FC SAN Term Paper of STF by shahwaz

8/8/2019 FC SAN Term Paper of STF by shahwaz

1/20

TERM PAPER

OF

STORAGE

TECHNOLOGY

FOUNDATION

CSE-504TOPIC:-FC SAN

SUBMITTED TO SUBMITTED BY

MR. NITIN KUMAR SHAHWAZ AHMAD

B.Tech(IT) 4th year

ROLL NO:- RF27E1B25

REG NO-1070070146

SECTION:-F27E1


2/20

CONTENTS

ABSTRACT

INTRODUCTION

FC COMPONENTS

Host Components

Fabric Components

Storage Components

SAN PORTS

FIBRE CHANNEL ARCHITECTURE

FIBRE CHANNEL ADDRSSING

wwn

24-bit port addressing

loop addressing

SECURING A FABRIC

fibre channel authentication protocol

zoning

zoning, masking and binding

FIBRE CHANNEL LOGIN.

SECURITY PRINCIPLES

access control

auditing and accounting

data security


3/20

encryption

CONCLUSION

REFERENCES

ABSTRACT

Fibre channel SAN (storage area network) is considered to be a promising solution to address storage

problems caused by the sheer volume of data and their management. To adopt this storage environment,

we design and implement a high performance fibre channel network driver for SAN-attached RAID

controllers in a real-time operating system.

INTRODUCTION

A storage area network (SAN) is a type of local area network (LAN) designed to handle large data

transfers. A SAN typically supports data storage, retrieval and replication on business networks using

high-end servers, multiple disk arrays and Fibre Channel interconnection technology.

A SAN alone does not provide the "file" abstraction, only block-level operations. However, file systems

built on top of SANs do provide this abstraction, and are known as SAN filesystems or shared disk file

systems.


4/20

Fibre Channel, or FC, is a gigabit-speed network technology primarily used for storage networking. Fibre

Channel is standardized in the T11 Technical Committee of the InterNational Committee for Information

Technology Standards (INCITS), an American National Standards Institute (ANSI)accredited standards

committee. It started use primarily in the supercomputer field, but has become the standard connection

type for storage area networks (SAN) in enterprise storage. Despite its name, Fibre Channel signaling can

run on both twisted pair copper wire and fiber-optic cables.

Fibre Channel Protocol (FCP) is a transport protocol (similar to TCP used in IP networks) which

predominantly transports SCSI commands over Fibre Channel networks.

The term SAN can sometimes refer to system area networks instead of a storage area network. Systemarea networks are clusters of high performance computers used for distributed processing applications

requiring fast local network performance. Storage area networks, on the other, are designed specifically

for data management.

SANs create new methods of attaching storage to servers. These new methods can enable great

improvements in both availability and performance. Todays SANs are used to connect shared storage

arrays and tape libraries to multiple servers, and are used by clustered servers for failover.


5/20

A SAN can be used to bypass traditional network bottlenecks. It facilitates direct, high-speed data

transfers between servers and storage devices, potentially in any of the following three ways:

Server to storage: This is the traditional model of interaction with storage devices. The advantage is that

the same storage device may be accessed serially or concurrently by multiple servers.

Server to server: A SAN may be used for high-speed, high-volume communications between servers.

Storage to storage: This outboard data movement capability enables data to be moved without server

intervention, thereby freeing up server processor cycles for other activities like application processing.

Examples include a disk device backing up its data to a tape device without server intervention, or remote

device mirroring across the SAN.

FC-SAN COMPONENT

The components of an FC SAN can be grouped as follows and are discussed below:

Host Components

Fabric Components

Storage Components


6/20

HOST COMPONENTS

The host components of a SAN consist of the servers themselves and the components

that enable the servers to be physically connected to the SAN.

HBAs are located in the servers, along with a component that performs digitaltooptical signal

conversion. Each host connects to the fabric ports through its HBAs.

HBA drivers running on the servers enable the servers operating systems to communicate with

the HBA.

FABRIC COMPONENTS

All hosts connect to the storage devices on the SAN through the SAN fabric. The network portion of the

SAN consists of the following fabric components:


7/20

SAN Switches SAN switches can connect to servers, storage devices, and other switches, and

thus provide the connection points for the SAN fabric. The type of SAN switch, its design

features, and its port capacity all contribute to its overall capacity, performance, and fault

tolerance. The number of switches, types of switches, and manner in which the switches are

interconnected define the fabric topology.

