Lun masking explained zoning and masking terms are often confused by those who just started working with san. Automating and simplifying san provisioning for qlogic enhanced. Ibm san what is lun masking solutions experts exchange. Vmware esx server can be used in conjunction with a san storage area. San zoning may be utilized to implement compartmentalization of data for security purposes. Even though lun masking is no longer an option in 1. Lun masking if a target is an array or nas appliance with iscsi support, many hosts may be initiating against it. San zoning is a method of arranging fibre channel devices into logical groups over the physical configuration of the fabric. Usually lun masking is configured at san device to hide luns from hosts hbas but esxi allows you to hide luns to be displayed although luns are. The main purpose of lun masking is preventing access to luns from some specific hosts, a way of protection against data loss. The video is an excerpt from my introduction to san and nas storage training. Lun mapping lun masking file srm aging analysis consumption policy actions. Us8122225b2 lun maskingmapping in a sriov enabled sas. Lun masking lun masking is the process of masking or hiding luns from hosts that shouldnt see them or have access to them.
Storage zoning vs lun masking online computer tips. Some of the embodiments disclosed are systems and methods of configuring an access masking structure which include, but are not limited to, selecting at least one computer to participate in an access restriction set, selecting at least one storage unit to participate in the access restriction set, disabling all nonselected computers, disabling all nonselected storage units and placing. Fibre channel san part 2 zoning and lun masking video tutorial. Find answers to ibm san what is lun masking from the expert community at experts exchange. Storage area network san technology offers it departments the ability to connect. The lun mappingmasking defines which host ports see which storage ports. Masking and zoning san resources you can use zoning and lun masking to segregate san activity and restrict access to storage devices. Allocate a lun maskingmapping in assign luns to hosts, device manager, hcs, lun operations allocating a lun its the process where you present a carved lun to a host or to more hosts if you have a cluster for example. The iov adapter includes one or more virtual functions vf, a physical function pf. Host mapping is similar in concept to logical unit number lun mapping or. Lun masking implemented at this level is vulnerable to any attack that compromises the hba.
Fibre channel san part 2 zoning and lun masking flackbox. Logical unit number masking or lun masking is an authorization process that makes a logical. When a mapping is created, multiple paths might exist across the san fabric or. Masking and zoning are two common practices with lun storage that affect lun access. You can prevent the host from accessing storage devices or luns or from using individual paths to a lun. Once the zoning is done, we can further lock down access to the storage by setting up lun logical unit number masking on the storage device. Each aggregate in the cluster is assessed to determine currently available free iops performance capacity. In this san and nas storage training tutorial, i cover fibre channel security through the use of zoning and lun masking. Logical unit number masking or lun masking is an authorization process that makes a logical unit number available to some hosts and unavailable to other hosts lun masking is a level of security that makes a lun available to only selected hosts and unavailable to all others. Introduction to storage area networks july 2006 international technical support organization sg24547003. You can protect access to storage in your vsphere environment by using zoning and lun masking with your san resources. As a result, deploying a server in a fibre channel fc san often takes many days or weeks. Lun masking is performed at the sp or server level. A logical unit number or lun is a logical reference to entire physical disk, or a subset of a larger physical disk or disk volume or portion of a storage subsystem.
Fibre channel san part 2 zoning, lun masking and fabric login video tutorial. I have tried to explain it in as much as detail as a video for a newbie should have. This post will be an extension of the vcap6dcv objective 2. This kind of security is done on the san level and is based on the host hba, i. Lun masking is an authorization process that makes a lun available to some hosts and unavailable to other hosts.
In effect, it presents a virtual storage system to each host. As a feature of storage virtualization sv, lun masking has numerous customer benefits such as security and configurable lun. Lun masking the process of configuring software in san nodes to determine which hosts have access to exported drives volumes. Zoning, lun masking, and nport id virtualization npiv all help you to keep your hosts and vms from getting into resources they shouldnt be able to access.
Lun masking is the way to present disks to hosts from the san side. Join neil anderson for an indepth discussion in this video fibre channel, part 2. Lun masking is a further constraint added to zoning, subdividing access to the port so that only luns authorized. Lun masking is implemented primarily at the hba host bus adapater level. Masking and zoning san resources you can use zoning and. Using these approaches in a vendorrecommended way ensures that a given lun can be accessed only by a single host, as identified by the world wide names wwn of its hbas. Lun masking is an integral part of host lun presentation along with lun mapping.
