On this page you'll find summaries of all of the whitepapers published by Isode. Click on the headings below to bring up whitepapers relevant to your area of interest or use the search form below for a more detailed search. Seperate search forms are available for a search of the entire site or a search specific to Documentation.
NATO plans to move BRASS (Broadcast and Ship to Shore) HF services to the new BRE1TA (BRASS Enhancement One Technical Architecture) which was initially set out in 2008. There have been important technical developments since the BRE1TA vision was set out, in particular the work on Wideband HF (WBHF). There is also increased technical understanding and experience with some of the technologies associated with BRE1TA. This white paper gives a higher level summary of what is going on, with the aim of providing an explanation to those interested in BLOS (Beyond Line of Sight) communication, but who do not have detailed understanding of HF technologies. The paper looks at BRASS capabilities and sets out what can be achieved beyond core BRASS with technologies that can be purchased today.
Turnaround time in STANAG 5066 systems is generally measured in seconds or tens of seconds. This significantly impacts performance and makes it impossible to optimize for both throughput and latency. This paper examines why operational turnaround is slow and shows how it can be reduced to 150-200 milliseconds.
Token Ring and TDMA (Time Division Multiple Access) are the primary choices for enabling multiple nodes to share an HF link with high utilization. Token Ring has been standardized as Annex L of STANAG 5066, and there is a placeholder in Annex M for TDMA. This paper analyses the relative merits of TDMA and Token Ring. It concludes that Token Ring is the better approach for HF, and that current NATO standardization effort should be directed towards improving Token Ring operation rather than adding a new TDMA standard.
HF Radio provides Beyond Line Of Sight (BLOS) communications and is a critical communications link, particularly for military applications. Traditional HF applications have operated closely with the HF networks, including point to point communications and broadcast, in particular Naval BRASS (Broadcast and Ship to Shore). HF is a difficult communications medium, radio propagation is unpredictable and unreliable, speeds can be as low as 75bps and latency is high. New technologies, and in particular Wideband HF (WBHF) have potential to improve HF communication, opening up new possibilities for HF use by a range of applications. Modern applications are IP based, and it is highly desirable to use these applications without modification for communication over HF Radio. This whitepaper sets out an architecture to achieve this.
NATO is putting in place a Program of Work to update STANAG 5066, this whitepaper sets out Isode’s thinking on what the plan should be. Much of this is referencing and collecting previous material into a single location. The goal is to help develop a good plan for STANAG 5066. The items described in the core of this document are made as strong recommendations for changes that are seen as straightforward and low risk. Isode believes that change to the Crypto Interface and TDMA should also be considered. These topics are considered in two appendices.
STANAG 5066 is a NATO Standard providing a link level service for HF Radio, the latest version is Edition 3 of December 2010. There are a number of issues with the current specification, particularly in relation to its use with the new Wideband HF (WBHF) specifications. NATO is aware of the need to update STANAG 5066 and has expressed intention to do so. The S5066-EP document series is intended to address the open issues prior to an official update and provides a set of extensions that can be used in conjunction with STANAG 5066 edition 3. The intent is that vendors and those procuring systems can reference these specifications, prior to this capability being available to NATO.
Standard XMPP uses fully meshed federation for communication between servers. This whitepaper looks at scenarios where fully meshed communication has significant drawbacks, sets out an alternative XMPP Trunking architecture and shows how the peering control capability provided by M-Link can provide this.
This whitepaper looks at Isode’s HGM (Military Messaging) solution, covering end user Web and Mobile clients, messaging servers, interoperability with various military messaging protocols, security, management, and tactical deployment including use of HF Radio. It gives a summary of all the components provided by Isode, with references to product descriptions and more detailed whitepapers.
Draft and Release is a process of handling formal military communication using a mix of paper and online communication. This paper sets out an approach to online handling of the same communication. It looks at issues with the approaches taken so far to do this, and proposes a new approach and proposed standardization. It then looks at how some of this is implemented in Isode’s Harrier military messaging client described in [Harrier: Military Messaging on Android Devices].
This whitepaper looks at the approach taken to supporting multi-master replication in the Isode M-Vault directory server product. The paper looks at how ACID (Atomicity, Consistency, Isolation, Durability) database requirements are addressed by the approach taken, and sets the approach in the context of other techniques used in distributed directories.
BRASS (Broadcast and Ship to Shore) is an approach used by Navies, particularly in NATO countries, to communicate between Ships and Shore using HF Radio. This whitepaper gives an overview of BRASS and then describes the Isode strategy and solution for this area. It looks at how Isode’s products can support the protocols and interoperability for currently deployed BRASS systems and move them forward to state of the art capabilities that extend the services offered over BRASS.
