Manualshelf

Technical data

ManualsBrandsBrocade Communications Systems ManualsHousehold Appliances8
31323334353637383940
Brocade Communications Systems, Inc. Page 37 of 48
admin can perform all administrative commands
switchAdmin can perform administrative commands except for those related to user management and
zoning configuration commands
operator can perform administrative commands that do not affect security settings
zoneAdmin can perform administrative commands that only affect zoning configuration
fabricAdmin can perform administrative commands except for those related to user management
basicSwitchAdmin can be used to monitor system activity
SecurityAdmin can perform security-related configuration including user management and security
policy configuration
root can perform all administrative commands and access the OS; this user account is disabled during
TOE configuration
factory can perform all administrative commands
The TOE administrative interfaces consist of an Ethernet network-based interface and a serial terminal-based
interface. Ethernet interfaces use a command-line interface called the “FabricOS Command Line Interface” or an
HTTPS based interface known as Web Tools. The FabricOS Command Line Interface is reached using SSH, while
Web Tools supports the use of hypertext transfer protocol over secure socket layer (HTTPS). Both network-based
and terminal-based interfaces provide equivalent management functionality. The Ethernet (i.e., SSH) and serial
terminal interfaces support the same command-line interface commands after a session has been established.
The Security management function is designed to satisfy the following security functional requirements:
FMT_MSA.1(1): The ability to modify host bus adapters and storage devices zone membership is limited
to users possessing the admin, zoneAdmin, fabricAdmin, root, or factory role; the root role (account) is
disabled during TOE configuration. Zone membership is defined by the default zone and zone
configuration.
FMT_MSA.1(2): The ability to modify the configuration of the user data encryption SFP defined between
host bus adapters and storage devices is limited to users possessing the Admin, SecurityAdmin,
FabricAdmin, Root and Factory roles.
FMT_MSA.3(1): By default, host bus adapters do not have access to storage devices.
FMT_MSA.3(2): By default, encryption is not performed on the transmission of user data between a host
bus adapter and a storage device.
FMT_MTD.1(1): The ability to query, modify, delete, and assign administrative user security attributes is
limited to users possessing one of the following administrative roles: admin, SecurityAdmin, root, factory;
the root role (account) is disabled during TOE configuration..
FMT_MTD.1(2): Administrators can set their own passwords. The administrative roles admin, and Security
Admin, root, and factory may set any account’s password; the root role (account) is disabled during TOE
configuration..
FMT_SMF.1: The TOE provides administrative interfaces to manage the encrypted user data policy, to
modify host bus adapters and storage device zone membership, as well as to set and reset administrator
passwords.
FMT_SMR.1: The TOE maintains administrative user roles.
6.1.5 Protection of the TSF
The TOE maintains a security domain using appliance hardware. The use of a hardware appliance protects the TOE
from external physical interference or tampering, including providing separate physical interfaces to separate hosts
and storage devices.
For most models, the TOE does not encrypt data written to or read from storage devices by host bus adapters. For
these models, the TOE relies instead on the environment to physically protect the network between the HBA and the