Messaging and Directory Server software used around the world in the Government, Military, Aviation and Commercial sectors.

Products

Messaging Configuration Management: EMMA

• Directory-based configuration
• Client/Server Management
• Easy to use GUIs

EMMA (Enterprise Message Management and Administration) is a GUI management tool that provides client/server access to messaging configuration information that is stored in the directory and used by the Isode messaging servers.

In directory based configuration, all configuration information is stored in a directory (which may be distributed) and configuration information may be shared between messaging servers. Isode recommends directory based configuration and all of Isode's messaging servers support directory based configuration management.

The major components of the message management system are shown in the diagram below, with arrows showing the flow of management information.

EMMA provides:

• M-Switch Configuration Management
• X.400 Routing Configuration
• MIXER Mapping Configuration
• M-Store X.400 Configuration Management
• X.400 User Configuration management (for M-Switch and for M-Store X.400)

Messaging configuration management is also provided by the following tools:

• Internet Messaging Administration (IMA) provides configuration for M-Box and administration of Internet users and mailboxes.
• XMS Console provides configuration of X.400 Mailboxes and in particular auto-action configuration.

Table and Directory based Configuration

The Isode messaging products have two basic paradigms for configuration management.

1. Table Based. Configuration is specified in a set of text tables and a text 'tailor file'. This is described in the product manuals, and is supported for all products except M-Store X.400.
2. Directory Based. Configuration specified completely in the directory.

Directory based configuration is a powerful approach, and the advantages are set out in the following section. Isode recommends directory based configuration for most deployments. Table based configuration is appropriate for special situations (e.g., for a very simple configuration), and is supported as an alternate configuration approach.

Key Benefits of Directory Based Configuration

The directory based approach to message server configuration management provides a number of benefits:

1. Enables an enterprise wide view. The integrated approach to configuration management enables operation of a messaging service to take a coherent enterprise view, as opposed to working to manage a set of servers and dealing individually with the configuration of each server.
2. Redundant information elimination. The directory based configuration enables information to be shared between servers reducing redundancy and management overhead.
3. Client/Server management. Use of directory enables secure client/server management of the configuration, which makes it straightforward to manage the configuration from any location.
4. Directory access control allows flexible configuration of administrator access to and update of configuration information.
5. Secure access to the directory using signed operations and strong authentication.

The EMMA Interface

EMMA's graphical interface is designed to provide a straightforward view of simple tasks, using wizards and simple front screens with defaults, while giving access to more detailed configuration control where needed. This page summarizes the functionality that can be managed with EMMA, and gives selected screen shots to illustrate some of these capabilities and to give a sense of how the EMMA GUI works.

EMMA can be used both for X.400 and for Internet Mail configurations. An example Internet configuration, including support for MIXER mappings to X.400, is shown below:

It can be seen that the basic EMMA interface gives access to a number of basic types of object in the left hand window, with detailed object information in the right hand window. The basic objects include:

• Address Conversion Trees. These are used for address mapping management, where a message switch is used to perform MIXER mappings.
• Routing Trees. A routing tree defines message routing behavior for an instance of M-Switch. An instance of M-Switch may make use of one or more routing trees, and routing trees may be shared between multiple copies of M-Switch. The Routing Tree approach (originally designed as a part of RFC 1801) gives high flexibility for message switch configuration, and allows efficient sharing of routing information. For X.400 configurations, routing trees are used to manage all aspects of routing. For Internet configuration, routing trees are typically used for local delivery and special routing, with external routing using DNS.
• Message Transfer Agents. This defines information on Message Transfer Agents (MTAs), which may be:
  • External MTAs, that are not managed by EMMA. In this case, EMMA is used to manage information necessary to connect to the remote MTA.
  • Copies of M-Switch, managed using EMMA. In this case, EMMA can control all details of the configuration.
• Message Stores. These contain information on Message Stores (M-Store X.400) that are managed by EMMA.

The following screen shows an example of an X.400 only configuration. Note that there is no "postmaster" window, or any other Internet Mail specific capabilities. Similarly, EMMA can be used to manage an Internet Mail only configuration.

