Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentOL-12518-01
41424344454647484950
© IBM Copyright, 2012 Version: January 26, 2012
www.ibm.com/support/techdocs 43
Summary of Best Practices for Storage Area Networks
10 Solution-centric
There are a number of best practice items that deserve some amount of coverage
which do not readily lend themselves to one of the previous topic headings. Thus, this
section is called solution-centric and not miscellaneous since these items can have an
impact of overall SAN operations.
10.1 Security
Security has always been a major concern for networked systems administrators
and users. Even for specialized networked infrastructures, such as SANs, special
care has to be taken so that information does not get corrupted, either accidentally
or deliberately, or fall into the wrong hands. And, we also need to make sure that at
a fabric level the correct security is in place, for example, to make sure that a user
does not inadvertently change the configuration incorrectly.
The SAN and its resources may be shared by many users and many departments.
The SAN may be shared by different operating systems that have differing ideas as
to who owns what storage. To protect the privacy and safeguard the storage, SAN
vendors came up with a segmentation tool, zoning, to overcome this. The fabric
itself would enforce the separation of data so that only those users intended to have
access could communicate with the data they were supposed to.
Zoning, however, does not provide security by itself. For example, if data is being
transmitted over a link it would be possible to “sniff” the link with an analyzer and
steal the data. This is a vulnerability that becomes even more evident when the data
itself has to travel outside of the data center, and over long distances. This will often
involve transmission over networks that are owned by different carriers.
One approach to securing storage devices from hosts wishing to take over already
assigned resources is logical unit number (LUN) masking. Every storage device
offers its resources to the hosts by means of LUNs. For example, each partition in
the storage server has its own LUN. If the host (server) wants to access the
storage, it needs to request access to the LUN in the storage device. The purpose
of LUN masking is to control access to the LUNs. The storage device itself accepts
or rejects access requests from different hosts. The user defines which hosts can