Glossary
An alphabetical list of terms relating to IAP (Itential Automation Platform), with brief explanations. The content in this glossary will be a living document and continue to grow as more functions and features are developed throughout the software.
Refer to the Itential Resources guide for additional information not provided in this glossary.
A-D
| Term | Definition |
|---|---|
| AAA | Acronym for authentication, authorization, and auditing. Pronounced “triple A”. AAA is a a set of services for controlling access to network resources, enforcing policies, and keeping a record of user activity and the resources a user consumes during access. AAA services are important for effective network management and security. |
| Adapter | Adapters will translate an interface from a framework or class into a compatible interface. IAP utilizes adapters to communicate via API with southbound systems in a network. |
| Admin Essentials | An all-in-one interface used to view and modify all admin level properties across the Itential platform. |
| API Chaining | API chaining allows a series of API calls to be passed/processed using one request/response. Refer to the Cisco API Design Guide for more information. |
| Artifact | An artifact is a pre-built automation that uses other IAP components to execute a certain network use case. |
| Automation | Formerly known as workflow. An automation is a collection of tasks in a logical order beginning and ending with terminator tasks (start/end). |
| Automation Catalog | Application in IAP used to implement network configuration changes through specific pre-built tasks that can be manually started or scheduled as a recurring automation. |
| Automation Gateway | Application in IAP that provides a consolidated interface for centralizing and managing Custom scripts, Ansible modules, and Terraform plans for network automation. |
| Automation Studio | An all-in-one interface to view and modify automations, forms, and various templates. |
| Base URL | The consistent part of a website address. The common prefix found while navigating inside an application on a live server, e.g. https://example.com |
| Beta Release | An early release version of IAP that contains most of the major features that will be available in the next major update; beta release is often used for testing and feedback. |
| Blueprint | A downloadable software file in IAP that provides Itential with all of the adapter and application version numbers running on an installation of IAP to aid in troubleshooting. The IAP blueprint is accessible from the System > Settings menu. |
| Breaking Change | A change in one part of IAP that can potentially cause other parts to fail or not work as expected. All breaking changes that impact released versions of IAP are posted to the Product Notices section of the documentation site. |
| Cisco NSO | Cisco Network Services Orchestrator (NSO) is an orchestration platform for hybrid networks that provides lifecycle service automation. Refer to the official Cisco NSO site for more information. |
| CLI | Acronym for command-line interface. An interface that allows the user to interact with the software by entering commands and arguments. |
| Closed-Loop Automation | Closed-loop automation monitors and assesses network occurrences such as faults and high traffic demands, and acts accordingly to correct any issues. IAP supports message listener tools such as Kafka to capture changes in the network and then automates jobs through a scheduler for optimal service configuration and orchestration. |
| Collection View | A collection is a layout view in IAP that presents items onscreen using various UI/UX controllers and components. This design element is used to manage various automation menus and other display options throughout the IAP interface. |
| Command Templates (MOP) | IAP allows customers to build and execute automations that include tracking the steps needed for successful and failed transitions, rollback steps, the ability to run network health checks by collecting and evaluating operational data from the network by using Command and Analytics templates that evalute device command responses against a set of rules. |
| Component | A component is a building block of an artifact (pre-built automation). Each component helps serve as a tool in a network automation use case. |
| Configuration Manager | Configuration Manager is used for defining standard configs, pushing configs to network devices, backing up live configs from network devices, and provides the ability to compare configs across live network devices, back-ups, and other devices for reportin gand compliance purposes. |
| Customer Identity Access Management (CIAM) | Enables organizations to securely capture and manage customer identity and profile data, as well as control customer access to applications and services across websites and web portals. |
| Delay | A period of time by which an automation is postponed; also the total sum of time waiting for an automation run to start and complete execution. |
| Dependency | A dependency is an application or adapter that is required by the artifact (pre-built automation) to be in the current IAP environment for the pre-built to function properly. |
| Deprecation | Applications, components, functions and services of IAP that will be removed or replaced by newer ones are posted to the Deprecations section of the documentation site. |
E-K
| Term | Definition |
|---|---|
| Encode | To modify information into the required transmission format. |
