Overview
Note
Designing zoning can be a complex task, especially for multiswitch fabrics.
Refer to your managed product vendor's professional services organization
before configuring zoning.
The fabric zoning feature enables you to partition devices attached to managed Fibre
Channel products into groups called zones. A zone is comprised of devices that can access
each other through port-to-port connections. Devices in the same zone can recognize and
communicate with each other; devices in different zones cannot.
System administrators create zones to increase security measures and prevent data loss or
corruption by controlling access between devices (such as servers and data storage units),
or between separate user groups (such as engineering or human resources). Zoning allows
an administrator to:
•
Establish barriers between devices that use different operating systems. For example,
it is often critical to separate servers and storage devices with different operating
systems because accidental transfer of information from one to another can delete or
corrupt data. Zoning prevents this by grouping devices that use the same operating
systems into zones.
•
Create logical subsets of closed user groups. Administrators can authorize access rights
to specific zones for specific user groups, thereby protecting confidential data from
unauthorized access.
•
Create groups of devices that are separate from devices in the rest of a fabric. Zoning
allows certain processes (such as maintenance or testing) to be performed on devices
in one group without interrupting devices in other groups.
•
Allow temporary access between devices for specific purposes. Administrators can
remove zoning restrictions temporarily (for example, to perform nightly data backup),
then restore zoning restrictions to perform normal processes.
54
Overview