For smaller SANs, the standard SAN switches (called modular switches) can typically support 16

or 24 ports (though some 32port modular switches are becoming available). Sometimes modular

switches are interconnected to create a faulttolerant fabric.

For larger SAN fabrics, directorclass switches provide a larger port capacity (64 to 128 ports per

switch) and builtin fault tolerance.

Data Routers Data routers are intelligent bridges between SCSI devices and FC devices in the

SAN. Servers in the SAN can access SCSI disk or tape devices in the SAN through the data

routers in the fabric layer.

Cables SAN cables are usually special fiber optic cables that are used to connect all of the

fabric components. The type of SAN cable and the fiber optic signal determine the maximum

distances between SAN components and contribute to the total bandwidth rating of the SAN.

Communications Protocol Fabric components communicate using the FC communications

protocol. FC is the storage interface protocol used for most of today s SANs. FC was developed

as a protocol for transferring data between two ports on a serial I/O bus cable at high speeds. FC

supports pointtopoint, arbitrated loop, and switched fabric topologies. Switched fabric topology

is the basis for most current SANs.

STORAGE COMPONENTS

The storage components of a SAN are the storage arrays. Storage arrays include storage processors (SPs).

The SPs are the front end of the storage array. SPs communicate with the disk array (which includes all

the disks in the storage array) and provide the RAID/LUN functionality.

Storage Processors

SPs provide frontside host attachments to the storage devices from the servers, either directly or through

a switch. The server HBAs must conform to the protocol supported by the storage processor. In most

cases, this is the FC protocol.

Storage processors provide internal access to the drives, which can be using a switch or bus architecture.In highend storage systems, drives are normally connected in loops.

This backend loop technology employed by the SP provides several benefits:

Highspeed access to the drives

Ability to add more drives to the loop


8/20

Redundant access to a single drive from multiple loops (when drives are dualported and attached

to two loops)

Storage Devices

Data is stored on disk arrays or tape devices (or both). Disk arrays are groups of multiple disk devices and

are the typical SAN disk storage device. They can vary greatly in design, capacity, performance, and other

features. Storage arrays rarely provide hosts direct access to individual drives. Instead, the storage array

uses RAID (Redundant Array of Independent Drives) technology to group a set of drives. RAID uses

independent drives to provide capacity, performance, and redundancy. Using specialized algorithms,

several drives are grouped to provide common pooled storage. These RAID algorithms, commonly known

as RAID levels, define the characteristics of the particular grouping.

In simple systems that provide RAID capability, a RAID group is equivalent to a single LUN. A LUN is a

single unit of storage. Depending on the host system environment, a LUN is also known as a volume or a

logical drive. From a VI Client, a LUN looks like any other storage unit available for access.

In advanced storage arrays, RAID groups can have one or more LUNs created for access by one or more

servers. The ability to create more than one LUN from a single RAID group provides fine granularity to

the storage creation process. You are not limited to the total capacity of the entire RAID group for a single

LUN.

Most storage arrays provide additional data protection and replication features such as snapshots, internal

copies, and remote mirroring.

A snapshot is a pointintime copy of a LUN. Snapshots are used as backup sources for the

overall backup procedures defined for the storage array.

Internal copies allow data movement from one LUN to another for an additional copy for testing.

Remote mirroring provides constant synchronization between LUNs on one storage array and a

second, independent (usually remote) storage array for disaster recovery.

Tape Storage Devices

Tape storage devices are part of the SAN backup capabilities and processes.

Smaller SANs might use highcapacity tape drives. These tape drives vary in their transfer rates

and storage capacities. A highcapacity tape drive might exist as a standalone drive, or it might be

part of a tape library.

Typically, a large SAN, or a SAN with critical backup requirements, is configured with one or

more tape libraries. A tape library consolidates one or more tape drives into a single enclosure.


9/20

Tapes can be inserted and removed from the tape drives in the library automatically with a robotic

arm. Many tape libraries offer large storage capacitiessometimes into the petabyte (PB) range.

SAN PORTS

SANs are awash with ports. There are N_ports, F_ports, G_ports and more.

Point-to-point

The simplest Fibre Channel (FC) connection is a point-to-point link between a server and a storage

device, between the two nodes as it were of this very simple network. Each one has an N_Port, standing

for node port. N_Ports are end-points in a FC network. The transmit lead of one N_Port is connected via

the FC cable to the receive lead of the other N_Port. Its transmit port is connected to the first N_Port's

receive lead..

