Glossary

Key terms and concepts used throughout Alpacon documentation.

A

Access control list (ACL)

A list of permissions attached to an object that specifies which users or groups can access the object and what operations they can perform.

Agent

See Alpamon.

Alpamon

The Alpacon agent software installed on target servers that manages connections, enforces access controls, and collects audit logs. Runs as a system service and requires root/administrator privileges.

API token

A unique authentication credential used for programmatic access to Alpacon services. Commonly used in CI/CD pipelines and automation scripts. Tokens can have specific permissions and expiration times.

Audit log

A chronological record of all actions performed through Alpacon, including who did what, when, and where. Used for security monitoring, compliance, and troubleshooting.

B

Bastion host

A traditional security approach using a hardened server as a single entry point to access other servers. Alpacon replaces bastion hosts with a more secure, cloud-native approach.

Break-glass access

Emergency access procedures that bypass normal authentication in critical situations. All break-glass access is heavily logged and triggers alerts.

C

Command ACL

Command Access Control List - restrictions on which commands a user can execute on a server. For example, limiting a developer to only run specific deployment commands.

Connection token

A short-lived JWT token that authorizes a specific user to access a specific server for a limited time. Automatically expires and cannot be reused.

D

Deploy shell

Alpacon’s feature for executing predefined scripts across multiple servers simultaneously. Useful for deployments, updates, and maintenance tasks.

G

Group

A collection of users or servers that share common access permissions. Groups simplify permission management by allowing bulk assignment of access rights.

I

Identity and access management (IAM)

The framework for managing digital identities and their access to resources. In Alpacon, IAM includes users, groups, roles, and permissions.

Identity provider (IdP)

An external system that authenticates users, such as Okta, Azure AD, or Google Workspace. Alpacon can integrate with IdPs for single sign-on (SSO).

J

JWT (JSON Web Token)

A standard for securely transmitting information between parties as a JSON object. Alpacon uses JWTs for session tokens and API authentication.

Jump server

See Bastion host.

M

Multi-factor authentication (MFA)

A security method requiring two or more verification factors to gain access. Alpacon supports TOTP-based MFA (Google Authenticator, Authy) and SMS.

O

Offline token

A pre-generated access token that works even when the Alpacon platform is unavailable. Used for emergency access scenarios.

Outbound connection

A network connection initiated from inside a network to an external destination. Alpacon agents only make outbound connections, eliminating the need for inbound firewall rules.

P

Permission

A specific action that a user is allowed to perform, such as “connect to server,” “execute commands,” or “transfer files.”

Privileged access management (PAM)

A cybersecurity strategy for controlling and monitoring privileged access to critical resources. Alpacon is a modern PAM solution.

R

Reverse connection

Alpacon’s architecture where servers connect out to the platform rather than accepting incoming connections. This eliminates exposed attack surfaces.

Role

A collection of permissions that can be assigned to users. Alpacon has three default roles:

  • User: Basic access with limited permissions
  • Staff: Elevated access with sudo capabilities
  • Superuser: Full administrative access

Role-based access control (RBAC)

An access control method that assigns permissions to roles, and then assigns roles to users. Simplifies permission management in large organizations.

S

SAML (Security Assertion Markup Language)

An XML-based standard for exchanging authentication and authorization data. Used for SSO integration with enterprise identity providers.

Secure shell (SSH)

A traditional protocol for secure remote access to servers. Alpacon provides a modern alternative to SSH with better security and management capabilities.

Server

A computer system registered with Alpacon that users can access. Also referred to as a “host” or “target server.”

Session

An active connection between a user and a server through Alpacon. Sessions are monitored, can be shared, and automatically terminate after idle timeout.

Session recording

The capability to record all terminal input and output during a session for audit and training purposes. Available in Enterprise plans.

Session sharing

Alpacon’s feature allowing multiple users to view or collaborate on the same terminal session in real-time.

Single sign-on (SSO)

An authentication method that allows users to log in once and access multiple applications. Alpacon supports SSO through SAML 2.0 providers.

Staff role

An Alpacon IAM role with elevated privileges, typically including sudo access. Suitable for DevOps engineers and system administrators.

Superuser role

The highest privilege level in Alpacon IAM, with unrestricted access to all features and servers. Should be limited to security administrators.

T

Target server

A server that users connect to through Alpacon. The server must have the Alpamon agent installed and be registered to a workspace.

Time-bound access

Access that automatically expires after a specified duration. All Alpacon access tokens are time-bound to reduce security risks.

Token

See API token or Connection token.

Two-factor authentication (2FA)

See Multi-factor authentication (MFA).

U

User role

The basic IAM role in Alpacon with limited permissions. Suitable for developers and operators who need controlled access to specific servers and commands.

W

WebFTP

Alpacon’s browser-based file transfer interface. Allows secure file uploads and downloads without requiring FTP clients or protocols.

Websh

Alpacon’s web-based shell interface. Provides terminal access directly in the browser without requiring SSH clients or keys.

Websh protocol

The custom protocol used by Alpacon for secure, real-time terminal communication between browsers and servers.

Workspace

The top-level organizational unit in Alpacon. A workspace contains servers, users, groups, and configuration settings. Organizations can have multiple workspaces for different environments or teams.

Workspace URL

The unique URL for accessing a specific workspace, formatted as https://alpacon.io/workspace-name/.

Z

Zero trust

A security model that assumes no implicit trust and continuously verifies every transaction. Alpacon implements zero-trust principles by:

  • Verifying every access request
  • Using time-bound tokens instead of permanent credentials
  • Enforcing least-privilege access
  • Maintaining comprehensive audit logs
  • Eliminating exposed attack surfaces

Zero trust network access (ZTNA)

A technology category that provides secure remote access based on zero-trust principles. Alpacon is a ZTNA solution specifically designed for server access.