Assured: The Isode Blog

Existing Isode partners and customers will know that we've probably been more open about our plans for 14.2, and the expected release date, than we have for any previous Isode product release.

Access to the password-protected section of our website has enabled them to examine the release plans for 14.2 as well as our longer term development plans. They've also been reading and commenting on the drafts of whitepapers due to be published over the next few weeks and beyond.

Internally the Engineering department have had to stare at the countdown clocks (days to code freeze and days to marketing handover) on the company Intranet.

On the pages that customers have had access to we've been talking about a 14.2 release in "March 2008". As anyone in the software industry knows this is normally code for "11:59pm March 31st .... in Fiji" so it's to the credit to Isode's Engineers that we managed to beat that end-of-March deadline by a full 2 weeks when we released 14.2 on Monday.

14.2 includes the first release of our XMPP Instant Messaging and Presence server, M-Link (you can read more about M-Link here) as well as  HF Radio support improvements (we've added support for STANAG 4406 Annex E and ACP 142 operation over STANAG 5066), a preview release of security labels and clearances (including Rule-Based Access Controls) in M-Vault, changes to Sodium Sync to include comprehensive LDIF support and the addition of a Sodium Sync server which will perform scheduled updates independent of the GUI.

We'll be blogging more about these items individually later, in the meantime a rundown of 14.2 improvements can be found on the release page.

We've been making announcements about R14 features, and releasing relevant whitepapers. Today we released R14, making it available to customers and evaluators.

You can read about R14, including the new M-Vault and M-Store X.400 databases, the new web-based messaging management tool (PIA - Personal Information Administrator), extended platform support and significant improvements to Sodium, MConsole and EMMA at the release page located here.

A new whitepaper just released on the Isode website, looks at Isode's web-based interfaces to the directory and introduces two new tools that will be released as part of R14, a personal information administrator and a directory browser.

Both are currently packaged as part of the Internet Messaging Administrator but which will change over time to become general purpose directory UIs.

The whitepaper can be found at: http://www.isode.com/whitepapers/web-interfaces.html

The Beta of Isode R14 was released to confirmed Beta testers last week and we're already receiving some very useful feedback that will help us to ensure that, at release, this product lives up to everyone's expectations. The production release is due out at the end of April.

Bowing to popular superstition we've missed out R13 and jumped straight from R12 to R14, although part of me wants to send out an Isode R13 release announcement on April 1st just to see what sort of reaction we get.

The Engineering department has put a lot of work into this release, which includes a new backend to M-Vault to increase scaling into the 100 million entry range, a new M-Store X.400 database and extensive changes to our management tools. For a full list of new R14 features, see this page.

In previous 'R12 Re-cap' posts we've looked at Sodium, X.400 Quick Configuration and MConsole. In this post we're taking a look at Internet Messaging.

LEMONADE

With R12, Isode's messaging servers became the first to be released supporting the new Open Standard for Mobile Messaging (LEMONADE).

Isode has been an active participant in the IETF's LEMONADE working group to define extensions to IMAP and SMTP for mobile messaging. M-Box (POP/IMAP) and M-Switch (SMTP) are the first messaging servers released to support these new Open Standards. Our Internet Messaging whitepapers give more details on LEMONADE and why we believe that this Open Standard is important for organizations looking to provide email access to mobile staff.

Evaluating Internet Messaging

We previously pointed out the improvements made to the Quick Configuration wizard for X.400 Messaging. With R12, Quick Config has been extended to cover Internet Messaging, allowing evaluators to set up a full Internet Messaging evaluation in a matter of a few minutes.

Quick Config is installed as part of M-Switch and is described in detail in the Internet Messaging Evaluation Guide linked from the documents section of this evaluation page. Quick Config will configure all of the elements of a test system, including M-Vault and M-Box, you should therefore ensure that you have M-Switch, M-Box and M-Vault installed before running Quick Config. If you have already installed versions of Isode products earlier than R12, please remember to read the Release Notes for information on upgrading to R12.

