Logical Unit Number (LUN) Masking
Logical Unit Number (LUN) Masking is process that grants control of data access by specifying LUNs which can be accessed by computer system. It is usually performed at Host Bus Adapter (HBA) level.
Storage subsets are created by LUN masking within Virtual SAN where only identified servers are authorized to access these subsets. LUN masking is carried out on either controller or processor of storage. This makes sure that access to volume by servers is managed properly. Hence, this helps in prevention of any non-authorized or accidental application in common environment.
We have Port 1 and Port 4 in storage array on right. In each of our host’s host, we have either two HBAs or two HBA 8 ports. Ports A1 and A2 are present at Host A and Ports B1 and B2 are present at Host B. Both array ports 1 and 4 are connected to each host. All three LUNs can be accessed by both hosts. We add an ACL (Access Control List) to each of ports. ACL on port 1 states that HBA port A1 can access LUN X1 and HBA port B1 can access LUN P1 and LUN P2.
In the same way, ACL on port 4 states that HBA port A2 can access LUN X1 and HBA port B2 can access LUN P1 and LUN P2. For Host A, both ports grant access to LUN X1. Host A is trying to access LUN X1 through HBA port A1 and this access is permitted by ACL. Hence, Host A can read or write data on LUN X1. Host A now wants to access LUN P1 and LUN P2 through same HBA port. This access attempt is prohibited because LUN masking table does not grant permission to it.
We now configure LUN masking to permit both hosts to access LUN X1. If hosts A and B read and write on LUN X1 without informing each other, the data will get corrupted on that LUN and this will result in data loss. This indicates that not more than one system should be granted permission to read or write on the same LUN. This problem can be resolved by using a Host-based software called Clustering Software which will allow several hosts to access common LUN or multiple shared LUNs.
Figure – LUN Masking
Share your thoughts in the comments
Please Login to comment...