Specifications
DATA CENTER BEST PRACTICES
SAN Design and Best Practices 64 of 84
Zoning recommendations include the following:
•Always enable zoning.
•Create zones with only one initiator (shown in Figure 42) and target, if possible.
•Dene zones using device WWPNs (World Wide Port Names).
•Default zoning should be set to No Access.
•Use FA-WWN if supported by Brocade FOS (v7.0 or later) and Brocade HBA driver (3.0 or later).
•Delete all FA-PWWNs (Fabric-Assigned Port World Wide Names) from the switch whose conguration is being
replaced before you upload or download a modied conguration.
•Follow vendor guidelines for preventing the generation of duplicate WWNs in a virtual environment.
fig39_SAN_Design
Hub
Loop 1
Red
Zone
Server 1
Server 3
Server 2
RAID
Green
Zone
Blue
Zone
Loop 2
JBOD
Fibre
Channel
Fabric
Figure 42. Example of single initiator zones.
Role-Based Access Controls (RBACs)
One way to provide limited accessibility to the fabric is through user roles. Brocade FOS has predened user
roles, each of which has access to a subset of the CLI commands. These are known as Role-Based Access
Controls (RBAC), and they are associated with the user login credentials.
Access Control Lists (ACLs)
Access Control Lists are used to provide network security via policy sets. Brocade FOS provides several ACL
policies including a Switch Connection Control (SCC) policy, a Device Connection Control (DCC) policy, a Fabric
Conguration Server (FCS) policy, an IP Filter, and others. The following subsections briey describe each
policy and provide basic guidelines. A more in-depth discussion of ACLs can be found in the Brocade Fabric OS
Administrator’s Guide.
SCC Policy
The SCC policy restricts the fabric elements (FC switches) that can join the fabric. Only switches specied in the
policy are allowed to join the fabric. All other switches will fail authentication if they attempt to connect to the
fabric, resulting in the respective E_Ports being segmented due to the security violation.