IBM Cloud Docs
Glossary terms for IBM Cloud

Glossary terms for IBM Cloud

This glossary provides terms and definitions for IBM Cloud®.

The following cross-references are used in this glossary:

  • See refers you from a nonpreferred term to the preferred term or from an abbreviation to the spelled-out form.
  • See also refers you to a related or contrasting term.

A

access control list

A list that statelessly manages inbound and outbound traffic for a subnet through the use of rules. An access control list helps provide security at the subnet level.

access group

A set of users and service IDs organized into a group that is used as the subject of an access policy for assigning all group members the same access.

access policy

A method for granting users, service IDs, and access groups access to account resources. An access policy includes a subject, target, and role.

access token

A value used by the consumer to gain access to the protected resources on behalf of the user, instead of using the user's service provider credentials.

account

A unit within the representation of an organizational structure. It can include resources, such as servers, access controls, and configurations. See also enterprise account.

account group

An organizational unit for accounts within an enterprise. An account group can contain accounts or other account groups. See also enterprise.

accuracy

A measure of the correctness of the decisions and predictions that are made by machine learning models, which are often part of AI systems. See also precision, recall.

accuracy analysis

Analyzing machine learning model scores to determine whether changes are needed to improve accuracy.

action

  • A code snippet that can be explicitly invoked, or run in response to an event. See also feed, invoke.
  • A task that is performed in the context of a service.

adjudication

An iterative process for resolving annotation conflicts by comparing the annotations added to the same document by different human annotators.

affinity

Two or more container group instances running on the same network node. See also anti-affinity.

AI

See artificial intelligence.

AI system

See artificial intelligence system.

allowlist

A list of items, such as usernames, email addresses, or IP addresses, that are granted access to a certain system or function. When an allowlist is used for access control, all entities are denied access, except for those that are included in the allowlist. See also blocklist.

analysis engine

A program that analyzes artifacts, such as documents, and infers information about them, and which implements the UIMA Analysis Engine interface specification. Analysis engines are constructed from building blocks called annotators. An analysis engine can contain a single annotator, which is referred to as a primitive analysis engine, or multiple annotators, which is referred to as an aggregate analysis engine.

annotation

Information about a span of text. For example, an annotation might indicate that a span of text represents a company name.

annotation process manager

A role that is responsible for managing the full annotation lifecycle activities within a workspace. The project manager that is added to a workspace typically performs the activities of an annotation process manager.

annotation set

  • In machine-based annotation, a collection of documents that can be used as blind data, training data, or test data.
  • In human annotation, a collection of documents that are extracted from the corpus that allow the workload to be shared by multiple human annotators.

anti-affinity

Two or more container group instances that run on different network nodes to ensure higher availability for an app. See also affinity.

API key

A unique code that is passed to an API to identify the calling application or user. An API key is used to track and control how the API is being used, for example, to prevent malicious use or abuse of the API.

API operation

A unit of a REST API that can be invoked. An API operation comprises an HTTP verb and a URL path that is subordinate to the context root of the API.

API resource

A unit of a REST API that can be invoked. An API resource comprises an HTTP verb and a unique URL path that is subordinate to the context root of the API.

app

A web or mobile device application. See also web application, mobile application.

artifact

An entity that is used or produced by a software or systems development process. Examples of artifacts include designs, requirements, source files, plans, scripts, simulations, models, test plans, and binary executable files. In an HTTP context, artifacts have a URI and are called resources.

artificial intelligence (AI)

The capability to acquire, process, create and apply knowledge in the form of a model to make predictions, recommendations or decisions.

artificial intelligence system (AI system)

A system that can make predictions, recommendations or decisions that influence physical or virtual environments, and whose outputs or behaviors are not necessarily pre-determined by its developer or user. AI systems are typically trained with large quantities of structured or unstructured data, and might be designed to operate with varying levels of autonomy or none, to achieve human-defined objectives.

assembly

An application programming interface that provides rich functionality for interacting with an application. The assembly makes side calls to external services and then transforms and aggregates the response before a response is relayed to the calling application.

asset

Tangible or intangible goods, services, or property represented as an entity that is traded on a blockchain network.

attachment

In Security and Compliance Center, the connection between a profile and scope.

attribute

A characteristic or trait of an entity that describes the entity; for example, the telephone number of an employee is one of the employee attributes.

authentication (AuthN)

The process of validating the identity of a user or server.

AuthN

See authentication.

authorization (AuthZ)

In computer security, the right granted to a user to communicate with or make use of a computer system.

AuthZ

See authorization.

availability zone

A location within a region that IBM Cloud Kubernetes Service runs in.

B

bare metal server

A dedicated, fully-customizable physical server that can be used for virtualization or web hosting.

base image

An image that has no parent image. See also image, parent image.

beta product

A product that IBM makes available solely for evaluation and testing purposes. There are no warranties, SLAs or support provided and beta products are not intended for production use.

bias detection

The process of calculating fairness to metrics to detect when AI models are delivering unfair outcomes based on certain attributes.

billing option

The method by which a client is billed for cloud service usage. Examples include paying in advance, such as with subscriptions, and payment in arrears, as in Pay-As-You-Go accounts.

billing unit

The highest level billing entity within an enterprise. Each account or account group is linked to a billing unit, which manages all associated contracts, invoices, orders, and payments. A billing unit can contain one or more credit pools. See also enterprise, credit pool.

bind

To establish a connection between software components on a network using an agreed-to protocol. In web services, the bind operation occurs when the service requester invokes or initiates an interaction with the service at run time using the binding details in the service description to locate, contact, and invoke the service.

blind data

A set of documents annotated with the ground truth, such as question and answer pairs, semantic annotation, and passage judgment. Blind data is never released or seen by developers and is used to test the system periodically to evaluate performance on unseen data. See also training data, testing data.

block

A unit that contains ordered transactions in a blockchain network. Blocks are immutable and contain the cryptographic hash of the previous block to create a chain of blocks. This iterative process confirms the integrity of the previous block, all the way back to the initial block. See also genesis block.

blocklist

A list of items, such as usernames, email addresses, or IP addresses, that are denied access to a certain system or function. When a blocklist is used for access control, all entities are allowed access, except for those that are included in the blocklist. See also allowlist.

