Вы находитесь на странице: 1из 26





Subject of the Tender:

The purpose of this Request for Proposal (RFP) is to specify the requirements for the communication services, voice telephony and data services, the associated devices and the installation of the equipment for upcoming building. Additional project management, implementation, support and maintenance services may be required by the customer and in that case should be addressed by the Bidder/contractor.

The existing network:

There is no existing network in place with regard to active components. Only electrical and passive are in place.

The Government wants to develop a fully functional network infrastructure for their new upcoming building. The network infrastructure should be state of art and equipped with the latest technology.

General Requirements:
The Bidder should provide a fully integrated end-to-end solution. The bidder must propose the scope of work approved by the relevant technology vendor. A letter from the technology vendor must be attached indicating that the contractor/subcontractor will be responsible for the implementation, installation, configuration, and testing of his product with all of its life cycle. The integration between different software systems should be guaranteed and be clearly documented with complete tasks, procedures, and steps. The Bidders proposed solution architecture must guarantee high availability and scalability. Security implementation consists of multiple interrelated components. All these components have to be fully integrated all together to guarantee smooth functioning. The Bidder will build the solution architecture based on the requested quantities as the minimum to be offered. The Bidder must provide full details of the utilization of the hardware proposed (describe the software running on each server). The Bidder must include in the proposal the complete Bill of material of each system required. According to Bidders solution architecture and servers sizing, the Bidder must propose servers models based on the technical specifications as minimum specifications. The bidder must identify clearly the warranty such that it is 1 year for devices and 1 year for the software components.

IT-3/21 A dedicated project manager with a proven experience in managing large-scale projects should be identified. The bidder should also state his procedures including escalation metrics. The bidder must mention the implementation plan. This plan must not exceed 20 Weeks from the date of award notice. Bidder must propose training plan for the technical staff covering all the components offered at the proposed solution. Part numbers of each item should be clearly stated. It is the responsibility of the bidder to provide any necessary hardware/software components necessary to provide a turn-key solution. Bidder must illustrate capabilities and structure of the operation team. Bidder proposal must be based on the table mentioned below as the minimum requirements. (team structure and relevant experience)

Baseline Requirements for Active Network Devices

Core Switches

Single modular, scalable chassis with at least 9 slots. The switch should provide redundancy in switch fabric with a few seconds fail over capability. The switch should have redundant hot swappable, Load-sharing power supplies The switch must support integration with new technologies like IP Telephony & Wireless communication Switching fabric is at least 700 Gbps with forwarding rate up to 100 Mbps The switch should support 32 10 Gigabit Ethernet ports. Equipped with at least: o 48 10/100/1000 Base-TX RJ-45 non-blocking ports distributed on at least three different modules for Servers, routersetc. Main Features o Layer 2 Switching, Layer 3 Routing and Layer 2-4 Filtering o Support Routing protocols as Static routes, RIP , OSPFv2, BGPv4 and IS-IS or equivalent mechanisms o 802.1Q VLAN encapsulation o 802.1ad Link Aggregation o Up to 4K VLANs o Bandwidth aggregation up to 16 Gbps o Internet Group Management Protocol version 3 (IGMPv3) snooping o IEEE 802.1D Spanning-Tree Protocol and IEEE 802.1w rapid reconfiguration of spanning tree and IEEE 802.1s multiple VLAN instances of spanning tree and Per VLAN Spanning tree Protocol


Quality of Service o IP differentiated service code point (DSCP) and IP Precedence o Classification and marking based on IP type of service (ToS) or DSCP o Classification and marking based on full Layer 3 and Layer 4 headers o Support for four queues per port o Support a Congestion-avoidance feature such as Dynamic Buffer Limiting (DBL) or equivalent Security Features o Wire rate Access Control Lists o 802.1x authentication with port security or VLAN assignment o TACACS+ and RADIUS authentication Support o MAC address filtering based on Source and Destination Address o IGMP filtering on access and trunk ports o SSHv2 and SNMPv3 for secure remote access, file transfers, and network management o Dynamic Address Resolution Protocol (ARP) inspection o Private VLANs (PVLANs) on access and trunk ports Redundancy: o Support 1+1 management module redundancy o 1+1 Power-Supply redundancy. o Hot-swappable modules and Power Supply o Virtual Router Redundancy Protocol (VRRP) or any equivalent protocol. o Removable fabric-redundancy modules on the passive backplane to switch traffic to the active management module Management Features o Single console port and single IP address to manage all system features o SNMPv1, v2, and v3 instrumentation, delivering comprehensive in-band management o Remote Monitoring (RMON) software agent and CLI-based management console o Software upgrades by downloading from TFTP Server Operating power supply requirements 220 VAC, 50 HZ. Rack mounted 19 hardware appliance The proposed switch should be supplied with the latest operating system software, user and installation manuals as soft-copies (Original CDs), console cable, power cables, rack mounted accessories


