HP StorageWorks 16-EL zoning version 2.6.1 user guide - Page 18

Zone Enforcement

Get HP StorageWorks 16-EL - SAN Switch PDF manuals and user guides View all HP StorageWorks 16-EL manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

Using Zoning Hard zones are position-dependent; that is, a device is identified by the physical port to which it is connected. Switch hardware ensures that there is no data transfer between unauthorized zone members. Devices can, however, transfer data between ports within the same zone. Consequently, hard zoning provides the greatest security possible. Use it where security must be rigidly enforced. Soft Zones In a soft zone, at least one zone member is specified by WWN. A device is included in a zone if either the node WWN or port WWN specified matches an entry in the name server table. When a device logs in, it queries the name server for devices within the fabric. If zoning is in effect, only the devices in the same zones are returned. Other devices are hidden from the name server query reply. When a WWN is specified, all ports on the specified device are included in the zone. Soft zones are name server-dependent and therefore provide more flexibility-new devices can be attached without regard to physical location. The switch, however, does not control data transfer, so there is no guarantee against data transfer from unauthorized members. Use soft zoning where flexibility is important and security can be ensured by the cooperating hosts. Broadcast Zone Only one broadcast zone can exist within a fabric. It is named broadcast and it is used to specify those nodes that are to receive broadcast traffic. The broadcast zone is hardware enforced; the switch controls data transfer to a port. Zone Enforcement When zoning is disabled, the fabric is in non-zoning state and devices can access other devices in the fabric. When zoning is enabled, zoning is enforced throughout the fabric and devices can communicate only within their zones. A switch can maintain any number of zone configurations. Only one zone configuration, however, can be enabled (or enforced) at a time. Because multiple configurations reside in the switch, you can change from one configuration to another as events dictate. For example, you can set up a prespecified zone configuration to be enabled at certain times of the day; or, in the event of a disaster, you can quickly enable a defined configuration to implement your disaster policy. 18 HP StorageWorks Zoning Version 2.6.1 User Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
Using Zoning
18
HP StorageWorks Zoning Version 2.6.1 User Guide
Hard zones are position-dependent; that is, a device is identified by the physical
port to which it is connected. Switch hardware ensures that there is no data
transfer between unauthorized zone members. Devices can, however, transfer data
between ports within the same zone. Consequently, hard zoning provides the
greatest security possible. Use it where security must be rigidly enforced.
Soft Zones
In a soft zone, at least one zone member is specified by WWN. A device is
included in a zone if either the node WWN or port WWN specified matches an
entry in the name server table.
When a device logs in, it queries the name server for devices within the fabric. If
zoning is in effect, only the devices in the same zones are returned. Other devices
are hidden from the name server query reply. When a WWN is specified, all ports
on the specified device are included in the zone.
Soft zones are name server-dependent and therefore provide more
flexibility—new devices can be attached without regard to physical location. The
switch, however, does not control data transfer, so there is no guarantee against
data transfer from unauthorized members. Use soft zoning where flexibility is
important and security can be ensured by the cooperating hosts.
Broadcast Zone
Only one broadcast zone can exist within a fabric. It is named
broadcast
and it is
used to specify those nodes that are to receive broadcast traffic. The broadcast
zone is hardware enforced; the switch controls data transfer to a port.
Zone Enforcement
When zoning is
disabled
, the fabric is in non-zoning state and devices can access
other devices in the fabric. When zoning is
enabled
, zoning is enforced
throughout the fabric and devices can communicate only within their zones.
A switch can maintain any number of zone configurations. Only one zone
configuration, however, can be enabled (or enforced) at a time. Because multiple
configurations reside in the switch, you can change from one configuration to
another as events dictate. For example, you can set up a prespecified zone
configuration to be enabled at certain times of the day; or, in the event of a
disaster, you can quickly enable a defined configuration to implement your
disaster policy.