Professional Documents
Culture Documents
White Paper
PM
34
6:
:4
11
Managing Access Control
0
01
Through
2
il,
SAS Zoning
pr
2A
,1
ay
nd
Mo
n
so
sy
fM
io
sa
De
h
es
te
White Paper
sa
by
d]
lle
tro
on
PM
Legal Information
34
6:
Copyright
:4
11
Copyright 2005 PMC-Sierra, Inc. All rights reserved.
0
01
The information in this document is proprietary and confidential to PMC-Sierra, Inc., and for its
2
customers’ internal use. In any event, no part of this document may be reproduced or
il,
redistributed in any form without the express written consent of PMC-Sierra, Inc.
pr
2A
PMC-2051469 (01)
,1
ay
Disclaimer
nd
Mo
None of the information contained in this document constitutes an express or implied warranty
n
by PMC-Sierra, Inc. as to the sufficiency, fitness or suitability for a particular purpose of any
so
such information or the fitness, or suitability for a particular purpose, merchantability,
performance, compatibility with other parts or systems, of any of the products of PMC-Sierra,
sy
Inc., or any portion thereof, referred to in this document. PMC-Sierra, Inc. expressly disclaims
fM
all representations and warranties of any kind regarding the contents or use of the information,
io
including, but not limited to, express and implied warranties of accuracy, completeness,
sa
In no event will PMC-Sierra, Inc. be liable for any direct, indirect, special, incidental or
h
consequential damages, including, but not limited to, lost profits, lost business or lost data
es
resulting from any use of or reliance upon the information, whether or not PMC-Sierra, Inc. has
te
Trademarks
d]
lle
http://www.pmc-sierra.com/legal/
on
[c
Patents
ed
ad
PM
Abstract
34
Serial Attached SCSI (SAS) is gaining popularity in small storage area network (SAN) server
6:
environments. SAS has gained significant interest as a mechanism for connecting large groups
:4
of targets in small SAN or in cluster or blade server environments and allowing these servers to
11
share resources across their targets. With SAS’s rise in popularity comes the need to segregate
0
and manage device traffic by zones in a similar fashion to what is already done in larger Fibre
01
Channel networks or Ethernet using virtual LANs. This paper discusses how SAS zoning, as
2
proposed to the T10 Technical Committee of the INCITS SAS 2 working group, can meet these
il,
zoning and access control needs. SAS zoning provides functionality for traffic segregation,
pr
resource flexibility, controlled resource sharing, topology control, and protection against
2A
unauthorized access. This paper includes an overview of SAS zoning operation and
,1
implementation, and a discussion of how zoning enables the management of SAS-based blade
ay
servers, which support both enterprise-class applications with SAS HDDs and near-line/fixed
content storage requirements with SATA HDDs.
nd
Mo
About PMC
n
so
PMC-Sierra™ is a leading provider of high-speed broadband communications and storage
sy
Transport, Storage Area Networking and Wireless network equipment. The company offers
worldwide technical and sales support, including a network of offices throughout North
io
America, Europe and Asia. The company is publicly traded on the NASDAQ Stock Market
sa
under the PMCS symbol and is included in the S&P 500 Index.
De
Dr. Heng Liao is a Principal Engineer and the chief architect for PMC-Sierra’s SAS Expander
sa
Products in the Enterprise Storage Product Division (ESD). Prior to joining PMC-Sierra, Dr.
by
Liao was a Post-doctoral Research Associate at Princeton University and studied various
parallel processor architecture and compiler techniques. Dr Liao has over 8 years of experience
d]
in the storage and communication IC industry and has worked in various design roles. Dr. Liao
lle
holds a Doctor of Philosophy Degree in Computer Engineering from the Tsinghua University,
tro
Beijing, China. Dr. Liao has over 18 US and international patents pending or awarded in the
on
Tim Symons is a Principal Engineer and Storage architect at PMC-Sierra. Prior to joining PMC-
ad
Sierra, Mr. Symons was a Storage Systems Architect and Technologist with Adaptec Inc.
lo
(formerly Eurologic Systems). Mr. Symons has a Bachelor of Science (Honors) degree in
wn
Rachelle Trent is a Product Marketing Manager for PMC-Sierra’s Enterprise and Storage
PM
Division. She currently manages the Serial Attached SCSI (SAS) products for server storage
system applications. Formerly, Ms. Trent managed PMC-Sierra’s high-speed SERDES product
34
line. Prior to her marketing roles, she was a Mixed Signal Design Engineer and was involved
6:
with designing high-speed analog interfaces. In 1996, Ms. Trent graduated with a Bachelor’s of
:4
11
Science degree in Physics with first class honors from the University of Victoria. She received
her Master’s of Applied Science (mixed-signal design) degree from Simon Fraser University in
0
1999. Ms. Trent is a board member for the SCSI Trade Association (STA) and a member of the
01
Institute of Electrical and Electronics Engineers (IEEE).