Anti-Spam

As well as functionality for mobile messaging, we've enhanced our anti-spam solution with support for: SPF (Sender Policy Framework); TLS (data confidentiality) for inbound and outbound SMTP; and IMAP quota and ACL capabilities. M-Switch Anti-Spam is available for evaluation here.

In previous posts we've looked at R12 changes to X.400 Quick Config and Sodium (secure Open Data, Identity and User Manager). In this post we're taking a look at changes to MConsole.

MConsole is our central tool for M-Switch Operational Management, providing detailed monitoring information and a wide range of controls. MConsole has been completely re-written and with the release of R12 a number of additional capabilities have been added, including:

• Quarantine Management: MConsole can display information on each quarantined message including sender, recipient and spam score.
• Message Tracking: Integrated support for message tracking via access to the message database including content of messages in the queue, archived messages and tracking of failed messages.
• X.400: MConsole now supports redirection, resubmission, forwarding and viewing of X.400 messages.

Click images for more MConsole details
Message Properties	Message Channels

You can read more about MConsole here.

MConsole is installed with M-Switch R12. If you have already installed a version of M-Switch earlier than R12, please remember to read the Release Notes for information on upgrading to R12.

Continuing with our re-cap of features within Isode's latest release, R12, in this post we're looking at the X.400 Quick Configuration Wizard.

With previous Isode releases we've shipped a 'Quick Configuration Wizard', a tool that enabled quick setup of pure X.400 or X.400 MIXER configurations. With R12 the scope of the Quick config has been dramatically extended so that it now covers a wide range of X.400 messaging scenarios:

• Aviation CAAS or Aviation XF: These are standard X.400 configurations, with the option of setting up an ATN Directory. The users can be based on the Common AMHS Addressing Scheme (CAAS) or XF Addressing Scheme (click here for more information on aviation solutions).
• EDI: Standard X.400 configuration with support for EDI content types (click here for more information on EDI solutions).
• Military: Standard X.400 configuration with support for military content types (click here for more information on military messaging solutions).
• MIXER: Demonstrating conversion between X.400 and Internet messaging (click here for more information on M-Switch MIXER).
• Pure X.400: a 'pure X.400' configuration without market-specific settings (click here for more information on Isode's X.400 products).

Whichever scenario you choose, Quick Config will configure the test system within a matter of minutes, allow the sending of test messages as part of the configuration process and launch our X.400 test system, XUXA, for further testing.

Quick Config is installed as part of M-Switch and the X.400 messaging options are described in detail in the M-Switch X.400 Evaluation Guide linked from documents section of this evaluation page. Quick Config will configure all of the elements of a test system, including M-Vault and M-Box (for MIXER), you should therefore ensure that you have M-Switch, M-Box and M-Vault installed before running Quick Config. If you have already installed versions of Isode products earlier than R12, please remember to read the Release Notes for information on upgrading to R12.

In a previous post we gave a quick overview of the new features within the latest Isode release, R12. R12 was a major release for Isode and we think its worthwhile taking a closer look at some of the new features users and evaluators are now able to access.

In this post we're taking a look at Sodium (Secure Open Data, Identity and User Manager), a new cross-platform Administrative Directory User Agent which gives flexible and extensible GUI management of directory data. 

Sodium is part of the Isode directory product set, and is ideal for use with M-Vault. It may also be used with any directory server which supports X.500 DAP (Directory Access Protocol) or LDAP Lightweight Directory Access Protocol).

Sodium includes:

• Support for Strong Authentication and Signed Operations (more)
• X.509 certificate request and management functions (more)
• Extensive built-in schema support including templates for military (ACP133) and aviation (ATN Directory) markets.(more)
• Easy Browsing and Searching (more)
• Extensive Data Modification, Addition and Deletion facilities (more)
• Flexible template configuration (more)

Sodium is installed with M-Vault R12 and is featured in the M-Vault Evaluation (here) and the Strong Authentication Evaluation (here). If you have already installed an evaluation version of M-Vault earlier than R12, please remember to read the Release Notes for information on upgrading to R12.

