Terminology
This document defines key terms used in Big Picture documentation. Understanding these terms establishes a shared mental model for how Big Picture works.
Release Management
Section titled “Release Management”Release
Section titled “Release”An immutable version of a product published to a channel. A release includes version metadata, artifact references, and signing information. Once published, a release cannot be modified—only revoked.
Channel
Section titled “Channel”A named stream of releases (e.g., stable, beta, internal). Clients subscribe to channels and receive update decisions based on releases in that channel.
Artifact
Section titled “Artifact”An installer or package file (MSI, MSIX, ZIP, etc.) that contains the software to be installed. Artifacts are stored in artifact repositories and referenced by releases.
Update Decision
Section titled “Update Decision”A signed response from Big Picture indicating what action a client should take:
AUTO_INSTALL: Install automaticallyNOTIFY_ONLY: Notify user but don’t installMANAGED_BY_IT: Defer to IT-managed deploymentNO_ACTION: Take no action
Policy
Section titled “Policy”Rules that govern update behavior, including update modes, version pinning, blocklists, and staged rollout percentages. Policy can be set globally, per-tenant, or per-product.
Staged Rollout
Section titled “Staged Rollout”Gradually releasing a new version to a percentage of clients, enabling canary deployments and risk mitigation.
Revocation
Section titled “Revocation”Marking a release as revoked, preventing new clients from receiving it while existing installations remain unchanged.
Licensing
Section titled “Licensing”Entitlement
Section titled “Entitlement”A customer’s right to use software, defined by products, license type, validity period, and features. Entitlements are the source of truth for licensing decisions.
License Lease
Section titled “License Lease”A short-lived, signed token granting temporary permission to use software. Leases expire after a configurable duration and must be renewed periodically.
License Server
Section titled “License Server”A service that evaluates entitlements and issues license leases. Can be cloud-hosted or locally deployed.
Per-User Licensing
Section titled “Per-User Licensing”A license model where each licensed user can activate software on any machine. The license server tracks active users and enforces seat limits.
Per-Machine Licensing
Section titled “Per-Machine Licensing”A license model where each licensed machine can run software regardless of user. The license server tracks machine identities and enforces device limits.
Floating (Concurrent) Licensing
Section titled “Floating (Concurrent) Licensing”A license model where a pool of licenses can be used by any user or machine up to the concurrent limit. Licenses are checked out when in use and checked in when released.
Deployment and Infrastructure
Section titled “Deployment and Infrastructure”Tenant
Section titled “Tenant”An organizational boundary in Big Picture. Tenants have isolated catalogs, policies, and entitlements. In SaaS deployments, each customer is a tenant.
Mirror
Section titled “Mirror”A downstream service that pulls signed snapshot bundles from Big Picture and serves artifacts locally. Enables self-hosting for regulated environments.
Snapshot
Section titled “Snapshot”An immutable, signed bundle containing complete catalog state at a point in time. Mirrors pull snapshots to replicate Big Picture’s catalog locally.
Artifact Repository
Section titled “Artifact Repository”External storage for installers (JFrog, S3, GCS, etc.). Big Picture references artifacts in repositories but doesn’t store them directly (unless using managed storage).
Managed Storage
Section titled “Managed Storage”Optional Big Picture-managed artifact storage. When enabled, Big Picture stores artifacts directly rather than referencing external repositories.
Security and Trust
Section titled “Security and Trust”Signature
Section titled “Signature”A cryptographic signature (Ed25519) attached to update decisions, license leases, and snapshots. Clients verify signatures before trusting data.
Signing Key
Section titled “Signing Key”The private key used to sign authoritative data. Stored in HSM or KMS and never exposed to clients.
Public Key
Section titled “Public Key”The public portion of a signing key pair. Clients pin public keys and use them to verify signatures.
Trust Boundary
Section titled “Trust Boundary”A conceptual boundary between trusted and untrusted components. Big Picture defines trust boundaries at clients, networks, and services.
Operational Concepts
Section titled “Operational Concepts”Update Check
Section titled “Update Check”A client request to Big Picture asking what action should be taken. Big Picture evaluates policy and returns a signed update decision.
Lease Renewal
Section titled “Lease Renewal”A client request to extend an expiring license lease. License servers evaluate entitlements and issue new leases.
Audit Log
Section titled “Audit Log”An append-only log of all significant events: releases published, policies changed, leases issued, decisions made. Supports compliance and incident response.
Kill Switch
Section titled “Kill Switch”A global or per-tenant mechanism to immediately stop all updates or license issuance. Used for incident response.
Related Concepts
Section titled “Related Concepts”- What Is Big Picture? provides context for these terms
- Core Principles explains the concepts behind the terminology
- See Reference for technical specifications