Zoning and LUN Masking
In a SAN ( Storage Area Network ), if all the hosts are allowed to access all the drives in the SAN, it may lead to many issues like device contention and mainly data corruption. In addition some Operating Systems (eg. Windows ) writes header information to disks which will lead to data loss (We will discuss it later in this article). To avoid this zoning and LUN masking is used. By doing Zoning and LUN masking storage units are isolated or made invisible to some or all of the hosts in the SAN. Lets look into zoning and LUN masking in detail.
LUN Masking
LUN masking is similar to zoning in the sense that both are used to provide a way of access control. But LUN masking is entirely different from zoning. Mainly LUN masking is implemented at HBA level. Some storage controllers also support LUN masking.
The main purpose of LUN masking is preventing access to LUNs from some specific hosts, a way of protection against data loss. For example when a host running Windows operating system is connected to SAN, Windows may try to assign volume labels to the LUNs by writing header information. This may corrupt the data written by other operating system on a filesystem alien to Windows.
Due to possible compromises at HBA level, LUN masking implemented at HBA level is more prone to attacks . But when LUN masking is done at storage controller level, controller itself enforces all the grouping relations, its more secure and more or less as strong as zoning security.
Zoning
Zoning is used to specify which host can see which storage array. Zoning is done at the switch level. This is explained in the figure given below.
Host 1 can see the Array Port SP0 from HBA0 and SP1 from HBA1, while Host 2 can see SP2 from HBA2 and SP3 from HBA3.
In short, zoning is the process of configuring which all initiators can see which all targets, which devices are visible to each other.
There are mainly two types of zoning - soft zoning which is done on WWN name basis and hard zoning which is done on port basis.
Hard Zoning
In hard zoning, members of the zone group are specified using actual port id ( physical port id ). So hard zoning physically blocks access to a device from a device which is outside of the zone.
Soft Zoning
To understand zoning first we should know what is WWN (World Wide Name).
WWN - World Wide Name
WWN is a 64 bit unique identifier assigned to each device or port in the SAN. If one device has more than one port, it each port will be having unique WWN. WWN is equivalent to MAC address of your NIC (Network adapters) in Ethernet.
In soft zoning, the zone configuration is specified using WWN of the ports. Soft zoning is implemented at software level. It internally uses a name server to identify which all WWN belongs to particular zone, and does a look up in the name server to validate membership.
Advantages and Disadvantages of Hard Zoning
Advantages | Disadvantages |
---|---|
Easier to create and manage since the its using direct port addressing instead of long WWN |
Moving a device from one switch port to another switch port requires re configuration of the zoning |
Since the switch hardware does not allow any traffic between unauthorized nodes, its more secure. |
Advantages and Disadvantages of Soft Zoning
Advantages | Disadvantages |
---|---|
Devices can be moved to different switch port without reconfiguring the zoning. |
Since the membership validation is not done at hardware level, its possible for HBAs to bypass the name server and communicate with the node which is not in the configured zone. |
Easy to maintain the zones and is flexible. |
It is possible to spoof the WWN number, and access the device in different zone. |
Zoning and LUN Masking的更多相关文章
- 如何在Vblock里配置Boot from SAN
啥是vBlock ============ vBlock是VCE用在包含了它的数据中心产品的组件的机架上的一个商标名. 机架中的组件都是有VCE出厂前预先组装好的, 组件的预设以及解决方案, 都是客户 ...
- LUN 和 LVM 知识
LUN是对存储设备而言的,volume是对主机而言的. lun是指硬件层分出的逻辑盘,如raid卡可以将做好的400G的raid5再分成若干个逻辑盘,以便于使用,每一个逻辑盘对应一个lun号,OS层仍 ...
- 存储的一些基本概念(HBA,LUN)
有些新手总是在各式各样的概念里绕来绕去,弄的不亦乐乎.所以我就把我的一些理解写了下来,供您参考.我说的不局限于任何一种具体产品和厂家,也可能有些说法和某些厂家的说法不一样,但是我觉得应该算的上是本原的 ...
