|
K |
||||||||||||
|
Q |
Y |
Z |
A
·
Access Control List (ACL)
· In a network, a database with valid users and the allowed access level for each user.
·
ActiveX
· A group of applications created by Microsoft for its Component Object Model (COM) usage. Microsoft ActiveX controls will execute only if they have been installed in the System32 directory. Only administrators have the ability to install controls for all users.
·
Advanced Interactive eXecutive (AIX)
· A 386, RS/6000, or 390 version (from IBM) which mimics the UNIX system V.
·
Applet mode
· In applet mode, the client is downloaded each time the application is accessed.
·
Application compatibility scripts
·
Other problems can arise when an application that has not been
written with the multi-user environment in mind such as applications that use public
locations for user files. If the application does not use separate instances of
this type of file, when one user updates a file it would affect all other
users.
·
In some cases, the application could prevent multiple users from
running the application simultaneously due to sharing issues with files. If
modifications are needed to make the application run properly, the
modifications can often be done by editing the registry.
· Most of the tasks to ensure that an application will behave properly in a multi-user environment can be automated using installation scripts called application compatibility scripts. Application compatibility scripts should be run while in install mode.
·
Application Launching and Embedding (ALE)
· Application Launching and Embedding is a Web-enabling feature that provides the ability to have an application embedded inside an HyperText Markup Language (HTML) document or launched from the document. When embedded, the published application appears to be written into the Web pages and runs inside of the browser. If a published application is launched from a Web page, it opens up in it’s own window and runs just like a local application.
·
Application Launching and Embedding (ALE) wizard
·
The ALE wizard is run from within the Published Application
Manager. The wizard goes through each required entry to generate an Independent
Computing Architecture (ICA) file for a published application. To use the
wizard, highlight a published application, then choose Application | Write
·
Application mode
· In application mode, the client is downloaded one time and stored on the client machine.
·
Application Service Provider (ASP)
· Application Service Providers are companies that manage applications and provide organizations with application hosting services. It is expected that the ASP market will be a six billion-dollar industry by the year 2001. The application-hosting model offers organizations the option of outsourcing application support and maintenance.
·
Application Set
· The easy way to think of it is that an application set is really just another term for a server farm. Applications that are published in server farms appear as groups in the Program Neighborhood client. When viewed in Program Neighborhood, these groups are referred to as application sets. This term essentially indicates that a set or group of applications comprises all the applications published in a given server farm.
·
Asynchronous Transfer Mode (ATM)
· A transmission protocol that segments user traffic into small, fixed sized cells. Cells are transmitted to their destination where the original traffic is re-assembled. During transmission, cells from different users are intermixed asynchronously to maximize utilization of network resources.
·
Automatic (Auto) Client Update
·
Automatic Client Update ensures that end users have the most
current Independent Computing Architecture (ICA) client by detecting and
upgrading outdated versions automatically from the Winframe server. Automatic
Client Update saves IS/IT professionals a great deal of time that would
ordinarily be spent distributing updated client software. Also, the automatic
client update feature automates the task of updating clients and provides a
central location in which to maintain and configure
·
Automatic Drive Mapping
·
There are a number of ways to map the user to the proper network
resources automatically. The most common method would be to run a login script.
This can come from many different sources, including Windows NT Terminal
Server, NetWare, and a batch file residing in the user's startup directory. If
the user has the proper access rights and sufficient knowledge, he can also map
drives using either the Graphical User Interface (GUI) or a command line
utility. This user could then choose to keep these mappings for the current
section only or to retain them for future sessions.
·
·
B
·
Backup Domain Controller (BDC)
· A backup file or copy of the Primary Domain Controller (PDC). Periodically, the BDC is synchronized with the PDC.
·
Bandwidth management
· The features for managing bandwidth are compressing the data stream, bitmap cache, queuing mouse movements and keystrokes, reducing audio quality, and reducing window colors. Each of these features has specific benefits and potential pitfalls that you need to consider when applying them to a production environment.
·
Base license
· The base license enables a MetaFrame server to provide service to more than one connected user session. Citrix server software comes with a base license providing service for a minimum of 15 connected sessions.
·
Business Recovery
·
Business Recovery provides a fault tolerant method of specifying
backup server groups that will be available in the event that a primary server
crashes or goes offline.
C
·
Caching
· Caching, a feature found in many applications, attempts to reduce repeated transmission of data in order to reduce transmission time and/or conserve bandwidth. When data is cached, it is stored in a directory on a local disk that can be referenced and reused in the future. When caching is enabled, it is important to limit the amount of disk space used for caching to prevent the disk from filling and causing system problems.
·
Cellular Digital Packet Data (CDPD)
· A system using a cellular network via digital wireless means.
·
Client printer mapping
· The most compelling feature is MetaFrame's ability to use the client's local and Local Area Network (LAN-based) printers. No additional printer drivers need to be loaded onto the system. The remote application on Citrix passes the job to a local printer with no additional configuration. This is known as client printer mapping
·
Client Server
· The design and architecture for how the server and the client are connected via Local Area Network (LAN) or a Wide Area Network (WAN).
·
Client Update Configuration
· The Client Update Configuration tool is used to manage this database and the client files stored there.
·
Clipboard mapping
· The first application can be running on the local machine, while the second is server based. The Independent Computing Architecture (ICA) client takes the contents of the local clipboard and pastes them remotely. This is known as client clipboard mapping. This will be enabled by default.
·
Common Desktop Environment (CDE)
· A standard for systems that are considered open. This Graphical User Interface (GUI) interface is based on Motif and designed by The Open Group.
·
Compression
· The process of reducing a file’s size by means of a compression utility. The two types of compressions are lossless compression and lossy compression.
·
Concurrent streams
· The number of video streams being sent at the same time.
·
Connection configuration
·
The Citrix Connection Configuration utility provides access to
existing connections and the ability to add change and delete connections. By
default, one Independent Computer Architecture (ICA) and one Remote Desktop Protocol
(RDP) connection is configured for each protocol installed on the server at the
time MetaFrame is installed.
·
· This connection allows users to access MetaFrame over all Network Interface Cards (NICs) installed on the server. ICA Connections can be configured over Transmission Control Protocol (TCP), Internet Package eXchange (IPX), Sequenced Package eXchange (SPX), Network Basic Input/Output System (Net BIOS), or Asynchronous (Async) modem connection. RDP connections can be configured for TCP only. All Async connections must be configured manually.
·
Connection timeout
·
The Connection timout specifies how long the user is allowed to be
logged on to the server at one time. One minute before the connection timeout
interval expires, the user is notified of the pending disconnection.
·
· The user’s session is disconnected or terminated, depending on the broken or timed-out connection action specified in the User Configuration dialog box. This timer is not cumulative; every time the user logs on, the timer is reset.
·
Console session
·
The term console session generally refers to the person logged on
at the physical server. Because each DirectICA session is treated as a console
session, drive, COM port, and printer port mapping are not supported.
D
·
Data compression
·
Data compression works by using algorithms to shrink the size of a
file. The algorithm searches the file for repeating data patterns, then
replaces them with a symbol. The symbol is smaller than the original data, thus
requiring less bandwidth to transmit.
·
- Datagram
- A datagram is, to quote the Internet's Request for Comments 1594, "a self-contained, independent entity of data carrying sufficient information to be routed from the source to the destination computer without reliance on earlier exchanges between this source and destination computer and the transporting network."
-
- The term has been generally replaced by the term packet. Datagrams or packets are the message units that the Internet Protocol deals with and that the Internet transports. A datagram or packet needs to be self-contained without reliance on earlier exchanges because there is no connection of fixed duration between the two communicating points as there is, for example, in most voice telephone conversations. (This kind of protocol is referred to as connectionless.)
-
·
Diffie-Hellman algorithm
· The Diffie-Hellman algorithm is a cryptographic technique wherein the two parties and their public keys are able to extract the private key to be shared by both parties. This private key is sent to both parties.
·
DirectICA
·
DirectICA, a feature built into MetaFrame, is designed to be used with
applications that are graphics intensive. The Independent Computing
Architecture (ICA) protocol alone is not optimized for use with applications
that require complex and frequently changing graphics to be displayed on
screen.
·
· DirectICA is designed to solve this problem by providing each client with a direct and high-speed connection to the Citrix server. Essentially, using DirectICA, each client is on its own 100Mbps network.
·
Disconnection timeout
· The disconnection timeout specifies the maximum amount of time a disconnected session is retained in the disconnected state before the logon is terminated.
·
Domain controller
· Domain controllers validate logons, participate in replication of logon scripts and policies, and synchronize the user account database. This means that domain controllers have an extra amount of work to perform. Since Terminal Server already requires such heavy resources, it is not a good idea to burden a Terminal Server with the extra work of being a domain controller.
