Client zoning

This topic provides the considerations for setting up zones for the clients and the LUNs in the user storage pools.

When a file is created or modified from a SAN File System client, user data is stored in user storage pools that are made up of volumes (or LUNs). Each SAN File System client needs access to all volumes that comprise the user storage pool where data from a fileset that can be accessed by that client will be stored. There are two ways to zone SAN File System clients: uniform and non-uniform.

Uniform zone configuration

In a uniform zone configuration, you create a single zone in which all clients have access to all SAN File System volumes. The following figure show an example of a uniform zone configuration.


This illustration shows an exmple of a uniform client zoning configuration.
The advantages of a uniform zone configuration are:
  • Simplifies the management of policies, filesets, and user storage pools because all clients can access all volumes.
The disadvantages of a uniform zone configuration are:
  • Any client could potentially access sensitive data unless file-permission semantics are used to control access at a file level.

Non-uniform zone configuration

In a non-uniform zone configuration, you create multiple zones in which clients have access to only the volumes that they will actually need. The following figure show an example of a non-uniform zone configuration.


This illustration shows an exmple of a non-uniform client zoning configuration.

You must ensure that all clients in a non-uniform zone configuration can access all of the volumes in any user storage pool that can be used by filesets in use by that client. If a client tries to read or write data on a volume that it cannot access, SAN File System will return an I/O error. File system operations that involve only metadata, such as changing the current directory or listing files, will not receive an I/O error because those functions do not require access to the user storage pool.

These are the advantages of a non-uniform zone configuration:
  • Provides another layer of security for sensitive data by configuring LUNs to be accessed only by those clients that need to see that data.
  • Avoids configuring clients across multiple vendor storage subsystems simultaneously.
  • Allows great scaling because not all of the volumes must be seen by all of the clients.
These are the disadvantages of a non-uniform zone configuration:
  • Complicates the management of policies, filesets, and user storage pools because you must ensure that the clients can access all of the volumes through the active policy.

Considerations

These are considerations for planning your client zones:
  • The clients need access only to the user storage pools that they use. They must not have access to the system storage pool. Configure the client zones to encompass only those LUNs associated with the user storage pools.
  • All clients can access all storage subsystems that are attached to SAN File System, unless you use zoning to limit the clients' access to specific devices or LUNs. This enables data sharing among heterogeneous clients.
  • Ensure that the storage subsystem you are using allows you to mask a single LUN to different operating system types.
  • LUNs should be masked in such a way that only the clients that are intended to use that LUN have access.
  • With DS4000 (FAStT), a specific client platform can only be defined to one "host group" so they cannot be masked to access more than one user storage pool.
  • All volumes in a storage pool need to be accessible by all the clients that will use that storage pool.
  • All system storage pool volumes must be seen by all metadata servers and only by metadata servers.
  • SAN File System volumes must be masked or zoned so that access by non-SAN File System clients or application servers is denied.

Parent topic: How do I set up zones in SAN File System?

Related reference
Metadata server zoning

Related information
Storage access worksheet

Library | Support | Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.
IBM TotalStorage SAN File System v2.2