1. Field of the Invention
The present application relates generally to an improved data processing system and method. More specifically, the present application is directed to a system and method for zoning of devices, such as serial attached SCSI (SAS) devices, for example, in a storage area network (SAN) based on logical unit number (LUN) masking/mapping.
2. Background of the Invention
Storage area networks, or SANs, consist of multiple storage devices connected by one or more fabrics. Storage devices can be of two types: host systems that access data, and storage subsystems that are providers of data. Zoning is a network-layer access control mechanism that dictates which storage subsystems are visible to which host systems. This access control mechanism is useful in scenarios where the storage area network is shared across multiple administrative or functional domains. Such scenarios are common in large installations of storage area networks, such as those found in storage service providers.
The current approach to zoning storage area networks is typically manual and involves correlating information from multiple sources to achieve the desired results. For example, if a system administrator wants to put multiple storage devices in one zone, the system administrator has to identify all the ports belonging to the storage devices, verify the fabric connectivity of these storage devices to determine the intermediate switch ports and input all this assembled information into the zone configuration utility provided by the fabric manufacturer. This manual process is very error-prone because storage device or switch ports are identified by a 48-byte hexadecimal notation that is not easy to remember or manipulate. Furthermore, the system administrator has to also do a manual translation of any zoning policy to determine the number of zones as well as the assignment of storage devices to zones.
Recently a new approach to zoning of Fibre Channel architecture based storage area networks has been devised in which automatic zoning of storage area networks (SANS) is performed based on system administrator defined policies. This mechanism is described in commonly assigned U.S. Patent Application Publication No. 2005/0091353 entitled “System and Method for Autonomically Zoning Storage Area Networks Based on Policy Requirements.” With this mechanism, in a measurement phase of operation, configuration data and connectivity topology data is periodically collected from each of the devices in the SAN using software agents which are placed in every switch and host device in the SAN. The collected data is analyzed to determine relationships between the devices in the SAN. The information obtained from such an analysis is converted into a graph structure where each node is either a switch port or a storage device port. A zone plan is then generated based on the graph structure and system administrator established zoning policies. The generated zone plan is then provided to a system administrator for approval and, if approved, the zone plan is implemented in the SAN by programming the zoning plan onto individual switches included within the SAN.
One emerging technology that is being used more prevalently with storage area networks is Serial Attached SCSI (SAS) communication protocol technology. SAS is a computer bus technology primarily designed for transfer of data to and from devices such as hard drives, CD-ROM drives, tape storage devices, and the like. Traditionally, SAS is a serial communication protocol for direct attached storage (DAS) devices. Recently, however, the protocol has been extended to include storage area network support. It is designed for the corporate and enterprise market as a replacement for parallel SCSI, allowing for much higher speed data transfers than previously available, and is backwards-compatible with SATA drives. Though SAS uses serial communication instead of the parallel method found in traditional SCSI devices, it still uses SCSI commands for interacting with SAS end devices.
SAS zoning in a storage area network is particularly difficult. Typically, the SAS zoning is a two step mapping where each individual port, or “phy,” is assigned to a zone group and then, as a subsequent step, each zone group is mapped to each of the host systems. SAS zoning is increasingly being targeted at users or customers that do not necessarily have storage area network knowledge or skills and thus, do not have the necessary background to perform the manual zoning of SAS based storage area networks. Thus, these users or customers require tools to help make the zoning of the storage area network easier.
However, SAS poses some unique zoning challenges that are not present in more conventional Fibre Channel architecture based SANs. For example, in Fibre Channel, defining a zone configuration is simply a matter of grouping ports into a “zone” such that all ports in the “zone” can see each other. SAS zoning, on the other hand, is a two-step process. It requires the user to group ports into a zone group but then a separate step is required for access. Another complexity is the limit on the number of zone groups that can be defined. The current limit is 128 but is moving up to 256. This means that certain techniques like assigning each initiator port to its own zone (a technique common in Fibre Channel zoning) will not work in larger SAS SANs. Another example of complexity is the manner in which SAS zoning boundaries (ZSPDS) are defined. For SAS, access to devices beyond the SAS domain zoning boundary is defined and allowed. Thus, it is a complex task to understand and comply with the rules for access in SAS SANs. For Fibre Channel, the zone graph ends at the zoning boundary, i.e. there is absolutely no access beyond that boundary.
Another emerging aspect of SAS that makes it more complex is that it resides inside and outside the server or blade system chassis. The SAS topology is not simply a graph of external nodes as in Fibre Channel. It is more hierarchical, with a mixture of internal and external nodes. Thus, any SAS zoning mechanism will have to accommodate the different rules for the portions of the SAS SAN within the server or blade system chassis and the portions that are external to the server or blade system chassis. Thus, Fibre Channel zoning mechanisms typically make use of a single, monolithic graph for managing the Fibre Channel based SAN. Such an approach cannot be applied to SAS SANs due to the various complexities mentioned above.
SAS zoning manages the physical connections hosts make to storage. Access management is controlled through logical unit number (LUN) mapping and masking. A logical unit number is an address for an individual logical disk drive. The term LUN is used in the SCSI protocol as a way to differentiate individual logical disk drives within a common SCSI target device like a disk array. The term has become common in storage area networks (SAN). Today, LUNs are normally not entire disk drives but rather virtual volumes. Thus, a particular storage subsystem may have hundreds, or perhaps more, LUNs. Thus, storage may have several levels of granularity from the chassis level to the blade level to the storage subsystem level to the disk drive level to the logical volume level.
Logical unit number masking is an authorization process that makes a LUN available to some hosts and unavailable to other hosts. LUN masking is mainly implemented not as a security measure per se, but rather as protection against misbehaving servers from corrupting disks belonging to other servers. For example, Windows® servers attached to a SAN may under some conditions corrupt non-Windows® volumes on the SAN by attempting to write Windows® volume labels to them. By hiding the other LUNs from the Windows® server, this can be prevented, since the Windows® server does not even realize the other LUNs exist. “WINDOWS” is a trademark of Microsoft Corporation in the United States, other countries, or both.
Thus, an administrator may configure a SAN with two distinct steps: zoning for the physical connections between hosts and storage and LUN masking/mapping for access control at the storage manager.