BLU Acceleration

A collection of IBM Db2 technologies designed to work primarily with read-mostly business intelligence query processing. BLU Acceleration consists of four major database design advances: dynamic in-memory columnar processing, actionable compression, parallel vector processing, and data skipping.

blue-green deployment

A deployment technique that enables continuous delivery and minimizes downtime by running two nearly identical production environments called Blue and Green. While one of the environments (for example, Blue) is the live production environment, the other (for example, Green) can be used for final testing and deployment. After the application is deployed in Green, Green becomes the production environment and Blue becomes idle. See also red-black deployment.

boilerplate

A template that includes one application and its associated runtime environment and predefined services for a particular domain.

borderless

Pertaining to an open, non-proprietary development platform that includes public cloud, dedicated cloud, and local cloud deployment models. See also public cloud, local cloud, dedicated cloud.

bucket

A container for storing unstructured data.

buildpack

A collection of scripts that provide framework and runtime support for apps.

business continuity

The capability of a business to withstand outages and to operate mission-critical services normally and without interruption in accordance with predefined service-level agreements.

C

CA

See certificate authority.

certificate authority (CA)

A trusted third-party organization or company that issues the digital certificates. The certificate authority typically verifies the identity of the individuals who are granted the unique certificate. See also Secure Sockets Layer, intermediate certificate, trusted root.

certificate signing request (CSR)

An electronic message that an organization sends to a certificate authority (CA) to obtain a certificate. The request includes a public key and is signed with a private key; the CA returns the certificate after signing with its own private key.

chaincode

Executable code that contains business logic agreed to by a set of organizations on a channel. A chaincode, and the smart contracts it contains, is installed on peers, instantiated on a channel, and governs access to the ledger data that is generated through invocations of the chaincode. See also transaction.

channel

A private subset of a larger blockchain network with specific rules and a separate ledger that only channel members can access.

CLI

See command-line interface.

client

  • An entity that acts on behalf of a user by connecting to a peer to communicate with the blockchain.
  • A software program or computer that requests services from a server. See also host.

client secret

A piece of information that is used with an application key to verify the identity of an application. An API can be configured to require that client applications supply their application secret with their application key. The application secret functions effectively as a password known only to the application. The application secret is passed by the client using an HTTP query parameter.

cloud computing

A computing platform where users can have access to applications or computing resources, as services, from anywhere through their connected devices. A simplified user interface or application programming interface (API), or both, makes the infrastructure supporting such services transparent to users.

cloud portability

The ability to move applications and services across public or private cloud computing environments, or from different cloud providers.

cloud provider

An organization that provides cloud computing resources.

cloud resource name (CRN)

A globally unique identifier for a specific cloud resource. The value is segmented hierarchically by version, instance, type, location, and scope, separated by colons.

command-line interface (CLI)

A computer interface in which the input and output are text based.

community

A collection of consumer organizations. It is used as a grouping construct when publishing APIs. Communities are used to restrict the visibility and accessibility of APIs.

component

In source control management, a grouping of related artifacts in a stream or repository workspace. A component can contain any number of folders and files.

compute

Infrastructure or resources that serve as the basis for building apps in the cloud.

config rule

See configuration rule.

configuration rule (config rule)

A JSON document that defines the configuration of resources and validates the compliance based on security requirements when a resource is created or modified.

confusion matrix

A performance measurement that determines the accuracy between a model's positive and negative predicted outcomes compared to positive and negative actual outcomes.

connection

In data communication, an association established between entities for conveying information.

consensus

The process of participants in a blockchain agreeing to a transaction and validating it through the peer network. Consensus ensures that shared ledgers are exact copies, and lowers the risk of fraudulent transactions since tampering would have to occur across many places at the exact same time.

consumer

A member in a blockchain network that uses the network to invoke transactions against the distributed ledger.

container

A system construct that allows users to simultaneously run separate logical operating system instances. Containers use layers of file systems to minimize image sizes and promote reuse. See also image, registry, layer.

context

Environmental or conditional information that can be used to define when rules that restrict access to resources should be applied. A context can be a set of properties or attributes like client IP addresses, office hours, time of day, or multi-factor authentication.

context-based restriction

An access management method that defines and enforces access for resources based on the network location of the access request.

control

A technical, administrative, or physical safeguard designed to meet a set of defined security and privacy requirements. Controls exist to prevent, detect, or lessen the ability of a threat to exploit a vulnerability.

control assessment

The evaluation of a configuration for compliance with applicable standards.

control library

A collection of similar predefined or custom controls.

control specification

A statement that defines the specific security and privacy requirements that a control must meet.

coreference

A relationship between two words or phrases in which both refer to the same person or thing and one stands as a linguistic antecedent of the other. For example, there is a coreference between the two pronouns in the phrase "She taught herself" but not in the phrase "She taught her". A coreference links two equivalent entities in the same text.

coreference chain

A list of entities that were annotated as coreferences. When a mention is annotated as a coreference, the system creates a coreference chain. The coreference chain provides a way to view all of the mentions in context and verify that all of the occurrences belong together under the same entity type.

corpus

A collection of source documents that are used to train a machine learning model.

credential

Information acquired during authentication that describes a user, group associations, or other security-related identity attributes, and that is used to perform services such as authorization, auditing, or delegation. For example, a user ID and password are credentials that allow access to network and system resources.

credit pool

Within an enterprise billing unit, a consolidation of credit from all sources, including subscriptions and promotions, that is shared among accounts. See also billing unit.

CRN

See cloud resource name.

cryptosystem

A suite of algorithms that are used to implement a specific security service. Examples include RSA and Ed25519.

crypto unit

A single unit that represents a hardware security module and the corresponding software stack that is dedicated to the hardware security module for cryptography.

CSR

See certificate signing request.

curate

To select, collect, preserve, and maintain content relevant to a specific topic. Curation establishes, maintains, and adds value to data; it transforms data into trusted information and knowledge.

custom domain

The customized portion of the URL selected by the user to direct requests to the application. A custom domain makes up part of the route. A custom domain can be a shared domain, a shared subdomain, or a shared domain and host. See also host, subdomain, Uniform Resource Locator, domain, route.

D

daemon

A program that runs unattended to perform continuous or periodic functions, such as network control.

dashboard

A user interface component that provides a comprehensive summary of pertinent information from various sources to the user.

data center (DC)

The physical location of the servers that provide cloud services.

data encryption key

A cryptographic key used to encrypt data that is stored in an application.

data store

A place, such as a database system, file, or directory, where data is stored.

