Request for Proposal for Managed Information Technology Services

Palatine Public Library District is accepting proposals from qualified firms to provide managed information technology services beginning July 1, 2019. We are seeking a firm who will partner with us to provide an excellent user experience to our community.

The ideal firm will have a quick response time, excellent customer service, strong project management skills, and can be relied upon to assist us in creating and maintaining a strong IT infrastructure while keeping up to date on emerging technologies.
 

Proposals Due

Deadline to submit is Wednesday, March 13, 2019, 5:00 p.m. Central Standard Time.
 

Download Full RFP

PPLD Request for Proposal for Managed IT Services.pdf
 

Questions and Answers, Posted 3/7/19

How are Windows updates scheduled?
Windows updates and software patches are scheduled by our IT provider and done via Kaseya.

Is there any scheduling for non-Windows updates? 
As needed. 

Do you have any major issues with one central data closet?
No, there is climate control (i.e. A/C) but currently no fire suppression. 

What current encryption system do you use in:
a.    Email?
None
b.    Hard drives? None
c.    Mobile devices? None 

Does staff have VPN or remote access library equipment?
Yes. Limited staff can connect to certain equipment via VPN. Some have been trained to use VPN to connect to our Sierra server remotely, which allows them to register new library cards at community events. Our Facilities Manager has VPN access to a computer in his office that allows him to log in to our HVAC monitoring system from home.

Do any vendors have VPN or remote access library equipment?
Only the boiler system vendor connects via VPN.  The ILS vendor, Innovative, connects via SSH that is access controlled at firewall.  

Does the Library currently have a BYOD (bring your own device) policy?
No policy.  We do have an SSID created for staff devices. It is part of the public Wi-Fi, but it is encrypted and password protected. It does not have access to network drives. 

Is there a 3rd party system in place for software patching? 
Kaseya is used to patch by our current IT provider.

What is the total used space on all the servers (both virtual and physical)?
Virtual 

  • C: Drive 
    Total 196 GB
    Used 62.8 GB
  • L: (data)
    Total 392. GB
    Used 89.9GB
  • M: (Hyper-V volume)
    Total 3.27 TB    
    Used 822 GB

Main Library File Server 

  • C Drive:
    Total 196 GB
    Used 48.8 GB
  • Main Share:
    Total 1.99 TB
    Used 858 GB

North Hoffman Branch File Server

  • C: Drive
    Total 121 GB
    Used 85.8 GB
  • L: (data)    
    Total 157 GB
    Used 25.5 GB

Rand Road Branch File Server

  • C: Drive
    Total 121 GB
    Used 82.9 GB
  • L: (data)
    Total 157 GB
    Used 28.6 GB

How much total data is being backed up?
1.6 TB. This is for our network and does not include our ILS backup. The ILS servers and backup are not managed by our IT provider. 

In regards to after-hours service from your current provider, how many monthly incidents have you averaged over the last 6 months?
We don’t have a record of our current provider’s after-hours service for us. Based on our tickets, we see three incidents in the last 6 months: 1 emergency; 2 planned updates. These after-hours requests fit within our SLA and did not result in additional service fees. 

How are you currently managing projects?
Currently, we are managing projects via Spiceworks and the IT provider’s ticketing system. A Technology Department Manager or Technology Support Specialist is designated as a project lead, and then they determine the workflow. Currently, we are not using Trello, Slack, or similar project management software platforms, although we have used these tools in the past. 

What monthly recurring services are currently provided by your current MSP?
Windows updates/software patches. Information about this is also contained in the current provider’s SLA/contract posed on 3/1/19 (below). 

Can you describe ways in which the current provider is not meeting your expectations?
What are your biggest issues with your current provider?

From a previous answer provided: We would like to have a provider help us with more long term planning. Planning will help us stay current with technology while allowing us to allocate necessary funds. We would also like to have more transparency and documentation for our systems. 

Additionally, our Technology Department is relatively new (about 6 years old). We have grown quickly and we would like to manage more or our IT services in-house. However, we recognize we still have a need for the support a managed services provider can give us. We would like to work with a provider to find the right balance of work we can do ourselves vs work we need a provider to perform. 

How many total switches are in the environment?
One main switch at each branch for network and two switches for security camera system. 

Updated 3/10/19:

Additionally, we have 8 managed mini switches (for the public) and 7 unmanaged mini switches (for staff) at the Main Library. 

Do we have access to current IT monitoring? 
No. 

Are the domains joined?
Yes, but the Macs are not included

What does the Library use for imaging?  
The current IT provider uses Acronis; Library staff use Clonezilla.

