Parent Service Package: SU14
< < SU13.1 : SU14.1 : SU15.1 > >

SU14.1: Remote Access Implementation

This service package allows system operators and other ITS users to access user interfaces remotely, using a local device to provide secure remote access via a Virtual Private Network (VPN). This implementation is a holistic view of the SU14 service package, including all Physical Objects, Functional Objects, and Triples associated with the service package. It distinguishes between items that are fundamental to the service and items that are optional. Your specific implementation is likely to include the fundamental items and selected optional items, based on your specific project requirements.

Relevant Regions: Australia, Canada, European Union, and United States

Enterprise

Development Stage Roles and Relationships

Installation Stage Roles and Relationships

Operations and Maintenance Stage Roles and Relationships
(hide)

Source Destination Role/Relationship
Center MaintainerCenter Maintains
Center ManagerCenter Manages
Center ManagerCenter Personnel System Usage Agreement
Center OwnerCenter Maintainer System Maintenance Agreement
Center OwnerCenter Manager Operations Agreement
Center OwnerCenter Personnel Application Usage Agreement
Center OwnerRemote Access Device Maintainer Maintenance Data Exchange Agreement
Center OwnerRemote Access Device Owner Information Exchange Agreement
Center OwnerRemote Access Device User Service Usage Agreement
Center PersonnelCenter Operates
Center PersonnelRemote Access Device Operates
Center SupplierCenter Owner Warranty
Remote Access Device MaintainerRemote Access Device Maintains
Remote Access Device ManagerCenter Personnel System Usage Agreement
Remote Access Device ManagerRemote Access Device Manages
Remote Access Device OwnerCenter Maintainer Maintenance Data Exchange Agreement
Remote Access Device OwnerCenter Owner Information Exchange and Action Agreement
Remote Access Device OwnerCenter Personnel Application Usage Agreement
Remote Access Device OwnerCenter User Service Usage Agreement
Remote Access Device OwnerRemote Access Device Maintainer System Maintenance Agreement
Remote Access Device OwnerRemote Access Device Manager Operations Agreement
Remote Access Device SupplierRemote Access Device Owner Warranty

Functional

This service package includes the following Functional View PSpecs:

Physical Object Functional Object PSpec Number PSpec Name
Center Center Remote Access 10.5.1.7 Provide VPN Connection to Remote Operators
Remote Access Device Remote Access 10.5.1.8 Provide Remote Operator Access

Physical

The physical diagram can be viewed in SVG or PNG format and the current format is SVG.
SVG Diagram
PNG Diagram


Display Legend in SVG or PNG

Includes Physical Objects:

Physical Object Class Description
Center Center This general physical object is used to model core capabilities that are common to any center.
Center Personnel Center 'Center Personnel' represent system operators and other personnel that work within a transportation center. This interface supports modeling of general human interactions that are common to any center.
Remote Access Device Personal The 'Remote Access Device' allows a system operator/user outside a physical center to remotely access a center or support system and interact with that system as if the operator was in the center. This requires a secure, authenticated Virtual Private Network (VPN) connection between the Remote Access Device and the center or support system.

Includes Functional Objects:

Functional Object Description Physical Object
Center Remote Access 'Center Remote Access' provides remote access to system operators outside the center. Center
Remote Access 'Remote Access' provides remote access to system operators outside the center, allowing a remote system operator to interact with a center or support system as if he were local. Remote Access Device

Includes Information Flows:

Information Flow Description
center operator data Data presented to a center operator. This flow represents general status output and other data that broadly applies to transportation centers.
center operator input Input from a center operator. This flow represents operator input that broadly applies to transportation centers.
secure center operator data Operator data normally provided to a local operator within a center. In this case, the data is provided securely to a remote operator via VPN.
secure center operator input Operator inputs provided via VPN to a remote center.

Goals and Objectives

Associated Planning Factors and Goals

Planning Factor Goal
C. Increase the security of the transportation system for motorized and nonmotorized users; Improve security

Associated Objective Categories

Objective Category
Security: Crime
Security: Terrorism, Natural Disasters, and Hazardous Material Incidents

