M-Link is Isode's XMPP (eXtensible Messaging and Presence Protocol) Instant Messaging and Presence server product. On this page you can find an overview of how M-Link can be configured as a gateway between different instant messaging protocols, between systems running on constrained and internet quality infrastructures and between domains with complex information sharing policies.
In the sections below we introduce the different gateway configurations of M-Link, specifically:
- As a gateway to Internet Relay Chat (IRC) services
- Use as a Boundary Guard to check traffic to/from organizations and domains
- As a gateway between standard XMPP services and those running on constrained networks.
All of these uses can be combined together with standard peering controls to produce gateway services with complex information sharing rules.
IRC is a real time text chat service primarily used for group chat, using "channels". Channels are usually global across the network and a client can join a channel without authentication. Despite this lack of security, IRC is still widely deployed.
The M-Link IRC gateway enables connections between Multi-User Chat (MUC) services hosted on M-Link servers and one or more IRC servers. It does this by associating XMPP MUC rooms with IRC Channels, with the IRC Nickname based on the MUC nickname of each user (identical where IRC constraints allow).
There is no downgrade of security for XMPP users with XMPP traffic (users sre still authenticated and connections are protected with TLS) and M-Link security label support is available, including translation to IRC users as FLOT (First Line of Text) labels in the IRC messages.
For more information see the M-Link IRC Gateway product page.
Whilst peering controls are the simplest way to apply boundary controls in an individual M-Link server, use of an XMPP Boundary Guard enables controls to be applied and checks made independently of the XMPP service and, as a boundary guard can support multiple XMPP servers within the organisation, there is no need to configure and manage peering controls for each one.
M-Link Edge can be deployed standalone (as a single process XMPP boundary guard), back-to-back (two M-Link Edges, usually with a firewall between them, each operated according to the policy on its side of the firewall) or with a High Assurance Guard (typically accredited to at least EAL4), as shown in the diagram below.
As with the core M-Link product, M-Link Edge can be configured with a wide range of peering controls inlcuding those for Security Label checks and transformations, peer auhentication controls, blocking traffic (or types and combinations of traffic) to/from specific destinations, message folding and presence folding.
For more information please see the M-Link Edge product page.
M-Link includes special capabilites to enable robust and reliable services within constrained network environments, such as running over HF Radio and SatCom connections. These are described in detail on the M-Link product page and include stream compression, roster versioning, presence stripping and use of the Zero Handshake server-to-server protocol.
Configured as a constrained bandwidth gateway, M-Link can mediate traffic between XMPP services running on constrained networks and those running on internet quality links. This includes implementation of appropriate peering controls and Federated Multi-User Chat (FMUC) to minimise the impact of unreliable links.
For more information please see the product page describing M-Link's capabilities in constrained networking environments.
Isode provides a GUI tool, M-Link Console (MLC), with all M-Link variations to manage configuration over XMPP, and to provide server control and monitoring services.
MLC enables setup of strong authentication, routing configuration, filtering and controls associated with the peer, including security labels and the use of special protocols such as XEP-0361 to reduce handshaking on slow links, STANAG 5006 for use over HF Radio and custom integration for use with High Assurance Guards.
MLC additionally provides a range of monitoring capabilities including general service status & uptime, information on connected users & peers, general server statistics and detailed performance information. Multiple XMPP services can be monitored, including limited monitoring of XMPP servers other than M-Link. SNMP support is included, to enable monitoring of key server performance metrics with network management tools such as OpenView, or with Web applications.
We welcome evaluations of our products and will make support resources available to you for the duration of your evaluation. Evaluation guides for all packages can be found on the relevant product evaluation page. You will need an evaluation password and a licence file which can be obtained by filling out this evaluation application form.