19 R

RADIUS attribute: An abstract identifier for a value or set of values that describe elements of a RADIUS protocol exchange. RADIUS attributes describe the details of an endpoint's connection request and provides configuration data for a network access server (NAS) to provide service to the endpoint.

RADIUS client: A client that is responsible for passing user information to designated RADIUS servers, and then acting on the response that is returned.

RADIUS server: A server that is responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers.

RAID-0: A RAID volume that stripes its data across multiple RAID columns. Also called a striped volume.

RAID-1: See mirrored volume.

RAID-5: A fault-tolerant volume that maintains the volume's data across multiple RAID columns. Fault tolerance is provided by writing parity data for each stripe. In the event that one disk encounters a fault, that disk's data may be reconstructed using the parity data located on the other disks.

RAID column: A RAID construct for organizing disks and volumes.

raw read (on a named pipe): The act of reading data from a named pipe that ignores message boundaries even if the pipe was set up as a message mode pipe.

raw write (on a named pipe): The act of writing data into a named pipe where the data must contain the message boundaries if the pipe is a message mode pipe. The operation can allow a single write to insert multiple messages.

RC4: A variable key-length symmetric encryption algorithm. For more information, see [SCHNEIER] section 17.1.

RDN: See relative distinguished name (RDN).

RDN attribute: The attribute used in a relative distinguished name (RDN). In the RDN "cn=Peter Houston" the RDN attribute is cn. In the Active Directory directory service, the RDN attribute of an object is determined by the 88 object class or the most specific structural object class of the object.

read-only: An attribute of storage media that denotes that the media is not available to be written.

read-only domain controller (RODC): A domain controller (DC) that does not accept originating updates.

read-only replicated folders: A folder where local changes are not replicated out and reverted by replicating back previous content.

realm: (1) An administrative boundary that uses one set of authentication servers to manage and deploy a single set of unique identifiers. A realm is a unique logon space.

(2) A collection of key distribution centers (KDCs) with a common set of principals, as specified in [RFC4120] 1.2.

receive window: The amount of memory that a recipient of network traffic has committed to queuing protocol data units (PDUs) that it cannot process immediately.

recovery: The process of reestablishing connectivity and synchronizing views on the outcome of transactions between two participants after a transient failure. Recovery occurs either between a resource manager and a transaction manager, or between a Superior Transaction Manager Facet and a Subordinate Transaction Manager Facet.

redeploy action: An action that an administrator may take for an application deployed through the software installation extension protocol that will cause all clients that receive the application through the protocol to perform an installation of the application on the client if the application is already installed. This is used by administrators as a mechanism to update the application.

redundant arrays of independent disks (RAID): A set of disk-organization techniques that is designed to achieve high-performance storage access and availability.

reference count: An integer value that is used to keep track of a Component Object Model (COM) object. When an object is created, its reference count is set to 1. Every time an interface is bound to the object, its reference count is incremented; when the interface connection is destroyed, the reference count is decremented. The object is destroyed when the reference count reaches zero. All interfaces to that object are then invalid.

RefreshTime: The last time that information for an entry in the VolumeTable or FileTable has been refreshed by its VolumeOwner.

region: See disk extent.

region flags: A set of values that describes the region's state or use.

region's status: The status of the region, such as whether the region is performing properly or encountering disk faults.

registration: See certification.

registration authority (RA): (1) A generic term for a software module, hardware component, or human operator thereof that enables a user or public key infrastructure (PKI) administrator to perform various administration and operational functions as part of the certification or revocation process.

(2) The authority in a PKI that verifies user requests for a digital certificate and indicates to the certificate authority (CA) that it is acceptable to issue a certificate.

registry: A local system-defined database in which applications and system components store and retrieve configuration data. It is a hierarchical data store with lightly typed elements that are logically stored in tree format. Applications use the registry API to retrieve, modify, or delete registry data.

The data stored in the registry varies according to the version of Windows.

registry files: The physical representation of a logical tree in the registry.

registry policy file: A file associated with a Group Policy Object (GPO) that contains a set of registry-based policy settings.

REGSAM: A bit field that specifies the user rights for a key object.

relative distinguished name (RDN): (1) An attribute-value pair used in the distinguished name of an object. For more information, see [RFC2251].

