Glossary of Terms

Glossary of Terms

Term Meaning
absolute limit  Impassable limits for guest VMs. Settings include total RAM size, maximum number of vCPUs, and maximum disk size.
access control list (ACL)  A list of permissions attached to an object. An ACL specifies which users or system processes have access to objects. It also defines which operations can be performed on specified objects. Each entry in a typical ACL specifies a subject and an operation. For instance, the ACL entry (Alice, delete) for a file gives Alice permission to delete the file.
access key  Alternative term for an Amazon EC2 access key. See EC2 access key.
Access Token An authorization mechanism created by the Data Portal to access data.
address pool  A group of fixed and/or floating IP addresses that are assigned to a project and can be used by or assigned to the VM instances in a project.
administrator  The person responsible for installing, configuring, and managing an OpenStack cloud.
allocate  The process of taking a floating IP address from the address pool so it can be associated with a fixed IP on a guest VM instance.
API endpoint  The daemon, worker, or service that a client communicates with to access an API. API endpoints can provide any number of services, such as authentication, sales data, performance meters, Compute VM commands, census data, and so on.
API key  Alternative term for an API token.
API server  Any node running a daemon or worker that provides an API endpoint.
API token  Passed to API requests and used by OpenStack to verify that the client is authorized to run the requested operation.
API version  In OpenStack, the API version for a project is part of the URL. For example, example.com/nova/v1/foobar.
Application Programming Interface (API)  A collection of specifications used to access a service, application, or program. Includes service calls, required parameters for each call, and the expected return values.
Address Resolution Protocol (ARP)  The protocol by which layer-3 IP addresses are resolved into layer-2 link local addresses.
arptables  Tool used for maintaining Address Resolution Protocol packet filter rules in the Linux kernel firewall modules. Used along with iptables, ebtables, and ip6tables in Compute to provide firewall services for VMs.
associate  The process associating a Compute floating IP address with a fixed IP address.
attach  The process of connecting a VIF or vNIC to a L2 network in Networking. In the context of Compute, this process connects a storage volume to an instance.
attachment (network)  Association of an interface ID to a logical port. Plugs an interface into a port.
authentication  The process that confirms that the user, process, or client is really who they say they are through private key, secret token, password, fingerprint, or similar method.
authentication token  A string of text provided to the client after authentication. Must be provided by the user or process in subsequent requests to the API endpoint.
authorization  The act of verifying that a user, process, or client is authorized to perform an action.
availability zone  An Amazon EC2 concept of an isolated area that is used for fault tolerance. Do not confuse with an OpenStack Compute zone or cell.
AWS CloudFormation template  AWS CloudFormation allows Amazon Web Services (AWS) users to create and manage a collection of related resources. The Orchestration service supports a CloudFormation-compatible format (CFN).
back end  Interactions and processes that are obfuscated from the user, such as Compute volume mount, data transmission to an iSCSI target by a daemon, or Object Storage object integrity checks.
back-end catalog  The storage method used by the Identity service catalog service to store and retrieve information about API endpoints that are available to the client. Examples include an SQL database, LDAP database, or KVS back end.
back-end store  The persistent data store used to save and retrieve information for a service, such as lists of Object Storage objects, current state of guest VMs, lists of user names, and so on. Also, the method that the Image service uses to get and store VM images. Options include Object Storage, locally mounted file system, RADOS block devices, VMware datastore, and HTTP.
bandwidth  The amount of available data used by communication resources, such as the Internet. Represents the amount of data that is used to download things or the amount of data available to download.
Bare Metal service (ironic)  The OpenStack service that provides a service and associated libraries capable of managing and provisioning physical machines in a security-aware and fault-tolerant manner.
base image  An OpenStack-provided image.
binary  Information that consists solely of ones and zeroes, which is the language of computers.
bit  A bit is a single digit number that is in base of 2 (either a zero or one). Bandwidth usage is measured in bits per second.
bits per second (BPS)  The universal measurement of how quickly data is transferred from place to place.
block device  A device that moves data in the form of blocks. These device nodes interface the devices, such as hard disks, CD-ROM drives, flash drives, and other addressable regions of memory.
block migration  A method of VM live migration used by KVM to evacuate instances from one host to another with very little downtime during a user-initiated switchover. Does not require shared storage. Supported by Compute.
Block Storage service (cinder)  The OpenStack service that implement services and libraries to provide on-demand, self-service access to Block Storage resources via abstraction and automation on top of other block storage devices.
Block Storage API  An API on a separate endpoint for attaching, detaching, and creating block storage for compute VMs.
bootable disk image  A type of VM image that exists as a single, bootable file.
Bootstrap Protocol (BOOTP)  A network protocol used by a network client to obtain an IP address from a configuration server. Provided in Compute through the dnsmasq daemon when using either the FlatDHCP manager or VLAN manager network manager.
browser  Any client software that enables a computer or device to access the Internet.
Bundle ID An identifier that refers to a submission bundle of related files. Typically the files produced by analysis workflows are packaged as a single unit. However, when a bundle is imported into a cloud repository each file in the bundle is given its own Object ID.
bursting  The practice of utilizing a secondary environment to elastically build instances on-demand when the primary environment is resource constrained.
byte  Set of bits that make up a single character; there are usually 8 bits to a byte.
capacity cache  A Compute back-end database table that contains the current workload, amount of free RAM, and number of VMs running on each host. Used to determine on which host a VM starts.
catalog  A list of API endpoints that are available to a user after authentication with the Identity service.
catalog service  An Identity service that lists API endpoints that are available to a user after authentication with the Identity service.
ceilometer  Part of the OpenStack Telemetry service; gathers and stores metrics from other OpenStack services.
CentOS  A Linux distribution that is compatible with OpenStack.
Ceph  Massively scalable distributed storage system that consists of an object store, block store, and POSIX-compatible distributed file system. Compatible with OpenStack.
CephFS  The POSIX-compliant file system provided by Ceph.
chance scheduler  A scheduling method used by Compute that randomly chooses an available host from the pool.
changes since  A Compute API parameter that downloads changes to the requested item since your last request, instead of downloading a new, fresh set of data and comparing it against the old data.
cinder  Codename for Block Storage service.
CirrOS  A minimal Linux distribution designed for use as a test image on clouds such as OpenStack.
cloud architect  A person who plans, designs, and oversees the creation of clouds.
Cloud Auditing Data Federation (CADF)  Cloud Auditing Data Federation (CADF) is a specification for audit event data. CADF is supported by OpenStack Identity.
cloud computing  A model that enables access to a shared pool of configurable computing resources, such as networks, servers, storage, applications, and services, that can be rapidly provisioned and released with minimal management effort or service provider interaction.
cloud controller  Collection of Compute components that represent the global state of the cloud; talks to services, such as Identity authentication, Object Storage, and node/storage workers through a queue.
cloud controller node  A node that runs network, volume, API, scheduler, and image services. Each service may be broken out into separate nodes for scalability or availability.
cloud-init  A package commonly installed in VM images that performs initialization of an instance after boot using information that it retrieves from the metadata service, such as the SSH public key and user data.
cloudadmin  One of the default roles in the Compute RBAC system. Grants complete system access.
Common Internet File System (CIFS)  A file sharing protocol. It is a public or open variation of the original Server Message Block (SMB) protocol developed and used by Microsoft. Like the SMB protocol, CIFS runs at a higher level and uses the TCP/IP protocol.
compression  Reducing the size of files by special encoding, the file can be decompressed again to its original content. OpenStack supports compression at the Linux file system level but does not support compression for things such as Object Storage objects or Image service VM images.
Compute service (nova)  The OpenStack core project that implements services and associated libraries to provide massively-scalable, on-demand, self-service access to compute resources, including bare metal, virtual machines, and containers.
Compute API (Nova API)  The nova-api daemon provides access to nova services. Can communicate with other APIs, such as the Amazon EC2 API.
compute controller  The Compute component that chooses suitable hosts on which to start VM instances.
compute host  Physical host dedicated to running compute nodes.
Compute Instance A user virtual machine operating in a cloud environment.
compute node  A node that runs the nova-compute daemon that manages VM instances that provide a wide range of services, such as web applications and analytics.
