Project Functional and Technical Evaluation Criteria :

A. User Experience

B. Endpoint device access control feature

C. Security Functions

D. User Experience

E. MANAGEMENT
F. REFERENCES

G. SUPPORT

H. LICENSING
 Secure Remote Access Solution

Project Functional and Technical Evaluation Criteria :

SSL VPN solution should be software Base only

OS should be Linux and must me part of Complete Solution

SSL VPN Solution can be installed on Vmware , KVM , Nutanux , Hyper-V

A. User Experience
Solution shall provided client and client-less VPN access to remote users
The solution should ask user to provide user name and password along with SSL Certificate ( Two FA )

The solution should have feature of device posture check and allow access only to enterprise approved device

The solution should have the ability to scan the endpoint for defined parameters and allow access only when all the criterion are
The solution must have provision to denied access from unapproved devices and placed into quarantine device list till admin wi
approve it.
The solution should support client as well as clientless mode to access for end users.

The solution should support HA method with active-active mode across geographically separated locations and layer 3 network
B. Endpoint device access control feature

The solution must be able to allow or restrict access to applications based on all or minimum 5 set of combinations of following
parameters:
a. User identity
b. User's role (group/OU)
c. Device IP address
d. User's WAN IP address
e. Device MAC address
f. Laptop/Desktop Hardware ID like motherboard ID/CPU ID, HDD ID
g. Browser used by user
h. OS of user device
I. Type of login: Browser, client software, mobile app
j. Status of Windows OS updates
k. Status of Anti-virus
l. Geo-location
m. Domain membership of the user device
n. Wi-Fi networks with dynamic IP address
o. Presence of custom software
C. Security Functions
The solution should be able to allow or restrict copy-cut-paste of data between application and the endpoint used to access the
environment
The solution should be able encrypt end to end traffic from end user to network

The solution restrict password change and password reset function as self-service portal to few users only.
The solution must provide ability to restrict file upload or download and based on file types
The solution must support block saving and uploading of any file to any server location including user's personal desktop and m
documents folders
The solution should provide detailed logs and shall integrate with SIEM servers

The solution shall provide following logs:

1. User login and logout events
2. App access
3. Session reconnects
4. Applications accessed within each session and length of time for which app was used
5. Telemetry data from clients
6. Password change events (If any)
The solution shall provide facility to keep the logs
Solution shall provided virtual IP address support for each session
Solution should have feature to classify end point device as approved or unapproved device
D. User Experience
Solution shall provided client and client-less VPN access to remote users
The solution should ask user to provide user name and password and then 2-FA based OTP/code
The solution must do a device posture check and allow access only to enterprise approved device

The solution should have the ability to scan the endpoint for defined parameters and allow access only when all the criterion are
The solution must have provision to denied access from unapproved devices and placed into quarantine device list till admin wi
approve it.
The solution should support client as well as clientless mode to access for end users.
Mobile app integration for 2FA must be integrated in the portal with minimal clicks for user
E. MANAGEMENT
The management console should be web based and must provide centralized management
The consoles should support granular level of control and provide role based access control
The solution should provide historical reports related to resource utilization of the environment
The solution should have the ability to search for session based metrics using the users username
The solution should have ability to generate alerts when resource thresholds are crossed: like CPU, memory, hdd usage and lice
utilization
The solution should provide ability to customize the dashboard and generate custom graphs
The solution should support multi-tenancy environment to support multiple sub-organizations with different authentication,
customization settings and access control
The solution must support built-in load balancing
 The solution must support delegated administration assigning admins different role in the system
The solution must support creating read-only users to configuration management

The solution should have support to collect, display and create reports based on following parameters:
1. Login time
2. Logout time
3. Device params like MAC ID, hostname, IP address, hardware ID wherever available
4. Browser identification
5. WAN IP address
6. Application accessed
F. REFERENCES
The solution vendor should have at least 3 customers in India with more than 1000 seats deployed
The reference customers should be live for more than 1 year
OEM with under MSME i.e. Made in India will be given preference.

The OEM to share the deployment details and contact details (phone no and email) of the reference customers.
G. SUPPORT
Direct 24*7*365 Support through OEM for Unlimited incident support tickets.
OEM must offer professional service for installation and configuration
H. LICENSING
device based and Named User license for 25 Usesr
complinace ( Yes / Nop )