HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.1.x administrator guide (5697 - Page 197

• Disabled Configuration-The effective configuration is removed from flash memory. When you disable the effective configuration, the Advanced Zoning feature is disabled on the fabric, and all devices within the fabric can communicate with all other devices (unless you previously set up a default zone, as described in "Activating default zones" on page 403). This does not mean that the zoning database is deleted, however, only that there is no configuration active in the fabric. On power-up, the switch automatically reloads the saved configuration. If a configuration was active when it was saved, the same configuration is reinstated on the local switch with an autorun of the cfgEnable command. Zoning enforcement Zoning enforcement describes a set of predefined rules that the switch uses to determine where to send incoming data. There are two methods of enforcement: software-enforced and hardware-enforced zoning. Zoning enables you to restrict access to devices in a fabric. Software-enforced zoning prevents hosts from discovering unauthorized target devices, while hardware-enforced zoning prevents a host from accessing a device it is not authorized to access. Software-enforced zoning Software-enforced zoning is used for any mixed zone (a zone with both WWN and domain,port members). Software-enforced zoning: • Is also called "soft zoning," "name server zoning," "fabric-based zoning," or "session-based zoning." • Is available on 1, 2, 4, 8 and 10 Gbps platforms. • Prevents hosts from discovering unauthorized target devices. • Ensures that the name server does not return any information to an unauthorized initiator in response to a name server query. • Does not prohibit access to the device. If an initiator has knowledge of the network address of a target device, it does not need to query the name server to access it, which could lead to undesired access to a target device by unauthorized hosts. • Is exclusively enforced through selective information presented to end nodes through the fabric Simple Name Server (SNS). When an initiator queries the name server for accessible devices in the fabric, the name server returns only those devices that are in the same zone as the initiator. Devices that are not part of the zone are not returned as accessible devices. Hardware-enforced zoning Hardware-enforced zoning means that each frame is checked by hardware (the ASIC) before it is delivered to a zone member and is discarded if there is a zone mismatch. When hardware-enforced zoning is active, the Fabric OS switch monitors the communications and blocks any frames that do not comply with the effective zone configuration. The switch performs this blocking at the transmit side of the port on which the destination device is located. Hardware-enforced zoning is in effect when all of the members of a zone are identified the same way, either using WWNs or domain,port notation. If a zone does not have either all WWN or all domain,port entries, then software-enforced zoning is in effect. For overlapping zones (in which zone members appear in two or more zones), hardware-enforced zoning is in effect as long as the overlapping zones have either all WWN or all domain,port entries. Hardware-enforced zoning: • Is also called hard zoning or ASIC-enforced zoning. • Prevents a host from discovering unauthorized target devices. • Prevents a host from accessing a device it is not authorized to access. • Is enforced at the ASIC level. Each ASIC maintains a list of source port IDs that have permission to access any of the ports on that ASIC. Fabric OS 6.1.x administrator guide 197