Slashdot Mirror
Enterprise IM?
Jsf72672 asks: "With the recently-passed Sarbanes-Oxley legislation, and the looming HIPAA compliance requirements a constant thorn in the side of IT staff, Enterprise Instant Messaging seems to be overlooked. Most users are using AIM or MSN. Microsoft and Yahoo! both have products tailored to the Enterprise, but no one wants to rely their technology to keep them out of jail, or from paying huge fines. Jabber looks attractive but our already overtaxed IT staff does not have the time to compile, secure and test homegrown solutions. What are Slashdot-reading IT Managers doing? I found these guys and their InterIM line of products, and they look pretty good. Is anyone using them? Are there other low-cost solutions you have employed?"
In WinNT/2k/XP/2k3 - net send ip/comp_name message (cmd line, but you can probably whip up a quick front end in VB)
In Win9x/ME - Winpopup.
Sure. None of them have 3way features or whatnot, but for a small office environment, it works.
Frink: Nice try floyd, but you were designed for scrubbing, and scrubbing is what you shall do.
the last two companies I've worked for have had Lotus Sametime. Not sure about licensing or whatnot, but it works.
IIRC Lotus Notes (an IBM product) supports an instant messageing system called "Sametime."
How much more enterprise savy could you need?
Wheeeee
When someone using Jsf72672@aol.com (a throwaway address if ever there was one) starts posting about some wonderful product he "found", it's almost certainly a company representative astroturfing, or trolling for hits.
No offense intended if this "Jsf72672" is a real person's usual moniker, but it seems a bit suspicious. Caveat emptor.
I am getting ready to set up a print house up with 12 OSX workstations and they are very interested in using iChat not just communicate in their office, but since they will be using the Rendevous side of iChat also, they will be able to move large files around easily as well, without the files having to go through AOL's servers.
In addition, one of the main things they want is accountability, phone calls (unless you record and index them all) are really very temporary, while iChats can be saved and searched.
On a side note, I was thinking networking at least 5 of the comps that are in close proximity together using Firewire Over IP, but having done a short test between two comps using that setup, i got no better than a pitiful 60KB/ sec, what is up with that?
Cloud City Digital: DVD Production at its cheapest/finest
There's a commercial version of Jabber at Jabber.com. It has support and was designed for enterprise use.
It's not just open source, the XMPP protocol is approaching RFC status, and there is a whole suite of commercial products utilizing it.
Just take a gander at the Sponsors box on jabber.org for starters. You'll find products that drop into almost any environment, are based on open technologies, and can be complimented by many hundreds of open source apps... what could be better?
Closed IM systems are a thing of the past, if we want them to be.
But at the hospital I work at we use Lotus Sametime which is based on AIM, but authenticates to the Lotus Domino servers and encrypts all traffic. It's not the greatest solution, but since we are currently forced to use Notes, it works well.
Mewyn Dy'ner
Aside from that, I'm seriously leaning towards a group-wide IRC network rather than using IM for business. Turn on all the security, install a few bots (help/faq, admin, relaying messages, etc) and log everything -- that would probably cover all legislative requirements there might be.
Trillian is a great IM app because of its ability to incorporate MSN, AIM, ICQ, Yahoo, and IRC chat networks. They also have a great skin in Microscopic.
I've needed to update it once in a year due to changes to MSN. But its been pretty dependable
Go Gusties
the company I work for uses the regular version of Yahoo Messenger. Not my choice, would rather use something more secure with more interoperability myself. We don't have to worry about HIPAA, don't trade stocks for people, etc but still.
There's no reason to roll your own Jabber server.
Just install a well-known and reliable binary
package from a trustworth distribution such as
Debian stable or RedHat 9.0.
-I like my women like I like my tea: green-
Get certified as HIPPA compliant by some scamming agency like TruSecure. They'll spend fifteen minutes onsite, take you to a nice lunch, then rubber stamp you as certified and send you a cool plaque. Tell all your customer's that you're "Certified". Then, keep instant messaging and sending unencrypted email like you always have. When you get busted for a HIPPA violation, sue the FUCK out of your certifying agency, since they "audited" your compliance measures. The extra $$$ you make off the lawsuits should buy you a nice iPod.
Blogging Weight Loss, Distance Education, and more at verlin.com
These guys provide outsourced SEC compliant messaging for the enterprise. Their big product is doing email archival and hosting, but they also provide some IM services powered by IMLogic software.
