Glossary

2  Glossary

A
acceptance test   A test designed to show a client that the features of a system or
application can meet their business needs.

access controls   Rules that authorize users to perform operations on objects and systems.

agile methodologies   Methods of software development that stress incremental and

iterative development. Benefits include fast turnaround and the ability to adapt to
unpredictable changes in system or application requirements.

alerting   Automated notifications in response to events detected in time-series metric data,

logs, or other monitoring data.

App Engine   GCP’s PaaS for building and deploying web applications in a serverless
environment. App Engine Standard has a limited number of runtimes. App Engine Flex lets
you define custom runtimes.

application programming interface (API)   A feature of an application that accepts

programmatic requests or data. RESTful APIs use HTTP requests, such as GET, PUT, and
POST.

asynchronous calls   System calls that do not wait for an operation to complete before
returning.

auditing   The process of reviewing the structure and configuration of systems often to
determine compliance with policy or regulations.

auto-healing   An automated response to a problem with a health check. If the service or

system does not respond properly, it will be stopped and restarted.

autoscaling   The automated process of adding or removing instances based on workload.

availability   A measure of the time that services are functioning correctly and accessible to
users. Availability requirements are typically stated in terms of percent.

B
BigQuery   A petabyte-scale data warehousing and analytics service managed by GCP that
uses tables to organize data and SQL as the query language.

Blue/Green deployment   A deployment strategy that uses two identically configured

environments. One is used for production, while the other is used to deploy updates or
new services for testing. All users are switched from one environment to the other at the
same time.
 Glossary  3

bring your own license (BYOL)   The ability to use a license you have already purchased to
run an application in the cloud.

bucket    A structure for grouping objects in Cloud Storage. Objects within a bucket share
access controls at the bucket level.

business continuity planning   The process of planning for a large-scale service

disruption, such as extreme weather or long-term power outages. The purpose of this
planning is to ensure minimal service downtime when events like this happen.

C
canary deployment   When a small portion of a systems workload is routed to a new
version of the software, allowing developers and administrators to test code under
production conditions without exposing all users to new code.

cascading failure   When a failure causes a falling domino effect of distributed system
failures, one after the other.

chaos engineering   The practice of introducing failures into a system to understand the
consequences of those failures better and identifying unanticipated failure modes.

Children’s Online Privacy Protection Act (COPPA)   A U.S. federal law that requires the
U.S. Federal Trade Commission to define and enforce regulations regarding children’s
online privacy.

Circuit Breaker pattern   A design pattern that uses an object that monitors the results of
a function or service call. In the event failures past a threshold, the code returns an error
without trying to execute the code that caused the error. The code that error is attempted
after some period of time.

Cloud Bigtable   A wide-column, NoSQL database for high-volume writes and low-latency
reads (less than 10 ms). Scales to hundreds of petabytes and used for applications that
require millions of operations per second.

Cloud Build   A GCP service that provides software building services and is integrated with
other GCP services, such as Cloud Source Repository.

Cloud Dataflow   A managed service for processing streaming and batch data sets using
Java and Python APIs. It integrates with Cloud Pub/Sub, BigQuery, Cloud Dataproc, and
other GCP services.

Cloud Dataproc   A managed service providing Apache Hadoop and Apache Spark
platforms. Existing ETL and other jobs in Apache Hadoop and Apache Spark are readily
ported to the Google Cloud using Cloud Dataproc.

Cloud Datastore   A NoSQL document database managed service that provides atomicity,
consistency, isolation, durability (ACID) transactions, indexes, and SQL-like queries.
4  Glossary

Cloud Firestore   A serverless, managed NoSQL document database used for storing,
synchronizing, and querying mobile and web application data.

Cloud Function   A serverless, event-driven computing service for executing functions in

response to events within the cloud.

Cloud Identity   A GCP IaaS offering that allows for centralized identity management.

Cloud Interconnect   Network connectivity between on-premises infrastructure and

Google’s infrastructure. Traffic can be routed over a dedicated interconnect that directly
links on-premises infrastructure to Google’s infrastructure or over a telecom partner
interconnect.

Cloud KMS   A hosted key management service in GCP that enables customers to generate
and store keys in GCP.

