Software requirements for purchasing software for the Bulten group
为 Bultengroup 购买软件的软件要求

This document shall be used to compile requirements of IT equipment to be purchased within operations
本文件将用于汇编业务活动中需要采购的信息技术设备的要求。.

The document describes our requirements clearly, suppliers need to fill in the check list of appendix after read over “Bulten – Software requirements for purchasing software for the Bulten group”.
文档清楚地描述了我们的要求，供应商需要在阅读 "Bulten - 为 Bulten 集团采购软件的软件要求 "之后，填写附录 中的检查清单。

In the procurement of systems to be used within the Bulten group the following requirements are to be acknowledged and a note made of software that does not meet the following requirements
在采购 Bulten 集团内部使用的系统时，应注意以下要求，并注意不符合以下要求的软件.

Client Environment
客户环境
The Bulten client environment consists of the following standard software
Bulten 客户端环境由以下标准软件组成
The following operating characteristics must be followed
必须遵循以下运行特性.

Microsoft Windows 10 Enterprise x64 version 21h2 onward
Microsoft Windows 10 Enterprise x64 版本21h2 起。

Microsoft Office LTSC

Adobe Acrobat Reader DC

Microsoft Edge Chromium

Microsoft. NET 4.8
微软.NET4.8版本

IPV6 aware
IPV6 感知

VPN access if necessary by Microsoft DirectAccess
如果需要MicrosoftDirectAccess 的 VPN 访问，请使用DirectAccess 。

Distributed File Services (DFS)
分布式文件服务（DFS）

DNS (CNAME,FQDN)

Software needs to be installed under C:\program files not on C:\
软件需要安装在 C:/program files 下，而不是 C:/ 上。

For Java and Log4j, at least version 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later)
对于 Java 和 Log4j，至少需要 2.3.2 版（适用于 Java 6）、2.12.4 版（适用于 Java 7）或 2.17.1 版（适用于 Java 8 及更高版本）

Software
软件

Software must not require local admin rights
软件必须不需要本地管理员权限。

Software that requires installation as services must either use the local system account or a domain account that starts the service. This must be documented
需要安装为服务的软件必须使用本地系统帐户或启动服务的域帐户。

No local users accounts are allowed or used in the server and client environment
不允许或在服务器和客户端环境中使用本地用户帐户

Installation and deployment of software should be possible through packaging and distribution with Microsoft SCCM and clear installation and packaging instructions must be included in the software delivery.
软件的安装和部署应通过打包和使用 Microsoft SCCM 进行分发来实现，并且必须在软件交付中包含明确的安装和打包说明。

Software must be IPv6 aware and able to connect through the FQDN using Microsoft DirectAccess
软件必须支持 IPv6，并能使用 Microsoft DirectAccess 通过 FQDN 进行连接.

As standard we are using https and encryption between client and servers.
作为标准，我们在客户端和服务器之间使用 https 和加密技术。

All drivers and DLLs must be signed.
所有驱动程序和 DLL 都必须签名。

LDAP communications must be encrypted.
LDAP 通信必须加密。

Only TLS1.2 or higher are approved (TLS 1.1 and lower are insecure)
只认可 TLS1.2 或更高版本（TLS 1.1 或更低版本不安全）

All on-prem and Cloud applications need to have an export data functionality
All on-prem 和云应用程序需要具有导出数据功能。

Server Environment
服务器环境
The Bulten server environment consists of a standard hardware setup where servers operate in a virtual environment using virtualization software. We strive to have as few servers as possible and follow a set standard in our server environment. The Bulten group go to great lengths to ensure that purchased applications do not required their own server. In cases where this is considered necessary, it should be made clear prior to procurement and distinct reasons why should be stated. If you wish to deviate from the minimum requirements below, you must clearly inform why and what deviations are necessary. Software need to be installed under C:\program files or D:\program files not on C:\ or D:\
Bulten 服务器环境由标准硬件设置组成，服务器在虚拟环境中使用虚拟化软件运行。我们努力减少服务器数量，并在服务器环境中遵循既定标准。布尔登 小组竭尽全力确保购买的应用程序不需要自己的服务器。如果认为有必要这样做，则应在采购前明确说明，并说明明确的原因。软件需要安装在 C:\program files 或 D:\program files 下，而不能安装在 C:\ 或 D:\ 上。