This whitepaper describes the new Archive capability in M-Link, and how it enables searching of archive data by end users and operators. It describes operator and management capabilities, including archiving, search, storing statistics history and how very long term archiving can be achieved using PDF/A storage.
Measurements of Skywave HF Radio Intermediate Term Variation and Implications for Optimizing Link Performance
This whitepaper describes the results of Over The Air (OTA) HF Radio Skywave tests looking at the effects of Intermediate Term Variation (ITV), and considers how these results can be used to improve the performance of applications running over HF Radio. The tests were performed in conjunction with Rockwell Collins using both narrow band and wideband HF. The results were initially reported in a paper presented at the HF Industries Association (HFIA) meeting in Portsmouth in September 2014.
This whitepaper describes Icon 5066, which is a server that implements the NATO STANAG 5066 link level protocols, which sit between HF modem and Applications. Applications access Icon 5066 using the STANAG 5066 SIS protocol over TCP. Icon 5066 is the first member of Isode’s Icon (Isode Constrained Networking) product family. This paper shows how Icon 5066 fits with Isode’s strategy of supporting applications running over HF Radio.
This whitepaper gives an overview of Harrier, a cross-platform Military Messaging client which is available as a Web interface and as a native Android client. This paper gives an overview of core Harrier capabilities and how these two clients work. It then looks at the road map for Harrier.
Security Labels are a key component of systems providing security, particularly for military and government use where they are used to provide protective marking on information and as the basis for access control. Security Policy controls the detailed structure of security labels and how they are used to provide access control. This whitepaper explains Isode's open standards approach to supporting security policies in extremely complex environments. It also shows how our tools can be used to support simple environments using open standards, avoiding the need for a proprietary approach.
Forms are important for military operations, and there is often a need to handle forms quickly and share with a large number of users. XMPP based open standard instant messaging is widely used by military organizations and is a sensible framework for sharing forms. This whitepaper looks at the requirements for military forms and how XEP-0346: Form Discovery and Publishing (FDP) can be used to address these requirements. The paper looks at how capabilities provided by M-Link support military forms using FDP, and how gateways can enable integration with other services.
Using OCSP, LDAP and HTTP for Certificate Checking in a Large Scale Distributed Environment and over Constrained Networks
This whitepaper looks at the options for checking certificates and considers issues with each of these. It then looks at the new Online Certificate Status Protocol (OCSP) and HTTP capabilities found in Isode’s R16.2 version of M-Vault, that directly support standardized certificate checking options and the benefits of this integration. Finally, the paper looks at supporting PKI for deployments on constrained networks, and shows how this can be cleanly addressed.
When using STANAG 5066 to communicate over HF Radio and Wide Band HF (WBHF), transmit speed and other parameters can be modified to optimize performance. This paper describes ongoing Isode research on possible new approaches to give better performance for traditional and modern applications.
This whitepaper looks at the use of S/MIME (Secure/Multipurpose Internet Mail Extensions) to provide security for SMTP based Military Messaging and messaging in other high security environments. The paper gives an introduction to S/MIME, looking at commercial use and why it is the best choice for military messaging. It then looks in detail at capabilities needed for use of S/MIME in a military environment, which go significantly beyond the basic use of S/MIME in commercial deployments.
This whitepaper looks at how a STANAG 4406 Military Messaging Service that provides conformant STANAG 4406 protocol interoperability can also make use of SMTP messaging to provide a service equivalent to the full STANAG 4406 service to all users.
M-Link and M-Link Edge are configuration options of the same core product and peering controls are central to the difference between the two. Peering controls can be used to support use of these products with XMPP Gateways and Guards and generally to control traffic handled. Peering controls can also be used to support constrained networks and integration with XML Guards. This whitepaper explains how peering controls work, and how they are used in Isode's XMPP server products.
This whitepaper looks at XMPP (Internet Standard eXtensible Messaging and Presence Protocol) and its relationship to the Web. It looks at situations where Web access to XMPP is appropriate, and describes BOSH, the standard way of integrating XMPP and Web. It looks at why BOSH is important for specialized XMPP applications and how Web applications can be built over XMPP.
Isode's applications make extensive use of digital signatures and strong authentication, providing significant security and administration benefits. Recognising that PKI has a reputation for complexity, we've worked hard to make management and deployment of these capabilities as straightforward as possible. This whitepaper looks at some of the issues that arise when deploying applications that use PKI, and how Isode's management toolset helps address these issues.
Wideband HF radio, with its promise of data rates up to 128 kbits/sec, is attracting a significant amount of attention from an end-user HF community used to the 9600 bits/sec maximum speed of traditional HF communication. The NATO data link protocol for use with HF systems, STANAG 5066, which was designed for throughput of up to 20 kbits/sec, constrains application performance over WBHF. In this whitepaper we propose STANAG 5066 protocol extensions to address this problem.
