[Data Security] The opportunity to make use of an information system resource.
[File System] [Data Security] A persistent list, commonly composed of Access Control Entries (ACEs), that enumerates the rights of principals (users and groups of users and/or groups) to access resources.
[Data Security] Security safeguards (i.e., hardware and software features, physical controls, operating procedures, management procedures, and various combinations of these) designed to detect and deny unauthorized access and permit authorized access to an information system. [CNSSI-4009]
[Fibre Channel] A process by which nodes are provided access to a Fibre Channel arbitrated loop independently of other nodes' activity.
1. [Operating System] The means used to access a physical transmission medium in order to transmit data.
2. [Operating System] In IBM Corporation's OS/390 operating system and its precursors, a file organization method, such as sequential, random, indexed, etc., and the operating system software used to implement it.
[Storage System] The combination of adapters, addresses and routes through a switching fabric used by a computer to communicate with a storage device.
Some configurations support multiple access paths to a single device. See multi-path I/O.
[Data Security] An established relationship between a principal and a computer, network or service.
1. [Data Security] The property enabling individuals’ activities on a system to be linked back to them as individuals in such a way that there is little possibility for them to deny responsibility for their activities.
2. [Data Security] The security goal that generates the requirement for actions of an entity to be traced uniquely to that entity. This supports non-repudiation, deterrence, fault isolation, intrusion detection and prevention, and after-action recovery and legal action. [NIST SP 800-27]
[File System] [Data Security] Acronym for Access Control Entry.
[File System] [Data Security] Acronym for Access Control List.
[Data Recovery] Acronym for Automated Cartridge System.
1. [Fibre Channel] The state of a Fibre Channel Sequence Initiator between the start of transmission of the first data frame of a sequence and the completion of transmission of the last data frame in the sequence.
2. [Fibre Channel] The state of a Fibre Channel Sequence Recipient between the start of reception of the first data frame of a sequence and the completion of reception of the last data frame in the sequence.
[Storage System] Synonym for dual active components or controllers.
[Long term retention] A long-term data retention system that allows online access to retained file and object data.
[Data Management] Data that is immediately accessible to an application without the need to stage it in from a lower tier of storage.
See near-online data.
[Windows] A Microsoft technology for the central and hierarchical administration of large groups of computers, users and groups.
[Storage System] Synonym for hot standby components or controllers.
[Windows] Acronym for Active Directory.
[General] A hardware device—typically an add-in card or specialized component on a system board—that converts the timing and protocol of one bus or interface to another, to enable a computer system's processing hardware to access peripheral devices.
1. [Hardware] Acronym for Analog Digital Converter.
1. [Computer System] A fixed length bit pattern that uniquely identifies a block of data stored on a disk or tape.
2. [Computer System] A fixed-length bit pattern that uniquely identifies a location (bit, byte, word, etc.) in a computer memory.
4. [Network] A bit pattern that uniquely identifies a device on a network.
[Computer System] An algorithm by which areas of fixed disk, removable cartridge media, or computer system main memory are uniquely identified.
[Data Security] Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. [NIST SP 800-53]
[Storage System] A computer that manages one or more storage subsystems (e.g., filers, disk array subsystems, tape subsystems, etc.).
[Storage System] A standard designed to connect hard and removable disk drives.
[Legal] Inference that destroyed or missing evidence (data) would have been harmful to a party who failed to provide it.
[Data Security] Acronym for Advanced Encryption Standard.
[General] A program that performs one or more services (such as gathering information from the Internet), acting for or as a principal.
[Network] [Storage System] A process related to consolidation, consisting of combining multiple similar and related objects or operations into a single one.
[Data Security] Acronym for Authentication Header.
[Storage System] Acronym for Advanced Intelligent Tape.
If a volume is algorithmically mapped, the physical location of a block of data may be calculated from its virtual volume address using known characteristics of the volume (e.g., stripe depth and number of member disks). See dynamic mapping, tabular mapping.
[General] An alternate name for an entity, sometimes used to create names that are more easily human readable.
[Fibre Channel] One or more address identifiers that may be recognized by an N_Port in addition to its N_Port Identifier, used to form groups of N_Ports so that frames may be addressed to a group rather than to individual N_Ports.
