Isode Products

Internet Messaging Products

Messaging Management

 

  • High Performance & Good Scaling
  • SASL support, including Strong Authentication
  • Directory-based Account configuration and Profile information
  • Security Label based Access Controls
  • SNMP Monitoring following Network Services MIB (RFC 2788)
  • Wide Area Clustering
  • Good interoperability with deployed XMPP/Jabber clients and servers
  • Multi-User Chat (MUC)
  • Personal Eventing
  • Very easy to set up

 

What is M-Link?

M-Link is Isode's Instant Messaging and Presence server based on the XMPP (eXtensible Messaging and Presence Protocol) standard.

XMPP is the Open Standard for Instant Messaging and Presence, formalized by the IETF in 2002-2004, and continuously extended through the standards process of the XMPP Standards Foundation. You can read more about Isode's strategy in this area in the whitepaper [Isode's Presence, Real Time Messaging and XMPP Strategy].

On this page you can find information on:

You'll also find some general information on the XMPP Protocol as well as M-Link's Standards Conformance.

M-Link can be used and evaluated either as part of Isode Internet Messaging Suite or as a standalone Instant Messaging system supported by Isode's LDAP Directory server, M-Vault.

M-Link Use of Directory.

As well as holding account information, M-Link uses the directory to hold profile information. Directory information is mapped to profile information according to XEP 0154, and then a configurable mapping is used to support the widely deployed vCard profiles (XEP- 0054). This enables easy use of profile information from the directory, and avoids duplication of information. It ensures that key information is kept under administrative control.

M-Link controls which information is taken from the directory, and also allows selected information to be written back to the directory. The allows XMPP to be used to manage selected personal data in the directory.

M-Link also stores configuration of permanent MUC rooms and Security Policy in the directory. More details on M-Link use of directory is given in the whitepaper [XMPP, M-Link and Directory].

M-Link Authentication.

User account and password information is maintained in the directory, and used by M-Link and other applications for authentication. In particular, this authentication information is shared with Isode messaging applications. Passwords may be controlled with Isode's password policy framework. This is described in the white paper [Password Policy for Directories].

M-Link uses SASL (Simple Authentication and Security Layer) for authentication, and this will be shared with other servers using Isode's SASL support. This integrated authentication approach enables common authentication and shared passwords between XMPP and other applications.

M-Link can also use Strong Authentication, based on X.509 Public Key Infrastructure (PKI) for client/server and for server/server connections. This uses SASL EXTERNAL authentication which in turn uses X.509 authentication at the TLS level. XMPP clients and servers use certificates with special Subject Alternate Names (defined in RFC 5290). M-Link supports use of these certificates, and Isode’s secure Identity Management capability in Sodium helps to generate them. Strong Authentication is recommended for secure deployments.

Security Labels.

M-Link provides control of messages using Security Labels. This controls the flow of messages, based on security labels associated with the messages. Isode supports security labels according to XEP-0258 (Security Labels in XMPP) with support for S/MIME ESS Labels (RFC 2634 "Enhanced Security Services for S/MIME") and for Isode XML Labels. Controls are based on Security Clearance of Sender, Recipient, and peer XMPP server. Security Label based controls are also provided for MUC.

M-Link provides Client/Server support for XEP-0258 and in particular for the discovery mechanism that enables an XMPP client to determine which Security Labels can be used for a specific destination.

Overall control is Security Policy based, using the mechanisms described in our whitepaper [Isode Security Policy, Security Label and Security Clearance Infrastructure].

As well as support for XEP-0258, M-Link supports the IC-ISM XML label mechanism used by the Transverse client. Futher information is given in the Isode whitepaper, [Using Security Labels to Control Message Flow in XMPP Services].

Multi-User Chat (MUC).

M-Link provides Multi-User Chat as part of the M-Link server. M-Link supports almost all of the capabilities set out in XEP 0045 (Multi-User Chat, P. Saint-Andre, July 2008). This includes:

  • Temporary and Permanent MUC Groups.
  • Specification of Group Members
  • Option for Member Only groups
  • Invitation only groups
  • Administrator and Moderator roles
  • Ban Lists
  • Password control (secured rooms)
  • Moderation of Floor
  • Kicking out Participants

M-Link also supports Security Label based controls of MUC, described in the Isode white paper [Using Security Labels to Control Message Flow in XMPP Services]. Creation of temporary MUC rooms may be restricted to local users.

