Glossary

A

A

API: A set of protocols allowing applications to communicate with cloud services and integrate functionalities seamlessly.

Application: The software application(s) hosted in the Cloud or infrastructure resources (e.g., virtual machines) hosted by the Cloud Partner in its own technical infrastructure.

AWS: Amazon Web Services (AWS) provides cloud-based computing, storage, and machine learning services for flexible application deployment.

Azure: A cloud platform by Microsoft that offers scalable computing, storage, and application services for enterprises and developers.

Azure Edge: A distributed Azure solution bringing cloud services closer to users for low-latency and high-performance applications.

B

B

BGP: Standardized exterior gateway protocol used to exchange routing information between different autonomous systems (AS) on the internet. BGP is crucial for determining the best paths for data transmission across the internet, ensuring efficient and reliable routing. It helps maintain the stability and scalability of the internet by allowing networks to communicate routing information and make informed decisions about data paths based on various attributes and policies.

Branch Office Location: A Location that branches out from a Data Center Location in a hub-and-spoke network topology, with the Data Center Location as the central hub site.

Business VPN Galerie: Orange Business' secure and private cloud interconnection service, connecting enterprise data centers to public clouds.

BVPN: Secure network solution that allows businesses to connect remote users or branch offices to their corporate network over the internet. It encrypts data traffic, ensuring privacy and security while enabling access to company resources from various locations. BVPNs are commonly used to facilitate secure communication and collaboration in a distributed work environment.

BYOL: Licensing model that allows customers to use their existing software licenses in a cloud environment or on a different platform. This approach enables organizations to leverage their current investments in software while taking advantage of cloud services, often resulting in cost savings and greater flexibility in managing software assets.

C

C

CapEx: Funds used by a company to acquire, upgrade, or maintain physical assets such as property, buildings, technology, and equipment. These expenditures are typically long-term investments that are capitalized on the balance sheet and depreciated over time, reflecting the company's commitment to growth and operational efficiency.

CASB: Security solution that acts as an intermediary between an organization's on-premises infrastructure and cloud services. CASBs provide visibility, compliance, data security, and threat protection for cloud applications. They help organizations enforce security policies, monitor user activity, and protect sensitive data in the cloud, ensuring secure access to cloud resources while mitigating risks associated with cloud usage.

CDE: Private CloudCo interconnection routers.

CI/CD: CI: “continuous integration”: automation process for developers to regularly make changes to the code of their application, test them, merge them in a shared environment; This solution makes it possible to avoid working at the same time on too many elements of an application, which could conflict with each other. CD: “continuous deployment”: refers to the automatic transfer of developer changes from the pre-production test environment to the production environment, where they can be used by customers; relieves operating teams of manual production implementation procedures, saving time and improving production quality.

Cloud connectivity: Services that link enterprise infrastructure to public, private, and hybrid clouds for secure and scalable data transfer.

Cloud connector: A virtual appliance that connects on-premises environments to cloud platforms, enabling secure and efficient data flow.

Cloud Gateway: The software provided by Orange used as a Gateway and hosted in an Orange PoP.

Cloud Partner / Partner: The Customer’s third-party Application service provider connected to one of the POPs as defined herein.

Cluster Mode: The Overlay Network at a Location with up to eight stacked Edge Routers, each connected to all available Underlay Connectivity access circuits, using eBGP Protocol with at least one LAN L3 device.

Configured bandwidth: An adjustable capacity, modifiable at any time by the Customer to adapt the bandwidth to the Application’s usage, and it is always equal to or less than the reserved bandwidth.

Console: The cloud management interface for users to monitor, configure, and manage cloud resources and services. It involves the HMI and the API.

CSPs: Companies that offer various cloud computing services, including infrastructure, platforms, and software, over the Internet. They enable businesses and individuals to access and utilize computing resources on-demand, typically through a pay-as-you-go model. Major CSPs include Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and IBM Cloud, among others.

