The URL can be used to link to this page

Home My WebLink About2006-26252 Reso RESOLUTION NO. 2006-26252 RESOLUTION OF THE MAYOR AND CITY COMMISSION OF THE CITY OF MIAMI BEACH, FLORIDA, APPROVING PURSUANT TO SECTION 2-367 (d) OF THE MIAMI BEACH CITY CODE, THE SOLE SOURCE PURCHASE OF THE ONESIGN SINGLE SIGN-ON DEVICE FROM IMPRIVATA, THE OWNER OF THE COPYRIGHTED DEVICE DESIGNED SPECIFICALLY TO HANDLE SINGLE SIGN-ON TO THE CITY'S NETWORK AND APPLICATIONS WITH IMPROVED STRONG PASSWORD SECURITY, IN THE AMOUNT OF $ 89,368.00. WHEREAS, pursuant to Section 2-367 (d) of the Miami Beach City Code, the City may enter into contracts for goods and/or services where only one source for the product or service is evident; and WHEREAS, the ongoing securing of the City's network infrastructure is requiring that the City establishes and improves its methodology for handling sign- on for enterprise applications; and WHEREAS, the City desires to also incorporate improved strong password security; and WHEREAS, the Information Technology (IT) Department has determined that the Imprivata OneSign Single Sign On / Applications Profile Generator (SSO/APG) is the most robust with regards to scalability and availability; and WHEREAS, the Imprivata OneSign solution is an enterprise class SSO/APG appliance that will assist the City in effectively solving both secure password management and user access issues; and WHEREAS, using proprietary technology, OneSign will enable the City to have a more secure, seamless SSO/APG to all applications, eliminating the need for customized scripting or integration; and WHEREAS, with OneSign, password policy implementation will be automated, simplifying security compliance with built in monitoring and reporting for all user application access activities; and WHEREAS, Imprivata is the owner of this copyrighted software, and would therefore be a "sole source"; and WHEREAS, the Administration has complied with the documenting requirements for sole source purchases, pursuant to Section 2-367 (d) of the Miami Beach City Code. NOW, THEREFORE, BE IT DULY RESOLVED BY THE MAYOR AND CITY COMMISSION OF THE CITY OF MIAMI BEACH, FLORIDA that the Mayor and City Commission hereby approve, pursuant to Section 2-367 (d) of the Miami Beach City Code, the sole source purchase of the OneSign Single Sign-on Device from lmprivata, the owner of the copyrighted device designed specifically to handle single sign-on to the City's network and applications, in the amount of $89,368. PASSED and ADOPTED THIS 12th day of July ,2006. ATTEST: !Ukt.-td' r CU{~ .~ ....~...~.) , ~ ,.1' . _ _ ;:- _ .. .L CITY CLERK Robert Parcher Vice-Mayor Jerry Libbin T:\AGENDA\2006\sep0606\Regular\OneSign Single Sign-On Devlce.doc APPROVED AS TO FORM & LANGUAGE & F EXECUTION 7 /23 )V~ Oat COMMISSION ITEM SUMMARY Condensed Title: Purchase of the Onesign SSO/APG Imprivata solution. Ke Intended Outcome Su orted: Improved process through Information Technology Issue: Shall the City Commission authorize the sole source purchase of the Onesign Single Sign On device from 1m rivata Cor oration? Item Summary/Recommendation: As a result of the IT department's ongoing effort to harden and secure the Cities network infrastructure, they have evaluated several products that provide for enhanced security in the areas of strong password usage and single sign-on (SSO) capabilities for enterprise applications, and determined that the Imprivata Onesign SSO/APG offering was the most robust with regards to scalability and availability. The Imprivata@ OneSign ™ solution is an enterprise class SSO (Single Sign-On) appliance that will assist the City of Miami Beach in effectively solving both secure password management and user access issues. Using proprietary technology, OneSign will enable the City to have a more secure, seamless SSO to all applications, eliminating the need for customized scripting or integration. With OneSign, password policy implementation will be automated, simplifying security compliance with built in monitoring and reporting for all user application access activities. The OneSign solution is also capable of integration with multiple authentication methods such as strong passwords, ID tokens and potentially finger biometrics. The Administration recommends that the Mayor and City Commission