Device Manager GUI Guide vA4(1.1), Cisco ACE 4700 Series Application Control Engine Appliance
Downloads: This chapterpdf (PDF - 137.0 KB) The complete bookPDF (PDF - 14.95 MB) | Feedback


Table Of Contents


Access Control List. A mechanism in computer security used to enforce privilege separation. An ACL identifies the privileges and access rights a user or client has to a particular object, such as a server, file system, or application.
Places an entity into the resource pool for load balancing content requests or connections and starts the keepalive function. See also suspend.
administrative distance
The first criterion a router uses to determine which routing protocol to use if two protocols provide route information for the same destination. Administrative distance is a measure of the trustworthiness of the source of the routing information. Administrative distance has only local significance, and is not advertised in routing updates.
The smaller the administrative distance value, the more reliable the protocol. The values range from 0 (zero) for a connected interface and 1 for a static route, to 255 for an unknown protocol.
Advanced Encryption Standard. One of the possible encryption algorithms available for use in SNMP communications.
Address Resolution Protocol. Internet protocol used to map an IP address to a MAC address. Defined in RFC 826.

Bridge-Group Virtual Interface. Logical Layer 3-only interface associated with a bridge group when integrated routing and bridging (IRB) is configured.

Cisco CallManager. A Cisco product that provides the software-based, call-processing component of the Cisco IP Telephony Solutions for the Enterprise, part of Cisco AVVID (Architecture for Voice, Video, and Integrated Data). CallManager acts as a signaling proxy for call events initiated over other common protocols such as SIP, ISDN (Integrated Services Digital Network), or MGCP (Media Gateway Control Protocol).
certificate chain
A certificate chain is a hierarchal list of certificates used in SSL that includes the subject's certificate, the root CA certificate, and any intermediate CA certificates.
certificate signing request
See CSR.
A snapshot in time of a known stable ACE running configuration before you begin to modify it. If you encounter a problem with the modifications to the running configuration, you can roll back the configuration to the previous stable configuration checkpoint.
Replaces the Cisco Connection Online Web site. Use this site to access customer service and support.
class map
A mechanism for classifying types of network traffic. The ACE Appliance Device Manager uses class maps to classify the network traffic that is received and transmitted by the ACE appliance. Types of traffic include Layer 3/Layer 4 traffic that can pass through the ACE appliance, network management traffic that can be received by the ACE appliance, and Layer 7 HTTP load-balancing traffic.
Certificate Signing Request. A message sent to a certificate authority, such as VeriSign and Thawte to a apply for a digital identity certificate for use with SSL. The request includes information that identifies the SSL site, such as location and serial number, and a public key that you choose. The request may also provide any additional proof of identity required by the certificate authority.

Data Encryption Standard. One of the possible encryption algorithms available for use in SNMP communications.
Dynamic Feedback Protocol. A protocol that allows load-balanced servers (both local and remote) to dynamically report changes in their status and their ability to provide services.
distinguished name
Used for SSL, a set of attributes that provides the certificate authority with the information it needs to authenticate your site.

A message from the ACE Appliance Device Manager that informs you of activities on parts of the system, including each virtual context, the management system, and hardware components.
event type
Alarm, Log, Audit, Attack Log
A group of related faults.

An abnormal condition that occurs when a system component exceeds a performance threshold or is not functioning properly.
File Transfer Protocol
See FTP.
File Transfer Protocol. Application protocol, part of the TCP/IP protocol stack, used for transferring files between network nodes. FTP is defined in RFC 959.

Hot Standby Router Protocol. A networking protocol that provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop failures in network edge devices or access circuits.

Internet Control Message Protocol. Network layer Internet protocol that reports errors and provides other information relevant to IP packet processing. Documented in RFC 792.
Internet Control Message Protocol.
See ICMP .
1. A network connection.
2. A connection between two systems or devices.
3. In telephony, a shared boundary defined by common physical interconnection characteristics, signal characteristics, and meanings of interchanged signals.

load balancing
An action that spreads network requests among available servers within a cluster of servers, based on a variety of algorithms.

Message Digest 5 or Message-Digest Algorithm. One of the possible encryption algorithms available for use in SNMP communications.
Management Information Base. Database of network management information that is used and maintained by a network management protocol, such as SNMP or CMIP. The value of a MIB object can be changed or retrieved using SNMP or CMIP commands, usually through a GUI network management system. MIB objects are organized in a tree structure that includes public (standard) and private (proprietary) branches.

Name Address Translation. A method of connecting multiple computers to the Internet (or any other IP network) using one IP address.

A physical entity, service, or resource that can be managed using ACE Appliance Device Manager.
object group
A logical grouping of similar objects, such as servers, clients, services, or networks. Creating an object group allows you to apply common attributes to a number of objects without specifying each object individually.

