san fabric zoning

1
Performance Support Storage: SAN Fabric Zoning Transcript The point of our discussion here is fabric zoning. SAN fabric is the Fibre Channel switching infrastructure between the SAN storage systems and the SAN attached host servers. SAN fabric zoning is created and applies at the SAN fabric level in the middle. SAN fabric zoning is effectively the grouping of storage array ports and host server HBA ports, as we can see in the diagram here. In order to gain access to storage from a host to a SAN device, there is more than simply connecting some cables from the server to SAN switches, and that the SAN devices attach to on the other side. From a high level there are other items that need to be taken care of in the way of storage administration. Firstly the storage device needs to have a portion of its storage allocated to the servers. And to do this logical units of storage are created on the storage array. This is what appears to the server as a server disk drive. In the diagram here, inside the storage array on the bottom, you can clearly see that there is disk arrays that have been created, those individual disk arrays are presented to the server. In addition to that, each SAN switch is part of the SAN fabric, which is essentially one or more SAN switches that connect host servers to SAN storage devices and enable communication between them. Many servers and many logical units are typically all interconnected in a SAN and for this among other reason SAN fabrics employ security in order to ensure that only that appropriate hosts are accessing the appropriate storage. And even more importantly, only the appropriate hosts are accessing the correct disks and logical units. Imagine the security concerns and technical issues we would encounter if the SAN fabric simply allowed all connected hosts to see all connected storage devices and all connected logical units all at the same time. So how do you apply security to ensure that access is restricted appropriately? There are unique identifiers assigned to the components of the SAN right down to the HBA storage processor and switch port level. HBA ports on the server side, as well as storage processor ports on the array side, are assigned a World Wide Port Name, or WWPN, which is a globally unique identifier. By using these unique identifiers we're able to exclusively allow access from specific HBA ports on servers to specific SP ports on storage arrays. When we do this the SAN fabric themselves is used to configure the zone. A zone is an implicit grouping of an HBA and an SP port that are allowed to communicate over the fabric. In most cases storage administrators will assign alias names to these HBA and SP ports so that the zoning is made a little bit easier to manage. The zone can consist of one or more HBA port World Wide Names and one or more storage processor port World Wide Names. This zone is what tells the SAN fabric to allow specific HBA ports from servers to communicate to specific SP ports on storage arrays. This has been an overview of SAN zoning. Thanks for watching. 1 © 2013 Skillsoft Ireland Limited

Upload: vamsi-bonam

Post on 14-May-2017

214 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: SAN Fabric Zoning

Performance Support

Storage: SAN Fabric Zoning

TranscriptThe point of our discussion here is fabric zoning. SAN fabric is the Fibre Channel switching infrastructure between the SAN storage systems and the SAN attached host servers. SAN fabric zoning is created and applies at the SAN fabric level in the middle. SAN fabric zoning is effectively the grouping of storage array ports and host server HBA ports, as we can see in the diagram here.

In order to gain access to storage from a host to a SAN device, there is more than simply connecting some cables from the server to SAN switches, and that the SAN devices attach to on the other side. From a high level there are other items that need to be taken care of in the way of storage administration.

Firstly the storage device needs to have a portion of its storage allocated to the servers. And to do this logical units of storage are created on the storage array. This is what appears to the server as a server disk drive. In the diagram here, inside the storage array on the bottom, you can clearly see that there is disk arrays that have been created, those individual disk arrays are presented to the server.

In addition to that, each SAN switch is part of the SAN fabric, which is essentially one or more SAN switches that connect host servers to SAN storage devices and enable communication between them. Many servers and many logical units are typically all interconnected in a SAN and for this among other reason SAN fabrics employ security in order to ensure that only that appropriate hosts are accessing the appropriate storage. And even more importantly, only the appropriate hosts are accessing the correct disks and logical units. Imagine the security concerns and technical issues we would encounter if the SAN fabric simply allowed all connected hosts to see all connected storage devices and all connected logical units all at the same time.

So how do you apply security to ensure that access is restricted appropriately? There are unique identifiers assigned to the components of the SAN right down to the HBA storage processor and switch port level. HBA ports on the server side, as well as storage processor ports on the array side, are assigned a World Wide Port Name, or WWPN, which is a globally unique identifier. By using these unique identifiers we're able to exclusively allow access from specific HBA ports on servers to specific SP ports on storage arrays. When we do this the SAN fabric themselves is used to configure the zone. A zone is an implicit grouping of an HBA and an SP port that are allowed to communicate over the fabric. In most cases storage administrators will assign alias names to these HBA and SP ports so that the zoning is made a little bit easier to manage. The zone can consist of one or more HBA port World Wide Names and one or more storage processor port World Wide Names. This zone is what tells the SAN fabric to allow specific HBA ports from servers to communicate to specific SP ports on storage arrays.

This has been an overview of SAN zoning. Thanks for watching.

1

© 2013 Skillsoft Ireland Limited