Isode provides a secure robust managed directory infrastructure based around the M-Vault LDAP and X.500 Directory Server. This includes local management and integration tools, system management, and components to both provide and integrate with a distributed environment. M-Vault is available for evaluation here.

See below for introductions to the following areas (together with links to more detailed information):

M-Vault Server

M-Vault is a high performance LDAP/X.500 Server with replication, advanced security features and flexible cross platform management tools, capable of managing tens of millions of entries and processing tens of thousands of queries per second. Click for detailed information on the M-Vault server.

Featuring high availability, transactional integrity and extensive management capabilities, M-Vault is the natural choice for security-conscious organisations.

Security Capabilities

M-Vault provides a unique set of security features, including Strong Authentication based on X.509 PKI, Signed Operations, Flexible Prescriptive and Role Based Access Control, Security Policy, Rule Based Access Control based on Security Labels, Audit Logging and Password Policy. For more details see the M-Vault Security section.

Multi-server deployments

M-Vault is an excellent standalone server, but is ideal for multi-server deployments. It supports flexible and secure server to server communication using X.500, which is the only open standard for directory server to server communications, and multi-master replication. Click to read more about Replication and Data Distribution.


M-Vault achieves very high performance for both search and update operations. These features allow scalability to millions of records, without significantly driving up the cost of the directory software. Click to read more about M-Vault Performance.

Reliability & Fault Tolerance

M-Vault utilises a high-performance transactional database. This provides a high level of assurance that hardware, operating system or application software failures will not corrupt a directory server database. It also enables the establishment of an on-line back-up regime for a directory service that will support both simple-recovery and disaster-recovery scenarios with support for local and off-site disaster recovery. Click to read more about Reliability & Fault Tolerance.

Standards Conformance

M-Vault is, and was designed to be, a multi-protocol server and so is able to support LDAP (v2 and v3) and X.500 (DAP) client access and X.500 protocols between servers. Click for Standards conformance information.

Data Access & Management

Isode provides GUI and web-based tools for managing data within a directory service (from both the administrator and end-user perspective) as well as a Directory Client API for standalone and web-based applications. Click for an overview of our data access and management tools or follow the links below for more detailed information:

Managing Directory Data

Sodium (Secure Open Data, Identity and User Manager), is Isode's tool for managing data and secure identities held in M-Vault.

Browser-based applications

Browser-based access to directory data is provided by Isode's Directory Services Interface. Three standard web-based applications are shipped by default (Personal Information Manager, Directory and Phonebook) enabling basic data administration and search as well as personal updates including policy aware password changes.

Application Access

Isode's Directory Client API enables applications to access the directory to perform authentication and obtain configuration information. This API (‘C’ and Java) is designed so that it is easy for applications to access generic directory functionality.

Directory Integration

M-Vault is often deployed as part of a wider Directory infrastructure using Directory Servers from other vendors. In order to facilitate directory integration, Isode provides tools to facilitate integration. Click for an overview of our directory integration toolsor follow the links below for more detailed information:, including:

Data Synchronization

Isode's Sodium-Sync tool can be used to synchronize data from one directory server to another using LDAP, X.500 DAP. It is optimized to replicate data from Active Directory or LDAP servers into M-Vault..

Directory Integration

Isode's M-Vault Connector supports both LDAPv3 and X.500, and can be used to connect an LDAP-only directory server as part of an X.500 Directory Service and build an integrated directory service, linking together other directory servers (LDAP or X.500) into a coherent single directory service.

Server & System Management

Isode provides tools for the management of directory services as well as the management of directory status, the latter using both Isode's own DConsole for monitoring of smaller directory deployments and SNMP for larger deployments where a wide range of network and other components need to be monitored. Click for an overview of our server and system management tools or follow the links below for more detailed information:

Directory Services Administration

M-Vault Console provides for the management and systems' administration of large-scale directory services, including; configuration of databases, server control, replication and chaining configuration, data, authentication agreements, and access control management.

SNMP Monitoring

M-Vault may also be monitored using SNMP (Simple Network Management Protocol) from an SNMP Console such as OpenView or a Web Interface such as Cacti. This approach enables straightforward operator monitoring, along with other services.

PKI Support: OCSP and CRL Lookup

M-Vault can be used to support PKI deployments, in particular to support path discovery and certificate validation.

M-Vault supports OCSP (Online Certificate Status Protocol) and HTTP retrieval of CRLs (Certificate Revocation Lists) stored in M-Vault. This enables integrated provision of OCSP, HTTP and LDAP CRL retrieval. This simplifies deployment by removing the need for separate HTTP, LDAP and OCSP servers. It also provides flexible support for PKI deployment in constrained network environments. This is described in more detail here.