010684

Managing Access Control Through SAS Zoning
White Paper
PM
34
6:
:4
11
Managing Access Control
0
01
Through
2
il,
SAS Zoning
pr
2A
,1
ay
nd
Mo
n
so
sy
fM
io
sa
De
h
es
te
White Paper
sa
by
d]
lle
tro
on
by Heng Liao, Tim Symons, Rachelle Trent

[c
ed
ad
lo
wn
Do
Issue No. 1: September 2005

© PMC-Sierra, Inc.
Document No.: PMC-2051469, Issue 1 1

White Paper
PM
Legal Information
34
6:
Copyright
:4
11
Copyright 2005 PMC-Sierra, Inc. All rights reserved.
0
01
The information in this document is proprietary and confidential to PMC-Sierra, Inc., and for its
2
customers’ internal use. In any event, no part of this document may be reproduced or
il,
redistributed in any form without the express written consent of PMC-Sierra, Inc.
pr
2A
PMC-2051469 (01)
,1
ay
Disclaimer
nd
Mo
None of the information contained in this document constitutes an express or implied warranty
n
by PMC-Sierra, Inc. as to the sufficiency, fitness or suitability for a particular purpose of any
so
such information or the fitness, or suitability for a particular purpose, merchantability,
performance, compatibility with other parts or systems, of any of the products of PMC-Sierra,
sy
Inc., or any portion thereof, referred to in this document. PMC-Sierra, Inc. expressly disclaims
fM
all representations and warranties of any kind regarding the contents or use of the information,
io
including, but not limited to, express and implied warranties of accuracy, completeness,
sa
merchantability, fitness for a particular use, or non-infringement.

De
In no event will PMC-Sierra, Inc. be liable for any direct, indirect, special, incidental or
h
consequential damages, including, but not limited to, lost profits, lost business or lost data
es
resulting from any use of or reliance upon the information, whether or not PMC-Sierra, Inc. has
te
been advised of the possibility of such damage.

sa
by
Trademarks
d]
lle
For a complete list of PMC-Sierra’s trademarks and registered trademarks, visit:

tro
http://www.pmc-sierra.com/legal/
on
[c
Patents
ed
ad
Relevant patent grants may exist.

lo
wn
Do

White Paper
PM
Abstract
34
Serial Attached SCSI (SAS) is gaining popularity in small storage area network (SAN) server
6:
environments. SAS has gained significant interest as a mechanism for connecting large groups
:4
of targets in small SAN or in cluster or blade server environments and allowing these servers to
11
share resources across their targets. With SAS’s rise in popularity comes the need to segregate
0
and manage device traffic by zones in a similar fashion to what is already done in larger Fibre
01
Channel networks or Ethernet using virtual LANs. This paper discusses how SAS zoning, as
2
proposed to the T10 Technical Committee of the INCITS SAS 2 working group, can meet these
il,
zoning and access control needs. SAS zoning provides functionality for traffic segregation,
pr
resource flexibility, controlled resource sharing, topology control, and protection against
2A
unauthorized access. This paper includes an overview of SAS zoning operation and
,1
implementation, and a discussion of how zoning enables the management of SAS-based blade
ay
servers, which support both enterprise-class applications with SAS HDDs and near-line/fixed
content storage requirements with SATA HDDs.
nd
Mo
About PMC
n
so
PMC-Sierra™ is a leading provider of high-speed broadband communications and storage
sy
semiconductors and MIPS-Powered™ processors for Enterprise, Access, Metro Optical

fM
Transport, Storage Area Networking and Wireless network equipment. The company offers
worldwide technical and sales support, including a network of offices throughout North
io
America, Europe and Asia. The company is publicly traded on the NASDAQ Stock Market
sa
under the PMCS symbol and is included in the S&P 500 Index.
De
About the Authors

h
es
te
Dr. Heng Liao is a Principal Engineer and the chief architect for PMC-Sierra’s SAS Expander
sa
Products in the Enterprise Storage Product Division (ESD). Prior to joining PMC-Sierra, Dr.
by
Liao was a Post-doctoral Research Associate at Princeton University and studied various
parallel processor architecture and compiler techniques. Dr Liao has over 8 years of experience
d]
in the storage and communication IC industry and has worked in various design roles. Dr. Liao
lle
holds a Doctor of Philosophy Degree in Computer Engineering from the Tsinghua University,
tro
Beijing, China. Dr. Liao has over 18 US and international patents pending or awarded in the
on
field of communication systems, switching techniques, micro-architectures, and storage

systems.
[c
ed
Tim Symons is a Principal Engineer and Storage architect at PMC-Sierra. Prior to joining PMC-
ad
Sierra, Mr. Symons was a Storage Systems Architect and Technologist with Adaptec Inc.
lo
(formerly Eurologic Systems). Mr. Symons has a Bachelor of Science (Honors) degree in
wn
Electrical & Electronic Engineering from the University of Plymouth, UK.

