Metacloud and OpenStack Terminology

Terms and definitions regularly used by the Cisco team and throughout the Metacloud system:

  • Application Programming Interface (API)—A collection of specifications used to access a service, application, or program. Includes service calls, required parameters for each call, and the expected return values. The RESTful API for interacting with your cloud.
  • Authentication—The process of confirming the identity of a user. To confirm an incoming request, Metacloud Identity validates a set of credentials users supply. Initially, these credentials are a user name and password, or a user name and API key. When Metacloud Identity validates user credentials, it issues an authentication token. Users provide the token in subsequent requests.
  • Availability Zone (AZ)—A distinct grouping of servers forming a cloud environment. Each AZ is accessed using a distinct API and Dashboard instance, independent from other AZs. See Clarifying what Availability Zone Means in Metacloud for more information.
  • Command-line Interface (CLI)—A text-based interface for interacting with your cloud.
  • Credentials—Data that confirms the identity of the user. For example, user name and password, user name and API key, or an authentication token that the Identity service provides.
  • Dashboard—The web-based GUI for interacting with your cloud. The Dashboard represents a subset of the functionality available through the API and CLI.
  • Domain—An Identity service API v3 entity. Domains are a collection of projects and users that define administrative boundaries for managing Identity entities. Domains can represent an individual, company, or operator-owned space. They expose administrative activities directly to system users. Users can be granted the administrator role for a domain. A domain administrator can create projects, users, and groups in a domain and assign roles to users and groups in a domain.
  • Drivers—Drivers or a service back-end are integrated to the centralized server. They are used for accessing identity information in repositories external to Metacloud, and may already exist in the infrastructure where Metacloud is deployed (for example, SQL databases or LDAP servers).
  • Endpoint—A network-accessible address, usually a URL, through which you can access a service.
  • Flavor—A virtual hardware profile applied to instances at creation time. Flavors control the number of vCPUs, memory, root disk size, and ephemeral storage size of an instance.
  • Floating IP—An IP address (usually public) which is mapped to a specific instance to allow external connectivity into that instance. Technically speaking, a one-to-one NAT is dynamically created from a floating IP address to the fixed IP address of your instance.
  • Group—An Identity service API v3 entity. Groups are a collection of users owned by a domain. A group role, granted to a domain or project, applies to all users in the group. Adding or removing users to or from a group grants or revokes their role and authentication to the associated domain or project.
  • Instance—A virtual machine running in the cloud, sometimes referred to as a Virtual Machine (VM) or a guest.
  • Local Network—A virtual network that allows communication within each host, but not across a network. Local networks are intended mainly for single-node test scenarios but can have other uses. Currently, Metacloud only supports VLAN networks.
  • Metacloud Control Plane (MCP)—Servers which handle the scheduling and orchestration functions of your cloud. Additionally, in some environments they act as routers for tenant traffic.
  • Metacloud Hypervisor (MHV)—Servers that run the instances created in your environment.
  • Modules—Middleware modules run in the address space of the Metacloud component that uses the Identity service. These modules intercept service requests, extract user credentials, and send them to the centralized server for authorization. The integration between the middleware modules and Metacloud components uses the Python Web Server Gateway Interface (WSGI).
    During installation of the Metacloud Identity service, each service in your Metacloud installation was registered. The Identity service can then track which Metacloud services are installed, and where they are located on the network.
  • Network Attached Storage (NAS)—File-level data storage connected to a network providing data access to a group of clients.
  • OpenStackClient (OSC)—A command-line interface for several Metacloud services including the Identity API. For example, you can run the openstack image create and
  • openstack volume create commands to create server instances and storage in your Metacloud installation.
  • Object Storage Device (OSD)—A computer storage system that organizes data into containers (objects) that Metacloud or a Metacloud user determines are related.
  • Physical Network—A network connecting virtualization hosts (such as compute nodes) with each other and with other network resources. Each physical network might support multiple virtual networks. The provider extension and the plug-in configurations identify physical networks using simple string names.
  • Project—A container that groups or isolates resources or identity objects. Depending on your organization’s preferences, a project might map to a customer, account, organization, or project.
  • Project Network—A virtual network that a project or an administrator creates. The physical details of the network are not exposed to the project.
  • Provider Network—A virtual network created to map to a specific network in the data center, typically to enable direct access to non-Metacloud resources on that network. Projects can be given access to provider network
  • Quality of Service (QoS)—The ability to guarantee certain storage and network requirements like availability, bandwidth, latency, and reliability in order to satisfy a Service Level Agreement (SLA) between Metacloud and Metacloud users.
  • Role—Defines the rights and privileges granted to a user account. Metacloud essentially has two roles: admin and member. A role can be assigned to a user account or a group of users. Administrators can create new roles, such as a user for automated tasks within the heat domain. The Identity service issues a token to a user that includes a list of roles. When a user calls a service, that service interprets the user role set, and determines to which operations or resources each role grants access.
  • Security Group—A collection of firewall rules applied to an instance.
  • Server—A centralized server provides authentication and authorization services using a RESTful interface.
  • Service—A Metacloud service, such as Compute, Storage, or Image, that provides one or more endpoints through which users can access resources and perform operations.
  • Single Sign-on (SSO)—An authentication process that enable a user to access multiple applications with one set of login credentials.
  • Switching Fabric—Switching fabric is a combination of hardware and software that controls traffic to and from a network node using multiple switches.
  • Tenant—A logical subdivision of an Availability Zone consisting of an 802.1Q VLAN and a unique network address space. The term tenant is used interchangeably with project.
  • Token—An alpha-numeric text string that enables access to Metacloud APIs and resources.
  • User—A digital representation of a person, system, or service that uses Metacloud cloud services. Users have a login and can access resources by using assigned tokens. Users can be directly assigned to a particular project and behave as if they are contained in that project.
  • Universally Unique Identifier (UUID)—A 128-bit number used to identify information in computer systems.
  • Virtual Local Area Network (VLAN)—Is a broadcast domain that is partitioned and isolated in a network at the data link layer (OSI layer 2).
  • Virtual Network—A Networking L2 network (identified by a UUID and optional name) whose ports can be attached as vNICs to Compute instances and to various Networking agents. The Linux Bridge plug-in supports different mechanisms to realize virtual networks.
  • VLAN Network—A virtual network implemented as packets on a specific physical network containing IEEE 802.1Q headers with a specific virtual ID (VID) field value. VLAN networks sharing the same physical network are isolated from each other at L2 and can even have overlapping IP address spaces. Each distinct physical network supporting VLAN networks is treated as a separate VLAN trunk, with a distinct space of VID values. Valid VID values are 1 through 4094.
  • Volume—Disk-based data storage generally represented as an iSCSI target with a file system that supports extended attributes; can be persistent or ephemeral. The volume service allows for the attachment of additional Block Storage to instances. Volumes can be attached and detached from instances as needed.

To research more OpenStack-related terminology, see the OpenStack Glossary.