adopt the attached resolution, approving the sole source purchase of the OneSign SSO/APG Secure Appliance Device from Imprivata, the owner of the copyrighted hardware designed specifically to handle the strong password management and single sign-on capability for the City IT infrastructure. Advisory Board Recommendation: I N/A Financial Information: Source of Amount Account Approved Funds: 1 $89,368 550-0640-000674 D 2 3 4 OSPI Total Financial Impact Summary: The purchase of this product is being funded by Technology fund dollars that have been made available in the IT department's capital account. Ci Clerk's Office Le islative Trackin : Gladys Acosta, Information Technology Director Si n-Offs: Department Director Assistant City Manager ager T:\AGENDA\2006~uI1206\consentllmprivata Commission Summaryrev1.doc m ~ MIAMI BEACH AGENDA ITEM DATE e..7L 7 ---I n2 -(}b m MIAMI BEACH City of Miami Beach, 1700 Convention Center Drive, Miami Beach, Florida 33139, www.miamibeachfl.gov COMMISSION MEMORANDUM TO: Mayor David Dermer and Members of the City Commission FROM, Jorge M. Gonzalez, City Manager ~,vf DATE: July 12, 2006 U SUBJECT: A RESOLUTION OF THE MAYOR ANO CITY COMMISSION OF THE CITY OF MIAMI BEACH, FLORIDA, APPROVING PURSUANT TO SECTION 2-367(0) OF THE MIAMI BEACH CITY CODE, THE SOLE SOURCE PURCHASE OF THE ONESIGN SINGLE SIGN-ON OEVICE FROM IMPRIV AT A, THE OWNER OF THE COPYRIGHTEO DEVICE OESIGNED SPECIFICALLY TO HANOLE SINGLE SIGN-ON TO THE CITY'S NETWORK ANO APPLICATIONS WITH IMPROVED STRONG PASSWORD SECURITY, IN THE AMOUNT OF $89,368. ADMINISTRATIVE RECOMMMENDA TION Adopt the Resolution. FUNOING $89,368 Funding is available from Information and Technology 550-0640- 000674 Capital Account. ANAL YSIS As a result of the IT department's ongoing effort to harden and secure the Cities network infrastructure, I.T. Staff evaluated several products that provide for an enhanced level of security in the areas of strong password usage and single sign-on (SSO) capabilities for enterprise applications, and determined that the Imprivata Onesign SSO/APG offering was the most robust with regards to scalability and availability. The Imprivata@ OneSign TM solution is an enterprise class SSO (Sing/e Sign-On) appliance that will assist the City of Miami Beach in effectively solving both secure password management and user access issues. Using proprietary technology, OneSign will enable the City to have a more secure, seamless SSO to all applications, eliminating the need for customized scripting or integration. With OneSign, password policy implementation will be automated, simplifying security compliance with built in monitoring and reporting for all user application access activities. The OneSign solution is also capable of integration with multiple authentication methods such as strong passwords, ID tokens and potentially finger biometrics. As the City of Miami Beach organization grows, or the number of users increases, subsequent OneSign appliances could potentially be plugged in to the network (if required) for distributed SSO enablement. This essentially equates to a solution that is both functional and scalable. Net benefits to the City include increased employee productivity and enhanced password security across the enterprise. Additionally, ongoing management and administrative overhead is minimal; OneSign runs virtually maintenance-free, and software updates are simple to deploy. Shipped in a secure redundant pair configuration for availability, the OneSign appliance provides seamless, synchronized back-up and hot failover. This combination of technology and packaging innovation offers an alternative to older, more intrusive SSO approaches that have proven unwieldy, time-consuming, and cost-prohibitive to implement and maintain in the long run. The OneSign appliance will allow the City to potentially benefit from an increased level of security and secure single sign-on to all enterprise applications; whether they are legacy, client-server or Web-based. CONCLUSION The Administration recommends that the Mayor and City Commission adopt the attached resolution, approving the sole source purchase ofthe OneSign SSO/APG Secure Appliance Device from Imprivata, the owner of the copyrighted hardware designed specifically to handle the strong password management and