Permanent MUC groups are configured in the directory and may be managed by either XMPP or by the directory. The latter approach enables external control of MUC groups. The following screen shots show two views of the same group, showing many of the above options. The first screenshot shows the client view (in this case the PSI XMPP Client) and the second shows Isode's Sodium directory administration tool.
PSI (click for more detail)
Sodium (click for more detail)

Personal Eventing (PEP).

XMPP includes a Publish/Subscribe capability to enable flexible sharing of data. Personal Eventing is a subset of this, which allows a user to publish and share data, and in particular "extended presence" information. Personal Eventing is expected to be the basis of important XMPP developments, and support is starting to appear in XMPP clients and applications.

Link Optimization

M-Link provides capabilities to optimize for low bandwidth links. In particular link compression is supported (XEP 0138), and Roster Versioning (XEP 0237) so that when a client reconnects, the roster is only downloaded if it has changed.

Wide Area Clustering.

The core XMPP model is one server per domain. A single M-Link Server can support multiple domains, with delegated administration of users within each supported domain.  XMPP Clustering is a technique to enable a single domain to be supported by multiple servers. XMPP clustering is provided by some XMPP servers, using vendor-specific techniques. The capabilities provided varies widely between products, and so features provided should be reviewed with care.

XMPP Clustering needs to synchronize "state" between servers to ensure that messages are routed to correct destinations and the presence information is correct.  

It is also important that information from various services (Presence, Multi User Chat (MUC), and Publish Subscribe (PubSub)) are sent on the local server where possible. For example, where MUC subscribers are on multiple servers, participant groups should be managed locally on each server, and messages sent directly to other local users without having to go to another server first. A related characteristic is the MUC and Pubsub will continue operation in the event of any cluster node failing.

One goal of XMPP Clustering is to support "LAN Clustering", where there are multiple clustered XMPP servers operating on a common fast highly reliable local network. Clustering in this environment is important for large deployments, as it enables servers to be added to support load levels greater than can be handled by a single server. This horizontal scaling is important for service providers and large enterprises. It also provides reliability, so that service can continue in the event of failure (accidental or planned) of a server.

A second and harder goal is to support "Wide Area Clustering", where the XMPP servers are interconnected by links that may be slower and less reliable than a LAN. There are various scenarios where this is important:

  • Off site operation of a server, so that service can continue in event of site failure (disaster recovery)
  • Support of organizations with multiple sites, so that a server can be run at each site.
  • Support of a distributed military deployment, for example with one server at HQ and another in the field.

Supporting Wide Area Clustering requires protocols and algorithms that will deal with wide area network throughput/latency and periods where connectivity is lost. Servers need to be kept in sync, but operations should continue as well as possible when there are network failures. Having a server close to a client with good connectivity will give a fast and robust client experience. It is important that local traffic is optimized, and not switch between servers except where needed. Handling traffic locally to a server without unnecessary switching is particularly important for Wide Area Clustering.

Isode's XMPP Clustering implementation is designed to work well for both LAN Clustering and Wide Area Clustering environments.

M-Link Management.

M-Link can be deployed as part of a complete internet messaging system or as a standalone instant messaging server.

As part of an Internet Messaging System

Isode provides Web based configuration of its Internet messaging servers, including M-Link, using Internet Messaging Administrator (IMA).

User Creation
Click image for more detail

XMPP accounts are automatically provisioned when a user is added to the messaging system, with email address and XMPP address being the same. This integrated provisioning is provided using a directory back end, and so can be easily be integrated with a third-party provisioning system to give the same result.

As a stand-alone system

XMPP user accounts can be configured for stand-alone M-Link installations utilizing Isode's Sodium directory management tool.

Configuring XMPP client accounts using Sodium

For more information on configuring M-Link for stand-alone use, please refer to the evaluation guide from the M-Link evaluation page.