(2) In the Active Directory directory service, the unique name of a child element relative to its parent in Active Directory. The RDN of a child element combined with the fully qualified distinguished name (FQDN) of the parent forms the FQDN of the child.

relative identifier (RID): The last item in the series of subauthority values in a SID (as specified in [SIDS]). It distinguishes one account or group from all other accounts and groups in the domain. No two accounts or groups in any domain share the same relative identifier.

release: The process of calling the third IUnknown method (IUnknown::Release()) on an object.

reliable time source: A time source that can provide accurate time. It is usually the primary reference with stratum 1 as specified in [RFC1305]; for example, a radio clock.

relying party (RP): The entity (person or computer) using information from a certificate in order to make a security decision. Typically, the RP is responsible for guarding some resource and applying access control policies based on information learned from a certificate.

remediation server: A server that is responsible for bringing a noncompliant computer back into a compliant state.

remote application: An application running on a remote server.

Remote Authentication Dial-In User Service (RADIUS): A protocol for carrying authentication, authorization, and configuration information between a network access server (NAS) that prefers to authenticate connection requests from endpoints and a shared server that performs authentication, authorization, and accounting.

Remote Access Service (RAS) server: A type of network access server (NAS) that provides modem dial-up or virtual private network (VPN) access to a network.

Remote Administration Protocol (RAP): A synchronous request/response protocol, used prior to the development of the remote procedure call (RPC) protocol, for marshaling and unmarshaling procedure call input and output arguments into messages and for reliably transporting messages to and from clients and servers.

remote change order: A change order that is received from an inbound (or upstream) partner that originated elsewhere in the replica set.

Remote Desktop Protocol (RDP): The protocol used to implement remote connections (Terminal Services) on Windows operating systems. For more information, see [MSDN-RDP].

remote differential compression (RDC): Any of a class of compression algorithms that are designed to compare two files residing on different machines without requiring one of the files to be transmitted in its entirety to the other machine. For more information, see [MS-RDC].

remote differential compression (RDC) FilterMax algorithm: The algorithm that RDC uses to determine the cut points in a file. The FilterMax algorithm has the property that it will often find cut points that result in identical chunks being found in differing files, even when the files differ by insertions and deletions of bytes, not simply by length-preserving byte modifications. For more information, see [MS-RDC] section

remote procedure call (RPC): A context-dependent term commonly overloaded with three meanings. Note that much of the industry literature concerning RPC technologies uses this term interchangeably for any of the three meanings. Following are the three definitions:

  • The runtime environment providing remote procedure call facilities. The preferred usage for this meaning is "RPC runtime".

  • The pattern of request and response message exchange between two parties (typically, a client and a server). The preferred usage for this meaning is "RPC exchange".

  • A single message from an exchange as defined in the previous definition. The preferred usage for this term is "RPC message".

For more information, see [C706].

remote procedure call (RPC) name service: A service that allows servers to export binding information, and clients to find it, in an efficient manner. For more information, see [C706-Ch2Intro], "Name Service Interface".

remote server name: A null-terminated Unicode string, supplied by an application, which in conjunction with an RPC protocol sequence is used to initiate communication with an object server.

remote unknown: An object exporter's remotely accessible implementation of the IUnknown interface. Each object exporter has exactly one such remotely accessible IUnknown implementation, which is responsible for handling all IUnknown invocations from clients.

removable media: Any type of storage that is not permanently attached to the computer. A persistent storage device stores its data on media. If the media can be removed from the device, the media is considered removable. For example, a floppy disk drive uses removable media.

reparse point: A collection of user-defined data associated with a file or directory. The format of this data is understood by the application or the file system that stores the data, and the file system filter that interprets the data and processes the file. Reparse points can contain data that instructs the file system or the operating system to take special actions. For more information, see [MS-FSCC].

replica: (1) A variable containing a set of objects.

(2) A particular repository of file and directory information to be synchronized, and the metadata store that represents that repository.

replica member (File Replication Service (FRS) replica): A member of a replica set. The replica contains machine-specific information.

replica set: (1) The representation of the replication group on a single computer. It is the slice of the replication group that affects the server that it exists on. For instance, it contains only the connections for which this computer is either the client or server.

