Zone Configurations; Zoning Enforcement; Software-Enforced Zoning - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual

Zone configurations

A zone configuration is a group of one or more zones. A zone can be included in more than one zone
configuration. When a zone configuration is in effect, all zones that are members of that configuration are
in effect.
Several zone configurations can reside on a switch at once, and you can quickly alternate between them.
For example, you might want to have one configuration enabled during the business hours and another
enabled overnight. However, only one zone configuration can be enabled at a time.
The different types of zone configurations are:
• Defined Configuration
The complete set of all zone objects defined in the fabric.
• Effective Configuration
A single zone configuration that is currently in effect. The effective configuration is built when you
enable a specified zone configuration.
• Saved Configuration
A copy of the defined configuration plus the name of the effective configuration, which is saved in flash
memory. (You can also provide a backup of the zoning configuration and restore the zoning
configuration.) There might be differences between the saved configuration and the defined
configuration if you have modified any of the zone definitions and have not saved the configuration.
• Disabled Configuration
The effective configuration is removed from flash memory.
When you disable the effective configuration, the Advanced Zoning feature is disabled on the fabric, and
all devices within the fabric can communicate with all other devices (unless you previously set up a default
zone, as described in
is deleted, however, only that there is no configuration active in the fabric.
On power-up, the switch automatically reloads the saved configuration. If a configuration was active when
it was saved, the same configuration is reinstated on the local switch.

Zoning enforcement

Zoning enables you to restrict access to devices in a fabric.
Zoning enforcement describes a set of predefined rules that the switch uses to determine where to send
incoming data. There are two methods of enforcement: software-enforced and hardware-enforced zoning.
Software-enforced zoning prevents hosts from discovering unauthorized target devices, while
hardware-enforced zoning prevents a host from accessing a device it is not authorized to access.

Software-enforced zoning

Software-enforced zoning is used for any mixed zone (a zone with both WWN and domain,port
members).
Software-enforced zoning:
• Is also called soft zoning, name server zoning, fabric-based zoning, or session-based zoning
• Is available on 1, 2, 4, and 10 Gb/s platforms
• Prevents hosts from discovering unauthorized target devices
• Ensures that the name server does not return any information to an unauthorized initiator in response to
a name server query
• Does not prohibit access to the device. If an initiator has knowledge of the network address of a target
device, it does not need to query the name server to access it, which could lead to undesired access to
a target device by unauthorized hosts.
• Is exclusively enforced through selective information presented to end nodes through the fabric Simple
Name Server (SNS). When an initiator queries the name server for accessible devices in the fabric, the
name server returns only those devices that are in the same zone as the initiator. Devices that are not
part of the zone are not returned as accessible devices.
"Default zoning mode" on page 250). This does not mean that the zoning database
Fabric OS 6.2 administrator guide 237