Cisco IoT Solution Brief Connected Mass Transit Solution Overview
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Connecting and optimizing public transportation through a converged architecture and OT services
Cisco is a global leader in data and networking and provides a wide range of products to address connected public transit solutions. By applying our networking and IoT expertise to public transit systems we have created innovative technology solutions that optimize system operations. Our goal is to protect your investment by providing an evolution path from today’s vehicle-centric connected bus and rail systems to cloud-based solutions and interaction with the smart cities of tomorrow while also taking a holistic view of the overall transit system, including vehicles, stops, and yards or maintenance facilities.
Benefits
Manage and optimize your public transit fleet operations via:
● Simple solutions geared toward OT staff and easily integrated into existing asset operations.
● Secure solutions that help ensure asset availability and operational integrity.
● Scalable solutions that allow thousands of assets to operate simultaneously, positioning the customer to meet future requirements.
● Flexible solutions supporting multiple configurations to meet a wider range of needs.
Cisco Validated Designs
Since the inception of IP networking, Cisco® Validated Designs (CVDs) have been used to validate, architect, and configure next-generation technologies. CVDs start with the vertical use cases and architect the flow from the edge device to the line-of-business application in the transit management center, validating the key Cisco and third-party components along the way. Each aspect of the architecture is thoroughly tested and documented with sample configurations, helping to simplify integration through proven solutions.
The goal is to help ensure a deployment that is simple, fast, reliable, and cost-effective.
Public transportation challenges
Currently, public transportation (also known as mass transit) faces a host of problems and inefficiencies in the way it is operated:
● On transit vehicles, the presence of multiple, disjointed onboard systems results in the need for multiple LTE gateways and SIM cards.
● A lack of unified connected fleet operations limits operators’ insights into the system.
● Costs are high, especially with antenna installation and recurring cellular charges. These also lead to difficult scaling, as thousands of vehicles each require multiple gateways and vendors.
● Security is minimal to nonexistent and is not coordinated.
● Legacy Vehicle Logic Unit (VLU)-centric architectures limit future technologies and passenger services.
● Systems are serviced mainly by IT professionals and the IT department.
● Systems are often on-premises based and require staff to be onsite at the transit management center for access and visibility into the network.
● Access to high-quality and high-fidelity data is often difficult due to outdated legacy technology.
Although all stakeholders can benefit from this document, we have focused on:
● Technology buyers responsible for selecting asset connectivity platforms.
● Mass transit operators responsible for operating bus or rail systems.
Transit operational processes and use cases
Transit solutions must consider three key aspects of operations: business, fleet, and vehicle operations.
Types of operations in a transit system
Business operations support planning, commercial, ridership, and financial performance. Fleet operations focus on the day-to-day real-time operation of the transit service, including vehicle location, on-time performance, route compliance, and route adjustments, as necessary. Lastly, vehicle operations focus on the fleet vehicles’ performance, maintenance, and refreshes of hardware and software systems for optimal fleet performance.
Note: The illustrations in this presentation show bus transit vehicles, but all concepts also apply equally to Light Rail Vehicles (LRV) and trams.
