Professional Documents
Culture Documents
2 Glossary
A
acceptance test A test designed to show a client that the features of a system or
application can meet their business needs.
access controls Rules that authorize users to perform operations on objects and systems.
App Engine GCP’s PaaS for building and deploying web applications in a serverless
environment. App Engine Standard has a limited number of runtimes. App Engine Flex lets
you define custom runtimes.
asynchronous calls System calls that do not wait for an operation to complete before
returning.
auditing The process of reviewing the structure and configuration of systems often to
determine compliance with policy or regulations.
availability A measure of the time that services are functioning correctly and accessible to
users. Availability requirements are typically stated in terms of percent.
B
BigQuery A petabyte-scale data warehousing and analytics service managed by GCP that
uses tables to organize data and SQL as the query language.
bring your own license (BYOL) The ability to use a license you have already purchased to
run an application in the cloud.
bucket A structure for grouping objects in Cloud Storage. Objects within a bucket share
access controls at the bucket level.
C
canary deployment When a small portion of a systems workload is routed to a new
version of the software, allowing developers and administrators to test code under
production conditions without exposing all users to new code.
cascading failure When a failure causes a falling domino effect of distributed system
failures, one after the other.
chaos engineering The practice of introducing failures into a system to understand the
consequences of those failures better and identifying unanticipated failure modes.
Children’s Online Privacy Protection Act (COPPA) A U.S. federal law that requires the
U.S. Federal Trade Commission to define and enforce regulations regarding children’s
online privacy.
Circuit Breaker pattern A design pattern that uses an object that monitors the results of
a function or service call. In the event failures past a threshold, the code returns an error
without trying to execute the code that caused the error. The code that error is attempted
after some period of time.
Cloud Bigtable A wide-column, NoSQL database for high-volume writes and low-latency
reads (less than 10 ms). Scales to hundreds of petabytes and used for applications that
require millions of operations per second.
Cloud Build A GCP service that provides software building services and is integrated with
other GCP services, such as Cloud Source Repository.
Cloud Dataflow A managed service for processing streaming and batch data sets using
Java and Python APIs. It integrates with Cloud Pub/Sub, BigQuery, Cloud Dataproc, and
other GCP services.
Cloud Dataproc A managed service providing Apache Hadoop and Apache Spark
platforms. Existing ETL and other jobs in Apache Hadoop and Apache Spark are readily
ported to the Google Cloud using Cloud Dataproc.
Cloud Datastore A NoSQL document database managed service that provides atomicity,
consistency, isolation, durability (ACID) transactions, indexes, and SQL-like queries.
4 Glossary
Cloud Firestore A serverless, managed NoSQL document database used for storing,
synchronizing, and querying mobile and web application data.
Cloud Identity A GCP IaaS offering that allows for centralized identity management.
Cloud KMS A hosted key management service in GCP that enables customers to generate
and store keys in GCP.
Cloud Pub/Sub A managed message queue for implementing stream and event
processing applications, which can write messages to topics or subscribe to topics to
receive messages.
Cloud Source Repository GCP’s version control system and source code repository. It
allows the hosting, tracking, and management of changes to your code base. It also allows
the automatic execution of tests and other checks.
Cloud Spanner A managed, horizontally scalable, global relational database designed for
distributed applications requiring strong consistency.
Cloud SQL A managed service providing MySQL and PostgreSQL databases. This means
Google patches, backs up, and performs other required maintenance.
Cloud Storage An object storage service providing web access to scalable storage. Objects
can be stored in different storage classes providing different levels of durability and access
charges.
Cloud Storage FUSE An open source adapter that allows users to mount Cloud Storage
buckets as simulated filesystems on Linux and macOS platforms.
Cloud VPN A GCP service that provides VPNs between GCP and on-premises networks.
Cloud VPN is implemented using IPSec VPNs.
Coldline storage A class of Cloud Storage that provides archival storage for objects that
need to be accessed less than once per year.
Glossary 5
container A package of application code, operating system, and dependencies that can
run in a container runtime, such as Docker, or using the Kubernetes orchestration system.
custom roles A role defined by GCP users and assigned a set of permissions needed
to enable entities with the role to perform tasks. Custom roles should be created when
predefined roles do not meet your needs.
customer-supplied keys A key management model where keys are generated and kept
on-premises and used by GCP services to encrypt the customer’s data. These are used when
an organization needs complete control over key management, including storage.
D
data encryption key (DEK) A key associated with a chunk of data, used to encrypt and
decrypt that chunk of data.
data integrity The state of accuracy and consistency of data over its entire lifecycle.
defense in depth The use of multiple security measures to protect data and systems. The
goal is to have weaknesses in one type of measure compensated for by features of other
measures.
direct interconnect A connection type where information does not travel over the public
Internet, only directly from system to system.
direct peering A form of network peering that allows customers to connect their
networks to a Google network point of access. It works by exchanging Border Gateway
Protocol routes that define paths for transmitting data between networks.
disaster recovery (DR) The practice of recovering data and services after a large-scale
outage or loss of data.
durability A measurement given as a percentage that describes the likelihood that a stored
objected will be retrievable in the future.
