Storage Questions and Answers - February 2006

 

 

What is FCPAP (Fibre Channel Password Authentication Protocol)?

FCPAP (Fibre Channel Password Authentication Protocol) is an optional password based authentication and key exchange protocol which is utilized in Fibre Channel Storage Area Networks (SANs). FCPAP is used to mutually authenticate Fibre Channel ports to each other. This includes E_Port's, N_Port's, and Domain Controllers.

What is iSCSI and basically how does it work?

iSCSI stands for internet SCSI, or internet Small Computer Systems Interface.

iSCSI is the transmission of SCSI commands and data over IP networks.

When an application attempts to read from an iSCSI device, the SCSI read command is encapsulated inside an IP packet. The IP packet is then routed just like any other IP packet on the network. When the IP packet reaches its destination, the encapsulation is stripped off and the SCSI read command is interpreted by the iSCSI drive.

What is mirroring?

Mirroring is the automated process of writing data to two drives simultaneously. Mirroring is used to provide redundancy. If one drive fails, the redundant drive will continue to store the data and provide access to it. The failed drive can then be replaced and the drive set can be re-mirrored.

What is LUN masking?

LUN (Logical Unit Number) Masking is an authorization process that makes a LUN available to some hosts and unavailable to other hosts. LUN Masking is implemented primarily at the HBA (Host Bus Adapter) level. LUN Masking implemented at this level is vulnerable to any attack that compromises the HBA. Some storage controllers also support LUN Masking. LUN Masking is important because Windows based servers attempt to write volume labels to all available LUN's. This can render the LUN's unusable by other operating systems and can result in data loss.

What is the difference between hard and soft zoning?

Hard zoning is zoning which is implemented in hardware. Soft zoning is zoning which is implemented in software.

Hard zoning physically blocks access to a zone from any device outside of the zone.

Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are still accessible if the user in another zone correctly guesses the fibre channel address.

 

Back to Article List