There are a few elements of the security related to Jabber/XMPP server: secure data transmissions which is met by the implementation of SSL or TLS protocol, secure user authorization which is met by the implementation of DIGEST or SASL user authorization and secure deployment which is met by component architecture.
Secure deployment is a software installation which doesn’t impact network security. Companies usually have their networks divided into 2 parts: DMZ which is partially open to outside world and Private network which is closed to outside world.
If the Jabber/XMPP server have to provide effective way of communication between company employees regardless they are in company office or outside (perhaps at customer site) it needs to accept connections from outside world. So the natural place for server deployment is a DMZ part. There is an issue however with such installation. Each company has normally established network users base and integrated authorization mechanisms. So it would be very good if Jabber server could use this mechanisms for users authorizations as well. Usually, however, authorization information is not available in DMZ and it shouldn’t be.
Tigase server offers solution for such case. With it’s component structure it can be easily deployed on any number machines and from the user point of view it is seen as a one logical Jabber server. So in our case we can install Session Manager module in private network part and Client Connection Manager with Server Connection Manager in DMZ.
Session Manager connects to DMZ and receives all packets from users. Thus is can securely realize users authorization based on company authorization mechanisms.
