Category: Messaging

Posted on

Harrier 3.3 – New Capabilities

Harrier is our Military Messaging client. It provides a modern, secure web UI that supports SMTP, STANAG 4406 and ACP 127. Harrier allows authorised users to access role-based mailboxes and respond as a role within an organisation rather than as an individual.

Harrier Inbox view (behind) showing Military Messaging security label and priority parameters; and Message view (in front).
Harrier Inbox view (behind) showing Military Messaging security label and priority
parameters; and Message view (in front).

The following changes have been made with the 3.3 release:

Integration with IRIS WebForms

Harrier’s generic support for MTF (Message Text Format) has been extended by provision of a close integration with  Systematic IRIS WebForms. This provides convenient creation and display of MTFs using the IRIS WebForms UI within Harrier.

IRIS Forms message attachment in Harrier Military Messaging Client
IRIS Forms message attachment

Further examples and an in-depth description can be found in the Isode white paper  C2 Systems using MTF and Messaging.

Browser Support Enhancements

New session handling, which allows a users to open multiple sessions per browser and multiple views.  This enables a user to easily access multiple mailboxes at the same time.

PKCS#11 HSM Support

PKCS#11 HSM (Hardware Security Module) support is added. This has been tested with HSMs from Nitrokey, Yubico, Gemalto and the SoftHSM software. This provides two capabilities, which can be managed using Cobalt 1.4.

  1. The private key for the server, protecting HTTPS access.
  2. Private keys for Users, Roles and Organizations. supporting message signing and encryption.

Other Enhancements

  • Audit logging when user prints a message
  • Option to enforce security label access control checks.  By default, these are advisory, with enforcement generally provided by M-Switch.
  • Default security label in forward and reply to the label of the message being replied to or forwarded.  
  • Option to configure backup servers for IMAP, SMTP and LDAP to provide resilience in event of primary server failing.
  • Option to use local timezone instead of Zulu for DTG, Filing Time and Scan Listing.
  • When using Zulu timezone, show local time in tool tip.
Posted on

Messaging Products Update – 19.0 Capabilities

The below is a list of the new capabilities brought to our Messaging products for the 19.0 release. 19.0 adds a lot of extra functionality across the board for our messaging products, along with a complete rewrite of the codebase so that future releases and bug fixes can be developed more quickly. For the full release notes please check the individual product updates, available from the customer portal and evaluation sections of our website.

Dependencies

Cobalt (version 1.3 or later) is needed to manage various capabilities in M-Switch 19.0. HSM management depends on Cobalt version 1.4 or later.

M-Switch, M-Store and M-Box depend on M-Vault 19.0.   All of these products are a part of R19.0 with common libraries and so are commonly installed together.

Product Activation 

All of the messaging products now use the new product activation.  Products activation is managed with the Messaging Activation Server (MAS) which provides a Web interface to facilitate managing activation of messaging and other Isode products.   MAS is provided as a tool, but installed as an independent component.   

M-Switch

Product Activation

There are a number of M-Switch features arising from the new product activation:

  • Various product options are encoded in the activation, restricting functionality to M-Switch options purchased.   The options available and any activation time limits are displayed by MConsole.
  • MConsole will correctly display the product name of the M-Switch being used (e.g., M-Switch MIXER, M-Switch Gateway etc).
  • MConsole views are restricted so that only ones relevant to the activated options are shown (e.g,, ACP 127 views will not be shown unless ACP 127 is activated).

Use of Cobalt

A number of functions have been moved from MConsole to Cobalt, which provides a Web general administrator interface.   MConsole is being more focused on M-Switch server configuration and operation.   Capabilities provided by Cobalt in support of M-Switch:

  • User and Role provisioning (replacing Internet Mail View)
  • Special function mailboxes
  • Redirections
  • Standard SMTP distribution lists
  • Military Distribution Lists
  • Profiler Configuration
  • File Transfer by Email (FTBE) account provisioning

Directory and Authentication

A number of enhancements have been made to improve security of authentication.   New configurations will require this improved security and upgrades are expected to switch.