The environment consists of a minimum of:
环境至少包括：F

Microsoft Windows Server 2019 X64 or higher
Microsoft Windows Server 2019X64 或更高版本。

2 * 2GHz CPU

4GB RAM
4GB 内存

Microsoft. NET 4.8
Microsoft.Microsoft.NET 4.8

IPV4 and IPV6 aware
IPV4 和 IPV6 感知

Necessary access performed via FQDN and not the IP address
通过 FQDN 而非 IP 地址进行必要的访问

IIS 10

External access available via Microsoft DirectAccess
提供外部访问通过 Microsoft DirectAccess

The environment consists of a maximum (in the central environment. Local environment have larger restrictions)
环境包括最大值（中央环境。地方环境有更大的限制）

Microsoft Windows Server 2019 X64 or higher
Microsoft Windows Server 2019 X64 或更高版本。

4* 2GHz CPU

64GB RAM

Microsoft. NET 4.8
Microsoft.Microsoft.NET 4.8

IPV4 and IPV6 aware
IPV4 和 IPV6 感知

Necessary access performed via FQDN and not the IP address
通过 FQDN 而非 IP 地址进行必要的访问

IIS 10

External access available via Microsoft DirectAccess
可通过 Microsoft DirectAccess 进行外部访问

Disk Storage
磁盘存储

Storage is handled centrally through the SAN. Disk usage and type of disk should be specified when ordering. The Disk Utilization is to be calculated with reasonable calculations and should not be estimated
存储通过 SAN 集中处理。订购时应指定磁盘使用量和磁盘类型。磁盘使用率应通过合理的计算得出，而不应通过估算得出。.

If you need additional disk Bulten IT provides the opportunity to expand the disk however a reasonable initial estimate should be performed and growth calculations present with initial order
如果您需要额外的磁盘，Bulten IT 可为您提供扩展磁盘的机会，但应进行合理的初步估算，并在首次订购时提供增长计算。.

Security
安全

When systems require security access, the Bulten group is to be consulted on appropriate security measures. The security requirements of the software should be clearly described in the underlying material for the purchase of the software and clearly documented in the manual.
当系统需要安全访问时，Bulten 小组应就适当的安全措施进行咨询。软件的安全要求应在购买软件的基础材料中明确说明，并在手册中清楚记录。

The group has a clear and preferred process with regards to security and this should be implemented where possible.
小组在安全方面有明确的首选程序，应尽可能予以实施。

Computers in production
生产中的计算机

The company prefers Bulten standard Hardware, Operating System and setup be used for machines in production. This enables easier manageability and support from the internal IT organization.
公司希望生产中的机器使用Bulten 标准硬件、操作系统和设置。这使内部 IT 组织更易于管理和支持。

Whenever possible, company internal setups should be used. When this is not possible, extensive information regarding why such an implementation is not possible.
应尽可能使用公司内部设置。如果不可能，则应提供大量信息，说明不可能实施的原因。

The company internal setup depicts that
公司内部结构显示

All computers have a standardized computer name defined by the naming convention
所有计算机都有一个标准化的计算机命名约定所定义的名称。

All computers have a supported operating system defined and approved by Bulten IT
所有计算机都有由Bulten IT定义和批准的支持操作系统。

No operating system defined as or near “End of mainstream support” by vendors is permitted
不允许使用定义为 或接近 "主流支持结束 "的y 供应商的操作系统。

Bulten standardizes on Microsoft Windows platform.
Bulten 将微软视窗平台标准化。

All computers are installed with standard applications from Bulten
所有计算机都安装了 Bulten 的标准应用程序.

