TERM PAPER

OF

STORAGE
TECHNOLOGY
FOUNDATION
CSE-504
TOPIC:-FC SAN

SUBMITTED TO SUBMITTED BY

MR. NITIN KUMAR SHAHWAZ AHMAD

B.Tech(IT) 4th year

ROLL NO:- RF27E1B25

REG NO-1070070146

SECTION:-F27E1
 CONTENTS
 ABSTRACT

 INTRODUCTION

 FC COMPONENTS

• Host Components

• Fabric Components

• Storage Components

 SAN PORTS

 FIBRE CHANNEL ARCHITECTURE

 FIBRE CHANNEL ADDRSSING

• wwn

• 24-bit port addressing

• loop addressing

 SECURING A FABRIC

• fibre channel authentication protocol

• zoning

• zoning, masking and binding

 FIBRE CHANNEL LOGIN.

 SECURITY PRINCIPLES

• access control

• auditing and accounting

• data security
 • encryption

 CONCLUSION

 REFERENCES

ABSTRACT
Fibre channel SAN (storage area network) is considered to be a promising solution to address storage
problems caused by the sheer volume of data and their management. To adopt this storage environment,
we design and implement a high performance fibre channel network driver for SAN-attached RAID
controllers in a real-time operating system.

INTRODUCTION
A storage area network (SAN) is a type of local area network (LAN) designed to handle large data
transfers. A SAN typically supports data storage, retrieval and replication on business networks using
high-end servers, multiple disk arrays and Fibre Channel interconnection technology.

A SAN alone does not provide the "file" abstraction, only block-level operations. However, file systems
built on top of SANs do provide this abstraction, and are known as SAN filesystems or shared disk file
systems.
Fibre Channel, or FC, is a gigabit-speed network technology primarily used for storage networking. Fibre
Channel is standardized in the T11 Technical Committee of the InterNational Committee for Information
Technology Standards (INCITS), an American National Standards Institute (ANSI)–accredited standards
committee. It started use primarily in the supercomputer field, but has become the standard connection
type for storage area networks (SAN) in enterprise storage. Despite its name, Fibre Channel signaling can
run on both twisted pair copper wire and fiber-optic cables.

Fibre Channel Protocol (FCP) is a transport protocol (similar to TCP used in IP networks) which
predominantly transports SCSI commands over Fibre Channel networks.

The term SAN can sometimes refer to system area networks instead of a storage area network. System
area networks are clusters of high performance computers used for distributed processing applications
requiring fast local network performance. Storage area networks, on the other, are designed specifically
for data management.

SANs create new methods of attaching storage to servers. These new methods can enable great
improvements in both availability and performance. Today’s SANs are used to connect shared storage
arrays and tape libraries to multiple servers, and are used by clustered servers for failover.
 A SAN can be used to bypass traditional network bottlenecks. It facilitates direct, high-speed data
transfers between servers and storage devices, potentially in any of the following three ways:

Server to storage: This is the traditional model of interaction with storage devices. The advantage is that
the same storage device may be accessed serially or concurrently by multiple servers.

Server to server: A SAN may be used for high-speed, high-volume communications between servers.

Storage to storage: This outboard data movement capability enables data to be moved without server
intervention, thereby freeing up server processor cycles for other activities like application processing.
Examples include a disk device backing up its data to a tape device without server intervention, or remote
device mirroring across the SAN.

FC-SAN COMPONENT
The components of an FC SAN can be grouped as follows and are discussed below:

• “Host Components”

• “Fabric Components

• “Storage Components
HOST COMPONENTS

The host components of a SAN consist of the servers themselves and the components

that enable the servers to be physically connected to the SAN.

• HBAs are located in the servers, along with a component that performs digital‐to‐optical signal
conversion. Each host connects to the fabric ports through its HBAs.

• HBA drivers running on the servers enable the servers ’ operating systems to communicate with
the HBA.

FABRIC COMPONENTS

All hosts connect to the storage devices on the SAN through the SAN fabric. The network portion of the
SAN consists of the following fabric components:
 • SAN Switches — SAN switches can connect to servers, storage devices, and other switches, and
thus provide the connection points for the SAN fabric. The type of SAN switch, its design
features, and its port capacity all contribute to its overall capacity, performance, and fault
tolerance. The number of switches, types of switches, and manner in which the switches are
interconnected define the fabric topology.

