SU14: Remote Access
This service package allows system operators and other ITS users to access user interfaces remotely, using a local device to provide secure remote access via a Virtual Private Network (VPN). Through this mechanism, an operator can 'operate' a system from a remote location, as if he were physically in the center.
Relevant Regions: Australia, Canada, European Union, and United States
- Enterprise
- Functional
- Physical
- Goals and Objectives
- Needs and Requirements
- Sources
- Security
- Standards
- System Requirements
- Implementations
Enterprise
Development Stage Roles and Relationships
Installation Stage Roles and Relationships
Operations and Maintenance Stage Roles and Relationships
(hide)
| Source | Destination | Role/Relationship |
|---|---|---|
| Center Maintainer | Center | Maintains |
| Center Manager | Center | Manages |
| Center Manager | Center Personnel | System Usage Agreement |
| Center Owner | Center Maintainer | System Maintenance Agreement |
| Center Owner | Center Manager | Operations Agreement |
| Center Owner | Center Personnel | Application Usage Agreement |
| Center Owner | Remote Access Device Maintainer | Maintenance Data Exchange Agreement |
| Center Owner | Remote Access Device Owner | Information Exchange Agreement |
| Center Owner | Remote Access Device User | Service Usage Agreement |
| Center Personnel | Center | Operates |
| Center Personnel | Remote Access Device | Operates |
| Center Supplier | Center Owner | Warranty |
| Remote Access Device Maintainer | Remote Access Device | Maintains |
| Remote Access Device Manager | Center Personnel | System Usage Agreement |
| Remote Access Device Manager | Remote Access Device | Manages |
| Remote Access Device Owner | Center Maintainer | Maintenance Data Exchange Agreement |
| Remote Access Device Owner | Center Owner | Information Exchange and Action Agreement |
| Remote Access Device Owner | Center Personnel | Application Usage Agreement |
| Remote Access Device Owner | Center User | Service Usage Agreement |
| Remote Access Device Owner | Remote Access Device Maintainer | System Maintenance Agreement |
| Remote Access Device Owner | Remote Access Device Manager | Operations Agreement |
| Remote Access Device Supplier | Remote Access Device Owner | Warranty |
Functional
This service package includes the following Functional View PSpecs:
| Physical Object | Functional Object | PSpec Number | PSpec Name |
|---|---|---|---|
| Center | Center Remote Access | 10.5.1.7 | Provide VPN Connection to Remote Operators |
| Remote Access Device | Remote Access | 10.5.1.8 | Provide Remote Operator Access |
Physical
The physical diagram can be viewed in SVG or PNG format and the current format is SVG.SVG Diagram
PNG Diagram
Includes Physical Objects:
| Physical Object | Class | Description |
|---|---|---|
| Center | Center | This general physical object is used to model core capabilities that are common to any center. |
| Center Personnel | Center | 'Center Personnel' represent system operators and other personnel that work within a transportation center. This interface supports modeling of general human interactions that are common to any center. |
| Remote Access Device | Personal | The 'Remote Access Device' allows a system operator/user outside a physical center to remotely access a center or support system and interact with that system as if the operator was in the center. This requires a secure, authenticated Virtual Private Network (VPN) connection between the Remote Access Device and the center or support system. |
Includes Functional Objects:
| Functional Object | Description | Physical Object |
|---|---|---|
| Center Remote Access | 'Center Remote Access' provides remote access to system operators outside the center. | Center |
| Remote Access | 'Remote Access' provides remote access to system operators outside the center, allowing a remote system operator to interact with a center or support system as if he were local. | Remote Access Device |
Includes Information Flows:
| Information Flow | Description |
|---|---|
| center operator data | Data presented to a center operator. This flow represents general status output and other data that broadly applies to transportation centers. |
| center operator input | Input from a center operator. This flow represents operator input that broadly applies to transportation centers. |
| secure center operator data | Operator data normally provided to a local operator within a center. In this case, the data is provided securely to a remote operator via VPN. |
| secure center operator input | Operator inputs provided via VPN to a remote center. |
Goals and Objectives
Associated Planning Factors and Goals
| Planning Factor | Goal |
|---|---|
| C. Increase the security of the transportation system for motorized and nonmotorized users; | Improve security |
Associated Objective Categories 
| Objective Category |
|---|
| Security: Crime |
| Security: Terrorism, Natural Disasters, and Hazardous Material Incidents |
Associated Objectives and Performance Measures 
Needs and Requirements
| Need | Functional Object | Requirement | ||
|---|---|---|---|---|
| 01 | System operators need to securely interact with their center or support system while operating remotely. | Center Remote Access | 01 | The Center shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote operator via their Remote Access Device. |
| 02 | The Center shall receive operator commands from the Remote Access Device over the VPN and execute those commands locally | |||
| 03 | The Center shall forward all display updates via the VPN to the Remote Access Device. | |||
| 04 | The Center shall close the VPN session and the connection when the remote operator logs out. | |||
| Remote Access | 01 | The Remote Access Device shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote system. | ||
| 02 | The Remote Access Device shall accept user commands for the remote system and provide these commands securely over the VPN. | |||
| 03 | The Remote Access Device shall receive all remote display updates and provide these updates to the operator. | |||
| 04 | The Remote Access Device shall close the VPN session and the connection when the operator logs out. | |||
| 05 | The device shall present decrypted information received from the remote service to the operator. | |||
| 06 | The device shall accept information from the operator. | |||
| 07 | The device shall accept encrypted information from the remote service. | |||
| 08 | The device shall provide information received from the operator to the remote service in encrypted form. | |||
Related Sources
| Document Name | Version | Publication Date |
|---|---|---|
| None |
Security
In order to participate in this service package, each physical object should meet or exceed the following security levels.