Compute service  Name for the Compute component that manages VMs.
compute worker  The Compute component that runs on each compute node and manages the VM instance lifecycle, including run, reboot, terminate, attach/detach volumes, and so on. Provided by the nova-compute daemon.
conductor  In Compute, conductor is the process that proxies database requests from the compute process. Using conductor improves security because compute nodes do not need direct access to the database.
console log  Contains the output from a Linux VM console in Compute.
container  Organizes and stores objects in Object Storage. Similar to the concept of a Linux directory but cannot be nested. Alternative term for an Image service container format.
content delivery network (CDN)  A content delivery network is a specialized network that is used to distribute content to clients, typically located close to the client for increased performance.
controller node  Alternative term for a cloud controller node.
core API  Depending on context, the core API is either the OpenStack API or the main API of a specific core project, such as Compute, Networking, Image service, and so on.
core service  An official OpenStack service defined as core by DefCore Committee. Currently, consists of Block Storage service (cinder), Compute service (nova), Identity service (keystone), Image service (glance), Networking service (neutron), and Object Storage service (swift).
cost  Under the Compute distributed scheduler, this is calculated by looking at the capabilities of each host relative to the flavor of the VM instance being requested.
credentials  Data that is only known to or accessible by a user and used to verify that the user is who he says he is. Credentials are presented to the server during authentication. Examples include a password, secret key, digital certificate, and fingerprint.
Cross-Origin Resource Sharing (CORS)  A mechanism that allows many resources (for example, fonts, JavaScript) on a web page to be requested from another domain outside the domain from which the resource originated. In particular, JavaScript‚Äôs AJAX calls can use the XMLHttpRequest mechanism.
current workload  An element of the Compute capacity cache that is calculated based on the number of build, snapshot, migrate, and resize operations currently in progress on a given host.
customer  Alternative term for project.
customization module  A user-created Python module that is loaded by horizon to change the look and feel of the dashboard.
DACO The Data Access Compliance Office which handles requests from researchers for access to controlled data from the ICGC.
DACO Cloud Access DACO access with supplemental approved Cloud Access status.
daemon  A process that runs in the background and waits for requests. May or may not listen on a TCP or UDP port. Do not confuse with a worker.
Dashboard (horizon)  OpenStack project which provides an extensible, unified, web-based user interface for all OpenStack services.
data encryption  Both Image service and Compute support encrypted virtual machine (VM) images (but not instances). In-transit data encryption is supported in OpenStack using technologies such as HTTPS, SSL, TLS, and SSH. Object Storage does not support object encryption at the application level but may support storage that uses disk encryption.
Database service (trove)  An integrated project that provides scalable and reliable Cloud Database-as-a-Service functionality for both relational and non-relational database engines.
Data Portal The ICGC data portal located at   https://dcc.icgc.org.
Data Processing service  OpenStack project that provides a scalable data-processing stack and associated management interfaces. The code name for the project is sahara.
data store  A database engine supported by the Database service.
DCC The ICGC Data Coordination Center (  DCC) performs quality assessment, curation and data releases and also manages the data flow from projects and centers to the central ICGC database and public repositories.
deallocate  The process of removing the association between a floating IP address and a fixed IP address. Once this association is removed, the floating IP returns to the address pool.
Debian  A Linux distribution that is compatible with OpenStack.
deduplication  The process of finding duplicate data at the disk block, file, and/or object level to minimize storage use‚Äîcurrently unsupported within OpenStack.
default panel  The default panel that is displayed when a user accesses the horizon dashboard.
default project  New users are assigned to this project if no project is specified when a user is created.
default token  An Identity service token that is not associated with a specific project and is exchanged for a scoped token.
delayed delete  An option within Image service so that an image is deleted after a predefined number of seconds instead of immediately.
delivery mode  Setting for the Compute RabbitMQ message delivery mode; can be set to either transient or persistent.
denial of service (DoS)  Denial of service (DoS) is a short form for denial-of-service attack. This is a malicious attempt to prevent legitimate users from using a service.
deprecated auth  An option within Compute that enables administrators to create and manage users through the nova-manage command as opposed to using the Identity service.
designate  Code name for the DNS service project for OpenStack.
developer  One of the default roles in the Compute RBAC system and the default role assigned to a new user.
device ID  Maps Object Storage partitions to physical storage devices.
device weight  Distributes partitions proportionately across Object Storage devices based on the storage capacity of each device.
DHCP agent  OpenStack Networking agent that provides DHCP services for virtual networks.
direct consumer  An element of the Compute RabbitMQ that comes to life when a RPC call is executed. It connects to a direct exchange through a unique exclusive queue, sends the message, and terminates.
direct exchange  A routing table that is created within the Compute RabbitMQ during RPC calls; one is created for each RPC call that is invoked.
direct publisher  Element of RabbitMQ that provides a response to an incoming MQ message.
disassociate  The process of removing the association between a floating IP address and fixed IP and thus returning the floating IP address to the address pool.
Discretionary Access Control (DAC)  Governs the ability of subjects to access objects, while enabling users to make policy decisions and assign security attributes. The traditional UNIX system of users, groups, and read-write-execute permissions is an example of DAC.
disk encryption  The ability to encrypt data at the file system, disk partition, or whole-disk level. Supported within Compute VMs.
disk format  The underlying format that a disk image for a VM is stored as within the Image service back-end store. For example, AMI, ISO, QCOW2, VMDK, and so on.
dispersion  In Object Storage, tools to test and ensure dispersion of objects and containers to ensure fault tolerance.
distributed virtual router (DVR)  Mechanism for highly available multi-host routing when using OpenStack Networking (neutron).
Django  A web framework used extensively in horizon.
DNS record  A record that specifies information about a particular domain and belongs to the domain.
DNS service  OpenStack project that provides scalable, on demand, self service access to authoritative DNS services, in a technology-agnostic manner. The code name for the project is designate.
dnsmasq  Daemon that provides DNS, DHCP, BOOTP, and TFTP services for virtual networks.
domain  An Identity API v3 entity. Represents a collection of projects, groups and users that defines administrative boundaries for managing OpenStack Identity entities. On the Internet, separates a website from other sites. Often, the domain name has two or more parts that are separated by dots. For example, yahoo.com, usa.gov, harvard.edu, or mail.yahoo.com. Also, a domain is an entity or container of all DNS-related information containing one or more records.
Domain Name System (DNS)  A system by which Internet domain name-to-address and address-to-name resolutions are determined. DNS helps navigate the Internet by translating the IP address into an address that is easier to remember. For example, translating 111.111.111.1 into www.yahoo.com. All domains and their components, such as mail servers, utilize DNS to resolve to the appropriate locations. DNS servers are usually set up in a master-slave relationship such that failure of the master invokes the slave. DNS servers might also be clustered or replicated such that changes made to one DNS server are automatically propagated to other active servers. In Compute, the support that enables associating DNS entries with floating IP addresses, nodes, or cells so that hostnames are consistent across reboots.
download  The transfer of data, usually in the form of files, from one computer to another.
durable exchange  The Compute RabbitMQ message exchange that remains active when the server restarts.
durable queue  A Compute RabbitMQ message queue that remains active when the server restarts.
Dynamic Host Configuration Protocol (DHCP)  A network protocol that configures devices that are connected to a network so that they can communicate on that network by using the Internet Protocol (IP). The protocol is implemented in a client-server model where DHCP clients request configuration data, such as an IP address, a default route, and one or more DNS server addresses from a DHCP server. A method to automatically configure networking for a host at boot time. Provided by both Networking and Compute.
Dynamic HyperText Markup Language (DHTML)  Pages that use HTML, JavaScript, and Cascading Style Sheets to enable users to interact with a web page or show simple animation.
east-west traffic  Network traffic between servers in the same cloud or data center. See also north-south traffic.
EBS boot volume  An Amazon EBS storage volume that contains a bootable VM image, currently unsupported in OpenStack.
ebtables  Filtering tool for a Linux bridging firewall, enabling filtering of network traffic passing through a Linux bridge. Used in Compute along with arptables, iptables, and ip6tables to ensure isolation of network communications.
EC2  The Amazon commercial compute product, similar to Compute.
EC2 access key  Used along with an EC2 secret key to access the Compute EC2 API.
EC2 API  OpenStack supports accessing the Amazon EC2 API through Compute.
EC2 Compatibility API  A Compute component that enables OpenStack to communicate with Amazon EC2.
EC2 secret key  Used along with an EC2 access key when communicating with the Compute EC2 API; used to digitally sign each request.