• For smaller SANs, the standard SAN switches (called modular switches) can typically support 16
or 24 ports (though some 32‐port modular switches are becoming available). Sometimes modular
switches are interconnected to create a fault‐tolerant fabric.

• For larger SAN fabrics, director‐class switches provide a larger port capacity (64 to 128 ports per
switch) and built‐in fault tolerance.

• Data Routers — Data routers are intelligent bridges between SCSI devices and FC devices in the
SAN. Servers in the SAN can access SCSI disk or tape devices in the SAN through the data
routers in the fabric layer.

• Cables — SAN cables are usually special fiber optic cables that are used to connect all of the
fabric components. The type of SAN cable and the fiber optic signal determine the maximum
distances between SAN components and contribute to the total bandwidth rating of the SAN.

• Communications Protocol — Fabric components communicate using the FC communications

protocol. FC is the storage interface protocol used for most of today’s SANs. FC was developed
as a protocol for transferring data between two ports on a serial I/O bus cable at high speeds. FC
supports point‐to‐point, arbitrated loop, and switched fabric topologies. Switched fabric topology
is the basis for most current SANs.

STORAGE COMPONENTS

The storage components of a SAN are the storage arrays. Storage arrays include storage processors (SPs).
The SPs are the front end of the storage array. SPs communicate with the disk array (which includes all
the disks in the storage array) and provide the RAID/LUN functionality.

Storage Processors

SPs provide front‐side host attachments to the storage devices from the servers, either directly or through
a switch. The server HBAs must conform to the protocol supported by the storage processor. In most
cases, this is the FC protocol.

Storage processors provide internal access to the drives, which can be using a switch or bus architecture.
In high‐end storage systems, drives are normally connected in loops.

This back‐end loop technology employed by the SP provides several benefits:

• High‐speed access to the drives

• Ability to add more drives to the loop

 • Redundant access to a single drive from multiple loops (when drives are dual‐ported and attached
to two loops)

Storage Devices

Data is stored on disk arrays or tape devices (or both). Disk arrays are groups of multiple disk devices and
are the typical SAN disk storage device. They can vary greatly in design, capacity, performance, and other
features. Storage arrays rarely provide hosts direct access to individual drives. Instead, the storage array
uses RAID (Redundant Array of Independent Drives) technology to group a set of drives. RAID uses
independent drives to provide capacity, performance, and redundancy. Using specialized algorithms,
several drives are grouped to provide common pooled storage. These RAID algorithms, commonly known
as RAID levels, define the characteristics of the particular grouping.

In simple systems that provide RAID capability, a RAID group is equivalent to a single LUN. A LUN is a
single unit of storage. Depending on the host system environment, a LUN is also known as a volume or a
logical drive. From a VI Client, a LUN looks like any other storage unit available for access.

In advanced storage arrays, RAID groups can have one or more LUNs created for access by one or more
servers. The ability to create more than one LUN from a single RAID group provides fine granularity to
the storage creation process. You are not limited to the total capacity of the entire RAID group for a single
LUN.

Most storage arrays provide additional data protection and replication features such as snapshots, internal
copies, and remote mirroring.

• A snapshot is a point‐in‐time copy of a LUN. Snapshots are used as backup sources for the
overall backup procedures defined for the storage array.

• Internal copies allow data movement from one LUN to another for an additional copy for testing.

• Remote mirroring provides constant synchronization between LUNs on one storage array and a
second, independent (usually remote) storage array for disaster recovery.

Tape Storage Devices

Tape storage devices are part of the SAN backup capabilities and processes.

• Smaller SANs might use high‐capacity tape drives. These tape drives vary in their transfer rates
and storage capacities. A high‐capacity tape drive might exist as a standalone drive, or it might be
part of a tape library.

• Typically, a large SAN, or a SAN with critical backup requirements, is configured with one or
more tape libraries. A tape library consolidates one or more tape drives into a single enclosure.
 Tapes can be inserted and removed from the tape drives in the library automatically with a robotic
arm. Many tape libraries offer large storage capacities—sometimes into the petabyte (PB) range.

SAN PORTS
SANs are awash with ports. There are N_ports, F_ports, G_ports and more.

Point-to-point

The simplest Fibre Channel (FC) connection is a point-to-point link between a server and a storage
device, between the two nodes as it were of this very simple network. Each one has an N_Port, standing
for node port. N_Ports are end-points in a FC network. The transmit lead of one N_Port is connected via
the FC cable to the receive lead of the other N_Port. Its transmit port is connected to the first N_Port's
receive lead..