Military communication makes extensive use of text chat services, in particular those using IRC (Internet Relay Chat) and XMPP (eXtensible Messaging and Presence Protocol). The primary approach is use of group chat services to share information. These services are often deployed in hostile environments, and so it is important that they are resilient and will continue to operate when elements of the service fail. Communication needs to operate between partners and across security boundaries (Cross Domain).
This whitepaper looks at how IRC (Internet Relay Chat) and XMPP (eXtensible Messaging and Presence Protocol) text chat services can be interconnected. It describes both services briefly and then looks at how a number of existing IRC/XMPP gateways work. It then describes the approach taken by the new IRC Gateway capability in Isode's M-Link XMPP server, looking at the operational, security and migration benefits of this approach.
This whitepaper provides performance benchmark information for the R16.0 release of Isode's M-Vault directory server. R16.0 standardises on the transactional in-memory database introduced in R15.2, which had performance improvements as a primary goal. This paper compares R16.0 M-Vault performance to R15.1, which used the older on-disk database.
XMPP (the Internet Standard eXtensible Messaging and Presence Protocol) Multi-User Chat (MUC) is normally provided by a single server, with clients accessing a MUC Room via their local XMPP servers. This standard approach gives performance and resilience problems when operating over constrained networks. This paper looks at how federating the MUC service can address these problems. Isode's approach to Federated MUC as implemented in the M-Link XMPP server is described in the context of evolving XMPP standards, and benefits of Federated MUC for purposes other than Constrained Networks are considered.
This whitepaper looks at message transfer over HF Radio, and looks at how the ACP 142 protocol can achieve optimal performance, and the use of flow control and timers to achieve this. HF Radio can be an unreliable channel, and so it is important that performance is optimized in the event of channel failures. Use of timers to deal with failures is considered in detail.
This whitepaper looks at how Isode’s M-Switch product can make use of Security Labels to perform Access Control and how it can map between a wide range of Security Label formats and message transport mechanisms.
This whitepaper looks at how Isode’s Security Label Server product can be used to provide Security Label and Security Label based Access Control services for an external application, via a simple interface which gives good functional separation and low integration cost. EDRMS (Electronic Document and Records Management System) is used as an example application, to illustrate the benefits of this approach and to consider how best to use Security Labels with EDRMS.
Use of Security Labels is important in many Military and Intelligence organizations to ensure correct handling of information. Correct handling of Security Labels is complex, and solutions to use them with email generally result in heavyweight desktop solutions. This paper looks at a new approach which minimizes email client complexity, enabling easy support in a wide range of email clients and improving deployment characteristics.
In R15 the central code in our M-Vault server was re-written in order to provide new functionality and significant performance enhancements over R14. This whitepaper provides benchmark figures for the latest M-Vault release and compares its performance with two well-known alternative LDAP servers.
This whitepaper describes how Isode X.400 servers can be deployed to support off site disaster recovery. It looks at the new (in R15.1) features in M-Store X.400, which are central to the X.400 disaster recovery approach and then looks at how this can be used in conjunction with other Isode disaster recovery capabilities to provide disaster recovery for a full X.400 deployment. This approach is appropriate for Aviation (AMHS) and Military (STANAG 4406) deployments.
This whitepaper looks at how tracking end to end message acknowledgements can improve service reliability for mission critical messaging. This is achieved by enhancing message tracking services and providing information on messages being delivered and read. It then describes how this can be extended to provide a "Fire and Forget" quality service, using operator alerts and guaranteed action points (GAP). The paper also shows how these capabilities are provided in Isode's M-Switch product.
ACP145 is a specification from the CCEB (Australia, Canada, New Zealand, UK, USA) of how Military Messaging is exchanged between nations. This whitepaper gives an overview of ACP145, and how it is supported by the Isode product set. It looks at how this can be used to support both STANAG 4406 national systems, and SMTP national systems using MIXER conversion.
Digital signatures are a key part of modern secure communication to provide authentication and integrity services. This paper looks at requirements for using digital signatures with XMPP messages, and how these are addressed by XEP-0290 (Encapsulated Digital Signatures in XMPP), which Isode believes will evolve to be the de jure standard for XMPP message signatures. Finally the paper looks at support for XEP-0290 in Isode’s M-Link and M-Link Edge products.
XMPP has a Publish-Subscribe capability, generally referred to as PubSub, which many XMPP experts see as very important. This whitepaper seeks to explain PubSub and its significance to non-experts. It also looks at the problems addressed by publish-subscribe systems, shows how XMPP PubSub has beenused by two services (Collecta and buddycloud), discusses PubSub capabilities & potential applications and outlines M-Link's PubSub support.
This whitepaper looks at how Isode's M-Vault directory server provides failover capabilities in support of disaster recovery. It looks at requirements for replication, and describes the architecture of Isode's approach and how this addresses disaster recovery requirements.