2
il,
References
pr
2A
1. ISO/IEC 14776-151:200x, ANSI INCITS. ***.200x, Project T10/1601-D, Working Draft
,1
American National Standard, Information technology – Serial Attached SCSI – 1.1 (SAS-
ay
1.1). July 9, 2003. http://www.t10.org/.
nd
Mo
2. ISO/IEC 14776-150:200x, ANSI INCITS.***:200x, Project 10/1562-D, Working Draft
American National Standard, Working Draft American National Standard, Information
n
technology– Serial Attached SCSI (SAS). July 24, 2005. http://www.t10.org/.
so
sy
3. T10/05-144r6, SAS-2 zoning, presented to the T10 Technical Committee. June 13, 2005.
fM
http:/www.t10.org/.
io
sa
Revision History
De
No.
es
PM
Table of Contents
34
Legal Information........................................................................................................................... 2
6:
Abstract ......................................................................................................................................... 3
:4
11
About PMC .................................................................................................................................... 3
0
About the Authors .......................................................................................................................... 3
01
References .................................................................................................................................... 4
2
il,
1 Managing Access Control ....................................................................................................... 7
pr
1.1 Ease of SAS .................................................................................................................. 7
2A
1.2 Benefits of SAS Zoning ................................................................................................. 8
,1
1.3 How Zoning Works ........................................................................................................ 9
ay
nd
2 The Zoning Implementation .................................................................................................. 10
Mo
2.1 Zoning Domain ............................................................................................................ 11
2.2 Zone Policy Configuration ........................................................................................... 12
n
so
2.2.1 Identifying Zones......................................................................................... 12
sy
4 Conclusion ............................................................................................................................ 23
on
Glossary ...................................................................................................................................... 24
[c
ed
ad
lo
wn
Do
PM
List of Figures
34
Figure 1 SAS Access Control Features....................................................................................... 8
6:
Figure 2 Zoning Service Delivery Subsystem Example ............................................................ 11
:4
11
Figure 3 Zoning Groups Example ............................................................................................. 13
0
Figure 4 Zone Permission Table ............................................................................................... 13
01
Figure 5 Zoning Expander Route Table .................................................................................... 15
2
il,
Figure 6 Open Address Frame Handling................................................................................... 17
pr
Figure 7 Single-Hop and Multi-Hop Permission Checking ........................................................ 18
2A
Figure 8 Block Diagram of Typical Blade Server Components ................................................. 20
,1
Figure 9 Example SAS Blade Server Architecture.................................................................... 21
ay
nd
Figure 10 Diskless Blade Server Architecture........................................................................... 22
Mo
n
so
sy
List of Tables
fM
PM
1 Managing Access Control
34
Serial Attached SCSI (SAS) is gaining popularity in small storage area network (SAN) server
6:
environments. With its rise in popularity comes the need to segregate and manage device traffic
:4
in a similar fashion to what is already done in larger Fibre Channel networks by using zones or
11
in Ethernet using virtual LANs. By doing this, IT administrators can create much more flexible,
0
scalable, and efficient server networks that meet their business needs. SAS zoning, a proposal to
01
the T10 Technical Committee for inclusion in the SAS-2 specification, provides this capability.
2
il,
pr
1.1 Ease of SAS
2A
,1
SAS offers many benefits for enterprise IT infrastructures that need to operate leanly and with
ay
high productivity and flexibility. SAS, a point-to-point protocol, is a high performance, scalable,
nd
flexible and economical solution for deploying storage systems.
Mo
SAS is a replacement for parallel SCSI, maximizing the ease with which data storage capacity
and throughput is created. Its target application is direct attached storage (DAS) systems where
n
so
one server is connected to multiple disks. However, SAS provides a powerful switching
capability using expanders, which act as switches to end devices, enabling quick aggregation of
sy
many drives in a single SAS domain (up to 16,384 devices). These expanders are fully capable
fM
of connecting multiple hosts to multiple targets. SAS has gained significant interest as a
io
mechanism for connecting large groups of targets in small storage area networks (SANs), in
sa
cluster or in blade server environments, allowing these servers to share resources across their
targets.
