Messaging and Directory Server software used around the world in the Government, Military, Aviation and Commercial sectors.

isode.com / solutions / vertical solutions /

Aviation Directory (ATN Directory)

• Chaining, where one server knows about data held in another, and can connect to that server in order to retrieve data for an end user or application.
• Replication, where selected data is copied to another server, thus making it available locally to users of that server.

This interconnection will allow incremental building of a distributed global service.

What Isode Provides

Isode provides everything needed to build, operate and use an ATN directory:

• Directory Server. Isode's M-Vault X.500 directory sever is the core component of an ATN Directory. It has full compliance to the ICAO specifications for ATN Directory products, and supports chaining, replication and security features.
• Secure Administration. Isode's Sodium (Secure Open Data, Identity & User Manager) provides secure GUI management of data.
• Operational Management. Isode provides tools for operating directory services, and integration with standard network management systems.
• The Isode ATN Directory API is use to connect AMHS applications to M-Vault X.500 using X.500 DAP (Directory Access Protocol). This allows lookup of information such as Certificates and AMHS parameters, and supports mappings between AFTN addresses and X.400 O/R Addresses.

How AMHS Uses the ATN Directory

AMHS, as described in Isode's AMHS Solution Page, requires use of the ATN Directory in order to provide the Extended ATS Message Service. This provides the following benefits to the user:

• Recipient validation prior to and after message submission.
• Access to the end user X.509 certificate.
• Access to information about (potential) message recipients.
• Determining AMHS capabilities (e.g., maximum message size supported), and in particular determining if the Extended ATS Service is supported by the message recipient. This allows an originator to determine the service level a recipient supports, and to only send messages with Extended ATS Service capabilities to recipients that can correctly handle this.

An additional benefit of using the ATN Directory is to manage address mapping between X.400 OR Addresses and AFTN addresses. The following diagram illustrates the information held in the directory to enable this mapping:

Click Image for larger view

This mapping can be used by AFTN/AMHS Gateways, and also to enable users to enter AFTN addresses and have them automatically converted. Holding this mapping in the directory enables the same mapping information to be easily used by all users and servers that need it, and to be conveniently managed in a machine oriented format. Isode's ATN Directory API provides simple calls to enable applications to easily use this mapping.

• Use of Strong Authentication and Signed Operations may be chosen for all operations.
• Support for the full ATN Directory Schema, that may be extended as needed.
• Display of data based on XML templates that may be adapted for local requirements.
• Templates for convenient entry and display of structured attributes.
• Integrated management of PKI (X.509) data and associated identity management.

 

Operational Management

The ATN Directory is critical infrastructure that is important in itself and as support for other applications. It is important to monitor servers for availability and correct operation. Isode provides two approaches to achieve this.

This first approach is use of SNMP (Simple Network Management Protocol) for this. Isode's M-Vault X.500 can be monitored with standard SNMP Management tools, such as HP OpenView or Solstice Enterprise Manager. The big advantage of SNMP is that it enables operational management to be integrated with management of networks and other components with a single operator interface.

The second approach is Isode's DConsole tool (shown below), which provides GUI monitoring of one or more M-Vault directory servers. DConsole also has knowledge of directory replication and can monitor replication agreements from both ends. This is important to ensure that all servers are up to date with the most recent information.

DConsole: Click for larger image

Further Information

Isode has written a number of whitepapers that give more information on the ATN Directory, and its use by AMHS:

• How AMHS users benefit from directory
  This paper looks at how an AMHS end application, such as an AMHS Terminal sending and receiving flight plans, will utilize and benefit from the directory. This paper assumes a very basic understanding of AMHS and ATN Directory. For those unfamiliar with AMHS and ATN directory, a simple introduction is given in the Isode introduction to the Aviation industry.
• Deploying ATN Directory with AMHS: What you can do now
  Much discussion on ATN Directory has set out a big vision as to how directories can interconnect globally and solve a wide range of problems. This paper gives a much more pragmatic and short term view and looks the nature of the ATN Directory and its deployment in support of AMHS together with what products and systems can be deployed today.
• Addressing in AMHS: Building a solution that works for the end-user
  AMHS provides a complex addressing scheme, which is used in conjunction with the ATN Directory. Users need to address messages, and the complexity of the AMHS addressing has potential to make this difficult. This whitepaper explains how AMHS and the ATN Directory can be used together to provide a simple and effective user experience
• ATN Directory Vision: An Infrastructure for Supporting AMHS and Ground to Ground Communication
  This paper sets out the benefits of using an ATN Directory in support of AMHS (Air Traffic Services (ATS) Message Handling Services) and ground to ground messaging communication, and explains how this directory could be deployed in conjunction with AMHS.

• Close integration with Isode’s widely used AMHS Servers.
• Full ICAO ATN Directory Compliance, including full replication support.
• Excellent security features, including strong authentication for all directory protocols and signed operations.
• Comprehensive management and operational tools.
• Mature and robust products deployed for many years in demanding operational environments.