@@ -197,6 +197,7 @@ For the purposes of the present document, the terms given in Regulation (EU) 202
7.**trace**: record of a system status with all relevant data that can be gathered
8.**log**: record of an operational event
9.**trace**: record of a system status with all relevant data that can be gathered
10.**squid proxy server**: an open-source-proxy server, often with intelligent web-caching and improvements of accelerating data transmissions combined with access controls
This section provides terms and definitions based on CEN/CLC JTC13 WG09's work on terms and definitions, terms and definitions provided by ETSI EN 303 645/TS 103 701 and terms and definitions provided by CEN/CLC EN 18031 series.
@@ -688,12 +689,16 @@ Independent of any of the host system's capabilities, the NMS can also be remote
### 4.3.x Risk management
Key areas to understand when determining how an IoT network management system can affect customers' operations comes from understanding how enrollment works, how isolated the control systems are, how large pools of devices are managed, and what the device is designed to do.
These variations are determined by the nature of the IoT network, meaning that the appropriate NMS may require different security features depending on the security needs of its operational environment and users as well as functions.
The risk management is always use case dependent, and thus dependent on the actual conditions and operational environment.
Therefore, it is essential to understand how an NMS can impact a network operation in its key areas.
A not conclusive list as examples are: enrolment of network elements, trust relationships, isolation of control systems, management and depth of management of network element pools.
The relevant areas are determined by the network purpose and the resulting security requirements in relation to the provisions of the operational environment and users.
A home garden greenhouse monitoring system does not necessarily require as high-available operation as the freezers at a large scale meat storage facility.
RDPS outages can be mitigated by storing the collected data locally so the centralised system can respond to the historical events later, when connectivity resumes, but this may not be appropriate for higher security implementations.
Likewise it may be appropriate for a critical infrastructure facility to deploy the controllers closer to the facility, and under surveillance, to assure the highest reliability and operation quality, but this measure would be excessive for a typical enterprise implementation.
For illustration, a managed home garden greenhouse monitoring system does usually not have similar high-availability requirements as the managed surveillance systems of an industrial mass production facility.
If RDPS is deployed, outages thereof can - in the home garden case - easily be mitigated by local data storage so that the NMS can retrieve collected data at a later stage when the has RDPS resumes.
This would not be appropriate for the critical infrastructure.
Here the RDPS needs more resilience, for example with redundancy and operation in proximity to the facility and the possibility for quick manual interactions.
Such measures are typically subject for an enterprise use case.
## 4.4 Distribution of Security Functions
@@ -713,7 +718,7 @@ The following functionalities can be implemented as part of the product or addre
* From external provided updates on secured channels that the product uses to update the managed elements and also itself.
***Identity management systems** that provide mechanisms for identification and authentication. The system can include also the lifecycle management of identity credentials [\[i.2\]](#_ref_i.2)
***Provision of cryptographic keys** coming from a public key infrastructure or other key management system for services of key generation, provision, establishment, and for certificate services such as generation, signing, verification, validation or withdrawal. [\[i.6\]](#_ref_i.6)
***Monitoring data processing** that filters, aggregates and transforms metrics, logs, events, traces and provides adminstrative visiblity to the system operation.
***Processing of monitoring data** that filters, aggregates and transforms metrics, logs, events, traces and provides adminstrative visiblity to the system operation.
### 4.4.2 Related core functionalities
@@ -721,7 +726,7 @@ The following functionalities can be implemented as part of the product or addre
***Security information and event management systems** that collect data from multiple sources, analyse and correlate that data and present it as actionable information for security-related purposes unless it is considered to be integral part of the product features [\[i.7\]](#_ref_i.7)
***Physical and virtual network interfaces** on the NMS-host and not used or accessed by users for the operation of the NMS.
***Operating systems** Operating systems that act as abstraction layer for the hardware system(s) that host the product and are otherwise not involved in the internal functioning. [\[i.5\]](#_ref_i.5)
***Managed devices**Managed devices, including those that are managed by the product, such as routers, modems and switches. [\[i.8\]](#_ref_i.8)
***Managed devices**Device management system for managed elements such as, but not limited to, routers, modems, and switches. [\[i.8\]](#_ref_i.8)
Furthermore, it is essential to detail the generation and establishment of the trust relations between the NMS and the essential external services and systems.
@@ -739,8 +744,8 @@ The product can provide the following services to 3rd. party applications and co
## 4.5 Users
**Product users** are consumer customers or entities, like companies and institutions, who use the product in its intended and foreseeable use.
The definition targeting can vary from a single person to nations.
**Product users** are consumers or customers or entities like companies and institutions that operate the product in its intended and foreseeable use case.
The definition can vary from single persons to nations.
**System users** are natural persons.
Administrators typically access the system through a HTTPS GUI, console, or by VPN connection.
@@ -758,7 +763,7 @@ The source can be a machine used by a human user, an application workload using
This group includes also children and elderly.
**Subject** is later used in the identity and access management requirements when both, product users and machine users are addressed as a group.
It should not be mixed with product users, as the subject is always more clearly defined in the context, nor with service requesting users.
The term subject should not be mismatched with product users or with service requesting users, because the use of subject is always clearly defined within the concrete context.
## 4.6 Use Cases
@@ -819,12 +824,12 @@ The NMS in this use case can be locally installed on the device but may be runni
Initial secret provisioning takes place during device initialization.
A factory reset clears the existing state and restarts the discovery and provisioning process.
The devices can actively send metrics to the NMS and can serve multiple devices in the same network.
The devices can provide supporting services like DHCP and DNS caching.
The devices can offer more extensive services including remote connectivity options like VPN.
The managed elements can actively send metrics to the NMS which can serve multiple elements in the same network.
The managed elements can be enabled for DHCP and DNS caching services, and further services including remote connectivity options like a VPN.
Metrics from the devices and other elements within the home network can be forwarded to the NMS, where the user can perceive these metrics and control the configuration of each networked device.
In many deployments actual configuration control and review of metrics collected by the NMS is achieved with an additional service or alternate piece of software, most often a browser, but sometimes is other ways, such as through a command-line interface.
Metrics from the managed elements within the home network can be forwarded to the NMS, where the user can perceive these metrics and control the configuration of each managed element.
In many deployments, the NMS provides actual configuration control and visualization of the collected metric data with an additional service or alternate piece of software.
That is mostly a browser, but sometimes also other possibilities are deployed, such as a command-line interface.
### 4.6.2 Multi-user deployment
@@ -910,11 +915,10 @@ Inter-networking architecture with RDPS participating in the routing transforms
**Figure 4.6.3.2-1: Maximum RDPS involvement**
In figure the maximum RDPS involvement, the network design follows the hot potato design rule.
The connection is handed over for RDPS as soon as possible.
In the figure above, the maximum RDPS involvement, the network handles the connection like a hot potato: it is handed over to the RDPS immediately or as soon as possible.
The local network is used as little as possible, and even the home office routing can take a detour through RDPS in order to provide an auditable trail of how the remote working employee is using the network.
With technologies like 5G slicing, the closest point of return in respect to re-routing back to your network could be the nearest base station or it could be the squid proxy on the other side of the world.
Technologies like 5G slicing, enable for the flexibility of the closest point of return in respect to re-routing back to the user network: It could be the nearest base station or even the squid proxy server on the other side of the world.
These two scenarios result in a different user experience where the latter would most likely show as slow and unresponsive service, but both are valid designs that can be deployed.