(2) In File Replication Service (FRS), the replication of files and directories according to a predefined topology and schedule on a specific folder. The topology and schedule are collectively called a replica set. A replica set contains a set of replicas, one for each machine that participates in replication.

replica tree: The local replica root folder together with all files and directories underneath it, which usually is saved as a tree structure in the file system.

ReplicaSetId: The GUID that is assigned to a specific replication group.

replicated attribute: An attribute whose values are replicated to other naming context (NC) replicas. An attribute is replicated if its attributeSchema object o does not have a value for the systemFlags attribute or if bit 0 of the value is clear.

replicated folder: The root of a replicated tree. All files and subfolders (recursively) are replicated.

replicated update: An update performed to a naming context (NC) replica by the replication system, to propagate the effect of an originating update at another NC replica. The stamp assigned during the originating update to attribute values or a link value is preserved by replication.

replication: The process of propagating the effects of all originating writes to any replica of a naming context (NC), to all replicas of the NC. If originating writes cease and replication continues, all replicas converge to a common application-visible state.

replication epoch: A state variable of a domain controller (DC) that changes when a DC is no longer compatible for replication with its former partners. A server receiving a replication request tests the client's replication epoch against its own and refuses the request if the two are not equal.

replication group: A container for a set of replicated folders sharing the same connections to replication partners.

replication latency: The time lag between a final originating update to a naming context (NC) replica and all NC replicas reaching a common application-visible state.

replication session: The state that is maintained when replicating files in the context of a replicated folder and connection.

replication traffic: Network traffic that is performed to accomplish replication.

replication transport: The transport (wire protocol) used by Active Directorydomain controllers to perform replication. Active Directory supports remote procedure call (RPC) and Simple Mail Transfer Protocol (SMTP) transports.

report definition: The blueprint for a report before the report is processed or rendered. A report definition contains information about the query and layout for the report.

RequestMachine: The MachineID of the computer that is the client of the Distributed Link Tracking (DLT) Central Manager RPC protocol.

requestor: The computer that sends the request messages that are defined by this protocol.

reshaping: An act of buffering data until it can be sent in conformance to a TSpec, as specified in [RFC2212].

reshaping value: A value that is used for both the peak rate and the bucket rate in a TSpec to be used in reshaping.

resource: Any component that a computer can access where data can be read, written, or processed. This resource could be an internal component such as a disk drive, or another computer on a network that is used to access a file.

resource group: A security or distribution group that can contain universal groups, global groups, other domain local groups from its own domain, and accounts from any domain in the forest. Resource groups can be granted rights and permissions on resources that reside only in the same domain where the domain local group is located.

resource manager (RM): The participant that is responsible for coordinating the state of a resource with the outcome of atomic transactions. For a specified transaction, a resource manager enlists with exactly one transaction manager to vote on that transaction outcome and to obtain the final outcome. A resource manager is either durable or volatile, depending on its resource.

responder: (1) The computer that responds to request messages.

(2) The party that responds to the first message of an AuthIP exchange.

(3) The party that responds to the first message of an IKE exchange.

response key: A key essentially derived from a one-way hash of the password. It can be calculated slightly differently based on which NTLM version is being used. It is then used to derive the key exchange key.

retry change order: A change order that is in some state of completion but was blocked for some reason and must be retried later.

revocation: The process of invalidating a certificate. For more details, see [RFC3280] section 3.3.

Rivest-Shamir-Adleman (RSA): A system for public key cryptography. RSA is specified in [RFC2437].

role change: The act of changing the role of a computer. The act of configuring a server to be a domain controller (DC) is called "promotion". The act of configuring a DC to be a non-DC server is called "demotion".

role: The domain role quantifies the relationship between a computer and a domain. Domain roles include the following:

Joined: Linked to a domain for purposes of policy and security.

Standalone: Not associated with any domain.

