Glossary

Open Telekom Cloud

.
Glossary
Open Telekom Cloud

Account Anti-DDoS
An account is created automatically when user The Anti-DDoS traffic cleaning service (Anti-DDoS for
registration is successful. An account has full access short) is a network security service that defends IP
permissions for all the resources associated with the addresses against distributed denial of service (DDoS)
account. As an account is a payment entity, you are attacks.
advised to create a security administrator, who is granted
the security administrator permission to manage the
users and their permissions in your account.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 2

Glossary
Open Telekom Cloud

AS Availability Zones
Auto Scaling (AS) is a service that automatically adjusts The lower layer of segmentation is called Availability
service resources based on your service requirements Zones. Those can be used differently. They might be
and configured AS policies. You can specify scaling defined by different fire zones within one datacenter or
configurations and policies based on service they might separate different datacenters within a region.
requirements. These configurations and policies free you
from having to repeatedly adjust resources to keep up
with service changes and demand spikes, helping you
reduce resources required and manpower costs.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 3

Glossary
Open Telekom Cloud

BMS BYOL
A Bare Metal Server (BMS) is a physical server dedicated If you have an OS or a software license (a license whose
for individual tenants. It provides remarkable computing certified items include number of physical sockets and
performance and stability for running key applications. physical cores), you can migrate your services to the
The BMS service can be used in conjunction with other cloud platform using the Bring Your Own License (BYOL)
cloud services, such as Virtual Private Cloud (VPC), so mode. Then, you can continue to use your existing
that you can enjoy consistent and stable performance of licenses without additional fees.
server hosting and the high scalability of cloud resources
together.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 4

Glossary
Open Telekom Cloud

CCE CDN
Cloud Container Engine (CCE) is a scalable, high- Akamai CDN is a global network service that provides
performance container service. It is built on Docker web content, video content and other web applications
technology and scales your applications within seconds. that are delivered quickly, securely and reliably, based on
CCE also provides fast application shipping and Akamai's worldwide Intelligent Platform.
deployment, automatic O&M, and other Docker container
lifecycle management features.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 5

Glossary
Open Telekom Cloud

Cloud Eye CSBS

Cloud Eye is a multi-dimensional monitoring platform Cloud Server Backup Service (CSBS) enables backup
that monitors your resources such as ECS and of entire Elastic Cloud Servers (ECSs), including VM
bandwidth. With Cloud Eye, users can fully understand specifications, system disks, and data disks. When an
the resource usage and running status of services ECS becomes faulty, data can be restored from
running on the cloud platform, receive alarm notifications consistency backups of multiple Elastic Volume
in a timely manner, and make response to ensure smooth Service (EVS) disks to ensure maximum data security
running of services. and accuracy.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 6

Glossary
Open Telekom Cloud

CSS CTS
Cloud Search Service (CSS) is a fully managed, Cloud Trace Service (CTS) provides operation records for
distributed search service. It is fully compatible with cloud service resources. The operation records include
open-source Elasticsearch and provides users with resource operation requests initiated from the public
structured and unstructured data search, statistics, and cloud management console or open APIs and responses
report capabilities. CSS works in the similar way as a to the requests. You can query, audit, and backtrack the
database. operation records. In addition, you can use the Object
Storage Service (OBS) to synchronize operation records
CSS can be automatically deployed, where you can to the OBS buckets.
quickly create clusters. It provides the search engine
optimization practices with zero O&M. Additionally, it has
a robust monitoring system to present you key metrics,
including clusters and query performance so that you
can focus on business logics.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 7

Glossary
Open Telekom Cloud

Community Cloud DC
A Community Cloud can be defined as a Private Cloud A Direct Connect is a service that allows you to establish
shared by several companies / cloudusers and being not a dedicated network connection from your data center to
only private to one entity. The usual use case is for a the public cloud platform. You can establish a private
specific project all these companies work on but there connection between the public cloud platform and your
are other situations, too, a Community Cloud makes data center, office, or collocation environment, which can
sence. Within OTC VPCs can be linked to each other to reduce your network latency and provide a more
create some connectivity between separated Projects. In consistent network experience than Internet-based
addition, it's possible to create user accounts for users connections.
from different companies granting access to the same
tenant or even project making this tenant a Community
Cloud.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 8

