Dedicated Server Glossary

Infrastructure terminology is full of words that sound precise and mean nothing in particular. Unlimited bandwidth. Enterprise-grade. High performance. This dedicated server glossary does the opposite: every entry contains a number, a threshold, or a specific mechanism, and every entry says what it does not cover.

Where a figure changes over time, we say when it was measured. If the industry disagrees, we say so. And when a term exists to obscure rather than clarify, we say that too.

This glossary is maintained continuously. Figures are accurate as of the date last updated. Where a measurement changes over time, the year of measurement is stated in the entry.


AMS-IX

The Amsterdam Internet Exchange, one of the largest internet exchange points in the world. As of 2026 it carries peak traffic above 10 terabits per second across several hundred connected networks. Direct peering at AMS-IX removes intermediate transit hops between a Netherlands server and most European ISPs, which reduces both latency and its variance. It does not reduce the physical distance, which sets the floor. See Dedicated Server Netherlands.

Anycast

A routing method in which one IP address is announced from multiple physical locations, and BGP delivers each user to the topologically nearest one. Used by DNS resolvers and CDN edge networks. Anycast reduces latency for stateless requests. It works poorly for long-lived TCP sessions, because a routing change mid-session breaks the connection.

AppArmor and SELinux

Mandatory access control frameworks that confine processes to a declared set of permitted operations, so that a compromised service cannot exceed its profile. AppArmor is Ubuntu’s default and is path-based; SELinux is the Red Hat family’s default and is label-based. Neither is more secure in principle. SELinux is more expressive and harder to configure correctly, which in practice means it is more often disabled. See Ubuntu Server for Dedicated Hosting.

Attack surface

The total set of points at which an unauthorised party could interact with a system: open ports, running services, user accounts, installed packages, exposed endpoints. Hardening is the process of shrinking it. Every service that is not running cannot be exploited, regardless of what vulnerabilities it contains.

Autonomous System Number (ASN)

A globally unique identifier assigned to a network that controls its own routing policy. Data centres, ISPs, and large hosting providers each operate under an ASN. Analysing the ASN distribution of inbound traffic is one of the more reliable ways to separate residential users from data-centre-originated bot traffic.

Bandwidth

The maximum rate at which data can transfer, measured in bits per second. A 1 Gbps interface tops out at roughly 125 MB/s in ideal conditions, before protocol overhead. Bandwidth is not speed. A page that issues twenty sequential requests over a 200ms latency link loads slowly regardless of how wide the pipe is. See What Is Network Bandwidth.

Bare metal

A physical server dedicated to a single tenant, with no hypervisor between the operating system and the hardware. Containers running on bare metal avoid the virtualisation overhead present on a VM host. The term is often used loosely by providers who mean dedicated instance on shared hardware, which is not the same thing. See What Is a Bare Metal Server.

BGP

Border Gateway Protocol, the mechanism by which autonomous systems announce which IP ranges they can reach. BGP selects paths by policy and AS-path length, not by latency. A geographically short route can therefore be slower than a longer one if the peering arrangements are poor, which is why data-centre network quality matters as much as its coordinates.

Brute force attack

Automated attempts to guess credentials by exhaustive trial. Against SSH, this is continuous background noise on any server with a public IP address. The asymmetry is total: the defender must block every attempt, the attacker needs one success. Key-based authentication does not mitigate brute force. It renders it arithmetically irrelevant. See SSH Security: Brute Force Protection.

Buffer pool

The region of RAM in which a database engine caches table and index pages. When the working dataset fits in the buffer pool, queries execute from memory in microseconds. When it does not, every miss becomes a storage read. This is the mechanism by which RAM, not CPU, becomes the first bottleneck in the majority of web application workloads. See Understanding RAM Usage in Web Hosting.

Caching layers

Object caching: Redis, Memcached, stores computed values and query results in memory, eliminating repeated database work. Full-page caching: Varnish, Nginx, stores complete HTML responses, so a cache hit executes no application code at all. A site with a 90% full-page hit rate reduces application CPU for that content by roughly 90%. Personalised and authenticated content is largely uncacheable, which is why dynamic-heavy applications see smaller gains. See Server Caching Explained.

Colocation

Renting rack space, power, cooling, and network connectivity in a data centre, while owning the hardware yourself. Maximum control, maximum capital expenditure, and full responsibility for hardware failure. Dedicated server rental transfers the hardware risk to the provider. See What Is Colocation Hosting.

