Glossary

    A
  • In an active-passive cluster failover configuration, one or more passive or standby nodes can take over for failed nodes. Normally, only the primary node is used for processing. When it fails, the standby node takes over the resources and the identity of the failed node. The services provided by the failed node are started on the standby node. After the switch, clients can access the services unaware that the services are being provided by a different node.
  • In FTP active mode, the client establishes the command channel, from client port X to server port 21, but the server establishes the data channel, from server port 20 to client port Y, where the client supplies Y. Also see passive mode.
  • In SecureTransport, advanced routing is an intelligent routing engine enabling flexible provisioning of new data flows, creating diverse patterns for moving data among parties.
  • The Advanced Encryption Standard (AES) is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.
  • An event that occurs in the system, such as a product registration failure. An alert may require user intervention.
  • Message sent to recipients defined in an alert rule.
  • A definition containing parameters and notification information. An alert rule is triggered when an alert occurs in the system.
  • An application programming interface (API) is a protocol intended for use as an interface by software components to communicate with each other.
  • The logical definition of a business application that is the real endpoint of a file exchange.
  • Asynchronous communication is when data are sent intermittently rather than in a steady stream.
  • B
  • The top level of the LDAP directory tree is the base DN. DN stands for distinguished name.
  • BSON, short for Bin­ary JSON, is a bin­ary-en­coded seri­al­iz­a­tion of JSON-like doc­u­ments. Like JSON, BSON sup­ports the em­bed­ding of doc­u­ments and ar­rays with­in oth­er doc­u­ments and ar­rays.
  • C
  • A certificate authority (CA) is a trusted third party that issues digital certificates for use by other parties.
  • A digital certificate contains keys used for encrypting and signing messages, and also for decrypting and verifying signatures. A certificate can contain a public-private key pair or a public key only. See key.
  • An object or command for general Transfer CFT environment parameters.
  • In Transfer CFT, the CFTPART command describes each partner relative to the network/protocol environment by defining the Transfer CFT protocols, network identification, and intermediate partner identification.
  • Command line interface (CLI) is a tool for performing actions on products and services.
  • Client communication profiles contain details for the sender or receiver to connect via a protocol to the server. The sender acts as client when it pushes files to the receiver. The receiver acts as a client when it pulls files from the sender.
  • Maximum number of sessions for incoming connections in Transfer CFT.
  • Maximum number of communication sessions in Transfer CFT.
  • Maximum number of sessions for outgoing connections in Transfer CFT.
  • Command line interface (CLI) is a tool for performing actions on products and services.
  • A communication profile contains the technical details for making connections between clients and servers to transfer data. There are two types of communication profiles: client and server. The two types of profiles are based on the roles of senders and receivers in file transfers.
  • Component security descriptor (CSD) files are XML files that define product resources, user privileges and user roles for each product that integrates with Central Governance for identity and access management.
  • Core services support the Central Governance graphical user interface, identity management and management of all functions related to product configuration and flow definition.
  • Information to verify a user's identity. For example: passwords, X.509 certificates.
  • A certificate revocation list (CRL) is a list of X.509 certificates that have been revoked or are no longer valid and should not be relied upon.
  • In Transfer CFT, a scheduled job defined within a script that executes a specified task at set dates and times.
  • See CRONJOB
  • In Transfer CFT, a CRONTAB is a parameter that represents a file or list of files containing the scheduled jobs.
  • Component security descriptor (CSD) files are XML files that define product resources, user privileges and user roles for each product that integrates with Central Governance for identity and access management.
  • In public key infrastructure, a certificate signing request (CSR) is a message sent from an applicant to a certificate authority to apply for a digital identity certificate.
  • D
  • database administrator
  • Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Dependency-check can currently be used to scan Java applications and their dependent libraries to identify any known vulnerable components.
  • In Transfer CFT, a distribution list manages the list of partners for distribution and collection operations. Use of a distribution list enables, with a single command, sending or receiving a file to all targets or sources in the list.
  • A demilitarized zone (DMZ) or perimeter network is a physical or logical subnetwork that contains and exposes an organization's external-facing services to a larger and untrusted network, usually the Internet. A DMZ adds an additional layer of security to an organization's local area network (LAN). An external network node only has direct access to equipment in the DMZ, rather than any other part of the network.