| Encryption | Application of a specific protocol that alters the appearance of data and makes it incomprehensible to unauthorized users. |
| Event | An active occurrence in the Itential Automation Platform |
| Federation | The ability to aggregate data from disparate sources in a virtual database so it can be used for business intelligence (BI), network automation, or other service analytics. IAP aggregates data from disparate southbound and east/west systems to provide a unified abstracted view of data and models regardless of where it resides or the language (YANG, TOSCA, etc). |
| Fedora Linux | Required for IAP installation, a distributed OS to run applications on bare metal or the cloud with a Linux server. |
| Form Builder | An Itential application that allows users to create, edit and manage JSON forms for import and export. |
| Gateway | Device or software that performs an application-layer conversion of information from one protocol stack to another. |
| Itential Open Source Repository | A source-code repository that is accessible publicly via GitLab. Contains a library of applications, pre-built automations, adapters, and developer resources to promote innovative use of IAP. |
| Interoperability | The capability of devices made by different vendors to communicate with each other successfully over a network. |
| IPSec | Acronym for IP Security. A framework of open standards that provides data confidentiality, data integrity, and data authentication to protect data flows between a pair of hosts, between a pair of security gateways, or between a security gateway and a host. |
| Jobs | Jobs in IAP are instances of a workflow that are executing a defined activity. |
| JSON Forms | A framework that utilizes JSON and JSON schema to custom build form-based web UIs that are usually embedded within an application and targeted at entering, modifying, and viewing data. See JSON Forms for more information. |
| JST | Acronym for JSON Transformation. JSON Transformations are used to convert between a JSON document and other data formats (e.g., HTML or XML) or a different JSON structure; typically used to interchange web-based data with information pulled from internal databases or applications. |
| JWT | Acronym for JSON Web Token; a standard used to create access tokens for an application. A JWT is cryptographically signed and provides a self-contained way for securely transmitting information between parties as a JSON object. |
L-O
| Term | Definition |
|---|---|
| Low-Code | A low-code platform provides an environment to create applications through graphical user interfaces (GUI) and configuration instead of traditional programming. IAP provides a low-code environment so users can create workflows, forms, templates, and utilize other automation components visually using an intuitive, drag and drop GUI and pre-built network intelligent components, instead of traditional scripting/programming. |
| Metrics | Metrics are measurements of job execution statistics for automations and tasks. |
| MongoDB | A NoSQL document-oriented database; the documents are JSON-based and the database is the physical container, or Mongo, on the server. See the official MongoDB site for more information. |
| NED | The NED Validator Application is an Itential solution created to validate Network Element Descriptors (NED). This application allows users validate device or service configurations prior to publishing them. |
| NSO | Acronym for Network Services Orchestrator (NSO) |
P-S
| Term | Definition |
|---|---|
| Policy | A policy is a list of Rules or Rule Groups which a packet must traverse for the firewall to take an action on the packet. A policy shows the complete list of rules from the first comparison to the last comparison in a packet traversal, meaning it is a single point of reference for determining an action for the packet. A policy must be applied to one or more targets for it to take effect in the firewall. The policy also has an implicit rule added at the end of the list, which matches all packets. The user is able to specify the action of this implicit rule. |
| Pipenv | Required for IAP installation, this is a packaging tool for Python. See the Pipenv for more information. |
| Python | Required for IAP installation, Python is a high-level programming language that is interpreted at runtime instead of being compiled to native code at compile time. For more information, see the Python site. |
| Queue | Represents a set of actions or events that are arranged in sequential order and waiting to be handled. IAP tasks live in queues where operators with the appropriate permissions can locate available, claimed, scheduled, and completed tasks. |
| Recognized Device | A recognized device (referred to as 'device' in the Firewall UI) is a firewall device from Device Management that is paired with firewall application-specific metadata. To manage recognized devices as firewalls, the user should only recognize devices from their Device Management Application. Removing a device from the recognized state is represented by a Forgot button on the UI. |
| Recognized State | Recognizing a device is the process of taking an existing device from a southbound system (generated from Device Manager) and applying additional Firewall Manager metadata to it so the user can manage it as a Firewall. For example: "I want to recognize this device is a firewall" or "This device is a recognized firewall". The opposite of a recognized device state is Forget. |
