Messaging and Directory Server software used around the world in the Government, Military, Aviation and Commercial sectors.

isode.com / solutions / vertical solutions /

Military Messaging (STANAG 4406)

STANAG 4406 is the NATO standard for Military Messaging based on X.400. STANAG 4406 Military Messaging is used for Formal Military Messaging, and defines a number of functional and security features to support formal military messaging. It is often used for informal Military Messaging, particularly for High Grade messaging, where features of X.400 to support high reliability are of particular importance.

Used for both Strategic and Tactical messaging, STANAG 4406 has a number of special protocols to support tactical messaging, in particular to support very low bandwidth links such as HF radio (STANAG 4406 Annex E) and to support receivers in EMCON ("Emission Control") mode who can receive but not send data.

Isode provides the central components of a military messaging infrastructure. Key advantages provided by the Isode solution are:

• Full compliance to the STANAG 4406 standards and architecture.
• Support for strategic and tactical networks, including STANAG 4406 Annex E, providing optimized support for Satellite and HF Radio.
• High message throughput and low switching latency.
• Message precedence capabilities.
• Extensive use of ACP 133 Directory.
• Audit logging and audit database.
• Extensive management capabilities.
• Mature and robust products deployed for many years in demanding operational environments.

On this page you'll find information on what Military Messaging infrastructure components and management tools Isode provides, recommended Military User Agents, gateways to and integration with external systems, security, conformance and the Isode MMHS API.

 

Architecture

A STANAG 4406 Military Messaging infrastructure, provided by many distributed servers has a simple goal of reliably transferring messages between users. Users submit messages destined to one or more recipients, and the infrastructure delivers them reliably. Achieving this simple goal requires sophisticated infrastructure.

Isode Military Messaging Components

Isode provides the products needed to provide and manage the core of a secure STANAG 4406 Military Messaging infrastructure. The key Isode components are:

M-Switch X.400: A high performance X.400 MMTA (Military Message Transfer Agent), suitable for high volume backbone operation. M-Switch X.400 provides a flexible, secure and STANAG 4406 message switch that is the core infrastructure component. The role of M-Switch X.400 in Military Messaging is described here.

STANAG 4406 Annex E is supported by M-Switch X.400 for the provision of HF Radio and other constrained bandwidth networks. You can read more about Annex E architecture here.

M-Store X.400: M-Store X.400 is a MM-MS (Military Messaging Message Store) that stores delivered messages and enables military client access using the X.400 P7 protocol.

ACP 133 Military Directory & Configuration Management

ACP 133 Military Directory is a critical component in Isode's military messaging infrastructure. Isode's strategy is to use the ACP 133 directory to hold configuration and user information, providing GUI tools to manage messaging configuration information stored in the ACP 133 directory. Click here for more information.

Operational Management & Statistics

Isode provides a number of management tools and capabilities with its MMHS products, to enable control and monitoring of an MMHS system. Click here for more information.

These products can provide a complete military messaging infrastructure but are often used in conjunction with gateway and other external components, which are described later.

M-Switch X.400

M-Switch X.400 is the central product of Isode's military messaging infrastructure, providing message switching for backbone and local service. Key features of M-Switch X.400 for military deployments include:

• High throughput. This is achieved by a combination of efficient switching structure, and intelligent queue management to optimize local and network resources.
• Low latency. Military messages need to be delivered quickly, and M-Switch’s queue management is optimized for this. Use of permanent associations means that the delay associated with opening connections can be avoided, and so messages can be switched in a few hundred milliseconds.
• High reliability. M-Switch X.400 is designed to be highly robust, and can be used in conjunction with fail-over clustering to guard against hardware failure.
• Flexible routing. M-Switch X.400 provides flexible routing, and enables use of a backbone MTA architecture to provide fall back routing and load balancing, so that end to end performance is not impacted by component or network failure.
• Alternate recipient support. Military messaging allows for and widely uses the concept of "alternate recipient" to ensure that a message is delivered rapidly to an appropriate recipient.
• Precedence handling. Military messages make extensive use of precedence (priority). M-Switch scheduling always sends higher priority messages first, including the option to control precedence on permanent associations. M-Switch X.400 also gives the option to restrict processing to higher precedence messages, which can be useful in support of MINIMIZE status.
• Audit database. Messaging processing events are recorded in an audit log, which may be stored in an audit database. Isode applications use this database to support message tracking, management and operational statistics such as message latency and precedence handling.
• Archiving. All or selected messages may be archived on submission. Information about messages, including content, may be viewed later as a part of the message tracking capability.
• Management capabilities. M-Switch X.400 provides sophisticated configuration and operational control capabilities using a flexible client/server model, making it particularly useful for military deployments.

For a more general overview of M-Switch X.400 please see this separate product page, with military specific functionality described here.

STANAG 4406 Annex E for communication over HF Radio and Satellite

Military messaging is often required over slow networks and in particular over HF Radio. STANAG 4406 Annex E and associated standards provide optimized support for HF Radio, and also for Satellite communication.

