WhitepapersProduct and Market Focused Whitepapers
On this page you'll find summaries of all of the whitepapers published by Isode. Click on the buttons below to bring up whitepapers relevant to your area of interest.
Filter by Product Area:
IP Routing over HF
This white paper looks at supporting IP routing over HF and introduces the HF Routing Information Protocol (HF-RIP). It starts by looking at Isode’s experience with the Icon-PEP implementation of STANAG 5066 Annex U IP Client. Then it considers requirements that go beyond this for a more generic approach.
Managing SNMP Devices with Red/Black
Isode’s Red/Black product provides a flexible management capability, particularly oriented towards managing HF communications chains. Red/Black provides an SNMP (Simple Network Management Protocol) driver that enables management of devices that offer an SNMP interface. This White Paper explains how this works and shows what can and cannot be achieved with this driver.
Icon-TRANSEC: Providing AES Crypto for STANAG 5066
This white paper looks at Isode experience in providing AES TRANSEC level security for STANAG 5066. This work follows Annex T of STANAG 5066 “STANAG 5066 TRANSEC Crypto Sublayer using AES and other Protocols”. It summarizes work on Icon-TRANSEC which is an Isode prototype product for use with Isode’s Icon-5066 STANAG 5066 server
Automating use of HF Directional Antennae for Mobile Unit Support with ALE and STANAG 5066
HF Directional Antennae can provide significantly better performance than omni-directional antennae. To use a Directional Antenna in support of a Mobile Unit (MU) it is important to correctly point a shore Antenna at the MU and to track its movement. This white paper explores what is needed to achieve this, both for the simple case where an antenna is dedicated to an MU and in various scenarios where Antennae are shared.
Military Messaging Distribution and Profiling
This white paper looks at capabilities for distribution of messages to multiple recipients, which are used in Military Messaging but have wider applicability. It also looks at how these capabilities are provided in Isode’s M-Switch product.
Isode's HF Vision & Products
This whitepaper gives a summary of Isode’s approach to providing products for HF radio, looking at current and future products and explaining the problems being addressed.
Data Diodes and Semantic Checking at Secure Boundaries
This White Paper looks at using data diodes at secure boundaries, in particular cross domain and providing red/black separation.
Isode's Solution for BRASS (Broadcast and Ship to Shore)
BRASS (Broadcast and Ship to Shore) is an approach used by Navies, particularly in NATO countries, to communicate between Ships and Shore using HF Radio. This whitepaper gives an overview of BRASS and then describes the Isode strategy and solution for this area. It looks at how Isode’s products can support the protocols and interoperability for currently deployed BRASS systems and move them forward to state of the art capabilities that extend the services offered over BRASS.
Tactical Data Links: Potential Communication Enhancements
This white paper looks at Tactical Data Links; a key real-time military communication service, and ways to enhance them through the use of XMPP and HF Radio networks.
Using M-Link as a Reliable Distributed XMPP Service
This white paper looks at deployment of XMPP in a distributed environment and approaches to ensuring high reliability. It describes capabilities supported by Isode’s M-Link XMPP Server product, with a focus on constrained network links and cross domain configurations.
XMPP Application Profile for use with XML Guard
This whitepaper specifies an Application Profile for use of XMPP with an XML Guard. It defines:
- Schema for the Application Profile
- Normalization Requirements
- Rules which can be used to constrain the base profile
This sets out a product-independent specification of using XMPP with an XML Guard.
STANAG 5066 Ed5 Proposed Additions
This whitepaper proposes a number of additions that can be made to STANAG 5066 during the next edition.
STANAG 5066 Ed4
This whitepaper provides an overview of the change brought in with Ed4 of STANAG 5066, a NATO standard protocol for data applications over HF Radio networks.
STANAG 5066 Application Protocol Series
STANAG 5066 is a NATO Standard providing a link level service for HF Radio, the latest version is Edition 4 of May 2022. The S5066-APP series of documents sets out protocol specifications that operate over STANAG 5066 and communicate with STANAG 5066 servers using the SIS protocol. These protocols provide value add to the core STANAG 5066 service.
STANAG 5066: The Standard for Data Applications over HF Radio
STANAG 5066 is a NATO specification for running data applications over HF Radio. STANAG 5066 operates over an HF modem, and provides an interface for data applications to use and share an HF modem. It provides core data link services to enable applications to operate efficiently over HF radio, and specifies a protocol that enables a clean separation between applications and modem/radio level. This paper describes STANAG 5066, and shows why it is key to deploying applications over HF Radio.
Isode's Military Messaging Handling Solution
This white paper gives an overview of Isode’s solution to provide Military Message Handling Systems (MMHS). It looks at the products that Isode provides and the architecture used to provide a complete solution. It looks at core MMHS provision, strategic interconnection over fast links, and operation of constrained networks and HF Radio.
Supporting Mobile Unit mobility over multiple HF Networks using Icon-Topo
HF networks provide Beyond Line of Sight (BLOS) coverage for thousands of miles, but a single HF network does not give global coverage. In order to provide communication between ground systems and Mobile Units (MUs) over a larger range, co-ordination between HF Networks is necessary.
This whitepaper looks at what is needed to provide this mobility and how Isode’s Icon-Topo product provides this.
Wireless Token Ring Protocol (WTRP)
This whitepaper looks at the Wireless Token Ring Protocol (WTRP) specified in Annex L of STANAG 5066 to support multi-node communication with HF Radio. It gives a high level overview of the protocol, how it works, and scenarios where it is most appropriate, particularly Naval task groups.
It looks at how WTRP works in a deployment, tying this to the WTRP implementation in Isode’s Icon-5066 product.
Red/Black Overview
This whitepaper gives an in-depth overview of Red/Black, which is a new Isode product that monitors and controls devices and servers, with a particular focus on HF Radio systems.
HF Circuits: Automation & Evolution with STANAG 5066
Configuration and management of HF Radio systems commonly uses the term of “HF Circuit” which reflect an active sequence of components from application to antenna. For a small integrated system, this might simply be choosing between voice and data application to use. For larger systems, there can be a choice of many components, leading to a manual choice of setting up the circuit before it can be used.
This paper is aimed at those planning HF systems, and those wishing to understand how STANAG 5066 has impacted the design of such systems, particularly large shore systems.
Isode OAuth
Isode have introduced authentication and authorization using OAuth into some of its Web products and providing an OAuth server as part of the Isode M-Vault product. This whitepaper provides an overview of what Isode is providing and the benefits it gives for Isode applications. It considers how this infrastructure could be used to support non-Isode Web applications.
C2 Systems use of MTF and Messaging
This whitepaper considers how to support C2 (Command and Control) Systems and MTF (Message Text Format) protocols such as ADatP-3, APP-11 and OTH-Gold using Isode’s products.
It looks at how this integration is provided by:
- Isode’s Harrier MMHS API interface; and
- Isode’s Harrier Military Messaging client.
Isode's XMPP Cross Domain Solution
Cross Domain is a term to indicate communication between two security domains where there is a need to control information flow, which is typically used for military deployments. XMPP is the open standard for chat and presence that is widely used by military organizations. This white paper describes requirements for Cross Domain XMPP services and looks at how Isode’s solution addresses them. Isode’s solution comprises three components; M-Guard (an XML Guard), M-Link Edge (a product that supports standard XMPP protocols, converting the protocols to communicate with M-Guard and an XMPP Application Profile for XML Guard (an implementation of a product-independent profile that controls what crosses the boundary).
XML Guard Application Profiles
XML Guards, such as Isode’s M-Guard, provide cross-domain and red/black separation. This whitepaper looks at how Application Profiles are used to specify how an XML Guard may be used to provide separation for an application service in a product-independent manner. An application profile defines the XML that is allowed in messages sent by an application through the XML guard, typically by use of an XML schema.
Provisioning for Military Messaging Handling Systems
MMHS deployments require a variety of specialized components, which are described in this whitepaper, these components need to be provisioned and managed in a flexible manner to support complex deployments. There is a complex relationship between these objects, which needs to be handled in a coherent manner. This whitepaper looks at provisioning requirements and shows how Isode’s Cobalt product addresses them.
Measuring and Analysing HF-PEP for TCP communication and Web Browsing over HF
"HF-PEP: STANAG 5066 TCP Performance Enhancing Proxy Protocol" specifies a new protocol for efficiently running TCP over HF. This paper gives an overview of the requirements for this protocol and provides performance measurements and analysis. The paper then looks at Web Browsing over HF, which is seen as a critical family of services operating over TCP. Measurements and notes on deployment are provided.
M-Guard: Isode's XML Guard
M-Guard is a guard for checking XML content exchanged across network boundaries. M-Guard can act as an application-level data diode. This whitepaper complements the M-Guard Product Overview and provides supplementary information on M-Guard as well as a Road Map for the product’s evolution..
STANAG 5066, STANAG 5070, and how to get a single HF Link Protocol
STANAG 5066 is the NATO standard for link level over HF. Thales/French MoD have proposed STANAG 5070 a new link level standard derived in part from STANAG 5066. Having multiple standards for the same purpose (or overlapping purposes) is generally undesirable for users, nations and vendors. This paper considers how to converge ongoing activity onto a single standard.
Using IP Crypto over HF
This whitepaper describes an approach to protect data using IP Crypto over HF communication. The approach described in this document is formally set out in the STANAG 5066 Application Protocol Series.
Measuring and Analysing STANAG 5066 F.12 IP Client
STANAG 5066 Annex F Section 12 defines an IP Client specification. This is the only mandatory element of Annex F, giving a clear implication that this is seen as a preferred mechanism for supporting applications running over HF. This whitepaper looks at requirements for IP applications over HF. It then analyses the F.12 IP protocol specification. Then a set of measurements are reported on using a pre-release version of Isode’s Icon-PEP product. Finally, overall analysis and recommendations to NATO are made. While the F.12 specification has some utility, this analysis suggests that it is a sub-optimal approach for general provision of IP services over HF.
Measurements of S5069 and S4539 waveforms with varying interleavers over a Channel Simulator
This whitepaper describes measurements of HF Modem transmissions over a channel simulator using Collins modems and simulator. It investigates the impact of varying Interleaver for STANAG 4539 and STANAG 5069 waveforms. These measurements indicate significant benefits for longer Interleavers.
Naval XMPP Road Map
XMPP is an increasingly important communication technology for military communications, supporting real time group communication. Isode provides a military XMPP solution based on its M-Link family of XMPP server products, which can be used with any XMPP client, including NATO JChat client and Isode Swift, which has a number of military-oriented features. Naval deployments have requirements which cannot be addressed by general purpose XMPP solutions. Isode has developed and standardized a number of XMPP capabilities that are critical for Naval XMPP deployments, which are summarized here. These features are currently unique to Isode. Evaluating large scale Naval deployment of XMPP has identified a number of additional requirements and this white paper describes how Isode plans to address these requirements with new M-Link capabilities.
Measuring Performance of Messaging Protocols for HF Radio
This white paper shares measurements of performance of selected HF Messaging Protocols: ACP 142, CFTP and SLEP. These protocols and other messaging protocols are described in the companion white paper Messaging Protocols for HF Radio. Optimizing throughput over HF is the key challenge for bulk protocols such as messaging. The primary measurements in this paper look at throughput for vary link speeds, error rates and message sizes, using Isode’s STANAG 5066 and messaging products. Some latency measurements are also made.
Messaging Protocols for HF Radio
This white paper looks at different messaging protocols for use over HF Radio. HF Radio has awkward operational characteristics. It is an unreliable and highly variable channel. In order to provide good messaging communications, specialized messaging protocols are necessary. Standard messaging protocols are unsuitable.
ACP 142: SMTP & STANAG 4406 Messaging for Constrained Networks
ACP 142 is the best general purpose protocol for supporting messaging over constrained networks, with low bandwidth, poor link quality and high latency. This white paper gives a broad overview of ACP 142. The core of ACP 142 is a multicast capability, which is important as many constrained networks are multicast. This paper describes how ACP 142 can be used for both unicast and multicast deployment.
Operating XMPP over HF Radio and Constrained Networks
Radio and Satellite networks often have constrained bandwidth, high latency and difficult operational characteristics. HF Radio, which is the primary alternative to Satellite for Beyond Line of Sight (BLOS) communication has particularly awkward characteristics. This paper looks at the problems of deploying XMPP over such networks and shows how XMPP can be effectively deployed in such environments. It describes standards that have been developed to support constrained operation and how these are supported in Isode’s M-Link products.
Reducing Turnaround Times in STANAG 5066
Turnaround time in STANAG 5066 systems is generally measured in seconds or tens of seconds. This significantly impacts performance and makes it impossible to optimize for both throughput and latency. This paper examines why operational turnaround is slow and shows how it can be reduced to 150-200 milliseconds.
TDMA vs. Token Ring (Annex L) for STANAG 5066
Token Ring and TDMA (Time Division Multiple Access) are the primary choices for enabling multiple nodes to share an HF link with high utilization. Token Ring has been standardized as Annex L of STANAG 5066, and there is a placeholder in Annex M for TDMA. This paper analyses the relative merits of TDMA and Token Ring. It concludes that Token Ring is the better approach for HF, and that current NATO standardization effort should be directed towards improving Token Ring operation rather than adding a new TDMA standard.
STANAG 5066 Update Plan
NATO is putting in place a Program of Work to update STANAG 5066, this whitepaper sets out Isode’s thinking on what the plan should be. Much of this is referencing and collecting previous material into a single location. The goal is to help develop a good plan for STANAG 5066. The items described in the core of this document are made as strong recommendations for changes that are seen as straightforward and low risk. Isode believes that change to the Crypto Interface and TDMA should also be considered.
STANAG 5066 Extension Protocol Series
STANAG 5066 is a NATO Standard providing a link level service for HF Radio, the latest version is Edition 3 of December 2010. There are a number of issues with the current specification, particularly in relation to its use with the new Wideband HF (WBHF) specifications. NATO is aware of the need to update STANAG 5066 and has expressed intention to do so. The S5066-EP document series is intended to address the open issues prior to an official update and provides a set of extensions that can be used in conjunction with STANAG 5066 edition 3. The intent is that vendors and those procuring systems can reference these specifications, prior to this capability being available to NATO.
Providing XMPP Trunking with M-Link Peer Controls
Standard XMPP uses fully meshed federation for communication between servers. This whitepaper looks at scenarios where fully meshed communication has significant drawbacks, sets out an alternative XMPP Trunking architecture and shows how the peering control capability provided by M-Link can provide this.
Open Online Draft and Release
Draft and Release is a process of handling formal military communication using a mix of paper and online communication. This paper sets out an approach to online handling of the same communication. It looks at issues with the approaches taken so far to do this, and proposes a new approach and proposed standardization. It then looks at how some of this is implemented in Isode’s Harrier military messaging client.
ACID Multi-Master Replication in M-Vault Directory
This whitepaper looks at the approach taken to supporting multi-master replication in the Isode M-Vault directory server product. The paper looks at how ACID (Atomicity, Consistency, Isolation, Durability) database requirements are addressed by the approach taken, and sets the approach in the context of other techniques used in distributed directories.
M-Link Archive and Search
This whitepaper describes the new Archive capability in M-Link, and how it enables searching of archive data by end users and operators. It describes operator and management capabilities, including archiving, search, storing statistics history and how very long term archiving can be achieved using PDF/A storage.
Measurements of Skywave HF Radio Intermediate Term Variation and Implications for Optimizing Link Performance
This whitepaper describes the results of Over The Air (OTA) HF Radio Skywave tests looking at the effects of Intermediate Term Variation (ITV), and considers how these results can be used to improve the performance of applications running over HF Radio. The tests were performed in conjunction with Rockwell Collins using both narrow band and wideband HF. The results were initially reported in a paper presented at the HF Industries Association (HFIA) meeting in Portsmouth in September 2014..
Creating and Managing a Security Label Policy
Security Labels are a key component of systems providing security, particularly for military and government use where they are used to provide protective marking on information and as the basis for access control. Security Policy controls the detailed structure of security labels and how they are used to provide access control. This whitepaper explains Isode's open standards approach to supporting security policies in extremely complex environments. It also shows how our tools can be used to support simple environments using open standards, avoiding the need for a proprietary approach.
Military Forms using XMPP
This whitepaper looks at the requirements for military forms and how XEP-0346 “Form Discovery and Publishing”(FDP) can be used to address these requirements. The paper looks at how capabilities provided by M-Link products support military forms using FDP, and how gateways can enable integration with other services.
Using OCSP, LDAP & HTTP for Certificate Checking
When using digital signatures in secure applications, Public Key Infrastructure (PKI) is used to validate digital signatures with a sequence (trust chain) of certificates from the local trust anchor to the certificate of the entity being validated. Each of the certificates in the trust chain needs to be checked in order to verify that it is currently valid. This whitepaper looks at the options for checking certificates and considers issues with each of these. It then looks at the Online Certificate Status Protocol (OCSP) and HTTP capabilities provided by Isode's M-Vault product, that directly support standardized certificate checking options and the benefits of this integration. Finally, the paper looks at supporting PKI for deployments on constrained networks, and shows how this can be cleanly addressed.
