SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSNS zoning



    [ stuff about iSNS zoning deleted ] 
    
    > iSNS as currently defined is only a repository of information of the so 
    > called zones. It has no way to prevent an authorised rogue iSCSI initiator
    
    > from setting up a TCP connection with an iSCSI target. The best place to 
    > implement security and access control is the iSCSI target itself. 
    > 
    There are two types of zoning that current FC switches implement. One is
    hard zoning and the other is soft zoning. First generation Brocade switches
    implemented soft zoning which simply hides things in the name server. There
    is nothing preventing a rogue device from communicating with an un-zoned
    target. Current generation switches implement hard zoning which is typically
    a port-to-port kind of security. I'm actually not sure if a Brocade switch
    can do hard/port zoning across switches (i.e. zoneCreate "0,0 ; 1,4").
    Anyone know?
    
    In any event, iSNS can hide things in the name server just like a soft zoned
    fabric. Any level of hardware-based zoning would require a clever
    "implementation" (there's that word again ;-> ) of an iFCP gateway.
    
    I must admit, it is a bit difficult to discern where a specification ends
    and an "implementation" begins.
    
    Anyway, I hope this helps. 
    
    > -JP 
    > 
    -Wayland 
    


Home

Last updated: Tue Sep 04 01:06:03 2001
6315 messages in chronological order