Cloud Memorystore   A managed service providing Redis memory caching that

implements submillisecond data access.

Cloud Pub/Sub   A managed message queue for implementing stream and event
processing applications, which can write messages to topics or subscribe to topics to
receive messages.

Cloud Source Repository   GCP’s version control system and source code repository. It
allows the hosting, tracking, and management of changes to your code base. It also allows
the automatic execution of tests and other checks.

Cloud Spanner   A managed, horizontally scalable, global relational database designed for
distributed applications requiring strong consistency.

Cloud SQL   A managed service providing MySQL and PostgreSQL databases. This means
Google patches, backs up, and performs other required maintenance.

Cloud Storage   An object storage service providing web access to scalable storage. Objects
can be stored in different storage classes providing different levels of durability and access
charges.

Cloud Storage FUSE   An open source adapter that allows users to mount Cloud Storage
buckets as simulated filesystems on Linux and macOS platforms.

Cloud VPN   A GCP service that provides VPNs between GCP and on-premises networks.
Cloud VPN is implemented using IPSec VPNs.

Coldline storage   A class of Cloud Storage that provides archival storage for objects that
need to be accessed less than once per year.
 Glossary  5

commercial off-the-shelf (COTS) product   Software that is purchased instead of built

in-house. This can allow developers to focus on other business needs and usually comes
with a user support system.

Compute Engine   The IaaS offering of GCP.

container   A package of application code, operating system, and dependencies that can
run in a container runtime, such as Docker, or using the Kubernetes orchestration system.

content distribution network   A global network of servers with distributed points of

presence across the globe. It is particularly effective when distributing relatively static content
globally. Users are served content from the distribution point closest to their location.

continuous delivery   The practice of continuously delivering code to production in small

increments.

continuous integration/continuous deployment   The process of incorporating code into

a baseline of software, testing it, and, if the code passes tests, releasing it for use.

custom roles   A role defined by GCP users and assigned a set of permissions needed
to enable entities with the role to perform tasks. Custom roles should be created when
predefined roles do not meet your needs.

customer-supplied keys   A key management model where keys are generated and kept
on-premises and used by GCP services to encrypt the customer’s data. These are used when
an organization needs complete control over key management, including storage.

D
data encryption key (DEK)   A key associated with a chunk of data, used to encrypt and
decrypt that chunk of data.

data integrity   The state of accuracy and consistency of data over its entire lifecycle.

defense in depth   The use of multiple security measures to protect data and systems. The
goal is to have weaknesses in one type of measure compensated for by features of other
measures.

developer documentation   Documentation designed for software engineers who will be

working with code.

DevOps   The practice combining the responsibilities of software development and IT

operations.

digital transformation   A process of change in businesses as they adopt information

technologies to develop new products, improve customer service, optimize operations, and
other major improvements enabled by technology.
6  Glossary

direct interconnect   A connection type where information does not travel over the public
Internet, only directly from system to system.

direct peering   A form of network peering that allows customers to connect their
networks to a Google network point of access. It works by exchanging Border Gateway
Protocol routes that define paths for transmitting data between networks.

disaster recovery (DR)   The practice of recovering data and services after a large-scale
outage or loss of data.

durability   A measurement given as a percentage that describes the likelihood that a stored
objected will be retrievable in the future.

E 
encryption   The process of encoding data in a way that yields a coded version of data that
cannot practically be converted back to the original form without a key.

encryption at rest   Encryption of data when stored on persistent storage, such as a disk or
SSD drive.

encryption in motion/transit   Encryption of data during transmission, such as over a

network.

envelope encryption   The practice of encrypting data encryption keys with a second
encryption key, known as a key encryption key.

F
false alerts   Notifications provided by an alert system that do not warrant intervention.
These are usually due to problematic alert configurations.

feature flags   A deployment method that allows developers to release new capabilities and
features selectively to users.

firewall rules   A firewall configuration that allows or denies traffic. A firewall rule includes
a priority, direction of traffic, action, target, source, protocol, and enforcement status.

