Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

Phase 7: Glossary

  • ACID: (Atomicity, Consistency, Isolation, Durability) A set of properties of database transactions intended to guarantee data validity despite errors.
  • Application Gateway: An Azure service that provides application-level (Layer 7) load balancing and web application firewall (WAF) capabilities.
  • Application Insights: A feature of Azure Monitor, it's an extensible Application Performance Management (APM) service for developers and DevOps professionals.
  • ARM Templates: (Azure Resource Manager templates) JSON files that define the infrastructure and configuration for your project in a declarative syntax.
  • Attack Surface: The sum of the different points (the "attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment.
  • Autoscaling: The process of dynamically allocating compute resources to a workload based on its need.
  • Availability Set: A logical grouping of VMs within a datacenter that allows Azure to understand how your application is built to provide for redundancy and availability.
  • Availability Zone (AZ): A unique physical location within an Azure region, made up of one or more datacenters with independent power, cooling, and networking.
  • Azure Active Directory (Azure AD): Microsoft’s cloud-based identity and access management service.
  • Azure AD B2B: (Business-to-Business) A feature within Azure AD that lets you invite guest users to collaborate with your organization.
  • Azure AD B2C: (Business-to-Consumer) A separate service from Azure AD that provides business-to-consumer identity as a service.
  • Azure AD Connect: A Microsoft tool designed to meet and accomplish your hybrid identity goals, synchronizing on-premises directories with Azure AD.
  • Azure AD Privileged Identity Management (PIM): A service in Azure AD that enables you to manage, control, and monitor access to important resources in your organization.
  • Azure App Service: A fully managed platform for building, deploying, and scaling web apps and APIs.
  • Azure Automation: An Azure service for simplifying cloud management with process automation.
  • Azure Backup: The Azure-based service you can use to back up and restore your data in the Microsoft cloud.
  • Azure Blueprints: A service that helps you orchestrate and deploy a repeatable set of Azure resources that adhere to an organization's standards, patterns, and requirements.
  • Azure CDN: (Content Delivery Network) A global CDN solution for delivering high-bandwidth content.
  • Azure Cosmos DB: A globally distributed, multi-model database service from Microsoft for managing data at planet-scale.
  • Azure Cost Management: A suite of tools that helps you analyze, manage, and optimize your Azure costs.
  • Azure Data Factory: A managed cloud service that's built for complex hybrid extract-transform-load (ETL), extract-load-transform (ELT), and data integration projects.
  • Azure Data Lake Storage Gen2: A set of capabilities dedicated to big data analytics, built on Azure Blob Storage.
  • Azure Database Migration Service (DMS): A fully managed service designed to enable seamless migrations from multiple database sources to Azure Data platforms with minimal downtime.
  • Azure DNS: A hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.
  • Azure Event Hubs: A big data streaming platform and event ingestion service.
  • Azure ExpressRoute: A service that lets you create private connections between Azure datacenters and infrastructure on your premises or in a colocation environment.
  • Azure Firewall: A managed, cloud-based network security service that protects your Azure Virtual Network resources.
  • Azure Functions: A serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure.
  • Azure Hybrid Benefit: A licensing benefit that helps you to significantly reduce the costs of running your workloads in the cloud.
  • Azure IoT Hub: A managed service, hosted in the cloud, that acts as a central message hub for bi-directional communication between your IoT application and the devices it manages.
  • Azure Kubernetes Service (AKS): A managed container orchestration service based on the open-source Kubernetes system.
  • Azure Load Balancer: A Layer 4 (TCP, UDP) load balancer that provides high availability by distributing incoming traffic among healthy service instances.
  • Azure Logic Apps: A cloud service that helps you schedule, automate, and orchestrate tasks, business processes, and workflows.
  • Azure Migrate: A service that helps you migrate from on-premises to Azure.
  • Azure Monitor: A comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
  • Azure Policy: A service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources.
  • Azure Private Link: Enables you to access Azure PaaS Services (for example, Azure Storage and SQL Database) and Azure hosted customer-owned/partner services over a private endpoint in your virtual network.
  • Azure Site Recovery (ASR): An Azure service that helps ensure business continuity by keeping business apps and workloads running during outages.
  • Azure SQL Database: A fully managed platform as a service (PaaS) database engine that handles most of the database management functions such as upgrading, patching, backups, and monitoring.
  • Azure Synapse Analytics: An analytics service that brings together enterprise data warehousing and Big Data analytics.
  • Azure Traffic Manager: A DNS-based traffic load balancer that enables you to distribute traffic optimally to services across global Azure regions.
  • Azure Virtual Network (VNet): The fundamental building block for your private network in Azure.
