Key Terms to Virtualization and Cloud Computing

NFV - network functions virtualization

A network architecture that merges physical and virtual network devices.

DMVPN (Dynamic Multipoint VPN)

A particular type of enterprise VPN using Cisco devices that dynamically creates VPN tunnels between branch locations as needed rather than requiring constant, static tunnels for site-to-site connections.

SDN controller

A product that integrates configuration and management control of all network devices, both physical and virtual, into one cohesive system that is overseen by the network administrator through a single dashboard.

handshake protocol

A protocol within SSL that allows the client and server to authenticate (or introduce) each other and establishes terms for how they securely exchange data during an SSL session.

key

A series of characters that is combined with a block of data during that data's encryption.

RAS (remote access server)

A server that runs communications services enabling remote users to log on to a network and grant privileges to the network's resources.

SaaS

A service model in which applications are provided through an online user interface and are compatible with a multitude of devices and operating systems.

IaaS

A service model in which hardware services are provided virtually, including network infrastructure devices such as virtual servers.

subscription model

A service model in which software is provided by subscription.

PaaS

A service model in which various platforms are provided virtually, enabling developers to build and test applications within virtual, online environments tailored to the specific needs of a project.

digital certificate

A small file containing verified identification information about the user and the user's public key.

PPPoE (Point-to-Point Protocol over Ethernet)

PPP running over an Ethernet network.

VNC (Virtual Network Computing)

Software that uses the cross-platform protocol RFB (remote frame buffer) to remotely control a workstation or server.

data plane

The actual contact made between physical devices and data transmissions as messages traverse a network.

IKEv2

The current version of IKE that offers fast throughput and good stability when moving between wireless hotspots.

hypervisor

The element of virtualization software that manages multiple guest machines and their connections to the host (and by association, to a physical network).

virtualization

The emulation of all or part of a computer or network.

cloud computing

The flexible provision of data storage, applications, or services to clients over the Internet.

ESP (Encapsulating Security Payload)

In the context of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques and encrypts the entire IP packet for added security.

Authentication Header

In the context of IPsec, a type of encryption that provides authentication of the IP packet's data payload through public key techniques.

client_hello

In the context of SSL encryption, a message issued from the client to the server that contains information about what level of security the client's browser is capable of accepting and what type of encryption the client's browser can decipher.

server_hello

In the context of SSL encryption, a message issued from the server to the client that confirms the information the server received in the client_hello message. It also agrees to certain terms of encryption based on the options the client supplied.

guest

In the context of virtualization, a virtual machine operated and managed by a virtualization program.

IKE (Internet Key Exchange)

One of two services in the key management phase of creating a secure IPsec connection. This negotiates the exchange of keys, including authentication of the keys.

ISAKMP (Internet Security Association and Key Management Protocol)

One of two services in the key management phase of creating a secure IPsec connection. This works within the IKE process to establish policies for managing the keys.

host

(1) Any computer or device on a network that provides or uses a resource such as an application or data. (2) In the context of virtualization, the physical computer on which virtualization software operates and manages guests.

PPP (Point-to-Point Protocol)

A Layer 2 communications protocol that enables a workstation to connect to a server using a serial connection such as dial-up or DSL.

PPTP (Point-to-Point Tunneling Protocol)

A Layer 2 protocol developed by Microsoft that encapsulates PPP data frames for transmission over VPN connections.

IPsec

A Layer 3 protocol that defines encryption, authentication, and key management for TCP/IP transmissions. This is an enhancement to IPv4 and is native to IPv6.

L2TP (Layer 2 Tunneling Protocol)

A VPN tunneling protocol that encapsulates PPP data for use on VPNs.

SDN (Software Defined Networking)

A centralized approach to networking that removes most of the decision-making power from network devices and instead handles that responsibility at a software level.