Core Router

Router should be a multiservice chassis based modular router with Voice video and data capabilities. The service performance engine should be modular. It should be powered by high-performance multicore processors. It should be equipped with at least 2 10/100/1000 Base T Ethernet Interfaces. Router should be embedded with IP security with SSL VPN hardware acceleration It should have Multi Gigabit Fabric for efficient module-to-module communication. Equipped with high speed 4 port serial interfaces for wan connectivity. Redundant power supplies. Router should be equipped with intelligent power management to control power to the modules based on the time of day. It should have services integration and modularity on a single platform to perform multiple functions, optimizing consumption of raw materials and energy usage Integrated mini-B USB console port The router should support following protocols o BGP o OSPF o EIGRP o ISIS o RIP PBR IGMP The router should support following security features o Firewall o SSL VPN o DMVPN o IPS o Get VPN o IP Sec The router should support following Unified Communication features o Cube o SRST o Voice Gateway o CUCME o DSP o VXML The router should support following Data features o MPLS o BFD o RSVP

o L2VPN o L2TPv3 o IP SLA


Access Switch Specification

Access switch should be equipped with 24 10/100/1000 POE Ports. Access switch should feature wire-speed 10 Gigabit Ethernet uplink ports for high-bandwidth applications It should support PoE configurations with 15.4W of PoE on all 24 ports It should have integrated 2 10 Gigabit Ethernet uplinks with 10 G network module adopters It should have field-replaceable 750WAC power supply and fan tray It should have a minimum of 65-Gbps, wire rate backplane Layer 2/3 support It should have atleast 1000 VLAN support, with atleast 1000 SVI support. It should support at least 4000 MAC Address Support It should have advanced quality of service (QoS), with rate-limiting feature. The switch should feature ACLs, and basic static and Routing Information Protocol (RIP) routing capability. Ii should support advanced hardware-based IP unicast and multicast routing, Enhanced Interior Gateway Routing Protocol, Open Shortest Path First, Border Gateway Protocol & Independent Multicast (PIM)

Intrusion Detection and Prevention System

This system should prevents malicious activity, including worms, directed attacks, distributed denial of service attacks, reconnaissance, and application abuse. It should have modular inspection capabilities. It should be capable to detect networks behavioral anomalies, and mitigates attacks to zero day attack. It should support unprecedented threat management. It should have the capability to calculate a real-time measurement of risk for every event. It should have a multidimensional algorithm that combines attack and attacker details with live global and network knowledge to produce a calibrated risk measurement.

The system should record live, in-depth information on every alert with packet-level detail before, during, and after each event.


It should have a throughput of atleast 250 Mbps. It should support following operational modes o Passive sniffer o Inline bridge o Inline Proxy-ARP

Inline router

It should support detection mechanisms including Stateful Signatures and backdoor detection It should have atleast 4-port GE Copper interfaces with bypass Integrated bypass for copper gigabit traffic ports, load sharing, clustering and 3rd party failover.

Firewall Specification

Firewall should be Hardware based with High availability support It should have modular architecture with throughput of upto 450Mbps Firewall should be equipped to support more than 200,000 concurrent sessions with VPN throughput of upto 225 Mbps It should hold at least 4x 10/100/1000 Base T Modules with at least 1 management interface Firewall should be capable of handling 150 Virtual Interfaces. Support for more than 500 IP sec VPN Peers It should have multibus architecture It should be able to operate efficiently above 35 Degree Centigrade It should have the Common Criteria EAL4+ US DoD Application-Level Firewall for Medium Robustness GUI based configuration manager Verbose syslog, and Simple Network Management Protocol (SNMP) support. Rack mountable 1 RU chassis Intuitive GUI and Simplified Ease-of-Use It should have hierarchical maps with virtual domains & policy management templates. It should support corporate wireless service for mobile and remote workers with secure wired tunnels.

