Professional Documents
Culture Documents
CoudPlus Glossary PDF
CoudPlus Glossary PDF
2 Glossary
3DES Triple Data Encryption Standard. 3DES is a symmetrical cipher. Three encryption
keys of various lengths are used. The first key is used to encrypt a block of data, a second
key is then used to decrypt the block, and a third key is used to encrypt it again. This triple
encryption function on each block of data is reversed to decrypt the data.
A
Address Resolution Protocol (ARP) The protocol that determines the mapping of an IP
address to the physical MAC address on a local network.
AES Advanced Encryption Standard. This is a symmetrical block cipher. AES has been
approved and adopted by many governments, including the United States and Canada, to
encrypt sensitive data. AES has also been adopted as a standard by the National Institute of
Standards and Technology.
application life cycle The management of a software application from the initial planning
stages through to its retirement.
asynchronous replication Writes the data to the primary storage location and then later
sends copies to the remote replicas. With asynchronous replication, there will be a delay
as the data is copied to the backup site and becomes consistent because it uses a store-and-
forward design.
authentication The process of determining the identity of a client usually by a login process.
automation Software systems operating in a cloud provider’s data center that automate
the deployment and monitoring of cloud offerings.
availability Percentage of service uptime. It is the total uptime versus the total time.
availability zones Isolated locations within data center regions that public cloud services
originate and operate.
B
backup target The endpoint or storage system where the backup data is to be stored.
backup window The time available for the backup operation to run while the target
storage system is either offline or lightly used.
Glossary 3
bare metal Server hardware including motherboards and storage, processing, and
networking components. A bare-metal server does not run a hypervisor.
baseline Collected data that provides trend analysis and capacity utilization information
measured over time to determine average or expected metrics of a service in normal
operation; a point-in-time view of operations that needs to be constantly tracked as part of
your ongoing operations.
BPaaS Business Process as a Service. This is when a company outsources to the cloud
many business applications, such as inventory, shipping, supply chain finance, and other
business software applications.
business continuity plan A plan that recognizes there are inherent threats and risks
that can have a detrimental effect on a company and that defines how to protect the
company assets and be able to survive a disaster. This gives an organization the ability to
continue operations and to deliver products and services after an event that disrupts its
operations.
C
CaaS Communications as a Service. It includes cloud-hosted voice, video conferencing,
instant messaging, e-mail, collaboration, and other communication services.
capacity The end-to-end metric for maximum available network bandwidth and utilized
capacity, or rate, from source to destination. It can also be the maximum amount that
something can contain or, in the case of cloud resources, the maximum supported capacity
of any object or service.
change advisory board Supports the change management team by reviewing, sequencing,
and approving changes that have been requested; by determining the priorities; and by
planning for all upcoming changes.
change approvals The process dedicated to approving or denying all change requests
submitted by an organization’s IT operations.
change management The process of managing all aspects of ongoing upgrades, repairs,
and reconfigurations.
cipher Any method of encrypting data by concealing its readability and meaning.
cloud bursting Elasticity model where a primary data center carries the current compute
load, and when additional capacity is required, a remote cloud can assist with the load.
cloud management To make sure a cloud deployment is optimized for the applications,
meets performance agreements, is secure, has no faults or alarms, and is configured
correctly; also that all accounting data is collected.
cloud object storage Storage data such as a common file that is paired with metadata
and combined into a storage object.
cloud segmentation The process of dividing the cloud deployment into small sections to
allow for granular security polices to be applied.
clusters Groups of computers interconnected by a local area network and tightly coupled
together.
cold site When the backup data center is provisioned to take over operations in the event
of a primary data center failure but the servers and infrastructure are not deployed or
operational until needed.
command-line interface (CLI) A text-based interface tool used to configure, manage, and
troubleshoot devices.
compute pools When the hypervisor virtualizes the physical CPU into virtual pools that
are allocated by the hypervisor to virtual machines.
consumer A company or organization that purchases and uses cloud computing services.
CPU affinity The ability to assign a processing thread to a core instead of having the
hypervisor dynamically allocate it.
CPU wait time The time that a process or thread has to wait to access a CPU for
processing.