G
General Data Protection Regulation (GDPR)   A regulation that standardizes privacy
protections across the European Union (EU), grants controls to individuals over their
private information, and specifies security practices required for organizations holding
private information of EU citizens.
 Glossary  7

Google Transfer Appliance   A high-capacity storage device that enables users to transfer
and securely ship data to a Google upload facility, which is then uploaded to Google Cloud
Storage.

Google Transfer Service   A service that allows for the transfer of data from an HTTP/S
location, an AWS S3 bucket, or a Cloud Storage bucket to a Cloud Storage bucket.

group   A set of Google accounts and service accounts with an associated email address.
Groups are useful for assigning permissions to sets of users because permissions can be
assigned to the group instead of individual users, making security and maintenance much
simpler.

gsutil    A multithreaded command-line utility used to transfer on-premises data to

Google Cloud and perform other operations on Cloud Storage.

H
Health Information Technology for Economic and Clinical Health (HITECH)  A U.S.
federal act that extended the application of HIPAA to business associates of healthcare
providers and insurers.

Health Insurance Portability and Accountability Act (HIPAA)   A federal law in the
United States that protects individuals’ healthcare information.

high availability   The continuous operations of a system at sufficient capacity to meet the
demands of ongoing workloads.

HTTP(S) load balancer   A global load balancer available in GCP. It is used to load balance
HTTP and HTTPS traffic.

hybrid-cloud networking   A cloud is considered to have a hybrid network if it is made up

of some combination of an on-premises data center and clouds, such as GCP.

I
identity   An entity that represents a person or other agent that performs actions on a GCP
resource. Identities are also called members.

Identity and Access Management (IAM)   A GCP service for implementing fine-grained
access controls on resources. It implements predefined and custom roles that are more
narrowly tailored than older, primitive roles.

identity as a Service (IDaaS)   A software service that manages user identities across a
system.
8  Glossary

incident   A disruption that causes a service to be degraded or unavailable due to single or

multiple failures and errors.

infrastructure-as-a-service (IaaS)   A type of cloud service that provides compute, storage,

and networking services.

Ingress   An object that controls external access to services running in a Kubernetes cluster.

instance groups   Clusters of VMs that are managed as a single unit.

instance template   A file specifying the configuration of a managed instance group.

integration tests   The testing of a combination of units. This is designed to catch bugs
and failures that would not show up during individual unit tests.

internal TCP/UDP load balancer   A TCP and UDP load balancer accessible only
to internal virtual resources.

input/output operations per second (IOPS)    A measurement of the read and write
operations per second for a given storage device.

ITIL   A set of IT service management practices for coordinating IT activities with business
goals and strategies.

J
Jenkins   An open source software automation tool.

JSON Web Token (JWT)   A JSON object that is used for security and authentication
during transactions between two systems.

K
key encryption key (KEK)   The encryption key that secures the data encryption key in the
envelope method of encryption.

key performance indicators (KPIs)   Metrics that provide information about how well a
business or organization is achieving an important or key objective.

Kubernetes    An open source platform developed initially by Google that provides

container management services, including deployment and autoscaling functionality.

Kubernetes deployments   Organized groups of pods that create a functioning version of

an application.

Kubernetes Engine   A managed Kubernetes service offered by Google on GCP.

Kubelet   The primary node agent that runs on each node in Kubernetes.
 Glossary  9

L
least privilege   The practice of granting only the minimal set of permissions needed to
perform a duty.

live migration   Moves VMs to other physical servers when there is a problem with the
servers they are running on or scheduled maintenance has to occur. This is not available on
preemptible VMs.

load balancing   The process of distributing workload across a set of identical servers.

load testing   A stress test that is meant to show how a particular system will perform
under a defined set of conditions.

logging   The process of recording information about events that occur during processing.
This includes changes to configuration and data. Logging also includes messages written by
applications for later debugging, analysis, or compliance.

M
machine type   A configuration of a Compute Engine VM that includes a number of
vCPUs and memory. You can choose to use a predefined machine type or create a custom
type.

maintenance   The process of keeping software running and up to date with business
requirements.

managed instance groups   A group of VM instances with the same configuration, which
is defined in a managed instance group template. Managed instance groups can be operated
on as a single entity.

managed services   GCP products that do not require users of the services to perform
common configuration, monitoring, and maintenance operations. This includes Cloud
AutoML, BigQuery, and Cloud SQL.

metrics   A measure of some aspect of performance of a compute, storage, or network

resource. Examples include the percentage of CPU utilization and the number of bytes
written to a network interface.

microservices   A collection of lightweight software services that specialize in carrying out

a small number of functions.

monitoring   The process of collecting metrics, events, and metadata from applications,
VMs, and other GCP resources.

multicloud network   A cloud network comprised of two or more public clouds.