Wireless Controller Specifications

IT-8/21 It should have the capability to extend the corporate network to remote locations with minimal set up and maintenance requirements It should support separate SSID tunnels for both corporate and personal Internet access. Robust Wireless Security and Network Protection It should have the capability of Wireless LAN Intrusion Protection It should have secure access with client troubleshooting and non-wi-fi Interference Detection. The system should offer control and provisioning of Wireless Access Points compliant DTLS encryption. It should have Command-line interfaces such as Telnet, Secure Shell (SSH) Protocol, serial port with RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs. It should have Integrated High Accuracy Context-Aware Information Customizable Secure Wired and Wireless Guest Access with Standalone Access Point Migration and Monitoring. It should support Voice over WLAN with Green Initiatives The system should have non-blocking performance for 802.11n networks.

Wireless Access Point Specifications

Maximum transmit frequency of 2.4 Ghz with 23dbm antenna. The access point should support 802.11a/b/g/n. Minimum MTBF should be above 300,000 hrs. Each access point should support following data rates o 802.11a: 6, 9, 12, 18, 24, 36, 48, and 54 Mbps o 802.11g: 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54 Mbps o 802.11n data rates (2.4 GHz and 5 GHz) It should have following interfaces o 10/100/1000BASE-T autosensing (RJ-45) o Management console port (RJ45) It should have advanced encryption standards (AES), Temporal Key Integrity Protocol (TKIP) Each access point should support the following EAP type Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) EAP-Tunneled TLS (TTLS) or Microsoft Challenge Handshake Authentication Protocol Version 2 (MSCHAPv2) o Protected EAP (PEAP) v0 or EAP-MSCHAPv2 o Extensible Authentication Protocol-Flexible Authentication via Secure Tunneling (EAPFAST) o PEAPv1 or EAP-Generic Token Card (GTC) o EAP-Subscriber Identity Module (SIM)
o o

Each Access Point should support Wi-Fi Multimedia (WMM)

Network Manager


Manage the health and availability: This product must manage the operating systems and provides basic status management on all infrastructure elements such as network devices, business applications and database systems. Powerful auto-discovery: It must build a database with information on system elements and populates 2D and 3D system dynamic visualizations. Historian: to keeps you informed with past events and object status whereas predictive management capabilities inform you about possible bottlenecks in your systems and applications in future to take automated actions to avoid them. Portal technology: that will provide personalized intuitive information and reporting for both technical and business focused administrators. Perform a business service: For example, information can be gathered from, Linux, UNIX and Windows and brought together to a single management station. Accessing data is one of the most error prone and time-consuming elements of end-to-end application performance. Thats why monitoring of databases such as Microsoft SQL, Oracle, Sybase and others is a critical component of the network/systems picture Improves problem resolution time : by reducing down time and slow downs and improving the overall service Distribution Intelligence : to review, predict & prevent problems Industry-leading : by visualization and reporting that simplifies the complexity of the IT infrastructure, including Java-based GUIs, 2D, 3D, portal & hyperbolic views Event Monitoring and Correlation Group similar items in one view for administrators, DB , Systems and Network component to facilitate administration views Management: it must Provide end-to-end management of LAN, WAN, and VLAN networks. Management: of TCP/IP, IPX, Frame Relay, and switched networks. Unified and Integrated solution with a Uniform interface Smooth integration with all offered solutions Same look and feel for all solutions Solution is preferred to use a single vendor product family The NMS should provide common database interface to connect to single CMDB. Integration with any other element management solutions.

