1.1 Glossary

This document uses the following terms:

Active Directory domain: A domain hosted on Active Directory. For more information, see [MS-ADTS].

Active Directory forest: See forest.

address category: The categorization of an IP address or an address space based on the communication that it enables. An address (or an address space) can be public when it is globally unique and can be used for communication over the Internet. [IANA-IPV4] specifies the address ranges that belong to this category. An address (or an address space) can be private, in which case it is unique within an enterprise or an autonomous network and cannot be used to communicate with the public network. [RFC1918] specifies the address ranges that belong to this category. For IPv6, the equivalent term for the public address category is the global unicast address space as specified by [RFC4291].

address space management: The activities that manage the IP address space of a network. Management activities include, but are not limited to, reserving and allocating addresses and address ranges to various hosts or portions of the network, or network planning based on current address space utilization.

audit log: A record of activities performed by the Dynamic Host Configuration Protocol (DHCP) server. The name of the audit log file is based on the current day of the week. For example, on Monday the name of the audit log file is DhcpSrvLog-Mon.

audit purge: The maintenance activity of purging the audit data such as DHCP configuration change events, IPAM configuration change events, and IP address tracking events.

binary large object (BLOB): A collection of binary data stored as a single entity in a database.

built-in custom field: A custom field that is predefined in the IPAM data store.

built-in logical group: A logical group that is predefined in the IPAM data store.

configuration audit: The system activity of logging configuration changes initiated by users on an entity in a secure data store to create a record of the configuration change.

configuration audit event: A specific event in the configuration change data store containing information about a configuration change.

custom field: An extensible name-value property that can be tagged as additional metadata with IP address ranges, IP addresses, and servers in IPAM.

custom field value: A value of the custom field.

DHCP configuration audit: The configuration audit generated by the DHCP server to track DHCP configuration change events. Conditions can be specified based on a set of fields that are present in the DHCP client request. The settings are the network configuration parameters (IP address, options, lease duration) that are provided to clients in the DHCP server response.

DHCPv6 stateless client inventory: An inventory of stateless clients being serviced by the DHCPv6 server, maintained in the persistent store.

DUID: A DHCP unique identifier that is used to identify DHCPv6 clients and servers, as specified in [RFC3315] section 9.

event: A discrete unit of historical data that an application exposes that may be relevant to other applications. An example of an event would be a particular user logging on to the computer.

event descriptor: A structure indicating the kind of event. For example, a user logging on to the computer could be one kind of event, while a user logging off would be another, and these events could be indicated by using distinct event descriptors.

event log: A collection of records, each of which corresponds to an event.

EventID: An integer indicating the type of event. For example, a user logging on to the computer could be one type of event while a user logging off would be another type; and these events could be indicated by using distinct EventIDs.

exclusion range: The range of IP addresses in a scope that are not given out to DHCP clients.

forward lookup DNS zone: A zone that consists of pointer (PTR) resource records that provide a mapping of DNS host names to their corresponding IP addresses.

fully qualified domain name (FQDN): An unambiguous domain name that gives an absolute location in the Domain Name System's (DNS) hierarchy tree, as defined in [RFC1035] section 3.1 and [RFC2181] section 11.

globally unique identifier (GUID): A term used interchangeably with universally unique identifier (UUID) in Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the value. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] must be used for generating the GUID. See also universally unique identifier (UUID).

group object: A database object that represents a collection of user and group objects and has a security identifier (SID) value.

initiating operation: A WSDL operation that is the first operation sent by the client.

IP address audit: The information that provides the various activities pertaining to the usage of an IP address on a device or a host.

IP address block: A container defined using the network number as defined in [RFC1519], and prefix length that can be used to organize the overall IP address space in any network. An IP address block can have other IP address blocks as child blocks to define smaller containers that can be used to organize a smaller portion of the same address space.

IP address block utilization: The utilization information calculated as the aggregate size of the assigned address space and utilized address space belonging to an IP address block.

IP address range: A range of contiguous IP address that is part of an IP address space and is assigned for use in various elements of the network in the form of assigned address space. An IP address range is typically configured as a DHCP scope on a DHCP server or as a static address pool for static address assignment to devices and hosts.

IP address range utilization: The size of the utilized address space of an IP address range.

IP address space: The set of all possible Internet addresses or any contiguous subset of Internet addresses.

IPAM Administrators: Users who have the privileges to view all IPAM data and perform all IPAM tasks.

IPAM ASM Administrators: Users who are in the IPAM Users IPAM security group and have the privileges to perform the add and modify address space management operations. Such users are Address Space Management (ASM) Administrators.

IPAM configuration audit: The configuration audit generated for the IPAM-specific configuration changes performed on the IPAM server.

IPAM data store: The database used by the IPAM server to store data relevant for address space management, including information from DHCP and DNS server instances.

IPAM IP Audit Administrators: Users who are in the IPAM Users IPAM security group and have the privileges to view IP address audit information.

IPAM MSM Administrators: Users who are in the IPAM Users IPAM security group and have the privileges to manage DHCP and DNS server instance-specific information. Such users are Multi Server Management (MSM) Administrators.

IPAM security groups: The security principals, as groups of users segregated by role. The IPAM server uses these groups to provide role-based access control over various features of IPAM. The IPAM security groups include IPAM Administrators, IPAM ASM Administrators, IPAM MSM Administrators, IPAM IP Audit Administrators, and IPAM Users.

