Glossary
Access Key
An Access Key is a secret key created for you when you first configure your Tehama Gateway Room's network access to connect to your organization's private network, through a Tehama Gateway (or two if the 'Multiple Gateways' option is enabled) installed in the network's infrastructure. It is required by the Tehama Gateway to connect to that Room. It uniquely identifies the Tehama Gateway(s) to a particular Room's Tehama Gateway Service for establishing the connection. You can regenerate a new Access Key as required so secure storage of this key for future use (e.g. moving the Tehama Gateway) is optional.
Activity Stream
The Activity Stream for a Room or Organization shows all the activity that has taken place on or to the Room or organization since its creation. Examples of activity include (but is not limited to) the addition of members to an Organization or Room, the creation of a Desktop within in a Room etc.
App Vault
A tool/service available in each Room that provides way to securely transfer application installation files to the Room's desktops.
Application (Desktop Application)
An application installed on a Desktop.
Asset
An Asset is a resource or service in your private infrastructure (internal network, cloud, ...) or publicly available applications and services in the cloud that you want to access from the Room. You store the list of assets in an encrypted secrets vault.
Tehama Client
The Tehama Client is a desktop application that lives on the computer from which you connect to your virtual Tehama Desktop sessions. Its purpose is to launch and host these sessions. See the Tehama Client Overview for more information.
Tehama Desktop
A shared or individual virtual desktop computer hosted in a Room. From the Desktop, the user can access the configured assets. All work performed using the Desktop is audited. Desktops are instances of Desktop Templates.
Desktop Template
A pattern, or plan of a Desktop that is used to generate Desktops for one or more users of a Room.
DNS Filtering
DNS Filtering is a process that uses the Domain Name System (DNS) to allow website access, by their domain name. Tehama's DNS Filtering feature provides this capability as an extra layer of security on top of the Firewall Rules that are set up for each Room. See the DNS Filtering guide for more information about DNS Filtering in Tehama.
Domain Join Room
A Domain Join Room is a Tehama Room that can be joined to your private network's domain, giving read-only access to the domain's objects, such as users and policies, to the Room. There are some limitations on this type of Room. It can only have 'Network Access' set to 'Tehama Gateway', and can only provide 'Tehama Windows Desktops'. See Choose a Room type for more information on the types of Tehama Rooms. See the Room Domain Join User Guide for more information on Domain Join Rooms.
File Vault
A tool/service available in each Room that provides an audited/secure file transfer service. It is used to transfer data onto a secure Desktop.
Firewall Rules
A tool/service available in each Room that provides the ability to customize access to the Room's Desktops from remote applications/services. If the Room's connected organization has configured the Room to connect to their organization's private network through a 'Tehama Gateway' installed in their network's infrastructure, then this access is managed through the Room's Tehama Gateway instance (two instances if the 'Multiple Gateways' option is enabled). Otherwise, if the Room's connected organization has configured the Room to connect to 'Internet Only' or via the 'Multi-Path' connection method, then this access is managed through the Room's infrastructure. See the Firewall Rules User Guide for more information.
Tehama Gateway Room
A Tehama Gateway Room is a Room with 'Network Access' set to 'Tehama Gateway'. It provides the Room access to both the cloud and to a private network where a connected Tehama Gateway is installed. See both the Tehama Gateway Room Connectivity User Guide and Tehama Gateway - Installation and Management for more information.
Tehama Gateway
The Tehama Gateway is a software agent (binary) that you install in your private network's infrastructure to enable a secure encrypted connection between a Tehama Gateway Room's Tehama Gateway Service and your infrastructure. If the Room has the 'Multiple Gateways' option enabled, then you install two instances. See both the Tehama Gateway Room Connectivity User Guide and Tehama Gateway - Installation and Management for more information.
Tehama Gateway Service
The Tehama Gateway Service is part of the infrastructure in a Tehama Gateway Room. This service is configured to connect to the connected Organization's private network through an instance (or two if the 'Multiple Gateways' option is enabled) of the 'Tehama Gateway' installed in their network's infrastructure to enable the Room's connected Organization to control exactly what assets on their network (that is, applications, databases, internal subnetworks) can be accessed by the Room.
Multiple Gateways
The 'Multiple Gateways' option, when made available, is applicable only to Tehama Gateway Rooms. When this option is enabled, the connected organization installs a second instance of the 'Tehama Gateway' in their network's infrastructure to provide redundancy and the Room provisions its infrastructure to handle the second connection. Enabling this feature adds to the cost of the Room.
