←  back to blog
Cloud development environments 101: glossary, definitions and frequently asked questions
DevX

Cloud development environments 101: glossary, definitions and frequently asked questions

@taliamoyal's avatar on GitHub Talia Moyal Head of Outbound Product at Gitpod

May 20, 2024

At Gitpod, we talk to hundreds of developers a month, all with varying levels of knowledge of what a cloud development environment is, how to use a cloud development environment, and everything related. Because of this, we put together a list of the most common words, phrases, and questions we see, with definitions and answers. Happy reading!

  • Cloud development environment (CDE): CDEs are on-demand development environments pre-configured with the tools, libraries, and dependencies needed to write, test and review code. They help shift a platform team’s sphere of influence to the left, enabling them to gain control over development environments, while increasing autonomy for developers.

  • Self-hosted, vendor-managed deployments: self-hosted in your organization’s cloud infrastructure, operationally managed by a vendor. These deployments have the security benefits of self-hosted, without the operational overhead. Examples are Gitpod.

  • Self-hosted, self-managed deployments: self-hosted in your organization’s cloud infrastructure, operationally managed by your team. Examples are Coder.

  • Vendor-hosted, vendor-managed deployments: hosted in a vendor’s cloud infrastructure, as well as operationally managed by the vendor. Examples are Gitpod’s pay-as-you-go offering or GitHub Codespaces.

  • Ephemeral development environments: development environments that are short-lived and used for as little as a few minutes, or hours and are discarded after use, reducing cost, and ensuring a consistent and secure starting point for each new task a developer works on. Gitpod is the only cloud development environment to provide ephemeral development environments.

  • Workspaces: a term used to describe a single instance of a personal development environment.

  • Prebuilds: an async background process of preparing and compiling code automatically before a development environment is provisioned, reducing setup times and enhancing productivity.

  • Multi-tenancy: an architecture in which a single instance of a software application serves multiple customers, each customer’s data is isolated and invisible to other customers.

  • Single-tenancy: an architecture where a software application is hosted as a dedicated instance for each customer, providing enhanced security and control over the environment.

  • Virtual private cloud (VPC): a secure and isolated private cloud hosted within a public cloud, enabling users to run and manage their own virtual network.

  • Immutable infrastructure: an infrastructure paradigm where servers are replaced rather than upgraded, ensuring consistency and reliability in deployments.

  • Bring your own device policies (BYOD): BYOD policies are common with organizations that want to leverage contractors but don’t want to supply them with hardware.

  • Virtual desktop infrastructure (VDI): a form of virtualization that enables remote access to a full desktop environment. VDIs host the operating system, applications and data from a desktop environment on a virtual machine and stream them to end-users over a network.

  • Desktop as a service (DaaS): a cloud computing offering where a service provider delivers virtual desktops to end users over the Internet, licensed with a per-user subscription.

  • Cloud Integrated Development Environment (IDE): a web-based interface where developers can write code, typically fully client-side in the browser, without access to a file or operating system. Cloud IDEs can be useful for sharing code snippets or developer interviews.

Security and authentication

  • Single Sign-On (SSO): an authentication process that allows a user to access multiple applications with one set of login credentials.

  • Secure access workstation (SAW): a dedicated computing device designed to provide secure access to sensitive systems and data. It is configured with stringent security measures to minimize the risk of compromise. Key characteristics and features of SAWs include:

    • Isolation: SAWs are isolated from other workstations and general-purpose systems to reduce the attack surface.

    • Hardening: these workstations are hardened with security controls such as restricted administrative privileges, minimal installed software, and enforced security policies.

    • Restricted use: SAWs are used exclusively for accessing sensitive systems, critical applications, or handling sensitive data, ensuring they remain free from non-secure activities.

    • Regular updates: frequent updates and patches are applied to keep the SAW secure against known vulnerabilities.

    • Monitoring and logging: continuous monitoring and logging of activities to detect and respond to suspicious behavior promptly.