Knowing that the Library is not looking for an “apples to apples” proposal as compared to its current IT provider, how does the Library recommend proposals be structured?
We think that responding firms should probably propose an initial service similar to our current one in order to smoothly continue service. However, there should be options included that let us adapt as the Library and provider discover ways to transfer some management to in-house staff. The Library is also interested in opportunities for new services, such as Apple management. 

What are we using for current network security?
Trend Micro, Fortinet/FortiGuard, mandatory profiles on public Windows computers, DeepFreeze on public Apple computers, Spam Titan spam control.

Do we host our own Exchange?
Yes, on our virtual server. We are running Exchange 2010. 

What is the network layout?
Only one VLAN for Internet traffic

Is the network flat?
Yes

How old is your current switch?
10 years.

What database are we running/hosting?
Sierra, SW

How are profiles locked down now? Do any staff have elevated privileges?
Mandatory profiles on public machines prohibit data being retained across sessions. Library staff in general do not have the ability to install programs on their machines. The Director has limited local admin rights on her computer. Technology Managers and Support Specialists have access to install programs and they share a couple of domain admin accounts. 

How many workstations per site?
Main Library: 201 (includes 20 Apple computers)
Rand Road Branch: 8 
North Hoffman Branch: 5

How many servers are being backed up?
1 files server at Main Library
1 virtual host with 12 VMs
1 Innovative Sierra ILS server (handled by Innovative)
1 Innovative Encore server (handled by Innovative)
Are all servers under warranty or extended warranty?
Yes

How many external-facing IP addresses do you have?
64 external IP addresses in continuous range

Do users connect via VPN today?
Yes

If the answer to above is “Yes,” what firewall and agent are users connecting with?
Fortinet with tokens

How many switches and wireless controllers do you have in your primary data center?
1 switch, 1 wireless controller

How many switches, wireless controllers, and access points do you have at each site?
Updated 3/10/19:

Main Library: 1 chassis network switch, 8 managed mini switches (public), 7 unmanaged mini switches (staff), 1 controller, 13 APs
North Hoffman Branch: 1 switch, 0 controllers and APs 
Rand Road Branch: 1 switch, 0 controllers and APs

What make and model switches do you have?
1 core switch at Main Library: HP 5412 zl 12x24-port modules
1 each at 2 branches: ProCurve 2910al-24G Switch (J9145A)

Updated 3/10/19:

Additionally, at the Main Library we think we have have 7 HP 1810-8G managed mini switches, 1 HP 2910-al managed mini switch, and an additional 7 unmanaged switches that are HP 1810-8G or HP 1800-8G. Our current IT provider is completing a switch audit right now so these totals may change. 

How are your wireless access points managed?
HP controller

What makes and model of wireless access points and controller do you have?
Controller is HP E-MSM720. Wireless access points are HP E-MSM460 802.11N (or possibly a similar model). 

Are all network devices under warranty or extended warranty?
No

Are all network devices within the vendor support lifecycle?
No
 

Questions and Answers, Posted 3/1/19

Is there a network map?
No

Are there firewalls at the remote locations and how are they setup?
Yes, each location has its own Firewall. We do not know how the Firewalls are setup. 

What models of firewalls are currently installed in each location and what level of licensing do they have?
At the Main Library we have Fortinet FortiGate 300D NGFW. At each Branch we have Fortinet FortiGate 90D NGFW. We do not know what version firmware they are running. They all have FortiCare 24x7 subscriptions that includes coverage for: Hardware Advanced HW, Firmware & General Updates, Enhanced Support 24x7, Telephone Support 24x7, Advanced Malware Protection, NGFW, Web Filtering, AntiSpam. The current support subscriptions expire in December 2019. 

Does the Technology staff at the Library have or want to be able to control the firewalls?
No, we do not want to control the Firewalls. However, we are interested in having the ability to view the information about the Firewalls and to access to the filter, FortiGate. 

Are you interested in a backup internet line to provide redundancy? If so, can your firewall handle automatic failover?
Yes, we are interested in hearing about a backup internet redundancy. We don’t know if our firewalls have automatic failover.

Is there a segregated vendor VLAN on the network?
No. 

What are the reasons for when Sierra goes down? Internet related? Power? Network?
The Sierra server is likely down. If the power is out, there is a backup UPS connected to the Sierra and Encore servers that allows them to keep working. This power supply lasts about 45 minutes. If the power outage last longer than that, then the servers will go down. 

