Cisco Cisco MDS 9000 SAN-OS Software Release 2.1 Hoja De Datos
© 2004 Cisco Systems, Inc. All right reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com
Page 3 of 11
Zoning
Zoning provides access control for devices within a SAN. SAN-OS supports the following types of zoning:
•
N_Port zoning—Defines zone members based on the end-device (hosts and storage) port
–
Worldwide Name
–
Fibre Channel Identifier (FC-ID)
•
Fx_Port zoning—Defines zone members based on the switch port
–
Worldwide Name
–
Worldwide Name + Interface Index, or Domain ID + Interface index
–
Domain ID + port number (for Brocade interoperability)
•
iSCSI zoning—Defines zone members based on the host’s zone
–
iSCSI name
–
IP address
•
Logical unit number (LUN) zoning—When combined with N-Port zoning, LUN zoning helps ensure LUNs are accessible only by specific
hosts, providing a single point of control for managing heterogeneous storage-subsystem access.
•
Read-only zones—An attribute can be set to restrict I/O operations in any zone type to SCSI read-only commands. This feature is especially
useful for sharing volumes across servers for backup, data warehousing, etc.
•
Broadcast zones—An attribute can also be set for any zone type to restrict broadcast frames to members of the specific zone.
To provide strict network security, zoning is always enforced per frame using access control lists (ACLs) that are applied at the ingress switch.
All zoning polices are enforced in hardware and do not cause performance degradation. Enhanced zoning session-management capabilities
further enhance security by allowing only one user to modify zones at a time.
Additional Network Security Features
Additional network security features include the following:
•
Fabric wide, role-based authentication, authorization, and accounting (AAA) services using RADIUS and TACACS+
•
Secure Shell (SSH) Protocol Version 2 and SNMPv3 for authentication, data integrity, and confidentiality of management traffic
•
Secure FTP (SFTP) for protecting file transfers
•
Advanced Encryption Standard (AES), Message Digest 5 (MD5), and Secure Hash Algorithm (SHA 1) for secure authentication and
management
•
IP ACLs for management access
AVAILABILITY
The SAN-OS provides resilient software architecture for mission-critical hardware deployments.
Nondisruptive Software Upgrades
SAN-OS provides nondisruptive software upgrades for director-class products with redundant hardware and minimally disruptive upgrades for
the fabric switches that do not have redundant supervisor engine hardware.