The URL can be used to link to this page

Home My WebLink AboutASA Firepower Software Upgrade �o�auFFut � RESOLUTION"2022-286 ADOPTED., DOC ID: 17911 THIS IS TO CERTIFY THAT THE FOLLOWING RESOLUTION NO. 2022-286 WAS ADOPTED AT THE REGULAR MEETING OF THE SOUTHOLD TOWN BOARD ON MARCH 29,2022: RESOLVED that the Town Board of the Town of Southold hereby authorizes and directs Supervisor Scott A. Russell to execute a contract with Core BTS for the ASA Firepower Software Upgrade to the Town's computer systems at a cost of$28,877.50 per NYS Contract PM20800, funded from budget line H.1680.2.600.550, subject to the approval by the Town Attorney. Denis Noncarrow Southold Town Clerk RESULT: ADOPTED [UNANIMOUS] MOVER: Sarah E.Nappa, Councilwoman SECONDER:Brian O. Mealy, Councilman AYES: Nappa, Doroski, Mealy, Doherty, Evans Account Manager: Matthew Vetro 6312197104 1 Matthew.Vetro@corebts.com Solution Architect: Lordly Mathews -16319824763 1 lordly.mathews@corebts.com February 11,2022 Statement of Work. ASA Firepower Software Upgrade Project Based: PBS Security W Lloyd Reisenberg Iloydr@southoldtownny.gov 1631-765-1891 Town Hall, 53095 Main Rd.,Southold, NY Executive Summary Project Overview Billing Terms ff AM -. . Duties&Responsibilities Key Assumptions Confidentiality Agreement CORE STS-PROPRIETARY AND COQ FIDENT:tAL Service Description Rates $27,500.00 Fixed Fee Milestone Payment Schedule 0 30%Due Upon Signing 0 50%Due Upon Completion of Detailed Design and Planning 0 20%Due Upon Project Close Out Executive Summ€ry The CoreBTS Professional Services is designed to provide implementation services for Town of Southold to upgrade their(7)ASA Firepower devices to the latest,supported,and recommended software upgrades. It should be noted that the ASA 5525-X only supports Firepower version up to 6.6,and the ASA 5508-X supports up to version 6.7. In addition,the Firepower AD Agent is no longer supported on Firepower codes after 6.6 and/or on Windows Server 2016 and later. It is recommended that Town of Southold migrate Firepower AD Agent to ISE Passive Identity Connector which is available as a virtual machine.This professional services engagement will include implementation cost for ISE Passive Identity Connector. However,Town of Southold must purchase this separately or through CoreBTS(Cisco Partner). The ASA 5500-X code 9.14 deprecates des/3des encryption, md5 hashes,and Diffie-Helman Group 2, and 5. CoreBTS recommends Town of Southold the ASA code of 9.13 or any stable, recommended release prior to 9.14 but at least above 9.10.The Firepower modules of the ASA will be upgraded during normal business hours,as the Firepower upgrades comes with minimal disruption i.e.the Firepower module will failover to bypass mode and will pass Internet-bound traffic through the ASA Firewall unprotected(no NGIPs,antimalware,no url-filtering).6 out of the 7 sites will have the ASA codes(with traffic disruption)upgraded during the hours of 3pm-Spm.The ASA Firepower at the Police Station will be upgraded after normal business hours. ASDMs are backward compatible with older ASA versions. However,depending on the current ASDM version on Town of Southold ASAs,the ASDM may need to be upgraded to 7.13(1).7.13(1)Is the recommended ASDM version for ASA version 9.13(1). h® We Are Core BTS(Core)is an award-winning solution provider focused on customer-centric software,cloud technology and IT infrastructure to corporate and public sector clients.Core solves complex business needs across networking,collaboration, security,data center and cloud infrastructure.Our.capabilities include technical support and managed services of existing infrastructure,security and networking advisory and assessments and remote monitoring support for hardware and software technologies.The Core team has more than 15 years of experience and holds multiple top-level certifications and partnerships with IT industry leading companies,allowing us to provide customers with expertise across multiple technologies. CORE BTS-PROPRIETARYAND CONFIDENTIAL 2 Project Overview Core BTS according to best practices and Town of Southold requirements will upgrade(3)ASA 5525 Firepower Devices and(4)ASA 5508 Firepower Devices to the latest,recommended and supported ASA and Firepower code,The ASA 5525-X only supports up to Firepower version 6.6;ASA 5508-X supports up to Firepower version 6.7. Next day support will be provided for 4 ASA Firepower devices,and documentation will be providing regarding the software upgrades.In addition, ISE Passive Identity Connector will be configured,with Active Directory Integration so Town of Southold create Firepower policies based on AD Group or User.The Upgrade of ASA Firepower Module Device will happen during normal business hours as it should incur minimal downtime and/or disruption.The upgrade of the ASA code will be disruptive. However,Town of Southold has requested that 6 out of 7 devices will be during the hours of 3pm-Spm EST;the disruption is expected and tolerated.The ASA Firewall at the Police Station will occur after business hours.Town of Southold will inform and get approval from the Police Chief prior to the ASA upgrade. ASDM version are backwards compatible with older ASA version. However,depending