10  Glossary

multiregional storage   Stores replicas of objects in multiple regions, therefore mitigating

the risks of regional outages. This practice of storing in separate geographic areas is called
georedundant storage.

N 
Nearline storage   A class of Cloud Storage that stores objects for archival storage that is
accessed less than once a month.

network latency   The time required for a packet of data to be transmitted over a network
from a source to a destination.

network peering   A network configuration that allows for routing between networks.

Network TCP/UDP load balancer   A type of load balancer that provides regional,
nonproxied load balancing. It is used to load balance UDP traffic as well as TCP and SSL
traffic on ports that are not supported by other load balancers.

NoSQL   A group of several types of nonrelational databases, including document

databases, such as Datastore and Firestore and wide-column databases, like Bigtable.

O 
object-relational mapper (ORM)   Most often used when an app is built using object-
oriented design. It facilitates developing code to interface with a relational database.

object storage   A storage system that manages data as objects, such as files. Cloud Storage
is an object storage system.

operations documentation   Instructions used by system administrators and DevOps

engineers to deploy and maintain system operations.

P 
partner interconnect   A networking practice that sends information over a partner’s
network, not the public Internet.

penetration testing   The process of simulating an attack on an information system in

order to gain insights into potential vulnerabilities.

permission   A grant to perform some action on a resource.

persistent storage   A durable block storage system for GCP. They are available in SSD
and hard disk drive types.
 Glossary  11

platform-as-a-service (PaaS)   A service that provides a platform for developing and

managing applications without the need to maintain the software infrastructure behind it.

pods   A low-level compute abstraction that supports containers in Kubernetes. It is the

smallest computation unit managed by the platform.

policy   A set of statements that define a combination of users and their roles.

portfolios   Groups of projects and programs that collectively implement the strategy of a
business or organization.

post-mortem analysis   The analysis of a system failure and the response to it after it has
happened.

predefined role   A role defined in IAM that has the minimal set of permissions required
to carry out the task for which the role was created.

preemptible virtual machine   A low-cost VM with a lifespan of less than 24 hours.

These instances are well suited to batch jobs or other services that are easily resumed after
disruption.

Premium Tier network service   A service offered by Google that routes account traffic
on the Google network instead of routing some traffic over the public Internet. Some load
balancers require Premium Tier network services.

primitive roles   Roles in GCP that existed prior to IAM. The primitive roles include
owner, editor, and viewer.

project post-mortem   A review and analysis of a previously completed project or sprint.

pull subscription   Allows a service to request and read a message from the topic using
Cloud Pub/Sub. This is a good option for processing large volumes of data with high
efficiency.

push subscription   Allows message data to be sent by HTTP POST request to a push
endpoint URL using Cloud Pub/Sub. This is well suited for jobs with a single endpoint that
processes messages from multiple topics.

R 
recovery plan   A formal plan of action for restoring normal business functions after a loss
of information or an outage.

recovery time objective   The time in which a service should be restored after a loss of
information or an outage.

Redis   An open source caching system. Memorystore is a managed service providing

submillisecond application data caching using Redis.
12  Glossary

redundancy   The practice of deploying multiple entities, such as VMs and disks, so that
loss of one does not cause a loss of service.

regional storage   Stores multiple copies of an object in multiple zones in a single region.
This is also known as georedundant storage.

regression test   A test designed to ensure that bugs that have been corrected in the past
are not reintroduced to the system at a later time.

relational databases   Highly structured data stores that are designed to store data in
a way that minimizes the risk of data anomalies and to support a comprehensive query
language.

release management   The practice of deploying code and configuration changes to

environments, such as production, test, staging, and development environments.

reliability   A measure of the probability that a service will continue to function under
some load for a period of time. Reliability is highly dependent on the availability of a
system.