DC

See data center.

dedicated cloud

A private cloud computing environment that provides infrastructure with single-tenant hardware. See also borderless.

deep learning

A computational model that uses multiple layers of interconnected nodes, which are organized into hierarchical layers, to transform input data (first layer) through a series of computations to produce an output (final layer). Deep learning is inspired by the structure and function of the human brain.

deployable architecture

Cloud automation for deploying a common architectural pattern that combines one or more cloud resources that is designed for easy deployment, scalability, and modularity. See also module.

deployment

A process that retrieves the output of a build, packages the output with configuration properties, and installs the package in a pre-defined location so that it can be tested or run. See also stage.

DevOps

A software methodology that integrates application development and IT operations so that teams can deliver code faster to production and iterate continuously based on market feedback.

DevSecOps

A methodology that integrates security practices with the software development and operations lifecycle. The goal of the merge is to prioritize the balance of development speed and security.

dictionary

A collection of words that can be used to pre-annotate documents. A new annotation is created for each word in the document text that matches a term in the dictionary. A machine learning model can be configured with one or more independent dictionaries, which are typically domain-specific, such a dictionary for pharmaceuticals and a dictionary for wealth management. See also lemma, surface form.

dictionary pre-annotator

A component that identifies mentions in text that match a specific set of words. By using domain-specific terminology to pre-annotate text, dictionary pre-annotators can accelerate a human annotator's ability to prepare a set of ground truth documents.

disaster recovery (DR)

The ability of IT services to recover from rare but major incidents and non-transient, wide-scale failures, such as service disruption that affects an entire geographical area. The impact of such an incident exceeds the ability of the high availability design to handle it. See also high availability, recovery time objective, recovery point objective. See also high availability, recovery time objective, recovery point objective.

Dockerfile

A text file that contains instructions to build a Docker image.

document set

A collection of documents. Documents that are imported together become a document set. Annotated documents that are grouped together for training purposes are generated as document sets.

domain

Part of a naming hierarchy that specifies the route. For example, example.com. In IBM Cloud, domains are associated with orgs. Domain objects are not directly bound to apps. See also host, subdomain, Uniform Resource Locator, custom domain, organization, route.

DR

See disaster recovery.

dynamic secret

A unique value, such as a password or an API key, that is created dynamically and leased to an application that requires access to a protected resource. After a dynamic secret reaches the end of its lease, access to the protected resource is revoked and the secret is deleted automatically. See also secret, secrets engine.

E

endorse

To validate a chaincode transaction that was made by another member of a blockchain network.

endorsement

A collection of digital signatures from endorsing peers that establish that a transaction satisfies an endorsement policy.

endorsement policy

A policy that defines the peer nodes on a channel that must execute transactions that are attached to a specific chaincode application, and the required combination of endorsements. For example, a policy could require that a transaction be endorsed by a minimum number of endorsing peers, a minimum percentage of endorsing peers, or by all endorsing peers that are assigned to a specific chaincode application.

endpoint

The address of an API or service in an environment. An API exposes an endpoint and at the same time invokes the endpoints of other services. See also route.

enterprise

A hierarchical structure of accounts with centralized account and billing management in a cloud environment. See also account group, billing unit.

enterprise account

A unique account within an enterprise that manages users and access for account organization and enterprise billing. See also account.

entitlement

In software licensing, the maximum allowed allocation of capacity as determined by a license agreement.

entity

  • A set of details that are held about a real-world object such as a person, location, or bank account. An entity is a kind of item.
  • A person, object, or concept about which information is stored.
  • A mention that is annotated by an entity type.

entity type

The type of entity that a mention represents without consideration for context. For example, the mention IBM might be annotated by the entity type ORGANIZATION. In an entity-relationship model, an entity type is the thing that is being modeled or the thing that a mention refers to, such as the name of a person or place. Different entity types have different sets of attributes such as "surname" or "home town", and are connected through relationships like "lives in". An entity type exists independently and can be uniquely identified.

envelope encryption

The process of encrypting data with a data encryption key and then encrypting the key with a root key that can be fully managed.

evidence

The collected raw data to support an assessment for auditing purposes.

experimental product

A product that IBM makes available solely for evaluation and testing purposes, and might be unstable or not compatible with previous versions. An experimental product can be discontinued with short notice. There are no warranties, SLAs or support provided, and experimental products are not intended for production use.

explainability

The ability of human users to trace, audit, and understand predictions that are made in applications that use AI systems.

F

F1 score

A measure of a test's accuracy that considers both precision and recall to compute the score. The F1 score can be interpreted as a weighted average of the precision and recall values. An F1 score reaches its best value at 1 and worst value at 0.

false negative

An answer or annotation that is correct, but was predicted to be incorrect.

false positive

An answer or annotation that is incorrect, but was predicted to be correct.

feature

A data member or attribute of a type.

feature code

A code that is applied to free accounts to unlock extra product resources and capabilities.

Federal Risk and Authorization Management Program (FedRAMP)

A United States government program that provides a standardized, risk-based approach for the adoption and use of cloud services by the US federal government. FedRAMP empowers agencies to use modern cloud technologies with an emphasis on security and protection of federal information, and helps accelerate the adoption of secure cloud solutions.

federate

To merge two or more entities. For example, a company's registered domain could be federated with an IBMid.

FedRAMP

See Federal Risk and Authorization Management Program.

feed

A piece of code that configures an external event source to fire trigger events. See also action.

file share

In the IBM Cloud environment, a persistent storage system where users store and share files. In IBM Cloud Kubernetes Service, users can mount Docker volumes on file shares.

fine tuning

The process of adapting a pre-trained model to perform a specific task by conducting additional training. Fine tuning may involve (1) updating the model’s existing parameters, known as full fine tuning, or (2) updating a subset of the model’s existing parameters or adding new parameters to the model and training them while freezing the model’s existing parameters, known as parameter-efficient fine tuning.

fire

To activate a trigger.

Fleiss Kappa score

A measure of how consistently the same annotation was applied by multiple human annotators across overlapping documents. The Fleiss Kappa score reaches its best value at 1 and worst value at 0.

floating IP address

A public, routable IP address that makes use of 1-to-1 network address translation (NAT) so that a server can communicate with the public internet and private subnet within a cloud environment. Floating IP addresses are associated to an instance, for example, a virtual server instance, a load balancer, or a VPN gateway, by means of a virtual network interface card (vNIC).

foundation model

An AI model that can be adapted to a wide range of downstream tasks. Foundation models are typically large-scale generative models that are trained on unlabeled data using self-supervision. As large scale models, foundation models can include billions of parameters.

framework

An architecture for an application that provides a standard structure for an application, and general, extensible functionality. A framework enables and simplifies consistent implementation of complex technologies for application development.

functional identifier

An ID created through a federated identity provider that represents a program, application, or service that is assigned the minimum level of access required to complete the function for which it is created.