Elastic Block Storage (EBS)  The Amazon commercial block storage product.
encryption  OpenStack supports encryption technologies such as HTTPS, SSH, SSL, TLS, digital certificates, and data encryption.
endpoint  See API endpoint.
endpoint registry  Alternative term for an Identity service catalog.
encapsulation  The practice of placing one packet type within another for the purposes of abstracting or securing data. Examples include GRE, MPLS, or IPsec.
endpoint template  A list of URL and port number endpoints that indicate where a service, such as Object Storage, Compute, Identity, and so on, can be accessed.
entity  Any piece of hardware or software that wants to connect to the network services provided by Networking, the network connectivity service. An entity can make use of Networking by implementing a VIF.
ephemeral image  A VM image that does not save changes made to its volumes and reverts them to their original state after the instance is terminated.
ephemeral volume  Volume that does not save the changes made to it and reverts to its original state when the current user relinquishes control.
ESXi  An OpenStack-supported hypervisor.
ETag  MD5 hash of an object within Object Storage, used to ensure data integrity.
euca2ools  A collection of command-line tools for administering VMs; most are compatible with OpenStack.
Eucalyptus Kernel Image (EKI)  Used along with an ERI to create an EMI.
Eucalyptus Machine Image (EMI)  VM image container format supported by Image service.
Eucalyptus Ramdisk Image (ERI)  Used along with an EKI to create an EMI.
evacuate  The process of migrating one or all virtual machine (VM) instances from one host to another, compatible with both shared storage live migration and block migration.
exchange  Alternative term for a RabbitMQ message exchange.
exchange type  A routing algorithm in the Compute RabbitMQ.
exclusive queue  Connected to by a direct consumer in RabbitMQ‚ÄîCompute, the message can be consumed only by the current connection.
extended attributes (xattr)  File system option that enables storage of additional information beyond owner, group, permissions, modification time, and so on. The underlying Object Storage file system must support extended attributes.
extension  Alternative term for an API extension or plug-in. In the context of Identity service, this is a call that is specific to the implementation, such as adding support for OpenID.
external network  A network segment typically used for instance Internet access.
extra specs  Specifies additional requirements when Compute determines where to start a new instance. Examples include a minimum amount of network bandwidth or a GPU.
fan-out exchange  Within RabbitMQ and Compute, it is the messaging interface that is used by the scheduler service to receive capability messages from the compute, volume, and network nodes.
federated identity  A method to establish trusts between identity providers and the OpenStack cloud.
Fedora  A Linux distribution compatible with OpenStack.
Fibre Channel  Storage protocol similar in concept to TCP/IP; encapsulates SCSI commands and data.
Fibre Channel over Ethernet (FCoE)  The fibre channel protocol tunneled within Ethernet.
fill-first scheduler  The Compute scheduling method that attempts to fill a host with VMs rather than starting new VMs on a variety of hosts.
filter  The step in the Compute scheduling process when hosts that cannot run VMs are eliminated and not chosen.
firewall  Used to restrict communications between hosts and/or nodes, implemented in Compute using iptables, arptables, ip6tables, and ebtables.
FireWall-as-a-Service (FWaaS)  A Networking extension that provides perimeter firewall functionality.
fixed IP address  An IP address that is associated with the same instance each time that instance boots, is generally not accessible to end users or the public Internet, and is used for management of the instance.
Flat Manager  The Compute component that gives IP addresses to authorized nodes and assumes DHCP, DNS, and routing configuration and services are provided by something else.
flat mode injection  A Compute networking method where the OS network configuration information is injected into the VM image before the instance starts.
flat network  Virtual network type that uses neither VLANs nor tunnels to segregate project traffic. Each flat network typically requires a separate underlying physical interface defined by bridge mappings. However, a flat network can contain multiple subnets.
FlatDHCP Manager  The Compute component that provides dnsmasq (DHCP, DNS, BOOTP, TFTP) and radvd (routing) services.
flavor  Alternative term for a VM instance type.
flavor ID  UUID for each Compute or Image service VM flavor or instance type.
floating IP address  An IP address that a project can associate with a VM so that the instance has the same public IP address each time that it boots. You create a pool of floating IP addresses and assign them to instances as they are launched to maintain a consistent IP address for maintaining DNS assignment.
Folsom  A grouped release of projects related to OpenStack that came out in the fall of 2012, the sixth release of OpenStack. It includes Compute (nova), Object Storage (swift), Identity (keystone), Networking (neutron), Image service (glance), and Volumes or Block Storage (cinder). Folsom is the code name for the sixth release of OpenStack. The design summit took place in San Francisco, California, US and Folsom is a nearby city.
FormPost  Object Storage middleware that uploads (posts) an image through a form on a web page.
freezer  OpenStack project that provides backup restore and disaster recovery as a service.
front end  The point where a user interacts with a service; can be an API endpoint, the horizon dashboard, or a command-line tool.
FUSE Filesystem in Userspace is an operating system mechanism for Unix-like computer operating systems that lets non-privileged users create their own file systems without editing kernel code.
gateway  An IP address, typically assigned to a router, that passes network traffic between different networks.
generic receive offload (GRO)  Feature of certain network interface drivers that combines many smaller received packets into a large packet before delivery to the kernel IP stack.
generic routing encapsulation (GRE)  Protocol that encapsulates a wide variety of network layer protocols inside virtual point-to-point links.
glance  A core project that provides the OpenStack Image service.
glance API server  Processes client requests for VMs, updates Image service metadata on the registry server, and communicates with the store adapter to upload VM images from the back-end store.
glance registry  Alternative term for the Image service image registry.
global endpoint template  The Identity service endpoint template that contains services available to all projects.
GlusterFS  A file system designed to aggregate NAS hosts, compatible with OpenStack.
gnocchi  Part of the OpenStack Telemetry service; provides an indexer and time-series database.
golden image  A method of operating system installation where a finalized disk image is created and then used by all nodes without modification.
Governance service  OpenStack project to provide Governance-as-a-Service across any collection of cloud services in order to monitor, enforce, and audit policy over dynamic infrastructure. The code name for the project is congress.
Graphic Interchange Format (GIF)  A type of image file that is commonly used for animated images on web pages.
Graphics Processing Unit (GPU)  Choosing a host based on the existence of a GPU is currently unsupported in OpenStack.
Green Threads  The cooperative threading model used by Python; reduces race conditions and only context switches when specific library calls are made. Each OpenStack service is its own thread.
Grizzly  The code name for the seventh release of OpenStack. The design summit took place in San Diego, California, US and Grizzly is an element of the state flag of California.
Group  An Identity v3 API entity. Represents a collection of users that is owned by a specific domain.
guest OS  An operating system instance running under the control of a hypervisor.
Hadoop  Apache Hadoop is an open source software framework that supports data-intensive distributed applications.
Hadoop Distributed File System (HDFS)  A distributed, highly fault-tolerant file system designed to run on low-cost commodity hardware.
handover  An object state in Object Storage where a new replica of the object is automatically created due to a drive failure.
hard reboot  A type of reboot where a physical or virtual power button is pressed as opposed to a graceful, proper shutdown of the operating system.
Havana  The code name for the eighth release of OpenStack. The design summit took place in Portland, Oregon, US and Havana is an unincorporated community in Oregon.
heat  Codename for the Orchestration service.
Heat Orchestration Template (HOT)  Heat input in the format native to OpenStack.
health monitor  Determines whether back-end members of a VIP pool can process a request. A pool can have several health monitors associated with it. When a pool has several monitors associated with it, all monitors check each member of the pool. All monitors must declare a member to be healthy for it to stay active.
high availability (HA)  A high availability system design approach and associated service implementation ensures that a prearranged level of operational performance will be met during a contractual measurement period. High availability systems seek to minimize system downtime and data loss.
horizon  Codename for the Dashboard.
horizon plug-in  A plug-in for the OpenStack dashboard (horizon).
host  A physical computer, not a VM instance (node).
host aggregate  A method to further subdivide availability zones into hypervisor pools, a collection of common hosts.
Host Bus Adapter (HBA)  Device plugged into a PCI slot, such as a fibre channel or network card.
hybrid cloud  A hybrid cloud is a composition of two or more clouds (private, community or public) that remain distinct entities but are bound together, offering the benefits of multiple deployment models. Hybrid cloud can also mean the ability to connect colocation, managed and/or dedicated services with cloud resources.
Hyper-V  One of the hypervisors supported by OpenStack.
hyperlink  Any kind of text that contains a link to some other site, commonly found in documents where clicking on a word or words opens up a different website.
Hypertext Transfer Protocol (HTTP)  An application protocol for distributed, collaborative, hypermedia information systems. It is the foundation of data communication for the World Wide Web. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext.
Hypertext Transfer Protocol Secure (HTTPS)  An encrypted communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the TLS or SSL protocol, thus adding the security capabilities of TLS or SSL to standard HTTP communications. Most OpenStack API endpoints and many inter-component communications support HTTPS communication.
hypervisor  Software that arbitrates and controls VM access to the actual underlying hardware.
hypervisor pool  A collection of hypervisors grouped together through host aggregates.