All computers are certified Bulten by a certificate depicting these are Bulten PC:s
所有计算机都经过Bulten 认证，证书显示这些计算机是Bulten PC:s 。

All computers are joined to the Bulten domain
所有计算机都已加入Bulten 域。

All computers are maintained with automatic security updates and yearly IPU (In place upgrade).
所有计算机都有自动安全更新 和年度 IPU（到位升级）。

All computers have an active, valid and up to date antivirus approved by Bulten
所有计算机都装有经Bulten 批准的有效的最新杀毒软件。

All users are standard domain users.
所有用户都是标准域用户。

No users are administrators on their computers
没有用户是其计算机的管理员

In most areas there is a definite requirement from sites to not permit internet connection from production PC:s
在大多数地区， 网站要求不允许从生产 PC 连接互联网：

No data is stored locally on computers – important data is stored on servers
不在本地计算机上存储数据 - 重要数据存储在服务器上

A clear and concise installation instruction is required for the event of a computer crash.
在计算机崩溃时，需要有简明扼要的安装说明。

Bulten may provide a VMware Workstation for high-risk production computers. The production computer will act as a virtual computer inside a Bulten PC. An initial “snapshot” will be created as a backup. The local production staff is responsible for ensuring relevant backup procedures are in place for the virtual computer.
Bulten 可为高风险生产计算机提供 VMware 工作站。生产计算机将充当 Bulten PC 中的虚拟计算机。将创建一个初始 "快照 "作为备份。本地生产人员负责确保虚拟计算机的相关备份程序到位。
A virtual computer, regularly backed up, may be transferred to other hardware in the event of a hardware failure. It is not guaranteed that the system will work due to licensing software etc that IT has no control over, however there is a higher chance of a faster recovery to normal state with this setup.

定期备份的虚拟计算机可在硬件发生故障时转移到其他硬件上。由于许可软件等 的原因，IT 部门无法控制这些软件，因此不能保证系统一定能正常工作，但通过这种设置更有可能快速恢复到正常状态。

Non-Bulten Standard Equipment
Non-Bulten 标准配置

PC:s or PLC equipment not delivered by Bulten are not permitted to be connected to Bultens network
PC：非由Bulten交付的 PC 或 PLC 设备不允许 连接到Bultens 网络。

Such units may, after approval from the central IT department, be permitted to connect to a firewalled and isolated environment only accessible via Internet via an Ewon Industrial VPN router.
S这些单位在获得中央信息技术部门的批准后，可以 、 允许连接 到 防火墙和隔离环境，但只能通过 n Ewon 工业 VPN 路由器。

These systems are not accessible inside Bultens Network
这些系统无法在Bultens 网络内访问。

Bulten has a central license of Talk2M, all Ewon routers that shall be connected to the Bulten environment "Must" have a Bulten suppliers account.
Bulten 拥有 Talk2M 的中央许可证、所有Ewon 路由器应连接到Bulten 环境 "必须 "拥有 Bulten 供应商帐户。

All equipment that needs access to Bultens infrastructure and/or IT support must follow the procurement guides in the company and involve central IT prior to procurement for “a tick in the box” approach to having all departments on board. If such approval is not sought and approved the hardware must not be connected to Bultens network.
所有需要访问Bultens 基础设施和/或 IT 支持的设备都必须遵循公司的采购指南，并在采购前让中央 IT 部门参与进来，以 "打勾 "的方式让所有部门都参与进来。如果没有获得批准，则不得将硬件连接到Bultens 网络。

Any supported operating system not fulfilling Bulten standards described in this document may be installed in a hosted environment within VMware Workstation if the above approval is received prior to the procurement process . It is not permitted that the virtualized computer access Bultens network, however, the host will be connected to Bultens network and updated according to corporate standards.
任何支持的操作系统不符合Bulten 标准 本文档中描述的标准可能 在托管环境中安装 在 VMware Workstation 中，前提是在采购流程 之前获得上述批准。 不允许 虚拟计算机访问Bultens 网络、 无论如何，主机将连接到Bultens 网络，并根据公司标准进行更新。

A folder may be shared between the host and virtual computer to ensure relevant data may be copied and/or backed up from the device. IT will advise on such a folder, however production is responsible for performing any backups of production equipment and/or computers. Backup instructions must be included in the procurement process.
主机和虚拟计算机之间可以共享文件夹，以确保可以从设备复制和/或备份相关数据。IT 部门将就此类文件夹提供建议，但生产部门负责执行生产设备和/或计算机的任何备份。备份说明必须包含在采购流程中。

If any procurement is required in the company for PC:s connecting to the corporate network, the above requirements alleviate cooperation into approving computers in the network.
如果公司需要采购连接到公司网络的 PC，则上述要求 可减轻 在批准网络中的计算机方面的合作。