De
h
In these larger server environments, it is necessary to provide more management and control
es
services. Frequently, the traffic needs to be segregated for efficiency. Furthermore, since storage
te
resources are shared, server resources need to be controlled by putting limitations on which
sa
resources each server can control preventing unauthorized access. As well, not all servers need
by
to access all data. Some data may need to be dedicated on one server; other data may need to be
shared across multiple servers. Access controls, such as those provided for the SAS zoning
d]
error on the server. Access controls ensure that if a server is compromised, only data that is
tro
accessible by the compromised server is at risk of being lost and not the entire network.
on
The SAS transport protocol supports the following protocols over its serial interface:
[c
ed
• Serial SCSI Protocol (SSP) to communicate with SAS devices and existing SCSI software
ad
• SCSI Tunneling Protocol (STP) to identify and communicate with SATA devices
lo
wn
The zoning features discussed in this paper are managed by an extension to the SMP
commands.
PM
34
What are the benefits for access control and what makes SAS zoning attractive? To answer
6:
these questions, envision a SAS expander topology as shown in Figure 1.
:4
11
Figure 1 SAS Access Control Features
0
01
2
Limit topology changes
il,
Set access restrictions /
pr
limitations for hosts Flexibly
2A
re-deploy
resources
,1
ay
Host
Host
Host
nd
SAS
Device
Mo
9
Expander
n
so
SAS Segregate traffic
SAS SAS SAS SAS
SAS Device Device
SAS Device Device Device
8
sy
Device 6 7
Protect against attacks SAS Device
3
4 5
Device 2
fM
Division A Division C
Internal Zone: Customer Accessible
sa
Division B
De
h
es
Share devices
te
sa
Access control provides traffic segregation for data, functions and broadcast traffic. It logically
separates traffic between hosts and resources and provides common access privileges to all end
by
devices. There are many ways to segregate traffic. Figure 1 shows how traffic can be segregated
d]
Access control provides flexible re-deployment of resources. For example, if one hard disk drive
(HDD) is assigned to a server in a group, but more capacity is required for that server, it is easy
on
restrictions/limitations. Users can limit the resources that each host “sees” by configuring
different policies for each SAS zone. By assigning SAS PHYs into groups and applying access
lo
wn
control policies to restrict these groups, the system designer can ensure that only authorized
users can access certain parts of the system. By grouping end devices, system designers can also
Do
Zoning allows users to limit access to the SMP control plane such that only the authenticated
management devices can issue SMP control commands.
Access control limits the impact of topology change. A SAS network uses a mechanism called
PM
topology discovery to determine which devices are part of the topology. Each time a new device
is added, removed, or lost, a broadcast event is generated to notify all the expanders and host
34
devices that re-discovery must be performed to determine which device has changed. This is a
6:
time consuming process and requires both the hosts’ and expanders’ resources as well as
:4
11
increases SMP traffic. It makes sense, therefore, to limit the impact of topology changes so that
when a device is added or removed, only its host device has privileges to see the topology
0
change
01
2
Finally, access control also provides protection against attacks by limiting the propagation of
il,
Broadcast traffic. Broadcast events are very disruptive and consume a great amount of link
pr
bandwidth when being sent frequently, also known as a broadcast storm. If broadcast storms are
2A
not limited, any “misbehaving” device in the topology can disrupt the operation of the entire
,1
network. It becomes difficult to support larger networks if broadcast storms are not controlled.
ay
nd
1.3 How Zoning Works
Mo
n
Access control functionality is fully implemented in the expanders. Expanders are used for
so
control as it is difficult to know if a host is authorized or not. Therefore, access control does not
require hosts to intervene or change their behavior. By allowing expanders to control zoning,
sy
legacy SAS and SATA devices, which do not understand zoning, can operate within the SAS
fM
domain.
io
sa
From the perspective of a SAS system administrator, the zoning model requires no change to the
end devices in the network. Initiators continue to perform normal SAS discovery, and initiators
De
and targets send and receive OPEN address frames as usual. However, unlike a typical SAS
h
system, initiators and targets do not see the entire SAS domain, also known as a service delivery
es
subsystem. Instead, they only see the portions of the domain, otherwise known as groups, that
te
they have been given permission to see based on a permission table that is configured for each
sa
zoning expander. Zoning operation is determined by the configuration made to the zoning
by
attributes for each PHY port of the expander (called PHY zone configuration).
d]
lle
tro
on
[c
ed
ad
lo
wn
Do
PM
2 The Zoning Implementation
34
To enable zoning in a network, the system designer/administrator must:
6:
:4
• Implement the service delivery subsystem using zoning expanders. (Note, although up to
11
128 zones are supported by the SAS-2 zoning proposal, the number of supported zones
differs for each zoning expander vendor.)
