This article is part of our Essential Guide: LUN storage: Working with a SAN's logical unit numbers

LUN masking or LUN zoning: Which one is a better fit for a SAN fabric?

GlassHouse Technologies' Steve Pinder weighs the pros and cons of using LUN masking and LUN zoning in SAN fabrics, switches and HBA configurations.

LUN masking or LUN zoning: Which is a better fit for a storage-area network (SAN) fabric?
LUN masking takes place at either the host bus adapter (HBA) or storage controller, and restricts the hosts' ability to access specific LUNs. LUN zoning generally takes place on storage-area network (SAN) switches and compartmentalises the SAN fabric, grouping hosts and storage arrays into zones.

It is possible to leave a SAN fabric as an "open" fabric and not bother with zoning at all. In theory, this would allow every host to see every LUN on every storage array. However, you can implement LUN masking to prevent this from happening. If you only implement SAN zoning, a host would gain access to every LUN that was available on any storage array that it was zoned with.

Neither configuration is ideal, so you will almost always find it best if both LUN masking and LUN zoning are configured on a SAN. One exception to this would be a host that is directly connected to a storage array port. No zoning would be required as the host would not be connected to a SAN fabric, and no LUN masking would be required as it is guaranteed that the host would be the only one to have access to that port.

For more on LUNs:

1. Learn more about LUNs and their role in SAN management
2. Learn how to backup a LUN snapshot

This was last published in March 2010

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...