M-Link User ServerXMPP Instant Messaging and Presence Server
The M-Link User Server is Isode's core Instant Messaging and Presence server based on the XMPP (eXtensible Messaging and Presence Protocol) standard. Its feature set makes it ideal for deployments where security, reliability and special functionality are vital as well as for large public deployments.
M-Link can be used to support 1:1 chat, multi-user chat (MUC), Personal Eventing (PEP) and other XMPP services. M-Link is used in both specialised deployments where security, reliability and special functionality are vital and in large public deployments where responsiveness, performance and scalability are paramount.
Note that the core M-Link Server is designed for operation over internet quality links and does not support standards for operation over constrained networks, for which a separate product is available (see M-Link for Mobile Units for more information).
Security features include message security using security labels, support for data confidentiality using TLS and support for SASL authentication, Kerberos authentication and Strong Authentication (based on X.509 Public Key Infrastructure), for client/server and for server/server connections and boundary checks on message traffic using peering controls. For more information see the page on M-Link Security.
The core XMPP model is one server per domain. A single M-Link Server can support multiple domains, with delegated administration of users within each supported domain. XMPP Clustering is a technique to enable a single domain to be supported by multiple servers. M-Link supports clustering over both Local and Wide Area Networks.
There are a number of ways in which an XMPP service can become unreliable, usually involving a failure in one or more components of the service. In a Mobile Unit deployment, where link failures can be common, Isode's XMPP products (both the M-Link products and the Swift XMPP client) include capabilities to alert the user to and protect them from link failures. For more information see the page on M-Link Reliability.
Can be deployed on large public networks (jabber.org, one of the largest public XMPP installations, uses M-Link), in high security environments and variations of M-Link can be used as a Boundary Guard, in Mobile Unit scenarios and as a gateway to IRC systems.
Archive and Search
M-Link has extensive archiving capabilities including search of 1:1 and multi-user chat history, export to XML archives and long-term archiving in PDF/A documents. For more information see the page on Archive and Search.
Forms Discovery and Publishing
M-Link enables flexible Forms Discovery and Publishing (FDP). FDP provides a mechanism to allow M-Link to store a list of Topics and associated form templates that can be retrieved and completed by an FDP-aware client. Once the completed form is submitted back to the Server, interested parties who have subscribed to the Topic will be immediately notified that a new instance of the form has been completed. Fore more information see the page on Forms Discovery and Publishing.
PubSub and PEP
XMPP includes a Publish/Subscribe capability to enable flexible sharing of data. Personal Eventing is a subset of this, which allows a user to publish and share data, and in particular "extended presence" information. Personal Eventing is expected to be the basis of important XMPP developments, and support is starting to appear in XMPP clients and applications. M-Link supports Publish/Subscribe and PEP is supported using Publish/Subscribe. Further information on Publish/Subscribe can be found in the whitepaper [XMPP PubSub].
BOSH (XEP-0124: Bidirectional-streams Over Synchronous HTTP) is a mechanism to operate XMPP over HTTP. This facilitates development of Web XMPP clients running in a browser. M-Link supports BOSH in the core server.
M-Link provides a number of peering controls, controlling what is sent to and received from other XMPP peer servers. Key controls are security label checks & transformations, filtering of traffic types and 'folding' of messages and presence data to remove selected information. Peering controls, which are available in all M-Link products, are described in more detail on the M-Link Edge product page.
An M-Link Server maintains its own configuration, which a suitably privileged client can view or modify using XMPP commands. Isode provides a GUI tool, M-Link Console (MLC), which manages this configuration over XMPP, provides server control and monitoring services. User accounts are held in a Directory, with Active Directory or Isode's M-Vault being popular choices. User accounts in the Directory can be managed externally and Isode provides administration tools for this purpose.
Monitoring of server and system performance can be done using MLC, a Web Application and by SNMP (integrating server monitoring with Enterprise monitoring of network and application components). More information can be found on the page on Configuration and Oprational Management.
Use of Directory
M-Link uses Directory to hold user authentication information. This will often be an external enterprise directory using standard schema that has already been set up. A common choice for those not using M-Vault for this purpose is Microsoft's Active Directory. By using the directory for authentication, M-Link can share authentication credentials and authentication management with other applications that make use of the same infrastructure
XMPP users have a 'profile' that contains information about the user, such as the user’s name, nickname and phone number. M-Link provides capabilities to manage this information in conjunction with equivalent information held in the authentication directory.
M-Link provides support for general LDAP groups as well as for Active Directory groups configured in the authentication directory. Groups can also be configured in the configuration directory, giving the option to define a group by an LDAP search, which can allow groups to be specified without duplicating information. Groups can be used for two purposes:
- Roster Pre-Population.
- MUC (Multi-User Chat) access control.