D
DaaS Desktop as a Service. This is a virtual PC desktop that is hosted in the cloud and
accessed remotely by thin clients.
data archiving The movement of inactive data, infrequently accessed data, or data that is
no longer being used, to a separate storage facility for long-term storage.
data classification Organizing data into different tiers or categories for the purpose
of making data available as required and to meet regulatory requirements, mitigate risk,
manage risk, and secure data.
default network A router interface on the local subnet that connects to the outside world.
It gives computers on one network a path to other networks.
demilitarized zone (DMZ) A section of the network that often hosts systems and servers
that need to be accessed by the outside world via the Internet as well as internally.
development networks Networks used in the creation and testing of new cloud-based
services and primarily used by software programmers and DevOps groups.
dig A Linux command-line utility used to resolve hostnames to IP addresses using a DNS
name server.
discretionary access controls Give users the ability to grant or assign rights to objects
and make access decisions.
DSA Digital Signature Algorithm. DSA is an asymmetrical encryption that uses a private
key and a public key. PKI is the framework that uses protocols such as DSA for encryption.
With PKI and DSA, the common implementation is an asymmetrical protocol using a
public and private key pair such as DSA to set up an encrypted connection to exchange
symmetrical keys. Then the symmetrical keys are used to perform bulk encryption and
decryption since they are faster and require less processing.
durable storage Storage volumes that retain data if the virtual machine is removed or deleted.
E
elasticity The ability to automatically and dynamically add resources such as storage,
CPUs, memory, servers, and network capacity.
ephemeral storage Storage volumes that do not retain data if the virtual machine is
removed or deleted.
6 Glossary
event correlation A method or process that make sense out of a large number of reported
events from different sources and identifies the relationships between the events.
extended metadata An extended list of data that can be attached to a data file for
detailed index schemas.
extending the scope To add new features and capacity to your cloud deployment.
F
fault tolerance A system that will remain operational even after there has been a
degradation of its systems.
federations Multiple organizations sharing the same application. The federated identity
management approach allows all participants to consolidate resources. Users share a
common set of policies and access rights across multiple organizations.
file backups Backups of storage folders and files that you selected with your backup
software to another storage location for later access.
FISMA Federal Information Security Management Act. It is a U.S. federal law that
outlines the framework to protect federal government information, operations, and
facilities.
FTP File Transfer Protocol. FTP is used to send and receive files between systems on a
network using a standard command set.
FTPS File Transfer Protocol Secure. This is the encrypted version of the File Transfer
Protocol used to securely send and receive encrypted data.
G
Generic Routing Encapsulation (GRE) A standardized network tunneling protocol that is
used to encapsulate any network layer protocol inside a virtual link between two locations.
GRE is commonly used to create tunnels across a public network that carries private
network traffic.
H
harden The process of disabling all unused services, ports, and applications on a server to
make it as secure as possible.
high availability The ability of a resource to remain available after a failure of a system.
hot site Two fully redundant cloud data centers in sync with each other, with the standby
site backing up the primary in real time in the event of a failure.
hotfix A software update type that is intended to fix an immediate and specific problem
with a quick release procedure.
I
IaaS Infrastructure as a Service. The consumer is able to provision processing, storage,
networks, and other fundamental computing resources and is able to deploy and run
arbitrary software, which can include operating systems and applications.
ifconfig A Linux command-line utility used to verify and configure the local network
interfaces.
image backups Copies of complete hard drive volumes. They are also often called
disaster backup, cloning, ghosting, image backups, or block-level backups.
instance initialization time The time required to start a new compute instance.
intrusion detection systems (IDSs) Detect suspicious activity on the network in real time,
by passively monitoring traffic looking for signatures of network activity that indicate an
intrusion based on predefined rule sets, and generate alerts.
8 Glossary
intrusion prevention systems (IPSs) Detect suspicious activity on the network in real
time, by passively monitoring traffic looking for signatures of network activity that indicate
an intrusion based on predefined rule sets, and actively shut down the intrusion.
ipconfig A Windows command-line utility used to verify and configure the local network
interfaces.