  • Configuration of default M-Vault configuration directory is simplified.
  • Option provided to use a different M-Vault directory for users/operators, defaulting to the configuration directory.
  • M-Switch access to configuration and user directories will always authenticate using SASL SCRAM-SHA-1.  This is particularly important for deployments not using TLS, as it will ensure plain passwords are not sent over a link, while still using hashed passwords in M-Vault.
  • M-Vault directories created by MConsole will always have TLS enabled (where the product activation option allows).
  • Connections from M-Switch to M-Vault will use TLS by default.
  • Three modes can be configured for SMTP and SOM (MConsole) access to M-Switch
    • SCRAM-SHA-1.  This is the default and is a secure option suitable for most configurations.
    • PLAIN.  This option is needed if authentication is done using pass through to Active directory.   This should only be used on systems with TLS.
    • ANY.  When this option is used, SOM/MConsole will use SCRAM-SHA-1.   It is needed for SMTP setups that want to offer additional SASL mechanisms such as CRAM-MD5, which will need plain passwords to be stored in M-Vault.

ACP 127

An extensive set of enhancements had been provided to ACP 127.

  • Extend circuit control from enabled/disable to Enabled (Rx/Tx) / Rx Only / Disabled
  • Enhanced OPSIG support for BRIPES following agreed doc:
    • QRT/QRV.   Supports remote enable/disable, including control from top level of circuit management UI
    • ZES2 automatic handling on receive
    • Service message option to send INT ZBZ
    • Configurable option for reliable circuit to send ZBZ5 to acknowledge receipt of identified message
    • Limiting priority UI use two letter codes, but will still recognize single letter
    • Add CHANNEL CHECK generation and response
  • Option to use “Y” for emergency messages
  • Support for Community Variables (CV) which is a BRASS mechanism to use multiple crypto keys
    • Configuration of CVs available for each destination
    • Display of CVs for queued messages
    • CV Audit Logging
  • Scheduled Broadcasts to support MUs with constrained availability (e.g., Submarines)
    • Periodic Mode with GUI configuration
    • UI to show which messages will be transmitted in which period based on estimated transmission times
    • Scheduled periods at same time each day
    • Explicitly scheduled fixed intervals on specific day
  • Extension to Routing Tree configuration to specify specific channel.   This makes it easier to utilize the ACP 127 RI routing, which is needed in many ACP 127 configurations
  • Improved mapping of CAD/AIG to SMTP
  • Option to turn off message reassembly
  • Improvements to monitoring of circuits using serial links

FAB (Frequency Assignment Broadcast)

A subsystem is provided to support FAB, which is needed for older BRASS systems that do not support ALE. The M-Switch FAB architecture is described in  https://www.isode.com/whitepapers/brass.html. The key points are listed below:

  • A new FAB Server component is provided to run black side and generate the FAB data stream(s).
  • Red/Black separation can be provided by M-Guard
  • The FAB Server can monitor a remote modem for link quality using a new SNR monitoring protocol provided by Icon-5066 3.0.
  • Circuits to support FAB use a new “anonymous” type, reflecting that they are not associated with a specific peer.
  • Support is provided for ARQ (STANAG 5066 COSS) circuits which operate automatically shore side and for direct to modem circuits which require a shore side operator.
  • There is an operator UI for each circuit that enables setting FAB status and controlling acceptance of messages

Profiler and Corrector

  1. Support of TLS for Corrector UI and Manual Profiler
  2. Improved message display, including Security Label
  3. Profile configuration read from directory, which enables Cobalt configuration of Profiler rules

Icon-Topo Support

Isode’s Icon-Topo product automatically updates M-Switch configuration in support of MU Mobility.  M-Switch enhancements made in support of this:

  • Show clearly in MConsole when External MTAs, Routing Tree Entries and Nexus are created by Icon-Topo.
  • Enhance Nexus and Diversion UI to better display Icon-Topo created information.

PKCS#11 HSM Support

PKCS#11 HSM (Hardware Security Module) support is added. This has been tested with HSMs from Nitrokey, Yubico, Gemalto and the SoftHSM software.  HSM support can be enabled and PKCS#11 identities created by Cobalt can be configured and used for all TLS and S/MIME functions in M-Switch.

