For our datacenter core/edge SAN fabric redesign planning, Brocade sent me a Secure SAN Zoning Best Practices document which I thought I’d pass along because it has some good information in it.  Although this document contains the Brocade name throughout, the principles can be applied to any vendor’s SAN fabric.  Please keep these best practices in mind when designing and configuring SAN fabrics for your VMware virtual infrastructure.

Here’s the summary:

Summary
Zoning is the most common management activity in a SAN. To create a solid foundation for a
new SAN, adopt a set of best practices to ensure that the SAN is secure, stable, and easy to
manage.

The following recommendations comprise the Zoning best practices that SAN administrators
should consider when implementing Zoning.

• Always implement Zoning, even if LUN Masking is being used.
• Always persistently disable all unused ports to increase security and avoid potential problems.
• Use pWWN identification for all Zoning configuration unless special circumstances require
  D,P identification (for example, FICON).
• Make Zoning aliases and names only as long as required to allow maximum scaling (in very
  large fabrics of 5000+ ports for Fabric OS 5.2.0+).
• All Zones should use frame-based hardware enforcement.
• Use Single Initiator Zoning with separate zones for tape and disk traffic if an HBA is
  carrying both types of traffic.
• Implement default zone –noaccess for FOS fabrics.
• Abandon inaccurate Zoning terminology and describe Zoning by enforcement method and
  identification type.
• Use the free Brocade SAN Health^TM software and the Fabric OS command zone -validate to
  validate the Zoning configurations.

Download the full document here.

• Previous Entry: Critical ESX/ESXi 3.5.0 Update 3 patch released
• Next Entry: VDI: VMware View 3 Premier vs. Citrix XenDesktop Enterprise 2.1