New features have been broken down into the following sections:
- Harrier Email Client
- M-Switch Email MTA/Gateway
- M-Switch HF Circuit Management API
- M-Store X.400 Message Store
- M-Vault LDAP/X.500 Directory
- M-Link XMPP Server/Gateway
Harrier: Isode's new Email Client
Harrier is a Secure Messaging Web Client, new in R16.6. More information can be found on the Harrier product page.
Harrier provides an end user client service via a server component using SMTP messaging with RFC 6477 and related extensions to support military messaging. Harrier can be used as an ACP127 client in conjunction with M-Switch. ACP127 can be mapped with SMTP and RFC 6477 / RFC 7444 without loss of ACP127 information. This enables Harrier to provide a full ACP127 service.
Harrier can also operate as a general purpose client, providing a high performance easy to use Web interface to an IMAP/SMTP service.
M-Switch Email MTA/Gateway
R16.6 has added a new MConsole Alerts view to support operator management of M-Switch servers. For more information see the Event Logging page. Capabilities include:
- Configurable alert levels with choice of actions including sound, popups and raising MConsole from minimized.
- Alerts from local MConsole errors (e.g., failure to connect)
- Alerts from multiple local or remove M-Switch servers.
- Default set of alerts with operator information driven from Isode Events on the server.
- Ability to configure which events lead to alerts and level of alert
There is also a new Alert Daemon that monitors M-Switch QMGR to generate alerts. Capabilities include:
- Generation of alerts based on message age, number of messages queued and many other parameters.
- Flexible rule configuration based on priority, channel, sender and recipient.
- Control of frequency that alerts for a given status are repeated.
Audit and Tracking
Considerable additional audit logging, for both general and military use, has been added. The tracking interface has been extended to allow searching for messages on additional parameters including message type, SICs and DTG.
A message history view has been added to MConsole, which gives an easy way to quickly see traffic that has been handled by M-Switch.
Messages may now be archived in the format they are sent, in addition to the core archive in arrival. This is particularly helpful where M-Switch is performing protocol conversion. MConsole Switch Operation View and Message Tracking view allow display of messages in both inbound and outbound format.
M-Switch authorisation has been extended to support checks on SICs and on security classification (in addition to the security label controls in R16.3).
In standard email operation, message delivery reports are sent back to the message sender. Military and other operations work in "fire and forget" mode, where errors are handled by central operators and are not returned to the sender, M-Switch has added a capability to support Message Correction. This is provided as a Web interface, shown below, so that the message correction service can be provided by operators in a straightforward manner.
The following correction capabilities are provided:
- Removal of message attachments
- Addition or correction of Security Label
- Addition or removal of SICs (Subject Indicator Codes)
- Correction of bad recipient addresses
- Choice to use or not use correction based on SMTP and X.400 error codes
M-Switch authorisation and error handling works to provide a clear error description and focus on the change needed to address the error. For more details see the M-Switch ACP127 Capabilities page.
R16.3 introduced a basic ACP127 (over TCP) gateway capability support into M-Switch. This has been substantially extended in R16.6 to provide a comprehensive ACP127 Gateway and Relay capability. Capabilities now include:
- Support for a number of text messaging protocols and variants, including ACP 127, ACP 126, ACP 128, JANAP 103 and DOI 103.
- Operation of STANAG 5066 in support of HF Radio.
- Operation over Serial lines, including support for; Windows COM Ports; Digiport TS Serial Hub; MoRaSky serial over HF emulation (Isode test tool).
- Automatic re-transmission of missed messages in response to ZFX.
- Flexible configuration of multiple message transmission and Flash ACK.
- Channel keep-alive with ZIC/ZID
- Core routing based on RIs (ACP 127 Routing Indicator) or on SMTP and X.400 routing to ACP 127 destinations.
- Routing choice based on Security Label.
- Message pre-emption
- Flexible mapping configuration between ACP 127
- Security Policy driven security label mappings
- ACP 127 Address view to view RIs, PLAs, circuits and routing
- Configuration of AIGs (Address Indicator Groups)
- Configuration of CADs (Collective Address Designators) including special handling of Task Forces and other special CAD types.
- ITA2 and IA5 support.
- Outbound duplicate detection.
ACP127 Operator Support
ACP127 needs a considerable level of operator attention. MConsole has a new ACP127 view to facilitate this
- Grouping by ACP127 Circuit to facilitate per-circuit management. Subsequent features are "per circuit"
- Monitoring of real time link traffic in one or both directions. This may be on the main MConsole screen or in a small "pop out" to enable operators to watch traffic on many links at the same time.
