From VMware ESXi Server 5.0 Security Technical Implementation Guide
Part of SRG-OS-99999-ESXI5
Associated with: CCI-000366
SAN activity must be segregated via zoning and LUN masking. The potential for any SAN client to mount and access any SAN drive will result in disk resource contention and data corruption. Zoning and LUN masking must be used to isolate and protect SAN storage devices. Use of zoning must also take into account any host groups on the SAN device(s).
Zoning and masking capabilities for each SAN switch and disk array are vendor specific. Ask the SA if a SAN device is used to support hosts. If a SAN device is deployed and zoning/masking is not used, this is a finding. If SAN devices are not used, this is not a finding.
If SAN devices are used, a vendor-specific procedure must be developed and documented to mask/zone host LUNs.
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer