Isode's R17.0 release is a Fully Supported Isode release (see the Supported Releases page for more details). Read on for the major changes that R17.0 introduced.

Note that R17.0 although still supported, R17.0 versions of M-Vault, M-Switch M-Store, M-Box and Harrier have been superseeded by the current Isode release, R18.0.

New features in R17.0 have been broken down into the following sections:

  1. M-Link XMPP Server/Gateway
  2. M-Vault LDAP/X.500 Directory
  3. M-Switch Email MTA
  4. M-Store X.400 Message Store
  5. Harrier Email Client

M-Link XMPP Server/Gateway

R17.0 is a major change to M-Link, with new directory access mechanisms and group configuration.

Authentication Sub-System

M-Link uses a new authentication subsystem (AuthDB) developed to enable multi-directory support and providing a number of improvements and simplifications over the previous system. Key capabilities:

  • Read only directory. The model is that information in the directory is not modified or managed by M-Link. Where a third party directory such as Microsoft AD is used, account provisioning is expected as a part of that directory. Where Isode M-Vault is used, account provisioning is provided in M-Link Console.
  • Flexible mappings to derive JIDs from attributes in the directory, with easy GUI setup for commonly used mappings and easy setup for Microsoft AD.
  • Improved configuration of support for XMPP client strong authentication (SASL EXTERNAL), used for example to support client authentication with client smart card. This includes flexible configuration of verification including OCSP and CRL checking options and client certificate checking options.
  • Independent X.509 trust anchors for Clients, Peer Servers, and Clustered Servers.
  • Simplified TLS configuration.
  • Options to read password from directory removed in most situations (undesirable for security reasons). This is used for SCRAM authentication, where passwords should SCRAM-hashed.
  • Local Groups, which are simply a list of JIDs, can be configured with each IM domain and managed with M-Link Console. This replaces the "SASL Groups" of the previous release.
  • Directory Groups (including AD Groups) can be accessed from each directory and viewed in M-Link Console.
  • Both types of group can be used for MUC Access Control, Domain Access Control and Roster Groups.


Every IM domain in M-Link can now be configured to run with an independent directory. This enables support of multi-domain configurations with independent directories for users and groups. M-Link Console can be used to configure Authentication sub-system parameters independently for each IM domain, including mixing different types of directory servers.

Domain Administration

M-Link now adds the capability to define administrators associated with each domain:

  • There is a model of server administrators, which by default is configured with a group "admins" associated with the first IM domain created. Members of this group have full rights to configure and manage all aspects of the server and all domains. This is equivalent to the "operator" group in previous version.
  • Groups and domains are configured by server administrators only.
  • Each domain may specify a group (local group or directory group) such that members of that group have administration rights on that domain.
  • When a server or domain administrator runs M-Link Console, only editors for which the administrator has rights are shown.
  • For tabs which can operate on multiple domains and the administrator has rights for more than one domain, the administrator can choose the domain to use.
  • An IM domain administrator can use M-Link Console to:
    • Search for users in the domain.
    • View user and roster information.
    • Manage accounts (user provisioning) when M-Vault is used.
  • A MUC domain administrator gets rights to create and configure MUC rooms on the MUC domain using the MUC M-Link Console tab.
  • A PubSub domain administrator gets rights to view and manage pubsub nodes on the PubSub domain using the PubSub M-Link Console tab.
  • An FDP (Forms Display and Publishing) domain administrator gets rights to manage FDP forms directly with M-Link Console FDP tab and indirectly with PubSub.

Kerberos and Windows SSO

M-Link now adds support for Windows SSO (Single Sign On) using Kerberos, replacing the generic Kerberos support in previous releases:

  • The XEP-0233 approach is replaced with a new one, needed to address some of the capabilities noted below. This uses IETF standard mechanisms (without XSF extensions) to support Kerberos. Isode plans to specify this approach and anticipates that it will be published as a new XEP.
  • Clustering support, so that SSO works transparently to any cluster node.
  • Multi-domain support, so that an M-Link server can independently configure Windows SSO for multiple domains running on a single M-Link server.
  • Cross-Realm (AD Domain) so that clients running on an AD Domain different to the one the M-Link server runs on can use SSO.
  • M-Link SPNs (Service Provider Names) used for SSO are configured using Windows administration tools to be associated with the Managed Service Account that the M-Link server runs as on Windows.
  • M-Link will only offer SSO (SASL GSSAPI mechanism) if the SPN for the domain being used is correctly configured.
  • M-Link Server can authenticate itself to Active Directory service using Kerberos, avoiding the need for M-Link Server to use password authentication.


There are three new M-Link statistics capabilities:

  • The number of messages sent and number of messages received for an IM domain are stored as statistics on a PubSub node. These statistics are shown as part of the M-Link Console statistics.
  • The M-Link Console User Provisioning tab provides statistics over a configurable period showing the total number of accounts; accounts created; and accounts deleted (but not purged).
  • Analysis of number of messages sent by each user over a selected period. This is achieved by processing the message archive.

