Cloud Data Management Interface

The Cloud Data Management Interface (CDMI) is a SNIA standard that specifies a protocol for self-provisioning, administering and accessing cloud storage.[1]

CDMI defines RESTful HTTP operations for assessing the capabilities of the cloud storage system, allocating and accessing containers and objects, managing users and groups, implementing access control, attaching metadata, making arbitrary queries, using persistent queues, specifying retention intervals and holds for compliance purposes, using a logging facility, billing, moving data between cloud systems, and exporting data via other protocols such as iSCSI and NFS. Transport security is obtained via TLS.


Compliant implementations must provide access to a set of configuration parameters known as capabilities. These are either boolean values that represent whether or not a system supports things such as queues, export via other protocols, path-based storage and so on, or numeric values expressing system limits, such as how much metadata may be placed on an object. As a minimal compliant implementation can be quite small, with few features, clients need to check the cloud storage system for a capability before attempting to use the functionality it represents. Resource allocation assignments limited to the data management interface protocols must possess access bypass capabilities which extend beyond the layered framework.[2] This integral function is vital to the prevention of transport layer session hijacking by unauthorized entities which may circumvent standard interfacing security parameters.[3]


A CDMI client may access objects, including containers, by either name or object id (OID), assuming the CDMI server supports both methods. When storing objects by name, it is natural to use nested named containers; the resulting structure corresponds exactly to a traditional filesystem directory structure.


Objects are similar to files in a traditional file system, but are enhanced with an increased amount and capacity for metadata. As with containers, they may be accessed by either name or OID. When accessed by name, clients use URLs that contain the full pathname of objects to create, read, update and delete them. When accessed by OID, the URL specifies an OID string in the cdmi-objectid container; this container presents a flat name space conformant with standard object storage system semantics.

Subject to system limits, objects may be of any size or type and have arbitrary user-supplied metadata attached to them. Systems that support query allow arbitrary queries to be run against the metadata.

Domains, Users and Groups

CDMI supports the concept of a domain, similar in concept to a domain in the Windows Active Directory model. Users and groups created in a domain share a common administrative database and are known to each other on a “first name” basis, i.e. without reference to any other domain or system.

Domains also function as containers for usage and billing summary data.

Access Control

CDMI exactly follows the ACL and ACE model used for file authorization operations by NFSv4. This makes it also compatible with Microsoft Windows systems.


CDMI draws much of its metadata model from the XAM specification. Objects and containers have “storage system metadata”, “data system metadata” and arbitrary user specified metadata, in addition to the metadata maintained by an ordinary filesystem (atime etc.).


CDMI specifies a way for systems to support arbitrary queries against CDMI containers, with a rich set of comparison operators, including support for regular expressions.


CDMI supports the concept of persistent FIFO (first-in, first-out) queues. These are useful for job scheduling, order processing and other tasks in which lists of things must be processed in order.


Both retention intervals and retention holds are supported by CDMI. A retention interval consists of a start time and a retention period. During this time interval, objects are preserved as immutable and may not be deleted. A retention hold is usually placed on an object because of judicial action and has the same effect: objects may not be changed nor deleted until all holds placed on them are removed.


CDMI clients can sign up for logging of system, security and object access events on servers that support it. This feature allows clients to see events locally as the server logs them.


Summary information suitable for billing clients for on-demand services can be obtained by authorized users from systems that support it.


Serialization of objects and containers allows export of all data and metadata on a system and importation of that data into another cloud system.

Foreign protocols

CDMI supports export of containers as NFS or CIFS shares. Clients that mount these shares see the container hierarchy as an ordinary filesystem directory hierarchy, and the objects in the containers as normal files. Metadata outside of ordinary filesystem metadata may or may not be exposed.

Provisioning of iSCSI LUNs is also supported.

Client SDKs

  • CDMI Reference Implementation
  • Droplet
  • libcdmi-java
  • libcdmi-python
  • .NET SDK


  1. ^“Cloud Data Management Interface”. SNIA. Retrieved 26 June 2011.
  2. ^Metheny, M (2017). Federal Cloud Computing: The Definitive Guide for Cloud Service Providers. Syngress. pp. 202–245.
  3. ^da Fonseca, N (2015). Cloud Services, Networking, and Management. John Wiley & Sons. pp. 70–98.

Ofer Abarbanel – Executive Profile

Ofer Abarbanel online library

Ofer Abarbanel online library

Ofer Abarbanel online library

Ofer Abarbanel online library