ISO 27001 International Organization for Standardization (ISO) 27001 standard for
quality that ensures a cloud provider meets all regulatory and statutory requirements for its
product and service offerings.
ITAR Restricts information from being disseminated to certain foreign entities that could
assist in the import or export of arms. ITAR is a list of data security requirements that
cloud companies can certify as being compliant with to meet this U.S. requirement.
J
JavaScript Object Notation (JSON) A lightweight data-interchange format standard that
is easily readable and for computing systems to parse and to generate.
jumbo frame Ethernet frame larger than the standard 1,518 bytes.
L
L2TP A remote access communications protocol that is a common method to connect to a
remote device over the Internet.
load balancing Allows for many servers to share an application load, redundancy, and
scalability by allocating traffic to many devices instead of to a single device.
load testing Testing that puts a demand or load on your application or compute system
and measures the response.
local backup Created when data in a data center is stored on its primary storage array
and a backup operation is performed.
logging The detailed transaction records generated by all elements in the cloud for the
transactions and interactions of a device or system.
Glossary 9
M
mainframe computers Large centralized computing systems.
maintenance window A scheduled time that maintenance can be performed and outages
are planned for ongoing support of operations.
mandatory access control (MAC) Highly controlled systems where the access is defined
by strict levels of access that are common in secure environments such as defense or
financial systems.
Maximum Transmission Unit (MTU) The standard largest Ethernet frame size that can
be transmitted into the network: 1,518 bytes.
mean time between failure (MTBF) The life expectancy of a hardware component, in
other words, how long it is expected to operate before a failure.
mean time system recovery (MTSR) The time for a resilient system to complete a
recovery from a service failure.
mean time to repair (MTTR) The time required to repair a damaged hardware
component.
mean time to switchover (MTSO) The time required from when a service failure occurs
to when the backup system resumes operations.
memory ballooning A hypervisor function that allows the hypervisor to reclaim unused
memory from a VM running on top of the hypervisor and allocates that memory for other
uses.
memory pools When the hypervisor virtualizes physical RAM into pools that are
allocated for use to the virtual machines.
metadata Part of a file or sector header in a storage system that is used to identify the
content of the data.
metric A standard of measurement that defines the conditions and the rules for
performing the measurement and for understanding the results of a measurement.
mirrors A site that is updated constantly with data files and server information in case
of a primary site failure. The mirror can assume processing and availability. Also, with the
use of mirroring, multiple sites can be active at the same time for availability, geographical
proximity, capacity management, and high-demand purposes.
N
netstat Network statistics utility found in Windows and Linux used to see which network
connections are open to remote applications.
network latency The delay, or time, it takes for data to traverse a network; the time
measurement of a network packet to travel from source to destination.
network time protocol A protocol that allows all devices to synchronize to a central
clock, or time service.
NIST National Institute of Standards. This is a U.S. federal organization that defines
cloud computing standards and models.
nondurable storage Storage volumes that do not retain data if the virtual machine is
removed or deleted.
O
obfuscation A means to complicate, confuse, or bewilder. Obfuscating is used to hide
information in stored data in the cloud.
object An item that can be accessed and manipulated in the cloud. It is a cloud component
where you can define the measurements that are sent to monitoring systems to collect
operational data.
object ID A pointer to a stored piece of data that is a globally unique identifier.
on-premise Creating and hosting cloud services in-house in a private enterprise data
center.
Glossary 11
online storage A storage system that can be accessed at any time without the requirement
for a network administrator to mount the media into a storage system.
orchestration platforms Cloud software used to deploy and manage cloud services.
orphaned resources Cloud-based services that are left over when a service terminates
and are no longer needed or used.
outage time The total time of a single outage measured from when the outage began until
it ended.
P
PaaS Platform as a Service. The consumer is able to deploy onto the cloud
infrastructure applications created using programming languages and tools supported
by the provider.
packet loss The percentage or number of packets that are dropped in the network.
patch Software that is intended to update an application, operating system, or any other
software-based system to fix or improve its operations.
pay-as-you-grow When the consumer pays for only the cloud services used.
penetration testing The process of testing your cloud access to determine whether there
is any vulnerability that an attacker could exploit.
ping Command-line utility used to verify that a device is available on the network and to
get a reading of the response time at that moment in time.
privilege escalation A user or service receiving account privileges that they are not
allowed to possess.
production networks Networks that host the live and in-use applications that are usually
public-facing in the cloud.
