Manualshelf

Specifications

ManualsBrandsBrocade Communications Systems ManualsComputer equipmentNetIron CER Series
12345678910
Brocade MLXand NetIron® Family Devices with Multi-Service IronWare R05.7.00
Security Target Version 1., July 15, 2014
Page 7 of 50
http://www.brocade.com/products/all/routers/product-details/netiron-cer-2000-series/index.page
http://www.brocade.com/forms/getFile?p=documents/data_sheets/product_data_sheets/brocade-netiron-
cer-2000-ds.pdf
Brocade NetIron CES 2000 Series
http://www.brocade.com/products/all/switches/product-details/netiron-ces-2000-series/index.page
http://www.brocade.com/downloads/documents/data_sheets/product_data_sheets/brocade-netiron-ces-
2000-ds.pdf
While there are different models in the TOE, they differ primarily in physical form factor, number and types of
connections and slots, and relative performance. There are some functional differences among the families, but they
each provide the same security characteristics as claimed in this security target.
The different series have differing CPUs as described below
The MLX Series uses
o a Freescale MPC 7448, 1700 MHz CPU for the MR2 models and
o a Freescale MPC 7447A, 1000 MHz CPU for the MR models
The CER 2000 and CES 2000 Series utilize a Freescale MPC8544, PowerQUICC
tm
800 MHz CPU
1.4.1 TOE Architecture
The basic architecture of each TOE appliance begins with a hardware appliance with physical network connections.
Within the hardware appliance, the Brocade IronWare OS is designed to control and enable access to the available
hardware functions (e.g., program execution, device access, facilitate basic routing functions). IronWare OS
enforces applicable security policies on network information flowing through the hardware appliance.
The basic start-up operation of the TOE is as follows:
1. At system startup the operating system is transferred from flash memory to dynamic memory using a built-
in hardware bootstrap.
2. The operating system reads the configuration parameters from the configuration file in non-volatile
memory and then builds the necessary data structures in dynamic memory and begins operation.
During normal operation, IP packets are sent to the management IP address or through the appliance over one or
more of its physical network interfaces, which processes them according to the system’s configuration and state
information dynamically maintained by the appliance. This processing typically results in the frames or packets
being forwarded out of the device over another interface. The TOE will process other packets destined for itself
(control path packets) based on the requirements of the given protocol (HTTPS or SSH).
1.4.1.1 Physical Boundaries
Each TOE appliance runs a version of the Brocades software and has physical network connections to its
environment to facilitate routing and switching of network traffic. The TOE appliance can also be the destination of
network traffic, where it provides interfaces for its own management.
The TOE may be accessed and managed through a PC or terminal in the environment which can be remote from or
directly connected to the TOE.
The TOE can be configured to forward its audit records to an external syslog server in the network environment.
This is generally advisable given the limited audit log storage space on the evaluated appliances.
The TOE can be configured to synchronize its internal clock using an external NTP server in the operational
environment.