Glossary

A

agent-based Technologies that do require additional software modules or functions to perform work. Agent-based technologies might not be able to experience the breadth of functionality needed using existing, embedded functions like SSH. Therefore, the agent extends the functionality desired through its installed software/module. Early Puppet and Chef implementations required agents to be installed on the managed nodes.

agentless Technologies that do not require additional software modules or functions to perform work. Oftentimes agentless technologies depend on existing functionality, such as SSH or NETCONF, to act as the endpoint’s processing receiver. Common agentless solutions in network IT are Ansible, Terraform, and recent Puppet and Chef implementations.

Ansible An agentless configuration management tool that enables IaC, software provisioning, and application deployment. Ansible was acquired by RedHat in 2015. It was initially released in 2012 and is written mainly in Python. Ansible uses playbooks written in YAML to define tasks and actions to perform on managed endpoints.

API inside-out design A type of design that commences with the infrastructure or database followed by the back-end classes and services. The user interface (UI) is typically the last bit to get built.

API outside-in/user interface (API first approach) A type of design that begins with UI creation, and then the APIs are built with the database schema.

application performance monitoring (APM) A discipline or tool set for measuring various granular parameters related to performance of application code, runtime environments, and interactions.

architectural decision A software design choice that addresses a functional or nonfunctional requirement that is architecturally significant.

C

caching The capability to store data as close as possible to the users so that subsequent or future requests are answered faster.

certificate authority (CA) Third-party or neutral organization that certifies that other entities communicating with each are in fact who they say they are.

Chef A company and tool name for a configuration management solution written in Ruby. Initially released in 2009, it supports configuration management for systems, network, and cloud environments. It also supports CI/CD, DevOps, and IaC initiatives. A recipe defines how a Chef server manages environment configuration. Progress acquired Chef mid-2020.

clustering A technology for combining multiple servers (or resources), making them appear as a single server.

cohesion In software engineering, the interaction and relationships within a module and the ability for a module to complete its tasks within the module.

cold standby A redundancy concept in which a redundant resource is available as a spare and is ready to take over in case of failure of the active resource.

container A type of lightweight virtualization where the workload uses an underpinning operating system kernel. A container is an image constructed of all necessary runtime libraries, code, and local storage and is portable. Docker containers are a de facto implementation and are the foundation for stateless microservice architectures.

content delivery network/content distribution network (CDN) A geographically distributed network of proxy servers and their data centers. The goal is to provide high availability and performance by distributing the service spatially relative to end users.

continuous delivery (CD) The automated process involved in moving the software that has passed through the continuous integration pipeline to a state in which it is moved to a staging area for live testing. This often involves packaging the software into a format in which it can be deployed and moving the resulting package to a remote repository or fileshare.

continuous integration/continuous deployment (CI/CD) A software development concept in which the lifecycle or process flow of development follows a prescribed path of testing, integration validation, archiving, code scanning, vulnerability checking, and automated publication to software repositories.

control plane The conceptual layer of network protocols and traffic that involve path determination and decision-making.

coupling The relationships and interaction between various modules.

cross-site scripting (XSS) A type of injection attack in which attackers inject malicious scripts into a web application to obtain information about the application or its users.

D

data at rest A data state in which data is being stored in a database, hard drive, or tape.

data in motion A data state in which data is in transit between two nodes.

data plane The conceptual layer of network protocols and traffic that involve the actual user traffic. Forwarding decisions are followed in the data plane.

declarative model A style of programming, network engineering, and more broadly, IT management that expresses the logic and desired state of a device or network, instead of describing the control flow.

DevOps A portmanteau of development and operations; the name for a methodology in which collaboration and cross-functional teams are formed with both software developers as well as infrastructure operations personnel. This methodology focuses on rapid development and deployment principles, such as CI/CD and Agile software development, with an idea that the combination of teams leads to greater empathy between individuals, leading to higher uptime and support of the end application or service.

dial-in A model-driven telemetry model where the subscribing telemetry receiver initiates a telemetry session with the telemetry source, which streams the telemetry data back.

dial-out A model-driven telemetry mode where the telemetry source configures a destination, sensor path, and subscription defining the metrics to be streamed to the receiving telemetry collector. The telemetry source initiates the session.

digital certificate Also known as a certificate; a file that verifies the identity of a device or user and enables data exchange over encrypted connections.