Optimising STANAG 5066 Parameter Settings for HF and WBHF
When using STANAG 5066 to communicate over HF Radio and Wide Band HF (WBHF), transmit speed and other parameters can be modified to optimize performance. This paper describes ongoing Isode research on possible new approaches to give better performance for traditional and modern applications.
Testing STANAG 4406 Military Messaging over IP Differentiated Services
IP Differentiated Services (DiffServ) is a standardized Internet approach for dealing with different classes of traffic. Isode has added support for differentiated services to its M-Switch X.400 product, so that its priority handling (which supports standard X.400 three level priority, and the STANAG 4406 military messaging six level priority) can utilize differentiated services at the IP level. Isode and NATO staff put together a setup to test military messaging in conjunction with DiffServ, and ran tests on two days in August and November 2007. This paper describes the tests that were done and analyses the results.
S/MIME for Military and High Security Messaging
This whitepaper looks at the use of S/MIME (Secure/Multipurpose Internet Mail Extensions) to provide security for SMTP based Military Messaging and messaging in other high security environments. The paper gives an introduction to S/MIME, looking at commercial use and why it is the best choice for military messaging. It then looks in detail at capabilities needed for use of S/MIME in a military environment, which go significantly beyond the basic use of S/MIME in commercial deployments.
Using SMTP to provide a STANAG 4406 Military Messaging Service
This whitepaper looks at how a STANAG 4406 Military Messaging Service that provides conformant STANAG 4406 protocol interoperability can also make use of SMTP messaging to provide a service equivalent to the full STANAG 4406 service to all users.
ATN Directory Vision: An Infrastructure for Supporting AMHS and Ground to Ground Communication
This paper sets out the benefits of using an ATN Directory in support of AMHS and ground to ground messaging communication, and explains how this directory could be deployed in conjunction with AMHS.
Peering Controls in M-Link Edge
Peering controls are central to the difference between M-Link Edge and other products in the M-Link family. Peering controls can be used to support use of these products with XMPP Gateways and Guards and generally to control traffic handled. Peering controls can also be used to support constrained networks and integration with XML Guards. This whitepaper explains how peering controls work, and how they are used in Isode's XMPP server products.
Interconnecting XMPP and IRC
This whitepaper looks at how IRC (Internet Relay Chat) and XMPP (eXtensible Messaging and Presence Protocol) text chat services can be interconnected. It describes both services briefly and then looks at how a number of existing IRC/XMPP gateways work. It then describes the aproach taken by Isode's M-Link IRC Gateway. looking at operational, security and migration benefits of this aproach.
Federated Multi-User Chat
XMPP (the Internet Standard eXtensible Messaging and Presence Protocol) Multi-User Chat (MUC) is normally provided by a single server, with clients accessing a MUC Room via their local XMPP servers. This standard approach gives performance and resilience problems when operating over constrained networks. This paper looks at how federating the MUC service can address these problems. Isode's approach to Federated MUC as implemented in the M-Link XMPP server is described in the context of evolving XMPP standards, and benefits of Federated MUC for purposes other than Constrained Networks are considered.
Using Flow Control and Timers in ACP 142 to provide Optimized Message Transfer of HF Radio
This whitepaper looks at message transfer over HF Radio, and looks at how the ACP 142 protocol can achieve optimal performance, and the use of flow control and timers to achieve this. HF Radio can be an unreliable channel, and so it is important that performance is optimized in the event of channel failures. Use of timers to deal with failures is considered in detail.
Security Label Capabilities in M-Switch Products
This whitepaper looks at how Isode’s M-Switch products can make use of Security Labels to perform Access Control and how it can map between a wide range of Security Label formats and message transport mechanisms.
Using Message Acknowledgements for Tracking, Correlation and Fire & Forget
This whitepaper looks at how tracking end to end message acknowledgements can improve service reliability for mission critical messaging. This is achieved by enhancing message tracking services and providing information on messages being delivered and read. It then describes how this can be extended to provide a "Fire and Forget" quality service, using operator alerts and guaranteed action points (GAP). The paper also shows how these capabilities are provided in Isode's M-Switch products.
ACP145: Isode Support of International MMHS Gateways
ACP145 (Interim Implementation Guide for ACP 123/STANAG 4406 Messaging Services between Nations: ACP145(A)) is a specification from the CCEB (Australia, Canada, New Zealand, UK, USA) of how Military Messaging is exchanged between nations. This white paper gives an overview of ACP145, and how it is supported by the Isode product set. It looks at how this can be used to support both STANAG 4406 national systems, and SMTP national systems using MIXER conversion.
