askvity

How to do LUN masking?

Published in Storage Administration 4 mins read

LUN masking restricts host access to specific Logical Unit Numbers (LUNs) presented by a storage array, even if multiple LUNs are visible through the same port. It's essentially a security and management technique to control which servers can access which storage volumes. This is typically configured on the storage array itself.

Here's a breakdown of how LUN masking works and how to implement it:

1. Understanding the Basics

  • LUNs (Logical Unit Numbers): Represent individual storage volumes presented by a storage array.
  • WWNs (World Wide Names): Unique identifiers for Fibre Channel ports on both the host (HBAs - Host Bus Adapters) and the storage array. These are analogous to MAC addresses for network cards.
  • Initiator: The HBA port on the host server that initiates the connection to the storage.
  • Target: The port on the storage array that receives the connection from the host.
  • Masking: The process of associating specific initiator WWNs with specific LUNs, allowing only those initiators to access those LUNs.

2. Steps to Implement LUN Masking

  1. Identify Host Initiator WWNs: Determine the WWNs of the HBAs on your host servers that need access to the storage. This is typically done using operating system commands or HBA management tools. For example, in Linux you can use systool -c fc_host -v | grep port_name. In Windows you can use HBA utilities provided by the HBA vendor.

  2. Access the Storage Array's Management Interface: Log in to the management interface of your storage array. This could be a web-based interface, a command-line interface (CLI), or a dedicated management application.

  3. Create Host/Initiator Groups: Many storage arrays use the concept of "host groups" or "initiator groups" to simplify LUN masking. Create a group for each host server or a group of servers that require access to the same LUNs. Add the WWNs identified in step 1 to the corresponding host group.

  4. Assign LUNs to Host Groups: Associate the desired LUNs with the appropriate host groups. This step defines which LUNs each host group can access.

  5. Verify the Configuration: After configuring LUN masking, verify that the hosts can only see the LUNs they are authorized to access. Rescan the storage on the host operating system. If a host is seeing a LUN it shouldn't be, double check your WWN entries and the LUN to host group mappings.

3. Example Scenario

Let's say you have a storage array with three LUNs (LUN 0, LUN 1, and LUN 2) and two servers (Server A and Server B). You want Server A to access LUN 0 and LUN 1, and Server B to access LUN 2.

  1. You would first identify the WWNs of the HBAs on Server A and Server B.

  2. Then, you'd access the storage array's management interface.

  3. Create two host groups: "ServerA_Group" containing the WWNs of Server A's HBAs, and "ServerB_Group" containing the WWNs of Server B's HBAs.

  4. Assign LUN 0 and LUN 1 to "ServerA_Group" and LUN 2 to "ServerB_Group".

  5. Finally, you would rescan the storage on both servers to verify that Server A only sees LUN 0 and LUN 1, and Server B only sees LUN 2.

4. Considerations

  • WWN Accuracy: Ensure the WWNs are entered correctly, as incorrect WWNs will prevent the host from accessing the LUNs.
  • Storage Array Documentation: Refer to your storage array's documentation for specific instructions on how to configure LUN masking, as the process can vary between different vendors and models.
  • Zoning (Fibre Channel): In a Fibre Channel environment, LUN masking is often used in conjunction with zoning to further restrict access to storage resources. Zoning controls which devices can communicate with each other at the fabric level.

5. Benefits of LUN Masking

  • Security: Prevents unauthorized access to sensitive data.
  • Data Protection: Reduces the risk of accidental data corruption or deletion.
  • Simplified Management: Makes it easier to manage storage resources by controlling which hosts can access which LUNs.
  • Improved Performance: Reduces the number of LUNs a host needs to scan, which can improve boot times and application performance.

LUN masking is a fundamental storage management technique that enhances security, simplifies administration, and protects data. Remember to consult your specific storage array's documentation for precise configuration steps.

Related Articles