1.1 Glossary

This document uses the following terms:

access scope: A logical entity that determines whether a user would have access to an IPAM object. One or more IPAM objects can be associated with an access scope, but a given IPAM object can be associated with only one access scope. Access scopes follow a hierarchical tree structure.

Active Directory: The Windows implementation of a general-purpose directory service, which uses LDAP as its primary access protocol. Active Directory stores information about a variety of objects in the network such as user accounts, computer accounts, groups, and all related credential information used by Kerberos [MS-KILE]. Active Directory is either deployed as Active Directory Domain Services (AD DS) or Active Directory Lightweight Directory Services (AD LDS), which are both described in [MS-ADOD]: Active Directory Protocols Overview.

Active Directory domain: A domain hosted on Active Directory. For more information, see [MS-ADTS].

Active Directory forest: See forest.

address category: The categorization of an IP address or an address space based on the communication that it enables. An address (or an address space) can be public when it is globally unique and can be used for communication over the Internet. [IANA-IPV4] specifies the address ranges that belong to this category. An address (or an address space) can be private, in which case it is unique within an enterprise or an autonomous network and cannot be used to communicate with the public network. [RFC1918] specifies the address ranges that belong to this category. For IPv6, the equivalent term for the public address category is the global unicast address space as specified by [RFC4291].

address space management: The activities that manage the IP address space of a network. Management activities include, but are not limited to, reserving and allocating addresses and address ranges to various hosts or portions of the network, or network planning based on current address space utilization.

audit log: A record of activities performed by the Dynamic Host Configuration Protocol (DHCP) server. The name of the audit log file is based on the current day of the week. For example, on Monday the name of the audit log file is DhcpSrvLog-Mon.

audit purge: The maintenance activity of purging the audit data such as DHCP configuration change events, IPAM configuration change events, and IP address tracking events.

binary large object (BLOB): A discrete packet of data that is stored in a database and is treated as a sequence of uninterpreted bytes.

built-in custom field: A custom field that is predefined in the IPAM data store.

built-in custom field value: A custom field value that is predefined in the IPAM data store.

built-in logical group: A logical group that is predefined in the IPAM data store.

configuration audit: The system activity of logging configuration changes initiated by users on an entity in a secure data store to create a record of the configuration change.

configuration audit event: A specific event in the configuration change data store containing information about a configuration change.

Coordinated Universal Time (UTC): A high-precision atomic time standard that approximately tracks Universal Time (UT). It is the basis for legal, civil time all over the Earth. Time zones around the world are expressed as positive and negative offsets from UTC. In this role, it is also referred to as Zulu time (Z) and Greenwich Mean Time (GMT). In these specifications, all references to UTC refer to the time at UTC-0 (or GMT).

custom field: An extensible name-value property that can be tagged as additional metadata with IP address ranges, IP addresses, and servers in IPAM.

DHCP configuration audit: The configuration audit generated by the DHCP server to track DHCP configuration change events. Conditions can be specified based on a set of fields that are present in the DHCP client request. The settings are the network configuration parameters (IP address, options, lease duration) that are provided to clients in the DHCP server response.

DHCP filter: A filter that allows a DHCP administrator to enable link layer filtering of clients requesting an IP address.

DHCP lease: The period for which a network address is allocated by the DHCP Server for a client. Once the lease expires, the DHCP client contacts the DHCP server to obtain a new network address.

DHCP policy: A policy that allows a DHCP administrator to assign IP addresses and options in a more granular fashion. Consists of policy conditions and policy settings.

DHCP server failover modes: A DHCP failover relationship can be configured to use either of the following two DHCP Failover modes, load balance or hot standby.

DHCPv4: A Dynamic Host Configuration Protocol (DHCP) client that runs over the Internet Protocol version 4 (IPv4).

DHCPv6: DHCP over IPv6 protocol.