E

event-driven telemetry (EDT) A mode of telemetry that initiates the sending of metrics on-change rather than by periodic cadence.

Extensible Markup Language (XML) A data-encoding method and markup language defining rules in a form that is humanly readable but also programmatic. There are synergies among HTML and XML for creating stylesheets that are dynamic to different device capabilities for representing content. Generally, JSON is preferred in more recent cloud and infrastructure development.

F

format The way that data is represented, such as JSON and XML.

functional requirements The conditions that specify the business purpose of the functionality of software or an application.

G

General Data Protection Regulation (GDPR) A regulation that gives European Union (EU) citizens control over their own personal data.

Google Remote Procedure Call (gRPC) An open-source, high-performance RPC framework released by Google in 2015. gRPC uses HTTP/2 for transport with TLS and token-based authentication. The HTTP/2 support provides low latency and scalability.

gRPC Network Management Interface (gNMI) A Google innovation to provide a standardized management interface for configuration management and telemetry functions. gNMI provides the mechanism to install, change, and delete the configuration of network devices, and also to view operational data. The content provided through gNMI can be modeled using YANG. gRPC carries gNMI and provides the means to define and transmit data and operation requests.

H

hypervisor Software that creates and executes virtual machines (VMs). A hypervisor enables a host system to support multiple guest VMs by virtually sharing and allocating its resources, such as CPU, memory, and storage.

I

imperative model A style of programming, network engineering, and more broadly, IT management that uses exact steps or control statements to define a desired state. This model requires operating system syntax knowledge for operation and provisioning.

Infrastructure as Code (IaC) The act of defining one or more pieces of infrastructure (network, compute, storage, platform, and so on) through configuration files that are deployed using programming languages or higher-level configuration management platforms (such as Terraform).

injection attack A common type of attack discussed by OWASP. When user data is not frequently validated, then injection or extraction of sensitive records is possible.

intent-based networking (IBN) A networking concept where business requirements or intent are translated to native network device configurations and syntax. Using simple language that maps intent to complex networking characteristics is a key principle.

J

JavaScript Object Notation (JSON) A data-encoding method that is easy for humans to read and is conducive to programmatic use.

K

Kubernetes An open-source container management and operations platform, originally created by Google. Kubernetes provides the foundational infrastructure and APIs such that applications and supporting services (such as clustering and distributed file storage) are able to run across one or more hosts.

L

latency The length of time taken for a system to complete a specified task.

Linux Containers (LXC) A type of virtualization that was realized mid-2008. LXC is operating-system-based where all container instances share the same kernel of the hosting compute node. The guest operating systems may execute in a different user space. This can be manifested as different Linux distributions with the same kernel.

load balancing Sometimes generically used as server load balancing; a technique for distributing load among a number of servers or virtual machines for the purpose of scalability, availability, and security.

logging Reporting of events, their timestamp, and severity.

M

management plane The conceptual layer of network protocols and traffic that involve the administrative functions of a network device, such as Network Time Protocol (NTP), syslog event messaging, SNMP, and NETCONF.

manifest A configuration file used by Puppet, written in a Puppet-specific language like Ruby. The files define resources and state to be provisioned on a managed device and typically uses a .pp extension.

mean time between failures (MTBF) How likely it is for a system to fail and what events can contribute to the failure.

mean time to repair or mean time to recovery (MTTR) How much time is needed for the system to recover from failure or for the issue causing the failure to be repaired.

method The intent of an API call; often referred to as a “verb.” It describes the operations available, such as GET, POST, PUT, PATCH, and DELETE.

metrics System performance parameters. Latency, response time, sessions per second, and transactions per second are examples of metrics.

model-driven telemetry (MDT) A function that uses data models, such as YANG, to represent configuration and operational state. Associated with streaming telemetry, MDT provides a structure for defining telemetry receivers, sensor paths (metrics), and subscriptions necessary to encode and transport the data.

multiprocessing Processing independent tasks using additional processors.

multithreading Dividing tasks or requests into threads that can be processed in parallel.

