Zoning enforcement, Software-enforced zoning, Hardware-enforced zoning – HP StorageWorks 2.128 SAN Director Switch User Manual
Page 181
Fabric OS 5.x administrator guide 181
Zoning enforcement
Software-enforced and hardware-enforced zoning are supported.
Software-enforced zoning
Zoning enables users to restrict access to devices in a fabric. Software-enforced zoning prevents hosts
from discovering unauthorized target devices, while hardware-enforced zoning prevents a host from
accessing a device it is not authorized to access.
Software-enforced zoning:
•
Is also called soft zoning, Name Server zoning, fabric-based zoning, session-based zoning, or
hardware-assisted zoning.
•
Is available on 1-Gbit/sec, 2-Gbit/sec, and 4-Gbit/sec platforms.
•
Prevents hosts from discovering unauthorized target devices.
•
Ensures that the Name Server does not return any information to an unauthorized initiator in response
to a Name Server query.
•
Is always active whenever a zone configuration is in effect.
•
Does not prohibit access to the device. If an initiator has knowledge of the network address of a target
device, it does not need to query the Name Server to access it, which could lead to undesired access
to a target device by unauthorized hosts.
•
Is exclusively enforced through selective information presented to end nodes through the fabric SNS.
When an initiator queries the Name Server for accessible devices in the fabric, the Name Server
returns only those devices that are in the same zone as the initiator. Devices that are not part of the
zone are not returned as accessible devices.
Hardware-enforced zoning
Hardware-enforced zoning is specified without using the mixed-zoning scheme (mixed zones contain
domains, ports and WWNs as zone members). HP StorageWorks switches augment software-enforced
zoning with hardware enforcement. The exact methodology varies on different switch models.
Hardware-enforced zoning (also called hard zoning):
•
Prevents a host from accessing a device it is not authorized to access.
•
Checks each frame before it is delivered to a zone member and discards it if there is a zone
mismatch. When hardware-enforced zoning is active, the switch monitors the communications and
blocks any frames that do not comply with the effective zone configuration. The switch performs this
blocking at the transmit side of the port on which the destination device is located.
•
Is enforced at the ASIC level. Each ASIC maintains a list of source port IDs that have permission to
access any of the ports on that ASIC.
Fabric OS uses hardware-enforced zoning (on a per-zone basis) whenever the fabric membership or zone
configuration changes.
shows the various HP StorageWorks switch models, the hardware zoning methodology for each,
and tips for best usage.