SNMP Monitoring.

M-Link includes SNMP monitoring, to enable monitoring of key server performance metrics with network management tools such as Openview, or with Web applications as illustrated above. Further information on the benefits of SNMP monitoring is given on the page discussing Isode's SNMP Architecture. Monitoring enables the operator to see:

  • Number of connections (client/server and server/server).
  • Operation rate for different types of operation.
  • Where encryption is used.
  • Bandwidth use.

Migration.

M-Link enables easy migration from other servers by use of XEP-0227 (Portable Import/Export Format for XMPP-IM Servers). An import tool enable use of XEP-0227 files to set up user configuration, and in particular roster import.

XMPP: Messaging & Presence.

XMPP defines protocols for communicating between a client and a server (C/S), and between servers (S/S), as illustrated in the diagram below. An XMPP Client will talk to the server with which it is registered.

A client will report its status to the service (e.g., "free for chat"). Clients can build a roster or buddy list of peers that they communicate with that is held in the XMPP server. The XMPP server will maintain the presence status of each member of the roster, and allow messages to be sent and received.

This scenario is familiar to many Instant Messaging (IM) users, although some of the well known IM services are single server and do not communicate with other servers in the way that XMPP does, some of the newer high-profile IM services do use the increasingly popular XMPP protocol. The key benefit of XMPP is that it provides a distributed IM and Presence service. More information on XMMP is provided in the whitepaper Isode's Presence, Real Time Messaging and XMPP Strategy.

Ad Hoc Commands.

XMPP ad hoc commands are supported as a mechanism to provide operator capabilities through any XMPP client that supports ad hoc commands. For example, this gives the ability for an administrator to “kick a user off” the system.

Conformance.

RFC 2634 Enhanced Security Services for S/MIME, P. Hoffman, June 1999
RFC 2788 Network Services Monitoring MIB, S. Kille, N. Freed, March 2000
RFC 3920 Extensible Messaging and Presence Protocol (XMPP): Core, P. Saint-Andre, October 2004. Including updates based on implementation experience set out in draft-saintandre-rfc3920bis-04.txt
RFC 3921 Extensible Messaging and Presence Protocol (XMPP): Instant Messaging and Presence, P. Saint-Andre, October 2004. Including updates based on implementation experience set out in draft-saintandre-rfc3921bis-04.txt
XEP 0004 Data Forms, J. Hildebrand, J. Miller, R. Eatmon, T. Muldowney, P. Saint-Andre, August 2007
XEP 0012 Last Activity
XEP 0030 Service Discovery, J. Hildebrand, P. Millard, R. Eatmon, P. Saint-Andre, February 2007
XEP 0045 Multi-User Chat, P. Saint-Andre, July 2008
XEP 0049 Private XML Storage, P. Saint-Andre, R. Davies March 2004
XEP 0050 Ad Hoc Commands
XEP 0054 vCard Profiles, P. Saint-Andre, March 2003
XEP 0077 In-Band Registration, P. Saint-Andre, January 2006
XEP 0078 Non-SASL Authentication (for support of older clients), P. Saint-Andre
XEP 0092 Software Version, P. Saint-Andre February 2007
XEP 0114 Jabber Component Protocol, P. Saint-Andre, March 2005
XEP 0138 Stream Compression, J. Hildebrand, P. Saint-Andre September 2007
XEP 0154 User Profile, P. Saint-Andre April 2008
XEP 0163 Personal Eventing via Pubsub, P. Saint-Andre, K. Smith September 2007
XEP 0220 Server Dialback, P. Saint-Andre, J Miller, December 2007
XEP 0212 XMPP Basic Server 2008, P. Saint-Andre, July 2007
XEP 0227 Portable Import/Export Format for XMPP-IM Servers
XEP 0258 Security Labels in XMPP, K. Zeilenga, March 2009

Availability

M-Link is available on Linux, Solaris and Windows. Details on supported platforms and versions can be found here.

 
Copyright © 2009 Isode sitemap    privacy   feedback Subscribe to our rss newsfeed