The document provides an overview and summary of fibre channel zoning basics. It discusses what zoning is, why it is needed for access control and isolation, how zoning works through configuration and activation of zone sets and zones, and best practices for connecting switches and ensuring consistency. Key terms like zone set, zone, member, and zone alias are defined.
Osnove: DAS,Trdi disk, SCSI protokol
SAN in NAS
-s protokoli, ki nastopajo v okoljih
-z napravami, katere nastopajo pri izgradnji tako osnovnih in enostavnih, kot tudi kompleksnih okolji
-topologije
Strežniki
Povezljivost
Krmilniki in gonilniki
Diskovna polja
RAID
IOPS (teorija)
Razno
Inter-controller Traffic in ONOS Clusters for SDN Networks Paolo Giaccone
In distributed SDN architectures, the network is controlled by a cluster of multiple controllers. This distributed ap- proach permits to meet the scalability and reliability requirements of large operational networks. Despite that, a logical centralized view of the network state should be guaranteed, enabling the simple development of network applications. Achieving a consis- tent network state requires a consensus protocol, which generates control traffic among the controllers whose timely delivery is crucial for network performance.
We focus on the state-of-art ONOS controller, designed to scale to large networks, based on a cluster of self-coordinating controllers, and concentrate on the inter-controller control traffic. Based on real traffic measurements, we develop a model to quan- tify the traffic exchanged among the controllers, which depends on the topology of the controlled network. This model is useful to design and dimension the control network interconnecting the controllers.
Osnove: DAS,Trdi disk, SCSI protokol
SAN in NAS
-s protokoli, ki nastopajo v okoljih
-z napravami, katere nastopajo pri izgradnji tako osnovnih in enostavnih, kot tudi kompleksnih okolji
-topologije
Strežniki
Povezljivost
Krmilniki in gonilniki
Diskovna polja
RAID
IOPS (teorija)
Razno
Inter-controller Traffic in ONOS Clusters for SDN Networks Paolo Giaccone
In distributed SDN architectures, the network is controlled by a cluster of multiple controllers. This distributed ap- proach permits to meet the scalability and reliability requirements of large operational networks. Despite that, a logical centralized view of the network state should be guaranteed, enabling the simple development of network applications. Achieving a consis- tent network state requires a consensus protocol, which generates control traffic among the controllers whose timely delivery is crucial for network performance.
We focus on the state-of-art ONOS controller, designed to scale to large networks, based on a cluster of self-coordinating controllers, and concentrate on the inter-controller control traffic. Based on real traffic measurements, we develop a model to quan- tify the traffic exchanged among the controllers, which depends on the topology of the controlled network. This model is useful to design and dimension the control network interconnecting the controllers.
NetSim (http://www.tetcos.com/) Best Network Simulator , provide wireless sensor network Based IEEE 802.15.4 Standard
follow this link for more Details
http://www.tetcos.com/
Learn from the best of Industry Trainers .11 Full CCIE DC Racks based in New Jersey USA and Bangalore India .Call us or emails us rack@networkershome.com or info@networkershome.com
Globecom 2015: Adaptive Raptor Carousel for 802.11Andrew Nix
These slides describe an adaptive raptor carousel for multicast transmission over 802.11. This work was presented by Berna Bulut at Globecom 2015, San Diego.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
NetSim (http://www.tetcos.com/) Best Network Simulator , provide wireless sensor network Based IEEE 802.15.4 Standard
follow this link for more Details
http://www.tetcos.com/
Learn from the best of Industry Trainers .11 Full CCIE DC Racks based in New Jersey USA and Bangalore India .Call us or emails us rack@networkershome.com or info@networkershome.com
Globecom 2015: Adaptive Raptor Carousel for 802.11Andrew Nix
These slides describe an adaptive raptor carousel for multicast transmission over 802.11. This work was presented by Berna Bulut at Globecom 2015, San Diego.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Future Visions: Predictions to Guide and Time Tech Innovation, Peter Udo DiehlPeter Udo Diehl
I'm excited to share my latest predictions on how AI, robotics, and other technological advancements will reshape industries in the coming years. The slides explore the exponential growth of computational power, the future of AI and robotics, and their profound impact on various sectors.
