Skip to main content

Permissions

Add user
Done

Start your AI search

AI search
Outbound call compliance Gamification for customer service Outsourcing services

How to write an RFP for virtual network

Requirements, questions, and evaluation criteria specific to virtual network procurement

6 min read

Virtual networking RFPs are critical because they lay the foundation for a modern, agile, and secure digital infrastructure. The shift from hardware-centric to software-defined networks requires a detailed and forward-thinking procurement process to avoid vendor lock-in and ensure scalability.

What makes virtual network RFPs different

Virtual networking RFPs differ significantly from general software RFPs due to the intricate technical dependencies and their impact on overall business operations. These RFPs must address complex integration requirements with existing infrastructure, security considerations related to data segmentation and access control, and the need for scalability to support future growth. Regulatory compliance, particularly around data privacy and security, adds another layer of complexity.

Furthermore, the transition to virtual networking often involves significant organizational change, requiring careful planning for training, support, and workflow adjustments.nnA key challenge lies in defining clear performance metrics and service level agreements (SLAs) that align with business objectives.

Unlike traditional hardware-based networks, virtual networks offer greater flexibility and programmability, but this also introduces new complexities in monitoring, troubleshooting, and optimization. RFPs must delve into the vendor's capabilities in these areas, including their use of AI and automation to manage network performance and security.

Finally, the long-term viability and roadmap of the vendor are critical considerations, as virtual networking solutions are often deeply integrated into the IT infrastructure and difficult to replace.

  • Scalability and elasticity to handle future growth and fluctuating workloads
  • Security features, including micro-segmentation and Zero Trust Network Access (ZTNA)
  • Integration capabilities with existing infrastructure and cloud platforms
  • Vendor's long-term roadmap and commitment to innovation

RFP vs RFI vs RFQ

Here's when to use each document type when procuring virtual network software.

RFI

Request for Information

Use early in your search to understand what vendors offer and narrow your list. Gather general capabilities, company background, and high-level pricing ranges.

RFP

Request for Proposal

Use when you know your requirements and want detailed vendor solutions and pricing. This is your main evaluation document for shortlisted vendors.

RFQ

Request for Quote

Use when requirements are fixed and you just need final pricing. Often used after RFP when you're ready to negotiate with finalists.

For virtual networking, an RFI is useful for initial research to understand available solutions and vendor capabilities. An RFP is essential for detailed technical and commercial evaluation, while an RFQ is less suitable due to the complexity and customization typically involved.

Technical requirements checklist

Use this checklist when defining your RFP scope.

Core Networking Functions

  • Virtual Switching and Routing
  • SD-WAN capabilities
  • Load Balancing
  • Traffic Shaping and QoS

Security Requirements

  • Micro-segmentation
  • Firewall and Intrusion Detection/Prevention
  • Zero Trust Network Access (ZTNA)
  • VPN and secure remote access

Management and Orchestration

  • Centralized Management Console
  • Automation and Orchestration Capabilities
  • API Integration
  • Reporting and Analytics

Cloud and Hybrid Cloud Support

  • Integration with major cloud providers (AWS, Azure, GCP)
  • Support for hybrid cloud deployments
  • Cloud-native networking features
  • Automated cloud provisioning

Performance and Scalability

  • Scalability to support future growth
  • Low latency and high throughput
  • Resilience and high availability
  • Support for diverse workloads

Questions to include in your RFP

Architecture & Deployment

  • Describe your solution's architecture, including the separation of control and data planes.
    Understanding the architecture is crucial for assessing scalability and security.
  • What deployment options are supported (on-premises, cloud, hybrid)?
    Ensures the solution fits your existing infrastructure and future plans.
  • How does your solution handle disaster recovery and business continuity?
    Critical for maintaining uptime and minimizing disruption.
  • Explain your approach to multi-tenancy and data isolation.
    Important for security and compliance in shared environments.

Security Features

  • Describe your solution's micro-segmentation capabilities and how they can be used to isolate sensitive data.
    Reduces the blast radius of security breaches.
  • How does your solution enforce Zero Trust Network Access (ZTNA)?
    Ensures only authorized users and devices can access network resources.
  • What firewall and intrusion detection/prevention features are included?
    Provides essential network security.
  • How does your solution integrate with existing security tools and platforms?
    Ensures seamless security management across the network.

