Escolar Documentos
Profissional Documentos
Cultura Documentos
Brocade Zoning
Rev. 4.21
Introduction to SANs
Brocade Zoning
Rev. 4.21
Introduction to SANs
Brocade Zoning
Security Comparisons
Data access can be implemented at several different levels within the SAN environment. Each of these has advantages and disadvantages. The level selected will be chosen for the particular needs of the customers SAN environment. Host level security offers a single point of management for a large data center. Hosts with many different operating systems can be managed by Open View Storage Area Manager, as clients. However, a host that lacks the software may be unaware of the disk allocations and may access and corrupt storage in the SAN. Switch level security may be more secure than host security, but can be constrained by the topology. Port zoning is very limiting for topologies that have many devices connected through hubs. Switch level zoning cannot separate LUN access for a given device. Device level security is highly secure, but may require time-consuming administration to implement. Not all devices have this function. Firmware changes on these devices may alter the security function, and can impact the availability of the device.
Rev. 4.21
Introduction to SANs
Brocade Zoning
Rev. 4.21
Introduction to SANs
Brocade Zoning
Zoning Example
Zones may be configured dynamically. The number of zones and zone members are effectively unlimited. Zones vary in size and shape, depending on the number of Fabric connected devices and device locations. Devices may be members of more than one zone. This is called overlapping zones. In addition, multiple configurations can be created, as an example, for enterprise backup and for normal work access. Zone members see only members in their zones and, therefore, access only one another. A device not included in a zone is not able to access any devices devices.
Rev. 4.21
Introduction to SANs
Brocade Zoning
Rev. 4.21
Introduction to SANs
Brocade Zoning
Zone Enforcement
Soft zoning Soft zoning is software enforced Brocade zoning. The zoning enforcement is implemented in the firmware, using the entries of the Simple Name Server to determine if the transaction is allowed. The members of the zones must be good citizens. A good citizen is a member that uses the Name Server, supports RSCN (Remote State Change Notification) and does not circumvent the Name Server for access to other ports. A bad citizen is a node that probes the switch, either because of malfunction or malice, to access a device that it should not access. What this means is if there is a server/HBA/Driver that will probe the ports on the switch, that server/HBA/Driver would be able to talk to any device it found because it did not use the Name Server and behave properly. In the Brocade 2x00 Silkworm switches, WWN zoning is software enforced. The term soft zoning became used to mean the same thing as World-wide Name zoning. In the Brocade 3x00 Silkworm switches, WWN zoning can be hardware enforced. It is important to separate the enforcement from the format for zoning. Hard zoning Hard zoning is hardware enforced zoning. Zoning is enforced by the ASIC. It is not vulnerable to probing by a bad citizen node. In the Brocade 2x00 Silkworm switches, port zoning is enforced in the hardware. The term hard zoning came to mean the same thing as port zoning. With the 3x00 Silkworm switches, WWN zoning is also hard zoning. This terminology is no longer valid.
Rev. 4.21
Introduction to SANs
Brocade Zoning
Rev. 4.21
Introduction to SANs
Brocade Zoning
Rev. 4.21
10
Introduction to SANs
Brocade Zoning
Rev. 4.21
11
Introduction to SANs
Brocade Zoning
Rev. 4.21
12
Introduction to SANs
Brocade Zoning
Soft porting
In the example shown, the device identified as Host1a is defined using port zoning in Zone1, and defined using its WWN in Zone3. Either definition alone would result in Hard zoning. However, when the device is defined in each zoning type within a single configuration, the switch will not be able to enforce zoning within the ASIC. Soft zoning will be used, instead.
Rev. 4.21
13
Introduction to SANs
Brocade Zoning
Rev. 4.21
14
Introduction to SANs
Brocade Zoning
Port Zoning
Port zoning is defined within the Brocade switch by specifying the switch Domain and physical Port. In the example there are two zones defined: the Orange Zone and the Green Zone. Access is allowed only through the specified port. If the cable to a port is moved to another port, the device will be unavailable. If the port is down or disabled, there will be no device access on that path. This example shows alternate paths in the zones. Port zoning logic is consistent with the HP-UX address and device file structure. Port zoning cannot separate or individually identify zone members of a looplet. All devices on the loop are defined in the zone by the port. Port zoning can be a disadvantage for consolidated storage devices, like the XP family. All the LUNs accessed through the port belong to the zone.
Rev. 4.21
15
Introduction to SANs
Brocade Zoning
Rev. 4.21
16
Introduction to SANs
Brocade Zoning
Rev. 4.21
17
Introduction to SANs
Brocade Zoning
Rev. 4.21
18
Introduction to SANs
Brocade Zoning
Rev. 4.21
19
Introduction to SANs
Brocade Zoning
Rev. 4.21
20
Introduction to SANs
Brocade Zoning
Rev. 4.21
21
Introduction to SANs
Brocade Zoning
Rev. 4.21
22
Introduction to SANs
Brocade Zoning
Rev. 4.21
23
Introduction to SANs
Brocade Zoning
Rev. 4.21
24
Introduction to SANs
Brocade Zoning
If you have issued a cfgclear and then a cfgsave the switch will now save the cleared SDRAM into flash and everything in the switch will be cleared.
Rev. 4.21
25
Introduction to SANs
Brocade Zoning
Rev. 4.21
26
Introduction to SANs
Brocade Zoning
Rev. 4.21
27
Introduction to SANs
Brocade Zoning
Rev. 4.21
29
Introduction to SANs
Brocade Zoning
Rev. 4.21
30
Introduction to SANs
Brocade Zoning
Rev. 4.21
31
Introduction to SANs
Brocade Zoning
Rev. 4.21
32
Introduction to SANs
Brocade Zoning
Rev. 4.21
33
Introduction to SANs
Brocade Zoning
Learning Check
1. What is the difference between hard and soft zoning? . . 2. Describe the relationship between zone members, zones, and zoning configurations. . . 3. What is the process for merging two separate fabrics together as it pertains to zoning? . .
Rev. 4.21
34
Introduction to SANs
Brocade Zoning
Rev. 4.21
35
Introduction to SANs
Brocade Zoning
Rev. 4.21
36