Do

White Paper
Rachelle Trent is a Product Marketing Manager for PMC-Sierra’s Enterprise and Storage
PM
Division. She currently manages the Serial Attached SCSI (SAS) products for server storage
system applications. Formerly, Ms. Trent managed PMC-Sierra’s high-speed SERDES product
34
line. Prior to her marketing roles, she was a Mixed Signal Design Engineer and was involved
6:
with designing high-speed analog interfaces. In 1996, Ms. Trent graduated with a Bachelor’s of
:4
11
Science degree in Physics with first class honors from the University of Victoria. She received
her Master’s of Applied Science (mixed-signal design) degree from Simon Fraser University in
0
1999. Ms. Trent is a board member for the SCSI Trade Association (STA) and a member of the
01
Institute of Electrical and Electronics Engineers (IEEE).
2
il,
References
pr
2A
1. ISO/IEC 14776-151:200x, ANSI INCITS. ***.200x, Project T10/1601-D, Working Draft
,1
American National Standard, Information technology – Serial Attached SCSI – 1.1 (SAS-
ay
1.1). July 9, 2003. http://www.t10.org/.
nd
Mo
2. ISO/IEC 14776-150:200x, ANSI INCITS.***:200x, Project 10/1562-D, Working Draft
American National Standard, Working Draft American National Standard, Information
n
technology– Serial Attached SCSI (SAS). July 24, 2005. http://www.t10.org/.
so
sy
3. T10/05-144r6, SAS-2 zoning, presented to the T10 Technical Committee. June 13, 2005.
fM
http:/www.t10.org/.
io
sa
Revision History
De
Issue Issue Date Details of Change

h
No.
es
1 September 2005 Document created.

te
sa
by
d]
lle
tro
on
[c
ed
ad
lo
wn
Do

White Paper
PM
Table of Contents
34
Legal Information........................................................................................................................... 2
6:
Abstract ......................................................................................................................................... 3
:4
11
About PMC .................................................................................................................................... 3
0
About the Authors .......................................................................................................................... 3
01
References .................................................................................................................................... 4
2
il,
1 Managing Access Control ....................................................................................................... 7
pr
1.1 Ease of SAS .................................................................................................................. 7
2A
1.2 Benefits of SAS Zoning ................................................................................................. 8
,1
1.3 How Zoning Works ........................................................................................................ 9
ay
nd
2 The Zoning Implementation .................................................................................................. 10
Mo
2.1 Zoning Domain ............................................................................................................ 11
2.2 Zone Policy Configuration ........................................................................................... 12
n
so
2.2.1 Identifying Zones......................................................................................... 12
sy
2.2.2 Defining Policies and Permissions.............................................................. 12

fM
2.2.3 Propagating Zone Permission Table Updates ............................................ 14

io
2.3 PHY Zone Configuration ............................................................................................. 15

sa
2.4 Impact on Topology Discovery .................................................................................... 15

De
2.5 Zoning Operation ........................................................................................................ 16

h
es
2.5.1 OPEN Address Frame Handling ................................................................. 16

te
2.5.2 Broadcast Handling..................................................................................... 18

sa
3 Applications for SAS Zoning ................................................................................................. 19

by
3.1 SAS Switches.............................................................................................................. 19

d]
3.2 Storage Blade.............................................................................................................. 21

lle
tro
4 Conclusion ............................................................................................................................ 23
on
Glossary ...................................................................................................................................... 24
[c
ed
ad
lo
wn
Do

White Paper
PM
List of Figures
34
Figure 1 SAS Access Control Features....................................................................................... 8
6:
Figure 2 Zoning Service Delivery Subsystem Example ............................................................ 11
:4
11
Figure 3 Zoning Groups Example ............................................................................................. 13
0
Figure 4 Zone Permission Table ............................................................................................... 13
01
Figure 5 Zoning Expander Route Table .................................................................................... 15
2
il,
Figure 6 Open Address Frame Handling................................................................................... 17
pr
Figure 7 Single-Hop and Multi-Hop Permission Checking ........................................................ 18
2A
Figure 8 Block Diagram of Typical Blade Server Components ................................................. 20
,1
Figure 9 Example SAS Blade Server Architecture.................................................................... 21
ay
nd
Figure 10 Diskless Blade Server Architecture........................................................................... 22
Mo
n
so
sy
List of Tables
fM
Table 1 Comparison of Worldwide Name and Port Zoning Control Policies............................. 12

io
sa
De
h
es
te
sa
by
d]
lle
tro
on
[c
ed
ad
lo
wn
Do

White Paper
PM
1 Managing Access Control
34
Serial Attached SCSI (SAS) is gaining popularity in small storage area network (SAN) server
6:
environments. With its rise in popularity comes the need to segregate and manage device traffic
:4
in a similar fashion to what is already done in larger Fibre Channel networks by using zones or
11
in Ethernet using virtual LANs. By doing this, IT administrators can create much more flexible,
0
scalable, and efficient server networks that meet their business needs. SAS zoning, a proposal to
01
the T10 Technical Committee for inclusion in the SAS-2 specification, provides this capability.
2
il,
pr
1.1 Ease of SAS
2A
,1
SAS offers many benefits for enterprise IT infrastructures that need to operate leanly and with
ay
high productivity and flexibility. SAS, a point-to-point protocol, is a high performance, scalable,
nd
flexible and economical solution for deploying storage systems.
Mo
SAS is a replacement for parallel SCSI, maximizing the ease with which data storage capacity
and throughput is created. Its target application is direct attached storage (DAS) systems where
n
so
one server is connected to multiple disks. However, SAS provides a powerful switching
capability using expanders, which act as switches to end devices, enabling quick aggregation of
sy
many drives in a single SAS domain (up to 16,384 devices). These expanders are fully capable
fM
of connecting multiple hosts to multiple targets. SAS has gained significant interest as a
io
mechanism for connecting large groups of targets in small storage area networks (SANs), in
sa
cluster or in blade server environments, allowing these servers to share resources across their
targets.
De
h
In these larger server environments, it is necessary to provide more management and control
es
services. Frequently, the traffic needs to be segregated for efficiency. Furthermore, since storage
te
resources are shared, server resources need to be controlled by putting limitations on which
sa
resources each server can control preventing unauthorized access. As well, not all servers need
by
to access all data. Some data may need to be dedicated on one server; other data may need to be
shared across multiple servers. Access controls, such as those provided for the SAS zoning
d]
specification, prevent unauthorized access, malicious attacks or corruption of data by operator

lle
error on the server. Access controls ensure that if a server is compromised, only data that is
tro
accessible by the compromised server is at risk of being lost and not the entire network.
on
The SAS transport protocol supports the following protocols over its serial interface:
[c
ed
• Serial SCSI Protocol (SSP) to communicate with SAS devices and existing SCSI software
ad
• SCSI Tunneling Protocol (STP) to identify and communicate with SATA devices
lo
wn
• SCSI Management Protocol (SMP) to manage SAS’s point-to-point topology

Do
The zoning features discussed in this paper are managed by an extension to the SMP
commands.