- View of queued messages with key queued parameters and view of message content.
- For automatic queues, ability to control: which message is processed next; abort of active message; hold message for operator review.
- Support of manual queues with message transmission and retransmission under operator control
- Ability to send test messages and data configured using templates
- Operator to send standard and abbreviated service messages with templates for common messages. Service messages may be queued or send directly over a manual link.
- View inbound and outbound transmission logs
- View message history for each circuit, showing messages sent and received in the current day
- Duplicate review to optionally allow operator review of potential inbound duplicates.
- Garble Repair view in MConsole to allow operators to fix up messages arriving that have been corrupted in transit
- Support in CODRESS (encrypted messages) to allow transfer to offline device
- Control of expired messages (ZPW) and of messages with missing ZPW
BRASS and BRE1TA
M-Switch has added a range of capabilities in support of NATO BRASS (Broadcast And Ship to Shore) including support for BRE1TA (BRASS Enhancement One Technical Architecture) that also covers M-Switch ACP 142 support. Capabilities include:
- Configuration of Broadcast and Broadcast Receiver circuits over serial.
- Flexible Broadcast re-transmission options.
- Configuration of Ship to Shore circuits over Serial or STANAG 5066 (ARQ)
- Maritime Rear Link support
- RECAP messages in NATO and Italian formats.
- Automatic retransmission based on ZDK or ZFX
- Broadcast fill messages in NATO or Italian format, and operator alert of missing messages
- OTAM (Off The Air Monitoring) to enable monitoring of link quality. GUI monitoring with MConsole.
- Ship side FAB (Frequency Assignment Broadcast) monitoring
- Shore side option for operator setting of FAB status information
- Guard capability to allow flexible control of message relay
- Secondary Broadcast (e.g., ship to task force)
- Intercept option to allow operator interception of messages addressed to other ships
- Java API to allow external circuit configuration including OTAM monitoring: MHFCM (M-Switch HF Circuit Management) API
M-Switch HF Circuit Management API
A new M-Switch HF Circuit Management API to allow ACP127 customers to write their own management console for ACP127 Circuits.
This is a Java API to allow external circuit configuration including OTAM monitoring: MHFCM (M-Switch HF Circuit Management) API. Javadoc for this API is available on the Isode website.
M-Store X.400 Message Store
M-Store X.400 has been enhanced to significantly improve performance and scaling. Message indexes are now handled directly by M-Store X.400 (in previous versions the message index was held in M-Vault). The operational limit of the previous version was around 10 million messages stored in a server. The R16.6 version can store 100 million messages in a server, with mailboxes holding up to 100,000 messages.
M-Vault LDAP/X.500 Directory
M-Vault has added support for LDAP Transactions as defined in RFC 5805 "Lightweight Directory Access Protocol (LDAP) Transactions". This enables a series of (related) LDAP operations to be applied as a single transaction. This is of particular benefit to management applications that modify related directory properties.
M-Link XMPP Server/Gateway
MUC Room Security Label Display
MUC Room Configuration of Security Label Display Marking (String and Colour) to enable XMPP Clients to show the Display Marking as a banner across the MUC Room.
Account provisioning for M-Link when user information is held in M-Vault has been enhanced by a new User Provisioning view in M-Link Console which connects directly to M-Vault and uses M-Vault Password Policy capability. This enables:
- Adding Accounts
- Disabling Accounts
- Display account "last use" time and auto-disable accounts after configurable period
- Deletion of Accounts by "tomb stoning" and use of "tomb stones" to warn operator about creating accounts with a name that has been previously used
- Permanent account deletion
- Removal of M-Link rosters from deleted and/or "tomb stoned" accounts
Enhanced Clustering and Use of Directory
Significant changes in clustering design and use of directory, which improve performance and simplify administration.
Management of Message Size
There is a capability in M-Link and M-Link Edge to control messages based on maximum message body size. This allows effective control of the largest user messages that can be sent.
Kerberos & SSO
M-Link extends support for Kerberos and Single Sign On to comply with XEP-0233, including multi-domain support.
M-Link Console adds a number of UI improvements to service view, live statistics view and archive view. M-Link Console also includes links to the manual, so that relevant sections of the manual can be directly accessed using "?" icons.