Arbitrated loop

FC arbitrated loop (FC-AL) is a network topology for connecting three or more devices (nodes). It mightbe used to connect servers, bunches of disks in cabinets and to support NAS processors. For example, FC-

AL could be used to link a server and two separate disk arrays in a daisy chain-like arrangement. The

cable's bandwidth is shared between the devices on the loop. If they are all active then they all get a

fraction of the bandwidth. Alternatively a central FC-AL hub might be used, in a star topology, which

limits the scope of cable break problems to individual nodes and doesn't let them destroy the whole loop.

Internal circuitry in the hub enables the bypass of non-functioning ports to which the nodes' NL_Ports are

connected. The hub ports themselves are dumb. A single loop may have have fifty, even a hundred drives

on it but typically only three or four initiators would be sending requests to the drives resulting in each

one of four getting 25MB/sec if they are equally active in a 1Gbit/sec FC set-up. An L_Port or NL_Port

connects a node to the loop. Each NL_Port's transmit lead is connected to the receive lead of the NL-Port

downstream of it.

Fabric ports

A FC fabric is defined as having one or more FC switches inter-connecting servers and storage nodes. A

switch is an 8-, 16-, 32- or 64-port device. Ones with 128 or more ports are typically classed as Directors

and have additional functionality. In a fabric full bandwidth is given to each port; that is 200MB/sec full

duplex in a 1GBit/s FC set-up. This bandwidth is not shared with other ports connected to N_Ports on the

fabric. The servers and storage nodes, the end-points of the fabric, have N_Ports. The switch has F_Ports

(F for fabric) which connect to the N_Ports on a one-to-one basis. At its simplest a server will connect to

a particular storage node in a fabric in the sequence; server N-Port to front switch F-Port to back switch

F_Port to storage node N_Port. However, switches can be linked to provide a greater number of ports and

thus scope for more server and storage nodes. The switches are linked by inter-switch links (ISL) and

these are shared between all the F_Ports on the switch. The ISLs use switch E_Ports (E for expansion).

Multiple E_Ports can be used to provide the bandwidth needed. An additional type of switch port is a

G_Port. These can function either as F_Ports or E_Ports. A G_Port functions as an F_Port when it is

connected to a node's N_Port, and as an E_Port when connected to another switch's E_Port.


10/20

FIBRE CHANNEL ARCHITECTURE

The FC architecture represents the true channel/network integration wiyh standard interconnecting

devices. Connections in a SAN are accomplished using FC.

Traditionally transmission from host to storage devices are carried out over channel such as parallel bus.

Channel technologies provide high levels of performance with low protocol overheads.

FCP(Fibre channel protocol) is the implementation of serial SCSI-3 over an FC network. In the FCP

architecture,all external and remote storage devices attached to SAN appear as local devices to the host

oprating system.

The advantages of FCP are

Sustained transmission bandwidth over long distances.

Support for a larger number of addressable devices over a network.

Exhibits the chaacterstic of channel transport provides speeds up to 8.5 GB/s

FCP is specified bystandard produced by T10, FCP-3 is the last issued standard and FCP-4 is under

development.FCP defines a fiber channel mapping layers (FC-4) that uses the services defined by

ANSX3.230-199X..

LAYERS

Fibre Channel (FC) is broken up into a series of five layers. The concept oflayers, starting with the

ISO/OSI seven-layer model, allows the development of one layer to remain independent of the adjacent

layers. Although, FC contains five layers, those layers follow the general principles stated in the ISO/OSI

model.

The five layers can be categorized into these two:

Physical and signaling layer

Upper layer

Fibre Channel is a layered protocol


11/20

PHYSICAL AND SIGNALING LAYERS

The physical and signaling layers include the three lowest layers: FC-0, FC-1, and FC-2.

Physical interface and media: FC-0

The lowest layer, FC-0, defines the physical link in the system, including the cabling, connectors, and

electrical parameters for the system at a wide range of data rates. This level is designed for maximum

flexibility, and allows the use of a large number of technologies to match the needs of the configuration.

A communication route between two nodes can be made up of links of different technologies. For

example, in reaching its destination, a signal might start out on copper wire and become converted to

single-mode fiber for longer distances. This flexibility allows for specialized configurations, depending on

IT requirements.