G

GA

See general availability.

GB-hour

The cumulative amount of memory (in gigabytes) that is running for all application instances for a particular buildpack per hour.

gen AI

See generative AI.

general availability (GA)

Date when a product is widely available for sale and delivery to customers or channels, usually across multiple geographies.

generative AI (gen AI)

A class of AI algorithms that can produce various types of content including text, source code, imagery, audio, and synthetic data.

genesis block

The configuration block that initializes a blockchain network or channel, and also serves as the first block on a chain. See also block.

globally unique identifier (GUID)

An algorithmically determined number that uniquely identifies an entity within a system.

gossip

A method of sharing network information among peers in which each peer forwards messages to a random selection of the current peers in the network.

Gossip Data Dissemination Protocol

A protocol for secure, reliable, and scalable communication of information in an network by passing messages among peers.

ground truth

The set of vetted data, consisting of annotations added by human annotators, that is used to adapt a machine learning model to a particular domain. Ground truth is used to train machine learning models, measure model performance (precision and recall), and calculate headroom to decide where to focus development efforts for improving performance. Accuracy of ground truth is essential since inaccuracies in the ground truth will correlate to inaccuracies in the components that use it.

GUID

See globally unique identifier.

H

HA

See high availability.

hardware security module (HSM)

A physical appliance that provides on-demand encryption, key management, and key storage as a managed service.

hardware virtual machine mode (HVM)

Hardware-assisted full virtualization. A virtual machine uses resources from the host computer to operate as a complete hardware environment. The host operating system is unaware of the virtual client.

Hash-Based Message Authentication Code (HMAC)

A cryptographic code that uses a cryptic hash function and a secret key.

headroom analysis

The process of determining how much improvement in accuracy, precision, or recall can be expected by addressing some class of problems that are identified while performing accuracy analysis.

health check

A process that monitors system resources and conditions to determine whether the system is running efficiently. The health check can be configured to report potential problems and to display warnings and fail levels before the integrity of the system is compromised.

heavy API call

A client operation that writes, deletes, or inserts data. Heavy API calls consume more resources than light API calls because they are affecting the data. See also light API call.

high availability (HA)

The ability of IT services to withstand all outages and continue providing processing capability according to some predefined service level. Covered outages include both planned events, such as maintenance and backups, and unplanned events, such as software failures, hardware failures, power failures, and disasters. See also disaster recovery.

HMAC

See Hash-Based Message Authentication Code.

host

A computer that is connected to a network and that provides an access point to that network. The host can be a client, a server, or both a client and server simultaneously. See also subdomain, client, Uniform Resource Locator, custom domain, domain, route.

HSM

See hardware security module.

HTTP method

An action that is used by the Hypertext Transfer Protocol. HTTP methods include GET, POST, and PUT.

HTTPS

See Hypertext Transfer Protocol Secure.

human annotator

A subject matter expert who reviews, modifies, and augments the results of pre-annotation by identifying mentions, entity type relationships, and mention coreferences. By examining text in context, a human annotator helps determine ground truth and improve the accuracy of the machine learning model.

HVM

See hardware virtual machine mode.

hybrid cloud

A cloud computing environment that consists of multiple public and private resources.

Hyperledger fabric

The implementation of the Linux Hyperledger project. See also Linux Hyperledger project.

Hypertext Transfer Protocol Secure (HTTPS)

An Internet protocol that is used by web servers and web browsers to transfer and display hypermedia documents securely across the Internet.

I

IaaS

See infrastructure as a service.

IAM

See identity and access management.

IBM Cloud

An open-standards, cloud-based platform for building, managing, and running apps of all types, such as web, mobile, big data, and smart devices. Capabilities include Java, mobile back-end development, and application monitoring, as well as features from ecosystem partners and open source—all provided as-a-service in the cloud.

identity and access management (IAM)

The process of controlling access of authorized users to data and applications, while helping companies comply with various regulatory requirements.

identity provider (IdP)

A service that creates, maintains, and manages identity information, account authentication and credential management services for one or more systems. For example, a user registry for one or more hosts; or a built-in user registry for an application.

IdP

See identity provider.

image

A file system and its execution parameters that are used within a container runtime to create a container. The file system consists of a series of layers, combined at runtime, that are created as the image is built by successive updates. The image does not retain state as the container executes. See also container, registry, namespace, layer, base image, parent image, private image repository.

imprint mode

An operational mode in which crypto units are assigned to a user.

infrastructure as a service (IaaS)

The delivery of a computer infrastructure, including server functionality, networking functionality, data center functionality, and storage functionality as an outsourced service.

input/output operations per second (IOPS)

A standard computing benchmark used to determine the best configuration settings for servers.

instance

An entity that consists of resources that are reserved for a particular application or a service.

instantiate

The process of starting and initializing a smart contract on a blockchain channel. After instantiation, peers on the channel that have the smart contract installed can accept smart contract invocations.

inter-annotator agreement

A measure of how similarly a document in two or more document sets is annotated.

intermediate certificate

A subordinate certificate that is issued by the trusted root certificate authority (CA) specifically to issue end-entity server certificates. The result is a certificate chain that begins at the trusted root CA, passes through the intermediate certificate, and ends with the SSL certificate issued to the organization. See also trusted root, certificate authority.

Internet of Things (IoT)

The global network of endpoints that can capture or generate data. For example, a smartphone, smart watch and back-end server might all communicate with each other, sending data back and forth, or even to additional devices within the network.

Internet Small Computer System Interface (iSCSI)

An IP-based standard for linking data storage devices over a network and transferring data by carrying SCSI commands over IP networks.

invoke

To activate an action. See also action.

IOPS

See input/output operations per second.

IoT

See Internet of Things.

iSCSI

See Internet Small Computer System Interface.

J

JAR file

A Java archive file.

JavaScript Object Notation (JSON)

A lightweight data-interchange format that is based on the object-literal notation of JavaScript. JSON is programming-language neutral but uses conventions from various languages.

JSON

See JavaScript Object Notation.

K

knowledge graph

A model that consolidates typed entities, their relationships, their properties, and hierarchical taxonomies to represent an organization of concepts for a given domain. After the knowledge graph store is loaded with inputs from structured and unstructured data sources, users and applications can access the knowledge graph to explore key elements of knowledge for a specific domain, explore interactions, and discover additional relationships.

