Home     Blog

SAN Zoning

SAN zoning is a method of arranging Fibre Channel devices into logical groups over the physical configuration of the fabric.

SAN zoning may be utilized to implement compartmentalization of data for security purposes.

Each device in a SAN may be placed into multiple zones.

Hard and Soft Zoning

Hard zoning is zoning which is implemented in hardware. Soft zoning is zoning which is implemented in software.

Hard zoning physically blocks access to a zone from any device outside of the zone.

Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are still accessible if the user in another zone correctly guesses the fibre channel address.
SAN Zoning SAN Zoning

WWN Zoning

WWN zoning uses name servers in the switches to either allow or block access to particular World Wide Names (WWNs) in the fabric.

A major advantage of WWN zoning is the ability to recable the fabric without having to redo the zone information.

WWN zoning is susceptible to unauthorized access, as the zone can be bypassed if an attacker is able to spoof the World Wide Name of an authorized HBA.

Port Zoning

Port zoning utilizes physical ports to define security zones. A users access to data is determined by what physical port he or she is connected to.

With port zoning, zone information must be updated every time a user changes switch ports. In addition, port zoning does not allow zones to overlap.

Port zoning is normally implemented using hard zoning, but could also be implemented using soft zoning.

VN:F [1.9.17_1161]
Rating: 9.0/10 (1 vote cast)
SAN Zoning, 9.0 out of 10 based on 1 rating
Follow Will.Spencer on

Leave a Reply

Related Posts

  • Fibre Channel

    Fibre Channel is a set of standards for connecting storage devices in a fabric network. The Fibre Channel standard identifies a protocol and a collection of physical interfaces for managing computer peripheral components. This standard’s key purpose is managing large numbers of storage devices. Fibre Channel uses serial interfaces working at symbol rates from 133MB/s [...]...


  • FAIS (Fabric Application Interface Standard)

    FAIS (Fabric Application Interface Standard), is a project of the ANSI/INCITS T11.5 task group. The purpose of FAIS is to define a common Application Programming Interface (API) framework for implementing storage applications in a storage networking environment. FAIS was proposed in T11/03-305v2: Project Proposal For A New INCITS Standard Fabric Application Interface Standard (FAIS). A [...]...


  • How to Open TCP Ports in Windows

    Opening TCP ports in Windows may be necessary for certain applications to run correctly. Each application may require a specific port to operate on. While a computer can and does open ports on its own, it may have to be done manually in certain situations. Here is a simple procedure. Step 1. Launch Windows and [...]...


  • How Bullet Proof Vests Work

    Also known as body armors, there are different types of bullet proof vests. The most common is the soft vest usually used by the police force and private security; it cannot stop ammunition of big caliber. Hard-plate reinforced vests are necessary when heavy ammunition is involved; they are used as part of the default equipment [...]...