Core Web Vitals

Google’s set of user-experience metrics used as a ranking signal, measured from field data collected in Chrome. Comprises LCP, INP, and CLS. Critically, the ranking signal uses the mobile measurement, not the desktop one, because of mobile-first indexing. See Why Mobile Is Slower Than Desktop.

CPU utilisation vs load average

Utilisation is the percentage of processor capacity in use. Load average counts processes running or waiting to run. They answer different questions. A load average of 8.0 on a 16-core server is comfortable. The same figure on a 4-core server means every core is saturated with two processes queued behind each. Utilisation tells you the CPU is busy; load average tells you whether work is waiting. See What Is Server Load.

Cumulative Layout Shift (CLS)

Measures unexpected visual movement of page elements during load. Google’s threshold for good is below 0.1. CLS is almost entirely a front-end concern, unreserved image dimensions, late-injected banners, and infrastructure has essentially no influence on it.

Data residency

The requirement that data be stored and processed within a defined jurisdiction. Hosting inside the EEA satisfies GDPR residency by geography, without Standard Contractual Clauses or transfer impact assessments. On multi-region cloud infrastructure, replication and support access can move data across borders in ways that require deliberate configuration to prevent.

DDoS

A distributed denial-of-service attack, in which many hosts flood a target with traffic to exhaust its capacity. Volumetric attacks saturate bandwidth; application-layer attacks exhaust CPU or connection tables with comparatively little traffic. Server hardening does not defend against volumetric DDoS, which must be absorbed upstream of the server. See What Is a DDoS Attack.

Dedicated server

A physical server whose resources serve one tenant exclusively. No hypervisor, no shared CPU, no noisy neighbours, and full root access. Cost is fixed monthly regardless of utilisation, which makes it economical for stable continuous workloads and uneconomical for genuinely bursty ones. See What Is a Dedicated Server.

Default-deny firewall

A firewall policy in which all inbound traffic is rejected unless explicitly permitted. The inverse — permitting everything and blocking known threats — fails the moment an unanticipated service starts listening. A web server needs ports 80 and 443. Databases belong on the loopback interface. See What Is a Firewall.

ECC RAM

Error-Correcting Code memory, which detects and transparently corrects single-bit errors and detects multi-bit errors. Consumer RAM does neither. Silent bit-flips in a database buffer pool corrupt data without any error surfacing until much later. ECC is standard on server-class hardware and is one of the least glamorous reasons enterprise hardware costs more.

Egress fees

Charges levied by a provider for data leaving its network. Major cloud providers bill outbound transfer per gigabyte, typically around $0.09/GB in common regions, with a small monthly free allowance. Inbound transfer is usually free. Egress is the line item that most often makes cloud infrastructure unexpectedly expensive at scale, and it has no equivalent on unmetered dedicated bandwidth. See AWS vs Dedicated Server: Full Cost Breakdown.

fail2ban

A daemon that parses authentication logs, identifies IP addresses producing repeated failures, and blocks them at the firewall. The stock configuration bans an address for ten minutes after five failed attempts. It reduces log noise and blunts distributed attacks. It does not replace key authentication, and layering it over password authentication is treating a symptom.

GDPR

The EU General Data Protection Regulation. It does not mandate hosting in any specific country. It restricts transfers of EU residents’ personal data outside the EEA unless a legal transfer mechanism exists. A server in an EU member state removes the question rather than answering it. See Dedicated Servers and GDPR.

Health Check

A periodic request a load balancer sends to each backend server to verify it is still serving correctly. Machines that fail leave the rotation automatically and rejoin when they recover. A naive health check requests a static file and confirms only that the web server responds. A useful one exercises the database connection, because a machine whose database has failed still returns static files perfectly.

High availability

An architecture designed to survive component failure without service interruption, typically through redundancy and automatic failover. High availability is not a hardware specification; it is a system property. A single server, however well specified, is a single point of failure by definition. See High Availability Hosting Explained.

Hyper-threading

Intel’s implementation of simultaneous multithreading, presenting each physical core as two logical processors. A 20-core Xeon reports 40 threads. Throughput gains for mixed workloads typically fall in the 15 to 30% range, not 100%. For workloads that saturate the execution units of a single core, hyper-threading provides close to nothing.

Hypervisor

Software that creates and runs virtual machines. Type 1 runs directly on hardware (KVM, VMware ESXi, Proxmox). Type 2 runs on top of a host operating system. Every hypervisor introduces some overhead; on modern hardware with virtualisation extensions this is small for CPU and larger for I/O. See What Is Server Virtualization.