Domain controller: Linked to a domain, and hosting that domain

role separation: The concept of using a certificate authority (CA) to enhance security by allowing a user to be assigned a single role such as auditor, backup manager, administrator, or certificate manager. Role separation ensures that a user may not possess multiple roles at one time. Role separation is a common criteria requirement for the Certificate Issuing and Management Components (CIMC) protection profile. For more information, see [CIMC-PP]. Not all CAs support role separation.

rolling hash function: A hash function that can be computed incrementally over a set of data. Given an arbitrary integer n ≥ 0, some bytes b0 .. bn-1 and their hash h(b0 .. bn-1), a hash function h is a rolling hash function if one can compute h(b1 .. bn) in time that does not depend on n.

root CA: (1) A type of certificate authority (CA) that is directly trusted by an end entity; that is, securely acquiring the value of a root CA public key requires some out-of-band steps. This term is not meant to imply that a root CA is necessarily at the top of any hierarchy, simply that the CA in question is trusted directly (as specified in [RFC2510]). A root CA is implemented in software and in Windows, is the topmost CA in a CA hierarchy, and is the trust point for all certificates that are issued by the CAs in the CA hierarchy. If a user, computer, or service trusts a root CA, it implicitly trusts all certificates that are issued by all other CAs in the CA hierarchy. For more information, see [RFC3280].

(2) Any certificate authority (CA) that is directly trusted by a relying party.

root certificate: A self-signed certificate that identifies the public key of a root certificate authority (CA) and has been trusted to terminate a certificate chain.

root domain: (1) The domain that is created first in a forest.

(2) In Active Directory, the unique domain naming contexts (domain NCs) of an Active Directory forest that is the parent of the forest'sconfig NC. The config NC'srelative distinguished name (RDN) is "cn=Configuration" relative to this parent.

root directory system agent-specific entry (rootDSE): The logical root of a directory server, whose distinguished name (DN) is the empty string. In the Lightweight Directory Access Protocol (LDAP), the rootDSE is a nameless entry (a DN with an empty string) containing the configuration status of the server. Access to this entry is typically available to unauthenticated clients. The rootDSE contains attributes that represent the features, capabilities, and extensions provided by the particular server.

root error: The last error in an error sequence.

rootDSE: See root directory system agent-specific entry (rootDSE).

round-trip time (RTT): The time that it takes a packet to be sent to a remote partner and for that partner's acknowledgment to arrive at the original sender. This is a measurement of latency between partners.

RPC client: A computer on the network that sends messages using remote procedure call (RPC) as its transport, waits for responses, and is the initiator in an RPC exchange.

RPC context handle: A representation of state maintained between a remote procedure call (RPC) client and server. The state is maintained on the server on behalf of the client. An RPC context handle is created by the server and given to the client. The client passes the RPC context handle back to the server in method calls to assist in identifying the state. For more information, see [C706].

RPC dynamic endpoint: A network-specific server address that is requested and assigned at run time. For more information, see [C706].

RPC endpoint: A network-specific address of a server process for remote procedure calls (RPCs). The actual name of the RPC endpoint depends on the RPC protocol sequence being used. For example, for the NCACN_IP_TCP RPC protocol sequence an RPC endpoint might be TCP port 1025. For more information, see [C706].

RPC engine: The runtime environment that is providing remote procedure call (RPC) facilities.

RPC PDU: A protocol data unit (PDU) originating in the remote procedure call (RPC) runtime. For more information on RPC PDUs, see [C706-Ch12RPC_PDU_Encode] and [MS-RPCE] section 2.

RPC protocol sequence: A character string that represents a valid combination of a remote procedure call (RPC) protocol, a network layer protocol, and a transport layer protocol. For more information, see [C706] and [MS-RPCE].

RPC server: A computer on the network that waits for messages, processes them when they arrive, and sends responses using RPC as its transport acts as the responder during a remote procedure call (RPC) exchange.

RPC session key: See session key.

RPC transfer syntax: A method for encoding messages defined in an Interface Definition Language (IDL) file. Remote procedure call (RPC) can support different encoding methods or transfer syntaxes. For more information, see [C706].

RPC transport: The underlying network services used by the remote procedure call (RPC) runtime for communications between network nodes. For more information, see [C706-Ch2Intro].

run-length encoding (RLE): A form of data compression in which repeated values are represented by a count and a single instance of the value.