1.1 Glossary
This document uses the following terms:
administrator: A user who has complete and unrestricted access to the computer or domain.
Advanced Encryption Standard (AES): A block cipher that supersedes the Data Encryption Standard (DES). AES can be used to protect electronic data. The AES algorithm can be used to encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called ciphertext; decrypting the ciphertext converts the data back into its original form, called plaintext. AES is used in symmetric-key cryptography, meaning that the same key is used for the encryption and decryption operations. It is also a block cipher, meaning that it operates on fixed-size blocks of plaintext and ciphertext, and requires the size of the plaintext as well as the ciphertext to be an exact multiple of this block size. AES is also known as the Rijndael symmetric encryption algorithm [FIPS197].
authentication: The ability of one entity to determine the identity of another entity.
authentication level: A numeric value indicating the level of authentication or message protection that remote procedure call (RPC) will apply to a specific message exchange. For more information, see [C706] section 13.1.2.1 and [MS-RPCE].
Authentication Service (AS): A service that issues ticket granting tickets (TGTs), which are used for authenticating principals within the realm or domain served by the Authentication Service.
autonomous system: A group of routers that share a single administrative policy. These routers all use the same routing protocol, called an Interior Gateway Protocol, to communicate.
autonomous system number (ASN): A unique number allocated to each autonomous system for use in the BGP routing protocol.
best route: The optimal route to a network destination, based on specified criteria. This concept is based on the fact that there is a certain "cost" involved in taking a route across a network. The best route to take is the one with the lowest cost, based on specified criteria. This criteria can include the number of networks crossed, the type of network crossed (for example, public or private), or a monetary or bandwidth limit.
BGP speaker: A router that implements the Border Gateway Protocol (BGP).
binary large object (BLOB): A collection of binary data stored as a single entity in a database.
Border Gateway Protocol (BGP): An inter-autonomous system routing protocol designed for TCP/IP routing.
callback: The mechanism through which a remote access client gets called back by the server in order to establish connectivity.
CalledId: Originating address of a call.
certificate: A certificate is a collection of attributes and extensions that can be stored persistently. The set of attributes in a certificate can vary depending on the intended usage of the certificate. A certificate securely binds a public key to the entity that holds the corresponding private key. A certificate is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. Certificates are digitally signed by the issuing certification authority (CA) and can be issued for a user, a computer, or a service. The most widely accepted format for certificates is defined by the ITU-T X.509 version 3 international standards. For more information about attributes and extensions, see [RFC3280] and [X509] sections 7 and 8.
Challenge-Handshake Authentication Protocol (CHAP): A protocol for user authentication to a remote resource. For more information, see [RFC1994] and [RFC2759].
client: A computer on which the remote procedure call (RPC) client is executing.
Compression Control Protocol (CCP): Allows two computers that communicate through Point-to-Point Protocol (PPP) [RFC1661] to negotiate compatible algorithms for sending and receiving compressed PPP frames. The two computers do not use CCP until the network-control-protocol phase of the PPP connection. For more information, see [RFC1962].
connection: The successful completion of necessary protocol arrangements (authentication, network parameters negotiation, and so on) between a remote client computer and the RRAS server to set up a dial-up or virtual private networking (VPN) association. Connection enables the remote client computer to function on the RRAS server network as if it were connected to the server network directly.
Connection Point Services (CPS) phonebook file: A file that contains POP entries.
credential: Previously established, authentication data that is used by a security principal to establish its own identity. When used in reference to the Netlogon Protocol, it is the data that is stored in the NETLOGON_CREDENTIAL structure.
cyclic redundancy check (CRC): An algorithm used to produce a checksum (a small, fixed number of bits) against a block of data, such as a packet of network traffic or a block of a computer file. The CRC is a broad class of functions used to detect errors after transmission or storage. A CRC is designed to catch random errors, as opposed to intentional errors. If errors might be introduced by a motivated and intelligent adversary, a cryptographic hash function has to be used instead.
