This page defines key terms and concepts used across Cloud Design Library architecture articles. It helps readers navigate technical patterns, services, and principles that underpin modern cloud-native designs.

---

Architecture & Design

• Pattern: A reusable solution to a recurring architectural problem.
• Blueprint: A high-level model that outlines technical and functional components of a system.
• Landing Zone: A preconfigured cloud environment with embedded security, networking, and governance controls.
• Layered Architecture: A design strategy that organizes systems into logical tiers (e.g., presentation, service, data).

---

Azure Services

• Azure API Management (APIM): A service for publishing, securing, monitoring, and versioning APIs.
• Azure Databricks: A collaborative platform for data engineering, analytics, and machine learning.
• Azure Data Lake Gen2: A hierarchical storage system optimized for big data analytics workloads.
• Azure Key Vault: A secure service for storing secrets, certificates, and encryption keys.
• Azure Front Door: A global layer 7 load balancer and routing service for low-latency, scalable applications.
• Azure Application Gateway: A regional application-level load balancer with built-in web application firewall (WAF).
• Azure Virtual Network (VNet): An isolated, logically segmented network in Azure for deploying secure resources.

---

Security & Identity

• Managed Identity: An Azure-provided identity for applications to access other Azure resources securely.
• RBAC (Role-Based Access Control): A model that assigns access permissions to users or services based on their role.
• OAuth 2.0: A token-based protocol for securing access to APIs.
• Subscription Key: An access token used in APIM to authenticate API consumers.
• Web Application Firewall (WAF): A security feature that protects web applications from common threats (e.g., SQL injection, XSS).
• Private Endpoint: A private IP within a VNet that allows secure access to Azure PaaS services.

---

DevOps & Automation

• CI/CD (Continuous Integration / Continuous Deployment): A set of automated processes to build, test, and deploy applications.
• Self-Hosted Agent: A build or deployment agent running on a private machine, typically inside a secure network.
• Terraform / Bicep: Infrastructure-as-code (IaC) tools for provisioning and managing Azure resources.
• Pipeline: An automated sequence of tasks executed as part of the software delivery lifecycle.

---

Data Integration & Processing

• Ingestion Pipeline: An automated process to extract, transform, and load data into a target platform.
• Metadata-Driven Ingestion: A configurable ingestion framework where behavior is controlled via metadata, not code.
• Bronze / Silver / Gold Layers: A multi-zone data lake structure separating raw, curated, and business-ready data.
• Microsoft Graph API: RESTful API for accessing Microsoft 365 services such as SharePoint, Teams, and OneDrive.

---

Networking & Connectivity

• Service Endpoint: A network path that allows secure traffic from a VNet to Azure services over the Azure backbone.
• Private Link: A private network connection to Azure PaaS services via a private IP inside the VNet.
• Network Virtual Appliance (NVA): A virtualized network device (e.g., firewall, proxy) used to manage or filter traffic.
• Subnet: A logical segment of a virtual network used to group resources or apply security controls.
• User-Defined Route (UDR): A custom routing rule used to control how traffic flows within or across subnets.

---

Observability & Monitoring

• Health Probe: A mechanism used by load balancers to monitor the health of backend services and instances.
• Azure Monitor: A platform for collecting, analyzing, and acting on telemetry from Azure resources.
• Log Analytics: A query engine used to analyze logs and metrics across services.
• Application Insights: A monitoring tool that provides application-level performance and usage telemetry.
• Grafana: A visualization and dashboarding tool, often used for real-time monitoring via Log Analytics or other backends.