Internet infrastructure glossary

a.k.a. Two-Factor Authentication

Two-factor authentication (2FA) is a security method that requires a user to present two distinct types of evidence to verify their identity, typically a password and a time-based one-time code from an authenticator app or hardware key.

A DNS resource record that maps a hostname to a 32-bit IPv4 address. It is the most fundamental record type for translating domain names to numeric addresses on the Internet.

a.k.a. Quad-A Record

A DNS resource record that maps a hostname to a 128-bit IPv6 address, analogous to the A record for IPv4.

a.k.a. Atomicity, Consistency, Isolation, Durability

ACID (Atomicity, Consistency, Isolation, Durability) is a set of properties guaranteeing reliable database transaction processing, ensuring data integrity despite concurrent access or failures.

a.k.a. ACME

ACME (Automated Certificate Management Environment) is a protocol that automates the issuance, renewal, and revocation of TLS certificates, defined in RFC 8555.

Anycast is a network addressing and routing method where a single IP address is assigned to multiple servers, and routers send traffic to the nearest server based on routing protocol metrics.

The Apdex Score is a standardised metric that measures user satisfaction with application performance by comparing response times against predefined target and tolerable thresholds.

A BGP path attribute that lists the sequence of autonomous system numbers a route has passed through, used for loop detection and path selection.

a.k.a. Autonomous System Number

A globally unique 16 or 32 bit number assigned to an autonomous system for use in BGP routing between organizations on the Internet.

a.k.a. EPP Code, Transfer Key

A unique, per-domain secret code that the losing (current) registrar must provide so the gaining (new) registrar can authorize a domain transfer.

An authoritative DNS server holds the definitive resource records for a specific domain and responds to queries with the final answer for that zone, not a cached copy.

a.k.a. AS, ASN

An Autonomous System (AS) is a group of IP networks under a single administrative routing policy, identified by a unique ASN (Autonomous System Number) for exterior gateway routing.

a.k.a. AZ

An Availability Zone is an isolated, fault-tolerant data centre within a cloud region, with independent power, cooling, and networking to prevent single points of failure.

A B-Tree index is a self-balancing tree data structure that maintains sorted data for efficient insertion, deletion, and range queries in database systems.

Bandwidth is the maximum rate of data transfer across a network connection, measured in bits per second, and in hosting plans often refers to the total monthly data transfer allowance.

Bandwidth throttling is the intentional reduction of data transfer speed by a network operator or service provider to manage congestion, enforce usage policies, or control costs.

Bare-metal cloud is a service model that provisions dedicated physical servers on demand via API, giving users direct access to hardware without a hypervisor.

a.k.a. Basically Available, Soft state, Eventual consistency

BASE is a design philosophy for distributed databases that prioritizes availability and partition tolerance over immediate consistency, making it a looser alternative to ACID in NoSQL systems.

a.k.a. Border Gateway Protocol

BGP (Border Gateway Protocol) is the path vector routing protocol that networks use to exchange reachability information between autonomous systems on the public internet.

a.k.a. Brand Indicators for Message Identification

BIMI (Brand Indicators for Message Identification) is a DMARC-aligned standard that lets email senders publish a verified logo for display in supporting mail clients.

Block storage is a storage architecture that presents raw fixed-size chunks (blocks) to a computer, which the operating system partitions and formats before use, commonly used for virtual machine disks and database volumes.

Bot management detects automated web traffic and distinguishes it from human users, using behavioral fingerprinting and other signals to block malicious bots while allowing benign ones.

a.k.a. NDR

A bounce message, or non-delivery report (NDR), is an automated email sent to the originator when delivery cannot be completed, including a status code and failure reason.

Brotli is a lossless compression algorithm developed by Google, offering higher text compression ratios than gzip, used by CDNs to reduce page load times.

a.k.a. 95th Percentile Billing

Burstable billing (95th percentile billing) charges customers based on the 95th percentile of their traffic, sampled every 5 minutes over a billing month, discarding the top 5% of data points.

a.k.a. Certification Authority Authorization

A CAA (Certification Authority Authorization) DNS record lets domain owners specify which certificate authorities are permitted to issue SSL/TLS certificates for their domain.

A cache hit occurs when a requested resource is found in a CDN edge cache and served directly to the client, bypassing the origin server entirely.

a.k.a. Cache Purge

Cache invalidation is the explicit removal of stored web objects from a cache so that new requests must revalidate or refetch them from the origin server.

A cache miss occurs when a requested resource is not found in a CDN or proxy cache, forcing the request to be forwarded to the origin server and then storing the response for future requests.

CAP theorem states that a distributed data system cannot simultaneously provide consistency, availability, and partition tolerance; it can only guarantee two of the three.

a.k.a. Carrier-Neutral Facility

A Carrier Hotel is a physical facility where multiple telecommunications carriers co-locate equipment and tenants can cross-connect directly to any carrier's network without using a third-party provider.

