SAN Zoning Methods

What are hard and soft zoning?

Hard zoning is zoning which is implemented in hardware. Soft zoning is zoning which is implemented in software.

Hard zoning physically blocks access to a zone from any device outside of the zone.

Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are still accessible if the user in another zone correctly guesses the fibre channel address.


While zoning a SAN provides a number of advantages in storage administration and security, there are several ways to do it with different benefits and drawbacks. In addition to zoning at the device level or LUN level, there is also hard, soft and persistent zoning.


As the name implies, soft zoning is the most permissive. This is also called name server zoning because it is done using a name server databases in the SAN director. Since the database can contain both port numbers and WWN numbers and translates between them, administrators can shift devices among ports without changing the zoning configuration. One problem with soft zoning is that some HBAs (Host Bus Adapters) won't cooperate with soft zoning.


Hard zoning uses a routing table, also located in the director, which assigns devices to zones only by WWN. This is more limited since it doesn't take the port number into consideration, which makes it harder to shift devices between ports.


Persistent binding is implemented in the HBAs rather than the director. Configuring a logical route across the network fabric in each adapter does it. This ties the HBA to a particular LUN. While the administrator can more easily specify storage resources in a multi-host fabric, persistent binding decreases address space and increases network complexity.



Target-Level Zoning


Target-Level Zoning is an effective high-level resource allocation method. Because configuration information resides in the switch itself, it need not be reconfigured when a host or adapter is changed. New adapter cards can therefore 'see' only the devices within its allotted zone during the device discovery process. A major disadvantage is its zoning limitations. Because TLZ can only allocate network usage at the 'cabinet-level' (e.g. RAID boxes, etc.), spatial considerations arise. For example, if a user needs an additional 100MB of space to save his or her work, access to an additional disk may be the answer. Under TLZ, that user will be assigned an entire disk array...a potential waste of a large resource.


LUN-Level Zoning


First of all, what is a LUN? LUN stands for Logical Unit Number. A LUN refers to the individual piece in the storage system that is being accessed. Each disk in an array, for example, has a LUN. Disk partitions may also be assigned a LUN.

LUN-Level Zoning, which can take place either at the host or target controller (e.g. RAID controller) level, enables system administrators to further narrow the access zones of network users. For example, instead of granting User A access to RAID array A and User B access to RAID array B, LUN-Level Zoning can further narrow and integrate user access. User A may have access to disks 1-3, with User B being awarded disks 4-6, all within the same RAID box. (See Fig. 4)


In addition to the obvious security benefits, the big advantage of LUN-Level Zoning is flexibility. By zoning at the host adapter level, devices on the network are pre-configured during system boot, allowing for the seamless change or addition of network peripherals (hot LUN-sparing, or hot-plugging), while allowing for cross-platform support. The disadvantage of LUN-Level Zoning is that it has typically been implemented at the driver level, enabling a new host to 'see' the entire network, increasing boot-up time and tempting possible data corruption.


LUN-Level Zoning is an enhancement to Target-Level Zoning. A complex SAN should use both Target-Level and LUN-Level Zoning. After all, servers are broken up according to operating systems and tasks, and this is typically a target-level function. LUN-Level Zoning simply adds a second, more detailed level to the hierarchy. In smaller networks, LUN-Level Zoning can even take the place of Target-Level Zoning. For instance, if a switch without zoning capability is purchased for a network, LLZ can replace the switch function. The cost in switches alone merits a serious look at LLZ.





Follow Us
Follow us on Twitter Follow Us On Orkut Google Groups Follow us on LinkedinFollow us on Youtube Follow us on Facebook



About Us | Site Map | Privacy Policy | Contact Us | Disclaimer

Best Viewed on 1024*768 Resolution