·
Domain Management Scope
·
The domain management scope is the older of the two scopes. It is
included primarily so that MetaFrame 1.8 will be compatible with earlier
versions of Citrix’s products. As such, it is not recommended for use when publishing
new applications. Applications published in domain management scope do not
automatically appear in Program Neighborhood and must still be connected to
manually.
·
· Earlier applications that have been published in domain management scope can be migrated to server farm management scope by right-clicking the icon in Published Application Manager and selecting Migrate.
·
Domain Name System (DNS)
· Because the actual unique Internet Protocol (IP) address of a web server is in the form of a number difficult for humans to work with, text labels separated by dots (domain names) are used instead. DNS is responsible for mapping these domain names to the actual IP numbers in a process called resolution. Sometimes called a Domain Name Server.
·
Dump file
·
The dump file will be as large as the amount of physical Random
Access Memory (RAM) installed on the server. Consider using another drive for
the dump file location unless the system partition is large enough to hold it.
E
·
Embedded applications
·
Like launched applications, embedded applications can be accessed
via the Internet or an intranet. Unlike launched applications, when a hyperlink
that links to an embedded application is clicked, Application Launching and
Embedding (ALE) creates within the browser space a box for the application to
run in.
·
· When the browser screen is scrolled or resized, it affects the application. When the browser is closed, the Citrix session is disconnected.
·
Enhanced Small Device Interface (ESDI)
· An interface for hard disk drives that is capable of transferring data at up to three MegaBytes Per Second (MBPS).
·
Enterprise
·
· Administrators can monitor thousands of users in multiple domains and ensure that applications will be available from any location. Since user sessions are being run at the server, administrators have the capability of interacting with users and the applications that they’re using.
·
Enterprise
· Information systems integrating and serving various divisions or departments within a company. Some applications such as ERP packages are multi-module application software packages that help businesses manage the important parts of its business.
·
Ethernet
· A networking protocol and shared media (or switched) Local Area Network (LAN) access method linking up to 1K nodes in a bus topology.
·
Extended connectivity
·
Extended connectivity means that organizations can extend the
reach of business critical applications to users over any network connection
regardless of bandwidth and without sacrificing performance.
·
·
Connections can be made to a MetaFrame server over all major
network protocols, allowing users to access applications or a Windows NT
desktop.
F
·
Fault tolerance
· High system availability with enough resources to accommodate unexpected failure. Fault tolerance is also the design of a computer to maintain its system’s performance when some internal hardware problems occur. This is done through the use of back-up systems.
·
File Allocation Table (FAT)
· An area on a disk indicating the arrangement of files in the sectors. Because of the multi-user nature of Terminal Server, it is strongly recommended that the NTFS file system be used rather than the FAT file system. FAT does not offer file and directory security, whereas with NTFS you can limit access to subdirectories and files to certain users or groups of users.
·
Firewall
· A utility preventing unauthorized users from entering a restricted database or server via a Local Area Network (LAN) and/or the Internet for security reasons.
·
Frame relay
·
A packet switching communication service that neither detects nor
corrects routing relays. It typically provides for a bandwidth within the range
of 56 Kilobits per second (56 Kbps) to 1.544 Megabits per second (Mbps) rates
emerging.
·
G
·
Graphical User Interface (GUI)
·
An overall and consistent system for the interactive and visual
program that interacts (or interfaces) with the user. GUI can involve pull-down
menus, dialog boxes, on-screen graphics, and a variety of icons.
H
·
Heterogeneous computing environments
· Multiple operating systems and hardware platforms.
·
Hierarchy
· Hierarchy is a term that can be defined as the order in which rules are applied. For example, what would happen if you have set an explicit user desktop setting in your system policy, but the user configuration is different?
·
High encryption
· Traffic in both directions is encrypted using a 128-bit key for the North American version of Terminal Server only. In the export version of Terminal Server, high encryption uses a 40-bit key.
·
HyperText Markup Language (HTML)
· The format used to create documents viewed on the World Wide Web (WWW) by the use of tags (codes) embedded within the text.
·
HyperText Markup Language (HTML) pages
·
HTML pages are the front end of the Internet, providing the
formatting information required to display images within a browser. To access
your application via the Internet, users have to browse to a page with a
hyperlink to your Independent Computing Architecture (ICA) file.
·
· These pages can be created with the help of the Application Launching and Embedding (ALE) wizard in MetaFrame, or they can be created manually.
·
HyperText Markup Language (HTML) wizard
·
The quickest and easiest way to create an HTML page for a
published application is to use the HTML wizard. The wizard, located in the Published Application Manager, can
create HTML code with lots of comments explaining the code, or just the code
itself. The HTML file can be created at the same time as the Independent
Computing Architecture (ICA) file, or it can be created separately.
I
·
Idle timeout
· The Idle timeout specifies how long the session can remain idle (no keyboard or mouse activity) before the user’s session is disconnected or terminated.
·
Independent Computing Architecture (ICA
·
The
·
·
The
·
·
One of the most impressive features of the
·
·
Because the amount of network traffic required for
·
Independent Computing Architecture (ICA
· Also called 16-bit DOS, this is designed for use with clients running DOS 3.3 or higher. It supports DOS Full Screen Mode. It supports connections to Citrix servers using the Transmission Control Protocol/Internet Protocol (TCP/IP), Network Basic Input/Output System (NetBIOS), Internet Packet eXchange (IPX), and Sequenced Packet eXchange (SPX) protocols. It can also connect using asynchronous dial-in connections.
·
Independent Computing Architecture (ICA
·
Also called 32-bit DOS, this is designed for use with clients
running DOS 4.0 or higher. It supports DOS Full Screen Mode as well as connections
to Citrix servers using the Transmission Control Protocol/Internet Protocol
(TCP/IP).
·
· Network Basic Input/Output System (NetBIOS), Internet Packet eXchange (IPX), and Sequenced Packet eXchange (SPX) protocols. Remote users are also supported via asynchronous dial-in connections. Although you can use the ICA Client for 16-bit DOS with DOS version 4.0 and later, it is recommend that you use the 32-bit client for these versions of the operating system.
·
Independent Computing Architecture (ICA
· The ICA Client for Java is designed to work on clients that have a Java Virtual Machine (JVM) installed. Most of today’s major operating systems, including Windows, can have a JVM installed. JVMs are often installed when a Web browser such as Microsoft Internet Explorer is added to the system. The ICA Client for Java currently supports only TCP connections to Citrix servers.
·
Independent Computing Architecture (ICA
· The ICA Client for Macintosh is designed to work with Mac OS version 7.5.3 or later. In actuality, versions as old as 7.1 are supported but require the installation of the Thread Manager System (TMS). TMS can be downloaded free of charge from Apple Computer’s Web site, http://www.apple.com. The ICA Client for Macintosh supports only TCP connections for establishing sessions with Citrix servers.
·
Independent Computing Architecture (ICA
· The ICA Client for UNIX works with most of the major types of UNIX and UNIX-like operating systems on the market today. Only TCP client connections are supported. This is not the limitation it might appear to be; UNIX operating environments typically use only the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol.
·
Independent Computing Architecture (ICA
·
The ICA Client for Web Browsers takes two forms: clients that
support Netscape Navigator and clients that support Microsoft Internet
Explorer. The Navigator ICA Client for Web Browsers uses Netscape plug-in
technology as the client.
·
·
In order to connect to a Citrix server over the Web using
Navigator, you must first manually download and install the plug-in. By
contrast, the Internet Explorer ICA Client for Web Browsers uses an ActiveX
control.
·
· When you first connect to a Web page that contains content from a Citrix server, an automatic installation process begins, downloading the client and installing it on your system. You can allow or not allow the installation. If you choose to allow it, after a few moments the installation process completes and the content you requested is displayed for you.
·
Independent Computing Architecture (ICA
·
Also known as the Citrix 16-bit Windows, this client is designed
to provide support for Windows 3.1 or later workstations that are running in
Enhanced mode. This includes the popular networked version of this operating
system, Windows for Workgroups (Windows 3.11). The client supports connections
to Citrix servers using the Transmission Control Protocol/Internet Protocol
(TCP/IP).
·
· Network Basic Input/Output System (NetBIOS), Internet Packet eXchange (IPX), and Sequenced Packet eXchange (SPX) protocols. Asynchronous connection support is also available for dial-in connections.
·
Independent Computing Architecture (ICA
·
This is by far the most fully featured client available for Citrix
server access, and for good reason. This is the client that is designed to
support most client operating systems in use today, including Windows 95,
Windows 98, Windows NT, and Windows 2000. Like the 16-bit client for Windows,
it supports connections using the Transmission Control Protocol/Internet
Protocol (TCP/IP).
