Glossary
This glossary defines common terms used across Karios documentation.
- Audit stream
Per-node K-Shield feature that forwards the node’s audit logs to a configured SIEM endpoint.
- BMC
Baseboard Management Controller used for out-of-band server control such as power, console, and firmware access.
- CAT I
Highest-severity security finding in K-Shield workflows. Treat as critical priority.
- CAT II
High-severity security finding in K-Shield workflows. Address after CAT I items.
- CAT III
Lower-severity security finding in K-Shield workflows. Track and remediate after higher-risk items.
- CIDR
Classless Inter-Domain Routing notation for describing IP ranges, for example
10.0.1.0/24.- CIS
Center for Internet Security benchmark guidance used for hardening checks.
- Cloud-Init
First-boot VM initialization mechanism for configuration and automation.
- CNI
Container Network Interface used by Kubernetes to attach networking to pods.
- CRUSH
The Ceph data-placement algorithm that decides where replicas or erasure-coded chunks are stored.
- CSI
Container Storage Interface used by Kubernetes to provision and attach storage volumes.
- daemon
Long-running background service process, for example
mon,mgr,osd,mds, orrgwin Ceph-based workflows.- DCIM
Data Center Infrastructure Management inventory and facility-tracking system for devices, racks, sites, and cabling.
- DRS
Dynamic Resource Scheduling for workload placement and balancing.
- EVPN
Ethernet VPN control-plane technology used with VXLAN overlays.
- fio
Flexible I/O Tester used to benchmark storage performance with controlled read and write workloads.
- FIPS 140-3
U.S. cryptographic-module security standard; K-Shield scores managed nodes against a FIPS 140-3 profile.
- FSAL
File System Abstraction Layer used by NFS services to expose backend file systems.
- FSID
Unique Ceph cluster identifier shared by all daemons in the same cluster.
- IOMMU
Input/Output Memory Management Unit used for device isolation, passthrough, and some virtualization features.
- IPMI
Intelligent Platform Management Interface, a common management protocol exposed by many BMC implementations.
- k3s
A lightweight, self-managed Kubernetes distribution offered on the Karios Kubernetes dashboard. Karios provisions ordinary VMs, installs k3s, and returns a kubeconfig. See k3s on Karios.
- k8s
Shorthand for Kubernetes; on Karios it refers to the managed Kubernetes service (as opposed to the lightweight k3s). See Kubernetes on Karios.
- K-Trace
Karios’s built-in security operations (SOC) console: it collects security events from sensors, raises detections, opens and tracks incident cases, and enriches them with threat intelligence.
- Kubeconfig
The file kubectl uses to authenticate to a cluster’s API endpoint. Download it from a cluster’s Access tab (k3s) or Access details (managed Kubernetes).
- Kubernetes
Open-source container orchestration platform. Karios offers two distributions on the Kubernetes dashboard: the managed k8s service and the lightweight self-managed k3s.
- LACP
Link Aggregation Control Protocol for bundling multiple physical links into one logical path.
- MTU
Maximum Transmission Unit, the largest frame size a network interface sends without fragmentation.
- NIST
U.S. National Institute of Standards and Technology. Often referenced for security control and hardening guidance.
- OOB
Out-of-band management path, for example BMC access, independent of workload traffic.
- overcommit
Practice of assigning more logical CPU or memory capacity to workloads than is physically present on a host or cluster.
- PG (Placement Group)
A data-placement unit used by Ceph to distribute and recover objects across OSDs.
- Prometheus
Time-series monitoring system that collects metrics and evaluates alert rules.
- PromQL
Prometheus Query Language used to graph, filter, and alert on Prometheus metrics.
- PXE
Preboot Execution Environment used for network boot and bare-metal provisioning workflows.
- RADOS
The underlying distributed object store used by Ceph.
- RBAC
Role-Based Access Control for permission and scope management.
- RBD
RADOS Block Device, Ceph virtual block storage used for disk images.
- ReBAR
Resizable BAR, a PCIe feature that can improve access to some GPUs or accelerators when supported and validated.
- RGW
RADOS Gateway daemon that provides S3- and Swift-compatible object-storage endpoints.
- RPO
Recovery Point Objective, the maximum acceptable data-loss window.
- RTO
Recovery Time Objective, the maximum acceptable service-restoration window.
- SCAP
Security Content Automation Protocol standard used by security scanning baselines.
- SIEM
Security Information and Event Management platform used to aggregate, correlate, and alert on security events.
- SR-IOV
Single Root I/O Virtualization, which exposes virtual functions from one physical PCIe device to multiple workloads.
- SSVM
Image Storage VM used for image, template, and snapshot transfer operations. The backend acronym still expands to
Secondary Storage VM.- STIG
Security Technical Implementation Guide, the hardening baseline K-Shield scans managed nodes against (for example the FIPS 140-3 profile).
- SVM (AMD)
AMD Secure Virtual Machine virtualization setting, also known as AMD-V, required for hardware-assisted virtualization on AMD CPUs.
- VNI
VXLAN Network Identifier used to distinguish overlay segments.
- VRF
Virtual Routing and Forwarding instance used to isolate routing tables on the same network device.
- VTEP
VXLAN Tunnel Endpoint that encapsulates and decapsulates VXLAN traffic.
- WAL/DB device
Separate fast storage device used by Ceph BlueStore to hold write-ahead log and metadata database data for an OSD.