Why this matters:
The success of new products and investments hinges on precise timing and foresight into emerging categories. This deck equips founders, VCs, and industry leaders with insights to align future products with upcoming tech developments. These insights enhance the ability to forecast industry trends, improve market timing, and predict competitor actions.
Highlights:
▪ Exponential Growth in Compute: How $1000 will soon buy the computational power of a human brain
▪ Scaling of AI Models: The journey towards beyond human-scale models and intelligent edge computing
▪ Transformative Technologies: From advanced robotics and brain interfaces to automated healthcare and beyond
▪ Future of Work: How automation will redefine jobs and economic structures by 2040
With so many predictions presented here, some will inevitably be wrong or mistimed, especially with potential external disruptions. For instance, a conflict in Taiwan could severely impact global semiconductor production, affecting compute costs and related advancements. Nonetheless, these slides are intended to guide intuition on future technological trends.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
UiPath New York Community Day in-person eventDianaGray10
UiPath Community Day is a unique gathering designed to foster collaboration, learning, and networking with automation enthusiasts. Whether you're an automation developer, business analyst, IT professional, solution architect, CoE lead, practitioner or a student/educator excited about the prospects of artificial intelligence and automation technologies in the United States, then the UiPath Community Day is definitely the place you want to be.
Join UiPath leaders, experts from the industry, and the amazing community members and let's connect over expert sessions, demos and use cases around AI in automation as we highlight our technology with a special speaker on Document Understanding.
📌Agenda
3:00 PM Registrations
3:30 PM Welcome note and Introductions | Corina Gheonea (Senior Director of Global UiPath Community)
4:00 PM Introduction to Document Understanding
How to build and deploy Document Understanding process
Where would Document Understanding be used.
Demo
Q&A
4:45 PM Customer/Partner showcase
Accelirate
Intro to Accelirate and history with UiPath
Why are we excited about the new AI features of UiPath?
Customer highlight
a. Document Understanding – BJs Case Study
b. Document Understanding + generative AI
5.30 PM Networking
The infamous Mallox is the digital Robin Hoods of our time, except they steal from everyone and give to themselves. Since mid-2021, they've been playing hide and seek with unsecured Microsoft SQL servers, encrypting data, and then graciously offering to give it back for a modest Bitcoin donation.
Mallox decided to go shopping for new malware toys, adding the Remcos RAT, BatCloak, and a sprinkle of Metasploit to their collection. They're now playing a game of "Catch me if you can" with antivirus software, using their FUD obfuscator packers to turn their ransomware into the digital equivalent of a ninja.
-------
This document provides a analysis of the Target Company ransomware group, also known as Smallpox, which has been rapidly evolving since its first identification in June 2021.
The analysis delves into various aspects of the group's operations, including its distinctive practice of appending targeted organizations' names to encrypted files, the evolution of its encryption algorithms, and its tactics for establishing persistence and evading defenses.
The insights gained from this analysis are crucial for informing defense strategies and enhancing preparedness against such evolving cyber threats.
3. About the FCIA
• The Fibre Channel Industry Association (FCIA) is a mutual benefit,
non-profit, international organization of manufacturers, system
integrators, developers, vendors, and industry professionals, and
end users
– Promotes the advancement of Fibre Channel technologies and products that
conform to the existing and emerging T11 standards.
– Maintains resources and supports activities to ensure multi-vendor
interoperability for hardware, interconnection, and protocol solutions.
– Promotion and marketing of FC solutions, educational awareness
campaigns, hosting public interoperability demonstrations, and fostering
technology and standards conformance.