The diagram above shows the top level STANAG 4406 Annex E architecture for communication over HF Radio, satellite and other constrained bandwidth networks. Components of this diagram to note:

• LMTA: An MTA is an X.400 Message Transfer Agent, which is the basic store and forward message switching component of a STANAG 4406 military messaging system. An LMTA (Lightweight Message Transfer Agent) is an MTA that supports P1/Annex E and not 'Full Stack' P1. This is an MTA that works with other MTAs only in a constrained bandwidth environment.
• P1/Annex E: P1 is the X.400 P1 protocol. Used to communicate between two MTAs. P1/Annex E refers to the use of STANAG 4406 Annex E, used in conjunction with ACP 142 and STANG 5066, to carry P1 over a low bandwidth link in an optimal manner.
• Full Stack P1: This is the standard military and civil protocol used to carry P1 over a TCP connection. It is used over high bandwidth fixed line connections.
• TIA: TIA (Tactical Interface Agent) is an MTA that supports P1/Annex E and Full Stack P1. It is intended to switch messages between a tactical environment using P1/Annex E and a strategic environment using Full Stack P1.

M-Switch X.400 can be configured to be a TIA or an LMTA. Further information is provided in a number of Isode white papers:

• Military Messaging over HF Radio and Satellite using STANAG 4406 Annex E gives descriptions of a number of scenarios, and then reviews protocol architecture, including details for HF Radio and Satellite.

• Packaging Military Messaging for HF Radio and other Low Bandwidth Links gives a more practical view, showing typical hardware and how components are packaged together.

• The Architecture of Isode's STANAG 4406 Annex E Solution gives a description of the Isode M-Switch X.400 product architecture to address the requirements described in the first paper.
• Military Messaging over HF Radio: A comparison of ACP 127 and STANAG 4406 Annex E compares STANAG 4406 Annex E over HF Radio with the older ACP 127 standard used over HF Radio.
• STANAG 5066: The Standard for Data Applications over HF Radio describes the STANAG 5066 specification, which is central to operation over HF Radio.

Use of ACP 133 Directory & Configuration Management

Isode provides a military directory solution, which is an important part of the Isode STANAG 4406 military messaging infrastructure (Military Directory is described in more detail on this separate page).

An ACP 133 directory may be used in conjunction with an MMHS solution in three basic ways:

1. To provide a service to MM-UAs (Military Messaging User Agents) to enable lookup of email recipients.
2. To provide a distribution list service: MM-UAs and MMTAs may interact with this service.
3. To provide a basis for configuration and managing the MMTAs and MM-MSs.

Isode's ACP 133 solution based on M-Vault X.500 can be used for all three of these functions. The first two functions are standard ACP 123 specified capabilities. The third, optional, use is an important feature of the Isode solution.

M-Switch X.400 may be configured by tables or directory. In some situations (e.g., for a very simple configuration) use of table based configuration may be preferred. In most situations, Isode recommends use of directory configuration, which enables almost all configuration options to be controlled from the directory. This approach gives a number of advantages:

• Configuration can be easily shared between servers, and so managed in a single place.
• Configuration can be distributed and replicated locally to each MMTA, using directory replication.
• Configuration can be managed using client/server tools, making remote configuration management straightforward.
• Configuration can be managed using Isode special purpose graphical management tools, which are illustrated below with Isode's EMMA tool, that is used to configure M-Switch X.400 using an ACP 133 directory.

Operational Management & Statistics

Isode provides a number of management tools and capabilities with its MMHS products, to enable control and monitoring of an MMHS system. MMTAs can be monitored using SNMP (Simple Network Management Protocol), which is ideal for monitoring large numbers of servers, and provided by Industry standard management products. High end management, including SLA monitoring can be provided by Sentra, the high-end management tool from Isode's partner Insider Technologies.

M Switch X.400 also includes MConsole, a powerful cross platform client/server graphical tool that can be used to monitor and manage M-Switch X.400, including message tracking and archive access. This product is illustrated below:

Click images for more detail
Message Switch Status	Message Tracking

Statistics for message switching are provided using a Web interface to the audit database, that records information from one or more M-Switch X.400 servers. An example of statistics is given in the following screenshot that shows an analysis of message latency based on message precedence.

Click image for more detail

Message Latency

User Agents

Isode provides core STANAG 4406 messaging infrastructure, but does not provide the end user clients that make use of the infrastructure (MM-UAs – Military Messaging User Agents). Isode provides both of the standardized protocols for integrating an MM-UA: X.400 P3 (to M-Switch X.400) and X.400 P7 (To M-Store X.400). This enables use of any standards compliant MM-UA.

SAFEmail from Boldon James (click for larger image)

Isode recommends the SAFEmail.mil MM-UA product from its partner Boldon James (more on SAFEmail.mil), which is based on Microsoft Outlook. This product includes an X.400 P7 plug in for Outlook, which enables it to connect directly to M-Store X.400, and function according to the STANAG 4406 architecture. The Boldon James Outlook client solution also includes MasterKey Plus, which enables secure client access over LDAP to data Isode's ACP 133 directory.