A data center facility owned by an operator that does not sell network transit, allowing tenants to connect to multiple competing carriers and internet service providers.

A catch-all email account receives all messages sent to invalid or nonexistent addresses at a domain, preventing bounce-backs but attracting spam.

a.k.a. Country-Code Top-Level Domain

A ccTLD is a two-letter top-level domain assigned to a country or territory based on the ISO 3166-1 alpha-2 code, such as .us for the United States or .jp for Japan.

a.k.a. Content Delivery Network

A CDN (Content Delivery Network) is a geographically distributed network of proxy servers and data centers that deliver web content to users from the nearest edge location, reducing latency and offloading origin servers.

a.k.a. CA

A Certificate Authority (CA) is a trusted entity that issues digital certificates after verifying that the requester controls the domain or identity named in the certificate.

A certificate chain is an ordered list of certificates, starting with the server certificate and ending with a root CA, that a client validates to establish trust in the server's identity.

A security technique where an application trusts only a specific, pre-selected certificate or public key for a given server, bypassing the standard chain of trust.

a.k.a. Classless Inter-Domain Routing

CIDR (Classless Inter-Domain Routing) is a method for allocating IP addresses and routing packets using variable-length subnet masks (e.g., /24) instead of fixed classful boundaries.

A cipher suite is a named set of cryptographic algorithms negotiated during a TLS handshake, specifying key exchange, authentication, encryption, and integrity protection for secure communications.

Cloud bill shock is an unexpectedly high invoice caused by unmonitored resource usage, often from data egress fees, autoscaled compute instances, or orphaned storage volumes.

Cloud bursting is a hybrid cloud deployment that automatically scales an application from a private cloud to a public cloud during demand spikes.

a.k.a. FinOps

Cloud cost optimization is the continuous practice of measuring, analyzing, and reducing cloud spending through rightsizing instances, purchasing reservations, and eliminating waste.

Cloud hosting provides on-demand access to pooled compute, storage, and networking resources that can be scaled up or down as needed, typically billed per use.

Cloud migration is the process of transferring applications, data, and workloads from on-premises infrastructure or another cloud to a target cloud platform.

Cloud-native is an approach to building and running applications that exploit the elastic, distributed, containerized, and immutable nature of modern cloud infrastructure.

a.k.a. Canonical Name Record

A DNS record that maps an alias hostname to the true or canonical hostname, allowing multiple names to resolve to the same IP address without duplicating A or AAAA records.

a.k.a. Archive Storage

Cold storage is a low-cost, slow-retrieval data tier for infrequently accessed information, such as backups, archives, or compliance records, with retrieval times ranging from minutes to hours.

a.k.a. Colo

Colocation is a service where a provider rents physical space, power, cooling, and network connectivity in a data centre for customer-owned servers and hardware.

Concurrent maintainability is the ability to perform planned maintenance on any single component inside a datacenter without disrupting the IT load.

A managed cache of database connections that applications reuse rather than opening and closing a connection for each query, reducing latency and server load.

Core Web Vitals are a set of three real-world user experience metrics (LCP, INP, CLS) defined by Google to quantify loading, interactivity, and visual stability on web pages.

a.k.a. Cross-Origin Resource Sharing

CORS (Cross-Origin Resource Sharing) is a browser security mechanism that lets servers explicitly allow web pages from one origin to request resources from a different origin via HTTP response headers.

Credential stuffing is a cyberattack in which automated tools use username-password pairs leaked from one site to try logging into other sites, exploiting password reuse.

a.k.a. CLS

Cumulative Layout Shift (CLS) is a Core Web Vital metric that measures the sum of all unexpected layout shift scores during a page's lifespan, quantifying visual stability.

a.k.a. Tier I-IV, Uptime Tiers

The Uptime Institute's Data Center Tier Classification is a standard methodology for rating data center infrastructure based on redundancy, capacity, and availability, ranging from Tier I (basic) to Tier IV (fault-tolerant).

a.k.a. Distributed Denial of Service

A DDoS (Distributed Denial of Service) attack overwhelms a target server, service, or network with massive traffic from many compromised computers, making it unavailable to legitimate users.

DDoS scrubbing diverts attack traffic to a specialized filtering facility that removes malicious packets and forwards only legitimate traffic to the target network.

a.k.a. Bare Metal

A dedicated server is a physical machine leased exclusively to one customer, offering full hardware control and no virtualization overhead for high-performance workloads.

a.k.a. DomainKeys Identified Mail

DKIM is an email authentication method that lets a domain claim responsibility for a message by attaching a cryptographic signature validated against a DNS public key.

a.k.a. Domain-based Message Authentication, Reporting and Conformance

DMARC is an email authentication policy protocol that builds on SPF and DKIM to tell receiving mail servers how to handle messages that fail authentication checks.

a.k.a. Domain Name System

The Domain Name System (DNS) is a hierarchical, distributed naming system that translates human-readable domain names (like example.com) into IP addresses and other resource records used by internet protocols.

