Manualshelf

Specifications

ManualsBrandsAruba ManualsComputer equipment620
12345678910
Security Target Version 1.0 9/29/2014
9
2. TOE Description
The Target of Evaluation (TOE) consists of Aruba Mobility Controller appliances and access points, running
ArubaOS v6.3.1.5-FIPS.
The TOE is a Wireless Local Area Network (WLAN) access system comprising Aruba Mobility Controllers, Access
Points, and the ArubaOS. The WLAN PP defines this technology type as “one or more components that provide
secure wireless access to a wired or wireless network”. The Aruba Mobility Controllers are wireless switch
appliances that provide a wide range of security services and features including wireless and wired network
mobility, security, centralized management, auditing, authentication, and remote access. The Aruba Access Point
appliances service wireless clients
2
and can monitor radio frequency spectrums to detect intrusions, denial of service
(DoS) attacks, and other vulnerabilities. The ArubaOS is a suite of mobility applications that runs on all Aruba
controllers and APs, and allows administrators to configure and manage the wireless and mobile user environment.
Figure 1 shows an example of a WLAN Access System environment configuration
3
. Figure 2 shows an example of a
WLAN Access System configuration. This configuration includes one AP and one MC. This should not be
misconstrued as the only configuration as multiple MCs and APs can comprise the TOE. However, this is the
minimum configuration required in the CC mode. The rest of this section will describe, at a high-level, an overview
of the TOE architecture, define the scope of evaluation and the physical boundary of the TOE, and summarize the
security functionality provided by the TOE.
Figure 1: Example of WLAN Access System Environment
AP MC
Figure 2: Example of WLAN Access System
The AP is connected to the Controller via wired Ethernet Local Area Network (LAN) over an IP network or wired
directly to the Controller. The control data passed over this connection is protected using IPsec based on a FIPS
approved cryptographic module. The AP and MC use GRE as the tunneling protocol to encapsulate IEEE 802.11
2
Wireless client is not part of the TOE
3
Other wireless configurations may exist and still meet requirements identified in the PP. In all cases, wireless
traffic must be able to pass to the wired network via the wireless access system providing the necessary security.