Management & Orchestration

  • Describe your centralized management console and its key features.
    Simplifies network management and reduces manual errors.
  • What automation and orchestration capabilities are included?
    Automates routine tasks and improves efficiency.
  • Explain your solution's API integration capabilities.
    Enables integration with other systems and workflows.
  • What reporting and analytics features are available?
    Provides insights into network performance and security.

Cloud & Hybrid Cloud Support

  • How does your solution integrate with major cloud providers (AWS, Azure, GCP)?
    Ensures compatibility with your cloud strategy.
  • Describe your support for hybrid cloud deployments.
    Enables seamless connectivity between on-premises and cloud environments.
  • What cloud-native networking features are included?
    Optimizes network performance in cloud environments.
  • How does your solution automate cloud provisioning?
    Streamlines the deployment of network resources in the cloud.

Performance & Scalability

  • How does your solution scale to support future growth?
    Ensures the network can handle increasing demands.
  • What are the latency and throughput characteristics of your solution?
    Critical for performance-sensitive applications.
  • Describe your solution's resilience and high availability features.
    Minimizes downtime and ensures business continuity.
  • How does your solution support diverse workloads?
    Ensures compatibility with different types of applications and services.

Pricing & Licensing

  • Provide a detailed breakdown of your pricing model, including licensing fees, support costs, and any other associated charges.
    Understanding the total cost of ownership is crucial.
  • What are your licensing options (e.g., subscription, perpetual)?
    Allows you to choose the model that best fits your budget and needs.
  • Are there any hidden costs or fees associated with your solution?
    Avoids surprises and ensures accurate cost forecasting.
  • What are your overage policies and fees?
    Important for managing costs during periods of high demand.

Compliance and security requirements

Depending on your industry, you may need to require proof of these certifications and standards.

SOC 2 Type II

Required if handling sensitive customer data. If applicable, request the latest SOC 2 Type II report.

ISO 27001

Required for organizations requiring a robust information security management system. If applicable, request ISO 27001 certification and scope of certification.

GDPR

Required if processing data of eu citizens. If applicable, request information on GDPR compliance measures and data residency policies.

HIPAA

Required if handling protected health information (phi). If applicable, request a Business Associate Agreement (BAA) and documentation of HIPAA compliance.

PCI DSS

Required if processing credit card information. If applicable, request PCI DSS Attestation of Compliance (AOC).

Evaluation criteria

Here is the suggested weighting for virtual network RFPs.

Functionality Fit How well the solution meets the stated requirements.
25%
Security Capabilities Strength of security features and compliance with industry standards.
20%
Scalability and Performance Ability to handle future growth and maintain performance under load.
15%
Integration Capabilities Ease of integration with existing infrastructure and cloud platforms.
15%
Total Cost of Ownership Implementation, licensing, and ongoing maintenance costs.
10%
Vendor Viability and Roadmap Financial stability and commitment to future innovation.
10%
Ease of Use and Management Intuitive interface and streamlined management tools.
5%

Red flags to watch

  • Lack of clear security certifications

    Indicates a potential lack of commitment to security best practices.

  • Inability to provide detailed performance metrics

    Suggests a lack of transparency and potential performance issues.

  • Reliance on proprietary technologies

    Can lead to vendor lock-in and limit future flexibility.

  • Vague responses regarding disaster recovery

    Raises concerns about business continuity and data protection.

  • Limited integration options

    May create compatibility issues with existing systems.

Key metrics to request

Ask vendors to provide benchmarks from similar customers.

Uptime guarantee (SLA)

Ensures high availability and minimizes downtime.

Mean time to resolution (MTTR)

Indicates the speed and efficiency of issue resolution.

Scalability testing results

Verifies the solution's ability to handle increasing workloads.

Customer satisfaction scores

Provides insight into the vendor's customer service and support.

Number of successful deployments in similar environments

Demonstrates the vendor's experience and expertise.