CSR: Business model in which companies integrate social and environmental concerns into their operations and interactions with stakeholders. CSR initiatives can include sustainable practices, ethical labor policies, community engagement, and philanthropy, aiming to contribute positively to society while enhancing the company's reputation and stakeholder trust.

Customer Gateway: The software provided by Orange used as a Gateway and hosted at a Customer or a third-party Location where Orange has no infrastructure responsibility.

CVMaaS: Cloud-based service that provides ongoing identification, assessment, and remediation of security vulnerabilities in an organization's IT environment. It involves continuous monitoring and automated scanning to detect vulnerabilities in real-time, helping organizations maintain a proactive security posture and reduce the risk of cyber threats.

D

D

Data Center Location: The hub Location from which the Branch Office Locations directly connected thereto branch out in a hub-and-spoke network topology.

Datalayer: Layer that collects, consolidates, exposes data from different systems

DEM: Digital Experience Management (DEM) provides tools to monitor and optimize user experiences with cloud applications and networks.

DLP: Data Loss Prevention.

DMPO: Dynamic Multipath Optimization TM, used between all VMware SD-WAN components that process and forward data traffic: the VMware SD-WAN Edge and the VMware SD-WAN Gateway.

Dynamic Host Configuration Protocol (DHCP): The network management protocol used on UDP/IP networks whereby a DHCP server dynamically assigns an IP address and other network configuration parameters to each device on a network to communicate with other IP networks.

E

E

Edge Router: The hardware or software provided and managed by Orange and used to connect the Overlay Network to the Network. The Edge Router may be physically installed by Orange at a Location as a CPE device or hosted in an Orange PoP.

EMS (Equipment Management System): All equipment (including hardware and software) that Orange assembles into a system to manage the operation (e.g., routing function) of the Edge Routers within the same VPN.

End-to-end: Designed to operate from the initial point of origin to the final destination without interruption. In technology and telecommunications, it often describes solutions that cover all aspects of a service or application, ensuring seamless integration and communication throughout the entire workflow or data transmission path.

Enhanced HA: The Overlay Network at a Location with two Edge Routers, each connected to one or multiple Underlay Connectivity access circuits, with a mandatory dedicated HA cable between the Edge Routers.

ESG : Set of criteria used to evaluate a company's operations and performance in relation to sustainability and ethical practices. It encompasses environmental impact, social responsibility, and governance structures, helping investors and stakeholders assess risks and opportunities associated with a company's long-term viability and ethical conduct.

Evolution Platform: Orange Business' cloud-native platform from that enables streamlined management of digital services and infrastructure in a multi-cloud environment.

EVPL: Type of Ethernet service that provides point-to-point connectivity between two locations over a shared network. It offers dedicated bandwidth and is often used for connecting branch offices or data centers, ensuring secure and reliable data transmission while allowing multiple customers to share the same infrastructure without compromising performance.

F

F

Fiber Orange Business: Orange Business' fiber-optic service providing high-speed data transfer for cloud and networking applications.

Flexible SD-WAN: The name of our complete commercial the managed SD-WAN offer of OB. S'appuie sur les solutions VeloCloud, Fortinet, Cisco.

Fortinet: A cybersecurity provider that offers firewall, VPN, SD-WAN and security solutions for hybrid and multi-cloud networks.

G

G

Galerie: Digital platform offered by Orange Business Services that showcases various solutions and services for businesses. It provides access to a range of tools, applications, and resources designed to enhance collaboration, communication, and digital transformation for enterprises, facilitating innovation and efficiency in business operations.

Gateway: A network device (i.e., hardware or software) or node that facilitates the interface between the Network and the Customer’s network by performing the translation between different communication protocols at the boundary where the Customer network connects to the Network.

GCP: A public cloud platform by Google offering IaaS, PaaS, and AI tools for businesses to build and run applications.

Google Cloud: Google Cloud Platform (GCP) offers a suite of cloud computing services that run on the same infrastructure Google uses for its end-user products.

