MDS gives virtual pwwn that is used for zoning and lun masking, so when a host
connected a port dies, you can either connect a new host to same port or reconfigure
flexattach config on port where spare host is connected. So this is a security concern
because anyone can come and attach another host to port and get all the access to luns.
Similar way someone can replace or remove hba and connect it to a different server.
This can be reduced by using port-security.
http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/rel_3_x/command/reference/CR03_f.html#wp1393061
Tuesday, April 29, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment