SAN Zoning Methods
By: Craig Borysowich
Version: Draft 1.0
While zoning a SAN provides a number of advantages in storage administration and security, there are several ways to do it with different benefits and drawbacks. In addition to zoning at the device level or LUN level, there is also hard, soft and persistent zoning.
As the name implies, soft zoning is the most permissive. This is also called name server zoning because it is done using a name server databases in the SAN director. Since the database can contain both port numbers and WWN numbers and translates between them, administrators can shift devices among ports without changing the zoning configuration. One problem with soft zoning is that some HBAs (Host Bus Adapters) won't cooperate with soft zoning.
Hard zoning uses a routing table, also located in the director, which assigns devices to zones only by WWN. This is more limited since it doesn't take the port number into consideration, which makes it harder to shift devices between ports.
Persistent binding is implemented in the HBAs rather than the director. Configuring a logical route across the network fabric in each adapter does it. This ties the HBA to a particular LUN. While the administrator can more easily specify storage resources in a multi-host fabric, persistent binding decreases address space and increases network complexity.
The last 25 years has seen a dramatic shift in computer network configurations. The highly centralized, mainframe-based computing mode (see Fig.1) has given way to the decentralized client/server design (see Fig. 2) commonly found in today's data centers. Taking a page from both configurations, the relatively new Storage Area Network (SAN) is essentially a hybrid of the two models. Technological advances like symmetric multi-process, fault-tolerant multi-processors with fail-over, and clustering govern and make an effective SAN possible.
SANs often consist of several types of servers running different operating systems. This enables users from a wide variety of platforms to access common storage information. But because of the inherent bandwidth considerations, not to mention corruption and security concerns, network performance cannot be maximized until resources are allocated.
Zoning is one method of resource allocation.
Zoning is a logical separation of traffic between host and resources. By breaking up a network into zones, processing activity is distributed evenly across a network so that no single device is overwhelmed. This 'load balancing' is especially important for networks where it's difficult to predict the number of requests that will be issued to a server.
Similar to an O/S File System, zoning often employs directories and folders to organize and allot hard drive space. This is what ensures that each user (or group) has his or her own dedicated space reserved on the file server.
Zoning enables servers to more efficiently run a network, yet there are many other advantages:
· Data Integrity -- Many SANs contain more than one operating system. If left unchecked, servers with conflicting operating systems would be able to write to each other's native file system, inviting data corruption.
· Security -- Employee salaries should not be universally accessed, but everyone should have access to a company activities calendar. Securing sensitive data is just smart business.
· Shorter boot-up -- By narrowing the device discovery process to a particular zone, boot-up time is minimized.
So how does one go about zoning a SAN? Depending on a host of factors, including network size, company need, and a variety of storage devices, zoning can occur either at the target-level, or LUN-level.
As computer networks expand and their user bases grow, the need for timely access to information grows with it. Information once accessed through a central file server is now being accessed by multiple servers, which are often running a variety of operating systems and applications. This sub-network of shared storage devices comprises a SAN. These servers share access to the storage devices (disks and tapes) where the data ultimately resides. The advantage of a SAN is that shared storage resources can be accessed directly by the server needing the data, thus reducing system response time, freeing up additional bandwidth, and improving overall network efficiency. (See Fig. 3)
Target-Level Zoning is an effective high-level resource allocation method. Because configuration information resides in the switch itself, it need not be reconfigured when a host or adapter is changed. New adapter cards can therefore 'see' only the devices within its allotted zone during the device discovery process. A major disadvantage is its zoning limitations. Because TLZ can only allocate network usage at the 'cabinet-level' (e.g. RAID boxes, etc.), spatial considerations arise. For example, if a user needs an additional 100MB of space to save his or her work, access to an additional disk may be the answer. Under TLZ, that user will be assigned an entire disk array...a potential waste of a large resource.
First of all, what is a LUN? LUN stands for Logical Unit Number. A LUN refers to the individual piece in the storage system that is being accessed. Each disk in an array, for example, has a LUN. Disk partitions may also be assigned a LUN.
LUN-Level Zoning, which can take place either at the host or target controller (e.g. RAID controller) level, enables system administrators to further narrow the access zones of network users. For example, instead of granting User A access to RAID array A and User B access to RAID array B, LUN-Level Zoning can further narrow and integrate user access. User A may have access to disks 1-3, with User B being awarded disks 4-6, all within the same RAID box. (See Fig. 4)
In addition to the obvious security benefits, the big advantage of LUN-Level Zoning is flexibility. By zoning at the host adapter level, devices on the network are pre-configured during system boot, allowing for the seamless change or addition of network peripherals (hot LUN-sparing, or hot-plugging), while allowing for cross-platform support. The disadvantage of LUN-Level Zoning is that it has typically been implemented at the driver level, enabling a new host to 'see' the entire network, increasing boot-up time and tempting possible data corruption.
LUN-Level Zoning is an enhancement to Target-Level Zoning. A complex SAN should use both Target-Level and LUN-Level Zoning. After all, servers are broken up according to operating systems and tasks, and this is typically a target-level function. LUN-Level Zoning simply adds a second, more detailed level to the hierarchy. In smaller networks, LUN-Level Zoning can even take the place of Target-Level Zoning. For instance, if a switch without zoning capability is purchased for a network, LLZ can replace the switch function. The cost in switches alone merits a serious look at LLZ.