Glossary
Open Telekom Cloud

DCS DDS
Distributed Cache Service (DCS) is an online, distributed, Document Database Service (DDS) is a cloud computing-
in-memory cache service. It is reliable, scalable, usable based NoSQL database featuring high performance
out of the box, and easy to manage. DCS makes it easy to storage, high availability architecture, and disaster
deploy, operate, and scale in-memory data caches in the recovery failover, along with online scaling, backup, and
cloud using Redis as an underlying database system. restoration capabilities. It has a mature performance
monitoring system, a multi-level security protection
mechanism, and a professional database management
platform. Currently, DDS is compatible with MongoDB 3.2
Community Edition and supports the WiredTiger storage
engine, so you need to use a driver compatible with
MongoDB 3.0 or later to access DDS.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 9

Glossary
Open Telekom Cloud

DDS DIS
Document Database Service (DDS) is a cloud computing- Data Ingestion Service (DIS) addresses the challenge of
based NoSQL database featuring high performance transmitting data from outside the cloud to inside the
storage, high availability architecture, and disaster cloud. DIS builds data intake streams for custom
recovery failover, along with online scaling, backup, and applications capable of processing or analyzing
restoration capabilities. It has a mature performance streaming data. DIS continuously captures, transmits,
monitoring system, a multi-level security protection and stores terabytes of data from hundreds of thousands
mechanism, and a professional database management of sources every hour, such as logs, Internet of Things
platform. Currently, DDS is compatible with MongoDB 3.2 (IoT) data, social media feeds, website clickstreams, and
Community Edition and supports the WiredTiger storage location-tracking events.
engine, so you need to use a driver compatible with
MongoDB 3.0 or later to access DDS.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 10

Glossary
Open Telekom Cloud

DMS DNS
Distributed Message Service (DMS) is a message Domain Name Service (DNS) provides highly available
middleware service based on distributed, high- and scalable authoritative DNS resolution services and
availability clustering technology. It provides reliable, domain name management services. It translates domain
scalable, and fully managed queues for storing names or application resources into IP addresses
messages. required for network connection. By doing so, visitors'
access requests are directed to the desired resources.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 11

Glossary
Open Telekom Cloud

DWS ECS
Data Warehouse Service (DWS) provides a scalable, fully An Elastic Cloud Server (ECS) is a computing server
hosted, and out-of-the-box data warehouse. It is consisting of CPUs, memory, images, and Elastic Volume
compatible with the PostgreSQL ecosystem and supports Service (EVS) disks that allow on-demand allocation and
standard SQL statements and BI tools to help you elastic scaling. ECSs integrate virtual private cloud
economically and efficiently mine and analyze massive (VPC), virtual firewalls, and multi-data-copy capabilities
volumes of data, greatly reducing your cost. to create an efficient, reliable, and secure computing
environment. This ensures stable and uninterrupted
operation of services.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 12

Glossary
Open Telekom Cloud

EIP ELB
An Elastic IP (EIP) is a static, public IP address. You can Elastic Load Balancing (ELB) is a service that
bind an EIP to an ECS in your subnet to enable the ECS automatically distributes access traffic to multiple Elastic
in your VPC to communicate with the Internet through a Cloud Servers (ECSs) to balance their service load. ELB
fixed public IP address. enables you to achieve higher levels of fault tolerance in
your applications and expand application service
capabilities.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 13

Glossary
Open Telekom Cloud

EVS Flavor (ECS)

Elastic Volume Service (EVS) disks are scalable virtual A flavor defines the amount of virtual CPUs or cores and
block storage devices designed based on the distributed virtual RAM presented to an ECS Flavor. Keep in mind
architecture. You can create EVS disks on the that also the virtualization type of either KVM or XEN is
management console and attach them to servers. A defined by the flavor. This is not shown on the ECS
server can be an Elastic Cloud Server (ECS) or a Bare console when selecting flavors, but you can find out
Metal Server (BMS). The method for using EVS disks is about it by clicking the more information marker in the
the same as that for using hard disks on physical Specifications section. A flavor needs to be selected
servers. Compared with traditional hard disks, EVS disks when creating an ECS instance. This is done in the
have higher data reliability and I/O throughput Specifications section.
capabilities. They are also easier to use. EVS disks can
be used for file systems, databases, and system software
and applications that require block storage devices.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 14