See multicast group.
[Fibre Channel] Acronym for Arbitrated Loop Physical Address.
[Data Recovery] The process of restoring files to a different client than the one from which they were backed up.
[Data Recovery] The process of restoring files to a different directory than the one from which they were backed up.
1. [General] The state of always having power applied (systems) or of being continually active (communication links).
2. [Fibre Channel] A state of an operational link of always being powered on and continually transmitting either data frames, idles or fill words, in contrast to bursty transmissions and listening for a quiet line in earlier 10 and 100 Mbit/sec Ethernet.
[Standards] A body that coordinates the development and use of voluntary consensus standards in the United States and represents the needs and views of U.S. stakeholders in international standardization forums around the globe.
ANSI accredits both standards certification organizations and standards development organizations. The IEEE Standards Association (which standardizes Ethernet and many other technologies) and INCITS (which standardizes SCSI, Fibre Channel, MPEG, and many other technologies) are two of over 100 ANSI accredited standards organizations.
[Hardware] A device that converts a continuously valued (analog) input to a discretely valued (digital) output.
[Standards] Acronym for American National Standards Institute.
The full name of this committee is the INCITS SCSI Storage Interfaces Technical Committee (INCITS TC T10).
The full name of this committee is the INCITS Fibre Channel Interfaces (T11) Technical Committee (INCITS TC T11).
[General] Acronym for Application Programming Interface.
[General] An intelligent device programmed to perform a single well-defined function, such as providing file, web, network or print services.
Appliances differ from general purpose computers in that their software is normally customized for the function they perform, pre-loaded by the vendor, and not alterable by the user. See filer.
[Storage System] A client of a storage system.
Applications range from desktop productivity applications to enterprise-wide federated applications spanning multiple databases and file systems.
application read request
application write request
[General] An interface used by an application program to request services.
The term API is usually used to denote interfaces between applications and the software components that comprise the operating environment (e.g., operating system, file system, volume manager, device drivers, etc.).
[Standards] An Open Group technical standard, being advanced in both The Open Group and the Distributed Management Task Force, which defines function calls for transaction monitoring.
At any instant, only one port in a Fibre Channel Arbitrated Loop can transmit data. Before transmitting data, a port in a Fibre Channel Arbitrated Loop must participate with all other ports in the loop in an arbitration to gain the right to transmit data. The arbitration logic is distributed among all of a loop's ports.
2. [Fibre Channel] The version of the Fibre Channel protocol used with the arbitrated loop physical topology.
[Fibre Channel] An 8-bit value used to identify a participating device in an Arbitrated Loop.
[General] Any process by which a user of a shared resource—such as a port connected to a shared bus—negotiates with other users for the (usually temporary) right to use the resource (in the given example, by transmitting data on the bus).
2. [Data Management] Synonym for data ingestion.
3. An organization of people and systems that have accepted the responsibility to protect, retain, and preserve information and data and make it available for a Designated Community. (Source: ISO 14721)
1. [General] Acronym for Application Response Measurement.
2. [Computer System] A common microprocessor architecture, as well as the name of the company that created the architecture.
[Network] Acronym for Address Resolution Protocol.
1. [Storage System] Assignment of the disks and operating parameters for a disk array by setting parameters such as stripe depth, RAID model, cache allowance, spare disk assignments, etc. See configuration, physical configuration.
2. [Storage System] The arrangement of disks and operating parameters that results from such an assignment.
[Computer System] Acronym for Application Specific Integrated Circuit.
[Storage System] The amount of space on a system or data container which has been allotted to be written by an end user or application.
On thin provisioning systems, an assigned capacity number represents a promise that that amount of space will be provided on demand; usable capacity is allocated as the container is written. On fully provisioned systems, usable capacity must be committed at the same time the container is allocated. See thin provisioning.
[Data Security] A process for demonstrating that the security goals and objectives for an IT product or system are met on a continuing basis.
[Data Security] Synonym for public key cryptography.
[Computer System] Synonym for out-of-band virtualization.
Out-of-band virtualization is the preferred term.
[Storage System] A request to perform an asynchronous I/O operation.