·
· Network Basic Input/Output System (NetBIOS), Internet Package eXchange (IPX), and Sequenced Package eXchange (SPX) protocols. It also supports asynchronous connections for dial-in users. Most important, this client fully supports Program Neighborhood and all the additional functionality it provides users. This client is updated regularly; you should always check the Citrix Web site to make sure you are using the latest version.
·
Independent Computing Architecture (ICA
·
The
·
·
The file is stored as plain text, making it easy to edit or
create—even without using the ALE wizard.
·
Independent Computing Architecture (ICA
·
·
·
The local server contacts the remote server and establishes a
connection during the gateway configuration. Once the gateway is established clients
can access servers and applications on both networks. License gateways are a
special type of
·
Installation Management Service (IMS)
· The Installation Management Service application (a Citrix add-on) allows administrators to install applications quickly on multiple MetaFrame and Winframe servers. Also, IMS is designed to install applications in an identical manner from a central location onto multiple load-balanced Citrix servers.
·
Integrated Services Digital Network (ISDN)
·
Integrated Services indicates the provider offers voice and data
services over the same medium. Digital Network is a reminder that ISDN was born
out of the digital nature of the intercarrier and intracarrier networks.
·
· ISDN runs across the same copper wiring that carries regular telephone service. Before attenuation and noise cause the signal to be unintelligible, an ISDN circuit can run a maximum of 18,000 feet. A repeater doubles this distance to 36,000 feet.
·
Internet Package eXchange (IPX)
·
Novell NetWare’s built-in networking protocol for Local Area
Network (LAN) communication and derived from the Xerox Network System (XNS)
protocol. IPX moves data between a server and/or workstation programs from
different network nodes.
·
J
·
·
Java
· An Internet and intranet application programming language.
·
Java Development Kit (JDK)
· A software development package from Sun Microsystems with the tools to write testing and debugging Java applications and applets.
·
Java Virtual Machine (JVM)
·
An interpreter able to convert byte code language into machine
code. After the conversion, the JVM executes the code.
L
·
Launched applications
·
Launched applications are excellent for running applications remotely
and interacting with applications installed locally on the client machine. The
ability to launch multiple applications in windows separate from multiple
hyperlinks makes launching the best choice if you must run multiple remote
applications simultaneously over the Internet.
·
· The primary drawback of launched applications is their requirement that the Win32 client be installed on the client machine in order to run. This limits the client platforms that will support published applications configured to be launched over the Web.
·
Legacy systems
· Older systems that need to be upgraded or replaced to run current applications.
·
License activation
·
Once a license has been installed, it must be activated by
entering a special 8-character Citrix activation code. The activation code
validates and enables a Citrix license to last beyond its normal grace period.
·
· If the license is not properly activated, it may expire at the end of its grace period, typically 35 days. Until a license is activated, it is not completely installed. Once an activation code has been obtained from Citrix, it may be used to activate a license through the Citrix Licensing utility.
·
License pooling
·
By default, all Citrix licenses are pooled, and are thus shared by
all Citrix servers within a network. This allows servers to use more licenses
than are installed on the server itself, but never more licenses than are
installed for the network.
·
·
In this scenario a single Citrix server could use all client
licenses on the network, forcing other servers to be idle because there are no
available licenses. The license pooling utility allows the administrator to
remove licenses from the pool on each server.
·
· This reserves the licenses for the installed server only. If a server goes down for any reason the pooled licenses for that server are unavailable until the server is back online.
·
Load balancing
· The fine-tuning process of a system (computer, network, etc.) to allow the data to be distributed more efficiently and evenly. Load balancing is an add-on feature of MetaFrame that must be purchased separately from the base product. Load balancing allows the administrator to group servers in a server farm which can act as a single point of access for clients accessing published applications.
·
Load Balancing Administration
· Load Balancing Administration allows administrators to specify the workload that a particular server will carry and customize that workload based upon the resources of the machine.
·
Local Area Network (LAN)
· A system using high-speed connections over high-performance cables to communicator among computers within a few miles of each other, allowing users to share peripherals and a massive secondary storage unit, the file server.
·
Local user profile
· A user-configurable profile that the user can change.
·
Logical disk
· The logical disk refers to the logical disk partitions on your machine. You might this of these as your C drive or D drive. You can have several partitions on one physical drive or one partition spanning several physical drives.
·
Low encryption
·
Traffic from the client to the server is encrypted using a 40-bit
key, whereas traffic from the server to the client is unencrypted. Low
encryption protects sensitive data like password entry and application data;
the only data sent from the server to the client are screen refreshes, which
are difficult to intercept even when unencrypted.
·
M
·
Management Scope
· The term management scope refers to the method you use to publish applications. There are two scopes, domain management scope and server farm management scope. It should be noted that the management scope is specified when an administrator creates a published application using Published Application Manager, not from the Citrix client.
·
Mandatory user profile
·
A preconfigured profile that the user cannot change. There are
three things the system administrator must do to change a normal profile to a
mandatory profile. The NTuser.dat file within the user’s profile directory must
be renamed to NTuser.man. A brief note on renaming files in Windows – by
default, the extensions for known types of files are hidden.
·
·
The .man extension is
considered to be a known file type. When you make this change, the extension
may appear to vanish. If you wish, you can confirm that the filename is correct
by viewing it from a DOS prompt.
·
· The next thing that must be done is to rename the profile directory itself, from %username% to %username%.man. Finally, the proper entry must be placed in the User Environment Profile screen of User Manager.
·
Master browser
· Once elected, the Master Browser maintains a comprehensive list of all Independent Computing Architecture (ICA) servers, published applications, and load balanced server load information. One server on each network is elected the master browser for each protocol on each network. If a master browser goes down a browser election is held and a new master browser elected.
·
Medium encryption
· Traffic in both directions is encrypted using a 40-bit key.
·
Memory load
· This is the ratio of total physical memory to available memory.
·
Memory object
· The memory object refers to both the physical memory stored in the server and the paging file. A lot of the counters for these objects consider these values totaled together when doing their analysis.
·
MetaFrame
·
MetaFrame technology gives organizations the ability to deliver
“mission critical” applications to almost any client device over any network
protocol. MetaFrame also provides organizations with a viable solution for
extending the capabilities of legacy systems, and resolves a multitude of
issues that can be caused by heterogeneous computing environments.
·
· Based on Windows Terminal Server, MetaFrame offers the additional functionality that organizations need to efficiently access and manage applications. MetaFrame application server software expands on the concept of Winframe by adding functionality to Microsoft NT 4.0 Terminal Server. MetaFrame makes an entire enterprise manageable from one single point.
·
Multi-User system
· In 1990, Citrix debuted an OS/2 based product called Multi-User, which began shipping in 1991, a multi-user version of the robust OS/2 operation system.
·
MultiWin
·
MultiWin is a Citrix-developed technology that transforms the
Windows NT operating system into a multi-user system. This gives multiple users
the ability to execute applications on the same machine at the same time.
·
·
Each user on the system runs an individual session on the
application server, sometimes these sessions and the clients that they run from
are referred to as Winstations. Although Citrix developed MultiWin, Microsoft
bought into the technology and incorporated it into the NT 4.0 operating
system.
N
·
NetBIOS Extended
User Interface (NetBEUI)
· The transport layer for the DOS networking protocol called Network Basic Input/Output System (NetBIOS).
·
Network Basic Input/Output System (NetBIOS)
· A program in Microsoft’s operating systems that links personal computers to Local Area Network (LAN).
·
Network File System (NFS)
· A file access utility developed by Sun Microsystems, which released it to the public as an open standard, allowing users on UNIX and Microsoft Windows NT networks to access files and directories on other computers as if it were on their own workstations.
·
Network Interface Card (NIC)
· A board with encoding and decoding circuitry and a receptacle for a network cable connection that, bypassing the serial ports and operating through the internal bus, allows computers to be connected at higher speeds to media for communications between stations.
·
Network protocol
·
This specifies the protocol that will be used to connect to the
Citrix server. Choices include standard protocols such as Transmission Control
Protocol/Internet Protocol (TCP/IP), Internet Packet eXchange (IPX), Sequenced
Packet eXchange (SPX), and Network Basic Input/Output System (NetBIOS).
·
· The protocol selected is used to populate the Server and Published Application boxes of this window in the wizard. Only servers and published applications that support the protocol selected will be available for selection.
·
Network service providers
·
Network service providers provide network connectivity that is
needed for Application Service Providers (ASPs) to offer application-hosting
opportunities.
O
·
On-demand video
· Streamed multimedia can be pushed directly to the desktop as soon as it is available. It can be removed from the desktop just as easily. Videos are streamed to the client on demand from a central server; therefore, there is no need for large client hard drivers or version maintenance.
·
Open DataBase Connectivity (ODBC)
· A database programming interface that allows applications a way to access network databases.