0
01
• Define the portions or groups required in the zoning domain by analyzing the devices that
2
need to share common access privileges. This information must then be translated into the
il,
pr
zoning permission table contained within the expander. The permission table defines
2A
whether communication is allowed between groups. Group assignment is strictly based on
the expander ports of the zoning service delivery subsystem. The service delivery subsystem
,1
can be a portion of a SAS domain or a complete SAS domain that provides normal services
ay
of a SAS system including zone management and access control services. Each PHY can
nd
only belong to one group.
Mo
• Define the attributes for each expander PHY:
o Define the supervisor(s) for the service delivery subsystem. The supervisor is a
n
so
management entity that is either an expander device inside the zoning subsystem or a
device attached to the subsystem. The supervisor is an SMP initiator that is capable of
sy
generating SMP commands for SAS zoning configuration and management. More than
fM
one supervisor can exist in a fabric. Note that a supervising expander is used to
io
coordinate the supervisors is automatically elected based on the largest SAS address in
sa
the topology and is responsible for propagating zone permission table changes to all
zoning expanders in the subsystem.
De
o Designate the PHYs attached to the zoning expanders as trusted or not trusted. Devices
h
inside the boundary of the zoning subsystem are designated as trusted whereas those
es
outside the subsystem are listed as untrusted. This exercise defines the boundary of the
te
The SAS-2 zoning proposal that has been submitted to the T10 Technical Committee provides
complete details about the updated SMP commands that are used for zone management
d]
• DISCOVER function
ad
For details, see the SAS-2 Zoning Proposal (05-144r5) on the T10 Technical Committee website, www.t10.org.
PM
34
Figure 2 shows an example of a SAS-2 zoning service delivery subsystem. The system looks
6:
identical to a legacy SAS 1.1 service delivery subsystem, except that it consists of zoning
:4
expanders. Zoning expanders are capable of configuring zones and implementing and enforcing
11
access control policies on the network.
0
The end devices, which are connected to the expanders, can be legacy devices (including
01
expanders). Any of the end devices as well as expanders that are attached to the edge of the
2
zoning fabric will inherit the zone membership of their attachment point, at the boundary of the
il,
pr
zoning service delivery subsystem.
2A
Figure 2 Zoning Service Delivery Subsystem Example
,1
ay
nd
Mo
n
so
sy
fM
io
Zoning
Expander
sa
Expander
Expander
De
esZoning
Zoning
Zoning Fabric
h
Zoning
te
Expander
sa
by
d]
lle
tro
on
[c
z
ed
ad
lo
Since the zoning function is fully implemented by the expander fabric, the implementation is
wn
completing transparent to end devices or legacy devices such as SAS 1.1 HBAs and HDDs that
do not have knowledge of zoning, to change their behavior.
Do
PM
34
2.2.1 Identifying Zones
6:
:4
For a SAS zoning expander to identify a device and its control policies, the system
11
administrator must define the zones by using a unique ID: either the device’s worldwide name
that is defined during its manufacture or the port number where a device is attached to the
0
01
service delivery subsystem. This unique ID is assigned to the expander PHY that is attached to
2
each end device.
il,
pr
Table 1 shows a comparison of worldwide name-based and port-based zoning. Note that each
2A
has its intended users. The zoning proposal supports both. The underlying zoning mechanism is
based on the most secure method, port-based zoning, which is PHY-based. However, one-to-one
,1
mapping can be done between the WWN and the physical port ID using upper-layer
ay
management software to present a management API that is WWN-based.
nd
Mo
Table 1 Comparison of Worldwide Name and Port Zoning Control Policies
n
Worldwide Name Zoning Port Zoning
so
Uses the unique worldwide name associated with Uses the physical port IDs of the expanders to
sy
each device to define the zones. A database define the zones. Access rights are defined for
stores all the WWNs and port numbers. each port in the zoning service subsystem.
fM
Determines which WWNs are allowed to access Determines which ports are allowed to access other
io
Devices can be moved between ports without Zone information must be updated when a device is
De
If a device is relocated on the network, the management software will be able to detect the move
d]
Figure 3 shows an example zoning topology. In this instance, Device 0 and Device 2 are
[c
assigned to the same group (Group 126) since they share common resources (the need to
ed
PM
34
6:
Group
:4
126
Device
11
2
0
01
2
Group 1 Device
1
il,
Device Group 2 Device
pr
0 3
2A
,1
ay
Zoning Expander
nd
Fabric
Mo
n
Group 3 Device
so
4
sy
Group 5
Device Group 4 Device
fM
5 N-1
io
sa
The access control policies, otherwise referred to as zone permissions, for each expander group
De
are defined using the zone permission table, which is represented in Figure 4.
