Manualshelf

User guide

ManualsBrandsAruba ManualsComputer equipment620
12345678910
Aruba Networks Security Target
Page 8 of 67
2 TOE Description
2.1 Type
7 The TOE is a network device.
8 In the CC evaluated configuration, the TOE must be configured to operate in the
FIPS 140-2 Approved mode of operation. In FIPS-Approved mode, weak protocols
and algorithms are disabled. Please reference the appropriate FIPS 140-2 Security
Policy documents for each controller and access point for more details at
http://csrc.nist.gov/groups/STM/cmvp/index.html.
2.2 TOE Architecture
9 At a high level, Aruba Mobility Controllers are hardware appliances consisting of a
multicore network processor, Ethernet interfaces, and required supporting circuitry
and power supplies enclosed in a metal chassis. The software running on the
Mobility Controller is called ArubaOS, which consists of two main components, both
implemented on multiple cores within a single network processor:
a) Control Plane (CP)implements functions which can be handled at lower
speeds such as Mobility Controller system management (CLI and Web GUI),
user authentication (e.g. 802.1X, RADIUS, LDAP), Internet Key Exchange
(IKE), auditing/logging (syslog), Wireless IDS (WIDS), and termination of
protocols operating at the system level (e.g. SSH, TLS, NTP, etc.). The
Control Plane runs the Linux operating system along with various user-space
applications (described below).
b) Data Plane (DP)implements functions that must be handled at high speeds
such as high-speed switching functions (forwarding, VLAN
tagging/enforcement, bridging), termination of 802.11 associations/sessions,
tunnel termination (GRE, IPsec), deep packet inspection functions, and
cryptographic acceleration. The Data Plane runs a lightweight, proprietary
real-time OS which is known as “SOS” (an acronym whose definition is no
longer known).
10 The Control Plane and Data Plane are inseparable. Administrators install the
software by loading a single file, identified as “ArubaOS”. Internally, the Mobility
Controller unpacks the ArubaOS software image into its various components. A
given ArubaOS software image has a single version number, and includes all
software components necessary to operate both mobility controllers and APs.
11 The CP runs the Linux OS, along with various custom user-space applications which
provide the following CP functions:
a) Monitors and manages critical system resources, including processes,
memory, and flash
b) Manages system configuration and licensing
c) Manages an internal database used to store licenses, user authentication
information, etc.
d) Provides network anomaly detection, hardware monitoring, mobility
management, wireless management, and radio frequency management
services
e) Provides a Command Line Interface (CLI)