DNS Anycast uses one IP address served from multiple geographically distributed nameservers; queries are routed to the nearest or healthiest node, improving resilience and reducing latency.

DNS caching stores resolved domain name query results for the specified TTL duration to avoid repeated queries to upstream authoritative servers.

DNS hijacking is an attack or misconfiguration that returns forged DNS responses, causing users to connect to attacker-controlled hosts instead of the intended server.

a.k.a. DNS Blocklist, RBL

A DNSBL is a real-time IP reputation database published via DNS, used by mail servers at SMTP time to reject or flag senders known for spam or abuse.

a.k.a. DNS Security Extensions

DNSSEC (DNS Security Extensions) add cryptographic digital signatures to DNS records, enabling resolvers to verify that responses have not been tampered with or spoofed.

a.k.a. DNS over HTTPS

DNS over HTTPS (DoH) encrypts DNS queries and responses inside HTTPS traffic, preventing on-path observers from seeing or tampering with DNS lookups.

a.k.a. Registrar Lock

A registrar-level status that prevents unauthorized domain transfers, modifications, or deletions until the registrant explicitly removes the lock.

a.k.a. WHOIS Privacy

An optional service that replaces the domain registrant's personal contact information in WHOIS records with the registrar's proxy details to shield the owner from spam and unwanted disclosure.

a.k.a. DV

Domain Validation (DV) is the lowest level of certificate validation used in TLS/SSL, where the certificate authority verifies only that the applicant controls the domain name, typically via an HTTP or DNS challenge.

a.k.a. DNS over TLS

DNS over TLS (DoT) encrypts DNS queries and responses using Transport Layer Security on a dedicated port 853, preventing eavesdropping and tampering.

a.k.a. Encrypted Client Hello

Encrypted Client Hello (ECH) is a TLS extension that encrypts the Client Hello message, including the Server Name Indication (SNI), to prevent on-path observers from learning the target hostname during the handshake.

Edge computing is a distributed computing model that processes data and runs application logic at Points of Presence (PoPs) close to end users, minimizing round-trip latency and bandwidth usage compared to centralized cloud regions.

An edge data center is a small, distributed facility located close to end users to minimize latency and support real-time applications, often deployed as prefabricated units and operated remotely.

a.k.a. PoP

An edge location is a data center or point of presence deployed by a cloud provider at the network edge to serve content and run compute workloads closer to end users than a full parent region.

a.k.a. Data Transfer Out

A per-gigabyte charge imposed by cloud providers on network traffic that leaves their data center, availability zone, or internet boundary.

a.k.a. Extensible Provisioning Protocol

EPP (Extensible Provisioning Protocol) is an XML-based application protocol used by domain name registries and registrars to provision domain names, manage contacts, and transfer registrations.

Erasure coding is a data protection method that splits data into fragments (shards) and adds parity, allowing reconstruction from a subset of fragments; it is commonly used in cloud object storage to tolerate failures efficiently.

a.k.a. EV

Extended Validation (EV) is the highest level of TLS certificate assurance, requiring the certificate authority to perform rigorous, human-verified checks on the legal identity and operational existence of the requesting organization before issuance.

a.k.a. Function as a Service

FaaS (Function as a Service) is a cloud computing model where users deploy small, stateless functions that the provider executes on demand, automatically scaling and billing per invocation.

Failover is the process of automatically or manually promoting a replica database to primary when the active node fails, ensuring continued availability.

a.k.a. FC

Fibre Channel is a high-speed networking standard primarily used to connect storage devices in storage area networks, operating as a dedicated protocol stack separate from Ethernet.

a.k.a. NAS

File storage exposes data as a hierarchical filesystem over network protocols like NFS and SMB, commonly delivered via network-attached storage (NAS) appliances for shared access.

A network security device or software that monitors and controls incoming and outgoing traffic based on predetermined security rules, acting as a barrier between trusted and untrusted networks.

Free cooling uses outside air or water that is cooler than the return temperature to reduce or eliminate the need for mechanical refrigeration in data center cooling systems.

a.k.a. GeoDNS, Geographic DNS

Geo DNS is an authoritative DNS configuration that returns different resource records based on the geographic location of the requesting client, enabling traffic routing to nearby servers.

A type of DNS record (A or AAAA) placed in a parent zone to give resolvers the IP address of a nameserver whose name is inside the child zone, breaking the circular dependency that would otherwise prevent resolution.

The grace period is a window after a domain expires during which the registrant can renew at the standard renewal fee, without incurring additional redemption costs.

GraphQL is a query language and runtime for APIs that lets clients request exactly the data they need in a single round trip, reducing over-fetching and under-fetching.