White Paper
1.2 Benefits of SAS Zoning
PM
34
What are the benefits for access control and what makes SAS zoning attractive? To answer
6:
these questions, envision a SAS expander topology as shown in Figure 1.
:4
11
Figure 1 SAS Access Control Features
0
01
2
Limit topology changes
il,
Set access restrictions /
pr
limitations for hosts Flexibly
2A
re-deploy
resources
,1
ay
Host
Host
Host
nd
SAS
Device
Mo
9
Expander
n
so
SAS Segregate traffic
SAS SAS SAS SAS
SAS Device Device
SAS Device Device Device
8
sy
Device 6 7
Protect against attacks SAS Device
3
4 5
Device 2
fM
Internal Zone: External Zone:

io
Division A Division C
Internal Zone: Customer Accessible
sa
Division B
De
h
es
Share devices
te
sa
Access control provides traffic segregation for data, functions and broadcast traffic. It logically
separates traffic between hosts and resources and provides common access privileges to all end
by
devices. There are many ways to segregate traffic. Figure 1 shows how traffic can be segregated
d]
between internal and external zones.

lle
tro
Access control provides flexible re-deployment of resources. For example, if one hard disk drive
(HDD) is assigned to a server in a group, but more capacity is required for that server, it is easy
on
to add another disk to the group.

[c
ed
Access control provides controlled sharing of resources and imposes access

ad
restrictions/limitations. Users can limit the resources that each host “sees” by configuring
different policies for each SAS zone. By assigning SAS PHYs into groups and applying access
lo
wn
control policies to restrict these groups, the system designer can ensure that only authorized
users can access certain parts of the system. By grouping end devices, system designers can also
Do
save on the amount of resources required for an expander implementation.
Zoning allows users to limit access to the SMP control plane such that only the authenticated
management devices can issue SMP control commands.

White Paper
Access control limits the impact of topology change. A SAS network uses a mechanism called
PM
topology discovery to determine which devices are part of the topology. Each time a new device
is added, removed, or lost, a broadcast event is generated to notify all the expanders and host
34
devices that re-discovery must be performed to determine which device has changed. This is a
6:
time consuming process and requires both the hosts’ and expanders’ resources as well as
:4
11
increases SMP traffic. It makes sense, therefore, to limit the impact of topology changes so that
when a device is added or removed, only its host device has privileges to see the topology
0
change
01
2
Finally, access control also provides protection against attacks by limiting the propagation of
il,
Broadcast traffic. Broadcast events are very disruptive and consume a great amount of link
pr
bandwidth when being sent frequently, also known as a broadcast storm. If broadcast storms are
2A
not limited, any “misbehaving” device in the topology can disrupt the operation of the entire
,1
network. It becomes difficult to support larger networks if broadcast storms are not controlled.
ay
nd
1.3 How Zoning Works
Mo
n
Access control functionality is fully implemented in the expanders. Expanders are used for
so
control as it is difficult to know if a host is authorized or not. Therefore, access control does not
require hosts to intervene or change their behavior. By allowing expanders to control zoning,
sy
legacy SAS and SATA devices, which do not understand zoning, can operate within the SAS
fM
domain.
io
sa
From the perspective of a SAS system administrator, the zoning model requires no change to the
end devices in the network. Initiators continue to perform normal SAS discovery, and initiators
De
and targets send and receive OPEN address frames as usual. However, unlike a typical SAS
h
system, initiators and targets do not see the entire SAS domain, also known as a service delivery
es
subsystem. Instead, they only see the portions of the domain, otherwise known as groups, that
te
they have been given permission to see based on a permission table that is configured for each
sa
zoning expander. Zoning operation is determined by the configuration made to the zoning
by
attributes for each PHY port of the expander (called PHY zone configuration).
d]
lle
tro
on
[c
ed
ad
lo
wn
Do

White Paper
PM
2 The Zoning Implementation
34
To enable zoning in a network, the system designer/administrator must:
6:
:4
• Implement the service delivery subsystem using zoning expanders. (Note, although up to
11
128 zones are supported by the SAS-2 zoning proposal, the number of supported zones
differs for each zoning expander vendor.)
0
01
• Define the portions or groups required in the zoning domain by analyzing the devices that
2
need to share common access privileges. This information must then be translated into the
il,
pr
zoning permission table contained within the expander. The permission table defines
2A
whether communication is allowed between groups. Group assignment is strictly based on
the expander ports of the zoning service delivery subsystem. The service delivery subsystem
,1
can be a portion of a SAS domain or a complete SAS domain that provides normal services
ay
of a SAS system including zone management and access control services. Each PHY can
nd
only belong to one group.
Mo
• Define the attributes for each expander PHY:
o Define the supervisor(s) for the service delivery subsystem. The supervisor is a
n
so
management entity that is either an expander device inside the zoning subsystem or a
device attached to the subsystem. The supervisor is an SMP initiator that is capable of
sy
generating SMP commands for SAS zoning configuration and management. More than
fM
one supervisor can exist in a fabric. Note that a supervising expander is used to
io
coordinate the supervisors is automatically elected based on the largest SAS address in
sa
the topology and is responsible for propagating zone permission table changes to all
zoning expanders in the subsystem.
De
o Designate the PHYs attached to the zoning expanders as trusted or not trusted. Devices
h
inside the boundary of the zoning subsystem are designated as trusted whereas those
es
outside the subsystem are listed as untrusted. This exercise defines the boundary of the
te
zoning service delivery subsystem.