Data Encryption Standard (DES): A specification for encryption of computer data that uses a 56-bit key developed by IBM and adopted by the U.S. government as a standard in 1976. For more information see [FIPS46-3].
datagram: A style of communication offered by a network transport protocol where each message is contained within a single network packet. In this style, there is no requirement for establishing a session prior to communication, as opposed to a connection-oriented style.
demand-dial: Dialing a preconfigured connection only when there is traffic to be sent. Interfaces configured to do so are called demand dial or dial-on-demand (DOD) interfaces.
device: Any peripheral or part of a computer system that can send or receive data.
dialing rule: The rule that specifies the correct sequence of numbers to dial on a modem device. This includes rules that specify the long distance operator and international prefix that is dialed before domestic long distance or international phone numbers.
Distributed Component Object Model (DCOM): The Microsoft Component Object Model (COM) specification that defines how components communicate over networks, as specified in [MS-DCOM].
domain: A set of users and computers sharing a common namespace and management infrastructure. At least one computer member of the set has to act as a domain controller (DC) and host a member list that identifies all members of the domain, as well as optionally hosting the Active Directory service. The domain controller provides authentication of members, creating a unit of trust for its members. Each domain has an identifier that is shared among its members. For more information, see [MS-AUTHSOD] section 1.1.1.5 and [MS-ADTS].
domain name: A domain name used by the Domain Name System (DNS).
EAP: See Extensible Authentication Protocol (EAP).
endpoint: A client that is on a network and is requesting access to a network access server (NAS).
enhanced key usage (EKU): An extension that is a collection of object identifiers (OIDs) that indicate the applications that use the key.
Extensible Authentication Protocol (EAP): A framework for authentication that is used to provide a pluggable model for adding authentication protocols for use in network access authentication, as specified in [RFC3748].
Exterior Gateway Protocol (EGP): Distributes routing information to the routers that connect autonomous systems to a backbone.
filter: A setting that excludes subfolders (and their contents) or files from replication. There are two types of filters: file filters and folder filters.
filtering: To share a subset of the host applications or windows with participants instead of sharing all of the applications and windows.
forwarder: The forwarder is the kernel-mode component of the router that is responsible for forwarding data from one router interface to the others. The forwarder also decides whether a packet is destined for local delivery, whether it is destined to be forwarded out of another interface, or both. There are two kernel-mode forwarders: unicast and multicast.
globally unique identifier (GUID): A term used interchangeably with universally unique identifier (UUID) in Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the value. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] have to be used for generating the GUID. See also universally unique identifier (UUID).
Hash-based Message Authentication Code (HMAC): A mechanism for message authentication using cryptographic hash functions. HMAC can be used with any iterative cryptographic hash function (for example, MD5 and SHA-1) in combination with a secret shared key. The cryptographic strength of HMAC depends on the properties of the underlying hash function.
interface: Represents a network that a computer or device can reach via an adapter. Each interface has a unique interface identifier index. Active interfaces have an adapter that provides connectivity to the network they represent. Inactive interfaces do not have an adapter unless an administrator disabled the interface after an adapter was allocated. Routing a packet to a network represented by an interface will cause the router to allocate an adapter to bind to that interface and will establish a connection to that network. A local area network (LAN) interface corresponds to an actual physical device in the computer, a LAN adapter. A WAN interface receives its network layer address from the remote peer during the connection process, known as late-binding. A WAN interface is mapped to a port at the time that a connection is established. The port could be a COM port, a parallel port, or a virtual port for tunnels such as PPTP [RFC2637] and L2TP [RFC2661].
Interface Definition Language (IDL): The International Standards Organization (ISO) standard language for specifying the interface for remote procedure calls. For more information, see [C706] section 4.
interface identifier (IID): A GUID that identifies an interface.
internal interface: The interface on the RRAS server that corresponds to all the modem dial-up and virtual private networking clients connected to the RAS server. This is also referred as a dial in interface.
Internet Key Exchange (IKE): The protocol that is used to negotiate and provide authenticated keying material for security associations (SAs) in a protected manner. For more information, see [RFC2409].
key value pair (KVP): A set of two linked data items: a key that is an identifier for some data item, and a value that is a value associated with the data item for the identifier represented by the key.