Internet Only Room
An Internet Only Room is a Room which has network access set to 'Internet Only'. These rooms limit their network access to the internet. See the Internet-Only Room Connectivity User Guide for more information.
Internet Only
'Internet Only' is a Room network access connection option that limits the Room's network access to the internet. This option is available for Rooms where there is no need to access the private network of the Room's connected-organization through a Tehama Gateway or through a Multi-Path Room Connection.
Multi-Path Room
A Multi-Path Room is a Room with 'Network Access' set to 'Multi-Path'. It provides the Room access to both the cloud and to private networks where connected through VPN IPSec connections (Multi-Path Room Connections). Note that when there are no VPN connections, the Room behaves like an 'Internet-Only' Room. See the Multi-Path Room Connectivity User Guide for more information.
Multi-Path Room Connection
A Multi-Path Room Connection is a VPN IPSec connection between a Multi-Path Room and a private network. See both the Multi-Path Room Connectivity User Guide and the Multi-Path Room - Add and Manage Connections for more information.
Standard Room
A Standard Room is a basic Tehama Room. It can have 'Network Access' set to 'Multi-Path', 'Tehama Gateway', or 'Internet-Only'. See Choose a Room type for more information on the types of Tehama Rooms.
Service-provider Room
A Service-provider Room is a special type of Standard Room, where the responsibilities in the Room are divided between two organizations - the owner organization, that pays for the Room and has control over what services/tools are provisioned in it, and the access/connected-to organization, that controls which other organizations and which members have access and what assets are accessible through the Room.. See Choose a Room type for more information on the types of Tehama Rooms.
Org Manager
A Member of an Organization with elevated privileges. In addition to using the services available to 'Staff Members', Org Managers are also able to create policies, create and delete team member accounts and create additional Desktops. There may be many Org Managers in an Organization.
Room Manager
A Member of an Organization with elevated privileges. In addition to using the services available to 'Staff Members', Room Managers are also able to create policies, create and delete team member accounts and create additional Desktops in Rooms in which they are members. There may be many Room Managers in an Organization.
Member
A User within an Organization. Has access, on request and approval, to Rooms in which that Organization participates. May belong to a Team.
Org Admin
A Member of an Organization with super-elevated privileges within the Organization. There may only be one Org Admin in an Organization.
Organization
An Organization is a key concept in Tehama. Organizations can host Rooms or be invited to use a Room. Organizations also have a set of Members (Users). See Organization User Guide for more details.
Tehama Admin
A Tehama Support Team member with super-user privileges in Tehama.
Policy (Condition of Use for Rooms)
A Tehama policy, sometimes referred to as an "access policy" or a "compliance policy", describes the "conditions of use" that an organization and its users need to meet to gain access to a Room and any assets contained within it.. Policies are owned by an Organization. When an Organization invites another Organization to access a Room, it specifies one Policy under which that access is authorized. Different access policies may be specified for each Organization invited to a Room. See Policies (Conditions of Use for Rooms) User Guide for more details.
Room
A Room is the key and most important concept in Tehama. A Room is a connected hosted extension of an Organization's IT infrastructure that provides a fully audited and controlled space that hosts a set of tools, services and/or applications for use by one or more other Organizations. Access is optionally governed by a Policy specified for each Organization invited to use the Room. In short, a Room is a secure Platform for the acquisition and delivery of Software Development and IT Management Services between Organizations. For more information see the Rooms User Guide.
Room Owner Organization
The Organization that is paying for the Room. Note that this isn't necessarily the organization that is connected to by the Room (the Room Connected Organization). The organization that owns the Room always approves the addition of Desktops in the Room.
Room Connected Organization
The Organization that has connected the Room. Note that this isn't necessarily the organization that is paying for the Room (the Room Owner Organization). The organization that has connected the Room always approves access for individuals or teams to be added to the Room.
Secrets Vault
The secrets vault is used to provide secure storage of access credentials, secrets and firewall rules. Each Room has its own secrets vault repository providing single tenant secure storage for details of Assets for that Organization's connected environment. See Secrets Vault User Guide for more details.
Service Provider
A company that uses a secure access method to present services to recipients (consumers).
Service Recipient
Also known as a consumer, a service recipient is an organization that requires and pays for services.
Staff Member
A Member of an Organization with basic privileges. There may be many Staff Members in an Organization.
Team
A list of Members from an Organization. Convenient for adding or requesting access for groups of people to Rooms.
Tool
A service (web application, API service, ...) that is hosted in a Room. Examples include the File Vault and Secrets Vault but also includes the video recording and auditing services.
Users
See member.