H

H

HA: High Availability (HA) ensures systems or services remain accessible by minimizing downtime and implementing redundant components.

HMI: User interface that allows humans to interact with machines, systems, or processes. It provides visual representations and controls for monitoring and managing operations, often used in industrial automation, manufacturing, and various technology applications to enhance user experience and operational efficiency.

HTTPS: Hypertext Transfer Protocol Secure protocol.

I

I

IaaS: Cloud computing model that provides virtualized computing resources over the Internet. It allows users to rent IT infrastructure, such as servers, storage, and networking, on a pay-as-you-go basis, enabling scalability and flexibility without the need for physical hardware management.

IAM: Identity and Access Management (IAM) provides tools for securely managing user identities and access to cloud resources.

Incident: A malfunction in the Service. Incidents do not include Service unavailability during Scheduled Maintenance.

Infra as Code: The target infrastructure is described in a language interpreted by the Ansible engine, which triggers a series of calls at the IaaS (Infrastructure as a Service) level to perform actions on the PoP (Point of Presence).

Infra Network: Unlike IT infrastructure that manages microservices (e.g. kubernetess), network infrastructure manages data flows. The end-to-end concept is important because network infrastructure chains components to support data flow.

Interco router: Networking device that facilitates communication between different networks or segments within a larger network infrastructure. It manages data traffic, ensuring efficient routing and connectivity between various local area networks (LANs) or wide area networks (WANs), often serving as a critical point for data exchange and network management.

Interfaces factories: They can be attacked via API or via their own HMI

IPSEC: Internet Protocol Security (IPsec) ensures secure network communications by encrypting and authenticating data in transit.

J

J

No term found for the letter J.

K

K

No term found for the letter K.

L

L

LAN:

Location (cloud connectivity): One of the cities (e.g., Amsterdam, Singapore…) where the On-demand Cloud Connect Service is made available, activated, and connected to the Cloud Partner’s interconnection equipment by Orange.

Location (SD-WAN): The Customer site to be connected to the Overlay Network with Edge Routers.

Location (SSE): The Orange NextGEN POP location where Customer tenant is installed.

M

M

Managed security access: Managed security services provide continuous security monitoring and threat management across enterprise networks.

Micro front end: Mini IHM that integrates in a broader IHM

Mixed-Mode HA: A combination of Standard HA and Enhanced HA. Customer is responsible for procuring and installing the Underlay Connectivity access circuit unless ordered from Orange.

Mono-Tenant Type: A type of configuration where the bandwidth to the PoP is allocated and virtually dedicated per On-demand Cloud Connect Customer. The Applications for Mono-Tenant Type are infrastructure-as-a-service applications.

MPLS: Multi-Protocol Label Switching (MPLS) directs data traffic flows efficiently across enterprise networks, providing high-performance connectivity.

Multi-cloud: Multi-cloud is an approach that utilizes multiple cloud providers to avoid vendor lock-in and increase redundancy and flexibility.

N

N

Netskope: A cloud-native secure access solution focused on data protection, threat detection, and secure access for users and devices.

Network: The meaning given in the Specific Conditions for Orange Network Services.

Network to network interconnection: Interconnection between two IP/MPLS infrastructure to extend Technical VPN between these network. Typically: a French VPN can be extended to the International backbone through the RAEI/IGN NNI, an international VPN can be extended to China MPLS partners to benefits from their infrastructure and interconnect customer Chineese sites to their Orange Business worldwide VPN provide private Cloud-Service connectivity between a customer VPN to its cloud environment.

Networking: The setup and management of virtual networks within cloud infrastructure, optimizing data flow and connectivity for applications.

NextGEN hub: An Orange POP with compute & high-speed connectivity capabilities, directly connected to the Orange backbone & tier-1/2 Internet peering nodes.

NFV: Network Functions Virtualization (NFV) enables virtualization of network services traditionally hosted on physical devices, enhancing scalability.