[Storage System] Deprecated synonym for asynchronous replication.
[Storage System] A replication technique in which data must be committed to storage at only the primary site and not the secondary site before the write is acknowledged to the host. Data is then forwarded to the secondary site as the network capabilities permit.
[Network] A connection-oriented data communications technology based on switching 53 byte fixed-length units of data called cells.
ATM transmission rates are multiples of 51.840 Mbits per second. Each cell is dynamically routed. In the United States, a public communications service called SONET uses ATM at transmission rates of 155, 622, 2048, and 9196 Mbits per second. These are called OC-3, OC-12, OC-48, and OC-192 respectively. A similar service called SDH is offered in Europe. ATM is also used as a LAN infrastructure, sometimes with different transmission rates and coding methods than are offered with SONET and SDH.
[Storage System] Acronym for Advanced Technology Attachment.
[Network] Acronym for Asynchronous Transfer Mode.
[General] An operation that, from an external perspective, occurs either in its entirety or not at all.
For example, database management systems that implement the concept of business transactions treat each business transaction as an atomic operation on the database. This means that either all of the database updates that comprise a transaction are performed or none of them are performed; it is never the case that some of them are performed and others not. RAID arrays must implement atomic write operations to properly reproduce single-disk semantics from the perspective of their clients.
[Data Security] Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself. [CNSSI-4009]
[General] Independent review and examination of records and activities to assess the adequacy of controls, to ensure compliance with established policies and operational procedures, and to recommend necessary changes in controls, policies, or procedures.
[Data Security] Synonym for audit trail.
[Network] [Data Security] A chronological record of system activities that enables the reconstruction and examination of a sequence of events and/or changes in a system such as an information system, a communications system or any transfer of sensitive material and/or information.
1. [General] Being genuine, or accurate in representation of facts.
2. [Legal] For evidence, being found by a jury (or trier of fact) to be what it purports to be and thus being worthy of trust, reliance, or belief.
1. [Data Security] The act of verifying the identity claimed by a party to an interaction.
[Data Security] A component of IPsec, standardized by the IETF, that permits the specification of various authentication mechanisms designed to provide connectionless integrity, data origin authentication, and an optional anti-replay service.
1. [Data Management] Synonym for data integrity.
2. [Data Security] The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. [NIST SP 800-53]
3. [Legal] The property, condition, or quality of being worthy of trust, reliance, or belief because the proponent (offeror) has shown enough corroborating evidence to a jury (or trier of fact) to warrant such.
1. [Network] The process of determining—for example via access control—that a requestor is allowed to receive a service or perform an operation.
2. [Data Security] The limiting of usage of information system resources to authorized users, programs, processes or other systems, formally described as controlling usage by subjects of objects.
[Data Recovery] Synonym for tape cartridge handling robot.
[Storage System] Automatic movement of data between storage tiers based on policy.
The tiers may be within a single storage system or may span storage systems, including a cloud storage tier.
[Data Recovery] A backup triggered by an event (e.g., a schedule point, or a threshold reached) rather than by human action.
[Storage System] Failover that occurs without human intervention.
[Computer System] The substitution of a replacement unit (RU) in a system for a defective one, where the substitution is performed by the system itself while it continues to perform its normal function (possibly at a reduced rate of performance).
Automatic swaps are functional rather than physical substitutions, and do not require human intervention. Ultimately, however, defective components must be replaced in a physical hot, warm, or cold swap operation. See cold swap, hot swap, warm swap, hot spare.
[Storage System] Deprecated synonym for automatic failover.
[Storage System] The ability of a storage system to self-regulate attributes such as capacity, performance, and resiliency based on application demands, without any administrative intervention.
[Computer System] Abbreviation for automatic swap.
[Storage System] Synonym for automated storage tiering.
1. [General] The amount of time that a system is available during those time periods when it is expected to be available, often measured as a percentage of an elapsed year.
For example, 99.95% availability equates to 4.38 hours of downtime in a year (0.0005 * 365 * 24 = 4.38) for a system that is expected to be available all the time. See data availability, high availability.
2. [General] The property of being accessible and usable upon demand by an authorized entity.
[Data Management] [Storage System] Synonym for free space.