·
Open DataBase Connectivity (ODBC) connection
· The ODBC connection is what will allow Resource Management Services (RMS) to connect to a database and input information. The ODBC connection can be configured after the first reboot after the RMS installation. When the Resource Management Services service is started, it will look for an ODBC connection. If there is none configured, you will be prompted to configure one.
·
Original Equipment Manufacturer (OEM)
·
The company that manufactures a given piece of hardware, unlike a
Value-Added Reseller (VAR) that changes, reconfigures, or repackages hardware
for sale; for example, Sony is the OEM for monitor tubes that are sold under
many names including Apple Macintosh.
P
·
Packager
·
The packager runs on its own PC. The packager has an easy-to-use
Wizard that helps the administrator with the packaging process. The process
involves the installation and configuration of the application. The end result
is a “package” which contains all the applications files and a “script” that
contains the instructions for the application setup process.
·
Pagefile Usage
·
This is the ratio of current pagefile size to the allow minimum
space in the pagefile.
·
Partition
·
A section of storage on a hard disk, usually set aside before the
disk is formatted. Every hard disk has at least one partition, for instance,
though some versions require more.
·
Passwords
·
As with any network, good password policies are important in
securing a Terminal Server. By implementing a policy to require strong
passwords, you can make it more difficult for intruders to bypass your security
precautions.
·
Enforcing passwords over five characters in length and using a
maximum password age so users must occasionally change their passwords are
examples of good password policies.
· Having said that, remember that making people use excessively long passwords or having them change passwords too frequently can cause problems such as users forgetting passwords and having to call the helpdesk to reset the password. So, find a happy medium between security and reality.
- Parse
To parse is to analyze something in an orderly way. In linguistics, to parse is to divide words and phrases into different parts in order to understand relationships and meaning. For example, English students are sometimes asked to parse a sentence by dividing it into subject and predicate, and then into dependent phrases, modifiers, and so forth.-
- In general, to parse someone's writing or speech simply means to interpret it.
-
- In computers, to parse is to divide a computer language statement into parts that can be made useful for the computer. A parser in a program compiler is a program that takes each program statement that a developer has written and divides it into parts (for example, the main command, options, target objects, their attributes, and so forth) that can then be used for developing further actions or for creating the instructions that form an executable program.
-
- Packet
-
- A packet is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. When any file (e-mail message, HTML file, Graphics Interchange Format file, Uniform Resource Locator request, and so forth) is sent from one place to another on the Internet, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into "chunks" of an efficient size for routing.
- Each of these packets is separately numbered and includes the Internet address of the destination. The individual packets for a given file may travel different routes through the Internet. When they have all arrived, they are reassembled into the original file (by the TCP layer at the receiving end).
-
- Packet-switching
-
- A packet-switching scheme is an efficient way to handle transmissions on a connectionless network such as the Internet. An alternative scheme, circuit-switched, is used for networks allocated for voice connections. In circuit-switching, lines in the network are shared among many users as with packet-switching, but each connection requires the dedication of a particular path for the duration of the connection.
-
- "Packet" and "datagram" are similar in meaning. A protocol similar to TCP, the User Datagram Protocol(UDP) uses the term datagram.
-
- PABX
-
- A private automatic branch exchange (PABX) is an automatic telephone switching system within a private enterprise. Originally, such systems - called private branch exchanges (PBX) - required the use of a live operator. Since almost all private branch exchanges today are automatic, the abbreviation "PBX" usually implies a "PABX."
-
- Some manufacturers of PABX (PBX) systems distinguish their products from others by creating new kinds of private branch exchanges. Rolm offers a Computerized Branch Exchange (CABX) and Usha Informatics offers an Electronic Private Automatic Branch Exchange (EPABX).
-
- Packet-switched
-
- Packet-switched describes the type of network in which relatively small units of data called packets are routed through a network based on the destination address contained within each packet. Breaking communication down into packets allows the same data path to be shared among many users in the network.
- This type of communication between sender and receiver is known as connectionless (rather than dedicated). Most traffic over the Internet uses packet switching and the Internet is basically a connectionless network.
-
- Contrasted with packet-switched is circuit-switched, a type of network such as the regular voice telephone network in which the communication circuit (path) for the call is set up and dedicated to the participants in that call. For the duration of the connection, all resources on that circuit are unavailable for other users.
- Voice calls using the Internet's packet-switched system are possible. Each end of the conversation is broken down into packets that are reassembled at the other end.
-
- Another type of digital network that uses packet-switching is the X.25 network, a widely-installed commercial wide area network protocol. Internet protocol packets can be carried on an X.25 network. The X.25 network can also support a virtual circuit in which a logical connection is established for two parties on a dedicated basis for some duration.
- A permanent virtual circuit (PVC) reserves the path on an ongoing basis and is an alternative for corporations to a system of leased lines. A permanent virtual circuit is a dedicated logical connection but the actual physical resources can be shared among multiple logical connections or users.
-
- Passive optical network
-
- A passive optical network (PON) is a system that brings optical fiber cabling and signals all or most of the way to the end user. Depending on where the PON terminates, the system can be described as fiber-to-the-curb (FTTC), fiber-to-the-building (FTTB), or fiber-to-the-home (FTTH).
- A PON consists of an Optical Line Termination (OLT) at the communication company's office and a number of Optical Network Units (ONUs) near end users.
- Typically, up to 32 ONUs can be connected to an OLT. The passive simply describes the fact that optical transmission has no power requirements or active electronic parts once the signal is going through the network.
-
- In a stand-alone system, a PON could deliver up to 622 Mbps downstream to the user and up to 155 Mbps upstream. Multiple users of a PON could be allocated portions of this bandwidth. A PON could also serve as a trunk between a larger system, such as a CATV system, and a neighborhood, building, or home Ethernet network on coaxial cable.
-
- In
-
- Parity
-
- In computers, parity (from the Latin paritas: equal or equivalent) refers to a technique of checking whether data has been lost or written over when it's moved from one place in storage to another or when transmitted between computers.
-
- Here's how it works: An additional binary digit, the parity bit, is added to a group of bits that are moved together. This bit is used only for the purpose of identifying whether the bits being moved arrived successfully. Before the bits are sent, they are counted and if the total number of data bits is even, the parity bit is set to one so that the total number of bits transmitted will form an odd number. I
- f the total number of data bits is already an odd number, the parity bit remains or is set to 0. At the receiving end, each group of incoming bits is checked to see if the group totals to an odd number. If the total is even, a transmission error has occurred and either the transmission is retried or the system halts and an error message is sent to the user.
-
- The description above describes how parity checking works within a computer. Specifically, the Peripheral Component Interconnect bus and the I/O bus controller use the odd parity method of error checking. Parity bit checking is not an infallible error-checking method since it's possible that two bits could be in error in a transmission, offsetting each other. For transmissions within a personal computer, this possibility is considered extremely remote.
- In some large computer systems where data integrity is seen as extremely important, three bits are allocated for parity checking.
-
- Parity checking is also used in communication between modems. Here, parity checking can be selected to be even (a successful transmission will form an even number) or odd. Users may also select no parity , meaning that the modems will not transmit or check a parity bit.
- When no parity is selected (or defaulted), it's assumed that there are other forms of checking that will detect any errors in transmission. No parity also usually means that the parity bit can be used for data, speeding up transmission. In modem-to-modem communication, the type of parity is coordinated by the sending and receiving modems before the transmission takes place.
-
- Passive FTP
-
- Passive FTP (sometimes referred to as PASV FTP because it involves the FTP PASV command) is a more secure form of data transfer in which the flow of data is set up and initiated by the File Transfer Program FTP client rather than by the FTP server program. Separate FTP client programs, such as WS_FTP Pro, usually allow the user to select passive FTP. Most Web browsers (which act as FTP clients) use passive FTP by default because corporations prefer it as a safety measure.
- As a general rule, any corporate firewall server, which exists in order to protect an internal network from the outside world, recognizes input from the outside only in response to user requests that were sent out requesting the input. The use of passive FTP ensures all data flow initiation comes from inside the network rather than from the outside.
-
·
How It Works
- Using normal or passive FTP, a client begins a session by sending a request to communicate through tcp port 21, the port that is conventionally assigned for this use at the FTP server. This communication is known as the Control Channel connection.
-
- Using "normal" FTP communication, the client requestor also includes in the same PORT command packet on the Control Channel a second port number that is to be used when data is to be exchanged; the port-to-port exchange for data is known as the Data Channel. The FTP server then initiates the exchange from its own port 20 to whatever port was designated by the client.
- However, because the server-initiated communication is no longer controlled by the client and can't be correlated by a firewall to the initial request, the potential exists for uninvited data to arrive from anywhere posing as a normal FTP transfer.