Icehouse  The code name for the ninth release of OpenStack. The design summit took place in Hong Kong and Ice House is a street in that city.
ID number  Unique numeric ID associated with each user in Identity, conceptually similar to a Linux or LDAP UID.
Identity API  Alternative term for the Identity service API.
Identity back end  The source used by Identity service to retrieve user information; an OpenLDAP server, for example.
identity provider  A directory service, which allows users to login with a user name and password. It is a typical source of authentication tokens.
Identity service (keystone)  The project that facilitates API client authentication, service discovery, distributed multi-tenant authorization, and auditing. It provides a central directory of users mapped to the OpenStack services they can access. It also registers endpoints for OpenStack services and acts as a common authentication system.
Identity service API  The API used to access the OpenStack Identity service provided through keystone.
image  A collection of files for a specific operating system (OS) that you use to create or rebuild a server. OpenStack provides pre-built images. You can also create custom images, or snapshots, from servers that you have launched. Custom images can be used for data backups or as ‚Äúgold‚Äù images for additional servers.
Image API  The Image service API endpoint for management of VM images.
image cache  Used by Image service to obtain images on the local host rather than re-downloading them from the image server each time one is requested.
image ID  Combination of a URI and UUID used to access Image service VM images through the image API.
image membership  A list of projects that can access a given VM image within Image service.
image owner  The project who owns an Image service virtual machine image.
image registry  A list of VM images that are available through Image service.
Image service  An OpenStack core project that provides discovery, registration, and delivery services for disk and server images. The project name of the Image service is glance.
Image service API  Alternative name for the glance image API.
image status  The current status of a VM image in Image service, not to be confused with the status of a running instance.
image store  The back-end store used by Image service to store VM images, options include Object Storage, locally mounted file system, RADOS block devices, VMware datastore, or HTTP.
image UUID  UUID used by Image service to uniquely identify each VM image.
incubated project  A community project may be elevated to this status and is then promoted to a core project.
Infrastructure-as-a-Service (IaaS)  IaaS is a provisioning model in which an organization outsources physical components of a data center, such as storage, hardware, servers, and networking components. A service provider owns the equipment and is responsible for housing, operating and maintaining it. The client typically pays on a per-use basis. IaaS is a model for providing cloud services.
ingress filtering  The process of filtering incoming network traffic. Supported by Compute.
INI format  The OpenStack configuration files use an INI format to describe options and their values. It consists of sections and key value pairs.
injection  The process of putting a file into a virtual machine image before the instance is started.
Input/Output Operations Per Second (IOPS)  IOPS are a common performance measurement used to benchmark computer storage devices like hard disk drives, solid state drives, and storage area networks.
instance  A running VM, or a VM in a known state such as suspended, that can be used like a hardware server.
instance ID  Alternative term for instance UUID.
instance state  The current state of a guest VM image.
instance tunnels network  A network segment used for instance traffic tunnels between compute nodes and the network node.
instance type  Describes the parameters of the various virtual machine images that are available to users; includes parameters such as CPU, storage, and memory. Alternative term for flavor.
instance type ID  Alternative term for a flavor ID.
instance UUID  Unique ID assigned to each guest VM instance.
Intelligent Platform Management Interface (IPMI)  IPMI is a standardized computer system interface used by system administrators for out-of-band management of computer systems and monitoring of their operation. In layman‚Äôs terms, it is a way to manage a computer using a direct network connection, whether it is turned on or not; connecting to the hardware rather than an operating system or login shell.
interface  A physical or virtual device that provides connectivity to another device or medium.
interface ID  Unique ID for a Networking VIF or vNIC in the form of a UUID.
Internet Control Message Protocol (ICMP)  A network protocol used by network devices for control messages. For example, ping uses ICMP to test connectivity.
Internet protocol (IP)  Principal communications protocol in the internet protocol suite for relaying datagrams across network boundaries.
Internet Service Provider (ISP)  Any business that provides Internet access to individuals or businesses.
Internet Small Computer System Interface (iSCSI)  Storage protocol that encapsulates SCSI frames for transport over IP networks. Supported by Compute, Object Storage, and Image service.
ironic  Codename for the Bare Metal service.
IP address  Number that is unique to every computer system on the Internet. Two versions of the Internet Protocol (IP) are in use for addresses: IPv4 and IPv6.
IP Address Management (IPAM)  The process of automating IP address allocation, deallocation, and management. Currently provided by Compute, melange, and Networking.
ip6tables  Tool used to set up, maintain, and inspect the tables of IPv6 packet filter rules in the Linux kernel. In OpenStack Compute, ip6tables is used along with arptables, ebtables, and iptables to create firewalls for both nodes and VMs.
ipset  Extension to iptables that allows creation of firewall rules that match entire ‚Äúsets‚Äù of IP addresses simultaneously. These sets reside in indexed data structures to increase efficiency, particularly on systems with a large quantity of rules.
iptables  Used along with arptables and ebtables, iptables create firewalls in Compute. iptables are the tables provided by the Linux kernel firewall (implemented as different Netfilter modules) and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols: iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames. Requires root privilege to manipulate.
iSCSI Qualified Name (IQN)  IQN is the format most commonly used for iSCSI names, which uniquely identify nodes in an iSCSI network. All IQNs follow the pattern iqn.yyyy-mm.domain:identifier, where ‚Äòyyyy-mm‚Äô is the year and month in which the domain was registered, ‚Äòdomain‚Äô is the reversed domain name of the issuing organization, and ‚Äòidentifier‚Äô is an optional string which makes each IQN under the same domain unique. For example, ‚Äòiqn.2015-10.org.openstack.408ae959bce1‚Äô.
ISO9660  One of the VM image disk formats supported by Image service.
itsec  A default role in the Compute RBAC system that can quarantine an instance in any project.
Java  A programming language that is used to create systems that involve more than one computer by way of a network.
JavaScript  A scripting language that is used to build web pages.
JavaScript Object Notation (JSON)  One of the supported response formats in OpenStack.
Jenkins  Tool used to run jobs automatically for OpenStack development.
jumbo frame  Feature in modern Ethernet networks that supports frames up to approximately 9000 bytes.
Juno  The code name for the tenth release of OpenStack. The design summit took place in Atlanta, Georgia, US and Juno is an unincorporated community in Georgia.
Kerberos  A network authentication protocol which works on the basis of tickets. Kerberos allows nodes communication over a non-secure network, and allows nodes to prove their identity to one another in a secure manner.
kernel-based VM (KVM)  An OpenStack-supported hypervisor. KVM is a full virtualization solution for Linux on x86 hardware containing virtualization extensions (Intel VT or AMD-V), ARM, IBM Power, and IBM zSeries. It consists of a loadable kernel module, that provides the core virtualization infrastructure and a processor specific module.
Key Manager service (barbican)  The project that produces a secret storage and generation system capable of providing key management for services wishing to enable encryption features.
keystone  Codename of the Identity service.
Kickstart  A tool to automate system configuration and installation on Red Hat, Fedora, and CentOS-based Linux distributions.
large object  An object within Object Storage that is larger than 5 GB.
Launchpad  The collaboration site for OpenStack.
Layer-2 network  Term used in the OSI network architecture for the data link layer. The data link layer is responsible for media access control, flow control and detecting and possibly correcting errors that may occur in the physical layer.
Layer-3 network  Term used in the OSI network architecture for the network layer. The network layer is responsible for packet forwarding including routing from one node to another.
Layer-2 (L2) agent  OpenStack Networking agent that provides layer-2 connectivity for virtual networks.
Layer-3 (L3) agent  OpenStack Networking agent that provides layer-3 (routing) services for virtual networks.
Liberty  The code name for the twelfth release of OpenStack. The design summit took place in Vancouver, Canada and Liberty is the name of a village in the Canadian province of Saskatchewan.
libvirt  Virtualization API library used by OpenStack to interact with many of its supported hypervisors.
Lightweight Directory Access Protocol (LDAP)  An application protocol for accessing and maintaining distributed directory information services over an IP network.
Linux bridge  Software that enables multiple VMs to share a single physical NIC within Compute.
Linux Bridge neutron plug-in  Enables a Linux bridge to understand a Networking port, interface attachment, and other abstractions.
Linux containers (LXC)  An OpenStack-supported hypervisor.
live migration  The ability within Compute to move running virtual machine instances from one host to another with only a small service interruption during switchover.
load balancer  A load balancer is a logical device that belongs to a cloud account. It is used to distribute workloads between multiple back-end systems or services, based on the criteria defined as part of its configuration.
load balancing  The process of spreading client requests between two or more nodes to improve performance and availability.