Computers that do not comply with the above will not be permitted on the Bulten network as a security precaution.
作为安全防范措施，不符合上述规定的计算机将不允许使用Bulten 网络。

Backups
备份

Software should not keep files open so as to facilitate backups.
软件不应为了方便备份而保持文件打开状态。

It must be clear IF and WHAT to be considered for backup purposes.
必须明确 IF（如果）和 WHAT（什么）将被视为备份目的。

It must be clear how long backups should be kept for the system.
必须明确系统备份的保存时间。

If there is a need to deviate from the daily backup procedures (ie storage 2 weeks for non-business) this must be clearly stated, and the reason of deviation well motivated.
如果需要偏离日常备份程序（即为非业务存储 2 周），必须明确说明，并充分说明偏离的原因。

Database environment
数据库环境
Bulten uses Microsoft SQL Server 2014 as the standard platform for databases. Software using databases are required to be connected to the environment. SQL Express or separate instances of database servers are prohibited. It is the group's policy not to provide a SQL server per system. The database environment is shared by multiple systems so the requirements are that the database is connected to:
Bulten 使用 Microsoft SQL Server 2014 作为数据库的标准平台。使用数据库的软件需要连接到环境中。禁止使用 SQL Express 或单独的数据库服务器实例。集团的政策是不为每个系统提供 SQL 服务器。数据库环境由多个系统共享，因此要求数据库连接到： SQL Express 或单独的数据库服务器实例。

SQL 2014 (Backward compatibility is approved for older database types but such requirements must be specified by the supplier prior to procurement)
SQL 2014（允许向后兼容旧版数据库类型，但供应商必须在采购前说明此类要求）

ISO Latin 1 standard code page on master db (single database can have different collation, but the master should be the default)
ISO Latin 1 标准 代码页 主 数据库 （单个数据库可以有不同的校对方式、但主数据库应为默认）

Database type is Full DB
数据库类型为 Full DB

Domain User/Group accounts are used to login any users who utilize SQL (no local SQL account)
域用户/组账户用于登录任何使用 SQL 的用户（无本地 SQL 账户）

The group does not permit the use of the sa password
该组不允许使用sa 密码。

The software is not permitted to be administrator in either SQL, on the server, or in the domain.
该软件不允许在 SQL、服务器或域中担任管理员。

There should be an ability to manually choose the database name (A pre-fixed name should not be a requirement for the software).
应能手动选择数据库名称（软件不应要求预设名称）。

No installations are performed on the database servers. Applications are connected via DSN from application servers and software installations are performed on servers other than database servers.
不在数据库服务器上进行安装。应用程序通过 DSN 从应用程序服务器连接，软件安装在数据库服务器以外的服务器上进行。

End client computers should not have direct connection to database servers, communication to database servers must interact through an application server.
终端客户计算机不应直接连接数据库服务器，与数据库服务器的通信必须通过应用服务器进行。

All connection to database must support FQDN aliases
所有与数据库的连接都必须支持 FQDN 别名.

Database connections must be with TCP/IP and not Named Pipes which is legacy.
数据库连接必须使用 TCP/IP，而不是传统的命名管道。

Database default user language is US English and affects the date format of the system. If other languages/date format on the user access to SQL is required it must be clearly stated in the technical specifications of the system.
数据库默认用户语言为美国英语，并影响系统的日期格式。如果用户访问 SQL 时需要其他语言/日期格式，则必须在系统技术规格中明确说明。

Networking
联网

Local network speeds in our offices is 100Mbit (a few exceptions permit higher speeds)
我们办公室的本地网速为 100Mbit（少数例外情况允许更高速度）。

When connecting systems to the Bulten network with equipment or PCs that are not provided through a standard PC set up by Bulten IT, the unit should be protected with antivirus or otherwise guaranteed virus-free while they are connected to the common network.
将系统连接到 Bulten 网络的设备或 PC 不是通过 Bulten IT 设置的标准 PC 提供的、BultenIT 设置的标准 PC，在连接到共用网络时，应使用杀毒软件进行保护或以其他方式确保无病毒。