  • Azure VPN Gateway: A specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.
  • Bicep: A domain-specific language (DSL) that uses declarative syntax to deploy Azure resources.
  • Blast Radius: The potential impact or damage that a failure or security breach of a component could have on the rest of the system.
  • CAP Theorem: A theorem stating that a distributed data store cannot simultaneously provide more than two out of three guarantees: Consistency, Availability, and Partition tolerance.
  • CI/CD: (Continuous Integration/Continuous Deployment/Delivery) The practice of automating the software development lifecycle to deliver code changes more frequently and reliably.
  • CIDR: (Classless Inter-Domain Routing) A method for allocating IP addresses and routing IP packets.
  • Cold Start: The latency that occurs the first time a serverless function is invoked after a period of inactivity.
  • Conditional Access: A feature of Azure AD that provides granular access control policies based on specific conditions.
  • Configuration Drift: The state where the actual configuration of an environment has diverged from the intended, code-defined configuration.
  • Data Migration Assistant (DMA): A tool from Microsoft that helps you upgrade to a modern data platform by detecting compatibility issues that can impact database functionality in your new version of SQL Server or Azure SQL Database.
  • Defense in Depth: A security strategy that uses multiple layers of security controls to protect a system.
  • Denormalization: The process of trying to improve the read performance of a database, at the expense of losing some write performance, by adding redundant copies of data or by grouping data.
  • DevOps: A set of practices that combines software development (Dev) and IT operations (Ops).
  • Disaster Recovery (DR): A set of policies, tools, and procedures to enable the recovery or continuation of vital technology infrastructure and systems following a natural or human-induced disaster.
  • DTU: (Database Transaction Unit) A blended measure of CPU, memory, and I/O in Azure SQL Database.
  • ETL/ELT: (Extract, Transform, Load / Extract, Load, Transform) Processes for moving data from a source to a target system.
  • Failback: The process of restoring operations to a primary system after they have been shifted to a secondary system during a failover.
  • Failover: The process of switching to a redundant or standby system upon the failure or abnormal termination of the previously active system.
  • Fault Domain: A group of underlying hardware that share a common power source and network switch. In Azure, VMs in an Availability Set are spread across multiple fault domains.
  • FQDN: (Fully Qualified Domain Name) The complete domain name for a specific computer, or host, on the internet.
  • GDPR: (General Data Protection Regulation) A regulation in EU law on data protection and privacy.
  • Geo-replication: The process of replicating data to a secondary geographic region for disaster recovery.
  • GRS/RA-GRS: (Geo-Redundant Storage / Read-Access Geo-Redundant Storage) Azure Storage redundancy options that replicate data to a secondary region.
  • HDFS: (Hadoop Distributed File System) A distributed file system designed to run on commodity hardware.
  • High Availability (HA): The ability of a system to remain operational and perform its intended function correctly and consistently when it's expected to, despite component failures.
  • HIPAA: (Health Insurance Portability and Accountability Act) A US federal law that required the creation of national standards to protect sensitive patient health information.
  • Hot Partition: In distributed databases, a partition that receives a disproportionately high volume of read or write requests, leading to performance bottlenecks.
  • Hybrid Identity: A user identity that is created in an on-premises Active Directory and synchronized to a cloud directory like Azure AD.
  • IaaS: (Infrastructure as a Service) A cloud computing model where a vendor provides users access to computing resources such as servers, storage, and networking.
  • Idempotence: The property of certain operations in mathematics and computer science that can be applied multiple times without changing the result beyond the initial application.
  • Infrastructure as Code (IaC): The process of managing and provisioning computer data centers through machine-readable definition files.
  • Integration Runtime: The compute infrastructure used by Azure Data Factory to provide data integration capabilities across different network environments.
  • Just-Enough-Access (JEA): A security principle that restricts permissions to only what is necessary for a specific task.
  • Just-In-Time (JIT) Access: A security practice that grants temporary privileged access for a defined period, automatically revoking it afterward.
  • KQL: (Kusto Query Language) The language used to query data in Azure Log Analytics, Azure Data Explorer, and other services.
  • Kubernetes: An open-source container orchestration system for automating deployment, scaling, and management of containerized applications.
  • Least Privilege: A security principle that states that a user or process should be given only the minimum necessary access rights to perform its job.
  • Lift-and-Shift: (Rehost) An application migration strategy that involves moving an application as-is from an on-premises environment to the cloud.
  • LRS: (Locally Redundant Storage) An Azure Storage redundancy option that replicates data within a single datacenter.
  • Managed Identity: An identity in Azure AD that is automatically managed by Azure.
