Slashdot Mirror
Internal Instant Messaging Client / Server Combo?
strongmantim writes "I manage an internal help desk (25-30 people) for a medium-large company in the healthcare industry. We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo. Transmission of Protected Health Information is a sensitive issue, so the server has to be able to log any conversations that occur. It is preferred that the client not support outside protocols such as AIM, MSN, Yahoo, etc.; if it does, I will have to promulgate and enforce yet one more policy that my techs not connect to them. All of the computers that will connect run Windows XP. The system should be scalable up to ~100 people (in case we decide to include our entire office in the roll-out). Hardware and OS for the server are not an issue. Oh, and one more thing: It has to be free. Suggestions?"
The question is which client and which server, and that I don't know. You should be able to lock it down by not allowing anyone to change its preferences.
--Sam
I love Pidgin, but that doesn't fit the "does not support outside protocols" criteria.
upon the advice of my lawyer, i have no sig at this time
It's jabber based. Free as in beer for both the client and server.
Lets us save logs of all chat sessions between employees, lets employees also save chat if they want to. Lets us do some filtering, overall a pretty good client/server.
http://www.coversant.net/
Oh, and I HAVE gotten Digsby to connect to the server, as well as trillian.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
It sounds like your network, which contains confidential medical records, is connected to the internet.
So I have just one question: Dear God, why?
I literally pasted the article title (sans "Ask slashdot: ") into google, and the first 4 results are free client/server packages of which some have already suggested. There also appears to be someone else asking this same question to some other forum, with attached answer...
I realized ask slashdot has been for years now less about questions for geeks than kids wanting someone else to do their homework, but when did ask slashdot replace google search?
*or* ... ...
Number 3
The health care company isn't american and understands that being OPEN isn't a bad thing. Americans have a problem with that concept.
Quartz Extreme and Core Image. Are there any other real reasons to spend all that money on generic hardware?
You don't even need to do this. All the protocols are dynamically loaded (AFAIK, this is the case on Windows as well).
Just remove the files for the unsupported protocols & block all jabber communications with the outside through the firewall (gmail for instance uses jabber).
BTW, suggesting he hack the source instead of providing him with a client that meets his criteria is only useful if there are no free Windows clients that meet his needs. Since there are, at best you are telling him to use closed-source free (as in beer) software. At worst, he'll resort to closed-source non-free software.
If there are no open-source alternatives, offer to create him one by a fixed-cost contract, cause my guess would be that they are more concerned with recurring per-seat license costs than just paying $1000 one time up-front.
Live with it, because any IM server worth using is going to have _some_ public servers.
Actually, the whole point is that they CAN NOT. Hippa mandates that they do not do that. It would be possible for somebody to copy/paste into the wrong window. For that, it would certainly lead to a firing, and possible jailing. I have consider doing a talk for kopete with an enforced port (via code). It sounds like that is exactly what is needed, though a secured jabberd would cut it.
I prefer the "u" in honour as it seems to be missing these days.
Exodus is fairly simple to setup and administer. Zimbra provides much more than just Instant Messaging; we use it mainly for Zimlets and Collaboration; but the IM feature of Zimbra with auto-logging is very useful and sophisticated as well.
If you keep throwing chairs, one day you'll break windows....
It has an intuitive/simple web interface for administration, and meets your logging needs and more. It can also support many gateways such as AIM, MSN, GADU-GADU, Yahoo! etc - But you don't have to enable them if you don't want them. I use this with the PSI IM client http://psi-im.org/ - A cross-platform Jabber IM client for MAC OSX, Linux and Windows. Check it out at: http://www.igniterealtime.org/projects/openfire/index.jsp
Windows is not the answer.
Windows is the question.
The answer is "NO."
FOSS? Where did he say FOSS? He never said FOSS. He said 'free'. Most likely free as in beer. What company _isn't_ looking for free software? My guess would be they just don't consider this essential and don't want to waste a shitload of money on it.
You know, I had the exact same issue this guy is having and, guess what - google gave me that exact answer (Openfire).
Of course, I used MirandaIM because I knew Miranda had Jabber support and it's a decent little client, but yeah, another vote for both Openfire and "just fucking google it next time".
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Hey look, another Ask Slashdot that should have been Ask Google! Wow! You never see those on here or anything. Maybe this could have been an Ask Freshmeat if they still want a solution from OSDN.
Boooooo. It's not a rumour, you do suck. Perhaps you should stop pissing in your Cheerios every morning and realize that perhaps he wanted a professional or experienced opinion.