on the current ADSM version on Town of Southold ASAs,the ASDM may need to be upgraded to 7.13(1).7.13(1)Is the recommended ASDM for 9.13(1). The ASA code 9.14 deprecates the following IKE/IPSec encryption,hashing,Diffie-Helman Group commands/configurations • DES/3DES • MD5 Hash • Diffie-Hellman Groups 2,5 CoreBTS recommends ASA code 9.13,as the modification IKE IPSec VPN Tunnels are outside of scope of this engagement. Core BTS ASA Firepower Software Upgrade Tasks. Core BTS's ASA Firepower Software Upgrade consists of the following tasks. Project Schedule—Through interactive meeting(s)and/or conference calls,Core BTS will adhere to the following schedule: CORE BTS-PROPRIE TA R Y A IVD CONFIDENTIAL 3 • ASA Firepower Configuration Review and Assessment • Prepare and Stage the ASA Firepower devices for the software upgrade • Upgrading the ASA 5525X Firepower devices to version 6.6 • Upgrading the ASA code on ASA Firepower 5525-X devices during the hours of 3pm-5pm EST(except Police Station) • Upgrading the ASA Firepower 5508-X devices to version 6.7 • Upgrading the ASA code on 5508-X devices during the hours of 3pm-5pm(except Police Station) • Upgrading the ASA code on 5525-X device at the police station after business hours. • Configure and Implement ISE Passive Identity Connector • Configure Active Directory Integration to Firepower(through ISE-PIC) • Test and Validation • Providing Next Day Supportfor up to(4)ASA Firepower devices • Provide Technical Documentation Project Deliverables—The following deliverables are included with this service: • Customer Kickoff Meeting • ASA Firepower Review and Assessment • ASA Firepower 5525 Preparation and Upgrade(3) (during normal business hours;except for Police Station ASA • ASA Firepower 5508 Preparation and Upgrade(4) • ISE Passive Identity Connector Configuration and Implementation • AD Integration through ISE Passive Identity Connector • Test and Validation • Next Day Support • Technical Documentation Project Specification PirePower Installation Details Upgrade of ASA 5525X and 5S08X Firepower Appliances • Review configuration of existing firewalls • Review licensing requirements • Determine if downtime is required • Upgrade FirePower Management Center(FMC)to Firepower 6.6 or later • Upgrade to latest ASA Firepower(3)5525 and (4)5508 FXOS 6.6 version of code • Upgrade ASA code on ASA 5525s and 5508s to latest 9.x code (to be done after-hours) • Configure,and Deploy ISE Passive Identity Connector CORE 2 T-PROPRIETARYAND CONFIDENTIAL 4 • Configure Active Directory Integration • Test configuration after upgrade of code • Test failover • Provide Next Day Support for up to(4)ASA Firepower Devices • Documentation CURE BTS-PROPRtETARYAMD COMFIDENTIAL S Fore BTS Fixed Fee Billing Terms a. Town of Southold agrees to compensate Core BTS for the effort required to deliver all items outlined in this Statement of Work. Modifications to this project via the Change Management Process may change the associated fees. b. This engagement will be performed on a fixed-fee basis,with phased billing.This fixed fee project will be invoiced at the phased completion stages,specified below. • Travel related expenses are not included In this price/estimate.Customer Is responsible for reimbursement of out-of-pocket and travel-related expenses as incurred by Core BTS. Duties and Responsibilities In order for this project to be successful,it is important that each person performs his/her project duties and creates an environment that is conducive to success. Below are the responsibilities for each member of the project team. Core BTS Project Coordinator Responsibilities of the Core BTS Project Coordinator include: 1. Developing project timeline and ensure scheduled are maintained 2. Acting as a single point of contact for all members of the Project Team 3. Managing all Core BTS resources and coordinating resources 4. Resolving issues with point of contact 5. Presenting status weekly via status meetings and status reports 6. Providing issue and risk management including escalation management 7. Controlling change management process Core BTS Engineer(s) Responsibilities of the Core BTS Engineer(s)include: • Performing tasks as outlined in this Statement of Work with efficiency and diligence • Acting in a professional manner and abiding by Town of Southold code of business conduct Town of Southold Responsibilities of Town of Southold include: Providing necessary personnel, including: • A dedicated point of contact. Subject matter experts(SME's)as needed. Management with decision-making authority. CORE BTS-PROPRIETARYAN1?CONFIDENTIAL 6 • If necessary,assist in physical-movement and racking of components(unless otherwise specified) • Providing access during agreed upon timeframes to: o Suitable workspace, including a workstation and telephone, if necessary o Required systems and networks o Documentation of current procedures,workflows,and network diagrams • Providing remote access(VPN preferred) if work is to be completed offsite • In a timely manner,resolving problems not directly discussed in this SoW, but adversely affecting the project's progress(i.e.software bugs, hardware failures, connectivity issues,etc.) Core BTS can assist with these issues