HP Surestore 64 Planning Guide - Page 86

Server-level access control is called persistent binding. Persistent binding uses configuration information stored on the server, and is implemented through the server's HBA driver. The process binds a server device name to a specific Fibre Channel storage volume or logical unit number (LUN), through a specific HBA and storage port WWN. For persistent binding: • Each server HBA is explicitly bound to a storage volume or LUN, and access is explicitly authorized (access is blocked by default). • The process is compatible with OSI standards. The following are transparently supported: - Different operating systems and applications. - Different storage volume managers and file systems. - Different fabric devices, including disk drives, tape drives, and tape libraries. • If the server is rebooted, the server-to-storage connection is automatically reestablished. • The connection is bound to a storage port WWN. If the fiber-optic cable is disconnected from the storage port, the server-to-storage connection is automatically re-established when the port cable is reconnected. The connection is automatically re-established if the storage port is cabled through a different director port. Access control can also be implemented at the storage device as an addition or enhancement to redundant array of independent disks (RAID) controller software. Data access is controlled within the storage device, and server HBA access to each LUN is explicitly limited (access is blocked by default). Storage-level access control: • Provides control at the storage port and LUN level, and does not require configuration at the server. • Supports a heterogeneous server environment and multiple server paths to the storage device. • Is typically proprietary and protects only a specific vendor's storage devices. Storagelevel access control may not be available for many legacy devices. 72 Security Provisions