single sign-on capability for the City IT infrastructure, in the estimated amount of $89,368.00 which equates to approximately a 50% discount off of normal list pricing. T:IAGENDA\2006~uI1206\consent\lmprivata CM - 26JUN2006rev1.doc III D imprivata~ June 16,2006 Gladys Acosta Miami Beach IT Department Miami Beach, FL 33140 Ms. Acosta, Imprivata is the only vendor that provides an appliance-based Single Sign-on solution, designed for public and private industries, to simplify application access and improve password security. This software program is called OneSign. OneSign's specific capabilities include: · Linux-based appliance · Does not modify or extend Directory schema · Non-scripting approach to enable applications for Single Sign-on · Automated login to applications for users · Self-Service Network Password Reset · Enforce Strong Password Policies · Audit, Reporting, and Logging · No change to end-user network login process OneSign's unique Application Profile Generator (OneSign APGTM) technology eliminates the expensive, time- consuming task of having to develop custom scripts or modify application code in order to SSO-enable applications. The OneSign APG provides a simple, secure mechanism for automating the single sign-on of enrolled users to ALL enterprise applications - out of the box. Multiple passwords and application logon events are replaced with a single, secure centrally managed user logon, significantly reducing the intemal IT burden and password-related risk while maximizing users' productivity. OneSign dynamically distributes updates without needless intelTUption or network downtime - no administrative intervention is required. Technology iImovation with the OneSign APG makes the process of mall aging SSO applications easy. Using breaktln.ough technology, the OneSign appliance provides an easy, smart and affordable solution for organizations that need to quickly and effectively solve password management and security issues. Our product helps all size organizations rapidly realize the benefit of increased productivity and reduced cost from secure single sign-on to all enterprise applications; whether they are legacy, client-server or Web-based. Some OneSign Government Customers are: · Arnold Air Force Base · Fairchild Air Force Base · Collin County in TX · Probation, Pardon and Parole of South Carolina · Maryland Department of Transportation Ensures implementation affair and consistent hiring practices Sincerely, ~c:0~ Peter Luscko Territory Manager Imprivata 10 Maguire Road Bldg. 2 Lexington, MA 02421.3120 v (7B1) 674 2700 f (781) 674 2760 www.imprivata.com IB il imprivata1 Executive Summary Imprivata@ OneSign ™ is an easy, smart and affordable enterprise SSO appliance that helps organizations quickly and effectively solve password management and user access issues. Using breakthrough technology, One Sign enables secure, seamless SSO to all applications, eliminating the burden and expense associated with customized scripting or integration. With OneSign, password policy implementation is automated, simplifying compliance with built in monitoring and reporting for all user application access activities. Effortless integration with authentication methods such as strong passwords, 10 tokens and finger biometrics leverages and extends existing security investments. As organizations grow, or the number of users increases, subsequent OneSign appliances can be plugged in to the network for distributed SSO enablement. Net benefits to customers include dramatically reduced costs, increased employee productivity and enhanced password security. Today, Imprivata's OneSign solution helps customers from a broad range of industries rapidly gain increased productivity and reduced costs from secure single sign-on to all enterprise applications -legacy, client-server or Web-based. 