======== Glossary ======== A clarification on terminology used throughout this document. .. glossary:: Disk Volume .. TODO:: Explain. DMZ There is no such thing as a de-militarized zone at the outer edges of your networks. Rather, what we call a DMZ is actually a :term:`Perimeter Network`. Firewall Firewalling is a capability associated with OSI model layer 3 and above [#]_. As such, a firewall is capable of at least filtering traffic on the basis IP source and destination addresses, and for TCP and UDP traffic, the source and destination ports. More advanced firewalls are able to perform deeper packet inspection, usually ISO model layer 5 and above, but may incur penalties in order to be able to achieve such inspection (TLS termination, for example). High-Availability High availability is achieved through any of a series techniques with which the amount of time spent on recovering from a failure can be minimized. It usually involves some or the other topology-specific nomenclature, such as active-passive, active-active, hot-cold, hot-warm, hot-hot, or somesuch abstract title. High-Availability that achieves a near-100% service availability despite failures is a real target for hypothetical situations. It requires structure, planning, design, infrastructure and continuous care, but whether it works the way you intended will not show at all (it worked, nobody noticed anything), or show (it failed, and a number of users complain about it as loudly as they can). .. seealso:: * :term:`Load-Balancing` * :term:`Redundancy` IMAP Backend (...) IMAP Frontend (...) Inner Perimeter Firewall The :term:`inner perimeter firewall` resides in between :term:`perimeter networks ` and :term:`internal networks `. It's job is to ensure that traffic that ascends from the :term:`perimeter network` in to the :term:`internal networks ` is allowed and ends up at the correct endpoint. .. NOTE:: Use the term **inner perimeter** to indicate the inner edge of a perimeter area of the networking infrastructure. The use of the term *"external"* would confuse the precise position the nodes have within the full network topology, as the :term:`outer perimeter firewalls ` are also considered *"external"*, and both have a logical position close to the perimeter. Internal Firewall Explain. Internal Mail Exchanger (...) Internal Network Explain. Load-Balancer .. TODO:: Perhaps explain what a load-balancer is/does. Load-Balancing .. TODO:: Explain Node A :term:`node` is an operating system instance. As such, the term :term:`node` is orthogonal to the underlying environment, which may be physical hardware or a virtualization technology. operating system disks Storage used for the operating system installation. .. seealso:: * :term:`payload disks` Outer Perimeter Firewall :term:`Outer Perimeter Firewalls ` are physically connected to the Internet on at least one interface, either directly or indirectly (through a :abbr:`CER (Customer Edge Router)` or generic switching infrastructure). Other interfaces on the :term:`Outer Perimeter Firewall` are likely connected to switching infrastructure and apply 802.1q encapsulation to enhance traffic integrity in to the :term:`perimeter networks `. .. NOTE:: Use the term **outer perimeter** to indicate the outer edge of an area of the networking infrastructure. The use of the term *"external"* would confuse the precise position the nodes have within the full network topology, as the :term:`inner perimeter firewalls ` are also considered *"external"*, and both have a logical position close to the perimeter. payload disks Storage used for information. .. seealso:: * :term:`operating system disks` Perimeter Network A :term:`Perimeter Network` is a segment of a larger network, in which :term:`nodes ` reside that are an endpoint for inbound or outbound traffic. This will most certainly include traffic that originates from outside your networks, targeted at endpoints within your networks, but may also include traffic that :term:`nodes ` inside your networks initiate to the outside world. Policy Enforcement Point A :term:`Policy Enforcement Point` is a point within an infrastructure that :term:`nodes ` are required to descend on their way to contacting other services. One example of policy enforcement at such point is prohibiting HTTP(S) traffic directly outbound, requiring the :term:`node` to use a proxy service. Redundancy .. TODO:: Explain. Service Endpoint .. TODO:: Explain. Storage Volume Level Replication .. TODO:: Explain. Transparent Forward Proxy .. TODO:: Explain what a transparent forward proxy is. .. seealso:: * :term:`Transparent Reverse Proxy` Transparent Proxy .. TODO:: Explain how this terminology is misleading. Transparent Reverse Proxy .. TODO:: Explain what a transparent reverse proxy is. .. seealso:: * :term:`Transparent Forward Proxy` .. rubric:: Footnotes .. [#] That is not to say that firewalls cannot apply rules that use OSI model layer 2 information.