Bilaspur Smart City

Technical Proposal

7.5.1 Proposed Solution

Bilaspur Smart City: Technical Proposal

825
Contents
Introduction .................................................................................................................................... 3
Scope of Work ................................................................................................................................ 4
Functional Requirements ............................................................................................................ 10
Proposed Solution & Network Architecture .............................................................................. 39
1.1 Integrated Command and Control Center ................................................................ 39
1.2 ICCC Platform Integration Approach with Sub systems ............................................ 53
1.3 Scalability and Modularity ............................................................................................. 60
1.4 Overall Network Architecture ........................................................................................ 64
1.5 SmartCity Data Center Architecture ............................................................................ 71
1.6 Compute and Storage Technical solution .................................................................. 84
1.7 Smart City IP Telephony and Collaboration Architecture ......................................... 89
1.8 Smart City IP Security Architecture ............................................................................. 100
1.9 Data Security ................................................................................................................. 114
1.10 App Security .................................................................................................................. 118
1.11 Privilege Account Management ................................................................................ 128
1.12 Endpoint Security .......................................................................................................... 141
1.13 SIEM ................................................................................................................................. 145
1.14 Storage ........................................................................................................................... 151
1.15 DR (Cloud) ..................................................................................................................... 159
1.16 Adaptive Traffic Control System .................................................................................. 171
1.17 Traffic Enforcement System (ANPR, RLVD, SVD, Wrong Way) ................................. 196
1.18 Variable Message System .............................................................................................. 30
1.19 Public Address System .................................................................................................... 34
1.20 CCTV Surveillance........................................................................................................... 42
1.21 Network & Element Management systems ................................................................. 55
1.22 Smart Pole ........................................................................................................................ 76
Project Implementation Approach ........................................................................................... 80

Bilaspur Smart City: Technical Proposal

826
Introduction
Tata Advanced Systems Ltd is a part of the Tata Group, an $104 Billion diversified multi-
national Indian conglomerate. TASL offers innovative technology based Integrated
Security solutions in the areas of critical infrastructure, border protection, urban
security and management, transportation, aviation security, cyber security, law
enforcement, business intelligence and natural disaster preparedness.

TASL provides Integrated Smart & Security Solution (ISS) through services like Security
Audits, Security Consulting, Solution Design, Turnkey Implementation, Operation and
Maintenance.

TASL methodology for securing critical assets includes extensive site surveys, detailed
threat assessment and identification of appropriate risk mitigation technologies and
their integration into a complete solution.

TASL blends reputed local/regional partners, who are providers of robust field proven
technologies with world class systems integration and project management expertise.
This combination of global technology sourcing with local customer responsiveness
shall serve present needs of the customer and as the system evolves over time to meet
future challenges.

TASL is pleased to submit a technical proposal for Request for Proposal (RFP) for
Selection of Master System Integrator for Implementation of Intelligent Traffic
Management System (ITMS), City Surveillance System and Integrated Command and
Control Centre (ICCC) in Bilaspur City.

To summarize, TASL has the necessary domain expertise, capabilities, in-depth

experience, and human resources to successfully partner and execute this project.

Bilaspur Smart City: Technical Proposal

827
Scope of Work – Understanding of Requirements
The smart city proposal of Bilaspur includes several Pan City and Area Based
Development initiatives with a focus on both infrastructure and ICT advancements
across the city and at strategic locations. The strategic focus of the city has been
identified to improve mobility, improve situational awareness, enhance public safety
and security, and introduce data driven decision-making. Following are the key
benefits for the city

Enable real time monitoring of the various facets of management of Bilaspur Smart
City i.e. Security, Traffic and City Utilities.

Provide capability to respond in a unified manner to situations on ground (both day

to day and emergency situations) by creating a common operational picture for the
relevant stakeholder.

Provide and manage touch points from all concerned stakeholders during the
lifecycle of various incidents.

Define and manage the Key Performance Indicators (KPIs) for various operational
aspects of the City Management.

Provide capability to conduct analysis for continuous improvement of city operation.

The key objective of the proposed solution is to

Deployment of various sensors (intelligent traffic signals, surveillance cameras, traffic

enforcement sensors, PA systems, environment and weather sensors) throughout the
city to improve situational awareness.

Development of an integration platform which will facilitate exchange and

aggregation of data irrespective of underlying technology platform of application.

Development of Integrated Command and Control center for improved visualization

of ambient situation in the city and facilitation of data driven decision making

Integration with existing and future ICT systems for smooth operations, monitoring and
management.

Implementation and Integration provision for existing system and future services as
identified by Bilaspur Smart City Limited (BSCL) in the city including but not limited to
(with provision for future scalability):

Bilaspur Smart City: Technical Proposal

828
 ✓ City Surveillance System
✓ Adaptive Traffic Control System
✓ Traffic Enforcement System
✓ Automatic Number Plate Recognition System
✓ IP based Public Address System
✓ Variable Message Signage System
✓ Environmental sensors
✓ Smart Lighting
✓ Smart Governance
✓ City OFC Network
✓ Water SCADA & Smart Meters
✓ Sewerage System
✓ Storm water Drainage
✓ Electrical SCADA and Smart Meters
✓ E-Medicine/Health
✓ E-Education
✓ Disaster Management System
✓ Grievance Management System
✓ Public Bike Sharing System
✓ BILASPUR City Wallet/Smart Payment
✓ GIS based Property Management
✓ BILASPUR City Mobile App and Portal
✓ Solid waste management System
✓ Smart Parking
✓ Multi-Modal Transport Systems (MMTS)
✓ Any other sensors/systems

Bilaspur Smart City: Technical Proposal

829
Work Plan and its adequacy

We understands that it is required to prepare a technical solution that incorporates

Traffic Enforcement Systems (Red Light Violation Detection (RLVD) Systems, Speed
Violation Detection System, Public Safety (Public Address & CCTV Surveillance
System), provisioned for integration of multiple other smart systems like E-Education,
Disaster Management, Solid Waste management, Smart Parking, etc .

Once the contractual agreement is signed as per schedule of project Inception

phase we will initiate the following activities:

Project Kick-off

Along with key officials of the CLIENT/DEPARTMENT and our team will form a steering
committee which will guide the project team from time to time

Crystallize the expectations of key stakeholders.

Discuss & finalize Reporting structure, escalation mechanism etc.

Setup of Project Management Office (PMO)

PMO team will create an overall integrated project plan and project governance
structure they will defines detailed, day-to-day project management procedures, for
instance work plan tracking, status reporting and monitoring & controlling, defining

Bilaspur Smart City: Technical Proposal

830
issue and risk processes and procedures, change control process etc. These are the
detailed processes and procedures, which will use to manage day- to-day project
activities and drive the project forward through the project phases.

Preparation an Inception Report

As a project Charter, it will address the following aspects of Program Management:

Preparation of questionnaire for field survey for understanding the business objectives
of smart solutions and understanding the existing IT environment.

Structure and Composition of Program Management Unit, Project Steering Committee

and Project Execution Committee

Scope of work and limitations to scope of work

Roles and responsibilities of various stakeholders

Project Plan overview

Deliverables and timelines

Brief assessment of current state of various Smart City Initiatives based on initial
understanding of Solution.

Detailed Work Plan & Activities

We, as the Bilaspur Smart City Implementing Agency, will apply this approach in
delivering the project deliverables. We will start off with understanding the project and
system design based on close consultation with Client and the other stakeholders. We
will then use the design to develop internal processes to be followed which will enable
us to deliver the project within the specified timelines and also identifying risks related
to project delivery and success.

Our technical approach will be driven by a strong team of experienced team leaders
including Project Managers, ITMS experts, Traffic Engineers, Electronics and
Communications Engineers, Network Engineers, Civil Engineers, and Electrical
Engineers who will be readily available to client staff through communication
advancements when off-site.

Our technical work scope adheres to the phased approach and will be performed in
a series of sequential and concurrent tasks.

The process flows from the Centre as the ICCC moves towards operation. Each step

Bilaspur Smart City: Technical Proposal

831
consists of three parts.

1. System Deployment: The first is the system deployment work element where the
project team generates a product that advances the system to the next step.

2. Documentation: The team documents this work effort.

3. Verification: The project team works with client and the Engineer to verify that the
product meets the design requirements.

This three-part process allows the project team and client to work together in
configuring and customizing our operational proposed system to one that directly
meets client’s situation.

The process then follows the five basic development steps advancing the system to
actual revenue operations. The steps include:

• Mobilization: Our project team members will submit the project plans identified in
the RFP. These plans along with our Technical Proposal will be with client and its
representatives for review in advance of the Design Briefing.

• Design: This step addresses finalization of proposed design and configuration of

software, central equipment, field hardware and any related communication design.
Our proposal provides our proposed solution but during the design step, we will review
with client and finalize the required detailed design along with solution architecture
for each of these elements. The project team will generate a detailed design
documentation. The verification and approval process will take the form of a formal
design review with Bilaspur Smart City and the Engineer. Once the approval is
received from Client and other stakeholders of the project, We shall proceed further
with the preparation of execution plan along with plans for work zone safety, traffic
management etc. Thus, we believes that the outcomes received from this step will
act as a catalyst in initiating the next steps on this project, i.e. the implementation
stage.

• Development: With the verification of the design and solution architecture, the team
moves onto the development process. The primary focus at this step is the
configuration and customization, as needed, of the application software and the
laboratory integration of any new hardware. The verification of this step is done
through a Factory Acceptance Test (FAT) and System Integration Test (SIT) depending

Bilaspur Smart City: Technical Proposal

832
on the need. At this point, the system is ready for installation and field integration.

• Installation & Integration: The first step in this regard would be the procurement,
supply and installation of hardware and Software such as for example vehicle
detectors, controllers and other accessories and hardware equipment (Servers,
workstations etc.), both in ICCC and on-filed. Apart from installation of ITMS,VMS,VA
software in the ICCC servers, all the components of ICCC will also be configured for
each of the junction to attend varying operating conditions. Once the system passes
the acceptance testing process, the system is ready for commercial operations. In
preparation for commercial operations, system manuals are provided, and training is
completed for the operations team.

• Operations: The final verification process is the performance Trial Period (TP). The
system is measured against live traffic to verify that it meets the required performance
measures. The as-built drawings and system documentation completes the effort. As
the project moves from system design and development to installation/ integration
and operations, so does the location of the project team.

Bilaspur Smart City: Technical Proposal

833
Functional Requirements
Bilaspur Smart City Intends to enhance the safety and security and improve efficiency
of municipal services and other government departments to promote a better quality
of life for residents. In order to achieve these objectives, BSCL desires to foster the
development of a robust ICT infrastructure that supports digital applications and
ensures seamless steady state operations, city management, surveillance,
emergency response mechanisms and real time tracking of services and vital city
metrics throughout the city and in government departments.

Bilaspur Smart City project intends to improve traffic management, traffic control,
traffic law enforcement and traffic information dissemination, Public Safety and
security in the city. Provision for integration of various subsystems in a single platform
for batter access.

The Traffic Enforcement System, City Surveillance System and other Systems including
central subsystem will be hosted at the Data Centre in Bilaspur and all components
will be integrated with ICCC platform for centralized operations. This system will
perform monitoring and control functions of field devices. The ATCS Signals and
Law/Traffic Enforcement, City Surveillance System design provides a flexible,
expandable and modular architecture. The different Smart City Elements and there
field subsystem consists of a variety of field devices that are deployed along the city
and open roadway sections. These devices will have capability to provide support for
central monitoring and control activities. The key elements of the ICCC project for
Bilaspur smart city have been shown below.

Overall, the communications architecture involves a fiber connection at Edge level

and ILL connectivity opted for cloud based DR site. Evidently, all the system
components will be integrated with fibre optic backbone.

OFC Laying and Network Backbone

BSCL have decided to implement various solution under Smart City Mission mainly:-

Integrated Command and Control Centre

Data Centre within ICCC Building

Disaster Recovery Centre (Hosted on cloud data centre)

Bilaspur Smart City: Technical Proposal

834
 ▪ City Surveillance

▪ Intelligent Traffic Management System

▪ Adaptive Traffic Control System (ATCS)

▪ Automatic Number Plate Recognition (ANPR) System

▪ Red Light Violation Detection (RLVD) System

▪ Speed Violation Detection (SVD) System

▪ Traffic Violation Cameras

▪ Variable Message Sign boards

▪ Public Address (PA) System

▪ Environmental Monitoring Sensors

▪ Smart poles

▪ Video Management System and Video Analytics

Overall Network Connectivity

To achieve the overall objective, various components/elements need to be

connected with ICCC using various Last Mile Technologies. We propose the have 3
Tier Architecture as demonstrated below.

Bilaspur Smart City: Technical Proposal

835
Access Ring: Each access ring will use rapid ring protocol to restore services in case of
any fiber cut. Rapid ring protocol restores network fiber cut with-in 50msecs. Due to
carrier grade network recovery upper level protocols will not be aware of fiber cuts
and there will not be any protocol convergence in L2 layer or L3/IP layer.

Distribution Layer: As in access ring, rapid ring protocol used for fiber cut recovery by
distribution nodes/ring. Since rapid ring protocol restores network within 50msec during
fiber cut, there will not be any L2 or L3/IP control protocol convergence needed and
services are not be affected during single span fiber cut in distribution ring.

Core POP Layer: All POP nodes will run IP/MPLS tunnels to setup services from
distribution node to end-nodes. Shorter route Primary path will be setup to end-node
and a diverse Secondary backup path will be setup for a service. During fiber cut
MPLS Fast Re-Route will restore the service within 50msec.

Multicast Support : POP nodes and Distribution nodes are capable of multicast routing
using PIM-SM. Multicast routing enabled in all POP nodes and in Distribution nodes to
send only one stream of multicast stream even if there are multiple clients in access
device. End device in access device request to join to available multicast stream via
IGMP join either from local access node or from up-stream distribution node.

Connectivity:

The Data Centre becomes Primary POP that will be the aggregation facilities for an
integrated high-speed network backbone for both BSCL and non-BSCL needs.

The backbone network will be sized to be at 10GE and scalable in the future. In the
case of a failure or break in one of the links, the data takes an alternative path to the
destination.

From each of these POP facilities, there will be a dedicated fibre optic infrastructure
required for distribution layer serving a particular ‘zone’. This distribution
communications will be used to provide the connectivity to BSCL field cabinets/future
mini-POPs. This shall be provided in a 10GE ring configuration.

The last layer for communications will be the access layer i.e. connectivity to every
field device that will be provided from the distribution network. This shall be provided
in a 1GE ring configuration.

Bilaspur Smart City: Technical Proposal

836
The proposed fiber routes might undergo some changes during deployment time due
to on ground ROW feasibilities. A Macro level overview of OSP Fibre Infrastructure
Network topology proposed for construction can be seen below involving all the 3
Layers of the network with indicative Geographic reach of the city A robust network
is one of the key foundational requirements on which future ‘Smart’ initiatives is
designed and built. Hence, an end-to-end fibre optic connectivity is envisaged as a
part of this project. The planned fibre optic network infrastructure shall be capable to
carry all the key services that will be implemented in due course under smart city
initiatives. This dedicated fibre optic infrastructure shall be used for both BSCL and non-
BSCL services (other government services and tenants). Ultimately, the BSCL fibre optic
network shall be used as the underlying enabler for realizing all connectivity needs
(both citizens, smart city components and sensors) to enable a digitally connected.
BSCL Network shall become an asset to the City with all ownership under the control
of BSCL.

Backbone Layer Architecture: Backbone Network is designed between primary pop

and secondary POPs in a Ring architecture. Each POP is connected to at least two (2)
additional POPs for high availability, reliability and survivability of the overall backbone
network.

Backbone Layer Infrastructure: Backbone layer is provisioned with 1/10G Bandwidth.

The cable for backbone connectivity shall be24 strands single mode loose tube
armored fibre cable. Backbone connectivity will be provided through 2x50mm ducts.
24 core FTP shall be installed at every POP location for termination of the 24-core
cable. Intelligent Patch Panel System and Fiber Asset Management System will be
used at POP locations for the Infrastructure management and changes in network
planning. SC connectors are used for the termination of 24 core cable

Reliability and Availability: The proposed Back Bone layer route have a high degree
of reliability and availability. In the case of a failure or break in one of the links, the
data takes an alternative path to the destination.

Scalability: A dedicated 24 core Fibre Optic cable is provisioned for the backbone
layer connectivity. 24 cores of fibre fulfill the connectivity needs of smart city
components and to meet the future requirements.

Installation Methodology: HDD/OT Methodology is opted for laying the fiber cable.

Bilaspur Smart City: Technical Proposal

837
Backbone Trench will be provided for the installation of fiber optic infrastructure.
Detailed method of installations is explained under the installation procedure section.

Distribution Architecture:

From each of these POP facilities, there will be a dedicated fibre optic infrastructure
required for distribution layer serving a particular ‘zone’. This distribution
communications will be used to provide the connectivity to BSCL field cabinets /
future mini-POPs (if required to meet the project connectivity requirements) From
each Secondary POP there will be distribution rings serving particular zone. Distribution
layer will be in ring architecture. Distribution layer will be interface between the access
layer and Core Layer. Each distribution ring is provisioned with 10G bandwidth.
Distribution ring is formed with the combination of the redundant pops geographically
diverse paths wherever available

Distribution infrastructure: Distribution rings are provisioned with 1G/10G Bandwidth.

The cable for distribution layer connectivity shall be strands single mode fibre cable.
Distribution connectivity will be provided 24 core FTP shall be installed at every
Distribution Node location for termination of the 24-core cable.SC Optical connectors
are used for termination of 24 core cable.SC Patch chords are used at backbone
layer for the connectivity with Distribution Nodes and FDMS.

Reliability and Availability: Distribution rings are formed between two redundant Pops.
Distribution layer will be on dual homing ring architecture. Distribution Rings started
from a secondary POP will terminate in another secondary POP. With this approach
maximum reach, coverage of distribution fibre across area is achieved. Even though
any of the secondary POP fails still the entire smart city network will be live through
dual homing redundancy features. Proposed ring network architecture can survive
multiple fiber cuts and reroute traffic within 50msec for distribution rings.

Installation Methodology: HDD/OT Methodology is opted for laying the 2*50mm ducts
in the Distribution Trench. Detailed method of installations is explained under the
installation procedures section.

Scalability: A dedicated 24 core Fibre Optic cable is provisioned for the backbone
layer. 24 cores of fibre fulfills the connectivity needs of smart city components and to
meet the future requirements.

ACCESS LAYER ARCHITECTURE:

Bilaspur Smart City: Technical Proposal

838
The third layer of fiber network is the access layer. Access rings starts from the
Distribution Nodes. Ring architecture is used for connecting Access nodes to
Distribution node. Wherever possible dual homing ring architecture is used to connect
the access nodes to the distribution nodes. 1G bandwidth is provisioned for access
layer architecture.

Access Layer Infrastructure: Access rings are provisioned with 1G Bandwidth. The
cable for Access layer connectivity shall be 24 strands single mode fibre cable. Access
layer connectivity will be provided through 1*25mm ducts. 24 core FTP shall be
installed at every Access Node location for termination of the 24-core cable. LC
Optical connectors are used for the termination of the 24 core cable.LC patch chords
will be used for the connecting Access node with FTP.

Reliability and Availability: Access layer will be on ring architecture. Access Rings
started from a Distribution node will terminate on the same distribution node or nearby
distribution node wherever feasible. With this approach despite a fiber cut in the
access layer the end devices will be still live through the redundant paths in the access
layer. Thus, Single Point of failures can be avoided with proposed ring architecture.
Proposed ring network architecture can survive multiple fiber cuts and reroute traffic
within 50msec for distribution and access rings.

Scalability: A dedicated 24 core Fibre Optic cable is provisioned for the Access layer.
24 cores of fibre fulfill the connectivity needs of smart city components and to meet
the future requirements.

END DEVICE LAYER ARCHITECTURE:

From every Access Node, end devices will be connected by the Cat -6 cable. Cat-6
patch panels, cat-6 patch chords will be used for structured cabling wherever
necessary. 24 port copper patch panels will be used for the end device connectivity
including spare capacity of the patch panel ports shall be left as spare for future
expansion. All cable entries shall be provided with appropriate cable pathway. For all
the end devices (WIFI, CCTV, ATCC, ANPR Cameras) cat-6 Surge suppressor will
provided for data line protection. These surge suppressors will not interfere with data
communications

Bilaspur Smart City: Technical Proposal

839
Installation Methodology

Safety & Precautions

Figure 0-1 Installation Methodology

Site engineer/Contractor shall follow all safety rules as defined by the safety In-charge
for different items depending upon the nature and type of job.

The site engineer shall ensure all lifting tools & tackles are having valid test certificates.
All recommendation or specification shall be followed.

The suitability of environmental condition to be checked at the start of works.

Handling of Equipment’s shall be strictly in accordance with the approved safety

procedure.

All the tools and the tackles shall be in good condition and in working condition before
receipt of structures.

Ensure that the area is barricaded to the require boom length or swing area for safety
measure before lifting.

Job is to be carried-out during the lean traffic periods (night time) with the Proper
traffic management plan.

It requires Traffic diversion, employing signal man, use of warning signage, barricades
etc. to protect the work-men from the speeding vehicle impact.

Bilaspur Smart City: Technical Proposal

840
During loading or unloading, the load should not be passed over any person standing
on the ground, or any person should come in front of crane/new generation hydra.
No one can stand below the lifted load, if necessary, barricade the area to restrict
unauthorized movement in loading or unloading area.

The rigger should tie the load with tag lines to control its movement instead of directly
handling the load.

The work area should be cleaned once the termination is done and pieces of fiber
optics shall be segregated and safely disposed of.

Work Permits must be taken from the safety department prior to the start of the work
for activities such as excavation, work at height etc.

Checklists and formats shall be duly filled and submitted to the safety department for
verification for various activities.

The debris or loose sand needs to be removed from the excavation area immediately
and should be used for proper backfilling at later stage. The excavated area needs
to be properly barricaded.

Only ‘A’ type Aluminum ladder must be used be used for height work of less than 2 m.

Proper dressing and marking required for termination. Due care should be taken to
avoid overlapping and wrong termination

Any incident/Near Miss/Dangerous occurrence shall be immediately reported to the

Site Engineer. It is the responsibility of the site engineer /Contractor to convey this
information in prescribed format to the Safety /PM Team.

Create ‘no go’ zones around hazardous areas and implement safe work distances.
Choose signs with messages clearly indicating the actions drivers or pedestrians are
required to take. Where necessary, traffic control persons shall be used to provide
positive guidance to motorists.

PRECAUTIONS TO BE TAKEN WHILE TRENCHING

It is required that trenches are not kept open. Trenching, cable laying/ducting and
backfilling activities be done parallel as far as possible to avoid any mishap or
accident.

No trench shall be kept open close to carriage way/berm. Caution boards shall be

Bilaspur Smart City: Technical Proposal

841
displayed at all such locations, to caution public. Contractor shall protect all life and
property from damage while doing construction/trenching work.

If Warning covers of other services or operators are encountered during excavation,

earth around these is gently removed to loosen them. The covers are then removed
and stacked out side the trench for reuse. When under-ground plan of other services
are exposed during excavation, adequate protection is provided at suitable intervals
along the run of these plans/services and concerned authorities shall be informed.

In event of inadvertent damage, location and nature of damage must be intimated

to concerned department immediately. In the mean-time action is taken for
preventing aggravation of damage.

Necessary barricades, night lamps, warning boards and required watch man shall be
provided by contractor, to prevent any accident to pedestrians or vehicles or animals.
While carrying out blasting operations, the Contractor shall ensure that licensed
blasting professional are employed for the purpose & adequate safety measure are
taken by cautioning vehicular and other traffic. He shall employ sufficient manpower
for this with caution boards, flags, sign writing etc.

Work is supervised by contractor’s representative, who must carry with him following
documents

Letter authorizing contractor to carry out work in the specific area.

Copy of permission issued by concerned ROW authority.

Contractor shall provide adequate precautionary measures to prevent caving in of

the trenches while excavation, due to soil condition. At such locations, width of the
trenches shall be kept adequate and necessary arrangement shall be made for safe
working within trenches. Arrangement must also be made for pumping out sub-
soil/underground water from trench, if any.

Temporary footbridges are provided when trenches are made across entrance of
buildings etc.

Special care should be taken in digging footpaths. Proper protection shall be

provided to avoid accidents. No inconvenience should be caused to pedestrians.

Underground power cable is not to be moved. Electricity dept. is immediately

informed. Horizontal and vertical separation of 60 cm shall be maintained from power

Bilaspur Smart City: Technical Proposal

842
cable. As far as possible power cable should be crossed at right angle.

All necessary arrangement is made to maintain stability of trenching.

Any valuable material of cultural/ historical/ archeological interest, if found while

trenching, shall be brought to the notice of the authority concerned.

Any trenching done near existing services should be done very carefully to prevent
accidental damage to a service.

No person must work alone in an excavation or trench that is greater than 1.2m deep.

Machinery must never be placed in or near excavations and trenches where exhaust
fumes may contaminate below ground atmospheres that workers are required to
occupy.

At Road crossings following safety precautions should strictly followed

Should inform the relevant road authority 48-hours prior to the commencement of the
work.

Need to ensure that every law regarding traffic, safety, traffic signs and barricading is
complied with.

The angle of the crossing should be as near a right angle to the road centreline as
possible.

The edge of the trench must be cut using asphalt/concrete cutters to deliver smooth,
uniform edges.

All excavated material and equipment must be placed and demarcated in such a
way to not inconvenience vehicles and pedestrians.

No person may off-load on a public road, any materials that are likely to cause
damage to a road surface.

Prerequisites:

Trench must be aligned according to permission granted by authority/ agency.

However following Prerequisites & Safety measurements must be adhered to.

Cross pits/Pilot Holes must be made manually to check presence of any underground
utilities at adequate spacing. Pilot Holes needs to be dug at 30 - 50m intervals. The

Bilaspur Smart City: Technical Proposal

843
pilot holes should be at least 150mm deeper and wider than the proposed trench.

Trench boundaries shall be marked with rope / lime powder prior to digging in order
to get trench in straight line.

Trench shall be located at lowest point of lower area if feasible. Trench must not come
over field’s boundary or any heap of soil/garbage dump.

Tree roots must be by passed to avoid damage while trenching and ensuring safe
passage of OFC. Such negotiation should be of smooth curve. Ducts are to be sleeved
in a HDPE pipe, if not 100mm away from existing tree roots

Standard depth of trench shall be as per the best telecom practices and norms.

Depth will be variable as in certain exceptional site conditions like hard strata inside
cities it may not be feasible to dig up to specified depth.

Bottom of trench shall be uniform and should follow contour of ground.

In city areas trench will normally follow footpath/pedestrian way of road except
where it may have to come to edge of carriage way or when cutting across road with
specific permissions from road authorities responsible.

All required work permit should be taken before start of the work.

Area for trenching should be clear of obstructions.

WORK METHOLOGY FOR CABLE TRENCHING &BACKFILLING:

Equipment’s and tools

o Pick and mattock

o Grub Hoe
o Shovel
o Trenchtamper
o Jack- Onepair.
o Rope for unloading /loading/unloading.
o Cablewinch.
o Cablewinch.
o Nylon rope drums of 1250 M (For machine pulling).
o 4 mm rope.

Bilaspur Smart City: Technical Proposal

844
 o Swivel andshackle.
o Pulling socks or cablegrip.
o Lubricant.
o Plastic bowls forlubricant.
o Sponge.
o Walkie-Talkie 6 Nos.or
o Magneto
o Drop wire 2 kms. (formangneto).
o Rubber 2 /manhole.
o Half round (split) pipes 2/manhole.
o Polythene tape 5m/manhole.
o Clamps 4/prs,//manhole.
o Cleaning brush for cleaningpipes.
o Mandrill.

Loading, Transportation & Unloading:

DWC HDPE Pipe with accessories & Cable drum of required length and size according
to cable schedule shall be shifted to the location with the help of hydra/Manually.

Working Methodology for Cable trenching:

Trench route marking before the excavation work: Optical Fibre Cables shall be laid
in the trench through PLB HDPE pipes at a depth of 1.5M as measured from top of
HDPE pipe. Taking into account the diameter of the HDPE pipe and provisions of sot
soil below HDPE pipe, it will be desirable to have the trench dug to depth better than,
1.60 meters. In case of obstructions etc, the cables can be laid at a lesser depth
provided.

A minimum depth of 0.90 is achieved in case of rocky soil. In case of nonrocky soil. In
case of non-rocky soil where due to any obstructions in built up areas it is not possible
to dig deeper, a minimum of 1.00 meter from top of pipe shall be maintained.

Open Cut Method: This involves creating a trench through manual or mechanized soil
excavation. Digging a trench with desired depth and width as per the above
mentioned standards.

All excavation work will be performed under the supervision of a responsible person

Bilaspur Smart City: Technical Proposal

845
who must be competent to exercise such supervision. Proper excavation and
preparation of the trench will inhibit unanticipated longitudinal and cross- sectional
strains and stresses on the duct. Trench walls shall be vertical for at least the height of
the bedding and then as vertical as possible. Exercise care when trimming trench
floors to ensure that they are level. Where excavations pass beneath kerbs, guttering
or driveways, etc., proper support shall be provided for these structures until tunnelling
and backfilling is completed. Where ducts are to be laid beneath existing paving
blocks, the pavers shall be carefully removed to be reused. Paving blocks must be re-
laid on a bedding of sand and reinstated to its original state or better.

Duct Uncoiling and Duct Installation Methodology

Ducts shall not be un-coiled without the use of a Vertical or Horizontal De-Coiler.

De-coilers will prevent twisting, bending or kinking from occurring during the
installation process. Duct un-coiling can be accomplished by pulling the conduit
straight into a trench from a stationary rotating de-coiler or by laying the conduit into
the trench from a forward moving de-coiler positioned on a trailer. Once the duct
coils are secured inside the de-coiler, only then can the containment straps on the
duct coil be cut. Next, rotate the de-coiler slowly to unwind the duct out in one plane.
Generally, the ducts are placed in the trench, one length at a time and joined on the
floor of the trench using couplers. Ducts shall be laid in a straight line between MH/HHs.
It is never ideal to have directional changes, but if unavoidable - keep the bending
radius as big as possible and offset is in the same direction.

As the ducts are laid and jointed, install end caps on ducts at all MH/HHs to prevent
water and dust from entering.

Care shall be taken to ensure that no dirt collects between the duct and coupler to
deliver an airtight seal.

At MHs or HHs where the duct goes straight-through, allow for sufficient slack for the
duct to be secured against MH or HH walls.

Duct Installation - Moving Trailer Method

This method is most efficiently used where the path to be followed does not contain
any obstructions that require the duct to be placed under. Move the trailer slowly
along the trench route while unwinding and placing the duct in the trench. Take care

Bilaspur Smart City: Technical Proposal

846
not to over spin the reel.

Duct Installation - Pulling Method

The duct can also be pulled and placed by hand or by a mechanical pulling machine
with the help of a Pulling Device that is fitted in‐between duct and mechanical pulling
machine. The two types of pulling attachment devices most commonly used are a
Pulling Grip or Basket Grip.

Backfill and Warning Tape

Material excavated from trenches may be used as backfill, provided that it contains
stones no greater than 150mm in diameter, trash, or organic matter that could
potentially damage ducts.

Backfill material is to be installed in layers not exceeding 300 mm, with each layer
compacted before the next is added.

After compacting the first layer of backfill, the warning/marking tape is placed.

The photos of this procedure as proof of existence. Conceivably, the warning tape
will be encountered before damaging the ducts or cable.

Bridges/Culverts Crossing Methodology:

In small bridges and culverts across canals, different methods as given below could
be followed.

If the bridge or culvert is broad and is having sufficient cushioning, the pipes can be
buried inside the cushioning.

If the bridges / culvert is provided with raised and hollow foot-path or wheel guard,
the pipe encased in GI can be buried inside the hollow foot-path or can be laid over
the wheel guard and chambered.

If the supporting pillars are having projects and between pillars the distance is less,
then the pipes (HDPE with GI encasing could be laid over the pillar projections.

If the none of the solutions is possible, then outside the parapet wall, GI troughs can
be fitted with suitable clamps. For smaller bridges, the HDPE pipes can be laid inside
the trough. However, for long bridges, HDPE pipes need not be laid inside the trough.
While laying the cable, glass wool or other cushioning items may be used. In either
case, the gaps between two troughs after putting the lids should be thoroughly

Bilaspur Smart City: Technical Proposal

847
covered to prevent entry of rodents.

Special type of bridges such as cantilever type requires special type of troughs to be
locally manufactured to withstand the vertical and horizontal movement of the joints
of cantilever.

Road, Railway, Traffic, Vehicle Crossings

Outer sleeve with required diameter (1x160mm as an e.g.) of DWC duct that will act
as outer sleeve for HDPE duct where duct to be laid will be under vehicle crossings
and heavy traffic area etc. DWC duct shall be laid using manual boring procedure at
road crossings, Vehicle crossings, etc.

Horizontal Directional Drilling (HDD)

Horizontal Directional Drilling (HDD) is a method of installing underground pipelines,

cables, and service conduit through trenchless methods.

It involves the use of a directional drilling machine, and associated attachments, to

accurately drill along the chosen bore path and back ream the required pipe.

HDD is the preferred method to crossroads, highways, railway lines, rivers and all other
services that may prove to be too dangerous or costly to cross using conventional
methods like trenching and/or ploughing.

Project Planning Overview. Prior to starting an HDD project, certain steps should be
taken to ensure that you are performing the bore as efficiently as possible.

Safety. A thorough understanding of all safety and operating procedures is necessary

to successfully operate an HDD. Each HDD unit is equipped with an operator’s manual
in a protected storage location. It is essential to study this manual before using the
HDD unit.

Exposing Utilities. Location and exposure of utilities must be completed prior to Starting
an HDD project. Locating underground utilities and obstacles before beginning a
project will help to ensure the final success of a bore.

Ground-penetrating radar systems (GPR) can be used in conjunction with traditional

locating techniques to help provide more accurate production of underground
information.

Machine Setup. Proper placement of the machine prior to starting the project can

Bilaspur Smart City: Technical Proposal

848
greatly

Affect the efficiency of your bore. The HDD unit must be placed at the job site with
care to ensure that the maximum depth of the bore can be obtained without
overstressing the drill rods or the product being installed.

The Vermeer Terrain Mapping System is available to help map geographical

conditions at the job site. Information from the Terrain Mapping System can also be
uploaded directly to software to help ensure proper machine placement.

HDD Tooling

Tooling Overview. Tooling is an essential component of the HDD process. Because

tooling is subject to wear, choosing high-quality tooling for your HDD unit will help keep
your projects more productive in the long run. Specialty tooling is also available for
applications like rock and sewer. Customized tooling created to fit your work
environment is available by special order.

Drill Rod. Drill rod is designed for pushing drill heads and pulling back reamers and new
product through the drill path. They are made with a hollow center to allow drilling
fluid to flow through the rod, into the drill head or back reamer and out into the bore
path. Drill rod has an allowable bend radius which determines how much it can be
steered to produce the desired drill path. The bend radius is specific to each rod
length and diameter.

Drill Heads. A drill head connects to the end of the drill rod and houses the locating
transmitter and cutting bit. Drill heads also transfer drilling fluid from the drill rod to the
drill bit. Drill heads can be connected to the drill rod using a connection system or hex
collar connection system. A variety of drill heads is available for use in different ground
conditions and applications.

For use in standard dirt-based soil conditions.

For use ranging from standard soil conditions to softer rock formations.

For short- to mid-range use in solid rock formations.

For use with bores involving wire line, gravity sewer or extended-battery operation.

DrillBits.Adrillbitattachestothedrillheadandaccomplishesthecuttingaction during a
bore. There are many drill bits available for various underground conditions. Vendors
offer a large variety of drill bits, several of which include standard bits for use in normal

Bilaspur Smart City: Technical Proposal

849
soil conditions and carbide- tipped and carbide-fragmented bits for tougher, more
abrasive soil conditions.

Back reamers. There is a large variety of back reamers available for various soil
conditions. The primary function of all back reamers is to prepare the bore path by
cutting, shearing, and mixing soil and drilling fluid into a flowing substance called slurry.
When pulling product into place, the size of the back reamer used is larger than the
outside diameter of the product(s), creating a flowing slurry between the bore path
wall and product(s). Pipe-Pulling Accessories. Pipe-pulling accessories are used to
enhance the performance of a product pullback and project efficiency. Several
commonly used pipe accessories include:

Swivels — Prevent product from twisting while being pulled into the bore path. Pipe
pullers (including pull grips, expanding taper pullers and carrot-type pullers) — Allow
product to be pulled into the bore path.

Locating Overview. The type of locator most commonly used in HDD is a walkover
system. The walkover system consists of a transmitter and a receiver. This type of system
allows the user to walk over the top of the drill head with a receiver that interprets
signals from the transmitter in the drill head. Information from these transmissions allows
the user to determine the position of the drill head and displays several important
pieces of information including pitch, roll, depth, and location. This information is then
relayed to a remote screen at the machine for the operator to see.

Depth/Position. To determine location of the drill head, the receiver uses signal
strength from the transmitter in the drill head to indicate its depth and position. The
depth and position information is displayed on the locator screen.

Roll. Roll is the rotary position of the drill head. It is indicated by a clock-face reading.
Roll is very important when making a steering correction. When the operator of the
drill rack faces the direction that the drill is advancing, 12 o'clock means the drill head
will steer upward, 6 o'clock indicates a downward thrust, 9o'clock is left and 3o'clock
is right. A bit can be positioned to move

Directional drilling is a three-stage process:

Pilot Hole – Stage -1:

The first stage consists of drilling a small diameter pilot hole. Drilling fluid is pumped

Bilaspur Smart City: Technical Proposal

850
through the drill pipe to the drill bit where high pressure jets and the bit will grind the
soils ahead of the drill stem.

The drilling fluid will also carry the cuttings back to the entrance pit at the drill rig.
Tracking of the pilot hole can be done in several ways depending on the size and
complexity of the shot.

Smaller shots are done using a walkover guidance system whereas the larger more
complex shots have a wire line magnetics type system.

With both methods there is a transmitter or steering tool located near the drill head
which sends a signal to the location engineer giving the exact coordinates of the drill
stem.

Readings are constantly taken which check the depth, alignment and percent slope
of the drill head.

Upon reaching the exit point, the beacon housing and bit is detached and replaced
with a reamer.

Pre-reaming – Stage -2 :

The second step is to pre-ream the pilot hole and enlarge it to a size sufficient to safely
install the product lines.

A reamer is pulled back and rotated while pumping drilling fluid to cut and remove
solids to enlarge the hole. Pre-reaming speeds will vary depending on existing soil
conditions and the number of cuttings that are removed from the hole.

Pipe Pullback – Stage -3:

The final step is the pullback of the HDPE pipe within the pre-reamed hole.

The drill rod and reamer will be attached to a swivel, which is utilized between the
product line and the reamer to prevent any torsional stress from the rotating drill string
being transferred to the product pipe. As the HDPE pipe is pulled into the drill hole,
drilling fluid is pumped downhole to provide lubrication to the HDPE pipe.

Bilaspur Smart City: Technical Proposal

851
 Figure 0-2 Pipe Pull Back

HDD tunnel must be kept as per standards.

Loop-pit markers must be fixed at the locations of HDD pits(both entry & exit points).

In case RCC markers are allowed to be erected/installed or not but Electronics route
markers are invariably buried at HDD pits.

Locus /profile diagram of HDD must form a part of “As Built Drawing” & copy of same
should also be submitted with ROW papers.

The course of the drill is monitored and can be controlled as rods progress following
an upward sloping path, before emerging at an intended point.

The drill head is then removed and replaced with a back reamer, ± 20% larger than
the duct or cable to be pulled into the hole.

HDD is carried out where open trenching is not possible/permitted. Following points
must be ensured in case of HDD:

Depth of The duct is attached to a swivel connection on the back reamer. The drill-
rods and reamer are rotated and pulled through the hole, enlarging it and pulling-in
the duct at the same time.

The whole operation is carried out with pressurized drilling mud, which both carries
away the spoil and supports the hole.

Rigs capable of drilling up to 300 metres in one drill are available and various sizes of
ducts can be installed with this equipment.

The covering must not be less than three times the final diameter of the drilling hole

Bilaspur Smart City: Technical Proposal

852
and at a minimum of1.5m.

At river crossings the distance between the bottom of the water and the drilling hole
should be 10- times the diameter of the pipe and not less than3m.

The location and depth of underground services must be pre-determined before

drilling can commence - as sudden deviations are not possible to by-pass obstacles.

Duct Integrity Test.

Continuity of the pipe is to be tested and ensured. It is quite possible that the pipe
may get elongated, and its bore may get reduced in the process of pulling up the
pipe which may ultimately result into difficulty in pulling cables. The DIT should be
conducted after the pipes are laid either in open trench method or in the HDD
method for verifying this problem. The DIT involves two tests. In one test one side of the
PLB pipe laid is sealed using the end plug. On the other side air compressor/blower is
used to hold the 5 Kg/cm-cm pressure inside the pipe under test. The pressure should
be held for 1 hour without any leakage. In the second test a wooden bullet having
80% of the diameter of inner diameter of PLB pipe and having a length of 2 inches
may be blown from one side of the PLB pipe. The other side of the pipe shall be left
open. The bullet should fly out without any blockage. Then the PLB pipe laying is
successful. Care should be taken by covering the end of the PLB pipe with a
nylon/wire mesh so that the flying bullet shall not hit anyone.

Man-Hole & Hand-Hole

MHs and HHs shall be positioned as far away as possible from road junctions.

MHs and HHs must be built according to prescribed dimensions and specifications.

Before any concrete is placed the Contractor shall examine the shuttering for firmness
and correctness of position and remove all dirt and other foreign matter.

Duct entry points into HHs / MHs must be drilled, without cracking or damaging the
surrounding structure.

Ducts shall enter and exit HHs / MHs in line with the direction of the route, for them to
be coupled thru without any obvious effort, as a continuous duct.

Ducts must never enter and exit on the same wall.

HH / MH external labelling should be done on the coping and NOT the lid, as lids can

Bilaspur Smart City: Technical Proposal

853
get damaged and be replaced. GPS coordinates must be recorded.

On completion of a HH / MH, the Contractor shall re-instate the area around the HH /
MH to its original state or better.

HH / MH covers shall be finished flush with the surface area.

The concrete coping must protrude a little, this to eliminate water entering around the
lid.

HH / MH Inspection

Splice closures are secured.

Cable slack neatly stored and secured with no compromise to the bending radius.

Left tidy and clean.

Ducts sealed in-between wall.

End Caps fitted to empty ducts.

Used ducts sealed in-between cable and duct.

Cables and ducts are clearly labelled.

HH / MH clearly marked on the coping.

Locating disk in position.

Manhole & Handhole Installation

All duct entries and exits at the HHs must be a watertight seal.

All ducts in HHs shall be coupled through.

Incoming ducts must have a watertight seal.

Ducts must be sealed with a watertight coupling that is cast or inserted into the wall
of the HH

HH covers must be watertight or must have at least a double seal.

HH covers should be 150mm above natural ground level with the fill shaped back to
natural ground level in a 2m radius around the HH cover.

On paved sidewalks or verges, next to roads or streets, a cast in-situ concrete or

asphalt backfilling shall be sloped to not impede pedestrian traffic. In these instances,
the HH installation shall be such that it is not more than 50mm higher than the

Bilaspur Smart City: Technical Proposal

854
surrounding paved sidewalk.

The inside surface of the HH shall be sealed using an approved bituminous product.

Safe HH / MH Working Procedures

Obtain a HH / MH entry ref for the work to be undertaken.

At least 2-persons must be present before entering a MH.

Ensure that the vehicles are parked in such a manner that they do not create an
obstruction or hazard to traffic and/or pedestrians.

Use barricades and cones that are clearly visible around the HH / MH.

Pour water around the lid of the HH / MH, to prevent creating a spark when opening
it.

Lift HH / MH covers using your legs and place the cover at least 2m away from the
opening.

An aluminum ladder in good operating condition must be used to enter the MH.

Raise or lower tools and/or equipment into a MH using a rope or bucket.

Never place equipment or tools near the edge of a HH / MH.

Constant ventilation is required when performing work within a MH.

Water in a MH (not containing object-able content) shall be pumped-out into the

storm water system. If not possible, or onto area, a suitable distance away, with
positive drainage.

Never fusion splice in a HH or MH.

Cable Laying:

Cable laying is proposed either by traditional Cable pulling method or by Cable

blowing method.

Cable pulling:

List of tools & other items required for cable laying is given below. This can be taken
as a checklist.

Jack- One pair.

Rope for unloading / loading/unloading.

Bilaspur Smart City: Technical Proposal

855
Cablewinch.

Cablewinch.

Nylon rope drum of 1250 M (For machine pulling).

4 mm rope.

Swivel and shackle.

Pulling socks or cable grip.

Lubricant.

Plastic bowls for lubricant.

Sponge.

Walkie-Talkie 6 Nos. or

Magneto

Drop wire 2 kms. (for mangneto).

Rubber 2 /manhole.

Half round (split) pipes 2/manhole.

Polythene tape 5m/manhole.

Clamps 4/prs/manhole.

Cleaning brush for cleaning pipes.

Mandrill.

Sometimes there is considerable lapse of time between the pipe laying and cable
laying. This intervening period could have heavy rains too. Therefore there is possibility
of entering dissolved muddy water into the HDPE pipes. This dissolved muddy water
may transform into a thick paste or solid mud. Cleaning of the pipes before the cable
laying is absolutely necessary to remove any such obstructions. A 4 mm nylon rope is
already laid in HDPE pipe. One end of this rope is connected to Mandrill. The other
end of mandrill is connected to another rope of 4 mm size and suitable length to cover
the distance between two manholes. The existing 4 mm rope is pulled from other
manhole and thus the mandrill will clear the pipes. Similar operation is then done by
replacing mandrill with nylon brush and rugs.

Bilaspur Smart City: Technical Proposal

856
The pulling of the cable can be done in three ways:

By cable winch.

By cable winch assisted by manual pulling at inter mediate manholes.

By manual pulling at all the manholes.

For manual pulling, the rope may be attached to a diameter and then to the pulling
eye which is fixed to the cable end by supplier. The pulling may be done either
manually under close supervision watching all the time the pulling tension or by means
of winch with automatic cut off at set tension monitored through dynamometer fitted
in the pulling winch.

To reduce the friction between the cable and HDPE, a suitable lubricant may be
continuously applied with a sponge to the cable surface during pulling at every
intermediate man-hole. The standard lubricants with low frictional coefficient may be
used.

Assoonas1km cable or so is pulled towards one side of the route, sufficient overlap of
cable may be kept at splicing location so that the ends may be taken into the Air
conditioned splicing van placed at a convenient and nearby place. 15 metre cable
may be the maximum requirement.

Laying the remaining half of the cable:

Take out the winch to the other end if machine pulling is done.

Uncoil the cable and make the formation of 8. This should be done manually with
sufficient care and minimum bending radius.

Repeat the process of connecting the end of the cable with eye or pulling grip to the
swivel to which the pulling rope is attached.

Repeat the process of pulling the cable by winch or manual with special attention to
lubricant super vision and coiling the overlapping length in the pit.

The mouth of the HDPE pipes at every manhole is closed by rubber bushing. This is
mainly required for prevention of rodent entry.

The cable at the intermediate manholes are to be covered by split 65 mm OD 10

kg/cm2 HDPE pipes, covered with polythene tapes and clamped at 4 places.
Thereafter re-instatement of the manholes is to be done.

Bilaspur Smart City: Technical Proposal

857
Cable Blowing:

Drum test will be carried out for every drum as per prescribed guidelines (to ensure
that no damage has been caused during transit).

This cable blowing method is based on the concept of a consistent high-pressure

airflow, equally distributed along the entire cable throughout the duct. The cable is
mechanically fed into the pressurized space to overcome the pressure drop at the
entry point. The additional pushing force at the entry point is important to increase the
total blow able length. A cable jet-blowing machine is combination with an
appropriate Compressor is essential for optimal blowing. For an effective Cable
Blowing at an average speed of 50-60 meter /min. the Compressor should have the
following parameters:

Factors Influencing the Blow able Length:

Inside diameter of the duct.

Outside cable diameter.

Cable weight.

Coefficient of friction between cable sheath and duct inner surface. Number of
slopes.

Cable stiffness Compressor parameters. Straightness of route.

Degree of winding of the duct in the trench. Ambient temperature.

Blowing Chamber & Manholes

Joint Pit. These are required at the termination locations. The distance of the Splice
Chambers depends upon the length of the Optic Fibre Cable being used. Generally
2 Kms. length of Optical Fibre Cable is used Joint Pit is always greater than Splice
Closure length plus twice the minimum bending radius of the cable. A pit length of 1
metre is sufficient for most of the splice Closures Generally size of the manhole is 1 m x
1m x 1m (length x width x depth).