IPAM server: The machine implementing the IPAM management protocol server.

IPAM task: Any of a set of tasks on the IPAM server which retrieve data from managed servers and IPAM servers to update IPAM views for tracking, monitoring, and managing those servers. These tasks include server discovery for automatic discovery of domain controllers, DHCP servers, and DNS servers; server configuration for collecting configuration information from DHCP and DNS servers; address utilization for collecting address utilization data from DHCP servers; event collection for collecting configuration audit events from DHCP and IPAM servers, user logon events from domain controllers and Network Policy Server (NPS) servers, and IP address audit information from DHCP servers; server availability for collecting service status information from DHCP and DNS servers; service monitoring for collecting DNS zone status events from DNS servers; and address expiry for calculating the expiration state of the addresses in the IPAM data store and logging expiration events.

IPAM Users: Users who have the privileges to view all information in IPAM data store except the IP address audit information.

lease record: An entry in the DHCP server database that defines the IP address that is leased out to a client. The record includes details about the IP address bound to the client, and also contains a collection of other configuration parameters.

logical group: A user-defined hierarchical classification of objects such as IP addresses, IP address ranges, and active servers in the IPAM data store. It is a collection of multivalued custom fields that form the various levels of the hierarchy. Each level of the hierarchy contains the possible values of the custom field at that level.

logical group hierarchy: A hierarchy of custom field values generated from a logical group definition. The logical group defines the custom field used to generate a particular level in the hierarchy. The values of the custom field form the nodes at that particular level.

logical group node: A specific node in the logical group hierarchy. The set of custom field values in the logical group hierarchy from the node to the root of the hierarchy form a criteria. The data that have custom fields associated with them, such as addresses, address ranges, and servers, can be queried for a logical group node. The data that contains all of the custom field values that form the hierarchy for the logical group node are considered to meet the criteria for the logical group node.

management server: The server endpoint of the IPAM Management Protocol.

option definition: Defines an option for a vendor class. The definition consists of two parts: an option ID and an option name.

option ID: A unique integer value used to identify a specific option [RFC2132].

option type: The data format type used for the value of a specific DHCP option value, as specified in [MS-DHCPM] section The option definition can contain option values in various format types. Options can be of type BYTE,  WORD,  DWORD,  DWORD_DWORD,  IP Address, Unicode String,  Binary, or Encapsulated binary format.

provisioning: The process of initially configuring the IPAM data store, which includes configuring the IPAM database, creating IPAM security groups, and configuring IPAM tasks.

reservation: An IP address that is reserved on the DHCP server for assignment to a specific client based on its hardware address. A reservation is used to ensure that a specific DHCP client is always assigned the same IP address.

reverse lookup DNS zone: A zone consisting of pointer (PTR) records that provide a mapping of host IP addresses to their corresponding DNS host names.

schema conversion: The process of changing or upgrading the IPAM data store schema when the version of the IPAM server or the IPAM data store changes.

scope: A range of IP addresses and associated configuration options that are allocated to DHCP clients in a specific subnet.

security account manager (SAM) built-in database: The part of the user account database that contains account information (such as account names and passwords) for accounts and groups that are pre-created at the database installation.

server role: Any of the services that can be provided by a host, including DHCP server, DNS server, Network Policy Server (NPS), and domain controllers.

site: A collection of one or more well-connected (reliable and fast) TCP/IP subnets. By defining sites (represented by site objects) an administrator can optimize both Active Directory access and Active Directory replication with respect to the physical network. When users log in, Active Directory clients find domain controllers (DCs) that are in the same site as the user, or near the same site if there is no DC in the site. See also Knowledge Consistency Checker (KCC). For more information, see [MS-ADTS].

SOAP action: The HTTP request header field used to indicate the intent of the SOAP request, using a URI value. See [SOAP1.1] section 6.1.1 for more information.

SOAP fault: A container for error and status information within a SOAP message. See [SOAP1.2-1/2007] section 5.4 for more information.

SOAP message: An XML document consisting of a mandatory SOAP envelope, an optional SOAP header, and a mandatory SOAP body. See [SOAP1.2-1/2007] section 5 for more information.

subnet ID: An ID generated by the Dynamic Host Configuration Protocol (DHCP) server. The IPv4 subnet ID is generated by the DHCP server by performing the binary AND operation on the subnet IPv4 address and the IPv4 subnet mask. The IPv6 prefix ID is generated by the DHCP server by converting the least significant 64 bits of the IPv6 address to 0.

trigger: A change of state (for example, reaching a specific time of day) that signals when a task is to run. A task runs when any of its triggers and all of its conditions are satisfied.

Uniform Resource Identifier (URI): A string that identifies a resource. The URI is an addressing mechanism defined in Internet Engineering Task Force (IETF) Uniform Resource Identifier (URI): Generic Syntax [RFC3986].

Uniform Resource Locator (URL): A string of characters in a standardized format that identifies a document or resource on the World Wide Web. The format is as specified in [RFC1738].

user class: User defined classes which contain user specific DHCP options. A default user class is implementation dependent.

vendor class: User defined classes that contain vendor-specific DHCP options. A default vendor class is implementation defined.

WSDL port type: A named set of logically-related, abstract Web Services Description Language (WSDL) operations and messages.

zone: A domain namespace is divided up into several sections called zones [RFC1034] and [RFC2181]. A zone represents authority over a portion of the DNS namespace, excluding any subzones that are below delegations.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.