E
encryption The process of encoding data in a way that yields a coded version of data that
cannot practically be converted back to the original form without a key.
encryption at rest Encryption of data when stored on persistent storage, such as a disk or
SSD drive.
envelope encryption The practice of encrypting data encryption keys with a second
encryption key, known as a key encryption key.
F
false alerts Notifications provided by an alert system that do not warrant intervention.
These are usually due to problematic alert configurations.
feature flags A deployment method that allows developers to release new capabilities and
features selectively to users.
firewall rules A firewall configuration that allows or denies traffic. A firewall rule includes
a priority, direction of traffic, action, target, source, protocol, and enforcement status.
G
General Data Protection Regulation (GDPR) A regulation that standardizes privacy
protections across the European Union (EU), grants controls to individuals over their
private information, and specifies security practices required for organizations holding
private information of EU citizens.
Glossary 7
Google Transfer Appliance A high-capacity storage device that enables users to transfer
and securely ship data to a Google upload facility, which is then uploaded to Google Cloud
Storage.
Google Transfer Service A service that allows for the transfer of data from an HTTP/S
location, an AWS S3 bucket, or a Cloud Storage bucket to a Cloud Storage bucket.
group A set of Google accounts and service accounts with an associated email address.
Groups are useful for assigning permissions to sets of users because permissions can be
assigned to the group instead of individual users, making security and maintenance much
simpler.
H
Health Information Technology for Economic and Clinical Health (HITECH) A U.S.
federal act that extended the application of HIPAA to business associates of healthcare
providers and insurers.
Health Insurance Portability and Accountability Act (HIPAA) A federal law in the
United States that protects individuals’ healthcare information.
high availability The continuous operations of a system at sufficient capacity to meet the
demands of ongoing workloads.
HTTP(S) load balancer A global load balancer available in GCP. It is used to load balance
HTTP and HTTPS traffic.
I
identity An entity that represents a person or other agent that performs actions on a GCP
resource. Identities are also called members.
Identity and Access Management (IAM) A GCP service for implementing fine-grained
access controls on resources. It implements predefined and custom roles that are more
narrowly tailored than older, primitive roles.
identity as a Service (IDaaS) A software service that manages user identities across a
system.
8 Glossary
Ingress An object that controls external access to services running in a Kubernetes cluster.
integration tests The testing of a combination of units. This is designed to catch bugs
and failures that would not show up during individual unit tests.
internal TCP/UDP load balancer A TCP and UDP load balancer accessible only
to internal virtual resources.
input/output operations per second (IOPS) A measurement of the read and write
operations per second for a given storage device.
ITIL A set of IT service management practices for coordinating IT activities with business
goals and strategies.
J
Jenkins An open source software automation tool.
JSON Web Token (JWT) A JSON object that is used for security and authentication
during transactions between two systems.
K
key encryption key (KEK) The encryption key that secures the data encryption key in the
envelope method of encryption.
key performance indicators (KPIs) Metrics that provide information about how well a
business or organization is achieving an important or key objective.
Kubelet The primary node agent that runs on each node in Kubernetes.
Glossary 9
L
least privilege The practice of granting only the minimal set of permissions needed to
perform a duty.
live migration Moves VMs to other physical servers when there is a problem with the
servers they are running on or scheduled maintenance has to occur. This is not available on
preemptible VMs.
load balancing The process of distributing workload across a set of identical servers.
load testing A stress test that is meant to show how a particular system will perform
under a defined set of conditions.
logging The process of recording information about events that occur during processing.
This includes changes to configuration and data. Logging also includes messages written by
applications for later debugging, analysis, or compliance.
M
machine type A configuration of a Compute Engine VM that includes a number of
vCPUs and memory. You can choose to use a predefined machine type or create a custom
type.
maintenance The process of keeping software running and up to date with business
requirements.
managed instance groups A group of VM instances with the same configuration, which
is defined in a managed instance group template. Managed instance groups can be operated
on as a single entity.
managed services GCP products that do not require users of the services to perform
common configuration, monitoring, and maintenance operations. This includes Cloud
AutoML, BigQuery, and Cloud SQL.
monitoring The process of collecting metrics, events, and metadata from applications,
VMs, and other GCP resources.
N
Nearline storage A class of Cloud Storage that stores objects for archival storage that is
accessed less than once a month.
network latency The time required for a packet of data to be transmitted over a network
from a source to a destination.
network peering A network configuration that allows for routing between networks.
Network TCP/UDP load balancer A type of load balancer that provides regional,
nonproxied load balancing. It is used to load balance UDP traffic as well as TCP and SSL
traffic on ports that are not supported by other load balancers.
O
object-relational mapper (ORM) Most often used when an app is built using object-
oriented design. It facilitates developing code to interface with a relational database.
object storage A storage system that manages data as objects, such as files. Cloud Storage
is an object storage system.