DHCPv6 stateless client inventory: An inventory of stateless clients being serviced by the DHCPv6 server, maintained in the persistent store.

domain: A set of users and computers sharing a common namespace and management infrastructure. At least one computer member of the set must act as a domain controller (DC) and host a member list that identifies all members of the domain, as well as optionally hosting the Active Directory service. The domain controller provides authentication of members, creating a unit of trust for its members. Each domain has an identifier that is shared among its members. For more information, see [MS-AUTHSOD] section and [MS-ADTS].

domain controller (DC): The service, running on a server, that implements Active Directory, or the server hosting this service. The service hosts the data store for objects and interoperates with other DCs to ensure that a local change to an object replicates correctly across all DCs. When Active Directory is operating as Active Directory Domain Services (AD DS), the DC contains full NC replicas of the configuration naming context (config NC), schema naming context (schema NC), and one of the domain NCs in its forest. If the AD DS DC is a global catalog server (GC server), it contains partial NC replicas of the remaining domain NCs in its forest. For more information, see [MS-AUTHSOD] section and [MS-ADTS]. When Active Directory is operating as Active Directory Lightweight Directory Services (AD LDS), several AD LDS DCs can run on one server. When Active Directory is operating as AD DS, only one AD DS DC can run on one server. However, several AD LDS DCs can coexist with one AD DS DC on one server. The AD LDS DC contains full NC replicas of the config NC and the schema NC in its forest. The domain controller is the server side of Authentication Protocol Domain Support [MS-APDS].

Domain Name System (DNS): A hierarchical, distributed database that contains mappings of domain names to various types of data, such as IP addresses. DNS enables the location of computers and services by user-friendly names, and it also enables the discovery of other information stored in the database.

DUID: A DHCP unique identifier that is used to identify DHCPv6 clients and servers, as specified in [RFC3315] section 9.

Dynamic Host Configuration Protocol (DHCP): A protocol that provides a framework for passing configuration information to hosts on a TCP/IP network, as described in [RFC2131].

event: A discrete unit of historical data that an application exposes that may be relevant to other applications. An example of an event would be a particular user logging on to the computer.

event descriptor: A structure indicating the kind of event. For example, a user logging on to the computer could be one kind of event, while a user logging off would be another, and these events could be indicated by using distinct event descriptors.

event log: A collection of records, each of which corresponds to an event.

EventID: An integer indicating the type of event. For example, a user logging on to the computer could be one type of event while a user logging off would be another type; and these events could be indicated by using distinct EventIDs.

exclusion range: The range of IP addresses in a scope that are not given out to DHCP clients.

forward lookup DNS zone: A zone that consists of pointer (PTR) resource records that provide a mapping of DNS host names to their corresponding IP addresses.

fully qualified domain name (FQDN): An unambiguous domain name that gives an absolute location in the Domain Name System's (DNS) hierarchy tree, as defined in [RFC1035] section 3.1 and [RFC2181] section 11.

globally unique identifier (GUID): A term used interchangeably with universally unique identifier (UUID) in Microsoft protocol technical documents (TDs). Interchanging the usage of these terms does not imply or require a specific algorithm or mechanism to generate the value. Specifically, the use of this term does not imply or require that the algorithms described in [RFC4122] or [C706] must be used for generating the GUID. See also universally unique identifier (UUID).

initiating operation: A WSDL operation that is the first operation sent by the client.

Internet Protocol version 4 (IPv4): An Internet protocol that has 32-bit source and destination addresses. IPv4 is the predecessor of IPv6.

Internet Protocol version 6 (IPv6): A revised version of the Internet Protocol (IP) designed to address growth on the Internet. Improvements include a 128-bit IP address size, expanded routing capabilities, and support for authentication and privacy.

IP address audit: The information that provides the various activities pertaining to the usage of an IP address on a device or a host.

IP address block: A container defined using the network number as defined in [RFC1519], and prefix length that can be used to organize the overall IP address space in any network. An IP address block can have other IP address blocks as child blocks to define smaller containers that can be used to organize a smaller portion of the same address space.

IP address block utilization: The utilization information calculated as the aggregate size of the assigned address space and utilized address space belonging to an IP address block.

IP address range: A range of contiguous IP address that is part of an IP address space and is assigned for use in various elements of the network in the form of assigned address space. An IP address range is typically configured as a DHCP scope on a DHCP server or as a static address pool for static address assignment to devices and hosts.

