# Cloud Glossary: Object Storage, DNS, VPS, EU Sovereignty > Plain-English definitions of the cloud terms that come up most often around sovereign European infrastructure: S3 object storage, DNS, VPS, KVM, DNSSEC, GDPR, NIS2, the EU Data Act, and the US Cloud Act. ## AES-256 Advanced Encryption Standard with a 256-bit key. The symmetric cipher used by every serious cloud provider for server-side encryption at rest. Strong enough that NIST recommends it for storing top-secret US government information. ## Anycast A network routing technique where the same IP address is announced from multiple physical locations and BGP routes each client to the nearest one. Used by DNS providers and CDNs to deliver sub-millisecond latency across continents from one logical address. ## Authoritative DNS The DNS servers that hold the canonical records for a domain. When your nameservers say lazentis.com points at 185.x.x.x, those nameservers are authoritative. Everything else is just a cache of what the authoritative servers said. ## Bucket The top-level container in object storage. A bucket holds objects and has its own access policies, region, lifecycle rules and versioning settings. Bucket names are usually globally unique within a provider. ## DNS Domain Name System. Translates human-readable domain names (lazentis.com) into IP addresses (185.x.x.x) so the rest of the internet can route to your services. Authoritative DNS hosts the records for your domain; recursive DNS resolves queries for end users. ## DNSSEC DNS Security Extensions. Cryptographically signs DNS records so resolvers can verify they were not tampered with in transit. Prevents cache-poisoning attacks. Increasingly required by regulators and supported by every serious DNS provider. ## Egress Outbound data transfer from a cloud provider to the internet or to another network. The hyperscalers charge egress per GB, which is how a low storage price turns into a high invoice. Lazentis includes egress under fair use, so typical workloads never see an egress charge. ## Erasure Coding A storage redundancy technique that splits each object into fragments plus parity blocks across multiple disks, racks or sites. Survives multiple simultaneous failures while using less raw capacity than full replication. Object storage providers use it to reach eleven nines of durability. ## EU Data Act EU regulation in force from September 2025. Mandates portability of cloud data, restricts unfair contract terms, gives users rights to switch providers, and imposes obligations on cloud providers around interoperability and data export. ## EU Data Sovereignty The principle that data generated in or about the European Union is governed by EU law and cannot be compelled by foreign jurisdictions. Achieved by combining EU-only data residency, EU-domiciled operators and contractual restrictions on cross-border transfer. ## GDPR General Data Protection Regulation. The EU's data protection law, in force since 2018. Sets the rules for processing personal data of people in the EU, regardless of where the processor is based. Fines reach 4% of global annual revenue. ## Hyperscaler Shorthand for the small group of cloud providers operating at planet-scale: AWS, Microsoft Azure, Google Cloud. All US-domiciled and therefore subject to the US Cloud Act, which is why European customers increasingly look for European alternatives. ## KVM Kernel-based Virtual Machine. The Linux hypervisor that powers most modern VPS hosting. Provides hardware-level isolation between virtual machines, supports any guest OS, and is much stronger than container-style virtualization like OpenVZ. ## Multipart Upload An S3 protocol for uploading large objects in parallel chunks of up to 5 GB each. Supports parallel transfer, resume on failure, and lets objects scale up to 5 TB. Used by tools like aws-cli, rclone and boto3 automatically once files cross a threshold. ## NIS2 Directive The EU's 2023 cybersecurity directive, expanding NIS1. Applies to a wider set of sectors (cloud, digital infrastructure, managed service providers) and mandates risk management, incident reporting and supply-chain security. Member states transposed it into national law in 2024. ## Object Key The unique identifier for an object inside a bucket. Looks like a file path (foo/bar/baz.jpg) but is actually a flat string. The slashes are convention, not directories. ## Object Storage A cloud storage architecture that treats data as immutable objects (file + metadata) addressed by a unique key inside a flat namespace called a bucket. Accessed over HTTPS using the S3 API. Scales to petabytes, costs roughly an order of magnitude less than block storage, and is the right choice for backups, logs, media, datasets and build artifacts. ## Presigned URL A time-limited URL signed with an S3 access key that grants temporary upload or download permission to a specific object without sharing credentials. Used for browser uploads, expiring download links and webhook delivery. ## Region A geographically distinct cluster of cloud infrastructure (data centres, network, control plane) operated as one logical unit. Customers pick a region to satisfy latency, data residency or compliance constraints. Lazentis regions are inside the EU. ## S3 API The HTTP API Amazon S3 introduced, now the de-facto standard for object storage. Tools like aws-cli, rclone, boto3, s3cmd, MinIO client, Terraform and Restic all speak it. An S3-compatible provider like Lazentis implements the same v4 signature protocol so existing pipelines keep running by changing only the endpoint URL, region, access key and secret key. ## SLA Service Level Agreement. The contractual uptime and performance commitment a provider makes, plus the remedy (usually service credits) if they miss it. A 99.99% uptime SLA permits about 52 minutes of downtime per year. ## Sovereign Cloud A cloud where data, control plane and the legal entity operating the infrastructure are all under one jurisdiction's law. For European customers this means EU-only data residency, EU-domiciled operator, and no extraterritorial access via foreign statutes like the US Cloud Act. ## TLS 1.3 Transport Layer Security version 1.3. The current standard for encrypting traffic on the wire between client and server, used by HTTPS. Faster handshake than TLS 1.2, drops obsolete ciphers, and is what every modern API should default to. ## TTL Time To Live. The number of seconds a DNS resolver should cache a record before re-asking the authoritative server. Lower TTL means faster propagation of changes; higher TTL means less load and faster average resolution. ## US Cloud Act United States law passed in 2018 that allows US authorities to compel US-based providers to hand over data they hold, regardless of where the data is physically stored. Affects every major US hyperscaler, including their European subsidiaries. The reason European customers ask for a non-US cloud. ## VPS Virtual Private Server. An isolated virtual machine running on shared physical hardware with dedicated CPU cores, RAM, NVMe disk and IP addresses. You get full root access, pick the operating system, and install whatever software you want. Sits between shared hosting (cheap, no control) and dedicated servers (full hardware, much more expensive). --- Source: https://lazentis.com/learn/glossary