Arbitrated loop

FC arbitrated loop (FC-AL) is a network topology for connecting three or more devices (nodes). It might
be used to connect servers, bunches of disks in cabinets and to support NAS processors. For example, FC-
AL could be used to link a server and two separate disk arrays in a daisy chain-like arrangement. The
cable's bandwidth is shared between the devices on the loop. If they are all active then they all get a
fraction of the bandwidth. Alternatively a central FC-AL hub might be used, in a star topology, which
limits the scope of cable break problems to individual nodes and doesn't let them destroy the whole loop.
Internal circuitry in the hub enables the bypass of non-functioning ports to which the nodes' NL_Ports are
connected. The hub ports themselves are dumb. A single loop may have have fifty, even a hundred drives
on it but typically only three or four initiators would be sending requests to the drives resulting in each
one of four getting 25MB/sec if they are equally active in a 1Gbit/sec FC set-up. An L_Port or NL_Port
connects a node to the loop. Each NL_Port's transmit lead is connected to the receive lead of the NL-Port
downstream of it.

Fabric ports

A FC fabric is defined as having one or more FC switches inter-connecting servers and storage nodes. A
switch is an 8-, 16-, 32- or 64-port device. Ones with 128 or more ports are typically classed as Directors
and have additional functionality. In a fabric full bandwidth is given to each port; that is 200MB/sec full
duplex in a 1GBit/s FC set-up. This bandwidth is not shared with other ports connected to N_Ports on the
fabric. The servers and storage nodes, the end-points of the fabric, have N_Ports. The switch has F_Ports
(F for fabric) which connect to the N_Ports on a one-to-one basis. At its simplest a server will connect to
a particular storage node in a fabric in the sequence; server N-Port to front switch F-Port to back switch
F_Port to storage node N_Port. However, switches can be linked to provide a greater number of ports and
thus scope for more server and storage nodes. The switches are linked by inter-switch links (ISL) and
these are shared between all the F_Ports on the switch. The ISLs use switch E_Ports (E for expansion).
Multiple E_Ports can be used to provide the bandwidth needed. An additional type of switch port is a
G_Port. These can function either as F_Ports or E_Ports. A G_Port functions as an F_Port when it is
connected to a node's N_Port, and as an E_Port when connected to another switch's E_Port.
FIBRE CHANNEL ARCHITECTURE
The FC architecture represents the true channel/network integration wiyh standard interconnecting
devices. Connections in a SAN are accomplished using FC.

Traditionally transmission from host to storage devices are carried out over channel such as parallel bus.
Channel technologies provide high levels of performance with low protocol overheads.

FCP(Fibre channel protocol) is the implementation of serial SCSI-3 over an FC network. In the FCP
architecture,all external and remote storage devices attached to SAN appear as local devices to the host
oprating system.

The advantages of FCP are

• Sustained transmission bandwidth over long distances.

• Support for a larger number of addressable devices over a network.

• Exhibits the chaacterstic of channel transport provides speeds up to 8.5 GB/s

FCP is specified bystandard produced by T10, FCP-3 is the last issued standard and FCP-4 is under
development.FCP defines a fiber channel mapping layers (FC-4) that uses the services defined by
ANSX3.230-199X..

LAYERS

Fibre Channel (FC) is broken up into a series of five layers. The concept oflayers, starting with the
ISO/OSI seven-layer model, allows the development of one layer to remain independent of the adjacent
layers. Although, FC contains five layers, those layers follow the general principles stated in the ISO/OSI
model.

The five layers can be categorized into these two:

• Physical and signaling layer

• Upper layer

Fibre Channel is a layered protocol

PHYSICAL AND SIGNALING LAYERS
The physical and signaling layers include the three lowest layers: FC-0, FC-1, and FC-2.

Physical interface and media: FC-0

The lowest layer, FC-0, defines the physical link in the system, including the cabling, connectors, and
electrical parameters for the system at a wide range of data rates. This level is designed for maximum
flexibility, and allows the use of a large number of technologies to match the needs of the configuration.

A communication route between two nodes can be made up of links of different technologies. For
example, in reaching its destination, a signal might start out on copper wire and become converted to
single-mode fiber for longer distances. This flexibility allows for specialized configurations, depending on
IT requirements.

