The volume ldev4 is accessible only from host4 because ldev4 and host4 are registered in the same access group.

The volume ldev5 does not belong to any access groups. For this reason, hosts in access groups cannot access ldev5. ldev5 is only accessible from host5 and host6, which are not registered in access groups.

Figure 1 Security Example 1

Port-Level Security

Usually, hosts are connected to two or more ports via cables and have access to volumes via these ports. In the security example in Figure 1, hosts in access groups can access volumes via every port to which the hosts are connected.

Note, however, that Volume Security Port Option enables you to prohibit hosts from accessing volumes via specified ports. For example, if a host named host1 is connected to two ports port1 and port2, you can permit the host to access volumes via port1 and prohibit the host from accessing volumes via port2.

Port-Level Security Implementation

To implement such port-level security, first you must determine ports via which hosts can access volumes, and then you must register the ports in host groups. For example, if you register host1 and port1 in the same host group named hg1 and then register hg1 in an access group, host1 can access volume via port1 but cannot access volumes via port2.

In Figure 2, the following security settings are applied:

The hosts host1, host2, and host3 can access the volumes ldev1 and ldev2 via port1, port2, and port3. However, the hosts cannot access the volumes via other ports.

The host host4 can access the volume ldev4 via port4. However, the host cannot access the volume via other ports.

10 About Volume Security Operations

Page 10
Image 10
HP XP24000 manual Port-Level Security Implementation