Greylisting is a spam-filtering technique that temporarily rejects email from unknown senders, forcing legitimate mail servers to retry delivery while filtering out spammers that do not retry.

gRPC is a high-performance, open-source remote procedure call framework initially developed by Google. It uses HTTP/2 for transport, Protocol Buffers as its interface definition language and message serialization format, and supports bidirectional streaming.

A data structure that maps keys to storage locations using a hash function, providing constant-time equality lookups but no ordered or range scans.

A hop is one passage of a packet through a router or other layer-3 forwarding device as it travels from source to destination across an internetwork.

Hot Aisle / Cold Aisle is a data center rack layout design that alternates rows of server intakes and exhausts to separate cool supply air from hot exhaust air, improving cooling efficiency.

Hot storage is the default high-performance tier in object storage systems, optimized for low-latency access to frequently retrieved data.

a.k.a. HTTP Strict Transport Security

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that forces browsers to interact with a website only over HTTPS, preventing downgrade attacks and cookie hijacking.

a.k.a. Hypertext Transfer Protocol

HTTP is a text-based request-response protocol that defines how web clients and servers exchange resources, forming the foundation of data communication on the World Wide Web.

HTTP Pipelining is a technique in HTTP/1.1 that sends multiple requests on a single connection without waiting for each response, now largely replaced by HTTP/2 multiplexing.

A three-digit integer in an HTTP response that indicates the result of the server's attempt to process the request, grouped into five classes (1xx through 5xx).

HTTP/1.1 is the persistent-connection version of the Hypertext Transfer Protocol, defined in RFC 2616 and updated by RFCs 7230-7235, enabling multiple requests and responses over a single TCP connection.

a.k.a. H2

HTTP/2 is a binary, multiplexed version of HTTP that reduces latency through header compression, stream prioritization, and server push, as defined in RFC 7540.

a.k.a. H3

HTTP/3 is the third major version of the Hypertext Transfer Protocol, which runs over QUIC instead of TCP to reduce latency, eliminate head-of-line blocking, and improve connection setup time.

a.k.a. HTTP Secure

HTTPS (HTTP Secure) is HTTP traffic encrypted inside a TLS session, protecting data confidentiality, integrity, and server authenticity between a client and a web server.

Hybrid cloud is a computing environment that combines a public cloud with a private or on-premises data center, connected by secure networking to enable workload portability and unified management.

A hyperscale data center is a massive, single-tenant facility built by cloud, internet, or social-media giants to support tens of megawatts of IT load and hundreds of thousands of servers.

A hypervisor is a software layer that creates and runs virtual machines by abstracting and isolating physical hardware resources for multiple operating systems.

a.k.a. Infrastructure as a Service

Infrastructure as a Service (IaaS) is a cloud computing model that provides on-demand access to virtualized compute, storage, and networking resources, which the customer configures and manages from the operating system upward.

a.k.a. Internationalized Domain Name

An Internationalized Domain Name (IDN) is a domain name that includes characters outside the ASCII set, encoded as Punycode for compatibility with the DNS.

a.k.a. Intrusion Detection System

An Intrusion Detection System (IDS) monitors network traffic or host activity for signs of malicious behavior or policy violations and generates alerts for security personnel.

Image optimization reduces image file size by selecting modern formats (WebP, AVIF), resizing to display dimensions, and tuning quality, improving page load speed and bandwidth usage.

a.k.a. Internet Message Access Protocol

IMAP is an email protocol that lets clients access and manage messages stored on a mail server, keeping the server as the authoritative copy and synchronizing folder state across multiple devices.

a.k.a. INP

Interaction to Next Paint (INP) is a web performance metric that measures the worst-case latency from a user interaction to the next frame painted on screen, replacing First Input Delay as a Core Web Vital.

An intermediate certificate is a subordinate CA certificate signed by a root CA, used to sign end-entity certificates and enable path validation while the root remains offline.

a.k.a. IXP, IX

A physical infrastructure facility where multiple autonomous networks interconnect to exchange traffic directly, bypassing transit ISPs to reduce latency and cost.

a.k.a. Intrusion Prevention System

An Intrusion Prevention System (IPS) is a network security device that monitors traffic inline and actively blocks malicious packets before they reach their target.

IPv4 is the core Internet Protocol using 32-bit addresses, providing roughly 4.3 billion unique identifiers for network interfaces on the global internet.