We're pleased to be able to announce that the latest Isode release, 12.0, is now available for download from the Isode website. We'll be writing in details about the new features within this major release over the coming weeks but here's a quick rundown:

Signed Operations in M-Vault

Isode's M-Vault directory support for strong authentication has been extended to include Signed Operations, as described in a recent white paper. It's straightforward to restrict deployments to require signed operations for all modifications, which is important for secure directory deployments. You can find out about setting up a secure directory in our updated guide to strong authentication and secure directory configuration.

Sodium (Secure Open Data, Identity and User Manager)

Sodium is a new Directory User Agent, which will replace DDM in a future release. As well as incorporating significant as well as being a significant step forward in terms of usability over DDM, Sodium also adds support for strong Authentication and Signed Operations. You can read more about Sodium here.

MConsole2

MConsole, our main M-Switch operational management tool, has been completely rewritten. It provides an improved view of the message queue, including information and control on connections and inbound messages. Queued messages can now be viewed from MConsole. There is integrated support for Message Tracking, by access to the message database, including display of archived messages. You can read more about MConsole here.

LEMONADE: The Open Standard for Mobile Messaging

Isode has been an active participant in the IETF's 'LEMONADE' working group to define extensions to IMAP and SMTP for mobile messaging. LEMONADE Profile 1 was adopted as an RFC in June of 2006. With R12.0 Isode's M-Box and M-Switch become the first commercial messaging servers released to support these new Open Standards.

Isode's Internet Messaging whitepapers give more details on LEMONADE and why we believe that this Open Standard is important for organizations looking to provide email access to mobile staff.

Support for ACP 142, STANAG 4406 Annexe E & P1 Strong Authentication

We've enhanced our Military Messaging standards support. ACP 142 ("PMul, Protocol for Reliable Multicast Messaging in Constrained Bandwidth and Delayed Acknowledgement (EMCON) Environments"), is a CCEB (Combined Communications-Electronics Board – AU, CA, NZ, US, UK) standard for military messaging designed to support NATO's STANAG 4406 Annexe E. We've also added support for Strong Authentication of P1 connections.

You can read more about Isode's Military Messaging products here, the free whitepaper "Military Messaging over Low Bandwidth networks" gives an overview of military messaging and military messaging scenarios.

New Quick Config

With previous Isode releases we've shipped a 'Quick Configuration Wizard', a tool that enabled quick setup of pure X.400 or X.400 MIXER configurations. In order to assist with evaluations of all Isode messaging products, the Quick Config Wizard has been extended so that it now offer a choice of full ISP, aviation, EDI, military, MIXER and pure X.400 scenarios and message types. You can read more about Quick Config here.

We're pleased to be able to announce that the latest Isode release, 11.5, is now available for download by evaluators and customers from the Isode website. R11.5 is a major release of the full Isode product set and includes extensions to the Open Group X.400 Gateway API to support STANAG 4406 Military Messaging, significant changes to our cross-platform Demonstration X.400 User Agent (XUXA) as well as source code availability and the availability of our POP/IMAP message store, M-Box, for Solaris 9.

Extensions to the Open Group X.400 Gateway API to support STANAG 4406 Military Messaging.

The Open Group X.400 Gateway API is a standardized API to X.400 services, that covers core commercial X.400 functionality. Isode has specified and implemented extensions to this API to support STANAG 4406 Military Messaging. These extensions also include support for the standard X.400 File Transfer Body Part, which is not covered in the Open Group specification.

These extensions will be of interest to vendors developing products that need to integrate with STANAG 4406 Military Messaging. The product is available immediately as a part of Isode's Open Group X.400 API Developer's Kit.

Significant changes to our cross-platform Demonstration X.400 User Agent (XUXA) as well as source code availability.