IP address range utilization: The size of the utilized address space of an IP address range.

IP address space: The set of all possible Internet addresses or any contiguous subset of Internet addresses.

IP subnet: A logical subdivision of an IP network.

IPAM Administrators: Users who have the privileges to view all IPAM data and perform all IPAM tasks.

IPAM ASM Administrators: Users who are in the IPAM Users IPAM security group and have the privileges to perform the add and modify address space management operations. Such users are Address Space Management (ASM) Administrators.

IPAM configuration audit: The configuration audit generated for the IPAM-specific configuration changes performed on the IPAM server.

IPAM data store: The database used by the IPAM server to store data relevant for address space management, including information from DHCP and DNS server instances.

IPAM IP Audit Administrators: Users who are in the IPAM Users IPAM security group and have the privileges to view IP address audit information.

IPAM MSM Administrators: Users who are in the IPAM Users IPAM security group and have the privileges to manage DHCP and DNS server instance-specific information. Such users are Multi Server Management (MSM) Administrators.

IPAM security groups: The security principals, as groups of users segregated by role. The IPAM server uses these groups to provide role-based access control over various features of IPAM. The IPAM security groups include IPAM Administrators, IPAM ASM Administrators, IPAM MSM Administrators, IPAM IP Audit Administrators, and IPAM Users.

IPAM server: The machine implementing the IPAM management protocol server.

IPAM Users: Users who have the privileges to view all information in IPAM data store except the IP address audit information.

keepalive message: A protocol message that is sent between a protocol client and a protocol server to help ensure that a connection is considered active by all endpoints. Inactive connections are considered idle and are likely to be closed by either endpoint to conserve resources.

lease record: An entry in the DHCP server database that defines the IP address that is leased out to a client. The record includes details about the IP address bound to the client, and also contains a collection of other configuration parameters.

logical group: A user-defined hierarchical classification of objects such as IP addresses, IP address ranges, and active servers in the IPAM data store. It is a collection of multivalued custom fields that form the various levels of the hierarchy. Each level of the hierarchy contains the possible values of the custom field at that level.

logical group hierarchy: A hierarchy of custom field values generated from a logical group definition. The logical group defines the custom field used to generate a particular level in the hierarchy. The values of the custom field form the nodes at that particular level.

logical group node: A specific node in the logical group hierarchy. The set of custom field values in the logical group hierarchy from the node to the root of the hierarchy form a criteria. The data that have custom fields associated with them, such as addresses, address ranges, and servers, can be queried for a logical group node. The data that contains all of the custom field values that form the hierarchy for the logical group node are considered to meet the criteria for the logical group node.

logical network: A built-in custom field in IPAM that is used to specify the logical (physical) network information.

management server: The server endpoint of the IPAM Management Protocol.

Network Policy Server (NPS): For Windows Server 2008 operating system, NPS replaces the Internet Authentication Service (IAS) in Windows Server 2003 operating system. NPS acts as a health policy server for the following technologies: Internet Protocol security (IPsec) for host-based authentication, IEEE 802.1X authenticated network connections, Virtual private networks (VPNs) for remote access, and Dynamic Host Configuration Protocol (DHCP).

network site: A built-in custom field in IPAM that is used to specify the Network site (an entity of a logical network).

option definition: Defines an option for a vendor class. The definition consists of two parts: an option ID and an option name.

option ID: A unique integer value used to identify a specific option [RFC2132].

option type: The data format type used for the value of a specific DHCP option value, as specified in [MS-DHCPM] section The option definition can contain option values in various format types. Options can be of type BYTE,  WORD,  DWORD,  DWORD_DWORD,  IP Address, Unicode String,  Binary, or Encapsulated binary format.

partner DHCP server: A server which forms the DHCP failover relationship with the primary DHCP server.

provisioning: The process of initially configuring the IPAM data store, which includes configuring the IPAM database, creating IPAM security groups, and configuring IPAM tasks.

reservation: An IP address that is reserved on the DHCP server for assignment to a specific client based on its hardware address. A reservation is used to ensure that a specific DHCP client is always assigned the same IP address.

