Share

M-Link Edge is used to provide an XMPP Boundary Guard service to protect organizational boundaries and provide Cross Domain services.

M-Link Edge can validate, constrain and transform the XMPP messages it handles. M-Link Edge enables boundary controls to be completely independent of the core XMPP service and, as a boundary service provided by M-Link Edge, can support multiple XMPP servers within an organisation.

Deployment Modes

The diagram above shows three possible deployment modes for M-Link Edge:

  1. Firewall with single M-Link Edge.
  2. Pair of M-Link Edges with Firewall.
  3. Pair of M-Link Edges with an XML Guard.

M-Link Edge uses the standard XMPP Server/Server protocol for connections to XMPP servers, connections to High Assurance Guards such as M-Guard use Guard Content eXchange Protocol (GCXP).

M-Link Edge is Web managed. M-Link Edge provides a boundary function and does not support directly connected users or Multi-User Chat rooms.

Firewall with a Single M-Link Edge

This mode is appropriate for an organization needing XMPP boundary protection. M-Link Edge can validate and constrain or transform both inbound and outbound messages. M-Link Edge can communicate with multiple XMPP servers within the organization, providing a single route for external traffic.

Pair of M-Link Edges with Firewall

n this second deployment mode, two M-Link Edges are operated with a firewall between them.  This configuration would typically be used for a Cross Domain boundary, with one M-Link Edge in each domain and a firewall separating the domains.  The M-Link Edges would communicate using standard XMPP server to server protocol with strong authentication between the servers, so this architecture could be used with a different product (equivalent to M-Link Edge) on one side.

Each M-Link Edge server can be operated according to the policy on its side of the firewall allowing for independent and clearly decoupled control of the checks being applied on each side.

Pair of M-Link Edges with Firewall

n this second deployment mode, two M-Link Edges are operated with a firewall between them.  This configuration would typically be used for a Cross Domain boundary, with one M-Link Edge in each domain and a firewall separating the domains.  The M-Link Edges would communicate using standard XMPP server to server protocol with strong authentication between the servers, so this architecture could be used with a different product (equivalent to M-Link Edge) on one side.

Each M-Link Edge server can be operated according to the policy on its side of the firewall allowing for independent and clearly decoupled control of the checks being applied on each side.