The basic Rules and Recommendations for Blowing Cable into HDPE Telecom Duct:
Use a proper compressor, never underestimate the compressor parameters. Ideally,
internal diameter (I.D.) of the duct should be 2 times the outer diameter (O.D) of the
cable, For appropriate duct size please refer the following table:

Bilaspur Smart City: Technical Proposal

858
 Ser No Outer Dia of OFC (mm) Recommended Duct Size (OD/LD) mm

1 9.0 – 12.5 32/26

2 13.0 –16.0 40/33

3 16.5 –20.0 50/42

Before starting the Cable blowing, be sure that duct is free of any obstacles or
damage. Use a proper mandrel equipped with a transmitting device. This method will
quickly locate the damaged areas if any, which must be replaced immediately.

When cable blowing is carried in high temperatures, protect cable from direct sunlight
where possible. High temperature drastically reduces blow able lengths.

The blowing method is far less sensitive to bends and curves along the route
compared to the pulling technique. When using state-of-the art HDPE Telecom Duct
and Cable jet blowing machines, it is possible to safely install fibre optic cable around
30° to 90° bends without any additional lubricant.

Before beginning the cable blowing survey the route to determine the best locations,
for access points for blowing machines and compressors. This can save considerable
materials and labour. Always blow downhill wherever possible. Up-hill slopes located
at the beginning of the route reduce the blow able length.

The blowing technique can be used in almost any situation and reduces costs relative
to the pulling method in many cases, blowing exerts less stress on the cable.

This lowered stress combined with fewer splices to the fibre optic cable increases
overall network quality.

The average blow able distance with one machine ranges between 700 and 2000
meters depending on the above-mentioned parameters. Longer utilizing several
blowing machines in tandem can accommodate blowing lengths, positioned in a
series of access points along the route. Another technique for achieving extra-long
cable installation, distances is to access, the cable at manholes like 8 then pull out the
cable and continue installation from this point along the route.

Splicing & Joint Closure

Bilaspur Smart City: Technical Proposal

859
Splicing is done using a good quality splicing machine. Splice loss per joint shall be
minimum and should not be more than 0.07dB. In no case average Splice loss per link
shall not be more than 0.06 dB x No. of splices.

At least 0.6 m to 0.8 m fiber should be stored in cable tray. Fiber should be neatly
coiled without kinks. Minimum bending radius of 80mm should be ensured.

Joint closure should be sealed properly before it is taken out of splicing van.

Joint closure assembly should be done as per instructions of manufacturer.

After assembly, joint closure is to be clamped to joint pit with the help of M6 anchor
bolts (Fischer make) in vertical direction such that dome portion points towards sky
and cables enter joint closure from bottom.

This can also be achieved by using fabricated galvanized clamps – picture shown in
the specs.

It is advisable to carry out leakage/ water penetration test before clamping the joint
closure for 1 hour.

Fiber Termination

FDMS shall be deployed for fibre termination and distribution.

Cable is brought into the building through duct/GI pipe in case building is on higher
floor.

Approx 2m OFC is kept/stored in Fibre Distribution Management system’s (FDMS) for

any eventuality.

OFC entry into FDMS shall be done through bottom holes provided for this purpose.

Fibres of OFC shall be spliced with pig tails and stored in the bottom tray, as per
detailed instruction of the FDMS Supplier. Bottom most splice module shall be used first
for one cable (say incoming cable) and 2nd module for the outgoing cable.

No mixing of incoming and outgoing OFC fibres are permitted unless specifically
asked by Site Engineer.

Pigtails shall be brought up by side and within space provided in FDMs up to Fibre
Distribution Module and shall be properly routed and stored, as per detailed
instruction of Supplier of FDMS. Pigtails routing shall be ready-to-remove type without
disturbing any other pigtail.

Bilaspur Smart City: Technical Proposal

860
Pigtails shall be mounted in designated adaptor and outer opening of adopter shall
be capped.

Fibre Distribution modules for incoming and outgoing fibres shall be in sequence of
Splice Modules used for incoming and outgoing cables.

All covers shall be properly closed / locked to prevent any type of ingress of foreign
material, duct, insects, etc.

Cable armor shall be properly earthed.

Flags shall be fixed with each pigtails depicting fibre number and station from where
cable is originating/terminating.

There shall not be any loose pigtails hanging or coiled at place other than specified.

Link Test

Link Test shall be carried out on OFC section terminated at both ends.

Equipment required for link testing are

Table 0-1 Link Test

S No Equipment Test Parameter

1. OTDR (@1310 mm & 1550 mm) Continuity

Length

Location Identification

Fibre Faults

Spice Loss

Overall Loss

2 Optical Power Loss measuring Equipment Overall Loss

(Light source & Power meter)
Fibre Identification

OTDR Measurements

Measurements shall be taken on every fibre of cable. Wavelength of measurement

shall be 1550 nm. Horizontal and vertical scale of OTDR shall be chosen to
accommodate the full trace of fibre.

Bilaspur Smart City: Technical Proposal

861
Splice loss of each fibre at every splice location shall be measured from both ends of
fibres. To arrive at splice loss, average of algebraic sum of splice loss measured from
both ends shall be taken.

Splice loss at any fibre joints at any location shall not be exceed 0.07 dB and Average
of Splice losses of a fibre over the link shall not exceed 0.06 dB.

Any loss points other than joint point, exceeding 0.02 dB shall not be acceptable.

Location of every joint as measured by OTDR shall be recorded.

Total Fibre loss as measured end to end by OTDR shall be recorded.

Optical Loss Test set up a combination of light source and power meter, shall be
needed. Measurement shall be taken at 1550 mm.

Transmitted (Tx) Power of light source, shall be measured by connecting power meter
using 2 M patch cord and if required fixed attenuator.

The measured Tx value shall either be recorded otherwise power meter shall be reset
at this measured value.

Once power metre has been reset or Tx power has been recorded, patch cord shall
be replaced by Fibre Under Test (FUT). [FUT can be put in between light source and
power metre by placing physically power meter or light source at the either
end of the FUT.

Value displayed in power metre in dB is the link loss.

Optional Loss measurement shall be recorded

Bilaspur Smart City: Technical Proposal

862
Proposed Solution & Network Architecture
1.1 Integrated Command and Control Center
The key objective of this project is to establish a collaborative framework where input
from different functional departments of BILASPUR Municipal Corporation and other
stakeholders such as transport, water, fire, police, meteorology, e-governance, etc.
can be assimilated and analysed on a single platform; consequently resulting in
aggregated city level information. Further this aggregated city level information can
be converted to actionable intelligence, which would be propagated to relevant
stakeholders and citizens. Following are the intangibles that should be addressed by
the proposed interventions:

Efficient traffic management

Enhanced safety and security

Better management of utilities and quantification of services

Disaster Management and Emergency Response

Integration with all existing and future services as identified by BILASPUR Smart City
Limited (BSCL) in the city including but not limited to(with provision for future
scalability).

Different sizing parameters described in below subsections are scope of work for
software and License, integration considerations, and training requirements.

Scope Item Sizing Parameter Sizing

Command Control No. of Command 1

Centers Center

Integration Integration Details Refer to Section 1.2 – Table-A "SUB

SYSTEM

INTEGRATION SIZING BASIS" for

Integration Details

Bilaspur Smart City: Technical Proposal

863
 Dashboards/ KPI/ Refer to Section 1.2 – Table-B "SUB
Report/ Touch Points SYSTEM
Details
INTEGRATION SIZING BASIS" for
Dashboards/ KPI/

Report/ Touch Point Details

CCC Application Number of I/Os 25,000

Central CCC Web & 20 clients Included

Thick Client Based
Application

Training No. Of CCC 1 training for each city

Application Training
Sessions:

Environment Production + Included

Development

Table-A : SUB SYSTEM INTEGRATION SIZING BASIS

Integrations

Adaptive Traffic Control System (ATCS)

City Surveillance System

Automatic number Plate Recognition (ANPR) system

Red Light Violation Detection (RLVD) system

No helmet nad triple riding detection system for two wheelers

Speed Violation Detection (SVD) system

Wrong way movement detection system (WWD)

Bilaspur Smart City: Technical Proposal

864
 eChallan system

Variable Message Signboard

IP based Public Address System

Smart poles (including smart elements)

ICCC BCP

Integrated Command and Control Center (ICCC)

Data Centre

Disaster Recovery Centre

Table-B : OVERALL PICTURE OF CITY UTILITY SERVICES INFORMATION

Sizing Bilaspur CCC

Touch points 100

Dashboards 50

KPI 100

Reports 25

SOP 25

This section of document describes ICCC functional scope, business process

definitions, and identifies the various information touch points and work flows defined
to successfully deploy an integrated solution that meets defined ICCC specifications.

It identifies and describes these information data flows and solution architecture for
each of identified ICCC technology solution areas as per consecutive meetings and

Bilaspur Smart City: Technical Proposal

865
workshop, such that we can identify relevant integration points required for specific
technology solution set.

Proposed ICCC solution offers the capability to close the information gap between
business and operations by employing its strong domain knowledge in Infrastructure
industry with its state-of-the-art integration technology using industry best practice.

ICCC possesses extensive knowledge, experience, and deep domain expertise in

implementing complex solutions for transmission industry. Our integrated solutions tend
to be based on industry standards and best practice; we believe we have strong
domain knowledge and extensive experience in implementing and deploying a
complex system.

The platform will be deployed at BSCL control room and this will serve as monitor and
control center for various utilisties and department of BSCL. All the operational screens
of ICCC will be developed inside the platform with new GUI to give user a uniform
look and feel of all the subsystem which will help them to interact with screens in a
better way.

Wonderware System Platform (WSP) enables enterprise-wide standardization

compliance across processes, functional teams and sites. It’s a common infrastructure
that can bring universal context to real-time processes, alarms, events and historical
archived data across disparate business systems. That’s one common information
model making system design and maintenance more efficient, flexible and secure.

This section of document describes ICCC functional scope, business process

definitions, and identifies the various information touch points and work flows defined
to successfully deploy an integrated solution that meets defined ICCC specifications.

It identifies and describes these information data flows and solution architecture for
each of identified ICCC technology solution areas as per consecutive meetings and
workshop, such that we can identify relevant integration points required for specific
technology solution set.

ICCC solution offers the capability to close the information gap between business and
operations by employing its strong domain knowledge in Infrastructure industry with its
state-of-the-art integration technology using industry best practice.

ICCC possesses extensive knowledge, experience, and deep domain expertise in

Bilaspur Smart City: Technical Proposal

866
implementing complex solutions for transmission industry. Our integrated solutions tend
to be based on industry standards and best practice; we believe we have strong
domain knowledge and extensive experience in implementing and deploying a
complex system. The platform will be deployed at BSCL control room and this will
serve as monitor and control center for various utilisties and department of BSCL. All
the operational screens of ICCC will be developed inside the platform with new GUI
to give user a uniform look and feel of all the subsystem which will help them to interact
with screens in a better way. Wonderware System Platform (WSP) enables enterprise-
wide standardization compliance across processes, functional teams and sites. It’s a
common infrastructure that can bring universal context to real-time processes, alarms,
events and historical archived data across disparate business systems. That’s one
common information model making system design and maintenance more efficient,
flexible and secure.

Table-A : SUB SYSTEM INTEGRATION SIZING BASIS

Integrations

Adaptive Traffic Control System (ATCS)

City Surveillance System

Automatic number Plate Recognition (ANPR) system

Red Light Violation Detection (RLVD) system

No helmet nad triple riding detection system for two wheelers

Speed Violation Detection (SVD) system

Wrong way movement detection system (WWD)

eChallan system

Variable Message Signboard

IP based Public Address System

Bilaspur Smart City: Technical Proposal

867
 Smart poles (including smart elements)

ICCC BCP

Integrated Command and Control Center (ICCC)

Data Centre

Disaster Recovery Centre

Table-B : OVERALL PICTURE OF CITY UTILITY SERVICES INFORMATION

Sizing Bilaspur CCC

Touch points 100

Dashboards 50

KPI 100

Reports 25

SOP 25

Data Integration Platform

The Wonderware System Platform provides a single platform for all industrial
automation and information processes and level 3 applications. It provides a
common and strategic industrial application services platform on top of virtually any
existing system, and is built upon the industry-standards based, ArchestrA real-time
technology.

The System Platform is comprised of 6 server products:

Wonderware Application Server

Operation Management Interface (OMI)

Wonderware Historian

Bilaspur Smart City: Technical Proposal

868
Device Integration

The following sections will provide details of this package’s components.

Wonderware Application Server: The Wonderware Application Server is the core

application development and supervisory control platform for the System Platform.
The Wonderware Application Server allows you to build the desired system by creating
objects and graphical symbols representing real equipment, field devices, or logical
processes.

Operation Management Interface (OMI): The main visualization product, including

integration and interaction with software for CCTV, news feeds, vessel tracking etc. is
Wonderware InTouch OMI, which is the latest version of 17 years on number 1 market
share and more than 10,000 installations. It is designed for minimum programming
and adaptive displays for a variety of devices, as shown in the following diagram.
Visual integration with software such as CCTV management uses either ActiveX or .Net
Control, both of which allow our software to natively handle software commands,
such as camera selection, replay, pan/zoom/tilt etc. This software uses software
objects for maximum reuse and is intentionally designed to visualize a combination of
business, operations and where appropriate automation management such as

Bilaspur Smart City: Technical Proposal

869
alarms.

Wonderware InTouch OMI includes a large library of graphics templates and

integration with mapping software (GIS) and video, such as shown in the following
screenshot:

Key highlights of InTouch OMI are:

No screen size or platform suffers. With the only Responsive HMI framework, you can
design applications once and deploy anywhere, on any device screen, the first time.

A common platform for industrial apps provides business insights, integrated analytics
and unified KPI’s in context with operational data.

Integrate new and existing operational and IT systems into a single unified visualization
client.

Deliver modern user experiences on every device without extra scripting or

programming.

Bilaspur Smart City: Technical Proposal

870
Plug and Play Apps Bridge the IT/OT Divide

Object Wizards and flexible templates

Access and Visualize Your Operations Anywhere

The World’s First Responsive HMI without Scripting

Plug and Play Apps Bridge the IT/OT Divide

The Most Comprehensive Out-of-The-Box Content

Object Wizards and flexible templates make it easier to develop applications and
deploy standards across your organization.

Access a single Object Library covering ~80% of visualization needs.

Bilaspur Smart City: Technical Proposal

871
Deliver platform-aware visualization screens in days instead of months.

Align your visual standards with both IT and Operator imperatives.

Reduce engineering effort/implementation with large, diverse installation across PLC

controllers.

Reduce development and maintenance time.

Increase scalability and repeatability with flexible templates that adapt to native
device settings.

Access and Visualize Operations Anywhere

Historical Playback, Real-time Visualization and Remote Access Functionalities.

Historical Playback

Combine real time & historical data

Provide greater insight

Enable proactive operations

Improve decision making

Online Insight

Pinpoint reasons for downtime

Perfect for technical and casual users

Reduce time and cost of operator training

Access information from the Cloud

Remote Access

Get remote and mobile access to InTouch apps anytime, anywhere through your
device

Integrate SmartGlance for real-time historical and events dashboards, and KPI analysis

Wonderware Historian

Historian will provide the main repository for all City’s real time data and provide the
facility for future easy retrieval of this data. It will also provide operating event and
continuous data logging.

Bilaspur Smart City: Technical Proposal

872
Historian is a critical piece of the city operation equation because it’s a high-
performance repository for all production data. Data is accessible via industry-
standard SQL queries and is fully compatible with most IT departments’ database
applications. Part of the power of the Historian is that it not only stores data
measurements, It also captures a wide variety of city event information, which is
critical for putting process data into the proper context for improved business
decisions.

It combines the power and flexibility of a relational database with the speed and
compression of a real-time system, integrating the office with the factory floor. As an
extension of Microsoft SQL Server, Wonderware Historian acquires city’s OT System
data at dramatically increased speeds, reducing data storage volumes. It also
integrates OT system data with event, summary, production and configuration data.

Key features and differentiators are highlighted as below:

Wonderware historian is easily scalable up to 3,000,000 tags.

One of the key features is historian data in the cloud, in case of ADNOC it may be
private cloud to be managed at ADNOC HQ to complement and extend existing
investments.

Wonderware Online — an industrial information management solution that makes

data accessibility and analysis simple. Anywhere, anytime and on any device

Another feature enabled by Wonderware Historian is the ability to send key data to a
mobile device. This allows users to access KPIs on the go and create personalized
alerts

Bilaspur Smart City: Technical Proposal

873
Lossless Compression: Wonderware efficiently stores detailed, precise process data in
a tiny fraction of the space required to store the same data in a relational database
(as little as 2%) without any loss of detail. Optional filtering (which is lossy and often,
incorrectly, labeled "compression") is also supported, but not required.

Replication simpler to configure (“Tiered”): “push” from Tier 1 with the option to
automatically calculate summary values in the process.

The browser-based access to Historian is super-simple. The familiar search-based

selection and clear user experience makes detailed historical data accessible for
users throughout an organization.

Simple Redundancy: It is trivial to configure redundant "active-active" Historians where

the clients automatically failover.

HMI Functionality: The animation, alarming and scripting functionality is much richer,
specifically latest release of InTouch OMI is new touch screen experience HMI which
is part of our offering for ADNOC Panorama and clear differentiator with available
market solutions

Alarm & Events: The Historian significantly expands the solution beyond process history
to also support alarm & event history--structured, time-series data, not simply values.

Wonderware Historization:

Wonderware Historian software captures data hundreds of times faster than a

standard database system and saves data in a fraction of the space.

Because of the differences between time series information and conventional

transactional record-based data typical of a commercial enterprise, conventional
relational database technology is not suited for this environment. The innovative
Wonderware Historian is designed to manage the continuum of values experienced
in time-series data, which is inherently different from the isolated sample style
information in a typical database.

Wonderware Historian combines front-end, high-speed data collection with time

series extensions to an embedded Microsoft® SQL Server relational database to
optimize both storage and retrieval performance. Wonderware Historian does not
store data directly in Microsoft SQL Server Tables, but instead utilizes a highly optimized
file system separate from the relational database.

Bilaspur Smart City: Technical Proposal

874
Additionally, our “swinging door” data storage algorithm greatly reduces data
storage requirements while preserving important data features. It also fully integrates
event, summary and production data along with database configuration information.

Wonderware Historian captures complete data records with its fault-tolerant data
acquisition system, which is appropriate for control systems and / or multitier multi-
vendor historian environment, geographically dispersed facilities or other applications
that use slow or intermittent data networks. Wonderware Historian can acquire and
store data collected by remote terminal units (RTUs), providing more complete data
records for operations.

Wonderware Historian has built-in advanced data retrieval modes that can make
your data report queries more efficient and more powerful. Wonderware Historian
offers the following advanced data retrieval modes:

Time-in-state

Slope

Interpolated Best fit

Counter , Minimum, maximum, average Time-weighted average

Cyclic and delta, Value state Integral

Full

Round trip

Key Highlights

✓ The easiest, most flexible and open Historian

✓ High market acceptance – over 25,000 licenses sold

✓ Seamlessly fits within your enterprise IT environment

✓ Designed for all industrial manufacturing and infrastructure operations

✓ Generate actionable information for faster, more accurate decision-making

✓ Unify information from multiple manufacturing and HMI/SCADA /DCS systems

✓ Flexible architectures scalable for any application including Multi-Tier.

✓ Produce on demand and scheduled reports for regulatory compliance and

management

Bilaspur Smart City: Technical Proposal

875
 ✓ Ease of administration.

Key Capabilities

✓ High Speed data compression and historization.

✓ Scalability and flexibility with multi-tier architecture.

✓ Open SQL based query interface.

✓ One-click configuration in Control System.

✓ Acquire and historized data from any data source.

✓ Advanced retrieval modes.

✓ Aids business operations and regulatory reporting.

Advanced trending and reporting clients.

Distributed data acquisition and aggregation.

Real-time and historical data trends and reports.

Integrate diverse data sources within a single interface.

Simplified data queries which understand your process and information needs .

Integration with and support for Microsoft Office® via Excel® and Word® add-ins

Integration

For this solution, data integration is

much more than translating
protocols and formats. The data
structures among the various
sources vary significantly
including how time is structured in
them (or not structured at all). In
addition, all of the data that is
integrated at each asset across
the city (water assets, power, parking, buildings, tunnels, airports etc.) – needs to be
further integrated to support an enterprise hierarchy of information which can be
effectively used for the city operational application suites. The proposed integration
model will account for various types of data and format as well as various refresh rate

Bilaspur Smart City: Technical Proposal

876
frequencies, as required for the ICCC.

Offered ICCC Operations Integration Solutions is the next generation of device

integration, which greatly expands the connectivity of the Wonderware based
Control Room solution connectivity spectrum both down to the data layer as well as
up to the business and ERP layers which will eventually support an industry wide,
global, IoT and Cloud-ready communication strategy.

More than 300 native drivers to communicate with various PLCs/DCS/RTU

Support for most of industrial protocols (such as MODBUS, BACNET, LON etc.)

Connectivity to PLCs via industry standards (i.e. DDE, SuiteLink, OPC, OPC UA etc)

Available Software toolkit to enable developers to custom build drivers for new
equipment.

1.2 ICCC Platform Integration Approach with Sub systems

The section below elaborates typical integration use-cases with various sub-systems
and how it enables greater visibility and cross-functional collaboration among
multiple stakeholders of a smart city solution. The use cases also elaborate future
scope of integration for sub-systems that may be procured during subsequent phases
of implementation.

City surveillance system integration

The City surveillance system uses a Video Management System (VMS) to collect and
store the video with the time stamp of all the camera’s feeds across the city. It also
provides an interface to both view the live video, and access recorded video. The
city platform has objects mapped to each of the camera systems.

City Surveillance system provides important data of the incidents recorded in different
city zones. The incident data is retrieved from ANPR, Video analytics and Video
management systems. The video streaming which are to be viewed in real time are
sent over the APIs of the Video management system to the command and control
centre and incident and event data are sent over ESB. The command and control
centre operators will also have direct access to Surveillance system in their
workstations. The surveillance system adds the context to the city KPIs and correlation
of incidents captured form all the underlying city systems.

Bilaspur Smart City: Technical Proposal

877
The camera locations are tagged as latitude/longitude coordinates as attributes
which can be rendered as a layer on the GIS map. The respective feeds of the
cameras are
displayed in the
Operator
console.
Additional UX
can be
configured as
appropriate.

Typically, the incidents recorded are alerted and their incident status up to closure is
tracked at the command and control centre operator. The command and control
centre operators can take control of the incidents any time during the incident
resolution. Integrated Management Platform leverages Operational & Information
technology to provide Safety and incident management personal with meaningful
data

CCTV Preview with GIS mapping

E –Governance Integration: Citizen centric and municipal administration is performed

on the eGovernance application that has internal module that communicated within.
This application generated huge amounts of data related to citizen and city
administration which are critical inputs for the deriving contexts to the key
performance indicators. The data from the eGovernance application is retrieved
from the enterprise service bus and they are not real-time data.

Bilaspur Smart City: Technical Proposal

878
For designing the solution architecture for SSCDL, the system requirement from RFP has
been considered as one of the key inputs. The solution architecture elaborates the
application to best fit the Functional requirement of the system and to support the
Information flow in the system. Overall envisaged technology platform of SSCDL
system will comprise of a set of applications and services. The system supports
interoperability to share data across the internal external application.

A typical e-governance solution contains multiple modules such as grievance

management, license and
permits, citizen’s portal etc.
The ICCC application
integrates through ESB for
critical information that are
required for driving cross-
functional collaborations.
For example, a citizen
complaint for a water
spillage incident may require notifications to water department with additional
information collected from smart water system.

GIS

GIS: Client is an interactive add-on for

offered ICCC System Platform to
enhance the visualization and
navigation of spatial or geographical
data in a Geographic Information
System (GIS).

GIS Client provides a set of wizards and

visual controls to use within System
Platform that allows representing all the
elements in a huge installation as spatial or geographical data in a Geographic
Information System (GIS). It's possible to use the standard map providers
(OpenStreetMap, Yahoo, Bing, ArcGIS, Google, etc) or create your own map or

Bilaspur Smart City: Technical Proposal

879
image provider based on vector files.

Key Features

Develop projects faster (better RIO)

Achieve more efficient engineering (greater functionality)

Simplify and Automate common tasks (less issues)

Extend Wonderware System Platform capabilities (better TCO)

Key Points

Increase productivity reducing engineering and deployment time

Strong value proposition to Integrators using Wonderware in Airports and

Geographically Distributed SCADA solutions.

Main Features

Interactive navigation with GIS features (zoom, layers, etc).

Based on standard map/GIS providers or create a custom map provider based on

images or vector files.

Use typical map providers (OpenStreetMap, Yahoo, Bing, ArcGIS, Google, etc)

Use OGC Standard (WMS Services, WFS Services, etc) Map Providers

Use Digital Layout or Vector/Cad files as Map Provider

Capable of rendering simple graphic elements (markers, polygons, tooltips, etc.) with
simple animations.

Development through IDE and integrated Development Tool.

API oriented (Toolkit)

Productivity Tools (export, import, automatic object creation, …)

Development and Runtime (basic and advanced) tools

Real time data integration (MXAccess)

Template & Instances

Link with ArchestrA Graphics

Runtime independent from development BBDD

Bilaspur Smart City: Technical Proposal

880
.Net Controls & ArchestrA Graphic & Demos

Online / Offline mode

MVC development (Model-View-Controller).

Ability to adapt to Wonderware System Platform technological advances (.NET, WPF,

HTML5)

Intelligent Traffic Management System Integration: Traffic cameras and locations are
mapped to the city platform. Video Analytics helps to develop comprehensive
security, intelligence and investigative capabilities using the video making it possible
to detect specific events and activities automatically from the cameras without
human intervention. Video analytics makes it possible to filter video and provide a
notification when user defined events have been detected, such as vehicles stopping
in an alarm zone, or a person passing through a digital fence. The Video Analytics
(VA) engine sends the alerts to the operator console using the ESB.

Bilaspur Smart City: Technical Proposal

881
Intelligent Transport Management System Integration: The Intelligent Transport
Management System (ITMS) integrates with ICCC using the following approach:

Once critical operational data like over speeding, under speed, route violation,
breakdown, unauthorized stoppage etc. is identified, the ITMS system will make the
data available to ICCC System via ESB through various APIs mutually agreed.

Following is a typical Sample Screen which depicts ITMS Data being visualized in ICCC.

ASSUMPTION:

Bilaspur Smart City: Technical Proposal

882
 Proposal submitted is for ICCC platform will integrate various subsystem of Bilaspur
Smart City.

Applications to be integrated in solution is mentioned is as per RFP requirement

Sizing of integrations, dashboards, reports, KPI and simple SOPs to be implemented is

as per Section 1.2 Table B "SUB SYSTEM INTEGRATION SIZING BASIS" for Integration
Details.

All Screens of SCADA applications will not be replicated inside application.

Application will implement only major overview SCADA screens and other
dashboards.

Proposed solution is based on Windows OS, thick client based. Necessary software’s
are included and installed on servers and workstations.

Application developed for control room can be viewed as it is on web using RDP over
HTML5 technology. Bidder understand that separate application for web/ mobile or
other devices is not required.

IT security should allow Microsoft Single Sign On objects and configuration

Project team will propose necessary KPI to customer, but it's customer responsibility
to provided necessary calculations during requirement gathering or design phase
with mutual agreement.

We have considered 50 concurrent users for ICCC platform as mentioned in

RFP/Corrigendum.

Solution has capability to integrate with future integrations, however current scope is
limited to integration of various subsystem of Bilaspur as per current RFP requirement.

Integration Assumptions

Alarms received from the subsystems by the Command and Control Center is one
way. It will only display the current status of the alarm. It will not able to
acknowledged back the alarms from ICCC portal application. This solution will not

Bilaspur Smart City: Technical Proposal

883
 duplicate the alarm sub system of the SCADA application.

General Assumptions

Requirements & features will be freeze during requirement gathering and design
phase. Any change in requirement or features during implementation or further
phase will be change request.

Considered Dashboard / Report will be in English Language. No localization is

considered in the scope of work.

Software and licenses related to Development and Test are considered out of scope.
Only production environment is considered

EXCLUSIONS:

Data Migration (E.g. Master Data) from any existing system / application

Social Media Intelligence software.

1.3 Scalability and Modularity

The Solution offered provides the Industrial Service Oriented Architecture environment
which is required for the successful interaction, information exchange and function
execution between applications, data sources, and SOPs & Notifications. This
infrastructure includes the creation of global namespace, real-time calculations,
orchestration, business and process entity object modeling, application hosting,
visualization and reporting – all of which integrated applications can exploit to yield a
business supporting solution that enables real-time access to critical, decision-ready
information across the enterprise. In this way, AVEVA believes that the users are able
to make better decisions related to safety, controls, assets, productivity and efficiency
in order to maximize their overall profitability.

An example is the ‘City model’; the logical representation of the physical processes
being controlled and Monitored with the ICCC application. The unique City model
provides a single consistent definition of physical equipment, how data is acquired,
how alarms, Incidents and Other critical information are defined and who has access
to them, in meaningful terms and organized as re–usable templates. Through a

Bilaspur Smart City: Technical Proposal

884
hierarchical model of city operations, the city model presents a convenient
abstraction of the physical equipment and systems, into a more powerful and
productive application development environment, including equipment, areas, and
work processes, KPIs, calculations, interfaces, computers, controllers, databases or
anything which can be modelled in the form of templates. The city model, gives
essential context to the business’ data, greatly assisting with diagnosing and
troubleshooting, as well as providing valuable documentation during commissioning
and throughout the lifecycle of the system. By providing a vital and accurate
representation of operational resources, independent from the physical computing
resources used to run the system, the city model provides increased application
flexibility to decrease the risks associated with initial implementations, as well as the
adoption of change over time.

Since the solution – once configured in this way – contains all the data (live as well as
reference data), the ICCC applications can easily access this data simply by
‘hooking’ into the System Platform’s image without having to have its own integration
to the underlying Control systems, the connected databases of Smart water, Smart
Power, City surveillance and the e-Governance application. In this way, a far faster
deployment time of the overall system can be achieved, since the ICCC applications
can simply be configured to deliver the value they are intended to without concern
for the data source integration. The City and associated models plus all their data
attributes are always continuously refreshed and kept current by the System Platform.

The recommended server infrastructure for a system with many users and the
application would be to scale the web server farm with multiple load balanced web
servers to evenly distribute the load of transactions taking place across the enterprise.
Each of our products can scale from very small systems to very large systems to
account for large loads. Once a typically usage load is determined from this number
of users, the correct number of web servers can be determined. Other options
including private virtualization could also be considered.

In addition, the products support various architectures of being centralized or

distributed. The proper Architecture is usually dictated by the level of city object
communication verses manual data entry.

Virtualization
All our products support virtualization and our experience are that Virtualization has

Bilaspur Smart City: Technical Proposal

885
lowered the Total Cost of deployment, lower TCO and maintenance to IT departments
in the Manufacturing Industries. Typically, the number of virtual and physical servers
are determined based on the number of assets and transaction rates expected for a
given plant or region. Typical such solutions can be installed on one virtual / physical
server or it can be scaled across multiple virtual servers running on one or more
physical servers. For BSCL Smart City Platform’s functional requirements, the entire
solution can be installed on virtual servers based on the estimated number of assets
for a typical facility. Based on other requirements for hot upgrades or high availability,
there may be a desire to implement the solution across multiple virtual images
contained on one physical server.

For such systems, virtualization is a great option for the application middleware server
and application server, since it allows the isolation of client application while making
good use of hardware resources. It should also reduce the overall number of physical
servers. Our application supports virtualization on both MS Hyper V and VMware ESX
server.

✓ Below are some benefits from Virtualization

✓ Green IT, less physical environment.

✓ Easy movement between environments (usage of Snapshots)

✓ Easy baseline and usage of Snapshots for reestablishing a baseline situation.

✓ Usage of standard server Images

✓ High availability and minimized downtime

✓ Maintenance

✓ Upgrade hardware

✓ Power outage

✓ Update – patching, software, firmware etc.

✓ Load balancing is one of the benefits.

Architectural security

All our products integrate with Active Directory for security authentication. Active
Directory Groups are imported into our products (such as System Platform) and each
of these groups can be configured for security groups, privileges and entity access.

Bilaspur Smart City: Technical Proposal

886
Access rights and Security are managed by user group within the solution. User Groups
can be created manually or imported from Active Directory. Each user group can be
configured with a different set of privileges or access rights on the system. BSP’s
specific access rights can be added to the product and used to restrict enhanced
features of the solution. In addition to privileges, user groups can be configured for
access to specific areas, lines or equipment.

Key takeaways of these differences are that the Smart City must be able to operate
even in case of “disaster”, and the confidentiality in the field and equipment areas
loses its meaning.

The most visible evidence of successful cyber security actions and programs, which
include how products are developed, applied and integrated, are a combination of
“resilience” and “cyber resilience”:

Resilience is the ability of the Smart City to prepare for and adapt to changing
conditions and withstand and recover rapidly from disruptions. Disruptions may
include deliberate attacks, accidents or naturally occurring threats or incidents.

Cyber resilience is the ability of the Smart City to withstand negative impacts due to
known, predictable, unknown, unpredictable, uncertain and unexpected threats
from activities in cyberspace. This ability is measured by the combination of longer
mean times to failures and shorter mean times to recovery.

The AVEVA Software Business follows a rigorous Security Development Lifecycle (SDL)
for all software products, projects and solutions that are delivered to our Customers.
The SDL is a component of our Development Processes and governed by a formal
Quality Management System (QMS) process framework. The SDL follows Security Best
Practices and utilizes industry proven security tools and technologies.

Bilaspur Smart City: Technical Proposal

887
1.4 Overall Network Architecture
The proposed Solution for Bilaspur is an integrated solution for citywide connectivity
that establishes a platform on which Internet of Everything (IoE) -based applications
and services can be developed for both citizens and city. Figure below gives a high
level view of some of the services expected to be delivered as part of the RFP.

Proposed Solution Architecture– City Backbone Network

The communications network for Bilaspur SmartCity has the following business
requirements:

Reduction of the digital divide by introducing a highly accessible communication

network that also supports the Smart City functions.

Provide common high speed communications network for various government

agencies in the city.

Robust communications network as the underlying enabler for the success of the
smart solutions project.

Generate revenue during operations for communications network to be self-

sustainable.

The proposed solution for the Smart city is designed keeping in mind all of the above
mentioned functional requirement being put forward by the customer in the RFP.
Further, adequate measures and consideration have been taken in the design to
ensure a fundamental requirement of a highly resilient and effective communication
network. The entire city operations traffic from the street layer to the Data Center can
be carried over a well-designed Bilaspur City Transport network will be using
Multiprotocol Label Switching (MPLS) to construct a packet-switched transport
networks. This will provide a common set of functions to support the operational
models and capabilities required for such critical networks. MPLS will provide
connection-oriented paths, protection and restoration mechanisms, comprehensive
Operations, administration, and Maintenance (OAM) functions for Seamless network
operation using dynamic control plane.

City Transport will have distributed architecture and will have three layers:

Core Layer/Aggergation Layer –Core Router + Aggregation Routers

Bilaspur Smart City: Technical Proposal

888
Access Layer --- IE Access Switches

While IE switches creates the access/ street layer for BILASPUR smart city network,
Core/Aggregation layer aggregates the Access layer rings and uplinks to the
Backbone RING which will comprise of Aggregation routers and the DC CORE routers.

Access/Street Layer: IE 3200 switches are connected in a fibre ring fashion to the Pre-
Agg routers. IE switch will be configured with multiple VLANs for sending traffic to/from
Pre-aggregation nodes. IE switches will be used to provide wired connectivity to all
street layer devices like Root Access Points, IP CCTV Cameras, Kiosks, PA systems,
Variable Messaging Signboards etc.

Aggregation Layer : ASR 920 will act as the Agg layer which will be responsible for
aggregating the Access layer rings over 1G downlink interfaces and will connect to
the upstream Backbone RING over dual/single 10G connections. This layer will be
MPLS aware and the traffic segregation and isolation using different VRF will start from
this layer itself

Core Router: The ASR 903 will be positioned as CORE routers in the BILASPUR Smart city
network and will be responsible for aggregating all the different application traffic
residing and flowing in the network. The CORE router will be hosted in the DC and will
be a part of the same backbone RING comprising of the Aggregation routers. It will
also provide connectivity between all the different applications hosted inside the DC
and their respective end-points installed/positioned in the field network.

Physical Topology: The primary factors driving the IP Backhaul physical design is the
geographical spread as well as fiber link availability. Following diagram gives a high
level view of the physical topology proposed for Bilaspur Smart City Network. We are
mentioning the design options as below which can be deployed for establishing the
connectivity between the street layer and the Data center and ensuring that there is
a continuous and seamless traffic movement all the time.

Bilaspur Smart City: Technical Proposal

889
As being depicted in the above diagram, there is a RING architecture at all the layers
of the network which will ensure a highly resilient and redundant network in place
which will provide a very high level of network availability. Moreover, to increase the
resiliency further, we also recommend to have a dual-homed RING at the Access
layer of the network. The detailed design for the Access Layer with a dual-home
architecture is depicted in the below diagram:

Bilaspur Smart City: Technical Proposal

890
 Pre-Agg Router

Dual-Homed Access RING

Access Layer Switch

Street Layer/Access Layer Ruggedized Switch (IE 3200): IE 4000 industrial grade switch
will be placed at the network edge. WiFi RAPs (Root Access Point), CCTV Cameras
etc will be terminated on IE switches via Ethernet port. Below are some of the
functional requirements for this node:

There will be a total of 50 access layer POE IE switches connected as a part of the
access layer devices. All the devices will be connected in RING fashion and there will
be multiple such access rings. As per Industry best practice, we recommend to have
at least 5 switches in a single RING

In locations, where there are more than 2 switches deployed due to high port density
requirement, the SFP based ports on the switches will be used to connect the second
switch in a daisy-chain fashion

The bandwidth capacity per location will be decided based on the end point
equipment termination happening in that particular location

A Single mode rugged SFPs have been considered in each of the IE switches for the
upstream connections. However, on the locations where more than 1 switch will be
installed in a daisy-chain fashion, 2*1G SFP on the first switch while 1*1G SFP on the
second switch will be considered. The SFPs can support a distance of maximum 10
kms. In case there is any inter-device link crossing 10Km , MSI needs to factor in
relevant SFPs which supports more than 10Km. The number of such SFPs would be
derived based on the site survey conducted in the city

Bilaspur Smart City: Technical Proposal

891
Total number of Box/PTZ cameras, Outdoor Wi-Fi access points terminating on a single
IE Switch will be XX

Multi-VLAN support (802.1q) on the IE Switches to ensure traffic isolation at a L2 level

DSCP and COS support for end-to-end QOS in the network

REP (Resilient Ethernet Protocol) will be configured for ring protection to achieve sub
50 ms failover.

The switch is a rugged switch sustaining under harsh outdoor environments. The switch
is IP 30 certified and will be DIN Rail mounted inside a junction box placed near the
junction. The switch also supports IEEE 1588 PTPv2 for time synchronization.

Note:

It is assumed that all the devices are at a distance of less than

80 mts from the IE switch. At Junctions where the distance of
edge devices exceeds beyond permitted limit, an extra IE
switch needs to be considered. Current calculation is based on
the assumption mentioned below

As the asked switches are POE switches, so it is expected that

all the cameras, APs and other sensors connected to IE switches
will be powered over POE cable and the power injectors will not be required.

Access points will also be powered using POE cable

Street layer devices like Variable Messaging Sign boards/PA systems/Controllers and
Sensors of Adaptive Traffic Control system will also connect to nearest available IE
switch

Sizing the junction Box and provisioning of power is responsibility of MSI

Benefits Of CISCO Deployment at the Access Layer

The devices proposed are scalable enough to accommodate upto 2G Bandwidth

upstream links to take care of the increase in the traffic volume in the future

No need to change the device to accommodate the increment in the Bandwidth

requirement

The flexibility of connecting the upstream links over both Fiber as well as Copper links,
incase required as per the desig

Bilaspur Smart City: Technical Proposal

892
Field Distribution Layer/Pre-Aggregation Layer Router (ASR 920: The ASR 920 router/
switch will be placed in the Smart city network as a preagg/field distribution device
and will aggregate the IE 3200 based access ring. Moreover, it will also connect over
10G links to the Backbone/ Aggregation ring. Pre-aggregation node will be layer-3
capable device with IP-MPLS and dual stack support (Ipv4 and Ipv6). There will be 20
such routers in the network. As per the industry best practice, we recommend to
terminate at least 3 Access Rings on each of the Pre-Aggregation routers.

Following design parameter have been considered in order to finalise the design

There will be a total of XX Pre-Agg Distribution switches

X Access Rings to be aggregated to Distribution/ Pre-aggregation layer

X numbers of 1G ports will be required at Distribution/ Pre-aggregation layer to

connect to the access layer ring

Capacity of the distribution ring should be 10G, however, it has the capacity to scale
up to a 20G ring also, as proposed switch has 4 x 10G uplink port to create 20G ring

X number of 1G single mode transceiver will be required as per their fiber design and
at least 2 numbers of single mode 10G transceiver will be required for the uplink
connection per switch

The below diagram depicts the detailed network design at the Pre-Aggregation layer:

Bilaspur Smart City: Technical Proposal

893
 Pre-Agg Switch Pre-Agg Router

10G Pre-Agg Ring

1G Access Ring

Core Layer (ASR 903): Core Router will terminate Access/Street layer connections
through the service provider. Aggregation node will be layer-3 capable device with
IP/MPLS and dual stack support (Ipv4 and Ipv6). Below are some of the functional
requirements for this node:

There will be 2 Core devices in the network which will be aggregating all the Pre-
Aggregation RING connections while connecting to the DC on the upstream to the
DC CORE routers which will be connected to the same Backbone RING

The Agg router will have support for 1G/10G and 40G links to cater to the varied
interface requirement as per the design. Number of Relevant SFPs which supports
more than 10Km would be factored based on the site survey conducted in the city
and the subsequent requirement

DSCP to MPLS EXP mapping for ensuring end-to-end QOS

802.1p (CoS) to MPLS EXP mapping

HQoS (shaping with nested policy maps) support

Bilaspur Smart City: Technical Proposal

894
Multi-VLAN support (802.1q)

Standard Routing protocols (IS-IS, BGP)

MPLS to the edge.

1.5 SmartCity Data Center Architecture

While designing a highly available & scalable network, for one such as Bilaspur Smart
City DC, a primary objective is to build the network that can withstand component,
link, power and any other types of failures. The network must converge around these
failures healing itself without human intervention and with minimal disruption in
services. It must do all of these things and remain simple enough that the average
Network Admin can configure, monitor & manage the environment.

The component providing the redundancy should also provide additional benefits,
such as load balancing, to the network during normal operations. This objective can
be achieved by using mechanisms such as per-Virtual Switching or Virtual Port
Channel, HSRP per VLAN and routing protocols that can load-balance across multiple
equal-cost paths.

The network must be designed to notify the NOC personnel of any failures; these
notifications must provide enough detail of the events leading up to the failure to help
isolate and repair the problem. This information can also be useful to prevent /
forecast future outages of similar cause. The NOC collects network & system usage
statistics for planning & provisioning purposes. SLA monitoring and enforcement is also
served from the NOC.

For any enterprise class DC network, security is the major concern. The network design
must incorporate the assumptions that it will be under constant attacks of various kind.
The network must not only provide security measures to protect the network
components against unauthorized access and use, but also have the ability to
provide trace records to assist in constructing the sequence of events that leads to
unauthorized access and use. The network design must employ the various security
tools and capabilities embedded across the product lines used within the network.

DC Architecture Overview

Any successful architecture or system is based on a foundation of solid design theory

and principles. Designing a Data Centre network is no different than designing any

Bilaspur Smart City: Technical Proposal

895
large, complex system.

The network architecture consists of various functional building block modules, with
each module performing a set of specific functions. The architectural modules not
only assist in the network design process, but also help in necessary IP address planning
process. The Bilaspur data Center will have a standard hierarchical architecture inside
the DC that will break down the entire LAN into multiple layers and will provide its
benefits of a modular design. Failures that occur within a module can be isolated from
the remainder of the network, providing for both simpler problem detection and
higher overall system availability. Network changes, upgrades, or the introduction of
new services can be made in a controlled and staged fashion, allowing greater
flexibility in the maintenance and operation of the campus network. When a specific
module no longer has sufficient capacity or is missing a new function or service, it can
be updated or replaced by another module that has the same structural role in the
overall hierarchical design.

It is advisable to have a SPINE and LEAF based architecture which is based on the
latest Data Center standards and is having the flexibility to migrate from a hardware
based infrastructure to a full-fledged Software defined Data Center (SDDC) with very
nominal investment and simplified implementation plan. Such a design is highly
forward looking and has full potential to explore the benefits and features of a SDDC.

The following modules will prevail in the DC Network as per the first approach:

Bilaspur Smart City: Technical Proposal

896
Core Layer: The core of a data center network is typically broken out into a pair of
high performance, highly available chassis-based switches. The primary function of
the data center network core is to provide highly available, high performance Layer-
3 switching for IP traffic between the other functional blocks of the network. By
configuring all links connecting to the network core as point-to-point Layer-3
connections, rapid convergence around any link failure is provided, and the control
plane of the core switches is not exposed to broadcast traffic from end node devices
or required to participate in STP for Layer-2 network loop prevention. The device
should have a modular operating system with a dedicated process for each routing
protocol that isolates faults while increasing availability. The major benefit of using it in
the CORE layer will be it’s capability of providing an option to move towards a SDN
based network with ease through some license upgrade and including a SDN
controller in the network.

The SPINE switches will be used in the Data Center with LEAF switches to provide an
optimum network design. The numbers for the SPINE and LEAF switches will be derived
from the number of servers and other end user equipment getting hosted inside the
DC. Moreover, the scalability for the next seven years will also be factored to come
up with the final numbers.

Aggregation and Access Layer: Aggregation Layer is typically characterized by a

high degree of high-bandwidth port density capacity and thus optimized for traffic
distribution and link fan-out capabilities to access layer switches. Functionally, the

Bilaspur Smart City: Technical Proposal

897
nodes in the aggregation layer typically serve as the L2/L3 boundary. The Access
Layer serves to connect hosts to the infrastructure and thus providing network access,
typically at Layer 2 (L2) (i.e., LANs or VLANs).

DC Edge/CORE Router : The edge router will be used to aggregate the CORE 40G ring
and will be the entry to DC network. It will also act as the touch point for the Inter-DC
links that will be there between the DC at Bilaspur and the DR located in some other
city.

There can be a separate layer of Internet router which will terminate the high-
capacity internet feeds from the upstream service provider. This router will run eBGP
with the upstream peer routers and will receive the full INTERNET routing table for
managing the internet bound traffic in an optimum manner. Various BGP attributes
can be used to control the ingress and the egress traffic flow for an optimum utilisation
of the Internet links resulting in an optimum performance and thereby providing a
highly satisfactory user experience.

Firewall & other Services Layer devices: There will be 2 sets of firewall inside the DC
network. One set will work as the perimeter firewall, while the other set will work as a
CORE firewall.The Core Firewall should be able to meet the high performance needs
of mission-critical data centres and provide peace of mind with guaranteed
coverage. Supporting the highest VPN session counts and twice as many connections
per second as competitive firewalls in its class,

Bilaspur Smart City: Technical Proposal

898
The perimeter or Internet firewall will connect directly to the CORE switches with
multiple security zones to provide a highly controlled, restricted and policy driven
traffic movement inside the DC network. It is also recommended to have a separate
INTERNET perimeter firewall which will be placed right below the Internet router and
will be responsible for inspecting all the inbound and outbound traffic to INTERNET. On
the other hand, the CORE or DC firewall will be positioned between the CORE switch
and the DC TOR switches and will be responsible for safeguarding all the confidential
and sensitive data residing on the server farm.

The below diagram depicts the DC architecture :

DC Firewall DC Firewall 2

Application-Centric Policy Object Model

At the top level, the ACI object model is built on a group of one or more tenants,
allowing the network infrastructure administration and data flows to be segregated.
Tenants can be used for customers, business units, or groups, depending on
organizational needs.

Bilaspur Smart City: Technical Proposal

899
Tenants can be further divided into contexts, which directly relate to Virtual Routing
and Forwarding (VRF) instances, or separate IP spaces. Each tenant can have one or
more contexts, depending on the business needs of that tenant. Contexts provide a
way to further separate the organizational and forwarding requirements for a given
tenant.

Within the context there are Layer 2 forwarding constructs called as Bridge domains
that provide a flooding and broadcast domain when required.

Within the context, the model provides a series of objects that define the application.
These objects are endpoints (EP) and endpoint groups (EPGs) and the policies that
define their relationship as shown in

is called contracts.

Figure 3

Endpoint Groups (EPGs) are a collection of similar endpoints representing an

application tier or set of services. They provide a logical grouping of objects that
require similar policy. EPGs are also used to represent entities such as outside networks,
network services, security devices, and network storage. EPGs are collections of one

Bilaspur Smart City: Technical Proposal

900
or more endpoints that provide a similar function. They are a logical grouping with a
variety of use options, depending on the application deployment model in use.

Contracts are policy rules that specify the way that communication occurs between
EPGs and any advanced Layer 4 through 7 services required. Whereas EPGs provide
secure segmentation within a tenant of a Cisco ACI multitenant environment,
contracts can be viewed as Cisco ACI’s security constructs which allow network
security administrators to specify rules and policies for groups of physical and virtual
endpoints regardless of their physical location in the network.

