GlossaryΒΆ
A clarification on terminology used throughout this document.
- Disk Volume
Todo
Explain.
- DMZ
- There is no such thing as a de-militarized zone at the outer edges of your networks. Rather, what we call a DMZ is actually a Perimeter Network.
- Firewall
Firewalling is a capability associated with OSI model layer 3 and above [1]. As such, a firewall is capable of at least filtering traffic on the basis IP source and destination addresses, and for TCP and UDP traffic, the source and destination ports.
More advanced firewalls are able to perform deeper packet inspection, usually ISO model layer 5 and above, but may incur penalties in order to be able to achieve such inspection (TLS termination, for example).
- High-Availability
High availability is achieved through any of a series techniques with which the amount of time spent on recovering from a failure can be minimized.
It usually involves some or the other topology-specific nomenclature, such as active-passive, active-active, hot-cold, hot-warm, hot-hot, or somesuch abstract title.
High-Availability that achieves a near-100% service availability despite failures is a real target for hypothetical situations. It requires structure, planning, design, infrastructure and continuous care, but whether it works the way you intended will not show at all (it worked, nobody noticed anything), or show (it failed, and a number of users complain about it as loudly as they can).
See also
- IMAP Backend
- (...)
- IMAP Frontend
- (...)
- Inner Perimeter Firewall
The inner perimeter firewall resides in between perimeter networks and internal networks. It’s job is to ensure that traffic that ascends from the perimeter network in to the internal networks is allowed and ends up at the correct endpoint.
Note
Use the term inner perimeter to indicate the inner edge of a perimeter area of the networking infrastructure.
The use of the term “external” would confuse the precise position the nodes have within the full network topology, as the outer perimeter firewalls are also considered “external”, and both have a logical position close to the perimeter.
- Internal Firewall
- Explain.
- Internal Mail Exchanger
- (...)
- Internal Network
- Explain.
- Load-Balancer
Todo
Perhaps explain what a load-balancer is/does.
- Load-Balancing
Todo
Explain
- Node
A node is an operating system instance.
As such, the term node is orthogonal to the underlying environment, which may be physical hardware or a virtualization technology.
- operating system disks
Storage used for the operating system installation.
See also
- Outer Perimeter Firewall
Outer Perimeter Firewalls are physically connected to the Internet on at least one interface, either directly or indirectly (through a CER or generic switching infrastructure).
Other interfaces on the Outer Perimeter Firewall are likely connected to switching infrastructure and apply 802.1q encapsulation to enhance traffic integrity in to the perimeter networks.
Note
Use the term outer perimeter to indicate the outer edge of an area of the networking infrastructure.
The use of the term “external” would confuse the precise position the nodes have within the full network topology, as the inner perimeter firewalls are also considered “external”, and both have a logical position close to the perimeter.
- payload disks
Storage used for information.
See also
- Perimeter Network
A Perimeter Network is a segment of a larger network, in which nodes reside that are an endpoint for inbound or outbound traffic.
This will most certainly include traffic that originates from outside your networks, targeted at endpoints within your networks, but may also include traffic that nodes inside your networks initiate to the outside world.
- Policy Enforcement Point
A Policy Enforcement Point is a point within an infrastructure that nodes are required to descend on their way to contacting other services.
One example of policy enforcement at such point is prohibiting HTTP(S) traffic directly outbound, requiring the node to use a proxy service.
- Redundancy
Todo
Explain.
- Service Endpoint
Todo
Explain.
- Storage Volume Level Replication
Todo
Explain.
- Transparent Forward Proxy
Todo
Explain what a transparent forward proxy is.
See also
- Transparent Proxy
Todo
Explain how this terminology is misleading.
- Transparent Reverse Proxy
Todo
Explain what a transparent reverse proxy is.
See also
Footnotes
[1] | That is not to say that firewalls cannot apply rules that use OSI model layer 2 information. |