Server Farm Switch

Switch should be equipped with 48 10/100/1000 Ports with 2 ports of wire-speed 10 Gigabit Ethernet. It should features ternary content addressable memory with atleast 64000 entries. Support for concurrent provisioning of services such as quality of service and security. It should have Dual Redundant Power Supplies and Removable Fan Tray 136-Gbps switching fabric with a forwarding rate of 102 million packets per second in hardware for Layer 2 to 4 traffic

IT-10/21 It should have Express Forwarding routing architecture for increased scalability and performance. It should be equipped with a single, dedicated 10/100 console port and a single, dedicated 10/100 management port for offline disaster recovery. It should support atleast 1450 instances of Spanning Tree Protocol This switch should feature more than 1800 Virtual Interfaces (SVIs) It should have quality of service hardware and security entries of more than 30,000 with more than 50000 MAC addresses. It should support Per-VLAN Spanning Tree and VLAN IDs of upto 4000 The switch should feature active VLANs of atleast 3000. Web based management tool Switch should support Standard Layer 3 image, including Routing Information Protocol Version 1 (RIPv1), RIPv2, static routes, and Enhanced Interior Gateway Routing Protocols. It should support more than 20000 multicast entries.

Video Surveillance System Specification

System should be supported IP infrastructure Video Surveillance should monitor the status of the video surveillance network and devices Additional features will be required like proactive system monitoring for temperature, fan speed, voltages, and memory usage. Visual alerts, actions, and emails can be sent to warn the administrator before problems occur System should be capable enough to provide database Backup and restore System should equipped with minimum 2 Ethernet LAN Interfaces E.264 Encoding/decoding Support should be available Support for Multi Vender IP base Cameras Remote Management for each Camera installed on different location based on site location High level administrative security Software for System should multi platform Operating System supported.

Video Camera Specification

Offered Cameras should be Feature-rich digital cameras Maximum resolution at 30fps should be 1920x1080 Multi focus Lenses support

IT-11/21 H.264 Compression Support Cameras should support hardware-based Advanced Encryption Standard (AES) Features like, Event notification, Day/night operation, Optional USB memory card, Flexible power options, mounting options should be available in offered Cameras

Antivirus System
Endpoint Security Features Required Antivirus/Antispyware Desktop Firewall Intrusion Prevention Generic Exploit Blocking Device & Application Control Antivirus for Macintosh Antivirus for Windows Mobile Network Access Control self enforcement

Messaging Security Antispam/Antiphishing Reputation based spam filtering Content Filtering/ Compliance Data loss prevention Backup & Recovery Backup live desktops & laptops Threat driven backups Hardware & Users Management Server Component Requirement


System Hardware CPUs = 2 x 2.8 GHz or more Quad core CPU Memory (RAM) Chassis Minimum: 4 GB; Recommended: 8 GB. 2u Rack Mountable

System Software Microsoft Windows 2008 Server Standard edition Hard Drive Space 80GB 3G SATA 2.5in MDL SSD x1 NIC Dual Port GIG NIC Card

Minimum endpoint users support=

360, extendible to 600

Active Directory Server

Server Requirements and Technical Specifications Component Requirement

System Hardware CPUs = 2 x 2.8 GHz or more Quad core CPU Chassis Memory (RAM) 2u Rack Mountable Minimum: 4 GB; Recommended: 8 GB.

System Software Microsoft Windows 2008 Server Standard edition

IT-13/21 User License 360 Cals

Hard Drive Space 80GB 3G SATA 2.5in MDL SSD x3 NIC Dual Port GIG NIC Card

Proxy Server
The system should support Firewall generated forms for forms-based authentication with remote access to Terminal Services using SSL Web Access Publishing support Branch Office VPN Connectivity Wizard with Filtering and inspection for VPN SecureNAT client support for VPN clients connected to VPN server Stateful filtering and inspection for communications moving through a site-to-site VPN tunnel VPN Quarantine Publishing VPN servers IPSec tunnel mode support for site-to-site VPN links Ease of use management features Easy-to-use wizards Export and import of configuration data Delegated Permissions Wizard for firewall administrator roles Centralized logging and reporting Centralized storage of firewall policy (Configuration Storage server) Extensive SDK Broad vendor support Propagation of enterprise-wide policy Real-time monitoring of log entries Built-in log query facility

Real-time monitoring and filtering of firewall sessions Connection verifiers Report publishing E-mail notification after report creation Customized time for log summary creation


Enhanced SQL Server logging Multiple network configuration support Unique per-network policies Route and NAT network relationships Network Load Balancing Multi-layer firewall Application layer filtering HTTP filtering on a per-rule basis Block access to all executable content Control HTTP file downloads through file extension Control HTTP access based on HTTP Signatures Control allowed HTTP methods Extensive protocol support Support for complex protocols requiring multiple primary connections Customizable protocol definitions FTP policy Granular control over IP options Firewall user groups Network objects

