Zoning and LUN Masking
In a SAN ( Storage Area Network ), if all the hosts are allowed to access all the drives in the SAN, it may lead to many issues like device contention and mainly data corruption. In addition some Operating Systems (eg. Windows ) writes header information to disks which will lead to data loss (We will discuss it later in this article). To avoid this zoning and LUN masking is used. By doing Zoning and LUN masking storage units are isolated or made invisible to some or all of the hosts in the SAN. Lets look into zoning and LUN masking in detail.
LUN Masking
LUN masking is similar to zoning in the sense that both are used to provide a way of access control. But LUN masking is entirely different from zoning. Mainly LUN masking is implemented at HBA level. Some storage controllers also support LUN masking.
The main purpose of LUN masking is preventing access to LUNs from some specific hosts, a way of protection against data loss. For example when a host running Windows operating system is connected to SAN, Windows may try to assign volume labels to the LUNs by writing header information. This may corrupt the data written by other operating system on a filesystem alien to Windows.
Due to possible compromises at HBA level, LUN masking implemented at HBA level is more prone to attacks . But when LUN masking is done at storage controller level, controller itself enforces all the grouping relations, its more secure and more or less as strong as zoning security.
Zoning
Zoning is used to specify which host can see which storage array. Zoning is done at the switch level. This is explained in the figure given below.
Host 1 can see the Array Port SP0 from HBA0 and SP1 from HBA1, while Host 2 can see SP2 from HBA2 and SP3 from HBA3.
In short, zoning is the process of configuring which all initiators can see which all targets, which devices are visible to each other.
There are mainly two types of zoning - soft zoning which is done on WWN name basis and hard zoning which is done on port basis.
Hard Zoning
In hard zoning, members of the zone group are specified using actual port id ( physical port id ). So hard zoning physically blocks access to a device from a device which is outside of the zone.
Soft Zoning
To understand zoning first we should know what is WWN (World Wide Name).
WWN - World Wide Name
WWN is a 64 bit unique identifier assigned to each device or port in the SAN. If one device has more than one port, it each port will be having unique WWN. WWN is equivalent to MAC address of your NIC (Network adapters) in Ethernet.
In soft zoning, the zone configuration is specified using WWN of the ports. Soft zoning is implemented at software level. It internally uses a name server to identify which all WWN belongs to particular zone, and does a look up in the name server to validate membership.
Advantages and Disadvantages of Hard Zoning
Advantages | Disadvantages |
---|---|
Easier to create and manage since the its using direct port addressing instead of long WWN |
Moving a device from one switch port to another switch port requires re configuration of the zoning |
Since the switch hardware does not allow any traffic between unauthorized nodes, its more secure. |
Advantages and Disadvantages of Soft Zoning
Advantages | Disadvantages |
---|---|
Devices can be moved to different switch port without reconfiguring the zoning. |
Since the membership validation is not done at hardware level, its possible for HBAs to bypass the name server and communicate with the node which is not in the configured zone. |
Easy to maintain the zones and is flexible. |
It is possible to spoof the WWN number, and access the device in different zone. |
Zoning and LUN Masking的更多相关文章
- 如何在Vblock里配置Boot from SAN
啥是vBlock ============ vBlock是VCE用在包含了它的数据中心产品的组件的机架上的一个商标名. 机架中的组件都是有VCE出厂前预先组装好的, 组件的预设以及解决方案, 都是客户 ...
- LUN 和 LVM 知识
LUN是对存储设备而言的,volume是对主机而言的. lun是指硬件层分出的逻辑盘,如raid卡可以将做好的400G的raid5再分成若干个逻辑盘,以便于使用,每一个逻辑盘对应一个lun号,OS层仍 ...
- 存储的一些基本概念(HBA,LUN)
有些新手总是在各式各样的概念里绕来绕去,弄的不亦乐乎.所以我就把我的一些理解写了下来,供您参考.我说的不局限于任何一种具体产品和厂家,也可能有些说法和某些厂家的说法不一样,但是我觉得应该算的上是本原的 ...
