- STATEMENT OF REQUIREMENT
2.1 Purpose and Objectives
Implement the Board’s directive to transition from the current externally-hosted email service to a secure,
scalable, high-availability in-house Microsoft-based email platform.
Objectives:
– Enhance data security & privacy.
– Ensure full regulatory compliance.
– Improve operational efficiency.
Specifications and Requirements:
Scope of Work:
Active Directory domain: Establish coopbank.co.tz with Production and DR environments.
PKI: Deploy Active Directory Certificate Services (AD CS) with LDAPS for secure authentication.
Email platform: Install Microsoft Exchange Server 2019 in a high-availability configuration.
Microsoft 365 tenant: Set up a new Office 365 (M365) tenant and migrate accounts from legacy.
Hybrid Exchange: Implement a hybrid configuration for seamless integration and minimal disruption.
Licensing: Procure Windows Server, Exchange Server, and Office 365 licenses per BRD.
3.Deliverables & Expectations
Procurement: Initiate vendor selection in line with approved procurement procedures.
Compliance to BRD: Meet all technical, security, and compliance requirements in the BRD.
– Handover package:
– Detailed technical documentation (HLD/LLD, runbooks, topology/ports).
– Staff training for ICT and relevant end-users.
– Postimplementation support as specified.
4) Non-Functional Requirements (Targets)
– Availability: ≥99.9% monthly.
– Performance: Client logon <3s (LAN), internal submit-to-deliver P95 <30s.
– RTO/RPO: RTO ≤2 hours; RPO ≤15 minutes (DB replication/HA).
– Security: TLS 1.2/1.3; SPF/DKIM/DMARC; S/MIME support; RBAC and full audit.
5) Architecture Summary
– Primary DC: Client Access/Proxy, Mailbox role(s), Secure Email Gateway (SEG), Load
Balancers, Reverse Proxy/WAF.
– Secondary DC (DR): Passive/active mailbox replicas; warm SEG.
– Identity & Access: AD DS/GC, AD CS (LDAPS), MFA/IdP; conditional access via MDM.
– Networking & DNS: Split-brain DNS for coopbank.co.tz; public MX/A/TXT; authenticated
SMTP relay for apps.
6) Migration & Cutover
– Discovery/inventory (mailboxes, sizes, shared resources, permissions).
– Co-existence with Hybrid Exchange; staged moves; pilot groups.
– Blackout windows and rollback plan; hypercare post-cutover.
For more information download RFP