Glossary

This glossary defines common terms used across Karios documentation.

BMC: Baseboard Management Controller used for out-of-band server control such as power, console, and firmware access.
CAT I: Highest-severity security finding in K-Shield workflows. Treat as critical priority.
CAT II: High-severity security finding in K-Shield workflows. Address after CAT I items.
CAT III: Lower-severity security finding in K-Shield workflows. Track and remediate after higher-risk items.
CIDR: Classless Inter-Domain Routing notation for describing IP ranges, for example 10.0.1.0/24.
CIS: Center for Internet Security benchmark guidance used for hardening checks.
Cloud-Init: First-boot VM initialization mechanism for configuration and automation.
CNI: Container Network Interface used by Kubernetes to attach networking to pods.
CRUSH: The Ceph data-placement algorithm that decides where replicas or erasure-coded chunks are stored.
CSI: Container Storage Interface used by Kubernetes to provision and attach storage volumes.
daemon: Long-running background service process, for example mon, mgr, osd, mds, or rgw in Ceph-based workflows.
DCIM: Data Center Infrastructure Management inventory and facility-tracking system for devices, racks, sites, and cabling.
DRS: Dynamic Resource Scheduling for workload placement and balancing.
EVPN: Ethernet VPN control-plane technology used with VXLAN overlays.
fio: Flexible I/O Tester used to benchmark storage performance with controlled read and write workloads.
FSAL: File System Abstraction Layer used by NFS services to expose backend file systems.
FSID: Unique Ceph cluster identifier shared by all daemons in the same cluster.
IOMMU: Input/Output Memory Management Unit used for device isolation, passthrough, and some virtualization features.
IPMI: Intelligent Platform Management Interface, a common management protocol exposed by many BMC implementations.
LACP: Link Aggregation Control Protocol for bundling multiple physical links into one logical path.
MTU: Maximum Transmission Unit, the largest frame size a network interface sends without fragmentation.
NIST: U.S. National Institute of Standards and Technology. Often referenced for security control and hardening guidance.
OOB: Out-of-band management path, for example BMC access, independent of workload traffic.
overcommit: Practice of assigning more logical CPU or memory capacity to workloads than is physically present on a host or cluster.
PG (Placement Group): A data-placement unit used by Ceph to distribute and recover objects across OSDs.
Prometheus: Time-series monitoring system that collects metrics and evaluates alert rules.
PromQL: Prometheus Query Language used to graph, filter, and alert on Prometheus metrics.
PXE: Preboot Execution Environment used for network boot and bare-metal provisioning workflows.
RADOS: The underlying distributed object store used by Ceph.
RBAC: Role-Based Access Control for permission and scope management.
RBD: RADOS Block Device, Ceph virtual block storage used for disk images.
ReBAR: Resizable BAR, a PCIe feature that can improve access to some GPUs or accelerators when supported and validated.
RGW: RADOS Gateway daemon that provides S3- and Swift-compatible object-storage endpoints.
RPO: Recovery Point Objective, the maximum acceptable data-loss window.
RTO: Recovery Time Objective, the maximum acceptable service-restoration window.
SCAP: Security Content Automation Protocol standard used by security scanning baselines.
SIEM: Security Information and Event Management platform used to aggregate, correlate, and alert on security events.
SR-IOV: Single Root I/O Virtualization, which exposes virtual functions from one physical PCIe device to multiple workloads.
SSVM: Image Storage VM used for image, template, and snapshot transfer operations. The backend acronym still expands to Secondary Storage VM.
SVM (AMD): AMD Secure Virtual Machine virtualization setting, also known as AMD-V, required for hardware-assisted virtualization on AMD CPUs.
VNI: VXLAN Network Identifier used to distinguish overlay segments.
VRF: Virtual Routing and Forwarding instance used to isolate routing tables on the same network device.
VTEP: VXLAN Tunnel Endpoint that encapsulates and decapsulates VXLAN traffic.
WAL/DB device: Separate fast storage device used by Ceph BlueStore to hold write-ahead log and metadata database data for an OSD.