GlossaryΒΆ

A clarification on terminology used throughout this document.

Disk Volume

Todo

Explain.

DMZ
There is no such thing as a de-militarized zone at the outer edges of your networks. Rather, what we call a DMZ is actually a Perimeter Network.
Firewall

Firewalling is a capability associated with OSI model layer 3 and above [1]. As such, a firewall is capable of at least filtering traffic on the basis IP source and destination addresses, and for TCP and UDP traffic, the source and destination ports.

More advanced firewalls are able to perform deeper packet inspection, usually ISO model layer 5 and above, but may incur penalties in order to be able to achieve such inspection (TLS termination, for example).

High-Availability

High availability is achieved through any of a series techniques with which the amount of time spent on recovering from a failure can be minimized.

It usually involves some or the other topology-specific nomenclature, such as active-passive, active-active, hot-cold, hot-warm, hot-hot, or somesuch abstract title.

High-Availability that achieves a near-100% service availability despite failures is a real target for hypothetical situations. It requires structure, planning, design, infrastructure and continuous care, but whether it works the way you intended will not show at all (it worked, nobody noticed anything), or show (it failed, and a number of users complain about it as loudly as they can).

IMAP Backend
(...)
IMAP Frontend
(...)
Inner Perimeter Firewall

The inner perimeter firewall resides in between perimeter networks and internal networks. It’s job is to ensure that traffic that ascends from the perimeter network in to the internal networks is allowed and ends up at the correct endpoint.

Note

Use the term inner perimeter to indicate the inner edge of a perimeter area of the networking infrastructure.

The use of the term “external” would confuse the precise position the nodes have within the full network topology, as the outer perimeter firewalls are also considered “external”, and both have a logical position close to the perimeter.

Internal Firewall
Explain.
Internal Mail Exchanger
(...)
Internal Network
Explain.
Load-Balancer

Todo

Perhaps explain what a load-balancer is/does.

Load-Balancing

Todo

Explain

Node

A node is an operating system instance.

As such, the term node is orthogonal to the underlying environment, which may be physical hardware or a virtualization technology.

operating system disks

Storage used for the operating system installation.

See also

Outer Perimeter Firewall

Outer Perimeter Firewalls are physically connected to the Internet on at least one interface, either directly or indirectly (through a CER or generic switching infrastructure).

Other interfaces on the Outer Perimeter Firewall are likely connected to switching infrastructure and apply 802.1q encapsulation to enhance traffic integrity in to the perimeter networks.

Note

Use the term outer perimeter to indicate the outer edge of an area of the networking infrastructure.

The use of the term “external” would confuse the precise position the nodes have within the full network topology, as the inner perimeter firewalls are also considered “external”, and both have a logical position close to the perimeter.

payload disks

Storage used for information.

Perimeter Network

A Perimeter Network is a segment of a larger network, in which nodes reside that are an endpoint for inbound or outbound traffic.

This will most certainly include traffic that originates from outside your networks, targeted at endpoints within your networks, but may also include traffic that nodes inside your networks initiate to the outside world.

Policy Enforcement Point

A Policy Enforcement Point is a point within an infrastructure that nodes are required to descend on their way to contacting other services.

One example of policy enforcement at such point is prohibiting HTTP(S) traffic directly outbound, requiring the node to use a proxy service.

Redundancy

Todo

Explain.

Service Endpoint

Todo

Explain.

Storage Volume Level Replication

Todo

Explain.

Transparent Forward Proxy

Todo

Explain what a transparent forward proxy is.

Transparent Proxy

Todo

Explain how this terminology is misleading.

Transparent Reverse Proxy

Todo

Explain what a transparent reverse proxy is.

Footnotes

[1]That is not to say that firewalls cannot apply rules that use OSI model layer 2 information.