ACID Multi-Master Replication in M-Vault

In our latest release, R16.3, we added a multi-master replication capability to our M-Vault directory server, to complement the single master approach of previous releases.

A new whitepaper looks at the approach we took to support multi-master and how that approach addresses the ACID (Atomicity, Consistency, Isolation, Durability) database transaction reliability requirements.

The whitepaper then sets the approach in the context of other techniques used in distributed directories. For more information, follow the link to “ACID Multi-Master Replication in M-Vault Directory“.

R16.3: Multi-Master Directory, XMPP Archive/Search & ACP127 support

We’re pleased to announce the availability of Isode’s latest release, R16.3, which can be downloaded now from our website. R16.3 is a major Isode release which adds new capabilities across the entire Isode product range, including:

M-Vault

We’ve introduced a multi-master capability to M-Vault, complementing the single-master approach to replication defined in the X.500 protocols around which M-Vault was developed. M-Vault is the first directory to offer both multi-master and X.500.

M-Link

M-Link gains a new Archive Server for archive of all messages (including 1:1 chat, MUC and PubSub). XMPP clients can access archives using Message Archive Management (MAM) as defined in XEP-0313. M-Link also gains three new web applications:

  1. Message Archive Management, allowing browser-based access to information in the archive.
  2. Statistics, a lightweight monitoring alternative to the M-Link Console GUI.
  3. Forms Discovery and Publishing, for end-user publishing and display of FDP forms.
M-Link Statistics Web App
M-Link Statistics Web App

M-Switch

We’ve added gateway support for text based organisational message protocols, which we’re collectively describing as “ACP127”. The first release of this capability supports ACP127 and DOI 103S, a popular US variant, and enables conversion with STANAG 4406 (compliant to STANAG 4406 Annex D) and SMTP (following the MMHS over SMTP extensions).

In addition we’ve made extensive improvements to MConsole and M-Link Console to support the new M-Switch and M-Link family capabilities. For a full run-down of new capabilities in R16.3, please see the Product Release page. We’ll be publishing further blog posts over the coming weeks focusing on some of the new R16.3 capabilities.

Security Update: OpenSSL vulnerability

A serious security vulnerability, designated CVE-2014-0160, has been found in OpenSSL version 1.0.1. See this site for more information - www.kb.cert.org/vuls/id/720951

This version of OpenSSL is used in Isode releases R15.2 and R16.0. New update versions of these releases have been made which incorporate a fixed version of OpenSSL (1.0.1g). These releases are R15.2v11 and R16.0v8. Releases prior to R15.2 use an older version of OpenSSL which is not affected by this vulnerability.

All users of Isode software releases R15.2 or R16.0 who are using TLS/SSL are very strongly advised to update to R15.2v11 or R16.0v8 immediately.

Both releases are available from the Customer section of the Isode website. R16.0v8 is additionally available from the Evaluator section of the website. These sections are password protected, please contact your Account Manager or email sales@isode.com if you have misplaced your login details.

Security Update: OpenSSL vulnerability

A serious security vulnerability, designated CVE-2014-0160, has been found in OpenSSL version 1.0.1. See this site for more information – www.kb.cert.org/vuls/id/720951

This version of OpenSSL is used in Isode releases R15.2 and R16.0. New update versions of these releases have been made which incorporate a fixed version of OpenSSL (1.0.1g). These releases are R15.2v11 and R16.0v8. Releases prior to R15.2 use an older version of OpenSSL which is not affected by this vulnerability.

All users of Isode software releases R15.2 or R16.0 who are using TLS/SSL are very strongly advised to update to R15.2v11 or R16.0v8 immediately.

Both releases are available from the Customer section of the Isode website. R16.0v8 is additionally available from the Evaluator section of the website. These sections are password protected, please contact your Account Manager or email sales@isode.com if you have misplaced your login details.

Easy PKI: Deploying Digital Signatures

Isode’s applications make extensive use of digital signatures and strong authentication, providing significant security and administration benefits. PKI (Public Key Infrastructure) has a reputation for being complex and difficult to deploy. While certain aspects of PKI are complex, Isode’s approach has been to make management and deployment of these capabilities be as straightforward as possible.

The primary view of Sodium CA shows issued (and revoked) certificates, with capability to revoke, renew and rekey issued certificates.

A whitepaper on the Isode website “Easy PKI: Isode’s approach to Deploying Digital Signatures” looks at some of the issues that arise when deploying applications that use PKI, and how Isode’s management toolset helps address these issues. There are 3 key points which the paper focuses on:

  1. Use of PKI provides significant security and administrative benefits.
  2. If you are using Isode applications, it is straightforward and valuable to use PKI.
  3. When comparing Isode server software to alternatives, the Isode approach to PKI management provides clear advantages.