Military Message Handling (MMHS) is specified in STANAG 4406, which operates over the X.400 Messaging protocols. This whitepaper looks at how MMHS could be provided over SMTP noting where this can be done with existing standards, where there is active work to define standards, and where there are currently no standards. It concludes with a summary of what is needed to make MMHS over SMTP a reality that can meet operational requirements.
XMPP (the Internet Standard eXtensible Messaging and Presence Protocol) is being used for mission critical communication, where reliability is essential. Although use of XMPP can seem very reliable, a basic XMPP system has characteristics that are not reliable in some situations. This paper looks at situations where XMPP is not reliable, and discusses how to provide a reliable XMPP system, using advanced XMPP capabilities.
This paper describes and analyses measurements made operating XMPP over HF Radio, using HF modems and a simulated radio link. This paper looks at measurements operating directly over STANAG 5066, and operating over IP. The measurements show that good performance is achieved over HF using STANAG 5066 for a wide range of parameters. Operation over IP over HF gives good results in some situations, but is not generally recommended.
This paper describes and analyses measurements made operating XMPP over a slow IP link with variable delay to simulate Satcom. These results are applicable to use of XMPP with any constrained IP network. This paper compares measurements of standard XMPP and Isode's optimized server to server protocol. Comparison measurements with IRC (Internet Relay Chat) are also given.
This paper looks at how M-Link, Isode's XMPP server is optimized for operation over constrained networks, including Satcom, HF Radio, and other Radio links. The paper starts by looking at the benefits of using XMPP over constrained networks, and the key problems faced. Then it describes the M-Link architecture and how it addresses the various problems, both for networks where IP will be used, and for HF Radio.
SCRAM (Salted Challenge Response) is a new protocol and data storage mechanism to support password based authentication. This whitepaper looks at the security benefits of SCRAM, and how it should be used to complement PKI based strong authentication. It describes Isode’s current support and future plans for SCRAM.
This paper looks at how Isode client and server products can make use of Kerberos authentication, in configurations where Isode provides both client and server, and in conjunction with third party clients and servers, including Microsoft Active Directory. It looks at how Single Sign On (SSO) can be achieved for Isode products using Kerberos, and compares this with use of other SSO approaches.
This whitepaper looks at approaches for checking XMPP (Internet Standard eXtensible Messaging and Presence Protocol) traffic at organizational and other operational boundaries. It looks at the requirements on various approaches, and shows how Isode’s M-Link and M-Link Edge products can be used in these approaches.
This paper sets out the results of measurements made when running applications and layer protocols to support applications over IP via HF Radio using STANAG 5066. The goal of this work was to get a quantitative measure of the performance impact of using applications running over IP over HF Radio in comparison with applications running directly over specialized HF Radio protocols. This paper concludes that the performance impact of using IP is massive, with small message latency increase from at typical value of 6-20 seconds using applications optimized for HF to a smallest measured value of 89 seconds when using IP.
This whitepaper sets out and analyses the results of a measurements of various messaging protocols over HF Radio. HF Radio has unusual performance and reliability characteristics, which has led to specific application protocols being developed. This paper finds that three of the four protocols analysed perform well. It concludes with a discussion of the best choice of messaging protocol for various types of deployment.
This whitepaper sets out the results of measurements done by Isode of STANAG 5066 over military HF Modems and emulated HF Radio. These test show that good line utilization can be achieved (83-94 %) for speeds ranging from 75 bits/second to 9600 bits/second. To achieve this, care must be taken with how the application uses STANAG 5066.
Data Diodes are low level hardware devices, with very high assurance, that allow data to flow in one direction while preventing data from flowing in the opposite direction. This whitepaper shows how Isode applications can be used in conjunction with a Data Diode to give high assurance one way flow of data.
Apple's iPhone has an excellent email client that is an important part of the platform. The iPhone's sophisticated use of IMAP (in contrast to other widely available IMAP clients) is one reason that the email client works so well. This whitepaper looks at how iPhone uses IMAP to meet mobile messaging requirements, and looks at other IMAP capabilities that could be used to support mobile messaging.
File Transfer by Email can be useful for moving data between systems when standard file or data transfer mechanisms are not available. In particular it is useful for supporting Directory Replication, as described in the Isode whitepaper Directory Replication by Email and over 'Air Gap'. This paper looks at requirements for File Transfer by Email, and describes the architecture of Isode’s solution.
XMPP, the Internet Standard eXtensible Messaging and Presence Protocol is being widely adopted for Instant Messaging (IM), Group Chat and Presence services in military networks. This paper starts by looking at the military tactical requirements for IM, Group Chat and Presence. It discusses briefly why XMPP is ideal for these services, and also as a building block for situational awareness systems and in support of voice and video communication.