  • Domain Name System (DNS) is an Internet service that translates domain names into IP addresses. As the Internet is based on IP addresses, a DNS service must translate the name into the corresponding IP address.
  • A document type definition (DTD) is a set of markup declarations that define a document type for an SGML-family markup language (SGML, XML, HTML).
  • E
  • Extended Binary Coded Decimal Interchange Code (EBCDIC) is an 8-bit character encoding used mainly on IBM mainframe and IBM midrange computer operating systems.
  • A password-protected repository of certificates and keys.
  • SecureTransport uses an expression language (EL) based on the Sun JSP Expression Language. See the SecureTransport documentation for details. The following SecureTransport features can use EL: transfer site post-transmission actions, subscription post-transmission actions, PGP, account templates.
  • F
  • Fine-grained access control (FGAC) is a way to manage users' access to objects or capacity to perform actions. For example, you could enable some users to view specific objects in the user interface, but prohibit other users from viewing the same objects.
  • When a group of files are transferred, the files are transmitted individually
  • Federal Information Processing Standards (FIPS) have been developed by the U.S. government. FIPS describes document processing, cryptographic algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies. Your user license for this software supports FIPS-compliant implementations of certain cryptographic algorithms or IAIK implementations of those algorithms. Also see IAIK in the glossary. For more information about FIPS, see http://www.itl.nist.gov/fipspubs/.
  • A flow specifies the technical details and communications protocols for exchanging business data between business applications or partners.
  • A flow specifies the technical details and communications protocols for exchanging business data between business applications or partners.
  • Fortify is Hewlett-Packard software for users to assess, assure and protect enterprise software and applications from security vulnerabilities.
  • fully qualified domain name
  • File Transfer Protocol (FTP) is a standard network protocol for transfering files from one host to another host over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and uses separate control and data connections between the client and the server.
  • G
  • Global File System (GFS) is a cluster file system that enables a cluster of computers to simultaneously use a block device that is shared between them. GFS reads and writes to the block device like a local file system, but also allows the computers to coordinate their I/O to maintain file system consistency. With GFS any changes that are made to the file system on one computer will immediately be seen on all other computers in that cluster.
  • group ID
  • When a group of files is transferred, the files are transmitted as a group when possible.
  • Groups enable you to organize and manage related products.
  • graphical user interface
  • H
  • Hazelcast is an in-memory open-source software data grid based on Java. By having multiple nodes form a cluster, data are distributed evenly among the nodes. This enables horizontal scaling for storage space and processing power. Backups are distributed similarly to other nodes, protecting against single-node failure.
  • Hardware security module
  • HTTP Strict Transport Security (HSTS) ensures browsers connect securely to the user interface. If a user includes http:// in the URL to connect, HSTS converts it to https://.
  • Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. HTTP defines how messages are formatted and transmitted, and what actions web servers and browsers should take in response to commands.
  • HTTPS is a protocol for secure communication over a computer network widely used on the Internet. HTTPS consists of communication over Hypertext Transfer Protocol (HTTP) within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer. HTTPS is also called HTTP over TLS, HTTP over and HTTP Secure.
  • I
  • The Institute for Applied Information Processing and Communications (IAIK) researches information and computer security. This includes design and implementation of cryptographic algorithms and protocols in hardware and software, network security and trusted computing. Your user license for this software supports FIPS-compliant implementations of certain cryptographic algorithms or IAIK implementations of those algorithms. Also see FIPS in the glossary. For more information about IAIK see http://www.iaik.tugraz.at/.
  • Identity and access management (IAM) is a role-based solution for securing enterprise resources and managing user access to protected network components through a continuous and interactive authorization process.
  • IBM i is an EBCDIC-based operating system that runs on IBM Power Systems and on IBM PureSystems. The name, introduced in 2008, is the current evolution of the operating system. IBM i, formerly named i5/OS, originally was named OS/400 when introduced with the AS/400 computer system in 1988.
  • Identity and access management (IAM) is a role-based solution for securing enterprise resources and managing user access to protected network components through a continuous and interactive authorization process.
  • A central repository for managing user identity information, such as roles, privileges and groups. There are two types: internal and external.
  • An IDF is a model file identifier, or file identifier, in Transfer CFT.
  • In Transfer CFT, the IPART is the local identifier of an intermediate partner. The identifier must correspond to the ID parameter of a CFTPART object. This parameter is involved in the file store and forward or backup mechanism.
  • Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet, and was the first version deployed for production in the ARPANET in 1983. It still routes most Internet traffic today, despite the ongoing deployment of a successor protocol, IPv6.
  • Internet Protocol version 6 (IPv6) is a set of specifications from the Internet Engineering Task Force (IETF) that's essentially an upgrade of IP version 4 (IPv4).
  • The International Organization for Standardization sets standards in many businesses and technologies, including computing and communications.
  • J
  • Java database connectivity (JDBC) is an API for the Java programming language that defines how a client can access a database. It provides methods for querying and updating data in a database. JDBC is oriented towards relational databases.
  • JavaScript Object Notation (JSON) is a text-based open standard designed for human-readable data interchange. It is derived from the JavaScript scripting language for representing simple data structures and associative arrays, called objects. Despite its relationship to JavaScript, it is language-independent, with parsers available for many languages.
  • K
  • Keys are contained in digital certificates. There are two kinds of keys: Private and public. A private key is your secret key for decrypting messages or signing messages. A public key is also your key, but it can be used by a partner to encrypt messages that only you can decipher with your private key.
  • L
  • Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network.
  • Secure Lightweight Directory Access Protocol (LDAPS) is an extension of the LDAP protocol, where all LDAP protocol messages are transported on a secure, encrypted channel. To establish a connection with the directory, the client must perform an SSL/TLS handshake with the server before any LDAP traffic is exchanged.
  • Log4j, an open source project, allows the developer to control which log statements are output with arbitrary granularity. It is fully configurable at runtime using external configuration files.
  • M
  • Managed file transfer (MFT) refers to software or a service that manages the secure transfer of data from one computer to another through a network or over the Internet.
  • N
  • Nessus is an open-source network vulnerability scanner that uses the Common Vulnerabilities and Exposures architecture for easy cross-linking between compliant security tools. Nessus employs the Nessus Attack Scripting Language (NASL), a simple language that describes individual threats and potential attacks.
  • In Transfer CFT, the name of the physical file at the receiver partner site.
  • Network File System (NFS) is a distributed file system protocol originally developed by Sun Microsystems in 1984. It allows a user on a client computer to access files over a network in a manner similar to how local storage is accessed.
  • See alert notification.
  • NTOSpider, a dynamic application security scanner for testing web and mobile applications, identifies application vulnerabilities and site exposure risk.
  • O
  • In Transfer CFT, the IMINTIME, IMAXTIME, OMINTIME and OMAXTIME parameters of the CFTPART command define the time slot for communicating with a partner for incoming and outgoing calls.
  • In Transfer CFT, the IMINTIME, IMAXTIME, OMINTIME and OMAXTIME parameters of the CFTPART command define the time slot for communicating with a partner for incoming and outgoing calls.
  • See IBM i
  • P
  • A user parameter or parameter file in Transfer CFT.
  • In Transfer CFT a partner is a logical entity such as a bank, a government agency or trading partner, that can be the sender or receiver of data. A partner corresponds to a remote file-transfer controller.
  • Partners represent entities such as companies that send or receive business data in file transfers governed by Central Governance flows.
  • In FTP passive mode, the client establishes the command channel and the data channel. The server tells the client which port to use for the data channel. Also see active mode.
  • Rules and conditions for valid passwords, such as character length, case requirements and validity periods.
  • A penetration test, or pentest, is an attack on a computer system with the intention of finding security weaknesses, potentially gaining access to it, its functionality and data.
  • PeSIT is an open file transfer protocol often associated with Axway. PeSIT stands for Protocol d’Echanges pour un Systeme Interbancaire de Telecompensation. It was designed as a specialized replacement for FTP to support European interbank transactions in the mid-1980s.
  • Pretty Good Privacy (PGP) is a data encryption and decryption program for cryptographic privacy and authentication in data communication. PGP often is used for signing, encrypting, and decrypting texts, emails, files, directories and whole disk partitions, and to increase the security of email communications.
  • The file label predefined in the transfer profile in SecureTransport.
  • The predefined user message in the PeSIT transfer site in SecureTransport.
  • Public key infrastructure (PKI) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data through use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority.
  • A user right to perform an action on a resource.
  • In Transfer CFT, a set of rules in a file for actions to execute on files transferred between Transfer CFTs. A processing script can be executed before a transfer (pre-processing script) or after a transfer (post-processing script).