as through the scope management process. • Participating in knowledge transfer throughout the project(unless otherwise noted) Mutual Responsibilities shared by all members of the Project Team include: • Responding to communication (calls and email)in a timely manner • Participating in all status meetings • Identifying situations requiring scope management and alerting Project Management • Identifying potential issues and risks and alerting Project Management • Coordinating scheduling in the event of delays outside of Core BTS's/Town of Southold control Core BB'S Key Assumptions Out of Scope:Any additional work outside of the tasks defined in this Agreement is considered out-of-scope and will be quoted in a separate Statement of Work. Core BTS assumes for the sake of pricing and solution sizing that the following will hold true for the duration of the engagement: Core BTS will perform all review and assessment at the Town of Southold in the specified location. • Core BTS engineer will be provided access to systems and passwords as required • Requests for information pertinent to this project will be addressed within 2 business days, unless otherwise agreed upon by both parties. • All documentation listed will be delivered in a Core BTS standard format and with Core BTS standard level of detail. • Core BTS assumes no liability for equipment damage and/or loss associated with the relocation of any equipment to any location other than the initial delivery location. • Core BTS assumes no liability for data loss.Customer is strongly encouraged to backup and validate data on all affected systems prior to initiation of the engagement. • Any additional tasks,work, labor,and other efforts for this project that have not been clearly defined In the SoW are the client's responsibility and will be performed by the client.Any additional items not outlined in the SoW that the client wishes to be a part of Core BTS'work product will require a signed and approved Project Change Request(PCR). PCBs will detail the additional work and costs,and will be submitted to the client project sponsor for approval and signature.Signed PCRs will become an official part of the project. Care BB'S Confidentiality y Agreement CORE BTS-PROPRIETARYAND CONFIDENTIAL 7 During the course of the provision of the services by Core BTS to Town of Southold,each party to this Agreement may have access to confidential information concerning the methodologies and business practices of the other. Neither party shall make any use of such information of the other party except in connection with the exercise of its rights and responsibilities under this Agreement except as may be necessary to comply with the laws,of the state of New York-NY. The obligations of this paragraph shall not apply in the event such information is already public or becomes available to the public through no breach of this.Agreement by the receiving party;or,such information is lawfully received without obligation of confidentiality from a third party who is free to disclose such Information to the receiving party;or,such information is independently developed by or on behalf of the receiving party;or,such information is required to be disclosed by the receiving party to a governmental agency or a court having proper jurisdiction. If such a requirement is made,the receiving party shall give the disclosing party reasonable notice to enable the disclosing party to try to protect the confidentiality of the confidential information. DUE TO THE CONFIDENTIAL AND PROPRIETARY NATURE OF THIS PROPOSAL,WE REQUIRE THAT IT NOT BE, DISTRIBUTED OR DISCLOSED TO THIRD PARTIES NOT EMPLOYED BY Town of Southold.WITHOUT THE EXPRESS WRITTEN CONSENT OF CORE BTS. R The enclosed material is proprietary to Core BTS and Town of Southold.This document is the copyright of Core BTS. Neither this publication nor any part of this publication may be photocopied or reduced to any electronic medium or machine-readable form without the express written consent of Core BTS Customer Acceptance,Please sign below,on behalf of Town of Southold indicating your agreement to the above terms and to indicate acceptance of this Core BTS Service Agreement. Customer Name �1% �+� ��CO4 11 Customer Title Customer Signature COREETS-PROPRIETARYAND COMFIDSAITIAL g Date *After this date,please consider the-details of this SoW void until a formal review can be conducted by a Core BTS technical resource.A new SoW will be submitted for your review and approval. Terms & Conditions 1. Payment Terms. Payment is due within thirty (30) days of invoice date. After .this time period, interest accrues at the lesser of the maximum rate permitted under applicable law or one and one-half percent (1.5%) per month from the date due until paid. We shall have a purchase money security interest in the products delivered by us to secure payment of the purchase price and any installation charges until they are paid in full by you. If invoice is not paid byyou after 60 days, you authorize us to file all documents (including UCC financing statements) deemed necessary by us to protect and maintain our security interests. 