Slashdot Mirror
Internal Instant Messaging Client / Server Combo?
strongmantim writes "I manage an internal help desk (25-30 people) for a medium-large company in the healthcare industry. We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo. Transmission of Protected Health Information is a sensitive issue, so the server has to be able to log any conversations that occur. It is preferred that the client not support outside protocols such as AIM, MSN, Yahoo, etc.; if it does, I will have to promulgate and enforce yet one more policy that my techs not connect to them. All of the computers that will connect run Windows XP. The system should be scalable up to ~100 people (in case we decide to include our entire office in the roll-out). Hardware and OS for the server are not an issue. Oh, and one more thing: It has to be free. Suggestions?"
I've always found that IRC is pretty handy as a help service, most Linux distros host live help chat on it. Many other FOSS solutions seem to use it as well, such as VLC, OpenOffice.org, etc. I'm not sure how exactly one would go about setting up a server, but I can't imagine it would cost much of anything and it shouldn't be too difficult to set up. There is a pretty good wiki about it, it should have all the relevant links you could need for finding out how to do it. Cheers.
openfire is a jabber based FOSS server.
we use it with AD integration. I haven't implemented it yet, but they have plugins supporting full message transcript.
Spark is the client from the same company and it is jabber only.
If I remember correctly, openfire alos supports being a proxy for all other (most?) IM protocol's so even if someone gets a copy of AIM or whathave you on you network, there server can still log the transcript.
Easy to set up, free and robust.
I wrote about this some time ago, right here.
/. address should be fine).
The short and simple answer, that should fully meet your needs, is to install jabberd2, configure it as needed (should have a logging module/plugin somewhere), and then to use Miranda IM with only the XMPP components as the client. Miranda is very easy to customize; if you don't want a protocol you simply don't include the relevant DLL.
Note: the links on that page are dead, namely the ones to the MSI installer package that I built. If you have a need for it, feel free to drop me an e-mail (the
Perhaps he also wanted some insights from people who have been in similar situations?
There is a big difference between a website found on google and a testimonial from someone who's done it.
Bonjour is great, but what you've suggested doesn't meet his needs at all. One of the stated requirements is that there MUST be centralized logging of all conversations, and what you've proposed is direct client-to-client chats with no centralized server.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
I support a 7-site network with ~80 PCs. I use the Spark client because it comes packaged as an MSI--easy to push out via Group Policy. I also have a batch file which creates an initial settings file for the users the first time they sign in.
Initially we had an internal (old junker box) linux server which was only accessible from the internal network and everyone had Jabber IDs of user@customer.local. We recently switched to user@customer.tld so people could access it from their iPhones and Windows Mobile phones using the Palringo client.
ejabberd on linux has nice LDAP integration with Active Directory on Windows. You could also use the OpenFire server which is made by the same people that make Spark. It has a free version and a commercial version IIRC.
There's no place like
a groupware that doesn't support ldap? this is a joke :)
Unfortunately, while I personally like the XMPP protocol and think it would normally be an excellent solution, I think you have uncovered the biggest flaw. Preventing the clients from talking to the outside world is going to be nearly impossible unless you keep them on a network that doesn't route to the outside world.
For instance, GTalk uses SSL over port 443 so if you want any type of secure web transactions with the outside world then your also going to be allowing secure chatting. Even if you go through and block obvious XMPP hosts that are using non-standard ports (443, 80, etc) it will require ongoing attention as other sites start their own services.
Whee signature.
There is a nice layer 7 firewall out now called Palo Alto that has the ability to actually distinguish between regular https and other protocols trying to use it's port. They of course are not cheap _or_ free, but they certainly work like a champ!
"My immediate reaction is "WTF? What kind of moron doesn't make things 64-bit safe to begin with?" Linus
I agree, Openfire Server with Spark as the IM client will satisfy your requirements. It is a solid, extensible instant messaging server that should meet all your requirements.
:-). It has easy installs for both Windows and Linux - definitely give it a try.
What is nice about Openfire is that it allows you to centralize the management and security a lot, which gives you a lot of control in information-sensitive situations like this. It has integration with an existing LDAP/AD server if you want to keep your authentication policy centralized on your LDAP server if you have one. Likewise, you can force all users to use SSL for secure messaging if you want.
Likewise, I was working with the open source version over the last couple weeks (I setup a test environment for our company), and based on the menu options it appears that message auditing also is included (I didn't try it), so you can log all your conversations as you would like. I knew they had this feature before in their paid version, but it looks like they made it available in their open source version.
Finally, if you ever grow and need support, you can get it from their list of service providers. And it's free
Good luck!
Openfire Server
Spark XMPP Client
http://en.wikipedia.org/wiki/WASTE might work, it was developed by Nullsoft for internal communications and file sharing, is encrypted, and has no central server.
OCS (Office Communications Server) works great at our company, and even completely replaced our PBX as well. The new R2 version as some nice new call center auto-routing capabilities you might find useful on the helpdesk..
Holy crap! Calm down, dude. My idea was for setting up a test system, with a test failover system using what I presume would be readily available test systems in an organization like his (if they're not using virutalization, they probably should be). Yes, the progression you described is totally accurate for putting together a production rig. Wow, documentation? You don't say, I never knew about documentation requirements for maintaining a network. Again, wow. The guy's looking for ideas for how to get started with solving his problem; I assume he knows how to do the rest of his job.
Speaking of jobs, I've been doing this for close to fifteen years, including major work on Navy networks. How long have you been plugging away at it? Your technical skills sound great, but your interpersonal skills seem to indicate a penchant for running away with wild assumptions.
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
I just reread my post. Sorry I cam accross as too harsh. I've been at this for about 15 years myself and I just get sick of people assuming something only takes a short period of time to setup, because you can knock out a proof of concept quickly. I've also run into plenty of situations over the years where the documentation wasn't done, because either the admin didn't do it or management didn't understand the importance and wanted something with a higher priority done. I've also seen proof of concept systems turn into production systems when a manager says it's good enough and not a critical system and not to worry. That's when you really need to worry.
Hey, no hard feelings :). I definitely feel your pain; I've seen a setup where a repurposed desktop system shoved in a closet was acting as a domain controller for 150 workstations, another office with 90% of the outbound bandwidth consumed 24 hours a day by bots spouting spam, and still other situations where companies got some guy from the community college to build several "proof of concept" systems and just kept using them in production (they only had a cell phone number for their "guy", and I wound up trying to deal with the ensuing nightmare when crap started failing left and right). Sorry about that run-on sentence there, I get a little worked up about these things :).
512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.