Hi John,

Excellent question! There even more ways to zone that just those two... There's zone via FCID, physical port (fwwn), iscsi initiator name and even ip-address! (for folks with IPS/multi protocol cards :)

There are various pro's n con's for each way and it will depend some what on your security practices, size of the environment and how many admin's there will be.

Here are some pro's and con's.

Zoning via fcalias is good because you can see from the fcalias name what is being zoned to what and where.

However, it does mean you have to maintain the fcaliases and ensure they are always correct.

Zoning via wwn (or wwpn) is quite fine as well but you will have to ensure your zone name is descriptive enough so you know what it is but you wont have to maintain the fcaliases.

From a security point of view, you might not control the hosts that get plugged into your SAN. If this is the case you might not want to zone via fcalias or wwn because it is VERY VERY easy to "spoof" a wwn and get access to all of your storage!

To get around this some people zone via port (fwwn or actual interface) which is some times called "hard zoning". This basically means you zone an actual port on the switch to another port.

My personal opinion is to zone via fwwn with VERY descriptive zone names.

ie:

If i had host "fred" plugged into port fc1/1 on switch "geelong" , my quantum tape library on port 3/2 on switch "melbourne" and wanted to zone them together I would have a zone name something like

[switch descriptor]-[port number-[hostname]-[switch desciptor]-[port number]-[target descriptor]

geelong-port1-2-fred-melbourne-port3-2-quantum_lto4

At least from this name you can somewhat tell what the zone is _meant_ to be doing :)

I hope this helps a little bit :)

Cheers

Andrew