-
- Using passive FTP, a PASV command is sent instead of a PORT command. Instead of specifying a port that the server can send to, the PASV command asks the server to specify a port it wishes to use for the Data Channel connection.
- The server replies on the Control Channel with the port number which the client then uses to initiate an exchange on the Data Channel. The server will thus always be responding to client-initiated requests on the Data Channel and the firewall can coorelate these.
-
- PCI
-
- PCI (Peripheral Component Interconnect) is an interconnection system between a microprocessor and attached devices in which expansion slots are spaced closely for high speed operation. Using PCI, a computer can support both new PCI cards while continuing to support Industry Standard Architecture (ISA) expansion cards, an older standard.
- Designed by Intel, the original PCI was similar to the VESA Local Bus. However, PCI 2.0 is no longer a local bus and is designed to be independent of microprocessor design. PCI is designed to be synchronized with the clock speed of the microprocessor.
-
- PCI is now installed on most new desktop computers, not only those based on Intel's Pentium processor but also those based on the PowerPC. PCI transmits 32 bits at a time in a 124-pin connection (the extra pins are for power supply and grounding) and 64 bits in a 188-pin connection in an expanded implementation.
- PCI uses all active paths to transmit both address and data signals, sending the address on one clock cycle and data on the next. Burst data can be sent starting with an address on the first cycle and a sequence of data transmissions on a certain number of successive cycles.
-
- The PCI specifications define two different card lengths. The full-size PCI form factor is 312 millimeters long; short PCIs range from 119 to 167 millimeters in length to fit into smaller slots where space is an issue.
- Like the full-size PCI, the short PCI is a high-performance I/O bus that can be configured dynamically for use in devices with high bandwidth requirements. Most current PCI cards are half-sized or smaller. There are a number of variations of PCI, including CompactPCI, Mini PCI, Low-Profile PCI, concurrent PCI, and PCI-X.
-
- PHP
-
- In Web programming, PHP is a script language and interpreter that is freely available and used primarily on Linux Web servers. PHP, originally derived from Personal Home Page Tools, now stands for PHP: Hypertext Preprocessor, which the PHP FAQ describes as a "recursive acronym."
-
- PHP is an alternative to Microsoft's Active Server Page (ASP) technology. As with ASP, the PHP script is embedded within a Web page along with its HTML. Before the page is sent to a user that has requested it, the Web server calls PHP to interpret and perform the operations called for in the PHP script.
-
- An HTML page that includes a PHP script is typically given a file name suffix of ".php" ".php3," or ".phtml". Like ASP, PHP can be thought of as "dynamic HTML pages," since content will vary based on the results of interpreting the script.
-
-
- On the Internet, ping of death is a denial of service (DoS) attack caused by an attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the IP protocol.
- One of the features of TCP/IP is fragmentation; it allows a single IP packet to be broken down into smaller segments. In 1996, attackers began to take advantage of that feature when they found that a packet broken down into fragments could add up to more than the allowed 65,536 bytes.
- Many operating systems didn't know what to do when they received an oversized packet, so they froze, crashed, or rebooted.
-
- By the end of 1997, operating system vendors had made patches available to avoid the ping of death.
- Still, many Web sites continue to block Internet Control Message Protocol (ICMP) ping messages at their firewalls to prevent any future variations of this kind of denial of service attack.
-
- Ping of death is also known as "long ICMP". Variations of the attack include jolt, sPING, ICMP bug, and IceNewk.
-
- ping storm
A ping storm is a condition in which the Internet ping program is used to send a flood of packets to a server to test its ability to handle a high amount of traffic or, maliciously, to make the server inoperable.- Although the ping support in Windows operating systems does not allow someone to mount a ping storm, the ping command in at least some UNIX-based systems offers two options: "ping -f" which specifies to output ping packets back as fast as they are returned, and "ping -s[packetsize]", which causes the size of the outgoing packet to be padded by some specified size in order to increase the load on the receiving server.
-
- ping strangeness
- Pings are used to determine the presence of particular Internet Protocol (IP) addresses on host computers in a network and the time it takes for the ping packet to return.
- Besides being a useful diagnostic tool, pings are sometimes used by router program ICMP requests so that network router tables can be kept up-to-date.
-
- The issuance of a ping request by a user or a program results in an Internet Control Message Protocol (ICMP) echo request. If the remote IP address is active, it responds with an ICMP echo reply.
- Ping can be used as an alternative to the traceroute utility to trace the hop or path that the ping echo takes through the network. Ping is faster, however, and generates less network traffic than traceroute.
-
- Using a network monitor like LANalyzer for Windows, a network administrator can follow a packet exchange. If, for example, the monitor shows a consistent pattern of unexplained pings occurring in the same time period as the packet exchange, this "strange" pattern may be worth investigating.
- A consistent and continual pattern would suggest that the pings were not the result of someone trying to attack the network (since the attack would be made too obvious) but rather that the hosts originating the pings had been programmed to issue them for some reason. For example, Synoptic hub sometimes seek a network management station, an optional facility that Synoptic offers.
- The hubs will look for the
management station using ICMP pings at frequent time intervals. If the
management station doesn't exist, the pings will continue, causing
unnecessary traffic. In this example, one solution would be to disable the
Internet Protocol on each hub.
- ping sweep
A ping sweep (also known as an ICMP sweep) is a
basic network scanning technique used to determine which of a range of IP
addresses map to live hosts (computers). Whereas a single ping will tell
you whether one specified host computer exists on the network, a ping
sweep consists of ICMP (Internet Control Message Protocol) ECHO requests
sent to multiple hosts. - If a given address is live, it
will return an ICMP ECHO reply.
-
- There are a number of tools that can be used to do a ping sweep, such as fping, gping, and nmap for UNIX systems, and the Pinger software from Rhino9 and Ping Sweep from SolarWinds for Windows systems. Both Pinger and Ping Sweep send multiple packets at the same time and allow the user to resolve host names and save output to a file.
-
- To disable ping sweeps on a network, administrators can block ICMP ECHO requests from outside sources. However, ICMP TIMESTAMP and Address Mask Requests can be used in a similar manner.
-
- Port
-
- [1) On computer and telecommunication devices, a port (noun) is generally a specific place for being physically connected to some other device, usually with a socket and plug of some kind. Typically, a personal computer is provided with one or more serial ports and usually one parallel port.
- The serial port supports sequential, one bit-at-a-time transmission to peripheral devices such as scanners and the parallel port supports multiple-bit-at-a-time transmission to devices such as printers.
-
- 2) In programming, a port (noun) is a "logical connection place" and specifically, using the In ternet's protocol, TCP/IP, the way a client program specifies a particular server program on a computer in a network.
- Higher-level applications that use TCP/IP such as the Web protocol, Hypertext Transfer Protocol, have ports with preassigned numbers. These are known as "well-known ports" that have been assigned by the Internet Assigned Numbers Authority (IANA).
- Other application processes are given port numbers dynamically for each connection. When a service (server program) initially is started, it is said to bind to its designated port number. As any client program wants to use that server, it also must request to bind to the designated port number.
-
- Port numbers are from 0 to 65536. Ports 0 to 1024 are reserved for use by certain privileged services. For the HTTP service, port 80 is defined as a default and it does not have to be specified in the Uniform Resource Locator (URL).
-
- 3) In programming, to port (verb) is to move an application program from an operating system environment in which it was developed to another operating system environment so it can be run there. Porting implies some work, but not nearly as much as redeveloping the program in the new environment.
- open standard programming interface (such as those specified in X/Open's 1170 C language specification and Sun Microsystem's Java programming language) minimize or eliminate the work required to port a program. Also see portability.
-
- PoE
-
- Power over Ethernet (PoE) is a technology for wired Ethernet LANs (local area networks) that allows the electrical current, necessary for the operation of each device, to be carried by the data cables rather than by power cords.
- This minimizes the number of wires that must be strung in order to install the network. The result is lower cost, less downtime, easier maintenance, and greater installation flexibility than with traditional wiring.
-
- For PoE to work, the electrical current must go into the data cable at the power-supply end, and come out at the device end, in such a way that the current is kept separate from the data signal so neither interferes with the other.
- The current enters the cable by means of a component called an injector. If the device at the other end of the cable is PoE compatible, then that device will function properly without modification. If the device is not PoE compatible, then a component called a picker or tap must be installed to remove the current from the cable. This 'picked-off' current is routed to the power jack.
-
- To minimize the possibility of damage to equipment in the event of a malfunction, the more sophisticated PoE systems employ fault protection. This feature shuts off the power supply if excessive current or a short circuit is detected.
-
- Port Number
-
- A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server. For the Transmission Control Protocol and the User Datagram Protocol, a port number is a 16-bit integer that is put in the header appended to a message unit.