PoP (Point of Presence)

A data center facility at which a provider rents space to allow for dedicated connection services.

colocation facility / carrier hotel

A data center facility that is shared by a variety of providers.

out-of-band management

A dedicated connection (either wired or wireless) from the network administrator's computer used to manage each critical network device, such as routers, firewalls, servers, power supplies, applications, and security cameras.

community cloud

A deployment model in which flexible data storage, applications, or services are shared between multiple organizations, but not available publicly.

hybrid cloud

A deployment model in which shared and flexible data storage, applications, or services are made available through a combination of other service models into a single deployment, or a collection of services connected within the cloud.

public cloud

A deployment model in which shared and flexible data storage, applications, or services are managed centrally by service providers and delivered over public transmission lines, such as the Internet.

private cloud

A deployment model in which shared and flexible data storage, applications, or services are managed on and delivered via an organization's own network, or established virtually for a single organization's private use.

hosted virtual desktop

A desktop operating environment hosted virtually on a different physical computer from the one the user interacts with.

console router

A device that provides centralized management of all linked devices.

console server

A device that provides centralized management of all linked devices.

public key encryption / asymmetric encryption

A form of key encryption in which data is encrypted using two keys: One is a key known only to a user (that is, a private key), and the other is a key associated with the user and that can be obtained from a public source, such as a public key server.

Type 2 hypervisor

A hypervisor that installs in a host OS as an application and is called a hosted hypervisor.

Type 1 hypervisor

A hypervisor that installs on a computer before any OS and is therefore called a bare-metal hypervisor.

vNIC (virtual NIC)

A logically defined network interface associated with a virtual machine.

remote access

A method for connecting and logging on to a server, LAN, or WAN from a workstation that is in a different geographical location.

VPN concentrator

A specialized device that authenticates VPN clients, establishes tunnels for VPN connections, and manages encryption for VPN transmissions.

in-band management

A switch management option, such as Telnet, that uses the existing network and its protocols to interface with a switch.

confidentiality, integrity and availability triad

A three-tenet, standard security model describing the primary ways that encryption protects data. Confidentiality ensures that data can only be viewed by its intended recipient or at its intended destination. Integrity ensures that data was not modified after the sender transmitted it and before the receiver picked it up. Availability ensures that data is available to and accessible by the intended recipient when needed.

GRE (Generic Routing Encapsulation)

A tunneling protocol developed by Cisco that is used to transmit PPP data frames through a VPN tunnel.

site-to-site VPN

A type of VPN in which VPN gateways at multiple sites encrypt and encapsulate data to exchange over tunnels with other VPN gateways. Meanwhile, clients, servers, and other hosts on a site-to-site VPN communicate with the VPN gateway.

client-to-site VPN

A type of VPN in which clients, servers, and other hosts establish tunnels with a private network using a VPN gateway at the edge of the private network.

XaaS

A type of cloud computing in which the cloud can provide any combination of functions depending on a client's exact needs, or assumes functions beyond networking including, for example, monitoring, storage, applications, and virtual desktops.

private key encryption / symmetric encryption

A type of key encryption in which the sender and receiver use a key to which only they have access.

host-only mode

A type of network connection in which VMs on a host can exchange data with each other and with their host, but they cannot communicate with any nodes beyond the host. In this mode, VMs use the DHCP service in the host's virtualization software to obtain IP address assignments.

bridged mode

A type of network connection in which a vNIC accesses a physical network using the host machine's NIC. The bridged vNIC obtains its own IP address, default gateway, and subnet mask information from the physical LAN's DHCP server.

NAT mode (Virtualization)

A type of network connection in which a vNIC relies on the host machine to act as a NAT device. The virtualization software acts as a DHCP server.

DTLS (Datagram Transport Layer Security)

A variant of TLS designed specifically for streaming communications.

FTPS

A version of FTP that incorporates the TLS and SSL protocols for added security.

VPN (Virtual Private Network)

A virtual connection between a client and a remote network, two remote networks, or two remote hosts over the Internet or other types of networks, to remotely provide network resources.

management url

A web-based user interface where the user can make changes directly to a device.

DNS spoofing

An attack in which an outsider forges name server records to falsify his host's identity.

virtual firewall

An installation of a firewall's operating system in a VM.

virtual router

An installation of a router's operating system in a VM.

OpenVPN

An open-source VPN software that is available for multiple platforms.

certificate authority

An organization that issues and maintains digital certificates as part of the PKI (public-key infrastructure).

key management

The method whereby two nodes using key encryption agree on common parameters for the keys they will use to encrypt data.

platform

The operating system, the runtime libraries or modules the OS provides to applications, and the hardware on which the OS runs.

control plane

The process of decision making, such as routing, blocking, and forwarding, that is performed by protocols.

port forwarding

The process of redirecting traffic from its normally assigned port to a different port, either on the client or server.

PKI (Public Key Infrastructure)

The use of certificate authorities to associate public keys with certain users