reverse lookup DNS zone: A zone consisting of pointer (PTR) records that provide a mapping of host IP addresses to their corresponding DNS host names.

role-based access control: The concept of authorizing a user to perform an operation based on the set of user roles and corresponding access scopes that are assigned to that user.

root domain: The unique domain naming contexts (domain NCs) of an Active Directory forest that is the parent of the forest's config NC. The config NC's relative distinguished name (RDN) is "cn=Configuration" relative to the root object of the root domain. The root domain is the domain that is created first in a forest.

schema conversion: The process of changing or upgrading the IPAM data store schema when the version of the IPAM server or the IPAM data store changes.

scope: A range of IP addresses and associated configuration options that are allocated to DHCP clients in a specific subnet.

security account manager (SAM) built-in database: The part of the user account database that contains account information (such as account names and passwords) for accounts and groups that are pre-created at the database installation.

security identifier (SID): An identifier for security principals that is used to identify an account or a group. Conceptually, the SID is composed of an account authority portion (typically a domain) and a smaller integer representing an identity relative to the account authority, termed the relative identifier (RID). The SID format is specified in [MS-DTYP] section 2.4.2; a string representation of SIDs is specified in [MS-DTYP] section 2.4.2 and [MS-AZOD] section

server role: Any of the services that can be provided by a host, including DHCP server, DNS server, Network Policy Server (NPS), and domain controllers.

service: A process or agent that is available on the network, offering resources or services for clients. Examples of services include file servers, web servers, and so on.

site: A collection of one or more well-connected (reliable and fast) TCP/IP subnets. By defining sites (represented by site objects) an administrator can optimize both Active Directory access and Active Directory replication with respect to the physical network. When users log in, Active Directory clients find domain controllers (DCs) that are in the same site as the user, or near the same site if there is no DC in the site. See also Knowledge Consistency Checker (KCC). For more information, see [MS-ADTS].

SOAP action: The HTTP request header field used to indicate the intent of the SOAP request, using a URI value. See [SOAP1.1] section 6.1.1 for more information.

SOAP fault: A container for error and status information within a SOAP message. See [SOAP1.2-1/2007] section 5.4 for more information.

SOAP message: An XML document consisting of a mandatory SOAP envelope, an optional SOAP header, and a mandatory SOAP body. See [SOAP1.2-1/2007] section 5 for more information.

subnet ID: An ID generated by the Dynamic Host Configuration Protocol (DHCP) server. The IPv4 subnet ID is generated by the DHCP server by performing the binary AND operation on the subnet IPv4 address and the IPv4 subnet mask. The IPv6 prefix ID is generated by the DHCP server by converting the least significant 64 bits of the IPv6 address to 0.

task: An object identifying an administrative action (for example, running a program) to be performed on specified triggers and conditions (for example, every day at a specific time). Synonym for job.

tenant: A built-in custom field in IPAM that is used to specify the tenant machine.

trigger: A change of state (for example, reaching a specific time of day) that signals when a task is to run. A task runs when any of its triggers and all of its conditions are satisfied.

Uniform Resource Identifier (URI): A string that identifies a resource. The URI is an addressing mechanism defined in Internet Engineering Task Force (IETF) Uniform Resource Identifier (URI): Generic Syntax [RFC3986].

Uniform Resource Locator (URL): A string of characters in a standardized format that identifies a document or resource on the World Wide Web. The format is as specified in [RFC1738].

user access policy: A policy that defines an operation and the access scope for which the operation is allowed for a specific user. The user is allowed to perform an operation only if the access policy for the user allows it.

user class: User defined classes which contain user specific DHCP options. A default user class is implementation dependent.

user role: A container that is used to group together a set of IPAM operations and can be assigned to a user.

vendor class: User defined classes that contain vendor-specific DHCP options. A default vendor class is implementation defined.

VMNetwork: A built-in custom field in IPAM that is used to specify the virtualized network.

WSDL port type: A named set of logically-related, abstract Web Services Description Language (WSDL) operations and messages.

zone: A domain namespace is divided up into several sections called zones [RFC1034] and [RFC2181]. A zone represents authority over a portion of the DNS namespace, excluding any subzones that are below delegations.

MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as defined in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.