Laser safety
Fibre Channel often uses lasers to transmit data, and can, therefore, present an optical health hazard. The
FC-0 layer defines an open fiber control (OFC) system, and acts as a safety interlock for point-to-point
fiber connections that use semiconductor laser diodes as the optical source. If the fiber connection is
broken, the ports send a series of pulses until the physical connection is re-established and the necessary
handshake procedures are followed.
Transmission protocol: FC-1

The second layer, FC-1, provides the methods for adaptive 8B/10B encoding to bind the maximum length
of the code, maintain DC-balance, and provide word alignment. This layer is used to integrate the data
with the clock information required by serial transmission technologies.

Framing and signaling protocol: FC-2

Reliable communications result from Fibre Channel’s FC-2 framing and signaling protocol. FC-2
specifies a data transport mechanism that is independent of upper layer protocols. FC-2 is self-configuring
and supports point-to-point, Arbitrated Loop, and switched environments.

FC-2, which is the third layer of the FC-PH, provides the transport methods to determine:

• Topologies based on the presence or absence of a fabric

• Communication models

• Classes of service provided by the fabric and the nodes

• General fabric model

• Sequence and exchange identifiers

• Segmentation and reassembly

Data is transmitted in 4-byte ordered sets containing data and control characters. Ordered sets provide the
availability to obtain bit and word synchronization, which also establishes word boundary alignment.
Together, FC-0, FC-1, and FC-2 form the Fibre Channel physical and signaling interface (FC-PH).

UPPER LAYERS
The Upper layer includes two layers: FC-3 and FC-4.

FC-3:- NoT USED

Upper layer protocol mapping (ULP): FC-4

The highest layer, FC-4, provides the application-specific protocols. Fibre Channel is equally adept at
transporting both network and channel information and allows both protocol types to be concurrently
transported over the same physical interface.

Through mapping rules, a specific FC-4 describes how ULP processes of the same FC-4 type interoperate.

A channel example is Fibre Channel Protocol (FCP). This is used to transfer SCSI data over Fibre
Channel. A networking example is sending IP (Internet Protocol) packets between nodes. FICON is
another ULP in use today for mainframe systems. FICON is a contraction of Fibre Connection and refers
to running ESCON traffic over Fibre Channel.
FIBRE CHANNEL ADDRSSING
All devices in a Fibre Channel environment have an identity. The way that the identity is assigned and
used depends on the format of the Fibre Channel fabric.

For example, there is a difference between the way that addressing is done in an arbitrated loop and a
fabric

World Wide Name

All Fibre Channel devices have a unique identity called the World Wide Name (WWN). This is similar to
the way all Ethernet cards have a unique Media Access Control (MAC) address.

This WWN is a 64-bit address, and if two WWN addresses are put into the frame header, this leaves 16
bytes of data just for identifying destination and source address. So 64-bit addresses can impact routing
performance.

Each device in the SAN is identified by a unique world wide name (WWN). The WWN contains a vendor
identifier field, which is defined and maintained by the IEEE, and a vendor-specific information field.

Currently, there are two formats of the WWN as defined by the IEEE. The original format contains either
a hex 10 or hex 20 in the first two bytes of the address. This is then followed by the vendor-specific
information

The new addressing scheme starts with a hex 5 or 6 in the first half-byte followed by the vendor identifier
in the next 3 bytes. The vendor-specific information is then contained in the following fields.

A worldwide node name (WWNN) is a globally unique 64-bit identifier assigned to each Fibre Channel node
process

24-bit port address

The 24-bit address scheme removes the overhead of manual administration of addresses by allowing the
topology itself to assign addresses. This is not like WWN addressing, in which the addresses are assigned
to the manufacturers by the IEEE standards committee, and are built in to the device at the time of
manufacture. If the topology itself assigns the 24-bit addresses, then somebody has to be responsible for
the addressing scheme from WWN addressing to port addressing.

In the switched fabric environment, the switch itself is responsible for assigning and maintaining the port
addresses. When the device with its WWN logs into the switch on a specific port, the switch will assign
the port address to that port and the switch will also maintain the correlation between the port address and
the WWN address of the device of that port. This function of the switch is implemented by using the
Name Server.

The Name Server is a component of the fabric operating system, which runs inside the switch. It is
essentially a database of objects in which fabric-attached device registers its values.

Dynamic addressing also removes the partial element of human error in addressing maintenance, and
provides more flexibility in additions, moves, and changes in the SAN.