Miscellaneous

  • Configure Warning Time based on Message Priority.
  • Tool to facilitate log and archive clear out

M-Store

No new features for R19.0.

M-Box

Improved Searching

Message searching is extended with three new capabilities that are exposed in Harrier.

  • Choice to search based on SIC (Subject Indicator Code) which can be used on its own or in conjunction with options to search other parts of the message.
  • Option to filter search based on a choice of one or more message precedences, matching against the action or info precedence as appropriate for the logged in user.
  • Option to filter search based on selected security label.

PKCS#11 HSM Support

PKCS#11 HSM (Hardware Security Module) support is added. This has been tested with HSMs from Nitrokey, Yubico, Gemalto and the SoftHSM software.  This can be used to protect TLS access to M-Box using server identity created by Cobalt.

Posted on

Draft, Review & Release

This week we are excited to announce the release of Harrier 3.1 and Cobalt 1.1.

These releases are an important step for our Draft, Review & Release Solution, a capability of particular interest within Military Deployments.

Draft and Release is a process of handling formal military communication, it is vital for scenarios where formal responsibility must be taken for messages sent. For example, Military commands sent as messages needing to be approved/released by an appropriate senior officer. More information on this can be found in our recently updated whitepaper.

This latest release of Harrier provides a new, simple and intuitive UI for drafters, reviewers, and releasers, making each task straightforward. Also included is a visual workflow, allowing easy tracking of messages.

There will be situations where it makes sense to send directly and to avoid any workflow. Cobalt allows simple control of users who can send directly for selected messages based on SIC and Priority.

Cobalt provides a range of capabilities to support Formal Military Message Handling Systems (MMHS), with capabilities oriented towards the support of systems using Isode’s Harrier, M-Box, and M-Switch products.

Downloads and accompanying release notes can be found in the evaluator and customer sections of the website.

Posted on

HF for more than just messaging

Over the last two years, Isode has been working alongside other HF experts to update STANAG 5066 from edition 3 to 4, motivated by the need to keep this vital standard current with the latest messaging developments.

One particular area of interest for Isode is enabling TCP applications to perform efficiently over HF links and our CEO, Steve Kille, gave a presentation in this area at the most recent HFIA meeting back in March. You can find a PDF of the presentation, ‘Web Browsing over HF’, here.

In an ideal world all mission-critical applications would take advantage of specific optimized protocols for HF but, as it’s impractical to do this for every service, having mechanisms to support generic services that run over IP in high-speed networks is necessary.

To provide IP services over HF in a reasonably efficient manner, a central challenge is to provide a mechanism to support TCP-based applications efficiently. This can be done with a TCP PEP (Performance Enhancing Proxy), such as our recently announced Icon-PEP product.  Icon-PEP product enables deployment of IP Applications over an HF network using STANAG 5066 link layer as the interface to that network. More information can be found on the Icon-PEP product page.

Posted on

Isode at NITEC19

NITEC is the NCI Agency’s flagship annual industry conference, focusing on advancing technological solutions and business practices to strengthen NATO operations. This year’s NITEC was held in the Norwegian capital of Oslo between 20 and 22 May.

A regular visitor to NITEC, Isode spent three enjoyable days at this year’s show demonstrating our software for chat and email messaging to an audience of systems integrators, technical influencers and representatives of end-user organisations (the militaries of NATO nations).

Isode’s Louise Hill (Pre-Sales Engineer) and Jeff Tillotson (Business Development Manager: Defence) setting up the Isode stand.

Of particular interest to visitors was Isode’s ability to connect different services, employing different chat and messaging standards, so that they become seamless end-to-end systems. Our demonstration of connecting XMPP based chat systems to those employing the legacy IRC system (using Isode’s M-Link IRC Gateway) was particularly popular.

Both chat and messaging demonstrations also featured security label translation, mapping labelled messages from one security domain to another (for the show we used Norwegian and NATO labels on the different “sides” of the messaging/chat systems).

Evaluation software for both Email Messaging and XMPP Chat software is available from the Isode website.

