|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSNS zoning[ stuff about iSNS zoning deleted ] > iSNS as currently defined is only a repository of information of the so > called zones. It has no way to prevent an authorised rogue iSCSI initiator > from setting up a TCP connection with an iSCSI target. The best place to > implement security and access control is the iSCSI target itself. > There are two types of zoning that current FC switches implement. One is hard zoning and the other is soft zoning. First generation Brocade switches implemented soft zoning which simply hides things in the name server. There is nothing preventing a rogue device from communicating with an un-zoned target. Current generation switches implement hard zoning which is typically a port-to-port kind of security. I'm actually not sure if a Brocade switch can do hard/port zoning across switches (i.e. zoneCreate "0,0 ; 1,4"). Anyone know? In any event, iSNS can hide things in the name server just like a soft zoned fabric. Any level of hardware-based zoning would require a clever "implementation" (there's that word again ;-> ) of an iFCP gateway. I must admit, it is a bit difficult to discern where a specification ends and an "implementation" begins. Anyway, I hope this helps. > -JP > -Wayland
Home Last updated: Tue Sep 04 01:06:03 2001 6315 messages in chronological order |