Glossary

A

access policy: A method for granting users, service IDs, and access groups access to account resources. An access policy includes a subject, target, and role.
access token: An object that contains security information for a process or thread, including the identity and privileges of the user account that is associated with the process or thread.
air-gapped environment: A network environment that is isolated from internet access. Compare to on-line environment .
application domain: A container for the configured resources that support one or more services.
ascp: The executable CLI command for launching high-speed transfer server instances.
attribute: A property, quality, or characteristic whose value contributes to the specification of an element or program function. For example, "cost" or "location" are attributes that can be assigned to a resource.
Automation assets: An instance type with which users can store, manage, and retrieve integration assets.

B

bastion host: A specialized server dedicated solely to providing security to an air-gapped environment. See air-gapped environment. The bastion host has access to both the public internet and the local intranet where a local registry and OpenShift clusters reside. With the bastion host, you can replicate your images to the local intranet registry behind the firewall.
bearer token: A Security Assertion Markup Language (SAML) token that uses the bearer subject confirmation method. In a bearer subject confirmation method, a sender of SOAP messages is not required to establish correspondence that binds a SAML token with contents of the containing SOAP message.
block storage: A storage scheme in which each volume acts as a separate hard drive.

C

CASE: Container Application Software for Enterprises (CASE) files are used to mirror content from a source to a target. CASE is a specification that defines metadata and structure for packaging, managing, and unpacking containerized applications.
catalog: A centralized location that can be used to browse for and install packages in an OpenShift cluster.
certificate: A digital document that binds a public key to the identity of the certificate owner, thereby enabling the certificate owner to be authenticated. A certificate is issued by a certificate authority (CA) and is digitally signed by that authority.
channel: A Kubernetes resource definition that points to repositories where Kubernetes resources (such as namespaces, object stores, or Helm repositories) are stored. Channels use deployable resources to represent stored Kubernetes resources and Helm charts.
cloud: A network that delivers requested virtual resources as a service.
cluster: A set of resources, worker nodes, networks, and storage devices that keep apps highly available and ready to deploy in containers.
cluster administrator: A user who is authorized to perform tasks in the OpenShift web console (as an Administrator) or in the CLI. For details on this and other roles, see OpenShift roles and permissions.
cluster node: On a cluster, a server that's either a physical computer or virtual machine.
cluster-scoped: Having a specification that an operator is to be installed in all available namespaces on the cluster. Also referred to as "all namespaces in a cluster mode". For more information, see Structuring your deployment
common services: Former name of foundational services. See "foundational services".
container: A system construct that allows users to simultaneously run separate logical operating system instances. Containers use layers of file systems to minimize image sizes and promote reuse.
custom resource (CR): An instance of a custom resource definition.
custom resource definition (CRD): A customizable YAML file that defines a logically related group of objects in a Kubernetes cluster. Custom resource definitions enable a custom resource to be used like any native Kubernetes object in the cluster.

D

Docker: An open platform that developers and system administrators can use to build, ship, and run distributed applications.
Docker hub: A public container registry that hosts publicly accessible images, as well as private repositories.

E

endpoint: A network destination address that is exposed by Kubernetes resources, such as services and ingresses.
entitlement: In software licensing, the maximum allowed allocation of capacity as determined by a license agreement.

F

foundational services: Foundational services in IBM Cloud Pak for Integration enables functionality such as authentication, authorization, and licensing.

G

gateway: A device or program used to connect networks or systems with different network architectures.

H

high availability (HA): The ability of IT services to withstand all outages and continue providing processing capability according to some predefined service level. Covered outages include both planned events, such as maintenance and backups, and unplanned events, such as software failures, hardware failures, power failures, and disasters.

I

identity provider: A provider who offers user authentication as a service. Authentication of a user's sign in details is performed by the identity provider who creates, manages, and maintains the user's identity information. Identity providers enable users in an organization to single sign-on (SSO) to one or more systems.
instance: A deployed application or service that is managed by an operator. A user configures an instance by updating its Kubernetes resource directly in the YAML file or in the UI.
integration: The software development activity in which separate software components are combined into an executable whole.