IPv6 is the most recent version of the Internet Protocol, using 128-bit addresses to provide an effectively unlimited number of unique identifiers for networked devices.

iSCSI is a storage protocol that encapsulates SCSI block-level commands over TCP/IP, enabling servers to access remote disks as if they were locally attached.

a.k.a. Persistent Connection

Keep-Alive, also called persistent connection, allows multiple HTTP requests and responses over a single TCP connection, reducing latency and overhead compared to opening a new connection per request.

a.k.a. Kilovolt-Ampere

kVA (kilovolt-ampere) is a unit of apparent power used to rate electrical equipment like UPSes and PDUs, equal to 1,000 volt-amperes, and differs from kilowatts when the power factor is not 1.0.

a.k.a. LCP

Largest Contentful Paint (LCP) measures the time from page load until the largest visible element in the viewport is fully rendered, and is one of Google's three Core Web Vitals.

a.k.a. Round Trip Time, RTT

Latency (or round-trip time, RTT) is the time required for a packet to travel from a source to a destination and back, measured in milliseconds, and is a critical metric in network performance.

Let's Encrypt is a free, automated, public certificate authority operated by the Internet Security Research Group (ISRG) that issues short-lived Domain Validation (DV) TLS certificates via the ACME protocol.

Lift and shift is a cloud migration strategy that moves on-premises applications and data to cloud infrastructure with minimal or no changes to the original architecture.

Liquid cooling uses a working fluid to remove heat from electronic components, offering higher efficiency than air cooling for high-density AI accelerators.

A looking glass is a public web-based tool that provides read-only access to a network's BGP routing table, ping, and traceroute diagnostics from that network's perspective.

A mailbox quota is a storage limit placed on a user's email account. Once the total size of stored messages exceeds this limit, the server may reject new incoming emails or warn the user.

Managed hosting is a service where the provider handles server administration, including OS maintenance, security updates, backups, and application support, allowing clients to focus on their core business.

a.k.a. Mail Delivery Agent

An MDA (Mail Delivery Agent) is a software component that transfers an email from a Mail Transfer Agent (MTA) into a recipient's local mailbox, typically on a mail server or a user's machine.

a.k.a. MMR

A meet-me room is a dedicated, secure space within a carrier hotel or colocation facility where network operators, carriers, and tenants physically interconnect their cabling to exchange traffic.

a.k.a. Mail Transfer Agent

An MTA (Mail Transfer Agent) is server software that routes email between domains using the SMTP protocol, acting as the core delivery engine for internet email.

a.k.a. Mutual TLS

Mutual TLS (mTLS) is a variation of TLS where both the client and server authenticate each other using X.509 certificates, commonly used in zero-trust networks and service meshes.

a.k.a. Maximum Transmission Unit

The Maximum Transmission Unit (MTU) is the largest size of a single protocol data unit (packet or frame) that a network link can forward without requiring fragmentation or dropping.

a.k.a. Mail User Agent

A Mail User Agent (MUA) is an email client application that lets end users compose, send, receive, and manage messages on their own device or through a web interface.

Multicast is a one-to-many network delivery model where a single packet is replicated by routers to reach multiple receivers, reducing bandwidth and server load compared to unicast.

a.k.a. Mail Exchange Record

A DNS resource record that delegates email delivery to one or more mail servers for a domain, using numeric priority values to indicate preference.

a.k.a. Network File System

NFS (Network File System) is a distributed file system protocol originally developed by Sun Microsystems that allows a client to access files over a network as if they were local. It is widely used in Unix and Linux environments and runs over IP networks.

NoSQL is a family of non-relational database systems designed for flexible schemas, horizontal scaling, and high-throughput data access that traditional SQL databases cannot easily provide.

a.k.a. Name Server Record

An NS (Name Server) record in DNS specifies the authoritative name servers for a domain, directing queries to the servers that hold the zone's resource records.

OAuth 2.0 is an authorization framework that allows a user to grant a third-party application limited access to their resources on another service without revealing their password.

Object storage is a flat data storage architecture that manages data as immutable objects, each with a unique identifier, metadata, and API access over HTTP. It is the model behind Amazon S3 and similar cloud storage services.

a.k.a. Online Certificate Status Protocol

OCSP (Online Certificate Status Protocol) lets a client check a certificate's revocation status in real time by querying a responder, avoiding bulky CRLs.

OCSP Stapling lets a TLS server present a fresh, signed OCSP response during the handshake, so clients verify certificate revocation without contacting the CA directly.

a.k.a. OIDC

OpenID Connect (OIDC) is an identity authentication layer built on OAuth 2.0 that provides a signed ID token containing verified user identity claims.

a.k.a. OV

Organization Validation (OV) is a PKI certificate that requires proof of domain control and legal entity verification, offering more trust than DV but less than EV.

a.k.a. Origin

An origin server is the authoritative source of content for a CDN, storing the original files that the CDN retrieves, caches, and delivers to end users.

Origin Shield is a dedicated mid-tier caching layer in a CDN that sits between edge Points of Presence (PoPs) and the origin server, aggregating cache misses to reduce requests against the origin.

a.k.a. Oversubscription

Overselling is a hosting practice where providers allocate more resources (bandwidth, disk, CPU) than physically available, assuming customers won't all use their maximum simultaneously.

a.k.a. Platform as a Service

Platform as a Service (PaaS) is a cloud computing model where the provider manages the underlying infrastructure, middleware, and runtime, allowing customers to deploy and run applications without handling servers or patching.

