This paper describes and clarifies Zoning, a security feature in Storage
Area Network (SAN) fabrics. By understanding the terminology and
implementing Zoning best practices, a Brocade®
SAN fabric can be
easily secured and scaled while maintaining maximum uptime.
The following topics are discussed:
• Zoning defined and LUN security in the fabric
• Identifying hosts and storage members of a zone
• How do SAN switches enforce Zoning?
• Avoiding Zoning terminology confusion
• Approaches to Zoning, how to group hosts and storage in zones
• Brocade Zoning recommendations and summary
What is Zoning?
Zoning is a fabric-based service in Storage Area Networks that groups host and storage nodes
that need to communicate. Zoning creates a situation in which nodes can communicate with
each other only if they are members of the same zone. Nodes can be members of multiple
zones--—allowing for a great deal of flexibility when you implement a SAN using Zoning.
Zoning not only prevents a host from unauthorized access of storage assets, but it also stops
undesired host-to-host communication and fabric-wide Registered State Change Notification
(RSCN) disruptions. RSCNs are managed by the fabric Name Server and notify end devices of
events in the fabric, such as a storage node or a switch going offline. Brocade isolates these
notifications to only the zones that require the update, so nodes that are unaffected by the
fabric change do not receive the RSCN. This is important for non-disruptive fabric operations,
because RSCNs have the potential to disrupt storage traffic. When this disruption was more
common, that is, with older Host Bus Adapter (HBA) drivers, RSCNs gained an undeserved
negative reputation. However, since that time most HBA vendors have addressed the issues.
When nodes are zoned into small, granular groupings, the occurrences of disruptive RSCNs
are virtually eliminated. See a discussion of single HBA zoning in the section of this paper
entitled, “Approaches to Zoning.”