On this page you'll find information on M-Link Edge, a product based on M-Link which can be configured in a number of ways to provide an XMPP Boundary Guard service.

Whilst peering controls are the simplest way to apply boundary controls, use of an XMPP Boundary Guard enables controls to be applied and checks made separate to the XMPP server(s). With M-Link Edge boundary controls are completely independent of the XMPP service and, as a boundary guard can support multiple XMPP servers within the organisation, there is no need to configure and manage peering controls for each server.

The diagram above shows three possible deployment modes for M-Link Edge:

  1. Standalone: as a single process XMPP boundary guard.
  2. Back to Back: two M-Link Edges operated back to back. There would generally be a firewall between them, and each M-Link Edge server would be operated according to the policy on its side of the firewall.
  3. With a High Assurance Guard: The High Assurance Guard, typically accredited to at least EAL4, would generally provide a mix of general purpose and XMPP specific checks (Malicious Content and Dirty Word checking at a minimum).

For more information on XMPP boundary checking, see the whitepaper [XMPP Boundary and Cross-Domain protection].

M-Link Edge Capabilities

M-Link Edge, based on M-Link, can be configured in a number of different ways to provide an XMPP boundary service and allows:

  • Presence Folding. XMPP user presence can contain a lot of information that may be sensitive. Presence folding reduces this information to a small number of states (e.g., online/offline) so that only very basic presence information is made available outside the organization.
  • Message Folding. The ability to remove fields from message (e.g., HTML messages) or to remove entire message types (e.g., chat state notifications). This can be used for security reasons. It can also be used with presence folding to reduce bandwidth usage in constrained networks.
  • Security Label Checks. Access control is applied based on a Governing Security Policy, Security Label on the XMPP message, and Security Clearance associated with source and/or destination.
  • Security Label Transformation. Security Labels are mapped to a Security Policy associated with the destination, using label equivalence mappings defined within the Security Policy. If XEP-0258 is used, the original label may be retained along with the new one, which is generally desirable.
  • Blocking of file transfer, by blocking in band file transfer and standardized file transfer requests.
  • Blocking MUC traffic or blocking 1:1 (MUC only).
  • Blocking encrypted traffic.
  • Enforcing message size limits.
  • Controls, based on JID or sending and receiving user, on who can send to who.
  • Peer authentication controls, including ability to require TLS and Strong Authentication.

Other functions that can be provided in conjunction with the checking:

  • Auditing of XMPP traffic.
  • Alert of policy violations.
  • Restriction on use of select XMPP features/extensions (e.g., disable file transfers, VOIP)

Deployment Modes

There are three possible deployment modes for M-Link Edge:


In its simplest deployment mode, M-Link Edge can be deployed as a single process XMPP boundary guard, appropriate for simple configurations that can operate single process control.

Back to Back

In this second deployment mode, two M-Link Edges are operated back to back (generally with a firewall between them). Each M-Link Edge server can be operated according to the policy on its side of the firewall allowing for independent and clearly decoupled control of the checks being applied on each side.

With High Assurance Guard

The final configuration is to use a pair of M-Link Edges in conjunction with a High Assurance Guard. The High Assurance Guard will typically be accredited to at least EAL4, and likely belong to a family of guards used for various checks. It is likely to provide a mix of general purpose and XMPP specific checks. A High Assurance Guard will typically provide at least:

  • Malicious Content checking.
  • Dirty Word checking.

M-Link Edge will always provide XMPP protocol, routing, and marshalling capabilities to enable the High Assurance Guard to be integrated into an XMPP environment. This may be its sole function. In addition to this, M-Link Edge may be used to provide audit and additional checking capabilities to augment those provided by the High Assurance Guard. These may be done as "pre-checks" with helpful error reporting, as for Security Reasons a High Assurance Guard will be likely to reject errors with minimal reporting.

Integration between M-Link Edge and High Assurance Guard will be specific to the High Assurance Guard product. Possible approaches include XML/SOAP, and use of a subset of XMPP S2S protocol. Isode is partnering with High Assurance Guard producers to ensure that M-Link Edge can be used in conjunction with their products.