M-Vault Failover & Disaster Recovery
This whitepaper looks at how Isode's M-Vault directory server provides failover capabilities in support of disaster recovery using a single master approach. It looks at requirements for replication, and describes the architecture of Isode's approach and how this addresses disaster recovery requirements.
Military Messaging (MMHS) over SMTP
This Whitepaper sets out how to provide Military Message Handling (MMHS) using the widely deployed SMTP family of protocols. It references IETF standards, including those specifically developed to support MMHS over SMTP and in particular RFC 6477 which is often used to describe this family of protocols. RFC 6477 and MMHS over SMTP capabilities are provided by many vendors and are widely used in MMHS deployments. However, these protocols are not officially standardized by NATO or other military bodies. This paper summarizes the capabilities needed to provide a full MMHS system using the SMTP messaging family.
SCRAM: A New Protocol for Password Authentication
SCRAM (Salted Challenge Response Authentication Mechanism) is a protocol and data storage mechanism to support password based authentication. Isode was closely involved with standardization and early implementation of SCRAM, and we believe this is very important technology for Internet Client/Server protocols, including XMPP, LDAP, SMTP and IMAP. SCRAM addresses a number of important security issues that are not dealt with by older mechanisms, in a manner that can be cleanly deployed and widely implemented. Isode sees SCRAM as the best current approach to password based authentication.
Isode Support for Kerberos, Active Directory and Single Sign On
This paper looks at how Isode client and server products can make use of Kerberos authentication, in configurations where Isode provides both client and server, and in conjunction with third-party clients and servers, including Microsoft Active Directory.
XMPP Boundary and Cross-Domain Protection
This whitepaper looks at approaches for checking XMPP (Internet Standard eXtensible Messaging and Presence Protocol) traffic at organizational and other operational boundaries. It looks at the requirements on various approaches, and shows how Isode’s M-Link products can be used in these approaches.
Performance Measurements of Application using IP over HF Radio
This paper sets out the results of measurements made when running applications and layer protocols to support applications over IP via HF Radio using STANAG 5066. The goal of this work was to get a quantitative measure of the performance impact of using applications running over IP over HF Radio in comparison with applications running directly over specialized HF Radio protocols. This paper concludes that the performance impact of using IP is massive, with small message latency increase from at typical value of 6-20 seconds using applications optimized for HF to a smallest measured value of 89 seconds when using IP.
STANAG 5066 Performance Measurements over HF Radio
This whitepaper sets out the results of measurements done by Isode of STANAG 5066 over military HF Modems and emulated HF Radio. These test show that good line utilization can be achieved (83-94 %) for speeds ranging from 75 bits/second to 9600 bits/second. To achieve this, care must be taken with how the application uses STANAG 5066. The characteristics of HF Radio are unique, with implications on all of the higher layers and applications. This paper gives useful information to those building applications for HF Radio and for those deploying such applications.
File Transfer by Email
File Transfer by Email can be useful for moving data between systems when standard file or data transfer mechanisms are not available. In particular it is useful for supporting Directory Replication, as described in the Isode whitepaper [Directory Replication by Email and over 'Air Gap']. This paper looks at requirements for File Transfer by Email, and describes the architecture of Isode's solution.
Using Security Labels to Control Message Flow in XMPP Services
XMPP is widely used by military and government organizations with stringent security requirements, where it is critical to ensure that sensitive information is not sent to inappropriate individuals or domains. Security Labeling is the mechanism of choice for handling sensitive information in high security environments. This paper looks at the use of Security Labels in conjunction with XMPP services, and how Isode is enhancing its M-Link product to provide Security Label based controls for user to user messaging and for Multi-User Chat (MUC).
Directory Replication by Email and over 'Air Gap'
Directory replication is an important feature of most directory services, and is commonly achieved by use of directory protocols. There are a number of situations where using directory protocols to perform replication does not work well. These include HF Radio and other constrained links, system boundaries (where there is only email traffic allowed), directory gateways performing security checks and tactical directories with irregular network access. This paper looks at these scenarios, and shows how directory replication over email and 'air gap' can address them. Then, the architecture and key features of Isode's solution are described.
