This article can also be found in the Premium Editorial Download "Storage magazine: Is it time for SAN/NAS convergence?."
Download it now to read this article plus other related content.
|What's port binding?|
Convenience over security
Considering the increase security implications, why do people use soft zoning? Simply put, most SAN implementations to date have prioritized convenience over security. The following quote from the "Brocade Zoning Implementation Strategies" document says it all. According to the Brocade Zoning User Guide (Version 2.2 for the SilkWork 2800), port-based zoning, "provides good security in the fabric but requires reliable processes to prevent incorrect devices from being attached to the wrong ports. You should normally avoid this form of zoning unless you have rigidly enforced processes for port and device allocation in the fabric."
In other words, port-based zoning increases your security, but it makes moves, adds and changes more difficult. With WWN-based zoning, you can move a server to any port on any switch, and not worry about a thing. With port-based zoning, you would need to add the new port to the zone and subtract the old port from the zone. Yes, it's more work. It's always more work to have decent security, and it's also easier not to back up your data.
Remember, if you care about security, forget everything you've been taught about how to create zones. Yes, I know that many SAN instructors tell you to use WWN-based zoning because it's a lot easier to use than port-based zoning. But if you want security in your SAN, don't use WWNs to specify the members of your zones, and don't use soft zoning. The former is spoofable, and the latter is laughable.
This was first published in September 2003