NGFW: Next Generation Firewall.

O

O

ODA : Open Digital Architecture (ODA) provides the blueprint that Communication Service Providers (CSP) and suppliers/SIs need to change their IT and network systems to create new and differentiated services that improves productivity, reduces maintenance and integration costs whilst enhancing customer experience. It replaces traditional operations and business support systems (OSS/BSS) with a new approach that will simplify your design, modernize your build and automate your operation.

On Demand Cloud Connect: An on-demand connection service offering high-performance, secure links between data centers and cloud environments.

OpEx: Ongoing costs for running a business's day-to-day operations. These expenses include salaries, rent, utilities, and maintenance costs. Unlike capital expenditures (CapEx), which are long-term investments in physical assets, OpEx is typically accounted for in the period they are incurred and can impact a company's profitability and cash flow more immediately.

Orange experts: Experienced Orange Business professionals specializing in cloud strategy, migration, and optimization for businesses.

Overlay Network: The virtual network established between the Locations by means of IPSec virtual tunnels that overlay the Underlay Connectivity.

P

P

Palo Alto Networks: A cybersecurity provider that offers firewall, VPN, SD-WAN and security solutions for hybrid and multi-cloud networks.

Platform: The platform business logic is an ecosystem logic of partners who each bring an element of value intended to be easily combined with others to enable the end customer to have a seamless global experience (classic example: Nespresso provides machines adapted for a dosette format, and different coffee brands provide their coffee in the dosette format). On Evolution platform, the basic components are the OINIS infra (superPoP, backbone), the VNF software of partners, the know-how of construction and interconnection of VNF in Orange's network solution, and beyond, the know-how of OCD security management, or still the management of end-to-end solution of Orange. Depending on its level of maturity, the client combines the service elements that suit him and can evolve over time in a Build/Operate/Transfer logic where the client can ask Orange to build his solution, then take over by returning to a do-it-yourself approach.

PoP: Either the Orange point of presence that enables the Customer to activate the On-demand Cloud Connect Service via IPSEC (PoP SDN), or the Partner's point of presence connected to the Orange Network equipment (Cloud Edge routers designated as CDE) that enables the Customer to activate the private On-demand Cloud Connect Service.

Prisma Access solutions: Palo Alto Networks' SSE solution.

Professional services: Specialized consultancy and implementation services that support cloud adoption, integration, and optimization for enterprises.

Profile: A composite of the configurations created in Networks and Network Services, adding configuration for Business Policy and Firewall rules, managed in the VMware Cloud Edge Orchestrator.

Public connector: A public cloud service that allows secure, scalable connections from enterprise networks to cloud applications.

Q

Q

No term found for the letter Q.

R

R

RBI: Security technology that separates web browsing activities from a user's local device and network. By executing web content in a remote environment, RBI protects users from potential threats such as malware, phishing, and other web-based attacks. This approach ensures that any harmful content is contained and does not affect the user's device or network, enhancing overall cybersecurity while allowing safe access to the internet.

Region: A distinct geographic area that encompasses multiple Locations and is characterized by the use of Gateways to connect these Locations with Edge Routers.

Reserved bandwidth: A maximum bandwidth capacity reserved on a PoP to access a selected Cloud Partner.

S

S

SaaS: Cloud computing model that delivers software applications over the Internet on a subscription basis. Users can access the software via a web browser without needing to install or maintain it on local devices, allowing for easier updates, scalability, and collaboration.

SASE: A security framework that integrates WAN and security functions in a single cloud-native platform to enhance secure access and network management.

SBC: Network device that manages and secures voice over IP (VoIP) communications and multimedia sessions. It acts as a gatekeeper, controlling the signaling and media streams between different networks, ensuring security, quality of service, and interoperability between various communication systems.

SCA: A use case of the SSE solutions, allowing protection of access to Customer cloud assets.