3
h"ps://fibrechannel.org/
4. Agenda
• What is Zoning?
– Why is it needed?
• How does Zoning work?
– Configuration, activation flow, etc.
• Connecting Switches via ISLs
– What happens when switches connect?
• What are the best practices?
• Latest advances in Zoning
– The introduction of Peer Zones
• Summary
5. INCITS/T11
• International Committee for Information
Technology Standards
• T11 is the INCITS standard containing
Fibre Channel
• Various specification exist
– FC-PI – Physical Interface
– FC-FS – Framing and Signaling
– FC-LS – Link Services
– FC-GS – Generic Services
– FC-SW – Switch Fabric
– Etc…
• Zoning is defined in FC-GS and FC-SW
standards
• Material for this presentation taken from in
FC-GS and FC-SW
6. What is Zoning?
• Zoning allows specific groups of devices
to communicate with each other
– Kind of like a mini-VPN (Virtual
Private Network)
• Individual zones limit communication
between the devices that “care” about
each other
– A “Default” zone or no zone allows
every device to communicate with
every other device
– This may be permitted or denied
• In Fibre Channel switches, the “Fabric
Zone Server” controls zoning
Fibre Channel Fabric
Source: Erik Smith, EMC
7. • Zone Set
– A collection of zones
• Active Zone Set
– The Zone Set currently enforced by the Fabric.
• Zone
– A “container” with members representing end devices
• Member – Two contexts:
– In a zoneset a member is a zone
– In a zone a member represents an end device or group of end devices
• Zone Alias
– a name that represents one or more FC devices
Terminology
What is Zoning?
8. What is Zoning?
• Default Zone
– Contains all devices not a member of any zone in
the active zone set
– This group of devices may be permitted to
communicate or denied
• Basic Zoning Mode
– Zoning changes done w/o fabric wide lock.
– Lock obtained once changes sent to fabric
– Less efficient zone data structure
• Enhanced Zoning Mode
– All zoning changes occur only after a fabric wide
lock is obtained. Ends with a commit of changes.
– More efficient zone data structure
Terminology – c o n t i n u e d …
9. What is Zoning?
• Zoning Database - A database containing all:
– zonesets (active or not)
– zones
– FC alias
– Attributes
• RSCN – Registered State Change Notification
– Message sent by switch to end device notifying it that a
device it is zoned with has either entered or left the fabric
– Only sent when end device registers
• SCR – State Change Registration
– Request sent from end device to switch requesting RSCNs
Terminology – c o n t i n u e d …
12. Zone Member Types
• PWWNs (WWPN) – Port WW name
• Switch/domain-id + physical port/interface
• N_Port_ID (FCID)
• NWWN - Node WW Name
• FC Alias
– Contains one or more zone member types
• Other vendor specific types are allowed
What is Zoning?
13. Why is zoning needed?
• Access Control Security (only devices in a
zone can communicate)
• Device/Group Isolation:
– Less device chatter (fewer discovery queries,
PLOGIs)
– Fewer RSCNs
• If default-zone deny is configured (or
defaulted) then devices will not be able to
communicate without zoning
What is Zoning?
14. The Different Types of Zoning
Soft Zoning
• The Fabric enforces the Zoning configuration
through Name Server (FCNS) visibility
Hard Zoning
• The Fabric enforces the Zoning configuration
by frame-by-frame filtering
• Normally both Hard and Soft zoning are
both in effect
What is Zoning?
15. The Different Types of Zoning
GPN_FT (SCSI FCP)
Zone1
Member host1
Member Target1
Zone2
Member host3
Member Target1
Zone3
Member host2
Member Target2
ACC (GPN_FT)
(Host1, Host3)
1 - FCNS receives
GPN_FT
2 - FCNS checks FCNS
DB for SCSI FCP devices
3 - FCNS filters by zone
where Target1 is a
member
4 - FCNS returns
response
Target1
Zoneset
So8 Zoning
FCNS only returns informaXon for zoned
desXnaXons!