1. Breakthrough Technology Breakthrough technology provides the foundation for our high functionalityllow cost value proposition. OneSign's unique Application Profile Generator (OneSign APGTM) technology eliminates the expensive, time-consuming task of having to develop custom scripts or modify application code in order to SSO-enable applications. The OneSign APG provides a simple, secure mechanism for automating the single sign-on of enrolled users to ALL enterprise applications - out of the box. Multiple passwords and application logon events are replaced with a single, secure centrally managed user logon, significantly reducing the internal IT burden and password-related risk while maximizing users' productivity. OneSign dynamically distributes updates without needless interruption or network downtime _ no administrative intervention is required. Technology innovation with the OneSign APG makes the process of managing SSO applications easy. 10 Maguire Road Bldg. 2 lexington, MA 02421-3120 v (781) 674 2700 f (781) 674 2760 www.imprivata.com . !] imprivata' 2. Easy to Use and Manage Solution Integrating Imprivata OneSign with your environment is quick and painless. Product installation including set up, configuration, and deployment is accomplished in just a few short days. Once installed, powerful technology takes over to intuitively manage SSO application enablement and the user authentication process. Ongoing management and administrative overhead is minimal; OneSign runs virtually maintenance-free, and software updates are simple to deploy. Shipped in a secure redundant pair configuration, the OneSign appliance provides seamless, synchronized back up and hot failover. This combination of technology and packaging innovation offers a long-awaited alternative to older, more intrusive SSO approaches that have proven unwieldy, time-consuming, and cost-prohibitive to implement. III. OneSign Key Benefits Using breakthrough technology, the OneSign appliance provides an easy, smart and affordable solution for organizations that need to quickly and effectively solve password management and security issues. Our product helps all size organizations rapidly realize the benefit of increased productivity and reduced cost from secure single sign-on to all enterprise applications; whether they are legacy, client-server or Web-based. 1. Radically Easy Implementing and managing OneSign in your environment is extremely fast and simple. Our intelligent APG technology does all of the work required to SSQ-enable all of your enterprise applications - right out of the box. There are no scripts to write, no connectors to build, and no extensive and expensive custom integration efforts to manage. OneSign's award-winning user interface is easy to navigate and the fact that users don't have to be re-trained or forced to acclimate to a new desktop environment saves time and money. Automatic updates of SSO agent software simplify deployments without administrative overhead. With OneSign, you get an easy to use, easy to manage enterprise SSO appliance that dramatically reduces IT support overhead and maximizes employee productivity. 10 Maguire Road Bldg. 2 Lexington, MA 02421-3120 v (781) 6742700 f (781) 674 2760 www.imprivata.com IIIl Il imprivata' Specific examples include: SSO-enable ALL applications using drag and drop Application Profile Generator Requires no additional scripting (VB) or custom development No user training required, no change to user desktop experience User convenience with one strong password/token/biometric/smart card/proximity card facilitating access to all apps Installation accomplished in 3-5 days 2. Simply Smart OneSign is a hardened enterprise SSO appliance built on patent pending technology that is smart enough to do the work for you. Our technology automates password policy implementation, configuring support for unique application passwords 'behind-the-scenes' to ensure user protection and minimize the risk of an unauthorized security breach. It is also smart enough to know when new versions, applications or security policies have been added to the server, and automatically handles the updating for you. And it can even recognize multiple users sharing one workstation. Our unique directory-independent approach allows you to import users from other directories and distribute changes to ALL users, regardless of directory. Built-in monitoring furnishes an accounting of who accessed which applications and when, providing details that can be used to strengthen security and enforce regulatory compliance across all applications. Because OneSign technology enables distributed SSO - secure sessions are tied to the user and not individual machines. With built-in support for strong authentication modalities such as