Firewall rules represent an ordered list User-based or group-based access policy FTP support Port redirection for FTP server publishing rules Flood Resiliency Enhanced remediation during attack Firewall client credentials forwarded to the Web proxy service RADIUS support for Web Proxy client authentication Delegation of basic authentication SecurID authentication for Web Proxy clients Single sign-on Forms-based authentication Session management Support for LDAP authentication Secure Web publishing Path mapping for Web publishing rules Preservation of source IP address in Web publishing rules Link translation


Cross-Array Link Translation SSL bridging support Secure Web publishing Path mapping for Web publishing rules Preservation of source IP address in Web publishing rules Link translation

Cross-Array Link Translation SSL bridging support Hardware Requirement & Users Component Requirement


System Hardware CPUs = 2 x 2.8 GHz or more Quad core CPU Memory (RAM) Chassis Minimum: 4 GB; Recommended: 8 GB. 2u Rack Mountable

System Software Microsoft Windows 2003 Server Standard edition User License 360 Cals

Hard Drive Space 80GB 3G SATA 2.5in MDL SSD x3 NIC Dual Port GIG NIC Card

Minimum endpoint users support=

360, extendible to 600

Recording System
General Specifications:

Single box on a standard commercial server, all-in-one solution Support for TDM, VoIP and hybrid telephony environments Open, non-proprietary architecture Centralized configuration, storage and monitoring Rapid deployment and installation

Highly secured data encryption Full virtualization support for VMware Ease of use, intuitive web-based applications enabling call recording, archiving and playback Support for the following languages:


English French Japanese German

Modules Support:

The Business Performance Portal Business Analyzer Coaching Reporter Advanced Analysis Tools Rules Manager Administrative Tools Survey Manager User Administrator System Administration Lexicon Manager Capturing Audio and Screens The Audio Analysis Engine Call Flow Events Agent Screen Activity Customer Surveys

Tools Support:

Required Items: VOIP based Recording System with 100 user licenses DDS 3 USB Tape Driv

One year Support SLA

Hardware Requirement Component Requirement

System Hardware CPUs = 2 x 2.5 GHz or more Quad core CPU Memory (RAM) Minimum: 4 GB; Recommended: 8 GB.



Tower Casing

System Software Microsoft Windows 2008 Server Standard edition Hard Drive Space 146GB SAS drive x3 NIC Tape Drive Dual Port GIG NIC Card DDS4 USB Tape Drive with 20x24GB Tape Cartridges

PABX System

The system should provide multimedia call processing for all third-party clients/phones including TDM, IP and SIP. The system should incorporate the latest Linux, XML, SIP, and VXML technologies, and open standard practices such as QSIG, ITU-T H.323, CSTA, and SIP. The system should offer it offers highly reliable, real-time, carrier-grade performance solutions with an 98% uptime. It should have the capability to be fully integrated with the network infrastructure. The system should incorporate atleast 4 PRIs with scalability up to 10. The system should have the capability of incorporating minimum 360 and maximum upto 1000 IP/TDM extensions. The system should be a modular structure equipped with primary and auxiliary power supplies. The system should offer incoming/outgoing interaction management (voice, IM, presence) It should feature business communication service, conferencing and collaboration & call by name etc. The system should support following encoding standards o G.711 o G.723.1 o G.729A

IT-19/21 The system should send Notifications such as missed calls, new voice messages etc Each ext. should have voice mail support. It should have visual mailbox support. The system should be accompanied by 150 executive and 210 mid class IP Phones. The Telephones sets should allow the user to perform the following functions Record from the set:
o o

a standard greeting an alternate greeting the user name option recorded message

Offer an urgent delivery Confirmation to send

o Skip Greeting
o o

Autoplay of unheard/new Visual user interface with

messages sensitive keys on large screen hones

o Voice mail navigation to: rewind pause forward play

o Voice mail editing to Delete messages Save messages Reply messages

The system should offer call related The system should offer following o o o

Softkeys, call planning, notes, access to collaborative services.