2. Independent Contractor, Taxes. We will perform all services hereunder in our capacity as an independent contractor and not as an employee or agent of you. Our employees shall not be entitled to any privileges or benefits that you may provide to your employees, and we shall be responsible for payment of all unemployment, social security, federal income (state and local income where applicable) and other payroll taxes imposed by any governmental body on us in regard to our employees who are engaged in the performance of the services. Pricing set forth herein is exclusive of applicable sales, use and similar taxes assessed on the performance of any services. You agree to reimburse, indemnify and hold us harmless from and against any such tax, penalty and interest thereon levied against us for the provision of services to you hereunder. 3. No Hiring. For Lhe Lerm or Lhe project and for a period of one year thereafter, you agree not to hire, solicit or accept solicitation of, through employment or otherwise,,directly or indirectly, any of our employees or independent contractors with whom you have had any contact during the project, unless you obtain our prior written consent. Should you hire an employee or independent contractor of ours through employment or otherwise within this time period without our prior written consent, you will immediately pay as liquidated damages to us an amount equal to the relevant person's then current annual compensation (or the amount paid to or on behalf of the person in the last 12 months, in the case of an independent contractor). 4. Warranty. A. We warrant and represent that the services will be performed in a skillful and workmanlike manner according to those standards generally prevailing among consultants performing similar services under similar circumstances. To the extent that we are not the manufacturer of any hardware or software products that you may purchase as a result of or relating to our Services, we do not provide any warranty on such products, whether with respect to their design, performance, functionality or compatibility with your existing system.,Any warranty with respect to product must come from the manufacturer. Our product procurement distributor or we will pass through to you any applicable warranties of the manufacturer, to the extent permissible. B. EXCEPT FOR THE EXPRESS WARRANTIES STATED IN THIS SECTION, WE DISCLAIM ALL WARRANTIES INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. S. Our Indemnity. We will indemnify, defend and hold you harmless from and against any claims, liabilities, losses, expenses or damages (collectively,"Damages") caused by the services performed or the work delivered by us under these terms infringing any copyright, trade secret or any other proprietary right of any third party. Excluded from such indemnification are any claims CORE BTS;PROPRIETARY AND CONFIDENTIAL 9 i I ` i related to (i) services performed on equipment or software which you covenanted that we had the rights to modify as set forth in Section 7 below, (ii) services performed to your specification or design and (iii) infringement resulting from or caused by your misuse or unauthorized'. modification of systems or product. We will also indemnify, defend and hold you harmless from and against any Damages resulting from our willful misconduct or negligent acts or omissions in performing the services which are the subject_of these terms, except to the extent such Damages are caused by the willful misconduct or negligence of you, your employees or agents. Our obligation to indemnify and defend you with respect to any claim shall be subject to (.i) your providing us with prompt notice,of such claim, (ii) our having sole control over the defense and settlement thereof, (iii) your providing us with the information and assistance necessary to defend or settle such claim as reasonably requested by us, and (iv) the limitations on liability set forth in Section 6 below. 6. Limitations of Liability. WE WILL NOT BE LIABLE FOR INCIDENTAL, SPECIAL, PUNITIVE, INDIRECT OR CONSEQUENTIAL DAMAGES, INCLUDING FOR LOSS OF DATA OR ITS USE OR LOST PROFITS OR OTHER ECONOMIC DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. With the exception of indemnification for intellectual property infringement, your right to recover Damages from us in aggregate of all claims is limited to the amounts paid to us by you in the preceding twelve (12) months. You acknowledge that this limitation of liability is part of the consideration and was considered by us in establishing the prices and rates to be charged to you, which, but for this limitation, would have been higher. 7. Your Covenants. You covenant that: (i) you have the authority to agree to these terms and the funding necessary to pay for the requested services; (ii) you have title to or license or rights to use or modify any software or products which you have requested us to modify as part of such services; and (iii) you will provide us necessary access to your personnel, appropriate documentation and records and facilities in order for us to timely perform such services. 