Lun mapping and masking remain a very timeconsuming, manual process for many. Some storage controllers are also compatible with lun masking. Lun logical unit number masking is an authorization process that makes a lun available to some hosts and unavailable to other hosts. The array is configured with three slices which would mean three luns. Pluggable storage architecture to perform certain storage related tasks. Here we are talking about san storage zonings overview. A storage area network san or storage network is a computer network which provides access to consolidated, blocklevel data storage. Lun mapping the process of creating a disk resource and defining its external access paths by using a lun. Hi, i have an apple xserve raid with 7x750gb drives. Automating and simplifying san provisioning for qlogic. Us20070033566a1 storage management unit to configure. For example, windows servers attached to a san may under some.
A lun can be use to create a datastore from the storage option under the configuration tab or do a. The san would prevent certain devices from seeing a specific lun that it is hosting. The current approach to zoning storage area networks is typically manual. But it takes 5 minutes googling to understand that the main difference is that zoning is configured on a san switch on a port basis or wwn and masking is a storage feature with lun granularity. Zoning differences and the usage scenario from the expert community at experts exchange. Lun masking is mainly implemented at the host bus adapter hba level. Sans are primarily used to enhance accessibility of storage devices, such as disk arrays and tape libraries, to servers so that the devices appear to the operating system as locallyattached devices. Understand and apply lun masking using psarelated commands.
Zoning of devices in a storage area network with lun masking. Lun mapping determines which luns are available in a front end port, lun masking determines which hosts can see which luns. San administrators must typically wait until the physical server arrives on site in order to obtain the port fabric preprovisioning enables servers to be quickly and easily deployed, replaced, and moved across the san. For example, you might manage zones e for testing independently within the san so they do not interfere with activity.
Lun storage can improve virtual machine performance. The array lun masking configuration must be updated to give the host permission to access the required disks. Lun masking is a further constraint added to lun zoning to ensure that only devices authorized to access a specific server can access the corresponding port. All initiators listed in a particular igroup that is mapped to a particular lun now have access to that lun provided all other security procedures are successfully met. Unfortunately, many basic serversan storage area network setup tasks such as fabric zoning, lun mapping and masking remain a very timeconsuming, manual process for many organizations. In a physical fibre channel san environment, lun security is typically accomplished through a combination of lun masking and zoning. Lun masking is implemented primarily at the hba host bus adapter level.
Lun masking is applied primarily at the hba host bus adapter level. Free introduction to san and nas storage training course. The security benefits of lun masking implemented at hbas are limited, since with many hbas it is possible to forge source addresses wwnsmacsips and compromise the access. Security zoning and lun masking, part of introduction to san and nas storage. San administrators must typically wait until the physical server arrives on site in order to obtain the port. The graphics in this manual use the following abbreviations. Glasshouse technologies steve pinder weighs the pros and cons of using lun. A method of controlling access to the targets volumes is necessary, otherwise multiple hosts can discover and try to use the same. Presents a virtual storage system by lun masking, luns are presented only to servers which are authorized to see them. Fibre channel san tutorial part 2 zoning and lun masking new. When deciding how many vms to put on a lun, the size of your infrastructure is an important consideration. For example when a host running windows operating system is connected to san, windows may try to assign volume labels to the luns by writing header information. Get the complete intro to san and nas storage course for free freecourseintroductionsannasstorage visit.
How to connect two routers on one home network using a lan cable stock router netgeartplink duration. Lun masking it is an process that makes a lun available to some hosts and unavailable to other hosts. Click here to get the introduction to san and nas storage course for free. For example, you can assign 20 luns to a front end port, and then allow 1 host to see 10 of them and another host to see the remaining 10. The lun masking setup will determine which wwn host bus adapter will be able to access a virtual disk or sets of virtual disks vdisks. If the storage doesnt allow visibility of the lun to a particular host then it doesnt even exist as far as the host is concerned. I will go though lun masking at esxi server in this blog. In the below example, consider we have client a, client b a. This is significant as windowsbased servers attempt to write volume labels to all. The hosts will see luns same has scsi devices to make it simple. A lun table enables logical unit number lun mappingmasking within an inputoutput virtualization iov adapter included in a serial attached small computer system interface sas or serial attached scsi.
389 879 408 320 1626 847 619 863 1424 40 151 1536 1169 898 127 985 1447 1446 684 650 938 1234 483 181 1018 1599 1139 1098 28 1308 1087 108 1245 876 1415 136 291 1094 915 331 4 896 268 359 1037 948 665 368