XMPP is widely used by military and government organizations with stringent security requirements, where it is critical to ensure that sensitive information is not sent to inappropriate individuals or domains. Security Labeling is the mechanism of choice for handling sensitive information in high security environments. This paper looks at the use of Security Labels in conjunction with XMPP services, and how Isode plans to enhance its M-Link product to provide Security Label based controls for user-to-user messaging and for Multi-User Chat.
Isode provides both directory and XMPP server products, and the approach for M-Link (Isode’s XMPP Server) and associated management tools is to make maximum use of directory. This paper describes how M-Link makes use of directory, and explains why this close integration of XMPP and directory is beneficial.
Directory replication is an important feature of most directory services, commonly achieved by use of directory protocols. There are a number of situations where using directory protocols to perform replication does not work well, these include: HF Radio and other constrained links, system boundaries where only email traffic is allowed, directory gateways performing security checks and tactical directories with irregular network access. This paper looks at these scenarios, shows how directory replication over email and 'air gap' can address them and describes the architecture and key features of Isode's solution.
Messaging is important for military and other deployments of HF Radio. Formal Military Messaging (STANAG 4406) over HF Radio is described in a previous Isode whitepaper. This paper looks at how to optimize STANAG 4406 messaging for point to point HF networks and how to provide Internet Messaging over multi-node and point to point HF networks.
Measuring MMHS Performance over HF Radio and Satellite: STANAG 4406 Annex E Encoding and Compression
This whitepaper is the first of a set of papers reporting on measurements made of MMHS (Military Message Handling Systems) operating over HF Radio and Satellite. This paper looks at the encoding and compression of STANAG 4406 Annex E messages, which is common to both HF Radio and Satellite transmission.
This whitepaper is the second of a set of papers reporting on measurements made of MMHS (Military Message Handling Systems) operating over HF Radio and Satellite. This paper looks at operation over Satellite networks, and compares the performance of STANAG 4406 Annex E which is designed for constrained bandwidth networks with STANAG 4406 Annex A, which is intended for high speed networks.
A key feature of any anti-spam solution is how effective it is at removing spam. A perfect anti-spam system would have a zero false positive rate and a zero false negative rate. In practice, this is not usually achieved, and systems will invariably trade off the two measurements. This paper describes how false negatives can be measured and looks at false negative rates for Isode's M-Switch Anti-Spam.
This paper looks at how Security Labels can be used to provide security and management benefits to directory services. It shows how Security Labels can be used to control access to data based on the Security Clearance of the user accessing the directory, and how Security Labels can be used to control access to directory services and selective directory replication.The paper looks at the functionality that can be achieved, and how this functionality may be useful in handling a number of security problems.
Modern military communications are a key component of Network Centric Warfare. HF Radios are used extensively for military communications, and, although very slow, provide effective long distance communication in a wide range of situations. This paper looks at how HF Radio fits with Network Centric Warfare, and looks at approaches for integrating HF Radios to maximize their effectiveness.
This document has been written to help those planning a directory deployment, and in particular Isode partners working on directory deployments for their customers and prospects. As the specifics of the approach taken will depend on the deployment requirements this paper does not attempt to be prescriptive, there are no "right answers". Instead, a series of questions that (may) need to be asked are listed. Notes on those questions help define the answers and explain the implications of choices made. References to other material are provided where appropriate.
Military Messages often need to be transferred over low bandwidth networks, in particular HF Radio and Satellite Networks. The two military specifications for this type of messaging environment are NATO's STANAG 4406 Annex E and ACP 142 developed by the CCEB (Combined Communications-Electronics Board – AU, CA, NZ, US, UK). This paper describes scenarios that require these special technologies, and then gives an overview of the technologies and how they address the technical problems.
ACP127 is the older NATO standard for formal military messaging that is being replaced by STANAG 4406. Both standards are used over HF Radio, and for STANAG 4406, this is specified in Annex E. This paper looks at how both standards work, and shows the benefits of the newer technologies.
STANAG 5066 is a NATO specification for running data applications over HF Radio. STANAG 5066 operates over an HF modem, and provides an interface for data applications to use and share an HF modem. STANAG 5066 provides core services to enable applications to operate efficiently over HF radio, and specifies a protocol that enables a clean separation between applications and modem/radio level. This paper describes STANAG 5066, and shows why it is key to deploying applications over HF Radio.
Military Messages often need to be transferred over low bandwidth networks, in particular HF Radio and Satellite Networks. Isode provides ACP 142 and STANAG 4406 Annex E as a part of its M-Switch X.400 product. This paper describes Isode's approach to implementing these protocols, and how this addresses basic and advanced operational problems, management approaches and integration with other components as part of a larger solution.
