[Data Security] Acronym for Certification Authority.
[Network] All of an installation's passive communications elements (e.g., optical fiber, twisted pair, or coaxial cable, connectors, splices, etc.) between transmitters and receivers.
1. [Computer System] To store data temporarily for expedited access.
2. [Computer System] The location in which data is stored temporarily.
There are a variety of cache types. Read cache holds data in anticipation that it will be requested. Write cache holds data written by a client until it can be stored on other (typically slower) storage media such as disk or tape. See buffer, disk cache, write back cache, write through cache.
[Storage System] An enclosure for a single disk or tape.
Canisters are usually designed to mount in shelves that supply power, cooling, and I/O interconnect services to the devices. They are used to minimize RF emissions and to simplify insertion and removal of devices in multi-device storage subsystems. See shelf.
[Storage System] A system which employs at least one capacity optimization method.
[General] The process of optimizing supply of a given resource to satisfy current and future demand for that resource.
Common methods used for capacity planning include tracking, trending, forecasting and scenario planning to predict future demand.
Carrier sense refers to arbitration for a shared link. Unlike "always on" physical protocols, carrier sense protocols require a node wishing to transmit to wait for the absence of carrier (indicating that another node is transmitting) on the link. Multiple access refers to the party line nature of the link. A large number of nodes (up to 500 in the case of Ethernet) share access to a single link. Collision detection refers to the possibility that two nodes will simultaneously sense absence of carrier and begin to transmit, interfering with each other. Nodes are required to detect this interference, and cease transmitting. In the case of Ethernet, each node detecting a collision is required to wait for a random interval before attempting to transmit again.
[Fibre Channel] The process of connecting two or more Fibre Channel hubs or switches together to increase the number of ports or extend distances.
2. [File System] A persistent data structure used by some file systems to keep track of the files they manage.
[Data Security] Acronym for Cipher Block Chaining.
[Data Security] Acronym for Common Criteria.
[SCSI] Acronym for Command Descriptor Block.
[Standards] Acronym for Cloud Data Management Interface.
[Data Recovery] Acronym for Continuous Data Protection.
[Fibre Channel] Acronym for Clock and Data Recovery.
The CRL is made available to entities that need to rely on a certificate for authentication.
[Data Security] In a Public Key Infrastructure (PKI), the authority and organization responsible for issuing and revoking user certificates, and ensuring compliance with the PKI policies and procedures.
[Legal] A process that tracks the movement of evidence through its collection, safeguarding, and analysis lifecycle by documenting each person who handled the evidence, the date/time it was collected or transferred, and the purpose for the transfer. [NIST SP 800-72]
[Data Security] A step in an authentication dialog that must be answered using either a secret or process assumed to be known only by the other party.
A challenge can be as simple as “What’s your password?” or as complex as “Send me the result of a retinal scan of your right eye.”
[Storage System] Deprecated synonym for delta snapshot.
1. [Storage System] The electrical circuits that sense or cause the state changes in recording media and convert between those state changes and electrical signals that can be interpreted as data bits.
2. [Computer System] Synonym for I/O interconnect.
The term channel has other meanings in other branches of computer technology. The definitions given here are commonly used when discussing storage and networking. See device channel, I/O interconnect, host I/O bus.
1. [Computer System] Synonym for byte.
Some transmission characters used in FC-1 correspond to special codes and some 10 bit sequences represent invalid transmission characters.
[Computer System] Synonym for Command Line Interface.
[Storage System] Synonym for parity data.
1. [Data Recovery] The recorded state of an application at an instant of time, including data, in-memory variables, program counter, and all other context that would be required to resume application execution from the recorded state.
2. [File System] An activity of a file system, such as the High Performance File System, (HPFS) or the Andrew File System (AFS), in which cached metadata (data about the structures of the file system) is periodically written to the file system's permanent store, allowing the file system to maintain consistency if an unexpected stop occurs.
[Data Security] A value computed across a set of data, used to detect change.
A checksum is often used for error and manipulation detection.
[Storage System] Deprecated synonym for strip.
[iSCSI] Acronym for Connection Identifier.
[File System] Acronym for Common Internet File System.
[Management] [Network] Acronym for Common Information Model.
[Data Security] Any cryptographic system in which arbitrary symbols or groups of symbols represent units of plain text, or in which units of plain text are rearranged, or both.
[Data Security] A named combination of a key exchange algorithm (for authentication), a bulk encryption algorithm, a message authentication code (MAC) algorithm, and a pseudorandom function (PRF) that may be negotiated and used to establish the security settings for a network connection using the Transport Layer Security (TLS) or Secure Sockets Layer (SSL) network protocol.
[Data Security] Data that has been encrypted.
