Performance Support

Storage: SAN Fabric Zoning

Transcript
The point of our discussion here is fabric zoning. SAN fabric is the Fibre Channel switching infrastructure between the SAN storage systems and the SAN attached host servers. SAN fabric zoning is created and applies at the SAN fabric level in the middle. SAN fabric zoning is effectively the grouping of storage array ports and host server H A ports! as we can see in the diagram here. "n order to gain access to storage from a host to a SAN device! there is more than simply connecting some cables from the server to SAN switches! and that the SAN devices attach to on the other side. From a high level there are other items that need to be ta#en care of in the way of storage administration. Firstly the storage device needs to have a portion of its storage allocated to the servers. And to do this logical units of storage are created on the storage array. This is what appears to the server as a server dis# drive. "n the diagram here! inside the storage array on the bottom! you can clearly see that there is dis# arrays that have been created! those individual dis# arrays are presented to the server. "n addition to that! each SAN switch is part of the SAN fabric! which is essentially one or more SAN switches that connect host servers to SAN storage devices and enable communication between them. $any servers and many logical units are typically all interconnected in a SAN and for this among other reason SAN fabrics employ security in order to ensure that only that appropriate hosts are accessing the appropriate storage. And even more importantly! only the appropriate hosts are accessing the correct dis#s and logical units. "magine the security concerns and technical issues we would encounter if the SAN fabric simply allowed all connected hosts to see all connected storage devices and all connected logical units all at the same time. So how do you apply security to ensure that access is restricted appropriately% There are uni&ue identifiers assigned to the components of the SAN right down to the H A storage processor and switch port level. H A ports on the server side! as well as storage processor ports on the array side! are assigned a 'orld 'ide (ort Name! or ''(N! which is a globally uni&ue identifier. y using these uni&ue identifiers we)re able to e*clusively allow access from specific H A ports on servers to specific S( ports on storage arrays. 'hen we do this the SAN fabric themselves is used to configure the zone. A zone is an implicit grouping of an H A and an S( port that are allowed to communicate over the fabric. "n most cases storage administrators will assign alias names to these H A and S( ports so that the zoning is made a little bit easier to manage. The zone can consist of one or more H A port 'orld 'ide Names and one or more storage processor port 'orld 'ide Names. This zone is what tells the SAN fabric to allow specific H A ports from servers to communicate to specific S( ports on storage arrays. This has been an overview of SAN zoning. Than#s for watching.

+ , -.+/ S#illsoft "reland 0imited