HF Radios are important for military communications. IP is widely used and is the basis for most network communication. This paper looks at use of IP over HF Radio and the efficiency of different types of application over IP and concludes that applications intended for regular use over HF Radio should not use IP and should instead be directly integrated with STANAG 5066.
AMHS is being deployed worldwide to support ground to ground communication such as flight plan distribution, and is replacing the older AFTN service. This paper describes the security features of AMHS, the benefits they provide, and how these services can be deployed.
Security Labels provide an important mechanism for controlling access to information in many high security environments, and are also useful in environments with lower security requirements. This paper provides a reasonably detailed description of how security labels and clearances work, while attempting to avoid the high level of technical complexity seen in many papers in this area.
IP Differentiated Services (DiffServ) is a standardized Internet approach for dealing with different classes of traffic. We have added support for differentiated services to M-Switch X.400, so that its priority handling (which supports standard X.400 three level priority, and the STANAG 4406 military messaging six level priority) can utilize differentiated services at the IP level. Isode and NATO staff put together a setup to test military messaging in conjunction with DiffServ, and ran tests on two days in August and November 2007. This paper describes the tests that were done and analyses the results.
This paper gives performance benchmarks for Isode's M-Switch X.400, a high-performance X.400 Message Transfer Agent. M-Switch X.400 is deployed by Isode customers in a number of solutions areas and these benchmarks re-enforce our belief that M-Switch X.400 is substantially faster than any other X.400 MTA.
In this whitepaper we look at password policy for directories, its major capabilities, benefits, how it is integrated into other applications and how it is used. The paper looks at password policy features implemented by Isode’s M-Vault in Release 14.1. A few features are described that are planned for Release 14.2. M-Vault implements a comprehensive set of password policy features, and so this paper covers all features which are likely to be of interest. The paper focuses on showing how features appear to the end user and can be used and controlled by an administrator.
The role of directory varies considerably in different Identity Management solutions. This includes; systems where directory is a central and highly visible component, systems where directory is used, but is not really visible and systems that do not use directory. This paper examines the role of directory in Identity Management, with particular focus on functionality where an externally visible directory can play a part.
There are many situations where it is useful in a directory service for directory data to be available in more than one directory server. This paper looks at three techniques for achieving this (replication, direct synchronization and indirect synchronization) and discusses when each is appropriate.
This paper considers authentication systems based on smart cards, where the smart cards will be issued by many organizations, and authentication must work at any location. An important example of this type of deployment is the US Government planned deployment in support of HSPD (Homeland Security Presidential Directive) 12.
This whitepaper looks at Integrated versus Component Management of AFTN and AMHS Systems for Aviation messaging. It looks at the differences between these approaches and the benefits of each. A summary is given of the Isode product capabilities to support integrated management, and integrated AMHS & AFTN Management (in the shape of the AIDA-NG product from Isode partner Comsoft) is described.
Isode plans to add an XMPP Server to its product set, in order to provide presence and real time messaging services. XMPP is the Internet Standard eXtensible Messaging and Presence Protocol, sometimes referred to as Jabber. This paper sets out why Presence and Real Time Messaging are important to Isode's customers and markets, why XMPP, and not another technology, why Isode is building a product, rather than integrating with available XMPP servers and outlines what Isode will be providing.
The goal of this paper is to give an understanding of what an X.400 Message Store, such as Isode's M-Store X.400 does, and where and how it should be used. In order to do this, the paper looks at general requirements for sending and receiving (X.400) messages, and looks at various approaches that can be taken.
This paper provides performance benchmarks for Isode's M-Store X.400 product (R14) in a number of common usage scenarios including core P3 and P7 operations, throughput tests and handling of large messages.
This whitepaper looks at the role of SNMP (Simple Network Management Protocol) in managing systems using Isode messaging and directory servers. It explains why SNMP support is provided, the sub-agent architecture used by Isode products, and approaches to deploying SNMP monitoring.
X.400 Bridgehead for Microsoft Exchange ("X.400 Bridgehead") is a new product from Boldon James, produced in collaboration with Isode. It's primary goal is to provide X.400 protocol connectivity for Microsoft Exchange 2007, this capability was provided as a part of Exchange 2003 and earlier versions, but is not included with Exchange 2007. This paper describes the architecture of X.400 Bridgehead, and summarizes it's key features. It is particularly oriented towards understanding the capabilities of X.400 Bridgehead in the context of older versions of Exchange and full X.400 Message Transfer Agents (MTAs).
Sending FLASH Messages Quickly: Techniques for Low Latency Message Switching and Precedence Handling
Military Messaging systems, and other messaging systems with time critical operational requirements such as Aviation (AMHS), require that high precedence messages are submitted, transferred and delivered very quickly. In this paper we look at how messages can be handled to achieve message switching times of a few hundred milli-seconds, for both low and high volumes of traffic. The importance of Permanent Associations as a way of avoiding delays in opening a connection is described and consideration is given to Precedence Handling, describing techniques that ensure high precedence traffic gets optimum (low) latency.