| Physical Object Security | ||||
|---|---|---|---|---|
| Physical Object | Confidentiality | Integrity | Availability | Security Class |
| Center | Moderate | Moderate | Moderate | Class 2 |
| Remote Access Device | Moderate | Moderate | Moderate | Class 2 |
In order to participate in this service package, each information flow triple should meet or exceed the following security levels.
| Information Flow Security | |||||
|---|---|---|---|---|---|
| Source | Destination | Information Flow | Confidentiality | Integrity | Availability |
| Basis | Basis | Basis | |||
| Center | Remote Access Device | secure center operator data | Moderate | Moderate | Moderate |
| This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | |||
| Center Personnel | Remote Access Device | center operator input | Moderate | Moderate | Moderate |
| This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | |||
| Remote Access Device | Center | secure center operator input | Moderate | Moderate | Moderate |
| This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | |||
| Remote Access Device | Center Personnel | center operator data | Moderate | Moderate | Moderate |
| This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. | |||
Standards
The diagram here shows the primary standards associated with the physical objects and information flows in this service package. Click on the standard # to go to the page explaining that standard in more detail. The tables that follow the diagram list the standards associated with the information flows in this service package that should drive development decisions. Click on the standard name for more information from the Communications View about a particular standard, including the solutions and information flow triples associated with the standard and any gaps or overlaps. This table is based primarily on standards used in North America. For information concerning standards and communications solutions in other regions consult the Communications View.
This material should be considered 'draft for review' and may change separately from ARC-IT version revisions. The date on the diagram relates to the date of the physical service package diagram on which this is based; standards-related information should be considered up-to-date as of the 'last updated' date on this page.
Communication Standards: Standards associated with data, message or dialog definitions, communications protocols and management and security of data exchanges. All standards here are also illustrated in information flow triple communications view diagrams.
| Name | Title |
|---|---|
| Security Entity | |
| Secure Session Alternatives | Secure Session Alternatives |
| Management Entity | |
| Bundle: SNMPv3 MIB | SNMPv3 & Networking MIBs |
| Networking and Transport Layer | |
| IETF RFC 9293 TCP | Transmission Control Protocol |
| IP Alternatives | Internet Protocol Alternative Set |
| Access Layer | |
| Internet Subnet Alternatives | Internet Subnet Alternatives |
Physical Standards: Standards associated with device physical, environmental or performance requirements.
No physical standards have been identified for this service package.
Service-Level Standards: Standards associated service package structure, messaging patterns, user needs, requirements or similar systems-engineering content that describe one or more use cases satisfied by the service package.
No service-level standards have been identified for this service package.
System Requirements
| System Requirement | Need | ||
|---|---|---|---|
| 001 | The system shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote operator via their Remote Access Device. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 002 | The system shall receive operator commands from the Remote Access Device over the VPN and execute those commands locally | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 003 | The system shall forward all display updates via the VPN to the Remote Access Device. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 004 | The system shall close the VPN session and the connection when the remote operator logs out. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 005 | The system shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote system. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 006 | The system shall present decrypted information received from the remote service to the operator. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 007 | The system shall accept user commands for the remote system and provide these commands securely over the VPN. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 008 | The system shall provide information received from the operator to the remote service in encrypted form. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 009 | The system shall receive all remote display updates and provide these updates to the operator. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 010 | The system shall accept information from the operator. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 011 | The system shall close the VPN session and the connection when the operator logs out. | 01 | System operators need to securely interact with their center or support system while operating remotely. |
| 012 | The system shall accept encrypted information from the remote service. | 01 | System operators need to securely interact with their center or support system while operating remotely. |