  • Privileged access workstation (PAW): a specialized computing environment designed for users who require elevated access rights to critical systems, such as administrators or IT personnel. Similar to SAWs, PAWs emphasize security and isolation but focus specifically on managing and protecting privileged access. Key characteristics and features of PAWs include:

    • Dedicated environment: PAWs are dedicated devices or virtual machines used exclusively for administrative tasks and privileged operations.

    • Enhanced security: These workstations are configured with strong security measures, including multi-factor authentication, strict access controls, and secure boot mechanisms.

    • Segregation of duties: PAWs help enforce the segregation of duties by ensuring that privileged access is only performed from secure, designated devices.

    • Limited internet access: restricted or no direct internet access to prevent exposure to potential threats.

    • Secure communication: use of secure communication channels (e.g., VPNs, encrypted connections) when accessing privileged systems.

  • Privileged access management (PAM): a set of technologies and practices designed to manage, control, and monitor privileged access to critical systems and sensitive data. PAM solutions aim to protect against the risks associated with privileged accounts, which are often targeted by attackers. Key components and features of PAM include:

    • Credential vaulting: secure storage of privileged credentials in a centralized vault, reducing the risk of exposure and misuse.

    • Just-in-time access: providing privileged access only when needed and for a limited duration, minimizing the attack window.

    • Session management: monitoring and recording privileged sessions to ensure accountability and provide an audit trail for forensic analysis.

    • Multi-Factor Authentication (MFA): requiring multiple forms of authentication to verify the identity of users accessing privileged accounts.

    • Access control policies: defining and enforcing policies that govern who can access what resources and under what conditions.

    • Risk-Based Authentication: implementing adaptive authentication mechanisms that assess the risk of access attempts based on contextual factors (e.g., location, time, behavior).

    • Audit and compliance: generating reports and logs that help organizations meet regulatory compliance requirements and internal security policies.

  • OpenID Connect (OIDC): a simple identity layer on top of the OAuth 2.0 protocol, allowing clients to verify the identity of the end-user based on the authentication performed by an authorization server.

  • Secure shell (SSH): a cryptographic network protocol for operating network services securely over an unsecured network.

  • Software supply chain security: security involves protecting software and its infrastructure from vulnerabilities, unauthorized changes, and malicious attacks.

  • Service Organization Control 2 (SOC2): an auditing procedure that ensures service providers securely manage data to protect the interests of the organization and the privacy of its clients.

  • Access controls: Access controls are security techniques that regulate who or what can view or use resources in a computing environment, helping to protect data integrity and privacy.

  • Zero trust: a security model that assumes all network traffic is untrustworthy, requiring strict identity verification for every person and device trying to access resources.

  • Data encryption: the process of encoding data to prevent unauthorized access, essential for protecting data both at rest and in transit.

  • Policy as code: embedding compliance and regulatory requirements into the software development lifecycle through code, making it easier to automate and track compliance.

  • Threat modeling: a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and countered.

Kubernetes, Docker, and Containers

  • Kubernetes: an open-source platform designed to automate deploying, scaling, and operating application containers.

  • Containerization: The use of containers to encapsulate an application with its own operating environment, running consistently on any infrastructure.

  • Not enough RAM to run docker-compose :the best way to solve for this problem is to mock out services to reclaim memory, use the cloud with “Remote - SSH” for VS Code, “JetBrains Gateway”, or use a vendor-managed cloud development environment (CDE) solution such as Gitpod.

  • How to setup a development environment for Docker on Windows: use Windows Subsystem for Linux (WSL) or Hyper V, set up another device (i.e. Raspberry Pi), dual boot your device, or a cloud development environment (CDE) such as Gitpod. More details on how to do this are here.

  • Vagrant: Vagrant is an open-source software product for building and maintaining portable virtualized development environments. It provides a command-line interface to create and configure virtual machines.