Gateways and Integration with External Systems

As illustrated in the diagram above, there are many situations where it is useful to integrate other components with a military messaging infrastructure. The components shown (with Isode elements in green) are:

Microsoft Exchange

Many Military organizations have decided that Microsoft Exchange is the best way to support end users, and to use Microsoft Exchange as the place to store messages, rather than in a MM-MS that follows the MMHS X.400 architecture and supports X.400 P3 and P7. This may lead to a mixed configuration, where Microsoft Exchange is used as an MM-MS plus departmental MMTA, with M-Switch X.400 operating as the backbone MMTA and providing application integration. Isode recommends its partner Boldon James, for those who wish to use Microsoft Exchange as a part of their MMHS solution.

Exchange 2003 and earlier provide native X.400 support to connect to a STANAG 4406 military messaging infrastructure. Exchange 2007 does not provide X.400 protocol support, and connection can be achieved using the Exchange X.400 Bridgehead product from Boldon James, which is based on M-Switch X.400. Details on how X.400 Bridgehead works are given in the Isode whitepaper X.400 Bridgehead for Microsoft Exchange: Technical Architecture and Back-end Features.

ACP 127

ACP 127 is the legacy protocol used for military formal messaging. To support integration between STANAG 4406 and ACP 127, an ACP 127 Gateway product is needed. ACP 127 Gateways are generally closely integrated with a STANAG 4406 MTA, using a file or other local interface. Isode's M-Switch X.400 can be used with ACP 127 Gateways from BAE Systems, Commpower, and Compucat.

ACP 145

National variants on the ACP 123 and STANAG 4406 specifications have led to a situation where interoperability between national MMHS systems is not guaranteed. ACP 145 has been defined in order to overcome this problem, and is a complete protocol definition for international inter working. The ACP 145 specification has led to a requirement for "ACP 145 gateways", which convert between the national variants of MMHS and ACP 145. Isode does not supply an ACP 145 gateway solution, and recommends the solution from Isode partner Boldon James.

High Assurance Guard (HAG)

HAG is used to connect between STANAG 4406 systems, where a high level of security checking is needed. HAG products generally use X.400 P1, and so interconnection with M-Switch X.400 is straightforward. HAG products are available from BAE Systems and Clearswift.

Custom Gateway development

Where other integration or gateway capabilities are needed, Isode provides integration APIs to its MMTA, and in particular support for the Open Group X.400 Gateway API (often referred to as XMT). This is often a practical approach for military solution providers. Isode's M-Vault ACP 133 directory can also be used to support configuration and MHS address translation for such gateways.

MIXER Gateway

Civilian and Government email predominantly uses Internet email. STANAG 4406 Military messaging deployments will often require gateway solutions to enable connectivity with Internet email systems, generally according to the MIXER specifications. Isode offers a solution for this with its M-Switch MIXER product. This provides a flexible mapping between MMHS and Internet Email, including full directory based configuration of the mappings. M-Switch MIXER also includes flexible authorization, which can control use of the MIXER gateway and control who can send messages.

Security

Security is a central to any military messaging deployment. The most important STANAG 4406 security features are "end to end" and handled by MM-UAs such as Safemail.mil, and carried transparently by Isode's military messaging infrastructure.

Isode also provides important security features. The most important capability is strong authentication, so that connections between MM-MTAs can be authenticated using strong authentication based on X.509 PKI.

Conformance

Conformance is a key component of all military solutions. There are two primary conformance standards for MMHS:

• ACP 123, "Common Messaging Strategy and Procedures", August 1997. ACPs (Allied Communications Publications) are issued by the CCEB (Combined Communications Electronics Board).
• STANAG 4406, "Military Message Handling System", Edition 1 version 3, March 1999. STANAG documents are NATO standardization agreements.
• STANAG 4406, "Military Message Handling System", Edition 2, March 2005. STANAG documents are NATO standardization agreements.
• STANAG 4406 Ed 2 Annex E "Tactical MMHS Protocol and Profile Solution".
• ACP 142 "P_Mul – A Protocol for Reliable Multicast Messaging in Constrained Bandwidth and Delayed Acknowledgement (EMCON) Environments".
• STANAG 5066 "Profile for High Frequency (HF) Radio Data Communication"

The core of these specifications is use of the ITU X.400 Messaging Standards as a framework for MMHS. The end to end message transfer infrastructure defined by these documents is closely based on the core X.400 specifications with some changes and constraints for the MMHS environment, in particular relating to support of formal messaging, security, and low bandwidth networks.

Application Integration & Custom Client Development

It is often appropriate to provide special purpose applications using an MMHS infrastructure. Isode provides a cross-platform simple API, which enables an application to operate over a P3 or P7 connection. This API is ideal for applications and special purpose clients that require to be connected to an MMHS infrastructure with a minimum of intervening software.