  • Axway business application software. For example, Transfer CFT.
  • Axway business application software. For example, Transfer CFT.
  • The parallel Transmission Control Protocol (pTCP) is an end-to-end transport layer protocol that supports striped connections.
  • R
  • Oracle Real Application Clusters (RAC) provides software for clustering and high availability in Oracle database environments.
  • Redundant array of independent disks (RAID) is a storage technology that combines multiple disk drive components into a logical unit for the purposes of data redundancy and performance improvement. Data are distributed across the drives in one of several ways, referred to as RAID levels, depending on the specific level of redundancy and performance required.
  • In computer systems security, role-based access control (RBAC) is an approach to restricting system access to authorized users. RBAC is sometimes referred to as role-based security.
  • A relay is an intermediate product between the source and target, or true sender and true receiver, in a flow. A relay can be an Axway product or an unmanaged product.
  • A class of object in a product whose use can be authorized only through privileges associated with user roles.
  • Representational State Transfer (REST) is a software architecture style for building scalable web services. REST consists of a coordinated set of constraints applied to the design of components in a distributed hypermedia system that can lead to a more performant and maintainable architecture.
  • When Central Governance restarts Transfer CFTs to update their configurations, only the Transfer CFT servers are restarted. Central Governance does not start or stop Transfer CFT Copilots. Central Governance communicates with Transfer CFT servers via their Copilots. Central Governance can perform actions on Transfer CFT servers only when their Copilots are running.
  • RESTful systems typically, but not always, communicate over the Hypertext Transfer Protocol with the same HTTP verbs (GET, POST, PUT, DELETE) web browsers use to retrieve web pages and to send data to remote servers. Representational State Transfer (REST) interfaces usually involve collections of resources with identifiers. For example, /people/paul, which can be operated upon using standard verbs, such as DELETE /people/paul.
  • Remote method invocation (RMI) is a distributed object technology for the Java programming language. It is available as part of the core Java application programming interface (API) where the object interfaces are defined as Java interfaces and use object serialization.
  • A collection of privileges. Roles are assigned to users and govern the products they can access and the actions they can perform.
  • S
  • In cryptography, a salt is random data that are used as an additional input to a one-way function that hashes a password or passphrase. The primary function of salts is to defend against dictionary attacks and pre-computed rainbow table attacks. A new salt is randomly generated for each password. In a typical setting, the salt and the password are concatenated and processed with a cryptographic hash function, and the resulting output (but not the original password) is stored with the salt in a database. Hashing allows for later authentication while defending against compromise of the plaintext password in the event that the database is somehow compromised.
  • The secure development lifecycle (SDL) is process for enhancing product security during development of the product.
  • In cryptography and computer security, a self-signed certificate is an identity certificate that is signed by the same entity whose identity it certifies. This term has nothing to do with the identity of the person or organization that actually performed the signing procedure. In technical terms a self-signed certificate is one signed with its own private key.
  • Server communication profiles contain details for a client to transfer data via a protocol to the sender or receiver that acts as a server. The sender acts as a server when it publishes files for the receiver. The receiver acts as a server when it receives files pushed by the sender.
  • A service class groups product services that facilitate data flows.
  • SSH File Transfer Protocol (SFTP) is a network protocol for file transfer and manipulation functionality over any reliable data stream.
  • The Secure Hash Algorithm (SHA) is a family of cryptographic hash functions published by the National Institute of Standards and Technology (NIST) as a U.S. Federal Information Processing Standard (FIPS).
  • In Oracle, a SID dentifies the database instance (database name + instance number). For example, if the database name is somedb and the instance number is 3, the SID is somedb3.
  • Single sign-on (SSO) enables a user to log on once and gain access to all components managed by the SSO system without being prompted to log on again for each component.
  • Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail (email) transmission.
  • Simple Object Access Protocol (SOAP) is a protocol specification for exchanging structured information in the implementation of Web services in computer networks. It relies on Extensible Markup Language (XML) for its message format. SOAP usually relies on other application layer protocols, most notably Hypertext Transfer Protocol (HTTP) or Simple Mail Transfer Protocol (SMTP), for message negotiation and transmission.
  • The source is the owner of the data being transferred.
