Access Control List. A mechanism in computer security used to enforce privilege separation. An ACL identifies the privileges and access rights a user or client has to a particular object, such as a server, file system, or application.
Places an entity into the resource pool for load balancing content requests or connections and starts the keepalive function.
See also suspend.
The first criterion a router uses to determine which routing protocol to use if two protocols provide route information for the same destination. Administrative distance is a measure of the trustworthiness of the source of the routing information. Administrative distance has only local significance, and is not advertised in routing updates.
The smaller the administrative distance value, the more reliable the protocol. The values range from 0 (zero) for a connected interface and 1 for a static route, to 255 for an unknown protocol.
Advanced Encryption Standard. One of the possible encryption algorithms available for use in SNMP communications.
Address Resolution Protocol. Internet protocol used to map an IP address to a MAC address. Defined in RFC 826.
Bridge-Group Virtual Interface. Logical Layer 3-only interface associated with a bridge group when integrated routing and bridging (IRB) is configured.
A certificate chain is a hierarchal list of certificates used in SSL that includes the subject's certificate, the root CA certificate, and any intermediate CA certificates.
Replaces the Cisco Connection Online Web site. Use this site to access customer service and support.
A mechanism for classifying types of network traffic. The ACE Appliance Device Manager uses class maps to classify the network traffic that is received and transmitted by the ACE appliance. Types of traffic include Layer 3/Layer 4 traffic that can pass through the ACE appliance, network management traffic that can be received by the ACE appliance, and Layer 7 HTTP load-balancing traffic.
Certificate Signing Request. A message sent to a certificate authority, such as VeriSign and Thawte to a apply for a digital identity certificate for use with SSL. The request includes information that identifies the SSL site, such as location and serial number, and a public key that you choose. The request may also provide any additional proof of identity required by the certificate authority.
File Transfer Protocol. Application protocol, part of the TCP/IP protocol stack, used for transferring files between network nodes. FTP is defined in RFC 959.
Hot Standby Router Protocol. A networking protocol that provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first hop failures in network edge devices or access circuits.
Internet Control Message Protocol. Network layer Internet protocol that reports errors and provides other information relevant to IP packet processing. Documented in RFC 792.
1. A network connection.
2. A connection between two systems or devices.
3. In telephony, a shared boundary defined by common physical interconnection characteristics, signal characteristics, and meanings of interchanged signals.
An action that spreads network requests among available servers within a cluster of servers, based on a variety of algorithms.
Message Digest 5 or Message-Digest Algorithm. One of the possible encryption algorithms available for use in SNMP communications.
Management Information Base. Database of network management information that is used and maintained by a network management protocol, such as SNMP or CMIP. The value of a MIB object can be changed or retrieved using SNMP or CMIP commands, usually through a GUI network management system. MIB objects are organized in a tree structure that includes public (standard) and private (proprietary) branches.
Name Address Translation. A method of connecting multiple computers to the Internet (or any other IP network) using one IP address.
A physical entity, service, or resource that can be managed using ACE Appliance Device Manager.
Port Address Translation. A mechanism that allows many devices on a LAN to share one IP address by allocating a unique port address at Layer 4.
Privacy Enhanced Mail. Internet e-mail that provides confidentiality, authentication, and message integrity using various encryption methods. Not widely deployed in the Internet.
A common method for troubleshooting the accessibility of devices.
A ping tests an ICMP echo message and its reply. Because ping is the simplest test for a device, it is the first to be used.
Run ping to view the packets transmitted, packets received, percentage of packet loss, and round-trip time in milliseconds.
Public-Key Cryptography Standards. A series of specifications published by RSA Laboratories for data structures and algorithm usage for basic applications of asymmetric cryptography.
1. An interface on an internetworking device (such as a router); a physical entity.
2. In IP terminology, an upper-layer process that receives information from lower layers. Ports are numbered, and each numbered port is associated with a specific process. For example, SMTP is associated with port 25. A port number is also called a well-known address.
3. To rewrite software or microcode so that it will run on a different hardware platform or in a different software environment than that for which it was originally designed.
Role-Based Access Control. A mechanism that allows privileges to be assigned to defined roles. The roles are then assigned to real users, allowing or limiting access to specific features as appropriate for each role.
A real server is a physical device assigned to a server farm.
In internetworking, the duplication of devices, services, or connections so that, in the event of a failure, the redundant devices, services, or connections can perform the work of those that failed.
A defined set of resources and allocations available for use by a device (such as an ACE appliance). Using resource classes prevents a single device from using all available resources.
Server Load Balancer. A device that makes load balancing decisions based on application availability, server capacity, and load distribution algorithms, such as round robin or least connections. Using load balancing and server/application feedback, an SLB device determines a real server for the packet flow and sends this information to the requesting forwarding agent. After the optimal destination is decided on, all other packets in the packet flow are directed to a real server by the forwarding agent, increasing packet throughput.
special configuration file
Managed file resource on an ACE appliance, such as a piece of a configuration file or a keep-alive script.
Simple Message Transfer Protocol. Internet protocol that provides e-mail services.
A feature that ensures that the same client gets the same server for multiple connections. It is used when applications require a consistent and constant connection to the same server. If you are connecting to a system that keeps state tables about your connection, sticky allows you to get back to the same real server again and retain the statefulness of the system.
Removes an entity from the resource pool for future load-balancing content requests or connections. Suspending a service or device does not affect existing content flows, but it prevents additional connections from accessing the suspended entity or content.
See also activate.
Transport Control Protocol. Connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack.
A range in which you expect your network to perform. If a threshold is exceeded or goes below the expected bounds, you examine the areas for potential problems. You can create thresholds for a specific device.
A mechanism for granting access to features and functionality to a user account.
A concept that allows users to partition an ACE appliance into multiple virtual devices. Each virtual context contains its own set of policies, interfaces, resources, and administrators, allowing administrators to more efficiently manage system resources and services.
Virtual LAN. Group of devices on one or more LANs that are configured (using management software) so that they can communicate as if they were attached to the same wire, when in fact they are located on a number of different LAN segments. Because VLANs are based on logical instead of physical connections, they are extremely flexible.
A virtual server represents groups of real servers and are associated with a real server farm.
VLAN Trunking Protocol. A Layer 2 messaging protocol that maintains VLAN configuration consistency by managing the addition, deletion, and renaming of VLANs within a VTP domain. VTP minimizes misconfigurations and configuration inconsistencies that can result in a number of problems, such as duplicate VLAN names, incorrect VLAN-type specifications, and security violations.
Also called a VLAN management domain, a domain composed of one or more network devices that share the same VTP domain name and that are interconnected with trunks.
A machine that contains Web pages that are accessible by others.