HP StoreOnce Backup System, Generation 3 Version 3.6.6
\r\nHardware Models
\r\n| \r\n Single Node Appliances \r\n | \r\n\r\n Multi-Node Appliances \r\n | \r\n
| \r\n HP StoreOnce 2610 iSCSI Backup \r\nHP StoreOnce 2620 iSCSI Backup \r\nHP StoreOnce 4210 iSCSI Backup \r\nHP StoreOnce 4210 FC Backup \r\nHP StoreOnce 4220 Backup \r\nHP StoreOnce 4420 Backup \r\nHP StoreOnce 4430 Backup \r\n | \r\n\r\n HP StoreOnce B6200 Backup System \r\n | \r\n
Henceforth, the above referenced software on the above referenced hardware is referred to as the TOE or StoreOnce.
\r\nThe Target of Evaluation (TOE) is an HP StoreOnce Backup System with one or more hardware appliances. The TOE models that offer either a single-node or multi-node system and are running Generation 3 Version 3.6.6 software are the target of evaluation. The following appliances allow the TOE to provide varying types of fault-tolerance and are the hardware platform for the TOE.
\r\nHP StoreOnce Single-node appliances operate as standalone devices and do not operate as part of a cluster.
\r\nMulti-node appliances operate as a cluster. A cluster is composed of from 1 to 4 couplets, each couplet having two nodes. A cluster is the scope of administrative control, with the configuration of the cluster defining the behavior of all nodes within the cluster.
\r\nThe B6200 appliance is a multi-node appliance. The number of nodes in a model B6200 is determined by the customer. The B6200 can be ordered as a single couplet (2 nodes), a 2 couplet (4 node) cluster, a 3 couplet (6 node) cluster or a 4 couplet (8 node) cluster. A customer can buy a cluster of one couplet and then buy additional couplets to expand the cluster up to a maximum of 4 couplets.
","evaluation_configuration":null,"security_evaluation_summary":"The evaluation was carried out in accordance to the Common Criteria Evaluation and Validation Scheme (CCEVS) process and scheme. The evaluation demonstrated that the TOE meets the security requirements contained in the Security Target. The criteria against which the TOE was judged are described in the Common Criteria for Information Technology Security Evaluation, Version 3.1 Revision 3. The evaluation methodology used by the evaluation team to conduct the evaluation is the Common Methodology for Information Technology Security Evaluation, Version 3.1 Revision 3. Leidos determined that the evaluation assurance level (EAL) for the TOE is EAL 2 augmented with ALC_FLR.3. The TOE, configured as specified in the installation guide, satisfies all of the security functional requirements stated in the Security Target. Several validators on behalf of the CCEVS Validation Body monitored the evaluation carried out by Leidos.
\r\nIt must be noted that the TOE assumes that it is in a relatively benign security environment; the client hosts are presumed to be within the same physical area as the TOE, are accorded the same physical protections as the TOE, and are trusted to present their host identifiers (e.g., IP address, Fibre Channel port number) accurately. Accordingly, the TOE accepts the identifier presented and does not authenticate the identity of the host. This is reflected in the assumption A.HOST_IDENTITY, defined in the Security Target (ST) Thus, if the TOE environment does not satisfy the security assumption of trusted client hosts, then some authentication method must be provided.
","environmental_strengths":"The HP StoreOnce Backup System is a disk-based storage appliance for backing up host network servers or PCs to target devices on the appliance. These devices are configured as either Network-Attached Storage (NAS) or Virtual Tape Library (VTL) or StoreOnce Catalyst targets for backup applications.
\r\nThe HP StoreOnce Backup System products are hardware appliances that offer network accessible administration interfaces in the form of an HTTPS based Graphical User Interface or SSH protected Command Line Interface.
\r\nA single node appliance or a couplet provides network access using a number of network distinct ports. There are four (4) physical 1GB ports and two (2) physical 10GB ports for Ethernet connections. Another two (2) 10GB network connections are used for the internal network (internal to the cluster only) and are not accessible to client-hosts. Fibre Channel connections (available on some appliances) are only used to present VTL devices that have been configured on the nodes in a couplet.
\r\nRemote administration sessions occurring through the management network are protected using cryptography (SSH and HTTPS). Network traffic between the product and NTP or LDAP servers occurs utilizing only protections inherent in the NTP and LDAP protocols. The HP StoreOnce Backup System allows a site to choose to combine the data and management networks. In single-node configurations, the data and management network must be combined. Both single-node and multi-node configurations utilize an Internal network for communication with storage devices.
\r\nThe HP StoreOnce Backup Systems provides Ethernet network connections for use as a management network (i.e., used for all management traffic). All Ethernet-based networks support only IPv4 networking functionality. IPSec and IPv6 security features are not available, though some protection is supported for administrator network communications (e.g., SSH and HTTPS). The data network can be either Ethernet or Fibre Channel. The internal network will be Ethernet.
","features":[]}