Glossary
Open Telekom Cloud

Group (IAM) Hybrid Cloud

Policies are linked as a permission set to specific The elements discussed in the last section are making
projects using groups. A Group defines a set of Policies OTC a Hybrid Cloud solution. Those are defined as
for each project. Even no Policy for a specific project is Clouds that combine elements of both - Public and
possible which means no permission to that project will Private Cloud - based on customer's needs. For example,
be granted by that group. Groups are defined in the User services that are commonly used through the whole
Groups section of IAM. By default only one Group exists company or that need to be accessed via the internet
called admin. This Group defined the security anyway can be made accessible this way. Other services
administrator role. hosting mission critical data or data that needs to be
secured for legal reasons might be available only via a
dedicated connection between the companies
headquarter and the cloud datacenter. Using Firewall as a
Service, VPN as a Service, different Virtual Private
Clouds with different Subnets and other features OTC
can provide this functionality.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 15

Glossary
Open Telekom Cloud

IAM IMS
Identity and Access Management (IAM) provides a public Image Management Service (IMS) provides flexible self-
cloud system (Open Telekom Cloud) with user identity service and comprehensive image management
management and access control. You can use IAM to capabilities. You can use a public image or create a
manage user accounts (such as employee, system or private image to apply for an Elastic Cloud Server (ECS)
application program accounts) and control the operation or multiple ECSs in batches.
permissions of these user accounts on your resources
(such as computing, storage, and network resources). In
this way, IAM prevents these accounts from sharing your
password or access key with other users. IAM also
ensures user account security and reduces security risks
for your enterprise information by allowing you to set
login verification policies, password policies, and an
access control list (ACL).

Open Telekom Cloud – Certification program – Glossary 9/25/2020 16

Glossary
Open Telekom Cloud

Key Pairs KMS

During the creation process of an ECS you need to Key Management Service (KMS) is a secure, reliable, and
specify a key pair. A key pair that consists of a public key easy-to-use service that helps users centrally manage
and a private key is required for authentication when you and safeguard their Customer Master Keys (CMKs).
log in to an ECS. Both the public and private keys are
used for authentication. Therefore, you must use an
existing key pair or create a new one for remote login
authentication.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 17

Glossary
Open Telekom Cloud

KVM MaaS
Kernel based virtual machine, a hypervisor system Migration as a Service (MaaS) currently supports the
running on Linux hosts. In the future this will be the only Object Storage Migration Service and provides self-
hypervisor system supported within OTC. Currently the service capabilities for users to migrate object data from
old XEN hypervisors are still available. Keep in mind that other cloud vendors to the destination cloud platform.
this might change within the next years. Unlike XEN, KVM The migration operations are simple. Migration tasks can
is a type-2 hypervisor. be easily accomplished by creating automatic migration
tasks using the console.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 18

Glossary
Open Telekom Cloud

MRS NAT
MapReduce Service (MRS) provides enterprise-level big The NAT Gateway service offers the Network Address
data clusters on the cloud, which are fully controlled by Translation (NAT) function for computing instances, such
tenants and support the Hadoop, Spark, HBase, Kafka, as Elastic Cloud Servers (ECSs), in a Virtual Private
and Storm components. Cloud (VPC), allowing these computing instances to
access the Internet using elastic IP addresses (EIPs).

Open Telekom Cloud – Certification program – Glossary 9/25/2020 19

Glossary
Open Telekom Cloud

On-Premises OpenStack
This is the legacy way of deploying your applications. A cloud operating system. OpenStack is the underlying
Cloud-like infrastructures are possible but are not system of the OTC. It is based on open source software,
required. The infrastructure providing the IT services is modular and supposed to use standard hardware, even
located in a customer datacenter. In this case, all though plugins for many different vendor solutions exist.
responsibilities are with the customer. The
administrators manage their own servers, storage, and
network devices. Virtualization and orchestration are not
required in this service model even if they play an
essential role in modern IT infrastructures.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 20

Glossary
Open Telekom Cloud

OSS PaaS
Object Storage Service (OBS) is an object-based storage With this model cloud providers offer ready-to-user
service that provides customers with massive, secure, platforms to customers. This means that the setup of an
reliable, and cost-effective data storage capabilities, such operating system, the runtime and middleware are in the
as bucket creation, modification, and deletion, as well as provider's responsibility. Usually all this is done in a
object upload, download, and deletion. virtualized environment, but this is up to the provider.
The goal here is to provide specific platforms that are
commonly used by customers. OTC offers not only
different types of databases but also other platforms
such as Workspaces, Message Services, Data Warehouse
Service, Cloud Search Service and Data Integration
Service.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 21