  • Docker in Docker: Docker in Docker involves running a Docker daemon inside a Docker container, allowing for container management by a container.

  • Docker Desktop: Docker Desktop is an application for MacOS and Windows that enables developers to build and share containerized applications and microservices.

Advanced Cloud concepts

  • What are microservices?: an architectural style that structures an application as a collection of loosely coupled services, improving modularity and making the application easier to understand, develop, and test. Key characteristics include:

    • Modularity
    • Built in a bounded context (according to domain-driven design)
    • Ability to be deployed in isolation
    • Communicating over a network boundary
    • Decentralized governance
    • Failure isolation

  • Serverless architecture: an architectural model that allows developers to build and run applications and services without managing infrastructure. Key characteristics include:

    • Broken down applications into small, independent functions or services
    • Functions triggered by events or requests
    • Developers don’t manage underlying infrastructure
    • Cloud providers handle all server management, including provisioning capacity, maintaining security patches, and scaling automatically
    • Users only pay for the actual computing time

  • Event-driven architecture: a software architecture model promoting the production, detection, consumption of, and reaction to events. Event-driven architecture allows software components to be loosely coupled, as opposed to command-based service integration patterns.

  • Service mesh: a dedicated infrastructure layer for facilitating service-to-service communications between services or microservices, handling load balancing, monitoring, and more.

  • Network isolation: the practice of segregating different segments of a network to enhance security, performance, and manageability.

Development tools, processes and practices

  • Version control system integration (VCS Integration): Incorporating tools that manage changes to source code or documents into a development environment to track revisions and collaborate.

  • Infrastructure-as-code (IaC): A method of managing and provisioning compute resources such as servers or databases through machine-readable definition files that are stored in source control, rather than through manual configuration.

  • CLI: Command Line Interface (CLI) is a text-based interface used to operate software and operating systems by typing commands directly, often allowing more control and scripting capabilities than graphical interfaces.

  • APIs: Application Programming Interfaces (APIs) are sets of rules and tools for building software and applications, allowing different programs to communicate with each other.

  • VS Code for the web (browser): Visual Studio Code for the browser is a web-based variation of the popular VS Code editor, enabling developers to code directly from a web browser.

  • VS Code desktop: Visual Studio Code on the desktop is a powerful and versatile code editor that supports a wide range of programming languages and platforms, featuring built-in Git support, debugging, syntax highlighting, intelligent code completion, snippets, and code refactoring.

  • Command line (SSH): The command line interface accessed via SSH (Secure Shell) allows users to securely connect to and execute commands on remote servers, facilitating the management of systems and applications remotely.

  • Browser terminal: A browser terminal is an online emulation of a command line interface that runs within a web browser, allowing users to execute shell commands on remote servers directly from their browsers without needing SSH clients.

  • Jupyter Notebook: Jupyter Notebook is an open-source web application that allows you to create and share documents that contain live code, equations, visualizations, and narrative text. It’s widely used for data cleaning and transformation, numerical simulation, statistical modeling, data visualization, and machine learning.

  • IntelliJ IDEA: IntelliJ IDEA is a comprehensive IDE primarily for Java development, providing a robust environment with deep code understanding, intelligent code assistance, and a wide array of refactoring tools for enhanced productivity.

  • GoLand: GoLand is a commercial IDE by JetBrains aimed specifically at providing an ergonomic environment for Go developers. It includes features such as code completion, quick navigation, intelligent code inspections, a debugger, and an integrated testing tool.

  • PhpStorm: PhpStorm is a professional IDE tailored for PHP developers, featuring deep code understanding, top-notch coding assistance, support for all PHP tools, and major frameworks and CMSs.

  • PyCharm: PyCharm is a Python IDE with a rich set of tools for Python development, including frameworks like Django, Flask, Google App Engine, Pyramid, and web development with HTML, JS, and SQL support.

