Glossary

A set of rules that defines which users or systems are granted or denied access to a resource. In networking, ACLs filter traffic on routers and firewalls. In file systems, they control read, write, and execute permissions.

Microsoft's directory service for Windows domain networks. Provides centralized authentication and authorization, user and group management, and policy enforcement via Group Policy Objects.

A document that captures an important architectural decision, its context, the options considered, and the rationale for the chosen solution. ADRs create a durable record of why a system is built the way it is.

The process of verifying the identity of a user, system, or service. Proves that an entity is who it claims to be, typically using passwords, certificates, tokens, or biometrics.

The process of determining what actions an authenticated entity is permitted to perform. Follows authentication and governs access to resources and operations.

The use of scripts, workflows, or tooling to perform tasks without manual intervention. In engineering, automation reduces toil, enforces consistency, and enables repeatable processes.

A software development practice where code changes are automatically built, tested, and deployed. CI validates changes on every commit; CD automates delivery to production or staging environments.

A network protocol that automatically assigns IP addresses and other network configuration parameters to devices on a network, eliminating the need for manual IP assignment.

The internet's naming system that translates human-readable domain names into IP addresses. Operates as a distributed hierarchical database queried whenever a hostname needs to be resolved.

An approach to documentation that applies software engineering practices — version control, code review, automated testing, and CI/CD — to documentation files. Documentation is stored as plain text in the same repository as the code it describes.

The process of encoding data so that only authorized parties can read it. Transforms plaintext into ciphertext using an algorithm and key. Used to protect data at rest and in transit.

The complete domain name for a specific host on the internet, including all domain levels up to the root. For example, server.example.com is an FQDN.

A block of YAML metadata at the top of a Markdown file, delimited by triple dashes. Used in static site generators like Docusaurus to define document properties such as title, tags, and lifecycle status.

A collection of settings in Windows Active Directory environments that control the environment of user accounts and computer accounts. Applied automatically to users and machines within an organizational unit.

Software that creates and manages virtual machines by abstracting physical hardware resources. Type 1 hypervisors run directly on hardware (ESXi, Hyper-V). Type 2 hypervisors run on a host operating system (VMware Workstation, VirtualBox).

A network layer protocol used by network devices to send error messages and operational information. The ping command uses ICMP echo requests and replies to test network connectivity.

The practice of managing and provisioning computing infrastructure through machine-readable configuration files rather than manual processes. Enables version control, repeatability, and automation of infrastructure.

Microsoft Endpoint Manager Intune — a cloud-based mobile device management and mobile application management service. Used to manage and secure devices, apps, and data in enterprise environments.

The fourth version of the Internet Protocol, using 32-bit addresses written in dotted decimal notation (e.g., 192.168.1.1). Provides approximately 4.3 billion unique addresses.

A network authentication protocol that uses tickets to allow nodes to prove their identity securely over a non-secure network. The default authentication protocol in Windows Active Directory environments.

In the Engineering Journal governance model, the lifecycle describes the current state of a document: draft, review, active, deprecated, or archived. Controls visibility in generated indexes and enforces content quality gates.

An authentication method requiring users to provide two or more verification factors to gain access. Combines something you know (password), something you have (token), and something you are (biometric).

A method of mapping one IP address space into another by modifying network address information in packet headers. Commonly used to allow multiple devices on a private network to share a single public IP address.

The primary file system used by Windows operating systems. Supports file permissions, encryption, compression, auditing, and large file sizes. Access control is managed through ACLs.

A container in Active Directory used to organize users, groups, computers, and other objects. GPOs are applied at the OU level to control settings for all objects within.

A proprietary Microsoft protocol that provides a graphical interface for connecting to another Windows computer over a network. Operates on TCP port 3389.

A structured method of identifying the fundamental cause of a problem or incident, rather than addressing only its symptoms. Common techniques include the 5 Whys, fishbone diagrams, and fault tree analysis.

A documented set of procedures for performing a specific operational task. Runbooks provide step-by-step instructions for routine operations, incident response, and system maintenance.

A unique value used to identify a user, group, or computer account in Windows. Every account receives a SID at creation. SIDs are used by the Windows security subsystem for all access control decisions.

A network file sharing protocol that allows applications to read and write files and request services from server programs on a computer network. Used by Windows for shared folders, printers, and other resources.

An authentication scheme that allows users to log in once and gain access to multiple systems without re-entering credentials. Reduces password fatigue and centralizes access control.

A logical subdivision of an IP network. Subnetting allows a network to be divided into smaller segments, improving security and performance. Defined by a network address and a subnet mask.

The Windows System Preparation Tool. Used to generalize a Windows installation before cloning or imaging by removing machine-specific information including the computer SID, resetting hardware settings, and clearing event logs.

In the Engineering Journal, the controlled vocabulary of domains and tags used to classify content. Defined in .github/taxonomy.yml and enforced by CI validation.

A connection-oriented network protocol that provides reliable, ordered, and error-checked delivery of data between applications. Forms the basis for most internet communications including HTTP, SMTP, and SMB.

A connectionless network protocol that sends datagrams without establishing a connection or guaranteeing delivery. Used where speed is preferred over reliability, such as DNS queries, video streaming, and VoIP.

The creation of virtual versions of hardware, storage, networks, or operating systems. Allows multiple virtual machines to run on a single physical host, improving resource utilization and enabling easier system management.

A logical grouping of network devices that appears as a single LAN regardless of physical location. VLANs segment network traffic for security and performance without requiring separate physical hardware.

A software emulation of a physical computer that runs an operating system and applications as if it were a dedicated machine. Multiple VMs can run simultaneously on a single physical host.

VMware's server virtualization platform, consisting of ESXi (the hypervisor) and vCenter Server (the management layer). Widely used in enterprise environments for running and managing virtual machines.