gibbsie.org Knowledge Base

Fibre Channel Zoning

Aug 3rd 2008
No Comments
respond
trackback

Fibre Channel zoning is used to focus certain groups of resources together. In Fibre Channel, zoning is the partitioning of a fabric (or storage area network) into smaller subsets to restrict interference, increasing security, whilst simplifying management. If an example SAN hosted several thousand disk drives, these do not need to be visible to every SAN-connected system. It is important to note that zoning only applies to the switched fabric (FC-SW) topology of Fibre Channel switches.

Fibre Channel provides two methods of zoning: hard and soft; and two sets of attributes: name and port.

Soft zoning restricts the name services of a device to reflect only those devices it should be visible to. Therefore, when a server looks at the content of the fabric it will only see the devices it is permitted to see. However, any server can still attempt to contact any device on the network by address. In this way, soft zoning draws a parallel to the computing concept of security through obscurity.

In contrast, hard zoning restricts the actual communication across a fabric. This requires greater resources in the fabric switches but provides a more secure configuration.

Zoning can be applied to either switch ports or end-station name:

  • Port zoning restricts ports from communicating with unauthorized ports. This requires a heterogeneous SAN if this is to be used beyond a single switch.
  • Name zoning restricts access by World Wide Name (WWN). This is more flexible but WWNs can easily be spoofed, reducing security.

Zoning is mainly used in large storage applications but is a term often confused with LUN masking at the servers (HBA) level. Zoning performs a similar function as that provided by LUN masking techniques, employed to isolate the required one to one initiator and target mapping.


This post is tagged , , ,

No Comments

Leave a Reply