LUN Masking vs. Zoning
Many devices and nodes can be attached to a SAN. When data is stored in a single cloud, or storage entity, it is important to control which hosts have access to specific devices. Zoning controls access from one node to another. Zoning lets you isolate a single server to a group of storage devices or a single storage device, or associate a grouping of multiple servers with one or more storage devices, as might be needed in a server cluster deployment.
Zoning is implemented at the hardware level (by using the capabilities of Fibre Channel switches) and can usually be done either on a port basis (hard zoning) or on a World-Wide Name (WWN) basis (soft zoning). WWNs are 64-bit identifiers for devices or ports. All devices with multiple ports have WWNs for each port, which provides more detailed management. Because of their length, WWNs are expressed in hexadecimal numbers, similarly to MAC addresses on network adapters. Zoning is configured on a per-target and initiator basis. Consequently, if you need to attach multiple nonclustered nodes to the same storage port, you must also use LUN masking.
LUN masking, performed at the storage controller level, allows you to define relationships between LUNs and individual servers. Storage controllers usually provide the means for creating LUN-level access controls that allow access to a given LUN by one or more hosts. By providing this access control at the storage controller, the controller itself enforces access policies to the devices. LUN masking provides more detailed security than zoning, because LUNs provide a means for sharing storage at the port level.
When properly implemented, LUN masking fully isolates servers and storage from events such as resets. This is critical for preventing the problems previously noted. It is important to thoroughly test your design and implementation of LUN masking, especially if you use LUN masking in server clusters.