sa
by
The SAS-2 zoning proposal that has been submitted to the T10 Technical Committee provides
complete details about the updated SMP commands that are used for zone management
d]
configuration and topology discovery.

lle
tro
on
New and Modified SMP Commands for SAS Zoning

[c
• REPORT GENERAL function

ed
• DISCOVER function
ad
• CONFIGURE PHY ZONE function

lo
• CONFIGURE ZONE PERMISSION function

wn
• REPORT ZONE PERMISSION function

•
Do
REPORT ZONE ROUTE TABLE function
For details, see the SAS-2 Zoning Proposal (05-144r5) on the T10 Technical Committee website, www.t10.org.

White Paper
2.1 Zoning Domain
PM
34
Figure 2 shows an example of a SAS-2 zoning service delivery subsystem. The system looks
6:
identical to a legacy SAS 1.1 service delivery subsystem, except that it consists of zoning
:4
expanders. Zoning expanders are capable of configuring zones and implementing and enforcing
11
access control policies on the network.
0
The end devices, which are connected to the expanders, can be legacy devices (including
01
expanders). Any of the end devices as well as expanders that are attached to the edge of the
2
zoning fabric will inherit the zone membership of their attachment point, at the boundary of the
il,
pr
zoning service delivery subsystem.
2A
Figure 2 Zoning Service Delivery Subsystem Example
,1
ay
nd
Mo
n
so
sy
fM
io
Zoning
Expander
sa
Expander
Expander
De
esZoning
Zoning
Zoning Fabric
h
Zoning
te
Expander
sa
by
d]
lle
tro
on
[c
z
ed
ad
lo
Since the zoning function is fully implemented by the expander fabric, the implementation is
wn
completing transparent to end devices or legacy devices such as SAS 1.1 HBAs and HDDs that
do not have knowledge of zoning, to change their behavior.
Do

White Paper
2.2 Zone Policy Configuration
PM
34
2.2.1 Identifying Zones
6:
:4
For a SAS zoning expander to identify a device and its control policies, the system
11
administrator must define the zones by using a unique ID: either the device’s worldwide name
that is defined during its manufacture or the port number where a device is attached to the
0
01
service delivery subsystem. This unique ID is assigned to the expander PHY that is attached to
2
each end device.
il,
pr
Table 1 shows a comparison of worldwide name-based and port-based zoning. Note that each
2A
has its intended users. The zoning proposal supports both. The underlying zoning mechanism is
based on the most secure method, port-based zoning, which is PHY-based. However, one-to-one
,1
mapping can be done between the WWN and the physical port ID using upper-layer
ay
management software to present a management API that is WWN-based.
nd
Mo
Table 1 Comparison of Worldwide Name and Port Zoning Control Policies
n
Worldwide Name Zoning Port Zoning
so
Uses the unique worldwide name associated with Uses the physical port IDs of the expanders to
sy
each device to define the zones. A database define the zones. Access rights are defined for
stores all the WWNs and port numbers. each port in the zoning service subsystem.
fM
Determines which WWNs are allowed to access Determines which ports are allowed to access other
io
other WWNs. ports.

sa
Devices can be moved between ports without Zone information must be updated when a device is
De
updating the zone configuration. moved.

This method is susceptible to unauthorized access This is a trusted, hardware implementation. It
h
and spoofing of WWNs. prevents spoofing.

es
Easier to use. More secure.

te
sa
by
If a device is relocated on the network, the management software will be able to detect the move
d]
and automatically reassign the same policy to a new port.

lle
tro
2.2.2 Defining Policies and Permissions

on
Figure 3 shows an example zoning topology. In this instance, Device 0 and Device 2 are
[c
assigned to the same group (Group 126) since they share common resources (the need to
ed
communicate with devices in Group 5 and Group 4).

ad
lo
wn
Do

White Paper
Figure 3 Zoning Groups Example
PM
34
6:
Group
:4
126
Device
11
2
0
01
2
Group 1 Device
1
il,
Device Group 2 Device
pr
0 3
2A
,1
ay
Zoning Expander
nd
Fabric
Mo
n
Group 3 Device
so
4
sy
Group 5
Device Group 4 Device
fM
5 N-1
io
sa
The access control policies, otherwise referred to as zone permissions, for each expander group
De
are defined using the zone permission table, which is represented in Figure 4.
h
es
Figure 4 Zone Permission Table

te
sa
Groups 0 1 2 3 4 5 6 … 126 127

by
Special Group 0 0 0 0 0 0 0 0 1
0 P[0,0]
…
P[0,127]
d]
1 0 1 … 1
lle
2 0 1 … 1
tro
User 3 0 1 … 1
on
Defined
Groups
4 0 … 1 1
[c
5 0 1 … 1 1
ed
… … … … … … … … … … …
ad
126 0 1 1 … 1
lo
Special Group 1 1 1 1 1 1 1 1
wn
127 P[127,0]
… 1
P[127,127]
Do