Resource Hierarchy   The set of organization, folders, and projects that are used to group
and structure GCP resources.

resources   Entities that exist in the Google Cloud platform and can be accessed by users.
Resource is a broad category of assets that essentially includes anything you can create in
GCP.

REST APIs   Resource-oriented APIs that use HTTP requests.

retention policies   A retention policy uses the Bucket Lock feature of Cloud Storage
buckets to enforce object retention. By setting a retention policy, you ensure that any
object in the bucket or future objects in the bucket are not deleted until they reach the age
specified in the retention policy.

return on investment (ROI)   Measures the value, or return, of making an investment.

role   A set of permissions that allows users and service accounts with that role to perform
the specified actions. In GCP, permissions are granted to roles, not directly to users.

rolling deployment   An incremental updating of a group of servers.

runbook   Documentation that provides instructions on how to set up and run a service or
application.

S 
Sarbanes-Oxley Act (SOX)   A U.S. federal law designed to protect the public from
fraudulent accounting practices in publicly traded companies.
 Glossary  13

scalability   The ability of a service to adapt its infrastructure to the load of the system.
Alternatively, scalability is the process of adding and removing infrastructure resources to
meet workload demands efficiently.

security critical software   Software that plays an integral part in protecting information
in a system.

separation of duties (SoD)   The practice of limiting the responsibilities of a single

individual in order to prevent the person from successfully acting alone in a way detrimental
to the organization.

service account   A type of identity that is associate with applications and instances for the
purpose of assigning roles.

service-level agreement (SLA)   An agreement between a provider of a service and

a customer using the service. SLAs define responsibilities for delivering a service and
consequences when responsibilities are not met.

service-level indicators (SLIs)   A metric that reflects how well a service-level objective is
being met.

service-level objectives (SLOs)   An agreed-upon target for a measurable attribute of a

service that is specified in a service-level agreement.

Shared VPCs   VPCs within a single organization that can share resources.

Shielded VMs   VM instances with enhanced security controls, such as secure boot.

Simian Army   A set of tools developed by Netflix to introduce failures randomly into
functioning systems in order to study the impact of those failures.

software development lifecycle (SDLC)   A series of steps that software engineers follow
to create, deploy, and maintain complicated software systems.

sole tenancy   Ensures that VMs run on physical servers with other VMs from the same
project.

SSL Proxy load balancer   A load balancer that terminates SSL (TLS) connections and
then routes traffic to VMs in the load-balanced cluster. The SSL Proxy load balancer can
decrypt traffic before forwarding or forward SSL traffic to VMs in the load-balanced
cluster.

Stackdriver   A set of services for monitoring, logging, tracing, and debugging

infrastructure and applications in GCP and other platforms.

Standard Network Tier   A service offered by Google that routes account traffic on the
public Internet instead of routing it on Google’s internal network.

synchronous calls   Service calls that wait for the operation to complete before returning,
such as most credit card purchases.
14  Glossary

T 
test-driven development   A kind of development process that incorporates testing early
in the development process. In this framework, requirements are mapped to tests.

time to live (TTL)   The time remaining before an object is deleted. This is often used in
caching to remove older entries.

time series   A set of metrics recorded with a timestamp.

time-series database   A database designed to handle time-series data, such as streaming

metrics created by a monitoring system.

total cost of ownership (TCO)   The combination of all expenses related to maintaining
a service or component. This can include licensing costs, storage costs, third-party service
costs, and more.

U 
unit test   The process of testing the smallest unit of testable code for bugs.

unmanaged instance groups   A set of VMs that may not be identical and are not created
from an instance template. They are used only to support pre-existing cluster configurations
for load balancing tasks.

user documentation   Documents that explain how to use an application.

V 
vertical scalability   The ability of a system to increase its available resources by moving to
hardware with more computational power, such as greater CPU power or more memory.

virtual machine (VM)   A software implementation of an emulated physical server. VMs

run operating systems and provide an isolated execution environment. Multiple VMs can
run on one physical server.

virtual private cloud (VPC)   A logical organization of cloud resources isolated from other
resources on the same cloud.

Virtual Trusted Platform Module (vTPM)   A virtual module for storing encryption keys
and other secure information.