Laser safety

Fibre Channel often uses lasers to transmit data, and can, therefore, present an optical health hazard. The

FC-0 layer defines an open fiber control (OFC) system, and acts as a safety interlock for point-to-point

fiber connections that use semiconductor laser diodes as the optical source. If the fiber connection is

broken, the ports send a series of pulses until the physical connection is re-established and the necessary

handshake procedures are followed.


12/20

Transmission protocol: FC-1

The second layer, FC-1, provides the methods for adaptive 8B/10B encoding to bind the maximum length

of the code, maintain DC-balance, and provide word alignment. This layer is used to integrate the data

with the clock information required by serial transmission technologies.

Framing and signaling protocol: FC-2

Reliable communications result from Fibre Channels FC-2 framing and signaling protocol. FC-2

specifies a data transport mechanism that is independent of upper layer protocols. FC-2 is self-configuring

and supports point-to-point, Arbitrated Loop, and switched environments.

FC-2, which is the third layer of the FC-PH, provides the transport methods to determine:

Topologies based on the presence or absence of a fabric

Communication models

Classes of service provided by the fabric and the nodes

General fabric model

Sequence and exchange identifiers

Segmentation and reassembly

Data is transmitted in 4-byte ordered sets containing data and control characters. Ordered sets provide the

availability to obtain bit and word synchronization, which also establishes word boundary alignment.

Together, FC-0, FC-1, and FC-2 form the Fibre Channel physical and signaling interface (FC-PH).

UPPER LAYERS

The Upper layer includes two layers: FC-3 and FC-4.

FC-3:- NoT USED

Upper layer protocol mapping (ULP): FC-4

The highest layer, FC-4, provides the application-specific protocols. Fibre Channel is equally adept at

transporting both network and channel information and allows both protocol types to be concurrently

transported over the same physical interface.

Through mapping rules, a specific FC-4 describes how ULP processes of the same FC-4 type interoperate.

A channel example is Fibre Channel Protocol (FCP). This is used to transfer SCSI data over Fibre

Channel. A networking example is sending IP (Internet Protocol) packets between nodes. FICON is

another ULP in use today for mainframe systems. FICON is a contraction of Fibre Connection and refers

to running ESCON traffic over Fibre Channel.


13/20

FIBRE CHANNEL ADDRSSING

All devices in a Fibre Channel environment have an identity. The way that the identity is assigned and

used depends on the format of the Fibre Channel fabric.

For example, there is a difference between the way that addressing is done in an arbitrated loop and a

fabric

World Wide Name

All Fibre Channel devices have a unique identity called the World Wide Name (WWN). This is similar to

the way all Ethernet cards have a unique Media Access Control (MAC) address.

This WWN is a 64-bit address, and if two WWN addresses are put into the frame header, this leaves 16

bytes of data just for identifying destination and source address. So 64-bit addresses can impact routing

performance.

Each device in the SAN is identified by a unique world wide name (WWN). The WWN contains a vendor

identifier field, which is defined and maintained by the IEEE, and a vendor-specific information field.

Currently, there are two formats of the WWN as defined by the IEEE. The original format contains either

a hex 10 or hex 20 in the first two bytes of the address. This is then followed by the vendor-specific

information

The new addressing scheme starts with a hex 5 or 6 in the first half-byte followed by the vendor identifier

in the next 3 bytes. The vendor-specific information is then contained in the following fields.

A worldwide node name (WWNN) is a globally unique 64-bit identifier assigned to each Fibre Channel nodeprocess

24-bit port address


14/20

The 24-bit address scheme removes the overhead of manual administration of addresses by allowing the

topology itself to assign addresses. This is not like WWN addressing, in which the addresses are assigned

to the manufacturers by the IEEE standards committee, and are built in to the device at the time of

manufacture. If the topology itself assigns the 24-bit addresses, then somebody has to be responsible for

the addressing scheme from WWN addressing to port addressing.

In the switched fabric environment, the switch itself is responsible for assigning and maintaining the port

addresses. When the device with its WWN logs into the switch on a specific port, the switch will assign

the port address to that port and the switch will also maintain the correlation between the port address and

the WWN address of the device of that port. This function of the switch is implemented by using the

Name Server.

The Name Server is a component of the fabric operating system, which runs inside the switch. It is

essentially a database of objects in which fabric-attached device registers its values.

