RADIUS attribute: An abstract identifier for a value or set of values that describe elements of a RADIUS protocol exchange. RADIUS attributes describe the details of an endpoint's connection request and provides configuration data for a network access server (NAS) to provide service to the endpoint.
RADIUS client: A client that is responsible for passing user information to designated RADIUS servers, and then acting on the response that is returned.
RADIUS server: A server responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers.
RAID-0: A RAID volume that stripes its data across multiple RAID columns. Also called a striped volume.
RAID-1: See mirrored volume.
RAID-5: A fault-tolerant volume that maintains the volume's data across multiple RAID columns. Fault tolerance is provided by writing parity data for each stripe. In the event that one disk encounters a fault, that disk's data may be reconstructed using the parity data located on the other disks.
RAID column: A RAID construct for organizing disks and volumes.
RC4: A variable key-length symmetric encryption algorithm. For more information, see [SCHNEIER] section 17.1.
RDN: See relative distinguished name (RDN).
RDN attribute: The attribute used in a relative distinguished name (RDN). In the RDN "cn=Peter Houston" the RDN attribute is cn. In the Active Directory directory service, the RDN attribute of an object is determined by the most specific structural object class of the object.
read-only: An attribute of storage media that denotes the media is not available to be written.
read-only domain controller (RODC): A domain controller (DC) that does not accept originating updates.
read-only replicated folders: A folder where local changes are not replicated out and reverted by replicating back previous content.
receive window: The amount of memory that a recipient of network traffic has committed to queuing protocol data units (PDUs) that it cannot process immediately.
recovery: The process of reestablishing connectivity and synchronizing views on the outcome of transactions between two participants after a transient failure. Recovery occurs either between a resource manager and a transaction manager, or between a Superior Transaction Manager Facet and a Subordinate Transaction Manager Facet.
redeploy action: An action that an administrator may take for an application deployed through the software installation extension protocol that will cause all clients that receive the application through the protocol to perform an installation of the application on the client if the application is already installed. This is used by administrators as a mechanism to update the application.
redundant arrays of independent disks (RAID): A set of disk-organization techniques designed to achieve high-performance storage access and availability.
reference count: An integer value used to keep track of a Component Object Model (COM) object. When an object is created, its reference count is set to 1. Every time an interface is bound to the object, its reference count is incremented; when the interface connection is destroyed, the reference count is decremented. The object is destroyed when the reference count reaches zero. All interfaces to that object are then invalid.
RefreshTime: The last time that information for an entry in the VolumeTable or FileTable has been refreshed by its VolumeOwner.
region: See disk extent.
region flags: A set of values that describes the region's state or use.
region's status: The status of the region, such as whether the region is performing properly, or encountering disk faults.
registration: See certification.
registration authority (RA): (1) A generic term for a software module, hardware component or human operator thereof that enables a user or public key infrastructure (PKI) administrator to perform various administration and operational functions as part of the certification or revocation process.
registry: A local system-defined database in which applications and system components store and retrieve configuration data. It is a hierarchical data store with lightly typed elements that are logically stored in tree format. Applications use the registry API to retrieve, modify, or delete registry data.
The data stored in the registry varies according to the version of Windows.
registry files: The physical representation of a logical tree in the registry.
registry policy file: A file associated with a Group Policy object (GPO) that contains a set of registry-based policy settings.
REGSAM: A bit field that specifies the user rights for a key object.
relative distinguished name (RDN): (1) An attribute-value pair used in the distinguished name of an object. For more information, see [RFC2251].
(2) In the Active Directory (AD) directory service, the unique name of a child element relative to its parent in Active Directory. The RDN of a child element combined with the fully qualified domain name (FQDN) of the parent forms the FQDN of the child.
relative identifier: The last item in the series of sub-authority values in a SID (as specified in [SIDS]). It distinguishes one account or group from all other accounts and groups in the domain. No two accounts or groups in any domain share the same relative identifier.
release: The process of calling the third IUnknown method (IUnknown::Release()) on an object.
reliable time source: A time source that can provide accurate time. It is usually the primary reference with stratum 1 as specified in [RFC1305]; for example, a radio clock.
relying party (RP): The entity (person or computer) using information from a certificate in order to make a security decision. Typically, the RP is responsible for guarding some resource and applying access control policies based on information learned from a certificate.
remediation server: A remediation server is a server responsible for bringing a noncompliant computer back into a compliant state.
remote application: An application running on a remote server.
Remote Authentication Dial-In User Service (RADIUS): A protocol for carrying authentication, authorization, and configuration information between a network access server (NAS) that prefers to authenticate connection requests from endpoints and a shared server that performs authentication, authorization and accounting.
Remote Access Service (RAS) server: A type of network access server (NAS) that provides modem dial-up or virtual private network (VPN) access to a network.