What is Zoning?
16. The Different Types of Zoning
Zone1
Member host1
Member Target1
Zone2
Member host3
Member Target1
Zone3
Member host2
Member Target2
Target1
Zoneset
Hard Zoning
Host1 Host2 Host3
PLOGI (target1)
Frames dropped to unzoned desXnaXons!
What is Zoning?
17. How does Zoning work?
• Zoning Configuration Flow
• Zoneset Activation Flow
• Results of Zoning
18. How does Zoning work?
5 (or 6) Steps
1. Create zoneset or use existing zoneset
2. Create zone using new name
3. Add members to zone
4. Add zone to zoneset
5. Activate zoneset
6. If enhanced mode then commit changes
(may be implicit)
Zoning Configuration Flow
19. How does Zoning work?
1. ACA - Acquire Change Authorization Request
– Locks the fabric
– Sent to all switches in fabric
2. SFC - Stage Fabric Configuration Update Request
– Zoning data is sent to all switches
3. UFC Update Fabric Configuration Request
– Once all switches acknowledge SFCs, update zone info
4. RCA - Release Change Authorization Request
– Unlock the fabric
All SW_ILS frames sent from/to Domain Controller WKA 0xFFFCxx
All SW_ILS frames are acknowledged by an ACCept
Zoneset Activation Flow
20. Zoneset Activation Flow
A c t i v a t i o n E x a m p l e – P h a s e 1
1
FC Switch 1 FC Switch 2 FC Switch 3
FC Switch 1 user initiates
zoneset activation
ACA Request
ACA Request
ACA Accept
ACA Accept
Lock Acquired
How does Zoning work?
1. ACA - Acquire Change
Authorization Request
– Locks the fabric
– Sent to all switches in fabric
– If lock is available, switch sends an
Accept.
– If lock is not available, switch sends a
Reject.
21. Zoneset Activation Flow
A c t i v a t i o n E x a m p l e – P h a s e 2
2. SFC - Stage Fabric Configuration
Update Request
– Zoning data is sent to all switches
– Switches validate that data can be
committed. After validation is complete,
send an Accept.
– If data fails validation a Reject is sent.
2
FC Switch 1 FC Switch 2 FC Switch 3
FC Switch 1 user initiates
zoneset activation
SFC Request
SFC Request
SFC Accept
SFC Accept
Lock Acquired
Data Validated
How does Zoning work?
22. Zoneset Activation Flow
A c t i v a t i o n E x a m p l e – P h a s e 3
3. UFC - Update Fabric Configuration
Request
– Switches commit the zone data and send
an Accept after commit is complete.
3
FC Switch 1 FC Switch 2 FC Switch 3
FC Switch 1 user initiates
zoneset activation
UFC Request
UFC Request
UFC Accept
UFC Accept
Lock Acquired
Data Validated
Data Committed
How does Zoning work?
23. Zoneset Activation Flow
A c t i v a t i o n E x a m p l e – P h a s e 4
4. RCA - Release Change
Authorization Request
– Once all switches accept, the fabric is
unlocked.
– If the ACA or SFC requests are rejected,
the RCA phase will commence.
4
FC Switch 1 FC Switch 2 FC Switch 3
FC Switch 1 user initiates
zoneset activation
RCA Request
RCA Request
FC Switch 1 zoneset
activation completes
RCA Accept
RCA Accept
Lock Acquired
Data Validated
Data Committed
Lock Released
How does Zoning work?
24. Zoneset Activation Flow
A c t i v a t i o n F a i l u r e E x a m p l e
Switch 3 rejects SFC due to a failed
validation (e.g. exceeds max zone
size limits)
1
2
3
FC Switch 1 FC Switch 2 FC Switch 3
FC Switch 1 user initiates
zoneset activation
ACA Request
ACA Request
SFC Request
SFC Request
RCA Request
RCA Request
ACA Accept
ACA Accept
SFC Accept
SFC REJECT
RCA Accept
RCA Accept
Lock Acquired
Lock Released
Data Validation Failed!
