Isode Products

From the Isode blog...

Subscribe to RSS headline updates from:
Powered by FeedBurner

 

 

On this page you can find out about the major improvements introduced with R14.0v1, split into three broad sections covering:

  • LDAP and X.500 related changes (more)
  • Internet and X.400 Messaging related changes (more)
  • Changes and additions to Isode's Management Tools (more)
  • Extended platform support (more)

R14.0 has now been superceeded, the current Isode release is R14.3.

R14.0 was preceeded by R12.

 

LDAP and X.500 (M-Vault)

New M-Vault Database

We have provided a new back-end to M-Vault, which (like the current one) is built over Berkeley DB (now from Oracle). The primary goal of this development is to increase scaling of M-Vault into the 100 Million entry range. In particular, we have focused on ensuring that write performance scales well. This improves performance of other write related functionality such a bulk loading. Locking is now done at the entry level, which improves performance in a number of situations.

M-Vault Enhancements

  • ModifyDN Support
  • UseAliasOnUpdate Service Control
  • Signed X.500 DISP PDUs (this completes support of Signed Operations)
  • Schema support for ACP 133 ed C (still retaining support for ACP 133 ed B)
  • Change LDAP sytaxes for ORName (DL Members) and MHSDLSubmitPermissions to follow ACP 133 ed C. M-Vault correctly follows ed C for all syntaxes.
  • Support for the H.350 directory services architecture for multimedia conferencing (for H.323, H.320, SIP and XMPP amongst others) using LDAP (RFC 3944).
  • Support for RFC 3045 (Storing Vendor Information in the LDAP root DSE) and RFC 4530 (LDAP entryUUID operational attribute).

X.509 Infrastructure

  • Elliptic Curve (ECDSA) support
  • X.400 and X.500 strong authentication on 64bit platforms

 

Internet and X.400 Messaging (M-Switch, M-Switch X.400, M-Store X.400 and M-Box)

M-Store X.400 Enhancements

We have replaced the M-Store X.400 database, our primary goal being to substantially increase performance and scaling. The protocol engine component of the Store has been substantially rewritten to improve the degree of parallelism during operation processing. M-Store benchmarks are available here. Support for "out box" functionality using P7 Store Messages on Submission has also been added.

M-Switch X.400 Enhancements

  • X400WRAP (RFC 3854) support - conversion between X.400 and Internet Messages with encapsulated X.400 Content (not in field trial)
  • There is a redesign of the complete content conversion architecture (mainly relevant for MIXER) necessary for the X400WRAP support. This will lead to improved performance for MIXER conversion.
  • Use of DIFFSERV to set IP packet precedence based on message precedence, to improve precedence handling
  • Improved configuration and audit logging of P1 Strong Authentication

M-Switch Internet Enhancements

  • Added BINARYMIME (RFC 3030) to SMTP
  • Per user white list preferences (directory configured)
  • SMTP-AUTH uses common password configuration with M-Box

M-Box Enhancements

We have developed a system to migrate mailboxes AND authentication information from existing POP and IMAP systems to M-Box. This enables migration from any other system that supports these protocols. In addition:

  • SIEVE scripts are now stored in directory
  • COMPRESS=DEFLATE support in IMAP to improve operation over low bandwidth
  • Support for SASL-IR, which removes a round trip on authentication, so improving performance.

X.400 Client API Packaging

In order to help those building standalone client products using our X.400 Client APIs, we are providing a tool to separate out the libraries needed. This will make it easier to manage product builds using our APIs.

 

Management Tools

New SNMP Subsystem

We have replaced the SNMP support in M-Vault and M-Switch. This is based on a sub-agent model using AgentX (RFC 2741). This simplifies deployment, and increases accuracy of status reporting. We have aligned to the latest MADMAN MIBs - RFCs 2788 and 2605 for M-Vault; RFCs 2788 and 2789 for M-Switch.

The existing master agents on our Unix Platforms support AgentX. For Windows, the existing agent does not support AgentX; therefore we will be providing a master agent which supports both AgentX and Windows sub-agents, as well as SNMPv3.

The whitepaper "SNMP and Isode Servers" explains Isode's approach to SNMP support and the sub-agent architecture used.

Second Release of Sodium

We've done substantial work to improve Sodium (Secure Open Data, Identity and User Manager). New features include:

  • LDIF dump and load (which can use signed operations)
  • Drag and drop sub-trees
  • More native attribute syntax support, including CRL display
  • Ability to view/manage data either by templates or by underlying schema
  • Extensive new templates, including: ACP 133 (complete); X.402; X.509; InetPerson; NIS
  • Referential integrity checking, to validate that DN valued attributes point to real DNs
  • Object class editing
  • Object class icons + country flag icons
  • Icons for special objects (e.g., corporate logos)
  • Compare operation
  • X.509 setup for M-Vault (no need to use EDM for this now)
  • Extended CSR format options, for easier working with Entrust and Microsoft CAs
  • Improved interoperability with public LDAP servers and other LDAP server products
  • Use of Isode event system for logging

Personal Messaging/Directory Browser & Password Changing

We've added a Web tool for access to the directory to modify data, the Personal Information Administrator (PIA). This will ship in R14.0 as part of the Internet Messaging Administration (IMA), but will become a separate tool in future releases, that can be used for "directory only" deployments. Features:

  • login by username (mailbox) / password (using SASL)
  • change password
  • manage vacation notification and other SIEVE scripts
  • manage personal white lists
  • manage email redirect (using SIEVE)
  • white pages entry (change personal information such as home telephone number)

We are also including as part of this a simple Web Directory browser, to access and search white pages information. This includes vCard generation, so that directory information can be easily imported into personal address books. This includes X.509 certificates, to enable sending of encrypted S/MIME messages. More information on PIA is available here.

MConsole Enhancements

  • Ability for forward messages (from queue or archive)
  • GUI O/R Address editor for redirect and forward
  • Display and searching reports
  • Monitor mode to track locally generated negative DRs: This enables an operator to watch for messages rejected locally (typically due to mistyped address), capture the message from archive, and forward to a local recipient if appropriate

EMMA Enhancements

  • Bind using strong authentication and signed operations
  • Offline configuration edit/test/review (see: http://www.isode.com/whitepapers/offline-editing.html )
  • Easy change of M-Switch IP address
  • Usability enhancements
  • Setting timeouts for probes, and 6 levels of military precedence

Quick Config changes

We've added support for Anti-Spam setup as part of Quick Config.

Extended Platform Support

In R14 we've added support for M-Vault and M-Switch on HP-UX 11iv1 on PA-RISC as well as adding support for M-Box and M-Switch on two 64-bit platforms:

  • Red Hat Enterprise Linux 4.0 and 5.0 (and CentOS equivalents)
  • Solaris 10

For a full rundown, please see the platform support page.

 

 
Copyright © 2008 Isode privacy   feedback Subscribe to our rss newsfeed