An Application Network Profile is a collection of EPGs, their connections, and the

policies that define those connections. Application Network Profiles are the logical
representation of an application and its Inter dependencies in the network fabric.

ACI is a holistic architecture with centralized automation and policy-driven

application profiles. It delivers software flexibility with the scalability of hardware
performance and facilitates rapid systems integration and customization for network
services, monitoring, management, and orchestration with visibility of both physical
and virtual networks. It is built upon a fabric foundation that delivers the best in class
infrastructure by combining hardware, software, and ASIC innovations into an
integrated system.

Key characteristics of ACI include:

Simplified automation by an application-driven policy model

Centralized Management, Automation and Orchestration

Supports Mixed Workloads (Physical and Virtual)

Secure and scalable Multi-tenant Environment for future

Extensibility and Openness – Open Source, Open APIs and Open software flexibility for
ecosystem partner integration

Tenancy Model

Bilaspur Smart City: Technical Proposal

901
 Figure 4

The ACI Fabric design will provide for multi-tenancy for their DMZ network
environment. The Tenant will represent a logical container a unit of isolation from
policy perspective. Tenants will be defined for DMZ and Corporate environments while
Shared Services will be hosted in another separate tenant. With a given environment
confined to its corresponding tenant in ACI, troubleshooting and fault isolation can
be performed more efficiently.

Segmentation with Endpoint Groups: In the BSCL data center, the ACI fabric represents
a distributed switch/router/Firewall that also indicates application connectivity
relationships according to the policy model. ACI fabric is designed to provide the
following layers of segmentation:

Segmentation using bridge domains and contexts

Segmentation among different tenants of the same fabric

Segmentation among endpoints of the same tenant

EPGs, which are like port groups or port profiles, provide segmentation among
workloads. EPGs contain one or more virtual and physical servers that require similar
policy and connectivity. Segmentation is extended from the ACI fabric to the

Bilaspur Smart City: Technical Proposal

902
virtualized servers so that the Cisco ACI fabric provides meaningful services (such as
traffic load balancing, segmentation, filtering, traffic insertion, and monitoring) to
workloads. The segmentation approach for BSCL is shown in Error! Reference source
not found..

Figure 5 BSCL ACI Segmentation Approach

To begin with, the EPGs are defined by the existing VLAN ID used by the servers i.e.
Physical or Virtual. The EPG will represent a Segmented network which will talk to
default gateway and to the EPGs for which there is an explicitly defined connectivity
policy only.

Policy Enforcement

The policy enforcement consists of inserting workloads into the correct EPG and into
binding sources to the appropriate EPGs and also destinations into their appropriate
EPGs, security, QoS, logging, and so on. As shown in Error! Reference source not found.
the relationship between EPGs and policies is a matrix with one axis representing the
source or Consumer EPG (sEPG) and the other representing the destination or Provider
EPG (dEPG). One or more policies will be placed at the intersection of the appropriate
sEPGs and dEPGs. As part of the policy enforcement design, Contracts will be defined
for establishing a communication between the desired EPG and desired outside
network.

Bilaspur Smart City: Technical Proposal

903
 Figure 6 ACI policy enforcement

By default, there will be no communication allowed between the Tenants. Inter

Tenant communication will be permitted only between Common or Shared services
tenant and other tenants using global/shared contracts within an ACI fabric.

The policy enforcement is performed at the leaf. The policy is then enforced on the
combination of source and destination EPG and information from the packet. It should
be noted that Contracts are stateless in nature and do not offer stateful inspection
capabilities.

Application Centric vs. Network Centric Approach: When discussing an ACI

deployment, there are two main strategies that can be taken: ‘application centric’
or ‘network centric’.

Application Centric Approach: When taking an application centric approach to an

ACI deployment, the applications within an organization should be allowed to define
the network requirements. A true application centric deployment will make full use of
the available fabric constructs such as End Point Groups, contracts, filters, labels,
external EPGs and so on, in order to define how applications and their tiers should
communicate with each other.

With an application centric approach, it is generally the case that the gateways for
end points will reside in the fabric itself (rather than on external entities such as firewalls,
load balancers, etc.). This enables the application environment to get the maximum
benefit from the ACI fabric.

In an application centric deployment, much of the complexity associated with

traditional networks (VRFs, VLANs, subnets, etc.) is ‘hidden’ from the administrator.

Bilaspur Smart City: Technical Proposal

904
Error! Reference source not found. shows an example application centric deployment
approach.

Firewall / Load Balancer / Router

External EPG

Contracts between EPGs to

define communication

ACI Fabric
EPG Web EPG App EPG DB

Web Server App Server DB Server

Figure 7 Application Centric Deployment

Network Centric Approach: A ‘network centric’ approach mimics the legacy network
behavior in ACI Fabric. In this approach the traditional network constructs such as
VLANs, VRFs, etc. are mapped as closely as possible to the ACI constructs like BDs,
EPGs etc. in the Fabric.

As an example, a traditional network deployment might consist of the following tasks:

Define 2x server Vlans at the Access and Aggregation layers

Configure the access ports to map server to vlans

Define a VRF at the aggregation layer

Define an SVI for each vlan, and we map them to the VRF

Define the HSRP parameters for each SVI

Apply features such as ACLs to control traffic between server VLANs, and from server
VLANs to core.

The comparable ACI deployment when taking a network centric approach might be
as follows:

Deploy the fabric

Create tenant and VRF

Bilaspur Smart City: Technical Proposal

905
Define bridge domains for the purposes of external routing entity communication

Create an external/outside EPG to communicate with external networks

Create two bridge domains and assign a network to each indicating the gateway IP
address.

Define End Point Groups

Define a “permit any” contract to allow any to any EPG communication, as a VRF
would do in ‘classic’ model without ACLs.

Note that if external gateways are defined (e.g. firewalls or load balancers) for end
points to use, this constitutes a network centric approach. In this scenario, no contracts
are required to allow access to the default gateway from end points. Note also that
although there are still benefits to be had in terms of centralized control, the fabric
may become more of a ‘layer 2 transport’ in certain situations where the gateways
are not inside the fabric. Error! Reference source not found. shows an example of a
network centric approach.

Firewall / Load Balancer / Router

GW GW GW

EPG Web EPG App EPG DB

Open communication between

end points and gateway

ACI Fabric
EPG Web EPG App EPG DB

Web Server App Server DB Server

BSCL is taking a phased manner approach where will migrate their existing DMZ
network Infrastructure to ACI using network centric way. And later in phase 2, once all
the connectivity are migrated to ACI fabric they will enable Application Centric
deployment of these workload.

Connectivity to External Network: The proposed design for BSCL’s ACI environment
uses ACI fabric as default gateway for all the workload. As a result, communication
between internal and external systems will require a routed connection between the

Bilaspur Smart City: Technical Proposal

906
ACI fabric and the Edge routers (Upper Core and Lower Core). This will be achieved
using a “layer 3 outside” construct on the ACI fabric, as shown in Error! Reference
source not found..

A layer 3 outside construct is configured on the ACI fabric for the specific
context/private network as well as Inter-Tenant communication will be directed
through Edge router if desired.

R1 R2

Static Routing

Leaf Leaf
Node Node
Fabric
Layer 3 Out Layer 3 Out (IPv6 Layer 3 Out
(IPv6) and IPv4) ( IPv4)

BD BD BD BD BD BD

EPG App1 GW EPG App1 GW EPG App1 GW EPG App1 GW EPG App1 GW EPG App1 GW
Context Context Context

Tenant Tenant Tenant

Server App1 Server App1 Server App1 Server App1 Server App1 Server App1

Figure 8: Layer3 Out to Edge router

In the proposed design dedicated Leaf Nodes will work as Border Leafs and will peer
with Upper and Lower Core Switches as shown in Figure 8. The ACI Fabric Border Leaf
Nodes will be physically connected to the Aggregation Switches (i.e. Upper and
Lower Core) via a back to back virtual port-channel. Fast LACP will be enabled for link
fault detection and rapid convergence.

SVIs will be the chosen interface type for L3_Out connectivity and a shared secondary
address will be configured on SVIs to serve as the next hop IP address for the Edge
Aggregation Switches. On Edge Aggregation switches, HSRP will be configured for
redundancy and HSRP VIP will be configured to serve as the next hop IP address for
the ACI Leaf Nodes. Static Routing will be configured using the Shared Secondary IP
and HSRP VIP.

ACI supports a number of possible topologies – for example, where default gateways

Bilaspur Smart City: Technical Proposal

907
exist inside or outside of the fabric, L4-L7 services (such as load balancers) integrated
in “one-arm” or “two-arm” mode, as well as multiple options around external
connectivity.

The logical design is somewhat dependent upon the individual application

requirements so may vary from service to service, however this section sets out a
“default” approach that can be used as a basis for all logical designs.

1.6 Compute and Storage Technical solution

Cisco Unified Computing System™ (Cisco UCS) B-Series Rack Servers are built to meet
today’s demands while being ready to accommodate future technologies, including
more powerful processors and faster Ethernet standards with enhanced throughput.
They can help:

Increase server performance, flexibility, and scale for virtualized and non-virtualized
applications

Reduce the number of adapters, cables, and access-layer switches needed for server
LAN and SAN connectivity

Deploy server applications faster and manage connectivity as needed

Cisco UCS B-Series Rack Servers are designed to utilize the Cisco UCS platform which
is a next generation data center solution that unites compute, network, management,
storage access, and virtualization into a cohesive system. Cisco UCS uses a wire-once
architecture that includes a self-aware, self-integrating, intelligent infrastructure. It can
eliminate the time-consuming, manual, error prone assembly of components into
systems.

Cisco UCS B-Series Rack Servers provide massive amounts of computing power in a
compact form factor, helping increase density in computation-intensive and
enterprise application environments. Our latest Rack servers are available in two form
factors (half-width, full-width) with two or four Intel Xeon Skylake processors.
Continuing to lead the industry with high memory capacity to better support
virtualized environments, the Rack servers can be ordered with built-in modular LAN
on motherboard (mLOM) Cisco virtual interface cards (VICs) to increase I/O flexibility
and accelerate deployment.

Cisco UCS is a groundbreaking approach to computing. It is designed for IT innovation

Bilaspur Smart City: Technical Proposal

908
and business acceleration to:

Add a backup to your converged or hyper converged environment

Boost data center application performance

Build scalable cloud infrastructure

Deploy simple and flexible virtual desktop solutions

Easily scale out data storage while lowering storage costs

Simplify and speed infrastructure deployment

The proposed Infrastructure solution is designed based on following design tenets:

SIX Solution Design Tenets:

Availability

CISCO has proposed fault tolerant design architecture which has:

No Single Point of Failure: - High availability architecture is proposed for overall

compute solution.

Rack Chassis based solution is proposed with consideration of High availability at

individual level.

Chassis: Chassis is proposed with redundant power supplies & fans. It is a true passive
device, there is no point of failure.

IO Module: Redundant IO modules have been proposed in each chassis, in case one
module is down the other module handles the workload ensuring availability of
service.

Rack: - Port level redundancy, Network card level redundancy is supported to ensure
redundancy at each level.

Fabric Interconnect: A pair of fabric interconnects are provisioned to ensure service

availability to overlay network fabric.

Scalability

Horizontal Scalability: - Highly scalable Chassis based Rack server architecture is

proposed for overall solution. Cisco Rack chassis are architected in a way to increase

Bilaspur Smart City: Technical Proposal

909
compute resources by increasing number of Racks & chassis to the same server
domain. These Chassis can connect to existing Fabric Interconnect switches itself.
Hence, there is no need to provisional additional resources while scaling. In addition,
if customer’s desire to deploy a modular rack server, the rack server can also be
connected to existing pair of fabric interconnects. The resources of Racks and rack
servers can be managed through powerful UCS manager through interconnects.

Interoperability

UCS platform gives flexibility in terms of deployment & supports Interoperability with
various software platform. The proposed platform to be deployed is certified on
Windows/Linux etc. It is designed to run high intensive applications and all leading
applications are certified on UCS platform. UCS Manager is easily programmable and
can interface with existing platforms through Python/Ansible and the likes.

The Cisco UCS API provides comprehensive access to all Cisco UCS Manager
functions. The unified API provides Cisco UCS system visibility to higher-level systems
management tools from independent software vendors (ISVs) such as VMware,
Microsoft, and Splunk as well as tools from BMC, CA, HP, IBM, and others. ISVs and in-
house developers can use the API to enhance the value of the Cisco UCS platform
according to their unique requirements. Cisco UCS Power Tool for UCS Manager and
the Python Software Development Kit (SDK) help automate and manage
configurations in Cisco UCS Manager.

Maintainability

Proposed UCS servers leverage industry-standard management capabilities. Each

server configured can be managed with UCS Manager. This powerful tool assists in
system controls to simplify server setup, health monitoring, power, thermal control, and
remote administration and allows managing server infrastructure from any location
via Web Browser.

UCS Manager provides unified, embedded management of all software and

hardware components of the Cisco Unified Computing System Systems across
multiple chassis and rack servers and thousands of virtual machines. It supports all
Cisco UCS product models, including Cisco UCS BSeries Rack Servers and C-Series
Rack Servers, Cisco UCS Mini, and Cisco HyperFlex hyperconverged infrastructure, as

Bilaspur Smart City: Technical Proposal

910
well as the associated storage resources and networks. Cisco UCS Manager is
embedded on a pair of Cisco UCS 6300 Series Fabric Interconnects using a clustered,
active-standby configuration for high availability. The manager participates in server
provisioning, device discovery, inventory, configuration, diagnostics, monitoring, fault
detection, auditing, and statistics collection.

Servers’ are proposed with Management software (Management Console) which

enables rapid response to service events, while tool-less entry and easy in-rack access
to critical system components makes the hardware systems simple to maintain and
manage. Server Management Console provides simple, integrated interface and
receive notification failures. It monitors system health through servers management
console, receive notifications of issues or potential issues, accurate problem diagnosis,
remote troubleshooting assists in maintaining health of the systems.

Server Management Console provides centralized console for managing all server’s
configuration and system information, displaying server status, identifying problems
with server role configuration, and managing all roles installed on the server. This
management console can integrate with leading EMS vendor solutions.

Reliability

The proposed hardware platforms are proven and have a large number of
installations across the globe. The MTBF (mean time before failure) for the servers
proposed are very high this ensures systems are extremely reliable.

CISCO has proposed end to end solution on Intel Latest Skylake generation multi-core
multithreaded processors which have higher reliability, price-performance ratings and
lower power consumption than equivalent other generation/Family/OEM of
processors.

Cost of ownership

The complete Compute portfolio is proposed keeping in mind the lower TCO.
Following are the parameters which contribute majorly to achieve this:

• Easy of deployment – Cisco’s infrastructure management software provides a

model-based foundation for simplifying the day-to-day processes of updating,

Bilaspur Smart City: Technical Proposal

911
monitoring, and managing computing resources, local storage, storage connections,
and network connections. By enabling better automation of processes, Cisco UCS
Manager allows IT organizations to achieve greater agility and scale in their
infrastructure operations while reducing complexity and risk. The manager provides
flexible role and policy-based management using service profiles and templates.
Service Profiles Service profiles are essential to the automation functions in Cisco UCS
Manager. They provision and manage Cisco UCS systems and their I/O properties
within a Cisco UCS domain. Infrastructure policies are created by server, network, and
storage administrators and are stored in the Cisco UCS fabric interconnects. The
infrastructure policies needed to deploy applications are encapsulated in the service
profiles templates, which are collections of policies needed for the specific
applications. The service profile templates are then used to create one or more
service profiles, which provide the complete definition of the server. The policies
coordinate and automate element management at every layer of the hardware
stack, including RAID levels, BIOS settings, firmware revisions and settings, server
identities, adapter settings, VLAN and VSAN network settings, network quality of
service (QoS), and data center connectivity. The service profile consists of a software
definition of a server and the associated LAN and SAN connectivity that the server
requires.

When a service profile is associated with a server, Cisco UCS Manager automatically
configures the server, adapters, fabric extenders, and fabric interconnects to match
the configuration specified in

the service profile. Service profiles improve IT productivity and business agility because
they establish the best practices of your subject-matter experts in software. With
service profiles, infrastructure can be provisioned in minutes instead of days, shifting
the focus of IT staff from maintenance to strategic initiatives.

Service profiles allow organizations to pre-provision servers, enabling organizations to

configure new servers and associated LAN and SAN access settings even before the
servers are physically deployed. Service profiles benefit both virtualized and non-
virtualized environments. Workloads may need to be moved from one server to
another to change the hardware resources assigned to a workload or to take a server
offline for maintenance. Service profiles can be used to increase the mobility of non-

Bilaspur Smart City: Technical Proposal

912
virtualized servers. They also can be used in conjunction with virtual clusters to bring
new resources online easily, complementing existing virtual machine mobility.

• Power requirement- Proposed servers have reduced power consumption—without

reducing performance. Latest generation servers provide a new level of energy
efficiency by upgrading server components and management of power within sub-
components such as; high-efficient/right-sized power supplies, intelligent power and
cooling and smart sensors. It supports Common Slot Technology to reduce power and
improve commonality in power supplies.

1.7 Smart City IP Telephony and Collaboration Architecture

Enterprises, Public Sector & Residential user have come to recognize the benefit of a
unified communications platform that provides access to voice, video, messaging,
presence, and web conferencing—anytime and anywhere. What’s trending now is
that these same government departments are moving to on-premises unified
communications (UC) platforms. Often these transformations involve multiple sites with
sophisticated calling systems. Transitioning such environments requires meticulous
migration planning and high levels of delivery and management skills.

As a result of lockdown and WFH recent years, many new collaborative tools have
been introduced to the market, enabling businesses to enhance communications
and extend collaboration outside the walls of their businesses. Organizations realize
the added value that collaboration applications bring to their businesses through
increased employee productivity and enhanced customer relationships. Significant
advances have been made in the collaboration space to simplify deployment,
improve interoperability, and enhance the overall user experience.

Today's collaboration solutions offer organizations the ability to integrate video, audio,
and web participants into a single, unified meeting experience.

Solution:

Collaboration is all about the user experience. When users have a good experience
with collaboration technology, they will use that technology more often and will
achieve better results with it. That translates into a bigger return on investment (ROI)
for the institutions that has adopted the collaboration technology. And that is why
OEMs has focused on making its collaboration technology easy, convenient, and
beneficial to use, with particular emphasis on the following enhancements to the user

Bilaspur Smart City: Technical Proposal

913
experience

Unified communications have long been recognized as the proven technology. This
technology forms the core of the network infrastructure for Collaboration Solutions.
The Quality of Service (QoS) mechanisms available on switches and routers ensure
that the voice, video, and data communications will be of the highest quality
throughout the network. In addition, gateways provide several methods for
connecting your enterprise’s internal network to an external wide area network (WAN)
as well as to the public switched telephone network (PSTN) and to legacy systems
such as a PBX.

Solution to be deployed on Virtual machine inside the datacenter. The Collaboration

application nodes are deployed as virtual machines that can run as single or multiple
application nodes on a server.

In most cases you will want your collaboration sessions to be secure. That is why
technology has developed several security mechanisms to protect each level of the
collaboration path, from the network core to the end-user devices.

Once your collaboration solution is implemented, you will want to monitor and
manage it. Eco-system has developed a wide variety of tools, applications, and
products to assist system administrators in provisioning, operating, monitoring, and
maintaining their collaboration solutions. With these tools the system administrator can
monitor the operational status of network components, gather, and analyse statistics
about the system, and generate custom reports.

Application Services (use-case):

Collaboration Solutions incorporate several advanced applications and services,

including:

Voice Service – Unified Voice service would be deployed across the vertical &
Horizontal locations including POPs in directory number would be provided across the
that will help in Secure intra and inter departmental communication.

Instant messaging (IM) and presence — The IM and Presence Service enable Unified
Communications Manager applications, and third-party applications to increase user
productivity by determining the most effective form of communication to help
connect collaborating partners more efficiently.

Bilaspur Smart City: Technical Proposal

914
Telepresence — TelePresence technology brings people together in real-time without
the expense and delay of travel. The TelePresence portfolio of products includes an
array of high-definition (HD) video endpoints ranging from individual desktop units to
large multi-screen immersive video systems for conference rooms. And TelePresence
products are designed to interoperate with other collaboration products IP Phones
with video capability.

Voice messaging —products provide several voice messaging options for large and
small collaboration systems, as well as the ability to integrate with third-party voicemail
systems using standard protocols.

Customer contact Center / Call Center—Contact Center products provide intelligent

contact routing, call treatment, and multichannel contact management for
customer contact centers. Unified Customer Voice Portal can be installed as a
standalone interactive voice recognition (IVR) system, or it can integrate with the
contact center to deliver personalized self-service for customers integrate with the
contact center to deliver personalized self-service for customers.

Recommended Architecture:

Conceptual View

Bilaspur Smart City: Technical Proposal

915
High-Level Architecture Smart city:

1 ice
G e P
P PP 1 ress - 1 ress - 1

A ire

ress - ress - P
P

AP n erne

en r c n n c nr

Below are the highlights of the solution considered:

Central Command and Control Centre Infrastructure:

All the components of the solution will be deployed centrally in a high availability
mode providing redundancy.

The solution to have a single dial-plan for ease of use.

Central infrastructure with voice, video, chat, presence, and voicemail capabilities.

General Deployment Phones:

39 phones to be deployed in the solution

10 phones should be deployed for the contact centre agents

All the phones will have headsets so it can be used efficiently.

10 simultaneous recording licenses provided to record the incoming/outgoing calls.

Data protection and encryption

With security becoming increasingly important in every aspect of the government

Bilaspur Smart City: Technical Proposal

916
enterprise, this section of documents recommend the state-of-the-art security. For
example, IP phones to use the Secure Hash Algorithm (SHA-256) hashing algorithm,
since SHA-1 is being universally deprecated. The SHA-2 family provides stronger
cryptographic hash properties than SHA-1 and is less susceptible to forged digital
signatures.

As SHA-1 collisions recently in the news, and the associated threat of applying massive
compute resources to forge documents that include an identical SHA-1 digital
signature. This is an emerging threat that will become more pervasive with time, and
applies to any file type that is signed with SHA-1 algorithm. Consequently, it is
important to understand the support for modern cryptographic hash functions and
encryption ciphers for any product that provides secure communications.

Following are basic security features expected from the solution:

Secure Hardware & Software: Hardware to be ensures only authentic OS Only

First code that executes on boot is immutable

Execution of the boot sequence is always authenticated by a previously trusted step

Bootloader and the installed firmware validate the digital signature

Secure bootloader always enabled, and there is no provision to bypass or disable

Secure New IP Phone Onboarding:

Configuration files are digitally signed to guarantee authenticity and integrity.

The configuration file can also be encrypted (AES 128 bit) to provide configuration
data privacy.

Encrypted configuration files are administratively enabled via the device security
profile.

An encrypted configuration file can only be decrypted by the IP Phone that it was
intended for and requires a private key that corresponds with the phone’s public key
stored in Call control software

Secure provisioning is supported in both non-secure and mixed-mode Call control

software clusters.

Cryptography

Bilaspur Smart City: Technical Proposal

917
Utilize X.509v3 certificates for device authentication in several security contexts.

IP phone to contains a unique Manufacturing Installed Certificate (MIC).

The MIC provides a factory-installed unique identity.

IP Phones to support Local Significant Certificate (LSC) that bind the phones to
environment.

An installed LSC takes precedence over the phone’s MIC certificate.

User installed certificates is a third certificate type that is only included with phones
that support wireless LAN.

User installed certificates are used specifically for wireless EAP-TLS.

Cryptographic algorithms & Ciphers

RSA signature verification, encryption, and decryption.

Support for up to 4096-bit RSA key sizes.

Advanced Encryption Standard (AES)-128- and 256- bit Cipher Block Chaining (CBC),
Counter (CTR), and Galois/Counter Mode (GCM) block cipher modes.

SHA-1 and SHA-256 algorithms.

AES 256 Encryption Support has been extended to both signalling and media
encryption.

SIP Transport Layer Security [TLS] 1.2 signalling connections with the AES-256 based TLS
ciphers.

Secure Real-Time Transport Protocol (SRTP) with AES-256-bit SRTP ciphers when
establishing a session with another encrypted device.

Remote connectivity

Encrypted signalling and media between a remote endpoint and Firewall Traversal
without Call Control Software.

Encrypted signalling between a remote endpoint and Call Control Software, and for
encrypted media between a remote endpoint and on-premises endpoint, gateway,
or conference bridge.

TLS encryption provides privacy and integrity protection for SIP signalling, visual
voicemail access, directory lookup and configuration file download.

Bilaspur Smart City: Technical Proposal

918
Secure SRTP.

Partitions in India Cluster for DOT regulations.

As per Indian Telecom regulations, Any Enterprise IP telephony infrastructure should

have :-

Call Partition for PSTN & other for VOIP Separate Call Processing

A dedicated Voice Gateway for PSTN connectivity (connected on PSTN network)

A WAN Edge router for transporting Voice/Data CUG calls from one location to
another (connected on CUG network)

Any EPBX/PBX/soft switches should not be used for VoIP calls if the PSTN links are
terminated on the same. The EPBX/PBX/soft switch should not allow any bridge
between CUG and PSTN.

To comply with above regulations laid by DOT / TRAI, Cisco Unified Communication
Manager in India would be partitioned for PSTN and CUG (VoIP). This would block
bridging of calls between PSTN and VoIP, such that calls from PSTN (incoming or
outgoing) cannot be forwarded/transferred/conference to callers across Smart city.

Call Flow:

During normal operations, all the IP phones will register to the Call Controller in
command and control center in , active-active fashion and perform all the call
processing.

All the incoming calls will be routed via the IP network to the Call control for call
processing and accordingly distributed

Any outgoing call will be routed to the destination based on the central dial-plan
configured in Call control Software.

Failure Scenarios

Redundancy allows seamless operations with minimal impact.

Call Control Failure:

In this scenario, if Primary Call Controller fails, all the phones reset and register to the
Secondary Call Controller. However, in case of failure of both the Call Controllers, all
the phones present within the premises and bureaucrat’s home offices will be down.

Bilaspur Smart City: Technical Proposal

919
The phones at branch locations and Police Stations will reboot and re-register to the
local SDWAN gateway. The SDWAN Gateway will provide local survivability to these
users at respective locations.

Voice Gateways failure:

We have considered two gateways in redundancy for HQ and single gateway at

branch locations and police stations.

We can achieve redundancy at HQ by distributing the trunks between the two

gateways, however at the branch locations and police stations the gateways will be
a single point of failure.

IM & Presence failure:

We have factored single cluster for IM & Presence at the HQ. In case of failure of the
Primary Node, the Secondary Server will take over the IM & Presence capabilities for
all the endpoints.

Firewall Traversal failure:

The Firewall Traversal Core and Edge cluster helps remote endpoint connectivity over
WAN (VPN-less). If connection to the Primary node is lost due to network or power
outage issue, the endpoints re-register to the Secondary node in the cluster.

Infrastructure Setup

Management components would be implemented in Management Virtual Route

Forwarding (VRF) table, using the available IP addresses in this space.

UC applications are implemented in a new VRF, just like any other UC application in
a dedicated instance.

A Session Border Controller or a 3rd-party tool interface for the shared cluster in the
shared VRF with the UC applications.

Shared VRF is extended from the data center PE to the Core Switch and Aggregation
Switch.

Create a context for shared VRF in the firewall, just like any other tenant.

The VRF terminates on the data center Provider Edge (for MPLS).

Dedicated Virtual Routing and Forwarding (VRF) for Shared Architecture deployments

Bilaspur Smart City: Technical Proposal

920
Dedicated VRF in a Shared Architecture deployment is designed to provide security
between the tenants. The same principles of VRF and VPN separation are followed for
each tenant, up to the DC facing PE. The different tenant VRFs are connected to the
shared VRF in the PE, restricting visibility of each other's tenant routes.

The number of VRFs/VPNs consumed in the MPLS core is one VPN/VRF per, plus a
shared VRF per cluster. The PE tenant capacity is limited by the total number of VRFs
it can support; this is outside the scope of UCaaS, but within the DC, the VRFs are
aggregated into a shared VRF in the Aggregation switch.

Benefits

Alleviates the need to attract and retain specialized talent

Accelerates the adoption of unified communications features and investment value

Increases performance, service quality, and reliability; strengthens security and

compliance

Unified communications increase employee productivity and business agility, while

reducing facility and IT cost

When combined with Managed Voice, Video, and Contact Center offers, this service
supports heterogeneous environments and flexible transition.

The Solution Advantage

The solution helps quickly improve G2C satisfaction, control operational costs,
increase employee productivity, and transform workspaces to deliver consistent user
experiences. It also provides competitive advantages and business value assets that
drive business profitability and growth. There are several compelling reasons why you
should consider working with us to address your collaboration needs:

Complete: The solution provides simple collaboration capabilities for every user across
your organization.

Affordable: This Cisco purpose-built solution is affordably priced and can quickly lower
TCO with server consolidation for reduced hardware footprint, power, and cooling. It
is a fast and simple platform to set up, deploy, manage, and use, which helps save
time and costs from day one and ongoing.

Interoperable: The solution uses existing third-party and traditional telepresence

Bilaspur Smart City: Technical Proposal

921
devices to easily form a true collaboration platform managed with one integrated
voice and video call control engine.

Highly available: An optional server offers redundancy and survivable remote site
telephony (SRST) for branch offices, giving workers peace of mind.

No Management: As the solution is installed at central location individual deferments

is not require managing at remote location

Scalable: The solution grows with the pace of your business. You can easily migrate to
larger systems as needed, which delivers high investment protection.

Simple: The deployment flexibility of the solution streamlines operations and

administration through unified provisioning, management, and automated licensing.
Easy-to-use tools and wizards included with your purchase help you get the most out
of the solution.

Virtual Sizing

The Following table provides the Virtualization sizing for all Collaboration applications
that must be centrally deployed at MPSEDC. These applications complete the central
infrastructure and can be used by any IP Phone or Video conference endpoints across
SWAN. All the below applications run on VMWare ESXi 7.0+ version and need to be
deployed on CPU speeds of 2.5GHz+

Component VM Configuration Requirements URL

& Capacity
Point vCPU vRAM vDisk vNIC

CUCM - - 2 6 GB 1 * 80 1 Third party-servers specs should meet

Small Size GB the provided requirements in URL:

https://www.cisco.com/c/dam/en/us/td/d
ocs/voice_ip_comm/uc_system/virtualizatio
n/virtualization-cisco-unified-
communications-manager.html#v14

IMP 2 2 GB 1 * 80 1 For third party servers specs should meet

GB the provided requirements in URL:

https://www.cisco.com/c/dam/en/us/td/d

Bilaspur Smart City: Technical Proposal

922
 ocs/voice_ip_comm/uc_system/virtualizatio
n/virtualization-cisco-ucm-im-
presence.html#v14

Small 2 4 GB 132 GB 1 For third party servers specs should meet

the provided requirements in URL:
Exp C
https://www.cisco.com/c/dam/en/us/td/d
ocs/voice_ip_comm/uc_system/virtualizatio
n/virtualization-cisco-expressway.html#x14

Small 2 4 GB 132 GB 2 For third party servers specs should meet

the provided requirements in URL:
Exp E
https://www.cisco.com/c/dam/en/us/td/d
ocs/voice_ip_comm/uc_system/virtualizatio
n/virtualization-cisco-expressway.html#x14

CMS 4+ (1 4+ GB 1 * 100 1 These specs are for custom sizing the

vCPU (1 per GB MCU. However, one can procure
per vCPU) dedicated appliance for high volume
1.25 conference capacity 120 HD port or 700
HD HD port system. Below URL for Reference
ports) https://www.cisco.com/c/dam/en/us/td/d
ocs/voice_ip_comm/uc_system/virtualizatio
n/virtualization-cisco-meeting-
server.html#3.3

Recording/ 4 to 4GB + 1 * 100 1 This VM is only required if one wants to

Streaming 24 0.5GB GB record/stream from the MCU. One still
CMS per needs an external storage/RTMP server
vCPU for completing the solution.

https://www.cisco.com/c/dam/en/us/td/d
ocs/voice_ip_comm/uc_system/virtualizatio
n/virtualization-cisco-meeting-
server.html#3.3

Bilaspur Smart City: Technical Proposal

923
CMM - 4 4 GB 1 * 100 1 This is a mandatory application to be
Small GB deployed with the CMS MCU. It is
required for management, monitoring &
license management with the MCU.

https://www.cisco.com/c/dam/en/us/td/d
ocs/voice_ip_comm/uc_system/virtualizatio
n/virtualization-cisco-meeting-
management.html#3.3

TMS - 2 8 GB 1 * 60 1 This application requires Windows Server

Regular GB and MS SQL license to be deployed. This
is only required for scheduling meetings
on MCU. For ad-hoc conference, this is
not required.

https://www.cisco.com/c/dam/en/us/td/d
ocs/voice_ip_comm/uc_system/virtualizatio
n/virtualization-cisco-telepresence-
management-suite.html

Proposed IP Phones:

BASIC IP PHONE: Cisco 7821

n e ge r ers n gers

PP ne 1 - ine en in

ig er e i e n r cr s ce r i

ice c nic ns - e s e er ne
-inc - c i gr sc e is
c e en c n e e s
ir - r e se s n e ec r nic s ic
r c n e -sensi es e e s
n egr e s i c rc - c e P
er n isc nerg ise
- n A A -c i n n si er
ee ns
es sec ri en nce en s
sc e isc r e c nges r ice c s
A i e in c rc n ie
e i e e en ns
- -0 01 isc n ri s i es A rig s reser e isc n en

Bilaspur Smart City: Technical Proposal

924
1.8 Smart City IP Security Architecture
Cisco Firepower Next Generation Firewall

Simple, Open, and Automated

To effectively mitigate risk and address modern threats, NGFWs must control traffic via
traditional port and protocol methods. NGFWs must deeply analyze and correlate
applications, users, traffic, and files.

Cisco Firepower Next-Generation Firewall (NGFW) is the industry’s first fully integrated,
threat-focused NGFW. Available as physical and virtual appliances, Cisco Firepower
NGFW mitigates advanced threats faster and streamlines IT security operations. With
Cisco Firepower NGFW, you can stop more threats and get more from your network.
Every Cisco Firepower NGFW configuration includes Application Visibility and Control
(AVC) for Layer 7 application and user control. Additional threat functionality,
including the tightly integrated Cisco Firepower Next-Generation Intrusion Prevention
System (NGIPS), Cisco Advanced Malware Protection (AMP) for Networks, Advanced
DDoS Mitigation, and URL Filtering are separately licensed.

Integral attributes of Cisco Firepower NGFWs include:

Enabling highly reliable network traffic control, and effective security with real-time
threat intelligence

Running in physical and virtual form factors to protect traditional and software-
defined networks, at the Internet edge, within the data center, at data center ingress
and egress, and in hybrid-cloud use cases

Improving operational efficiency with consolidated management that simplifies

policies, views, dashboards, and reports

Protecting valuable customer data, as part of our secure Cisco Digital Network
Architecture and Cisco Ransomware Defense

Lowering costs with automated threat defense functions that free up valuable staff
time

Cisco’s unified platform provides two major benefits. First, local, centralized, and
cloud-based management are simplified, providing options tailored to your

Bilaspur Smart City: Technical Proposal

925
environment. Second, Cisco’s tight integration of security capabilities enables superior
threat defense, as validated by third parties like NSS Labs. In the NSS Labs Breach
Detection Test, Cisco has surpassed competitors three years running.

Cisco NGFWs use threat intelligence from the Cisco Talos Security Intelligence and
Research Group (Talos). For instance, we see threats from 35 percent of global
corporate email traffic. While Cisco NGFWs do not include email security capabilities,
the threat intelligence derived from email, DNS, web requests, and additional sources
enable Cisco NGFWs to be updated throughout the day to mitigate against the latest
threats.

Cisco NGFWs uniquely protect before, during, and after attacks. Only Cisco NGFWs
protect after attacks, with the retrospective security capabilities of Cisco AMP. With
the persistence and sophistication of today’s attackers, it’s not a matter of if, but when
an intrusion will occur.

Before: Cisco NGFWs enable network segmentation, user and application firewalling,
and traditional stateful firewalling.

During: Integrated Cisco Firepower NGIPS inspects and blocks malicious network
traffic and passively detects indicators of compromise (IoCs) on endpoints. We are
the only major NGFW vendor with IPS capabilities recognized on the Gartner Magic
Quadrant for IPS1. Additionally, Cisco Firepower behavioral DDoS protection mitigates
advanced DDoS attacks, including those targeting stateful network infrastructure and
application servers.

After: With the integrated Cisco AMP for Networks, the IT team can now “go back in
time” to identify where and when a compromise began, decreasing detection and
containment time. With unique endpoint threat correlation available with Cisco AMP
for Endpoints, security practitioners can also determine how malware has spread.
Automated rapid threat containment is available with the integration of Cisco NGFWs
with another solution, Cisco Identity Services Engine (ISE).

Bilaspur Smart City: Technical Proposal

926
Cisco Firepower NGFW Benefits

Following are the benefits of Cisco’s Firepower NGFW:

Cisco Firepower NGIPS delivers the visibility, automation, flexibility, and scalability
needed to mitigate the latest threats. Auto-tuning of IPS functions helps ensure that
IPS signatures in use reflect the reality of your environment. For instance, an
organization might think they exclusively use Microsoft Windows, when in fact there
are also Linux systems on its network, previously unknown to IT, that also require
protection. As the NGIPS function of Cisco Firepower NGFW passively scans network
traffic, it enhances visibility by identifying what’s actually in your environment, not just
what you think is there. IPS rules are tuned accordingly. This passive detection also
extends visibility to:

Endpoint operating systems and their versions

Mobile devices

Virtual machine communications

Other network devices, including routers, VoIP phones, networked printers, and more.

Additionally, Cisco Firepower NGIPS includes Security Intelligence, with analysis of IP,
DNS, and URL data, and identification of indicators of compromise (IoCs).

Bilaspur Smart City: Technical Proposal

927
Cisco Advanced Malware Protection (AMP) for Networks discovers, tracks, contains,
and blocks the progression of network-based advanced malware. Cisco AMP for
Networks is available with Cisco Firepower NGFW, and also includes optional Cisco
AMP Threat Grid sandboxing with static and dynamic malware analysis. Only we

correlate network and endpoint threats when Cisco AMP for Endpoints is used,
through the Cisco Firepower Management Center. Cisco AMP for Endpoints is
available for more endpoints than competing solutions, supporting Windows,
Windows Server, Linux, Mac OS, and Android endpoints.

Cisco Application Visibility and Control (AVC) uses Layer 7 application firewalling to

identify and control user access to over 4000 applications. Our open source
OpenAppID framework enables organizations to quickly develop application
detectors for their custom applications. Cisco AVC enforces mobile, social, and other
acceptable-use policies. For example, you can make popular social media
applications read-only to comply with applicable regulations or rules.

Cisco Firepower Management Center provides centralized management of network

security functions for multiple physical and virtual NGFWs. It manages and correlates
intelligence from additional threat sensors, including dedicated Cisco Firepower
NGIPS and Cisco AMP for Networks sensors, and Cisco Firepower Threat Defense for ISR.
Additionally, Cisco Firepower Management Center correlates threat intelligence from
Cisco AMP for Endpoints and enables automated Rapid Threat Containment through

Bilaspur Smart City: Technical Proposal

928
integration with Cisco ISE. The Cisco Firepower Management Center provides
extensive intelligence about the users, applications, devices, and threats that exist in
your network. It uses this information to analyze your network’s vulnerabilities and
provide tailored prioritization of security events for investigation. You can go from
managing basic firewall functions, to controlling applications, to investigating and
remediating malware outbreaks with ease.

Cisco NGFW URL Filtering includes reputation and category-based URL filtering to
enable you to gain control over suspect web traffic. You can enforce policies on
hundreds of millions of URLs in more than 80 categories (for example, gambling and
pornographic web sites). We analyze URLs and associate a reputation score for each,
helping users to avoid high-risk web addresses. This addresses compliance
requirements and mitigates risk from URL-based viruses, phishing attacks, and
spyware.

Cisco Appliances and Management Options

Component Description

Cisco Firepower Cisco Firepower 4100 Series fully integrated NGFWs help you
4100 Series stop more threats. These appliances are the industry’s first 1-RU
platform with up to a 40 GB interface. They are ideal for the
Internet edge and in high-performance environments. These
NGFWs provide network visibility and threat correlation,
detecting attacks earlier so you can act faster. With a single
manager, they also reduce management complexity.

Available features:

Robust firewalling, including support for BGP, high availability,

clustering, VPN, NAT, and more.

AVC for application firewalling and user control.

Cisco Firepower NGIPS and Cisco AMP for Networks protection

against both known and unknown threats, including
retrospective security for protection after an attack.

URL filtering provides alerting, control over suspect web traffic,

Bilaspur Smart City: Technical Proposal

929
Component Description

and enforcement of access policies on hundreds of millions of

URLs in over 80 categories.

Model Proposed: Firepower 4120

Cisco Firepower Cisco Firepower Management Center provides complete

Management unified management of Cisco Firepower NGFW, Cisco
Center Firepower NGIPS, Cisco Firepower Threat Defense for ISR, and
Cisco AMP for Networks deployments. It also correlates threat
intelligence from Cisco AMP for Endpoints. Cisco Firepower
Management Center simplifies integration and deployment. It
provides centralized management of network security and
operational functions for multiple devices through a single
interface. You gain total visibility into everything on your
network. Cisco Firepower Management Center automatically
analyzes your network’s vulnerabilities, recommends protection,
and drives automated remediation actions for rapid response.
Cisco Firepower Management Center helps you get the most
out of your security solutions while increasing network
optimization and control.

All Management from One Place

For most businesses today, the role of IT is more demanding than it has ever been
before. The explosion of connected devices and the digitization of systems and
services are leading to new challenges for IT departments the world over:

Across industries, employees require increasing levels of connectivity in order to

perform their work.

The control IT teams once had over user and device access has been relinquished to
a new normal, one of work mobilization and business digitization.

Our customers demand access to what they need, where they need it, from any
device of their choosing.

This requires access that is rarely interrupted and always ready, enabling business

Bilaspur Smart City: Technical Proposal

930
continuity and never blocking it.

More devices, including BYOD and IoT, mean more time spent configuring and
adjusting access policies and less time innovating for the future.

The sheer number of solutions, sometimes 50 or more, connected to a single network

but not to each other forces admins into a “swivel chair” just to manage each
component.

With the addition of regulatory and security compliance standards in the mix, it is clear
the old ways aren’t working.

Modern IT teams are faced with a glaring question: In this new age of digitization and
complexity, how do you deliver both a consistent, high-quality user experience and
superior network security?

At Cisco, we believe a new network approach is needed:

One that provides ubiquitous, yet controlled, access;

Where your existing security solutions are better informed and integrated to protect
from outside threats and contain internal breaches;

And where the labor of day-to-day configurations and policy enforcement is shifted
to automation, with embedded support for any required compliance standards.

Cisco ISE Description

Cisco® Identity Services Engine (ISE) simplifies this complexity by empowering you with an

all-in-one policy control across your entire enterprise network, from one central
platform. It lets you set automated rules for who can access your network, and what
they can access on it.

Fully customizable mobile and desktop guest portals enable you to simplify and
optimize your users’ experience, while providing protection and marketing of your
brand. With visual workflows, you can take care of onboarding and administration in
minutes.

You will manage every aspect of guest access and it will all be simple and
straightforward. ISE gives you:

Integrated authentication, authorization, and accounting (AAA), access policy

management, profiling, posture, and guest services to simplify deployments and help

Bilaspur Smart City: Technical Proposal

931
cut costs.

Accurate device identification with our advanced profiling technology supported by

ISE-based probes, embedded device sensors, endpoint scanning, and a device-
profile feed service.

Visibility across your entire system, so you can see who and what is on your network.

Cisco ISE uses your existing network infrastructure (Cisco and Non-Cisco) to enforce
security policies, and helps you get more from your investment by supporting Cisco
TrustSec® software-defined segmentation technology. Cisco TrustSec technology
helps to:

Automate network segmentation according to role-based access policy control and

software-defined segmentation.

Simplify the provisioning and management of network access with automatic Cisco
TrustSec Security Group Tags (SGT).

Enforce policy consistently anywhere in the network without complicated VLANs.

Contain network threats by preventing the spread of malware and preventing the
unauthorized movement of endpoints across your network.

The Cisco ISE Advantage

Today’s distributed enterprise networks call for technology that takes a more holistic
approach to network visibility and security. ISE gives your network:

Highly ranked infrastructure: We pioneered the original network access control (NAC)

technologies and have set numerous industry standards. Leading industry analysts
continue to rank us highly for our leadership in NAC. For example, ISE has been
recognized as the market leader by the following industry experts:

SC Magazine 2018 Best NAC Solution Award

Frost and Sullivan 2016 Best in Class

Gartner Market Quadrant Leader

Operational efficiency: ISE has been tested and proven to reduce costs, improve

operational efficiency and provide significant ROI. For example:

ISE and TrustSec have been proven to deliver operations savings of up to 80%

Bilaspur Smart City: Technical Proposal

932
 $1.4M in employee productivity improvements

$892K in IT resource cost savings

120% ROI with a payback period of 12 months and $2.4M in N-Port Virtualization (NPV)

Seamless Integration: ISE’s compatibility with Cisco and non-Cisco networking

infrastructure enhances overall network visibility and performance. Through Cisco

Platform Exchange Grid (pxGrid), an open, scalable and IETF standards-driven data-

sharing and threat control platform, ISE is integrated with more than 60+ security
partners giving you rich contextual data that can be used to identify, contain and
eliminate network threats.

Cisco ISE Benefits

The following table describes how ISE can help you achieve your business objectives.

Desired Business Outcome How We Can Make It Happen

Facilitate access delivery across Simplify guest experiences for easier guest onboarding
wired, wireless, and VPN and administration. You can use easily create
connections: customizable, branded mobile and desktop guest
Gain awareness of everything portals to provide access in minutes. Dynamic visual
hitting your network workflows let you fully manage every aspect of guest
access.
Provide access consistently
and efficiently Centralize and unify network access policy
management. ISE allows you to provide consistent,
Simplify access management
highly secure access to end users. You can do this
whether they connect to your network over a wired,
wireless, or VPN connection (for example, using Cisco
AnyConnect® Secure Mobility Client).

Streamline BYOD and enterprise mobility. Out-of-the-

box setup facilitates easy self-service device
onboarding and management. ISE includes an internal
certificate authority, multi-forest Active Directory
support, and integrated enterprise mobility
management (EMM) partner software.

Bilaspur Smart City: Technical Proposal

933
Desired Business Outcome How We Can Make It Happen

Implement software-defined segmentation based on

enterprise roles. You can do this by using Cisco TrustSec
technology embedded in existing Cisco infrastructure.
Use ISE to create flexible, role-based access control
policies that dynamically segment access without
added complexity. Traffic classification is based on
endpoint identity, which can allow for policy changes;
no network redesign required. With support for 250,000
active, concurrent endpoints and up to 1,000,000
registered devices, our solution allows you to
accelerate mobility projects across the extended
network.

See who and what is on your Gain greater visibility and more accurate device
network and share across network identification. The ISE solution’s device profiling and
solutions: zero-day device profile feed service provides updated
Deliver consistent cross- profiles for the latest devices. Combined, these two
platform user/device visibility features help reduce the number of unknown endpoints
and control and potential threats on your network.

Improve your existing security Streamline network visibility through a simple, flexible,
and network solutions and highly consumable interface. ISE now stores a
detailed attribute history of all endpoints that connect
Make network events
to the network, users (including types such as guest,
actionable
employee, contractors, etc.) on the network all the way
down to endpoint application details and firewall
status.

Simplify network management: Cisco Digital Network Architecture (DNA) Center™ is

Enable IT to move more quickly enabling the benefits of Software Defined Access
(SDA). Cisco DNA Center is the unifying management
Using automation to lower
application that provides a single place to set policy
costs
through ISE, automate the network fabric with APIC-EM,

Bilaspur Smart City: Technical Proposal

934
Desired Business Outcome How We Can Make It Happen

Employ assurance and and assure network operations and performance with
analytics to improve network the new Cisco Network Data Platform (NDP). Cisco DNA
performance Center is the industry’s first SDA solution that provides
consistent policy-based automation from the edge to
Increase security to reduce risk
the cloud. Policy defined within Cisco DNA Center is
driven by ISE to provide an automated user access
policy across a single network fabric with secure end-to-
end segmentation. ISE also enables the rich context and
data-driven visibility of Cisco DNA Assurance – a solution
that provides network assurance and 360-degree views
of clients and network devices. Cisco DNA Center is
powered by ISE 2.3, Application Policy Infrastructure
Controller Enterprise Module (APIC-EM), and Cisco NDP
to provide network administrators significant reduction
in OpEx and complexity while increasing capability. The
consistency in policy across the network reduces error
and is more secure.

Cisco ISE Details

Cisco ISE is an award-winning and market leading network central policy

enforcement engine platform that allows organizations to provide secure network
access to users and devices. It simplifies the delivery of consistent and secure access
control across wired and wireless multivendor networks as well as remote VPN
connections. With far-reaching, intelligent sensor and profiling capabilities, ISE can
penetrate deep into the network to quickly deliver visibility into who and what are
accessing enterprise networks. This deep visibility provides the granular access control
necessary to grant users and devices the appropriate level of network privilege.