Port Address Translation. A mechanism that allows many devices on a LAN to share one IP address by allocating a unique port address at Layer 4.
Privacy Enhanced Mail. Internet e-mail that provides confidentiality, authentication, and message integrity using various encryption methods. Not widely deployed in the Internet.
A common method for troubleshooting the accessibility of devices.
A ping tests an ICMP echo message and its reply. Because ping is the simplest test for a device, it is the first to be used.
Run ping to view the packets transmitted, packets received, percentage of packet loss, and round-trip time in milliseconds.
Public-Key Cryptography Standards. A series of specifications published by RSA Laboratories for data structures and algorithm usage for basic applications of asymmetric cryptography.
1. An interface on an internetworking device (such as a router); a physical entity.
2. In IP terminology, an upper-layer process that receives information from lower layers. Ports are numbered, and each numbered port is associated with a specific process. For example, SMTP is associated with port 25. A port number is also called a well-known address.
3. To rewrite software or microcode so that it will run on a different hardware platform or in a different software environment than that for which it was originally designed.

Registration, Admission, and Status Protocol. Protocol that is used between endpoints and the gatekeeper to perform management functions. RAS signalling function performs registration, admissions, bandwidth changes, status, and disengage procedures between the VoIP gateway and the gatekeeper.
Role-Based Access Control. A mechanism that allows privileges to be assigned to defined roles. The roles are then assigned to real users, allowing or limiting access to specific features as appropriate for each role.
real server
A real server is a physical device assigned to a server farm.
In internetworking, the duplication of devices, services, or connections so that, in the event of a failure, the redundant devices, services, or connections can perform the work of those that failed.
resource class
A defined set of resources and allocations available for use by a device (such as an ACE appliance). Using resource classes prevents a single device from using all available resources.
See user role.
Rivest, Shamir, and Adelman Signatures. A public-key cryptographic system used for authentication.
Real Time Streaming Protocol. A client-server multimedia presentation control protocol, designed to address the needs for efficient delivery of streamed multimedia over IP networks.

Skinny Client Control Protocol. A proprietary terminal control protocol owned and defined by Cisco as a messaging set between a skinny client and the Cisco CallManager ( CCM). Examples of skinny clients include the Cisco 7900 series of IP phone such as the Cisco 7960, Cisco 7940 and the 802.11b wireless Cisco 7920, along with Cisco Unity voicemail server. See also Skinny.
server farm
A collection of servers that contain the same content.
Server Load Balancer
See SLB.
A destination location where a piece of content resides physically. Also referred to in general terms for this release as including content rules, owners, virtual servers, real servers, and so on.
Simple Message Transfer Protocol
See SMTP .
Session Initiation Protocol. Protocol developed by the IETF MMUSIC Working Group as an alternative to H.323. SIP features are compliant with IETF RFC 2543, published in March 1999. SIP equips platforms to signal the setup of voice and multimedia calls over IP networks.
Skinny is a lightweight protocol which allows for efficient communication with Cisco CallManager. See also SCCP.
Server Load Balancer. A device that makes load balancing decisions based on application availability, server capacity, and load distribution algorithms, such as round robin or least connections. Using load balancing and server/application feedback, an SLB device determines a real server for the packet flow and sends this information to the requesting forwarding agent. After the optimal destination is decided on, all other packets in the packet flow are directed to a real server by the forwarding agent, increasing packet throughput.
special configuration file
Managed file resource on an ACE appliance, such as a piece of a configuration file or a keep-alive script.
Simple Message Transfer Protocol. Internet protocol that provides e-mail services.
A feature that ensures that the same client gets the same server for multiple connections. It is used when applications require a consistent and constant connection to the same server. If you are connecting to a system that keeps state tables about your connection, sticky allows you to get back to the same real server again and retain the statefulness of the system.
Removes an entity from the resource pool for future load-balancing content requests or connections. Suspending a service or device does not affect existing content flows, but it prevents additional connections from accessing the suspended entity or content. See also activate.

Transport Control Protocol. Connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.
A range in which you expect your network to perform. If a threshold is exceeded or goes below the expected bounds, you examine the areas for potential problems. You can create thresholds for a specific device.
A diagnostic tool that helps you understand why ping fails or why applications time out. Using it, you can view each hop (or gateway) on the route to your device and how long each took.
Transport Control Protocol
See TCP.

Uniform Resource Identifier. Type of formatted identifier that encapsulates the name of an Internet object, and labels it with an identification of the name space, thus producing a member of the universal set of names in registered name spaces and of addresses referring to registered protocols or name spaces. [RFC 1630]
user role
A mechanism for granting access to features and functionality to a user account.

virtual context
A concept that allows users to partition an ACE appliance into multiple virtual devices. Each virtual context contains its own set of policies, interfaces, resources, and administrators, allowing administrators to more efficiently manage system resources and services.
Virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.
VLAN Trunking Protocol
See VTP.
virtual server
A virtual server represents groups of real servers and are associated with a real server farm.
VLAN Trunking Protocol. A Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs within a VTP domain. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
VTP domain
Also called a VLAN management domain, a domain composed of one or more network devices that share the same VTP domain name and that are interconnected with trunks.

Web server
A machine that contains Web pages that are accessible by others.