Enhanced IRC

There are a number of improvements associated with IRC:

  • Simplified UI to enable selection of either IRC or FMUC support for an M-Link server.
  • Improved IRC and FMUC Configuration in a MUC.
  • Simplified setting of Nick Regex.
  • Support of IRC channels with passwords.


  • A management capability to support NATO JChat client use of Forms Display and Publishing (XEP-0346), to facilitated sharing forms in MUCs.

M-Vault LDAP/X.500 Directory

User Password Changing

M-Vault adds a capability to enable users to change their own passwords. This is achieved by a secure HTTP interface directly supported in M-Vault, so that the user can easily change password using a Web browser.


A number of enhancements have been made to the OCSP server built into M-Link:

  • OCSP signing can be performed by Gemalto Hardware Security Module (HSM).
  • A front-end OCSP capability is provided, so that OCSP can be served by M-Vault servers without access to OCSP signing, making use of a back end server and replication of OCSP results.

M-Switch Email MTA

Diversions View & Routing Nexus

The ability to add Routing Nexus (single and plural is Nexus). A Routing Nexus has a pointer to one or more external MTAs. In common configurations, just one of the external MTAs in the Routing Nexus will be enabled. Routing Nexus can be configured in MConsole.

The primary use of Routing Nexus is to configure message routing in a Routing Tree. This can be configured by a System Administrator where message traffic may be switch over alternate connections, for example to switch between Satcom and HF links or to provide fallback routing for link failure.

There is a new Operator-oriented Diversions View added to MConsole, which allows easy switching between the alternate MTAs. This will allow the Operator to modify the routing configuration between allowed alternatives.

Routing Nexus can also be used with Laser (SMTP) routing to allow direction of (logically) local addresses to arbitrary external MTAs, by reference of a Routing Nexus in the user's directory entry. This extends current support, which allows direction to SMTP MTA or specified Channel. The new capability is important in environments where "flat domains" have nodes separated by protocols such as ACP 142.

Operator View

MConsole provides a flexible and powerful interface with many views supporting a wide range of configuration and operational management functions. It is a useful and flexible tool for a System Administrator. In some environments, M-Switch will be managed by Operators who will not perform general System Administrator functions. Some MConsole views (e.g., ACP 127 View, ACP 142 View, Alerts View, Message History, Event Viewer) are specifically targeted at Operators. However, some views are not appropriate for all operators, and the flexibility and large number of views can be confusing.

A new Operator View Profile mechanism has been introdued:

  • Multiple Profiles can be configured for different classes of operator.
  • Operators can be assigned to profiles.
  • For a profile each MConsole view can be configured as one of:
    • Mandatory (opens on startup and cannot be closed)
    • Optional (may be opened and closed)
    • Not Available
  • If no profile is assigned, the authenticated user is assumed to be a System Administrator with access to all MConsole views.

Note that this mechanism is for controlling view access. It is independent of the mechanisms for controlling Operator and System Administrator access to Directory and M-Switch capabilities.

User Password Changing

A number of aspects of X.509 PKI and TLS Security and Security Management have now been improved:

  • TLS and Cipher Suite options can be configured by GUI.
  • X.509 Trust Anchors can be GUI configured.
  • Self-signed X.509 Certificate can be created by MConsole for use by SOM (QMGR/MConsole) and SMTP. This enables easy setup of TLS.

Alert Daemon Configuration

R16.6 introduced an Alert Daemon, that monitors M-Switch QMGR to provide alerts on a wide range of status conditions. R17.0 adds a GUI to enable flexible configuration of all alerts.

It also provides a Wizard, that enables straightforward setup for military, aviation and other MTA types of priority based alerts for message delay and message queue build-up.

Message Tracking

A number of Message Tracking capabilities have been added:

  • Option to audit text of messages (ACP 127. SMTP, X,400), so that messages tracking can find messages based on content.
  • Extended ACP 127 logging to enable tracking of various ACP 127 service messages and functions.
  • Option to resubmit messages from the MConsole Message Tracking and Message History views.
  • Message Tracking Search on:
    • Security Classification
    • DTG
    • PLA format addresses
    • Military Message Type and Identifier
  • Message Tracking shows:
    • Content in and Content out in new panes, so that protocol conversion can easily be checked
    • Additional per-message and per-recipient information
    • Inbound and outbound channel listing
  • Improved statistics, particularly in support of ACP 127 operation:
    • Traffic on each circuit by priority
    • Filtering based on message type
    • Operator and automatic discards (expired and duplicate)
    • Intercepted and repaired messages

ACP 142 Management

The ACP 142 management view has been substantially extended with features originally developed for the ACP 127 View. Although ACP 142 does not need the level of operator attention that ACP 127 does, it is used for slow links and so operator management of queues is important. Features provided include:

  • Separate Tabs for each ACP 142 channel.
  • Detailed monitoring of outbound queue, including:
    • Parameters of message and recipients
    • View message content
    • Transmission count
    • Progress bar, showing data sent and data acknowledged
  • Operator control to:
    • Delete messages
    • Control order of transmission
    • Abort transfer
    • Hold for review
  • Monitoring of inbound partial messages.
  • History Views of message sent and messages received.