Network connected PC:s should be joined to the Bulten Active Directory domain and antivirus installed according to corporate standards
已连接网络的 PC 应加入Bulten Active Directory 域，并按照公司标准安装杀毒软件。

WAN speeds that are available are with rates as low as 2 Mbit and delay times of 300-500ms. This should be noted when purchasing software.
现有的广域网速度最低为 2 Mbit，延迟时间为 300-500ms。购买软件时应注意这一点。

Connecting non group equipment to wireless networks is permitted only to the guest network.
只有访客网络才允许将非集体设备连接到无线网络。

In cases where equipment must be connected to the wireless network, access to Bulten systems are required and that the device is not a "Bulten IT" standard PC , connections can be agreed upon with the groups network staff and access is based on the MAC address. The unit must not be infected by viruses and will be disconnected if the group suspects viruses.
如果设备必须连接到无线网络，则需要访问Bulten 系统，并且该设备不是"Bulten IT "标准 PC、可与集团网络工作人员商定连接事宜，并根据 MAC 地址进行访问。该设备不得感染病毒，如果集团怀疑有病毒，将断开连接。

Wireless connectivity from Bulten equipment into the Bulten network must handle and support certificates for verification on the wireless network.
从Bulten 设备到Bulten 网络的无线连接必须处理和支持证书，以便在无线网络上进行验证。

No devices that act as a hub / switch / router or emit a wireless connection may be connected to Bulten network without written permission of Bulten IT.
未经Bulten IT部门书面许可，不得将用作集线器/交换机/路由器或发出无线连接的设备连接到Bulten 网络。

Passwords
密码

Master passwords and account details for procured systems must be handed over to the system owner when systems go live in the Bulten environment
当系统在Bulten 环境中启用时，必须将采购系统的主密码和账户详细信息移交给系统所有者Bulten 环境。

Securing future development
确保未来发展
Bulten Group intends to comply with the current levels of support from Microsoft. This requires support for:
Bulten Group 打算遵守 Microsoft 目前的支持水平。这需要以下方面的支持：

Windows Server 2019 or higher
Windows Server 2019 或更高版本。

If the software requires Java to be at least version 8 update 321 or higher
如果软件要求 Java 至少为版本 8 更新321 或更高.
Version Requirements of java must be indicated where necessary
版本 必须在必要时注明对 java 的要求。

Cloud services
云服务

Solutions in the cloud and internal web pages must support ADFS
云中的解决方案和最终网页必须支持 ADFS。

Cloud solutions must store data within EU and it must be clearly informed and stated in which countries data resides
云解决方案必须在欧盟范围内存储数据，必须明确告知并说明数据存放在哪些国家

All cloud solutions must be approved centrally and standardized to be valid for the company as a default.
所有云解决方案都必须经过集中审批和标准化，才能作为默认设置对公司有效。

A Data protection agreement in compliance with GDPR is required for all cloud solutions and must state who processes data, what data is processed, and what personal data is visible and accessible through the processing.
所有云解决方案都必须签署符合 GDPR 的数据保护协议，协议必须说明由谁处理数据、处理哪些数据以及通过处理可以看到和访问哪些个人数据。

Any breaches to security within the cloud solution must be reported to Bulten at dataprotection@bulten.com immediately.
必须立即向Bultendataprotection@bulten.com 报告云解决方案的任何安全漏洞。

RFID
射频识别

Bulten Standardises on the Mifare protocol.
布尔登标准化Mifare协议。

EM4102 is used in the company but is being phased out. It may need to be supported,
EM4102 在公司中使用，但正在逐步淘汰。可能需要为其提供支持、

ISO1443B is used in isolated areas. It may need to be supported.
ISO1443B 用于偏远地区。它可能需要支持。

HiD iClass is used in isolated areas. It may need to be supported.
HiDiClass 用于孤立区域。它可能需要支持。

RFID must support MF1k protocol – preferably the entire Mifare standard.
RFID 必须支持 MF1k 协议 - 最好是整个Mifare 标准。

The use of twin cards to support Mifare is permitted.
允许使用双卡来支持Mifare 。

Bulten may request to supply cards to support the function – or request that certain encryption details are set on supplied cards/tags
布尔腾可能要求提供支持该功能的卡片，或要求在所提供的卡片/标签上设置某些加密细节.