Where is your DNS registered?
With our current IT provider. 

Can we use a network assessment tool when we are there? This would be connected to the network to gather information.
No, but we have gathered more information about our network to share. If there is specific additional information you want to know, please ask. 

Is there any additional written documentation we didn’t receive at the kick off meeting that may help?

Do you have a full inventory list outside of the document from the kickoff meeting?
See above. 

Do you have a disaster recovery plan in writing?
No. Our IT provider may have something, but we are not aware. 

Do you have a lifecycle policy?
No. 

How does the library procure licensing?
A variety of ways. Primarily, we work with our current IT provider for most licenses. We will sometimes purchase the licenses on our own directly from the vendor or through another source, such as CDW-G or TechSoup. We sometimes use free or discounted licenses through other government or non-profit agencies, like RAILS. 

Do you have any best practice documents for things like security or passwords?
No. 

Will the selected managed services provider be permitted to implement their preferred Anti-Virus and Backup Solution?
Yes, provided the implementation works within the Library’s timeline and budget. 

Have recommendations from the August 2018 assessment been implemented?
Any action that’s been implemented was noted in the assessment handout provided at the February 18 meeting. 

What is the organizational policy in utilizing cloud based technology?
We have no formal policy about cloud technology, but we are in favor of it when it makes sense for our patrons, our budget, and our staff. We are more open to cloud services at this time than we have been in the past. 

What is the typical project dollar budget within each calendar year?
It varies based on projects needing to be done. Our Computers and Technology capital expenditures budgets (which would cover projects as well as repairs and replacements of current hardware) from the previous three years have been $252,376 FY 2018-2019, $125,000 FY 2017-2018, and $110,000 FY 2016-2017. This budget does not include support contract or software subscriptions. See more information about Library planning and budgets.  

Have they conducted a vulnerability assessment of the library?
No

What is the typical process for approval for technology spending?  What is the decision process? What is the typical decision timeline?
We are able to purchase most of our technology with the approval of either the Technology Manager or of the Executive or Assistant Director. See our Financial Management Policy for full details.  

Do you patrons see anything lacking in the technology that you provide as a service? What do patrons complain about?
The biggest technology issue from our patrons is our Wi-Fi, which can be spotty and slow. We’ve had some patrons request to take laptops home with them. Currently our laptops are for in-Library use only. Patrons would also like the ability for themselves or for staff to easily run some software or plugins when needed (ex. Video conferencing software). We also get some comments about needed to stay current on browser and software updates. 

Do we own the license to our Spam Titan spam control?
No, we are paying our current IT provider for an annual subscription to their spam control service which uses Spam Titan. Our current license expires in August 2019.

Do we want our workstations managed more by our staff or more by our IT provider?
More by our provider but with our staff able to manage as needed. We want the provider to do the “heavy lifting” – system-wide updates and changes, high level troubleshooting on issues, imaging for new workstations, etc. We would like our Technology staff to be able to add software as needed to individual workstations and perform basic tier 1 troubleshooting. 

How often does our current IT provider come on-site? Are the visits scheduled?
Technicians and engineers from our current provider is onsite as need to work on tickets and projects usually related to hardware. As such, visit frequency can vary. If there is not a project underway, the visits are seldom. We do not have a regular schedule for visits. The provider also visits for planning and project meetings as coordinated with Library staff. Usually, these meetings occur once a quarter. 

What does the Library mean when it asks for training from the provider?
We would like to work with the provider to see what tasks can be managed by our Technology staff. Once those tasks are determined, we would like documentation and possibly site visits to properly train the staff. If there is new service or hardware installed by the provider, we want the same training and documentation from the provider to help our Technology staff understand the new technology and their roles in managing it. 

How long is the Library required to keep images from our security camera?
We aren’t required to keep images from the security cameras for any length of time, but we store them for 30 days. 

Are the security cameras fixed or panning? How many do you have? Are any outside?
Fixed. 22 cameras. There are five outside cameras. 

Are there any issues with the current security cameras and system?
We’d like to add more cameras and to move to hosted storage. We’d like to see an improved UI to make it easier for Security staff to use. 

How often do you pull images from your camera?
Not often. Perhaps once every couple of months. 

How is your wireless coverage?
At the Main Library, it can be spotty and slow. There are areas of the building that our wireless access points can’t or barely reach due to limits on cable lengths. Wireless is probably the most reported technology issue from our patrons. At the Rand Road Branch, we use the Palatine Opportunity Center’s Wi-Fi. Staff reports that is is also slow and spotty. There is no Wi-Fi available in the North Hoffman Branch. 