L2TP: Layer Two Tunneling Protocol, as defined in [RFC2661].
little-endian: Multiple-byte values that are byte-ordered with the least significant byte stored in the memory location with the lowest address.
local computer: In case of a remote access client connection endpoint on the RRAS server, the local computer is the RRAS machine whereas remote computer is the machine from which the client has connected.
locally unique identifier (LUID): A 64-bit value guaranteed to be unique within the scope of a single machine.
main mode (MM): The first phase of an Internet Key Exchange (IKE) negotiation that performs authentication and negotiates a main mode security association (MM SA) between the peers. For more information, see [RFC2409] section 5.
main mode security association (MM SA): A security association that is used to protect Internet Key Exchange (IKE) traffic between two peers. For more information, see [RFC2408] section 2.
marshal: To encode one or more data structures into an octet stream using a specific remote procedure call (RPC) transfer syntax (for example, marshaling a 32-bit integer).
multi exit discriminator (MED): An optional, nontransitive attribute in the BGP that is used as a hint to external neighbors about the preferred path into an autonomous system that has multiple entry points. This is also known as the external metric of a route. A route with a lower MED value is preferred over a higher value.
multicast: Allows a host to send data to only those destinations that specifically request to receive the data. In this way, multicasting differs from sending broadcast data, because broadcast data is sent to all hosts. multicasting saves network bandwidth because multicast data is received only by those hosts that request the data, and the data travels over any link only once. multicasting saves server bandwidth because a server has to send only one multicast message per network instead of one unicast message per receiver.
multicast heartbeat: The ability of the router to listen for a regular multicast notification to a specified group address. Multicast heartbeat is used to verify that IP multicast connectivity is available on the network. If the heartbeat is not received within a configured amount of time, the multicast heartbeat status of the configured interface is set to inactive.
multicast routing protocol: A protocol that manages group membership and controls the path that multicast data takes over the network. Examples of multicast routing protocols include Protocol Independent Multicast (PIM), Multicast Open Shortest Path First (MOSPF), and Distance Vector multicast routing protocol (DVMRP). The Internet Group Management Protocol (IGMP) is a special multicast routing protocol that acts as an intermediary between hosts and routers.
multilink phonebook entry: A dial-up phonebook entry that can connect to the RAS server using multiple configured devices (or channels, in the case of an ISDN device).
named pipe: A named, one-way, or duplex pipe for communication between a pipe server and one or more pipe clients.
NetBEUI: NetBIOS Enhanced User Interface. NetBEUI is an enhanced NetBIOS protocol for network operating systems, originated by IBM for the LAN Manager server and now used with many other networks.
NetBIOS: A particular network transport that is part of the LAN Manager protocol suite. NetBIOS uses a broadcast communication style that was applicable to early segmented local area networks. A protocol family including name resolution, datagram, and connection services. For more information, see [RFC1001] and [RFC1002].
Network Access Protection (NAP): A feature of an operating system that provides a platform for system health-validated access to private networks. NAP provides a way of detecting the health state of a network client that is attempting to connect to or communicate on a network, and limiting the access of the network client until the health policy requirements have been met. NAP is implemented through quarantines and health checks, as specified in [TNC-IF-TNCCSPBSoH].
network address translation (NAT): The process of converting between IP addresses used within an intranet, or other private network, and Internet IP addresses.
Network Address Translator (NAT): An IPv4 router defined in [RFC1631] that can translate the IP addresses and TCP/UDP port numbers of packets as they are forwarded.
network byte order: The order in which the bytes of a multiple-byte number are transmitted on a network, most significant byte first (in big-endian storage). This does not always match the order in which numbers are normally stored in memory for a particular processor.
