1, first introduce what is the HBA.
Here the HBA, the full name FC HBA, that is, fibre Channel Host bus Adapter. In a FC network, a host (such as a server) needs to connect to a FC network, FC storage device (such as a SAN), using an interface card, just as Ethernet cards are required to connect to Ethernet. This interface card is called FC HBA, referred to as HBA
Like the MAC address of the Ethernet card, there is a unique identity on the HBA, which is the WWN (World Wide Name). There are two types of WWN on the HBA:
Node WWN (WWNN): Each HBA has its own unique node WWN
Port WWN (WWPN): Each port on the HBA card has its own unique port WWN. Because communication is done through port, in most cases it is necessary to use WWPN instead of WWNN.
The WWN is 8bytes in length and is separated by a colon in 16-binary notation. For example: 50:06:04:81:d6:f3:45:42
2, the implementation of SAN data security methods
The two basic security mechanisms for securing SAN data are partitioned zoning and logical cell values (Logical unit number) masks.
Zoning is a method of partitioning. With this approach, certain storage resources are visible only to those users and departments that are authorized to do so. A partition can consist of multiple servers, storage devices, subsystems, switches, HBAs, and other computers. Only members in the same partition can communicate with each other.
Zoning systems are often implemented at the exchange level. According to the implementation method, can be divided into two modes, one is hard partition, the other is a soft partition. A hard partition is a partitioning policy based on a switch port. All attempts to communicate through an unauthorized port are prohibited. Because the hard partition is implemented in the system circuit and executed in the System routing table, it has better security than the soft partition.
In a Fibre Channel network, a soft partition is based on a wide-area naming mechanism (WWN). A WWN is a unique identifier assigned to a fiber-optic device in the network. Because soft partitioning is software to ensure that the same wwns does not occur in different partitions, soft partitioning is more flexible than hard partitioning, especially in applications where network configuration is constantly changing.
Some switches have port binding capabilities to restrict network devices from being able to communicate only with predefined exchange ports. With this technology, access to storage pools can be limited to protect sans from unauthorized users.
Another technique that is widely used is the LUN mask. A LUN is a SCSI identification flag for a logical unit within a target device, such as a tape and a disk array. In the Fibre Channel domain, LUNs are implemented on a system-by-wwn basis.
LUN masking technology is to assign LUNs to host servers, which can only see the LUNs assigned to them. If there are many servers trying to access specific devices, network administrators can set specific LUNs or LUN groups to access, thereby denying access to other servers and protecting data security. Various forms of LUN masking technology can be implemented not only on the host, but also on HBAs, storage controllers, disk arrays, and switches.
Network security data security will be very effective if zoning and LUN technology can be applied to the network and its devices together with other security mechanisms.
3. Can wwn be associated with LUNs?
Associating the World Common name (WWN) with a logical unit ordinal in a disk array is a way to implement data security in a SAN. Each HBA connected to the SAN in your server has a WWN.
In a single disk array, you can assign a WWN to a specific LUN, so that even if the partition is not implemented in the San organization, only a specific HBA can access a particular LUN, which is often called LUN masking.
This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/database/storage/