Table 1. Use cases supported by the three types of operations
| Operational process |
Types of use cases supported |
Device and applications |
| Business operations |
Route planning and optimization
● Scheduling
|
● Automatic Vehicle Location (AVL)
● Dashboard
|
| Passenger information and management
● Passenger Wi-Fi, advertisements
● Passenger Announcement (PA)
● Fare collection
● Security cameras
● Passenger Information Systems (PIS)
|
● Wi-Fi access point(s)
● Displays and head signs
● Text-to-speech engine
● Speakers
● Fare collection equipment
● Safety and enforcement
|
|
| Asset utilization
● Automatic passenger counting, driver management
● Scheduled maintenance
|
● 3D sensors
● Automatic Passenger Counter (APC)
● Vehicle telematics
|
|
| Fleet and operational management |
Fleet tracking
● Dispatch, location, schedule adherence, safety, route compliance, vehicle predictions, vehicle headway adherence, service adjustments, rider alerts
● Driver IP voice communication, and emergency signaling
|
● AVL
● Dashboard
● Communications equipment
|
| Connectivity statistics
● Cellular, GPS, Wi-Fi
|
● Cellular gateway/router
● OT services
|
|
| Vehicle operations |
Telematics
● Fuel monitoring, engine diagnostics, predictive maintenance, emission monitoring
|
● CANbus – J1939 or OBD-II
|
| Upgrades and configuration updates
● Hardware/firmware updates
● Vehicle ID/gateway ID alignment
|
● Secure Equipment Access
● Cisco Identity Services Engine
|
|
| Security
● VPN, access control, secure boot
|
● Firewall
● Cisco IOS configurations
|
Converged transportation architecture
Transit system architectures consist of the transit vehicle, transit stops or stations, and the transit yard or maintenance facility. The transit vehicle network is a set of connected devices and services supporting transit operations such as CAD/AVL, APC, video surveillance, vehicle telematics, signage, etc., as well as a gateway providing network backhaul connectivity, security, and onboard IP networking. The transit station network is where passengers arrive to board the transit vehicle, with the ability to purchase tickets and view estimated arrival and departure signs. The yard or maintenance network is where transit vehicles are parked when not in use or for maintenance operations.
Above it all is the transit management center (operations center), which houses shared core services such as headend routers to terminate VPN connections, firewalls to provide ingress/egress security, and security solutions used to protect and segment data from the different services and consumers.
The transit applications providing the user interface for the transit agency operations, monitoring, and control functions can reside either in the transit management center or, with growing prevalence, in the cloud.
Overview of a transit operations system
Typical transit vehicle networks today look like the figure below, with multiple gateways and services having been layered over time, each bringing its own cellular modems and SIM card as well as antenna and power connections.
The obvious limitation of this approach is the complexity and coordination of management, security policies, monitoring, and troubleshooting due to the lack of a unified physical network or approach. Making the situation worse, the multiple gateways, modems, and antennas also multiply the installation and maintenance costs.
A typical transit network
An improvement can be realized with a converged network solution, as shown in the figure below. In contrast to the previous figure, convergence greatly simplifies operations through unified management, the ability to apply consistent security policies, and greater visibility into the health of devices and services, as well as higher-order functions such as edge compute/integration and simplified enterprise connectivity. This converged solution is supported through the Cisco Catalyst™ IR1800 Rugged Series Routers, which fulfill the role of a gateway and much more.
Converged transit network
The illustration below brings the converged transit vehicle network together, showing the Catalyst IR1800 Series router, connected devices (with an optional Ethernet switch for port expansion), Wi-Fi for passenger experience and driver communication, and finally, a variety of WAN backhaul connectivity options. The router can operate on an SD-WAN enterprise network as part of the larger transit system or can be connected separately to the transit management center.
Details of a converged transit network
Multiaccess WAN technology is supported by the Cisco Catalyst IR1800 Series, including 5G (single/dual modem), LTE (single/dual modem), WorkGroup Bridge (WGB) Wi-Fi, and Cisco Ultra Reliable Wireless backhaul (Cisco URWB), using a Catalyst IW9165E Rugged Wireless Client device. These options provide flexibility, resiliency, and redundancy to keep your backhaul always connected, and provide alternatives to cellular airtime to avoid recurring airtime costs. The illustration below shows the applicability of each WAN technology. Deploying multiple WAN technologies is recommended to address areas of cellular coverage loss, private network alternatives to cellular, and Wi-Fi-based connectivity through WGB once back in the yard or maintenance facility for bulk video upload and updates.
Benefits
● Consolidation of networking capabilities of all onboard devices into one easy-to-use gateway.
● Ease of deployment across the entire fleet.
● Unified security policies and segmentation of data streams.
● Integration with Cisco security applications for robust end-to-end security.
● Visibility into transit vehicle events with remote troubleshooting while vehicle is on the move.