Isode's first release of XUXA (Isode's cross-platform demonstration X.400 User Agent) was made with R11.4. XUXA is designed to help developers using Isode X.400 Client APIs (Java and 'C') and to demonstrate and test X.400 Infrastructure.

XUXA 2.1, included with R11.5 provides a number of detailed improvements, in particular better body part handling (including general text and File Transfer Body Part) and support of InterPersonal Notifications (IPNs).

XUXA's Java source code is now available as an Eclipse Project, to enable users of the Isode client APIs to see a full example use of the APIs. This is of particular interest to users of the Java client APIs, but may also be of interest to 'C' developers.

M-Box for Solaris 9.

M-Box is a high performance Internet Message Store, supporting IMAP (Internet Message Access Protocol) and POP (Post Office Protocol). M-Box features excellent horizontal scaling and easily outperforms rival message stores.

M-Box is a key element in Isode's solution for Service Providers and is available for evaluation today as part of Isode's Internet Messaging Solution for ISPs or on it's own.

General information on this release is available from the release page.

I thought you'd like to hear about a new feature we expect to be of interest to all messaging customers. We've added version control, with LDIF backup and restore to EMMA. This enables messaging users to checkpoint configurations, restore old configurations, and to easily send full messaging configurations to Isode support (or to anyone else that needs it).

Steve

Hot on the heels for R11.2, we are making another release with a few more features. Today I thought I'd disclose a few of the changes to M-Box that you can expect:

• "Vacation" and "Redirect" added to SIEVE, which completes our core SIEVE support.
• IDLE (the IMAP function to support "push email")
• Improved mailbox restore, including merge of recovered data with operational system
• Delivery to shared folders (now email addressable)
• Ability to log IMAP protocol traces for a given IMAP user.
• M-Box monitoring utility (command line tool, to get status on current and historical sessions)

I'll post more about R11.3 features as they relate to our other products later (including our new Internet/Mobile product).

Mapping between X.400 and AFTN addresses is a central function of an AFTN/AMHS Gateway (MTCU). It is also a very helpful user function when supporting migration from AFTN to AMHS. This is discussed in the Isode white paper "Addressing in AMHS: Building a solution that works for the End User": http://www.isode.com/whitepapers/amhs-addressing.html

As an identical mapping needs to be made in many places, it makes sense to manage the mappings. The directory is an ideal location and the Eurocontrol SPACE project defined a means to do this. The directory mapping is specified in Chapter 6 (ATS Message Handling) of the Comprehensive Aeronautical Telecommunication Network (ATN) Manual (Part III. Applications guidance material), section 6.2.1.5.10-17.

We have implemented this mapping as a part of our Directory Client API product.

Initial experience with this mapping code has shown that the shipping version does not meet the full requirements of the ICAO specification for an MTCU, and cannot support all of the mappings in the tables distributed by the AFSG (Aeronautical Fixed Services Group).

To address this, we have extended the algorithm used so that it can deal with the AFSG tables and meet the full requirements of the ICAO MTCU specification. We will be shipping this updated functionality in R11.3, and also updating our distributed LDIF mappings to align to the latest AFSG mappings.

As flagged up in previous blog posts, R11.2 incorporates a number of significant changes to our product:

Strong Authentication

With R11.2 we've introduced support for X.509 based strong authentication, also referred to as X.509 PKI (Public Key Infrastructure). The X.509 standard specifies the standardized information contained within a digital certificate, support for X.509 is an important element in our directory support for PKI systems.

We've has enhanced M-Vault's directory product to include strong authentication between servers for directory chaining (X.500 DSP) and directory replication (X.500 DISP). Strong authentication is provided for client access using both LDAP and X.500 DAP. A new white paper describes the benefits of this security.

To smooth the adoption of Strong Authentication we've built our own, easy to use Certificate Authority (CA) - the Isode MiniCA which contains all the necessary functionality needed to process Certificate Signing Requests, issue and revoke certificates and generate certificate revocation lists. More information on our Strong Authentication infrastructure can be found here. Our servers can also be used with commercially available Certificate Authorities like Entrust and RSA Keon.