A 24-bit port address consists of three parts:

• Domain (from bits 23 to 16)

• Area (from bits 15 to 08)

• Port or Arbitrated Loop physical address: AL_PA (from bits 07 to 00)

The significance of some of the bits that make up the port address in the are:

Domain
The most significant byte of the port address is the domain. This is the address of the switch itself. One
byte allows up to 256 possible addresses. Because some of these are reserved, as for the one for broadcast,
there are only 239 addresses available. This means that you can theoretically have as many as 239
switches in your SAN environment. The domain number allows each switch to have a unique identifier if
you have multiple interconnected switches in your environment.

Area

The area field provides 256 addresses. This part of the address is used to identify the individual FL_Ports
supporting loops or it can be used as the identifier for a group of F_Ports, for example, a card with more
ports on it. This means that each group of ports has a different area number, even if there is only one port
in the group.

Port

The final part of the address provides 256 addresses for identifying attached N_Ports and NL_Ports.

Loop address

An NL_Port, like an N_Port, has a 24-bit port address. If no switch connection exists, the two upper bytes
of this port address are zeroes (x’00 00’) and referred to as a private loop. The devices on the loop have
no connection with the outside world. If the loop is attached to a fabric and an NL_Port supports a fabric
login, the upper two bytes are assigned a positive value by the switch. We call this mode a public loop. As
fabric-capable NL_Ports are members of both a local loop and the greater fabric community, a 24-bit
address is needed as an identifier in the network. Inthis case of public loop assignment, the value of the
upper two bytes represents the loop identifier, and this will be common to all NL_Ports on the same loop
that performed login to the fabric.

In both public and private arbitrated loops, the last byte of the 24-bit port address refers to the arbitrated
loop physical address (AL_PA). The AL_PA is acquired during initialization of the loop and may, in the
case of a fabric-capable loop device, be modified by the switch during login. The total number of the
AL_PAs available for arbitrated loop addressing is 127. This number is based on the requirements of
8b/10b running disparity between frames.

SECURING A FABRIC
some of the current methods for securing a SAN fabric are presented.

Fibre Channel Authentication Protocol

The Switch Link Authentication Protocol (SLAP/FC-SW-3) establishes a region of trust between
switches. For an end-to-end solution to be effective, this region of trust must extend throughout the SAN,
which requires the participation of fabric-connected devices, such as HBAs. The joint initiative between
Brocade and Emulex establishes Fibre Channel Authentication Protocol (FCAP) as the next-generation
implementation of SLAP. Customers gain the assurance that a region of trust extends over the entire
domain.

ZONING

Zoning provides access control in the SAN topology; it defines which HBAs can connect to which SPs.
You can have multiple ports to the same SP in different zones to reduce the number of presented paths.
When a SAN is configured using zoning, the devices outside a zone are not visible to the devices inside
the zone. In addition, SAN traffic within each zone is isolated from the other zones. Within a complex
SAN environment, SAN switches provide zoning. Zoning defines and configures the necessary security
and access rights for the entire SAN.

Typically, zones are created for each group of servers that access a shared group of storage devices.

TYPES OF ZONING
There are three types of Zoning

• Port Zoning or Hard Zoning

• WWN Zoning or Soft Zoning

• Mixed Zoning

Port Zoning or Hard Zoning

 • Port zoning utilizes physical ports to define security zones. A users access to data is determined
by what physical port he or she is connected to.

• With port zoning, zone information must be updated every time a user changes switch ports. In
addition, port zoning does not allow zones to overlap.

• Hard zoning is zoning which is implemented in hardware

• Hard zoning physically blocks access to a zone from any device outside of the zone.

WWN Zoning or Soft Zoning

• WWN zoning uses name servers in the switches to either allow or block access to particular
World Wide Names (WWNs) in the fabric.

• A major advantage of WWN zoning is the ability to recable the fabric without having to redo the
zone information.

• Soft zoning is zoning which is implemented in software

• Soft zoning uses filtering implemented in fibre channel switches to prevent ports from being seen
from outside of their assigned zones. The security vulnerability in soft zoning is that the ports are
still accessible if the user in another zone correctly guesses the fibre channel address.

Mixed zoning

You can create or edit a zone to contain a mixture of switch port zoning and end port zoning, as long
as a zoning policy is not applied. More commonly, mixed zoning is employed by combining zones
using different types of zoning in a single zone set. Under some circumstances, this may combine
some of the advantages of each form of zoning.

