# Taxonomy {% hint style="danger" %} ### **The BastionZero product is maintained for existing BastionZero customers only.** Moving forward, we are natively rebuilding BastionZero’s technology as Cloudflare’s [Access for Infrastructure](https://developers.cloudflare.com/cloudflare-one/applications/non-http/infrastructure-apps/) service. {% endhint %} | Term | Definition | | ---------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Target | A machine we connect to. | | Environment | A group of targets that can be accessed simultaneously. Environments are uniquely named and each user requests explicit access to each environment via a policy attached to their account. | | Connection | A terminal to a target. You can have multiple connections (i.e., terminals) to a single target in a given space. | | Policy | A triplestore statement (subject, verb, object) where the subject is the user/group, the verb is the type of access allowed, and the object is the target/environment. | | Session recording | A video recording of a user or group shell session from the web app or `zli`. | | `zli` | BastionZero's command line interface tool, also known as the zero-trust command line interface | | BastionZero web app | BastionZero's web UI for connecting to targets, monitoring logs and session recordings, authoring policies, managing users, creating environments. This can be found at `cloud.bastionzero.com`. | | Agent | Installed on targets to enable MrZAP and target autodiscovery. These agents are built from the [BastionZero open-source agent](https://github.com/bastionzero/bzero). Two unique agents are built from the single open-source project, a docker container hosted on dockerhub and used for k8s targets and a systemD executable used for servers, VMs, and containers. | | Add a new target | When we input the configuration information for a target, for instance its IP address, SSH key, alias, etc. | | Added target | A target for which we have already stored the configuration information, for instance its IP address, SSH key, alias etc. | | Connect to a target | Open a terminal to a target. | | Find a target | When the end user wants to search through the saved targets in order to find a known target. | | Reconnect to a target | When a target that is already in a space has gone offline, and we want to see if the target is back online so that we can shell into that target. | | Lost connection | When a server goes offline while the terminal is open. | | Autodiscovered targets | Targets with the bz-agent installed. | | Provisioning ID | User/organization’s GUID in BastionZero system. | | Provisioning secret | Mechanism of linking autodiscovery target to account ID. | | Manual targets | Ones that are configured by hand/API. | | Command history | A collection of a user's previous commands. | | Connection event | An event log of some state change to the connection (see events below), includes metadata about the connection (space, target, user, time). | | Connection history | A collection of a user's previous connections (i.e., what targets they attached to). | | User event history | Actions taken by user (i.e., policy changes, targets added/removed, user invites). | | Connection event: opened | A connection has been initiated by the backend but no frontend connection has been made yet. | | Connection event: inactive | A connection has been opened by a user and left in a space with no other users reading/writing to it. | | Connection event: active | A connection is being viewed by a user. | | Connection event: disconnect | The backend connection has been dropped for some reason. The backend will attempt to reconnect. | | Connection event: connect | The backend has connected to the target or has reconnected within the same terminal. | | Connection event: closed | Final state. The connection has been terminated from the backend. | | Connection table | Table of all connections made and the current state they are in (it is a function of connection events). | | Allow (allowed) | When a policy check passes (i.e., Alice was allowed access to ENV via POLICY) | | Deny (denied) | When a policy check fails (i.e., Alice was denied access to ENV). Policy checks by default deny until a successful policy is found. |