FW V06.XX/HAFM SW V08.02.00 HP StorageWorks SAN High Availability Planning Guide (AA-RS2DD-TE, July 2004)
Table Of Contents
- SAN HA Planning Guide
- Contents
- About this Guide
- Introduction to HP Fibre Channel Products
- Product Management
- Planning Considerations for Fibre Channel Topologies
- Fibre Channel Topologies
- Planning for Point-to-Point Connectivity
- Characteristics of Arbitrated Loop Operation
- Planning for Private Arbitrated Loop Connectivity
- Planning for Fabric-Attached Loop Connectivity
- Planning for Multi-Switch Fabric Support
- Fabric Topologies
- Planning a Fibre Channel Fabric Topology
- Fabric Topology Design Considerations
- FICON Cascading
- Physical Planning Considerations
- Port Connectivity and Fiber-Optic Cabling
- HAFM Appliance, LAN, and Remote Access Support
- Inband Management Access (Optional)
- Security Provisions
- Optional Features
- Configuration Planning Tasks
- Task 1: Prepare a Site Plan
- Task 2: Plan Fibre Channel Cable Routing
- Task 3: Consider Interoperability with Fabric Elements and End Devices
- Task 4: Plan Console Management Support
- Task 5: Plan Ethernet Access
- Task 6: Plan Network Addresses
- Task 7: Plan SNMP Support (Optional)
- Task 8: Plan E-Mail Notification (Optional)
- Task 9: Establish Product and HAFM Appliance Security Measures
- Task 10: Plan Phone Connections
- Task 11: Diagram the Planned Configuration
- Task 12: Assign Port Names and Nicknames
- Task 13: Complete the Planning Worksheet
- Task 14: Plan AC Power
- Task 15: Plan a Multi-Switch Fabric (Optional)
- Task 16: Plan Zone Sets for Multiple Products (Optional)
- Index
Physical Planning Considerations
159SAN High Availability Planning Guide
Server and Storage-Level Access Control
To enhance the access barriers and network security provided by zoning through
the director or switch, security measures for SANs should also be implemented at
servers and storage devices.
Server-level access control is called persistent binding. Persistent binding uses
configuration information stored on the server and is implemented through the
server’s HBA driver. The process binds a server device name to a specific Fibre
Channel storage volume or logical unit number (LUN) through a specific HBA
and storage port WWN.
For persistent binding:
■ Each server HBA is explicitly bound to a storage volume or LUN and access
is explicitly authorized (access is blocked by default).
■ The process is compatible with OSI standards. The following are
transparently supported:
— Different operating systems and applications.
— Different storage volume managers and file systems.
— Different fabric devices, including disk drives, tape drives, and tape
libraries.
■ If the server is rebooted, the server-to-storage connection is automatically
re-established.
■ The connection is bound to a storage port WWN. If the fiber-optic cable is
disconnected from the storage port, the server-to-storage connection is
automatically re-established when the port cable is reconnected. The
connection is also automatically re-established if the storage port is cabled
through a different director or switch port.
Access control can also be implemented at the storage device as an addition or
enhancement to redundant array of independent disks (RAID) controller software.
Data access is controlled within the storage device, and server HBA access to
each LUN is explicitly limited (access is blocked by default).
Storage-level access control:
■ Provides control at the storage port and LUN level and does not require
configuration at the server.
■ Supports a heterogeneous server environment and multiple server paths to the
storage device.