Load-Balancer-as-a-Service (LBaaS)  Enables Networking to distribute incoming requests evenly between designated instances.
Logical Volume Manager (LVM)  Provides a method of allocating space on mass-storage devices that is more flexible than conventional partitioning schemes.
magnum  Code name for the OpenStack project that provides the Containers Service.
management API  Alternative term for an admin API.
management network  A network segment used for administration, not accessible to the public Internet.
manager  Logical groupings of related code, such as the Block Storage volume manager or network manager.
manifest  Used to track segments of a large object within Object Storage.
manifest object  A special Object Storage object that contains the manifest for a large object.
manila  OpenStack project that provides shared file systems as service to applications.
manila-share  Responsible for managing Shared File System Service devices, specifically the back-end devices.
maximum transmission unit (MTU)  Maximum frame or packet size for a particular network medium. Typically 1500 bytes for Ethernet networks.
mechanism driver  A driver for the Modular Layer 2 (ML2) neutron plug-in that provides layer-2 connectivity for virtual instances. A single OpenStack installation can use multiple mechanism drivers.
melange  Project name for OpenStack Network Information Service. To be merged with Networking.
membership  The association between an Image service VM image and a project. Enables images to be shared with specified projects.
membership list  A list of projects that can access a given VM image within Image service.
memcached  A distributed memory object caching system that is used by Object Storage for caching.
memory overcommit  The ability to start new VM instances based on the actual memory usage of a host, as opposed to basing the decision on the amount of RAM each running instance thinks it has available. Also known as RAM overcommit.
message broker  The software package used to provide AMQP messaging capabilities within Compute. Default package is RabbitMQ.
message bus  The main virtual communication line used by all AMQP messages for inter-cloud communications within Compute.
message queue  Passes requests from clients to the appropriate workers and returns the output to the client after the job completes.
Message service (zaqar)  The project that provides a messaging service that affords a variety of distributed application patterns in an efficient, scalable and highly available manner, and to create and maintain associated Python libraries and documentation.
Metadata agent  OpenStack Networking agent that provides metadata services for instances.
Meta-Data Server (MDS)  Stores CephFS metadata.
migration  The process of moving a VM instance from one host to another.
mistral  Code name for Workflow service.
Mitaka  The code name for the thirteenth release of OpenStack. The design summit took place in Tokyo, Japan. Mitaka is a city in Tokyo.
monasca  Codename for OpenStack Monitoring.
multi-host  High-availability mode for legacy (nova) networking. Each compute node handles NAT and DHCP and acts as a gateway for all of the VMs on it. A networking failure on one compute node doesn‚Äôt affect VMs on other compute nodes.
multinic  Facility in Compute that allows each virtual machine instance to have more than one VIF connected to it.
murano  Codename for the Application Catalog service.
Modular Layer 2 (ML2) neutron plug-in  Can concurrently use multiple layer-2 networking technologies, such as 802.1Q and VXLAN, in Networking.
Monitor (LBaaS)  LBaaS feature that provides availability monitoring using the ping command, TCP, and HTTP/HTTPS GET.
Monitor (Mon)  A Ceph component that communicates with external clients, checks data state and consistency, and performs quorum functions.
Monitoring (monasca)  The OpenStack service that provides a multi-tenant, highly scalable, performant, fault-tolerant monitoring-as-a-service solution for metrics, complex event processing and logging. To build an extensible platform for advanced monitoring services that can be used by both operators and tenants to gain operational insight and visibility, ensuring availability and stability.
multi-factor authentication  Authentication method that uses two or more credentials, such as a password and a private key. Currently not supported in Identity.
MultiNic  Facility in Compute that enables a virtual machine instance to have more than one VIF connected to it.
Nebula  Released as open source by NASA in 2010 and is the basis for Compute.
netadmin  One of the default roles in the Compute RBAC system. Enables the user to allocate publicly accessible IP addresses to instances and change firewall rules.
NetApp volume driver  Enables Compute to communicate with NetApp storage devices through the NetApp OnCommand Provisioning Manager.
network  A virtual network that provides connectivity between entities. For example, a collection of virtual ports that share network connectivity. In Networking terminology, a network is always a layer-2 network.
Network Address Translation (NAT)  Process of modifying IP address information while in transit. Supported by Compute and Networking.
network controller  A Compute daemon that orchestrates the network configuration of nodes, including IP addresses, VLANs, and bridging. Also manages routing for both public and private networks.
Network File System (NFS)  A method for making file systems available over the network. Supported by OpenStack.
network ID  Unique ID assigned to each network segment within Networking. Same as network UUID.
network manager  The Compute component that manages various network components, such as firewall rules, IP address allocation, and so on.
network namespace  Linux kernel feature that provides independent virtual networking instances on a single host with separate routing tables and interfaces. Similar to virtual routing and forwarding (VRF) services on physical network equipment.
network node  Any compute node that runs the network worker daemon.
network segment  Represents a virtual, isolated OSI layer-2 subnet in Networking.
Network Time Protocol (NTP)  Method of keeping a clock for a host or node correct via communication with a trusted, accurate time source.
Newton  The code name for the fourteenth release of OpenStack. The design summit took place in Austin, Texas, US. The release is named after ‚ÄúNewton House‚Äù which is located at 1013 E. Ninth St., Austin, TX. which is listed on the National Register of Historic Places.
network UUID  Unique ID for a Networking network segment.
network worker  The nova-network worker daemon; provides services such as giving an IP address to a booting nova instance.
Networking service (neutron)  The OpenStack project which implements services and associated libraries to provide on-demand, scalable, and technology-agnostic network abstraction.
Networking API (Neutron API)  API used to access OpenStack Networking. Provides an extensible architecture to enable custom plug-in creation.
neutron  Codename for OpenStack Networking service.
neutron API  An alternative name for Networking API.
neutron manager  Enables Compute and Networking integration, which enables Networking to perform network management for guest VMs.
neutron plug-in  Interface within Networking that enables organizations to create custom plug-ins for advanced features, such as QoS, ACLs, or IDS.
Nexenta volume driver  Provides support for NexentaStor devices in Compute.
Nginx  An HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server.
No ACK  Disables server-side message acknowledgment in the Compute RabbitMQ. Increases performance but decreases reliability.
node  A VM instance that runs on a host.
non-durable exchange  Message exchange that is cleared when the service restarts. Its data is not written to persistent storage.
non-durable queue  Message queue that is cleared when the service restarts. Its data is not written to persistent storage.
non-persistent volume  Alternative term for an ephemeral volume.
north-south traffic  Network traffic between a user or client (north) and a server (south), or traffic into the cloud (south) and out of the cloud (north). See also east-west traffic.
nova  Codename for OpenStack Compute service.
Nova API  Alternative term for the Compute API.
nova-network  A Compute component that manages IP address allocation, firewalls, and other network-related tasks. This is the legacy networking option and an alternative to Networking.
object  A BLOB of data held by Object Storage; can be in any format.
Ocata  The code name for the fifteenth release of OpenStack. The design summit will take place in Barcelona, Spain. Ocata is a beach north of Barcelona.
Oldie  Term for an Object Storage process that runs for a long time. Can indicate a hung process.
Open Cloud Computing Interface (OCCI)  A standardized interface for managing compute, data, and network resources, currently unsupported in OpenStack.
Open Virtualization Format (OVF)  Standard for packaging VM images. Supported in OpenStack.
Open vSwitch  Open vSwitch is a production quality, multilayer virtual switch licensed under the open source Apache 2.0 license. It is designed to enable massive network automation through programmatic extension, while still supporting standard management interfaces and protocols (for example NetFlow, sFlow, SPAN, RSPAN, CLI, LACP, 802.1ag).
Open vSwitch (OVS) agent  Provides an interface to the underlying Open vSwitch service for the Networking plug-in.
Open vSwitch neutron plug-in  Provides support for Open vSwitch in Networking.
OpenLDAP  An open source LDAP server. Supported by both Compute and Identity.
OpenStack  OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a data center, all managed through a dashboard that gives administrators control while empowering their users to provision resources through a web interface. OpenStack is an open source project licensed under the Apache License 2.0.