Remote Administration Protocol (RAP): A synchronous, request/response protocol, used prior to the development of the remote procedure call (RPC) protocol, for marshaling and unmarshaling procedure call input and output arguments into messages and for reliably transporting messages to and from clients and servers.
remote change order: A change order received from an inbound (or upstream) partner that originated elsewhere in the replica set.
remote differential compression (RDC): Any of a class of compression algorithms designed to compare two files residing on different machines without requiring one of the files to be transmitted in its entirety to the other machine.
remote differential compression (RDC) FilterMax algorithm: The algorithm that RDC uses to determine the deleted points in a File. The FilterMax algorithm has the property that it will often find deleted points that result in identical chunks being found in differing files, even when the files differ by insertions and deletions of bytes, not simply by length-preserving byte modifications.
remote procedure call (RPC): A context-dependent term commonly overloaded with three meanings. Note that much of the industry literature concerning RPC technologies uses this term interchangeably for any of the three meanings. Following are the three definitions:
- The runtime environment providing remote procedure call facilities. The preferred usage for this meaning is "RPC runtime."
- The pattern of request and response message exchange between two parties (typically, a client and a server). The preferred usage for this meaning is "RPC exchange."
- A single message from an exchange as defined in the previous definition. The preferred usage for this term is "RPC message."
For more information see [C706].
remote procedure call (RPC) name service: A service that allows servers to export binding information, and clients to find it, in an efficient manner. For more information, see [C706], section "Name Service Interface".
remote server name: A null-terminated Unicode string, supplied by an application, which in conjunction with an RPC protocol sequence is used to initiate communication with an object server.
remote unknown: An object exporter's remotely accessible implementation of the IUnknown interface. Each object exporter has exactly one such remotely accessible IUnknown implementation, which is responsible for handling all IUnknown invocations from clients.
removable media: Any type of storage that is not permanently attached to the computer. A persistent storage device stores its data on media. If the media can be removed from the device, the media is considered removable. For example, a floppy disk drive uses removable media.
reparse point: A collection of user-defined data associated with a file or directory. The format of this data is understood by the application or the file system that stores the data, and the file system filter that interprets the data and processes the file. Reparse points can contain data that instructs the file system or the operating system to take special actions. For more information, see [MS-FSCC].
replacement channel: An IN channel or OUT channel other than the first in the sequence of IN channels or OUT channels that constitute a virtual IN channel or virtual OUT channel.
replica: (1) A variable containing a set of objects.
(2) A File Replication Service (FRS) Replica: A member of a replica set. Replica contains machine-specific information.
(3) A naming context (NC) Replica: A replica of NC x is a tree of objects whose root object r satisfies dsname) = x.
replica set: (1) The representation of the replication group on a single computer. It is the slice of the replication group that affects the server that it exists on. For instance it contains only the connections where this computer is either the client or server.
(2) In File Replication Service (FRS), the replication of files and directories according to a predefined topology and schedule on a specific folder. The topology and schedule are collectively called a replica set. A replica set contains a set of replicas, one for each machine that participates in replication.
replica tree: The local replica root folder together with all files and directories underneath it, which usually is saved as a tree structure in the file system.
ReplicaSetId: The GUID that is assigned to a specific replication group.
replicated attribute: An attribute whose values are replicated to other naming context (NC) replicas. An attribute is replicated if its attributeSchema object o does not have a value for the systemFlags attribute or bit 0 of the value is clear.
replicated folder: Root of a replicated tree. All files and sub-folders (recursively) are replicated.
replicated update: An update performed to an naming context (NC) replica by the replication system, to propagate the effect of an originating write at another NC replica. The stamp assigned during the originating write to attribute values or a link value during is preserved by replication.
replication group: A container for set of replicated folders sharing the same connections to replication partners.
replication session: The state maintained when replicating files in the context of a replicated folder and connection.
replication traffic: Network traffic performed to accomplish replication.
RequestMachine: The MachineID of the computer that is the client of the Distributed Link Tracking (DLT) Central Manager RPC protocol.
Request to Send (RTS) cookie: A 16-byte cryptographically strong random number exchanged between parties in a remote procedure call (RPC) over HTTP protocol sequence. An RTS cookie has the same uniqueness requirements as a UUID, and implementations can use a UUID as the RTS cookie. An RTS cookie is used to reference virtual connections, IN channels, OUT channels, and other protocol entities.
Request to Send (RTS) Protocol Data Unit (PDU): A PDU used to control communication settings on an IN channel or OUT channel, virtual IN channel or virtual OUT channel, or virtual connection.
requestor: The computer that sends the request messages that are defined by this protocol.
reshaping: An act of buffering data until it can be sent in conformance to a TSpec, as specified in [RFC2212].
reshaping value: A value used for both the peak rate and the bucket rate in a TSpec to be used in reshaping.
resource: Any component that a computer can access where data can be read, written, or processed. This resource could be an internal component such as a disk drive or another computer on a network that is used to access a file.
resource group: A security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. Resource groups can be granted rights and permissions on resources that reside only in the same domain where the domain local group is located.
resource manager (RM): The participant that is responsible for coordinating the state of a resource with the outcome of atomic transactions. For a specified transaction, a resource manager enlists with exactly one transaction manager to vote on that transaction outcome and to obtain the final outcome. A resource manager is either durable or volatile, depending on its resource.
responder: (1) The computer that responds to request messages.
(2) The party that responds to the first message of an AuthIP exchange.