● Multiaccess WAN, Wi-Fi, CANbus in one router.
● Edge compute, allowing third-party applications to bring benefit to transit operations.
Benefits of each WAN technology
Cisco URWB provides reliable fiber-like wireless connectivity to connect the transit fleet and other city operations in an unlicensed, high-bandwidth, tariff-free manner, as shown in the illustration below.
Cisco Ultra Reliable Wireless Backhaul
Wi-Fi connectivity provided by the Cisco Catalyst IR1800 Series router for passengers, transit workers, security forces, and Wi-Fi connected devices is illustrated below. Dynamic connections are segmented for data protection of rider internet access, maintenance activities, or security operations, while static connections are for actual devices on board requiring local Wi-Fi connectivity as an Ethernet replacement.
Dynamic and static connectivity provided by the Catalyst IR1800 Series
Secure Equipment Access for remote troubleshooting
A key metric of transit agencies is keeping the fleet running and avoiding the necessity of sending out replacement vehicles and drivers or having to live with reduced communication with a transit vehicle until the end of a shift. To address this, Cisco has created the cloud-delivered Secure Equipment Access OT service to provide secure, credentialed remote access to devices and subsystems on the transit vehicle from any location with internet connectivity.
Using this service, transit workers or external vendors can be given access to the part of the transit vehicle requiring attention from wherever they are located. Using standard HTTPS, Remote Desktop Protocol (RDP), Virtual Network Computing (VNC), and Telnet protocols or custom protocols and applications, vehicle devices are reachable from anywhere, allowing on-the-move troubleshooting and, many times, remote repairs.
The illustration below shows how Secure Equipment Access operates.
Secure Equipment Access
Benefits
● Provides policy-based secure access for employees or external workers.
● Workers never access the core network without full authentication.
● Accessible from anywhere the user can access the internet.
● Avoids the need to send out replacement vehicles by remotely troubleshooting vehicles while on the move.
Simple provisioning and operations
A key characteristic of the converged solution is to simplify deployments and management through a unified architecture, enable visibility into connected assets and provide scale and flexibility to support any number of deployment configurations.
To ensure that our architecture is simple, scalable, and flexible, Cisco has developed field-friendly OT services with strong asset operation capabilities. Deep integration with asset systems and operations helps ensure that the field crew can easily deploy and enable cloud-delivered operational technology services without the need for IT support.
Simple provisioning
Challenge
Make it easy for technicians and non-IT staff to provision and manage connectivity at scale.
Solution
Enable true zero-touch deployment of the gateways.
● Configure templates using our point-and-click simplicity. Associate gateways with bus IDs.
● Technician deploys the gateways using a secure web browser connection.
● Activate/deactivate your SIM card and manage your rate plan with Cisco Control Center (offered by select service providers).
Your transit vehicles are now in service.
Remote provisioning and management for zero-touch deployment
Simple operation
Challenge
Minimize service outages and support faster troubleshooting and updates.
Solution
Minimize downtime through remote troubleshooting using the bus ID.
1. 10 pm: Alert at transit management center indicates faulty CAD/AVL system.
2. 10 pm: Transit center supervisor asks maintenance to remotely troubleshoot and fix.
3. 10:05 pm: Mechanic securely logs into the gateway using the asset ID and applies VLU updates.
4. 10:15 pm: Bus is back in service with functioning VLU.
Remote troubleshooting
Scalable security and flexible edge compute
We also help ensure a secure architecture designed for environments that are constantly under attack. Application flexibility is provided through a full-featured, secure edge compute layer that supports next-generation applications along with a partner ecosystem that can help drive innovation.
Scalable security
Challenge
Real-time cybersecurity protection from external and internal threats for thousands of transit vehicles.
