1. Key Exchange Server Software - must meet the following salient technical characteristics: a. Maintain and support exchange the cryptographic keys between NCTD and its tenant railroads. b. Conform to the applicable AAR standards regarding the storage and retrieval of Operational Public Keys (OPKs) between railroads including, but not limited to, Section K, Part VI Electronics Environmental Requirements & Systems Management, ITCSM Interface Control Document for Interoperable Train Control, Standard S-9460 v1.0 or later. c. Conform to the PTC Security Architecture 2 (PSA 2) detailed in AAR Standard S-9008 v1.0 or later. d. Be designed to properly respond to the key exchange messages listed in the Meteorcomm Interoperable Train Control Systems Management (ITCSM) v2.x Interface Control Document or later. e. Should run on a Unix-based or Linux-based VMware virtual machine; other platforms may be acceptable. Consultant may propose other platforms to NCTD for review and approval. f. Support high availability and i. be tolerant of at least 1 node failure without impact to service ii. failover automatically (failover without requiring human intervention) 2. Remote Technical Support for Key Exchange Server Software a. Consultant will provide remote technical support for NCTD’s installation, configuration, testing, and production deployment. The remote technical support shall be available 24 hours a day, 7 days a week. b. NCTD shall install Consultant’s KES software on NCTD’s server Operating System (OS). The Consultant will advise on appropriate security configuration and patch level. c. NCTD’s initial set up, configuration, and testing is planned for NCTD’s lab environment. The lab testing must demonstrate KES is functional and verify: i. Consultant’s KES software successfully passes keys with NCTD’s tenant railroads ii. The KES software can fail over automatically d. Consultant will provide remote technical support for configuration of KES to maintain full compatibility with NCTD’s PTC System which currently includes: i. Wabtec BOS 5.x and later ii. Meteorcomm Interoperable Train Control Messaging (ITCM) 1.4.8 and later iii. Meteorcomm System Management Gateway (SMG) 2.0 and later e. Remote Technical Support Services also includes: i. Standard software support and maintenance, which includes, but is not limited to fixing software bugs, providing software updates, and 24/7 support in the event of issues that affect NCTD’s production PTC environment ii. Software Updates when applicable AAR standards are updated, to maintain interpretability, and/or when required for changes to operating system or security certificates. 3. Key Exchange Server Licensing a. The software shall be licensed to run in NCTD’s lab and production environments with automatic failovers. b. The Software Licensing shall be perpetual.