ISE is tightly integrated with and enhances the Cisco Network and Security portfolio
(such as Cisco pxGrid and TrustSec software-defined segmentation). This combination
allows ISE to transform the network from a simple conduit for data into an intuitive and
adaptive security sensor and enforcer that acts to accelerate the time to detection
and time to resolution of network threats.

Bilaspur Smart City: Technical Proposal

935
ISE offers a holistic approach to NAC that delivers an integrated, consolidated, and
automated network architecture at scale. ISE allows you to:

Employ a single source of control for all access across the network:

Coupled with much richer endpoint and application visibility, Cisco ISE can enforce
very granular user behavior and device compliance.

Simplify access management while maintaining security with the EasyConnect

feature, which makes it easier to attach ISE without the need for 802.1x authentication.

Apply cohesive security policy across the enterprise. Role-based policy groups extend
from the existing Cisco TrustSec-enabled networks into the Cisco Application Centric
Infrastructure (ACI) data center.

Use the new profiling and posture work centers to take advantage of a single point
for the redesigned workflows. These work centers allow administrators to see
everything hitting the network.

See and share rich user and device details:

Get streamlined network visibility through a simple, flexible, and highly consumable
interface.

Share data across a growing ISE partner ecosystem. This allows for use cases such as
identity and access management, threat-centric NAC, cloud access security brokers
(CASB), and rapid threat containment (RTC).

Customize the ISE dashboard and add user preferences such as custom tabs and
dashlets, layout control, and data export reports.

Obtain streamlined device onboarding:

Automatic supplicant provision and certificate enrollment for standard PC and mobile
computing platforms. Provides more secure access, reduces IT help desk tickets, and
a better experience to users.

Enables end users to add and manage their devices with self-service portals and
supports security assertion markup language (SAML) 2.0 for web portals.

Integrates with mobile device management (MDM) and enterprise mobility

management (EMM) vendors for mobile device compliancy and enrollment.

Enforce endpoint posture compliance:

Bilaspur Smart City: Technical Proposal

936
Performs posture assessments to endpoints connected to the network.

Enforcement through a persistent client-based agent, a temporal agent, or a query

to an external MDM/EMM to validate that an endpoint conforms to appropriate
compliance policies.

Provides the ability to create powerful policies that include, but are not limited to,
checks for the latest OS patch, antivirus and antispyware packages with current
definition file variables

Stop threats from getting in or spreading:

Get deep application-level visibility so you can set policy based on what the user is
doing.

Dynamically update policy based on indicators of compromise (IoCs) created by

vulnerability assessments and threat incident intelligence solutions. This provides
threat-centric NAC, which is a new layer of posture assessment.

Take advantage of RTC, which now includes the latest in advanced malware
detection and enforcement through the integration of Cisco Firepower®
Management Center (FMC) with ISE. This integration provides capabilities that
automatically and dynamically stop threats before they spread further into the
network.

Simplify network policy enforcement with Cisco TrustSec software-defined

segmentation. Enforcement is made easier with policy change management and
rollback, which also reduces the complexity of integrating Cisco TrustSec technology
into current IT environments.

Leverage Cisco Stealthwatch® and ISE to gain contextual threat intelligence with
real-time NetFlow data.

Cisco ISE Components

Component Description

Cisco Secure Network The Cisco Secure Network Server is based on the Cisco
Server Unified Computing System™ (Cisco UCS®) C220 Rack
Server. It is configured specifically to support ISE and
Cisco Access Control System (ACS) security

Bilaspur Smart City: Technical Proposal

937
 Component Description

applications. Supported versions:

Cisco Secure Network Server 3615:

Designed for medium-size deployment

Memory: 32 GB (2 x 16 GB)

Hard disk: 2.5 in., 600 GB, 6 GB, SAS, 10K RPM

Network interfaces: 2 x 10 G, 4 x 1 GB

1.9 Data Security

Voltage Data Security solution

Voltage SecureData is a unique, proven data- centric approach to protection—

where the access policy travels with the data itself—by per- mitting data encryption
and tokenization without changes to data format or integrity, and eliminating the cost
and complexity of issuing and managing certificates and symmetric keys. As a result,
leading companies in financial services, insurance, retail, healthcare, energy,
transportation, telecom and other industries have achieved end-to-end data
protection across the extended enterprise with success in as little as 60–90 days,
because of the minimum, in most cases zero, impact to applications and database
schemas.

Most applications can operate using protected data without change. For those
applications where sensitive data is first captured or live data is needed for controlled
business purposes, Voltage SecureData can easily be used with virtually any system,
ranging from decades-old custom applications to the latest enterprise programs.
Powerful, centrally man- aged, policy-controlled APIs, such as a REST API and
command line tools, enable encryption and tokenization to occur on the widest
variety of platforms, including Vertica, Nonstop, Teradata, IBM mainframe, Linux and
other open systems. APIs enable broad deployment into portfolios including ETL,
cloud, databases and applications, network appliances, and API brokers such as F5
load balancing, and Hadoop with native on-node cluster-wide ata masking,

Bilaspur Smart City: Technical Proposal

938
encryption and decryption. SIEM/SIM systems can take event data from Voltage
SecureData or data governance reporting, activity monitoring, and audit.

Voltage SecureData protects information in compliance with PCI DSS, HIPAA, GLBA,
state and national data privacy regulation as well as the European Commission’s
General Data Protection Regulation (GDPR), applicable in all EU member states.
Voltage SecureData is also compatible with the more stringent PCI DSS 3.2’s new
requirements on transport encryption, enabling accelerated compliance ahead of
deadlines as recommended by the PCI council. Voltage SecureData enables
organizations to quickly pass audit and additionally implement full end-to-end data
protection to reduce risk impact of data breaches, all without the IT organization
having to completely redefine the entire infrastructure and IT processes or policies. On
average, Voltage SecureData requires less than 0.1 full-time employee (FTE) per data
center for ongoing management

Hyper FPE: Encryption and Masking—How We Do It

Traditional encryption approaches, such as AES CBC, have enormous impact on data
structures, schemas and applications as shown in Figure 1 on the following page.
Hyper FPE is NIST- standard using FF1 mode of the Advanced Encryption Standard
(AES) algorithm, which encrypts sensitive data while preserving its original format
without sacrificing encryption strength. Structured data, such as Social Security
number, Tax ID number, credit card, account, date of birth, salary fields, or email
addresses can be encrypted in place

Traditional encryption methods significantly alter the original format of data. For
example, a 16-digit credit card number encrypted with AES produces a long
alphanumeric string. As a result, database schema changes are required to facilitate
this incompatible format. Hyper FPE maintains the format of the data being encrypted
so no database schema changes and minimal application changes are required—in
many cases only the trusted applications that need to see the clear data need a
single line of code. Tools for bulk encryption facilitate rapid de-identification of large
amounts of sensitive data in files and databases. Typically, whole systems can be
rapidly protected in just days at a significantly reduced cost. In fact, Hyper FPE allows
accelerated encryption performance aligning to the high volume needs of next gen-
eration Big Data, cloud and Internet of Things, and supports virtually unlimited data
types.

Bilaspur Smart City: Technical Proposal

939
Hyper FPE de-identifies production data and creates structurally valid test data so
developers or users can perform QA or conduct data analysis—all without exposing
sensitive data. The Voltage SecureData management console enables easy control
of policy and provides audit capabilities across the data life cycle—even across
thousands of systems protected by Voltage SecureData. Hyper FPE also provides the
option to integrate access policy information in the cipher text, providing true data-
centric protection where the data policy travels with the data itself.

Stateless Key Management: Transparent, Dynamic

Stateless Key Management securely derives keys on-the-fly as required by an

application, once that application and its users have been properly authenticated
and authorized against a centrally managed policy. Advanced policy controlled
caching maximizes performance. Stateless Key Management reduces IT costs and
eases the administrative burden by:

Eliminating the need for a key database, as well as the corresponding hardware,
software, and IT processes required to protect the database continuously or the need
to replicate or backup keys from site to site.

Easily recovering archived data because keys can always be recovered.

Automating supervisory or legal e-discovery requirements through simple application

APIs, both native and via Web services.

Maximizing the re-use of access policy infrastructure by integrating easily with identity
and access management frameworks and dynamically enforcing data-level access
to data fields or partial fields, by policy, as roles change.

Bilaspur Smart City: Technical Proposal

940
Hyper SST (Secure Stateless Tokenization)

Hyper Secure Stateless Tokenization (SST) is an advanced, patented, data security

solution that provides enterprises, merchants, and payment processors with a new
approach to help assure protection for payment card data. Hyper SST is offered as
part of the Voltage SecureData platform that unites market-leading encryption,
tokenization, data masking, and key management to protect sensitive corporate
information in a single comprehensive solution.

Hyper SST is “stateless” because it eliminates the token database, which is central to
other tokenization solutions, and removes the need for storage of cardholder or other
sensitive data. Hyper SST uses a set of static, pre-generated tables containing random
numbers created using a FIPS random number generator. These static tables reside
on virtual “appliances”—commodity servers—and are used to consistently produce a
unique, random token for each clear text Primary Account Number (PAN) input,
resulting in a token that has no relationship to the original PAN. No token database is
required with Hyper SST, thus improving the speed, scalability, security and
manageability of the tokenization process. In fact, Hyper SST effectively surpasses the
existing “high-octane” SST tokenization performance.

Data Anonymization with Voltage Format-Preserving Hash

In specific use cases, such as Article 17—Right to erasure (‘right to be forgotten’) or in

the creation of test data for example, the need to recover masked data may be an

Bilaspur Smart City: Technical Proposal

941
unnecessary risk, or further, may be explicitly undesired, as in the case of permanently
enforcing the right to be forgotten. Voltage Format-Preserving Hash (FPH) operates
with the same benefits as FPE for structure, logic, partial field application and so forth,
but with the added benefit of non-recovery of original data. This enables FPH to offer
high-performance data usability—unlike traditional one-way transformation
techniques, such as SHA-256—in a non-disruptive and more flexible approach toward
data masking.

Voltage SecureData Architecture

Voltage SecureData solutions share a common infrastructure, including the same

centralized servers and administration tools. This enables Voltage SecureData
customers to choose an appropriate combination of techniques to address their use
cases, across diverse environments, while avoiding the costs and complexities of
deploying and managing multiple products.

1.10 App Security

Micro Focus Fortify Static Code Analyzer (SCA) pinpoints the root cause of security
vulnerabilities in the source code, prioritizes the most serious issues, and provides
detailed guidance on how to fix them so developers can resolve issues in less time
with centralized software security management.

Static Testing Helps Build Better Code

Bilaspur Smart City: Technical Proposal

942
Static Application Security Testing identifies security vulnerabilities during early stages
of development when they are least expensive to fix. It reduces security risks in
applications by providing immediate feedback to developers on issues introduced
into code during development. Static Application Security Testing also helps educate
developers about security while they work, enabling them to create more secure
software.

Fortify Static Code Analyzer (SCA) uses multiple algorithms and an expansive
knowledge base of secure coding rules to analyze an application’s source code for
exploitable vulnerabilities. This technique analyzes every feasible path that execution
and data can follow to identify and remediate vulnerabilities.

Finding the Vulnerabilities

To process code, Fortify SCA works much like a compiler—which reads source code
files and converts them to an intermediate structure enhanced for security analysis.
This intermediate format is used to locate security vulnerabilities. The analysis engine,
which consists of multiple specialized analyzers, uses secure coding rules to analyze
the code base for violations of secure coding practices. Fortify SCA also provides a
rules builder to extend and expand static analysis capabilities and be able to include
custom rules. Results are viewed in a number of ways depending on the audience
and task.

Managing Results with Fortify Software Security Center (SSC)

Fortify Software Security Center (SSC) is a centralized management repository

providing visibility to an organization’s entire application security program to help
resolve security vulnerabilities across the software portfolio. Users can review, audit,
prioritize, and manage remediation efforts, track software security testing activities,
and measure improvements via the management dashboard and reports to optimize
static and dynamic application security test results. Fortify SSC helps to provide an
accurate picture and scope of the application security posture across the enterprise.
The Fortify SSC server resides in a central location and receives results from different
application security testing activities, such as static, dynamic, and real‐time analysis

Fortify SSC correlates and tracks the scan results and assessment results over time, and
makes the information available to developers through Fortify Audit Workbench, or

Bilaspur Smart City: Technical Proposal

943
through IDE plugins such as the Fortify Plugin for Eclipse, the Fortify Extension for Visual
Studio, and others.

Users can also manually or automatically push issues into defect tracking systems,
including ALM Octane, JIRA, TFS/VSTS, and Bugzilla.

Key Benefits

Find More

Static application security testing (SAST) captures the majority of code related issues
early in development.

Identify and eliminate vulnerabilities in source, binary, or byte code

Fortify SCA detects 800 unique categories of vulnerabilities across 26 programming

languages and spans over 1,007,000 individual APIs

Accuracy as demonstrated by a true positive rate of 100% in the OWASP 1.2b

Benchmark.

Fix Easier

Reduces risk by identifying and prioritizing which vulnerabilities pose the greatest
threat

Fortify integrates with CI/CD tools including Jenkins, ALM Octane, Jira, Atlassian
Bamboo, Microsoft VSTS, Eclipse and Microsoft Visual Studio.

Review scan results in real-time with access to recommendations, line-of-code

navigation to find vulnerabilities faster and collaborative auditing.

Reduce Development Time & Cost

When embedded within the SDLC, development time and cost can be reduced by
25%. The production/postrelease phase is 30 times more costly to fix than vulnerabilities
found earlier in the lifecycle.

2X as many vulnerabilities found with up to 95% reduced false positives (reference:

Mainstay Continuous Delivery of Business Value with Micro Focus Fortify 2017)

Enables secure coding practices by educating developers about static application

security testing while they work

Key Features

Bilaspur Smart City: Technical Proposal

944
Developer-friendly language coverage

Support for ABAP/BSP, ActionScript, Apex, ASP.NET, C# (.NET), C/C++, Classic, ASP
(with VBScript), COBOL, ColdFusion CFML, Go, HTML, Java (including Android),
JavaScript/AJAX, JSP, MXML (Flex), Objective C/C++, PHP, PL/SQL, Python, Ruby, Swift,
T-SQL, VB.NET, VBScript, Visual Basic, and XML

Integration into CI/CD tools (IDEs,Bug Tackers, Open Source)

Support for all major IDEs: Eclipse, Visual Studio, IntelliJ IDEA

Defect management integrations provide transparent remediation for security issues

Open Source integration: Sonatype, WhiteSource, Snyk, BlackDuck

The combination of swagger supported rest APIs, open source GitHub repo, with
plugins and extensions for Bamboo, VSTS and Jenkins are the types of tools to leverage
to automate the CI/CD pipeline.

Security Assistant provides real time, as-you-type code, security analysis and results
for developers.

It provides structural and configuration analyzers which are purpose built for speed
and efficiency to power our most instantaneous security feedback tool.

Security Assistant only finds high confidence (all true positives or with very low false
positive rates) findings with immediate results in the IDE (Microsoft Visual Studio 2017 or
Eclipse). Security Assistant is suggested to be used as an additional job aid for
developers and used in conjunction with full static scans for a more comprehensive
view of security issues. All current Fortify Static Code Analyzer and Fortify on Demand
Static Assessments customers are entitled to use Security Assistant with no additional
licenses/cost.

Audit Assistant saves manual audit time with machine learning to identify and prioritize
the most relevant vulnerabilities to your organization. Automation with applied
machine learning reduces manual audit time to amplify ROI of your static application
security testing initiative.

Provides automated audit results inminutes

Minimizes auditor workload

Prioritizes issues with confidence level

Bilaspur Smart City: Technical Proposal

945
Creates accurate and consistent audit results throughout projects

Audit results at the speed of DevOps; this makes it possible to integrate SCA to build
servers, source code management servers and scan more often with immediate
results.

Reduces the number of issues needing deep manual examination

Identifies relevant issues and removing false positives sooner

Scales application security with existing resources

Fortify ScanCentral enables lightweight packaging on the build server, and provides
a scalable, centralized, Fortify scanning infrastructure to meet the growing demands
of modern development needs from within Fortify Software Security Center.

Flexibility to achieve desired coverage by adjusting scan.

• Improved scanning performance

• Tune for fast scans

• Tune for comprehensive, more accurate

• Restful API/ Swaggerized API

Scalable with on-premise, on demand, or hybrid approaches

MICRO FOCUS Fortify WebInspect

WebInspect scans modern frameworks and web technology with the most
comprehensive and accurate dynamic scanner. The product is easily deployable in
enterprise environments, has exhaustive REST APIs to benefit integration and has the
flexibility to manage security risks either through intuitive UI or run completely via
automation. WebInspect provides the broadest dynamic application security testing
(DAST) coverage and detects new types of vulnerabilities that often go undetected
by black-box security testing technologies.

Product Highlights

Find More Vulnerabilities

WebInspect is a comprehensive dynamic application scanner that has the ability to

crawl modern frameworks and web technology with a comprehensive audit of all
vulnerability classes.

Bilaspur Smart City: Technical Proposal

946
Support for the latest web technologies including HTML5, JSON, AJAX, JavaScript, and
more.

Ability to scan Single Page Applications (SPA)

Test mobile-optimized websites as well as native web service calls.

Provides more details so dev can fix vulnerabilities faster (line of code detail & return
stack trace info back to vulnerability via Fortify WebInspect Agent technology).

Software Security Research team translates cutting-edge research into security

intelligence.

Key Features

Manage Enterprise Application Security Risk

Monitor trends and take action on vulnerabilities within an application.

Save Time with Automation and Integrations

Fully-automated solution that helps meet DevOps and scalability needs. Integrates
with the SDLC without additional overhead to minimize friction in your software
development process.

Compliance Management

Bilaspur Smart City: Technical Proposal

947
Pre-configured policies and reports for all major compliance regulations related to
web application security, including PCI DSS, DISA STIG, NIST 800-53, ISO 27K, OWASP,
and HIPPAA.

Optimize Scan Results with Agent Technology

Get additional visibility and stack trace insight from scanned web applications.
Optimize the scanning process based for both speed and accuracy using this
technology.

Available On-Premise or as a Service

Start quickly and scale as needed on premise or as a service, or as a hybrid.

Key Benefits

Automation with Integration

WebInspect can be run as a fully-automated solution to meet DevOps and scaling

needs, and integrate with the SDLC without adding additional overhead.

REST APIs help achieve a tighter integration and help automate scans and check
whether compliance requirements have been met.

Leverage prebuilt integrations for Micro Focus Application Lifecycle Management

(ALM) and Quality Center, and other security testing and management systems.

Scan RESTful web services: supports Swagger and OData formats via WISwag
command line tool.

Find Vulnerabilities Faster / Earlier

WebInspect can be tuned by variety of controls to find vulnerabilities fast and tune
performance optimized for your application and organizational security exposure.

Enhance scan with agent technology that expands the coverage of the attack
surface and detect additional types of vulnerabilities.

Integrates dynamic and runtime analysis to find more vulnerabilities—and fix them
faster. WebInspect Agent crawls more of an application to expand the coverage of
the attack surface (hidden directories & pages, OATH Authentication, Unused
Parameters/Backdoor, Privacy violation) and detect new types of vulnerabilities that
can go undetected by black-box security testing technologies. IAST follows what is
already entered in the application by functional tests.

Bilaspur Smart City: Technical Proposal

948
Incremental Scans target vulnerability detection in newly generated application
surface. Flexible access to the feature through REST API, GUI, or command line.

Prioritization with advanced technologies:

Run custom policies that are tuned towards high speed with policy manager

Simultaneous crawl and audit

Deduplication: Reduce # of attacks sent, by avoiding scanning the same

class/function in a different part of the app.

Check Avoidance: Reduce # of attacks sent by avoiding sending multiple attacks to

a specific check type if the agent determines the app can handle the attack. Info is
loaded into Fortify Software Security Center (SSC) & used with Fortify Static Code
Analyzer (SCA) scan results where issues are correlated.

Enterprise Ready / Integration

WebInspect offers interactive vulnerability review and retest features that helps the
security team validate issues and regression test fixes from development. The closed
feedback loop from security testing through development improves the overall
security effectiveness across the organization.

Manage application security risk across the enterprise with reports for remediation and
management oversight. Monitor trends and take action on vulnerabilities within an
application. Build an enterprise-wide AppSec program that manages and provides
visibility to your risk profile via dashboards and reports, so you can confirm
remediation, track metrics, trends and progress. WebInspect Enterprise establishes a
shared service to centralize results while distributing security intelligence. Site
Explorer—Standalone allows developers to get rich remediation information and
WebInspect-like views.

Compliance Management with pre-configured policies and reports for all major
compliance regulations related to application security, including PCI, SOC, ISO,
OWASP, and HIPPAA. Customizing existing or creating new policies is supported
through the compliance manager tool.

Flexible delivery model enables a quick start and can scale as needed with an on
premise or as-a-service approach.

MICRO FOCUS Fortify Software Security Center

Bilaspur Smart City: Technical Proposal

949
Micro Focus Security Fortify Software Security Center (SSC) is a centralized
management repository providing visibility to an organization’s entire application
security program to help resolve security vulnerabilities across the software portfolio.
Fortify SSC harnesses the power of application security data across the Software
Development Lifecycle (SDLC) by measuring and improving the efficiency, accuracy,
and value to an organization. It is a platform where users can review, audit, prioritize,
and manage remediation efforts, track software security testing activities, and
measure improvements via the management dashboard and reports to optimize
static and dynamic application security test results. Fortify SSC helps to provide an
accurate picture and scope of the application security posture across the enterprise.

Key Features

Security Fortify SSC Helps Organizations:

Gain visibility to the software risk across an application security testing program

Review, manage, and track security testing activities across the organization

Improve the accuracy of vulnerabilities prioritized by criticality

Harness the power of your collective security scan results

Lower costs associated with development, remediation, and compliance

Reduce systemic risk in software you’re developing, outsourcing, or acquiring

Meet compliance goals for internal and external security mandates

Deliver relevant, consistent, and actionable audited scan results

Key Benefits

Bring security and development teams together to collaborate and resolve security
issues

Streamline the audit process making it more efficient by identifying and validating
results specific to an organization’s preferences

Maintain consistency in auditing and reporting

Boosts productivity by automating application security processes and procedures

Accelerates time to market by ensuring fewer security-related delays

Bilaspur Smart City: Technical Proposal

950
Solution Overview & Assumptions/recommendations

Dynamic Application Security Testing for web services and mobile (IOS and Android)
applications

SCA is for Static Scan is proposed to scan applications

All Machines can be installed as virtual instance

All software’s are standalone and do not introduce any disruption in live traffic so HA
is not applicable.

WebInspect and SCA can be installed on existing machine of the customer (not
provided by OEM or SI) or on separate hardware

OS, Database and Hardware to be provided by Buyer.

Sample architecture

Bilaspur Smart City: Technical Proposal

951
 SSC (Software Security
Center) Server Auditor

Fortify SCA fo r Static code Dynamic Scan reports

scan

Static scan reports

Develpor

Code Repository optional

Security Tester

Fortify WebInspect for

Dynamic scan
CICD Pipeline e.g. Jenkins
optional for automation

WWW / Web Application

serv er

1.11 Privilege Account Management

Logical Connectivity

Note: MFA Server show is not the part of proposed components. It is just representation
to show MFA integration possibility.

PAM

Overview

Bilaspur Smart City: Technical Proposal

952
NetIQ Privileged Account Manager (PAM) helps IT administrators to control and
monitor the administrative access to servers, network devices and databases. The
administrators are allowed controlled delegated access to the systems without
exposing the administrative credentials to these systems. It also provides a centralized
activity log across multiple platforms. The introduction of NetIQ Privileged Account
Manager enriches the NetIQ Identity and Access Management by providing
comprehensive Privileged Identity Management as well as auditing and tracking of
privileged user activities in the organization. PAM provides Shared Account Password
Management (SAPM) and Super User Privilege Management (SUPM) to secure the
privileged accounts in the organization.

Certain situations open potential back doors into systems and increase the likelihood
of a security breach in an enterprise network. For example, when running some
commands that require elevated privileges, users sometimes get exposed to the super
user or root account credentials. Similarly, passwords are often not changed when a
user is no more performing the administrative role.

Privileged Account Manager provides the capability to monitor, audit, and secure the
actions of the users by using a centralized and automated management of privileged
account. Privileged Account manager helps in overcoming the following challenges:

The super user credentials are exposed.

The confidential data is exposed.

There are unrestricted access rights provided to the user.

The identity of the user who accessed a particular system remains unidentified.

Challenges of using privileged accounts

Bilaspur Smart City: Technical Proposal

953
PAM Provides Solution to the Challenges

PAM Features

Privileged Account Manager has several features that makes Privileged Account
Management simple and robust. Following are the main features of PAM:

Managing the Privileged accounts

Controlling administrator access to the Linux, UNIX, Windows, database and

application servers

Bilaspur Smart City: Technical Proposal

954
Managing policies based on roles

Monitoring the Real-time activities of a user using a privileged account

Terminating a suspicious remote session and if required, blocking users from further
initiating the session

Video recording, or Keystroke replay

Active Directory Bridging - User authentication and access control based on user
identity and group membership in the Microsoft Active Directory

Secure Credential Vault which holds the credentials of all the critical servers and
applications

Multi-Factor Authentication and access control using:

Advanced Authentication

Third-party RADIUS supported Multi-Factor Authentication products

Easy policy definition using policy templates

Management of SSH key and other types of keys

Syslog collector which can send critical data from various events to the SIEM system

Multi-tenancy support with the integration of NetIQ Cloud Manager

AAPM support using REST APIs

Geographical control of the audit data using Audit zones

Color coding for the risks based on the specified risk level

Audit Zone for restricting and reducing network traffic

Restricted access to user’s details based on the type of Administrator

Compliance auditing and reporting

Integration with Identity Manager

Integration with Access Manager

Integration with Advanced Authentication

PAM Consoles

There are separate consoles for the users of Privileged Account Manager and the

Bilaspur Smart City: Technical Proposal

955
administrators for Privileged Account Manager.

Administration Console

User Console

Administration Console

The administration console helps the Administrators to manage the hosts, create rules,
monitor the actions, approve or deny requests and define the administrators who can
access Privileged Account Manager and to what extent.

User Console

The user console is displayed through the My Access webpage. The myaccess page
is for the users of Privileged Account Manager to connect to any target server by using
any type of sessions such as, SSH relay, RDP relay, direct RDP and credential provider.
Privileged Account Manager users can get credential information to connect to a
database, or an application server from the My Access webpage. They can manage
and request access to any particular server. The My access page includes three
sections:

Privileged Sessions: This section displays all the policies that are defined for the
Privileged Account Manager user. You can connect to a Windows session from this
page when the policy is defined for you to use the target Windows server. You can
start an SSH relay session by using the command that gets displayed when the policy
for SSH relay session is selected. Also if the policies are defined for database and
application server, you can retrieve the account credentials of the server from this
page.

Emergency access: This section is used in requesting emergency access to a server

for a specific amount of time. If there are no policies defined for the users, the policies
will not be displayed under the Privileged Sessions page hence, users need to request
emergency access. If a user requires to access any server for only a specific time
frame, the user must request for an emergency access. This page includes the request
page, and lists all the requests.

Enterprise Password Checkout: This section includes information about all the
checked out password. The users need to check-in the checked out password by
using this section.

Bilaspur Smart City: Technical Proposal

956
PAM Components

NetIQ Privileged Account Manager uses a Framework as the base layer to provide an
easy-to-use enterprise architecture into which Privileged Account Manager modules
are added to create the necessary problem-solving functionality. The Framework has
several key features:

Provides the core functionality needed to implement secure, enterprise-wide services.

Provides services such as secure and authenticated communication among

components.

Provides integrated databases and logging.

Allows the deployment of Privileged Account Manager modules to Framework hosts

to implement new functionality.

With each module that is installed, an additional console is added to the main
Framework Manager console to allow access to new administration functionality.

Framework Manager

The Framework Manager is the server component of the Framework. It provides a

centralized registry, enabling services and administration of the entire Framework from
any single point on the enterprise network. The Framework Manager is administered
through the Framework Manager console.

The manager modules are installed on the Framework Manager by default. The
modules can also be distributed to other Framework hosts to provide load balancing
and failover for the Framework. If there are multiple occurrences of the same type of
manager installed on the Framework, they operate in primary and backup
roles. Updates to the data controlled by each group of like managers are only
updated at the primary manager.

The default manager modules are:

Administration Manager (admin): Provides the functionality for the Web-based user
interface. Framework consoles can be installed on the Administration Manager and
are used to control product features.

Access Manager (auth): Maintains a list of Framework user accounts and provides
authentication services for the Framework. It needs to be installed with a local Registry

Bilaspur Smart City: Technical Proposal

957
Manager in order to create a secure user authentication token.

Audit Manager (audit): Maintains the repository for all auditing information collected
by the Framework.

Command Control Manager (cmdctrl): Maintains the rule configurations and is

responsible for validating user command requests.

Compliance Auditor (secaudit): Collects, filters, and generates reports of audit data
for analysis and signoff by authorized personnel

Messaging Component (msgagnt): Provides the transport mechanism and interacts

with e-mail servers to provide reporting functionality.

Package Manager (pkgman): Manages a repository for Framework packages.

Registry Manager (registry): Maintains a database of all Framework hosts and

modules. Provides certificate-based registration features for the hosts.

Syslog Emitter (syslogemit): Provides logging of audit information to a syslog server.

Framework Manager

The Framework Manager console is the default user interface for the Framework. It
allows configuration and management of the Framework through a graphical user
interface.

From the Home page, you have access to six administrative consoles:

Compliance Auditor: Proactive auditing tool that pulls events from the event logs for
analysis, according to predefined rules. It pulls filtered audit events at hourly, daily,
weekly or monthly intervals. This enables auditors to view pre-filtered security
transactions, play back recordings of user activity, and record notes for compliance
purposes. In an era of increasing regulatory compliance requirements, the ability to
supply demonstrable audit compliance at any time provides a more secure system
and reduces audit risk.

Bilaspur Smart City: Technical Proposal

958
Framework User Manager: Manages users who log in to the Framework Manager
through role-based grouping.

Hosts: Centrally manages Privileged Account Manager installation and updates,

load-balancing, redundancy of resources, and host alerts.

Reporting: Provides easy access and search capability for event logs and allows you
review and color-code user keystroke activity through the Command Risk Analysis
Engine.

Command Control: Uses an intuitive graphical interface to manage security policies

for privilege management.

Package Manager: Lets you easily update any Privileged Account Manager
application.

Access Dashboard: Lets you manage the requests for emergency access, and view
the details of password checkout. If required, you can check-in the checked out
password.

Framework Agent

The Framework Agent is the client component of the Framework. It is responsible for
receiving and carrying out instructions from the Framework Manager on all hosts. The
following Framework Agent packages are installed on all Framework hosts:

Registry Agent (regclnt): Provides a local cached lookup for module locations. The

Registry Agent queries the Registry Manager when local cached information is not
available or isn’t fresh.

Distribution Agent (distrib): Provides the interface to control the installation and removal

of packages in the Framework. It has methods to install, remove, and list the available
and updatable packages. The Distribution Agent retrieves packages from the local
Package Managers.

Store and Forward Agent (strfwd): Provides a store and forward mechanism for

guaranteed delivery of messages. It is used for various core features such as

replication of the manager databases.

Command Control Agent (rexec): Enables the Framework to control and audit user

commands.

Bilaspur Smart City: Technical Proposal

959
Resource Request for a Privileged Account

A user requests an access to a privileged account within the user application.

A user request object is created in the Identity Vault.

The role and resource service driver processes the new request. The role and resource
service driver starts a workflow, and changes the request status. The approval process
is performed within the User Application. Upon completion of the approval process,
the workflow activity changes the request status. The role and resource driver picks up
the change in the status, and begins to provision the resource, if all of the necessary
approvals have been provided.

The User Object attributes are updated to include the resource binding and approval
information. An entitlement request is made for the PUM Profile. The PUM driver
processes the entitlement and adds the user to the appropriate User Group

Bilaspur Smart City: Technical Proposal

960
PAM Modular Architecture

Workflow for PAM

High Availability

The high availability or failover feature works by using a hierarchical view of the hosts
associated with the Framework.

The hierarchy of hosts is created by using the Hosts console to group hosts into domains
and subdomains, which are representative of your enterprise network structure. This

Bilaspur Smart City: Technical Proposal

961
effectively gives them a chain of command, where they always address requests to
managers in their immediate subdomain before moving along a branch to another
subdomain or parent domain.

To achieve an effective failover environment, at least two Framework Manager

packages must be deployed across the same Framework. The licensing model is not
based on how many managers or agents are deployed, but how many hosts the
Framework is deployed on. This means that there are no restrictions on how many
Framework Manager packages you can deploy.

The Registry Manager controls a database that records the location and status of
each package deployed on each of the hosts within the Framework. A copy of this
information is held at each host by the Registry Agent package that is included as
part of the agent installation. The distributed information is used to calculate the route
to the appropriate manager for requests from any agent registered on the
Framework. The structure of the registry data enables each host to determine which
Framework Manager on the Framework should be the target of requests, and which
Framework Manager to use if there is a failure or withdrawal of the initially selected
Framework Manager.

The failover feature automatically and transparently redirects requests from a failed
or withdrawn Framework Manager to the next available manager of the same
type. The agent automatically connects to a manager that is next in line in
accordance with your defined hierarchy

Load Balancing

The load balancing feature work by using a hierarchical view of the hosts associated
with the Framework.

The hierarchy of hosts is created by using the Hosts console to group hosts into domains
and subdomains, which are representative of your enterprise network structure. This
effectively gives them a chain of command, where they always address requests to
managers in their immediate subdomain before moving along a branch to another
subdomain or parent domain.

To achieve an effective load balancing environment, at least two Framework

Manager packages must be deployed across the same Framework. The licensing
model is not based on how many managers or agents are deployed, but how many

Bilaspur Smart City: Technical Proposal

962
hosts the Framework is deployed on. This means that there are no restrictions on how
many Framework Manager packages you can deploy.

The Registry Manager controls a database that records the location and status of
each package deployed on each of the hosts within the Framework. A copy of this
information is held at each host by the Registry Agent package that is included as
part of the agent installation. The distributed information is used to calculate the route
to the appropriate manager for requests from any agent registered on the
Framework. The structure of the registry data enables each host to determine which
Framework Manager on the Framework should be the target of requests, and which
Framework Manager to use if there is a failure or withdrawal of the initially selected
Framework Manager.

Load balancing means the ability to evenly distribute processing and

communications activity across the Framework so that no single Framework Manager
is overwhelmed by agent requests.

Load balancing is particularly important in situations where it is difficult to predict the

number of requests that are directed to a specific category of manager.

The Framework automatically replicates data from the defined primary manager to
each additional manager that is deployed in the Framework. Replication takes place
automatically when the manager is initially deployed and then again at any stage
when the data on the primary manager is modified.

The following packages can be load balanced:

Registry Manager: Maintains a database of all hosts and modules and provides

certificate-based registration features for the hosts.

Package Manager: Manages a repository for packages.

Administration Agent: Provides the functionality for the Web-based user interface.

Consoles can be installed on the Administration Agent and used to control product
features.

Access Manager: Maintains a list of Framework user accounts and provides

authentication services for the Framework. This package must be installed with a local
Registry Manager in order to create a secure user authentication token.

Command Control Manager: Maintains a database of all defined command control

Bilaspur Smart City: Technical Proposal

963
rules, commands, and scripts.

Benefits of PAM

Centrally define the commands that privileged users are able to execute on any UNIX
or Linux platform, ensuring that only authorized users can perform specific
administration tasks. Delegated administration eliminates the need to distribute root-
account credentials to the entire administrative staff, which lowers the organization’s
risk.

Record administrative activities that authorized IT personnel perform in managing

Windows system resources. Protect systems by knowing what action was taken, who
did it and when it was done.

Intuitive drag-and-drop visual interface makes it easy to create rules that are enforced
across all managed UNIX and Linux systems. Updates and changes are immediately
applied across the entire set of hosts in the enterprise.

An integrated test-suite tool allows administrators to model and test new rule
combinations before committing them to production use. Drag rules into nested
hierarchies and combine with scripting to provide granular control for even the most
demanding environments.

Easily identify security risks. The product analyzes each command as it is typed and
assigns it a risk level from 0 to 9 based on the command, the user who executed it and
the location at which the user executed it.

Demonstrate compliance on an ongoing basis, not just around compliance audits.

Each event is pulled into a powerful audit reporting and management tool— the
Compliance Auditor—that gives auditors enterprise-wide visibility, allowing them to
prioritize responses to any anomalous activity.

Bilaspur Smart City: Technical Proposal

964
1.12 Endpoint Security
Endpoint Security solution is designed to protect physical, virtual and cloud-based
endpoints (desktops and servers) and includes the following products:

• Endpoint Security 11 for Windows – Endpoint protection for Windows desktops

and servers;

• Endpoint Security 10 for Linux – Endpoint protection for Linux desktops and
servers;

• Security 10 for Windows Servers – Endpoint protection for Windows servers and
3rd party ICAP capable systems;

• Security Center 11 – Centralized management for Endpoint Security products.

Security Center is an application aimed at corporate network administrators

and employees responsible for protection of devices in various organizations.
Using Kaspersky Security Center, you can do the following:

• Role-based access control and Microsoft Active Directory Integration

• Create a hierarchy of Administration Servers to manage the organization's

network, as well as networks at remote offices or client organizations.

• Create a hierarchy of administration groups to managSIEDe a selection of

client devices as a whole.

• Manage an anti-virus protection system built based on Kaspersky applications.

• Create images of operating systems and deploy them on client devices over
the network, as well as perform remote installation of applications by Kaspersky
and other software vendors.

• Remotely manage applications by Kaspersky and other vendors installed on

client devices. Install updates, find and fix vulnerabilities.

• Perform centralized deployment of keys for Kaspersky applications to client

devices, monitor their use, and renew licenses.

• Receive statistics and reports about the operation of applications and devices.

• Receive notifications about critical events during the operation of Kaspersky

applications.

• Manage mobile devices.

• Manage encryption of information stored on the hard disk drives of devices

and removable drives and users' access to encrypted data.

Perform inventory of hardware connected to the organization's network

Bilaspur Smart City: Technical Proposal

965
 KSN
Kaspersky Lab Update servers

Network Kaspersky ®

Agent
Workstation Endpoint Security

Network Kaspersky ®

• Management Agent Laptop Endpoint Security

• Updates
• KSN requests
Kaspersky ®

• Events
Security • Reporting
Center

Kaspersky ®

Network Endpoint Security

Agent Linux Server
for Linux

Network Kaspersky ®

Agent Windows Server / Security for

3rd system Windows Servers

Endpoint Security for Windows

Endpoint Security provides comprehensive computer protection against various types
of threats, network and phishing attacks. Each type of threat is handled by a
dedicated component. Components can be enabled or disabled independently of
one another, and their settings can be configured.
The following features are implemented in the application:

• Integrated Endpoint Sensors component of Kaspersky Anti Targeted Attack Platform

(KATA) to provide Endpoint Detection and Response capabilities (EDR):

o IoC scanner

o Incident response tools

o Incident investigation capabilities

• Behavior Detection, Exploit Prevention, Remediation Engine for Servers and Desktops.
This component keeps a record of application activity on the computer and provides
this information to other components to ensure more effective protection of the
computer.

• Shared folders protection from remote encryption.

• Cloud mode for Threat Protection. Light antivirus databases with enabled KSN (require
less RAM and drive space)

• Application control improvements:

Bilaspur Smart City: Technical Proposal

966
o Mixed mode (test mode with blocking rules)

o New KL category – Trusted certificates

• Device control improvements:

o Anti-Bridging (blocks unauthorized commuting between networks)

o Importing/Exporting the list of trusted devices (in xml format which is convenient for
reading/editing manually)

o Simplified next-gen GUI interface and various UX improvements.

• File Threat Protection. This component protects the file system of the computer from
infection. File Threat Protection starts together with Kaspersky Endpoint Security,
continuously remains active in computer memory, and scans all files that are opened,
saved, or started on the computer and on all connected drives. File Threat Protection
intercepts every attempt to access a file and scans the file for viruses and other
threats.

• Mail Threat Protection. This component scans incoming and outgoing email messages
for viruses and other threats.

• Web Threat Protection. This component scans traffic that arrives on the user's computer
via the HTTP/HTTPS and FTP protocols, and checks whether URLs are listed as malicious
or phishing web addresses.

• Firewall. This component protects data that is stored on the computer and blocks most
possible threats to the operating system while the computer is connected to the
Internet or to a local area network. The component filters all network activity
according to rules of two kinds: network rules for applications and network packet
rules.

• Network Monitor. This component lets you view network activity of the computer in
real time.

• Network Threat Protection. This component inspects inbound network traffic for
activity that is typical of network attacks. Upon detecting an attempted network
attack that targets your computer, Kaspersky Endpoint Security blocks network
activity from the attacking computer.

• Application Control. This component keeps track of user attempts to start applications
and regulates the startup of applications.

• Host Intrusion Prevention System (HIP). This component registers the actions of
applications in the operating system and regulates application activity depending on
the trust group of a particular application. A set of rules is specified for each group of
applications. These rules regulate the access of applications to user data and to
resources of the operating system. Such data includes user files (My Documents folder,
cookies, user activity information) and files, folders, and registry keys that contain
settings and important information from the most frequently used applications.

• Device Control. This component lets you set flexible restrictions on access to data
storage devices (such as hard drives, removable drives, tape drives, and CD/DVD

Bilaspur Smart City: Technical Proposal

967
 disks), data transmission equipment (such as modems), equipment that converts
information into hard copies (such as printers), or interfaces for connecting devices to
computers (such as USB, Bluetooth, and Infrared).

• Web Control. This component lets you set flexible restrictions on access to web
resources for different user groups.

• Adaptive Anomaly Control. This component monitors and controls potentially harmful
actions that are not typical of the protected computer.

• AMSI Protection Provider. This component scans objects based on a request from
third-party applications and notifies the requesting application about the scan result.

Security for Windows Servers

Security 10 for Windows Server (KSWS) protects servers running on Microsoft®
Windows® operating systems and network attached storages against viruses and
other computer security threats to which servers are exposed through file exchange.
You can install KSWS on the following servers:

• Terminal servers

• Print servers

• Application servers

• Domain controllers

• Servers that are protecting network attached storages

• File servers – these servers are more likely to get infected because they exchange files
with user workstations.

The application includes the following components:

• Real-Time Protection. KSWS scans objects when they are accessed.

• Server Control. KSWS monitors all attempts to access network file resources, enables
Applications Launch Control, and blocks access to the server for remote computers if
they show malicious or encryption activity.

• RPC-Network Storage Protection and ICAP-Network Storage Protection. KSWS installed

on a server under a Microsoft Windows operating system protects network attached
storages against viruses and other security threats that infiltrate the server through
exchange of files.

• On-demand scan. KSWS runs a single scan of the specified area for viruses and other
computer security threats. KSWS scans server files and RAM and also startup objects.

The following functions are implemented in the application:

• Databases and software modules update. KSWS downloads updates of application

databases and modules from FTP or HTTP update servers of Kaspersky, Kaspersky
Security Center Administration Server, or other update sources.

Bilaspur Smart City: Technical Proposal

968
• Quarantine. KSWS quarantines probably infected objects by moving such objects
from their original location to Quarantine. For security purposes, objects are stored in
Quarantine in encrypted form.

• Backup. KSWS stores encrypted copies of objects classified as Infected or Probably

infected in Backup before disinfecting or deleting them.

• Administrator and user notifications. You can configure the application to notify the
administrator and users who access the protected server about events in KSWS
operation and the status of Anti-Virus protection on the server.

• Importing and exporting settings. You can export Kaspersky Security settings to an XML
configuration file and import settings into Kaspersky Security from the configuration
file. All application settings or only settings for individual components can be saved to
a configuration file.

• Applying templates. You can manually configure the security settings of a node in the
server file resources tree and save the values of the configured settings to a template.
This template can then be used to configure the security settings of other nodes in
Kaspersky Security protection and scan tasks.

• Writing events to the event log. KSWS logs information about the settings of application
components, the current status of tasks, events that occurred during their run, events
associated with KSWS management, and information required for failure diagnostics
in the KSWS operation.

• Hierarchical storage. Kaspersky Security can operate in hierarchical storage

management mode (HSM systems). HSM systems allow data relocation between fast
local drives and slow long-term data storage devices.

• Trusted zone. You can create a list of exclusions for protection scope or scan scope
which KSWS applies to On-Demand Scan, Real-Time File Protection, Script Monitoring,
and RPC-Network Storage Protection.

• Managing permissions. You can configure the rights of managing KSWS and the rights
of managing Windows services that are registered by the application, for users and
groups of users.

1.13 SIEM
SIEM recognizes and understands these challenges and offers evolved SIEM and
threat defense tools and services that help organizations rapidly detect and respond
to threats in this continuously evolving environment. An evolved SIEM accelerates
threat detection and response, provides additional depth of visibility, and
incorporates both threat intelligence and business context to help prioritize threats
and security incidents.

It provides:

• Unparalleled visibility to see threats anywhere

Bilaspur Smart City: Technical Proposal

969
• Capabilities to instantly detect the full scope of an attack

• Business context to enable analysts to rapidly respond to the threats that matter
most

Whether the result of cybercriminals sending phishing or malware attacks through

company emails, nation-states targeting organizations’ intellectual property or
insiders misusing sensitive data, we live in a world where prevention of breaches has
become impossible. Given the speed with which cybercriminals are able to create
and execute new security threats globally, companies must change their approach
to security.

The Platform evolved SIEM empowers security teams to detect and understand the
full scope of a compromise because it analyzes data and behavior across an
organization’s logs, packets and endpoints as well as the behavior of the people and
processes on the network. The solution transforms that data into actionable threat
insights through real-time enrichment with business context and threat intelligence
delivered from a variety of sources. The evolved SIEM creates a unified taxonomy
across the entirety of this intelligent data to accelerate the detection of both known
and unknown threats.

The Platform evolved SIEM features powerful capabilities built on machine learning,
user and entity behavior analytics (UEBA), correlation rules and advanced threat
intelligence. The Platform evolved SIEM provides role-based orchestration and
workflow for threat detection and response activities as well as flexible deployment
models (cloud, virtualized or appliance) to support modern IT infrastructure. This
comprehensive and flexible platform enables the Platform evolved SIEM to
dramatically optimize threat detection and response processes. In an environment
where security expertise is scarce and expensive,

the Platform evolved SIEM makes security analysts far more effective in protecting
their organizations against advanced cyber threats. The Platform evolved SIEM key
capabilities include:

• Single, Unified Platform for All Your Data. It is the only solution that combines threat
detection analytics, log and event monitoring, and endpoint and network visibility
with investigation and threat intelligence capabilities across all your data. With
“dynamic parsing,” the Platform evolved SIEM delivers instant value for new and

Bilaspur Smart City: Technical Proposal

970
unknown sources, without requiring custom parsers or coding.

• Integrated Threat and Business Context. By adding business context to threat

analysis, organizations can prioritize threats based on the potential impact to their
businesses. In addition, intelligence gathered from industry research and
crowdsourced from our customer base and the organization’s own data is fully
aggregated and operationalized at ingestion for faster detection of threats.

• Detect AI is a cloud-based behavior analytics solution that applies unsupervised

machine learning to data captured by the Platform to rapidly detect unknown
threats, no matter where they occur in the attack lifecycle. High-fidelity anomaly
detection empowers your existing security team to work more efficiently and
effectively, with fewer false positives and noisy alerts. continuously tunes the machine
learning algorithms so you don’t have to, and so that Detect AI is ready to reveal
anomalous behaviors quickly and accurately the moment you turn it on.

• Rapid Investigations. The Platform evolved SIEM provides an advanced analyst

workbench to triage alerts and incidents, including an interface designed specifically
for security investigations. Utilizing deep insight into data from across the infrastructure,
analysts can natively and visually reconstruct a network attack or data exfiltration in
its entirety. The evolved SIEM empowers analysts to connect incidents over time to
expose and better understand the full scope of an attack.

• Automation and Orchestration. Orchestrator is a comprehensive security operation

and automation technology that combines full case management, intelligent
automation and orchestration, and collaborative investigation capabilities.
Orchestrator enables SOC analysts to have consistent, transparent and documented
threat investigation and threat-hunting capabilities by leveraging playbook-driven
automated response actions, automatic detection and machine learning powered
insights for quicker resolution, and better SOC efficiency.

• Flexible, Scalable Architecture. By offering a wide range of flexible deployment

options, the Platform evolved SIEM can scale incrementally according to an
organization’s needs and security priorities. Whether deployed as a single appliance
or dozens, partial or fully virtualized deployments, on premises or in the cloud, the
Platform evolved SIEM can support customers’ specific architectures.

• End-to-End Security Operations. The Platform evolved SIEM is the only platform that

Bilaspur Smart City: Technical Proposal

971
unifies analytics, log and event monitoring, and endpoint and network visibility with
advanced threat intelligence and automated incident management to optimize
security operations.

High Level RFP Requirements:

DC-DR Architecture with Active-Passive State

Logs at 20,000 EPS with SAN for Log archival.