[Data Security] A block cipher mode of operation, in which each block of plaintext is XORed with the previous ciphertext block before being encrypted, making each ciphertext block dependent on all preceding plaintext blocks.
[Fibre Channel] [Network] Synonym for communication circuit.
[Storage System] Synonym for Count-Key-Data disk architecture.
[Fibre Channel] A connection-oriented class of Fibre Channel communication service in which the entire bandwidth of the link between two ports is dedicated for communication between the ports and not used for other purposes.
[Fibre Channel] A connectionless Fibre Channel communication service which multiplexes frames from one or more N_Ports or NL_Ports.
[Fibre Channel] A connectionless Fibre Channel communication service that multiplexes frames to or from one or more N_Ports or NL_Ports.
Class 3 frames are datagrams, that is they are not explicitly acknowledged, and delivery is on a "best effort" basis.
1. [Network] A mechanism for managing traffic in a network by specifying message or packet priority or delivery acknowledgement.
Network mechanisms include identification and grouping of data packets based on a priority label (in the packet header) or via mechanisms such as "per hop behavior", defined by the IETF's Differentiated Services.
Fibre Channel classes of service include connection-based services (Class 1), acknowledged frame delivery with end to end flow control (Class 2), and packetized frame datagrams (Class 3). Different classes of service may simultaneously exist in a fabric. The form and reliability of delivery in Class 3 circuits may vary with the topology.
[Data Security] Information that an appropriate agency has determined to require protection against unauthorized disclosure and has caused to be marked to indicate its classified status.
[Data Security] Alternative term for plaintext. Stating that data is in cleartext implies that the data is not scrambled or rearranged, and is in its raw form.
[Computer System] Acronym for Command Line Interface.
1. [Computer System] An intelligent device or system that requests services from other intelligent devices, systems, or appliances.
2. [General] An asymmetric relationship with a second party (a server) in which the client initiates requests and the server responds to those requests.
[Capacity Optimization] Deprecated synonym for source data deduplication.
[Data Management] Synonym for snapshot.
Clones and snapshots are full copies. See delta snapshot.
[Cloud] An intermediary that provides connectivity and transport of cloud services between cloud providers and cloud consumers.
[Cloud] A person or organization that uses cloud services.
CDMI is an interface for both the data path and the control path of cloud storage.
CDMI can also be used to manage storage in Cloud Computing deployments.
[Data Management] A cloud-based offering providing a digital archive service.
[Services] Synonym for Data storage as a Service.
[Cloud] A set of data processing components that can be automatically provisioned by consumers, accessed over a network and that provide secure multitenancy.
[Cloud] A person, organization or entity responsible for making cloud services available to consumers.
[Cloud] Systematic evaluation of a cloud system by assessing how well it conforms to a set of established security criteria.
[Computer System] A collection of computers that are interconnected (typically at high speeds) for the purpose of improving reliability, availability, serviceability, load balancing and/or performance.
Often, clustered computers have access to a common pool of storage, and run special software to coordinate the component computers' activities.
[Management] [Network] Acronym for Common Management Information Protocol.
[Network] An electrical transmission medium consisting of two concentric conductors separated by a dielectric material with the spacings and material arranged to give a specified electrical impedance.
See triaxial cable.
[Computer System] A bit (binary digit) of an encoded datum.
Sequences of code bits make up symbols, each of which corresponds to a data element (word, byte, or other unit).
[Computer System] A byte of an encoded datum.
[Fibre Channel] The error condition that occurs when a received transmission character cannot be decoded into a valid data byte or special code using the validity checking rules specified by the transmission code.
[Data Recovery] Synonym for offline backup.
[Fibre Channel] In an encoded data stream using 8B/10B encoding, either of the seven bit sequences 0011111 or 1100000.
[Computer System] A form of human interface to intelligent devices characterized by non-directive prompting and character string user input.
CLIs are used by system consoles and remote shell sessions (RSH, SSH). They are very useful for scripting and other administrative purposes, but are usually perceived by end users to be more difficult to comprehend and use than graphical user interfaces (GUIs).
[Data Security] A multi-part International Standard that is meant to be used as the basis for evaluation of security properties of IT products and systems.
The CC is specified in ISO/IEC 15408-1:1999, ISO/IEC 15408-2:1999, and ISO/IEC 15408-3:1999.
CIM is divided into a Core Model and Common Models. The Core Model addresses high-level concepts (such as systems and devices), as well as fundamental relationships (such as dependencies). The Common Models describe specific problem domains such as computer system, network, user or device management. The Common Models are subclasses of the Core Model and may also be subclasses of each other.
CIFS was originally called Server Message Block (SMB). Today, other implementations of the CIFS protocol allow other clients and servers to use it for intercommunication and interoperation with Microsoft operating systems.
[Management] [Network] A network management protocol built on the Open Systems Interconnection (OSI) communication model.