P
partner interconnect A networking practice that sends information over a partner’s
network, not the public Internet.
persistent storage A durable block storage system for GCP. They are available in SSD
and hard disk drive types.
Glossary 11
policy A set of statements that define a combination of users and their roles.
portfolios Groups of projects and programs that collectively implement the strategy of a
business or organization.
post-mortem analysis The analysis of a system failure and the response to it after it has
happened.
predefined role A role defined in IAM that has the minimal set of permissions required
to carry out the task for which the role was created.
Premium Tier network service A service offered by Google that routes account traffic
on the Google network instead of routing some traffic over the public Internet. Some load
balancers require Premium Tier network services.
primitive roles Roles in GCP that existed prior to IAM. The primitive roles include
owner, editor, and viewer.
pull subscription Allows a service to request and read a message from the topic using
Cloud Pub/Sub. This is a good option for processing large volumes of data with high
efficiency.
push subscription Allows message data to be sent by HTTP POST request to a push
endpoint URL using Cloud Pub/Sub. This is well suited for jobs with a single endpoint that
processes messages from multiple topics.
R
recovery plan A formal plan of action for restoring normal business functions after a loss
of information or an outage.
recovery time objective The time in which a service should be restored after a loss of
information or an outage.
redundancy The practice of deploying multiple entities, such as VMs and disks, so that
loss of one does not cause a loss of service.
regional storage Stores multiple copies of an object in multiple zones in a single region.
This is also known as georedundant storage.
regression test A test designed to ensure that bugs that have been corrected in the past
are not reintroduced to the system at a later time.
relational databases Highly structured data stores that are designed to store data in
a way that minimizes the risk of data anomalies and to support a comprehensive query
language.
reliability A measure of the probability that a service will continue to function under
some load for a period of time. Reliability is highly dependent on the availability of a
system.
Resource Hierarchy The set of organization, folders, and projects that are used to group
and structure GCP resources.
resources Entities that exist in the Google Cloud platform and can be accessed by users.
Resource is a broad category of assets that essentially includes anything you can create in
GCP.
retention policies A retention policy uses the Bucket Lock feature of Cloud Storage
buckets to enforce object retention. By setting a retention policy, you ensure that any
object in the bucket or future objects in the bucket are not deleted until they reach the age
specified in the retention policy.
role A set of permissions that allows users and service accounts with that role to perform
the specified actions. In GCP, permissions are granted to roles, not directly to users.
runbook Documentation that provides instructions on how to set up and run a service or
application.
S
Sarbanes-Oxley Act (SOX) A U.S. federal law designed to protect the public from
fraudulent accounting practices in publicly traded companies.
Glossary 13
scalability The ability of a service to adapt its infrastructure to the load of the system.
Alternatively, scalability is the process of adding and removing infrastructure resources to
meet workload demands efficiently.
security critical software Software that plays an integral part in protecting information
in a system.
service account A type of identity that is associate with applications and instances for the
purpose of assigning roles.
service-level indicators (SLIs) A metric that reflects how well a service-level objective is
being met.
Shared VPCs VPCs within a single organization that can share resources.
Shielded VMs VM instances with enhanced security controls, such as secure boot.
Simian Army A set of tools developed by Netflix to introduce failures randomly into
functioning systems in order to study the impact of those failures.
software development lifecycle (SDLC) A series of steps that software engineers follow
to create, deploy, and maintain complicated software systems.
sole tenancy Ensures that VMs run on physical servers with other VMs from the same
project.
SSL Proxy load balancer A load balancer that terminates SSL (TLS) connections and
then routes traffic to VMs in the load-balanced cluster. The SSL Proxy load balancer can
decrypt traffic before forwarding or forward SSL traffic to VMs in the load-balanced
cluster.
Standard Network Tier A service offered by Google that routes account traffic on the
public Internet instead of routing it on Google’s internal network.
synchronous calls Service calls that wait for the operation to complete before returning,
such as most credit card purchases.
14 Glossary
T
test-driven development A kind of development process that incorporates testing early
in the development process. In this framework, requirements are mapped to tests.
time to live (TTL) The time remaining before an object is deleted. This is often used in
caching to remove older entries.
total cost of ownership (TCO) The combination of all expenses related to maintaining
a service or component. This can include licensing costs, storage costs, third-party service
costs, and more.
U
unit test The process of testing the smallest unit of testable code for bugs.
unmanaged instance groups A set of VMs that may not be identical and are not created
from an instance template. They are used only to support pre-existing cluster configurations
for load balancing tasks.
V
vertical scalability The ability of a system to increase its available resources by moving to
hardware with more computational power, such as greater CPU power or more memory.
virtual private cloud (VPC) A logical organization of cloud resources isolated from other
resources on the same cloud.
Virtual Trusted Platform Module (vTPM) A virtual module for storing encryption keys
and other secure information.