Network Data Representation (NDR): A specification that defines a mapping from Interface Definition Language (IDL) data types onto octet streams. NDR also refers to the runtime environment that implements the mapping facilities (for example, data provided to NDR). For more information, see [MS-RPCE] and [C706] section 14.
next hop: The next router on the path toward a destination. Packets from a source are forwarded to a destination on a hop-by-hop basis.
next hops: Routes have one or more next hops associated with them. If the destination is not on a directly connected network, the next hop is the address of the next router (or network) on the outgoing network that can best route data to the destination. Each next hop is uniquely identified by the address of the next hop and the interface index used to reach the next hop. If the next hop itself is not directly connected, it is marked as a "remote" next hop. In this case, the forwarder has to perform another lookup using the next hop's network address. This lookup is necessary to find the "local" next hop used to reach the remote next hop and the destination.
object identifier (OID): In the context of an object server, a 64-bit number that uniquely identifies an object.
opnum: An operation number or numeric identifier that is used to identify a specific remote procedure call (RPC) method or a method in an interface. For more information, see [C706] section 12.5.2.12 or [MS-RPCE].
phone book (PBK): A file maintained by RRAS to store telephone numbers, and security and network settings used for RAS connections.
point-to-multipoint interface: An interface that provides communication between a single host and multiple destinations. Point-to-multipoint interfaces can be thought of as a collection of point-to-point links with a single termination, such as an ATM link.
point-to-point interface: An interface that provides communication between a single source and a single destination, such as a PPP link.
port: The logical endpoint of a remote access connection on the client or server.
PPP: Point-to-Point Protocol (PPP), as defined in [RFC1661].
PPPoE: Specifies a method for transmitting PPP frames over Ethernet as specified in [RFC2516].
PPTP: Point-to-Point Tunneling Protocol (PPTP) Profile, as defined in [MS-PTPT].
preshared key: A shared secret agreed upon by two authenticating entities (routing and remote access service (RRAS) server or client in this document).
process identifier (PID): A nonzero integer used by some operating systems (for example, Windows and UNIX) to uniquely identify a process. For more information, see [PROCESS].
quick mode security association (QM SA): A security association (SA) that is used to protect IP packets between peers (the Internet Key Exchange (IKE) traffic is protected by the main mode security association (MM SA)). For more information, see [RFC2409] section 5.5.
RAS port: The logical endpoint of a remote access connection on the client or server.
REG_SZ: A registry value type defined to be a REG_VALUE_TYPE of 1 as defined in [MS-RRP].
registry: A local system-defined database in which applications and system components store and retrieve configuration data. It is a hierarchical data store with lightly typed elements that are logically stored in tree format. Applications use the registry API to retrieve, modify, or delete registry data. The data stored in the registry varies according to the version of the operating system.
Remote Authentication Dial-In User Service (RADIUS): A protocol for carrying authentication, authorization, and configuration information between a network access server (NAS) that prefers to authenticate connection requests from endpoints and a shared server that performs authentication, authorization, and accounting.
remote procedure call (RPC): A communication protocol used primarily between client and server. The term has three definitions that are often used interchangeably: a runtime environment providing for communication facilities between computers (the RPC runtime); a set of request-and-response message exchanges between computers (the RPC exchange); and the single message from an RPC exchange (the RPC message). For more information, see [C706].
RIP for IPX: Routing Information Protocol (RIP) for IPX, is the primary routing protocol used in IPX internetworks.
route: A "network path" to a destination that has a certain cost associated with it. The cost is represented by its administrative preference and its protocol-specific metric.
router: A server that handles data forwarding and runs routing protocols.
routing and remote access service (RRAS) server: A server implementation that is managed by the RRASM protocol and provides routing and remote access service functionality.
routing protocol: Used to exchange information regarding routes to a destination. Routing protocols are either unicast or multicast. Routing protocols advertise routes to a destination. A unicast route to a destination is used by a unicast routing protocol to forward unicast data to that destination. Examples of unicast routing protocols include RIP, OSPF, and Border Gateway Protocol (BGP). A multicast route to a destination is used by some multicast routing protocols to create the information that is used to forward multicast data from hosts on the destination network of the route (known as reverse-path forwarding).
routing table: A table that consists of destinations, routes, and next hops. These entries define a route to a destination network.
