ESX Server Tech Note: Providing LUN Security
Tuesday, 14 March 2006 by Michel Roth
VMware ESX Server provides strong security and performance isolation for virtual machine storage. Each virtual machine sees only the virtual disks that have been presented to its virtual SCSI adapters. Virtual machines cannot see the physical Fibre Channel HBAs on the ESX Server host on which they run. Nor, in typical use cases, do they see the LUNs on which their virtual disks reside. Emerging mechanisms for LUN security in a virtual environment from Fibre Channel HBA vendors provide an alternative for accomplishing the same goals.

In a physical Fibre Channel SAN environment, LUN security is typically accomplished through a combination of LUN masking and zoning. Using these approaches in a vendor-recommended way ensures that a given LUN can be accessed only by a single host, as identified by the world wide names (WWN) of its HBAs. In a virtual environment, this situation changes slightly. It is now possible to have multiple virtual machines on a single physical host. Furthermore, to facilitate the use of advanced technologies such as VMotion, multiple ESX Server hosts may have their LUN masking and zoning set up to allow for broad access, with control being maintained by VMFS, the distributed file system that is included as part of ESX Server.

Download here.

Related Items:

ESX Server 3.0 and VirtualCenter 2.0 Available For Download (16 June 2006)
VMware's Ticking Storage Time Bomb (16 February 2006)
Comparison of Storage Protocol Performance (23 April 2008)
Double-Take For Virtual Systems (13 February 2006)
Boost Microsoft Virtual Server 2005 Guest Performance (4 February 2005)
System Center Virtual Machine Manager Beta 1 Available For Download (8 August 2006)
Virtual Infrastructure best practices (5 November 2009)
ESX Manager 2.3 (16 July 2008)
VMware Player (21 October 2005)
Virus Scanning And Virtual Machines (25 January 2006)
Comments (0)add feed
Show/Hide comment formtoggle
password
 

busy