N

NETCONF The Network Configuration Protocol (NETCONF) is a network management protocol developed and standardized by the IETF as RFC 4741, later revised as RFC 6241. It enables functionality to provision, change, and delete the configuration of network devices through remote procedure calls of XML-encoded data.

Network Configuration Protocol (NETCONF) An IETF working group standard and protocol. It allows cross-vendor management focused on configuration and state data.

nonfunctional requirements The conditions that describe how a system should perform the functions described in the functional requirements.

O

object The resource a user is trying to access. It is often referred to as a “noun” and is typically a Uniform Resource Identifier (URI).

observability The ability to measure the state of a system based on the output or data it generates (i.e., logs, metrics, and traces).

Open Authentication (OAuth) An open standard defined by IETF RFC 6749. Two versions are in use today: OAuth 1.0 and 2.0. OAuth2.0 is not backward compatible with OAuth 1.0 (RFC 5849). OAuth is designed with HTTP in mind and allows users to log in to multiple sites or applications with one account.

Open Web Application Security Project (OWASP) A nonprofit organization working to improve software security through community-led open-source projects that develop tools, resources, and training.

OpenAPI Specification (OAS) Formerly known as the Swagger Specification, this is a powerful format for describing RESTful APIs. A standard, programming language–agnostic interface description for HTTP APIs.

P

pagination The process of splitting data sets into discrete pages with a set of paginated endpoints. Therefore, an API call to a paginated endpoint is called a paginated request. API endpoints paginate their responses to make the result set easier to handle.

personally identifiable information (PII) Any information that can be used to identify a person—name, password, Social Security number, driver’s license number, credit card number, address, and so on.

plan Specific to Terraform, a command process that creates an execution plan allowing a designer to review changes Terraform would make to an environment.

playbook A configuration file used by Ansible, written in YAML. It defines the tasks and actions to be performed in provisioning or management functions.

Power-On Auto-Provisioning (POAP) A network function that enables a device to bring itself to a minimum level of functionality on a network through intuited and configuration-guided mechanisms during bootup.

public key infrastructure (PKI) A type of asymmetric cryptography algorithm that requires the generation of two keys. One key is secure and known only to its owner. It is called the private key. The other key, called the public key, is available and known to anyone or anything that wishes to communicate with the private key owner.

Puppet A software configuration management tool that uses a declarative language to describe configuration state. It was released in 2005 and written in C++, with rewrites in Clojure and Ruby in 2014. Puppet uses a manifest to describe system resources and state using Puppet’s declarative language or a Ruby domain-specific language. Puppet has a utility called facter, used to discover system information.

R

rate limiting Limiting requests or controlling the rate at which they are passed to the processor.

remote-procedure call (RPC) A software communication protocol that a system uses to request a service from another system located in another part of a network without having to understand the network’s details. RPC is used to call other processes on the remote systems as if it exists on the local system.

REST (Representational state transfer) A software architectural style that conforms to constraints for interacting with APIs. RESTful APIs are commonly used to GET or POST/PUT data with a device for obtaining state or changing configuration.

RESTCONF An evolution of the use of NETCONF to use RESTful API equivalencies.

round-trip time (RTT) The time taken for round-trip travel between two network nodes or the length of time taken to complete a set of tasks.

