0 evaluări0% au considerat acest document util (0 voturi)
18 vizualizări1 pagină
SAN fabric zoning restricts access between servers and storage devices by grouping ports. It assigns unique identifiers like WWPNs to server and array ports. Zones are then configured in the SAN fabric to implicitly allow specific server ports to communicate only with designated storage array ports, ensuring appropriate access between authorized hosts and logical units. This zoning security is important as it prevents all connected hosts from accessing all connected storage devices and logical units.
SAN fabric zoning restricts access between servers and storage devices by grouping ports. It assigns unique identifiers like WWPNs to server and array ports. Zones are then configured in the SAN fabric to implicitly allow specific server ports to communicate only with designated storage array ports, ensuring appropriate access between authorized hosts and logical units. This zoning security is important as it prevents all connected hosts from accessing all connected storage devices and logical units.
SAN fabric zoning restricts access between servers and storage devices by grouping ports. It assigns unique identifiers like WWPNs to server and array ports. Zones are then configured in the SAN fabric to implicitly allow specific server ports to communicate only with designated storage array ports, ensuring appropriate access between authorized hosts and logical units. This zoning security is important as it prevents all connected hosts from accessing all connected storage devices and logical units.
Transcript The point of our discussion here is fabric zoning. SAN fabric is the Fibre Channel switching infrastructure between the SAN storage systems and the SAN attached host servers. SAN fabric zoning is created and applies at the SAN fabric level in the middle. SAN fabric zoning is effectively the grouping of storage array ports and host server H A ports! as we can see in the diagram here. "n order to gain access to storage from a host to a SAN device! there is more than simply connecting some cables from the server to SAN switches! and that the SAN devices attach to on the other side. From a high level there are other items that need to be ta#en care of in the way of storage administration. Firstly the storage device needs to have a portion of its storage allocated to the servers. And to do this logical units of storage are created on the storage array. This is what appears to the server as a server dis# drive. "n the diagram here! inside the storage array on the bottom! you can clearly see that there is dis# arrays that have been created! those individual dis# arrays are presented to the server. "n addition to that! each SAN switch is part of the SAN fabric! which is essentially one or more SAN switches that connect host servers to SAN storage devices and enable communication between them. $any servers and many logical units are typically all interconnected in a SAN and for this among other reason SAN fabrics employ security in order to ensure that only that appropriate hosts are accessing the appropriate storage. And even more importantly! only the appropriate hosts are accessing the correct dis#s and logical units. "magine the security concerns and technical issues we would encounter if the SAN fabric simply allowed all connected hosts to see all connected storage devices and all connected logical units all at the same time. So how do you apply security to ensure that access is restricted appropriately% There are uni&ue identifiers assigned to the components of the SAN right down to the H A storage processor and switch port level. H A ports on the server side! as well as storage processor ports on the array side! are assigned a 'orld 'ide (ort Name! or ''(N! which is a globally uni&ue identifier. y using these uni&ue identifiers we)re able to e*clusively allow access from specific H A ports on servers to specific S( ports on storage arrays. 'hen we do this the SAN fabric themselves is used to configure the zone. A zone is an implicit grouping of an H A and an S( port that are allowed to communicate over the fabric. "n most cases storage administrators will assign alias names to these H A and S( ports so that the zoning is made a little bit easier to manage. The zone can consist of one or more H A port 'orld 'ide Names and one or more storage processor port 'orld 'ide Names. This zone is what tells the SAN fabric to allow specific H A ports from servers to communicate to specific S( ports on storage arrays. This has been an overview of SAN zoning. Than#s for watching.