Are the computers the same model?
No, there are several different models. 

Does the Library buy hardware from its IT provider?
Most of the time. Sometimes we purchase hardware on our own in small amounts. In the future, we may go to bid on major hardware purchases more so than we have in the past. 

What model printers do you use? Are any wireless? Any issues?
All of our printers are HP or Konica Minolta. Most are networked and covered by Konica Minolta service plans. None are wireless (although we do offer a wireless printing service through PrinterOn). There aren’t many issues with printers. 

How is the current IT provider delivering services (remote vs. on-site)?
Most work is performed remotely. The provider usually comes on site to work on hardware as required. 

Does the Library rent any equipment from your current provider?
No

Is the Library’s ultimate goal to get everything wired to your switch directly?
We haven’t thought about it. This would be something to discuss with our provider in the future. 

When is your VOIP system being installed?
It should be installed by the beginning of April. 

Do you swap out your tapes in your backup system every day?
Yes, except on weekends. 

If you decide to move your servers from the second floor to your first floor data closet, would you ask your current IT provider to perform that work?
Yes. 

Are we interested in pushing level 1 IT support to your managed services provider? 
No, we would like to be able to perform as much of that in house as possible. However, if we are short on staff or busy with other work, we would like to be able to rely on the provider for assistance as needed. 

Would it be helpful to have the provider share information about update schedules and plans?
Yes

Does the Library maintain a current change control document between the Library and the current provider?
No. We may look as logs as needed, but there is no formal document. 

On any given day, does the Library staff know the updates and versions of current software?
We can see that information through our SpiceWorks. 

Would you say that the initial work an incoming provider would need to do is to document the network? Do you know what you have now?
We would like to see clear documentation and more transparency about our current systems. It will be up to the incoming provider to determine their initial tasks. 

What do you think will be the biggest challenge for a new provider?
Learning our current configurations, assessing them, and planning recommended changes.

Are you interested in doing more managed network tasks in-house?
Yes, if it makes sense for our staff and our workload. Any tasks we would move in-house would be determined by us and the managed services provider. 
 

Questions and Answers, Posted 2/26/19

Are all the patron and staff computers hard-wired (connected to the network via Ethernet cable)?  
Most are hard-wired except the patron and staff laptops and three catalog stations that are connected via Wi-Fi.

Is there any off-site storage of back-up tapes? 
No

Is there a redundant/back-up Internet connection? 
No 

How old are the wireless access points? 
Most of our access points were installed between 2011-2013. They are 802.11n WAPs. 

Are we able to provide a backlog of previous vendor tickets to a new vendor?
Yes. Here is a list of ticket subjects and dates from the past six months (Sept. 1 2018-Feb. 26, 2019). We can share more detailed ticket logs with a new vendor after contract signing. 

Are most tickets for the library as a whole?
Yes, the majority of tickets with our current IT provider are for library-wide issues. See list of tickets from last six months (above) for a better assessment. 

What is the ticket load for branches?
From 9/1/2018-2/26/2019 there have been 6 tickets opened with our current IT provider for issues at one of the branches. 

How are we doing internet filtering?
We use FortiGate for our internet filtering. The following categories are applied to all but two public computers: Child Abuse, Explicit Violence, Proxy Avoidance, Nudity and Risqué, Other Adult Materials, Pornography, Malicious Websites, Phishing, Span URL's, Domain Parking. Two public computers only have the following filters applied: Malicious Websites, Phishing, Span URL's.

Are we getting more Macs?
At the moment, we have no immediate plans to purchase additional Macs. 

Are patron networks and staff networks split?
No

Who does the asset tagging?
The Library’s Business Office maintains our asset inventory. Technology staff manages tagging new technology equipment and reports tags for disposal when equipment is recycled. The current IT provider maintains a separate inventory with unique tags for PCs and servers. 

Did we acquire Office 365 licenses from a vendor?
No, we acquired them directly from Microsoft. 

Is the IT vendor queue attached to Library Spiceworks queue?
No, our IT vendor does not have access to our Spiceworks queue. 

What issues are we having with Sierra/Innovative?
The primary issue we have with Innovative as a vendor is in their support. They can take longer than we like to respond to a ticket and ultimately to resolve and issue. Additionally, their updates are often buggy, and they are not responsive to developing requested features on the products we are using. They can take a passive approach to solving a problem, relying on Library staff or our IT provider to do the bulk of testing and research. 