White Paper
Group 0 and Group 127 are provided as special groups and cannot be defined by the user. By
PM
default, Group 0 cannot access any other groups except for those in Group 127. Group 0 is used,
for example, for a new device that is inserted into the zoning service delivery subsystem, and
34
has not yet assigned a group by the system administrator. Group 127 (SMP target) is allowed to
6:
access all other groups, including Group 0 and is used for topology discovery and zone
:4
11
management.
0
Groups 1 to 127 are configured by the system administrator based on the needs of the
01
application. The permission values for each group are reversed for their mirror groups. For
2
example, P[x,y] is equal to P[y,x] to accommodate SSP and STP exchanges, which are bi-
il,
directional. Devices in the same group do not always need to access each other and therefore,
pr
the permission value for these must be configured. For example, if two servers share the same
2A
group of target resources and share the same storage space, but must not access each other, users
,1
can assign them to the same group (P[x,x]), restrict access, assign all the shared resources to
ay
another group (y), and allow permission between P[x,y].
nd
When configuring the zoning permission table, as shown in Figure 4, the rules that must be
Mo
followed are:
n
so
1. When P[x,y]=0, Groups x and y are not allowed to access each other. When P[x,y]=1,
Groups x and y are allowed to access each other.
sy
fM
2. Group 0 is not allowed to access any other group except Group 127.
io
3. Group 127 is allowed to access all other groups.

sa
De
4. Permissions are reversible: P[x,y] is equal to P[y,x].

h
es
5. Members in the same group P[x,x] may not have permission to access each other.
te
sa
2.2.3 Propagating Zone Permission Table Updates

by
Each time a topology change is detected in the SAS subsystem, the zone permission table
d]
updates are updated to the service delivery subsystem by the supervisor using the SMP
lle
command, CONFIGURE ZONE PERMISSION.

tro
on
The permission table update is a multi-step process. The supervisor must send the entire
permission table to the current supervising expander. The supervising expander propagates the
[c
changes to the rest of the expanders in the service delivery subsystem. The use of a supervising
ed
expander ensures consistency among the zoning policy tables in all zoning expanders in the
ad
service delivery subsystem.

lo
wn
As previously mentioned, the supervising expander is elected based on the largest SAS address
in the topology. Each zoning expander has a SUPERVISING PRIORITY attribute, which
Do
determines whether an expander is a candidate to be a supervisor. If this attribute is set, when

the zoning expander traverses the adjacent expanders in the SAS domain, it is counted with all
the other supervisors. The supervisor with the highest election priority value (the largest
expander SAS address value) is elected as the supervising expander.

White Paper
2.3 PHY Zone Configuration
PM
34
One of the supervisor expander’s responsibilities is to communicate the attributes of the
6:
expander PHY port to the service delivery subsystem (expanders). This is the second type of
:4
zone configuration that needs to be done. The attributes that need to be configured for the PHY
11
zone include:
0
• Source Group ID —The GROUP ID attribute is the unique user-defined zone group ID
01
(ranging from 1 to 127).
2
il,
• Supervisor status —The SUPERVISOR attribute defines whether the device attached to the
pr
PHY can be a supervisor.
2A
• Trusted status —The TRUSTED attribute defines if the device is considered trusted thereby
,1
defining the boundary of the service delivery subsystem. This is usually an expander PHY-
ay
to-expander PHY attribute.
nd
• Source check status — This attribute defines whether the expander can automatically check
Mo
the source address of any open address frames against the source address that was
communicated during the initialization process. The sources check status ensures that a
n
device cannot spoof (pretend to be) a trusted device to gain access to the service delivery
so
subsystem and gain unauthorized data.
sy
fM
The PHY zone updates are atomic and are made from a supervisor to a zoning expander using a
single SMP command, CONFIGURE PHY ZONE. The expander self-discovery process
io
propagates the new PHY zone information associated with the attached SAS address. Even in a
sa
multi-supervising environment, no coordination is needed at the expander level.

De
h
es
2.4 Impact on Topology Discovery

te
sa
The SAS 1.1 specification defines an expander route table, which maps the SAS address to an
expander PHY. For SAS-2 zoning purposes, this route table is extended to also include the
by
GROUP ID, SUPERVISOR, and TRUSTED bit attributes. During topology discovery, the
d]
zoning expanders propagate the group assignment along with the SAS address. Figure 5 is a
lle
representation of this table.

tro
on
Figure 5 Zoning Expander Route Table

Routed SAS
[c
PHY 0 PHY 1 PHY 2 … PHY n Address, Group

ed
ID, Supervisor,
Expander 0 … and Trusted Bit
ad
Expander 1 … Attributes
lo
Expander 2 …
wn
… … … … … …
Do
Expander n …

White Paper
All zoning expanders are configured as self-configuring expanders. That is, all the expanders
PM
are able to traverse the SAS topology and populate the zoning expander route table. This
process also protects the service delivery subsystem from any problems that might occur with
34
the host configuring the zone table, where security is not ensured.
6:
:4
Host topology discovery still occurs, as defined by SAS 1.1, to determine the devices in the
11
service delivery subsystem. The management of the zoning subsystem is done through the
0
REPORT GENERAL, DISCOVER, REPORT ZONE ROUTE TABLE commands, which
01
contain new fields for SAS zoning. However, information filtering is done based on the Group
2
ID of the originating end device. Hence, if an end device is from a particular group, say Group
il,
x, the zoning expander will only record the devices attached to Group x even though it may be
pr
attached to other groups, limiting what the host can “see”.
2A
,1
ay
2.5 Zoning Operation
nd
Mo
2.5.1 OPEN Address Frame Handling
n
An OPEN address frame (OAF) is the means for establishing a connection between two SAS
so
devices. For SAS zoning, in addition to carrying both the source SAS address and the
sy
destination SAS address, the OPEN frame carries two new fields necessary for routing in a
fM
SAS-zoned network:
io
• SOURCE GROUP ID (SGID)

sa
• ACCESS ZONE MANAGEMENT

De
h
New OAF Fields Defined

es
te
The SGID field is represented in the zoning permission table shown in Figure 4 by P[y]. The
sa
expander routes packets according to the destination address in the OPEN frame using one of
the three standard SAS methods: table, direct, or subtractive routing. During the routing
by
process, these routing methods check the destination SAS address and map the address to a
d]
destination group ID (DGID). (In Figure 4, this is P[x].) Hence, SGID identifies where a frame
lle
has come from and DGID identifies where a frame is being sent. By checking the group ID
tro
against the zoning permission table, the expander can verify whether the OPEN request is
permitted.
on
[c
The ACCESS ZONE MANAGEMENT field defines whether the OPEN address frame
ed
originates from a supervisor device or not. This is important for proper access control and
ad
permission checking.
lo
wn
Do