A passkey is a FIDO2/WebAuthn credential stored on a user's device that replaces passwords with public-key cryptography for authentication.

Peering is an arrangement where two separate Internet networks exchange traffic directly, typically without charging each other, to reduce reliance on paid transit providers.

a.k.a. Post Office Protocol

POP3 (Post Office Protocol 3) is an older email retrieval protocol that downloads messages from a server to a local client and typically deletes them from the server afterward.

a.k.a. IP Prefix

A prefix is a contiguous block of IP addresses represented by a base address and a prefix length, used in routing tables to aggregate multiple routes into a single advertisement.

A private cloud is a cloud computing environment dedicated to a single organization, hosted on-premises or by a third party, offering greater control and isolation than public cloud.

a.k.a. Pointer Record

A PTR record maps an IP address to a hostname in the reverse DNS tree, used for reverse lookups under in-addr.arpa (IPv4) or ip6.arpa (IPv6).

A public cloud is a computing model where third-party providers make shared infrastructure resources such as servers, storage, and networking available to multiple tenants over the public internet.

a.k.a. PKI

Public Key Infrastructure (PKI) is a system of policies, procedures, hardware, and software for creating, distributing, managing, storing, and revoking digital certificates used in public-key cryptography.

a.k.a. Power Usage Effectiveness

Power Usage Effectiveness (PUE) is a metric that compares total facility energy consumption to the energy used by IT equipment alone, with 1.0 representing perfect efficiency.

A pull CDN retrieves content from the origin server on demand when a user requests it, storing the response for subsequent requests.

Punycode is a method defined in RFC 3492 for converting Unicode strings into ASCII labels, enabling Internationalized Domain Names (IDNs) to be used in the DNS.

A push CDN requires content to be uploaded from the origin server or a storage bucket to CDN edge nodes in advance, rather than being pulled on demand.

QUIC is a UDP-based, encrypted transport protocol defined in RFC 9000 that serves as the foundation for HTTP/3, offering reduced latency and improved multiplexing over TCP.

a.k.a. Redundant Array of Independent Disks

RAID (Redundant Array of Independent Disks) combines multiple physical disk drives into a single logical unit to improve performance, fault tolerance, or both, using techniques like striping, mirroring, and parity.

a.k.a. Striping

A data storage method that splits data across two or more disks in stripes to improve read and write performance, but provides no fault tolerance.

a.k.a. Mirroring

RAID 1 (mirroring) writes identical data to two or more disks, providing fault tolerance so the array survives one disk failure with no performance loss.

RAID 5 is a block-level striping configuration with distributed parity that can survive a single disk failure while using less total capacity for redundancy than mirroring.

RAID 6 is a redundant array of independent disks configuration that uses double parity to tolerate up to two simultaneous disk failures, commonly deployed in large storage arrays.

Rate limiting caps the number of requests a client can make within a defined time window, protecting servers from abuse and ensuring fair resource allocation.

a.k.a. Registration Data Access Protocol

RDAP (Registration Data Access Protocol) is a modern RESTful protocol for querying domain name and IP address registration data, replacing the older WHOIS protocol with structured JSON responses and role-based access controls.

A read replica is an asynchronously updated copy of a primary database instance used to offload and scale read-only query traffic without affecting the source database's write performance.

a.k.a. Resolver

A recursive DNS resolver is a server that accepts queries from clients and performs the full iterative lookup process, starting at the DNS root zone and following referrals until it reaches an authoritative answer or fails.

a.k.a. Amplification Attack

A reflective DDoS attack uses spoofed requests to misconfigured servers that send large responses to a victim, amplifying traffic up to 100x and overwhelming the target.

a.k.a. Cloud Region

A cloud region is a geographic area containing multiple availability zones that provide low-latency, isolated infrastructure for cloud services.

The registrant is the legal holder of a domain name, listed as the owner in the registry database and responsible for the domain's renewal and administration.

A domain registrar is an ICANN-accredited company that sells domain name registrations to individuals and organizations, managing the reservation of domain names within the DNS.

A registry is the organization that operates a top-level domain (TLD) and maintains the authoritative database of all domain names registered under that TLD.

a.k.a. RDBMS

A relational database organizes data into tables with rows and columns, using SQL for queries, enforcing a rigid schema, and supporting joins and ACID transactions.

Replication is the process of maintaining synchronous or asynchronous copies of data across multiple storage systems or sites to ensure availability, durability, and disaster recovery.

Replication lag is the delay between a write operation on a primary database and its application on a read replica, causing temporary data inconsistency.