Glossary
Open Telekom Cloud

PLAS Private Cloud

Private Link Access Service (PLAS) enables public cloud A Private Cloud is the opposite of a Public Cloud. The
platform users to establish exclusive connections from entire infrastructure is hosted privately for one customer
their on premises networks to VPCs on the public cloud only. Sometimes the provider and the customer are
platform. PLAS connections are established between within the same company. When talking about Private
carrier networks and Direct Connect gateways, reducing Clouds it is not a question of where the infrastructure is
network latency. These connections outperform Internet located. This can be at the customer's site or in a
connections in stability and security. datacenter ran by the provider. Normally you would want
to access a Private Cloud through some connection that
is not going through the internet natively. This could be
some type of VPN or other solutions. OTC offers also
some Private Cloud elements like tenant separation,
Dedicated Host, Bare Metal Computing, VPN as a Service,
Direct Connect and others. You are going to learn more
about some of those features within this course.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 22

Glossary
Open Telekom Cloud

Project Policy (IAM)

Within a Tenant OTC objects can be grouped and Policies are used to define access to dedicated services
segmented using the second layer of OTC identity for specific user groups. There are many predefined
management called project. How Projects are being used Policies that can be used by the security administrator to
is up to you. They can for example segment different define what the users are allowed. These predefined
services ran by the same organization in OTC. A project Policies cover most of the use cases. You can find read-
can be created within a tenant by the tenant only permissions or administrative permissions for
administrator. This role is granted at least to the base different services. It's also possible to create custom
user created by the cloud infrastructure administrators. Policies. All this is done in the Policies section of the IAM
Due to the multitenancy concept projects can only be service. To learn more about the predefined Policies have
created within your own tenant. Projects are always a look into the Permissions section of the IAM help page.
bound to a region to have them separeted, but they span The button can provide information on how to get there.
all AZs within that region.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 23

Glossary
Open Telekom Cloud

Public Cloud Quotas

A Public Cloud is a solution providing cloud services to a Quotas are used to limit the number or amount of
wide spread base of customers. The typical way for resources available to users. If the existing resource
management access to a public cloud is via a web quotas cannot meet your service requirements, you can
interface accessible through the internet. OTC in general submit a work order to request quota increase. You must
is a Public Cloud also containing some elements of other specify the reason for quota increase in the request.
varieties. Once your request is approved, your quota will be
updated and a notification will be sent to you.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 24

Glossary
Open Telekom Cloud

Regions RDS
Regions are usually used to define a geographical region Relational Database Service (RDS) is an online relational
a specific datacenter is in. Therefore, if there is a global database service based on the cloud-computing platform.
OpenStack environment you might want to segment this The RDS is reliable, scalable, secure, and easy to
into different Regions. From a cloud user's perspective, manage, allowing you to deploy a database within
the region might define how far away the services are minutes. RDS is offering three types of relational
hosted from the company location. Regions are the outer databases: MySQL, PostgreSQL and Microsoft SQL
layer of segmentation in OpenStack. You might have Server.
different Availability Zones within a Region.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 25

Glossary
Open Telekom Cloud

RTS SaaS
Resource Template Service (RTS) makes it easier for you Software as a Service provides ready-to-use applications
to simplify your cloud computing resource management to a customer. The provider is responsible for hosting all
and automatic O&M. Based on the template the resource required to run the specific application and
specifications defined in the RTS service, you can is also hosting those apps. The customer only needs to
compile a template file and define a collection of cloud use this application and fill it with user data as required.
computing resources, dependencies between resources, Commonly used are Office and ERP systems. Within OTC
and resource configurations. Then you can automatically we offer our first service for this model with a
create and configure all resources in the template by MapReduce Service that can be used for big data
using the orchestration engine so as to implement processing.
automatic deployment and simplify O&M.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 26

Glossary
Open Telekom Cloud

SDRS Security Groups

Storage Disaster Recovery Service (SDRS) provides A security group is a collection of access control rules
disaster recovery (DR) services for many public cloud for ECSs that have the same security protection
services, such as Elastic Cloud Server (ECS) and Elastic requirements and are mutually trusted in a VPC. After a
Volume Service (EVS). Keep in mind that only Volumes security group is created, you can create different access
attached to Servers can be recovered by recovering up rules for the security group to protect the ECSs that are
the ECS itself. added to this security group. The default security group
rule allows all outgoing data packets. ECSs in a security
group can access each other by default without the need
to add rules. You can controll access from within or from
outside the security group based on source address and
layer 4 destination port. Security groups and their access
rules are evaluated one after another. If a match is found
the packet will be forwarded ignoring subsequent rules.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 27