That sinking feeling deep in your gut when you KNOW you screwed up bad summed up with: {head desk} {head desk}
Your point is that he's wasting your time? You probably shouldn't have replied then. My boo stands.
That sinking feeling deep in your gut when you KNOW you screwed up bad summed up with: {head desk} {head desk}
Set up a policy if you really have to but wanting to block services is just a waste of time and doesn't add anything to your security unless you have totally incompetent personnel or fully locked down computers. Otherwise they'll start using web clients or simply work around firewall blocks or the like - which at the end might cause more security issues than the usage of the service in the first place.
It's much better to invest this time to educate your people and teach them why it's a bad idea to use MSN.
Lots of companies set up ridiculous firewall rules and think that they are safe - not knowing that the overkill is causing exactly the opposite of what they want to achieve. People don't like to be locked down if they don't understand why.
I had a similar problem to solve in the (small) company that I work for. We ended up with Openfire and Pidgin. This is not safe from the outside but better than what our big mother company did. They force everyone onto Sametime and have their system locked down like no tomorrow - which ends up in people using a multitude of services and wasting a lot of time to work their ways around the firewall to be able to use MSN, Facebook, Jabber & Co.
While I know what I have to deal with and act accordingly, teach the people that they please stay away from insecure services on their work PC the mother company trusts in their rules and unintentionally provokes insecurity.
Security never works against the people, only with the people.
As to where the parent post "should" have asked his question, the parent post asked an intelligent question on a forum that harbours a lot of people who can provide a good answer in under a minute. Slashdot.
There are lots and lots of applications like Jabber, Openfire and whatnot about. And yes, if you want you can create a great big (useless) list of them by Googling for a few minutes. And then what? What are the pros and cons of each app? Where can you find comparative tests? Are those tests any good? Has anyone got practical experience with the app? Any show-stoppers that aren't immediately apparent?
The point about most questions like this is that people who already know the answer consider them "easy". People who don't know the answer consider them hard, and will have to expend a lot of time finding out. Time that's wasted if you could simply have eliminated 90% of the options by asking. That's why you ask. At least if you'd rather get some useful work done instead of being the umpteeth person researching the same wheel.
It's a compliment to Slashdot that people ask such questions, and they do that because they even tend to get useful answers. It shows that Slashdot has value apart from serving as a forum for inane bickering.
Thanks for the recommendation. I wish that people who don't like a story wouldn't visit it and clutter the story with negative comments.
This is the exact attitude that pushes people away from FOSS in the first place.
It is almost impossible to get a real answer from people with experience when all you get in return is "RTFM n00b."
R'ing TFM does not always give you practical information or experience. Especially since there are quite a lot of people out there who are great at writing software but cannot write a manual to save their life. Either it is too technical and boasts about all of the incredible feats of writing the program with very little usability information, or overly verbose about how the program works with very little usability information.
Google does not have all of the answers. It has a wealth of information, but sometimes no answers.
And will not comply with the OP's logging requirements...
--- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
You will find plenty of testimonials if you Google for them.
So why not take it a step further and close down Slashdot.org?
After all, the articles on slashdot are not written by slashdot staff but borrowed of the web so anything on here can be found via Google. Most websites also have a comment section so the trollish comments can be found not only on Slashdot.org
So get over yourself, some people here may actually try to learn from the experience of others.
Don't like a story? Don't fucking reply!
Everyone who buys Wild Hunt will receive 16 specially prepared DLCs absolutely for free, regardless of platform.
I'm the Senior SysAdmin for a large datacenter in Florida. We currently employ over 50 people in our building. We recently migrated from Pidgin+OTR(Encryption) to OpenFire+Spark with ActiveDirectory Integration. I had the server installed and pulling down a list of accounts from the AD server in a matter of minutes. The server has worked flawlessly for us for months and has tons of options. It supports the ability to either allow or lock out 'other' clients(AIM,YIM,etc). This coupled with ACL or Firewall restrictions will ensure that your users are ONLY using the Spark client. It also has chatrooms built into it which you can force your users into when they log on. It's pretty neat stuff.. oh.. it supports SSL connections, and will provide LiveChat for your website as well. It also support logging of all chat conversations if you have a need for that. The only downside that I've run into.. there's a bug on the linux client that has to be fixed manually(associated with the tray icon not showing up). The Windows client has a tendency to run slightly slow. While I read that it runs slow under Windows, in practicality I have not received even one complaint regarding the use of Spark. Oh.. while there is a history in the Spark client, it shows it all as one realllly long page so it's a little clunky having to hunt through your own personal chat history. Look no further. OpenFire+Spark is your answer.