Do patrons have limited access to Google’s cloud services?
No

What are the hours of coverage for our current service provider?
Regular hours are weekdays 9:00 a.m. – 5:00 a.m. excluding provider’s holidays. We have the option to put in emergency requests outside of these regular hours. If the request is covered in our Service Level Agreement, then there is no additional charge. If the request is not covered, then non-agreement hourly rates apply.

Is the move for a new IT vendor related to the April referendum?
No

Are we interested in a new camera system?
Yes, we plan to replace our current security camera system next fiscal year (July 1, 2019-June 30, 2020).

Are we looking to narrow IT vendor proposals to a specific number?
No

Who is responsible for maintaining our people counter system?
Our current IT provider handles the set-up of the virtual server and the server software for the people counter system.  Library staff troubleshoot and provide basic maintenance with on-site hardware.

Do we have a system for storing back-ups tapes off-site?
Not at this time. 

Are any of our servers restricted to tape back-up?
Our Innovative Sierra and Encore servers require tape back-ups. Our file and virtual servers do not. 

Do you have single fiber internet?
Yes. We have a 500 Mbps fiber connection at the Main Library. Our two branches use Comcast Business broadband; current plan is 50 Mbps for each location. 

What happened to our old servers that were replaced last year?
They have been decommissioned. We have the hardware in our workroom. 

Do we store images on our camera server?
Yes, up to 30 days. 

Are we required by law to retain our security images for a certain length of time?
No. 

Do we have a network map for the switches?
No 

Outside of Registration and Circulation records, what sensitive information needs to be protected?
Any information our patrons give us needs to be protected. So in addition to registration and circulation records, we also want to protect information related to using Library computers. We do not want any browsing data, files, passwords, etc. saved on shared public workstations. We also need to protect our email and file servers, as patron information can also be found in those places. 

Where do users access their email accounts?
a.    Personal computers?
b.    Personal mobile devices?
c.    Library-owned equipment only?
Library staff and trustees can access their email accounts from any device. We do not restrict access to Library-owned equipment. We discourage most of our staff from accessing their email when not at work (on the clock) and when not using a Library-owned device. However, our exempt staff (librarians, managers, and administrators) and trustees can be asked or expected to access their email when not at the Library nor using a Library-owned device. 

Is there any standard of backup testing in place?
No

When was your backup tape system purchased?
Spring 2018

Does the Library lease the Trend Micro licenses or are they owned? Is it multi-year?
The Library owns the licenses. Our current license is for one year, expiring April 2019. 

What are the top three selection criteria for this RFP?
Past record and experience, quality of proposal, and cost. 

Is the current managed services provider using SpiceWorks or do they have a second portal for their tickets?
The current provider has a second, separate portal for their tickets. They do not have access to our SpiceWorks queue. 

What are the existing contract term lengths with your current managed services provider? 
Annual. The current contract expires June 30, 2019. 

What is the biggest challenge the library faces with the current managed services provider?
We would like to have a provider help us with more long term planning. Planning will help us stay current with technology while allowing us to allocate necessary funds. We would also like to have more transparency and documentation for our systems. 

Are new computers built using an image or are they customized each time?
Built using an image. 

Do you have a plan to someday set up a segregated internet or Wi-Fi at the branch locations?
We don’t have a plan, but we do want to evaluate options in the near future. 

Are you interested in pricing for supporting the public laptops you plan to offer?
At this time, we are not interested in pricing for additional laptops. While we have considered offering laptops for the public to take outside of the library, we do not have any plans to offer this new service in the coming fiscal year. This may be a service we will research if the referendum passes, and we would want to look at pricing at the time. 

What are the tech-related reasons for the high internal IT turnover?
We don’t think there are tech-related reasons for the turnover (mentioned in the Technology Assessment document created in 2018). At the time the assessment was conducted we happened to have recently lost two of our three Technology Support Specialists in quick succession. However, those two employees had been with the Library for 4 years and 19 years. They had different reasons for leaving the Library. Our part-time Technology Associate positions do have a consistently high turnover. We attribute that to the positions being part-time and often filled by students. 

Does your team handle procurement of new hardware and systems, or would the new managed services provider be responsible for this?
We rely on our current IT provider to help us with new purchases, although we have occasionally purchased items on our own. If the cost is significant, we may ask our provider to give us a quote which we will compare to other vendors. However, in general we usually purchase through the IT provider.  

Are there gaming or program opportunities for vendors?
We do hire external instructors to teach technology classes to supplement staff-led classes at the Library. We are open to any vendor proposals to offer technology classes and events.