FC Switch 1 zoneset
activation Fails.
How does Zoning work?
25. How does Zoning work?
• Zone databases are updated throughout the fabric
• Hard zoning Access Control Lists are updated
• Registered State Change Notifications (RSCNs)
are generated to end devices involved in the
change
– If new associations are added “online” RSCNs are
sent
– If associations are removed “offline” RSCNs are sent
• Once device receives RSCN it sends queries to
FCNS
Results of Zoning
26. Results of Zoning
Zone1
Member host1
Member Target1
Zone2
Member host3
Member Target1
Zone3
Member host2
Member Target2
Target1
Zoneset
New Zone3 added
Host1 Host2 Host3
RSCN online (host2)
Target2
RSCN online (target2)
How does Zoning work?
27. Connecting Switches via ISLs
Inter-Switch Links (ISLs) are activated to form
multi-switch fabrics
• Merge request is sent to merge two zoning
databases
• If zone DBs are the same then ISL comes up
• If zone DBs are mergeable then ISL comes
up
• If zone DBs are not mergeable then isolate
ISL
28. Connecting Switches via ISLs
• Consistency checks for zone settings can
involve the following:
– Default-zone – Permit or Deny
– Merge Control - Allow or Restrict
• Restrict – zone DBs must be exact for ISL to come up
• Allow – If zone DBs are “mergeable” ISL comes up
– Zones with the same zone name but dissimilar
• Members, Definitions, Attributes
• Check switch’s error logs for messages
when merge fails
Consistency checks
29. Connecting Switches via ISLs
Two switches prior to ISL activation
Example – Successful Merge
Zoneset name myzs
Zone name zone1
member pwwn1
member pwwn2
Zoneset name myzs
Zone name zone2
member pwwn3
member pwwn4
Two
switches
Different
zoneset
contents
Different
zone
names
30. Connecting Switches via ISLs
Two switches after to ISL activation
Example – Successful Merge
Zoneset name myzs
Zone name zone1
member pwwn1
member pwwn2
Zone name zone2
member pwwn3
member pwwn4
Two switches
Same(merged)
zoneset
contents
Zoneset name myzs
Zone name zone1
member pwwn1
member pwwn2
Zone name zone2
member pwwn3
member pwwn4
ISL - AcXvated
31. Connecting Switches via ISLs
Two switches prior to ISL activation
Example – Failed Merge
Zoneset name myzs
Zone name zone1
member pwwn1
member pwwn2
Zoneset name myzs
Zone name zone1
member pwwn3
member pwwn4
Two
switches
Different
zoneset
contents
Same
zone
name
different
members
32. Connecting Switches via ISLs
Two switches after to ISL activation and isolation
Example – Failed Merge
Zoneset name myzs
Zone name zone1
member pwwn1
member pwwn2
Zoneset name myzs
Zone name zone1
member pwwn3
member pwwn4
Two
switches
Different
zoneset
contents
ISL - Isolated
33. Zoning best practices
When zones contain more than 2 members all members are
allowed to communicate with each other
zone name myzone
member alias init1
…
member alias init12
member alias target1
member alias target2
Above allows all members to communicate with each other!
