Internal Instant Messaging Client / Server Combo?

strongmantim writes "I manage an internal help desk (25-30 people) for a medium-large company in the healthcare industry. We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo. Transmission of Protected Health Information is a sensitive issue, so the server has to be able to log any conversations that occur. It is preferred that the client not support outside protocols such as AIM, MSN, Yahoo, etc.; if it does, I will have to promulgate and enforce yet one more policy that my techs not connect to them. All of the computers that will connect run Windows XP. The system should be scalable up to ~100 people (in case we decide to include our entire office in the roll-out). Hardware and OS for the server are not an issue. Oh, and one more thing: It has to be free. Suggestions?"

Bonjour may be what you need.

[SignOfZeta]

Bonjour (aka, Zeroconf) is a zero-configuration link-local protocol that you may find suitable. The protocol is built into Mac OS X and Linux (as Avahi); Windows XP just requires Apple's port of Bonjour to be installed. Once that's set up, you can tell Pidgin, iChat, Adium, Kopete, etc. to announce your presence. Just type in your name, and your Buddy List will instantly populate with all of the Bonjour chatters on your LAN.

It's not as manageable as Jabber or SILC, but from a technical perspective, you can get the entire office chatting in minutes. In my opinion, it's definitely worth a look.

Pluses:

1. Practically zero configuration -- punch in your name and go.
2. Totally decentralized -- no server needed. Much less to buy and maintain compared to Jabber.
3. Buddy Lists are automatically populated -- no need to add anyone.
4. Bonjour is not available outside of the LAN.
5. Compatible with IPv4 and IPv6.

Pitfalls:

1. Pidgin, iChat, etc. all support other externally-available services. (Can the client's preferences be locked? Or use a firewall/proxy to block all outgoing IM services.)
2. Anyone with Avahi/Bonjour, Pidgin/iChat/Adium/etc., and a LAN connection can just open up their laptop and join in the chatting fracas. (Secure your network -- WPA2 is fine, but since HIPAA's involved, try 802.1x, EAP, RADIUS, etc.)
3. You can only chat with users on your subnet. (Do a site survey before deploying.)
4. Chats are not encrypted in transit. (You may wish to encrypt with OTR or PGP.)
5. Other applications can use Bonjour to advertise services -- some VNC clients, for example, will advertise that the computer is running VNC. (Security through obscurity shouldn't be your only line of defense.)

Re:Go easy on the "should" will you?

[nitro77]

Mod this post up. I am out of mod points at the moment.

Re:Go easy on the "should" will you?

[LoadWB]

Seconded. I wish I had seen your post before I gave my tirade just above yours.