Using Security Labels for Directory Access Control and Replication Control
This paper looks at how Security Labels can be used to provide security and management benefits to directory services. It shows how Security Labels can be used to control access to data based on the Security Clearance of the user accessing the directory, and how Security Labels can be used to control access to directory services and selective directory replication.
Access Control using Security Labels & Security Clearance
Security Labels provide an important mechanism for controlling access to information in many high security environments, and are also useful in environments with lower security requirements. This paper provides a reasonably detailed description of how security labels and clearances work, while attempting to avoid the high level of technical complexity seen in many papers in this area.
Password Policy for Directories
In this whitepaper we look at password policy for directories, its major capabilities, benefits, how it is integrated into other applications and how it is used. M-Vault implements a comprehensive set of password policy features, and so this paper covers all features which are likely to be of interest. The paper focuses on showing how features appear to the end user and can be used and controlled by an administrator.
SNMP and Isode Servers
This whitepaper looks at the role of SNMP (Simple Network Management Protocol) in managing systems using Isode's messaging and directory servers. It explains why SNMP support is provided, the sub-agent architecture used by Isode products, and approaches to deploying SNMP monitoring.
Sending FLASH Messages Quickly: Techniques for Low Latency Message Switching and Precedence Handling
Military Messaging systems, and other messaging systems with time critical operational requirements such as Aviation (AMHS), require that high precedence messages are submitted, transferred and delivered very quickly. In this paper we look at how messages can be handled to achieve message switching times of a few hundred milli-seconds, for both low and high volumes of traffic. The importance of Permanent Associations as a way of avoiding delays in opening a connection is described and consideration is given to Precedence Handling, describing techniques that ensure high precedence traffic gets optimum (low) latency. The paper explains why message pre-emption is not a useful approach and why DiffServ is important when there are bandwidth limitations.
X.400 Bridgehead for Microsoft Exchange: Technical Architecture and Back-end Features
X.400 Bridgehead for Microsoft Exchange ("X.400 Bridgehead") is a product from Boldon James, produced in collaboration with Isode. It's primary goal is to provide X.400 protocol connectivity for Microsoft Exchange 2007 and future versions of Microsoft Exchange, as this capability was provided as a part of Exchange 2003 and earlier versions, but is not included with subsequent versions of Exchange. This paper describes the architecture of X.400 Bridgehead, and summarizes it's key features.
ACP 133: The Military Directory Standard
ACP 133 is the NATO Standard for Military Directory: "Common Directory Services and Procedures". The current version is "Edition D", published in July 2009, which is supported by the Isode product set. This whitepaper gives a short summary of ACP 133 aimed at readers with some familiarity with directory services.
Using Active Directory as part of a Distributed Directory
There are many situations that require large distributed directories using LDAP (Lightweight Directory Access Protocol) and/or X.500, such as Government, Military and Aviation. Organizations building these distributed directories will often be making use of Microsoft Active Directory (AD). AD provides a number of key functions in a Microsoft server network, which impact its use as part of a distributed directory. This paper explains these issues, and then looks at three different approaches to using AD in the context of a distributed directory.
Replication for Tactical Directory
Directory is an important component of Tactical Military operations. This paper looks at requirements for Tactical Directory, explains why there are special replication requirements, and that this is the only area where requirements differ significantly to other military directories.
Delivering the ATS Message Service to the End User using AMHS
AMHS (Air Traffic Services (ATS) Message Handling Services), as specified in the ICAO ATN (Aeronautical Telecommunications Network) SARPs, is the new standard for ground to ground messaging communications, which is being adopted rapidly and will eventually replace existing AFTN and CIDIN systems. The "ATS Message Service" is the end to end message service that AMHS provides. AMHS specifies the service, and the underlying infrastructure that is used in order to provide this service. To build a complete system, the ATS Message Service needs to be provided to end users, sitting at terminals. This paper looks at various approaches to doing this.
Creating and Managing a Security Label Policy
Security Labels are a key component of systems providing security, particularly for military and government use where they are used to provide protective marking on information and as the basis for access control. Security Label Policy (simply termed "security policy" in most security label standards) controls the detailed structure of security labels and how they are used to provide access control.
Building a Highly Replicated Directory: The case for X.500 DISP
This whitepaper looks at issues related to replication, when building a highly distributed and replicated directory. It argues that X.500 DISP (Directory Information Shadowing Protocol) is the best solution to this problem. This paper looks particularly at military directory, which has strong requirements for highly replicated directory. The paper is also applicable to other environments.