h
es
Special Group 0 0 0 0 0 0 0 0 1
0 P[0,0]
…
P[0,127]
d]
1 0 1 … 1
lle
2 0 1 … 1
tro
User 3 0 1 … 1
on
Defined
Groups
4 0 … 1 1
[c
5 0 1 … 1 1
ed
… … … … … … … … … … …
ad
126 0 1 1 … 1
lo
Special Group 1 1 1 1 1 1 1 1
wn
127 P[127,0]
… 1
P[127,127]
Do
Group 0 and Group 127 are provided as special groups and cannot be defined by the user. By
PM
default, Group 0 cannot access any other groups except for those in Group 127. Group 0 is used,
for example, for a new device that is inserted into the zoning service delivery subsystem, and
34
has not yet assigned a group by the system administrator. Group 127 (SMP target) is allowed to
6:
access all other groups, including Group 0 and is used for topology discovery and zone
:4
11
management.
0
Groups 1 to 127 are configured by the system administrator based on the needs of the
01
application. The permission values for each group are reversed for their mirror groups. For
2
example, P[x,y] is equal to P[y,x] to accommodate SSP and STP exchanges, which are bi-
il,
directional. Devices in the same group do not always need to access each other and therefore,
pr
the permission value for these must be configured. For example, if two servers share the same
2A
group of target resources and share the same storage space, but must not access each other, users
,1
can assign them to the same group (P[x,x]), restrict access, assign all the shared resources to
ay
another group (y), and allow permission between P[x,y].
nd
When configuring the zoning permission table, as shown in Figure 4, the rules that must be
Mo
followed are:
n
so
1. When P[x,y]=0, Groups x and y are not allowed to access each other. When P[x,y]=1,
Groups x and y are allowed to access each other.
sy
fM
2. Group 0 is not allowed to access any other group except Group 127.
io
5. Members in the same group P[x,x] may not have permission to access each other.
te
sa
Each time a topology change is detected in the SAS subsystem, the zone permission table
d]
updates are updated to the service delivery subsystem by the supervisor using the SMP
lle
The permission table update is a multi-step process. The supervisor must send the entire
permission table to the current supervising expander. The supervising expander propagates the
[c
changes to the rest of the expanders in the service delivery subsystem. The use of a supervising
ed
expander ensures consistency among the zoning policy tables in all zoning expanders in the
ad
As previously mentioned, the supervising expander is elected based on the largest SAS address
in the topology. Each zoning expander has a SUPERVISING PRIORITY attribute, which
Do
PM
34
One of the supervisor expander’s responsibilities is to communicate the attributes of the
6:
expander PHY port to the service delivery subsystem (expanders). This is the second type of
:4
zone configuration that needs to be done. The attributes that need to be configured for the PHY
11
zone include:
0
• Source Group ID —The GROUP ID attribute is the unique user-defined zone group ID
01
(ranging from 1 to 127).
2
il,
• Supervisor status —The SUPERVISOR attribute defines whether the device attached to the
pr
PHY can be a supervisor.
2A
• Trusted status —The TRUSTED attribute defines if the device is considered trusted thereby
,1
defining the boundary of the service delivery subsystem. This is usually an expander PHY-
ay
to-expander PHY attribute.
nd
• Source check status — This attribute defines whether the expander can automatically check
Mo
the source address of any open address frames against the source address that was
communicated during the initialization process. The sources check status ensures that a
n
device cannot spoof (pretend to be) a trusted device to gain access to the service delivery
so
subsystem and gain unauthorized data.
sy
fM
The PHY zone updates are atomic and are made from a supervisor to a zoning expander using a
single SMP command, CONFIGURE PHY ZONE. The expander self-discovery process
io
propagates the new PHY zone information associated with the attached SAS address. Even in a
sa
The SAS 1.1 specification defines an expander route table, which maps the SAS address to an
expander PHY. For SAS-2 zoning purposes, this route table is extended to also include the
by
GROUP ID, SUPERVISOR, and TRUSTED bit attributes. During topology discovery, the
d]
zoning expanders propagate the group assignment along with the SAS address. Figure 5 is a
lle
ID, Supervisor,
Expander 0 … and Trusted Bit
ad
Expander 1 … Attributes
lo
Expander 2 …
wn
… … … … … …
Do
Expander n …
All zoning expanders are configured as self-configuring expanders. That is, all the expanders
PM
are able to traverse the SAS topology and populate the zoning expander route table. This
process also protects the service delivery subsystem from any problems that might occur with
34
the host configuring the zone table, where security is not ensured.