Dash Board

Bilaspur Smart City: Technical Proposal

972
Threat Hunting Dashboard

Bilaspur Smart City: Technical Proposal

973
Disaster Recovery (DR)

Disaster Recovery will be the replica of Data centre i.e VMS, Video Analytics, Central
ITMS, FRS & ICCC Software application will be operational from DR site when DC is not
available.

The DR setup will have the Data backup of the data available in the Datacentre. All
configuration data & flagged data will be replicated and copied from DC storage to
DR.

Disaster recovery (DR) site will be with a capacity of 50% load of all DC applications.

It will be connected to IP/MPLS/OFC network and if server room goes down, DC-DR
would remain connected to the network.

Database shall be in Active mode at DC and Passive mode at DR, data consistency
and integrity shall be maintained.

DR will be on cloud as a service will be act as active mode.

In the event of a site failover or switchover, DR site will take over the active role, and
all the requests will be routed through that site. Application.

Website and live application (both external and internal) shall be routed seamlessly
from DC site to DR site

Data Replication:

For redundancy purposes, flagged data of the various systems available at DC (Data
Centre) shall be replicate to DR. This is required to allow all important critical data be
available always in case of disaster of main DC. Proposed VMS Application has inbuilt
capability of replicating the data from DC to DR and DR to DC over IP/MPLS network.
The Data replicated is in the form flagged/critical data, application backup and
configuration data(DB

The replication process can be one-time, continuous (on-going), depends on the

network and bandwidth availability. Minimum time of replication can be configured
to as low as possible

Benefits of Data Replication:

Availability of flagged data at all times

Increase the speed of data access

Bilaspur Smart City: Technical Proposal

974
Accomplish disaster recovery

Does not require two streams from camera or edge devices

1.14 Storage
The smart city proposal of Bilaspur includes several Pan City and Area Based
Development initiatives with a focus on both infrastructure and ICT advancements
across the city and at strategic locations. The strategic focus of the city has been
identified to improve mobility, improve situational awareness, enhance public safety
and security, and introduce data driven decision-making. Components deployed
throughout the city are envisaged to accrue the following benefits for the city of
Bilaspur:

Enable real time monitoring of the various facets of management of Bilaspur Smart
City i.e. Security, Traffic and City Utilities,

Provide capability to respond in a unified manner to situations on ground (both day

to day and emergency situations) by creating a common operational picture for the

Bilaspur Smart City: Technical Proposal

975
relevant

stakeholder.

Provide and manage touch points from all concerned stakeholders during the
lifecycle of various incidents;

Define and manage the Key Performance Indicators (KPIs) for various operational
aspects of the City Management;

Provide capability to conduct analysis for continuous improvement of city operations.

Bilaspur Smart City Limited envisages deployment of following components to achieve
the objectives:

Deployment of various sensors (intelligent traffic signals, surveillance cameras, traffic

enforcement sensors, PA systems, environment and weather sensors) throughout the
city to improve situational awareness;

Development of an integration platform which will facilitate exchange and

aggregation of data irrespective of underlying technology platform of application;

Development of Integrated Command and Control center for improved visualization

of ambient situation in the city and facilitation of data driven decision making

Integration with existing and future ICT systems for smooth operations, monitoring and
management

Below table summarizes the capacity requirement:

For Storage

Storage

# Minimum Storage Requirement TB

1 Primary Storage(J8) 550

2 Secondary Storage(J11) 850

E5700 Series Hybrid Flash Storage Systems

Bilaspur Smart City: Technical Proposal

976
E5700 hybrid-flash storage systems deliver high IOPS with low latency and high
bandwidth for mixed workload applications. It gives you the power to run modern
enterprise applications, such as big data analytics, technical computing, video
surveillance, and backup and recovery reliably and within budget.

The NetApp E5700 Series is built for high-performance and data-intensive bandwidth
applications with enterprise-grade reliability. It offers extreme performance, boosting
IOPS and increasing density with a hybrid system that is ideal for modern enterprise
applications. The E5700 delivers high reliability and greater than 99.999% availability,
often exceeding that when NetApp best practices are followed. It’s easy to install and
use, it’s optimized for performance efficiency, and it fits into most SAN application
environments. The E5700 systems offer excellent price-to-performance efficiency for
enterprises, as well as for small and medium businesses.

The E5700 series is ideal for video surveillance, backup and recovery, technical
computing, databases, and big data analytics. It handles a wide range of application
workloads, from high-IOPS and bandwidth-intensive streaming applications, to mixed
workloads that deliver high-performance storage consolidation. It accomplishes this
by providing the modularity of extreme IOPS, and delivering sub-100 microsecond
response times, and up to 21GBps of read bandwidth and 14GBps of write bandwidth.
The features of the E5700 storage systems—fully redundant I/O paths, advanced data
protection, and extensive diagnostic capabilities—provide some of the market’s
highest levels of availability, data integrity, and security.

The E-Series powers the world’s largest enterprises including:

The world’s second-largest stock exchange

The world’s largest online media cash register

The world’s largest wealth management firms

The world’s largest data warehouse

The world’s largest online store

Bilaspur Smart City: Technical Proposal

977
Thousands of businesses trust NetApp to run their mission-critical applications and to
future-proof their investments. For two consecutive years, NetApp has been named a

Leader in the 2020 Gartner Magic Quadrant for Primary Storage ArraysError! Bookmark
not defined.. The full report is available from NetApp here.

Two Models to Meet Your Requirements

The modular design of the E5700 empowers you to meet performance and capacity
demands without sacrificing simplicity and efficiency by providing:

Unmatched value

Proven simplicity

Flexible interface options

High availability and enterprise reliability

Advanced data protection

Configure each of the two distinct models, the E5760 and E5724 to meet your specific
performance, capacity, and cost requirements.

Figure 9: E5700 series provides a flexible modular system design – Targeted for the
needs of modern enterprise applications.

Unmatched Value

The E5700 hybrid array offers multiple form factors and drive technology options to
best meet your needs. You can realize unmatched value through the flexibility of
E5700’s customized configurations, which optimize performance and capacity
requirements by providing three distinct disk system shelves, multiple drive types, and
a complete selection of SAN interfaces. The ultra-dense 60-drive system shelf supports

Bilaspur Smart City: Technical Proposal

978
up to 600TB in just 4U and is optimal for environments with large amounts of data and
limited floor space. The 2U, 24-drive system shelf combines low power consumption
and exceptional performance density with its cost effective 2.5-inch drives. All shelves
support E5700 controllers, and can be used for expansion, so that you can optimize
configurations to meet targets for performance, capacity, and cost.

The modularity of the E5700 gives you the ability to meet future demands without
forklift upgrades. The system can independently scale to 1.8PB of raw SSD capacity
and 1.0M IOPS of performance or up to 4.8PB of raw HDD capacity and up to 21GBps
of throughput performance.

E5700 is used in application environments such as VMware and in database

management systems like Oracle databases, and Microsoft SQL Server.

“Our customers want to know that consumers are receiving the highest quality media
experience. The NetApp E-Series array is helping us provide this assurance.”

Michael Kadenacy/Founder and CEO, My Eye Media

“NetApp E-Series is compact, modern, and extendable. The technology has a very
high level of maturity and has so far proven to be extremely reliable.”

Dr. Henning Weber, head of System Support, Central Systems Department, DWD

Proven Simplicity

With the modern, on-box, browser-based SANtricity System Manager GUI, you can
simplify deployment and start working with your data in under 10 minutes.

The E5700 hybrid array runs on the SANtricity OS software platform. SANtricity software
gives storage administrators the ability to maximize the performance and the use of
their E5700 through extensive configuration flexibility, custom performance tuning,
and complete control over data placement. The SANtricity System Manager
graphical performance tools provide key information about storage I/O from multiple
viewpoints, so administrators can make informed decisions about configuration
adjustments to further refine performance.

Bilaspur Smart City: Technical Proposal

979
 Figure 10: SANtricity System Manager.

Flexible Interface Options

Utilize a complete set of host or network interfaces that are designed for either direct
server attached or network environments. Multiple ports per interface provide rich
connectivity and bandwidth for high throughput. The interfaces include SAS, iSCSI, FC,
and InfiniBand. The E5700 also supports both NVMe over IB and NVMe over RoCE for
the lowest latency connectivity.

High Availability and Reliability

Keep your data accessible with the E5700’s suite of availability and reliability features.
These include redundant components, automated path failover, online
administration such as nondisruptive SANtricity OS and drive firmware updates, active
drive recovery mechanisms, and user-directed drive data evacuation. The system’s
advanced protection features deliver high levels of data integrity, including data
assurance (T10 PI industry standard) to protect against silent data corruption.

Early detection and resolution of issues is critical to the smooth operation of your
solution. The E5700 provides extensive protection capabilities that include:

Capturing of diagnostic data. Provides comprehensive fault isolation and simplifies

analysis of unanticipated event.

Background monitoring. Proactively scans media and tracks drive health against

Bilaspur Smart City: Technical Proposal

980
defined thresholds.

Integrated Recovery Guru. Diagnoses problems and provides the applicable

procedure to use for recovery.

DDP and RAID 6. Rebuilds drives even when encountering an unreadable sector or
second failure.

NetApp Active IQ®. Provides proactive dispatch and maintenance.

Advanced Data Protection

Dynamic Disk Pools (DDP) technology simplifies the management of traditional RAID
groups by distributing data parity information and spare capacity across a pool of
drives. With the DDP feature, there are no idle spares to manage, and you don’t need
to reconfigure RAID when you expand your system.

The E5700 offers advanced data protection to provide security against data loss and
downtime events, both locally and over long distance. These features include:

NetApp Snapshot™. Create and restore point-in-time copies of datasets in less than a
second to protect against accidental data loss on the local array.

Volume copy. Create a complete physical copy (clone) of a volume for applications
that require a full point-in-time copy of production data.

Asynchronous mirroring. Volume replication over FC or IP long distance to remote site

to enable business operations to continue running no matter what happens.

Synchronous mirroring. Continuous volume replication over FC at campus distances.

Cloud backup. SANtricity Cloud Connector enables flexible and cost-effective

backup and recovery from on-premises storage to the cloud.

Secured Data with SANtricity

NetApp SANtricity drive encryption combines local key management with drive-level
encryption for comprehensive security for data at rest with no impact to performance.
Because all drives eventually leave the data center through redeployment,
retirement, or service, it is reassuring to know that your sensitive data isn’t leaving with
them. Choose to manage the drive authentication keys natively for a simple lowest-
cost solution or use a KMIP-compliant external key manager for centralized
administration.

Bilaspur Smart City: Technical Proposal

981
Management access to the E5700 is protected with role-based access control and
LDAP/Active Directory integration and digital certificate management. The security
administrator manages user privileges and password requirements. The exportable
audit log provides visibility into management actions taken on the array. All
management communication is over https. In addition, SAML support is available to
optionally enable multifactor authentication for further threat protection.

SSD Cache

The SSD cache feature offers intelligent analytics-based caching capability for read-
intensive workloads. Hot data is cached by using higher-performance, lower-latency
solid-state drives (SSDs) in the drive shelves.

DevOps-Ready System

To enable the automation and agility that are required in the DevOps-based IT
revolution, E5700 supports a full-featured on-box REST API, SANtricity Web Services.

Container Microservices

NetApp SANtricity container microservices is a Linux-based Docker Container service

for preapproved OEM partners to embed applications on the E5700.

ENERGY STAR Certified

All E-Series systems utilize 85%+ power supplies, exceeding the EPA ENERGY STAR
requirements of 80% efficiency. The modular E-Series can be configured in tens of
thousands of different energy-efficient configurations. The following configurations are
EPA ENERGY STAR certified:

5724 to 48 drives

5760 to 120 drives

The latest EPA ENERGY STAR certified E-Series configurations, are available on the
NetApp or EPA ENERGY STAR websites.

ASHRAE Compliant

All E-Series systems meet the certification requirements of the American Society of
Heating, Refrigerating and Air- Conditioning Engineers (ASHRAE), a global society that
advances human well-being through sustainable technology for the built
environment.

Bilaspur Smart City: Technical Proposal

982
1.15 DR (Cloud)
Disaster Recovery Centre (Hosted on cloud data centre of any MEITY empaneled
Cloud Service Provider)

All applications need to have high performance clustering (redundancy) within the
Data Centre with automatic fail-over, and redundant data storage in active passive
or active-active configuration as per the high availability targets. The data replication
should be continuous among all the servers and shared storage should not be used.
All mission critical systems must be active-active configurations. Active-passive
configurations may be permissible for supporting applications.

The proposed Cloud Service Provider (CSP) must be an empaneled cloud service
provider by Meity (Ministry of Electronics and Information Technology for Public cloud,
Virtual Private Cloud and Community Government Cloud

Business continuity is the process of analyzing the mission critical components required
to keep your business running in the event of a disaster. Creating an IT disaster recovery
plan is part of the Plan Development step. As part of the multiple steps within business
continuity planning, disaster recovery is only a subset within a larger overarching plan
to keep a business running.

Bilaspur Smart City: Technical Proposal

983
Recovery Point Objective (RPO) A recovery point objective (RPO) specifies a point in
time that data must be recovered and backed up in order for business operations to
resume. The RPO determines the minimum frequency at which interval backups need
to occur, from every hour to every 5 minutes.

Recovery Time Objective (RTO) The recovery time objective (RTO) refers to the
maximum length of time a system (or computer, network or application) can be down
after a failure or disaster before the company is negatively impacted by the
downtime. Determining the amount of lost revenue per amount of lost time can help
determine which applications and systems are critical to business sustainability.

Disaster recovery requires creating a plan to recover and restore IT infrastructure,

including servers, networks, devices, data and connectivity. provides end to end
Disaster Recovery as a Service on Cloud.

Hot DR:

This involves a quick Recovery Point Objective (RPO) and Recovery Time Objective
(RTO). RTO refers to the maximum length of time that your given application can be
offline. RPO refers to the maximum acceptable duration of time during which data
may be lost from your application due to any major incident. Hot DR is ideally used
and absolutely vital for Mission Critical applications such as core financial and banking
applications.

Operating Model of DR

Bilaspur Smart City: Technical Proposal

984
CtrlS uses in-house ticketing tool, MyShift, for the tickets raised by Client business and
end users either in Client ITSM tool or any other Service Management and Monitoring
tools. Following is the proposed operating model:

Business users are provided with various communication channels to raise a ticket. All
the tickets raised by end users will be recorded into the Client tool, which will be
replicated in the CtrlS ’s MyShift tool. For every P1 ticket, Client team raises a bridge
call and troubleshooting will be initiated by CtrlS offshore support team wherever
required. For P2 & P3 tickets, our offshore team handle the tickets. Following figure
depicts the ticket flow:

Bilaspur Smart City: Technical Proposal

985
Hot Site Disaster Recovery is the most expensive yet fastest way to get your servers
back online in the event of an interruption. Hardware and operating systems inclusive
of Applications & Database are kept in sync and in place at Tier 4 Hyderabad data
center facility in order to quickly restore operations. Real time synchronization is
configured to completely mirror the data environment of the Production site using
wide area network links and specialized software.

Following a disruption to the Production site, the DR site exists so that the organization
can relocate with minimal losses to normal operations with the DR site up and running
within a matter of hours or even less.

Warm DR

Focus on applications and infrastructure with a slightly higher RPO and RTO. May
involve non-core banking applications, DMS, MOSS and print and file servers.

Cold DR

This has a slightly higher side of data recovery time compared to the Hot and Warm
DR, involving a higher RTO and RPO. Used ideally for Non Critical applications.

The solution proposed for Bilaspur project is Hot DR which requires stringent RPO & RTO.
The complete solution is proposed on a dedicated private cloud provisioned.

Recovery Strategy for this project is developed for each component:

Bilaspur Smart City: Technical Proposal

986
Physical environment in which data/servers are stored – datacenters are Tier 4
Certified equipped with climate control, fire suppression systems, alarm systems,
authorization and access security, etc.

Hardware – Dedicated Infrastructure inclusive of Networks, servers, devices and

peripherals.

Connectivity – Dedicated Network Connectivity inclusive of Fiber & Copper Cross

Connects. Redundant links to access the infrastructure through Internet & MPLS.

Software applications – As per RFQ requirement only major critical applications are
provisioned on DR is designed by MSI for quick recovery and replication of Application
data from Production DC.

Complete Hardware & Software has been identified inclusive of OS, Database &
Applications to run the complete infrastructure. Determining the Project custom
recovery point and time objectives prepared for recovery success by creating
guidelines around when data must be recovered.

High Availability & Redundant Infrastructure:

Provides High Availability Infrastructure which is a design approach that takes into
account the sum of all the parts including the application, all the hardware it is running
on, power infrastructure, and the networking behind the hardware.

The high availability architecture that reduces the risks of lost revenue and data in the
event of Internet connectivity or power loss – with high availability, SI & its partners can
perform maintenance without downtime and the failure of a single firewall, switch, or
PDU without affecting the overall Application availability for the end customers.

For the High Availability required for this Bilaspur Project, Primary & Secondary Internet
uplinks are considered.

High Availability on the Hardware configured with dual power supplies, dual Network
cards, dual HBA adapters with servers wired to different Network & Storage switches
placed in different racks and the dual switches are dual home to different access
layer routings so there are no single point of failure anywhere in the environment. This
environment will help you recover from a natural disaster such as a flood or hurricane.

Another aspect of this cloud-based disaster recovery that improves recovery times
drastically is full network replication. Replication for the entire network and security

Bilaspur Smart City: Technical Proposal

987
configuration between the production and disaster recovery site as configuration
changes are made saves you the time and trouble of configuring VLAN, firewall rules
and VPNs before the disaster recovery site can go live.

Virtualization/Cloud Computing Disaster Recovery:

With virtualization, the entire server, including the operating system, applications,
patches and data are encapsulated into a single software bundle or server – this
virtual server can be copied or backed up to the DR datacenter from Production and
spun up on a virtual host in minutes in the event of a disaster. Since the virtual server is
hardware independent, the operating system, applications, patches and data can
be safely and accurately transferred from the Production data center to the DR
Datacenter without reloading each component of the server. This can reduce
recovery times compared to traditional disaster recovery approaches where servers
need to be loaded with the OS and application software, as well as patched to the
last configuration used in production before the data can be restored.

Virtual machines (VMs) will be mirrored or will be running in sync at the DR site to ensure
failover in the event that the production site should fail; ensuring complete data
accuracy when recovering and restoring after an interruption.

In order to achieve full replication, managed services for managing the complete
infrastructure is considered in both the production cloud servers and disaster recovery
cloud servers.

Advantages of considering dedicated Private Cloud for DR:

Once the redundancy & compatibility issues between the client’s infrastructures are
taken care off then the DR plan would cover all of the infrastructure needs.

Security is much higher in Private Cloud since only one client to access it. encrypts
data and decides on the authorization procedures used to permit access to the
Private Cloud.

Reliability & Scope of Service is determined from service guarantee is assured and
determined. This is important because when disaster strikes, if services are found
wanting, the problems will rapidly escalate and go out of hand.

The complete standard schedule of testing and suitability can be determined and
ascertained and tested before the actual disaster occurs and ensure that the Private

Bilaspur Smart City: Technical Proposal

988
Cloud Computing for Disaster Recovery will work in a disaster scenario.

The DR plan is money spent upfront and returns are only discernible when disasters
strike, costs consciousness is a priority. Using a Private Cloud offers a highly cost
effective, secure and viable solution to any organization’s Disaster Recovery (DR)
needs.

FAILOVER SCENARIOS:

NORMAL OPERATIONS:

In normal functioning of the primary the DR is not activated and all the users will access
the primary for all the business operations. The Replication to the DR is configured and
will use the MPLS for all the replication purposes. The frequency of the replication is
configured in-line with the RTO/RPO objectives to be achieved.

Bilaspur Smart City: Technical Proposal

989
Disaster Recovery Procedure

PRIMARY SITE ACTIVATION (RESUME TO NORMAL FUNCTION)

Resources are restored back in Production Site is confirmed

Databases sync from DR to Production is confirmed

The user access to the DR to be stopped and users will start using the Production site
for normal operations.

UNDERSTANDING ON REQUIREMENT

The purpose of this Tender is for the Bilaspur Smart City Limited (BSCL) to enter into a

Bilaspur Smart City: Technical Proposal

990
contract with a qualified firm for the Supply, Installation, Configuration, Integration,
Commissioning, Operations and Maintenance of integrated solutions to support the
command, and control centre initiative for smart city initiative of BSCL.

As we understand, smart city is one of the key building blocks to drive economic
growth and improve the quality of life of people by enabling local area development
and harnessing technology, especially technology that leads to Smart outcomes.
Scope of work is limited to offering Disaster Recovery Services from our
Hyderabad/Mumbai Datacenters.

The NOC Team, SOC Team and COE of DR provider will provide

Remote Basic monitoring

First Point of Contact for support requirement.

Subject Matter expert support will be offered by COE’s in following areas

Linux/Windows COE
COE for Hyper Scalar and Virtualization
COE for Storage Management
COE for Backup Management
Network COE for (Load balancers) Admin and Management
Following Systems are taken into consideration for Disaster recovery as per tender
requirement and corrigendum/pre-bid response
ANPR/RLVD/SVD/Wrong way detection 50% of DC
CCTV Surveillance 50% of DC with 7 days continuous recording
ICCC 50% of DC
PA 50% of DC
Adaptive Traffic Control System 50 % of DC
Variable massage display (VMD) 50% of DC
Architectural Diagram

Bilaspur Smart City: Technical Proposal

991
Infrastructure As A Service (Iaas) Components

ITEM SERVICES

Bilaspur Smart City: Technical Proposal

992
 Network

Internet – DDOS

Cross Connect

Network

Compute and Storage

Hypervisor

Storage

Managed Services

OS Admin

AD Admin

Monitoring - Infra

DRM Management until OS layer

Security Services Proposed In The Solution DDos

DDOS will be deployed outside of the external firewall.

Traffic coming from internet will be filtered by the DDOS appliance first.

Bilaspur Smart City: Technical Proposal

993
Genuine traffic will be allowed to firewall. then based on policy traffic will be allowed
to the applications

Host Based Security Services:

HBSS (Host Based Server Security) for Servers helps provide pre-emptive protection
from both local and network based attacks. Single Solution for Windows and Linux
Platforms.

HBSS for Servers will provide the following protection modules.

Server Grade Host Firewall

Server Grade Host IDS/IPS

Server Grade Host Anti Malware

Server Grade File Integrity Monitoring

Log Inspection

Web Application Firewall:

A Web application firewall protects Web servers from malicious traffic and blocks
attempts to compromise the system. It prevents targeted attacks that include cross-
site scripting, SQL injection, forceful browsing, cookie poisoning and invalid input.

The following features and capabilities are provided as part of the service.

Application Attack Protection - OWASP Top 10, Cross Site Scripting, SQL Injection, Cross
Site Request Forgery, Session Hijacking.

Security Services - Web services signatures, XML and JSON protocol conformance,
Malware detection, Virtual patching, Protocol validation, Brute force protection,
Cookie signing and encryption, Operating system intrusion signatures, Known threat
and zero-day attack protection, DoS prevention, Web Defacement Protection.

Vulnerability scanner & Detailed Log Reporting.

Bilaspur Smart City: Technical Proposal

994
1.16 Adaptive Traffic Control System
Introduction

The current traffic control system (TCS) in the metro/non-metro cities of India is
inefficient due to randomness in the traffic density pattern throughout the day. The
traffic signal timers have a fixed time period to switch traffic between different
directions. Due to this, the vehicles have to wait for a long time span even if the traffic
density is very less. Adaptive traffic control system (ATCS) is a traffic management
strategy in which traffic signal timing changes, or adapts, based on actual traffic
demand. This is accomplished using an adaptive traffic control system consisting of
both hardware and software.

The traffic signal timer (TST) can be programmed to be manipulated with the
continuously varying traffic density, the problem of traffic congestion can be reduced
to significantly lower levels. With the advent of the era of IT systems and
communication systems, traffic control has drastically improved. Traffic control
systems have evolved from working in isolation and running fixed time plans to area
wide adaptive traffic control systems. Adaptive traffic control systems that respond to
changes in traffic patterns in real-time belong to the latest generation of signalized
intersection control. They continuously detect vehicular traffic volume, compute
"optimal" signal timings based on this detected volume and simultaneously implement

Bilaspur Smart City: Technical Proposal

995
them. Reacting to these volume variations generally results in reduced delays, shorter
queues and decreased travel times. Adaptive traffic control systems are designed to
overcome the limitations of pre-timed control and respond to changes in traffic flow
by adjusting signal timings in accordance with fluctuations in traffic demand.

Scope

Near half of the world population lives in cities. For many years big cities have faced
the difficulties caused by junctions. Junctions and congestion are the cause of many
other problems, like air pollution, time waste, delays, increased average trip time,
decreased average cruise speed, increased fuel consumption and many others.
These important issues cost a lot to governments in terms of both time and money.
Cities suffer from the well-known problem of fixed-time planning for traffic signals at
intersections.

Design and planning

prepare the solution architecture and design drawings

Seek approval of the designs from the city

prepare the execution plan and get it approved by the city

Prepare work zone safety and traffic management plans

Installation and commissioning

Procure, supply and install vehicle detectors, supply and install controllers and other
required accessories as per the approved design

Procure, supply and install all relevant hardware, like servers and workstations in the
CCC

Connect the signal controllers to the CCC via a suitable communications media

Install the ATCS software in the servers within the CCC

Integrate all components of the system and configure the traffic signal plans at each
of the junctions, for varied operating conditions like peak and off-peak traffic,
weekend traffic, traffic flows during special events etc.

Objectives

Implementing advanced traffic management systems to manage traffic centrally,

Bilaspur Smart City: Technical Proposal

996
while receiving traffic inputs from sensors

optimally configure the traffic signal timings in near real time

Minimise traffic congestion and waiting time

Improve journey time reliability

Ensure smooth movement of emergency response vehicles like ambulances, police

etc.

Manage the movement of VIP vehicles better

Manage Public Transport buses by implementing bus priority and compensation

Improve compliance with traffic rules

The solution

Adaptive Traffic Control Systems are traffic responsive systems that use data from
vehicle detectors and optimise traffic signal settings in an area to reduce vehicle
delays and stops. The objectives of Adaptive Traffic Control Systems are to assimilate
real-time data from multiple sources and build situational awareness of what is
happening across the road network, so as to increase traffic signal efficiency. The
intersection controller can be monitored & controlled from central control for proper
functioning of the entire ATCS.

Functioning

The proposed system adapts the traffic signal timer according to the random traffic
density using image processing techniques. This model uses high resolution cameras
to sense the changing traffic patterns around the traffic signal and manipulates the
signal timer accordingly by triggering the signals to the timer control system. The
increase and decrease in traffic congestion directly depends upon the control on the
flow of traffic, and hence, on the traffic signal timer. Due to this phenomenon, the
vehicles have to face an irregular delay during transit in the urban areas. At present,
the traffic control systems in India, lack intelligence and act as an open-loop control
system, with no feedback or sensing network. The aim in this work was to improve the
traffic control system by introducing a sensing network, which provides a feedback to
the existing network; so that it can adapt the changing traffic density patterns and
provides necessary signals to the controller in real time operation. Our major objective
is to optimize the delay in transit of vehicles in odd hours of the day.

Bilaspur Smart City: Technical Proposal

997
The objective is to design an intelligent traffic signal control system algorithm with the
use of sensing devices and image processing systems. The captured images were to
be processed in real time using an image processing toolkit and various parameters
have to be calculated to estimate the density of vehicle traffic in all four directions.
The controller has to execute the developed algorithm on the traffic signal timer to
vary its time period.

This autonomous control system consists of four major entities,

High resolution imaging device.

Image processing tool

Microcontroller based traffic light timer control.

Wireless transmission.

A holistic traffic management

system approach is proposed for
Bilaspur. A two-tiered ATCS
solution suite will be put in place
to mitigate congestion in Bilaspur.
The solution consists of a tactical
traffic control layer and a
strategic traffic control layer that
are tightly integrated together to
fulfil the requirements outlined in
the tender document. The
tactical traffic control layer
optimises traffic signal timings across the system on a second by second basis, using
traffic detector data. On the other hand, the strategic traffic control layer allows
traffic managers to perform what-if scenarios using a combination of short term traffic
state prediction models and city-wide traffic simulation models, to choose
appropriate intervention measures during incidents and events that affect the traffic.
The solution architecture of the system is as per the following image.

ATCS Solution Architecture

The Adaptive Traffic Control System has the following building blocks:

Bilaspur Smart City: Technical Proposal

998
Intelligent traffic signal controllers

Vehicle detectors/actuators

ATCS application software

Traffic management centre

Communication network

Solution Overview

Bilaspur Smart City: Technical Proposal

999
Adaptive Traffic Control Systems are traffic responsive systems that use data from
vehicle detectors and other sources to modify signal configuration thus optimising the
road network over a corridor by reducing vehicle delays and stops. The objectives of
Adaptive Traffic Control Systems is to improve travel time by progressively moving
vehicles through green lights and reduce congestion by creating smoother flow. The
traffic signal controller can be integrated with ICCC through a communication
network so that the junction can be controlled from the central server as well to
monitor the functioning of the system.

A holistic traffic management system approach is proposed for Bilaspur. A two-tiered

ATCS solution suite will be deployed as a part of a traffic related solution in Bilaspur.
The solution consists of a real time tactical control layer and a strategic management
layer that are tightly integrated together to fulfil the requirements outlined in the
tender document. The real time tactical control layer optimises traffic signal timings
across the system over a period of five cycles, using traffic detector data. On the other
hand, the strategic management layer allows traffic managers to perform what-if
scenarios using a combination of short term traffic state prediction models,
customized junction reports and city-wide traffic simulation models, to choose

Bilaspur Smart City: Technical Proposal

1000
appropriate intervention measures during incidents and events that affect the traffic.

The solution architecture of the system is as per the following image.

Adaptive Traffic Control System Modules

Adaptive Traffic Control System herein after referred as ATCS primarily has three main
modules which are responsible for the functioning of the entire system:

Intelligent traffic signal controllers

Vehicle detectors

ATCS software

Traffic Management Center

Traffic lights

Communication Network

Bilaspur Smart City: Technical Proposal

1001
 ATCS
Software

Vehicle
Detectors

Intelligent Traffic
Signal
Controllers

Intelligent traffic signal controller

The traffic signal controller (ITSN) is the unit that is deployed at each junction and it
controls the traffic signal lamps in real-time. The controller is flexible and easy to
configure with significant interoperability. The controller shall support the required
number of phases and stages for operation during different times of the day and day
of the week and for special day types. The controller takes queue inputs from the
vehicle detector and optimizes signal timings. The pedestrian phase signal can be
configured for flashing red or flashing green aspects during pedestrian clearance. It
has the option of having a keypad for manual control. It shall be possible to operate
the filter green (turning right signal) along with a vehicular phase. The controller has
five modules:

Signal control module that would host the signal control programs. This module can
be programmed using a detachable LCD terminal. The module has built-in non-
volatile memory to store the configuration data and signal control programs. As the
entire system is dependent on maintaining reliable time, the module is equipped with
crystal-based real-time clock (RTC). The module can also update time using an add-
on optional GPS unit. Further, when the controller is connected to the central ATCS
server, the time is updated using a Network Time Protocol (NTP) service on the ATCS
server. This module can perform basic operations like running the signals in auto mode,
manual operations of the signal, turning the signals to flashing mode and turning the
signals on/off.

Traffic intelligence module (TIM) that would enable the signals to be connected to

Bilaspur Smart City: Technical Proposal

1002
the ATCS server and to run local traffic control logic during periods of communication
failure with the ATCS server. The module communicates with the ATCS server over
TCP/IP via Ethernet on a managed leased line network or any other appropriate
stable communication network. As the amount of information that is exchanged is
very low, a low-bandwidth communication network may also be employed. This
module can support a 16GB memory card and can thereby store a large number of
additional traffic signal control programs. The module can directly get the detailed
traffic data detector data over TCP/IP and send it back to the ATCS server. It can also
use the traffic data locally to optimise signal timings.

Lamp switching module that would actually control the traffic signal lamps. The ITSN
controller uses a solid-state relay-based switching module to control the traffic signal
aspects. This module acts based on instructions received from the signal control
module. Based on the ambient light conditions, the module will adjust the intensity of
the current flowing to the signal aspects. This module will allow connections with
additional optional attachments like a buzzer to alert the visually challenged
(disabled friendly), when it is safe to walk.

Signal health monitoring module that would monitor the health of the lamps and also
monitor lamp state conflicts. It is possible to define all conflicting phases for the
junction. This module will constantly monitor the health and turn off the controller, in
case of any major faults like short circuits or current leakage. If the module detects
any lamp state conflicts, it will set the controller to a flashing Amber state.

Police control module that would enable the police to take control and manually
regulate traffic during emergencies. This module essentially has a mode selector
button (auto/manual), hurry calls for the auto mode and a manual advance button
for the manual mode. The module is provided in a lockable panel, with keys provided
to authorised traffic police personnel.

Vehicle detector

To make the traffic signals adaptive, it is essential that the demand on each of the
approaches is known. Typically, internationally, inductive loops are used to detect
vehicles. However, as traffic in India has no lane discipline and is heterogeneous,
inductive loops have not been really useful. To avoid these pitfalls with inductive loops,
video based traffic detection is being proposed. Virtual loops are defined within the

Bilaspur Smart City: Technical Proposal

1003
camera and a trigger is generated, whenever a vehicle is detected. These triggers
would be processed and fed into the ATCS application. As the tender specifies
counting of vehicles, it is proposed to deploy the detectors at the stop-line depending
on the junction layout and the requirement of other ITMS systems at the junction. The
proposed vehicle detection system is capable of yielding as required accuracy of
counts in non-lane based mixed traffic flow under all light and weather conditions.
The detector that does not change its status at least once during a stage execution
will be notified to the Central Computer (in ATCS mode) at the termination of the
associated stage.

ATCS Application Software

Bilaspur Smart City: Technical Proposal

1004
The ATCS software is the central server application that connects with all the traffic
signals and hosts the traffic control algorithm. The software would have the following
modes of operations:

Manual Control: In this mode, the traffic managers can operate the signals remotely
to manually select any particular stage to display for a particular junction of a
particular group of junctions. This mode would also enable them to manage the
movements of selective vehicle (fire engines, ambulances and VIP vehicles) as and
when needed

Fixed-time Control: In this mode, the operator can define a fixed signal plan that
would run automatically, once set, for a particular junction or a group of junctions.
Additionally, they will be able to define a sequence of signal plans that would be set
based on the time of day.

Vehicle Actuated Control: In this mode, the signals would run a signal timing plan that
is governed by vehicle detection. A semi-actuated control & stage skipping control
can also be provided along with this module. Vehicle actuated control can also be

Bilaspur Smart City: Technical Proposal

1005
modified to have fixed cycle length.

Area Traffic Control: In this mode, the signal timing plans are assigned centrally by an
optimization algorithm. Two types of control exist:

Tactical control

The software uses a dynamic signal timing plan selection system using near-real-time
traffic count data. Traffic signal plans for various times of the day and for varied traffic
conditions would be defined in the software, through its web-based user friendly multi-
user system with role-based access control. Users can access the software from any
location that is connected to the server and configure the ATC system. The software
will also identify the congestion levels at each junction. When doing this, the software
automatically determines priority corridors based on travel demand and synchronize
signal timings along the identified corridors. When high demand corridors intersect,
the corridor with higher demand will get priority. The signal timings at the critical
junction will be used as the group cycle time. Additionally, the users can define rules
within the rule engine to incorporate any custom requirements for traffic control. The
system performance in terms of performance indices and the associated signal
timings plans are Stored for future statistical analysis. The analysis would enable traffic
managers to understand the effectiveness of the plans against the traffic.

Bilaspur Smart City: Technical Proposal

1006
Strategic control

The software uses a calibrated and validated transport models on SUMO for different
times of the day such as the AM peak, PM peak, inter-peak and off-peak. The
model would use estimates of the predicted state of the network in near real-time and
run simulations using the SUMO models. An optimizer works alongside SUMO to
determine the best timing plans. This modelling asset will form the foundation of a
number of strategic traffic management functions. This would allow traffic managers
to perform what-if analysis on pre-defined traffic management strategies, using the
in-built modelling techniques. The software can also be linked with offline modelling
tools for offline optimization of traffic signal plans on an on-going basis and for
preparing special signal plans during planned events.

Bilaspur Smart City: Technical Proposal

1007
The ATCS algorithm provides real time prediction capabilities for traffic flow
parameters. To improve those predictions, data from other available sources (such as
GPS data of buses, ambulances, etc.) will be used and advanced data fusion
algorithms will be employed. The predictions are used to assess different strategies in
order to reduce congestion, delays, emergency response time to events, etc., in
near real-time. The algorithm optimises signals using pre-defined KPIs to decide
between different strategies. Data from other third party sources can also be used
to further optimise offsets.

The green corridor function can be used by selective vehicles (e.g. VIP, fire engines,
ambulances, police vehicles etc.) equipped with a GPS device to enter a priority
route into the system. The system then will provide the selective vehicle priority at
signals on the entered route and facilitate faster movement of the vehicle on the
planned route. This functionality is achieved by matching the live GPS location of the
vehicle with the entered route, estimating the arrival time of vehicles at signals en
route and adjusting signal timings such that the delay for vehicles at the signals are
minimised.

The system has inherent capabilities to provide transit signal priority. However, for that
function, either real-time GPS data of the position of buses or any bus identification
mechanism shall be made available. It can also be integrated with other subsystems
such as VMS and PA systems, if they are deployed, thereby allowing traffic managers

Bilaspur Smart City: Technical Proposal

1008
to manage traffic through an integrated platform. The VMSs can be used to provide
strategic routing information, travel time information, information on planned road
work, planned and unplanned events etc,.

The software runs on the LINUX platform and uses the open source MySQL/ other DB
as its database. The software maintains a historic database for traffic counts, signal
time plan execution, system performance, fault reports, error logs and system logs and
generates reports on demand. It also graphically presents signal plan execution,
traffic flow at the intersection, time-space diagram for selected corridors and the
network status. The ATCS software will store traffic count data, estimates and forecasts
of traffic flows, estimates of queue lengths and other traffic parameters from the traffic
detectors and the traffic simulation model and provide reports about them, on
demand. All fault records for all connected devices, including the VMSs and PAs will
be stored in the database. All faults which have been identified will be open until they
are resolved and closed by the concerned person. The time that a device is at fault
is automatically computed by the system and stored. All data that is collected and
stored can also be seamlessly integrated with other control applications through easy
to use APIs, employing UMTC XML or Dater-II protocols.

The ATCS application software shall be divided into two module with the following are
the expected capabilities of the individual modules:

Module 1: Real Time Traffic Prediction Capability

Shall provide a decision support tool for assessing strategies to minimize congestion,
delays and emergency response time to events via simulation and planning tools liked
with real time traffic data fusion and control of traffic signalling infrastructure on
ground.

Shall collect continuously information about current observed traffic conditions from
a variety of data sources (like Bus GPS data, parking data, mobile phone data etc.

Shall infer a coherent and comprehensive observed traffic state (speeds, vehicular
densities, and presence of queues) on all network elements, from above mentioned
observations, including vehicle trajectories, through a number of map matching, data
validation, harmonization and fusion processes.

Shall have a Graphical User Interface (GUI) to be able to display traffic state along
the observed and unobserved parts of the network through GIS maps (It is in process

Bilaspur Smart City: Technical Proposal

1009
of implementing an enterprise GIS System). The bidder is expected to create a layer
of edge equipment within that GIS platform and integrate with ATCS modules of the
transport network and must be able to display traffic flow, building of queues, delays,
location of traffic signals and junctions, key Points of Interests (POI), Variable Message
signs etc. In addition, the GUI must be: map.

Should be interoperable across multiple platforms and key graphical results and MIS
must be made available across the Web Graphically present time-space diagram for
selected corridors on desktop

Graphically present signal plan execution and traffic flow at the intersection on
desktop Shall have the ability to predict, forecast and estimate the traffic pattern
across the signals over the near term future (e.g. T+5, T+10, T+15, T+30 mins … T + 1
hour)

Shall extrapolate the measurements made on a limited number of junctions and arms
along the rest of the unmonitored network, and obtain an estimation of the traffic
state of the complete network and the evolution of this traffic state over the near term
future (e.g. T+5, T+10, T+15, T+30 mins … T + 1 hour)

Shall be able to forecast the traffic state with respect to current incidents and traffic
management strategies (e.g. traffic signal control or variable message signs),
improving the decision making capabilities of the operators even before problems
occur Shall provide customizable estimates of Key Performance Indicators (KPI) for
alternate traffic management strategies to quickly assess the results

Shall provide calculated traffic flows estimation and forecast, queues and delays to
Urban Control and Adaptive Traffic Control Systems, allowing for proactive Traffic
Management and Control.

To raise alerts to the operator that trigger on customizable conditions in the network
(starting with simple drops in flow, up to total queue lengths along emission sensitive
road surpassing a definable threshold); To distribute both collected and calculated
traffic Information via a variety of communication protocols and channels, ensuring
high interoperability degree and thus acting as a “traffic data and information hub.

Shall include a traffic data warehouse (for minimum 5 years) for all historic traffic
information gathered from the hardware installed on the road network. Bidder to
propose how data storage requirements could be minimized using consolidation

Bilaspur Smart City: Technical Proposal

1010
techniques.

Shall operate in real time that is continuously updating the estimates on the state of
the network and the travel times on the basis of data collected continuously over
time.

Shall operate the traffic lights with the adaptive traffic controls, based on the current
and Forecasted traffic demand and the current incidents, thus optimizing the green
waves continuously throughout the network

Shall be possible to interface the ATCS with a popular microscopic traffic flow
simulation software for pre and post implementation analysis and study of the
proposed ATCS control strategy.

Module 2: Adaptive Traffic Control System

To operate the traffic lights with the adaptive traffic controls, based on the current
and forecasted traffic demand from the above Real Time Traffic Prediction Tool
including the current incidents, thus optimizing the green waves continuously
throughout the network.

Enable a smart public transport priority respecting the delays for all road users at once
with the adaptive signal controller. To have the capability to integrate with Bus GPS
data to identify oncoming buses at the junction and be able to provide priority
clearance of buses.

Identify the critical junction (Master Junction) for each of the defined corridor or a
region based on maximum traffic demand and saturation.

The critical junction cycle time estimated shall be used as the group cycle time i.e.
cycle time common to all intersection in that corridor or region.

Stage optimization to the best level of service shall be carried out based on the traffic
demand.

Cycle optimization shall be carried out by increasing or decreasing the common

corridor cycle time based on the traffic demand within the constraints of Minimum
and Maximum designed value of cycle time.

Offset correction shall be carried out to minimize number of stops and delays along

Bilaspur Smart City: Technical Proposal

1011
the corridor for the priority route and for the adjoining road network at once. Offset
deviation shall be calculated with a traffic flow model based on the distance, traffic
demand and speed between successive intersections and be corrected within 5
Minutes maximum.

The system shall have provision to configure priority for upstream signals as default. The
ATCS software shall continuously check the traffic demand for upstream and
downstream traffic and automatically assign the priority route to the higher demand
direction.

The system shall use optimization algorithms that minimize a function based on the
delays, number of stops and queue lengths simultaneously, using a traffic flow model,
thus providing a true optimum for all road users.

Develop appropriate stage timing plans for each approach of every intersection
under the ATCS, based on real time demand and the predicted traffic flow values
from the traffic flow mode

Propose timing plans to every intersection under the ATCS at least every five minutes.
Calculate the current queue lengths for each approach that has detection cycle-by-
cycle based on the succession of time gaps between cars.

Adjust the proposed timing plans second-by-second according to the current and
past detector states and the current queue lengths for every intersection under
detection.

Enable transit signal priority with minimal disruption of car traffic, dependent on
predefined weights for public transport vehicles in comparison to individual traffic. In
order to decrease the workload for operation and maintenance, each supply item
(road network, lanes, signals and detectors) shall be supplied just once, so that the all
macro and microscopic traffic models and the microscopic traffic flow software used
for calibration and verification of the ATCS share the same supply.

Shall provide calculated traffic flows estimation and forecast, queues and delays to
Urban Control and Adaptive Signal Control Systems, allowing for proactive Traffic
Management and Control. Such estimation will be updated at least every 5 minutes
or less, and will not be based on a machine learning approach that would not provide
enough flexibility in case of unexpected events.

Bilaspur Smart City: Technical Proposal

1012
Should be able to route emergency vehicles to minimize the impact of events on the
travel time of emergency vehicles.

Shall be able to export the calculated traffic flow data continually to a multi-modal
journey planner that allows all internet users in the city to find the best route with each
traffic mode based on the current travel times in the network.

Identify Priority routes and synchronize traffic in the Priority routes.

Manage and maintain communication with traffic signal controllers under ATCS.

Maintain database for time plan execution and system performance.

Maintain error logs and system logs.

Generate Reports on request.

System Reports

Reporting is one the vital aspects of the ATCS system. All fault records for all connected
devices, including the VMSs and PAs, will be stored in the database. All faults which
have been identified will be open until they are resolved and closed by the
concerned person. The time that a device is at fault is automatically computed by
the system and stored. All data that is collected and stored can also be seamlessly
integrated with other control applications through easy to use APIs, employing UMTC
XML or Dater-II protocols. The software provides the following reports by default:

Bilaspur Smart City: Technical Proposal

1013
System shall generate Corridor based and Intersection based reports. The application
software shall generate the following reports, but not limited to the below. All the
reports shall be possible for selected dates.

Intersection based reports

Stage Timing report – The report shall give details of time at which every stage change
has taken place. The report shall show the stage sequence, stage timings and stage
saturation of all stages of all cycles for a day. The saturation is defined as the ratio
between the available stage timings to the actual stage timing executed by the
traffic signal controller for the stage (stage pre-emption time).

Cycle Timing report – The report shall give details of time at which every cycle has
taken place. The report shall show the cycle sequence and cycle timings for all the
cycles in a day.

Stage switching report – The report shall give details of time at which a stage switching
has taken place. The report shall show the stage sequence, stage timings and stage
saturation for a day.

Cycle Time switching report – The report shall give details of time at which a cycle
switching has taken place. The report shall show the cycle sequence and cycle
timings for the cycle in a day.

Bilaspur Smart City: Technical Proposal

1014
Mode switching report – The report shall give details of the mode switching taken
place on a day.

Event Report - The report shall show events generated by the controller with date and
time of event.

Power on & down: The report shall show time when the master is switched on, and last
working time of the master controller.

Intensity Change – The report shall show the brightness of the signal lamp is changed
according to the light intensity either manually through keypad or automatically by
LDR with time stamp.

Plan Change – The report shall show the time of change of plan either through keypad
or remotely through a PC or Server.

RTC Failure – The report shall show the time when RTC battery level goes below the
threshold value.

Time Update – The report shall show the time when the Master controller updated its
time either manually through keypad, automatically by GPS or through remote server.

Mode Change – The report shall show the time when Master controller’s operating
mode is changed either manually through keypad or a remote server. The typical
modes are FIXED, FULL VA SPLIT, FULL VA CYCLE, FLASH, LAMP OFF and HURRY CALL.

Lamp Status Report – The report shall show lamp failure report with date and time of
failure, color of the lamp and associated phase.

Loop Failure Report – The report shall show the date and time of detector failure with
detector number and associated phase.

Conflict – The report shall show the conflict between lamps (RED, AMBER, GREEN) in
the same phase or conflict between lamps with other phase.

Corridor Performance Report – The report shall show the saturation of all the
intersections in a corridor for every cycle executed for the corridor and the average
corridor saturation for a day.

Corridor Cycle Time Report – The report shall show the Corridor cycle time, Intersection
cycle time, Mode of operation and degree of saturation of all the intersections in a
corridor for every cycle for a day

Bilaspur Smart City: Technical Proposal

1015
Also, the Graphical User Interface will have following features/screens for operating
and managing the system effectively:

User login
Zoom and navigate with ability to interact with objects on the map
Interoperability across multiple platforms
Network Status Display
Traffic Flow Display
Saturation Snapshot
Reports Printing / Viewing
Time-Space Diagram
Corridor Plots - Junctions will be plotted proportional to their distance on Y-axis and
time elapsed for the stage in seconds on X-axis. Option to available to plot the time-
space diagram from history will also be there.
Coloring Schema: Currently running stage and completed stages shall be identified
with different colors.
Average Speed lines - For stages identified for synchronization to the nearest
intersection in both directions.
Freezing/Resume of Time-Space diagram
Any additional customization is also possible, as the software is extremely modular.
Traffic Management Center (TMC) or Central Control Room

Central Control Room has all hardware and facilities required to manage the ATCS.
All the traffic signal
controllers are in
continuous
communication with
the central room
control software. An
API that would have
near real-time
information on the
state of the network
and any system
generated alerts
about the network
would be made

Bilaspur Smart City: Technical Proposal

1016
available for integration with other systems and for third party mobile application
development. The API would be hosted on the servers in the

Control room. As part of the solution, a mobile app for Android would be built.
Information the state of the network will be provided through this app and will also be
replicated on a link of the website for the city. The UI/UX for the mobile app and
website for traffic will be in line with the UI/UX of the mobile app and website being
developed as part of the smart city.