Protection against cyberattacks on vehicles
Solution
Multilayered security, enforced through a single control point, helps ensure data confidentiality and end-to-end encryption. Uses standard IPsec VPN or FlexVPN to the operations network. Enforces network segmentations and policies by:
1. Keeping high-priority data separate and protected.
2. Enabling high availability and connectivity of CAD/AVL, fare collection, and other data.
3. Offering full integration with existing security services such as Cisco Umbrella®, Cisco’s cloud-based security that secures users and devices, and Cisco Secure Network Analytics, and machine learning network security traffic analysis. No need for third-party security.
Your transit vehicles are now equipped with internet-ready cybersecurity.
Challenge
Support a variety of next-generation transit applications such as smart mobility, traffic signal prioritization, and monitoring of operational sensors.
Support for third-party transit applications
Solution
Edge compute that support standards-based microservices through an open ecosystem.
1. Deploy Linux-based microservices onto the Catalyst IR1800 Series router.
2. The router/sensor data of interest is delivered to applications located anywhere – onsite, at the data center, or in the cloud.
Flexible and versatile operations are available.
The second element of a transit network is the transit stops or stations, which typically provide services for ticket purchase, passenger information signs providing data on routes, arrival and departure times and platforms, and video surveillance for security purposes.
Transit stop/station networks have different connectivity options available to them due to the fixed nature of the station and likely proximity to other networks. This provides the flexibility to be part of a city or transportation authority enterprise network or a standalone entity on an OT network.
For instance, a city or roadway fiber network may exist at the location of the station/stop. Here, a Layer 2 or Layer 3 switch with Power over Ethernet (PoE), such as the Cisco Catalyst IE3400 Rugged Series Switches, connected into the fiber network, is an optimal solution. Where such network connectivity is not available, such as more rural bus or rail stops, the use of cellular connectivity or private wireless using Cisco Ultra Reliable Wireless Backhaul remains the best option and is supported by the Cisco Catalyst IR1800 Rugged Series Routers.
Architecture for transit stops and stations
The architecture options for simple transit stops and stations are shown in the figure above.
An advantage of the multiple backhaul network options is that the stop/station network can be either under the same management as the transit fleet or separate and included in a larger enterprise SD-WAN business network.
Benefits
● Flexible network options allow for connection to the transit IT network, to the roadway network, or as a standalone cellular-connected site.
● Supports a wide range of WAN transport media, including cellular, fiber, or private wireless.
● SD-WAN option allows the transit vehicles, stops, and transit network to be under common management.
● Enables unified security policies and segmentation of data streams.
● Integration with Cisco security applications results in robust end-to-end security.
Transit yard or maintenance network
The third major component of a transit system is the yard. The bus yard or rail maintenance areas are for transit vehicles that are not scheduled and currently out of service, are currently allocated as spares, or are undergoing maintenance.
Functions performed when a vehicle enters this area include bulk upload of captured video and other business or diagnostic data, software maintenance updates by the transit operator, and device replacements or repairs for defective devices. Since some of these functions transfer large files or blocks of data, having the transit vehicle move off the cellular network and onto a wireless tariff-free yard network connected to the transit enterprise network is the best approach.
From an architectural perspective, the yard or maintenance area would look like the figure below. Here we can see the yard network consisting of wireless Wi-Fi access points (or Cisco URWB base stations) spaced to cover the yard area with a gigabit or multigigabit Industrial Ethernet switch aggregating data for delivery to the transit management center. Video surveillance cameras monitor the yard for vehicle inflow, outflow, and trespassers. The Cisco Meraki™ MV72 and MV72X are ideal candidates for outdoor rugged video cameras.
As the transit vehicle enters the station, the internal access point on the vehicle’s industrial router acts as a Wi-Fi client and routes connections to the yard network, moving away from the cellular network for connectivity. Notably, the yard network can range from small and simple, as shown, to large and more complex. An “extended network” can be used with aggregation switches (not shown) to capture the full extent of the transit yard communication and funnel it to the transit management center. Using Cisco Secure Equipment Access, transit workers can access systems on the transit vehicles remotely to perform maintenance operations and need to be on the vehicle only for physical maintenance.
