Isode Products

• All Products
• Directory
• Directory Synchronization
• Internet Messaging
• XMPP Instant Messaging
• X.400 Messaging
• Supported Platforms

Isode XMPP Products

• XMPP Products Overview
• M-Link Server
• Use of Directory
• M-Link Security
• Server Clustering
• M-Link Edge
• Management Tools
• M-Link Standards Conformance
• Swift XMPP Client
• Swiften XMPP Client Library

 

M-Link is on DISA's Approved Products List

 

M-Link Management

On this page you'll find information on Isode management tools for M-Link. On other pages you'll find a general overview of Isode's M-Link XMPP Server, M-Link's use of Directory, security features, support for wide and local area clustering,  boundary controls using M-Link Edge and standards conformance.

Overview

Configuration information for an M-Link server is held in an XML file. Isode provides a GUI tool, M-Link Console (MLC), to create, visualize and manage this configuration.

User accounts are held in a directory, with Active Directory or Isode's M-Vault being popular choices. User accounts in the directory can be managed externally and Isode provides GUI and Web based administration tools for this purpose (see User Account Management for more information). SNMP monitoring can be used to integrate server monitoring with Enterprise monitoring of network and application components.

M-Link Console

M-Link Console (MLC) is a GUI management tool that enables the creation, configuration and monitoring of an XMPP service comprising one or more instances of Isode's M-Link XMPP server.

 

 

Monitoring, Audit and Telemetry

MLC connects to an XMPP service, and can provide a range of monitoring information including:

• General Service Status and Up Time
• Information on connected users
• Information on connected peers

Multiple XMPP services can be monitored, including limited monitoring of XMPP servers other than M-Link. MLC can start and stop M-Link servers on Windows, Solaris and Linux.

MLC provides a number of audit and trace capabilities:

• Archiving can be configured for 1:1 messages and/or MUC. When this is enabled, MLC enables archive viewing.
• Telemetry logging may be enabled for specific users or peers in order to diagnose interoperability problems. MLC provides a viewing capability for the logs produced.
• M-Link uses Isode event logging to record activity. MLC enables full configuration of this logging.

Clustering

A typical M-Link deployment will be provided by multiple servers operating in a clustered configuration to provide reliability. M-Link Console provides management at both service and cluster node level. Most management is done at the service level, with configuration changes automatically applied to all nodes. Some functionality is available the node level, including:

• Statistics information on the performance of each node.
• Option to perform node-specific configuration, which may be useful for advanced deployments.
• Configuration changes that need to adjust node-specific files (e.g., setup of private keys for TLS)

MLC ensures that the nodes in a cluster have consistent configuration and status.

Security Labels

Configuration of Security Labels, Security Policy, Security Clearances and XEP-0258 support. For more information on the Security Policy, Security Label and Security Clearance infrastructure used within its products see the Security Policy infrastructure page.

Authentication and Data Confidentiality

Setup and configuration of Strong Authentication for TLS and peer authentication, including use of CSR (Certificate Signing Requests) to interact with a Certification Authority and use of private keys/certificates and trust anchors from the Windows Certificate Store.

 

Users and Rosters

M-Link Console provides a number of capabilities to support users and the user rosters held in M-Link.

• User accounts can be displayed, and there is ability to create and modify accounts where the M-Link server has appropriate write access to the directory.
• Online users can be listed (useful for small servers)
• Users can be searched (using XEP-0055) which enables user information to be found in a large service.
• Current online status and connections for a user can be displayed.
• A user's roster can be displayed and reset.

Components, IM, MUC and PubSub domains

M-Link can support multiple domains, which can be used for multiple purposes (IM, MUC, or PubSub). MLC enables setup and management of these domains. For MUC domains, MLC provides detailed MUC administration, so that MUC rooms can be managed from MLC as part of an M-Link service. Domain management can also be used to configure XEP-0114 Components to integrate third party services.

Groups

MLC provides a tab for managing groups, which are important in most XMPP services. There is a special operator group (for users that can manage the M-Link service) and a range of custom groups. Groups can be defined as an explicit list, as an LDAP search, or reference a directory group (AD Group or LDAP Group). Groups can be referenced for MUC access control, and can be used to provide roster pre-population, to enable administration configuration of user rosters.

 

Peering Controls

Both M-Link and M-Link Edge make use of peering controls to control how messages are routed and to control message flow. The Peering Configuration tab enables setup of routing configuration, filtering and controls associated with the peer. Link control enables use of special protocols between a pair of M-Link servers, in particular:

• Optimized S2S, to reduce handshaking on slow links.
• STANAG 5066 for use over HF Radio.
• Custom integration for use with High Assurance Guards.

Service Setup

MLC's setup wizard allows administrators to quickly setup a single or multi-node (clustered) XMPP service. M-Link requires a directory to hold user and group information. MLC enables the setup of an M-Vault directory to be used in conjunction with M-Link for this purpose and also allows for the utilisation of an existing LDAP directory, including Microsoft Active Directory.

Management Architecture

Operation and configuration is achieved by use of Ad Hoc commands (XEP-0050). XMPP defines a number of Ad Hoc commands for server management in XEP-0133. Standard commands supported by M-Link are change password, get user stats, number of online users, list active users, send announcement. Isode adds a large number of additional commands, which are used by MLC. Direct access to Ad Hoc commands are available for advanced use.

User Account Management

There are three methods available to manage users of an M-Link server or service:

1. Using M-Link Console.
2. Using Isode's 'Sodium' GUI tool to manage the directory data. You can find more information on Sodium here. Sodium is shipped with Isode's M-Vault directory and is also available as a stand-alone product.
3. Using Isode's Internet Messaging Administrator (IMA), a set of configurable browser-based account management tools running against the directory (discussed below).

For XMPP system management, IMA provides management options (in addition to a directory browser) at three levels:

• System Administrators: System-wide creation and management of Users, User Groups, User Roles and Realms (collections of domains for administrative purposes).
• Delegated Administrators: Creation and management of Realms and Users over which delegated administrative rights have been granted by the System Administrator.
• Individual Users: Control of personal information and password.

Click on the thumbnails below to show/hide detailed screenshots of IMA from the System Administrator, Delegated Administrator and User perspectives. You can read more about IMA here.

 

SNMP Monitoring

M-Link includes SNMP support, to enable monitoring of key server performance metrics with network management tools such as OpenView, or with Web applications.

The SNMP framework enables monitoring of an enormous variety of network components and applications by use of the MIB (Management Information Base) concept. A MIB defines the variables that are available in the application to be monitored using SNMP.

MIB support in M-Link includes:

• Network Services Monitoring MIB (RFC 2788).
• The 'Isode Services MIB' an Isode extension to RFC 2788 to include authentication and encryption data, bandwidth counts per session and session type.
• The 'Isode XMPP MIB' which provides XMPP-specific statistics such as stanza counts.

Amongst other capabilities, monitoring enables the operator to see the number of connections (client/server and server/server), the operation rate for different types of operation, where encryption is used and bandwidth usage.

Further information on the benefits of SNMP monitoring is given on the page discussing Isode's SNMP Architecture.

 

© Isode Ltd 2013

sitemap    use of cookies    privacy   feedback