12 Glossary
public key infrastructure (PKI) A standardized set of roles, policies, and procedures used
to create, manage, distribute, use, store, and revoke digital certificates and manage public/
private key encryption.
Q
quality assurance networks Networks that are for ongoing offline maintenance to test a
company’s applications and software systems.
quality of service (QOS) A general networking term for the ability of the network to
provide differentiated services based on information in the Ethernet packet.
R
RAID Redundant Array of Independent Disks. It involves combining physical disks to
achieve redundancy.
RAID 0 RAID level 0 (called “RAID zero”). A block of data is stored across two or more
disks. The file is stored across more than one hard drive. RAID 0 provides no redundancy
or error detection, so if one of the drives in a RAID 0 array fails, all data is lost.
RAID 0+1 RAID level 0 plus 1. RAID 0+1 stripes data to be stored first (RAID 0); then the
stripe set is written to the mirror (RAID 1).
RAID 1 RAID level 1. A complete file is stored on a single disk, and then a second disk
contains an exact copy of the same file stored on the first disk.
RAID 1+0 RAID level 1 plus 0. The creation of two separate RAID 1 arrays using RAID 0
to mirror them.
RAID 5 RAID level 5. It stripes file data, and check parity is stored over all the disks
in the array. If any disk in a RAID 5 array fails, the parity information stored across the
remaining drive can be used to re-create the data and rebuild the drive array.
RAID 6 RAID level 6. This is an extension of the capabilities of RAID 5. In a RAID 6
configuration, a second parity setting is distributed across all the drives in the array.
RAID 6 can suffer two simultaneous hard drive failures and not lose any data.
RC4 Rivest Cipher 4. This uses a shared key to encrypt and decrypt a stream of data. RC4
was commonly used to secure wireless connections and web transactions as an encryption
protocol used in SSL.
Glossary 13
RC5 Rivest Cipher 5. This is the replacement for RC4. It is also a symmetrical block cipher
algorithm that uses a variable-length key.
recovery point objective (RPO) The restore point you recover to in the event of an
outage. The RPO is the amount of data that may be lost when restarting the operations
after a disaster.
recovery time objective (RTO) The amount of time a system can be offline during a
disaster. It is the amount of time it takes to get a service online and available after a failure.
replicas Backup copies of data that can be stored either locally or remotely that can act as
alternative data stores from your main production operations.
replication The process of placing copies of stored data on more than one system for
disaster recovery and resiliency purposes.
resource pooling The allocation of compute resources into a group, or pool. Then these
pools are made available to a multitenant cloud environment.
role-based access control (RBAC) A method in which access rights are granted to, or
restricted from, users based on which roles they perform in an organization.
route command A command-line utility that displays the workstation’s or server’s local
routing tables.
RSA An asymmetrical encryption that uses a private key and a public key. PKI is the
framework that uses protocols such as RSA for encryption. With PKI and RSA, the
common implementation is an asymmetrical protocol using a public and private key pair
such as RSA to set up an encrypted connection to exchange symmetrical keys. Then the
symmetrical keys are used to perform bulk encryption and decryption since they are faster
and require less processing.
runbooks Software processes that perform automated tasks and responses that simplify
and automate repetitive tasks.
14 Glossary
S
SaaS Software as a Service. The consumer can use the provider’s applications running on
a cloud infrastructure.
Secure Shell (SSH) A virtual terminal application that supports an encrypted connection
to remote devices using a command-line interface.
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) Protocols that operate on
top of TCP and provide an encrypted session between the client and the server.
security policy A document that defines your company’s cloud controls, organizational
policies, responsibilities, and underlying technologies to secure your cloud deployment.
server capacity Usually a measurement of the total number of CPUs, CPU frequency,
RAM, and storage capacity.
service level agreement A document that outlines specific metrics and the minimum
performance or availability level and outlines the penalties for failing to meet the metrics.
service provider A company that hosts computing systems and sells computing to
consumers.