Dynamic addressing also removes the partial element of human error in addressing maintenance, and

provides more flexibility in additions, moves, and changes in the SAN.

A 24-bit port address consists of three parts:

Domain (from bits 23 to 16)

Area (from bits 15 to 08)

Port or Arbitrated Loop physical address: AL_PA (from bits 07 to 00)

The significance of some of the bits that make up the port address in the are:

Domain


15/20

The most significant byte of the port address is the domain. This is the address of the switch itself. One

byte allows up to 256 possible addresses. Because some of these are reserved, as for the one for broadcast,

there are only 239 addresses available. This means that you can theoretically have as many as 239

switches in your SAN environment. The domain number allows each switch to have a unique identifier if

you have multiple interconnected switches in your environment.

Area

The area field provides 256 addresses. This part of the address is used to identify the individual FL_Ports

supporting loops or it can be used as the identifier for a group of F_Ports, for example, a card with more

ports on it. This means that each group of ports has a different area number, even if there is only one port

in the group.

Port

The final part of the address provides 256 addresses for identifying attached N_Ports and NL_Ports.

Loop address

An NL_Port, like an N_Port, has a 24-bit port address. If no switch connection exists, the two upper bytes

of this port address are zeroes (x00 00) and referred to as a private loop. The devices on the loop have

no connection with the outside world. If the loop is attached to a fabric and an NL_Port supports a fabric

login, the upper two bytes are assigned a positive value by the switch. We call this mode a public loop. As

fabric-capable NL_Ports are members of both a local loop and the greater fabric community, a 24-bit

address is needed as an identifier in the network. Inthis case of public loop assignment, the value of the

upper two bytes represents the loop identifier, and this will be common to all NL_Ports on the same loop

that performed login to the fabric.

In both public and private arbitrated loops, the last byte of the 24-bit port address refers to the arbitrated

loop physical address (AL_PA). The AL_PA is acquired during initialization of the loop and may, in the

case of a fabric-capable loop device, be modified by the switch during login. The total number of the

AL_PAs available for arbitrated loop addressing is 127. This number is based on the requirements of

8b/10b running disparity between frames.

SECURING A FABRIC

some of the current methods for securing a SAN fabric are presented.

Fibre Channel Authentication Protocol

The Switch Link Authentication Protocol (SLAP/FC-SW-3) establishes a region of trust between

switches. For an end-to-end solution to be effective, this region of trust must extend throughout the SAN,

which requires the participation of fabric-connected devices, such as HBAs. The joint initiative between

Brocade and Emulex establishes Fibre Channel Authentication Protocol (FCAP) as the next-generation


16/20

implementation of SLAP. Customers gain the assurance that a region of trust extends over the entire

domain.

ZONING

Zoning provides access control in the SAN topology; it defines which HBAs can connect to which SPs.

You can have multiple ports to the same SP in different zones to reduce the number of presented paths.

When a SAN is configured using zoning, the devices outside a zone are not visible to the devices inside

the zone. In addition, SAN traffic within each zone is isolated from the other zones. Within a complex

SAN environment, SAN switches provide zoning. Zoning defines and configures the necessary security

and access rights for the entire SAN.

Typically, zones are created for each group of servers that access a shared group of storage devices.

TYPES OF ZONING

There are three types of Zoning

Port Zoning or Hard Zoning

WWN Zoning or Soft Zoning

Mixed Zoning

Port Zoning or Hard Zoning


17/20

Port zoning utilizes physical ports to define security zones. A users access to data is determined

by what physical port he or she is connected to.

With port zoning, zone information must be updated every time a user changes switch ports. In

addition, port zoning does not allow zones to overlap.

Hard zoning is zoning which is implemented in hardware

Hard zoning physically blocks access to a zone from any device outside of the zone.

WWN Zoning or Soft Zoning

WWN zoning uses name servers in the switches to either allow or block access to particular

World Wide Names (WWNs) in the fabric.

A major advantage of WWN zoning is the ability to recable the fabric without having to redo the

zone information.

Soft zoning is zoning which is implemented in software

Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen

from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are

still accessible if the user in another zone correctly guesses the fibre channel address.

Mixed zoning

You can create or edit a zone to contain a mixture of switch port zoning and end port zoning, as long

as a zoning policy is not applied. More commonly, mixed zoning is employed by combining zones

using different types of zoning in a single zone set. Under some circumstances, this may combine

some of the advantages of each form of zoning.