L

label

A user-defined identifier attached to a grouping of resources that are contained in an instance. Labels are visible only at an instance.

large language model (LLM)

A language model with a large number of parameters, trained on a large quantity of text.

layer

A changed version of a parent image. Images consist of layers, where the changed version is layered on top of the parent image to create the new image. See also image, container.

LBaaS

See load balancer as a service.

LDAP

See Lightweight Directory Access Protocol.

lemma

The normalized or canonical form of a word. Typically, the lemma is the underived and uninflected form of a noun or a verb. For example, the lemma of the terms 'organizing' and 'organized' is 'organize' See also surface form, dictionary.

light API call

A client operation that only reads data. Light API calls use fewer resources than heavy API calls because they are performing a single function. See also heavy API call.

Lightweight Directory Access Protocol (LDAP)

An open protocol that uses TCP/IP to provide access to directories that support an X.500 model and that does not incur the resource requirements of the more complex X.500 Directory Access Protocol (DAP). For example, LDAP can be used to locate people, organizations, and other resources in an Internet or intranet directory.

Linux Hyperledger project

An open source, collaborative effort to advance blockchain technology by identifying and addressing important features for a cross-industry open standard for distributed ledgers that can transform the way business transactions are conducted globally. Hyperledger serves as the foundation code for the IBM Blockchain products, services, and solutions. See also Hyperledger fabric.

LLM

See large language model.

load balancer

Software or hardware that distributes workload across a set of servers to ensure that servers are not overloaded. The load balancer also directs users to another server if the initial server fails.

load balancer as a service (LBaaS)

A service that provides the ability to distribute traffic among instances in a virtual private cloud.

local cloud

A cloud computing environment within the client's data center. The local cloud is on-premises, providing improved latency and security. See also borderless.

logical unit number (LUN)

In the Small Computer System Interface (SCSI) standard, a unique identifier used to differentiate devices, each of which is a logical unit (LU).

LoopBack data source

A JavaScript object that represents a back-end service such as a database, REST API (to be consumed), or SOAP web service. Data sources are backed by connectors that then communicate directly with the database or other back-end services.

LoopBack model

A model that provides a remote (REST) API that clients use to perform operations and interact with backend systems. The model consists of application data, validation rules, data access capabilities, and business logic. Every LoopBack application by default has a set of built-in models: user, application, email, and several models for access control.

LUN

See logical unit number.

M

machine learning (ML)

A branch of artificial intelligence (AI) and computer science that focuses on the use of data and algorithms to imitate the way that humans learn, gradually improving the accuracy of AI models.

machine learning annotator

See machine learning model.

machine learning model

An AI model that is trained on a a set of data to develop algorithms that it can use to analyze and learn from new data.

Managed Service Provider (MSP)

An IBM Business Partner that provides IT services on a contractual basis to maintain clients' computers, networks or software. They manage services on-site at the clients' data center, remotely in the clients’ data center, or in a third-party data center.

master key

An encryption key that is used to protect a crypto unit. The master key provides full control of the hardware security module and ownership of the root of trust that encrypts the chain keys, including the root key and standard key.

MBaaS

See mobile backend as a service.

member

A participant that is enrolled in a blockchain network. A member can be as large as a multi-national corporation or as small as an individual.

membership service provider

A component that defines the organizations that can transact on a blockchain network. The membership service provider turns identities into permissions by defining them as administrators of an organization. It also contains the public certificate for the root of trust of the organization. context: Typically, a single membership service provider is used to represent a single blockchain organization.

mention

A span of text that is considered relevant ina domain data. For example, in a type system about automotive vehicles, occurrences of terms such as "airbag", "Ford Explorer", and "child restraint system" might be relevant mentions.

microservice

A set of small, independent architectural components, each with a single purpose, that communicate over a common lightweight API.

ML

See machine learning.

MLOps

A methodology that takes a machine learning model from development to production.

mobile app

See mobile application.

mobile application (mobile app)

An application that has been designed for a mobile platform. Similar to web applications, mobile apps provide some function beyond static display of information, for example, allowing the user to filter news in near real-time. See also app.

mobile backend as a service (MBaaS)

A computing model that connects mobile applications to cloud computing services and provides features such as user management, push notifications, and integration with social networks through a unified API and SDK.

mobile cloud

An infrastructure in which the storage and processing of data for applications is offloaded from a mobile device into the cloud. With mobile cloud computing, applications are not limited to a specific carrier, but are accessed through the Web.

ModelOps

A methodology for managing the full lifecycle of an AI model, including training, deployment, scoring, evaluation, retraining, and updating.

module

A stand-alone unit of automation code that can be reused and shared in a larger system. See also deployable architecture.

MSP

See Managed Service Provider.

multizone region (MZR)

A region that is spread across physical locations in multiple zones to increase fault tolerance. See also zone.

MZR

See multizone region.

N

named entity

A concept in a domain that falls in to a well defined category, such as names of organizations, locations, authors, or diseases.

namespace

A collection of repositories that store images in a registry. A namespace is associated with an IBM Cloud account, which can include multiple namespaces. See also image, private image repository.

NAT

See network address translation.

natural language processing (NLP)

A field of artificial intelligence and linguistics that studies the problems inherent in the processing and manipulation of natural language, with an aim to increase the ability of computers to understand human languages.

network address translation (NAT)

An addressing method that is used to enable one IP address to communicate with several other IP addresses, such as those on a private subnet, by means of a lookup table. Network address translation has two main types: 1-to-1 and many-to-1.

Network File System (NFS)

A protocol that allows a computer to access files over a network as if they were on its local disks.

NFS

See Network File System.

NLP

See natural language processing.

node

  • A member of a cluster that runs as a container or virtual machine on shared hardware.
  • A physical component of the blockchain network infrastructure, namely a peer, Certificate Authority (CA), or ordering node.

O

OAuth

An HTTP-based authorization protocol that gives applications scoped access to a protected resource on behalf of the resource owner, by creating an approval interaction between the resource owner, client, and resource server.