  • Management Group: A container that helps you manage access, policy, and compliance for multiple Azure subscriptions.
  • Mean Time To Resolution (MTTR): The average time it takes to resolve a failure after it is detected.
  • MFA: (Multi-Factor Authentication) A security process that requires more than one method of authentication from independent categories of credentials to verify the user's identity.
  • Microservices: An architectural style that structures an application as a collection of loosely coupled, independently deployable services.
  • MPP: (Massive Parallel Processing) A type of computing that uses many separate CPUs running in parallel to execute a single program.
  • Network Interface (NIC): A virtual network card that enables an Azure Virtual Machine to communicate with the internet, Azure, and on-premises resources.
  • Network Security Group (NSG): A stateful firewall that filters network traffic to and from Azure resources in an Azure virtual network.
  • Network Virtual Appliance (NVA): A virtual appliance that can be used to enhance network functionality, such as a firewall or a load balancer.
  • NoSQL: (Not only SQL) A class of non-relational databases that provide a mechanism for storage and retrieval of data that is modeled in means other than the tabular relations.
  • OWASP Top 10: A standard awareness document for developers and web application security, representing a broad consensus about the most critical security risks to web applications.
  • PaaS: (Platform as a Service) A cloud computing model where a third-party provider delivers hardware and software tools to users over the internet.
  • Partition Key: In NoSQL databases like Cosmos DB, the attribute that determines the logical and physical partitions where data is stored.
  • PCI DSS: (Payment Card Industry Data Security Standard) An information security standard for organizations that handle branded credit cards.
  • Polyglot Persistence: The concept of using multiple data storage technologies for varying data storage needs within a single application.
  • POSIX: (Portable Operating System Interface) A family of standards specified by the IEEE for maintaining compatibility between operating systems.
  • Private Endpoint: A network interface that connects you privately and securely to a service powered by Azure Private Link.
  • RBAC: (Role-Based Access Control) A method of restricting network access based on the roles of individual users within an enterprise.
  • Recovery Point Objective (RPO): The maximum acceptable amount of data loss after an unplanned incident, measured in time.
  • Recovery Services Vault: A storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations.
  • Recovery Time Objective (RTO): The maximum acceptable amount of time a system can be down after a failure or disaster occurs.
  • Reserved Instances (RIs): A purchasing option that provides a discounted hourly rate for specific Azure resources in exchange for a 1- or 3-year commitment.
  • Resource Group: A container that holds related resources for an Azure solution.
  • Right-Sizing: The process of continuously evaluating resource sizes to ensure they are appropriately matched to workload requirements.
  • SaaS: (Software as a Service) A software distribution model in which a third-party provider hosts application and makes them available to customers over the Internet.
  • Savings Plans: A flexible pricing model that offers significant discounts on compute usage in exchange for a 1- or 3-year commitment.
  • Service Principal: An identity created for use with applications, hosted services, and automated tools to access Azure resources.
  • Shared Access Signature (SAS): A URI that grants restricted access rights to Azure Storage resources.
  • Shared Responsibility Model: A framework that outlines what Microsoft is responsible for (security of the cloud) and what the customer is responsible for (security in the cloud).
  • Single Point of Failure (SPOF): A part of a system that, if it fails, will stop the entire system from working.
  • Spot Instances: An Azure purchasing option that allows you to use unused Azure capacity at significant discounts.
  • Stateless: An application or process that does not save client data generated in one session for use in the next session with that client.
  • Subscription: A logical container for your Azure services and a billing unit.
  • Tag: A label that you apply to an Azure resource.
  • Terraform: An open-source infrastructure as code software tool that enables you to safely and predictably create, change, and improve infrastructure.
  • Transparent Data Encryption (TDE): A technology that encrypts SQL Server, Azure SQL Database, and Azure Synapse Analytics data files.
  • Update Domain: A group of VMs and underlying physical hardware that can be rebooted at the same time. In Azure, VMs in an Availability Set are spread across multiple update domains.
  • User Defined Routes (UDRs): Custom routes in Azure that override Azure's default system routes.
  • vCore: (Virtual Core) A purchasing model for Azure SQL Database that lets you choose the number of vCores, the amount of memory, and the amount and speed of storage.
  • Version Control: The practice of tracking and managing changes to software code.
  • Virtual Machine Scale Sets (VMSS): An Azure compute resource that you can use to deploy and manage a set of identical VMs.
  • WORM: (Write Once, Read Many) A data storage technology that allows data to be written a single time and prevents the data from being erased or modified.
  • ZRS: (Zone-Redundant Storage) An Azure Storage redundancy option that replicates data across three Azure availability zones in the primary region.