Associated Objectives and Performance Measures

Objective Performance Measure
Enhance tracking and monitoring of sensitive Hazmat shipments Number of Hazmat shipments tracked in real-time
Reduce exposure due to Hazmat & homeland security incidents Homeland security incident response time
Reduce exposure due to Hazmat & homeland security incidents Number of Hazmat incidents
Reduce exposure due to Hazmat & homeland security incidents Number of homeland security incidents
Reduce security risks to motorists and travelers Number of critical sites with security surveillance
Reduce security risks to motorists and travelers Number of security incidents on roadways
Reduce security risks to transit passengers and transit vehicle operators Number of security incidents at transit facilities
Reduce security risks to transit passengers and transit vehicle operators Number of security incidents on transit vehicles
Reduce security risks to transit passengers and transit vehicle operators Number of transit facilities and vehicles under security surveillance
Reduce security risks to transportation infrastructure Number of critical sites with hardened security enhancements
Reduce security risks to transportation infrastructure Number of critical sites with security surveillance
Reduce security risks to transportation infrastructure Number of security incidents on transportation infrastructure


 
Since the mapping between objectives and service packages is not always straight-forward and often situation-dependent, these mappings should only be used as a starting point. Users should do their own analysis to identify the best service packages for their region.

Needs and Requirements

Need Functional Object Requirement
01 System operators need to securely interact with their center or support system while operating remotely. Center Remote Access 01 The Center shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote operator via their Remote Access Device.
02 The Center shall receive operator commands from the Remote Access Device over the VPN and execute those commands locally
03 The Center shall forward all display updates via the VPN to the Remote Access Device.
04 The Center shall close the VPN session and the connection when the remote operator logs out.
Remote Access 01 The Remote Access Device shall establish a secure (encrypted and authenticated) virtual private network (VPN) connection with the remote system.
02 The Remote Access Device shall accept user commands for the remote system and provide these commands securely over the VPN.
03 The Remote Access Device shall receive all remote display updates and provide these updates to the operator.
04 The Remote Access Device shall close the VPN session and the connection when the operator logs out.
05 The device shall present decrypted information received from the remote service to the operator.
06 The device shall accept information from the operator.
07 The device shall accept encrypted information from the remote service.
08 The device shall provide information received from the operator to the remote service in encrypted form.

Related Sources

Document Name Version Publication Date
None


Security

In order to participate in this service package, each physical object should meet or exceed the following security levels.

Physical Object Security
Physical Object Confidentiality Integrity Availability Security Class
Center Moderate Moderate Moderate Class 2
Remote Access Device Moderate Moderate Moderate Class 2



In order to participate in this service package, each information flow triple should meet or exceed the following security levels.

Information Flow Security
Source Destination Information Flow Confidentiality Integrity Availability
Basis Basis Basis
Center Remote Access Device secure center operator data Moderate Moderate Moderate
This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers.
Center Personnel Remote Access Device center operator input Moderate Moderate Moderate
This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers.
Remote Access Device Center secure center operator input Moderate Moderate Moderate
This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers.
Remote Access Device Center Personnel center operator data Moderate Moderate Moderate
This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers. This flow represents an operator control flow; observation may expose procedures and vulnerabilities, and may enable nefarious activity. Manipulation of flow contents, may enable nefarious activity, whlie interruptions or accidental changes to flow contents are likely to disrupt transportation operations. The whole point of this flow is to secure remote operations of ITS centers.

Standards

The diagram here shows the primary standards associated with the physical objects and information flows in this service package. Click on the standard # to go to the page explaining that standard in more detail. The tables that follow the diagram list the standards associated with the information flows in this service package that should drive development decisions. Click on the standard name for more information from the Communications View about a particular standard, including the solutions and information flow triples associated with the standard and any gaps or overlaps. This table is based primarily on standards used in North America. For information concerning standards and communications solutions in other regions consult the Communications View.

This material should be considered 'draft for review' and may change separately from ARC-IT version revisions. The date on the diagram relates to the date of the physical service package diagram on which this is based; standards-related information should be considered up-to-date as of the 'last updated' date on this page.

Communication Standards: Standards associated with data, message or dialog definitions, communications protocols and management and security of data exchanges. All standards here are also illustrated in information flow triple communications view diagrams.

NameTitle
Security Entity
Secure Session Alternatives Secure Session Alternatives
Management Entity
Bundle: SNMPv3 MIB SNMPv3 & Networking MIBs
Networking and Transport Layer
IETF RFC 9293 TCP Transmission Control Protocol
IP Alternatives Internet Protocol Alternative Set
Access Layer
Internet Subnet Alternatives Internet Subnet Alternatives

Physical Standards: Standards associated with device physical, environmental or performance requirements.

No physical standards have been identified for this service package.

Service-Level Standards: Standards associated service package structure, messaging patterns, user needs, requirements or similar systems-engineering content that describe one or more use cases satisfied by the service package.

No service-level standards have been identified for this service package.





System Requirements

No System Requirements