation of SQL server;
   -   Installation of anti-virus software;




                                         P AGE 19 OF 24
Appendix 7-Technical
Specifications                                     Viet Nam Business Registration Reform
5 December 2011                                           Phase A-Module II and Phase B


4 ABBREVIATIONS AND DEFINITIONS
4.1 ABBREVIATIONS
ADO.NET           ActiveX Data Objects for .NET

ASMED             Agency for SME Development

ADSL              Asymmetric Digital Subscriber Line

BRD               Business Register Division

ABR               Business Registration Data Centre

BRO               Provincial Business Registration Office

CA                Certificate Authority

CAT               Category

CIR               Committed Information Rate

CPE               Customer Premises Equipment

DB                Database

DHCP              Dynamic Host Configuration Protocol

DNS               Domain Name Server

DTD               Document Type Definition

EE                Enterprise Edition

FC                Fibre Channel

FE                Fast Ethernet

FTTH              Fibre To The Home

Gb                Gigabyte

GDT               General Department of Taxation of the Socialist Republic of Vietnam

GE                Gigabyte Ethernet

GSO               General Statistics Office of the Socialist Republic of Vietnam

HA                High Availability

HCMC              Ho Chi Minh City

HNI               Hanoi City




                                          P AGE 20 OF 24
Appendix 7-Technical
Specifications                                     Viet Nam Business Registration Reform
5 December 2011                                           Phase A-Module II and Phase B


HW                Hardware

IE                Microsoft Internet Explorer

IIS               Internet Information Services

IP                Internet Protocol

IPsec             Secured Internet Protocol

ISDN              Integrated Services Digital Network

ISP               Internet Service Provider

IXP               Internet Exchange Point

kbps              Kilobits per second

L2                Network Layer 2 switch

LAN               Local Area Network

MAC               Media Access Control

MAN               Metropolitan Area Networks

Mbs               Megabytes Per Second

MPI               Ministry of Planning and Investment of the Socialist Republic of Vietnam

MPLS              Multi-Protocol Label Switching

MPS               Ministry of Public Security of the Socialist Republic of Vietnam

MS                Microsoft Company

NBRS              National Business Registration System

NAT               Network Address Translation

NGN               Next Generation Network

NLB               Network Load Balance

NRD               Norway Register Development AS

ODP.NET           Oracle Data Provider for .NET

OS                Operating System

PC                Personal Computer

PL/SQL            Procedural Language/Structured Query Language

POP               Point of Presence




                                         P AGE 21 OF 24
Appendix 7-Technical
Specifications                                       Viet Nam Business Registration Reform
5 December 2011                                             Phase A-Module II and Phase B


QoS                  Quality of Service

RDBMS                Rational database management system

SAN                  Storage Area Network

SDH                  Synchronous Digital Hierarchy

SE                   Standard Edition

SHDSL                Single-Pair High-speed Digital Subscriber Line

SP                   Service Pack

SSL                  Secure Socket Layer

UPS                  Uninterrupted Power Supply

UNIDO                United Nations Industrial Development Organization

USB                  Universal Serial Bus

USD                  United States Dollar

UTP                  Universal Twisted Pair

UTM                  Universal Threat Management

VDC                  Vietnam Data Communications

VLAN                 Virtual Local Area Network

VNPT                 Vietnam Post and Telecommunications

VPN                  Virtual Private Network

WAN                  Wide Area Network

XHTML                Extensible Hypertext Markup Language

XML                  Extended Markup Language



4.2 DEFINITIONS
.NET                  Microsoft's set of software technologies for connecting information, people, systems and
                      devices. It is based on web services which are small applications that can connect to each
                      other as well as to other larger applications over the Internet.

Application           A formalized request for registration to the BRO

Application server    A server computer in a computer network dedicated to running certain software applications.
                      The term also refers to the software installed on such a computer to facilitate the serving
                      (running) of other applications.




                                            P AGE 22 OF 24
Appendix 7-Technical
Specifications                                               Viet Nam Business Registration Reform
5 December 2011                                                     Phase A-Module II and Phase B


ASP.NET                      ASP.NET is a web application framework developed and marketed by Microsoft, which
                             programmers can use to build dynamic web sites, web applications and web services.

Active Directory             It is a technology created by Microsoft that provides a variety of network services and
                             allows administrators to assign policies, deploy software, and apply critical updates to an
                             organization

Broadcast domain             A logical division of a computer network, in which all nodes can reach each other by
                             broadcast at the data link layer. A broadcast domain can be within the same LAN or it can
                             be routed towards other LAN segments

Business Registration Form   A registration form which covers all the data needed to submit in order to be registered at
                             once in BRO, GDT, MPS and GSO.

End user                     A user accessing and using services provided by NBRS. Basically it is a user working with
                             NBRS at BRO

Enterprise Code              A digital identification code assigned to an object. ID stays the same along with the object
                             through the whole life-span of the object

Ethernet                     It is a family of frame-based computer networking technologies for local area networks
                             (LANs). It defines a number of wiring and signalling standards for the Physical Layer of the
                             OSI networking model, through means of network access at the Media Access Control
                             (MAC) /Data Link Layer, and a common addressing format

Frame Relay                  Frame relay is a telecommunication service designed for cost-efficient data transmission for
                             intermittent traffic between local area networks (LANs) and between end-points in a wide
                             area network (WAN).

Hub-and-Spoke                The hub-and-spoke distribution paradigm (or model or network) is a system of connections
                             arranged like a chariot wheel, in which all traffic moves along spokes connected to the hub
                             at the centre

Internet                     A worldwide, interconnected system of computer networks

Intranet                     A private computer network that uses Internet technologies to securely share any part of an
                             organization's information or operational systems with its employees

Leased Line                  A dedicated communication line between two points

Local Area Network           A high-speed communications system designed to link computers and other data processing
                             devices together within a small geographic area, such as a workgroup, department, or
                             building. Local Area Networks implement shared access technology. This means that all of
                             the devices attached to the LAN share a single communications medium, usually a coaxial,
                             twisted-pair, or fiber-optic cable.

Network                      A group of stations (computers, telephones, or other devices) connected by communications
                             facilities for exchanging information. Connection can be permanent, via cable, or temporary,
                             through telephone or other communications links. The transmission medium can be physical
                             (i.e. fibre optic cable) or wireless (i.e. satellite)

On-line registration         Web enabled system for the preparation and submission of the business registration form

Point of Presence            An Internet point of presence is an access point to the Internet. It is a physical location that
                             houses servers, routers, ATM switches and digital/analogue call aggregators. It may be
                             either part of the facilities of a telecommunications provider that the Internet service



                                                  P AGE 23 OF 24
Appendix 7-Technical
Specifications                                        Viet Nam Business Registration Reform
5 December 2011                                              Phase A-Module II and Phase B


                       provider (ISP) rents or a location separate from the telecommunications provider. ISPs
                       typically have multiple POPs, sometimes numbering in the thousands. POPs are also located
                       in Internet exchange points and collocation centres




                        A group of hosts with a common set of requirements that communicate as if they were
                       attached to the Broadcast domain, regardless of their physical location. A VLAN has the
Virtual Area Network   same attributes as a physical LAN, but it allows for end stations to be grouped together even
                       if they are not located on the same network switch. Network reconfiguration can be done
                       through software instead of physically relocating devices.

Reform                 An implementation of the NBRS




                                           P AGE 24 OF 24

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:1
posted:2/8/2012
language:
pages:24