Directory Products Update – 19.0 Capabilities

The below is a list of the new capabilities brought to our Directory products for the 19.0 release. 19.0 adds a lot of extra functionality across the board for our messaging products, along with a complete rewrite of the codebase so that future releases and bug fixes can be developed more quickly. For the full release notes please check the individual product updates, available from the customer portal and evaluation sections of our website.

Dependencies

Use of several new 19.0 features depend on Cobalt 1.3 or later.

M-Vault

Product Activation 

M-Vault uses the new product activation.  Product activation is managed with the Messaging Activation Server (MAS) which provides a Web interface to facilitate managing activation of messaging and other Isode products. MAS is provided as a tool, but installed as an independent component.   

Headless Setup

M-Vault, in conjunction with Cobalt, provides a mechanism to set up a server remotely with a Web interface only. This complements setup on the server using the M-Vault Console GUI.

Password Storage

Password storage format defaults to SCRAM-SHA-1 (hashed). This hash format is preferred as it enables use of SASL SCRAM-SHA-1 authentication which avoids sending plain passwords. Storage of passwords in the plain (previous default) is still allowed but discouraged.

LDAP/AD Passthrough

An LDAP Passthrough mechanism is added so that M-Vault users can be authenticated over LDAP against an entry in another directory. The key target for this mechanism is where there is a need to manage information in M-Vault, but to authenticate users with password against users provisioned in Microsoft Active Directory.  This is particularly important for Isode applications such as M-Switch, M-Link, and Harrier which utilize directory information not generally held in Active Directory.

Cobalt provides capabilities to manage accounts utilizing LDAP Passthrough.

OAuth Enhancements

A number of enhancements to OAuth, which was introduced in R18.1

  • OAUTH service has been integrated  into the core M-Vault server, which simplifies configuration and improves security,
  • Operation without Client Secret, validating OAUTH Client using TLS Client Authentication.  This improves security and resilience.
  • Allow client authentication using Windows SSO, so that Windows SSO can work for OAUTH Clients.  This enables SSO to be used for Isode’s applications using OAuth.

Sodium Sync

  • Some enhancements to Sodium Sync to improve operation on Windows Server.
  • Option that will improve performance for any remote server with a large round-trip-time. 

ACID Multi-Master Replication in M-Vault

In our latest release, R16.3, we added a multi-master replication capability to our M-Vault directory server, to complement the single master approach of previous releases.

A new whitepaper looks at the approach we took to support multi-master and how that approach addresses the ACID (Atomicity, Consistency, Isolation, Durability) database transaction reliability requirements.

The whitepaper then sets the approach in the context of other techniques used in distributed directories. For more information, follow the link to “ACID Multi-Master Replication in M-Vault Directory“.

R16.3: Multi-Master Directory, XMPP Archive/Search & ACP127 support

We’re pleased to announce the availability of Isode’s latest release, R16.3, which can be downloaded now from our website. R16.3 is a major Isode release which adds new capabilities across the entire Isode product range, including:

M-Vault

We’ve introduced a multi-master capability to M-Vault, complementing the single-master approach to replication defined in the X.500 protocols around which M-Vault was developed. M-Vault is the first directory to offer both multi-master and X.500.

M-Link

M-Link gains a new Archive Server for archive of all messages (including 1:1 chat, MUC and PubSub). XMPP clients can access archives using Message Archive Management (MAM) as defined in XEP-0313. M-Link also gains three new web applications:

  1. Message Archive Management, allowing browser-based access to information in the archive.
  2. Statistics, a lightweight monitoring alternative to the M-Link Console GUI.
  3. Forms Discovery and Publishing, for end-user publishing and display of FDP forms.

M-Link Statistics Web App
M-Link Statistics Web App

M-Switch

We’ve added gateway support for text based organisational message protocols, which we’re collectively describing as ACP127. The first release of this capability supports ACP127 and DOI 103S, a popular US variant, and enables conversion with STANAG 4406 (compliant to STANAG 4406 Annex D) and SMTP (following the MMHS over SMTP extensions).

In addition we’ve made extensive improvements to MConsole and M-Link Console to support the new M-Switch and M-Link family capabilities. For a full run-down of new capabilities in R16.3, please see the Product Release page. We’ll be publishing further blog posts over the coming weeks focusing on some of the new R16.3 capabilities.