OCI container image

A container image that is compliant with the OCI Image Format Specification

on-prem

See on-premises.

on-premises (on-prem)

Pertaining to software that is installed and run on the local computers of a user or organization.

ontology

An explicit formal specification of the representation of the objects, concepts, and other entities that can exist in some area of interest and the relationships among them.

orderer node

See ordering node.

ordering node

A node that collects transactions from network members, orders the transactions and bundles them into blocks.

ordering service

A service that provides a shared communication channel to clients and peers for the broadcast of messages that contain transactions.

org

See organization.

organization (org)

  • The grouping methodology for users in IBM Cloud. Orgs are used to manage quotas. Users in an org share memory and service instance quotas. See also domain, space.
  • The entity that owns APIs or applications that use APIs. A provider organization owns APIs and associated plans, and can additionally own applications. A consumer organization owns only applications. An organization has at least one owner. An organization can be a project team, department, or division.

origin server

A server that processes and responds to incoming requests from clients, and is typically used with a caching server.

out-of-band

Pertaining to data transferred through a stream that is independent from the main data stream.

P

PaaS

See platform as a service.

paravirtualized mode

A lightweight virtualization technique. While in paravirtualized mode, a virtual machine does not require virtualization extensions from the host computer, thus allowing virtualization on hardware systems that do not support hardware-assisted virtualization.

parent image

An image that provides a base for another image. For example, Ubuntu Linux is the parent image of the IBM Liberty image. See also image, base image.

part of speech (POS)

A grammatical category, such as noun or verb, based on the syntactic function of a lexical item.

path

The route through which users access REST APIs. A path consists of one or more HTTP operations such as GET or POST.

payload logging

The capture of payload data and deployment output to monitor ongoing health of AI in business applications.

payment method

The method by which a client pays an invoice, such as credit card, check, or wire transfer.

PEAR

See processing engine archive.

peer

A blockchain network entity that maintains a ledger with an installed chaincode for performing read and write operations on the ledger. A peer is owned and maintained by an organization.

performance

The measurement of a Watson system in terms of accuracy, precision, and recall, for example, when answering questions, discovering relationships, or annotating text.

plan

The packaging construct by which APIs are made available to consumers. A plan makes available a collection of resources or operations from one or more APIs, and is published to communities of application developers.

platform as a service (PaaS)

The delivery of a computing platform, including applications, optimized middleware, development tools, and Java and Web 2.0 runtime environments, in a cloud-based environment.

pod

A group of containers that are running on a Kubernetes cluster. A pod is a runnable unit of work, which can be a either a stand-alone application or a microservice.

point of presence (PoP)

A physical location that stores servers and routers in a network cloud.

policy

A piece of configuration that controls some aspect of processing in the gateway during the handling of an API invocation. Policies are the building blocks of assembly flows and provide the means to configure capability, such as security, logging, caching, routing of requests to target services, and transformation of data from one format to another. Policies can be configured in the context of an API or in the context of a plan.

PoP

See point of presence.

POS

See part of speech.

pre-annotation

The process of annotating a set of documents prior to human annotation. Documents can be pre-annotated by using a rule-based model, a machine-learning model, IBM Watson Natural Language Understanding, or a dictionary. Pre-annotation can help human annotators more quickly prepare a set of ground truth documents.

precision

A measurement that specifies the proportion of results that are relevant. Precision, which is a positive predictive value, is determined by the number of correct positive results divided by the number of all positive results. Accuracy is best measured by using both precision and recall. See also recall, accuracy.

private cloud

A cloud computing environment in which access is limited to members of an enterprise and partner networks. See also public cloud.

private image repository

The combination of an organization's IBM Cloud registry and its namespace. The private image repository is used when referencing an image in a command. See also image, namespace.

private key

An algorithmic pattern used to encrypt messages that only the corresponding public key can decrypt. The private key is also used to decrypt messages that were encrypted by the corresponding public key. The private key is kept on the user system and is protected by a password.

private resource

An entry that is visible only to account owners and their included accounts. When resources are created, they are private by default. See also public resource.

private service

A service that is visible only to members of a specified IBM Cloud organization.

processing engine archive (PEAR)

A .pear archive file that includes an Unstructured Information Management Architecture (UIMA) analysis engine and all of the resources that are required to use it for custom analysis.

profile

  • A specification of a resource's capacities and capabilities. Different profiles are optimized for different workloads and use cases. A resource's pricing model might depend on its profile.
  • In Security and Compliance Center, a grouping of similar controls that can be used to evaluate resource configuration for compliance.A profile can be customized to fit specific use cases by editing the default parameters. See also rule, scope.

project

A collection of artifacts that define and manage resources and Infrastructure as Code deployments.

promo code

A code used to apply limited time credits to Pay-As-You-Go and Subscription accounts.

prompt

Data, such as text or an image, that prepares, instructs, or conditions a foundation model's output.

prompt engineering

The process of designing natural language prompts for a language model to perform a specific task.

prompting

The process of providing input to a foundation model to induce it to produce output.

prompt tuning

An efficient, low-cost way of adapting a pre-trained model to new tasks without retraining the model or updating its weights. Prompt tuning involves learning a small number of new parameters that are appended to a model’s prompt, while freezing the model’s existing parameters.

proxy

An application programming interface that forwards requests to a user-defined backend resource and relays responses back to the calling application.

public cloud

A cloud computing environment in which access to standardized resources, such as infrastructure, multi-tenant hardware, and services, is available to subscribers on a pay-per-use basis. See also private cloud, borderless.

public gateway

The connection of a subnet, with all virtual server instances attached, to the internet. A public gateway uses a many-to-1 network address translation (NAT), which means that thousands of virtual server instances with private addresses can use one public IP address to talk to the public internet.

public resource

An entry that is visible to everyone in the IBM Cloud catalog. Public resources can be built by any provider (IBM or third party providers). See also private resource.

publish

The process of moving an application or product from staging so that the plans and APIs included within it are available for application developers to access and use.

push

To send information from a server to a client. When a server pushes content, it is the server that initiates the transaction, not a request from the client.

push notification

An alert indicating a change or update on a mobile app icon.

Q

quota

The number of resources that can be consumed at an account or service instance level.

R

Raft

A crash fault tolerant ordering service implementation based on the etcd library of the Raft protocol. Raft follows a leader-and-follower model, where a leader node is elected per channel, and its decisions are replicated by the followers.