I/O wait

The percentage of time the CPU sits idle waiting for a storage operation to complete, visible as wa in top or vmstat. High I/O wait alongside high load average usually means the bottleneck is storage, not the processor. Adding CPU cores to a server with 30% I/O wait changes nothing. See Disk I/O Bottleneck Explained.

Interaction to Next Paint (INP)

Measures responsiveness to user input across the whole page lifecycle, replacing First Input Delay. Google’s threshold for good is below 200ms. INP is dominated by JavaScript main-thread work, so a fast server improves it only indirectly, by not delaying script execution.

Internet Exchange Point (IXP)

A physical facility where networks interconnect directly rather than routing through a paid transit provider. AMS-IX in Amsterdam, DE-CIX in Frankfurt, and LINX in London are the largest in Europe. A server in a data centre with dense IXP presence reaches European users in fewer hops than the same hardware in a poorly peered facility. See How Server Location Affects Website Speed.

IOPS

Input/output operations per second. Manufacturer figures almost universally assume 4 KB blocks at queue depth 32, with whichever access pattern flatters the device. Real database workloads rarely match those conditions, and observed IOPS two to five times below the specification sheet is common rather than exceptional. Treat published IOPS as a ceiling, never as a forecast. See NVMe and RAID for High-IOPS Workloads.

IPMI

Intelligent Platform Management Interface, an out-of-band management channel that operates independently of the server’s operating system and main network interface. It provides remote power cycling, console access, and hardware sensor readings even when the OS has failed to boot. IPMI is what recovers a server after a firewall rule locks you out. Its own interface should never be exposed to the public internet.

Largest Contentful Paint (LCP)

The time until the largest visible content element renders. Google’s threshold for good is under 2.5 seconds. LCP inherits TTFB entirely: a 900ms server response leaves 1.6 seconds for everything else. Infrastructure influences LCP more than any other Core Web Vital.

Latency

The time for a signal to travel from source to destination. In fibre, light propagates at roughly two-thirds of its vacuum speed, approximately 200,000 km per second, which imposes about 1ms of round-trip latency per 100km of cable, before any routing overhead. Amsterdam to London measures 5 to 10ms in practice; Amsterdam to New York, 70 to 90ms. No amount of hardware or software optimisation reduces this floor. See Latency Explained.

Layer 4 load balancing

Layer 4 load balancing routes on IP addresses and TCP or UDP ports without inspecting traffic content, processing millions of packets per second with minimal added latency. So, Layer 7 inspects the full HTTP request, including URL, headers, and cookies, enabling content-based routing, SSL termination, and application-aware health checks, at the cost of higher processing overhead. Most web applications need Layer 7.

Load Balancer

A device or software component that sits between clients and a pool of backend servers, receiving every request and routing it to one of them according to a defined algorithm. The load balancer becomes the address that DNS resolves to, which means it also becomes a single point of failure unless deployed as a redundant pair. It distributes work; it does not make the work faster.

Managed vs unmanaged

Unmanaged means the provider delivers working hardware, network, and an operating system image. Everything above that is yours, patching, security, backups, monitoring. Managed means some subset of that is theirs. The boundary is never standardised, and the correct question is not is it managed but which specific tasks are contractually theirs. See Managed vs Unmanaged Hosting.

Mean Time To Recovery (MTTR)

The average time to restore service after a failure. In practice, MTTR is determined less by hardware and more by whether the team can find the runbook, knows the firewall rules, and has tested the restore procedure. It is the metric most improved by documentation and least improved by expenditure. See What Happens When a Server Crashes.

Noisy neighbour

The performance degradation one tenant experiences because another tenant on the same physical host is consuming shared CPU, memory bandwidth, or storage I/O. The defining characteristic is that your own metrics move without your own traffic changing. Diagnosing it from inside the guest is close to impossible, which is the practical case for single tenancy. See What Causes High CPU Usage.

NUMA

Non-Uniform Memory Access. On a dual-socket server, each processor has memory attached directly to it. A core accessing memory on its own socket is faster than one reaching across the interconnect to the other socket’s memory. Workloads that are not NUMA-aware can lose measurable performance on dual-socket hardware relative to a well-specified single-socket machine.

