Chapter 5. About Tigase Jabber/XMPP Server

Table of Contents

Security
Flexibility
Easy

Artur Hefczyc <artur.hefczyc@tigase.net> v2.0, June 2014: Reformatted for AsciiDoc. :toc: :numbered: :website: http://tigase.net :Date: 2010-04-06 16:18

Tigase Jabber/XMPP Server is Open Source and Free (GPLv3) Java based server. The goals behind the design and implementation of the server are:

  1. Make the server robust and reliable.
  2. Make the server secure communication platform.
  3. Make flexible server which can be applied to different use cases.
  4. Make extensible server which takes full advantage of XMPP protocol extensibility.
  5. Make the server easy to setup and maintain.

Robust and reliable.

By robust and reliable server I mean the server which can handle many concurrent requests/connections and can run for a long time. By many concurrent requests/connections I mean as many as it is needed. The server is designed and implemented to handle milions of simultaneous connections.

It is not enough however to design and implement high load server and hope it will run well. The main focus in the project is put in tests. Tests are taken so seriously that dedicated testing framework has been implemented. All server functions are considered as implemented only when they pass testing cycle. The testing cycle consists of 3 fundamental tests:

  1. Functional tests - checking whether the function works at all.
  2. Performance tests - checking whether the function performs well enough.
  3. Stability tests - checking whether the function behaves well in long term run. It must handle hundreds of requests a second in several hours server run.

Security

There are a few elements of the security related to Jabber/XMPP server: secure data transmissions which is met by the implementation of SSL or TLS protocol, secure user authorization which is met by the implementation of DIGEST or SASL user authorization and secure deployment which is met by component architecture.

Secure deployment is a software installation which doesn’t impact network security. Companies usually have their networks divided into 2 parts: DMZ which is partially open to outside world and Private network which is closed to outside world.

If the Jabber/XMPP server have to provide effective way of communication between company employees regardless they are in company office or outside (perhaps at customer site) it needs to accept connections from outside world. So the natural place for server deployment is a DMZ part. There is an issue however with such installation. Each company has normally established network users base and integrated authorization mechanisms. So it would be very good if Jabber server could use this mechanisms for users authorizations as well. Usually, however, authorization information is not available in DMZ and it shouldn’t be.

Tigase server offers solution for such case. With it’s component structure it can be easily deployed on any number machines and from the user point of view it is seen as a one logical Jabber server. So in our case we can install Session Manager module in private network part and Client Connection Manager with Server Connection Manager in DMZ.

Session Manager connects to DMZ and receives all packets from users. Thus is can securely realize users authorization based on company authorization mechanisms.