White Paper
Figure 6 Open Address Frame Handling
PM
1. The OAF is received on the Untrusted PHY.
34
The ACCESS ZONE MANAGEMENT bit is set to
the supervisor bit of the expander PHY. The SGID
6:
2. The OAF is sent from A to B with the
is set as the group ID of the expander PHY (X). A
SGID set to expander PHY X. The SGID 3. The SGID field
:4
source check is done for address A against the
field is preserved when transmitted from/ is removed when
SAS address received by this PHY. The zone
received out of a trusted PHY.
11
transmitted by an
permission table is checked to validate that the
untrusted PHY.
OAF is allowed through.
0
Untrusted PHY
Untrusted PHY
Trusted PHY
Trusted PHY
01
Device A Zoning Zoning Device B
2
Expander 1 Expander 2
il,
Group ID = X Group ID = Y
pr
2A
Source Check
,1
ay
Both the SGID and ACCESS ZONE MANAGEMENT fields are only valid for OPEN address
nd
frames that are passed among devices inside the zoning service delivery subsystem on trusted
expander PHYs. Since end devices can be legacy devices that do not have these fields, when an
Mo
OPEN frame is received from an untrusted PHY, the ingress PHY of the source zoning expander
n
will set the SGID field to the group ID associated with the PHY and the ACCESS ZONE so
MANAGEMENT field according to the supervisor attribute of the associated PHY. After the
sy
frame is routed, the egress PHY of the destination expander will remove these fields before
transmitting on to another untrusted PHY. Refer to Figure 6 for details.
fM
io
Permission Checking
sa
De
Permission checking for SAS zoning is done either using a single-hop or multi-hop method:
h
• If the zoning expander topology uses only table routing, then the zoning route tables will
es
contain all of the SAS addresses in the domain, that is, the routing table is flat across the
te
topology. In this case, an illegal OPEN address frame will always be rejected by the first
sa
expander. The zone routing table immediately routes the destination address to the DGID
by
that associated with it and accepts or rejects the OPEN frame based on the permission table.
d]
• If subtractive routing is used in the topology, the zone routing table will only contain a
lle
subset of the SAS address in the domain. In this case, the OPEN address frame will be
tro
propagated from expander to expander via the subtractive port until it reaches an expander
that has knowledge of the group ID and corresponding SAS address. In this multi-hop
on
method, an illegal OPEN frame will be subtractively routed as far as the last expander
[c
attached to the destination address. Although this approach may consume more inter-
ed
expander link bandwidth, it does allow edge expanders to have a smaller route table.
ad
lo
wn
Do

White Paper
Figure 7 Single-Hop and Multi-Hop Permission Checking
PM
34
Single Hop
6:
1. The OAF is sent
from Device A to B.
:4
11
Untrusted PHY
Untrusted PHY
Trusted PHY
Trusted PHY
0
01
2
il,
pr
2A
Source Check
2. OPEN Reject
,1
ay
Multi Hop
nd
2. The OAF is
Mo
forwarded with
1. The OAF is sent SGID = X.
from Device A to B.
on
Untrusted PHY
Untrusted PHY
ys
MsPHY
Trusted PHY
fTrusted
io
sa
De
Source Check
4. The OAF is 3. Direct Routing
rejected. finds a match in Zone
h
Permission Table
es
(P[x,y) = 0.
te
sa
2.5.2 Broadcast Handling

by
In SAS 1.1, when the status of a device in the topology changes, a Broadcast primitive is
d]
generated and sent throughout the topology to inform the host that a change has occurred. The
lle
concept of Broadcast limiting restricts the Broadcast primitive to only propagate to the zones it
tro
has permission to access. To accomplish this in the SAS-2 zoning specification, the Broadcast
on
frame includes the SGID. The Broadcast frame can only propagate through the service delivery
subsystem to groups that the SGID is allowed to access, as defined by the access policy
[c
permission table. Broadcast limiting is important for reducing broadcast storms and topology
ed
discovery traffic.
ad
lo
Insertion of the SGID into the Broadcast frame is only used for inter-expander communication.
wn
If a broadcast message is transmitted from a zoning expander attached to an untrusted PHY

(outside the service delivery subsystem), the PHY will remove the SGID before sending the
Do
Broadcast on to the untrusted PHY.

