Brocade Communications Systems Brocade Serveiron 1000 User Manual

Q How many SSL keys and certificates can be used with ServerIron ADX solution?

The ServerIron ADX SSL supports up to 4096 SSL certificates and 4096 SSL keys,

assuming the length of each to be 1024 bytes. These SSL certificates and keys can be
managed through the element manager (web GUI), Brocade IronView Network Manager
(INM) and the command line interface (CLI),. The graphical interface available through
either the web GUI or INM is generally preferred; as it offers a simplified and secure

method for certificate/key uploads and downloads.

Q Can ServerIron ADX SSL offer end-to-end security by establishing a secure SSL channel

with the backend application server while offloading SSL processing?

A Yes, ServerIron ADX SSL can be configured in one of the two modes – terminate and

proxy. In proxy mode, ServerIron terminates the incoming SSL traffic, identifies the
backend application server based on configured Layer4 or Layer7 rules, and then re-
encrypts the traffic for backend server communication. This ensures complete end-to-

end security for highly sensitive applications.

Q Do ServerIron ADX series switches process next-generation IPv6 traffic as well as IPv4?
A Yes, ServerIron ADX 1000, 4000, and 10000 series enable application delivery for IPv6

services by offering the following functionality:
• Full Layer 4 and Layer 7 load balancing for IPv6 VIPs (v6 VIPs and v6 Reals)

• IPv6 Pass-through traffic handling

• IPv6 Management (telnet, SSHv2 etc)

• IPv6 Routing (static routes, OSPFv3, VRRP-E etc)

• IPv6 to IPv4 translation and gateway functionality (v6 VIPs and v4 Reals or v6 VIPs

and v4 and v6 Reals)

• IPv6 Syn-Proxy

• IPv6 Route Selection through Router Advertisements

ServerIron ADX provides Layer 4-7 processing for IPv4 and IPv6 traffic by pre-processing
the IPv6 packets to be handled by the high-performance IPv4 L4-7 processing engine.
After Layer 4-7 finishes processing the packet, or if ADX determines that this packet is
not a candidate for Layer 4-7 processing (pass-through), then the IPv4 packet is post-

processed back to an IPv6 packet and sent on to its destination. Post-processing is
completed after Layer 4-7 or pass-through traffic processing is finished and before the
packet exits the ADX. In pre-processing, IPv6 addresses can be remapped to IPv4
addresses either through static or dynamic mapping address pools.

Q How is the Management Port used on ServerIron ADX? Can it be used for Data Traffic?
A ServerIron’s dedicated management port allows for out-of-band management of the ADX

using telnet, SSHv2, SNMP, HTTP or HTTPS protocol, so that full management

functionality and control is enabled without degrading its traffic processing performance.
The management port cannot be used for data traffic processing.

Q What is the maximum number of contexts (or administrative domains) that I can define

using the Role Based Management feature?

11 of 14