CMIP is more complete, and therefore larger than, SNMP.
2. [Network] A specific logical or physical path between two points over which communications occur.
[Network] [Data Security] Protection of information while it's being transmitted, particularly via telecommunications.
[Data Security] A way - also known as a band-aid - of mitigating a known risk where it may not be feasible to deploy specific technical enablement.
The most common complex arrays are multi-level disk arrays, which perform more than one level of data address mapping, and adaptive arrays, which are capable of changing data address mapping dynamically.
[General] The process of encoding data to reduce its size.
Lossy compression (i.e., compression using a technique in which a portion of the original information is lost) is acceptable for some forms of data (e.g., digital images) in some applications, but for most IT applications, lossless compression (i.e., compression using a technique that preserves the entire content of the original data, and from which the original data can be reconstructed exactly) is required.
1. [General] The state of being in accordance with a standard, specification, or clearly defined requirements.
2. [Legal] The state of being in accordance with legal requirements.
The "compliance market" is centered around storage and systems that support the retention and discovery of data as required by law or regulation.
[Data Security] Measures and controls that ensure confidentiality, integrity, and availability of information system assets including hardware, software, firmware, and information being processed, stored, and communicated.
[Cloud] A cloud infrastructure shared by several organizations and supporting a specific community that has shared concerns (e.g., mission, security requirements, policy, and compliance considerations).
[Network] [Storage System] A logical joining of two series of data, usually represented by the symbol “|”.
In data communications, two or more datums are often concatenated to provide a unique name or reference (e.g., S_ID | X_ID). Volume managers concatenate disk address spaces to present a single larger address spaces.
[Computer System] The property of overlapping in time, often in reference to the execution of I/O operations or I/O requests.
[Storage System] A hybrid point in time copy mechanism which creates a split mirror copy by copying blocks from the source as they are requested by the host, while copying so-far unrequested blocks in the background until the mirror is complete.
A concurrent copy initially occupies at least the amount of storage required to hold accessed blocks and grows to occupy as much storage as the copy source.
[Computer System] Operations that overlap in time.
The concept of concurrent I/O operations is central to the use of independent access arrays in throughput-intensive applications.
[General] The processing of a signal for the purpose of making it conform more closely to an ideal.
Power conditioning is used to minimize voltage and frequency variations in an external power. Signal conditioning is used to reduce noise in logic or data signals.
[Data Security] The property that data cannot be accessed by unauthorized parties.
Confidentiality may be created by the use of encryption or access controls.
1. [Storage System] The process of installing or removing hardware or software components required for a system or subsystem to function.
2. [Storage System] Assignment of the operating parameters of a system, subsystem or device, such as designating a disk array’s member disks or extents and parameters such as stripe depth, RAID model, cache allowance, etc.
[General] The management of system features and behaviors through the control of changes made to hardware, software, firmware documentation and related resources throughout the life cycle of an information system.
1. [Fibre Channel] Short form of dedicated connection.
[Fibre Channel] An N_Port that initiates a Class 1 connection with a destination N_Port through a connect-request and which receives a valid response from the destination N_Port to establish the connection.
[Fibre Channel] A receive buffer used in a connectionless service that is capable of receiving connectionless frames.
[Data Security] A security service that provides data integrity service for an individual IP datagram by detecting modification of the datagram without regard to the ordering of the datagram in a stream of datagrams.
[Fibre Channel] Communication between two N_Ports or NL_Ports without a dedicated connection.
[Storage System] A collection of replication sets grouped together to ensure write order consistency across all the replication sets' primary volumes.
An operation on a consistency group, such as changing replication from asynchronous to synchronous, applies to all the replication sets within the consistency group, and consequently their volumes.
1. [Storage System] A volume that satisfies the consistency criteria of the system on which it is hosted.
1. [Computer System] A device for graphical or textual visual output from a computer system.
2. [Computer System] In systems, network and device management, an application that provides graphical and textual feedback regarding operation and status, and that may accept operator commands and input influencing operation and status.
Sophisticated consoles designed for the management of many systems from one location are sometimes called enterprise management consoles.
[Storage System] A data deduplication method that does not require awareness of specific application data formats.
[Storage System] A data deduplication method that leverages knowledge of specific application data formats.
[Data Recovery] A class of mechanisms that continuously capture or track data modifications enabling recovery to previous points in time.
[Fibre Channel] A transmission control algorithm in which the frames containing the subblocks that comprise a block of information are transmitted strictly in the order of the subblocks.
[Storage System] A body of software that provides common control and management for one or more disk arrays or tape arrays.
Control software presents the arrays of disks or tapes it controls to its operating environment as one or more virtual disks or tapes. Control software may execute in a disk controller or intelligent host bus adapter, or in a host computer. When it executes in a disk controller or adapter, control software is often referred to as firmware.