6:
:4
Host topology discovery still occurs, as defined by SAS 1.1, to determine the devices in the
11
service delivery subsystem. The management of the zoning subsystem is done through the
0
REPORT GENERAL, DISCOVER, REPORT ZONE ROUTE TABLE commands, which
01
contain new fields for SAS zoning. However, information filtering is done based on the Group
2
ID of the originating end device. Hence, if an end device is from a particular group, say Group
il,
x, the zoning expander will only record the devices attached to Group x even though it may be
pr
attached to other groups, limiting what the host can “see”.
2A
,1
ay
2.5 Zoning Operation
nd
Mo
2.5.1 OPEN Address Frame Handling
n
An OPEN address frame (OAF) is the means for establishing a connection between two SAS
so
devices. For SAS zoning, in addition to carrying both the source SAS address and the
sy
destination SAS address, the OPEN frame carries two new fields necessary for routing in a
fM
SAS-zoned network:
io
The SGID field is represented in the zoning permission table shown in Figure 4 by P[y]. The
sa
expander routes packets according to the destination address in the OPEN frame using one of
the three standard SAS methods: table, direct, or subtractive routing. During the routing
by
process, these routing methods check the destination SAS address and map the address to a
d]
destination group ID (DGID). (In Figure 4, this is P[x].) Hence, SGID identifies where a frame
lle
has come from and DGID identifies where a frame is being sent. By checking the group ID
tro
against the zoning permission table, the expander can verify whether the OPEN request is
permitted.
on
[c
The ACCESS ZONE MANAGEMENT field defines whether the OPEN address frame
ed
originates from a supervisor device or not. This is important for proper access control and
ad
permission checking.
lo
wn
Do
PM
1. The OAF is received on the Untrusted PHY.
34
The ACCESS ZONE MANAGEMENT bit is set to
the supervisor bit of the expander PHY. The SGID
6:
2. The OAF is sent from A to B with the
is set as the group ID of the expander PHY (X). A
SGID set to expander PHY X. The SGID 3. The SGID field
:4
source check is done for address A against the
field is preserved when transmitted from/ is removed when
SAS address received by this PHY. The zone
received out of a trusted PHY.
11
transmitted by an
permission table is checked to validate that the
untrusted PHY.
OAF is allowed through.
0
Untrusted PHY
Untrusted PHY
Trusted PHY
Trusted PHY
01
Device A Zoning Zoning Device B
2
Expander 1 Expander 2
il,
Group ID = X Group ID = Y
pr
2A
Source Check
,1
ay
Both the SGID and ACCESS ZONE MANAGEMENT fields are only valid for OPEN address
nd
frames that are passed among devices inside the zoning service delivery subsystem on trusted
expander PHYs. Since end devices can be legacy devices that do not have these fields, when an
Mo
OPEN frame is received from an untrusted PHY, the ingress PHY of the source zoning expander
n
will set the SGID field to the group ID associated with the PHY and the ACCESS ZONE so
MANAGEMENT field according to the supervisor attribute of the associated PHY. After the
sy
frame is routed, the egress PHY of the destination expander will remove these fields before
transmitting on to another untrusted PHY. Refer to Figure 6 for details.
fM
io
Permission Checking
sa
De
Permission checking for SAS zoning is done either using a single-hop or multi-hop method:
h
• If the zoning expander topology uses only table routing, then the zoning route tables will
es
contain all of the SAS addresses in the domain, that is, the routing table is flat across the
te
topology. In this case, an illegal OPEN address frame will always be rejected by the first
sa
expander. The zone routing table immediately routes the destination address to the DGID
by
that associated with it and accepts or rejects the OPEN frame based on the permission table.
d]
• If subtractive routing is used in the topology, the zone routing table will only contain a
lle
subset of the SAS address in the domain. In this case, the OPEN address frame will be
tro
propagated from expander to expander via the subtractive port until it reaches an expander
that has knowledge of the group ID and corresponding SAS address. In this multi-hop
on
method, an illegal OPEN frame will be subtractively routed as far as the last expander
[c
attached to the destination address. Although this approach may consume more inter-
ed
expander link bandwidth, it does allow edge expanders to have a smaller route table.
ad
lo
wn
Do
PM
34
Single Hop
6:
1. The OAF is sent
from Device A to B.