OpenStack code name  Each OpenStack release has a code name. Code names ascend in alphabetical order: Austin, Bexar, Cactus, Diablo, Essex, Folsom, Grizzly, Havana, Icehouse, Juno, Kilo, Liberty, Mitaka, Newton, Ocata, Pike, and Queens. Code names are cities or counties near where the corresponding OpenStack design summit took place. An exception, called the Waldon exception, is granted to elements of the state flag that sound especially cool. Code names are chosen by popular vote.
openSUSE  A Linux distribution that is compatible with OpenStack.
operator  The person responsible for planning and maintaining an OpenStack installation.
optional service  An official OpenStack service defined as optional by DefCore Committee. Currently, consists of Dashboard (horizon), Telemetry service (Telemetry), Orchestration service (heat), Database service (trove), Bare Metal service (ironic), and so on.
Orchestration service (heat)  The OpenStack service which orchestrates composite cloud applications using a declarative template format through an OpenStack-native REST API.
orphan  In the context of Object Storage, this is a process that is not terminated after an upgrade, restart, or reload of the service.
Oslo  OpenStack project that produces a set of Python libraries containing code shared by OpenStack projects.
panko  Part of the OpenStack Telemetry service; provides event storage.
parent cell  If a requested resource, such as CPU time, disk storage, or memory, is not available in the parent cell, the request is forwarded to associated child cells.
partition  A unit of storage within Object Storage used to store objects. It exists on top of devices and is replicated for fault tolerance.
partition index  Contains the locations of all Object Storage partitions within the ring.
partition shift value  Used by Object Storage to determine which partition data should reside on.
path MTU discovery (PMTUD)  Mechanism in IP networks to detect end-to-end MTU and adjust packet size accordingly.
pause  A VM state where no changes occur (no changes in memory, network communications stop, etc); the VM is frozen but not shut down.
PCI passthrough  Gives guest VMs exclusive access to a PCI device. Currently supported in OpenStack Havana and later releases.
persistent message  A message that is stored both in memory and on disk. The message is not lost after a failure or restart.
persistent volume  Changes to these types of disk volumes are saved.
personality file  A file used to customize a Compute instance. It can be used to inject SSH keys or a specific network configuration.
Pike  The code name for the sixteenth release of OpenStack. The design summit will take place in Boston, Massachusetts, US. The release is named after the Massachusetts Turnpike, abbreviated commonly as the Mass Pike, which is the eastermost stretch of Interstate 90.
Platform-as-a-Service (PaaS)  Provides to the consumer the ability to deploy applications through a programming language or tools supported by the cloud platform provider. An example of Platform-as-a-Service is an Eclipse/Java programming platform provided with no downloads required.
plug-in  Software component providing the actual implementation for Networking APIs, or for Compute APIs, depending on the context.
policy service  Component of Identity that provides a rule-management interface and a rule-based authorization engine.
pool  A logical set of devices, such as web servers, that you group together to receive and process traffic. The load balancing function chooses which member of the pool handles the new requests or connections received on the VIP address. Each VIP has one pool.
pool member  An application that runs on the back-end server in a load-balancing system.
port  A virtual network port within Networking; VIFs / vNICs are connected to a port.
port UUID  Unique ID for a Networking port.
preseed  A tool to automate system configuration and installation on Debian-based Linux distributions.
private image  An Image service VM image that is only available to specified projects.
private IP address  An IP address used for management and administration, not available to the public Internet.
private network  The Network Controller provides virtual networks to enable compute servers to interact with each other and with the public network. All machines must have a public and private network interface. A private network interface can be a flat or VLAN network interface. A flat network interface is controlled by the flat_interface with flat managers. A VLAN network interface is controlled by the vlan_interface option with VLAN managers.
project  Projects represent the base unit of ‚Äúownership‚Äù in OpenStack, in that all resources in OpenStack should be owned by a specific project. In OpenStack Identity, a project must be owned by a specific domain.
project ID  Unique ID assigned to each project by the Identity service.
project VPN  Alternative term for a cloudpipe.
promiscuous mode  Causes the network interface to pass all traffic it receives to the host rather than passing only the frames addressed to it.
protected property  Generally, extra properties on an Image service image to which only cloud administrators have access. Limits which user roles can perform CRUD operations on that property. The cloud administrator can configure any image property as protected.
provider  An administrator who has access to all hosts and instances.
proxy node  A node that provides the Object Storage proxy service.
proxy server  Users of Object Storage interact with the service through the proxy server, which in turn looks up the location of the requested data within the ring and returns the results to the user.
public API  An API endpoint used for both service-to-service communication and end-user interactions.
public image  An Image service VM image that is available to all projects.
public IP address  An IP address that is accessible to end-users.
public key authentication  Authentication method that uses keys rather than passwords.
public network  The Network Controller provides virtual networks to enable compute servers to interact with each other and with the public network. All machines must have a public and private network interface. The public network interface is controlled by the public_interface option.
Puppet  An operating system configuration-management tool supported by OpenStack.
Python  Programming language used extensively in OpenStack.
QEMU Copy On Write 2 (QCOW2)  One of the VM image disk formats supported by Image service.
Qpid  Message queue software supported by OpenStack; an alternative to RabbitMQ.
Quality of Service (QoS)  The ability to guarantee certain network or storage requirements to satisfy a Service Level Agreement (SLA) between an application provider and end users. Typically includes performance requirements like networking bandwidth, latency, jitter correction, and reliability as well as storage performance in Input/Output Operations Per Second (IOPS), throttling agreements, and performance expectations at peak load.
quarantine  If Object Storage finds objects, containers, or accounts that are corrupt, they are placed in this state, are not replicated, cannot be read by clients, and a correct copy is re-replicated.
Queens  The code name for the seventeenth release of OpenStack. The design summit will take place in Sydney, Australia. The release is named after the Queens Pound river in the South Coast region of New South Wales.
Quick EMUlator (QEMU)  QEMU is a generic and open source machine emulator and virtualizer. One of the hypervisors supported by OpenStack, generally used for development purposes.
quota  In Compute and Block Storage, the ability to set resource limits on a per-project basis.
RabbitMQ  The default message queue software used by OpenStack.
Rackspace Cloud Files  Released as open source by Rackspace in 2010; the basis for Object Storage.
RADOS Block Device (RBD)  Ceph component that enables a Linux block device to be striped over multiple distributed data stores.
radvd  The router advertisement daemon, used by the Compute VLAN manager and FlatDHCP manager to provide routing services for VM instances.
rally  OpenStack project that provides the Benchmark service.
RAM filter  The Compute setting that enables or disables RAM overcommitment.
RAM overcommit  The ability to start new VM instances based on the actual memory usage of a host, as opposed to basing the decision on the amount of RAM each running instance thinks it has available. Also known as memory overcommit.
rate limit  Configurable option within Object Storage to limit database writes on a per-account and/or per-container basis.
raw  One of the VM image disk formats supported by Image service; an unstructured disk image.
rebalance  The process of distributing Object Storage partitions across all drives in the ring; used during initial ring creation and after ring reconfiguration.
reboot  Either a soft or hard reboot of a server. With a soft reboot, the operating system is signaled to restart, which enables a graceful shutdown of all processes. A hard reboot is the equivalent of power cycling the server. The virtualization platform should ensure that the reboot action has completed successfully, even in cases in which the underlying domain/VM is paused or halted/stopped.
rebuild  Removes all data on the server and replaces it with the specified image. Server ID and IP addresses remain the same.
Recon  An Object Storage component that collects meters.
record  Belongs to a particular domain and is used to specify information about the domain. There are several types of DNS records. Each record type contains particular information used to describe the purpose of that record. Examples include mail exchange (MX) records, which specify the mail server for a particular domain; and name server (NS) records, which specify the authoritative name servers for a domain.
record ID  A number within a database that is incremented each time a change is made. Used by Object Storage when replicating.
Red Hat Enterprise Linux (RHEL)  A Linux distribution that is compatible with OpenStack.
reference architecture  A recommended architecture for an OpenStack cloud.
region  A discrete OpenStack environment with dedicated API endpoints that typically shares only the Identity (keystone) with other regions.
registry  Alternative term for the Image service registry.
registry server  An Image service that provides VM image metadata information to clients.
Reliable, Autonomic Distributed Object Store (RADOS)  A collection of components that provides object storage within Ceph. Similar to OpenStack Object Storage.
Remote Procedure Call (RPC)  The method used by the Compute RabbitMQ for intra-service communications.
replica  Provides data redundancy and fault tolerance by creating copies of Object Storage objects, accounts, and containers so that they are not lost when the underlying storage fails.
replica count  The number of replicas of the data in an Object Storage ring.
replication  The process of copying data to a separate physical device for fault tolerance and performance.
replicator  The Object Storage back-end process that creates and manages object replicas.
request ID  Unique ID assigned to each request sent to Compute.
rescue image  A special type of VM image that is booted when an instance is placed into rescue mode. Allows an administrator to mount the file systems for an instance to correct the problem.
resize  Converts an existing server to a different flavor, which scales the server up or down. The original server is saved to enable rollback if a problem occurs. All resizes must be tested and explicitly confirmed, at which time the original server is removed.
