Technical data
Brocade Communications Systems, Inc. Page 10 of 48
Figure 2: Administrators can access the TOE using a serial terminal or
across a network. Audit records are sent to a syslog server.
Separate appliance ports are relied on to physically separate connected HBAs. The appliance’s physical location
between HBAs and storage devices is relied on to ensure TOE interfaces cannot be bypassed. The TOE encrypts
commands sent from terminal applications by administrators using SSH for the command line interface and HTTPS
for the Advanced Web Tools GUI interface. The TOE requires administrators to login after a SSH or HTTPS
connection has been established.
2.2 TOE Architecture
The TOE can be described in terms of the following components:
• Brocade Switch and Director appliances – One or more of each type are supported in the evaluated
configuration. The evaluated configuration also supports one or more blades per director, depending on the
number supported by a given director model.
• Brocade FabricOS operating system – Linux-based operating system that runs on Brocade switches and
directors. FabricOS is comprised of user-space programs, kernel daemons and kernel modules loaded as
proprietary components into LINUX. The base features of LINUX, including the file system, memory
management, processor and I/O support infrastructure for FOS user-space programs, daemons, and kernel
modules. Interprocess communication is handled through commonly mapped memory or shared PCI
memory and semaphores as well as IOCTL parameter passing. LINUX provides access to memory or to
make a standard IOCTL call, and all the contents of the buffers and IOCTL message blocks or other
message blocks are proprietary to the FOS user-space programs, kernel modules and daemons. The
FabricOS operating system is considered to include the OpenSSL crypto engine as internal functionality
supporting TOE operation.
In its most basic form, the TOE in its intended environment of the TOE is depicted in the figure below.