(3) The party that responds to the first message of an IKE exchange.
response key: A key essentially derived from a one way hash of the password. It maybe calculated slightly differently based on what NT Lan Manager (NTLM) version is being used. It is then used to derive the key exchange key.
retry change order: A change order that is in some state of completion but was blocked for some reason and must be retried later.
revocation: The process of invalidating a certificate. For more details, see section 3.3 of [RFC3280].
RID allocation pool: The set of reference IDs (RIDs) that a naming context (NC) replica can assign to new objects with the objectSid attribute without obtaining more RIDs from the RID available pool.
RID available pool: The set of reference IDs (RIDs) for a naming context (NC) that have not been assigned to the RID available pool of some replica of the NC. The RID available pool is represented by the values of attributes within the NC's RID Master flexible single master operation (FSMO) role.
role change: The act of changing the role of a computer. The act of configuring a server to be a domain controller (DC) is called "promotion." The act of configuring a DC to be a non-DC server is called "demotion."
role: The domain role quantifies the relationship between a computer and a domain. Domain roles include the following:
Joined: Linked to a domain for purposes of policy and security.
Standalone: Not associated with any domain.
Domain controller: Linked to a domain, and hosting that domain
role separation: The concept of using a certificate authority (CA) to enhance security by allowing a user to be assigned a single role such as auditor, backup manager, administrator or certificate manager. Role separation ensures that a user may not posses multiple roles at one time. Role separation is a common criteria requirement for the Certificate Issuing and Management Components (CIMC) protection profile. For more information, see [CIMC-PP]. Not all CAs support role separation.
rolling hash function: A hash function that can be computed incrementally over a set of data. Given an arbitrary integer n ≥ 0, some bytes b0 .. bn-1 and their hash h(b0..bn-1), a hash function h is a rolling hash function if one can compute h(b1 .. bn) in time that does not depend on n.
root CA: (1) A type of certificate authority (CA) that is directly trusted by an end entity; that is, securely acquiring the value of a root CA public key requires some out-of-band steps. This term is not meant to imply that a root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly (as specified in [RFC2510]). A root CA is implemented in software and in Windows, is the topmost CA in a CA hierarchy, and is the trust point for all certificates that are issued by the CAs in the CA hierarchy. If a user, computer, or service trusts a root CA, it implicitly trusts all certificates that are issued by all other CAs in the CA hierarchy. For more information, see [RFC3280].
(2) Any certificate authority (CA) directly trusted by a relying party.
root domain: (1) The domain that is created first in a forest.
(2) In the Active Directory domain service, the unique domain naming context (NC) of an Active Directory forest that is the parent of the forest's Config NC. The Config NC's relative distinguished name (RDN) is "cn=Configuration" relative to this parent.
root Digital Signature Algorithm-Specific Entry (rootDSE): The logical root of a directory server, whose distinguished name (DN) is the empty string. In the Lightweight Directory Access Protocol (LDAP), the root DSE is a nameless entry (a DN with an empty string) containing the configuration status of the server. Access to this entry is typically available to unauthenticated clients. The root DSE contains attributes that represent the features, capabilities and extensions provided by the particular server.
root error: The last error in an error sequence.
rootDSE: See rootDSE.
round-trip time (RTT): The time that it takes a packet to be sent to a remote partner and for that partner's acknowledgment to arrive at the original sender. This is a measurement of latency between partners.
RPC client: A computer on the network that sends messages using remote procedure call (RPC) as its transport, waits for responses, and is the initiator in an RPC exchange.
RPC context handle: A representation of state maintained between a remote procedure call (RPC) client and server. The state is maintained on the server on behalf of the client. An RPC context handle is created by the server and given to the client. The client passes the RPC context handle back to the server in method calls to assist in identifying the state. For more information, see [C706].
RPC dynamic endpoint: A network-specific server address that is requested and assigned at run time. For more information, see [C706].
RPC endpoint: A network-specific address of a server process for remote procedure calls (RPCs). The actual name of the RPC Endpoint depends on the RPC Protocol Sequence being used. For example, for the NCACN_IP_TCP RPC Protocol Sequence an RPC Endpoint might be TCP port 1025. For more information, see [C706].
RPC engine: The runtime environment providing remote procedure call (RPC) facilities.
RPC over HTTP proxy: A mixed proxy, inbound proxy, or outbound proxy.
RPC protocol sequence: A character string that represents a valid combination of a remote procedure call (RPC) protocol, a network layer protocol, and a transport layer protocol. For more information, see [C706] and [MS-RPCE].
RPC server: A computer on the network that waits for messages, processes them when they arrive, and sends responses using RPC as its transport acts as the responder during a remote procedure call (RPC) exchange.
RPC session key: See session key.
RPC transfer syntax: A method for encoding messages defined in an Interface Definition Language (IDL) file. Remote procedure call (RPC) can support different encoding methods or transfer syntaxes. For more information, see [C706].
RPC transport: The underlying network services used by the remote procedure call (RPC) runtime for communications between network nodes. For more information, see section "Introduction to the RPC API" in Part 2 of [C706].
RTT: See round-trip time (RTT).