Standard Business Communication Services Speed dialing Account code charging Appointment reminder Associate (definition, modification by user) Automatic call-back on busy trunk/bundle/network link Automatic call-back on free/busy extension Brokers call Call forwarding unconditional on busy/no reply to extension, hunt group, voice mail, operator, paging, etc. Call pick-up Call waiting indication Calling line identification restriction for internal calls Camp on busy telephone/hunting group/voice mail Conditional external forwarding (busy or no reply) Call waiting Controlled private call by PIN code and password (optional)



o o


according o o

Distinctive ringing to hierarchical levels Do not disturb General night service


Hunting group (fix head, cyclic, longest idle time, parallel) Immediate forwarding Individual hold Individual directory Internal/external music on hold Internal/external inquiry Intrusion Last internal/external number redial Local and external call Moving service Multiline appearance (MLA) Multiline selective forwarding call

o o o


o o o

o o o o o

Multiple conference calls Multiple call protection Multi-tenant services Speed dial numbers per entity Calling line identification Integrated auto attendant services per entity Calling line identification presentation (CLIP) per entity

o entity o o o o o

Greeting message per Music on hold per entity Night service per entity Over-dialing


Personal code modification Priority call Store and redial external number Substitution Three-party conference Transfer in conversation on free/busy telephone 29-party, meet-me conference Voice prompts on/off per telephone Voice message deposit on forwarded telephone Call-waiting pickup

o o


The system should offer following


advance business communication services presentation/restriction (CLIP/CLIR)

Calling line identification

o Digit-by-digit dialing mode

o o

End-block dialing (digit ISDN, H.323 or SIP ISDN mini-text messages

correction possible) identification (CLIP) converted into name (carrier-dependent)

o Malicious call identification


IT-23/21 with date, time and callback

Storage of unanswered calls

o Sub-addressing

The system should be equipped with

integrated automated attendant, personal automated assistant with context-sensitive greeting and synchronized greeting message Voice mail features

The system should have following o Automated attendant o Call transfer

o o o

Direct reply on receipt Greeting message according Immediate or supervised

message to user status transfers

o Message acknowledgment
o o

Message attributes: urgent, Message notification via prompt,

normal, private light, display, dialing tone, voice outgoing

o Multilanguage o Multi-user password


Networking protocols:

IMAP4, VPIM, Octelnet and Amis

o Private distribution lists


Shared mailbox: home, guest,

and assistant mailbox

o User-friendly interface

Note: The total no of IP Phones required are 260. The core system should be redundant which is represented by qty = 2 on top.


Visitor Management System

Supply and Installation of Visitor management System complete with RFID Cards, Printer, Labellers, Software and Hardware, complete in all aspects MAIN FEATURES Enterprise-class scalability from a single system to hundreds of SVM workstations can share a central database (SQL Server, Oracle or MSDE) Manage Visitors, Packages and Assets from a single application Automatically capture visitor data from license, passport or business card Capture multiple signatures for each Visitor, Package or Asset Capture multiple photos for each Visitor and Employee record Print Visitor and Employee badges in full color, by Category Integrated Custom Badge designer to augment hundreds of built-in templates Comprehensive Watch List feature with full support for government denied party lists and sex offender lists, and subscription-based online real-time screening Robust bar code functionality to automate check in and check out at individual SVM and Satellite stations, with support for wireless scanners Multiple, programmable security alerts with email/SMS notification Extensive support for multi-tenant building use (both commercial and residential) Customizable self-registration/Kiosk mode for unattended visitor registration and badging, with pre-registration enforcement and barcode check in and check out Dynamically updated Grid views for Visitors, Packages and Assets Broad range of pre-defined Crystal Reports, with wizard for custom reports Enterprise-class, central administration via our Administrator program Returning visitor function with biometric support for fingerprint and IRIS recognition


Access Control System

Supply and Installation of RFID based Access Control and Attendance System complete with all aspects along with centrally manageable Software, Cards, and Door Lock. BASIS FEATURES


Hardware Requirement & Users Component Requirement

System Hardware CPUs = 2 x 2.8 GHz or more Quad core CPU Memory (RAM) Chassis Minimum: 4 GB; Recommended: 8 GB. 2u Rack Mountable

System Software Microsoft Windows 2003 Server Standard edition

Hard Drive Space 80GB 3G SATA 2.5in MDL SSD x3 NIC Dual Port GIG NIC Card

Minimum endpoint users support= 100