Tag

security Archives - Holodeck B2B

Dec 13 2021
0

Patching the Log4J vulnerability

By | News | No Comments

Holodeck B2B uses Apache Log4J for logging, which means gateways are potentially vulnerable to the Log4Shell exploit.

Please patch your Holodeck B2B gateway following the steps below to update Log4J as soon as possible. You can also upgrade your gateway to version 5.3.1.

Installing this Log4J update will require stopping and restarting your gateway. Please read through all steps of the process beforehand.

1. Download the most recent Log4J 2 release from the official project website: https://logging.apache.org/log4j/2.x/download.html and extract it
2. Go to the lib directory of the Holodeck B2B installation.
3. In the lib directory, locate all files where the name starts with ‘log4j-*’ and find the file with the same name in the downloaded archive. The downloaded archive will contain more files than needed. You only need the files with the same names as those that are in the lib folder.
4. Create a temporary folder on your machine and copy these files from the downloaded archive to this folder.
5. Stop Holodeck B2B
6. Replace the old files in the Holodeck B2B lib directory with the downloaded files from your temporary folder
7. Restart Holodeck B2B

Sep 03 2020
0

Holodeck B2B 5.0 – new UI’s and Certificate manager

By | News | No Comments

Holodeck B2B 5.0 is out and these are the changes we’d like to highlight.

User interfaces

Although Holodeck B2B is back end software, we thought that system admins would appreciate a quick and easy way to monitor the gateway without referring to the business system logs. That’s why we’ve added two user interfaces to Holodeck B2B.
With these UI’s, gateway admins can monitor message status and check gateway configuration.

Command line UI: Overviews of P-Modes, Certificates, Message status and Message history are included. Run the tool without entering a parameter for a list of all available functions.
Graphic UI: lets you quickly see how your gateway is configured in a graphical interface.
You’ll find an overview of the UI functions available in the documentation.

We’d love to hear what you think of the new UI and if there is anything else you’d like to be able to monitor. Let us know through our contact form or our social media!

2-way Asynchronous messaging

You can now specify a 2-way Async message exchange in 1 single P-Mode for simpler gateway configuration. This increases the ways in which you can manage P-Modes.

Certificate Manager

We are continuously making Holodeck B2B more modular and flexible. This release, we’ve added a new separate Certificate Manager to Holodeck B2B. It manages trust validation of signing and encryption certificates, as well as more security configuration options.
The default security manager supports OCSP validation. This is used in for example the Peppol network. You can now check the Peppol CA online to validate whether a certificate is still valid or has been revoked.
In addition, the Certificate manager lets you implement your own certificate policies.

REST API

You can add a REST interface to your gateway for connecting with your back end system using our new REST extension.

And there’s more…

For a full overview of all changes, please consult the Changelog in the download.

Nov 04 2018
0

Holodeck B2B 4.0 – create a multiprotocol gateway with AS2 support

By | News | No Comments

The Holodeck B2B stack is growing! Today we’ve released the latest version of our AS4 gateway, as well as a new open source extension you can use to add AS2 messaging functionality to your gateway. Finally, we’ve also made the BDXR Common toolkit available – a set of libraries you can use to build SML/SMP clients.

Holodeck B2B 4.0

This latest release adds some important new features to an already highly configurable message service handler that still works out of the box.

  • More validation options:
    • Strict validation of ebMS headers.
    • Implement your own validations that will run during message processing by the gateway. Problems that are caught kan be reported directly back to the receiver. On ebMS level messages can also be rejected based on business rules.
  • More flexible configuration of retries. Interval times are individually configurable – for example, a very quick first retry and increasingly larger intervals for the following retries.
  • More message processing events. These allow automated monitoring of message processing and let you follow up on certain events by a technical management system or on the business application layer.
  • Improved logging. Operators can follow the message flow on various levels of detail.
  • Option to add AS2 functionality using the Holodeck B2B AS2 extension.
  • Introduction of a security module.  You now have the option to use your own security module, which may be needed for specific security policies / business requirements.

See more in the full changelog or download Holodeck B2B now.

AS2 extension

Holodeck B2B AS2 is an extension for Holodeck B2B 4.0 and higher that lets you add AS2 messaging functionality to your existing AS4 gateway. Whether the gateway uses AS2 or AS4 can be configured in the P-Mode of the message exchange.
Chasquis (the creators of Holodeck B2B) offer even more functionality in their PEPPOL gateway, that adds auto configuration using SMP – including automatic selection of the correct protocol to use per receiver (AS2 or AS4).

We have created this extension for businesses that need to make the transition from AS2 to AS4. Instead of having to switch from one gateway to another on a cut off date you can now plan your migration on your own terms. When the time comes for you to switch from AS2 to AS4, all you need to do is edit the P-Mode for the message exchange – no more than a few minutes work.
The AS2 module includes the following features:

  • Signing (including SHA-256 and many others)
  • Encryption
  • Compression
  • Single attachment
  • Configuration based on Holodeck B2B P-Modes

Download the Holodeck B2B AS2 extension from the repository.

BDXR Common toolkit

A toolkit containing libraries for building  SML / SMP clients, to retrieve messaging partners’ metadata from  the SMP. This metadata is then used to configure the gateway. This setup is required by the PEPPOL messaging profile.
This toolkit is aimed at developers who want to create their own client. It is not a ready to use SMP client. The download does include a sample client for you to base your work on.
Like Holodeck B2B, it’s design is modular and it can easily be adapted to the needs of your business environment.
Download the BDXR Common toolkit.

Apr 16 2015
1

Holodeck B2B 2, beta 3 featuring AS4 security

By | News | No Comments

The latest beta of the Holodeck B2B AS4 message service handler is now available on request. Most important new features are encryption and signing based on WS-Security, making Holodeck B2B now fully AS4 compliant.

Encryption

Holodeck B2B supports end-to-end message encryption in a point to point exchange. The Holodeck B2B security module uses your system’s default crypto provider to encrypt the message. By changing the crypto engine you can configure the supported algorithms.

Signing

With signing of messages implemented, Holodeck B2B now offers

  • Authorization of pull requests based on the X.509 certificate.
  • Authentication of push and pull messages including non-repudiation receipts.

Compliancy

The AS4 specification defines three conformance profiles: ebHandler, Light and Minimal Client. Holodeck B2B complies with all three. We have a full overview under the Detailed feature list.

With the addition of message authentication and encryption the Holodeck B2B open source messaging solution is ready to support Superstream and Entsog AS4 profiles.

Download

Beta 3 is available on request.
We’d like to know more about why you are considering using Holodeck B2B. Which features are most important to you, looking at the current features as well as things you’d like to see in Holodeck B2B in the future?
If you would like to try the new version, please contact us using the form below.

*edit: As Holodeck B2B 2.0 is out of beta per april 2016, you can find the latest version on the Download page.*