The general requirements and protocol architecture for military messaging over low bandwidth communications were described in the Isode White Paper Military Messaging Over Low Bandwidth Networks. This paper looks in more detail at how various server components are packaged together, looking at both software and hardware combinations, and showing how users and user agents fit into the system. The paper looks in detail at single user systems, from both hardware and software perspective.
ACP 133 is the NATO Standard for Military Directory: "Common Directory Services and Procedures". The current version is "Edition B", published in February 2000. "Edition C" is being developed, and is expected to be published shortly. This whitepaper gives a short summary of ACP 133 aimed at readers with some familiarity with directory services.
Directory signed operation are often requested or mandated as a part of Military ACP 133 Directory or other directory services with high security requirements. This paper explains what directory signed operations are, the benefits they provide, and situations where it makes sense to require their use.
The concept of "push email" has been widely marketed as a desirable feature of mobile email services, to enable users to get immediate notification of and access to new messages. This paper looks at various approaches to meeting user requirements, and concludes that the Internet Standard IMAP (Internet Message Access Protocol) IDLE command is the best way to achieve this service.
X.400 was specified in the 1980s, with the expectation that it would be the universal standard for email. While this did not happen, X.400 is still used for many applications, particularly where high reliability is required. This paper summarizes the key features of X.400 that make it good for applications needing high reliability, with particular focus on capabilities not available with Internet email.
Isode server products are deployed in a wide variety of situations, and usually there is a high service reliance placed on them. Isode’s approach to server design and management is that the products are building blocks, with maximum use of open standard protocols for interconnection. Management is almost entirely client/server. This combination of building block + client/server means that the approach to operational management needs to be considered as part of the overall system design. This paper explains the approach Isode has taken and the options provided, that can be used to build an operational system.
The Aeronautical Traffic Services (ATS) Message Handling Service (ATSMHS) defines a set of security services for use as part of the Extended ATS Message Service for providing that ATS Message Handling System (AMHS). This whitepaper describes these security services, how they are provided and how they can be deployed. The paper concludes that AMHS Security is needed now, and should be pursued urgently as a part of AMHS deployment.
The IETF (Internet Engineering Task Force) and OMA (Open Mobile Alliance) both have architectures to support mobile email. This whitepaper looks at the differences between these architectures, and considers technical and commercial implications of the differences. Particular consideration is given to the role of service providers.
LDAP and the X.500 directory protocols can all use strong authentication based on X.509 PKI (Public Key Infrastructure). This paper looks at the benefits and issues in using strong authentication for directory. It considers security threats to directory and looks at how strong authentication can be used to address these threats. It also looks at administrative benefits and drawbacks. This paper argues that strong authentication should used wherever possible for server to server communication, and for administrator access.
Why Strong Authentication? – The Security and Administrative Benefits of using X.509 PKI based Strong Authentication
Strong authentication based on X.509 PKI (Public Key Infrastructure) is available in a number of protocols and provides both security & administrative benefits and drawbacks. This paper looks at the security and administrative benefits (and draw backs) of using strong authentication. This paper looks at generic issues that apply to many applications and protocols using strong authentication. Future whitepapers will look at specific applications of strong authentication.
Much discussion on ATN Directory has set out a big vision as to how directories can interconnect globally and solve a wide range of problems. This paper gives a much more pragmatic and short term view and looks at what products and systems can be deployed today.
Isode's new IMAP/POP server, M-Box, was written with very high performance and scalability targets in mind. In order to judge our success in meeting these targets the product has and continues to be tested against a wide basket of commercial and open source alternatives. This whitepaper gives performance numbers for M-Box using the Mstone industry standard benchmark and provides reference comparison with a number of widely used IMAP servers.
In a previous whitepaper on Distributed Directory and PKI we took a "top level" view, and focused particularly on the relationship between departments and what is needed to be supported in the middle. This follow-on paper takes a departmental view, and looks at what a department will realistically need to do in order to provide a directory service that will integrate into the complete system. Whilst this whitepaper takes a generic approach, the models set out are written in light of the requirements of US Government departments that need to conform to Homeland Security Policy Directive 12 (HSPD12) and will interconnect using the Federal Bridge as part of the US Federal PKI
This paper looks at the uses of directory made by a PKI (Public Key Infrastructure) system and PKI-enabled applications. It defines requirements in terms of directory and then looks at how directory can be used to meet these requirements, and implications on provision of a distributed directory.