password, ID tokens and finger biometrics, OneSign offers a smart and effective way to leverage existing investments as part of your SSO security policy initiatives. For additional reliability, Imprivata uses a secure redundant pair configuration to provide seamless, synchronized database back up for failover recovery. Specific examples include: APG enables secure and seamless access to ALL applications, without requiring any modifications to existing code. Intelligent Agent automatically updates whenever new version, new applications or new security pOlicies are detected on the server Client side monitoring and reporting: which users accessed what apps, and when Shared workstation supports multiple SSO sessions in shared PC environment Support for Telnet and Command line applications Support for multiple JVMs 10 Maguire Road Bldg. 2 Lexington, MA 02421.3120 v (781) 674 2700 f(781) 674 2760 www.imprivata.com . IJ imprivata' 3. Uniquely Affordable Bottom line savings accrue immediately when you purchase OneSign. Our self-contained Enterprise SSO appliance delivers all of the functionality you need to rapidly implement secure SSO in your organization, regardless of environment or number of users. Breakthrough innovation with APG technology eliminates all of the costly, custom integration work usually required to SSO-enable applications, saving budget and reducing overhead. And when new versions, applications or security policies are added to the server, our Intelligent Self-Updating Agent automatically handles the updates, eliminating any work on your part. Any changes to policy, applications or user profiles can be administered and transparently applied in a matter of minutes from the administrator's console, so users remain productive. A OneSign purchase provides real return on investment, paying for itself by reducing the costs associated with employee downtime and costly helpdesk intervention. Average installations are completed in 3-5 days and ongoing management is minimal. Specific examples include: Affordable, easy to use and manage ESSO appliance APG . requires no additional scripting (VB) or custom development Intelligent Self-Updating Agent - requires no additional work when whenever new version, new applications or new security pOlicies are added Self-service password management option eliminates costly password reset calls to the helpdesk Installation accomplished in 3-5 days 10 Maguire Road Bldg. 2 lexington. MA 02421-3120 v (781) 674 2700 f (781) 674 2760 www.imprivata.com ~'~"'''--"''""---=''''''<'~-_''''~->'>_'''''M'~~_~"___'.'~"'"'"_' ... PL0607061600 . Proposal Date: June 7, 2006 .. imprivata~ == Provided For: City of Miami Beach 10 Maguire Rd. Suite 210 1100 Washington Ave. 4th Floor Lexington, MA 02421 Miami Beach, FL 33139 1-877- ONE-SIGN I Fax 781-674-2730 Account Manager Peter Luscko (781) 674-2717 cleblanetBlimorivata com IInto lIsers Unit Extended Tota Qtv Part No. DescriDlion Price Price Disct $ Oisct% Price Licenses 1 OS-016ooU-US OneSign 1600 User Appliance Sem $60.800.00 $60.800.00 $21.280.00 35.0% $39.520.00 1 OS-SSPW-016ooU.US OneSign 1600 User SSPW Management $15.200.00 $15,200.00 $5,320.00 35.0% $9.880.00 TOTAL License Fees $76,000.00 $26,600.00 $49,400.00 Maintenance 12 SUPG30-US OneSign ESSO Annual Gold Maintenance' $1.90000 $22,800.00 $0.00 $22,80000 ( Monthly Rete' # Months) TOTAL Maintenance Fees $22,800.00 $0.00 $22,800.00 Equipment 1 OS-STDBY-ALL-U OneSign Standby Appliance" $4,995.00 $4.995.00 $0.00 $4.995.00 12 HDW-STM-FPSC-0001 Upek TouchChip USB Fingerprint Reader (ee) $129.00 $1,548.00 $0.00 $1,548.00 TOTAL Equipment Fees $6,543.00 $0.00 $6,543.00 Services 5 TR-ONSITE-SVCS- T&E OneSign On-Site Install per day (including T&E) $2.500.00 $12,500.00 $1,875.00 15.0% $10.625.00 TOTAL Services Fees $12,500.00 $1,875.00 $10,625.00 Comments Customer Accepted and Agreed Name; Prices are valid for 30 days from Quote Date. Title: Sales tax ( if applicable) and freight to be added. Phone: F.O.B: Origin Payment Tenns: Net 30 Days Date: # Appliance sets include both a Primary and Failover Appliance ## Includes T&E, HQ visit expenses are responsibility of the customer Maintenance must be purchased at time of sale ,. Only customers with a maintenance contract are eligible to purchase the test and/or cold standby appliance.