SFTP Secure File Transfer Protocol. This is a network file exchange protocol that encrypts
the data before sending it over the network.
single sign-on (SSO) Allows a user to log in just one time and be granted access rights to
multiple systems.
SMTP Simple Mail Transfer Protocol. This is used to send e-mail messages between mail
servers.
SOC 1 Service Organization Controls report (also known as SSAE 16 and ISAE 3402).
This is a report that outlines controls on a service organization and the internal controls of
financial reporting operations.
SOC 2 Service Organization Controls report that concerns a business’s nonfinancial
reporting controls for availability, confidentiality, privacy, processing integrity, and security
of a system.
SOC 3 Service Organization Controls report for public disclosure of financial controls and
security reporting.
SSH Secure Shell. This is an encrypted command-line interface utility used to access a
remote device.
Glossary 15
storage area network (SAN) A network that is dedicated to storage traffic and is high-
speed and highly redundant.
storage pools When the hypervisor virtualizes physical storage capacity into storage
pools that are allocated for use to the virtual machines.
storage scalability The amount of storage that can be added to increase capacity because
of increased workloads.
subnet mask Segments an existing IP address in a TCP/IP network and divides the
address into network and host addresses. Subnetting can further divide the host portion of
an IP address into additional subnets to route traffic within the larger subnet.
swap file A file on a hard disk used to provide space for programs that have been
transferred from the processor’s memory.
synchronous replication The process of replicating data in real time from the primary
storage system to a remote facility. Synchronous replication writes data to both the primary
storage system and the replica simultaneously to ensure that the remote data is current with
local replicas. Data is always consistent between replicas.
T
task runtime The time to run a task from the task request to task completion.
Telnet A virtual terminal application that allows for command-line logins to a remote
device.
thick provisioning The allocation of all the requested virtual storage capacity at the time
the disk is created.
thin provisioning The allocation of the minimum amount of the requested virtual storage
capacity required at the time the disk is created.
trigger The process of initiating an event report based on a metric value or threshold that
is considered to be outside your baseline.
troubleshooting The process of diagnosing the cause of an impairment and resolving the
issue.
16 Glossary
U
ubiquitous access The ability to access cloud services from anywhere in the network
from a variety of devices.
V
variance The measurement of the spread between the baseline and measured result.
version update Replacing a software product with a newer version of the same product.
Version updates can add new features, bring the system up-to-date, provide a rollup of all
previous patches, and improve the product.
virtual CPU A physical CPU that has been re-imaged as a virtualized version of the
physical CPU and assigned to a virtual machine or VM, in other words, the hardware
abstraction of a physical CPU that is a virtualized representation of the CPU. VMs running
on the hypervisor will use these virtual CPUs for processing.
virtual NICs The hardware abstraction of a physical network interface card that is a
virtualized representation of the NIC. VMs running on the hypervisor will use these for
network connectivity to a vSwitch.
virtual private network (VPN) Allows for a secure encrypted network connection over an
insecure network such as the Internet.
virtual switch The hardware abstraction of a physical network switch that is a virtualized
representation of the switch. The vSwitch runs on the hypervisor and interconnects the
VMs to the physical data network.
VPN Virtual private network. This is a secure and usually encrypted connection over a
public network.
Glossary 17
vulnerability scanning A software application that is used to find objects in your cloud
deployment that can be exploited that are potential security threats. The vulnerability
scanner is an application that has a database of known exploits and runs them against your
deployment.
W
warm site A disaster recovery backup site where the remote is offline except for critical
data storage, which is usually a database. The rest of the site infrastructure needs to be
enabled.
web server utilization The measurement of load on a web server. This is usually
measured in requests per second.
well-known port numbers Applications that are assigned their own unique port number
in the TCP/IP specification.
workflow automation Defines a structured process for a series of actions that should be
taken in order to complete a process.
workflow services Track a process from start to finish and sequence the applications that
are required to complete the process.
X
XaaS Everything as a Service. This is a complete IT services package that is a combination
of many different types of cloud services.
XML Extensible Markup Language. The XML standard is a flexible way to describe data,
create information formats, and electronically share structured data between computing
systems.