There are many situations that require large distributed directories using LDAP (Lightweight Directory Access Protocol) and/or X.500, such as Government, Military and Aviation. Organizations building these distributed directories will often be making use of Microsoft Active Directory (AD). AD provides a number of key functions in a Microsoft server network, which impact its use as part of a distributed directory. This paper explains these issues, and then looks at three different approaches to using AD in the context of a distributed directory.
Directory is an important component of Tactical Military operations. This paper looks at requirements for Tactical Directory, explains why there are special replication requirements, and that this is the only area where requirements differ significantly to other military directories.
As demand for efficient mobile messaging continues to grow, that demand is being largely met by messaging systems that rely on proprietary protocols to connect the mobile user's email device over a wireless link, the proprietary Blackberry devices being just one example. Isode believes that an Open Standard approach is better, combining device and service independence to give increased flexibility and lower costs. In this whitepaper we outline how an efficient mobile messaging architecture can be built on existing and emerging standards.
IMAP (Internet Message Access Protocol) is a widely implemented protocol for email clients to access messages on a server, and allows messages to be stored and filed on a message server. Isode will be adding an IMAP Server to its product set to complement our POP Server. This whitepaper sets out why this is an important part of Isode's messaging strategy, and shows how this will fit as a part of Isode's overall Internet Messaging Solution.
For many commercial and personal applications, Internet mail is sufficiently reliable to be trusted and treated as if it were 100% reliable. For some applications, such as aviation, military, and key government communications this is not good enough. This paper looks at what is needed to provide highly reliable message transport: reliably taking a message from its originator and delivering to the recipient(s).
AMHS (Air Traffic Services (ATS) Message Handling Services), as specified in the ICAO ATN (Aeronautical Telecommunications Network) SARPs, is the new standard for ground to ground messaging communications. The "ATS Message Service" is the end to end message service that AMHS provides. AMHS specifies the service, and the underlying infrastructure that is used in order to provide this service. To build a complete system, the ATS Message Service needs to be provided to end users, sitting at terminals. This paper looks at various approaches to doing this.
This whitepaper looks at why an Internet Service Provider (ISP) or Mobile Provider would want to use LDAP and the benefits to an ISP of holding customer account information in an LDAP Directory.
Monitoring and Managing Messaging Deployments with Very High Service Requirements: Isode Servers and Sentra
In order to provide a very high grade messaging service, it is critical to monitor the service and be able to take action where problems are detected. This whitepaper looks at various approaches to monitoring systems containing the Isode servers, and in particular looks at use of the Sentra product from Insider Technologies.
Isode markets its X.400 and Internet messaging solutions as different products. However, Isode's core M-Switch product is the same for both X.400 and Internet deployments, with some modules specific to Internet and X.400 deployments. This whitepaper looks at features which are present in Isode's products primarily to address X.400 markets, but can add significant value to ISP messaging deployments.
AMHS provides a complex addressing scheme, which is used in conjunction with the ATN Directory. Users need to address messages, and the complexity of the AMHS addressing has potential to make this difficult. This whitepaper explains how AMHS and the ATN Directory can be used together to provide a simple and effective user experience.
This whitepaper looks at issues related to replication, when building a highly distributed and replicated directory. It argues that X.500 DISP (Directory Information Shadowing Protocol) is the best solution to this problem. This paper looks particularly at military directory, which has strong requirements for highly replicated directory. The paper is also applicable to other environments.
This whitepaper describes LDAP (Lightweight Directory Access Protocol) performance benchmark tests of Isode's M-Vault directory server, and gives comparison benchmarks with OpenLDAP. Tests were performed using the independent DirectoryMark tests, on a small Linux server, with database sizes from 100,000 to 1,000,000 entries.
This whitepaper describes boundary messaging, which is a key approach to using message switching to provide value added services to an enterprise or ISP.
This whitepaper is an introduction to PKI. The papaer describes why PKI is needed and the basics of its operation, together with examples.
This paper sets out the benefits of using an ATN Directory in support of AMHS (Air Traffic Services (ATS) Message Handling Services) and ground to ground messaging communication, and explains how this directory could be deployed in conjunction with AMHS.
This whitepaper examines the capabilities of LDAP directories and relational databases, and shows how they have complementary roles within an enterprise.
This whitepaper shows how an LDAP directory can be deployed in an enterprise, and the benefits of using a directory such as M-Vault which supports X.500 functionality such as replication and access control.
This article by Steve Kille, Published in Messaging Magazine, looks at LDAP and X.500 and their relationship.
This whitepaper, by Steve Kille (one of the LDAP authors), looks at LDAP v3 capabilities.
This whitepaper gives a controversial view of the Meta Directory solutions offered by some vendors in the directory space.
This article by Steve Kille, published in Messaging Magazine, describes MIXER (MIME Internet X.400 Enhanced Relay), the Internet Standard for conversion between X.400 Messaging and Internet mail.