Military & Aviation

Two of our major markets are military and aviation (AMHS) messaging, based on the X.400 standard. With R11.2 we've included easy setup options for X.400 content types utilized by military and aviation messaging systems as well as extended our X.400 routing to enable the use of wildcards, allowing an MTA (Message Transfer Agent) to use matches on part of an O/R address to decide where a message is routed to.

Directory Client API

The aviation and military markets will also benefit from changes to our Directory Client API, which now supports both X.500 DAP and LDAP (Lightweight DAP) allowing a single application to mix DAP and LDAP calls. Developers working in these sectors are often required to produce applications conformant to DAP but which might also be used with LDAP.

Our growing ISP market will benefit from product changes that further our stated directory vision of 'One Directory Entry - One Person - One Account'.

Directory based configuration

All of our messaging servers support directory-based configuration, having all configuration information stored in a directory from where it can be shared between messaging servers. We've improved our support for directory-based configuration in R11.2 resulting in changes to each of our three Internet servers: M-Switch, M-Vault and M-Box.

M-Switch has adopted the LDAP Schema for Intranet Mail Routing (LASER) which defines an approach to 'last step' mail routing. Amongst the benefits of LASER is that it allows M-Switch to perform email address checking on the boundary of an organization cutting down on server load when dealing with invalid addresses.

We've also implemented LDAP Proxied Authorization Control (Proxy Auth) in M-Vault. Proxy Auth is used where a server wishes to perform directory operations on behalf of another user. M-Box can use Proxy Auth to get information from the directory on IMAP and POP users, simplifying setup and management.

More details on the new release, together with links to supporting whitepapers, can be found on the 'Latest Release' page of the our website.

We've continued to work at our event framework and event tools, and you'll see the results in our imminent R11.2 release.  There are a number of related areas, with a general goal of improving our event handling for system operators.  Things we've done:

1. We've increased the amount of information in our (XML) event catalogue, and now all events have both a "description" and an "operator action".
2. We've clarified the description of our event framework, in particular to clearly explain our list of facilities, and to clearly explain the different severity levels and typical operator and administrator handling of events at each severity.  This is described at http://www.isode.com/Documentation/isode-events/index.html, currently with the R11.1 event definitions.
3. We've added more capabilities to our client server event viewer.  In particular:
   • The view can be filtered by event severity.  This will help the operator to have different views on the same event file.
   • Event viewer can be used with an independent event daemon.  This means that it is now easy to use event viewer in M-Vault only deployments.
   • For each event, you can show the facility, event description, and event severity.  This is illustrated below.

As ever, feedback and input are welcome

Steve

R11.2 will be the second release of our new M-Box product.  As you might expect, a lot of work has gone into hardening the product, and adding desirable functionality that we left out of the first release.   We've also put a lot of work into tuning performance, to get the results shown in the benchmarks we released recently. 

R11.2 adds supports for Quota control, so that disk space usage can be controlled for each user, and the manager can monitor usage.   It also adds TLS (Transport Layer Security) support for IMAP, to add data confidentiality to message retrieval. We've also provided a mechanism to manage SIEVE using the Internet Draft "A Protocol for Remotely Managing Sieve Scripts" (managesieve) Alexey Melnikov of Isode is a co-editor of this specification).   

SIEVE (RFC 3028) is a language that specifies control of mail filtering, to handle things such as vacation notifications, mail forwarding and automatic email filing. These can be controlled based on parameters such as message size, and regular expression matches on email headers (e.g., "Subject:").

Because SIEVE is a language, a server implementing SIEVE needs to decide where to store SIEVE scripts and how to manage them.   M-Box stores them in files on the server. For a future release we plan to store SIEVE scripts in the directory, so they could be managed by a special purpose DUA, or have custom scripts built from information managed in a provisioning system.

Managesieve provides a mechanism to create and update scripts using a simple protocol. This allows for better integration with email clients. Cool IMAP clients such as Mulberry and Polymer support managesieve.   Unfortunately the mainstream clients do not (yet).   