- This port number is passed logically between client and server transport layers and physically between the transport layer and the Internet Protocol layer and forwarded on.
-
- For example, a request from a client (perhaps on behalf of you at your PC) to a server on the Internet may request a file be served from that host's File Transfer Protocol (FTP) server or process.
- In order to pass your request to the FTP process in the remote server, the Transmission Control Protocol (TCP) software layer in your computer identifies the port number of 21 (which by convention is associated with an FTP request) in the 16-bit port number integer that is appended to your request.
- At the server, the TCP layer will read the port number of 21 and forward your request to the FTP program at the server.
-
- Some services or processes have conventionally assigned permanent port numbers. These are known as well-known port numbers. In other cases, a port number is assigned temporarily (for the duration of the request and its completion) from a range of assigned port numbers. This is called an ephemeral port number.
-
- Port mirroring
-
- Port mirroring, also known as a roving analysis port, is a method of monitoring network traffic that forwards a copy of each incoming and outgoing packet from one port of a network switch to another port where the packet can be studied.
- A network administrator uses port mirroring as a diagnostic tool or debugging feature, especially when fending off an attack. It enables the administrator to keep close track of switch performance and alter it if necessary. Port mirroring can be managed locally or remotely.
-
- An administrator configures port mirroring by assigning a port from which to copy all packets and another port where those packets will be sent. A packet bound for or heading away from the first port will be forwarded onto the second port as well.
- The administrator places a protocol analyzer on the port receiving the mirrored data to monitor each segment separately. The analyzer captures and evaluates the data without affecting the client on the original port.
-
- The monitor port may be a port on the same SwitchModule with an attached RMON probe, a port on a different SwitchModule in the same hub or the SwitchModule processor.
-
- Port mirroring can consume significant CPU resources while active. Better choices for long-term monitoring may include a passive tap like an optical probe or an Ethernet repeater.
-
- Port Scan
-
- A port scan is a series of messages sent by someone attempting to break into a computer to learn which computer network services, each associated with a "well-known" port number, the computer provides. Port scanning, a favorite approach of computer cracker, gives the assailant an idea where to probe for weaknesses.
- Essentially, a port scan consists of sending a message to each port, one at a time. The kind of response received indicates whether the port is used and can therefore be probed for weakness. Types of port scans include:
- vanilla - An attempt to connect to all ports (there are 65,536)
-
- Strobe - An attempt to connect to only selected ports
(typically, under 20)
-
- Stealth scan - Several techniques for scanning that attempt
to prevent the request for connection being logged
-
- FTP Bounce Scan - Attempts that are directed through an File Transfer
Protocol server to disguise the cracker's location
-
- Fragmented Packets - Scans by sending packet fragments that can get through simple packet filters in a firewall
-
- UDP - Scans for open User Datagram Protocol ports
-
- Sweep - Scans the same port on a number of computers
-
- PPPoE
-
- PPPoE (Point-to-Point Protocol over Ethernet) is a specification for connecting multiple computer users on an Ethernet local area network to a remote site through common customer premises equipment, which is the telephone company's term for a modem and similar devices.
- PPPoE can be used to have an office or building-full of users share a common Digital Subscriber Line (DSL), cable modem, or wireless connection to the Internet. PPPoE combines the Point-to-Point Protocol (PPP), commonly used in dialup connections, with the Ethernet protocol, which supports multiple users in a local area network. The PPP protocol information is encapsulated within an Ethernet frame.
-
- PPPoE has the advantage that neither the telephone company nor the Internet service provider (ISP) needs to provide any special support. Unlike dialup connections, DSL and cable modem connections are "always on." Since a number of different users are sharing the same physical connection to the remote service provider, a way is needed to keep track of which user traffic should go to and which user should be billed.
- PPPoE provides for each user-remote site session to learn each other's network addresses (during an initial exchange called "discovery"). Once a session is established between an individual user and the remote site (for example, an Internet service provider), the session can be monitored for billing purposes.
- Many apartment houses, hotels, and corporations are now providing shared Internet access over DSL lines using Ethernet and PPPoE.
-
- proxy server
In an enterprise that uses the Internet, a proxy
server is a server that acts as an intermediary between a workstation user
and the Internet so that the enterprise can ensure security,
administrative control, and caching service. A proxy server is associated
with or part of a gateway server that separates the enterprise network
from the outside network and a firewall server that protects the
enterprise network from outside intrusion. -
- A proxy server receives a request for an Internet service (such as a Web page request) from a user. If it passes filtering requirements, the proxy server, assuming it is also a cache server, looks in its local cache of previously downloaded Web pages. If it finds the page, it returns it to the user without needing to forward the request to the Internet.
- If the page is not in the cache, the proxy server, acting as a client on behalf of the user, uses one of its own IP addresses to request the page from the server out on the Internet. When the page is returned, the proxy server relates it to the original request and forwards it on to the user.
-
- To the user, the proxy server is invisible; all Internet requests and returned responses appear to be directly with the addressed Internet server. (The proxy is not quite invisible; its IP address has to be specified as a configuration option to the browser or other protocol program.)
-
- An advantage of a proxy server is that its cache can serve all users. If one or more Internet sites are frequently requested, these are likely to be in the proxy's cache, which will improve user response time. In fact, there are special servers called cache servers. A proxy can also do logging.
-
- The functions of proxy, firewall, and caching can be in separate server programs or combined in a single package. Different server programs can be in different computers. For example, a proxy server may in the same machine with a firewall server or it may be on a separate server and forward requests through the firewall.
-
- PKI
-
- A PKI (public key infrastructure) enables users of a basically unsecured public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
- The public key infrastructure provides for a digital certificate that can identify an individual or an organization and directory services that can store and, when necessary, revoke the certificates. Although the components of a PKI are generally understood, a number of different vendor approaches and services are emerging. Meanwhile, an Internet standard for PKI is being worked on.
-
- The public key infrastructure assumes the use of public key cryptography, which is the most common method on the Internet for authenticating a message sender or encrypting a message. Traditional cryptography has usually involved the creation and sharing of a secret key for the encryption and decryption of messages.
- This secret or private key system has the significant flaw that if the key is discovered or intercepted by someone else, messages can easily be decrypted. For this reason, public key cryptography and the public key infrastructure is the preferred approach on the Internet. (The private key system is sometimes known as symmetric cryptography and the public key system as asymmetric cryptography.)
-
- A
public key infrastructure consists of:
- A certificate authority (CA) that issues
and verifies digital certificate. A
certificate includes the public key or information about the public key
-
- A registration authority (RA) that acts as
the verifier for the certificate authority before a digital certificate is
issued to a requestor
- One or more directories where the certificates (with their
public keys) are held
- A certificate management system
-
·
Performance Monitor
·
Performance Monitor is the system monitoring utility included with
Windows NT. Performance Monitor is a robust utility that allows to monitor and
log performance statistics for a multitude of system parameters. It also allows
you to setup a system baseline, which can be used for troubleshooting system
performance problems.
·
Persistent connections
·
Those connections that are restored at each logon are known as
persistent.
·
Physical disk object
·
The physical disk object refers to physical hard drives in your
machine. These can be Integrated Drive Electronics (IDE) devices or Small
Computer System Interface (SCSI) devices. Performance Monitor will allow you to
track the performance of your hard drives to determine if upgrades or
replacements are necessary.
·
Point-to-Point Protocol (PPP)
·
A serial communication protocol most commonly used to connect a
personal computer to an Internet Service Provider (ISP). PPP is the successor
to Serial Line Internet Protocol (SLIP) and may be used over both synchronous
and asynchronous circuits.
·
Also, PPP is a full-duplex, connectionless protocol that supports
many different types of links. The advantages of PPP made it de facto standard
for dial-up connections.
·
Point-to-Point Tunneling Protocol (PPTP)
·
One of two standards for dial-up telephone connection of computers
to the Internet, with better data negotiation, compression, and error
corrections than the other Serial Line Internet Protocol (SLIP), but costing
more to transmit data and unnecessary when both sending and receiving modems
can handle some of the procedures.
·
Portable Operating System Interface for Unix (POSIX)
·
A defining language interface between the Unix OS and its
application programs. Adheres to the
·
Power users
·
End users with greater amounts of computer skills than average.
·
Primary Domain Controller (PDC)
·
An NT security management for its local domain. The PDC is
periodically synchronized to its copy, the Backup Domain Controller (BDC). Only
one PDC can exist in a domain.
·
In an NT 4.0 single domain model, any user having a valid domain
user account and password in the user accounts database of the PDC has the
ability to log onto any computer that is a member of the domain, including
MetaFrame servers.
·
Processor object
·
The processor object gives details about the processors installed
in the system. These can be on single processor systems or multiple processor
systems.