Scheduled Maintenance: Maintenance scheduled by Orange to occur during low traffic periods in the Network to implement changes to, or version updates of the Network. Maintenance typically occurs 3 to 5 times per year and lasts approximately 5 minutes.

SDN: Software-Defined Networking (SDN) decouples networking hardware from software, allowing for flexible and centralized network control in cloud environments.

SD-WAN: Software-defined wide area networking (SD-WAN) enables optimized, automated routing of traffic across distributed networks for improved performance. It is the Overlay Network technology (e.g., Cisco Meraki, Cisco Viptela, Fortinet, etc.) that Customer chooses to use for the Software-Defined WAN.

SD-WAN Module: An SD-WAN Technology module attached to this Service Description that describes the Overlay Network features associated with the SD-WAN Technology chosen by the Customer.

SD-WAN Technology: The Overlay Network technology (e.g., Cisco Meraki, Cisco Viptela, Fortinet, VMware, etc.) that the Customer chooses to use for the Software-Defined WAN.

Security Location: A NextGEN hub type of POP performing security functions for the SSE solution.

Service: Collectively: (a) the Overlay Network components described in Clause 1.4 (Overlay Network Standard Service Elements), (b) the Overlay Network features described in the SD-WAN Module that corresponds to the SD-WAN Technology chosen by Customer; and (c) the optional Flexible SD-WAN features described in Clause 1.5 that Customer may order from Orange.

Service Description: The Service Description for Flexible SD-WAN to which this Service Module is attached.

SIA: A secure internet service designed to protect enterprise traffic and users against threats while accessing online resources.

Single Profile: The Overlay Network service at a Location consisting of a single Edge Router.

Software-Defined WAN: A network architecture that enables the WAN to be centrally managed by using software-based controllers.

SOM: Process of managing and fulfilling customer service requests or orders within a business. This includes tracking the lifecycle of service orders, from initiation to completion, ensuring that resources are allocated efficiently, and maintaining communication with customers throughout the process. Effective service order management helps improve customer satisfaction, streamline operations, and enhance overall service delivery.

SPA: A secure access solution designed for private networks, providing encrypted, reliable access for remote users.

SPI: Service Provider Interconnect is an interconnection infrastructure service that enables seamless network attach and deep network integration with Orange core and transport networks. This solution is delivered exclusively with Palo Alto Networks SSE.

SPI: An interconnection infrastructure service that enables seamless network attach and deep network integration with Orange core and transport networks. Delivered exclusively with Palo Alto Networks SSE.

SSE: Service allowing Customer to apply cyber security controls in a cloud environment extending the network perimeter and providing secure access for end-points no matter their location.

SSH: Cryptographic network protocol used to securely access and manage network devices and servers over an unsecured network. It provides a secure channel for command-line interface access, file transfers, and tunneling, ensuring data confidentiality and integrity through encryption. SSH is commonly used for remote administration and secure communication between systems.

SSL: Standard security technology that establishes an encrypted link between a web server and a browser. It ensures that all data transmitted between the two remains private and secure. Although SSL has largely been replaced by TLS (Transport Layer Security), the term SSL is still commonly used to refer to both protocols. SSL/TLS is essential for securing online transactions and protecting sensitive information.

SSL VPN: Type of VPN that uses SSL or TLS protocols to secure the connection between a user's device and a remote server. It allows users to access a private network securely over the internet, typically through a web browser. SSL VPNs are user-friendly and provide secure access to applications and resources without the need for specialized client software, making them ideal for remote work and secure communications.

Standalone: The Overlay Network at a Location with one Edge Router connected to all available Underlay Connectivity access circuits. Customer is responsible for procuring and installing the Underlay Connectivity access circuit unless ordered from Orange.

Standard HA: The Overlay Network at a Location with two Edge Routers, each connected to all available Underlay Connectivity access circuits, with a mandatory Failover Link between the Edge Routers.