8. Requests for Changes. No change in the services provided hereunder will be performed until we receive a properly issued and executed Change Order; provided, however, that.nothing herein will relieve you of the obligation to pay us for services rendered which were requested by you but are not documented in such.a properly issued and executed Change Order or within the applicable scope of work. 9. Confidentiality. Each party acknowledges that it and its employees or agents may, in the course of the project, be exposed to or acquire information that is proprietary or confidential to the other party. Each party agrees to hold such information in strict confidence and not to discuss or disclose any such information to any third party for a period of three years. The parties acknowledge that the provisions of this paragraph shall not apply to: (a) information which at the time of disclosure is, or without fault of the recipient becomes, generally available; (b).information which either party can show was in its possession at the time of disclosure or was independently developed by it; (c) information received from a third party which had the right to transmit same without violation of any secrecy agreement with the other party; and (d) information which is required to be disclosed pursuant to court order or by law. 10. Termination of Agreement. Either party may terminate our engagement at any time upon 30 days prior written notice. Cancellation of any licensing or services with a fixed term and indicated as non-cancellable shall Incur a termination fee equal to 100% of the cost of the remainder of the term, payable to us in full upon the effective termination date. 11. Entire Agreement: Amendment. These terms and the accompanying engagement letter sets forth the entire understanding of the parties with respect to the subject matter hereof and is binding upon both parties in accordance with its terms and may be amended only by an entry signed by both parties. There are no understandings, representations or agreements other than those set forth herein. 12. Assignment. You may.not assign any of the rights or obligations hereunder without the prior written consent of Core. CORE 1375-PROPRIE'TARYAND CJNFIDgfilRAL 10 I f I 13. Notices. Any notice or communication from one party to the other concerning the terms hereof shall be in writing and shall be sent by certified mail, return receipt requested and postage prepaid or by commercial overnight mail to the most recent address that either party has specified in writing to the other. 14. Governing Law. These terms shall be governed by and construed in accordance with the laws of the State of.Delaware. 15. Force Majeure. Neither party shall be liable to the other for any failures or delays arising out of conditions beyond its reasonable control, including, without limitation, work stoppages, fire, civil disobedience, delays associated with product malfunction or availability, riots, rebellions, storms, electrical failures, delays caused by the other party, and acts of God and similar occurrences. 16. Waiver: Severability Any waiver of any right or default shall be effective only in the instance given and if in writing and signed by the party against whom it is sought to be enforced and shall not operate as or imply a waiver of a similar right or default on any other occasion. If any term or provision hereof should be declared invalid by a court of competent jurisdiction, the remaining terms and provisions hereof shall be unimpaired, and the invalid terms or provisions shall be replaced by such valid terms and provisions as come closest to the intention underlying the invalid term or provision. CORE 9T-PRC?r`-ARIL=TARY AND C©NFfDENTIAL E i Sample Project Change Request(PCR) Form PROJECT CHANGE REQUEST(PCR) Requestor Data: PCR Requested By: PCR Preparation Date: PCR Prepared By: Approval Required By(Date): Change Summary: Project Name: Description of Change: Reason for Change: Impact if PCR is Rejected: Current Project Status: Cost& Timeline Impact: The following is an estimation of the work effort involved in completing the activities required to complete this PCR.This estimate is provided for budgetary purposes only, in all cases Core will bill for the actual hours and expenses incurred. Estimated Work Effort: Effort Range Totals Resource Description Low High Rate Low High Consultant Senior Consultant Principal Consultant Project Manager Estimated Total Timeline Impact: Project Completion Date,if Changed: Milestone(s)Affected: New Milestone Delivery Date(s): Approval: Client indicates acceptance of this PCR as an amendment to the Letter of Engagement and/or Statement of Work for the ASA Firepower Software Upgrade project. Approved By: Date: Name Printed: Title: CORE BTS-PROPRIETARY AND COXFI7EAd7 AL 12 CORE STS-PROPRIETARYAND CONFIDENTIAL 13 rat 6�_Y4 0�_ TOWN OF-SOUTHOLD. jV_/ Purchase Order 1 36243 1 Date ' Account#. I� /. �• �p. � De iver'and sand ljiiling f��o�. � � Vendor ae artrri �,� eht � ' r� 1 o, 3 t �141 j 1 Address VENDOR "Return this copy and Town of Southold voucher itemized and signed for payment** ITEM _ QUANTITY._: DESCRIPTION UNIT COST. TOTAL -�Jr M aCt 1�6 C THIS PURCHASE ORDER IS NOT VALID WITHOUT THE SIGNATURES.OF THE DEPT.HEAD AND THE SUPERVISOR I CERTIFY THAT THERE ARE SUFFICIENT FUNDS AVAILABLE IN THEA = OPR UN C�1 E Dept r°ead 1 CERTIFY THIS TO BE A JUST AND TRUE RCHASE ORDER Supervisor VENDOR