·
Processor usage
·
This is the percent of time that the processor is busy.
·
Program Neighborhood
·
You can think of Program Neighborhood as the Citrix equivalent of
Network Neighborhood (Windows 9x, NT 4.0) or My Network Places (Windows 2000).
Network Neighborhood allows you to search for and connect to resources on your
network. When you first open it, you see a list of servers that are the ones
most likely to be located near you and have resources you want to utilize.
·
Once you find the server you are looking for, you double-click it
to access its resources. Program Neighborhood is the latest evolution in client
access technology from Citrix. It provides similar functionality to Network
Neighborhood in the Citrix server environment. In the Citrix environment, we
publish applications to make them available for users to access.
·
If an administrator has done his or her job correctly, a user
opening Program Neighborhood is presented with a list of available programs
that relate most strongly to the user’s job function. Program Neighborhood
eliminates the need to run a desktop session in order to run server-based
applications.
·
Public Switched Telephone Network (PSTN)
·
With a total of 300 million connections or more, PSTN is probably
one of the largest voice telephone network using circuit switching.
·
Published Application Manager
·
The published application manager utility is used to publish and
manage applications. Published applications are viewed within the scope of a
server, domain or server farm. The published application manager is a central
location to quickly reference the characteristics and status of published
applications.
R
·
RC5 Algorithm
·
The RC5 algorithm is used to encrypt Independent Computing
Architecture (ICA) packets. RC5 is a well-tested encryption technology that was
developed by RSA Data Security, Inc. It is a symmetric key algorithm, meaning
that one key is used to both encrypt and decrypt data. Security of the data
depends on protecting the session key that will be used by both the server and
the client.
·
The Diffie-Hellman key agreement method is used to generate the
same RC5 key on both the client and the server, without transmitting over the
network information that might compromise the security of the key.
·
ReadyConnect Client
·
The ReadyConnect Client feature allows administrators to create
preconfigured client disks for Win16 and DOS Independent Computing Architecture
(ICA) clients. To do this, the administrator must install the client on a
workstation, configure it to the desired specification, and then copy several
files from the workstation to the installation diskette.
·
This procedure makes installing the client much easier and reduces
the opportunity for error and variation in client configuration.
·
Redundant Array of Inexpensive Disks (RAID)
·
Although mirroring and duplexing are forms of RAID, most people
think of RAID as involving more than two drives. The most common form of RAID
is RAID-5, which is the striping of data across three or more drives, providing
fault tolerance if one drive fails.
·
For the best disk performance, consider using a SCSI RAID
(Redundant Array of Independent Disks) controller. RAID controllers
automatically place data on multiple disk drives and can increase disk
performance.
·
Using the software implementation of RAID provided by NT would
increase performance if designed properly, but the best performance is always
realized through hardware RAID controllers.
·
Redundant Array of Inexpensive Disks level 0 (RAID0)
·
A RAID scheme that uses data stripping to improve disk performance
but does not protect against data loss due to drive failure. Consider using
RAID 0 (disk striping without parity) opposed to RAID 5 (disk striping with
parity).
·
Although RAID 5 provides some performance increase, RAID 0
provides the greatest performance increase since parity information does not
need to be calculated.
·
Redundant Array of Inexpensive Disks level 1 (RAID1)
·
A RAID version using two hard disks with identical contents.
Because RAID level 1 (RAID1) does not employ data stripping, it offers no speed
advantage. If you are worried about data loss in the event of a failure, ensure
that users are not storing any data on the Terminal Server.
·
Instead, have them store data on a file and print server in
the organization that is backed up regularly and/or uses a RAID 1(disk
mirroring) or RAID 5 array.
·
Redundant Array of Inexpensive Disks level 5 (RAID5)
·
The most common RAID version. RAID5 distributes both sectors and
sector-checking functions across the entire array. Consider using RAID 0 (disk
striping without parity) opposed to RAID 5 (disk striping with parity).
·
Although RAID 5 provides some performance increase, RAID 0
provides the greatest performance increase since parity information does not
need to be calculated. If you are worried about data loss in the event of a
failure, ensure that users are not storing any data on the Terminal Server.
·
Instead, have them store data on a file and print server in the
organization that is backed up regularly and/or uses a RAID 1(disk mirroring)
or RAID 5 array.
·
Remote Access Service (RAS)
·
Remote Access Service is a built in feature of the Microsoft NT
operating system. It allows users to dial establish a connection to an NT
network over a standard phone line. Remote Access allows users to access files
on a network or transfer files from a remote PC, over a Dial-Up Networking
connection.
·
The performance of transferring files over a dial-up connection is
very similar to the performance you would get if you were downloading a file
from the Internet.
·
Remote Application Manager (RAM)
·
Currently, Program Neighborhood is available only in the Win32
client. The other clients still use an older client access technology called
Remote Application Manager (RAM). RAM is an excellent client; however, it
requires the user to manually create connections for published applications and
servers before they can be used.
·
With RAM, the user is the one who must configure the connection.
Users need to be educated about many different parameters to create these
connections successfully.
·
Remote control computing
·
With remote control computing, an application’s interface is
comparable to the remote control that you would use to operate a remote
controlled car. Users can connect to a computer remotely and operate it, or applications
that are running on it, from just about anywhere.
·
Remote Desktop Protocol (RDP)
·
Services protocol controlling Input/Output (I/O) between a
terminal client and server. The RDP that
the Microsoft Terminal Server client uses is based on the T-120 protocol which
is a multichannel capable protocol that allows for separate virtual channels
for carrying serial device communication and presentation data from the server, as well as encrypted client data.
·
Resource Management Services (RMS)
·
Citrix Resource Management Services is a systems management and
application product designed to effectively manage Citrix server environments
of all sizes. Ranging from single server installations to large-scale
enterprise installations, Citrix Resource Management Services provides
extensive audit trail, detailed billing reports and system monitoring.
·
In addition, this add-on product is compatible not only with
Citrix MetaFrame and Citrix WinFrame but also for Microsoft Windows NT Server
4.0, Terminal Server Edition.
·
Rivest Shamir Adleman (RSA)
·
A two-part cryptography method wherein the public key is common
knowledge and the private key is held by the owner.
·
Roaming profile
·
Microsoft also defines a third type of profile called roaming
which follows a user to every computer on the network without the need for
reconfiguration. Due to its very nature, all profiles in MetaFrame are in fact
roaming.
·
Round robin
·
A sequence that repeats continuously.
S
·
Scalability
·
Scalability is defined as the network’s ability to efficiently
accommodate continued growth. For example, a five-user network will experience
the same performance even if it increases to 50 users on a truly scalable
network. Network scalability can be affected by expansion.
·
If, for example, a company opens a branch office to accommodate
new business, the corporate network needs to be able to accommodate the new
network demands of the branch office. Scalability is important in a Microsoft
Terminal Server environment where applications are running 100 percent on the
server.
·
Scalability of a Terminal Server solution will depend on three
things: the application suite that is being run on the server, the server
configuration, and network bandwidth.
·
Seamless desktop integration
·
Seamless desktop integration is the ideal of making server-based
applications that are running remotely function and perform like an application
that is running locally. Seamless desktop integration includes features such as
the client’s ability to run a remote seamless window, dynamic session printer
mapping, dynamic session drive mapping, and even dynamic session audio mapping.
·
SecureICA Services
·
Citrix SecureICA Services provides advanced end-to-end encryption
of the Independent Computing Architecture (ICA) data stream. As security is
becoming an increasing popular topic for system administrators today, SecureICA
Services for MetaFrame and WinFrame addresses the need for additional security
by delivering end-to-end encryption for data and applications.
·
SecureICA provides three levels of encryption for data that passes
over the network: 40 bit, 56 bit, and 128 bit.
·
Security Accounts Manager (SAM)
·
The Security Accounts Manager (SAM) is the portion of the Windows NT
Server registry that stores user account information and group membership.
Attributes that are specific to Terminal Server can be added to user accounts.
This adds a small amount of information to each user’s entry in the domain’s
SAM.
·
Sequenced Packet eXchange (SPX)
·
The communications protocol (from NetWare) used to control network
message transport.
·
Serial Line Internet Protocol (SLIP)
·
The standard (one of two) for how a workstation or PC can dial up
a link to the Internet that defines the transport of data packets through an
asynchronous telephone line, allowing computers not part of a Local Area
Network (LAN) to be fully connected to the Internet.
·
SLIP is preferable to shell access (a dial-up, text-only account
on a UNIX computer) because users, no matter what Internet tools they have
chosen can run more than one Internet application at a time and download data
directly.
·
Server Administration Tool
·
The Citrix Server Administration Tool provides a single point of
reference for managing all servers and connections in a MetaFrame environment.
The tool is divided into two panes the left or context pane determines what
data is displayed in the right or detail pane.