RESTful  A kind of web service API that uses REST, or Representational State Transfer. REST is the style of architecture for hypermedia systems that is used for the World Wide Web.
ring  An entity that maps Object Storage data to partitions. A separate ring exists for each service, such as account, object, and container.
ring builder  Builds and manages rings within Object Storage, assigns partitions to devices, and pushes the configuration to other storage nodes.
Role Based Access Control (RBAC)  Provides a predefined list of actions that the user can perform, such as start or stop VMs, reset passwords, and so on. Supported in both Identity and Compute and can be configured using the horizon dashboard.
role  A personality that a user assumes to perform a specific set of operations. A role includes a set of rights and privileges. A user assuming that role inherits those rights and privileges.
role ID  Alphanumeric ID assigned to each Identity service role.
rootwrap  A feature of Compute that allows the unprivileged ‚Äúnova‚Äù user to run a specified list of commands as the Linux root user.
round-robin scheduler  Type of Compute scheduler that evenly distributes instances among available hosts.
router  A physical or virtual network device that passes network traffic between different networks.
routing key  The Compute direct exchanges, fanout exchanges, and topic exchanges use this key to determine how to process a message; processing varies depending on exchange type.
RPC driver  Modular system that allows the underlying message queue software of Compute to be changed. For example, from RabbitMQ to ZeroMQ or Qpid.
rsync  Used by Object Storage to push object replicas.
RXTX cap  Absolute limit on the amount of network traffic a Compute VM instance can send and receive.
RXTX quota  Soft limit on the amount of network traffic a Compute VM instance can send and receive.
sahara  OpenStack project that provides a scalable data-processing stack and associated management interfaces.
SAML assertion  Contains information about a user as provided by the identity provider. It is an indication that a user has been authenticated.
scheduler manager  A Compute component that determines where VM instances should start. Uses modular design to support a variety of scheduler types.
scoped token  An Identity service API access token that is associated with a specific project.
scrubber  Checks for and deletes unused VMs; the component of Image service that implements delayed delete.
secret key  String of text known only by the user; used along with an access key to make requests to the Compute API.
secure boot  Process whereby the system firmware validates the authenticity of the code involved in the boot process.
secure shell (SSH)  Open source tool used to access remote hosts through an encrypted communications channel, SSH key injection is supported by Compute.
security group  A set of network traffic filtering rules that are applied to a Compute instance.
segmented object  An Object Storage large object that has been broken up into pieces. The re-assembled object is called a concatenated object.
self-service  For IaaS, ability for a regular (non-privileged) account to manage a virtual infrastructure component such as networks without involving an administrator.
SELinux  Linux kernel security module that provides the mechanism for supporting access control policies.
senlin  OpenStack project that provides a Clustering service.
server  Computer that provides explicit services to the client software running on that system, often managing a variety of computer operations. A server is a VM instance in the Compute system. Flavor and image are requisite elements when creating a server.
server image  Alternative term for a VM image.
server UUID  Unique ID assigned to each guest VM instance.
service  An OpenStack service, such as Compute, Object Storage, or Image service. Provides one or more endpoints through which users can access resources and perform operations.
service catalog  Alternative term for the Identity service catalog.
service ID  Unique ID assigned to each service that is available in the Identity service catalog.
service provider  A system that provides services to other system entities. In case of federated identity, OpenStack Identity is the service provider.
service registration  An Identity service feature that enables services, such as Compute, to automatically register with the catalog.
service project  Special project that contains all services that are listed in the catalog.
service token  An administrator-defined token used by Compute to communicate securely with the Identity service.
session back end  The method of storage used by horizon to track client sessions, such as local memory, cookies, a database, or memcached.
session persistence  A feature of the load-balancing service. It attempts to force subsequent connections to a service to be redirected to the same node as long as it is online.
session storage  A horizon component that stores and tracks client session information. Implemented through the Django sessions framework.
share  A remote, mountable file system in the context of the Shared File Systems. You can mount a share to, and access a share from, several hosts by several users at a time.
share network  An entity in the context of the Shared File Systems that encapsulates interaction with the Networking service. If the driver you selected runs in the mode requiring such kind of interaction, you need to specify the share network to create a share.
Shared File Systems API  A Shared File Systems service that provides a stable RESTful API. The service authenticates and routes requests throughout the Shared File Systems service. There is python-manilaclient to interact with the API.
Shared File Systems service  An OpenStack service that provides a set of services for management of shared file systems in a multi-tenant cloud environment. The service is similar to how OpenStack provides block-based storage management through the OpenStack Block Storage service project. With the Shared File Systems service, you can create a remote file system and mount the file system on your instances. You can also read and write data from your instances to and from your file system. The project name of the Shared File Systems service is manila.
shared IP address  An IP address that can be assigned to a VM instance within the shared IP group. Public IP addresses can be shared across multiple servers for use in various high-availability scenarios. When an IP address is shared to another server, the cloud network restrictions are modified to enable each server to listen to and respond on that IP address. You can optionally specify that the target server network configuration be modified. Shared IP addresses can be used with many standard heartbeat facilities, such as keepalive, that monitor for failure and manage IP failover.
shared IP group  A collection of servers that can share IPs with other members of the group. Any server in a group can share one or more public IPs with any other server in the group. With the exception of the first server in a shared IP group, servers must be launched into shared IP groups. A server may be a member of only one shared IP group.
shared storage  Block storage that is simultaneously accessible by multiple clients, for example, NFS.
Sheepdog  Distributed block storage system for QEMU, supported by OpenStack.
Simple Cloud Identity Management (SCIM)  Specification for managing identity in the cloud, currently unsupported by OpenStack.
Single-root I/O Virtualization (SR-IOV)  A specification that, when implemented by a physical PCIe device, enables it to appear as multiple separate PCIe devices. This enables multiple virtualized guests to share direct access to the physical device, offering improved performance over an equivalent virtual device. Currently supported in OpenStack Havana and later releases.
Service Level Agreement (SLA)  Contractual obligations that ensure the availability of a service.
SmokeStack  Runs automated tests against the core OpenStack API; written in Rails.
snapshot  A point-in-time copy of an OpenStack storage volume or image. Use storage volume snapshots to back up volumes. Use image snapshots to back up data, or as ‚Äúgold‚Äù images for additional servers.
soft reboot  A controlled reboot where a VM instance is properly restarted through operating system commands.
Software Development Lifecycle Automation service  OpenStack project that aims to make cloud services easier to consume and integrate with application development process by automating the source-to-image process, and simplifying app-centric deployment. The project name is solum.
SolidFire Volume Driver  The Block Storage driver for the SolidFire iSCSI storage appliance.
solum  OpenStack project that provides a Software Development Lifecycle Automation service.
Simple Protocol for Independent Computing Environments (SPICE)  SPICE provides remote desktop access to guest virtual machines. It is an alternative to VNC. SPICE is supported by OpenStack.
spread-first scheduler  The Compute VM scheduling algorithm that attempts to start a new VM on the host with the least amount of load.
SQL-Alchemy  An open source SQL toolkit for Python, used in OpenStack.
SQLite  A lightweight SQL database, used as the default persistent storage method in many OpenStack services.
stack  A set of OpenStack resources created and managed by the Orchestration service according to a given template (either an AWS CloudFormation template or a Heat Orchestration Template (HOT)).
StackTach  Community project that captures Compute AMQP communications; useful for debugging.
static IP address  Alternative term for a fixed IP address.
StaticWeb  WSGI middleware component of Object Storage that serves container data as a static web page.
storage back end  The method that a service uses for persistent storage, such as iSCSI, NFS, or local disk.
Storage Client Sofware provided by ICGC required to download data from AWS S3.
storage node  An Object Storage node that provides container services, account services, and object services; controls the account databases, container databases, and object storage.
storage manager  A XenAPI component that provides a pluggable interface to support a wide variety of persistent storage back ends.
storage manager back end  A persistent storage method supported by XenAPI, such as iSCSI or NFS.
storage services  Collective name for the Object Storage object services, container services, and account services.
strategy  Specifies the authentication source used by Image service or Identity. In the Database service, it refers to the extensions implemented for a data store.
subdomain  A domain within a parent domain. Subdomains cannot be registered. Subdomains enable you to delegate domains. Subdomains can themselves have subdomains, so third-level, fourth-level, fifth-level, and deeper levels of nesting are possible.
subnet  Logical subdivision of an IP network.