| Redis | An open source, in-memory data structure store, used as a database, cache and message broker. It supports data structures such as strings, lists, maps, sets, bitmaps, streams, and spatial indexes. See the official Redis site for more information. |
| Redundancy Check | Refers to the process of checking a Firewall policy against a new rule to determine if the new rule would logically alter the policy if it were added. This process prevents unnecessary rules from being added to a policy. A redundancy check is especially valuable because it can be very time consuming to perform the same check manually, and failing to do so will cause performance losses during packet traversal. |
| Release Version | IAP follows Semantic Versioning; the software is identified by an assigned version number that is incremented when Itential makes changes, adds functionality or makes backwards compatible bugs fixes. |
| Request Body | Part of the HTTP request where information required by a server is sent. For IAP, the file type for the request body is JSON. |
| Request Method | An HTTP request method is an action that is performed between a client/application and a server. For IAP, a request method is required for JSON forms. |
| Rule | A rule consists of references to services, networks, and a schedule. The rule must specify an action to take if a packet should match it in policy traversal. The action must be either Allow, Deny, or Drop. A rule can reference many services, many networks for source, many networks for destination, and optionally one schedule. It also has these flags: - any service - any source network - any destination network - any IPv6 source network - any IPv6 destination network A rule will always belongs to either one rule group or one policy. |
| Rule Group | A rule group is a list of rules with sequences. A rule group can be applied to many policies in the same way a rule would be applied. A rule group is assigned a sequence within the policies to which it is applied in the same way a rule would have a sequence for that policy. The sequence of rules within the rule group is a secondary sort in the policy. In other words, as a packet traverses a policy looking for a match, it will traverse all the rules belonging to a rule group when it arrives at the rule group. |
| Run | The process of using IAP to execute an automation as specified by variables and workflow tasks. |
| Schedule | A schedule may be applied to rules. A rule will not match any packets and is disabled if it is traversed when the time of traversal falls outside the range of its applied schedule. Schedules can have a: - Start Date/Time - End Date/Time - Weekly Schedule (includes days of week and a daily start/end time). |
| Scheduler | The jobs scheduler is the process within IAP that scans for automated tasks to be invoked. |
| SDET | Acronym for Software Development Environment Throughput, a benchmark for measuring the throughput of a multi-user software system. Also used to identify a Software Development Engineer in Testing, an IT job role that works in both development and testing roles. |
| Service | A service is a single IP protocol along with additional data specific to a given protocol. If the protocol is ICMP, a type and/or a code may be specified (both can be Any). If a protocol is UDP or TCP, a source port and/or a destination port may be specified. To simplify service management, a service can also be a group of other services. Service groups cannot reference other groups. Reference: RFC 1700 |
| Sync | Syncing, also known as pushing, refers to the process of updating device configuration to reflect its state represented in Firewall Manager. |
T-Z
| Term | Definition |
|---|---|
| Tags | An application UI in IAP that provides the ability to label (tag) automations, forms and templates and make them search enabled. Users can search for a tag name from anywhere in IAP and directly navigate to the found object. |
| Task | A task is a functional block within an automation and can be either automated or manual. Automated tasks are shown as green boxes, return one value, can be scheduled, and make a call to the Business Logic layer (see IAP Platform Architecture in the Administrator Guide for more information). Manual tasks are shown as blue boxes, can return multiple values, and are assigned to groups to restrict who is authorized to work them. |
| Terraform | Functionality integrated within Itential Automation Gateway that allows users to define and provision data infrastructures using a HashiCorp Configuration Language (HCL) or JSON. See the official Terraform site for more information. |
| Tile | Itential uses application tiles to customize how the interface looks, and as shortcuts to launch and organize applications throughout IAP. |
| Transitions | A transition connects one task to another. Transitions can be defined by error (red), success (green), or failure (red) routes and can follow a standard (solid line) route or a revert (dashed line) route. Reverts should be used when transitioning backwards in the automation. |
| Variables | In general, a variable is a name associated with a value, which can be key-value pairs used in running an automation. In IAP, variables almost always refer to input and output values. |
| Yang | Acronym for "Yet Another Next Generation". A data modeling language for defining data sent over network management protocols such as NETCONF and RESTCONF. The language is protocol independent and can be converted into any encoding format (e.g. XML or JSON) that the network configuration protocol supports. |