A storage area network (SAN) can be defined as a dedicated fibre channel network of interconnected storage devices and servers (more generally known as nodes), which offers any-to-any communication, i.e., any two nodes can communicate with each other. Accordingly, communication is possible between any storage device and any server, thus allowing multiple servers to access the same storage device independently. Furthermore, some storage devices may directly communicate with each other, enabling back up and replication of stored data to take place without impacting server performance.
A fibre channel network is a scalable data network for connecting heterogeneous systems (e.g., super computers, mainframes, and work stations) and peripherals (e.g., disk array storage devices, and tape libraries). Fibre channel enables almost limitless numbers of devices to be interconnected, and supports speeds of up to five times the current protocols and distances of up to 10 kilometers between system and peripheral device. However, fibre channel is not a secure protocol.
Fibre channel networks generally control access to data according to logical unit numbers (LUNs), which are allocated to portions of the data storage capacity in the SAN. For example, a LUN can be assigned to multiple disks in an array device, or to a single tape, or to a portion of a hard disk. Each LUN appears to an operating system (OS) as a logical device.
A World Wide Name (WWN) is a permanent identifier, which can be used to uniquely identify any system or peripheral, or any port belonging to a system or peripheral. In a fibre channel network, a host can be granted authorization to access a certain LUN by associating a WWN of the host (or of a port of the host) with the LUN. However, because of the any-to-any communication nature of the fibre channel network, an unauthorized host may be able to gain access to a LUN by stealing the identity, i.e., spoofing the WWN, of a host authorized for that LUN.