Zoning, masking and binding

Although neither of these can be classed as security products or mechanisms, combining all their

functionality together can make the SAN more secure than it would be without them.

Data security

In order to provide the equivalent security functions that are implemented in the LAN, the ANSI T11-

group is considering a range of proposals for connection authentication and integrity, which can be

recognized as the FC adoption of the IP security standards. These standards propose to secure FC

traffic between all FC ports and the domain controller


18/20

FIBRE CHANNEL LOGIN -

There are three different types of login for Fibre Channel. These are:

Port login

Process login

Fabric login

Port login

Port login, also known as PLOGI, is used to establish a session between two N_Ports and is necessary

before any upper level commands or operations can be performed. During port login, two N_Ports

(devices) swap service parameters and make themselves known to each other.

Process login

Process login is also known as PRLI. Process login is used to set up theenvironment between related

processes on an originating N_Port and aresponding N_Port. A group of related processes is collectively

known as an image pair.

Fabric login

After the fabric-capable Fibre Channel device is attached to a fabric switch, it willcarry out a fabric login

(FLOGI).Similar to port login, FLOGI is an extended link service command that sets up a session

between two participants. With FLOGU a session is created between an N_Port or NL_Port and the

switch. An N_Port will send a FLOGI frame that contains its Node Name, its N_Port Name, and service

parameters.

SECURITY PRINCIPLES

It is a well-known fact that a chain is only as strong as its weakest link and when talking about

computer security, the same concept applies: there is no point in locking all the doors and then leaving a

window open. A secure, networked infrastructure must protect information at many levels or layers, and

have no single point of failure. The levels of defense need to be complementary, and work in conjunction

with each other. If you have a SAN, or any other network for that matter, that crumbles after a single

penetration, then this is not a recipe for success. There are a number of unique entities that need to begiven consideration in any environment. We discuss some of the most important ones in the topics that

follow.

Access control

Access control can be performed both by means of authentication and authorization techniques:


19/20

Authentication Means that the secure system has to challenge the user (usually by means of a

password) so that he or she identifies himself.

AuthorizationHaving identified a user, the system will be able to know what this user isallowed to do and what they are not.

As true as it is in any IT environment, it is also true in a SAN environment that access to information, and

to the configuration or management tools, must be restricted to only those people that are need to have

access, and authorized to make changes. Any configuration or management software is typically protected

with several levels of security, usually starting with a user ID and password that must be assigned

appropriately to personnel based on their skill level and responsibility.

Auditing and accounting

It is essential that an audit trail is maintained for auditing and troubleshooting purposes. Logs should be

inspected on a regular basis and archived.

Data security

Whether at rest or in-flight, data security comprises of both data confidentiality and integrity.

Data confidentiality the system has to guarantee that the information cannot be accessed by unauthorized

people, remaining confidential for them but available for only authorized personnel. As shown in the next

section, this is usually accomplished by data encryption.

Data integrity the system has to guarantee that the data stored or processed within its boundaries is not

altered or tampered with in any way.

This is a security and integrity requirement aiming to guarantee that data from one application or systemdoes not become overlaid, corrupted, or otherwise destroyed, whether intentionally or by accident, by

other applications or systems. This may involve some form of authorization, and/or the ability to fence off

one systems data from another systems.

Encryption

Encryption is the translation of data into a secret code and is the most effective way to achieve data

security. To read an encrypted file you must have access to a secret key, or password or passphrase, that

enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text.

There are two main types of encryption: symmetric encryption and asymmetric encryption (also calledpublic-key encryption).

Symmetric When the same secret password, or key, is used to encrypt a message and decrypt the

corresponding cipher text

Asymmetric When one key is used to encrypt a message and another to decrypt the corresponding cipher

text


20/20

CONCLUSION

In recent years, the demand of the storage system grows rapidly; furthermore, most enterprises request the

SAN system with high capacity and efficiency, more reliable and secure in order to get rid of risks of data

lost and service interruption.

REFERENCES

en.wikipedia.org/wiki/Storage_area_network

www-03.ibm.com/systems/storage/san/

http://en.wikipedia.org/wiki/Fibre_Channel

http://www.sansecurity.com/faq/hard-soft-zoning.shtml

Information security and management by EMC

education.emc.com/ismbooks

www.redbooks.ibm.com/redbooks/pdfs

http://searchstorage.techtarget.com

Documents

FC SAN Term Paper of STF by shahwaz