Zoning, masking and binding

Although neither of these can be classed as security products or mechanisms, combining all their
functionality together can make the SAN more secure than it would be without them.

Data security
In order to provide the equivalent security functions that are implemented in the LAN, the ANSI T11-
group is considering a range of proposals for connection authentication and integrity, which can be
recognized as the FC adoption of the IP security standards. These standards propose to secure FC
traffic between all FC ports and the domain controller
FIBRE CHANNEL LOGIN -
There are three different types of login for Fibre Channel. These are:

• Port login

• Process login

• Fabric login

Port login

Port login, also known as PLOGI, is used to establish a session between two N_Ports and is necessary
before any upper level commands or operations can be performed. During port login, two N_Ports
(devices) swap service parameters and make themselves known to each other.

Process login

Process login is also known as PRLI. Process login is used to set up theenvironment between related
processes on an originating N_Port and aresponding N_Port. A group of related processes is collectively
known as an image pair.

Fabric login

After the fabric-capable Fibre Channel device is attached to a fabric switch, it willcarry out a fabric login
(FLOGI).Similar to port login, FLOGI is an extended link service command that sets up a session
between two participants. With FLOGU a session is created between an N_Port or NL_Port and the
switch. An N_Port will send a FLOGI frame that contains its Node Name, its N_Port Name, and service
parameters.

SECURITY PRINCIPLES
It is a well-known fact that “a chain is only as strong as its weakest link” and when talking about
computer security, the same concept applies: there is no point in locking all the doors and then leaving a
window open. A secure, networked infrastructure must protect information at many levels or layers, and
have no single point of failure. The levels of defense need to be complementary, and work in conjunction
with each other. If you have a SAN, or any other network for that matter, that crumbles after a single
penetration, then this is not a recipe for success. There are a number of unique entities that need to be
given consideration in any environment. We discuss some of the most important ones in the topics that
follow.

Access control

Access control can be performed both by means of authentication and authorization techniques:
 • Authentication Means that the secure system has to challenge the user (usually by means of a
password) so that he or she identifies himself.

• Authorization Having identified a user, the system will be able to “know” what this user is
allowed to do and what they are not.

As true as it is in any IT environment, it is also true in a SAN environment that access to information, and
to the configuration or management tools, must be restricted to only those people that are need to have
access, and authorized to make changes. Any configuration or management software is typically protected
with several levels of security, usually starting with a user ID and password that must be assigned
appropriately to personnel based on their skill level and responsibility.

Auditing and accounting

It is essential that an audit trail is maintained for auditing and troubleshooting purposes. Logs should be
inspected on a regular basis and archived.

Data security
Whether at rest or in-flight, data security comprises of both data confidentiality and integrity.

Data confidentiality the system has to guarantee that the information cannot be accessed by unauthorized
people, remaining confidential for them but available for only authorized personnel. As shown in the next
section, this is usually accomplished by data encryption.

Data integrity the system has to guarantee that the data stored or processed within its boundaries is not
altered or tampered with in any way.

This is a security and integrity requirement aiming to guarantee that data from one application or system
does not become overlaid, corrupted, or otherwise destroyed, whether intentionally or by accident, by
other applications or systems. This may involve some form of authorization, and/or the ability to fence off
one system’s data from another systems.

Encryption

Encryption is the translation of data into a secret code and is the most effective way to achieve data
security. To read an encrypted file you must have access to a secret key, or password or passphrase, that
enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text.

There are two main types of encryption: symmetric encryption and asymmetric encryption (also called
public-key encryption).

Symmetric When the same secret password, or key, is used to encrypt a message and decrypt the
corresponding cipher text

Asymmetric When one key is used to encrypt a message and another to decrypt the corresponding cipher
text
CONCLUSION
In recent years, the demand of the storage system grows rapidly; furthermore, most enterprises request the
SAN system with high capacity and efficiency, more reliable and secure in order to get rid of risks of data
lost and service interruption.

REFERENCES

• en.wikipedia.org/wiki/Storage_area_network

• www-03.ibm.com/systems/storage/san/

• http://en.wikipedia.org/wiki/Fibre_Channel

• http://www.sansecurity.com/faq/hard-soft-zoning.shtml

• Information security and management by EMC

• education.emc.com/ismbooks

• www.redbooks.ibm.com/redbooks/pdfs

• http://searchstorage.techtarget.com