Communications Network for ATCS

The communication network is the intermediate part which helps to communicate

between the central control station and remote end junction controller. After
analyzing the overall traffic flow in a corridor or a in a city the central control station
updates the time plan to each and every junction controller through this UDP Internet
Protocol based network communication link. Communication network forms the
backbone for any ATCS solution. ATCS solutions rely extensively on interconnected
signals and 3G/4G connectivity with the ATCS application at the control centre. Real-
time data (like vehicle detection, stage timing, mode of operations, events, etc.) that
the controller receives will be continuously sent to the software through an
appropriate stable communication network. The communication between ATCS and
traffic signal controllers on street uses industry standard UTMC/UG405 protocol.

Integration Approach

The integration of the proposed solution follows the widely accepted industry

Bilaspur Smart City: Technical Proposal

1017
standard protocols. The on-field hardware communicates with the ATCS central
application using UG405 protocol over TCP/IP. The ATCS controller integration with the
ATCS central application will also enable the remote management and control of the
junction. The detector data will also be populated in the predefined tables in the
application. This integration will also enable the network management module which
will inform the availability of the on-ground hardware.

The ATCS central application will also be further integrated to the central command
and control software. The key parameters of the ATCS system such as availability,
current mode of operation, performance, etc. will be passed on the CCC by using
industry standard UTMC/XML APIs. The APIs can also be customized as per the city
requirements.

Key Differentiator

The proposed solution is an optimized & technically enhanced solution. The proposed
solution apart from generating counts at each approach, can also provide
classification into 3 categories (2-wheeler, light motor vehicle and heavy motor
vehicle).

The proposed solution is also highly customizable. Various control strategies will be
tested and reconfigured to provide the best traffic management system for Bilaspur
city. The control room application will eliminate the need of going to on-ground to
manually override the system, by providing a manual control option in the control
room. The role-based login will ensure the safety of the system. The system is capable
to provide selective vehicle priority and compensation for emergency vehicles, VIP
vehicles, public transport buses, etc. In addition, a mobile application for emergency
vehicle is being offered for getting priority at traffic junctions. The proposed system
can also provide the traffic conditions information to the citizens.

Advantages of ATCS Solution

Based on the results of various case studies the proposed solution possesses the
following advantages over the conventional fixed time signal system.

Reduction in travel time through signal synchronization

Bilaspur Smart City: Technical Proposal

1018
The solution allows signal coordination when junctions are closely spaced to enable
vehicle movement in one predominant direction to get continuou green. This will
reduce delays and travel time and increase throughput. This will also reduce the
average number of stops per vehicle.

Assign appropriate stage duration based on vehicle detection

Junction running on vehicle actuation mode uses gapout logic which means if no
vehicle is reported by the detectors during a stage for a consecutive number of
seconds defined by the threshold parameter, the stage is terminated and the signal
will move to the next stage in the plan. This will assign the unused green time to the
approach with maximum traffic for smoother traffic flow.

Summary

Bilaspur Smart City: Technical Proposal

1019
To summarize, we are proposing a robust solution with the following features:

Extremely flexible solution for defining traffic management rules

Traffic demand information is used to create base plans and in defining the rules

External API to share real-time traffic information

1.17 Traffic Enforcement System (ANPR, RLVD, SVD, Wrong Way)

Bilaspur Smart City intend to implement Traffic Enforcement System (TES) i.e. Traffic
Violation Detection System as part of ITMS solution which includes Red Light Violation
Detection, Wrong Way Driving Detection, Speed Violation Detection, to be installed
at proposed locations, for the monitoring of traffic violations in near real time,
generation of E-Challan, hotlist vehicle management & generation of reports etc.

We understand the requirement and could draw the following objectives out of the
requirements:

To maintain Law & Order.

To improve Traffic Management.

To help in enforcing compliance to traffic rules and prosecute the violators.

To provide best possible traffic routing.

To optimize traffic junction signals & disseminating the traffic information, guidance
and awareness to the citizens and road users.

Proposed Solution

We propose the following solution and architecture to meet the requirement laid
down in the RFP. The offered solution is for Traffic Enforcement System aims to improve
the efficiency and effectiveness of the traffic system to provide a secure and pleasant
road experience to citizens.

The offered Traffic Enforcement System aims to improve the Traffic discipline and
pleasant road experience to citizens.

The offered system is indigenously designed and developed for Indian scenario by
considering, police department’s functional requirements with respect to record
ANPR data for all vehicles and to generate E-Challan for vehicle doing infractions such
as Red Light Violation Detection, Wrong Way Driving Detection, Speed Violation etc..

Bilaspur Smart City: Technical Proposal

1020
This system also helps to replace tedious manual processes to track, regulate and
analyze vehicle movement on roads, and to enforce traffic rules for safety of citizens
and their properties. It acts as a decision support system for traffic planners and traffic
law enforcement agencies.

The system can detect all the vehicles whether it is a two wheeler or four wheeler
during all the phases of Signal at Traffic Junctions. Vehicles can be categorized in 3
categories (2-3 Wheelers, LMVs and HMVs).

Following is the list of the proposed TES components to meet the RFP requirements:

Red Light Violation Detection System

Speed Violation Detection (SVD) System with Average Speed

Automatic Number Plate Recognition

E-Challan System

TARS (Traffic Accident Reporting System)

Bilaspur Smart City: Technical Proposal

1021
OVERVIEW

EnVES EVO MVD RED is a fully digital system that photographs red light violation and
speed enforcement.

This device has various functions. Firstly, it permits the detection of the violations, and
secondly it guarantees the acquisition of the images unmistakably documenting the
infraction. Moreover, the system allows to check the associated data using digitalized
images of the vehicle that committed the infraction. Such images, through specific
systems of information treatment, ensure the reliability of the violation check and allow
the eventual infraction control to the vehicle’s owner.

Features useful for installation:

Red Light Violation (RLVD)

Stop line Violation

Wrong Direction Violation

EnVES EVO MVD RED has been planned so as to guarantee a minimum environmental
impact, energy saving, the reduction of the architectural impact, the effectiveness
and the rigor in the identification of the violations, the respect of the Privacy Rule and
a flexible and economic management.

The system documents all infractions and is already in use with various enforcement
authorities. The system can be installed either in fixed installations.

The system has the following characteristics:

it is totally digital and, thanks to a telematic link, the operators can acquire directly
the images of the infraction

it does not contain elements that could potentially disturb the citizen. For this reason,
the sensors aimed at the individuation of the transit are passive and do not require
maintenance work, while the apparatuses do not have a flash device

at junctions it can clearly document all the infraction dynamic including the events
preceding and following the infraction itself, through photograph sequences and
movies

it works effectively in any environmental condition, even at night

it is an “auto regulating” system, that avoids the payment of undue sanctions in case

Bilaspur Smart City: Technical Proposal

1022
of unlucky and discriminating conditions for the driver.

It is a completely automated system able to recognize automatically number plate

of infractions

System main characteristics

The main characteristics of the system are:

It produces, stores and transmits for each violation detected a sequence of multiple
images, or a movie in standard format (avi, mov, mp4, etc). The duration can be also
several seconds

It produces, stores and transmits images related to the passage of vehicle with the red
light switched on, and images previous and following: the system produces a
complete documentation about approaching and leaving intersection by car in
infraction.

It detects red light switching on only by image analysis and without any hardware link
with red light controller (as option hardware connection can also be made)

It can be integrated with over speeding non-intrusive laser simultaneously in all the
lane junction.

Each frame produced by system shows the date and the exact time of the infraction,
the crossroads where the infraction took place and the span of time passed after the
red light turned on. The frame also shows the red traffic lights.

Each peripheral system transmits violation's images by any type of TCP-IP channel,
GPRS/UMTS/HSDPA also. (More the images are requested for fine more data is
required for transmission)

Bilaspur Smart City: Technical Proposal

1023
For each violation system performs ANPR algorithms to automatic recognize plate of
vehicles in infraction. Uses the best ANPR systems in India

For RLVD junction violations it has at least one camera for panoramic view in which
red light switched on is visible and one or more cameras for ANPR to see plates of
vehicles not abiding Red light signals

The system uses IR illuminator for night conditions, and do not use any flashes lights
because it can be dangerous for vehicles circulation.

All peripheral violation detectors involving a specified area are centralized in a single
server.

The server interface is web based and accessible with different passwords for different
profiles.

The system can capture the License Plate of the vehicles violating the red light or stop
line when the signal is Red. The system can have integration with the eChallan
Management System and can offer the functionality to the operator to generate
eChallan automatically or manually.

The system can have provisions to either detect red light status by taking the signal
feed

from the traffic signal controller or by video

analytics method using an evidence camera. The evidence camera can record the
evidence snap showing the violating vehicle and the traffic signal status.

The system can have an in-built tool to facilitate the operator to compose detailed
evidence by stitching video clips from any IP camera in the junction (including but not
limited to the red-light violation detection camera, evidence camera), and any other
surveillance cameras in the vicinity of the spot of incidence.

The system can synchronize the evidence camera, license plate recognition camera
and store the record in database with License plate image, image of the vehicle, and
at least five snaps showing clearly that the vehicle is crossing the red light / stop line
while the signal is RED. This event can be corroborated with the video clip archived in
the VMS system at the control room. It can be possible to intimate the incidence in
real time through SMS to the designated mobile phone.

The system can allow capturing multiple evidence snaps based on the time duration

Bilaspur Smart City: Technical Proposal

1024
before, during and after the event

The system can allow restricting an operator to a single or multiple traffic junction/s
and associated cameras.

"The System can also record the video of all the cameras/selected cameras using a
predefined and user configurable schedule. The recorded video can be searched
using the following filters:

Appearance of a particular license plate. When the signal is RED When the signal is
GREEN During any given date-time span."

"The system can generate alert when the signal light doesn’t change for the pre-
configured duration. The system can allow the user to set minimum and maximum
time for the signal light status change.

The system, when deployed in decentralized architecture, can work at the traffic
junction level independently, irrespective of the connectivity with the data center.
The junction server can synchronize the event data with the event server at the data
center as and when the connectivity with the data center is available."

The client can be in position to install speed enforcement system with all necessary
test reports and certifications as asked in SVD details to make any specific
road/junction privy of over speed accidents

System Integrator shall be responsible for E-Challan integration

The system is capable of capturing multiple infracting vehicles simultaneously in

Different lanes on each arm at any point of time with relevant infraction data like Type
of Violation, Date, time, Site Name and Location of the Infraction, Registration Number
of the vehicle through ANPR Camera system for each vehicle identified for infraction.
The system can be equipped with a camera system to record a digitized image and
video of the violation, covering the violating vehicle with its surrounding and current
state of signal (Red/Green/Amber) by which the system can clearly show nature of
violation and proof thereof: When it violates the stop line and When it violates the red
signal the entire evidence can be encrypted. The system works without interface with
the traffic controller to validate the colour of the traffic signal reported

at the time of Infraction so as to give correct inputs of the signal cycle. (but if need be
can be provided)

Bilaspur Smart City: Technical Proposal

1025
The violation data can be imported for storage in database server which is available
to the Operator for viewing and retrieving the violation images and data for
further processing. The programme allows for viewing, sorting, transfer & printing
violation data. The system generates the photograph of violations captured by the
outstation system which include a wider view covering the violating vehicle with its
surrounding and a

closer view indicating readable registration number plate patch of the violating
vehicle.

All outstation units are configurable using the software at the Central Location.

Violation retrieval could be sorted by date, time, location and vehicle registration
number and the data structure will be compatible with City Police database structure.
It is possible to carry out recursive search and wild card search. The operator at the
back office will be able to get an alarm of all fault(s) occurring at the camera site
(e.g. sensor failure, camera failure, failure of linkage with traffic signal, connectivity
failure, Camera tampering, sensor tampering).

The application software can be integrated with the E-Challan/Vahaan software for
tracing the ownership details of the violating vehicle and issuing/printing notices.
Image zoom function for number plate and images is provided. Each infraction is with
Vahan at least 10 frames per second. The video can be from t-5 to t+5 sec of the
violation and is recorded (being the instant at which the infraction occurred).

Hardware

The 3rd party ANPR cameras shall be provided by MSI, we will integrate the same in
our software platform.

ANPR Camera can be mounted on a pole (it also may be a lateral pole) at height from
the ground of more than 5 meters and typically under 8 meters. Camera was mounted
to have a detection point of vehicles at a distance between 3 and 5 time the height.

Following table represent typical installation admitted:

Bilaspur Smart City: Technical Proposal

1026
Note: system can work reading plates from front or from rear

Camera Height in meters Distance from vehicle’s point of

detection in

meters (min/max)

6 18 – 30

6,5 19,5 -32,5

7 21 – 35

7,5 22,5 – 37,5

8 24 – 40

Others Ask

System Architecture

EnVES EVO MVD RED use EnCZ4b small peripheral processors that can be installed
directly on little cabinets, they can have any TCP network (3G/4G connectivity) and
can be put in weather proof IP66 enclosure.

Bilaspur Smart City: Technical Proposal

1027
Example for “lanes: ANPR camera and a context camera are installed with an LPU at
local site

Junction scenario installation

So, in a three lanes Junction scenario there is one Vista EnVES for the context
(overview) and other three cameras for the plate recognition in the left, central and
right lane (see following image.

Bilaspur Smart City: Technical Proposal

1028
Example of three lane coverage on red light junction

Note: L pole is recommended for India

The system can fully operate even without the expensive and large support structures
(portals). Moreover, the system can communicate data and images concerning
transit violations through any of the IP nets, both wired (via optical fiber, UTP cable or
others) or wireless (cellular channel included).

Vehicle transit survey takes place directly through the elaboration of images and,
when it is necessary to classify the different vehicles in transit, which have different
speed limits, special or laser systems are employed.

Each LPU can able to handle multiple ANPR series cameras: the number of lanes
controlled depending to the traffic load. The EnVES EVO MVD RED systems can work
basically using a strong ANPR engine. This allow to tracking the movement of vehicles
in the image.

It works in the following way:

it acquires the images by analyzing only the part framed by the traffic light (there isn’t
any wired connection with Red Light Lamp system). As soon as there is a trigger (the
red light is on and vehicle is crossing, or over speeding in red, green or yellow) the
virtual sensors are turn on too, so that they can single out the instants during which the
vehicles transit

Bilaspur Smart City: Technical Proposal

1029
of all the images acquired, the system records and keeps only those concerning the
transit and a prefixed and configurable number of images preceding and following
it. If required, the infraction can also be documented by a movie

in each violation are shown detailed information such as:

Computer generated unique ID of each violation.

Date (DD/MM/YYYY)

Time (HH:MM:SS)

Equipment ID

Location ID

Carriageway or direction of violating vehicle.

Type of Violation.

Span of time passed after the light turned on.

Lane Number of violating vehicle.

Registration Number of violating vehicle.

The frame shows also the red traffic lights

the images concerning each violation are temporarily saved on the local computer
and are periodically sent to the central server

Bilaspur Smart City: Technical Proposal

1030
RLVD Violations

Following example is a daily infraction: each couple of images represent a shot taken
by

cameras; the left image is for the reading of the plate; the right image is the overview
image.

Bilaspur Smart City: Technical Proposal

1031
Bilaspur Smart City: Technical Proposal

1032
P.S. Only few images are chosen from entire movie

For RLVD violations in all images of the sequence is clearly displayed this data:

DATE: day of the week and date with the format DD/MM/YYYY

TIME: of the image with the usual format hh:mm:ss.mmm where “mmm” are the

milliseconds

TIME ELAPSED FROM RED: time in seconds elapsed from the red light is switch on.

LOCATION: is the description of the site and the description of the detection lane In
addition, can be displayed:

Duration of amber light (seconds with 0.1 seconds accuracy) before the current red
status.

Frame interval (milliseconds)

Bilaspur Smart City: Technical Proposal

1033
Example detail information displayed in part of RLVD image

Central Monitoring Back office solution.

The Centralization Serve eTMCS-E004 is a system that manage a set of ENG products
(like the ANPR, RLVD, instantaneous speed, average speed, mobile ANPR, etc.)
systems over an IP network.

All peripheral red speed systems connected to eTMCS are connected over the
network thru an SSL VPN to avoid unauthorized access.

Bilaspur Smart City: Technical Proposal

1034
 City Control Room

Network
Processor State
Processor n°1 OK
Processor n°2 FAULT
Processor n°3 OK
Processor n°4 OK

Processor n°N OK

The eTMCS Centralization Server consists on the following modules:

Violation management: retrieve each violation from all the peripheral processors
and store in a centralized database.

Violation lists management

Alarm management: retrieve alarms from all processors

Diagnostic: monitor all red speed to check for diagnostic

Event management: send information about alarms and diagnostics to operators

thru various media

Graphical User Interface (GUI): the web interface to access and interact with eTMCS

The centralization server can be accessed from multiple workstations thru a simple
and powerful web interface and is capable of showing alarms into one or more
monitor located over the IP network.

eTMCS CMS/Traffic monitoring station provides possibility to connect to the all-

peripheral red speed systems. The operator can configure and control remote
systems centrally and can have system diagnostic tools. The eTMCS centralization
software can import violation data for storing in central data base for further
processing and to be used by operators for printing and dispatching.

The operator can view violations, retrieve them with image and transfer them to
supervising authorities as required by SOP. Violation data is saved in PostgreSQL data
base which provides wild card search or possibilities of integrating it to the central
data base.

Bilaspur Smart City: Technical Proposal

1035
 Data Safety & Encryption (OPTIONAL): EnVES EVO MVD RED uses “proprietary hybrid
encryption based on a combination of symmetric and asymmetric algorithm”. Files
are encrypted with symmetric algorithm AES with 256 bits key size in CTR mode. the
AES key is randomly generated each time the encryption is done. The AES key is
encrypted with an Elliptic Curve variant of the standard Diffie-Hellman algorithm
(ECDH) and it stored in the file.

The size of elliptic curve used is 521 bits which ensures a safety level equivalent to an
RSA with 15360 bits key size as documented by IETF - RFC 4492

Examples of types of images from GUI

Example of RLVD violation

Note: For detailed Back office please see Centralization document for Enforcement
system

NPR Centralization Server (eTMCS-A003)

Bilaspur Smart City: Technical Proposal

1036
 EnPlateIII
Software
The

City Control Room eTMCS-

A003

DL9CQ9669

Centralization
Server (eTMCS-A003) is a system that manage ANPR systems over an IP network.

The centralization server is typically installed in command Center (e.g., Police General
HQ) and can manage processors and systems installed in remote control rooms or
outdoor.

The centralization server can be deployed on a physical server or virtual machine and
any type of storage can be mounted with the server.

All processors managed by Aabmatica Centralization Server are connected over the
network thru an SSL VPN to avoid unauthorized access.

The Aabmatica Centralization Server consists on the following modules:

Transit management: retrieve transits from all the peripheral processors and store in a
centralized database.

Vehicle lists management: transfer blacklists to all processors

Alarm management: retrieve alarms from all processors

Diagnostic: monitor all processors to check for diagnostic

Event management: send information about alarms and diagnostics to operators thru
email

Graphical User Interface (GUI): the web interface to access and interact with eTMCS-
A003

1037
The centralization server can be accessed from multiple workstations thru a simple
and powerful web interface and is capable of showing alarms into one or more
monitor located over the IP network.

The Centralized server can be integrated using a simple sdk api with command- and-
control Center server, incident management server and many more.The Centralized
server can integrate vehicle system such VAAHAN, Sarthi etc to get vehicle owner
detail. The centralized server fetches data of all transits from standalone ANPR systems,
whereas captures ANPR data for only infractions.

Typical data flow in eTMCS-A003

eTMCS-A003 Modules

Transit retrieval management

The transit management module retrieves transit information from all processors over
the network and store on central server. The transit management module is capable
of retrieving transits from all type of ANPR processors. Thanks to his flexibility it is also
simple to integrate other type of processor (e.g., data acquisition modules) that
have a known data transmission protocol.

Each transit consists of two type of information:

Transit data: all information like the number plate, the date, the time, the camera
name, alarm status, etc.

Image: the image (or list of images) of the vehicle’s transit

1038
eTMCS-A003 can be configured in three ways to retrieve all data or only a part of
them; depending on the bandwidth between eTMCS-A003 and processors and the
storage capacity is possible to choose between the following configurations for
information transfer:

Transit data only. In this case only the transit data are transferred from processors to
eTMCS-A003 so the necessary storage area for the server is small and the necessary
bandwidth between Center and periphery is very low. When the operator from the
Center require an image, it is transferred “on demand” (see below).

Transit data for all transits and images only for alarms. This case is equivalent to the
one in point “A” but when an alarm is detected (i.e., the system read a plate that is
present in the blacklist) the relative image is transferred to the eTMCS- A003. This
configuration requires more bandwidth and more storage (for images of vehicles
that generated the alarm) but is necessary in the case that is required to show the
alarm with relative image on a monitor (alarm console). When the operator from the
command Center require an image of a “i.e.,” transit it is transferred “on demand”
(see below).

Transit data and images for all transits. In this case all data stored on the processor
are replicated on the central server, to perform this operation is necessary a big
storage area and a large bandwidth from processors to eTMCS- A003.

Vista EnVES
ANPR cameras

EnPlateIII
City Control Room
Software

Processor
Centralization
Server
DL9CQ9669

TRANSIT DATA

Blacklist

DL9CQ9669
DATABASE
DL9CQ9669

1039
Data flow for case A or case B for not blacklisted vehicles

The image transfer “On Demand” is performed when an operator wants to see an
image that is not present on eTMCS-A003 storage; in this case the Aabmatica
Centralization Server transfer the image from the processor to the local storage and
then shows it to the operator, the image is maintained on the storage so that future
requests do not require more image transfers.

The On-demand transfer can fail if there is no connection at the moment of image
request or if the image has been deleted from the processor.

Image request "on demand" data flow

Graphical User Interface (GUI)

The Graphical user interface is used by operators for viewing data and interacting
with eTMCS-A003 system. Operators can use eTMCS-A003 GUI for vehicle list
management, viewing real time alarms and viewing transits and images.

Vehicle list management

The Aabmatica Centralization Server can manage multiple categories of black lists
(e.g., suspect vehicles, stolen vehicles, VIP, etc.). When the police officers need to
insert a new license plate into a list, he must only use the eTMCS-A003 GUI to insert
the plate and then the system automatically retransmits the list to all peripheral
processors.

1040
 City Control Room

Network

Blacklist update dataflow

The operator inserts an end of validity for each black list vehicle; if a number plate is
detected after the end of validity it will not generate any alarm.

Alarm management

The alarm management module detects alarms and show them to the operators,
when an alarm is detected it can be showed into an operator console on the
eTMCS-A003 GUI.

The alarm console is a system that show the last alarms and when a new alarm is
detected the image has a red border and it is possible to play an audio file to alert
the operator.

The eTMCS-A003 GUI can be used from multiple workstations with different
configurations simultaneously; it is possible for example to see simultaneously only
alarms from one workstation end all real time transits from another workstation, these
workstations can also be in different offices or different buildings, they only need to
be connected to eTMCS-A003 IP network.

1041
.

Alarm monitoring console

When a new alarm is detected it is shown on the Alarm console of the GUI, all
previous alarms are shifted so that the events are showed ordered by time.

The Aabmatica Centralization Server can also send an email (it is possible to specify
an email address for each suspect vehicle); it is designed to be integrable with other
systems for alarm management.

EnPlateII
I

Centralization

1042
Alarm detection with image transfer data flow

Diagnostic

The typical problem of a network with many processors is to know the diagnostic
status, i.e., to check if the network connection is up and the processor is working
correctly.

The Aabmatica Centralization Server has a dedicated software module that

constantly check the diagnostic of all processors in the network and monitor the
diagnostic of systems.

The diagnostic process performs two type of check: “processor reachable” and
“processor status”. The processor reachable check tries to reach the processor and
query the status, if a processor is not reachable it could be broken or there could be
a network problem; the processor status check analyses information read from the
processors to determine if there is a problem (e.g., a camera that is not working).
These two types of check can generate an alarm or a warning: the difference
between alarm and warning is that an alarm is for a situation where there is a fault
while the warning indicate a situation not normal (e.g., a processor that has no
transits from 2 hours) but that could also not be a problem.

Diagnostic data flow

1043
The results of monitoring are displayed on the eTMCS-A003 GUI so that it is possible to
see the full status of the system.

No Helmet Detection Module

Two-wheeler is a very popular mode of transportation in almost every city. However,

there is a high risk involved because of less protection. To reduce the involved risk, it
is highly desirable for bike-riders to use helmet. Observing the usefulness of helmet,
Governments have made it a punishable offense to ride a bike without helmet and
have adopted manual strategies to catch the violators.

The No Helmet Detection Module of eTMCS-A003 system can detect the no helmet
violation using deep learnng AI technology with a good accuracy.

The proposed system uses a two-stage classifier to extract motorcycles from ANPR /
RLVD / SVD Transit images. Detected motorcycles are further fed to a helmet
identification stage. We present algorithms based on deep learning artificial
intelligence. Our experiments show that the proposed model gives the best
performance with time in terms of accuracy.

1044
 Feature
list:

System
can
capture
the image
of a two-
wheeler
rider not wearing helmet and can have automatic number plate recognition
(ANPR) of violating vehicle with auto-localisation and OCR conversion. The system
can have the capability to detect the no helmet instance for the rider and pillion.

The system can collectively identify and detect the motor bike, the rider and the
pillion (if applicable), helmet for the rider and the pillion and the number plate. The
system can be able to differentiate between a helmet and various other conditions
such as the bald head, person covering the head with a cap or dupatta or pagree,
or any other headgear.

The system can be able to differentiate a person sitting on a motor bike and a
pedestrian in the close proximity of the motor bike.

On detection of No‐Helmet, the system can generate events, store them and

can allow retrieval of such events on need basis for later analysis.

System can integrate with challan generation software and RTO database to
generate challans for No‐Helmet violation event with details like violation image,
time stamp, date, vehicle number.

No‐ Helmet detection system can seamlessly integrate with traffic management
systems like ANPR, RLVD, Speed Detection and can have unified user interface.

"The system can generate alert when the signal light doesn’t change for the pre-
configured duration. The system can allow the user to set minimum and maximum
time for the signal light status change.

The system, when deployed in decentralized architecture, can work at the traffic
junction level independently, irrespective of the connectivity with the data center.

1045
The junction server can synchronize the event data with the event server at the data
center as and when the connectivity with the data center is available."

The client can be in position to install speed enforcement system with all
necessary test reports and certifications as asked in SVD details to make any specific
road/junction privy of over speed accidents

eTMCS-A003 GUI

The Aabmatica Centralization Server can be interacted with a web-based GUI. The
web-based interfaces have many advantages as described below:

Cross Platform Compatibility: Web based applications are more compatible across
platforms than traditional installed software. Typically, the minimum requirement is
the web browser. These web browsers are available for a variety of operating
systems whether the Windows, Linux or Mac OS is used.

More Manageable: Web based system only need to be installed on the server
placing minimal requirements on the end user workstation. This makes maintaining
and updating the system much simpler as usually it can all be done on the server.
Any client updates can be deployed via the web server with relative ease.

Highly Deployable: Due to the manageability and cross platform support,

deployment of web applications to the end user workstation is far easier. Web based
application is also an ideal solution where bandwidth is limited and the system and
data are remote to the user.

Multiple clients: web-based applications easily permit the usage of the application
from multiple clients simultaneously

Continuous Updates: Instead of having to update each and every individual user
application, the upgrades are applied to the server and each user shall receive the
updated version of the system upon their subsequent logged-in into the system.

The eTMCS-A003 GUI permits the login to the system from clients from workstation
with web browser. The eTMCS-A003 authorization policy assign one or more” role” to
each user, depending on the role the user can perform some operations but no
other or can see some type of data but no other.

eTMCS-A003gui is a web-based GUI, it can be interacted with modern HTML5 web

browser. To make eTMCS-A003 work with Google Map integration it must be possible

1046
from the workstation to connect to the internet for map data retrieval.

Login

The eTMCS-A003 can be accessed by typing the eTMCS-A003 address on the web
browser; an URL always has the following syntax http://eTMCS-A003_server_address.
The eTMCS-A003 request to the user to be identified with a username and a
password; if eTMCS-A003 identify the user it is logged in; different usernames can
have different roles.

The eTMCS-A003 has various types of role:

Administrator: users of type administrator can configure the system and add/remove
new remote processors. Administrator can also manage users (add/modify or delete
and change permissions). Typically, this is the role of the system maintainer.

Authority: users of type authority can see all alarms or transits, insert or delete vehicles
in black list and are able to view system status (but cannot modify system
parameters) Simple user: Simple user can see alarms and transits but cannot
manage vehicle lists or system parameters.

Vehicle manager: in some cases, may be useful to have a user who is able to
add/delete/remove vehicles from blacklist but is not able to see vehicle transits (e.g.,
for privacy or security reasons). In this case the user must be in vehicle manager role
Maintenance: users of type maintenance are similar to authority but can also view
some technical information like (software status) that are needed for system
maintenance. Once the operator has logged in it is shown the home page; during

1047
all operations there is always a main menu visible in the upper part of the screen,
from this menu it is always possible to switch from one function to another by
selecting the right menu item. Menu items can be different depending on user roles.

The home page of the systems shows a city map with all cameras, the user can
choose to see only a subset of cameras by selecting them from the tree on left of
the page.

Dashboard

The Dashboard GUI shows the multiple information a single page such as number of
transits in total, number of transits for each vehicle type, peak hour of transits, peak
location of transits, last 10 alarm and much more.

User management

The user management page permits to manage users; non admin user can only use
this page to change their password while admin users can add/modify/remove all
other users.

1048
Admin users can see a list of all users with main characteristics (name, username,
email, role, etc.). For each user it is possible to modify data or disable (a disabled
user is like a user whose password is expired).

Vehicle list management

The Aabmatica Centralization Server permits to insert / modify or remove vehicles in

blacklist.

The insert operation can be performed in single step or with list file upload. When

1049
vehicle insert is performed in single step the operator must insert the license plate
and, optionally the email that will receive transit data notifications. When the vehicle
insert operation is performed with list file upload the operator must select the file on
his local workstation (file format must be requested to ENG assistance support).

When the operator selects “Vehicle list” from main menu it will be redirected to a
page with current blacklist.

It is possible to search for a particular plate (also using jolly character ‘*’) or (in the
case that there are more than one type of blacklist) to show all vehicles of a
particular type. For each vehicle it is displayed the number plate, the type of list and,
if specified, the email to which transit must be notified. By clicking on a vehicle row,
it is possible to modify vehicle data.

Transit list view

eTMCS-A003 GUI can show transit of all monitored processors; by connecting to an

eTMCS-A003 an operator can see all transits detected in the city without opening
many windows. The operator can search transits specifying various parameters like
plate, date and time, processor (gate) and camera (lane).

1050
If the resulting list is too long the system will show it in groups of 50 rows at time. When
the operator clicks on a row it is possible to view image; if image is not present on
eTMCS-A003 (see par. 2.1) and it has not been deleted from local processor the user
can ask eTMCS-A003 to transfer image from processor to eTMCS-A003, when an
image has been transferred it will always be possible to see it also in the future.

By clicking on a transit row, a page with transit details is shown.

1051
Real time transits

eTMCS-A003 GUI can show transits of vehicles in real time while they are transmitted
from local processors to eTMCS-A003.

It is possible to show all transits or alarm only (that are more interesting for real time
case).

In this page last 50 transits are shown; user can choose to see all transits or only
alarms; it is discouraged to show all transits if there are many cameras because the
page will be updated continuously and the user will not be able to understand
anything due to the big number of vehicles. In case of alarm an image is displayed
on the right with a red border and all previous alarm images are shifted. If user clicks
on the transit row transits details are shown below the grid list.

1052
Remote processor management

Administrator users can also add / modify or delete gates. A gate is a remote
processor that is able to manage various cameras.

Selecting gates list from main menu a list of all gates with status is displayed; by
clicking on gate all gate data are displayed and admin user can also modify
descriptions and coordinates. To add a new processor (also called gate) it is
necessary click on the link in the bottom of gates list page.

The new page permits to insert all parameters. It is particularly useful feature that
permits to retrieve information (number of cameras and description) directly from
the gate.

1053
The gate modify page is similar to gate add page but it is also possible to specify
single cameras coordinates.

NOTE ON COORDINATES

Setting gate coordinates is not mandatory for transit management but is very useful
for map viewing

Coordinates must be inserted for single cameras and for processors. typically,
processors coordinates are in the middle of all camera coordinates.

1054
1.18 Variable Message System
Variable Message Sign (VMS) boards are used to provide traveller information. The information
provided through VMS in urban areas includes traffic congestion, accidents and incidents
notification, alternate routes, weather condition, road work zones and speed restrictions etc. The
objective is to provide VMS at key locations to start with and integrate with ICCC to manage the
message content remotely.

To provide real-time information on the state of the network to drivers.

To improve road safety by providing updates regarding accidents, adverse weather and road
works.

To intimate drivers about changes in number of lanes, speed limits etc.

Environmental aspects including Air pollution, weather condition etc.

Advertisement

Display can be installed at strategic location outdoor or indoor and would display environmental
data along with any other messages. The integrated software application will allow user to publish
specific messages & general informative messages. It also contains access control mechanism.

The software system helps in message preparation monitoring and control of the Display. It
communicates with control center using an IP based network. The software application provides
the normal operator to publish information from environmental predefined sets of messages
(textual / image) along with sensors. The application also has an option for supervisor (someone
with appropriate authority) to bypass the control during certain situations and to write in free-text
mode. The software application accommodates different access rights to various control unit
functionalities depending on operator status. Software is GUI base , and capable to handle up to
n DDS signage. Users are able to select desired location in Map and this should enable user to see
the live status of that specific Display.

It also provide real-time information on the state of the network to drivers. And to intimate drivers
about changes in number of lanes, speed limits etc.

1055
 Environmental
aspects including Air
pollution, weather
condition etc. &
Advertisement.

Our VMS platform, in

conjunction with the
proposed hardware,
will provide the required functionality outlined in the RFP. The system consists of an advanced VMS
device with low power consumption and a better viewing experience. The VMS software will
monitor and manage all the VMS within the scope of this proposal as per the RFP requirements.
The platform will also provide an advanced content management module for advertisement
management. The tight integration of the VMS module with the ICCC platform will enable
automated message display for faster information dissemination to citizens. The VMS system will
support the display of characters in true type fonts based on the Operating System requirement.
The key features of the VMS system are the following:

Create messages: Create message text & have them internally approved for use

Publish messages: Publish messages on VMSB individually or in a group

Publish images/videos: Publish content based on a specified time-table and log information about
the time when media are displayed

Automatic message display: Automatically display/announce pre-approved messages based on

a timetable or in response to alerts/traffic data from other subsystems in ITMS

Publish summary data to ICCC or other external systems through an API

Publish information about currently displayed messages via an API to ICCC or other external
systems

The VMSs on the ground will have two-way communication to the VMS platform via the proposed
medium of communication enabling monitoring of the operation of the VMS and implementation
of control commands. The control room VMS platform will also continuously monitor the status of
all the VMSs and generate alerts upon any failure. The real-time logging functionality will enable
reporting of the displayed content along with timestamps.

1056
The ICCC platform, working in tandem, will enable the display of warnings, traffic advice, route
guidance and emergency messages to motorists from the Control Room in real-time. Messages
displaying warnings, traffic advice, route guidance and emergency messages to motorists can
also be set using local PC/Laptops.

The basic VMS sub-system consists of the following functions.

VMS management

It allows monitoring and controlling of multiple variable messaging signboards with the following
functionalities:

The user is able to add a VMSB to the system and add details

The user is able to view the VMSB location on the map after adding

The user is able to remove a VMSB from the system. The user is no longer able to see the VMSB on
the map after the removal

The user is able to change the IP address of a VMSB system

The user is able to set messages on the VMSB after IP change

Content management system

The content management system is capable of programming to display all types of

message/advertisement having alphanumeric characters in English, Malayalam and Hindi and a
combination of text with pictograms signs. It is capable of setting messages or image/video
content on an individual VMSB or group of VMSB.

The following use cases will be provided at a minimum:

The user is able to create a text message

The user is able to upload a pictogram message

Select a set of VMS to be configured

The supervisor is able to approve a text message

The supervisor is able to reject a text message

The supervisor is able to approve a pictogram message

The supervisor is able to reject a pictogram message

VMS operation & reports

The user is able to set an approved message on a VMS

1057
The supervisor is able to display a free-text message on a VMS

Define a sequence of messages/pictures on a pre-decided VMS or group of VMS, and display the
sequence on an individual VMS or a group of VMSs

Check operating status of all the VMS along with reports

Detailed information about the time log of messages displayed on each VMS. The information
stored will contain the unique identification number of the VMS, content of the message (or
description of the message in case of media), date and time at which the message/media display
starts and ends.

Report generation facility for individual/group/all VMSBs with date and time which includes
summary of messages, dynamic changes, fault/repair report and system accessed logs, link
breakage logs, downtime reports, etc.

Option to export reports to PDF or CSV (for Excel)

Fault monitoring

Communication failure

System Failure

Power Failure

Failure of LED panels along with remote diagnostics to allow identifying the reason for failure

In addition to the above-listed features, the system will have the following additional features to
meet/exceed the requirement laid down for the system in the RFP.

Controls and displays messages on VMS as individual/ group

Controls and displays multiple font types with flexible size and picture sizes according to the size of
the VMS

Manages brightness & contrast through software

Continuously monitors the operation of the VMS

Real-time logging facility – log file documenting the actual sequence of display to be available
at the central control system. Multilevel event log with time & date stamp.

Authentication layer to prevent any authorised access to the system

Displaying the online status of each VMS on a GIS map

Role-based & location-based multi-user access system using a single sign-on. Rights to different

1058
Modules / Sub-Modules / Functionalities can be role-based and proper log reports will be
maintained.

Redundant architecture to ensure that there are no single points of failure. To manage remote
failures, the systems will be configured to mask and recover with minimum outage.

End-to-end security model that protects data and the infrastructure from malicious attacks, theft,
etc. conforming to cybersecurity clauses specified by MoUD for smart cities

1.19 Public Address System

We have proposed state-of-arts & customized solutions suitable for the public safety project,
whether it is a city park or open public areas or sports arenas.

Using high-quality voice & audio integration, the city protection services can cover wider areas
and deploy the available security forces efficiently. By introducing durable & rugged
communication points, an additional level of security and comfort to the public is ensured.

Hear, be heard & be understood

The basic, yet profound, need for any facility is the clear communication. We define the term
“critical” as any situation where the need to hear, be heard & be understood, is paramount.

We have developed revolutionary IP Audio & VoIP Solutions, for emergency communications, IP
Video Integrated Security Intercom, public address and mass notification systems. We deliver
these solutions based on single most important criteria: Intelligibility.

Intelligible Communication:

Intelligible Communication is the combined result of three key elements: Hardware, software &
the mechanics. Miss any one & your sound quality will be compromised.

When one is able to see, hear & interact from virtually anywhere, one is more efficient with ones
resources.

Full compliance with open standard protocols such as SIP & SNMP enables effortless integration of
our audio solutions with other subsystems such as Access Controls, BMS, CCTV, EPABX, Intercom,
PIS & legacy Public Address System etc.

With our communication solutions, you have the technology that lets your staff respond quickly &
efficiently to the incidents in real-time, thereby helping to elevate the security of staff and
infrastructure at all times.

Being the native IP system, the competitive advantage is networking over long distances, like the
ones found in Rail & Metro, without loss of any functionality, using standard layer 3 and 4 protocol

1059
switches in the multi-service network.

It also means that virtually any internal part of the system can be fully monitored at all times. We
have been able to reduce the amount of hardware by replacing all unnecessary parts by
software, hence decreasing the chance of hardware failure while enabling your customers to
keep spare part stock levels at a minimum. The reason for still keeping a hardware controller in the
system is in consideration to the EN 54 / NFPA 72 requirements for public address / voice
evacuation.

While keeping hardware parts at a minimum, the system is able to cover requirements ranging
from independent PA systems to fully integrated solutions with no limitations on system size or
geographical distribution. Our systems support open integration standards like SIP, SNMP, SMPT,
NTP, Syslog, G.722 and much more. We offer easy to use APIs/SDKs & OPC in order to make the
job of the integrator as easy as possible.

Technical Advantage with innovative promulgations

Since we act as a product manufacturer/sub-supplier to companies offering the complete

telecommunication & security integration packages, the financial strength does matter a lot,
considering the size and duration of completely innovative and Grass-Root projects/missions such
as Safe Cities and Smart Cities.

Still, we are a flexible company, able to take on upgrade projects, which is often done gradually,
combining our modern systems with existing components. Sometimes this requires us to cooperate
with specialized Passenger Information System (PIS) partners in order to make the new and old
system into one.

Prominent Features of PA

Live PA announcements from control desk in individual zone, selected zones, all zones PA
speakers.

Individual PA points (IP amplifiers) will be addressed with call number and names. Further it will be
grouped to make PA zones. E.g. PA Zone1, PA Zone 2etc.

Pre-recorded messaged stored at server memory used to play at different zones simultaneously at
scheduled time. Scheduling of pre-recorded messages playback at different zones can be done
through user friendly software application. Scheduling can be done for complete year with data,
time and number of repetition intervals.

1060
Recorded message announcements via control desk.

Self-diagnostics of all PA system & Emergency calling system elements.

Audio recording for all PA and ECB calls from central control desk.

Monitoring of all PA and ECB system elements on GUI.

Disaster or standby control desk functionality through soft control desk station operated on wireless
data network.

Remotely volume and call functions control through configuration software.

ECB can link to IP camera video to display and recording on VMS software through integration.

Enhanced HD Audio quality i.e. 16 KHz audio bandwidth.

Excellent noise cancelling and automatic volume adjustment features for communication from
noisy streets.

Vandalism protection and auto diagnostics of speakers and microphone ensuring 100%
availability of PA system.

System Architecture

1061
PA System Components

IP based PA communication system works on the city wide distributed IP backbone. Each
important junction and roads are covered with PA Equipments. PA Equipments consist of following

Speakers (CLS30) – It is used to convert audio signal to speech and it will be installed on poles to
address required areas. Placement of speakers is be planned in such way that audio
announcements will be clearly and easily understood by persons on the junction. Proposed
solution will have horn speakers which can provide maximum sound pressure level of 121 decibels.
Speakers are outdoor mounting with weather proof rating of IP66.

1062
IP Amplifier (AF 50H, AF125H, AF250H) - Broadcasting audio signal from command and control
center will be received by this device and amplified to provide it to speakers with required power.
These are IP based devices so it can be easily deployed over wide city areas without complicated
cabling network. High level Audio line outputs are used to drive multiple speakers. The Amplifiers
are placed in junction boxes on the pole. This powers the speakers connected at the output.

Control Desk Station: (CD800PI, EE972)

Security control desk station is an IP based call station. It is used for PA announcements on city
wide PA system. Announcements can be made to a single junction or a group of junctions i.e 1:1
or 1:n.There is provision for manual and recorded PA announcements. Manual announcement will
be made by security personals through control desk call station.

With pre-programmed key press, desired area will be selected for PA announcements and
operator can make live announcement or play pre-recorded message. Audio will be
broadcasted on selected area PA speakers via IP Amplifiers. System can have multiple control
desk call stations. Control desk stations will be connected to system via CAT 6 cables. GUI will
display the status of broadcasting audio areas over city map. Automated pre-recorded
announcements will be controlled through PA system software.

IP Central Server

1063
Server is heart of system and controls all the system functionalities including calls, zones, groups,
pre recorded calls etc. It works on 16Khz audio bandwidth for processing crystal clear voice
communication. Rugged and failproof device. Upto 112 IP devices can be connected to one S3
server by adding device licences.

PA System Monitoring & Control

All system elements are IP based and system has facility to manage all system element
configuration and status monitoring through software based applications. There is different
software module available as per need of application which are as follows;

Central Configuration Tool - This is windows based software. It can access system from any point in
network and used for configuration of system. System configuration includes controlling volume
levels, call station parameters e.g. Name, call numbers, group / Zone numbers, pre-recorded
messages to be played, change of recorded messages, setting network parameters i.e. IP
address, subnet and router, gateway address etc.

Command & Control Center Interface - With interface to Command & Control software. It
provided interactive user interface to PA system. There is provision for display of system elements
with interactive ICONs, on multiple plan levels. Plan levels will have background images of city
map or system deployment maps. Icons represent individual elements of PA system e.g. IP
Amplifiers, Speakers, Control desk stations, Integration hardware, central controller hardware etc.

Further, these icons are linked with PA elements to indicate status i.e. Working, not working, busy
in which type of calls etc.

1064
control desk station. PA announcement zones can be selected from GUI map and pre-recorded
message can be played in that selected area or manual announcement can be broadcasted in
selected area through hardware control desk station microphone. Further there is submodules as
following to support efficient handling of PA System,

Reporting & Statistics - Reporting module which will record all the events happening in system and
generate an automatic report. There is provision for filtering events based on event types. Different
type of events recorded are as below

PA calls with time, call type, name and details of callers,

System diagnostic times and result of diagnostics. e.g. Healthy devices, Failure devices with type
of failure e.g. Microphone, speakers, IP Amplifiers, network disconnection etc.

Filters for logged events to generate alerts for based on event type.

Email of automatic event logs as per schedule or on critical events.

Scheduled Planning & Control - This software allows operators to schedule different activities in PA
System e.g. To make automated pre-recorded message broadcast at pre-defined locations at
particular time intervals. There is provision for scheduling events for years with day & hours, minute
settings. Over thousands of event can scheduled and stored in software.

Audio Recording – We shall be providing a software based recording solution, which can handle
up to 100 simultaneous recordings and stores them in a single database for further use. The
Windows®-based software uses the standard protocol RTP.

1065
Audio recording for all communication happening from the control desk station will be recorded
with time and date stamps.

There is SDK available for data interface with Command and Control software. Command and
control center software can do above functionality with interface data.

PA System Call Flow

The CCR can

announce to a particular Zone or can do a all call among all the dedicated zones connected to
CCC for voice announcement.

The moment One-way announcement extension number is dialed from the central control room,
the IP PA System in the zone/Zones now becomes on active mode to blow the "One way voice
announcement" message (Speakers Connected to Amplifier Over IP network)

Prime Advantages of IP Technology

It is futuristic Technology with the availability guaranteed for the future for the Technology won’t
be declared as obsolete.

All the peripherals have defined IP Address on IPv4 Platform to be addressed.

The entire field applications like, volume control, microphone sensitivity control etc., can be
monitored/ changed from the Central Server/Hub/Switch. There is no need to be physically
present near the Call Stations.

Seamless third party interfaces to any brand/design of existing systems; from EPABX, FA, DCS, Plant

1066
communication Systems etc.

Redundancy in such a way that the failure of one Server will entail all the devices connected to it
will be shifted to the Stand-By Server.

1.20 CCTV Surveillance

Protecting citizens and ensuring public safety is one of the topmost priorities for any Government
agency. It requires advanced security solutions to effectively fight threats from activities of
terrorism, organized crime, vandalism, burglary, random acts of violence, and all other forms of
crime. CCTV based video surveillance is a security enabler to ensure public safety. This includes a
combination of various types of cameras with day and night capabilities, along with video
analytics for incident-based monitoring of the key locations of the city.

Our solution is scalable across multiple verticals such as City Surveillance, Enterprise Surveillance,
Banking, Retail, Traffic Management etc. using the same video management software framework.
It comes integrated with our in-house intelligent video and audio analytics platform, and is
deployable across multiple operating systems and hardware platforms.

Key Performance Indicators of City Surveillance:

City Surveillance shall cater to an effective Monitoring and Management with appropriate
decision support mechanisms.

City surveillance must ensure a pro-active 24*7 monitoring of PAN state parameter that capture
video footages of all junctions across the road network of Bilaspur City and project the feeds to
the proposed Integrated Command and Control centre without time lag on real time basis.

City Surveillance System will ensure and provide a secure and safe environment for the citizens
with intelligent and effective use of video analytics and integrated platform for all concerned
departments.

The surveillance System shall provide inter-operability of hardware, operating system, software,
networking, printing, database connectivity, reporting, and communication protocols.

he city surveillance system will ensure real time and event base monitoring of the city, situation/
rule-based alerts including early warnings for prevention and avoidance of unwanted incidents
like riots, flooding, etc.

Video Management Software

1067
CCTV Surveillance system architecture

New technologies and advances in the surveillance industry are incorporated in to its core design.
Offered solution owners can experience the economic and technological advances in the
industry-now and in the future

The digital video management system can include the following components:

Client applications:

Spotter for Windows – End-user client application for Windows PCs and tablet computers

System Manager – System management client application

Spotter Mobile – Mobile client application for Google Android and Apple iOS smartphones and
tablet computers

Web browser-based client application

Servers:

Recording Server (DVR Server service)

System Management Server (SM Server service)

System Monitoring Server (Watchdog service)

Gateway / Web Server (for mobile and web browser application access, and integrations)

Display Server and Operator Console (for the Agile Video Matrix, AVM, digital virtual matrix
Enterprise option)

1068
Application programming interfaces (APIs) for integration with other systems via Software
Development Kits (SDKs) to qualified integrators and independent software vendors (ISVs) o
Gateway SDK

Spotter Plugin SDK

Archive SDK

Other APIs and interfaces (for, e.g., text messaging-based integrations over TCP, HTTP/HTTPS, etc.)

