1. Field of the Invention
This invention is related to the field of storage management and, more particularly, to software used in storage management.
2. Description of the Related Art
In the past, large organizations relied heavily on parallel SCSI technology to provide the performance required for their enterprise data storage needs. More recently, organizations are recognizing that the restrictions imposed by SCSI architecture are too costly for SCSI to continue as a viable solution. Such restrictions include the following:                SCSI disk arrays must be located no more than 25 meters from the host server;        The parallel SCSI bus is susceptible to data errors resulting from slight timing discrepancies or improper port termination; and        SCSI array servicing frequently requires downtime for every disk in the array.        
One solution has been to create technology that enables storage arrays to reside directly on the network, where disk accesses may be made directly rather than through the server's SCSI connection. This network-attached storage (NAS) model eliminates SCSI's restrictive cable distance, signal timing, and termination requirements. However, it adds a significant load to the network, which frequently is already starved for bandwidth. Gigabit Ethernet technology only alleviates this bottleneck for the short term, so a more elegant solution is desirable.
The storage area network (SAN) model places storage on its own dedicated network, removing data storage from both the server-to-disk SCSI bus and the main user network. This dedicated network most commonly uses Fibre Channel technology, a versatile, high-speed transport. The SAN includes one or more hosts that provide a point of interface with LAN users, as well as (in the case of large SANs) one or more fabric switches, SAN hubs and other devices to accommodate a large number of storage devices. The hardware (e.g. fabric switches, hubs, bridges, routers, cables, etc.) that connects workstations and servers to storage devices in a SAN is referred to as a “fabric.” The SAN fabric may enable server-to-storage device connectivity through Fibre Channel switching technology to a wide range of servers and storage devices. The versatility of the SAN model enables organizations to perform tasks that were previously difficult to implement, such as LAN-free and server-free tape backup, storage leasing, and full-motion video services.
The flexible connectivity capabilities of the SAN storage model may pose security risks. Fabric zoning helps alleviate that risk by providing a method of controlling access between objects on the SAN. A zone is a set of objects within a SAN fabric that can access one another. By creating and managing zones, the administrator or other user may control host access to storage resources. An administrator or other user may create and manage zones of SAN objects, including zones of heterogeneous components. Zones and their member objects may be defined, for example, in zoning tables within the switches on the SAN fabric. When zoning is implemented on a SAN fabric, the switches consult the zoning table to determine whether one object is permitted to communicate with another object, and restrict access between them unless they share a common membership in at least one zone. Fabric zoning occurs at the level of individual nodes or ports attached to the SAN fabric. There may be no industry-wide standard for zoning, and thus different vendors' switches may implement switch zoning in different ways. In one embodiment, a SAN management system such as the one described below may include one or more tools and/or utilities for creating and managing zones including heterogeneous SAN objects.
Zones cannot be nested, and typically, there is no hierarchical organization within a zone. Zone aliases are logical entities that do not have a WWN. Zone aliases are a grouping mechanism for SAN objects. Any SAN object that can be added to a zone may also be added to a zone alias, and then the zone alias may be added to a zone. Instead of having to place everything together in a zone, zone aliases allow a user to group objects within a zone to partition the zone into logical subgroups. Zone aliases allow levels of subgroups within zones, as zone aliases can be added to zones. Zone alias does not do access control. When a zone alias is added to a zone, the access control is performed.
SAN administrators use zoning to control access to storage. Switch vendors may provide software with their switches that allow users to manage switches. Zoning is one of the primary operations. Switch vendor software may allow a user to create zones and add objects with WWNs to zones, for example, ports on an HBA card, ports on a switch ports on an enclosure, or nodes on an HBA card. Depending on a switch's capabilities, switch ports, objects with WWNs, and zone aliases may be zoned. Zoning these objects effectively controls access for the high-level objects on the SAN such as HBAs, hosts and arrays.
Zoning may be performed using hardware zoning and/or software zoning. Hardware zoning includes soft zoning and hard zoning. Soft zoning, also called advisory zoning, may be enforced simply by filtering the visibility of SAN objects on the SAN so that a SAN object can only see other SAN objects that share at least one zone membership with the SAN object. In hard zoning, a Fibre Channel switch may actively block access to zone members from any SAN objects outside the zone. This may be performed at the level of ports on the switches. Hard zoning may also be referred to as switch port zoning. Software zoning may be implemented through software (e.g., Simple Name Server (SNS)) in a fabric switch. Software zoning may use World Wide Node Names and/or World Wide Port Names to define members of zones.
A SAN object added to a zone via a WWN using one of these hardware or software zoning methods may be considered conventionally, or physically, zoned. Similarly, SAN objects added to zone aliases may be considered conventionally or physically zoned in the zone alias. SAN objects may also be considered logically zoned in zones and/or zone aliases, as opposed to physically zoned, by virtue of some relationship it has with one or more other physically zoned SAN objects. A low-level SAN object (e.g., a LUN) may, for example, be a logical member of a zone or zone alias if another low-level SAN object (e.g. an array port) to which it is connected (or bound, in the case of a LUN) is a physical member of the zone or zone alias. A high-level SAN object (e.g. an HBA or a host) may, for example, be a logical member in a zone if a low-level SAN object (e.g. a port on the HBA) associated with the high-level SAN object is a physical or logical member of the zone. Similarly, a high-level SAN object may, for example, be a logical member of a zone alias if a low-level SAN object associated with the high-level SAN object is a physical member of the zone alias. Further, a SAN object may be a logical member of a zone through physical or logical membership in a zone alias.
Determining logical zone membership of SAN objects is complex and may require customization for each SAN object. Switch vendor software may provide mechanisms to display a switch's zoning table, but this software typically only provides information about the particular switches the vendor supplies, and does not typically provide much if any zoning information about other low-level SAN objects or logical zoning information, such as logical zone membership information for high-level SAN objects.