White Paper
PM
3 Applications for SAS Zoning
34
Serial Attached SCSI was designed to be a feature-rich replacement for parallel SCSI. As such,
6:
SAS was architected and specified around existing SCSI Direct Attached Storage (DAS)
:4
applications. As SAS is maturing, new applications outside of the DAS market are emerging.
11
Zoning has been introduced to the Serial Attached SCSI standard to support new SAS
0
applications such as SAS switches and SAS storage blades for blade server systems.
01
2
il,
3.1 SAS Switches
pr
2A
Since 2004, blade server technology has begun to attract the attention of mainstream customers
,1
in the server market. The advantages of a blade server system include increased performance,
ay
density and the portfolio of available blade server system products including blades, multiple
nd
processor choices, multiple operating systems, new networking options, and new storage
options. These advantages have encouraged mainstream customers to deploy blade servers into
Mo
their data centers to support mission critical business processes.
n
so
To continue providing end customers with more options and drive the growth of the blade server
market, blade server OEMs are planning to introduce SAS into their blade server designs. By
sy
moving to SAS, blade server architectures can support both enterprise class applications with
fM
SAS HDDs and provide low-cost storage options with SATA HDDs.
io
sa
A blade server is a modular computing platform consisting of the following elements: blades,
switch modules, power supply, management module and fans. A blade is a single-board server
De
that contains one to four processors, memory, local disk storage, an on-blade network interface
h
card (NIC), and SAN connectivity, as shown in Figure 8. A blade chassis may hold one or more
es
blade cards, one or more Ethernet or SAN switch modules, one to four power supplies, one to
te
two shared management modules and cooling resources. Chassis components communicate
sa
across a fully redundant midplane, enabling hot swap functionality of the chassis components
by
and easy serviceability.

d]
lle
tro
on
[c
ed
ad
lo
wn
Do

White Paper
Figure 8 Block Diagram of Typical Blade Server Components
PM
34
6:
:4
11
0
01
2
il,
pr
2A
,1
ay
nd
Mo
n
so
sy
fM
io
sa
De
The addition of SAS to a blade server architecture will occur on the disk-interconnect side of
the server. To enable the CPU blades to connect to either SAS or SATA storage, the switch
h
modules or switch blades will require SAS switches rather than Ethernet or Fibre Channel.
es
te
The Fibre Channel and Ethernet switches used in blade server applications today provide zoning
sa
functionality to ensure that the server blades cannot “see” other servers in the blade architecture.
by
Thus, SAS switches must provide zoning capabilities. The SAS switch design is based on using
SAS expanders, as shown in Figure 9.
d]
lle
tro
on
[c
ed
ad
lo
wn
Do

White Paper
Figure 9 Example SAS Blade Server Architecture
PM
34
Blade Server System midplane
6:
Primary SAS
:4
Switch Module
11
SAS
0
Expander
CPU
01
with zoning
SAS Host External Storage
2
il,
CPU
RAID
pr
SAS or SATA
2A
Local Disks SAS
CPU Blade Expander
JBOD
,1
with zoning
ay
nd
Secondary SAS JBOD
Switch Module
Mo
n
so
sy
fM
3.2 Storage Blade

io
sa
A new type of architecture emerging in the blade server market is the concept of disk-less server
De
blades. The hard disk-drives (HDDs) are relocated off of the server/CPU blade and on to a
shared location called a storage blade, as shown in Figure 10. The storage blade can be thought
h
of as “semi-local” storage that is shared by a small number of blades. The storage blade concept
es
is not truly direct attached storage (DAS) because it is not exclusively owned by a single server
te
and it is not completely a storage area network (SAN) because the storage is not available to all
sa
servers on the fabric. The storage blade is a new intermediate level in the storage hierarchy and
by
provides an advantage in price and performance by eliminating the requirement to pre-allocate

unused storage and allows the storage to be amortized over multiple blades.
d]
lle
tro
on
[c
ed
ad
lo
wn
Do

White Paper
Figure 10 Diskless Blade Server Architecture
PM
34
Diskless Blade Server System midplane
6:
:4
SAS Switch
11
SAS
Expander
0
CPU
01
with zoning
SAS Host
2
il,
CPU
pr
SAS
2A
Expander
CPU Blade with zoning
,1
ay
SAS Switch
nd
Mo
SAS
Expander
n
with zoning
so
sy
to external
Storage Blade storage
fM
io
External
sa
RAID Storage
De
h
JBOD
es
te
sa
JBOD
by
The storage blade provides a pool of generic assignable drives to the blade server. A global
d]
resource manager can then assign and manage desired boot images, applications or select links
lle
to appropriate data volumes. The storage blade provides low latency access to storage for the
tro
server blades.
on
Zoning is key for disk-less blade architectures, because each server blade’s protected boot drive
[c
will be located on a shared storage blade, as in Figure 10. The zoning will be required to protect
ed
each CPU blade and associated storage from unauthorized access/security breaches.
ad
lo
wn
Do

White Paper
PM
4 Conclusion
34
SAS zoning provides the traffic segregation, resource flexibility, controlled resource sharing,
6:
protection, and topology control functionality required to manage SAS-based systems including
:4
blade servers.
11
0
PMC-Sierra is actively working with other server OEMs to standardize SAS zoning. A joint
01
proposal for SAS zoning has been submitted to the ANSI T10 Technical Committee of the
2
INCITS SAS 2 working group by PMC-Sierra and Hewlett Packard. This proposal has received
il,
broad support and defines how SAS zoning can provide flexible and efficient access control
pr
mechanisms for expanders and interoperability with legacy expanders.
2A
,1
PMC-Sierra has developed the industry’s first SAS switching expanders to provide this
innovative zoning technology, the PM8399 SXP 24x3GSec and PM8398 SXP 36x3GSec SAS
ay
expander switches. For more information about the T10 proposal, see the T10 web site,
nd
www.t10.org, and for more information about PMC-Sierra SAS and SATA storage products, see
Mo
http://www.pmc-sierra.com/expanders-loopswitch-chips/.
n
so
sy
fM
io
sa
De
h
es
te
sa
by
d]
lle
tro
on
[c
ed
ad
lo
wn
Do