1. [Storage System] The control logic in a disk or tape that performs command decoding and execution, host data transfer, serialization and deserialization of data, error detection and correction, and overall management of device operations.
2. [Management] The control logic in a storage subsystem that performs command transformation and routing, aggregation (RAID, mirroring, striping, or other), high-level error recovery, and performance optimization for multiple storage devices.
[Computer System] The pooling of compute, storage, and networking resources using either common management tools or common (shared) physical resources.
[Storage System] [Backup] A technique for maintaining a point in time copy of a collection of data by copying only data that is modified after the instant of replicate initiation; the original source data is used to satisfy read requests for both the source data itself and for the unmodified portion of the point in time copy.
See pointer remapping.
Copyback, which is most often used to create or restore a particular physical configuration for an array (e.g., a particular arrangement of array members on device I/O interconnects), is accomplished without reduction of the array.
[Fibre Channel] A set of entities with the same Core Switch_Name that may host multiple Virtual Switches.
A Core Switch may be a set of ports in a physical chassis, or in multiple physical chassis.
[Storage System] A disk data organization model in which the disk is assumed to consist of a fixed number of tracks, each having a maximum data capacity.
Multiple records of varying length may be written on each track of a Count-Key-Data disk, and the usable capacity of each track depends on the number of records written to it. The CKD architecture derives its name from the record format, which consists of a field containing the number of bytes in the key and data fields and a record address, an optional key field by which particular records can be easily recognized, and the data itself. CKD is the storage architecture used by IBM Corporation's System 390 series of mainframe computer systems. See fixed block architecture.
[Data Security] An unintended and/or unauthorized communications path that can be used to transfer information in a manner that violates a security policy.
[Computer System] Acronym for Copy On Write.
[Data Security] Information, passed from one entity to another, used to establish the sending entity's identity and/or access rights.
2. [Fibre Channel] For links using buffer to buffer flow control, the number of receive buffers allocated to a transmitting N_Port, NL_Port, or F_Port.
The credit is the maximum number of outstanding frames that can be transmitted by that N_Port, NL_Port, or F_Port without causing a buffer overrun condition at the receiver.
[Data Communication] [Storage System] Acronym for Cyclic Redundancy Check.
[Data Security] Acronym for Certificate Revocation List.
[General] Acronym for Customer Replaceable Unit.
[Data Security] A set of operations performed in converting encrypted information to plain text without initial knowledge of the algorithm and/or key employed in the encryption.
[Data Security] An algorithm whose outputs have cryptanalytic security properties with respect to its inputs, or vice versa.
[Data Security] A method for rendering encrypted data unrecoverable by securely deleting the keying material required to decrypt the data.
The encrypted data itself is not modified. The protection offered by cryptographic erasure is bounded by the work factor involved in discovering the decryption key or mounting a cryptanalytic attack on the encryption algorithm itself.
[Data Security] A function that maps plaintext strings of any length to bit strings of fixed length, such that it is computationally infeasible to find correlations between inputs and outputs, and such that given one part of the output, but not the input, it is computationally infeasible to predict any bit of the remaining output.
Cryptographic hash functions have many information security applications, notably in digital signatures, message authentication codes (MACs), and other forms of authentication. The output from a cryptographic hash function is known as a message digest or hash value.
[Data Security] The principles, means and methods for rendering information unintelligible, and for restoring encrypted information to intelligible form.
[Data Security] The time span during which a specific key is authorized for use or in which the keys for a given system or application may remain in effect. [NIST SP 800-57 Part 1]
[Data Security] A system for encrypting and decrypting data.
[Network] Acronym for Carrier Sense Multiple Access with Collision Detection.
[Data Recovery] A backup in which all data objects modified since the last full backup are copied.
To restore data when cumulative incremental backups are in use, only the latest full backup and the latest cumulative incremental backup are required. See differential incremental backup, full backup.
[Fibre Channel] The running disparity present at a transmitter when the encoding of a valid data byte or special code is initiated, or at a receiver when the decoding of a transmission character is initiated.
[General] A unit, or component of a system that is designed to be replaced by “customers;” i.e., individuals who may not be trained as computer system service personnel.
[Fibre Channel] A switching technique that allows a routing decision to be made and acted upon as soon as the destination address of a frame is received.
[Data Communication] [Storage System] A scheme for checking the integrity of data that has been transmitted or stored and retrieved.
A CRC consists of a fixed number of bits computed as a function of the data to be protected, and appended to the data. When the data is read or received, the function is recomputed, and the result is compared to that appended to the data. Cyclic redundancy checks differ from error correcting codes in that they can detect a wide range of errors, but are not capable of correcting them. See error correcting code.
See block addressing.