SUSE Linux Enterprise Server (SLES)  A Linux distribution that is compatible with OpenStack.
suspend  Alternative term for a paused VM instance.
swap  Disk-based virtual memory used by operating systems to provide more memory than is actually available on the system.
swauth  An authentication and authorization service for Object Storage, implemented through WSGI middleware; uses Object Storage itself as the persistent backing store.
swift  An OpenStack core project that provides object storage services.
swift All in One (SAIO)  Creates a full Object Storage development environment within a single VM.
swift middleware  Collective term for Object Storage components that provide additional functionality.
swift proxy server  Acts as the gatekeeper to Object Storage and is responsible for authenticating the user.
swift storage node  A node that runs Object Storage account, container, and object services.
sync point  Point in time since the last container and accounts database sync among nodes within Object Storage.
sysadmin  One of the default roles in the Compute RBAC system. Enables a user to add other users to a project, interact with VM images that are associated with the project, and start and stop VM instances.
system usage  A Compute component that, along with the notification system, collects meters and usage information. This information can be used for billing.
Telemetry service (telemetry)  The OpenStack project which collects measurements of the utilization of the physical and virtual resources comprising deployed clouds, persists this data for subsequent retrieval and analysis, and triggers actions when defined criteria are met.
TempAuth  An authentication facility within Object Storage that enables Object Storage itself to perform authentication and authorization. Frequently used in testing and development.
Tempest  Automated software test suite designed to run against the trunk of the OpenStack core project.
TempURL  An Object Storage middleware component that enables creation of URLs for temporary object access.
tenant  A group of users; used to isolate access to Compute resources. An alternative term for a project.
Tenant API  An API that is accessible to projects.
tenant endpoint  An Identity service API endpoint that is associated with one or more projects.
tenant ID  An alternative term for project ID.
token  An alpha-numeric string of text used to access OpenStack APIs and resources.
Token Manager Section of the portal used to manage Access Tokens.
token services  An Identity service component that manages and validates tokens after a user or project has been authenticated.
tombstone  Used to mark Object Storage objects that have been deleted; ensures that the object is not updated on another node after it has been deleted.
topic publisher  A process that is created when a RPC call is executed; used to push the message to the topic exchange.
Torpedo  Community project used to run automated tests against the OpenStack API.
transaction ID  Unique ID assigned to each Object Storage request; used for debugging and tracing.
transient  Alternative term for non-durable.
transient exchange  Alternative term for a non-durable exchange.
transient message  A message that is stored in memory and is lost after the server is restarted.
transient queue  Alternative term for a non-durable queue.
TripleO  OpenStack-on-OpenStack program. The code name for the OpenStack Deployment program.
trove  Codename for OpenStack Database service.
trusted platform module (TPM)  Specialized microprocessor for incorporating cryptographic keys into devices for authenticating and securing a hardware platform.
Ubuntu  A Debian-based Linux distribution.
unscoped token  Alternative term for an Identity service default token.
updater  Collective term for a group of Object Storage components that processes queued and failed updates for containers and objects.
user  In OpenStack Identity, entities represent individual API consumers and are owned by a specific domain. In OpenStack Compute, a user can be associated with roles, projects, or both.
user data  A blob of data that the user can specify when they launch an instance. The instance can access this data through the metadata service or config drive. Commonly used to pass a shell script that the instance runs on boot.
User Mode Linux (UML)  An OpenStack-supported hypervisor.
VIF UUID  Unique ID assigned to each Networking VIF.
Virtual Central Processing Unit (vCPU)  Subdivides physical CPUs. Instances can then use those divisions.
Virtual Disk Image (VDI)  One of the VM image disk formats supported by Image service.
Virtual Extensible LAN (VXLAN)  A network virtualization technology that attempts to reduce the scalability problems associated with large cloud computing deployments. It uses a VLAN-like encapsulation technique to encapsulate Ethernet frames within UDP packets.
Virtual Hard Disk (VHD)  One of the VM image disk formats supported by Image service.
virtual IP address (VIP)  An Internet Protocol (IP) address configured on the load balancer for use by clients connecting to a service that is load balanced. Incoming connections are distributed to back-end nodes based on the configuration of the load balancer.
virtual machine (VM)  An operating system instance that runs on top of a hypervisor. Multiple VMs can run at the same time on the same physical host.
virtual network  An L2 network segment within Networking.
virtual networking  A generic term for virtualization of network functions such as switching, routing, load balancing, and security using a combination of VMs and overlays on physical network infrastructure.
Virtual Network Computing (VNC)  Open source GUI and CLI tools used for remote console access to VMs. Supported by Compute.
Virtual Network InterFace (VIF)  An interface that is plugged into a port in a Networking network. Typically a virtual network interface belonging to a VM.
virtual port  Attachment point where a virtual interface connects to a virtual network.
virtual private network (VPN)  Provided by Compute in the form of cloudpipes, specialized instances that are used to create VPNs on a per-project basis.
virtual server  Alternative term for a VM or guest.
virtual switch (vSwitch)  Software that runs on a host or node and provides the features and functions of a hardware-based network switch.
virtual VLAN  Alternative term for a virtual network.
VirtualBox  An OpenStack-supported hypervisor.
VLAN manager  A Compute component that provides dnsmasq and radvd and sets up forwarding to and from cloudpipe instances.
VLAN network  The Network Controller provides virtual networks to enable compute servers to interact with each other and with the public network. All machines must have a public and private network interface. A VLAN network is a private network interface, which is controlled by the vlan_interface option with VLAN managers.
VM disk (VMDK)  One of the VM image disk formats supported by Image service.
VM image  Alternative term for an image.
VM Remote Control (VMRC)  Method to access VM instance consoles using a web browser. Supported by Compute.
VMware API  Supports interaction with VMware products in Compute.
VMware NSX Neutron plug-in  Provides support for VMware NSX in Neutron.
VNC proxy  A Compute component that provides users access to the consoles of their VM instances through VNC or VMRC.
volume  Disk-based data storage generally represented as an iSCSI target with a file system that supports extended attributes; can be persistent or ephemeral.
Volume API  Alternative name for the Block Storage API.
volume controller  A Block Storage component that oversees and coordinates storage volume actions.
volume driver  Alternative term for a volume plug-in.
volume ID  Unique ID applied to each storage volume under the Block Storage control.
volume manager  A Block Storage component that creates, attaches, and detaches persistent storage volumes.
volume node  A Block Storage node that runs the cinder-volume daemon.
volume plug-in  Provides support for new and specialized types of back-end storage for the Block Storage volume manager.
volume worker  A cinder component that interacts with back-end storage to manage the creation and deletion of volumes and the creation of compute volumes, provided by the cinder-volume daemon.
vSphere  An OpenStack-supported hypervisor.
weighting  A Compute process that determines the suitability of the VM instances for a job for a particular host. For example, not enough RAM on the host, too many CPUs on the host, and so on.
weight  Used by Object Storage devices to determine which storage devices are suitable for the job. Devices are weighted by size.
weighted cost  The sum of each cost used when deciding where to start a new VM instance in Compute.
worker  A daemon that listens to a queue and carries out tasks in response to messages. For example, the cinder-volume worker manages volume creation and deletion on storage arrays.
Workflow service (mistral)  The OpenStack service that provides a simple YAML-based language to write workflows (tasks and transition rules) and a service that allows to upload them, modify, run them at scale and in a highly available manner, manage and monitor workflow execution state and state of individual tasks.
Xen  Xen is a hypervisor using a microkernel design, providing services that allow multiple computer operating systems to execute on the same computer hardware concurrently.
Xen API  The Xen administrative API, which is supported by Compute.
Xen Cloud Platform (XCP)  An OpenStack-supported hypervisor.
Xen Storage Manager Volume Driver  A Block Storage volume plug-in that enables communication with the Xen Storage Manager API.
XenServer  An OpenStack-supported hypervisor.
XFS  High-performance 64-bit file system created by Silicon Graphics. Excels in parallel I/O operations and data consistency.
zaqar  Codename for the Message service.
ZeroMQ  Message queue software supported by OpenStack. An alternative to RabbitMQ. Also spelled 0MQ.
Zuul  Tool used in OpenStack development to ensure correctly ordered testing of changes in parallel.

International Cancer Genome Consortium
Dockstore
Ontario Institute for Cancer Research

© 2016 Cancer Genome Collaboratory. All rights reserved.