K

Kafka: Apache Kafka is a publish-subscribe distributed messaging system.
key: A cryptographic mathematical value that is used to digitally sign, verify, encrypt, or decrypt a message.
keystore: In security, a file or a hardware cryptographic card where identities and private keys are stored, for authentication and encryption purposes. Some keystores also contain trusted or public keys.
Kubernetes resource: A YAML file that defines a logically related group of objects in a Kubernetes cluster, such as a deployed instance. The file contains these sections: `apiVersion` (URI, including the version), `kind` (the resource type), metadata`(such as name and namespace) and `spec` (the intended state specification). Each Kubernetes resource is managed by an operator. A Kubernetes resource might also be referred to as custom resource (CR) or custom resource definition (CRD).
Kubernetes distribution: Any prepackaged software platform that includes Kubernetes along with tools, security settings, and support for deploying containerized applications.

L

license: A legal agreement that authorizes the use of proprietary information including, but not limited to, copyrighted or patented information.
limited edition license: A type of license that does not include OpenShift entitlement. Limited edition licenses are provided to organizations that have an existing Red Hat OpenShift entitlement or plan to use their license only on public cloud environments with managed OpenShift. IBM approval is required.

M

message: A string of bytes that is passed from one application to another. Messages typically comprise a message header (used for message routing and identification) and a payload (containing the application data being sent). The data has a format that is compatible with both the sending and receiving application.
migration: The process of moving applications, infrastructure, or data from one platform or system to another.
multitenancy: The ability to deliver software to multiple client organizations from a single, shared instance of the software.

N

namespace: A virtual cluster within a Kubernetes cluster that can be used to organize and divide resources across multiple users. A namespace provides an exclusive scope for named resources, management authority, and resource control. For additional details, see namespaces in the Kubernetes documentation.
See also: project
namespace-scoped: Having a specification that an operator is to be installed in a specific namespace on the cluster. Also referred to as "a specific namespaces on the cluster mode". For more information, see Structuring your deployment

O

operand: The service component an operator uses to execute actions.
online environment: A network environment that is connected to the internet. Compare air-gapped environment.
on-premises: Pertaining to software that is installed and run on a user's or organization's local computers.
operator: Operators extend a Kubernetes cluster by adding and managing additional resource types in the Kubernetes API. This enables the installation and management of software using standard Kubernetes tools. For more information, see Operators on Red Hat OpenShift.
See also: Kubernetes resource (CR).

P

persist: To be maintained across session boundaries, typically in nonvolatile storage such as a database system or a directory. Note that persist, a verb, is always intransitive (has no direct object).
persistence: A characteristic of data that is maintained across session boundaries.
platform: Any base of software technologies on which applications or services can be provided.
pod: A group of containers that are running on a Kubernetes cluster. A pod is a runnable unit of work, which can be a either a stand-alone application or a microservice. For more information, see Pods in the Kubernetes documentation.
private key: The secret half of a cryptographic key pair that is used with a public key algorithm. The private key is known only to its owner. Private keys are typically used to digitally sign data and to decrypt data that has been encrypted with the corresponding public key.
project: An OpenShift term for a Kubernetes namespace that manages resources for users. Each project has its own set of objects, policies, constraints, and service accounts.
See also: namespace
public certificate: A certificate that is issued by a public internet certificate authority (CA).
public key: The non-secret half of a cryptographic key pair that is used with a public key algorithm. The public key is made available to everyone. Public keys are typically used to verify digital signatures and to encrypt data that can be decrypted only with the corresponding private key.

R

registry: A public or private container image storage and distribution service.
resource: A facility of a computing system or operating system required by a job, task, or running program. Resources include main storage, input/output devices, the processing unit, data sets, files, libraries, folders, application servers, and control or processing programs.
role: A collection of access rights that can be assigned to a user, group of users, system, service, or application that enable it to carry out certain tasks.

S

self-signed certificate: In cryptography, a public key certificate that is signed with its own private key rather than by a certificate authority.
storage class: The type of media that an object is stored on. The type of media is not directly associated with a physical location; however, it is associated directly with the device manager.
subscription: A Kubernetes resource that references the catalog source for an operator. When a user configures a subscription, they determine which channel of an operator package to subscribe to, and whether updates (upgrades) happen automatically or manually.

T

tenant: A logical partition of the set of capabilities that are exposed by Cloud Identity and the associated configuration and run-time data.
token: A particular message or bit pattern that signifies permission or temporary control to transmit over a network.
trace: A record of the processing of a computer program or transaction. The information collected from a trace can be used to assess problems and performance.

U

update: Software maintenance such as a manufacturing refresh, refresh pack, or fix pack that changes the modification level of a product. Compare upgrade.

V

virtual machine: An emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer. Their implementations might involve specialized hardware, software, or a combination of both.