Whatever happend to them? Does anybody really have a need to instantly exchange messages throughout the day/night?
Here is a Special Report from eWeek on Enterprise IM and it has some good reviews and articles including
Corporate IM Solutions
Instant Messaging in the Enterprise
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
Low cost it probably is not. And the client software sucks, be nice if they had at least 1/2 the functionality of Gaim.
The Deviant Tech., products looks interesting and is probably cheaper than Sametime. There is an interesting article here
If you already have existing contacts w/ IBM U might be able to leverage them to get a deal on Sametime, especially if you have Deviant Catalog sitting on your desk. ;) Deviant looks almost like an applicance type of idea and looks worth investigating.
For those who don't know, companies in the Financial Sector are now being required to same all e-mail, and IM communications for employees responsible for Financial decisions. In other words the Mutual Fund manager has all her communications recorded, but the lad cleaning the bog (loo/toilet/john ...) does not.
I believe that this data has to be saved for seven years (or five or something). From what I've heard it's a tremendous amount of data. Where I work there are thousands of employees whose e-mail & IM have to be saved. We talking many terabytes of data here and it's a real nightmare. Thankfully I'm not involved in that!
It will interesting to hear which solution you use, how easy it is to set up and run, and how the users like.
Afraid I have to post Anon, part of working for big Fin companies is not talking about what their infrastructure, or at least not telling which company's infrastructure one's referring to! Luck!
You don't need to compile, secure and test the thing.
Just install an RPM and run a client.
It'll take you all of 10 minutes.
Why not setup an internal IRC server with all conversations logged and filed away? File them away as text files, and you could probably come up with some sort of web search through old conversations. If you got fancy enough with the permissions, you could even limit access to the files to only those who participated in the conversation.
Jabber is the way to go, and many clients now support pgp/gpg integration.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
We will be implementing Jabber at the lab I work at. Here is why. Its cheaper than anything else and its secure with ssl. A linux box running the server and you are good to go. Our test box was an old p2 box and it worked fine.
this is the most important sig ever! In your face 446154!
IRC.
The guys you mentioned, Deviant, were at LinuxWorld in SF. They're running Jabber in a Shuttle case, with a bunch of extra logging and retention tricks. So you'd get the open standards and full support at the same time, for what I thought was a great price.
That said, it was too expensive for my client, who is now using a basic Jabber setup...
UserAdvocate: The voice of the user
Only problem is, the free Jabber has a number of bugs, and isn't really built for an enterprise deployment. It lacks support for integration into existing directories and authentication structures, an easy mechanism for pre-populating buddy lists, and many other "corporate" features and services.
As it happens, most missing features are available in the commercial jabber.com release, which costs big big bucks.. thousands to tens of thousands for licensing, plus annual fees of around ten bucks per user.
I do not deploy Linux. Ever.
It's like IRC, but with public key encryption built in from the ground up. And All SILC software is Open Source (GPL).
So far, the only complaint I've received is the lack of a good MS-Windows client.
The X and text clients for Unix are usable, and there's even an Irssi module. but the Windows clients lack the polished user interface that people have come to expect from their Microsoft-centric chat services.
BTW, SILC Client 1.0.1 was released this week.
I do not deploy Linux. Ever.
I beg to differ.
Given the context of the original question, being the "Enterprise", I would argue that "thousands to tens of thousands for licensing" is actually fairly cheap. This isn't big big bucks by enterprise standards at all. It's chicken feed.
For a third party company to provide a supported solution which keeps you in compliance, I'd bet Enterprise companies would pay far more.
ApplianSys in the UK do a Jabber server appliance - The IMbox200.
This kind of thing has to be a good option for people not confident at rolling their own, or for the enterprise that wants a solution that's easily supportable.
Just being able to plug a black-box into your network and have it authenticate with existing systems has got to be a bonus.
Mate, i am all for text if it is faster and/or does the work better. I deploy Linux servers everywhere so i know the value of a text console. But users in a corporation have graphical interfaces, they use the mouse, they click, they want to see smilies and pictures. Stupid? Maybe, but this is how things are in an enterprise, and solutions are deployed for users sake, not for ours.
I just closed the Windows silc client i had run with a CTRL^C and after seeing the Terminate batch job (Y/N)? message, i checked to see if i was still in the century XXI. Weird eh? ;-)
Pedro
UBS Warburg span off their internal chat program into a company called Parlano. It's designed for the enterprise and so has logging etc built in. You may want to have a look.
