Isode's M-Vault is a high-performance secure LDAP/X.500 server. M-Vault can be used as a standalone Directory server, as part of a distributed Directory Service or to store configuration and/or user authentication information for Isode's messaging products.


M-Vault is a high performance LDAP/X.500 Server with replication, advanced security features and flexible cross platform management tools, capable of managing tens of millions of entries and processing tens of thousands of queries per second. Featuring high availability, transactional integrity and extensive management capabilities, M-Vault is the natural choice for security-conscious organisations.

Key Benefits

Security

M-Vault provides a unique set of security features, including Strong Authentication based on X.509 PKI, Signed Operations, OAuth 2.0, Flexible Prescriptive and Role Based Access Control, Security Policy, Rule Based Access Control based on Security Labels, Audit Logging and Password Policy. More information on M-Vault Security...

Scalability & Performance

M-Vault's architecture allows for very high performance for read, search and modification functions, combined with a high level of scalability to directories containing tens of millions of entries. M-Vault's high performance multi-protocol, multi-threaded architecture is scalable to multi-processor platforms and can be easily extended to support additional protocols. SMP (Symmetric Multiprocessing) is supported to exploit the power of multiprocessing systems. More on M-Vault Scalability and Performance...

Replication & Data Distribution

Data can be distributed across servers using X.500 DSP (Directory System Protocol). Enterprise LDAP servers can also be connected into a distributed directory using M-Vault's support for LDAP chaining. Data can be replicated between servers using X.500 DISP (Directory Information Shadowing Protocol) and/or Isode’s multi-master replication. Server to server communication (DSP Chaining and DISP Replication) are secured using X.509 based strong authentication. More on M-Vault Replication & Data Distribution...

Reliability & Fault Tolerance

M-Vault uses an underlying high-end database transaction subsystem, which provides assurance that hardware, operating system or application failures will not corrupt a directory server database. This transaction support also enables on-line backup procedures for disaster recovery. M-Vault provides fail-over clustering and off site disaster recovery using either a SAN approach or one or more independent failover servers as well as multi-master replication. More on M-Vault Reliability & Fault Tolerance...

ACP 133 (Military Directory) Conformance

ACP 133 (Allied Communication Protocol 133: Common Directory Services and Procedures) is the NATO Standard for Military Directory. ACP 133 is based on the ISO/ITU X.500 Directory Standard, and makes use of X.500 protocols for replication and directory management. LDAP, the Internet Standard Lightweight Directory Access Protocol is also based on X.500, and is generally the preferred protocol for military clients and military applications to read data from an ACP 133 directory.

M-Vault is fully compliant with ACP 133 and can therefore be used in support of ACP127 and STANAG 4406 messaging (including use with M-Switch MIXER as an ACP145 Gateway). For more information on M-Vault in this environment, see the Military Directory market page.

Management

Data Management

Isode provides GUI and web-based tools for managing data within a directory service (from both the administrator and end-user perspective) as well as a Directory Client API for standalone and web-based applications. More on Data Access & Management...

System Management

Isode provides tools for the management of directory services using both Isode's M-Vault Console for configuring and monitoring of directory deployments.More on System Management...

PKI Support: OCSP and CRL Lookup

M-Vault can be used to support PKI deployments, in particular to support path discovery and certificate validation. M-Vault supports OCSP (Online Certificate Status Protocol) and HTTP retrieval of CRLs (Certificate Revocation Lists) stored in M-Vault. This enables integrated provision of OCSP, HTTP and LDAP CRL retrieval. This simplifies deployment by removing the need for separate HTTP, LDAP and OCSP servers. It also provides flexible support for PKI deployment in constrained network environments. This is described in more detail in the whitepaper [Using OCSP, LDAP & HTTP for Certificate Checking].

Standards Conformance

M-Vault has full X.500 (2008) functionality incorporating replication, access control and strong authentication. It also supports the latest LDAP standards and industry standards for data held in the directory. More on supported standards for LDAP and X.500 as well as Aviation and Military Standards conformance...