RAG

See retrieval augmented generation.

read-mostly

Pertaining to data that changes dynamically.

recall

A measurement that specifies the percentage of relevant results returned, out of all available relevant results. Recall, which is a measure of sensitivity, is determined by the number of correct positive results divided by the number of positive results that should have been returned. Accuracy is best measured by using both precision and recall. See also precision, accuracy.

recovery point objective (RPO)

In disaster recovery planning, the point at which data is restored to in the event of a disaster. See also disaster recovery.

recovery time objective (RTO)

The maximum duration of time within which an application should be restored after any type of disaster. See also disaster recovery.

red-black deployment

A deployment technique that drives continuous delivery by enabling synchronized test, development, and deployment. Initially, development is done on an inactive environment (black) while the active environment continues to take traffic (red). Once deployment starts, both environments go live (red-red) until routing is disabled on the formerly active, previous version environment, then subsequently removed (black) while the new environment serves as the only active environment. See also blue-green deployment.

reference architecture

An opinionated pattern of technologies that work together that includes a summary, an architecture diagram, and a list of modules.

region

An independent geographic territory that consists of one or more zones.

registry

A storage and distribution service that contains public or private images that are used to create containers. See also image, container.

relation

Typically a verb that reflects how entities are related to one another. For example, "lives in" is a relation between a person and a town. A relation links two different entities in the same sentence.

relation type

A binary, unidirectional relationship between two entities. For example, Mary employedBy IBM is a valid relationship; IBM employedBy Mary is not.

Representational State Transfer (REST)

A software architectural style that guides the design and development of the architecture for the web. REST defines a set of constraints for the architecture of Internet-scale distributed hypermedia systems, such as the web.

resource

A physical or logical component that can be provisioned or reserved for an application or service instance. Examples of resources can include storage, processors, memory, clusters, and VMs.

resource group

The environment, and constraints, in which contained resource instances adhere to. A user can be associated with a resource group to enable collaboration.

REST

See Representational State Transfer.

retrieval augmented generation (RAG)

A technique in which a large language model is augmented with knowledge from external sources to generate text. In the retrieval step, relevant documents from an external source are identified from the user’s query. In the generation step, portions of those documents are included in the LLM prompt to generate a response grounded in the retrieved documents.

role

  • An attribute that provides a context-sensitive meaning of a mention. For example, in the phrase "I went to IBM today", IBM is the mention, Organization is the entity type, and Facility is the role of the entity type.
  • A set of permissions or access rights.

root key

A symmetric wrapping key that is used for encrypting and decrypting other keys that are stored in a data service.

route

The URL that is used to direct requests to an application. A route is made up of an optional host (or subdomain) and a domain that are specified when an application is pushed. For example, in the route myapp.example.com, myapp is the host and example.com is the domain. A route can be associated with one or more applications. Unless a custom domain is specified, IBM Cloud uses a default shared domain in the route to an application. See also host, subdomain, Uniform Resource Locator, custom domain, endpoint, domain.

RPO

See recovery point objective.

RTO

See recovery time objective.

rule

  • The set of allowed contexts that are associated with an IBM Cloud resource. The defined contexts dictate a user's or service's access to that resource.
  • A set of conditional statements that are used to determine whether a build can be promoted. See also profile, scope.

rule set

A set of rules that define patterns for annotating text. If a pattern applies, then the actions of the rule are performed on the matched annotations. A rule typically specifies the condition that must match, an optional quantifier, a list of additional constraints that the matched text must fulfill, and the actions to be taken when a match occurs, such as creating a new annotation or modifying an existing annotation.

runtime

The set of resources used to run the application.

S

SaaS

See software as a service.

sandbox catalog

A catalog in which approvals for publishing and lifecycle actions are bypassed so that it can be used for testing APIs under development.

scale

To increase platform (or system) capacity by adding more application or service instances

SCM

See source control management.

scope

A grouping of resources that can be validated or evaluated for security and compliance. See also rule, profile.

secret

Sensitive information, such as a password or an API key, that is used by an application to access a protected resource. See also dynamic secret.

secret group

The environment and constraints that contained secrets in an instance must adhere to. A user can be associated with a secret group to enable access and collaboration.

secrets engine

A component that serves as a back end for a specific type of secret, such as a password or an API key, within a secrets management service. Depending on its type, a secrets engine can store data, generate secrets on demand, and more. See also dynamic secret.

Secure Shell (SSH)

A network protocol for secure data exchange between two networked devices. The client can use public-key and private-key authentication, or password authentication, to access the remote server.

Secure Sockets Layer (SSL)

A security protocol that provides communication privacy. With SSL, client/server applications can communicate in a way that is designed to prevent eavesdropping, tampering, and message forgery. See also certificate authority.

security definition

A specification of the settings for a particular aspect of API security; for example, the user registry that authenticates access to the API.

security group

A resource that provides rules to filter IP traffic to resources in a virtual private cloud. Rules are stateful, such that packets in response to allowed packets are automatically permitted.

select availability

A production-ready product that is available for sale and accessible to select customers.

service

A cloud extension that provides ready-for-use functionality, such as database, messaging, and web software for running code, or application management or monitoring capabilities. Services usually do not require installation or maintenance and can be combined to create applications.

service binding

An association between an application and a service instance that contains the application credentials that are used to communicate with the service instance.

service endpoint

The physical address of a service that implements one or more interfaces.

service ID

An identity that authenticates a service or an application to a cloud environment and other services. A service ID can be assigned access policies and used to enable an application that is deployed to a cloud environment access to cloud services.

session

The period of time after an app is started on a mobile device and the quality assurance product is notified to begin collecting app behavior, issues, and problems.

signature key

An encryption key that is used by the crypto unit administrator to sign commands that are issued to the crypto unit.

signCert

A certificate that any entity, such as an organization or admin, attaches to their proposals or proposal responses. These signCerts are unique to an entity and are checked by the ordering service to make sure they match the signCert on file for that entity.

single-campus multizone region (single-campus MZR)

A region that consists of multiple zones that are located within a single building or campus. Dependencies such as power, cooling, networking, and physical security might be shared but are designed to provide a high degree of fault independence. See also zone.

single-campus MZR

See single-campus multizone region.

single-page application (SPA)

An application that works inside a browser and does not require page reloading during use.

single sign-on (SSO)

An authentication process in which a user can access more than one system or application by entering a single user ID and password.

smart contract

A set of business terms that are embedded into a blockchain and executed with transactions. A smart contract can also include a digital representation of a set of business rules and defines conditions under which transfers occur. A smart contract is implemented using chaincode.

SoE

See system of engagement.

software as a service (SaaS)

A model of software deployment whereby software including business processes, enterprise applications, and collaboration tools, are provided as a service to customers through the cloud.

SOLO

A consensus plugin implementation for Hyperledger Fabric that results in a single ordering service node in the blockchain network.

SOR

See system of record.

source control management (SCM)

An aspect of software configuration management that involves managing changes to collections of files.