S

sensor-path The unique path of a YANG model and the hierarchy/structure required to identify a configuration item or metric.

serverless The abstraction of the underlying infrastructure from the application or service being run on the infrastructure. This abstraction enables operations personnel to focus on the outcome of the application being served, rather than the supporting operating system, patching, and system and software dependencies, which are placed under the responsibility of the cloud provider.

service-level agreement (SLA) A commitment made by the system architect (owner or operator) that the system will be up for a specified period.

site reliability engineering (SRE) A functional concept catalyzed by Google in which network operations personnel maintain software development skills with the intent of developing network monitoring and management solutions necessary to sustain IT operations.

software architecture The set of structures needed to reason about the system, which comprise software elements, relations among them, and properties of both.

software configuration management (SCM) A discipline or framework for tracking architecture and development processes and changes. A number of automation and orchestration tools are available to simplify the process.

software-defined networking (SDN) A concept of network abstraction, virtualization, and programmability that enables networks to be more resilient, scalable, and programmatic. The concept of network controllers with control plane and data plane separation is a key concept. Virtualization or abstraction of functions and services is another key concept.

software development kit (SDK) A collection of software development tools in one installable package. An SDK is created by products alongside their APIs to make APIs more accessible.

software development lifecycle (SDLC) A process or framework for designing and implementing software.

SOLID Object-oriented software design principles, which include the single responsibility principle (SRP), open-closed principle (OCP), Liskov’s substitution principle (LSP), interface segregation principle (ISP), and dependency inversion principle (DIP).

source code manager A specific platform implementation of a VCS protocol that enables tracking, management, and collaboration of source code. Common git-based SCMs include GitHub, BitBucket, and GitLab.

spec file Specific to Ansible, a YAML-based file that defines the XML/XPath syntax used to map XML-structured data to JSON for use in playbooks.

subscription A desired session between telemetry source and receiver defining the desired sensor(s)/metric(s), encoding, destination, and frequency.

SwaggerHub A part of the Swagger toolset; it includes a mix of open-source, free, and commercial tools. SwaggerHub is an integrated API development platform, which enables the core capabilities of the Swagger framework to design, build, document, and deploy APIs. SwaggerHub enables teams to collaborate and coordinate the lifecycle of an API. It can work with version control systems such as GitHub, GitLab, and Bitbucket.

T

technical debt A term used to describe short-term decisions that can possibly affect the quality of the software on the long run.

Terraform An Infrastructure-as-Code solution created by HashiCorp, initially released in 2014 to manage IT resources in the public or private cloud, network devices, or SaaS endpoints using providers to translate the desired state and intent to device-native syntax. Terraform works from the known state of deployed resources and can safely provision environments idempotently using Create, Read, Update, Delete (CRUD) actions.

throughput The amount of load (utilization) a system is capable of handling during a time period.

tracing The ability to track multiple events or a series of distributed events through a system.

Transport Layer Security (TLS) TLS is a successor to Secure Sockets Layer protocol. It provides secure communications on the Internet for such things as e-mail, Internet faxing, and other data transfers. Common cryptographic protocols are used to imbue web communications with integrity, security, and resilience against unauthorized tampering.

Type-1 hypervisor Architecture that typically involves the hypervisor kernel acting as a shim-layer between the underlying hardware serving compute, memory, network, and storage, from the overlying operating systems. Sample solutions are Microsoft Hyper-V, Xen, and VMware ESXi.

Type-2 hypervisor Architecture that involves running the hypervisor over the top of a conventional, hosted operating system (OS). Other applications, besides the hypervisor, may also run on the hosted OS as other programs or processes. One or more guest operating systems run over the hypervisor.

V

version control A process for tracking and managing changes of code or files during the development process.

version control system (VCS) A specific protocol-based system that allows for source code to be tracked, checked in, and worked on in a collaborative manner. A VCS specifically refers to the higher-level protocol, such as git or subversion, rather than a specific platform implementation of the protocol.

W

web scraping Data scraping used for extracting data from websites. Also known as web harvesting or web data extraction.

Y

YANG A data modeling language for the definition of data sent from NETCONF and RESTCONF. It was released by the NETMOD working group of the IETF as RFC 6020 and later updated in RFC 7950. YANG can model configuration data or network element state data.

Z

zero-touch provisioning (ZTP) A network function that enables an unconfigured device to bring itself to a defined level of functionality on a network through configurations provided via file servers.