Zoning enforcement, Software-enforced zoning, Hardware-enforced zoning – HP Brocade 4Gb SAN Switch for HP BladeSystem p-Class User Manual
Page 127
Fabric OS 5.0.0 procedures user guide 127
•
Saved Configuration, which is a copy of the defined configuration plus the name of the effective
configuration, which is saved in flash memory by the
cfgSave
command. (You can also use the
configupload
command to provide a backup of the zoning configuration and the
configdownload
command to restore the zoning configuration.) There might be differences between
the saved configuration and the defined configuration if the system administrator has modified any of
the zone definitions and has not saved the configuration.
•
Disabled Configuration, which is the effective configuration is removed from flash memory.
On power-up, the switch automatically reloads the saved configuration. If a configuration was active
when it was saved, the same configuration is reinstated with an autorun of the
cfgEnable
command.
You can establish a zone by identifying zone objects using one or more of the following zoning schemes:
•
Domain, port number level. All members are specified by
domain ID
,
port number
, or
domain,
area number
pair or aliases, described in ”
•
World Wide Name (WWN) level. All members are specified only by WWNs or aliases of WWNs.
Members can be node or port versions of the WWN.
•
Mixed zoning. A zone containing members specified by a combination of domain, port number,
and/or domain, area number and WWN.
Zoning enforcement
Software-enforced and hardware-enforced zoning are supported.
Software-enforced zoning
Software-enforced zoning limits access to data by segmenting a fabric into virtual private SANs.
Software-enforced zoning prevents hosts from discovering unauthorized target devices, while
hardware-enforced zoning prevents a host from accessing a device it is not authorized to access.
Software-enforced zoning:
•
Is also called soft zoning, Name Server zoning, fabric-based zoning, or session-based zoning.
•
Is available on 1-Gbps, 2-Gbps, and 4-Gbps platforms.
•
Prevents hosts from discovering unauthorized target devices.
•
Ensures that the Name Server does not return any information to an unauthorized initiator in response
to a Name Server query.
•
Is always active whenever a zone configuration is in effect.
•
Does not prohibit access to the device. If an initiator has knowledge of the network address of a
target device, it does not need to query the Name Server to access it, which could lead to undesired
access to a target device by unauthorized hosts.
•
Is exclusively enforced through selective information presented to end nodes through the fabric Simple
Name Server (SNS). When an initiator queries the Name Server for accessible devices in the fabric,
the Name Server returns only those devices that are in the same zone as the initiator. Devices that are
not part of the zone are not returned as accessible devices.
Hardware-enforced zoning
Hardware-enforced zoning is specified without using the mixed zoning scheme. HP StorageWorks
switches augment software-enforced zoning with hardware enforcement. The exact methodology varies
on different switch models.
Hardware-enforced zoning (also called hard zoning):
•
Prevents a host from accessing a device it is not authorized to access.