NVMe

Non-Volatile Memory Express, a storage protocol that addresses SSDs over PCIe rather than through the SATA controller. SATA III caps at 6 Gbps, or roughly 550 MB/s in practice. NVMe removes that ceiling and, more importantly, supports far deeper command queues, which is where database workloads actually benefit. See How NVMe Storage Boosts Performance.

Peering

An arrangement in which two networks exchange traffic directly, usually without payment. The alternative is transit, which is paid. A provider with extensive peering delivers lower and more consistent latency to the networks it peers with. Peering quality is invisible from a specification sheet and only becomes apparent under measurement.

Principle of least privilege

Every account, process, and credential should hold exactly the permissions its function requires, and nothing further. An application’s database user should read and write its tables; it should not be able to drop them or create users. NSA and CISA red teams identify improper separation of user and administrator privilege among the most common misconfigurations found in large organisations.

Provisioning

The process of preparing and delivering a server so that it is ready to use: installing the operating system, configuring the network, assigning IP addresses, and granting access. Provisioning time ranges from minutes on automated platforms to a few hours where hardware is configured to order. It is a one-time event at the start of the contract, distinct from the ongoing management that follows.

RAID 0

Data striped across multiple drives with no redundancy. Capacity and throughput scale with drive count; so does failure probability. One drive failure destroys the array. RAID 0 is appropriate for scratch data and reproducible caches, and for nothing else in production.

RAID 1

Data mirrored across two drives. Half the raw capacity is usable. One drive can fail without data loss or interruption. This is the correct default for production servers where downtime is unacceptable. RAID 1 is not a backup: it faithfully mirrors an accidental DROP TABLE to both drives instantly. See What Is RAID.

RAID 10

Mirrored pairs, striped. Requires a minimum of four drives and yields half the raw capacity. Combines RAID 1’s redundancy with RAID 0’s throughput, and rebuilds far faster than parity-based levels. The standard choice for write-heavy database workloads that can afford the capacity cost.

Round-Trip Time (RTT)

The interval for a packet to reach a destination and for the acknowledgement to return. Every stage of a page load pays RTT independently: the TCP three-way handshake costs one RTT, a TLS 1.3 handshake costs one more, and each subsequent request costs at least one. TLS 1.2 costs two. Twenty round trips at 100ms is two seconds of pure waiting. See How TCP/IP Works.

RPO and RTO

Recovery Point Objective is how much data you can afford to lose, expressed as time, hourly backups imply a one-hour RPO. Recovery Time Objective is how long restoration may take. These two numbers determine the backup architecture. Choosing them explicitly, before an incident, is the entire exercise. See Why Regular Backups Matter.

SATA SSD

A solid-state drive connected over the SATA interface. Eliminates the mechanical seek latency of spinning disks, the single largest performance improvement available to a database server, but remains bounded by the SATA III ceiling of roughly 550 MB/s. Adequate for most web workloads. The constraint becomes visible under sustained high-IOPS database load.

Server hardening

The deliberate reduction of a system’s attack surface: removing default credentials, disabling unused services, restricting privilege, applying patches promptly, and replacing permissive defaults with restrictive configuration. Hardening is a continuous process, not a provisioning task. A server hardened once and never reviewed drifts back toward its defaults as software accumulates. See What Is Server Hardening.

Service Level Agreement (SLA)

A contractual commitment to a service level, usually uptime, with defined remedies when it is missed. Read the remedy clause: most SLAs compensate with service credits proportional to the outage, not with damages proportional to your revenue loss. An SLA is a statement of confidence, not an insurance policy. See Understanding Server Uptime SLAs.

Session Persistence

Routing a user’s requests consistently to the same backend server for the duration of their session, so that locally stored state remains reachable. Also called sticky sessions. It distributes load unevenly whenever some users hold longer sessions than others, and it undermines failover, because a machine failure destroys the sessions living on it. Moving session state into a shared Redis instance removes the need for it entirely.

Shared hosting

Many websites on one physical server, isolated by user accounts rather than by hardware. Resources are pooled and capped per account. It is inexpensive, and its failure mode is that your performance depends on the behaviour of tenants you cannot see or influence. See Outgrowing Shared Hosting.

Setup fee

A one-time charge some providers apply when provisioning a new server, separate from the recurring monthly price. It covers the initial hardware configuration and deployment. Not every provider charges one, and its presence or absence is worth checking before signing, because a low monthly price paired with a high setup fee can cost more in the first year than a higher monthly price with no setup fee.