White Paper
PM
Glossary
34
Blade A single-board server that contains one to four processors, memory, local disk
6:
storage, an on-blade network interface card (NIC), and SAN connectivity.
:4
Blade server A modular computing platform consisting of the following elements: blades, switch
11
modules, power supply, management module and fans.
Blade chassis A chassis that holds blade cards, Ethernet or SAN switch modules, power supplies,
0
shared management modules and cooling resources.
01
Broadcast A message used to notify all SAS ports in a domain of an event.
2
il,
message
pr
Expander zoning A structure that provides an association between the destination SAS address and
2A
route table the expander PHY identifier.
Permission table A structure that provides an association between the unique source and destination
,1
group identifiers and that is used to define permission between two groups.
ay
PHY device A device object that is used to interface to other devices.
nd
PHY zone The zone attached to a PHY. Three fields are required to be set for proper zoning
Mo
operation: trusted, group ID, and supervisor. PHY zone updates are atomic.
SAS address A worldwide unique name assigned to a SAS port, or expander, initiator, or target
device.
n
so
Service delivery A complete or partial SAS domain that provides the services of a normal SAS fabric,
sy
subsystem including zone management and access control services.

fM
Storage blade “Semi-local” storage that is shared by a small number of blades.

io
Subtractive The method the expander uses to route connection requests not resolved using the
sa
routing direct routing method or table routing method to an expander.

De
Supervising A SAS zoning expander that is automatically designated by an election process

expander based on the highest election priority of all the zoning expanders within a SAS
h
domain. The supervising expander propagates zone permission table updates to all
es
zoning expanders when the zoning supervisors update the zone permission table.
te
Supervisor A management entity that is either an expander device inside or an end device
sa
attached to the zoning service delivery subsystem. A zoning supervisor is an SMP

initiator capable of generating SMP commands for configuration and management.
by
Topology The algorithm used by the management application client to configure the SAS
d]
discovery domain.
lle
Traffic The process of separating traffic between hosts and resources, and providing
tro
segregation common access privileges to all end devices.

on
Trusted PHY A zoning expander attached to a device that can be trusted to generate and receive
controlled zoning information such as an OPEN address frame or BROADCAST
[c
address frame with zoning details that the service delivery subsystem requires for
ed
management and access control. A trusted device can be a zoning expander or a

secured end device.
ad
Untrusted PHY A zoning expander PHY attached to a device that cannot be trusted to generate and
lo
receive controlled zoning information. An untrusted PHY is considered to be outside

wn
the zoning domain.

Do
Zoning expander A device that is part of the service delivery subsystem and that facilitates
communication between SAS devices. A zoning expander is capable of the zoning
function.

010684

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

010684

Uploaded by

Copyright:

Available Formats

Managing Access Control Through SAS Zoning

by Heng Liao, Tim Symons, Rachelle Trent

Issue No. 1: September 2005

Document No.: PMC-2051469, Issue 1 1

merchantability, fitness for a particular use, or non-infringement.

been advised of the possibility of such damage.

For a complete list of PMC-Sierra’s trademarks and registered trademarks, visit:

Relevant patent grants may exist.

Document No.: PMC-2051469, Issue 1 2

semiconductors and MIPS-Powered™ processors for Enterprise, Access, Metro Optical

About the Authors

field of communication systems, switching techniques, micro-architectures, and storage

Electrical & Electronic Engineering from the University of Plymouth, UK.

Document No.: PMC-2051469, Issue 1 3

Issue Issue Date Details of Change

1 September 2005 Document created.

Document No.: PMC-2051469, Issue 1 4

2.2.2 Defining Policies and Permissions.............................................................. 12

2.2.3 Propagating Zone Permission Table Updates ............................................ 14

2.3 PHY Zone Configuration ............................................................................................. 15

2.4 Impact on Topology Discovery .................................................................................... 15

2.5 Zoning Operation ........................................................................................................ 16

2.5.1 OPEN Address Frame Handling ................................................................. 16

2.5.2 Broadcast Handling..................................................................................... 18

3 Applications for SAS Zoning ................................................................................................. 19

3.1 SAS Switches.............................................................................................................. 19

3.2 Storage Blade.............................................................................................................. 21

Document No.: PMC-2051469, Issue 1 5

Table 1 Comparison of Worldwide Name and Port Zoning Control Policies............................. 12

Document No.: PMC-2051469, Issue 1 6

specification, prevent unauthorized access, malicious attacks or corruption of data by operator

• SCSI Management Protocol (SMP) to manage SAS’s point-to-point topology

Document No.: PMC-2051469, Issue 1 7

1.2 Benefits of SAS Zoning

Internal Zone: External Zone:

between internal and external zones.

to add another disk to the group.

Access control provides controlled sharing of resources and imposes access

save on the amount of resources required for an expander implementation.

Document No.: PMC-2051469, Issue 1 8

Document No.: PMC-2051469, Issue 1 9

zoning service delivery subsystem.

configuration and topology discovery.

New and Modified SMP Commands for SAS Zoning

• REPORT GENERAL function

• CONFIGURE PHY ZONE function

• CONFIGURE ZONE PERMISSION function

• REPORT ZONE PERMISSION function

REPORT ZONE ROUTE TABLE function

Document No.: PMC-2051469, Issue 1 10

2.1 Zoning Domain

Document No.: PMC-2051469, Issue 1 11

2.2 Zone Policy Configuration

other WWNs. ports.

updating the zone configuration. moved.

and spoofing of WWNs. prevents spoofing.

Easier to use. More secure.

and automatically reassign the same policy to a new port.

2.2.2 Defining Policies and Permissions

communicate with devices in Group 5 and Group 4).

Document No.: PMC-2051469, Issue 1 12

Figure 3 Zoning Groups Example