Message Correction

The Web Message Correction has had a significant UI update. Key change is that messages are now listed, so the operator can select any message.

ACP 127

A number of ACP 127 specific improvements have been made:

  • Improved mapping of messages with multiple text attachments.
  • Recording of attachments stripped when mapping to ACP 127.
  • Support of SMTP/X.400 envelope recipients without a matching header address by use of T Instruction in a ZOV Pilot.
  • Improved handling of segmented messages, including manual operator send of segmented messages.
  • Message move, so that operator can control exact sending order in automatic queues.
  • Broadcast sender and receiver option to view historical RECAP messages, and sender resend of RECAP.
  • Show message retransmission information in broadcast queue history.
  • ACP 127 circuits can start enabled, disabled, or previous state.
  • In ACP 127 monitoring, added option to filter queued messages so that specific queued messages can be viewed.
  • DTG and TSN available in monitoring view summary.
  • Information on serial line and link configuration available for each ACP 127 circuit in ACP 127 view.
  • Selected ACP 127 parameters can be configured from ACP 127 view.

P3 Enhancements

Permanent P3 connections are now supported.

Other Enhancements

Other new M-Switch features include:

  • Alert operator when queue or log disk space reaches a configurable percentage full.
  • Audit logging when messages are printed from MConsole.
  • RFC 6477 Military headers displayed when viewing SMTP messages.
  • STANAG 4406 Military headers displayed when viewing STANAG 4406 messags.
  • S/MIME multipart/signed messages correctly displayed.
  • Target Message Handling time based on message priority (Military and Standard) can be configured. ACP 128 and ACP 142 views use this to indicate messages that have exceeded this time.
  • Improved configuration and alerting around un-routable X.400 message originator in line with evolving AMHS requirements.

M-Switch Manuals

A new manual "M-Switch Operator's Manual" has been added, aimed at Operators running M-Switch. This manual, plus the Adminstration Manual and Advanced Administration Manual are now available from MConsole, with links to appropriate sections from the MConsole views.

M-Store X.400 Message Store

M-Store has been renamed. It was previously M-Store X.400.

The version of M-Store refactored for enhanced performance and introduced in R16.6 is now the only version of M-Store in R17.0.

Harrier Email Client

Harrier for Exchange

Harrier was introduced into the Isode product set in R16.6, for use with Isode's M-Switch, M-Box and M-Vault products.

Harrier for Exchange provides the same functionality as Harrier and is used with Microsoft Exchange using SMTP and IMAP access. Harrier for Exchange may be used with M-Vault, or with Microsoft Active Directory, noting that AD Schema extensions are needed to support full Harrier functionality.

Organizational Messaging

In Military Formal Messaging, mailboxes are associated with roles, but messages are sent to and from Organizations (e.g. "HMS KENT"). Harrier can be configured with an Organization, to support this style of working. There is an option to allow messages to be sent from the mailbox (role).


Harrier now provides full support for S/MIME, including:

  • Full server-side management, so users can access Harrier with simple password authentication.
  • User private keys held securely in the directory. This enables configuration of S/MIME for all users.
  • Options for users to sign or encrypt all messages.
  • Option to sign message headers. Signing headers is better security, but this does not display cleanly in clients such as Microsoft Outlook.
  • Signature verification and display of signature verification information to recipient.

Draft and Release

The Draft and Release capability has been extended in a number of ways:

  • Can configure multiple releasers.
  • Can exclude specified users from draft/release.
  • Can control release policy to apply to messages based on:
    • Specified or excluded SICs.
    • Message priority
    • Recipient domain
    • Sender

Other Enhancements

Other enhancements to Harrier include:

  • Addition of Archive option, which files message into "per month" archive folders.
  • In military mode, option to delete messages is removed.
  • Security Labels displayed in scan listing.
  • Scan listing shows time remaining in which to process message, based on earlies of:
    • Priority based target processing time
    • Reply-by time
    • Expiry time
  • Scan listing sorts by priority, with secondary sort on the "time remaining".
  • When setting up M-Switch/M-Box from MConsole, a matching Harrier Web configuration is generated.
  • Addition of "Search" function allowing users to find messages containing specific text.
  • Harrier Server will automatically reconnect to an IMAP server after connection is lost, and can be configured to keep IMAP session alive (for IMAP servers which might otherwise disconnect "inactive" clients).
  • Improved address book search algorithm (returns most useful results first), and better handles unresponsive/unavailable LDAP servers.
  • New mail notifications contain more information.
  • Automatic periodic saving of draft messages.
  • When composing messages to recipients with restricted capabilities (identifed by capability checking), the UI indicates when parts of the message are problematic.
  • Added Message Size capability check.