A business model where one entity purchases web hosting capacity wholesale from a provider and resells it to end customers under its own brand.

a.k.a. RI

A Reserved Instance is a billing discount applied to compute usage when a customer commits to a 1 or 3-year term, paying upfront, partially upfront, or monthly.

a.k.a. Representational State Transfer

REST (Representational State Transfer) is an architectural style for designing networked applications that use HTTP verbs to operate on resources identified by URLs, with stateless client-server communication.

a.k.a. Root CA

A root certificate is a self-signed X.509 certificate issued by a certificate authority (CA) and distributed in operating system and browser trust stores to anchor the chain of trust for TLS.

a.k.a. DNS Root

The Root Zone is the top-level delegation layer of the DNS hierarchy, containing the authoritative records for all top-level domains and served by 13 logical root server systems coordinated by ICANN.

a.k.a. ROA

A Route Origin Authorisation (ROA) is a cryptographically signed RPKI object that specifies which autonomous system (AS) is authorised to originate a given IP prefix, enabling BGP origin validation.

A BGP router that redistributes iBGP learned routes to other iBGP peers, breaking the requirement for a full mesh of iBGP sessions.

a.k.a. Resource Public Key Infrastructure

RPKI is a cryptographic framework that binds IP address blocks and AS numbers to their legitimate holders, enabling routers to verify BGP route origin claims and prevent hijacks.

a.k.a. S3 API

Amazon Simple Storage Service (S3) is a highly durable object storage service and its HTTP REST API has become the de facto standard for cloud object storage, widely re-implemented by other vendors.

a.k.a. Software as a Service

SaaS (Software as a Service) delivers centrally hosted, multi-tenant software to end users over the internet, typically through a web browser or API, with no local installation or server management required.

a.k.a. Security Assertion Markup Language

SAML (Security Assertion Markup Language) is an XML-based open standard for exchanging authentication and authorization data between an identity provider and a service provider, enabling single sign-on across domains.

Server density is the number of customer accounts or virtual tenants hosted on a single physical machine; high density maximizes resource utilization but risks performance degradation under load.

a.k.a. SSE

Server-Sent Events (SSE) is a standard that allows a server to push real-time updates to a web client over a single, long-lived HTTP connection using a simple text stream.

a.k.a. Horizontal Partitioning

Sharding splits a logical dataset across multiple database instances using a shard key, enabling horizontal scaling and fault isolation beyond a single server's limits.

Shared hosting is a web hosting service where multiple websites reside on a single physical server and share its resources, typically managed through a control panel.

a.k.a. Service Level Agreement

A Service Level Agreement (SLA) is a contractual commitment between a provider and a customer specifying guaranteed levels of service availability, performance, or reliability, often backed by financial credits for breaches.

a.k.a. Server Message Block, CIFS

SMB (Server Message Block) is a network file sharing protocol developed by Microsoft, used by Windows and Samba on Unix to provide shared access to files, printers, and serial ports over a network.

a.k.a. Simple Mail Transfer Protocol

SMTP (Simple Mail Transfer Protocol) is the Internet standard for sending and relaying email between mail servers, defined in RFC 5321 and operating primarily on ports 25, 465, and 587.

a.k.a. Server Name Indication

Server Name Indication (SNI) is a TLS extension that lets a client specify the hostname it is connecting to, allowing the server to present the correct certificate for multi-domain virtual hosting.

a.k.a. Start of Authority Record

A DNS resource record that specifies authoritative information about a DNS zone, including the primary nameserver, responsible party's email, and timing parameters for zone replication.

Spamhaus is a nonprofit threat-intelligence organization that maintains widely used blocklists of spam and malware sources, consulted by most email systems to filter unwanted messages.

a.k.a. Sender Policy Framework

SPF (Sender Policy Framework) is a DNS-based email authentication method that lets domain owners publish which mail servers are authorized to send email from their domain, helping detect spoofing.

a.k.a. Preemptible VM

A Spot Instance is a discounted virtual machine that a cloud provider can reclaim with little or no notice when it needs the capacity back for on-demand customers.

a.k.a. Service Record

An SRV record is a DNS resource record that defines the hostname and port number for a specific service, enabling clients to discover services like SIP or XMPP.

a.k.a. Secure Sockets Layer

SSL (Secure Sockets Layer) was a cryptographic protocol for securing Internet communications, superseded by TLS in 1999. The term persists colloquially, but every modern secure connection uses TLS.

a.k.a. Single Sign-On

SSO (Single Sign-On) is a user authentication process that enables access to multiple independent applications after a single login, using a central identity provider to issue and validate credentials.

a.k.a. Sponsored Top-Level Domain

A sponsored top-level domain (sTLD) is a TLD with a sponsoring organisation that enforces eligibility rules limiting registration to a defined community, such as .museum or .gov.

a.k.a. Subnetwork

A logical subdivision of an IP network, created by borrowing host bits to form a subnet identifier, allowing efficient address allocation and traffic isolation within a larger network.

a.k.a. Transmission Control Protocol

TCP (Transmission Control Protocol) is a connection-oriented, reliable transport protocol that provides in-order, error-checked delivery of a byte stream between applications running on hosts in an IP network.

