On this page you'll find information on Isode management tools for M-Link. On other pages in this section, you’ll find information on M-Link’s use of Directory for configuration/authentication, support for wide and local area clustering, operation over constrained/unreliable networks, Federated/Multi-User Chat, Archive & Search, and support for Military Forms using FDP.
An M-Link Server maintains its own configuration, which a suitably privileged client can view or modify using XMPP commands. Isode provides a GUI tool, M-Link Console (MLC), which manages this configuration over XMPP, and provides server control and monitoring services.
User accounts are held in a Directory, with Active Directory or Isode's M-Vault being popular choices. User accounts in the Directory can be managed externally and Isode provides GUI and Web based administration tools for this purpose (see User Account Management for more information). SNMP monitoring can be used to integrate server monitoring with Enterprise monitoring of network and application components.
M-Link Console (MLC) is a GUI management tool that enables the creation, configuration and monitoring of an XMPP service comprising one or more instances of Isode's M-Link XMPP server.
MLC's setup wizard allows administrators to quickly setup a single or multi-node (clustered) XMPP service. M-Link requires a Directory to hold user and group information. MLC enables the setup of an M-Vault Directory to be used in conjunction with M-Link for this purpose and also allows for the utilisation of an existing LDAP Directory, including Microsoft Active Directory.
MLC provides a "System Diagnostics" view, to make checks on the local machine & validate configuration and can can start and stop M-Link servers on Windows, Solaris and Linux.
MLC connects to an XMPP service, and can provide a range of monitoring information including general service status & uptime, information on connected users & peers, general server statistics and detailed performance information. Multiple XMPP services can be monitored, including limited monitoring of XMPP servers other than M-Link.
A typical M-Link deployment will be provided by multiple servers operating in a clustered configuration to provide reliability. M-Link Console provides management at both service and cluster node level. Most management is done at the service level, with configuration changes automatically affecting all nodes. Some functionality is available the node level, including:
- Statistics information on the performance of each node.
- Option to perform node-specific configuration, which may be useful for advanced deployments. When this is done, the UI shows clearly where node options are set differently to the service wide default.
- Configuration changes that need to adjust node-specific files (e.g., setup of private keys for TLS)
MLC validates that the nodes in a cluster have consistent configuration and status.
Security Check List
MLC provides a Security Check list tab, for both node and service. This warns the operator of any settings which may suggest security risks.
MLC enables configuration of M-Link Security Label capabilities, including setting up Security Label Catalogs, and configuring Security Labels associated with MUC Rooms and Domains. See the M-Link Security page for information on M-Link Security capabilities.
TLS and X.509 PKI
MLC enables setup and configuration of Strong Authentication for TLS and for peer authentication, by configuring an X.509 identity and associated PKI and TLS parameters for each server. Identity setup makes use of CSRs (Certificate Signing Requests) to interact with a Certification Authority. Trust anchors can be configured manually, or make use of the Windows Certificate Store defaults. MLC can use strong authentication to connect to M-Link, including use of Smart Cards.
Users and Rosters
M-Link Console provides a number of capabilities to support users and the user rosters held in M-Link.
- User accounts can be displayed, and there is ability to create and modify accounts where the M-Link server has appropriate write access to the Directory.
- Online users can be listed (useful for small servers)
- Users can be searched (using XEP-0055) which enables user information to be found in a large service.
- Current online status and connections for a user can be displayed.
- A user's roster can be displayed and reset.
Components, IM, MUC and PubSub domains
M-Link can support multiple domains, which can be used for multiple purposes (IM, MUC, or PubSub). MLC enables setup and management of these domains. Domain management can also be used to configure XEP-0114 components to integrate third party services.
For MUC domains, MLC provides detailed MUC administration view, so that MUC rooms can be created and managed from MLC as part of an M-Link service.
MLC provides a tab for managing groups, which are important in most XMPP services. There is a special operator group (for users that can manage the M-Link service) and a range of custom groups. Groups can be defined as an explicit list, as an LDAP search, or reference a Directory group (AD Group or LDAP Group). Groups can be referenced for MUC access control, and can be used to provide roster pre-population, or to enable administration configuration of user rosters.
Both M-Link and M-Link Edge make use of peering controls to control how messages are routed and to control message flow. The Peering Configuration tab enables setup of routing configuration, filtering and controls associated with the peer. Link control enables use of special protocols between a pair of M-Link servers, in particular:
- XEP-0361, to reduce handshaking on slow links.
- STANAG 5066 for use over HF Radio.
- Custom integration for use with High Assurance Guards.
Audit and Telemetry
MLC provides a number of audit and trace capabilities:
- Archiving can be configured for 1:1 messages and/or MUC. When this is enabled, MLC enables archive viewing.
- Telemetry logging may be enabled for specific users or peers in order to diagnose interoperability problems. MLC provides a viewing capability for the logs produced.
- M-Link uses Isode event logging to record activity. MLC enables full configuration of this logging.
It is often desirable to run M-Link on a headless server (i.e., one without GUI access). MLC makes this straightforward, for both servers and cluster nodes, by operating on a remote machine and providing appropriate command line invocations.
Operation and configuration is achieved by use of Ad Hoc commands (XEP-0050). XMPP defines a number of Ad Hoc commands for server management in XEP-0133. Standard commands supported by M-Link are change password, get user stats, number of online users, list active users, send announcement. Isode adds a large number of additional commands, which are used by MLC. Direct access to Ad Hoc commands are available for advanced use.
Users of an M-Link server or service will be configured in a Directory. User provisioning may be handled independently of M-Link, for example when using a third party directory such as Microsoft Active Directory.
Isode provides an integrated approach from M-Link Console to support user provisioning, which uses direct access to M-Vault over LDAP. This enables:
- Adding Accounts.
- Disabling Accounts.
- Display account "last use" time and auto-disable accounts after configurable period
- Deletion of Accounts by "tomb stoning" and use of "tomb stones" to warn operator about creating accounts with a name that has been previously used.
- Permanent account deletion.
- Removal of M-Link rosters from deleted and/or "tomb stoned" accounts.
Two other options for user account management are also available:
- Using Isode's 'Sodium' GUI tool to manage the Directory data. You can find more information on Sodium here. Sodium is shipped with Isode's M-Vault Directory and is also available as a stand-alone product.
- Using Isode's Internet Messaging Administrator (IMA), a set of configurable browser-based account management tools running against the Directory (with delegated administration). You can read more about IMA on the Internet Messaging Administrator product page.
M-Link includes SNMP support, to enable monitoring of key server performance metrics with network management tools such as OpenView, or with Web applications.
The SNMP framework enables monitoring of an enormous variety of network components and applications by use of the MIB (Management Information Base) concept. A MIB defines the variables that are available in the application to be monitored using SNMP.
MIB support in M-Link includes:
- Network Services Monitoring MIB (RFC 2788).
- The 'Isode Services MIB' an Isode extension to RFC 2788 to include authentication and encryption data, bandwidth counts per session and session type.
- The 'Isode XMPP MIB' which provides XMPP-specific statistics such as stanza counts.
Amongst other capabilities, monitoring enables the operator to see the number of connections (client/server and server/server), the operation rate for different types of operation, where encryption is used and bandwidth usage.
Further information on the benefits of SNMP monitoring is given on the page discussing Isode's SNMP Architecture.