Glossary
Open Telekom Cloud

SFS SMN
Scalable File Service (SFS) provides high-performance Simple Message Notification (SMN) is a hosted simple
file storage that is scalable on demand. It can be shared message notification service that is flexible and large-
with multiple Elastic Cloud Servers (ECS). scale. SMN allows you to send messages to email
addresses, and HTTP/HTTPS applications in an efficient
and inexpensive way.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 28

Glossary
Open Telekom Cloud

Subnet (VPC) Tenant

A subnet is a network that manages ECS network planes. A tenant is the root layer of the OTC identity
It supports IP address management and DNS. The IP management. Tenants define logical administrative
addresses of all ECSs in a subnet belong to the subnet. A boundaries within OTC. Therefor one tenant is controlled
subnet is represented by a CIDR IP range. Also a DHCP by an individual or a company by granting the tenant
server will be implemented automatically with a subnet. administrator role to the designated users. A tenant
Each subnet is connected to the same virtual router of security administrator himself is able to create Projects,
the VPC and can route to the internet in case some users and groups and also assign roles within this
interconnection is configured and traffic is allowed by the tenant. Tenants, unlike projects, are usually not created
security group of the ECS. by a cloud user himself, but by the administrators of the
cloud infrastructure. This is because they are used for
multitenancy.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 29

Glossary
Open Telekom Cloud

TMS User (IAM)

Tag Management Service (TMS) is a visualized service for Using user groups each user is granted access to
fast, unified tag management that enables you to control different services in IAM. A user can be member of
your resource permissions and billing more efficiently. It several groups, too.
allows you to tag and categorize cloud services across
regions, and it can be accessed through the TMS console
or using APIs.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 30

Glossary
Open Telekom Cloud

VBS VM
Volume Backup Service (VBS) provides snapshot-based A Virtual Machine (VM) is a guest operating system
data protection service for Elastic Volume Service (EVS) running on a hypervisor in a virtual environment.
disks. You can perform one-click backup and restoration
for the EVS disks on Elastic Cloud Servers (ECSs) all
through the online platform.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 31

Glossary
Open Telekom Cloud

Volume (EVS) VPC

A volume is a virtual disk or vdisk managed by the The Virtual Private Cloud (VPC) service enables you to
Elastic Volume Service (EVS). It can be attached to an provision logically isolated, configurable, and
ECS instance. Volumes are not local to the host the ECS manageable virtual networks for Elastic Cloud Servers
instance runs on. (ECSs), improving the security of resources in the cloud
system and simplifying network deployment. For each
VPC you have to configure a greater IP range that can be
separated into smaller subnets. A virtual NIC of an ECS
always needs to be connected to one specific Subnet. In
addition, DHCP services are available on a Subnet level.
Via the VPCs not only Subnets are configured but also
basic security containing Security Groups and Firewalls
which both are filtering Packets in a different way. We will
learn how to manage Security Groups later in this
course.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 32

Glossary
Open Telekom Cloud

VPN WAF
A virtual private network (VPN) establishes an encrypted Web Application Firewall (WAF) keeps web services
communication tunnel between a remote user and a stable and secure. It examines all HTTP and HTTPS
Virtual Private Cloud (VPC). With VPN, you can connect requests to detect and block the following attacks:
to a VPC and access service resources in it. Structured Query Language (SQL) injection, cross-site
scripting (XSS), webshells, command and code
injections, file inclusion, sensitive file access, third-party
vulnerability exploits, Challenge Collapsar (CC) attacks,
malicious crawlers, and cross-site request forgery
(CSRF).

Open Telekom Cloud – Certification program – Glossary 9/25/2020 33

Glossary
Open Telekom Cloud

Workspace XaaS
Workspace is a service that uses cloud computing to Another approach is to offer anything as a Service (XaaS)
provide virtual Windows desktops and applications. You which includes the three cloud service models we
can access desktops for office anytime, anywhere. discussed before but also many more. Some examples
Workspace provides professional office applications to are: Security as a Service, Container as a Service and
help you build simplified and efficient IT office systems. Storage as a Service. Some of those concepts are
already implemented in OTC using more specific naming.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 34

Glossary
Open Telekom Cloud

XEN
Unlike KVM, XEN is a type-1 hypervisor system. It is one of
the two hypervisr types currently available in OTC flavors.
Keep in mind that in the future only KVM flavors will be
available.

Open Telekom Cloud – Certification program – Glossary 9/25/2020 35