
Article 1 
The physical architecture and requirements of the national interfaces and of the communication infrastructure between the central VIS and the national interfaces for the development phase shall be as set out in the Annex.
Article 2 
This Decision is addressed to the Kingdom of Belgium, the Republic of Bulgaria, the Czech Republic, the Federal Republic of Germany, the Republic of Estonia, the Hellenic Republic, the Kingdom of Spain, the French Republic, the Italian Republic, the Republic of Cyprus, the Republic of Latvia, the Republic of Lithuania, the Grand Duchy of Luxembourg, the Republic of Hungary, the Republic of Malta, the Kingdom of the Netherlands, the Republic of Austria, the Republic of Poland, the Portuguese Republic, Romania, the Republic of Slovenia, the Slovak Republic, the Republic of Finland and the Kingdom of Sweden.
Done at Brussels, 17 June 2008.
For the Commission
Jacques BARROT
Vice-President
ANNEX
1. 
This document describes the network requirements and the design of the communication infrastructure and its components.
 1.1. 

Acronyms and abbreviations Explanation
BCU Backup central unit
BLNI Backup local national interface
CNI Central national interface
CS Central system
CS-VIS Central visa information system
CU Central unit
DNS Domain name server
FTP File transfer protocol
HTTP Hypertext transfer protocol
IP Internet protocol
LAN Local area network
LNI Local national interface
NI-VIS National interface
NTP Network time protocol
SAN Storage area network
SDH Synchronous digital hierarchy
SMTP Simple mail transfer protocol
SNMP Simple network management protocol
sTESTA Secure Trans-European Services for Telematics between Administrations, is a measure of the IDABC programme (interoperable delivery of pan-European eGovernment services to public administrations, business and citizens. Decision of the European Parliament and Council 2004/387/EC).
TCP Transmission control protocol
VIS Visa information system
VPN Virtual private network
WAN Wide area network


2. 
The NI-VIS, as defined in Article 1(2) of Council Decision 2004/512/EC, shall consist of:


— one local national interface (hereinafter referred to as ‘LNI’) for each Member State which is the interface that physically connects the Member State to the secure communication network and contains the encryption devices dedicated to VIS. The LNI is located at the Member State premises,
— an optional backup local national interface (hereinafter referred to as ‘BLNI’) which has the same content, function as the LNI.

The specific configuration of the LNI and BLNI will be specified and agreed with each individual Member State.

The LNI and BLNI are to be used exclusively for purposes defined by the Community legislation applicable to VIS.

The communication infrastructure between the CS-VIS and the NI-VIS shall consist of:


— the network for Secure Trans-European Services for Telematics between Administrations (sTESTA) that provides an encrypted, virtual, private network (vis.stesta.eu) dedicated to VIS data and to communication between Member States according to the Community legislation related to VIS and between Member States and the authority responsible for the operational management for the CS-VIS.

3. 
In chapters 3, 5 and 7, whenever technologies or protocols are mentioned, it should be understood that equivalent technologies or protocols may be used. The deployment of the network shall take into account the readiness of Member States.
 3.1. 
The VIS architecture makes use of centralised services, which are accessible from the different Member States. For resiliency purposes these centralised services are duplicated to two different locations namely Strasbourg, France, hosting the principal CS-VIS, central unit (CU) and St Johann im Pongau, Austria, hosting the backup CS-VIS, backup central unit (BCU) in accordance with Commission Decision 2006/752/EC of 3 November 2006 establishing the sites for the Visa Information System during the development phase.

The principal and backup central units shall be accessible from the different Member States via network access points – an LNI and a BLNI – interconnecting their national system to the CS-VIS.

The connection between the principal CS-VIS and the backup CS-VIS shall be open for any new future architectures and technologies and shall allow for the continuous synchronisation between the CU and BCU.
 3.2. 
The bandwidth needed for the LNI and the optional BLNI may be different from one Member State to another.

The communication infrastructure shall offer site connection bandwidths adapted to the expected traffic load. The network shall supply sufficient minimal guaranteed upload and download speeds for each connection and it shall support the total bandwidth size of the network access points.
 3.3. 
The communication infrastructure shall be able to support network protocols used by the CS-VIS, in particular HTTP, FTP, NTP, SMTP, SNMP, DNS, tunnelling protocols, SAN replication protocols and the proprietary Java-to-Java connection protocols of BEA WebLogic over IP.
 3.4.  3.4.1. 
The communications infrastructure shall have a range of reserved IP addresses that may solely be used within that network. Within the reserved IP range, the CS-VIS will use a dedicated set of IP addresses that will not be used elsewhere.
 3.4.2. 
The local networks of most sites will be using IPv4 but some may use IPv6. Therefore the network access points shall offer the possibility to act as a IPv4/IPv6 gateway. Coordination with Member States evolving towards IPv6 will be required, in order to ensure a smooth transition.
 3.4.3. 
As long as the CU or BCU connection has a load rate less of 90 %, a given Member State shall be able to sustain continually 100 % of its specified bandwidth.
 3.4.4. 
To support the CS-VIS, the communication infrastructure shall at least comply with a minimum set of technical specifications:


 The transit delay shall be (including the busy hours) less or equal to 150 ms in 95 % of packets and less than 200 ms in 100 % of packets.
 Its probability of packet loss shall be (including the busy hours) less or equal to 10-4 in 95 % of packets and less than 10-3 in 100 % of packets.
 The aforementioned specifications apply to each access point separately.
 The connection between the CU and BCU shall have a round trip delay less or equal to 60 ms.
 3.5. 
The communication infrastructure shall offer high availability, in particular of the following components:


— backbone network,
— routing devices,
— points of presence,
— local loop connections (including physically redundant cabling),
— security devices (crypto devices, firewalls, etc.),
— all generic services (DNS, etc.),
— LNI and optional BLNI.

Network failover mechanisms shall be set up and, when required, coordinated with the application level to ensure maximum availability of the VIS as a whole.

4. 
To facilitate monitoring, the communication infrastructure’s monitoring tools shall have the capability to be integrated with the monitoring facilities for the operational management of the CS-VIS.

5. 
The communication infrastructure shall be able to offer the following optional generic services: DNS, mail relay and NTP.

6. 
The availability of connection points up to the LAN of the communication infrastructure shall be 99,99 % over a 28-day rolling period.

7.  7.1. 
No VIS-related information shall circulate on the communication infrastructure without encryption.

To maintain a high level of security, the communication infrastructure shall allow managing the certificates/keys used by the network encryption solution. Remote administration and remote monitoring of the encryption boxes shall be possible.

Symmetric encryption algorithms (3DES 128 bits or better) and asymmetric encryption algorithms (RSA 1 024 bit modulus or better) shall be used in accordance with the state of the art.
 7.2. 
Besides protecting the VIS network access points (LNI and BLNI), the communication infrastructure shall also protect the optional generic services. In case such services are made available, they should meet protection measures comparable to those in CS-VIS. Furthermore, the generic services devices and its protection measures should be under continuous security surveillance.

In order to maintain a high level of security, the communication infrastructure shall allow all security incidents to be reported without any delay. Reports on all security incidents shall be provided on a regular basis, e.g. monthly reporting and ad-hoc basis.

8. 
A helpdesk and support structure shall be established and shall be able to interact with the CS-VIS.

9. 
The communication infrastructure shall ensure that data leakage towards other systems or other networks will not occur on the network.