Network communication between the system components (applications, services and servers)
takes place over a standard TCP/IP network.

Project Overview

System Architecture

1069
VMS FEATURES

Smart Activity Search

Used Case: To search any incident of Crime which might have happened between 11 PM to 6
AM i.e. 7 hours of recording via Fast forward generally is time consuming for ex. 7 hours video will
take at-least 1.5 hours to search and then the pain to export the event. While this feature enables
fast search of event within 2 minutes and export the video in couple of clicks.

1070
Evidence Export Solution/Storyboard

Used Case: In case of an event, we can manually get the trail of the criminal from different
cameras and make it a single evidence Video with Comments and watermark. It helps in getting
authenticated trail of the criminal.

Alarm Snoozing Feature

Used case: This feature of "silencing" will help operator to silence the alerts for the specific time to
avoid false alarms. This feature can be used during Rain, Crowd and Fog. Also the alerts will be
save in the database.

Virtul Camera Feature

1071
Used case: With the virtual camera feature it will easy for the operator to identify activity and
person from such a distance and even he can have a wholistic view of the entire area. So many
regions of interest can be jotted out from a single camera and can be monitored separately.

Various Motion Detections

Offered VMS has three types of motion detection methods i.e Adaptive motion detection,
Comparative motion detection, hermeneutic motion detection.

Face Blur And Object Blur Feature

To search Face blurring & Moving object blurring All of the

1) Privacy zones,

2) Facial blurring and the

3) Moving object blurring can be configured in the same UI under System Manager camera

1072
settings Privacy tab.

4) Export of blurred clips for evidence.

Office Help Support

Used case: This will help the operator to be quick in his action and increase efficiency of the
system. Else no one goes through the hardcopy of manuals.

Video Analytics Application

Camera Tampering: The Camera tamper Detection is intended to detect camera tampering
events such as blocking, de-focusing, scene changing, moving the camera, Spray painting, etc.

1073
Object Abandoned/Object Removal: Alarm can be generated if any object is removed from its
location or left in particular area after some time threshold.

llegal Parking Detection/ Stop Vehicle Detection: Using Video Analytics we can detect the object
as a vehicle and if that vehicle stops more than time limit in a restricted area then it will create an
alarm.

1074
Intrusion Detection: Using Video Analytics we can detect the person jumping over the perimeter
and alarms can be generated for intrusion.

Crowd Detection: Using video Analytics we can detect when a group of people or density
increasing in particular area the alarm and alerts can be generated.

1075
3D Calibration: VMS has 3D calibration tool where 3D calibration objects are matched to the
actual camera viewing scene. The calibration parameters include camera height, camera
viewing angle and camera tilt angle

1076
SOLUTION SUMMARY

• Total 208 VMS Channels is considered.

• Video Analytics is considered as per RFP.

• 50% DR is considered for VMS Channels.

• Server sizing & Storage Considered for all Cameras.

• VMS Recording failover is considered at DC.

• Application clustering failover will enable instantaneous change over without any loss.

• Central Management server with redundancy is considered at DC for central VMS

management.

• 30 days flagged data is considered for alerts.

• Primary Storage is considered for 7 days.

• Secondary Storage is considered for 23 days.

• DR Storage is considered for 7 days.

• FRS for 15 cameras

VMS integration with Command and control is in CCC vendor Scope, we can share the SDK/API
as per SDK/API license Agreement.

Fixed Camera

1077
 Key Feature:

✓ 60 fps @ 1920x1080
✓ H.265 Compression Technology
✓ Supreme Anti-Glare Capability by Headlight Filter Design
✓ SNV II (Supreme Night Visibility II) for Low Light Conditions
✓ WDR Pro II (140dB) to Provide Extreme Visibility in Extremely
Bright or Dark Environments
✓ EIS (Electronic Image Stabilization) to Control Image Stability
✓ Video Rotation for Corridor View
✓ Lens Profile for Camera Quality Optimization
✓ Trend Micro IoT Security

External IR Illuminator

Key Feature

✓ Fixed IR with Beam Angle 10˚ and 35˚

✓ LED Control by Digital Output
✓ Adjustable Light Sensitivity
✓ Defect LED Alarm
✓ Extreme Weather Support
✓ Weather-proof IP66 and Vandal-proof IK10-rated Housing
✓ Range upto 180 Meter
✓ 850nm Wavelength

1078
 PTZ camera

Key Features

✓ 30 fps @ 2560x1920
✓ 30x Optical Zoom, Auto Focus
✓ 360° Continuous Pan, -20° to 90° (auto flip) Tilt
✓ 200M IR with Smart IR
✓ Weather-proof IP66-rated, Vandal-proof IK10 and NEMA 4X-rated Housing
✓ -40°C ~ 60°C Wide Temperature Range for Extreme Weather Conditions
✓ EIS (Electronic Image Stabilization) for Image Stability
✓ Trend Micro IoT Security
✓ Smart Tracking Advanced for Moving People with People-based Deep Learning
Technology

Dome camera

Key Features

✓ 60 fps @ 1920x1080
✓ H.265 Compression Technology with Smart Stream III
✓ Installation-friendly Design
✓ Weather-proof IP66, IP67 and Vandal-proof IK10, NEMA 4X-rated Protection
✓ SNV (Supreme Night Visibility) for Low Light Conditions
✓ WDR Pro for Unparalleled Visibility in Extremely Bright and Dark Environments
✓ Built-in IR Illuminators up to 50M with Smart IR II
✓ Signed Firmware and Secure Boot
✓ AI-powered Smart Motion Detection and Smart VCA
✓ Cyber Protection via Trend Micro IoT Security

1079
 ANPR/RLVD/WWD/SVD camera

Key Features

✓ 60 fps @ 1920x1080
✓ H.265 Compression Technology
✓ Supreme Anti-Glare Capability by Headlight Filter Design
✓ SNV II (Supreme Night Visibility II) for Low Light Conditions
✓ WDR Pro II (140dB) to Provide Extreme Visibility in Extremely Bright or Dark Environments
✓ EIS (Electronic Image Stabilization) to Control Image Stability
✓ Video Rotation for Corridor View
✓ Lens Profile for Camera Quality Optimization
✓ Trend Micro IoT Security

Overview camera

Key Features

✓ 60 fps @ 1920x1080, 2.7 ~ 13.5 mm

✓ H.265 Compression Technology with Smart Stream III
✓ Installation-friendly Design
✓ Weather-proof IP66, IP67 and Vandal-proof IK10, NEMA 4X-rated Protection
✓ SNV (Supreme Night Visibility) for Low Light Conditions
✓ WDR Pro for Unparalleled Visibility in Extremely Bright and Dark Environments
✓ Built-in IR Illuminators up to 50M with Smart IR II
✓ Signed Firmware and Secure Boot
✓ AI-powered Smart Motion Detection and Smart VCA
✓ Cyber Protection via Trend Micro IoT Security

1.21 Network & Element Management systems

In Bilaspur Smart city surveillance project, under EMS management, bidder has considered DC

1080
infra monitoring (Router, Switch, Firewall, Server, VM, Database, Storage, Camera), Field end
points (Cameras, PA System, Sensors, UPS).

Mindarray Systems is proposing latest version of Motadata to offer centralized monitoring to

measure performance and KPI as per the requirement given by Bilaspur ITMS EMS opportunity to
fulfil complete IT infrastructure monitoring. Motadata solution would help you to ensure the
availability and performance levels your organization needs from your IT infrastructure, Motadata
offers an integrated IT and Log management platform which provides a single point of
management for an entire IT infrastructure. Motadata unified monitoring platform helps you
monitor networks, including wireless, as well as applications, servers and virtual assets. Motadata
will also provide the administration guidelines for the policy management imposed on the
software.

Motadata provides end-to-end correlation and service-centric view of a company’s distributed IT

environment through a single dashboard unlike many other vendors who provide point solutions
for various aspects of a business through separate consoles and GUIs which lead to information
silos. Our dashboard is customizable and offers 40+ visualization options with drag and drop widget
feature. Motadata platform support maps grouped by network topology, geographic locations
of the equipment

Below are the Modules included in the proposal

Motadata IIP – Infrastructure Intelligent Platform

Motadata NCM – Network Configuration Manager

Motadata SD – Service Desk Platform

Motadata AM – Asset Management

Motadata Architecture

Motadata platform comes as virtual appliance built on Linux. The appliance can be deployed on
bare metal or hypervisor platforms like VMWare, Hyper-V and Citrix Xen server. Motadata provides
built-data store, so there is no need to deploy any other third-party data store. Following diagram

1081
illustrates the high level application architecture of the system.

Motadata platform supports distributed deployment in order to scale in the larger network like
GPON, IPMPLS, FTTH etc. Following components can be deployed on multiple servers to scale to
higher load.

Motadata
Master Server
Motadata
Remote Polling
Engine (RPE)
Motadata Log
Receiver
Motadata
Database (DB)

Architecture

1082
EMS platform comes as virtual appliance built on Linux. The appliance can be deployed on bare
metal or hypervisor platforms like VMWare, Hyper-V and Citrix Xen server. Provides built-data store,
so there is no need to deploy any other third-party data store. Following diagram illustrates the
high-level application architecture of the system.

Figure 11: Platform Architecture

Deployment Architecture

Offered platform supports centralized as well as distributed deployment. Following components

can be deployed on multiple servers to scale to higher load.

Master Server

Remote Polling Engine (RPE)

Database (DB)

Figure 12: Deployment Architecture

When the primary server fails, it is sensed by the heart-beat monitoring or keep-alive messaging.

1083
Standby server is triggered automatically to change into an active mod. VIP is resolved as IP2
address and standby server becomes the primary application server

IIP – Infrastructure Intelligent Platform

IIP is the only platform that correlates, integrates and visualizes all sorts of IT infrastructure
management and does network monitoring and network management using native apps on a
single platform for complete visibility across dynamic IT environment. The Network Management
Software (NMS) or Network Monitoring Tool is built for every member of the IT team to monitor,
track, and deliver great business services. To provide uninterrupted services, the operational teams
need correlated data and multiple integrations for collection, automation & analysis to monitor &
visualize critical metrics that allows IT Teams to make more informed decisions. Infrastructure
Intelligence Platform (IIP) can help you do just that – Correlate, Integrate and Analyze IT
infrastructure stack.

Figure 13: Windows Monitor View

IIP components

Network Discovery: Automatically discover network devices (physical, virtual, and cloud networks)
in a multi-vendor environment and start monitoring various assets for complete visibility and control
over existing IT infrastructure with proactive network monitoring. The discovery process
immediately provides details such as name, device type, Operating System, services running and
other important device configuration details.

IT Infrastructure Inventory Management: It helps maintain, centralized repository to manage &

map all network inventory, and thus track entity & its details for in-depth visibility into how they are
connected to each other within the network.

IT Infrastructure Performance Management: Proactively manage, monitor and control overall

1084
network health, availability and performance by collecting network information on various
parameters such as packet loss, throughput, response time, utilization, error rates,
downtime/uptime, etc., collected mostly using SNMP. It further analyses the collected data to
maintain the system at an acceptable level as defined in the Service Level Agreement. If the
thresholds are breached an alert is generated automatically.

Fault Management (Alarm): Recognize, capture and resolve, the faults across various network
elements, topology and service overlays that delivers operational efficiency. Identify critical issues
in the network and resolve them before they hamper the business operations with root cause
analysis. The Fault Management classifies the alarm severity in 5 different categories – Critical,
Major, Minor, Warning, Info, etc. The severity types and color code is configurable as per the
business needs. In alert stream panel, user can see basic alarm details such as alarm severity,
monitor name, occurrence, timestamp, etc. User can also comment on alarm with remarks. With
alarm suppression feature, user can dismiss alarm and later user can search alarm from history with
the use of various filters. The active alarms automatically cleared once the issue would be
resolved. Traps and Alarms can be forwarded to 3rd party NMS system.

Network Topology: The arrangement/layout of network between different nodes, systems,

connecting lines that are linked to one another in the organization forms a network topology.
Motadata data comes with ITU-T G.805 compliant topology manager. Operators need to carefully
select from various network layouts (Bus, Star, Token Ring, Ring, Mesh and Tree) to meet network
goals, as each one provides a different level of flexibility. For proper control and efficient security,
device are designed and grouped in different layers i.e. Core layers, Distribution layers and Access
layers. Views can be drilled down to dipper level by zooming in into topology view. By going
dipper, chassis view shows port status with color coding.

Access Control Management (User Profiles): Role-based access control ensures that authorized
users can access data centre resources based on their roles. User groups are mapped to different
roles to enforce access control. Roles are associated with one or more permission sets (logically
related permissions), resource types, and resource groups. ACM facilitates granular access control
and simplifies security administration.

Scheduling Service: Motadata scheduling service helps end user to get rid of tedious recurring
tasks in day to day life. User can schedule one or more jobs for specific date and time with the
help of date-time picker, recurrence. Motadata offers various jobs like report generation, data
backup, configuration backup, etc.

Reporting: We take the stress and anxiety out of managing and reporting large amount of metric

1085
and log data in one comprehensive and unified report. Create interactive reports by drag-and-
drop of various data widgets. With 40+ different data visualization methods and arithmetic
functions, the system turns large data into meaningful reports.

Key Functions

Network Monitoring: Deliver critical operational analytics for end-to-end visibility across IT
infrastructure. Detect, identify, analyze and troubleshoot network issues.

Server Monitoring: Monitor key performance metrics of critical server performance parameters
and get real-time visibility of all the Servers spread across the infrastructure.

Platform Monitoring: Identify which elements have long load times, which ones are most popular,
& the one occupied at a particular instance

Virtual Machines Monitoring: Get insights on the performance of virtual infrastructure, troubleshoot
and resolve problems before end-users are affected

Container Monitoring: Collect, aggregate, process, and monitor information of all running
containers in diverse environment

Webserver Monitoring: IIP offers high availability and performance monitoring of all types of web
server applications in real time

Database monitoring: Visualize end-to-end database performance and get notified with alerts
whenever database thresholds are violated.

Field Endpoint Monitoring: Motadata shall monitor field endpoints like Camera, PA systems, sensors
and manages availability, service level contracts to ensure IT infra continuity.

Middleware Monitoring: With comprehensive availability metrics & powerful reports, middleware
admins can ensure if their critical elements are running at desired levels

1086
 Figure 14: 360 Degree Monitoring

EMS DAP – Data Analytics Platform

Offered EMS platform is a data analytics platform to collect store and analyse machine data from
sources such as network devices, servers and applications. It acts as a central data store by
collecting data across sources to index and search them for review and retention requirements.
The built-in correlation algorithms also provide proactive analytics to detect critical events.

Figure 15: Data Analytics Platform

DAP Components

Log Aggregation & Management: log management tool and software process any kind of log
data generated from multiple heterogeneous sources. Meet compliance standards such as PCI
DSS, FISMA, HIPPA and more. Quickly forward logs using syslog, http methods or using light agent
to capture every log event across application stack. Capture every log regardless of the log type.

Network Traffic Analyzer (NetFlow Analyzer) helps in understanding how the network bandwidth is
being utilized. Get real-time insight into bandwidth usage with customized reports like Top
Applications by Traffic, Top Conversations by Traffic, Top Traffic Destinations by Host IP, Top Traffic

1087
Sources by IP address, Top Traffic Receivers by IP and more. Capture flow data to monitor network
traffic from network devices supporting NetFlow v5 and v9, sFlow, jFlow and IPFIX etc.

Key Functions

Collect log data using encrypted agent communication in real time to ensure data integrity. Also
in case of communication fails agents stores collected data locally and uploads when connection
resumes. This way collection agents and solution always take care of data loss situations

Supports Syslog, custom SNMP traps, File based log data out of the box

Automate real-time reporting, filtering and aggregation of log data

Push notification of critical security events to third party apps using out of the box plugins for email,
SMS, Slack, Jira, HipChat and more

Custom dashboard and pre-defined searches to visualize collected data with next level user
experience

SLA Monitoring and Alerting - Intelligent SLA monitoring and proactive alerting helps IT troubleshoot
SLAs before they miss targets

NCM – Network Configuration Management

Network Configuration Management (NCM) organizes and maintains critical network

configurations of each component of the IT network infrastructure. The IT teams can repair, modify,
configure or upgrade devices remotely with NCM. Reduce the time required to manage critical
network changes and repetitive manual tasks across complex, multi-vendor networks with network
automation. The platform is pre-integrated with well-known network device vendors like Cisco, HP,
Juniper, D-Link.

Achieve simplified network compliance with automated network configuration management to

deploy and report configurations, detect out-of-process changes, audit configurations, backup
configurations etc. It supports various protocols such as Telnet, SSH etc.

1088
 Figure 16: NCM Functionalities

NCM Components

Automated Configuration for Change, Backup and Restore: Save time and effort by simplifying
recurring complex configuration changes instead of executing manually on multiple devices.
Quickly recover configuration changes and device failures by restoring latest configurations.

Change Monitoring & Management: Stay up to date on configuration changes with alerts and
also view the changes that have been made. Leverage role-based access for complete control
on who can make changes to devices & configurations.

Locate a back-up file quickly in the need of the hour by simplifying processes like highlighting
configuration errors, scheduling regular backups, & archives executing scripts, etc. It automated
Network Configuration Management tool can notify you whenever there is a change in the
device configuration, thereby helping you quickly replace a failed element. Also, you may
compare network configurations and see over time what has changed, you may roll back any
erroneous configuration changes, and much more.

Application Performance Management

With modern DevOps, it’s crucial to pin point the source of issues quickly, which makes constant
monitoring of key processes a mandate. APM is the most effective way to streamline the process
of building, testing, deploying, & managing software because it allows users to troubleshoot
problems and isolate issues within an application. APM helps users identify bottlenecks and foster
real-time collaborations between development & operations teams.

1089
Application Performance Management (APM) refers to monitoring or managing the performance
of your code, application dependencies, transaction times, & overall user experiences.

End-to-End Monitoring Architecture

Offered Product Suite enhances the visibility with broad coverage of popular programming
languages and frameworks including but not restricted to Java, .NET, Node.js, and PHP.

APM Features

Service Maps: Visualize your micro-services and applications in real time with a topology displaying
connections, inter-dependency & health stats.

Smart Alerting: Stay updated with baseline alerts by setting up dynamic thresholds for any metrics
based on the existing historical data.

Database Monitoring: Drill down to database metrics like response time, throughput, time
consumption, slow SQL traces and track exact SQL statements that are slowing down your
website.

Code-level tracing: Capture the timing & code-level context for transactions in real-time across
every tier. Get code level diagnostics for Java & .Net.

Powerful CI/CD analytics: Track each & every build in your delivery pipeline, monitor user's
behavior, and measure the possible impact on your infrastructure. Smartly push a new code into
existing production efficiently & quickly.

Synthetic Monitoring: Monitor your service levels, availability of systems and key business
transactions. Closely check the most common paths in your application.

Key Functions

Identify, prioritize & resolve defective transactions.

Monitor all user transactions.

Automatically discover business transactions and components including backend.

Visualize entire application topology and interactions within the components.

Capability to capture custom business metrics without changing application code.

It can automatically Count measure and score every transaction. Discover code deadlocks.

Capability to provide Network Visibility on Host (Network endpoints & visibility).

1090
Provision to auto Identify for slow transactions, error transactions, stalled transactions, Components
& backends, external calls, and slow DB queries.

Provision of Detailed transaction traces down to specific lines of code/Method/Class.

Provision to Report application errors & exceptions.

Single platform architecture & Intuitive UI.

Automatic infrastructure metrics.

Automatic & dynamic baselining of all components/metrices

Drill Down capabilities from summary Dashboard

Provision for OOB integration or API to access APM Data

Provision for SSL/ Encrypted data transmission between every monitoring component

Provision to collect DB data (SQL Explain & Execution plans, locks, performance, stalls etc).

Provision to drill down from business transaction to correlated log entries in single platform.

Provision to compare business transactions flows for different custom time ranges. (Trend Analysis)

Provision of Application framework metrics (performance counters, JMX mBeans, Java Memory
leaks etc).

Provision of Real user monitoring. (all Popular browsers & Mobile Devices)

Provision for SSL/ Encrypted data transmission between every monitoring component.

Provision to perform synthetic jobs on web browsers in the same UI as the rest of the solution with
capability to script & measure multi-page workflows.

Capability to generate Reports through Web UI.

Capability to export generated reports in multiple formats.

Provision for usage and performance analytics based upon.

Provision to Display Key metrices on Geo Map.

Provision to store and work on historical data. (in Days)

Provision to Create Custom Dashboards.

Capability to Monitor Containerized Application & Microservices metrices without changing

container image.

Capability to group transactions together based on a user-identification parameter like Session ID,

1091
IP etc and display all transactions in order of execution

Automation Capability

Workflow: Event based workflow allowed to define dynamic rules on ITIL processes (Incident,
Problem, and Change) to automate the repetitive task and execute business process un-
interrupted. Example: If incoming incident has high priority and category is database then route
ticket to technician who is database expert

Figure 17: Workflow creation

Service Level Contracts/Agreement: Motadata Automated SLA allows keeping check of

performance of issue management and defining escalation paths for each violation. Example: If
high priority incident is not resolved within 48 hours, then send escalation email to IT Manager

Figure 18: SLA creation

Agent-less Asset Discovery: offered EMS Agent-less discovery feature scan customer networked
environment and automatically add discovered asset and its configuration in to system. It supports

1092
automated discovery of Windows, Linux and SNMP devices

Administration Capability

Hierarchical Departments

Dynamic Roles based Authorization

Email Integration

LDAP Integration

Scheduled Reports

Business Hours

Change Advisory Boards

Customization (Status, Category)

Email Notifications

Asset Discovery Scan Management

Benefits]

Quick Resolution of Issue.

Improve Technician Productivity.

Automate redundant service desk activity.

Reduce no of incoming issue.

Reliable and Experience driven Service desk Operation.

Minimize Risk and Business Impact due to IT.

Contextual view of Service Desk for IT Managers.

Up to date Asset Repository and its Configuration Data

Knowledgebase with highest usability.

Meet Service Level Agreements and IT Compliance.

AM – Asset Management

IT services are typically made up of a bunch of individual components — things like servers,
software and middleware, and unique configuration information. In ITIL, Service Asset and
Configuration Management, or SACM, is about properly planning and managing (and even
being able to report and audit) the relationships and attributes of all of these components, across

1093
every service in your infrastructure. It support automated discovery of windows, Linux and SNMP
devices.

Quickly identify performance bottlenecks, and make more informed business decisions, monitor
your hardware and software performance and improve service delivery with custom and
predefined alert and reporting capabilities. With asset management software you can Track and
manage all your assets from a single unified view, throughout its life-cycle – be it maintenance,
procurement, discarding or depreciation.

Figure 19: Asset Management Screenshot

IT Asset Management Software lets you operate, maintain, deploy, up-grade and dispose of IT
assets in a systematic way. Turn IT teams more productive by offering them greater visibility and
control over both hardware and software assets, that enables them to fight day-to-day IT issues
and problems, that helps in minimizing downtime that impact businesses. Moreover it keeps a track
of every asset to ensure employees are equipped with the tools required to get the job done.

Key Functions

Automatic Asset Discovery: Discover and identify all reachable IT Assets in or outside a network
and categorize them in few clicks. We support Asset Discovery through Microsoft Active Directory
and IP Range Networks, and also offer an Agent Application for Assets that are not part of any
network/domain. The discovery tools automatically scans and maps all IT assets and also updates
them at regular intervals.

Inventory Management: Keep track of all IT and non-IT assets in stock or in use. Be it contracts,
hardware, software, and other configuration items, evaluate their values, and plan purchases with
up-to-date information of all assets. The platform stores, records, reconciles all the discovered
applications and devices — so you know what’s installed, who’s using it, and whether it’s properly
licensed.

1094
Software Asset Management: It helps in managing and optimizing the purchase, deployment,
maintenance, utilization, and disposal of software applications within an organization. Along with
that, users can also track specific software (whether underutilized or un-utilized) using the Software
Metering feature.

Intuitive Customizable Reports: Generate reports as per requirement quickly and easily with pre-
defined or customizable report templates to identify bottlenecks. It lets you create customized
dashboard, offers limitless drill-down capabilities to retrieve asset information that you need for
various stake holders – IT, Finance, Help Desk etc.

Compliance Management: A company is exposed to legal risks when it is not aware of the
Software that is being run on its machines. The platform tracks utilization of Software that is installed
on various Hardware Assets and in the process helps in compliance. It monitors licenses that are
actively being used compared to the licenses actually purchased.

Barcode: The product allows generating a barcode for every Asset in the CMDB so that users can
manage their physical inventory. It lets you print and exports barcodes (PDF) for users to quickly
tag their Assets.

Powerful CMDB: The CMDB feature helps maintain, centralized repository to manage & map all IT
Asset configurations, and thus track entity & its details for in-depth visibility into how they are
connected to each other within the IT Infrastructure.

Remote Desktop: Inbuilt browser based Remote Desktop to monitor and remotely diagnose
Computer Assets quickly

Pre-integrated with Ticket Management: Get full picture of the Assets by aligning incidents of the
impacted assets through an integrated help desk

Supported Protocols

Network Monitoring Protocol: SNMP, SSH, WMI, PowerShell, JMX, JDBC and REST APIs

Network Flow Monitoring Protocol: NetFlow, sFlow, jFlow, IPFIX and SNMP

Network Configuratio

Management: SSH, Telnet

In-Scope

SN In Scope Description

1095
 We have offered SNMP, ICMP, PowerShell, JDBC, JMX, HTTP, WMI, SSH
1
protocols for monitoring.

2 Bidder understand REST API integration with ICCC system.

We have offered the 8x5 L3 support as part of standard AMC support for
3
EMS system.

Bidder will provide respective documents for project execution based on

4
agreed timeline during project.

EMS bidder has considered standard polling frequency and bandwidth

5
assumption for HW sizing. Please refer HW BoQ Assumption section.

Offered product architecture is modular and plug-in driven offering both scalability and
integration capabilities as per business requirement. It is designed using open source technologies
such as Java, ClickHouse and ElastiSearch.

With native integration of SNMP, PowerShell, SSH, JDBC, JMX, HTTP/HTTPS and third party APIs, it
quickly automates remediation in large IT infrastructure. Out of the box metric and log apps allows
IT teams to instantly monitor everything from any source – metrics, network flow and logs.

Solution End Point Type Key Monitoring KPI

Windows – Overview, Alert, Utilization, Disk Space, Free Space

System, Interface, Disk Capacity, RTT, Monitor UP%, Monitor
Volume, Disk I/O, Network, Down %, Top 10 Windows Alerts, Alerts
IIP - Monitoring
Memory, CPU Availability, Trend, Severity Breakup, Alert Heat Map,
Go proactive and
Top/Least N, Process Performance Summary
take action before
the issue becomes Interface Summary, Switch Alert Trend
the problem with Switch – Alert, Availability, Breakup, Switch Alert Severity Trend, Top
complete visibility Interface, RTT, Packet Loss, 10 Switch Alerts, Top 10 Switch Monitors,
and automated Error Packets Switch Alert Heat map, Uptime Summary,
alerts. Availability Heat map

Any SNMP device – Alert, Status, In traffic, Out traffic, Overall Traffic,
Availability, Interface, RTT, Packet Errors, Alert Trend Breakup, Alert

1096
 Packet Loss, Error Packets Severity Trend, Top 10 SNMP Monitors,
SNMP Alert Heat map, , Top 10 SNMP
Alerts, Availability (Heat map, Uptime
Summary, Availability Summary)

Interface Summary, Router Alert Trend

Breakup, Availability (Heat map, Uptime
Router – Alert, Availability,
Summary, Availability Summary), Alert
Interface, RTT, Packet Loss,
Trend Breakup, Alert Severity Trend, Top 10
Error Packets
Router Monitors, Router Alert Heat map,
Top 10 Router Alerts,

Top 10 Linux by Cache Memory, Top 10

Linux – Memory, CPU, Linux by Buffered Memory, Top 10 Linux by
Network, System, Process, Swap Memory, Top 10 Linux by CPU User
Availability, Alert, Disk %, Top 10 Linux by Idle CPU %, Processor
Volume, Interface, Disk I/O, Queue length, Interrupts/Sec, Context
Top/Least N Metrics Switches per Sec, Top 10 Linux by Network
Traffic etc.

Alert Trend Breakup, Severity Trend, Top 10

Firewall Monitors, Firewall Alert Trend,
Firewall – Alert, Availability,
Firewall Alert Severity Breakup, Heat Map,
Interface
Availability Summary with Drill Down,
Uptime summary with Drill Down etc.

Solution What It Offers Key Monitoring KPI

DAP - Network Flow sFlow – Top N, Traffic Distribution Top 10 - Source, Destination,
(Google Map), Traffic distribution Applications, Source Countries,
Capture flow data to
by Location (HTTPS/HTTP), Traffic Protocols, Devices, Source Cities etc.
monitor traffic from
Distribution (HTTP/ HTTPS) with further Drill Down
devices supporting
NetFlow v5 & v9,
Net Flow v5 – Overview, traffic Traffic Volume, Flow/Packet, Traffic
sFlow, and IPFIX etc.
Distribution, Top N, Traffic Volume Trend, Flow/Packet Trend,

1097
 Distribution (Google Map), Traffic Traffic Volume Utilization, Traffic
Distribution by Location Volume Utilization Trend, Traffic
(HTTP/HTTPS) Volume Breakup, by Protocols,
Destination Countries/Cities etc.

Traffic Volume, Flow/Packet, Traffic

Net Flow v9 – Overview, traffic
Volume Trend, Flow/Packet Trend,
Distribution, Top N, Traffic
Traffic Volume Utilization, Traffic
Distribution (Google Map), Traffic
Volume Utilization Trend, Traffic
Distribution by Location
Volume Breakup, by Protocols,
(HTTP/HTTPS)
Destination Countries/Cities etc.

User Login Count, User Login Fail

Audit Logs
Count

Interface Status, Bandwidth

Utilization, Source IP, Destination IP,
Firewall Logs
Sent Bytes, Received Bytes, Volume in
MB & Bytes, Username etc.

Top 10 Windows Successful Logins by

DAP - Log
User, Top 10 Windows Failed Logins by
Management
User, Logins by Hour (Successful/
Collect and analyze Failed), Top 10 Windows Event
log data from Sources, All fatal warning Messages
multiple sources Windows Event - Default Log, by Source Host, Windows Event By
regardless of log Overview Log, Login Status log Task, Event Distribution Over Time,
data format. Event Severities Over Time, Top 10
Windows Service, Service Names &
Details with Drill Down for Event Trend
and Recent Events (Source Host,
Provider, ID, Service Name, Event)

Apache, IIS, Nginx Logs – Top URL Traffic, Top 10 Domain by

Overview, Web Operations, Traffic, Top 10 Country Visits - by
Traffic Insights Traffic, Over Time , Top 10 City Visits -

1098
 by Traffic, Over Time , Top 10 OS by
Traffic, Top 10 Browser by Traffic, Top
10 Sources causing 4xx Errors, Top 10
URLs causing 404 Errors, Error
Responses – By Server, Over Time, Top
10 Sources by Traffic Usage etc.

Syslog, Last failed login with

Timeline/Time slice, Successful Login
Linux Logs – Overview, Security
Counts, Pseudo Attempts, System
Status, Event Source, Login Status
Starts, System Starts, New User
Assignments etc.

Topology, RCA, Remedy Actions, Alerts, Dashboard, Drill Down, Reports

Others
(PDF, Excel, JPG, PNG)

Screens

NMS Dashboard: Dashboard can be customized according to the requirement. The screenshot
below shows default (out-of-the-box) template. One Platform for Availability, Performance and
Security → Go proactive and take action before the issue becomes the problem with complete
visibility and automated alerts.

Figure 17: NMS Dashboard

Network Flow Dashboard: Monitor & Analyze Your Network Flow Traffic → Capture flow data to
monitor network traffic from network devices supporting NetFlow v5 and v9, sFlow, jFlow, and IPFix
etc.

1099
Figure 18: Network Flow Dashboard

Log Management Dashboard: Find Actionable Context in Log Data across Infra → Collect and
analyze log data from multiple heterogeneous sources regardless of log data format.

Figure 19: Log Management Dashboard

1100
1.22 Smart Pole
Smart Street lighting

60W, 90W, 120W, 150W or 180W Single or dual LED smart streetlight with smart featur for on/off,
dimming, app controlled, etc

Public Address System Outdoor speakers with amplifiers, centralised application with zone specific
audio streaming with options of live or recorded announcements directly to the poles

WiFi Hotspot Enabling citywide WiFi hotspots, Vigilar is equipped with professional grade WiFi APs
to provide citizens with high-speed internet access on the streets.

Weather Station Temperature, humidity, SO2, CO2, NO2, PM2.5, PM10, Rain intensity, wind speed
& more are few of them that’s integrated with Vigilar to get automated weather measurements
in the city with data analytics

LED Display

Video streaming, monetization with centralised Ads across the city, remote content management,
information display are few of them you could do with the outdoor LED display integrated with the
Vigilar.

IoT

Vigilar is a medium to integrate various third-party applications with our inbuilt LoRa integrated
with the smart pole. Weather its managing street light remotely, pushing data from electric meters
to central hub or data transmission for intelligent transport management in the city.

Electronics, Internal Rack

Adequately ventilated, internal rack is inbuilt within Vigilar to house all your electronics in it
securely. Its water and dustproof and is equipped with anti-vandal sensors to secure your
expensive electronics gadgets & equipments.

Unified Application

It is a unified, centrally controlled application to control, manage and maintain Vigilars across the
city. It gives you real time data from all the Vigilars including downtimes of every component in it,
creating log reports, automated email triggers to concerned officers and departments of the city.
It adheres to 27001 data security standards making a secure application to manage easily.

1101
Environment Monitoring System

Air pollution is a serious global problem, especially from automobile exhausts in urban areas; such
as SO2, NO and CO. The broad scope of work to be covered under this will include the following,
but is not limited to:

Installation of environmental sensors on selective busy junctions for monitoring air quality
information. These sensors shall be deployed at identified traffic junctions to collect the data
related to air pollution.

These systems will integrate these sensors for real time data collection of air quality and transmit to
ICCC.

In consultation with BSCL make provision to display this information to variable message signboards
as and when required or in periodic manner.

Requirement to integrate environmental sensor for providing air quality, temperature, and
humidity. These Sensors should be integrated into the poles.

Each environmental Sensor should be able to measure following parameters;

Temperature, Humidity, CO, CO2, NO2, SO2, PM2.5, PM 10 etc.

Rationale

1102
Air Quality Monitoring

Air pollution in Indian cities has reached critical level as a result of growing number of vehicles and
resultant congestion. The air quality is affected by rising levels of particulate and nitrogen oxide
contamination. Moreover, rapidly growing number of vehicles may undo any gains any City might
have made.

The New Delhi-based research and advocacy group has found that PM10 (particulate matter less
than 10 micron in size) levels have been consistently increasing in the cities, now measured at 2.8
times higher than the standard.

The average concentration of PM2.5 in all the cities is 100 g/m³, giving India the dubious distinction
of having the most polluted cities in the World.

WHO’s Air quality guidelines offer global guidance on thresholds and limits for key air pollutants
that pose health risks. The Guidelines indicate that by reducing particulate matter (PM10) pollution
from 70 to 20 micrograms per cubic metre (μg/), air pollution-related deaths could be reduced
by roughly 15%. Government of India has responded to a public health crisis, especially in metros
and tier 1 cities, with the launch of the Indian Air Quality (AQI) Index on April 6th 2015.

Urban local bodies that are building Smart Cities as part of the Digital India initiative are requiring
the monitoring and prediction of air quality as part of their effort to not only understand and
improve the environment but also offer the insights as a public service. They will Collect data at
ground level, accumulate & aggregate to enable understand historical trends

Thus accumulated data can help the urban local bodies to undertake required steps to reduce
pollution

Will provide valuable insights to take remedial and preventive actions Weather

Weather

The debilitating effects of air pollution on health can be compounded by weather constituents
such as temperature and humidity

Noise

Noise could affect both the physiological and psychological health of an individual

Effects can range from disturbed sleep, resulting in reduced learning in children and productivity
in adults, to hypertension leading to heart disease.

Permanent hearing loss and tinnitus can occur in extreme cases

Solution Overview

1103
The proposed solution provides the following features:

Continuous monitoring of the sensing devices and thus highest availability

Monitors various sensors used in the device for manufacturer mandated specifications.

Continuously improving prediction and alert intelligence. This will be made available to Local
Urban Bodies as and when available.

Advanced analytics and correlations with third party weather data and local data. This includes
historical trends and predictions.

Isolated data management for device data and pollution data for maximum security. Pollution
data is completely anonymized and will contain only the unique device identifier. Device details,
locations etc. are maintained in an elevated security level.

Ability to provide near real time alerts as the platform leverages distributed and auto scaling
architecture.

Below is the high level architecture of the proposed solution.

Location & Mounting of Devices

Location of each of the ES would be finalized along with BSCL. The location needs to be sensitive
to capture the true environmental parameters, while at the same time take into cognizance the
building its restrictions and preferences.

Each of the units would be located on a Street lamp post/camera poles. A Shell would be readied
to locate the unit.

Each housing would have a mechanism to suck in ambient air, get it to flow over the ES.

1104
In other locations where there is no possibility of erecting poles and street lamp poles are not
present, the ESs would be located on the roof suitably grouted to the wall. The ESs require
uninterrupted power (230 Volts AC) for its functioning.

The ES will be mounted on a clamp at a height of 3-4 metres.

Project Implementation Approach

Project implementation Approach , Strategy and Operations & Maintenance plan including
comprehensiveness of fall back strategy and planning during roll out

In today’s environment sticking to one approach or one type of project management style will be
totally uncalled for. This project of BSCL is a vast combination of traditional CCTV work engrossed
and enrolled with the latest and state of the art technologies and softwares such as E challan,
Smart Parking, E Gov etc . In such mix of jobs a combination of Project Management
methodologies needs to be used . We are Proposing a Mix of Below Management methodologies
for this Project .

1105
Waterfall ( For Field Works )

The waterfall method builds upon the framework of the traditional method.

With the waterfall approach, it is assumed that team members are reliant upon the completion of
other tasks before their own tasks can be completed. Tasks must therefore be accomplished in
sequence and it is vital that team members correspond with one another. Everyone contributes
to the overarching goals of the project and as they complete their tasks, they enable other team
members to complete theirs, which opens up opportunity to begin larger tasks.

With waterfall project management, team size will often grow as the project develops and larger
tasks become a possibility. As these opportunities open up, new team members are assigned to
those tasks. Project timelines and dependencies need to be tracked extensively.

Agile ( Setting Up Data Centers)

Projects that require extreme flexibility and speed are best suited to the agile project
management method. Through this method, project managers breakdown milestones into
“sprints”, or short delivery cycles.

Commonly used for in-house teams, agile project management was created for projects where
there is no need for extensive control over the deliverables. If you’re working with a team that is
self-motivated and communicates in real time, this type of project management works well
because team members can rapidly adjust things as needed, throughout each task.

Scrum ( Software Integrations and Deployment)

Scrum is a derivative of agile project management. As an iterative project management style,

scrum features various “sessions” sometimes defined as “sprints” which generally last for 60-90 days.
These sprints are used to prioritize various project tasks and ensure they are completed within this
time.

Rather than being project manager, a Scrum Master should facilitate the process and assemble
small teams that have oversight of specific tasks.

The teams should communicate with the Scrum Master to discuss task progress and results. These
meetings with the Scrum Master are ideal times to reprioritize any backlogged tasks or discuss tasks
that have yet to be pooled into the project.

Based on the mix of the above 3 styles of Project management below is the five phases of project

1106
management which include conception and initiation, planning, execution,
performance/monitoring, and project close.

Phase 1: Project Initiation

This is the start of the project, and the goal of this phase is to define the project at a broad level.
This phase usually begins with a business case. This is when we will research whether the project is
feasible and if it should be undertaken. If feasibility testing needs to be done, this is the stage of
the project in which that will be completed.

Important stakeholders will do their due diligence to help decide if the project is a “go.” If it is given
the green light, you will need to create a project charter or a project initiation document (PID)
that outlines the purpose and requirements of the project. It will include business needs,
stakeholders, etc

1107
Phase 2: Project Planning

This phase is key to successful project management and we will focus on developing a roadmap
that everyone will follow. This phase typically begins with setting SMART goals.

During this phase, the scope of the project will be defined and a project management plan will
be developed. It involves identifying the cost, quality, available resources, and a realistic
timetable. The project plans also includes establishing baselines or performance measures. These
are generated using the scope, schedule and cost of a project. A baseline is essential to
determine if a project is on track.

At this time, roles and responsibilities are clearly defined, so everyone involved knows what they
are accountable for. Here are some of the documents we will create during this phase to ensure
the project will stay on track:

Scope Statement – A document that clearly defines the business need, benefits of the project,
objectives, deliverables, and key milestones. A scope statement may change during the project,
but it will not be done without proper change management process defined .

Work Breakdown Schedule (WBS) –This will be a visual representation that breaks down the scope
of the project into manageable sections for the team.

Milestones – Identify high-level goals that need to be met throughout the project

Progress Chart – A visual timeline that we can use to plan out tasks and visualize our project
timeline.

Communication Plan – This is of particular importance in such complex and innovative projects.
Its important to develop the proper messaging around the project and create a schedule of when
to communicate with team members based on deliverables and milestones.

Risk Management Plan – Identify all foreseeable risks. Common risks include unrealistic time and
cost estimates, customer review cycle, budget cuts, changing requirements, and lack of

1108
committed resources.

Phase 3: Project Execution

This is the phase where deliverables will be developed and completed. This often feels like the
meat of the project since a lot is happening during this time, like status reports and meetings,
development updates, and performance reports. A “kick-off” meeting will marks the start of the
Project Execution phase where our team involved will be informed of their responsibilities.

Tasks completed during the Execution Phase will include:

Develop team

Assign resources

Execute project management plans

Procurement management if needed

PM directs and manages project execution

Set up tracking systems

Task assignments are executed

Status meetings

Update project schedule

Modify project plans as needed

While the project monitoring phase has a different set of requirements, these two phases will occur
simultaneously.

Phase 4: Project Performance/Monitoring

This is all about measuring project progression and performance and ensuring that everything
happening aligns with the project management plan. Our Project managers will use key
performance indicators (KPIs) to determine if the project is on track. Our PM will typically pick two
to five of these KPIs to measure project performance:

Project Objectives: Measuring if a project is on schedule and budget is an indication if the project

1109
will meet stakeholder objectives.

Quality Deliverables: This determines if specific task deliverables are being met.

Effort and Cost Tracking: PMs will account for the effort and cost of resources to see if the budget
is on track. This type of tracking informs if a project will meet its completion date based on current
performance.

Project Performance: This monitors changes in the project. It takes into consideration the amount
and types of issues that arise and how quickly they are addressed. These can occur from
unforeseen hurdles and scope changes.

During this time, PMs may need to adjust schedules and resources to ensure the project is on track

Phase 5: Project Closure

Once the project is complete, PMs still have a few tasks to complete. They will need to create a
project punch list of things that didn’t get accomplished during the project and work with team
members to complete them. Perform a final project budget and prepare a final project report.
Finally, they will need to collect all project documents and deliverables and store them in a single
place for ready reference by the O&M Team .

1110
Comprehensive Planning & Fall-back Strategy

The comprehensive process of Bilaspur Smart City project planning involves completing goal
needs assessment to engage the technology/resources in identifying and prioritizing all long-
range goals and the problems preventing the achievement of those goals. Contingency and fall-
back plans are developed to manage identified risks. The fall-back plan is implemented when the
contingency plan fails to executive or overcome the risks. Even though the chances of having to
actually use your fallback plan may not be very high, having a fallback plan in place when the

unthinkable happens will make things go that much more smoothly during times of crisis.

Project Fall Back Areas Mitigation Strategies

1111
Delay in delivery of project component Strengthening the vendor management
team & identify 2nd vendor option if any
delay in delivery over contingency time
period.

Delay in integration with other sub-systems Meetings and sharing of protocols/APIs at

the start of the project. Joint meetings with

Steering Committee for clear responsibility

matrix.

Delay in providing of raw power Advance preparation of all document for

approval to concern electricity

department.

Delay in provision of Junctions/ ITMS Advance preparation of all document for

control center approval of project site.

Use of existing infrastructure Submit the project site survey report with all

details of existing visible infrastructure &

take details of all non-visible infrastructure

with life cycle cost calculation of all

infrastructure.

Project implementation delay due to We initially identify all project stakeholders

& submit the pre-requisites document
approval from different entity of project
along with site survey report for better
stakeholder team.
understanding of actual project
implementation plan.

1112
Operation and Maintenance Plan

Its objective is to assess their comparative efficiency in achieving defined organizational aims.
O&M concerns itself mainly with administrative procedures and employs techniques such as
operations research, work-study, and systems analysis

SLA Management Strategy

In order to deliver the SLA, relating the scope of services, it is proposed to implement Technology,
People and Process so that the SLA can be continuously monitored, measured and delivered as
agreed.

1. Service Operational Plan

During the Post Go Live Stage the Service Operational Plan will be the basis to measure the SLA
and ensure that all SLA agreed during the Go Live Stage are delivered as per the Plan. The Project
plan will capture the daily activities to be performed so that any slippages are measured,
reviewed and mitigated immediately

2. Logging & Monitoring Software

All the System Components Hardware (Server & Desktop), Software and Networking will be
monitored for Performance, Failure and Availability so that any failure/warning will be

1113
automatically notified through Email/SMS for immediate corrective action.

It is proposed to Implement advanced tools for Logging and covering

Server Performance

Capturing of Logs and Monitoring (information/Errors/Warnings/Trace)

Network Management –

Such a logging and Monitoring system will provide online visibility to the working of the system so
that corrective action can be taken and also the reports can be generated for SLA review and
auditing.

3. Help Desk Process

A Dedicated Technical Help Desk process will be implemented that will enable the various trouble
tickets to be generated, monitored and measured for resolution.

The Technical Help Desk will be manned by qualified technical personnel around the clock in 3
shifts to enable the process. The Help desk will serve as a single source in recording all service
request, coordination with Technical Engineers for L1/L2 Support and in preparing SLA reports.

Further the Help Desk will have access to online dashboards to review the Logging and Monitoring
status of the various system & networks.

4. Technical Manpower

The various stages of the project – go live and operations management will be executed through
the well qualified and trained manpower that are specialized in the various domain requirements
that make up the project.

The Technical Manpower as detailed in the resource planning will handle day to day operational
support and manage the SLA so that the agreed SLA will be delivered.

Conduct or ensure ongoing operations and maintenance (O&M), including repairs,

1114
Task: O&M plan

System Performance

Monitoring System

O&M Contracts and agreements

Warranties

Buyout Options

Outputs: Ensure responsible party carries out O&M

Measuring and tracking success

Correlate with business plan and strategic

energy plan

Contract compliance

1115
 Reporting of generation

Note - With above, we ensure that we have proposed all tested and robust and committed to
provide high uptime by adhering to SLA criteria given in RFP.

Detailed Approach and Methodology

Proposed Project Management

Approach
Our project execution is based on a “structured and segmented” approach to ensure proper delegation of role and
responsibilities and breaking down of the project into phases with clearly defined deliverables. Built on our learnings
from our extensive project execution experience across sectors, the methodology leverages the tenets of planning,
communication, measurement and accountability.
We assist clients in improving the likelihood of project success through proper commercial, legal, financial and
operational planning, setting up project delivery organisations, and defining appropriate program controls. We also
work with clients to reduce CAPEX and OPEX through greater use of data and digital technologies and better
consideration of operational readiness from the start of projects, and by providing greater schedule and cost
certainty to help leaders make informed decisions.
Our process starts with any business opportunity at an RFI/RFP stage only when the opportunity is in the hands
of the Business Development function and it matures through an established approach and methodology, first
within the business development function and then all successful bids are handed over to the new dedicated
Project Manager for execution. The closed loop approach has helped ensure that any awarded project is managed
well during its lifecycle and learnings are used from other opportunities.

1116
System Engineering (SE) capability
A s e e ine c ii A ’s framework for SE is given below:

TASL SE capability is CMMi Level 5 certified:

1117
Methodology of execution

TASL shall execute this project as per the standard execution methodology wherein all tasks are divided into work
packages. In line with the tender specifying the project phases, the work package distribution shall be as given
below:

1. Work Package 1 – Project Management

This work package sets up the management infrastructure: project governance structure, project procedures,
quality management plan, risk registers, project management tools in order to ensure the strategic and day-to-
day operational project management of the project.
This work package will be undertaken throughout the project lifecycle and activities shall include estimating
the attributes of the work products and tasks, determining the resources needed, negotiating commitments,
producing a schedule, and identifying and analyzing project risks.
Iterating through these activities may be necessary to establish the project plan. The project planning provides
e sis r er r ing n c n r ing e r jec ’s c i i ies ress e c i en s i e
customer.

