It is not clear from the question as to what server functionality is assumed in the "SAN Server."
Typically, there is an application server that may access the FC SAN through an HBA. For that server, the access and management of the server and the HBA must be secured to prevent unauthorized access into the SAN.
For the server that is managing the SAN sever, there are some key security risks. Management access into the SAN has the potential of providing back door entrance for attacks into the SANs. The security requirements here are to implement strong authentication of the administrator (or the management application in the server). The management traffic between the management server and the SAN must be encrypted and signed to prevent unauthorized activities on the traffic.
This is a short answer to a very broad question.
Editor's note: Do you agree with this expert's response? If you have more to share, post it in one of our .bphAaR2qhqA^0@/searchstorage>discussion forums.
This was first published in April 2002