The use of geofencing to trigger alerts when a transit vehicle enters and exits the yard is available through the Cisco Catalyst SD-WAN Manager.
Transit yard network
Benefits
● Simple and scalable wireless yard or maintenance network.
● Automatic transit vehicle connection/disconnection upon entering/leaving the yard.
● OT services supporting both transit vehicles and yard access points or private wireless base stations.
● Geofencing available with SD-WAN Manager.
● Integration with Cisco security applications results in robust end-to-end security.
As a last point, this architecture supports more advanced or next-generation deployment scenarios requiring high-bandwidth, low-latency links to smart city fiber-connected intersections and coordination between other connected autonomous vehicles.
Requirements
● Real-time communication with the intersection supporting Traffic Signal Prioritization (TSP) decisions for bus and emergency vehicles.
● C-V2X OnBoard Unit (OBU) for high-speed bidirectional communication with an intersection RoadSide Unit (RSU) or other vehicles to share speed, location, trajectory, and telemetry data.
● Via the OBU, receive C-V2X data from the intersection or other vehicles for driver alerts, safety messages, etc.
● Upload OBU vehicular data to fleet management systems.
● Cisco tools supporting deployment of onsite gateways, switches, and compute.
Proposed network architecture
● Onboard network with cloud services.
● C-V2X connectivity to support advanced Intelligent Transport Systems (ITS) and improve passenger safety.
Smart city integration
Benefits
● Increases efficiencies in transportation by leveraging both the roadways and the vehicles.
● Builds out the foundations of a future-ready connected cities infrastructure.
● Minimizes traffic jams while helping ensure pedestrian and driver safety.
Key design elements
1. OBU supporting C-V2X communication between the mass transit vehicle, intersection RSU, and other connected vehicles.
2. Direct wireless connection between the OBU and the RSU to enable C-V2X operations.
3. C-V2X capabilities for urban location, platooning, traffic efficiency, vehicle operations management, etc.
4. Easy-to-deploy configuration templates for systems/devices at the intersection.
5. Robust security for intersection device data and management.
6. Network segmentation to enforce secure device data access to authorized agencies.
7. Edge compute platform that enables local processing of RSU device data to drive intelligent traffic control and analytics.
Cisco converged architecture benefits for transit operators
● Unified network allowing powerful services, visibility, and security.
● Multi-WAN support for always-connected transit fleets.
● Reduced installation and maintenance costs for transit vehicles.
● Secure remote access to subsystems on the transit fleet and stops for remote problem resolution.
● Integration of fleet and transit network for simplified and consistent operations.
● Scalable solution that allows thousands of assets to operate simultaneously, positioning for current needs as well as future requirements.
The demands and use cases of transit systems require a next-generation architecture using integrated routers/gateways for the transit vehicles with a feature-rich services platform supporting configuration, monitoring, security, and control of resources on the transit vehicles and in the stations or yards.
Simplified operations that allow technicians and non-IT users to operate the systems are key.
Leveraging the Cisco converged architecture for public transport vehicles and networks is the key enabler of that simplification. It delivers simplified operations, consistent security policies, visibility for monitoring, and remote debugging. With multiple backhaul options, it keeps your fleet always connected. And with integrated passenger and worker Wi-Fi services, fleet telematics, and edge compute for customer applications, it provides a powerful and flexible engine for your transit deployments.
And just as importantly, the Cisco converged architecture lowers your installation and maintenance costs through consolidation and a set of OT tools supporting an isolated OT network or a fully integrated transit network that can simplify your current and future needs for oversight, visibility, and security.
● Cisco Catalyst IR1100 Rugged Series Routers.
● Cisco Catalyst IR1800 Rugged Series Routers Data Sheet.
● Cisco Catalyst IR1101 Rugged Series Router Data Sheet.
● Cisco Ultra-Reliable Wireless Backhaul.
● Cloud-delivered OT services.
● Cisco Secure Equipment Access.
● Cisco SD-WAN for industrial solutions.