:4
11
Untrusted PHY
Untrusted PHY
Trusted PHY
Trusted PHY
0
Device A Zoning Zoning Device B
01
Expander 1 Expander 2
2
Group ID = X Group ID = Y
il,
pr
2A
Source Check
2. OPEN Reject
,1
ay
Multi Hop
nd
2. The OAF is
Mo
forwarded with
1. The OAF is sent SGID = X.
from Device A to B.
on
Untrusted PHY
Untrusted PHY
ys
MsPHY
Trusted PHY
Device A Zoning Zoning Device B
fTrusted
Expander 1 Expander 2
io
Group ID = X Group ID = Y
sa
De
Source Check
4. The OAF is 3. Direct Routing
rejected. finds a match in Zone
h
Permission Table
es
(P[x,y) = 0.
te
sa
In SAS 1.1, when the status of a device in the topology changes, a Broadcast primitive is
d]
generated and sent throughout the topology to inform the host that a change has occurred. The
lle
concept of Broadcast limiting restricts the Broadcast primitive to only propagate to the zones it
tro
has permission to access. To accomplish this in the SAS-2 zoning specification, the Broadcast
on
frame includes the SGID. The Broadcast frame can only propagate through the service delivery
subsystem to groups that the SGID is allowed to access, as defined by the access policy
[c
permission table. Broadcast limiting is important for reducing broadcast storms and topology
ed
discovery traffic.
ad
lo
Insertion of the SGID into the Broadcast frame is only used for inter-expander communication.
wn
PM
3 Applications for SAS Zoning
34
Serial Attached SCSI was designed to be a feature-rich replacement for parallel SCSI. As such,
6:
SAS was architected and specified around existing SCSI Direct Attached Storage (DAS)
:4
applications. As SAS is maturing, new applications outside of the DAS market are emerging.
11
Zoning has been introduced to the Serial Attached SCSI standard to support new SAS
0
applications such as SAS switches and SAS storage blades for blade server systems.
01
2
il,
3.1 SAS Switches
pr
2A
Since 2004, blade server technology has begun to attract the attention of mainstream customers
,1
in the server market. The advantages of a blade server system include increased performance,
ay
density and the portfolio of available blade server system products including blades, multiple
nd
processor choices, multiple operating systems, new networking options, and new storage
options. These advantages have encouraged mainstream customers to deploy blade servers into
Mo
their data centers to support mission critical business processes.
n
so
To continue providing end customers with more options and drive the growth of the blade server
market, blade server OEMs are planning to introduce SAS into their blade server designs. By
sy
moving to SAS, blade server architectures can support both enterprise class applications with
fM
SAS HDDs and provide low-cost storage options with SATA HDDs.
io
sa
A blade server is a modular computing platform consisting of the following elements: blades,
switch modules, power supply, management module and fans. A blade is a single-board server
De
that contains one to four processors, memory, local disk storage, an on-blade network interface
h
card (NIC), and SAN connectivity, as shown in Figure 8. A blade chassis may hold one or more
es
blade cards, one or more Ethernet or SAN switch modules, one to four power supplies, one to
te
two shared management modules and cooling resources. Chassis components communicate
sa
across a fully redundant midplane, enabling hot swap functionality of the chassis components
by
PM
34
6:
:4
11
0
01
2
il,
pr
2A
,1
ay
nd
Mo
n
so
sy
fM
io
sa
De
The addition of SAS to a blade server architecture will occur on the disk-interconnect side of
the server. To enable the CPU blades to connect to either SAS or SATA storage, the switch
h
modules or switch blades will require SAS switches rather than Ethernet or Fibre Channel.
es
te
The Fibre Channel and Ethernet switches used in blade server applications today provide zoning
sa
functionality to ensure that the server blades cannot “see” other servers in the blade architecture.
by
Thus, SAS switches must provide zoning capabilities. The SAS switch design is based on using
SAS expanders, as shown in Figure 9.