  • Transfer mode in which the Transfer CFT where the files are located initiates the transfer
  • Secure Shell (SSH), sometimes known as Secure Socket Shell, is a UNIX-based command interface and protocol for securely getting access to a remote computer.
  • Secure Sockets Layer (SSL), which is the predecessor of Transport Layer Security (TLS), is an encryption protocol that ensures communication security over the Internet. See TLS for more information.
  • Single sign-on (SSO) enables a user to log on once and gain access to all products managed by the SSO system without being prompted to log on again for each product.
  • STARTTLS is an extension to plain text communication protocols, which offers a way to upgrade a plain text connection to an encrypted TLS or SSL connection instead of using a separate port for encrypted communication.
  • Store-and-forward occurs when files are routed through one or more intermediary sites called store-and-forward sites. The feature only is available from a requester/sender (write-mode transfer).
  • Synchronous communication is when data are sent in a continuous stream at a constant rate.
  • T
  • Keywords for classifying objects like applications, products, flows, partners.
  • The target is the receiver of the data exchange.
  • Transfer mode in which the Transfer CFT that will receive the files sends a request to another Transfer CFT to send the files
  • The Transmission Control Protocol (TCP), one of the core protocols of the Internet protocol suite (IP), is often called TCP/IP. TCP provides reliable, ordered and error-checked delivery of a stream of octets between programs running on computers connected to a local area network, intranet or the public Internet. It resides at the transport layer.
  • Transport Layer Security (TLS) is an encryption protocol that ensures communication security over the Internet. TLS encrypts the network connection above the transport layer. TLS uses asymmetric cryptography for key exchange, symmetric encryption for privacy and message authentication codes for message integrity. Secure Sockets Layer (SSL) is the predecessor of TLS.
  • in Transfer CFT, the data transport and exchange of the actions to be taken on the data (read, write, create, delete) from one computer (partner) to another via a network. One of the partners is the sender and the other the receiver.
  • U
  • Stands for unified configuration in Transfer CFT.
  • The UDP-based Data Transfer Protocol (UDT) is a high performance data transfer protocol designed for transferring large volumetric data sets over high-speed wide-area networks.
  • see Unified Flow Management
  • user interface (same as graphical user interface or GUI)
  • A user ID (UID) is a unique positive integer assigned by a Unix-like operating system to each user. Each user is identified to the system by its UID, and user names are generally used only as an interface for humans.
  • Unified Flow Management (UFM) is a set of Axway products that enable you to manage the flow of data within and outside your enterprise.
  • Unmanaged products are systems that are not registered in Central Governance, but that are integrated in flows for transferring files. Unmanaged products can be Axway products that cannot register in Central Governance or third-party products.
  • Unmanaged products are systems that are not registered in Central Governance, but that are integrated in flows for transferring files. Unmanaged products can be Axway products that cannot register in Central Governance or third-party products.
  • A uniform resource identifier (URI) is a string of characters for identifying the name of a resource. This enables interaction with representations of the resource over a network, typically the World Wide Web, using specific protocols.
  • A subroutine invoked by a software package for a predefined event in the execution of the package. Clients of the package can substitute their own subroutines in place of the default ones provided by the package vendor to provide customized functionality. A typical use is replacing the user exits provided by a sort-merge package, where the user program provides its own subroutines for comparing records. The procedures provided by the user take the place of the default routines provided by the package vendor. Procedures provided as user exits are typically compiled into a static library and linked directly with the package to produce an executable program. Another approach employs dynamic libraries to accomplish the same thing.
  • A universally unique identifier (UUID) is an identifier standard used in software construction. A UUID is simply a 128-bit value. The meaning of each bit is defined by any of several variants.
  • V
  • A virtual private network (VPN) is constructed by using public wires — usually the Internet — to connect to a private network, such as a company's internal network.
  • W
  • A software system designed to support interoperable machine-to-machine interaction over a network.
  • The sequence of tasks through which a process advances from initiation to completion.
  • In the PeSIT protocol, a write-mode transfer occurs when a file is sent from the requester to the server.
  • Z
  • z/OS is a 64-bit operating system for mainframe computers, produced by IBM. It derives from and is the successor to OS/390.
  • A zip bomb, also known as a zip of death or decompression bomb, is a malicious archive file designed to crash or render useless the program or system reading it. It is often employed to disable antivirus software and create an opening for more traditional viruses.

 

Central Governance | Document Directory

Related Links