Understanding zoning, Controlling access across a fabric – HP StorageWorks 2.64 Director Switch User Manual
Page 82
Configuring Zones
82
Embedded Web Server User Guide
Understanding Zoning
Designing zoning can be a complex task, especially for multiswitch fabrics.
Consult with your managed product vendor’s professional services organization
before configuring zoning.
This section is designed to help you understand the following concepts so that you
can more efficiently use Embedded Web Server features to configure and manage
zones across a multiswitch fabric:
■
Benefits of zoning.
■
How zoning works to control access to storage devices and servers across a
fabric.
■
Other methods of controlling access at the switch and at the server and device,
such as binding.
■
Merging zoned fabrics.
■
Basic terms and concepts of zoning that you must understand when
configuring zoning.
Controlling Access Across a Fabric
Embedded Web Server zoning features enable you to establish zoning across a
fabric of devices attached to switches and directors by partitioning these devices
into groups called zones. A zone consists of devices that can access each other
through port-to-port connections. Devices in the same zone can recognize and
communicate with each other; devices in different zones cannot.
System administrators create zones to increase security and prevent data loss or
corruption by controlling access between devices (such as servers and data storage
units), or between separate user groups (such as engineering or human resources).
Zoning allows an administrator to:
■
Establish barriers between devices that use different operating systems. For
example, it is often critical to separate servers and storage devices with
different operating systems because accidental transfer of information from
one to another can delete or corrupt data. Zoning prevents this by grouping
devices that use the same operating systems into zones.
■
Create logical subsets of closed user groups. Administrators can authorize
access rights to specific zones for specific user groups, thereby protecting
confidential data from unauthorized access.