The following terms are defined in [MS-GLOS]:
Authentication Service (AS)
binary large object (BLOB)
cryptographic service provider (CSP)
globally unique identifier (GUID)
Hypertext Transfer Protocol (HTTP)
Hypertext Transfer Protocol over Secure Sockets Layer (HTTPS)
Interface Definition Language (IDL)
Internet Protocol version 4 (IPv4)
Internet Protocol version 6 (IPv6)
maximum transmission unit (MTU)
Network Data Representation (NDR)
protocol data unit (PDU)
Remote Desktop Protocol (RDP)
remote procedure call (RPC)
Secure Sockets Layer (SSL)
statement of health (SoH)
statement of health response (SoHR)
Transport Layer Security (TLS)
Triple Data Encryption Standard
User Datagram Protocol (UDP)
universally unique identifier (UUID)
The following terms are specific to this document:
administrative message: A message sent by the RDG administrator to all users connected through RDG. Typical messages would include those sent regarding maintenance downtimes. The term administrative message and Service Message is used interchangeably in this document.
chunked transfer: A type of transfer-encoding method introduced in Hypertext Transfer Protocol (HTTP) version 1.1 where each write operation to the connection is precounted, and the final zero-length chunk is written at the end of the response signifying the end of the transaction.
Consent Signing Message: An End User License Agreement (EULA) which the user must accept in order to connect successfully through RDG.
Datagram Transport Layer Security (DTLS): A protocol based on the Transport Layer Security (TLS) Protocol that provides secure communication for UDP applications. For more details about DTLS see [RFC4347].
extended authentication: Methods of authentication used by the RDGHTTP Protocol in addition to the methods provided by the transport layer (see transport authentication). Examples include smart card authentication and pluggable authentication.
handshake request: A message sent by the RDG client to the RDG server requesting information about the server's version and negotiated capabilities. In the request message, the RDG client sends information about its version and negotiated capabilities.
handshake response: A message sent by the RDG server in response to the handshake request received from the RDG client. In the response message, the RDG server sends information about its version and negotiated capabilities.
HTTP 1.1 connection: An HTTP connection created by using HTTP version 1.1.
IN channel: The HTTP connection responsible for transmitting data from the RDG client to the RDG server. (The connection is protected by Secure Sockets Layer (SSL).) The IN channel is created after the OUT channel and has no significance apart from the OUT channel.
main channel: The channel that uses reliable transport, such as HTTP or RPC over HTTP. This channel is used to carry all of the RDP data that is not sent over the side channel.
Network Access Protection (NAP): A technology used to reduce the security risks associated with allowing external clients to connect to the network. It is implemented through quarantines and health checks, as specified in [TNC-IF-TNCCSPBSoH].
OUT channel: The HTTP connection responsible for transmitting data from the RDG server to the RDG client. (The connection is protected by Secure Sockets Layer (SSL).) The OUT channel is created after the IN channel and has no significance apart from the IN channel.
out pipe: See pipe.
pipe: A supported IDL data type for streaming data, as specified in [C706] section 4.2.14. The term out pipe refers to the pipe created between the RDG client and the RDG server for transferring data from the target server to the client via the RDG server. The term out pipe is used because the data flows out from the RDG server to the RDG client.
pluggable authentication: An option for overriding the default RPC authentication schemes by using cookie-based authentication. To use this option, the RDG loads an installed plugin to perform the authentication based on a cookie passed by the client. The cookie is retrieved when the user browses a given site and enters their credentials.
Remote Desktop Gateway Server Protocol (RDGSP Protocol): The protocol defined in this specification [MS-TSGU].
Remote Desktop Gateway HTTP Transport Protocol (RDGHTTP Protocol): Enables an RDG client to communicate with an RDG server using HTTP.
Remote Desktop Gateway UDP Transport Protocol (RDGUDP Protocol): Allows an RDG client to communicate over the Internet to the RDG, which in turn enables the RDG client to connect to remote desktops in a private network. The protocol uses UDP as transport.
Remote Procedure Call over HTTP (RPC over HTTP): The Remote Procedure Call over HTTP Protocol specified in [MS-RPCH].
re-authentication: A process for validating the user authorization of the user credentials after the connection is established. Re-authentication provides the ability to verify the validity of user credentials and user authorization periodically, and disconnect the connection if the user credentials become invalid. In the process of re-authentication, the RDG server expects the client to follow the same sequence of connection setup phase steps, as specified in section 22.214.171.124.1, to enable the credentials of the user to be re-checked, or re-authenticated. If the same sequence of steps is not followed, or an error occurs during the process, the existing connection is disconnected.
Secure channel (Schannel): An authentication method which can be used with RPC authentication by using RPC_C_AUTHN_GSS_SCHANNEL security provider as defined in [MS-RPCE] section 126.96.36.199.7.
service message: See administrative message.
side channel: The channel that uses non-reliable transport, such as UDP, to tunnel audio and video RDP data.
smart card authentication: An authentication method implemented using a smart card.
target server: The resource that the client connects to via RDG server. The target server name is the machine name of such a resource. For more information about the Target server name ADM element, see sections 3.1.1 and 3.5.1.
transport authentication: A method of authentication provided by the transport layer. For example, HTTP transport provides several methods of authentication, including Basic, Digest, NTLM, and Negotiate authentication.
tunnel: Establishes a context in which all further method calls or data transfer can be performed between the RDG client and the RDG server. A tunnel is unique to a given combination of a RDG server and RDG client instance. All operations on the tunnel are stateful.
UDP authentication cookie: An 8-bit (byte) binary large object (BLOB) sent by the RDG server to the RDG client on the main channel. The RDG client uses the same byte BLOB to authenticate to the RDG server on the side channel.
UDPCookieAuthentication: An authentication method that is used by the RDG clients to authenticate to the RDG server by using a UDP authentication cookie.
MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as specified in [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.