Glossary
- Oracle SD-WAN Aware (Aware)
- A software product that provides the services of a network management system (NMS) for the Oracle SD-WAN. Used to manage, monitor, and troubleshoot the Oracle SD-WAN.
- Oracle SD-WAN Software
- Oracle SD-WAN operating software.
- Avalanche Effect
- In cryptography, an encryption algorithm is said to have an avalanche effect when a small change in the clear text yields large changes in the encrypted text. An algorithm that exhibits the avalanche effect is mathematically more secure than others because it is very difficult to identify messages that are closely related.
- Conduit Service (Conduit)
- A service that is a logical combination of one or more paths. This is the typical service for Enterprise Site-to-Site Intranet traffic, utilizing the full value of the APN. With this service, depending on the configuration, traffic is actively managed across multiple WAN Links to create an end-to-end tunnel.
- Cryptographically Random
- In cryptography, a cryptographically random number is generated by a pseudo random number generating algorithm that is mathematically impossible to predict without knowing the initialization parameters. The US Government security certification, FIPS, maintains a list of approved number generators for cryptography.
- Elliptic Curve Diffie-Hellman
- A method of creating public/private key pairs for the purpose of establishing a shared secret over an insecure channel using elliptic curve parameters. ECDH is known to provide forward secrecy.
- Frequency Analysis
- In cryptography, frequency analysis is a method of studying the frequency of patterns in encrypted data in order to infer contents of the encrypted data over time. In its most basic form, frequency analysis is used to learn the contents of a simple substitution cipher based on knowledge of the occurrence of characters in the plain text lexicon. A similar approach can be applied to encrypted network packets to discern the meaning of a data stream.
- Forward Secrecy
- A property of encryption key exchange protocols that ensures that a session key will not be compromised if another session key or long term keying material becomes compromised in the future.
- Indistinguishability
- An encrypted message is said to be indistinguishable if an independent observer picking any other message of their choice is no more successful than random chance (p=0.5) when attempting to identify whether or not the contents of the two messages are identical.
- Initialization Vector
- In cryptography, an initialization vector (IV) is used to randomize the input to an encryption method in a way that can be easily undone after decryption. In a block mode encryption, the IV is typically the same size as the block and is XOR'ed with the first block of data prior to encryption. In block chaining, the output of each encrypted block is used as the IV for the next block thereby increasing the difficulty of understanding patterns in a particular message.
- Network Control Node (NCN)
- The central APNA that acts as the master controller of the APN, as well as the central point of administration for the Client Nodes. The NCN’s primary purpose is to establish and utilize Conduits with one or more Client Nodes located across the APN for Enterprise Site-to-Site communications. A particular NCN can administer and have Conduits to multiple Client Nodes.
- Secure Key
- A unique value that identifies a Site within the APN. Secure Keys are used to generate unique encryption keys for each Conduit, which secures initial client peering and session key generation.
- Talari Reliable Protocol (TRP)
- A Talari protocol used for reliable transmission of traffic across a WAN between two APNAs. TRP packets are encapsulated in UDP using a default port of 2156.
- WAN Link
- The general term for an Enterprise’s connection to a WAN. These WAN Links are typically connected to router ports. Some examples of WAN Links are T1, DSL, or Frame Relay.
- WAN Path (Path)
- A logical, unidirectional connection between two WAN Links.