SPA

See single-page application.

space

A sub-group within an IBM Cloud org. Users who are members of an org are given access to one or more of its spaces, with permissions associated with a particular role (such as developer, manager, or auditor). Any member of the space can view apps, but only members with the developer role can create apps and add service instances to the space. Apps and service instances are associated with spaces. See also organization.

SSH

See Secure Shell.

SSL

See Secure Sockets Layer.

SSO

See single sign-on.

stage

To deploy an application, service, or instance to a pre-defined location for running or testing before deployment to a production environment. See also deployment.

stanza

A section of a software package that defines either a specific action to be performed on that the software package or a set of conditions under which actions are to be performed on the software package. The complete software package is a stanza that contains a hierarchy of many different stanzas.

state database

A database that contains the current values for all keys on a blockchain ledger for a channel.

subdomain

A domain that makes up a part of a larger domain. See also host, Uniform Resource Locator, custom domain, domain, route.

subject

The user, service ID, or access group that is granted access by an access policy.

subnet

See subnetwork.

subnetwork (subnet)

A network that is divided into smaller independent subgroups, which still are interconnected.

subscription code

A code used to apply credits to an account after a subscription is purchased.

subtype

A type that extends or implements another type; the supertype.

surface form

The form of a word or multiword unit as it is found in the corpus. For example, some surface forms of the lemma 'organize' are the terms 'organizing' and 'organized'. See also lemma, dictionary.

system of engagement (SoE)

An information technology (IT) system that incorporates technologies that encourage user interaction through email, collaboration systems, and networking. A system of engagement often uses cloud technologies to extend the usefulness of systems of record. See also system of record.

system of record (SOR)

An information storage system (such as a database or application) that stores business records and automates standard processes. See also system of engagement.

T

tag

A user-defined identifier attached to a grouping of resources that are contained in an account. Tags are visible account-wide.

target

The resource or set of resources to provide a subject access to in an access policy. The set of resources is defined by one or more attributes. For example, a target could be all resources in a resource group, all resources of a certain resource type, or the resource with a certain resource ID.

template

A predefined structure for an artifact.

testing data

A set of annotated documents that can be used to evaluate system metrics after ingestion and training. See also training data, blind data.

third-party

Pertaining to a product or service that is provided by a company other than IBM.

tile

A visual representation of a running application that provides status on a dashboard.

train

To set up a Watson instance with components that enable the system to function in a particular domain (for example: corpus content, training data that generates machine learning models, programmatic algorithms, annotators, or other ground truth components) and then making improvements and updates to these components based on accuracy analysis.

training data

A set of annotated documents that can be used to train machine learning models. See also testing data, blind data.

transaction

The mechanism that participants on the blockchain network use to interact with assets. A transaction either creates new chaincode or invokes an operation in an existing chaincode. See also chaincode.

trigger

A mechanism that initiates actions. Triggers can be explicitly fired by a user or fired on behalf of a user by an external event source.

true negative

An answer or annotation that is actually incorrect and is predicted to be incorrect.

true positive

An answer or annotation that is actually correct and is predicted to be correct.

trusted profile

A grouping of federated users, compute resources, or both, that are granted the same IAM access. When an identity applies a trusted profile, temporary security credentials are provided for the duration of a session. All identities that are allowed to apply a single profile inherit the same access.

trusted root

A certificate signed by a trusted certificate authority (CA). See also intermediate certificate, certificate authority.

type system

The set of objects that may be discovered by a text analysis engine in a document. The type system defines all possible feature structures in terms of types and features. Any number of different types can be defined in a type system. A type system is domain and application specific.

U

Uniform Resource Identifier (URI)

A unique address that is used to identify content on the web. The most common form of URI is the web page address, which is a particular form or subset of URI called a Uniform Resource Locator (URL). A URI typically describes how to access the resource, the computer that contains the resource, and the location of the resource on that computer.

Uniform Resource Locator (URL)

The unique address of an information resource that is accessible in a network such as the Internet. The URL includes the abbreviated name of the protocol used to access the information resource and the information used by the protocol to locate the information resource. See also host, subdomain, custom domain, domain, route.

unit of measure (UOM)

A standardized unit that is used to measure a specified property of something.

UOM

See unit of measure.

URI

See Uniform Resource Identifier.

URL

See Uniform Resource Locator.

user

  • An IBMid or SoftLayer ID that is used as a person's identity in an account.
  • A participant in a blockchain network that has indirect access to the ledger through a trust relationship to an existing member.

user registry

A collection of user information, such as user IDs and passwords, that is used as the basis for security control by a system such as a web application server.

V

virtual

Pertaining to not physically existing as such but made by software to appear to do so.

virtual local area network (VLAN)

A logical association of switch ports based upon a set of rules or criteria, such as Medium Access Control (MAC) addresses, protocols, network address, or multicast address. This concept permits the LAN to be segmented again without requiring physical rearrangement.

virtual machine (VM)

A software implementation of a machine that executes programs like a real machine. See also virtual server.

virtual private cloud (VPC)

A virtual network that is tied to a private user account and isolated from other networks in a public cloud. Only authorized users can access virtual private cloud resources, which include virtual servers, storage, and subnets.

virtual private network (VPN)

A private connection between two endpoints, even when the data is transferred across a public network. Usually, a VPN is used in combination with security methods, such as authentication and encryption, to provide maximum data security and privacy.

virtual server

A server that shares its resources with other servers to support applications. See also virtual machine.

VLAN

See virtual local area network.

VM

See virtual machine.

volume

A fixed amount of physical or virtual storage on a data storage medium.

VPC

See virtual private cloud.

VPN

See virtual private network.

VPN as a service

A private connection between two endpoints, which remains private and can be encrypted even when the data is transferred across a public network.

W

WAR

See web archive.

WAR file

See web archive.

web app

See web application.

web application (web app)

An application that is accessible by a web browser and that provides some function beyond static display of information, for instance by allowing the user to query a database. Common components of a web application include HTML pages, JSP pages, and servlets. See also app.

web archive (WAR)

A compressed file format, defined by the Java EE standard, for storing all the resources required to install and run a web application in a single file.

workload

A set of customer applications, services, or capabilities that consumes compute, network, storage, or other cloud resources.

workspace

A context that contains a collection of artifacts that a user with appropriate permission can modify.

Z

zone

A location within a region that acts as an independent fault domain and has decreased latency to other zones in the region. See also multizone region, single-campus multizone region.