·
The context pane displays information based on three different
criteria; server, published application and video server. Each of these tabs
provides the context from which data will be drawn.
·
The right hand window also has several tabs, which provide
specific data for monitoring and configuring the MetaFrame environment.
Everything is arranged in a hierarchical fashion in the left pane from a global
“all servers” to the individual session. Right clicking on any item in the
left-hand window provides a context sensitive menu of valid options.
Highlighting any item in the left pane displays details regarding that item in
the right window.
·
Server Farm Management Scope
·
The server farm management scope lies at the heart of the very
latest client access technology from Citrix. When applications are published in
this scope, they become instantly accessible to clients using Program
Neighborhood.
·
As an administrator, you also have the option of placing an icon
for the application on the user’s desktop and in the user’s Start menu. In
addition, you are able to specify who can access the application.
·
Only users who are authorized to use the application will have the
icons appear in their versions of Program Neighborhood. The nice thing about
this feature is that users do not have to sort through a bunch of icons looking
for the ones that relate to them. Programs that are inappropriate for them are
not made available. These options are available only for Win32 clients.
·
Server Farms
·
Server farms are one or more servers grouped together to be
managed as a single unit. Servers can be in the same domain or multiple
domains, as long as there is a common pool of users.
·
Server-based computing
·
Server-based computing requires to two core elements to function:
an operating system that supports multiple simultaneous user logons, and a
remote presentation services protocol that can separate an application’s logic
from its user interface.
·
The remote presentation service protocol ensures that only user
input such as keystrokes, mouse movements, and mouse clicks travel from the
client to the server, while only screen updates travel from the server to the
client.
·
Session shadowing
·
Session shadowing enables a system administrator to interact with
any user session that is being run on the Winframe server.
·
Shadowing
·
One of the most popular features of Citrix Metaframe and Winframe
is shadowing. Shadowing is a feature that lets an administrator or help desk
personnel take control of a users Citrix Session, thus enabling the
administrator or help desk personnel to easily assist with training and/or
troubleshooting.
·
With UNIX Integration Services installed, any X11 users Metaframe
or Winframe session can be shadowed from any X11 desktop. Also, shadowing
allows an administrator to view a user’s session and optionally take control of
the keyboard and mouse of that session.
·
Simple Network Management Protocol (SNMP)
·
A standard for managing hardware devices connected to a network,
approved for UNIX use, which lets administrators know, for example, when a
printer has a paper jam or is low on toner.
·
Small Computer System Interface (SCSI)
·
A complete expansion bus interface that accepts such devices as a
hard disk, CD-ROM, disk drivers, printers, or scanners.
·
Sneakernet
·
Instead of using a network to transfer data, the user physically
carries floppies from one computer to another.
·
Solaris
·
An operating system used in SPARC (Sun/SunSoft) computers. Solaris
is capable of multitasking and multiprocessing and can use UNIX applications.
·
Speed screen
·
Speed Screen is an Independent Computing Architecture (ICA)
protocol agent that compares recently transmitted data with data about to be
transmitted to the client. By sending only changed data to the client,
bandwidth utilization between server and client is reduced.
·
Speed Screen intelligently caches images locally on the client device,
reducing the amount of traffic that an
·
Originally deployed in Citrix’s WinFrame 1.0 product, Speed Screen
reduced bandwidth 20 percent to 30 percent by repainting only changed areas
within a screen. Speed Screen 2, an improved version of the original Speed
Screen, is used in MetaFrame 1.8. Speed Screen under MetaFrame 1.8 can reduce
bandwidth requirements up to 60 percent.
·
Speed Screen is an inherent feature of Citrix ICA connections and
requires no installation or configuration.
·
Streaming video
·
The ability transmit video one-way over a network.
·
Structured Query Language (SQL)
·
A concise IBM query language (only 30 commands) structured like
English, widely used in database management applications for mainframes and
minicomputers.
·
Swap activity
·
This is the number of times per second the pagefile is accessed.
·
Swap file
·
A file used to store instructions and data that do not fit in
Random Access Memory (RAM).
·
System policy
·
System policies allow administrative control of computer resources
available to a user or (most commonly) group of users. It is natural to
separate users into groups by the functions that they perform.
·
Once this is done, system policies can be implemented rather
quickly. These policies control many features of the desktop environment.
·
System scalability
·
The ability to adapt to organizational needs and accommodate
future growth.
·
Systems management
·
Support and maintenance of servers, desktops, and infrastructure
devices.
T
·
Telephony Application Program Interface (TAPI)
·
A Microsoft and Intel programming interface. TAPI allows the user
to connect with and use voice services on a server.
·
Terminal Server
·
Terminal Server is a special edition of Windows NT that adds
UNIX-like multi-user capabilities and support to Windows NT Server 4.0. The
current version is Windows NT Server 4.0 Terminal Server Edition (code named
Hydra).
·
Thin Client Processing
·
The processing of data in small amounts, such as screen outputs or
keying in text. This processing usually occurs between client and server.
·
Transmission Control Protocol/Internet Protocol (TCP/IP)
·
A set of communications standards created by the U.S. Department of
Defense (DoD) in the 1970s that has now become an accepted way to connect
different types of computers in networks because the standards now support so
many programs.
·
Trust relationship
·
An NT server intra-associated in a single domain. A trust
relationship permits a user access to all intra-associated resources without
reauthentication. Setting up proper trust relationship is crucial to allow
users to cross domain boundaries.
·
U
·
Unimodem
·
A Microsoft driver able to supply telephony services for data and
fax/modems access.
·
Universal Naming Convention (UNC)
·
An identification standard of servers and other network resources.
·
UNIX Integration Services
·
Citrix UNIX Integration Services allows X11 devices to connect to MetaFrame
and WinFrame without any additional client software required. The Citrix Unix
Integration Services provide many utilities which provide impressive
integration of X11 devices into a Citrix multiuser environment.
·
User load
·
This is the ratio of the current number of users to the maximum
number of users the server can support. By default, this is an arbitrarily
large number.
·
User profiles
·
Often, users have already been assigned WindowsNT profiles. It may
be desirable to assign specific profiles to be used for users that connect to
Terminal Server across the Wide Area Network (WAN) or if the administrator
wants to use a profile that is different than the user’s normal profile.
·
Whenever a user logs on to a server running Terminal Server, the
server will first search for the Terminal Server–specific profile. If a
Terminal Server profile is not found, it will attempt to load the user’s
Windows NT profile. User profiles are a straightforward yet powerful way to
control user access to resources and features.
·
V
·
Video servers
·
The Video Server tab is used for viewing Video Servers. Video
servers are servers running VideoFrame as opposed to MetaFrame. Separating
MetaFrame and VideoFrame servers onto separate tabs is very helpful because their
purposes and uses are separate and it prevents the two from becoming confused.
·
VideoFrame
·
VideoFrame enables organizations to efficiently integrate, manage,
publish and maintain streamed audio and video content to Program Neighborhood
clients throughout the enterprise.
·
VideoFrame scales streams according to the available bandwidth
allowing modem users and WAN based users over low bandwidth connections access
video content and experience a high-quality multimedia experience. VideoFrame
is a companion product to MetaFrame for distributing streaming multimedia and
are not used for running standard applications such as run on MetaFrame.
·
And, Citrix developed VideoFrame as an enhancement to existing
MetaFrame environments allowing centralized administration and publishing of
streaming video that can be accessed on demand by clients running Program
Neighborhood.
·
VideoFrame runs on a standard NT 4.0 server or workstation
(service pack 3 or higher) with a fast Small Computer System Interface (SCSI)
hard disk subsystem and the fastest Ethernet connection your Local Area Network
(LAN) will support. VideoFrame is licensed by “concurrent stream” as opposed to
concurrent session.
·
Virtual DOS Machine (VDM)
·
A combined OS/2 and NT session created for DOS. This session
mimics DOS so DOS and its 16-bit Windows applications will be able to operate.
W
·
Wide Area Network (WAN)
·
A network using high-speed long-distance common-carrier circuits
or satellites to cover a large geographic area.
·
Winframe
·
Citrix released Winframe in 1995. Winframe gives organizations the
ability to provide access to most Windows based applications across any type of
network connection to any type of client. Organizations use WinFrame to offer
applications to a variety of client devices over any network connection.
·
WinStation Administration
·
Using the WinStation Administration utility, an administrator can
see what users are logged on to the Winframe network at any given time. The
WinStation Administration utility supports session shadowing, which enables a
system administrator to interact with any user session that is being run on the
Winframe server.
·
Winview for Networks
·
The updated version of Citrix’s Multi-User system.
·
X
·
Xcapture
·
The Xcapture utility allows users to cut and paste graphics
between X11 desktops and MetaFrame and WinFrame sessions.