d]
lle
tro
on
[c
ed
ad
lo
wn
Do
PM
34
Blade Server System midplane
6:
Primary SAS
:4
Switch Module
11
SAS
0
Expander
CPU
01
with zoning
SAS Host External Storage
2
il,
CPU
RAID
pr
SAS or SATA
2A
Local Disks SAS
CPU Blade Expander
JBOD
,1
with zoning
ay
nd
Secondary SAS JBOD
Switch Module
Mo
n
so
sy
fM
A new type of architecture emerging in the blade server market is the concept of disk-less server
De
blades. The hard disk-drives (HDDs) are relocated off of the server/CPU blade and on to a
shared location called a storage blade, as shown in Figure 10. The storage blade can be thought
h
of as “semi-local” storage that is shared by a small number of blades. The storage blade concept
es
is not truly direct attached storage (DAS) because it is not exclusively owned by a single server
te
and it is not completely a storage area network (SAN) because the storage is not available to all
sa
servers on the fabric. The storage blade is a new intermediate level in the storage hierarchy and
by
PM
34
Diskless Blade Server System midplane
6:
:4
SAS Switch
11
SAS
Expander
0
CPU
01
with zoning
SAS Host
2
il,
CPU
pr
SAS
2A
Expander
CPU Blade with zoning
,1
ay
SAS Switch
nd
Mo
SAS
Expander
n
with zoning
so
sy
to external
Storage Blade storage
fM
io
External
sa
RAID Storage
De
h
JBOD
es
te
sa
JBOD
by
The storage blade provides a pool of generic assignable drives to the blade server. A global
d]
resource manager can then assign and manage desired boot images, applications or select links
lle
to appropriate data volumes. The storage blade provides low latency access to storage for the
tro
server blades.
on
Zoning is key for disk-less blade architectures, because each server blade’s protected boot drive
[c
will be located on a shared storage blade, as in Figure 10. The zoning will be required to protect
ed
each CPU blade and associated storage from unauthorized access/security breaches.
ad
lo
wn
Do
PM
4 Conclusion
34
SAS zoning provides the traffic segregation, resource flexibility, controlled resource sharing,
6:
protection, and topology control functionality required to manage SAS-based systems including
:4
blade servers.
11
0
PMC-Sierra is actively working with other server OEMs to standardize SAS zoning. A joint
01
proposal for SAS zoning has been submitted to the ANSI T10 Technical Committee of the
2
INCITS SAS 2 working group by PMC-Sierra and Hewlett Packard. This proposal has received
il,
broad support and defines how SAS zoning can provide flexible and efficient access control
pr
mechanisms for expanders and interoperability with legacy expanders.
2A
,1
PMC-Sierra has developed the industry’s first SAS switching expanders to provide this
innovative zoning technology, the PM8399 SXP 24x3GSec and PM8398 SXP 36x3GSec SAS
ay
expander switches. For more information about the T10 proposal, see the T10 web site,
nd
www.t10.org, and for more information about PMC-Sierra SAS and SATA storage products, see
Mo
http://www.pmc-sierra.com/expanders-loopswitch-chips/.
n
so
sy
fM
io
sa
De
h
es
te
sa
by
d]
lle
tro
on
[c
ed
ad
lo
wn
Do
PM
Glossary
34
Blade A single-board server that contains one to four processors, memory, local disk
6:
storage, an on-blade network interface card (NIC), and SAN connectivity.
:4
Blade server A modular computing platform consisting of the following elements: blades, switch
11
modules, power supply, management module and fans.
Blade chassis A chassis that holds blade cards, Ethernet or SAN switch modules, power supplies,
0
shared management modules and cooling resources.
01
Broadcast A message used to notify all SAS ports in a domain of an event.
2
il,
message
pr
Expander zoning A structure that provides an association between the destination SAS address and
2A
route table the expander PHY identifier.
Permission table A structure that provides an association between the unique source and destination
,1
group identifiers and that is used to define permission between two groups.
ay
PHY device A device object that is used to interface to other devices.
nd
PHY zone The zone attached to a PHY. Three fields are required to be set for proper zoning
Mo
operation: trusted, group ID, and supervisor. PHY zone updates are atomic.
SAS address A worldwide unique name assigned to a SAS port, or expander, initiator, or target
device.
n
so
Service delivery A complete or partial SAS domain that provides the services of a normal SAS fabric,
sy
Subtractive The method the expander uses to route connection requests not resolved using the
sa
domain. The supervising expander propagates zone permission table updates to all
es
zoning expanders when the zoning supervisors update the zone permission table.
te
Supervisor A management entity that is either an expander device inside or an end device
sa
Topology The algorithm used by the management application client to configure the SAS
d]
discovery domain.
lle
Traffic The process of separating traffic between hosts and resources, and providing
tro
Trusted PHY A zoning expander attached to a device that can be trusted to generate and receive
controlled zoning information such as an OPEN address frame or BROADCAST
[c
address frame with zoning details that the service delivery subsystem requires for
ed
Untrusted PHY A zoning expander PHY attached to a device that cannot be trusted to generate and
lo
Zoning expander A device that is part of the service delivery subsystem and that facilitates
communication between SAS devices. A zoning expander is capable of the zoning
function.