 

 

Wizards

EMMA provides Wizards to set up standard objects. The screen below shows an example Wizard, which is for setting up a new POP3 user.

Profiles

EMMA supports profiles that allow multiple configurations to be managed, including use of configurations to provide editing of test configurations. This is described in more detail in the Isode white paper Offline Editing, Testing and Version Management of Messaging Configurations

Templates

EMMA provides an extensible templating mechanism, illustrated below, that includes standard templates for basic objects and a mechanism for building custom templates, with appropriate mandatory fields, options and defaults. This is important for large deployments, to help administrators enter information correctly, and to take account of local variations.

 

Searching

Browsing is a useful approach for small systems. For large configurations, with many components, it is not practical. Because of this EMMA provides flexible searching, to help identify objects to be managed.

User Administration

Adding, managing, and removing users is a core part of managing a message configuration. An example of managing a local user is shown below. Note that information on local users is held in two places in the directory:

1. The routing tree. This controls routing for the user.
2. The message store. This holds delivery and user parameters.

EMMA ensures that this information remains consistent.

 

Distribution Lists

M-Switch X.400 supports X.400 conformant distribution lists, these lists are managed with EMMA.

Local Address Handling

An important capability of the message switch is to perform three special types of local address handling:

• Synonym. A synonym is an alternate value of a mailbox. For example J.Bloggs might be a synonym for Joe.Bloggs. A key characteristic of synonyms is that as well as matching alternate names, they enable rewriting of message headers into a "canonical" format. This rewriting to a consistent format facilitates communication and reduces confusion.
• Alias. An alias is like a synonym, except that it only controls delivery and not rewriting. An alias might be used to map "webmaster" onto a specific user.
• Redirect. A redirect is like an alias, except that when processed a redirect is recorded and if X.400 is used, this maps to the appropriate protocol elements. This is appropriate for use when mapping a user in the local name space to one outside of the enterprise.

This flexible mapping is very useful in larger organizations and service providers.

Routing and Remote MTAs

A key capability of EMMA is to enable configuration of message routing and connection to remote MTAs. Internet message routing is generally handled using DNS (Domain Name Service), and so EMMA is only used for selected special connections. All X.400 connections must be configured using EMMA. EMMA can set up connection and authentication information for MTAs. There are two situations:

1. In a distributed system, EMMA is used to manage many MTAs. Connection information will be set up as a part of this general set up. This illustrates a key benefit of directory configuration, and how it enables information sharing.
2. External MTAs which are not being managed by EMMA. They will be set up up with a cut down configuration, that only holds connection information. Otherwise, they look like MTAs managed by EMMA.

Once information is held about external (peer) MTAs, routing can be configured to these MTAs, by putting information into one or more routing trees. These manage routing according to the addressing hierarchy. Alternate routing is supported in two ways:

• Multiple MTAs can be associated with nodes in the routing tree. These can be "weighted" to indicate a routing preference. This would be used in most situations.
• A forced alternate MTA can be configured associated with an MTA. This is typically used to force traffic re-routing in the event of a temporary MTA failure.

Content & Body Parts

EMMA allows setup of the control applied to specify the allowed types of message (message content) such as the X.435 (Pedi) content used for EDI and X.400 body parts. EMMA can be used to specify arbitrary combinations. Easy setup is provided for X.400 configurations for two specific markets:

1. Aviation (AMHS) defines a set of body part types, and text character repertoires within those that are allowed by an AMHS/AFTN Gateway. This combination can be selected on channel setup.
2. Military messaging uses three main content types, which are enabled by default when a military messaging configuration is chosen. These are:
   
   • P772 (The military messaging format, defined in STANAG 4406)
   • Protecting Content Type (PCT) (Usage defined in STANAG 4406 ed 1 v3 and in ed 2, using CMS (Cryptographic Message Syntax) to carry P772)
   • A variant of PCT defined in RFC 3855 and used in STANAG 4406 ed 2, where the PCT is wrapped in MIME.