Isode recommends proving Webmail in conjunction with M-Box using the excellent open source IMP that provides a Webmail front end to IMAP.   One of the tools associated with IMP is Ingo, which is a Web interface to manage SIEVE scripts using managesieve.  This has good functionality, is easy to use (particularly for common functions such as vacation notices), and works well with M-Box. Its suitable for use both with IMP and as a Web interface for other users to manage SIEVE scripts.

We are introducing some new anti-spam technology, which significantly improves the spam detection capabilities of M-Switch Anti-Spam. This note gives a simple explanation of what we have done to achieve these mprovements. First, a quick reminder of the two key metrics for measuring spam detection:

1. False positive rate: The percentage of real messages that are analyzed to be spam, and blocked, marked or quarantined as such.
2. False negative rate: The percentage of spam that gets through.

Our most important mechanism for spam detection is content analysis. Isode's basic strategy for content analysis is to provide effective generic recognition of spam vs messages (not spam). This will result in a system which will not need frequent updates, and be effective for a wide range of situations. This contrasts with other products we have looked at, that include:

• Systems that keep false negatives low by having a relatively high level of false positive (we have seen arguments that 1% or greater false positive is acceptable, which we strongly disagree with).
• Systems that require extensive use of white lists and black lists to be effective (as the base system is not good enough)
• Systems that need to monitor very large quantities of spam and have frequent data set updates (as they work by matching specific instances of spam, rather than generic spam characteristics).
• Systems with matching rules set by humans. As well as being resource intensive, this leads to false positives, as humans do not easily recognize that a characteristic they use to identify a piece of spam is not uncommon in real messages.

Our current content filtering works by a technique known as Bayesian logic. Each message is examined for a number of characteristics, which include the presence of specific words and "spam characteristics" (e.g., message date significantly in the past). Based on a database of messages and spam, each of these words and characteristics is weighted. The score of each matched feature or word is added together to give a total score, and the message is accepted or rejected on the basis of this score. This approach is quite commonly used by anti-spam vendors - Isode's implementation is characterized by a very high performance engine and carefully built data sets.

This approach has proved effective:

1. It produces a very low level (0.1%) of false positive (real messages that are interpreted as spam, and then quarantined or deleted).
2. For a low level of false positive, it produces a quite low level of false negatives (5%).
3. Data sets have proved stable, and given consistent results without frequent updating.

Over the last two years, we have noticed three things:

1. There is a slight increase in false negative rate, mainly due to spammers working to avoid content filters such as ours
2. There has been a significant increase in the absolute level of spam, which means that heavily spammed mailboxes see enough spam getting through (false negatives) to be irritating (despite most of it being trapped).
3. The use of techniques by spammers to counter Bayesian filters has made it hard to improve performance of data sets.

Because of this we are introducing a new content filtering system. This uses a technique called Support Vector Machine. This technique is used by some other anti-spam vendors, but is much less common than Bayesian. The mathematics behind Support Vector Machines is somewhat intimidating. Those interested are referred to a tutorial by Christopher Bruges, which gives an introduction to the mathematics and pointers to the literature on this technique:

http://www.isode.com/whitepapers/support-vector-machines.pdf

The Isode Support Vector Machine approach uses the same basic inputs as our Bayesian system:

• 124 "spam characteristics"
• 48,000 words (derived from our spam and message samples, eliminating common words, rare words, and some other words)

We've also used a Support Vector Machine in a way that does not require changes to our spam checking, and so we can provide the new features without a product update. Essentially, when a message is checked, a positive or negative value is associated with each word or spam characteristic matched. These numbers are then combined to give a total (we do something a little more complex than just adding the numbers). This spam score then controls processing.

