12.07.2015 Views

SECURING FIBRE CHANNEL FABRICS - Brocade

SECURING FIBRE CHANNEL FABRICS - Brocade

SECURING FIBRE CHANNEL FABRICS - Brocade

SHOW MORE
SHOW LESS
  • No tags were found...

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

The <strong>Brocade</strong> SAN Security Modeltem administrators. An administrator may have different privileges inone AD than in another AD. For example, a SAN administrator mayhave a read-only user role in AD 12 and an Admin role in AD 14.You can use either the AD feature or the VF feature, but not both at thesame time. VFs deliver more complete partitioning since this featureapplies to the data, control, and management paths of the fabric, andAD applies only to the management path.Traffic Isolation. Separation of duties can also be applied to someextent to the type of traffic so that one type of traffic does not affectanother type. This is implemented using the <strong>Brocade</strong> Traffic Isolation(TI) feature. Figure 36 illustrates how TI works. In this example, data isreplicated and backed up between Site A and Site B. Since tapebackup is highly I/O intensive and data replication is exceedinglyimportant, it is preferable to use TI to handle the data replication trafficon one ISL and the tape backup traffic on another ISL. Without TI,the data replication process would be competing for bandwidth withhighly I/O-intensive tape backup. This could result in severelyimpacted replication performance and could cause problems with synchronousreplication applications.Site AData replicationtrafficSite BTape backuptrafficServersTape libraryFigure 2. Example of traffic isolationSecuring Fibre Channel Fabrics 101

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!