A Tier III data center, defined by the Uptime Institute, provides N+1 redundancy and concurrent maintainability, targeting 99.982% uptime (about 1.6 hours of downtime per year).

Tier IV is the highest datacenter rating from the Uptime Institute, requiring 2N+1 redundancy and fault tolerant infrastructure with a 99.995% uptime target.

a.k.a. TTFB

Time to First Byte (TTFB) measures the duration between an HTTP request and the receipt of the first byte of the response, reflecting server processing and network latency.

a.k.a. Top-Level Domain

A TLD (Top-Level Domain) is the last segment of a domain name, such as .com or .uk, directly delegated from the DNS root zone.

a.k.a. Transport Layer Security

TLS (Transport Layer Security) is a cryptographic protocol that provides encryption, data integrity, and server (and optionally client) authentication for applications running over TCP.

TLS 1.2 is the version of the Transport Layer Security protocol defined in RFC 5246 that was the dominant cryptographic handshake standard for internet security from 2008 through the late 2010s.

TLS 1.3 is a streamlined protocol version defined in RFC 8446 that reduces handshake latency to one round trip and mandates modern AEAD ciphers.

a.k.a. IP Transit

Transit is a commercial Internet connectivity service where one network pays another to carry its traffic to and from all destinations reachable on the global Internet.

a.k.a. Time To Live

A timestamp or counter in a DNS resource record that limits how long a resolver or cache can reuse a cached answer before querying the authoritative server again.

a.k.a. 2PC

Two-Phase Commit is a distributed consensus protocol that ensures all participants in a transaction either all commit or all abort, maintaining atomicity across multiple databases or services.

A DNS resource record (type 16) that stores free-form text data, commonly used for email authentication (SPF, DKIM, DMARC) and domain ownership verification tokens.

a.k.a. User Datagram Protocol

UDP is a connectionless transport protocol that sends datagrams without delivery guarantees, used by DNS, video streaming, and QUIC for low-latency communication.

Unicast is one-to-one packet delivery from a single source to a single destination, the most common form of network communication on the Internet.

Unmanaged hosting is a service where the provider supplies only raw server infrastructure, and the customer retains full root access and sole responsibility for configuration, security, and maintenance.

Uptime is the percentage of time a hosted service or server is reachable and functional, typically measured over a month or year; 99.9% translates to about 8.8 hours of allowed downtime annually.

a.k.a. Virtual Private Network

VPN (Virtual Private Network) creates an encrypted tunnel from a remote device to a private network, making the remote endpoint appear as if it is directly connected to that network.

a.k.a. Virtual Private Server

A Virtual Private Server (VPS) is a virtualized instance on a physical server that provides dedicated CPU, RAM, and storage, offering isolation and performance similar to a dedicated server at a lower cost.

a.k.a. Web Application Firewall

A WAF (Web Application Firewall) is a security device or service that monitors, filters, and blocks HTTP traffic to protect web applications from common attacks like SQL injection and cross-site scripting.

A malicious script placed on a compromised web server that allows an attacker to execute operating system commands remotely by sending HTTP requests.

a.k.a. Wasm

WebAssembly (Wasm) is a portable binary instruction format designed for sandboxed, near-native execution in web browsers, edge runtimes, and server-side environments.

WebDAV (Web Distributed Authoring and Versioning) is an HTTP extension that enables clients to create, read, edit, move, and delete files on a remote web server as if it were a writable filesystem.

WebRTC is a browser-native framework for real-time audio, video, and data communication between peers without plugins or intermediate servers for media relay.

WebSocket is a protocol providing a full-duplex bidirectional communication channel between a client (typically a browser) and a server over a single long-lived TCP connection, defined in RFC 6455.

WHOIS is a query and response protocol used to retrieve registration metadata for domain names, IP address blocks, and autonomous system numbers from public directories.

A wildcard DNS record, written as *.example.com, answers DNS queries for any nonexistent subdomain of a parent domain with a single configured result.

WireGuard is a modern VPN protocol that uses state-of-the-art cryptography and aims to be faster, simpler, and more secure than IPsec and OpenVPN.

a.k.a. WP Hosting

Web hosting optimized for WordPress sites, featuring PHP-FPM, object caching, and MySQL/MariaDB databases, often with automatic updates and security hardening.

a.k.a. X509 Certificate

X.509 is an ITU-T standard defining the format of public key certificates, used to bind identities to cryptographic keys in protocols like TLS, S/MIME, and code signing.

Zero Trust is a security model that requires strict identity verification and authorization for every request, regardless of network location, removing implicit trust from internal networks.

A zone file is a plain-text file that contains all DNS resource records for a single domain zone, following the master file format defined in RFC 1035.