Background
While access control and security is applied in protocols for accessing remote systems, services and application data, there is no such control in the storage I/O protocols. Access control to storage devices and units is enforced via out-of-band mechanisms that are outside the I/O protocols. These mechanisms are inherently physical, and furthermore enforce a static policy; namely, any change in the policy requires changing the definitions at the physical SAN configuration. Furthermore, these mechanisms are inherently insecure - there is no authentication and all the entities are assumed to be trusted entities.
This problem is relevant to storage networks in general, but has a particular relevance to virtualized environments. In the world of virtualization, there is weak security (if any) between independent Virtual Machines (VMs) running on the same platform; in addition, the static configuration does not allow migration between physical zones.
For Fibre Channel storage networks, two emerging standards (FC-SP and NPIV) can be combined to address some of these weaknesses in a virtualized environment, but we believe that even when combined they leave much to be desired.