SuperPoP: Large, centralized data center or network hub that provides extensive connectivity and services, often serving as a key aggregation point for internet traffic. It typically houses multiple network providers and offers enhanced bandwidth, redundancy, and low-latency connections for users and businesses.

T

T

Technical VPN: IP/MPLS VPN on Orange Business infrastructure or its MPLS partners (Chinese operator/etc...). It allows a standard L3 interconnection between Evolution Platform services/components. It can be: a Technical VPN issued from the historic Business VPN offers; new IP/MPLS VPN issued from Evolution platform for service composition

TLS: Cryptographic protocol designed to provide secure communication over a computer network. It ensures data privacy, integrity, and authentication between clients and servers by encrypting the data transmitted. TLS is widely used in web browsers, email, and other applications to protect sensitive information from eavesdropping and tampering.

U

U

Underlay Connectivity: The physical network infrastructure and the access medium (e.g., broadband Internet access, dedicated Internet access, Orange Business VPN Service, etc.) that transport the traffic across the Customer’s WAN.

Use case: A set of configuration scenarios put in place to deliver security features.

V

V

vCPU: Virtualized representation of a physical CPU, allowing multiple virtual machines to share the processing power of a single physical processor. It enables efficient resource allocation and management in cloud computing and virtualization environments.

VeloCloud: Software-defined networking solution that enhances connectivity and performance in multi-cloud environments.

Vendor: One of the supported vendors within Evolution Platform like Palo Alto, Fortinet, Netskope, Zscaler.

Virtual device flavor: The computing capabilities (vCPU, RAM, disk storage) of a virtual Device

Virtual edge: One VNF instantiated using 1 or 2 virtual Devices

VLAN: Logical grouping of resources between Orange and the Cloud Partner within a network, configured to communicate as if they were part of the same physical network.

VMware: VMware by Broadcom, including Broadcom, Inc and VeloCloud, Inc.

VMware SD-WAN Orchestrator: The software device that provides centralized, enterprise-wide installation, configuration, and real-time monitoring, in addition to orchestrating the data flow through the cloud network.

VN: Can be considered as a LAN segment on a IaaS (typically the SDN POP). It allows virtual-machine (VM) to be interconnected together through a common virtual-network in a same POP. In addition, on SDN POP, a vRouter is automatically connected to this VN, allowing additional advanced routing mechanisms (IP/MPLS VPN implementation, BGPaaS...).

VNE: A Virtual Network Edge (VNE) device or software that manages network traffic between enterprise locations and the cloud.

VNET: A virtual network service that provides isolated network spaces in cloud environments to control traffic and security.

VNF: A virtual network function (VNF) is a virtualized task formerly carried out by proprietary, dedicated hardware. VNF moves network functions out of dedicated hardware devices and into software.

VNF IPSEC: a virtualized network function that implements IPsec protocols to provide secure communication over IP networks. It ensures data confidentiality, integrity, and authenticity by encrypting data packets between devices, typically used in VPNs and secure network connections.

VNFaaS: Virtual Network Function as a Service (VNFaaS) provides virtualized network functions on-demand, allowing flexible network scaling.

VPN: A technology that creates a secure, encrypted connection over a less secure network, such as the Internet. It allows users to send and receive data privately and securely, masking their IP address and protecting their online activities from surveillance and interference.

VRF: Place where we implement an IP/MPLS VPN instance. Typically, it's implemented on PE (where customer accesses are connected) or Virtual-Network on SDN POP / OINIS IaaS.

vRouter: Component on SDN POP virtual-network that allows IP/MPLS VPN implementation and additional advanced routing.

W

W

WAN: Wide Area Network (WAN) connects multiple locations over large geographic areas, often using cloud-based SD-WAN solutions for flexibility.

X

X

No term found for the letter X.

Y

Y

No term found for the letter Y.

Z

Z

Zscaler: A cloud-based security platform offering secure access solutions, such as zero-trust architecture for enterprises.