RPC protocol sequence: A character string that represents a valid combination of a remote procedure call (RPC) protocol, a network layer protocol, and a transport layer protocol, as described in [C706] and [MS-RPCE].
RRAS entry name: The display name for the RRAS entry.
RRAS entry section: A grouping of the RRAS entry name and the settings associated with the RRAS entry stored as key value pairs.
RRAS Entry Subsection: Refers to a group of related key value pairs in the RRAS Phonebook Entry.
RRAS entry/RRAS phonebook entry/RRAS phonebook section: A grouping of the demand dial connection name and the settings associated with the demand dial connection stored as key value pairs.
RRAS phonebook path: Refers to the location of the phonebook file.
RRASM client: The RPC client-side implementation of the RRASM protocol, which can be used to develop management software to remotely manage the RRAS server.
RRASM server: The RPC server-side implementation of the RRASM protocol, which provides the server endpoint for remote management of the RRAS server implementation.
security association (SA): A simplex "connection" that provides security services to the traffic carried by it. See [RFC4301] for more information.
Server Message Block (SMB): A protocol that is used to request file and print services from server systems over a network. The SMB protocol extends the CIFS protocol with additional security, file, and disk management support. For more information, see [CIFS] and [MS-SMB].
Simple Symmetric Transport Protocol (SSTP): A protocol that enables two applications to engage in bi-directional, asynchronous communication. SSTP supports multiple application endpoints over a single network connection between client nodes.
smart card: A portable device that is shaped like a business card and is embedded with a memory chip and either a microprocessor or some non-programmable logic. Smart cards are often used as authentication tokens and for secure key storage. Smart cards used for secure key storage have the ability to perform cryptographic operations with the stored key without allowing the key itself to be read or otherwise extracted from the card.
static NetBIOS names: The names that can be configured so that NetBIOS over IPX name query broadcasts for specific NetBIOS names can be forwarded using specific interfaces.
static route: A route that is manually added to the routing table. A static route is associated with an interface that represents the remote network. Unlike dynamic routes, static routes are retained even if the router is restarted or the interface is disabled. Typically, routes to remote networks are obtained dynamically through routing protocols. However, the administrator can also seed the routing table by providing routes manually. These routes are referred to as static.
subInterface: For each RAS client connection in RRAS, one is created and has an index similar to interface index called a subInterface index. Different RAS clients on the server are associated with different subInterfaces identified by their subInterface index.
Telephony Application Programming Interface (TAPI): A set of functions that allows programming of telephone line-based devices in a device-independent manner. TAPI is used for the development of communications applications.
terminal window: An ANSI text-only window in a graphical user interface that emulates a console. This is also referred to as a hyper terminal.
transport: routable transport that fits into the router architecture, for example, IPv4, IPv6, or IPX
Unicode: A character encoding standard developed by the Unicode Consortium that represents almost all of the written languages of the world. The Unicode standard [UNICODE5.0.0/2007] provides three forms (UTF-8, UTF-16, and UTF-32) and seven schemes (UTF-8, UTF-16, UTF-16 BE, UTF-16 LE, UTF-32, UTF-32 LE, and UTF-32 BE).
universally unique identifier (UUID): A 128-bit value. UUIDs can be used for multiple purposes, from tagging objects with an extremely short lifetime, to reliably identifying very persistent objects in cross-process communication such as client and server interfaces, manager entry-point vectors, and RPC objects. UUIDs are highly likely to be unique. UUIDs are also known as globally unique identifiers (GUIDs) and these terms are used interchangeably in the Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the UUID. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] has to be used for generating the UUID.
Upstream Partner: The partner that sends out change orders, files, and folders.
User Datagram Protocol (UDP): The connectionless protocol within TCP/IP that corresponds to the transport layer in the ISO/OSI reference model.
view: A subset of the routing table and contains a group of related routes (for example, multicast routes). Views are sometimes called routing information bases (RIBs).
virtual private network (VPN): A network that provides secure access to a private network over public infrastructure.
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.