Reuters Messaging. Specifically designed for the corporate user, with encryption, logging, resilience, etc etc.
Healthcare Information Patient Privacy Act, IIRC. It's Healthcare legislation requiring that patient privacy be respected.
Also means that HMOs have to give those of us with "pre-existing conditions" (read: chronic health issues) insurance, as long as we haven't gone more than 3 (or 6?) months w/o insurance. An industry joke says, "slide down the cobra and land on the hippo", b/c cobra requires COs to pay your insurance for (i think) 6 months, and hippa requires insurance to accept you after another six.
The other SILC clients available for MS-Windows are GUI win32 binarie with a point-n-click interface with graphical icons. In some ways this is worse, since the icon imagery in some clients doesn't seem to have any relationship to what the buttons actually do!
Exactly. And while there are GUI clients for SILC on Windows, they are still the most unattractive chat clients I've ever seen.I do not deploy Linux. Ever.
HealthApps.com - Secure online collaboration, document management and compliance.
</shamelssplug>
Do realize there is more than a single commerical vendor for Jabber? For instance Jive Messenger has an unlimited user license for $4500. Now granted you probably wouldn't want to handle 10,000+ users on a single Jive Messenger instance but there are less expensive options than Jabber Inc. However, with Jabber Inc's solution you can easily scale to hundreds of thousands of users, something that very few, if any, other IM products are capable of.
As some have mentioned, Sametime is an enterprise IM client specifically designed for corporations. Among some of the nice features it supports are encrypted messages (as in all messages are encrypted by default) and typing notification (it's had this long before it became popular in AIM clients).
I'm not sure what kind of clients are available publicly but all of IBM uses it quite effectively.
int func(int a);
func((b += 3, b));
Plethora Technologies develops and licenses Plethora Perspective, an enterprise, Java-based, Linux-server, Windows-client IM/remote access product that has single-ended FIPS-compliant RSA encryption (that is, transmissions are encrypted, and no keying information is stored on the client). The client needs only Java Web Start + a download of the Plethora Java applet. I don't know how much it costs. It would appear to be good for HIPAA or other uses requiring security and privacy.
Osterman Research has published several studies on this topic. One of their studies from September 2002 indicates that "Among organizations that have adopted a corporate standard, 61% have adopted Lotus Sametime; among these organizations with more than 1,000 email users, 73% have adopted Lotus Sametime." More recent surveys have been conducted, but I haven't seen those results.
Check out commercially available IMLogic based out of Boston. No real experience with them, but impressive list of fin-svcs customers.
Just use a standard network such as AIM, and use a client that encrypts.. There are several open source ones that do.
Then forbid anyone to contact people on the 'outside'. Perhaps even force 'contact lists' to be read-only to the users, and audited.
That should be enough to satisfy the feds.
---- Booth was a patriot ----
I've been working on an open source solution to just such types of problems. Written in java, it will (eventually) support IRC, AIM, YIM and MSN protocols as well as it's own protocol. While it can be used as a plain ol' client, I want to add support for heavy duty encryption. Although right now it's just a pretty crappy IRC client, the direction I am trying to take it is to allow deployment in secure environments.
I've only been working on this for a couple of months now, so it's barely usable right now, but if anyone is interested in working on the project let me know, I'm sure something usable could be available a lot sooner if it were more than just me working on the project.
Famous Last Words: "hmm...wikipedia says it's edible"
Just a nitpick:
:)
:)
'Jabber.org' is not buggy, unless you are referring to the website having bugs.
You're probably thinking of the 'jabberd' server software, but this is not a product of jabber.org, and it is not the only server software available. Saying "the free Jabber" would make about as much sense as saying "the free HTTP". Remember, Jabber is an open protocol, and anyone is free to implement it. Just as with any other standard protocol, such as email, there are many software solutions (free, commercial, etc) available.
Just FYI.
no one mentioned icq groupware. its a bit behind in versions compared to the regular client, but it isn't as bloated either. client and server are free from icq. i am running it on a small network and its just fine.
Check out http://www.versona.com. They have a new product called Versona Instant Messaging. They just had a review posted on www.instantmessagingplanet.com. It looks really cool and it interoperates with AIM, MSN, Yahoo and Sametime with some really impressive features. Might be worth checking out.