Here's a (draft) list of different terms used in BMC Server Automation (BladeLogic) and a bit about what each of them means. Starting with security terms and some basics.
App Server (Application Server)
The central component of BSA, where jobs run, agent contact is initiated, and where the BSA GUI connects. Also, any server running an instance of the BSA appserver.
A small software component that runs on managed servers, providing connectivity and security mapping for the app server and Network Shell.
Any server managed by BSA, running an RSCD Agent.
Agentless Managed Object
Some components BSA manages without having an installed agent, cf. virtualization management on AIX.
Jobs and Scheduling
Most activities in BSA run as a Job. Jobs are scheduled activities (including those where "Execute Job Now" creates an immediate schedule), using a Depot Object like a software package, patch or NSH Script or a Policy (Compliance, Change Tracking) and one or more Servers. Most Jobs have one or more Job Parts.
JOB_TIMEOUT is a Job property that is used define how long a given Job should be allowed to run. If a given Job runs longer than its JOB_TIMEOUT, it should be canceled.
Jobs that have run against at least one server have at least one part: a unit of work that is targeted at that server and accomplishes some specific task. Some Jobs will have one job part per server (running a script, for example), others may have multiple parts per server (simulate/stage/commit of a deploy job).
JOB_PART_TIMEOUT is a property that is used define how long a given Job Part should be allowed to run. This is usually tripped by a server that's having issues like a hung NFS mount or another system call that's either not responding or taking a very long time (30 min+) to respond.
Something that exists on managed server. It is under the local control of the OS and it is the most familliar form of an object. It can be a directory, a file, Windows or UNIX Service, configuration files. Config Objects are composed of metadata and their actual contents.
A script or command, with machine-parseable output, whose output is read as configuration items. Examples include the "eeprom" command on Solaris, "netstat", and customer scripts.
A snapshot taken of some configurations on a server in a known good state.
One or more configuration items captured at a point in time (such as after a QA cycle, or on a regular schedule)
Comparing the results of a golden image to an existing live server, or a snapshot, to identify configurations that are different.
A set of rules describing how something should be configured. Usually instantiated in BSA as a Component Template, and used by a (rules-based) Compliance Job
Sometimes there are good reasons why something can't be set according to the policy, like a specific application that's not compatible with the general policy in a particular way. An exception lets us log that information (and how long it's allowed to be "out of compliance", and allows us to pass that server, for that policy's rule, when evaluating the server.
A quick report creation tool in BMC Decision Support (for) Server Automation (BDSSA).
An advanced report creation tool in BDSSA.
Security related terms (stolen shamelessly from a BL whitepaper):
certificate authority (CA)
The trusted party issuing digital certificates (especially X.509 public-key certificates) to an
identified end entity and vouching for the binding between the data items in a certificate. A
certificate authority can be managed by an external certification service provider or the CA
can belong to the same organization as the end entities in a PKI. CAs can also issue
certificates to other sub-CAs. This leads to a tree-like certification hierarchy. The highest
trusted CA in the tree is called a root CA.
Digital documents used for secure authentication of communicating parties. A certificate
binds identity information about an entity to the entity's public key for a certain validity
period. A certificate is digitally signed by a trusted third party who has verified that the key
pair actually belongs to the entity. Certificates can be thought of as analogous to
passports that guarantee the identity of their bearers.
certificate management protocol (CMP)
A definition of the online interactions between end entities, registration authorities, and the
certification authority in a PKI. CMP was developed by the PKIX Working Group of the IETF
and specified in RFC 2510. An advanced version of CMP, known as CMPv2, is currently in
certificate revocation list (CRL)
A signed list containing the serial numbers of the certificates that have been revoked or
suspended by the certificate issuer (the CA) before their expiration date. The CA usually
issues new CRLs at frequent intervals. The current PKIX implementation of CRLs is the
X.509 version 2 CRL. See RFC 2459 for more information.
A request for a certificate, generated by end entities or RAs and sent to the CA. A
certification request contains at least the public key and some identity information about
the entity making the request. A certificate is signed with the private key of the entity. If
allowed by the certificate policy of the CA, a certificate can be issued based on the
certification service provider (CSP)
An organization that acts as a trusted third party or a CA host providing PKI services to
other organizations and individuals.
Internet Protocol Security (IPSec)
A protocol suite, defined by the Internet Engineering Task Force (IETF), for protecting IP
traffic at the packet level. IPSec can be used for protecting the data transmitted by any
service or application that is based on IP. The IPSec protocols are defined in RFC 2401.
Copyright © 2005, BladeLogic, Inc. All rights reserved. February 2005 19
A solution to network security, created by MIT, that encompasses authentication and
encryption. The Kerberos protocol uses strong cryptography so that a client can prove its
identity to a server (and vice versa) across an insecure network connection. After a client
and server have used Kerberos to prove their identity, they can also encrypt all of their
communication to assure privacy and data integrity.
See http://www.nrl.navy.mil/CCS/people/kenh/kerberos-faq.html - whatis or
http://www.isi.edu/~brian/security/kerberos.html#whatis for an FAQ on Kerberos
Kerberos Tickets uniquely identify a user. Kerberos Tickets are granted by a Ticket
Granting Server, the Kerberos Domain Controller (KDC), and authenticated by an
Authentication Server (AS). Microsoft’s Active Director Server functions as a KDC for
Windows 2000 clients, while UNIX and Linux clients use the MIT KDC.
As long as the number of requests is small, one TGS/AS is adequate. But as a network
grows, the number of requests grows with it. The AS/TGS can then become a bottleneck
in the authentication process. It is often advantageous to divide a network into realms.
These divisions are often made on organizational boundaries, although they need not be.
Each realm has its own AS and its own TGS.
Lightweight Directory Access Protocol (LDAP)
A directory access protocol defined by RFC 2251 and RFC 1777 for accessing directories
supporting the X.500 models. Many companies are using LDAP based solutions as
directories and user management systems.
managed service provider (MSP)
An organization that provides delivery and management of network-based services,
applications, and equipment to other organizations or individuals. A CA hosting service is
an example of an MSP activity.
Microsoft Crypto API (MSCAPI)
A standard cryptographic interface in Microsoft Windows based systems.
port forwarding (X11 tunneling)
The ability to have X11 client output directed to the port on which the BladeLogic Agent is
listening, effectively tunneling the X11 client output stream from the Agent to the
BladeLogic management console.
public and private keys
The keys used for encrypting and decrypting messages sent over a network. Private keys
are secret and known only to their owners. They are used for signing and decrypting
messages. Public keys are, as the name implies, public and can be published. For