This can increase cross talk
Single Initiator / Single Target zones
12 x I
2 x T
I
I
T
T
I
I
I
I
I
I
I
I
I
I
34. Zoning best practices
• ACL entries for hard zoning result in n*(n-1) entries per zone
• Each pair consumes two ACL entries in hardware
– Result: n*(n-1) entries per zone
• Greatly increased Name Server queries
• Zones should contain 2 members:
– Initiator – PWWN or Alias
– Target – PWWN or Alias
– “Single initiator / Single target scheme”
0
2,000
4,000
6,000
8,000
10,000
0
10
20
30
40
50
60
70
80
90
100
Number
of
ACL
Entries
Number of Members
Number of ACLs
Single Initiator / Single Target zones
35. Single Initiator / Single Target Zones
• A zoning best practice
• Limits each zone to two members
– Initiator – PWWN or Alias
– Target – PWWN or Alias
• Isolates access control and reduces
communication
– Only the devices that “care” about
each other
H1
H2
H3
H4
H5
H6
H7
H8
T1
FC Fabric
36. Zoning best practices
• Aliases are alternative names for zone members
• User Friendly
– Administrators can assign a descriptive name to a
member or group of members
• Simpler Zone Creation
– Adding devices to multiple zones can be done with
one alias instead of manually adding individual
WWNs repetitively
• Device Replacement
– If a device needs to be replaced, a single alias can
be changed instead of changing numerous zones
H1
H2
H3
H4
T1
FC Fabric
“Fourth_Floor_HR_Servers”
Example: The alias “Fourth_Floor_HR_Servers”
contains the members Host1_WWN; Host2_WWN
Zone Alias
37. Zoning best practices
• Be consistent with zone types (try to use WWPN, alias)
• Use default zone deny mode
– FICON may need to use default zone permit
• Back up your zone set periodically
• Keep zone object names as concise as possible
• Remove zones that are no longer needed
• Allow time for zone changes to propagate through the
fabric
– Do each fabric separately, verify function prior to next fabric
Continued…
38. Advances in Zoning
• Peer Zoning
– Allows a Principal device to communicate with peer devices in
the zone.
– Peer devices cannot communicate with each other.
– Benefits over Single Initiator zoning scheme:
• Fewer zones to be created compared to Single Initiator
zoning.
• Uses less zone database space since one zone can take
the place of multiple Single Initiator zones.
• No communication between Peer-to-Peer or Principal-to-
Principal members.
• Optimal hardware resource utilization – Same as single
initiator scheme
– New in FC-GS-7
39. Peer Zones
• Peer Zones are formalized “single
initiator / single target” zones
• Zones with Principal and Peer members
– Connectivity Rules:
• Principal member(s) can communicate with all
Peer members in the zone. Principal-to-
Principal communication is not allowed.
• Peer-to-Peer communication is not allowed.
– Advantages:
• Easier to configure and manage due to
requiring fewer zones to be created compared
to Single Initiator zoning.
• Smaller memory footprint (zone database and
hardware) compared to Single Initiator zoning.
• More efficient ACL entry usage compared to
similar 1-to-Many zoning scheme.
• Less RSCN-related traffic compared to similar
1-to-Many zoning scheme.
H1
H2
H3
H4
H5
H6
H7
H8
T1
FC Fabric
40. Summary
• Zoning provides a secure method of ensuring
only certain devices communicate with each
other
• Zoning database will be uniform throughout fabric
switches
• Use Single Initiator / Single Target zones
whenever possible
• Follow other best practices
41. Q & A
If you have questions…
…We have answers!
42. Fibre Channel and Security
August 27, 2019
10:00 am PT/1:00 pm ET
Register at:
https://www.brighttalk.com/webcast/14967/363593
Our Next FCIA Webcast:
42
43. • Please rate this event – we value your feedback
• We will post a Q&A blog at http://fibrechannel.org/ with answers to the questions we
received today
• Follow us on Twitter @FCIAnews for updates on future FCIA webcasts
• Visit our library of FCIA on-demand webcasts at http://fibrechannel.org/webcasts/ to
learn about:
– Fibre Channel Fundamentals
– FC-NVMe
– Long Distance Fibre Channel
– Fibre Channel Speedmap
– FCIP (Extension): Data Protection and Business Continuity
– Fibre Channel Performance
– FICON
– Fibre Channel Cabling
– 64GFC
After this Webcast
43