- LUN mask 和zone 区别
问题: 在SAN网络中,只有一台存储时,该存储带有Map功能,可以将LUN Map到指定主机,那么FC Switch的zoning功能还有意义吗?有没有方法来证明这以意义的存在.即使存储不带有Map功 ...
- LUN
1概念 LUN的全称是Logical Unit Number,也就是逻辑单元号.我们知道SCSI总线上可挂接的设备数量是有限的,一般为8个或者16个,我们可以用Target ID(也有称为SCSI I ...
- 【转载】存储的一些基本概念(HBA,LUN)
1.关于HBA HBA的全称为Host Bus Adapter,即主机总线适配器. a.总线适配器是个什么东西呢? 我们首先要了解一下主机的结构,一台计算机内部多半由两条总线串在起来(当然实际情况会 ...
- LUN----逻辑单元号
LUN的全称是Logical Unit Number,也就是逻辑单元号. 一.概念 LUN的全称是Logical Unit Number,也就是逻辑单元号.我们知道SCSI总线上可挂接的设备数 ...
- Fiber Channel SAN Storage
http://www.infotechguyz.com/VMware/FiberChannelSANStorage.html Using Fibre Channel with ESX/ESXi Fib ...
- Exam E05-001 Information Storage and Management Version 3 Exam
Emc 考试 e05-001信息存储和管理版本3考试 [总问题:171] 哪种 emc 产品提供软件定义的存储基础架构的自动监视和报告? A. viprSrmB. 斯纳普内C. 阿瓦马尔D. 快速副总 ...
随机推荐
- 解决SQL Server 2008提示评估期已过
第一步:进入SQL2008配置工具中的安装中心第二步:再进入维护界面,选择版本升级第三步:进入产品密钥,输入密钥第四步:一直点下一步,直到升级完毕.SQL Server 2008 Developer: ...
- SugarCRM 插件介绍
[转自 陈沙克日志:http://hi.baidu.com/chenshake/item/5d76203fe6a598fede22219d]经常有朋友问关于sugar的插件,我这里就整理一下,不过其实 ...
- C#编程(三十七)----------结构比较
结构比较 数组和元组都实现接口IStructuralEquatable和IStructuralComparable.这两个接口不仅可以比较引用,还可以比较内容.这些接口都是显示实现的,所以在使用时需要 ...
- WordPress主题开发:style.css主题信息标记
在最简单的情况下,一个WordPress主题由两个文件构成: index.php ------------------主模版 style.css -------------------主样式表 而且s ...
- WordPress主题开发:循环代码
have_posts() 有没有文章信息 if...else <?php if( have_posts() ) : while( have_posts() ) : the_post(); ?&g ...
- [填坑]解决"Your MaintenanceTool appears to be older than 3.0.2. ."问题
之前我写过QT5.9版本在更新组件时出现“要继续此操作,至少需要一个有效且已启用的储存库”问题,得到了网友的热心转载,说明遇到此问题的人不在少数. 原文地址:https://blog.csdn.net ...
- 中文分词库及NLP介绍,jieba,gensim的一些介绍
六款中文分词软件介绍: https://blog.csdn.net/u010883226/article/details/80731583 里面有jieba, pyltp什么的.另外下面这个博客有不少 ...
- quantum theory
the principles of quantum mechanics by p.a.m.dirac.
- cesium原理篇(三)--地形(1)【转】
转自:http://www.cnblogs.com/fuckgiser/p/5824743.html 简述 前面我们从宏观上分析了Cesium的整体调度以及网格方面的内容,通过前两篇,读者应该可以比较 ...
- RV ItemDecoration 分割线 简介 MD
Markdown版本笔记 我的GitHub首页 我的博客 我的微信 我的邮箱 MyAndroidBlogs baiqiantao baiqiantao bqt20094 baiqiantao@sina ...