  • CLion: CLion is a powerful cross-platform IDE for C and C++ development, providing comprehensive coding assistance, navigation, a wide array of refactorings, and integrated debugger and testing framework support.

  • RubyMine: RubyMine is an IDE that offers a comprehensive Ruby code editor aware of dynamic language specifics, providing smart coding assistance, intelligent issue detection, and quick-fix options.

  • WebStorm: WebStorm is a powerful IDE for modern JavaScript development, whether you’re using React, Angular, Vue.js, or other frameworks. It provides automatic code completion, navigation, and refactoring for JavaScript, TypeScript, stylesheet languages, and popular frameworks.

  • RustRover: RustRover is a powerhouse IDE for Rust developers.

  • Amazon Web Services (AWS): Amazon Web Services is a comprehensive and broadly adopted cloud platform that offers over 200 fully featured services from data centers globally. It provides infrastructure and application services that enable computing, storing, and networking.

  • Backstage: Backstage is an open-source platform for building developer portals, created by Spotify. It integrates tooling, services, and APIs into a single UI, helping developers manage and standardize development workflows and tools across teams.

  • Bitbucket: a Git-based source code repository hosting service owned by Atlassian, tailored for professional teams. Is natively integrated with Gitpod.

  • GitHub: a platform for version control and collaboration, allowing users to manage projects, track changes, and host and review code. Is natively integrated with Gitpod.

  • GitLab: a complete DevOps platform that provides a suite of tools for software development, from project planning and source code management to CI/CD, monitoring, and security. Is natively integrated with Gitpod.

  • Internal developer portals: Internal developer portals are centralized platforms within an organization that provides developers with access to tools, resources, APIs, and documentation needed to build, manage, and optimize applications efficiently.

  • JetBrains Gateway: It is a lightweight tool that enables remote development by connecting your local machine to code hosted on a remote server, allowing you to use JetBrains IDEs seamlessly in a thin-client mode.

  • Tailscale: Tailscale is a zero-config VPN that creates secure networks between computers, servers, and cloud instances, simplifying the process of establishing trusted connections over the internet.

  • Visual Studio Code (VS Code): a lightweight but powerful source code editor that runs on your desktop and offers support for debugging, Git control, syntax highlighting, and code refactoring. Is natively integrated with Gitpod.

  • Vim: Vim is a highly configurable text editor used in various environments such as terminal and SSH, known for its efficiency, and is powered by a scripting language that allows for extensive customization. Is natively integrated with Gitpod.

  • Code reviews: the practice of reviewing team member’s code.

  • Pair programming: Pair programming is a collaborative coding technique where two developers work together at one workstation, sharing ideas and responsibilities to improve code quality and enhance learning.

  • DevOps: a set of practices that combines software development (Dev) and IT operations (Ops) aimed at shortening the systems development life cycle and providing continuous delivery with high software quality.

  • DevSecOps: a set of practices that integrate security practices at every phase of the software development lifecycle, from initial design through integration, testing, delivery, and deployment.

Author
@taliamoyal's avatar on GitHub Talia Moyal Head of Outbound Product at Gitpod

Last updated

May 20, 2024

Helpful resources Cloud development environments for platform teams
Join developers, everywhere.

Development environments pre-configured with the tools and dependencies needed to get inspired and start building.

Try now for free Contact sales

Related articles

DevX

Gitpod named as IDC Innovator for CDEs in 2024

@taliamoyal's avatar on GitHub Talia Moyal

Blog banner
DevX

Financial institutions aren’t seeing ROI on technology spend without standardized and automated development environments

@taliamoyal's avatar on GitHub Talia Moyal

Blog banner
DevX

Gitpod vs. Coder: the misconception of infrastructure choice

@taliamoyal's avatar on GitHub Talia Moyal

Blog banner

Monthly Newsletter

Subscribe to get a summary of what we've shipped over the last month, plus everything you need to know around developer experience.

By submitting this, I confirm that I have read and understood the Privacy policy.