- LUN mask 和zone 区别
问题: 在SAN网络中,只有一台存储时,该存储带有Map功能,可以将LUN Map到指定主机,那么FC Switch的zoning功能还有意义吗?有没有方法来证明这以意义的存在.即使存储不带有Map功 ...
- LUN
1概念 LUN的全称是Logical Unit Number,也就是逻辑单元号.我们知道SCSI总线上可挂接的设备数量是有限的,一般为8个或者16个,我们可以用Target ID(也有称为SCSI I ...
- 【转载】存储的一些基本概念(HBA,LUN)
1.关于HBA HBA的全称为Host Bus Adapter,即主机总线适配器. a.总线适配器是个什么东西呢? 我们首先要了解一下主机的结构,一台计算机内部多半由两条总线串在起来(当然实际情况会 ...
- LUN----逻辑单元号
LUN的全称是Logical Unit Number,也就是逻辑单元号. 一.概念 LUN的全称是Logical Unit Number,也就是逻辑单元号.我们知道SCSI总线上可挂接的设备数 ...
- Fiber Channel SAN Storage
http://www.infotechguyz.com/VMware/FiberChannelSANStorage.html Using Fibre Channel with ESX/ESXi Fib ...
- Exam E05-001 Information Storage and Management Version 3 Exam
Emc 考试 e05-001信息存储和管理版本3考试 [总问题:171] 哪种 emc 产品提供软件定义的存储基础架构的自动监视和报告? A. viprSrmB. 斯纳普内C. 阿瓦马尔D. 快速副总 ...
随机推荐
- linux下一个网卡配置多个IP
转自:http://blog.csdn.net/beckdon/article/details/15815197 最常用的给网卡配置ip的命令为 #ifconfig eth0 192.168.0.1 ...
- 在SpringMVC中使用Jackson并格式化时间
在spring MVC 3中,要实现REST风格的JSON服务,最简单的方式是使用 @ResponseBody 注解.该注解会自动把返回的对象,序列化为JSON. 来看一个最简单的例子.这个例子先使用 ...
- docker查看容器的网络ip
docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' container_name_or_id 可直 ...
- 将hta包装为exe发布
hta在打开的时候,有时候会被杀毒软件拦截而不给执行,更重要的一点是通常都可以右击查看源代码,里面如果涉及到域名或者其它的一些细节就很容易被其它人了解. 网络上有一些hta转exe的,类似的软件基本上 ...
- 用Handler的post()方法来传递线程中的代码段到主线程中执行
自定义的线程中是不能更新UI的,但是如果遇到更新UI的事情,我们可以用handler的post()方法来将更新UI的方法体,直接传送到主线程中,这样就能直接更新UI了.Handler的post()方法 ...
- Android中获取屏幕长宽的方法
package com.kale.screen; import android.annotation.SuppressLint; import android.app.Activity; import ...
- modbus.c
#include <avr/io.h> #include <avr/interrupt.h> #include <util/delay.h> //#include ...
- Java与C/C++的比较(转)
原文链接:Java和c++比较 总结一下Java的小知识,只是想稍微提醒一下自己这些基础的东西,放在这里,随时可以阅览和添加一下,以免走错了方向. 1.面向对象程序设计 面向对象程序设计语言可以直观的 ...
- Spring(AbstractRoutingDataSource)实现动态数据源切换
转自: http://blog.51cto.com/linhongyu/1615895 一.前言 近期一项目A需实现数据同步到另一项目B数据库中,在不改变B项目的情况下,只好选择项目A中切换数据源,直 ...
- [leetcode]Sqrt(x) @ Python
原题地址:https://oj.leetcode.com/problems/sqrtx/ 题意: Implement int sqrt(int x). Compute and return the s ...