In Bayesian analysis, a simple probabilistic approach is taken. A sample set of messages and spam are analyzed, and each input (word or spam feature) being checked is counted, and weight assigned to each input. An input that often occurs in spam and rarely in messages is given a high weight.  The difference with Support Vector Machines is the mechanism used to derive these weights. Isode uses a Support Vector Machine to generate weights, looking at the inputs in combination. It effectively allows the questionto be asked "for a given set of inputs, which set of weights will most effectively separate out spam and messages (based on a sample set of spam and messages)?". This leads to a (very) computationally expensive calculation to determine an optimum set of weights.

It is hard to explain this in very simple terms, but the key difference to Bayesian is that the analysis takes into account the relationship of the inputs (words and spam characteristics) and how this occurs in spam, rather than treating each input in isolation.

While the mathematics behind Support Vector Machines is complex, the basic advantage of this approach is that it enables efficient comparison against a combination of words/spam factors, rather than the Bayesian approach which treats each factor as independent.

The support vector comparison is implemented by Isode in a way which gives very fast spam checking. We are able to provide Support Vector Machine functionality as a data set update to our current spam comparison engine, which gives a clear demonstration of the flexibility of the M-Switch Anti-Spam engine. (The generation of the data set is VERY compute intensive, but this is a one-off process run by Isode).

The measured results for the data set from internal testing are 0.02% false positive leading to 2% false negative. This is for the content detection, and so overall performance of the complete Isode anti-spam solution should be improved by other anti-spam techniques. The threshold can be changed to decrease false positives (leading to a corresponding increase in false negatives) or vice versa.

Its useful to consider what this means in real terms. My mailbox is heavily spammed (about 200 messages per day). A 2% false negative rate means that typically 196 of the spams get caught and 4 get through. False positive is more complex, as it depends on a user's real traffic. A 0.02% false positive rate would mean that one message in 5,000 gets classified as spam (one message every two months or so if you get 100 messages per day). In practice, some users will never see false positives, and some users who get "spammier" messages will see more. Deployment for Isode staff use is giving performance in line with the testing numbers.

Steve Kille

We started to distribute Release 11 (R11) of our Email and Directory server set today. A number of new monitoring and integration features in this release are particularly relevant to our strategy of providing high-assurance messaging solutions to markets such as Aviation, Military and Intelligence.

We've included in R11:

• A new operator console, DConsole, for monitoring directories,
• A new tool, XMSConsole, to support the management of multiple X.400 servers,
• A complete revision of the Logging system, and
• A Directory Client API, enabling applications to access a directory to perform authentication and obtain configuration information.

R11 also includes the first market-specific Directory Client API, the ATN(Air Traffic Network Directory) Directory API, for the Air Traffic industry.

We've talked about DConsole and XMSConsole in previous blog entries and you can read about all of the key R11 features in the press release on our website.

We are rapidly approaching release R11.0.   One of the areas that has me really excited is our new logging system, and in particular our new event logging.   This is a major overhaul, and gives a lot of benefits.   

The current single mechanism is being replaced with a system that has four logging capabilities, with flexible configuration options:

1. Audit logging. This is logging of activity, recorded for audit purposes (e.g., Adding and entry to the directory). Audit logs typically contain structured information. Log entries are written in an easily parseable extensible format, that can be easily analyzed.

2. Event logging. Isode defines a set of events which are logged. Event types are recorded in an XML repository, which is used by the M-Vault code and provides documentation of events. Events are numbered, in a structured manner which indicates severity and error type. There is fine grain control as to which events are logged and how they are handled. Events may be mapped to native event logging systems (Windows Event Manager or Syslog), or logged to files. Events may be viewed in an operator event viewer.

3. PDU logging. In order to debug protocol, PDUs (Protocol Data Units) may be written out into a file that is identified in the normal log file. This enables easy handling of binary PDUs, and means that PDUs can be accessed without having to parse log files. There is fine grain control to enable PDU logging (e.g., to/from a specific peer server).

4. Debug logging. This can be enabled to diagnose complex failures. Debug logging can be enabled selectively for specific modules. This logging is generally only useful in the context of the product source code, and so would typically be used in conjuction with Isode support.

Steve