Single-socket vs dual-socket

A single-socket server has one physical CPU; a dual-socket server has two, doubling core count and memory channels. Dual-socket suits virtualisation hosts and parallel workloads that scale across many cores. Most web applications perform better on a high-specification single socket than on a lower-specification dual socket at the same price, because per-core performance matters more than total core count, and because NUMA introduces complexity that gains nothing if the workload cannot exploit it. See How to Choose the Right CPU.

SSH key authentication

Authentication using an asymmetric key pair rather than a password. An ed25519 key cannot be brute-forced within any meaningful timescale; a password can. Disabling PasswordAuthentication in /etc/ssh/sshd_config is the single highest-leverage change available on a new server. Verify key login in a second terminal before applying it. See How to Setup a Dedicated Server.

Tier III and Tier IV

Uptime Institute data centre classifications. Tier III is concurrently maintainable, any component can be serviced without stopping operations, and corresponds to roughly 99.98% availability. Tier IV is fault tolerant, sustaining a single unplanned failure without impact, at roughly 99.99%. The tier describes the facility, not your server, and not your application.

Time to First Byte (TTFB)

The interval between the browser issuing a request and receiving the first byte of the response. It comprises DNS resolution, TCP handshake, TLS negotiation, server processing, and the first byte’s transit. Google’s guidance treats TTFB under 800ms as good and above 1800ms as poor. A well-configured dedicated server serving a European audience should achieve 100 to 300ms. See What Is Time to First Byte.

Transit

Paid access to the wider internet through a provider that carries your traffic to destinations you do not peer with directly. Transit is the fallback when peering does not exist. It works, and it adds hops.

Unmetered vs Unlimited

These are not synonyms, and the industry benefits from the confusion. Unmetered means the provider does not count the volume of data transferred; the constraint is the port speed. A 1 Gbps unmetered port can move roughly 324 TB in a month at full saturation. Unlimited is a marketing term with no technical definition, and is almost always governed by a fair-use clause buried in the terms of service. Ask which one you are buying. See Hidden Costs of Cheap Hosting.

Uptime percentages

The arithmetic is worth internalising, because the marketing relies on it not being. Over a full year: 99% permits 3 days 15 hours of downtime. 99.9% permits 8 hours 45 minutes. 99.99% permits 52 minutes. 99.999% permits 5 minutes. The difference between three nines and four is not a rounding detail; it is a different class of engineering and a different cost structure. See Website Downtime: Impact on Revenue and Trust.

Virtualisation

Partitioning one physical machine into multiple isolated virtual machines, each with its own operating system. Improves hardware utilisation and provides strong isolation. Costs some performance, particularly for storage I/O, and introduces the noisy-neighbour problem when the host is oversubscribed. See Bare Metal vs Virtualized Servers.

VPS

A Virtual Private Server: a virtual machine on shared physical hardware, with allocated CPU, RAM, and storage. Cheaper than dedicated hardware and genuinely isolated at the OS level. Resource allocation is often oversubscribed, meaning the guaranteed figures and the available figures differ under load. See Dedicated Server vs VPS.

Web Application Firewall (WAF)

A filter that inspects HTTP requests and blocks those matching known attack patterns: SQL injection, cross-site scripting, malicious bot signatures, before they reach the application. A WAF operates at layer 7 and complements a network firewall rather than replacing it. It also produces false positives, which is why it needs tuning rather than installation. See What Is a WAF.

Xeon Gold 5215

Intel server processor, 10 physical cores and 20 threads, base clock 2.5 GHz. Suited to workloads where per-core performance and moderate concurrency matter more than raw parallelism.

Xeon Gold 6138

Intel server processor, 20 physical cores and 40 threads, base clock 2.0 GHz. Twice the parallelism of the 5215 at a lower base clock. The correct choice when the workload distributes across many cores: container hosts, build servers, transcoding pipelines, and the wrong one when a single-threaded bottleneck dominates.


📖 Go deeper on any of these terms

Every definition above has a full guide behind it. The Swify blog covers dedicated server infrastructure across six areas:

Dedicated Servers Basics  ·  Performance & Optimization  ·  Security & Stability  ·  Comparisons  ·  Use Cases  ·  Benefits

Dedicated servers in the Netherlands, from €120/month

HP ProLiant Gen10 hardware, Intel Xeon Gold processors, ECC RAM, enterprise SSD storage, and 1Gbps unmetered bandwidth from an AMS-IX connected data centre. Full root access, GDPR data residency, no contracts.

→ View Server Plans Build a Custom Server