1118
 2. Work Package 2 – Technology Management
This work package aims to ensure the successful technical implementation of the project
in conformity with the work plan and the tender requirements with a focus on managing
risks and identifying deviations and problems related to the technology implementation
of the project and provide solutions.
This work package too shall be undertaken throughout the project lifecycle and aims to design
and build an integrated architecture based on the function flows between the various
components of the system, e.g. - sensors, event detection module, simulation modules and
the event management module. It will focus on designing, developing and implementing the
interfaces between the various system components of the main process such as: collecting
data from sensors, processing data, event detection, and operational procedures using
simulation functions with results presented in geographic layers.
Additionally, work will be carried out to develop an integrated process which starts with
an alarm received from a sensor through early detection, event management and finally
the closing of the security event and the integration of the interfaces of all the components
of the project.
Primarily undertaken at the design lab of TASL, ultimately an integrated holistic solution
will be deployed at sites.

TASL methodology includes phase wise implementation of project described as below:

Phase 1

Site Survey & Risk Assessment: In this phase, our team of experts shall perform an exhaustive
survey and assess the site requirement. The output of this survey shall be documented and
shall be confidential to the outer world.
The survey and assessment shall be undertaken by a joint team of infrastructure and system
engineers. They shall be backed up by experts from the product OEMs in order to ascertain
the best way to deploy the technology on site.
Many different methodologies are commonly used while assessing the site e.g. - CARVER
and RAM methodologies, including those published by ASIS International, IASPC.
The deliverable from this work package shall form input for the design of the solution.

Design: This work package shall be the foundation for the solution to be implemented at the
site. The team of Subject Matter Experts (SMEs) will design a solution meeting the
requirement of BSF. The deliverable of this stage will be detailed drawings and final BOQ. This
phase covers all Design & Specification aspects within the Solution Development and Solution
Integration phases incorporating, functional specification, Product Customizations, Test
environment, Test strategies, Acceptance Test Plan, acceptance procedures etc.
Implementation: Upon mutually agreeing on the DD of the solution, the team shall

Bilaspur Smart City: Technical Proposal

1119
 begin to deploy the solution for on-ground implementation.
This work package primarily includes the delivery of the material at site and its installation.
The infrastructure team shall be responsible for this work package and will undertake
works at site as per the design finalized and per the site operating procedures identified
during the kick-off stage.
At the end of this work package the various elements of the solution – sensors, controllers,
C&C hardware and auxiliary systems like communications backbone and power
infrastructure etc. shall be available to the engineering team for integration &
commissioning.

Phase 2
Testing & Calibration: In this phase the solution implemented at site shall be tested for its
proper functioning and integration with the other network elements. The deployed
infrastructure and software shall be customized as per the site conditions.
As part of the Design, TASL shall have shared a draft User Acceptance Test (UAT) document,
which shall include the test plans, test cases and acceptance criteria for the solution
acceptance with timelines. This work package shall undertake the testing procedure specified
in the UAT document and share the test reports and logs with the client to ensure the system
is calibrated as per their expectations.

Phase 3
Training: TASL will conduct training for the stake holders. It will be time- honored training
which will be blend of classroom and workshop environment for the Security System set
up by us.

Handover: After the successful completion of testing, the entire system will be handed over
to the client for the operation. The c ien ’s personnel shall be trained regarding all aspects of
the system before the handover is completed.

Escalation Matrix
TASL has a proven issue management process that is deployed on all engagements
and is summarised below:
• 1st point of escalation: Project Manager

• 2nd point of escalation: Project Director

• 3rd point of escalation: Head – Operation

• 4th point of escalation: Vice President – Physical Security

Bilaspur Smart City: Technical Proposal

1120
 Key learnings from past project
Our Technical proposal is based on our key learnings basis the past project. We have detailed our key
learnings while developing Approach and methodology for this project. Our risk mitigation plan comes
from our learnings during our past projects.
Project Monitoring and Communication Plan:
Our Vice President – Physical Security will actively engage with the client’s stakeholders to assess
performance and deal with staged escalations and dispute resolution. Where appropriate,
performance assessments will occur through several formal mechanisms on each engagement:

• Service performance meetings will be conducted regularly or as required

• Risk assessment meetings will be conducted regularly or as required

• Service status reports will be developed, consolidated into status reports and issued to you as
appropriate

• Contract review meetings will be conducted regularly or as required to ensure that

obligations by all contracted parties are being met

• If remedial actions are necessary, they will be implemented, including the development of
a service improvement plan if necessary. TASL maintains a comprehensive performance
management framework, which includes specific consideration of our performance on
client engagements via regular individual performance reviews and through our client’s
satisfaction responses in our regular client service assessment.

Assessment of Manpower deployment, Training and Handholding plan

Deployment strategy of Manpower
Our strategy is predictive, and we regularly review manpower planning requirements to
identify appropriate links to existing or required people management/human capital
strategies. We aim to optimize resource deployment decisions so that our clients get the best
possible talent. The Project Manager along with Human Resource department will be
involved d in any decision to with respect to employee engagement and his/her deployment
to the project. Following are the steps we take to identify the resource which needs to be
deployed in the project:
• Making an inventory of present manpower resources and assessing the extent to
which these resources are employed optimally
• Forecasting future manpower requirements in the project using attrition rate
prediction model.
• Planning the necessary programmes of requirement, selection, training,
development, utilization, transfer, promotion, motivation and compensation to
ensure that future manpower requirements are properly met.
We support our employees by identifying his development goals and make sure he performs
according to the mutually agreed KRAs. We keep track of development of processes and
systems to gather measurement data and feedback from key stakeholders.
Contingency management
Risk Management

Bilaspur Smart City: Technical Proposal

1121
The risks we manage differ depending on the nature of the engagement and the extent of our
involvement in the overall client project.
On our strategic projects as yours, we will have a Project Manager who will be available on
the project who will track the progress of the project against the contract and an agreed project
plan. Any deviations may be called out as risks or issues and addressed / escalated through
an agreed process.
At present, we expect that some of the risks that may arise on projects within this panel
include:
Risk Method TASL Would Employ to Overcome Effect Of
Risk
Governance – not involving theTASL will mitigate this risk through ensuring a clear
right people at the right time governance process is defined at the beginning of any
engagement, with clear points of escalation where required.

Solution / deliverable – notTASL will mitigate this risk by agreeing a clear scope of
delivering agreed scope at thework at the beginning of the project, using the processes
expected quality defined in the 'Service Delivery' section of this response, and
will ensure timely check-ins both internally and with client
resources to verify that work is being completed to the
expected standard and scope.
Confidentiality and security –Where sensitive data needs to be shared as part of a project,
lack of control of data andTASL will work with the client to implement a confidential
confidential information information management plan to mitigate this risk.

Timing lack of ability to meetTASL will seek to mitigate this risk by engaging in forward
agreed project timeframes planning with the client where possible to ensure that
required resources are available and will bring our
methodology and accelerators wherever possible to ensure
that projects are completed as quickly as possible.
Third-party risks - reliance onWhere work requires TASL to work with third party, we seek
third- party inputs that may notto mitigate the risk of having poor quality inputs through the
meet quality standards development a detailed and coordinated engagement and
communication plan. TASL will work with the client to
define a complete RACI for the delivery of services, which
have been agreed upon by all providers.
Key person risks – lack ofTo mitigate this risk, TASL will seek to establish list of key
availability and capacity of keycontacts for any engagement in Week 1 and will work with
stakeholders the client’s staff to ensure that key team members are made
available where needed.
Financial risks – failing toTASL mitigates this risk through the application of the
perform the services within thechange management procedures, and by regular reviews with
agreed budget the leadership and delivery team of the project. We will
highlight any concerns with budget to the client at the earliest

Bilaspur Smart City: Technical Proposal

1122
 available opportunity and will seek to rectify any challenges
in a collaborative manner.

Contingency plan for the prevention of critical data loss due to server crashing, power
failure, or any incident
Vital Electronic Data
Critical data is regularly backed up. However, in the event that data loss may occur, all
personnel would be notified to immediately backup their personal computers.
Hard disks would be secured with the appropriate, qualified personnel and put into storage,
either on site, in the event that they can return to the building, or off site. Employees working
on sensitive data files should cease operations and save and back up their data.
Server Data
In the event that the server fails the IT Administrator responsible for maintaining the server
will ensure that the server has automatically restarted. If the server has failed critically, if
possible, a server-level migration should be performed in order to transfer data to the backup
server.
If a disaster that will render the server unserviceable is imminent, data on the server should
be immediately backed up to the server room hard drives and the hard drives should be
removed and stored off-premises.
Hard Copy File Data
Files that are known to contain important data, recordings, would be stored in an appropriate
location. In the event of a disaster that will render the building or the recordings inaccessible,
all files will be removed from the premises and stored in an offsite location. In the case of a
disaster that will not render the building or the files inaccessible, all files should be stored in
a filing or storage cabinet until the area has been declared all clear.

Bilaspur Smart City: Technical Proposal

1123
Mobilization of existing resources and additional resources as required
As soon as TASL is notified of award of project, all the stakeholders will have meeting to
identify the gaps in resource that is required for the projects and the resources that are
available with us. The resources where gaps are there will be notified to the internal stake
holder and it gap will be filled as soon as possible for successful delivery of project. The
human resources who are on bench will be notified of the project the moment we have the
LoI with us.
Steps:
• Evaluate and judge the need of resource
• Identify the type of resource
• Locate the availability of resource
• Effective communication of resources
• Evaluate the quantity and quality of resources of required
• Identify the problems pertaining to mobilization of resources
• Arrange funds for acquisition of resources
• Plan out Inventory Management for procured resources
Mobilization of existing resources and additional resources as required
As soon as TASL is notified of award of project, all the stakeholders will have meeting to
identify the gaps in resource that is required for the projects and the resources that are
available with us. The resources where gaps are there will be notified to the internal stake
holder and it gap will be filled as soon as possible for successful delivery of project. The
human resources who are on bench will be notified of the project the moment we have the
LoI with us.
Steps:
• Evaluate and judge the need of resource.
• Identify the type of resource.

Bilaspur Smart City: Technical Proposal

1124
 • Locate the availability of resource.
• Effective communication of resources
• Evaluate the quantity and quality of resources of required
• Identify the problems pertaining to mobilization of resources
• Arrange funds for acquisition of resources
• Plan out Inventory Management for procured resources

Training and handholding strategy

Our proposal for Knowledge Sharing is to share our skills and knowledge of the installation,
testing, commissioning and maintenance of the system required to meet client`s requirements
so that they may develop their engineering skills and offer a wider service to meet their
clients’ needs.

The Training Plan will identify the training modules to be provided for each of the systems
together with a timetable for the provision of the training.
In order to strengthen the staff, structured capacity building programmers shall be undertaken
for multiple levels in the organizational hierarchy like foundation process/ soft skills training
to the staff for pre-defined period. Also, refresher trainings for Command control Centre, City
Operation Staff and designated client official shall be a part of Capacity Building. It is
important to understand that training needs to be provided to each and every staff personnel
of ICCC. These officers shall be handling emergency situations with very minimal turnaround
time.
Appropriate training shall be carried out as per the User Training Plan prepared in detail
stating the number of training sessions to be held per batch of trainees, course work for the
training program, coursework delivery methodologies and evaluation methodologies in detail.
We will conduct end user training and ensure that the training module holistically covers all
the details around hardware and system applications expected to be used on a daily basis to
run the system.
We will impart operational and technical training to internal users on solutions being
implemented to allow them to effectively and efficiently use the surveillance system.

Bilaspur Smart City: Technical Proposal

1125
We will prepare the solution specific training manuals and submit the same to purchaser for
review and approval. Training Manuals, operation procedures, visual help-kit etc. will be
provided in English language. We will provide training to selected officers of the purchaser
covering functional, technical aspects, usage and implementation of the products and
solutions.
We will ensure that all concerned personnel receive regular training sessions, from time to
time, as and when required. Refresher training sessions shall be conducted on a regular basis.
Assessment of Manpower deployment, Training and Handholding plan
Deployment strategy of Manpower
Our strategy is predictive, and we regularly review manpower planning requirements to
identify appropriate links to existing or required people management/human capital
strategies. We aim to optimize resource deployment decisions so that our clients get the best
possible talent. The Project Manager along with Human Resource department will be
involved d in any decision to with respect to employee engagement and his/her deployment
to the project. Following are the steps we take to identify the resource which needs to be
deployed in the project:
• Making an inventory of present manpower resources and assessing the extent to
which these resources are employed optimally
• Forecasting future manpower requirements in the project using attrition rate
prediction model.
• Planning the necessary programmes of requirement, selection, training,
development, utilization, transfer, promotion, motivation and compensation to
ensure that future manpower requirements are properly met.
We support our employees by identifying his development goals and make sure he performs
according to the mutually agreed KRAs. We keep track of development of processes and
systems to gather measurement data and feedback from key stakeholders.
Contingency management
Risk Management
The risks we manage differ depending on the nature of the engagement and the extent of our
involvement in the overall client project.
On our strategic projects as yours, we will have a Project Manager who will be available on
the project who will track the progress of the project against the contract and an agreed project
plan. Any deviations may be called out as risks or issues and addressed / escalated through
an agreed process.
At present, we expect that some of the risks that may arise on projects within this panel
include:
Risk Method TASL Would Employ to Overcome Effect Of
Risk
Governance – not involving theTASL will mitigate this risk through ensuring a clear
right people at the right time governance process is defined at the beginning of any
engagement, with clear points of escalation where required.

Bilaspur Smart City: Technical Proposal

1126
Solution / deliverable – notTASL will mitigate this risk by agreeing a clear scope of
delivering agreed scope at thework at the beginning of the project, using the processes
expected quality defined in the 'Service Delivery' section of this response, and
will ensure timely check-ins both internally and with client
resources to verify that work is being completed to the
expected standard and scope.
Confidentiality and security –Where sensitive data needs to be shared as part of a project,
lack of control of data andTASL will work with the client to implement a confidential
confidential information information management plan to mitigate this risk.

Timing lack of ability to meetTASL will seek to mitigate this risk by engaging in forward
agreed project timeframes planning with the client where possible to ensure that
required resources are available and will bring our
methodology and accelerators wherever possible to ensure
that projects are completed as quickly as possible.
Third-party risks - reliance onWhere work requires TASL to work with third party, we seek
third- party inputs that may notto mitigate the risk of having poor quality inputs through the
meet quality standards development a detailed and coordinated engagement and
communication plan. TASL will work with the client to
define a complete RACI for the delivery of services, which
have been agreed upon by all providers.
Key person risks – lack ofTo mitigate this risk, TASL will seek to establish list of key
availability and capacity of keycontacts for any engagement in Week 1 and will work with
stakeholders the client’s staff to ensure that key team members are made
available where needed.
Financial risks – failing toTASL mitigates this risk through the application of the
perform the services within thechange management procedures, and by regular reviews with
agreed budget the leadership and delivery team of the project. We will
highlight any concerns with budget to the client at the earliest
available opportunity and will seek to rectify any challenges
in a collaborative manner.

Contingency plan for the prevention of critical data loss due to server crashing, power
failure, or any incident
Vital Electronic Data
Critical data is regularly backed up. However, in the event that data loss may occur, all
personnel would be notified to immediately backup their personal computers.
Hard disks would be secured with the appropriate, qualified personnel and put into storage,
either on site, in the event that they can return to the building, or off site. Employees working
on sensitive data files should cease operations and save and back up their data.
Server Data
In the event that the server fails the IT Administrator responsible for maintaining the server
will ensure that the server has automatically restarted. If the server has failed critically, if

Bilaspur Smart City: Technical Proposal

1127
possible, a server-level migration should be performed in order to transfer data to the backup
server.
If a disaster that will render the server unserviceable is imminent, data on the server should
be immediately backed up to the server room hard drives and the hard drives should be
removed and stored off-premises.
Hard Copy File Data
Files that are known to contain important data, recordings, would be stored in an appropriate
location. In the event of a disaster that will render the building or the recordings inaccessible,
all files will be removed from the premises and stored in an offsite location. In the case of a
disaster that will not render the building or the files inaccessible, all files should be stored in
a filing or storage cabinet until the area has been declared all clear.

Bilaspur Smart City: Technical Proposal

1128
Mobilization of existing resources and additional resources as required
As soon as TASL is notified of award of project, all the stakeholders will have meeting to
identify the gaps in resource that is required for the projects and the resources that are
available with us. The resources where gaps are there will be notified to the internal stake
holder and it gap will be filled as soon as possible for successful delivery of project. The
human resources who are on bench will be notified of the project the moment we have the
LoI with us.
Steps:
• Evaluate and judge the need of resource.
• Identify the type of resource.
• Locate the availability of resource.
• Effective communication of resources
• Evaluate the quantity and quality of resources of required
• Identify the problems pertaining to mobilization of resources
• Arrange funds for acquisition of resources
• Plan out Inventory Management for procured resources

Training and handholding strategy

Our proposal for Knowledge Sharing is to share our skills and knowledge of the installation,
testing, commissioning and maintenance of the system required to meet client`s requirements
so that they may develop their engineering skills and offer a wider service to meet their
clients’ needs.

The Training Plan will identify the training modules to be provided for each of the systems
together with a timetable for the provision of the training.
In order to strengthen the staff, structured capacity building programmers shall be undertaken
for multiple levels in the organizational hierarchy like foundation process/ soft skills training
to the staff for pre-defined period. Also, refresher trainings for Command control Centre, City
Operation Staff and designated client official shall be a part of Capacity Building. It is
important to understand that training needs to be provided to each and every staff personnel

Bilaspur Smart City: Technical Proposal

1129
of ICCC. These officers shall be handling emergency situations with very minimal turnaround
time.
Appropriate training shall be carried out as per the User Training Plan prepared in detail
stating the number of training sessions to be held per batch of trainees, course work for the
training program, coursework delivery methodologies and evaluation methodologies in detail.
We will conduct end user training and ensure that the training module holistically covers all
the details around hardware and system applications expected to be used on a daily basis to
run the system.
We will impart operational and technical training to internal users on solutions being
implemented to allow them to effectively and efficiently use the surveillance system.
We will prepare the solution specific training manuals and submit the same to purchaser for
review and approval. Training Manuals, operation procedures, visual help-kit etc. will be
provided in English language. We will provide training to selected officers of the purchaser
covering functional, technical aspects, usage and implementation of the products and
solutions.
We will ensure that all concerned personnel receive regular training sessions, from time to
time, as and when required. Refresher training sessions shall be conducted on a regular basis.

Bilaspur Smart City: Technical Proposal

1130
Bilaspur Smart City: Technical Proposal

1131
An annual training calendar shall be clearly chalked out and shared with the purchaser along
with complete details of content of training, target audience for each year etc.
We will update training manuals, procedures manual, deployment/Installation guides etc. on
a regular basis (Quarterly/ Biannual) to reflect the latest changes to the solutions implemented
and new developments with stakeholders as necessary.
Systematic training shall be imparted to the designated trainees that shall help them to
understand the concept of solution, the day-to-day operations of overall solution and
maintenance and updating of the system to some extent. This shall be done under complete
guidance of the trainers provided by us. Time Schedule and detailed program shall be
prepared in consultation with Client and respective authorized entity In addition to the above,
while designing the training courses and manuals; we will take care to impart training on the
key system components that are best suited for enabling the personnel to start working on the
system in the shortest possible time.
We will deploy a Master Trainer who shall be responsible for planning, designing and
conducting continuous training sessions. Training sessions and workshops shall comprise
of presentations, demonstrations and hands on mandatorily for the application modules.
Purchaser shall be responsible for identifying and nominating users for the training. However,
we will be responsible for facilitating and coordinating this entire process. To ensure that the
courses have been delivered effectively and the trainees have acquired the necessary skills,
an evaluation will be undertaken to check the level of knowledge reached by each training
course attendant. For example, the evaluation for the training course could consist of:
• Identification of modules and their locations
• Definition and system architecture
• Knowledge of tools and interface behavior for control and monitoring Knowledge
on how to modify configurable data
The course evaluation will be carried out based on the evaluation results.
Types of Trainings: Following training needs is identified for all the project stakeholders:
Basic IT training
1. Computer usage,
2. Network,
3. Desktop operations,
4. User admin,
5. Application installation,
6. Basic computer troubleshooting etc.
Initial Training as part of Project Implementation
A) Functional Training
1. Basic IT skills
2. Video Management Software, Video Analytics, ATCC etc.
3. Software Applications (Command & Control Center)
4. Networking, Hardware Installation

Bilaspur Smart City: Technical Proposal

1132
5. Centralized Helpdesk
6. Feed monitoring
B) Administrative Training
1. System Administration Helpdesk, FMS, BMS Administration etc.
2. Master trainer assistance and handling helpdesk requests etc.
c) Senior Management Training
1. Usage of all the proposed systems for monitoring, tracking and reporting,
2. MIS reports, accessing various exception reports Post-Implementation Training
Following the training Client`s trained personnel will be able to undertake additional works
without reverting back to us, we would be available for consultation in the event that this is
required by client. Other activities that will be performed as this exercise will be:
Refresher Trainings for the Senior Management
1. Functional/Operational training and IT basics for new operators
2. Refresher courses on System Administration
3. Change Management programs
Our proposal for Knowledge Sharing is to share our skills and knowledge of the installation,
testing, commissioning and maintenance of the system required to meet Client`s requirements
so that they may develop their engineering skills and offer a wider service to meet their
clients’ needs.
As part of the contract, we will develop a Training Plan with client, the objectives of the
training being to provide the necessary skills to install, test, commission and maintain all
systems and their associated equipment
The Training Plan will identify the training modules to be provided for each of the systems
together with a timetable for the provision of the training. The development of the Training
Plan will be managed under the controls set out in our Quality Plan. To ensure that the courses
have been delivered effectively and the trainees have acquired the necessary skills an
evaluation will be undertaken to check the level of knowledge reached by each training course
attendant. For example, the evaluation for the training course could consist of: Identification
of modules and their locations.
Definition and system architecture
Knowledge of tools and interface behaviour for control and monitoring Knowledge on how
to modify configurable data
An annual training calendar shall be clearly chalked out and shared with the purchaser along
with complete details of content of training, target audience for each year etc.
We will update training manuals, procedures manual, deployment/Installation guides etc. on
a regular basis (Quarterly/ Biannual) to reflect the latest changes to the solutions implemented
and new developments with stakeholders as necessary.
Systematic training shall be imparted to the designated trainees that shall help them to
understand the concept of solution, the day-to-day operations of overall solution and
maintenance and updating of the system to some extent. This shall be done under complete
guidance of the trainers provided by us. Time Schedule and detailed program shall be

Bilaspur Smart City: Technical Proposal

1133
prepared in consultation with Client and respective authorized entity In addition to the above,
while designing the training courses and manuals; we will take care to impart training on the
key system components that are best suited for enabling the personnel to start working on the
system in the shortest possible time.
We will deploy a Master Trainer who shall be responsible for planning, designing and
conducting continuous training sessions. Training sessions and workshops shall comprise
of presentations, demonstrations and hands on mandatorily for the application modules.
Purchaser shall be responsible for identifying and nominating users for the training. However,
we will be responsible for facilitating and coordinating this entire process. To ensure that the
courses have been delivered effectively and the trainees have acquired the necessary skills,
an evaluation will be undertaken to check the level of knowledge reached by each training
course attendant. For example, the evaluation for the training course could consist of:
• Identification of modules and their locations
• Definition and system architecture
• Knowledge of tools and interface behavior for control and monitoring Knowledge
on how to modify configurable data
The course evaluation will be carried out based on the evaluation results.
Types of Trainings: Following training needs is identified for all the project stakeholders:
Basic IT training
1. Computer usage,
2. Network,
3. Desktop operations,
4. User admin,
5. Application installation,
6. Basic computer troubleshooting etc.
Initial Training as part of Project Implementation
A) Functional Training
1. Basic IT skills
2. Video Management Software, Video Analytics, ATCC etc.
3. Software Applications (Command & Control Center)
4. Networking, Hardware Installation
5. Centralized Helpdesk
6. Feed monitoring
B) Administrative Training
1. System Administration Helpdesk, FMS, BMS Administration etc.
2. Master trainer assistance and handling helpdesk requests etc.
c) Senior Management Training
1. Usage of all the proposed systems for monitoring, tracking and reporting,
2. MIS reports, accessing various exception reports Post-Implementation Training

Bilaspur Smart City: Technical Proposal

1134
Following the training Client`s trained personnel will be able to undertake additional works
without reverting back to us, we would be available for consultation in the event that this is
required by client. Other activities that will be performed as this exercise will be:
Refresher Trainings for the Senior Management
1. Functional/Operational training and IT basics for new operators
2. Refresher courses on System Administration
3. Change Management programs
Our proposal for Knowledge Sharing is to share our skills and knowledge of the installation,
testing, commissioning and maintenance of the system required to meet Client`s requirements
so that they may develop their engineering skills and offer a wider service to meet their
clients’ needs.
As part of the contract, we will develop a Training Plan with client, the objectives of the
training being to provide the necessary skills to install, test, commission and maintain all
systems and their associated equipment
The Training Plan will identify the training modules to be provided for each of the systems
together with a timetable for the provision of the training. The development of the Training
Plan will be managed under the controls set out in our Quality Plan. To ensure that the courses
have been delivered effectively and the trainees have acquired the necessary skills an
evaluation will be undertaken to check the level of knowledge reached by each training course
attendant. For example, the evaluation for the training course could consist of: Identification
of modules and their locations.
Definition and system architecture
Knowledge of tools and interface behaviour for control and monitoring Knowledge on how
to modify configurable data

Bilaspur Smart City: Technical Proposal

1135
 7.5.2 Project Plan
Request for Proposal (RFP) for Selection of Master System Integrator for Implementation of Intelligent Traffic Management System (ITMS),
City Surveillance System and Integrated Command and Control Centre (ICCC) in Bilaspur City
SL Planned Schedule
Item Description
No Start Days End
1 Project Schedule 1-May-22 375 10-May-23
Project Schedule
1.1 Issuance of LoI 1-May-22 0 1-May-22
1.2 Submission of Signed LOI 7-May-22 1 7-May-22 Issuance of LoI

1.3 Submission of PBG 15-May-22 1 15-May-22 Submission of Signed LOI

1.4 Contract Signoff 15-May-22 1 15-May-22 Submission of PBG
2 Project Kickoff 19-May-22 3 21-May-22
Contract Signoff
2.1 Project KoM & submission of Project Inception report 19-May-22 3 21-May-22
Project Kickoff
2.2 SPOC details of BSCL/BSCL authorized agency 19-May-22 3 21-May-22
2.3 Sharing the final approval of Site Survey Formats 19-May-22 3 21-May-22 Project KoM & submission of Project Inception report
2.4 Clearance for Site Survey and commencement of work 19-May-22 3 21-May-22 SPOC details of BSCL/BSCL authorized agency
2.5 Location handover of ICCC 19-May-22 3 21-May-22 Sharing the final approval of Site Survey Formats
2.6 Existing System Details (Health, Make, Model, Configuration etc.) 19-May-22 3 21-May-22 Clearance for Site Survey and commencement of work
Location handover of ICCC
2.7 Existing Network & IP Schema details 19-May-22 3 21-May-22
3 Appointment of Project Teams 7-May-22 25 31-May-22 Existing System Details (Health, Make, Model, Configuration etc.)
3.1 Identifying of site team 7-May-22 15 21-May-22 Existing Network & IP Schema details
3.2 Engagement of Key resources 15-May-22 1 15-May-22 Appointment of Project Teams
3.3 Engagement of other Project Function resources 22-May-22 10 31-May-22 Identifying of site team
4 Project Charter - Deliverables 16-May-22 92 15-Aug-22
Engagement of Key resources
4.1 Submission of detailed Project plan and inception report 16-May-22 5 20-May-22
Submission of detailed Risk Management and Mitigation Plan Engagement of other Project Function resources
4.2 20-May-22 10 29-May-22
Project Charter - Deliverables
4.3 Commencement of site survey in phase wise manner 16-May-22 25 9-Jun-22 Submission of detailed Project plan and inception report
Approval on Site Survey report, location finalization & BoQ Submission of detailed Risk Management and Mitigation Plan
4.4 Finalization by BSCL/BSCL authorized agency in phase wise manner 21-May-22 25 14-Jun-22
Commencement of site survey in phase wise manner

4.5 Preparation of FRS & SRS 09-Jun-22 10 18-Jun-22 Approval on Site Survey report, location finalization & BoQ Finalization by BSCL/BSCL authorized agency in phase wise manner
4.6 Approval on FRS & SRS from BSCL/BSCL authorized agency 18-Jun-22 10 27-Jun-22 Preparation of FRS & SRS
Preperation & submission of Requirements Traceability Approval on FRS & SRS from BSCL/BSCL authorized agency
4.7 28-Jun-22 17 14-Jul-22
Matrix
Preperation & submission of Requirements Traceability…
4.8 Preparation of Low level & High Level documents 28-Jun-22 20 17-Jul-22
Preparation of Low level & High Level documents
Approval on Low level & High Level documents from BSCL/BSCL
4.9 17-Jul-22 10 26-Jul-22
authorized agency Approval on Low level & High Level documents from BSCL/BSCL authorized agency
4.10 Finalization of Test plan & Change management plan 17-Jul-22 30 15-Aug-22 Finalization of Test plan & Change management plan
5 Material Delivery 14-Jun-22 91 12-Sep-22 Material Delivery
5.1 Vendor negotiation 14-Jun-22 20 3-Jul-22
Vendor negotiation
5.2 Placement of PO 19-Jun-22 20 8-Jul-22
Supply of all non IT equipments Placement of PO
5.3 29-Jun-22 76 12-Sep-22
Supply of all non IT equipments
Supply of all active component cameras, servers, storage box, Supply of all active component cameras, servers, storage box, switches etc. at site.
5.4 09-Jul-22 66 12-Sep-22
switches etc. at site.
Execution, Testing & UAT
6 Execution, Testing & UAT 09-Jul-22 305 9-May-23
Completion of Backbone Infrastructure
6.1 Completion of Backbone Infrastructure 09-Jul-22 100 16-Oct-22
6.2 Installation of all active equipment's (IT & Non IT) 24-Jul-22 100 31-Oct-22 Installation of all active equipment's (IT & Non IT)
Commissioning & operationalization of all active equipment's (IT & Commissioning & operationalization of all active equipment's (IT & Non IT)
6.3 02-Oct-22 60 30-Nov-22
Non IT) Commissioning of ICCC
6.4 Commissioning of ICCC 22-Oct-22 51 11-Dec-22
Testing & Operationalization of respective solutions with Service Platform
Testing & Operationalization of respective solutions with Service
6.5 11-Dec-22 60 8-Feb-23 UAT
Platform
6.6 UAT 10-Jan-23 60 10-Mar-23 User training
6.7 User training 25-Feb-23 45 10-Apr-23 Project Go-Live cum ICCC BCP along with all field components and integrations
Project Go-Live cum ICCC BCP along with all field components and
6.8 11-Apr-23 29 9-May-23 Issuance of Go Live & Commissioning certificate to TASL
integrations
7 Issuance of Go Live & Commissioning certificate to TASL 10-May-23 1 10-May-23 24-Apr-22 13-Jun-22 2-Aug-22 21-Sep-22 10-Nov-22 30-Dec-22 18-Feb-23 9-Apr-23 29-May-23

Remarks:
1. The Plan is made considering no delay happens due to COVID-19 pandemic situation. Delays because of COVID-19 shall be compensated without any LD to TASL
2. The Plan is based on the assumption that payment would be released within the contractual timeline & appropriate cashflow would be maintained for material ordering and
onward execution.

1136
Page 1 of 1
7.5.3 MANPOWER PLAN
I. Till Go-Live (Implementation)

Role Month wise time to be spent by each personnel

# Number of days Total
(in days)

1 2 3 4 5 6 7 8 9 10 11 12

Project
22 days 22 days 22 days 23 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Onsite 265 days
1 265 days
Manager Offsite 0 days

10 days 22 days 22 days 22 days 22 days 22 days 22 days 15 days Onsite 157 days
Solution
2 157 days
Architect
Offsite 0 days

22 days 22 days 22 days 22 days 22 days 22 days Onsite 132 days

3 ITMS Expert 132 days
Offsite 0 days

CCTV
Surveillance 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Onsite 176 days
Expert
4 176 days

Offsite 0 days

Command &
Control Center 22 days 22 days 22 days 22 days 22 days 22 days Onsite 132 days
Expert
5 132 days

Offsite 0 days

1137
 11 days 22 days 22 days 11 days 22 days 22 days 22 days 10 days Onsite 142 days

6 DC & DR Expert 142 days

Offsite 0 days

Software
Application and 22 days 22 days 22 days 22 days 10 days 22 days 22 days Onsite 142 days
7 Integration 132 days
Expert
Offsite 0 days

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Onsite 242 days
Network and
8 242 days
Security Expert
Offsite 0 days

Database
Architect/DBA 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Onsite 220 days
9 220 days
Offsite 0 days

11 days 6 days 5 days Onsite 22 days

GIS Expert 1
10 213 days
Nos.
22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 5 days 10 days Offsite 191 days

Grand Total 1811 days

1138
 9
8
7
6
5
4
3
2
1
#

14
13
12
11
10

OFC
CCTV
Traffic

Expert
Expert

Facility

Staff (3
centre -

team (2
Software

Technical

numbers)
numbers)
numbers)
Database

numbers)
Intelligent
Role

Integration

(3 numbers)
help desk (6
Surveillance

Receptionist
Operator for
Network and

maintenance
Security Staff

Management
Management

Application &

Manpower (3
Architect/DBA
Control Expert
Command and

Security Expert
Systems Expert

City operations
DC & DR Expert
Project Manager
22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 1

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 2

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 3

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 4

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 5

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 6

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 7
II. After Go Live (Operations- Maintenance) Phase

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 8

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 9
Month wise time to be spent by each personnel (in days)

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 10

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 11

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 12

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 13

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 14

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 15

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 16

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 17

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 18

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 19

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 20

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 21

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 22

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 23

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 24

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 25

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 26

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 27

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 28

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 29

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 30

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 31

1139
22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 32

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 33

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 34

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 35

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 36

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 37

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 38

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 39

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 40

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 41

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 42

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 43

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 44

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 45

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 46

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 47

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 48

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 49

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 50

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 51

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 52

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 53

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 54

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 55

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 56

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 57

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 58

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 59

22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days 22 days Month 60
Onsite
Onsite
Onsite
Onsite
Onsite
Onsite
Onsite
Onsite
Onsite
Onsite
Onsite
Onsite
Onsite
Onsite

1320 days
1320 days
1320 days
1320 days
1320 days
1320 days
1320 days
1320 days
1320 days
1320 days
1320 days
1320 days
1320 days
1320 days
No of Days
Total

1320 mandays

2640 mandays
1320 mandays
3960 mandays
3960 mandays
3960 mandays
7920 mandays
1320 mandays
1320 mandays
1320 mandays
1320 mandays
1320 mandays
1320 mandays
1320 mandays
TASL as MSI understood the objectives and requirements of client, to the extent specified in the RFP. With prior experience in working on
similar projects, TASL has proposed an organization structure for this engagement, which will be finalized during project initiation. An
attempt has also been made to identify the key roles and responsibilities.
The proposed organization structure is designed to handle right level of governance, quick issue resolution and escalation handling and
keeping the below elements into consideration.
Leveraging its experience gained over various engagements and industry best practices, TASL is proposing the following well-structured
governance model that will ensure effective project level governance and delivery. The two-tier governance structure(one is Project team
support TASL Manpower Deployment as per Organization chart and Sub-contractor Deployment and second is Project control group
supported by Backend team) and will define, delegate, monitor and guide all aspects of the engagement and focus on the following
dimensions:
• Periodic performance review
• Risk and Issue Management at appropriate level
• Escalation Management
• Ensuring management support to the engagement
Steering Committee
The steering committee, a joint management team will comprise of senior business management representatives and key stakeholders
from client, TASL. It is specifically established for the entire duration of the program effort and will be responsible for:
• Provide executive sponsorship & oversight
• Understand customer’s business goals and objectives
• Provide overall direction and guidance for the engagement
• Share Strategic vision and plans
• Authorize funds for the projects and approve resources allocation, significant schedule and scope changes
• Periodically monitor the project to ensure it is on schedule and within budget
Program Team
The program management group is set up to manage the team and delivering all program commitments. It will also serve as the single
point agency for controlling the program along with issue resolution and monitoring program status on a continuous basis.
This team monitors the status of the program and the activities of project leads and various team members. The responsibilities of this
team are:

1140
 • Develop and track detailed and integrated project work schedules and allocate resources against the schedules
• Define and establish performance metrics aligned to goals
• Review project scope, timelines & budget, and monitor project progress
• Enable communication, status reporting & escalation to the steering committee
• Manage cross team dependencies
• Identify, initiate & institutionalize process improvements
• Centralize all program information
Operational Team
This team is led by a project manager and will be responsible for the operational activities with respect to the engagement. The various
activities carried out by the project delivery team include:
• Define standard operating procedures
• Ensure resource allocation
• Train & manage resources
• Execute tasks
• Adhere to timelines
• Achieve project quality
• Periodic progress reporting

Deployment Strategy of Manpower

Project Team - Roles and Responsibilities
Team Lead cum Project Manager of Project
Roles & responsibilities
• Setting up and mobilizing Delivery systems and processes by
• Setting up and implementing the supply chain processes.
• Workflow and material flow processes to be clearly laid down.
• Audit of goals, systems and processes.
• Excellence in Project Management
• Reduction in execution time.

1141
• Reduction in Project cost
• Reference sites creation
• Process Centric Project execution/engineering documentation.
• Revenue Plan compliance.
• Retention / liquidation plan compliance.
• Collection Plan
• Ensuring operations team productivity as per company norm.
• Managing the contract with CLIENT/DEPARTMENT.
• Ensure that TASL commitments in the contract are properly addressed through the entire duration of the engagement in the
project.
• Assign TASL resources to the project Regularly meet with CLIENT/DEPARTMENT representative(s) and review overall project
progress, risks and issues, if any
• Participate in Project Steering Committee review and management review as per agreed periodicity
• Acts as spokesperson for the project in any communication with external agencies
• Review and approval of key deliverables to validate their quality
• To review and approve changes in project scope and any consequent financial impact.
Project Manager Roles:
Key Responsibilities
• Fast response to the Customer
• To be the Best Solutions Provider by substantially improving the quality of installation & commissioning so that the customer
perceives the value of deliverable system
• Adherence to Systems & Processes throughout the Project Execution cycle.
• Arranging training to the site engineers for meeting the competency level for quality and timely delivery of the project.
• Responsible for the safe, successful execution and timely completion of the entire works.
• Ensure that deliverables meet requirements in terms of contents and agreed plan.
• Managing project scope changes and escalates those decisions that are outside the project scope
• Overall progress monitoring, tracking and reporting of project as per approved plans i.e. progress review meetings with relevant
persons.
• Periodic project status review meeting with relevant stakeholders

1142
• To coordinate the planning and direct the phasing in all operations of the various design activities and to ensure that suitably
qualified personnel are in charge of the various parts of the design work.
• To ensure that Design Program is produced, updated and adhered and to ensure that this is communicated to every section of the
works as required.
• Development of design drawings right up to construction issue.
• To ensure timely production of design and construction drawings as per the project program and requirements.
• Reviewing the preparation of technical submittals for all ICCC equipment and material.
• Monitor, review and control of drawings and material submittals.
• To ensure maintenance of records such as tracking logs, design files, schedules etc.
• Raise design queries and Request for Information and resolve ambiguities.
• Manage the team of consultants during design phase of the Project.
• To deliver Design documents and identifying and setting agreed upon standards
• Coordinating with client participants during design phase to confirm the requirements and design. Responsible and Involve in the
design part of project and also coordinating with clien team. Responsible to facilitate Design documents for the project.
• Periodic status reporting Scope Management Review of design team.
• Participate in audits, process compliance checks and Checkpoint reviews.
• Prompt corrective and preventive actions on non-compliance issues.

• Conveying instruction as per safe work procedures;

• The inspection of equipment;
• Attend design review meetings with client and other agencies as required.
• Conduct internal design review meetings and record the Minutes of Meetings.
• Raise design queries and Request for Information and resolve ambiguities.
• Preparing weekly and monthly project status reports for client as per the agreed project status report format
• Participate in audits / process compliance checks

Solution Architect
Roles & responsibilities

1143
• Analyzing the technology environment.
• Analyzing enterprise specifics.
• To ensure the product meets business requirements and requirements from other stakeholders
• Analyze current technologies used within the company and determine ways to improve
• Document and monitor requirements needed to institute proposed updates
• Work closely with Information Technology professionals within the company to ensure hardware is available for projects and
working properly
• Propose and establish framework for necessary contributions from various departments
• Account for possible project challenges on constraints including, risks, time, resources and scope
• Work closely with project management teams to successfully monitor progress of initiatives
• Provide detailed specifications for proposed solutions
• Define clear goals for all aspects of a project and manage their proper execution
• Communicates the architecture to the stakeholders and collaborates and coordinates with existing domain architects in the
formalization and adoption of IT standards and procedures.
• Champions a structured approach to business application solutions.
• Directly assists in the development of a solutions architecture program including departmental roadmaps and project portfolios
for IT systems architecture.
• Assures solutions not only are a fit for the specific purpose but also closely align with the standards guidelines of technology
solutions.
• Influences changes to standards when necessary.
• Assists domain architecture team on solutions management and timing of financial spend for application solutions.
• Supports the architectural aspects of all application projects in peer IT portfolios.
• Directs the identification and recommendation of appropriate solutions, upgrades, replacements, or decommissioning options
incorporating business and technology productivity, usability, and total cost of ownership.
• Develops and executes solutions which further reduce the percentage of time spent on reactive work.
• Provides analysis of security protection technologies as necessary.

Network & Security Expert

Roles & responsibilities

1144
• Translate customer (internal or external) test automation needs and requirements using technical principles into realisable
solutions and capabilities.
• Manage key stakeholders to ensure any proposed standards, practices and processes are adopted.
• Ensure the relevant KPIs are closely monitored and reported to meet the required objective.
• Assess capability of vendor solution and offerings to meet business requirements and manage vendor technology delivery.
• Work extensively with core engineering teams where possible to leverage best practises and technology re-use.
• seeking to build in security during the development stages of software systems, networks and data centres.
• To Look for vulnerabilities and risks in hardware and software.
• Finding the best way to secure the IT infrastructure of an organisation.
• Building firewalls into network infrastructures.
• Constantly monitoring for attacks and intrusions.
• When the cyber security specialist finds a potential threat or attempted breach, closing off the security vulnerability.
• Ability to use logic and reasoning to identify the strengths and weaknesses of IT systems.
• A forensic approach to challenges.
• A deep understanding of how hackers work and ability to keep up with the fast pace of change in the criminal cyber-underworld.
• Ability to seek out vulnerabilities in IT infrastructures.

CCC Expert
Roles & responsibilities

• Reports and responds to emergency and non-emergency situations including but not limited to fires, vandalism, theft, illegal entry,
suspicious activity, etc.
• Communicates and coordinates information or instructions clearly and effectively with law enforcement, emergency responders,
and via two-way telephones, and in person briefings.
• Monitors surveillance, fire protection, and other Smart City’s systems.
• Monitors use of computer data files to safeguard information; follows up on any violations with appropriate personnel.
• Monitors employee, short and long term parking lots.
• Records test results, test procedures, or inspection data and verifies completeness or accuracy of data.
• Transcribes spoken and written information and prepares reports.

1145
• Monitors ICCC operational conditions and status of automated systems, performing routine tests to ensure appropriate
notifications and follow up
actions are taken.
• Coordinates and dispatches appropriate staff regarding operational, maintenance, safety and security related issues; logs and
reports to staff for appropriate follow-up.
• Maintains surveillance to ensure security system is operational and monitors security system activities for discrepancies, and
dispatches appropriate staff as required.
• Monitors all automated equipment systems for fire, security and maintenance
alarms, making appropriate notifications when necessary
• Initiates and coordinates response and notification of essential local agencies to respond to emergencies.

1146
 7.6.1 Summary of Resources proposed
Sl.No. Name of the Proposed Role Highest Degree Basic Certifications Total
resource Qualification Experience (in
years)
Project
1. Rajeeb Panja MBA B.E. PMP 21
Manager
Installation and
2. Arvind Sharma Commissioning B.Tech B.Tech 12
Engineer
CCTV Surveillance
3. Sithanandam J BE BE 15
Expert
Installation and Management
Commissioning development programme
Engineer on understanding
4. Tridip Kumar Sen B.Tech B.Tech customer value & 15
building customer-
oriented organization
from XLRI Jamshedpur
5. Prodip Majumdar Installation and
Commissioning B.Tech B.Tech 14
Engineer
6. Sunil Kumar Yadav Network and • CCNA Routing and
B.Tech B.Tech 13
Security Expert Switching
ADVANCED SYSTEMS LIMITED
Cyber & Physical Security Division
Corporate Identification No. (CIN) U72900TG2006PLC077939
World Trade Towers, C-1, 4th Floor, Sector -16, Noida Gautam Budh Nagar (UP) 201301, Tele: + 91120 4847450, Fax: 0120 4847459
Registered Office: Hardware Park, Plot No 21, Sy No 1/1, Imarat Kancha, Raviryala Village, Maheshwaram Mandal, Hyderabad - 501218 Telangana District
Website: www.tataadvancedsystems.com

1147
 • CCNP (Cisco
Certified Specialist -
Enterprise Core)
• ITIL V4
7. Santosh Kumar DC & DR Expert
B.Tech BE 10
Yadav
8. Shashi Kant Tiwari IT/ICT
Infrastructure B.Tech B.Tech CCNA, CISA 10
Expert
9. Saheerali Edathil GIS Expert “Introduction to Digital
M.Sc. Applied Photogrammetry" course
B.Sc 12
Geology at NRSC (National
Remote Sensing Centre
Command and
10. Vivek Nayer MCA B.Sc. 20
Control Expert
11. Pradeep C Software
Vishwakarma Application and B.Tech B.Tech Agile, Node Js 10.5
Integration expert
12. Shashank Thakur Solution CCTV System, Fire
Architect BE BE Alarm System, Access 19
Control System
13. Kedar Kumbhar Software
MCA BCA 13.3
Management Expert
14. Argha Bose IT/Cyber Security
MS B.E (Electronics) 28
Expert

ADVANCED SYSTEMS LIMITED

Cyber & Physical Security Division
Corporate Identification No. (CIN) U72900TG2006PLC077939
World Trade Towers, C-1, 4th Floor, Sector -16, Noida Gautam Budh Nagar (UP) 201301, Tele: + 91120 4847450, Fax: 0120 4847459
Registered Office: Hardware Park, Plot No 21, Sy No 1/1, Imarat Kancha, Raviryala Village, Maheshwaram Mandal, Hyderabad - 501218 Telangana District
Website: www.tataadvancedsystems.com

1148
15. Vinay Thakre ITMS Expert B.E. B.E. (ECE) Prince 2 8.5
16. Madhur Shyam Database Architect • Certification in
Maurya Neural Networks and
Deep Learning.
B.Tech B.Tech • Azure and DevOps 14.5
cloud computing
training by Microsoft
Team
Account Manager –
17. Vivek Upadhyay Solutions (Physical MBA B.E (ECE) 14
Security)
18. Ashish Kumar Jain Database Architect BE BE 10
MSW and
19. Supriya Jha HR Administrator B.A. 20
PGDM
20. Prerna Mehta HR Administrator MBA B.A. 6
21. Rajat Kedia Finance Controller CA, CS B. Com (H) 12
Procurement and
Lean Six Sigma (Black
22. Sandeep Bhati Vendor MBA BE 12
Belt)
Management
Procurement and
PGDM – Supply chain
23. Vishal Srivastava Vendor MBA B.Sc 14
management
Management
Operations and Lean Six Sigma – Black
24. Sanjoy Roy Executive MBA B.Tech 14
Maintenance Expert Belt

ADVANCED SYSTEMS LIMITED

Cyber & Physical Security Division
Corporate Identification No. (CIN) U72900TG2006PLC077939
World Trade Towers, C-1, 4th Floor, Sector -16, Noida Gautam Budh Nagar (UP) 201301, Tele: + 91120 4847450, Fax: 0120 4847459
Registered Office: Hardware Park, Plot No 21, Sy No 1/1, Imarat Kancha, Raviryala Village, Maheshwaram Mandal, Hyderabad - 501218 Telangana District
Website: www.tataadvancedsystems.com

1149
 Operations and
25. Piyush Bhatt B.E. B.E. 9.5
Maintenance Expert
Network and
26. Shashank Gairola Infrastructure B.Tech B.Tech CCNA 8
Expert
Network and
27. Mahesh Pratap Singh Infrastructure B.Tech B.Tech CCNA 9
Expert
Project Co-
28. Reyazul Haque B.E. B.E 12.5
ordinator
29. Sanjay Lohani Solution Architect B.Tech B.Tech 8

ADVANCED SYSTEMS LIMITED

Cyber & Physical Security Division
Corporate Identification No. (CIN) U72900TG2006PLC077939
World Trade Towers, C-1, 4th Floor, Sector -16, Noida Gautam Budh Nagar (UP) 201301, Tele: + 91120 4847450, Fax: 0120 4847459
Registered Office: Hardware Park, Plot No 21, Sy No 1/1, Imarat Kancha, Raviryala Village, Maheshwaram Mandal, Hyderabad - 501218 Telangana District
Website: www.tataadvancedsystems.com

1150