Posted on

Isode and Civil Aviation Messaging

This year marked the 15th anniversary of Isode’s entry into the civil aviation market, when we started to supply messaging servers and APIs into the AMHS (Air Traffic Services (ATS) Message Handling Services) market via our solution partners, helping those partners to deliver great AMHS based solutions to their Civil Aviation Authority customers.

Since then over 100 countries have installed AMHS systems based around Isode messaging servers, with more sales on the way this year as new countries switch from the old AFTN system or expand their existing AMHS installations to encompass regional airports and hubs.

At the recent World ATC Congress in Madrid, as well as taking a look at all of the new developments in this vibrant market, we spent some time visiting and thanking those partners for the excellent working relationship we’ve enjoyed over the years. It was comforting to see that our partners are as enthusiastic about this market now as they were when we first met them.

Posted on

Military Messaging at NITEC’18

NITEC is the annual flagship event of the NATO Communications and Information Agency, which took place this year in Berlin between 22nd and 24th May.

Isode took a small stand, alongside the main conference room, to demonstrate our server, gateway and client products. The main focus of Isode’s demonstration this year was Harrier, our web based military messaging client which works alongside both Isode’s own messaging servers and Microsoft Exchange.

As well as bringing a modern user interface to military messaging, Harrier’s small footprint and easy deployment makes it ideal for those organisations looking to upgrade with a minimum amount of disruption to existing infrastructure. Harrier was demonstrated with Isode’s messaging servers and messaging gateways, showing email over a simulated HF link between a fixed and mobile unit using a variety of military messaging formats.

With the commercial focus of this year’s NITEC being the recently announced competition for the New NATO Messaging Service (NNMS), many visitors commenting on the suitability of Isode’s products for the core messaging requirement of that competition.

Posted on

NITEC16 and Harrier (Web)

NITEC is the annual flagship event of the NATO Communications and Information Agency, organised this year in cooperation with the Ministry of Defence, Estonia.

NITEC is both a conference and an exhibition and this year Isode took a small exhibition stand to show demonstrations of a wide range of our server and messaging software. NITEC was also the first public outing of the web-based version of our Harrier military messaging client.

Our demonstration setup (illustrated below) showed email, text chat and forms data exchange between two domains, using different security policies over a constrained network link.

Isode demonstration setup for NITEC

The constrained network link was simulated using MoRaSky, an Isode test tool which emulates (HF) Modems, Radios and Sky (Ionosphere).

Attendees were shown security label mapping and conversion, clearance-based message control in email, 1:1 chat and multi-user chat using Isode’s message clients (Swift for XMPP & Harrier for Email) and servers (M-Switch & M-Link).

NITEC was the first public showing of Harrier (Web)

NITEC proved to be a great source of feedback on Isode products, especially Harrier, and we’re looking forward to incorporating that feedback into future versions of Harrier and future demonstrations.

Posted on

Draft & Release for Military Messaging: An Open, Online Approach

In military communications, messages are frequently sent to organizations (e.g., a Command) rather than to an individual or to a role.

The receiving organization will process the message using a Profiler, which looks at meta-information (such as a Subject Indicator Code “SIC”) in the message in order to dispatch it to the appropriate recipient. This process of examination and dispatch is known as draft and release and is, today, mostly done using a mix of paper and online systems. A number of deployments have sought to introduce entirely online systems for draft and release but the approaches used in those deployments all have weaknesses.

In a new whitepaper on the Isode website, “Open Online Draft & Release“, Isode proposes a new open standards based approach to online draft and release, combining the best practices of existing systems with capabilities for message review which can be used independent of draft and release.

Posted on

New Whitepaper: Isode’s Solution for BRASS

HF Radio is an important naval communication channel for ‘beyond line of sight’ (BLOS) communication, BRASS (Broadcast and Ship to Shore) is an approach used by Navies, particularly those of NATO countries, to communicate between ships and shore using HF.

In a new whitepaper (Isode’s Solution for BRASS) we give an overview of BRASS and describe our strategy and solution for this area. The whitepaper looks at how our products can support the protocols and interoperability for currently deployed BRASS systems and move them forward to state of the art capabilities that can extend the services offered over BRASS.