 

Detailed System Configuration

EMMA provides an interface to control all of the detailed aspects of M-Switch system configuration, and parameters for the various channels. The diagram below shows detailed configuration of an X.400 protocol channel.

 

MIXER Configuration

MIXER (RFC 2156), the Internet standard for mapping between X.400 and Internet Mail, is supported by Isode's message switch.

This can be configured using directory and EMMA, including correct support to the MCGAM (MIXER Conformant Global Address Mappings) defined in RFC 2163 and RFC 2164.

 

Authorization

Isode messaging offers a sophisticated message authorization package, to enable control of message flow. This is often a key part of building an enterprise messaging solution. Authorization has several aspects.

• Policy. The core configuration is modeled on the basis of a number of channels, with users and message systems grouped on a per channel basis. This grouping can be set up in a very general manner, and is thus the basis for flexible policies. The basic policies can make routes between channels 'free', 'blocked' or subject to further authorization.
• User control. This grants or denies access to identified mail users.
• Message switch control. This grants or denies access to specific message switches (routes).
• Content control. Both of the previous controls can be modified by the size or content of the message (e.g., to prevent large messages in some situations).
• Warning. There are various options for warnings and notifications of violations.

These controls can be used to set up various types of control. For example:

• Only certain local users have access to an expensive mail gateway service.
• Certain distribution lists may not be accessed by external users.
• Trading partner A may route to partner B, but not C.

Firewall Configuration

This general flexibility of control makes the Isode system ideal for use in a messaging firewall.

The product has been used in three basic configurations:

• A single message switch configured to provide firewall control.
• Two message switches with independent 'internal' and 'external' configurations, running on the same machine.
• Two message switches with independent 'internal' and 'external' configurations, running on separate machines interconnected by a stub network.

The choice of configuration will depend on the general characteristics needed from the firewall.

Anti-Spam and Anti-Virus Configuration

M-Switch Anti-Spam provides anti-spam control within M-Switch, and M-Switch Anti-Virus is an anti-virus add-on. Detailed control of these capabilities are available through EMMA. More information on the configuration options are available on this page describing message handling configuration.

Integration with White Pages

The core configuration that EMMA manages in the directory holds information about message switches and user mailboxes. The mailbox directory entries are separate from the user's own entry. This separation gives an important flexibility, as often multiple users have access to one mailbox and users will often have more than one mailbox. An enterprise that is using directory to manage its messaging configuration is also likely to want a white pages service. For this reason, EMMA supports integrated creation of white pages entries along with the message routing information, which is illustrated below.

Logging

Audit as well as logging configuration is managed from EMMA, as shown in the example below.

 

Directory Protocols

Isode's configuration management uses two directory protocols.

• EMMA connects to the directory using X.500 DAP. One of the reasons for this choice is that DAP supports strong authentication and signed operations, and is required by many military deployments. EMMA allows easy use of strong authentication and signed operations.
• M-Switch usually connects to the directory with LDAP, but may use DAP for some functions. M-Box uses LDAP. M-Store X.400 uses DAP, as this provides search functionality advantages.

 

Conformance

RFC 1801	MHS use of the X.500 Directory to support X.400 MHS Routing, S. Kille, June 1995

RFC 1837	Representing Tables and Subtrees in the X.500 Directory, S. Kille, August 1995

RFC 2163	Using the Internet DNS to Distribute MIXER Conformant Global Address Mapping (MCGAM), C. Allochio, January 1998

RFC 2164	Use of an X.500/LDAP directory to support MIXER address mapping, S. Kille, January 1998

RFC 2294	Representing the O/R Address hierarchy in the X.500 Directory Information Tree, S. Kille, March 1998

ITU X.500	The Directory: Overview of concepts, models and services, ISO/IEC 9594-1, 2001

ITU X.511	The Directory: Abstract service definition, ISO/IEC 9594-3, 1993

RFC 1798	Connection-less Lightweight X.500 Directory Access Protocol, A. Young, June 1995

RFC 1779	A String Representation of Distinguished Names, S. Kille, March 1995

Availability

The Isode messaging management tools are available on Solaris, Windows, Linux and HP-UX. More details on supported platforms and versions can be found here.