Slashdot Mirror
Internal Instant Messaging Client / Server Combo?
strongmantim writes "I manage an internal help desk (25-30 people) for a medium-large company in the healthcare industry. We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo. Transmission of Protected Health Information is a sensitive issue, so the server has to be able to log any conversations that occur. It is preferred that the client not support outside protocols such as AIM, MSN, Yahoo, etc.; if it does, I will have to promulgate and enforce yet one more policy that my techs not connect to them. All of the computers that will connect run Windows XP. The system should be scalable up to ~100 people (in case we decide to include our entire office in the roll-out). Hardware and OS for the server are not an issue. Oh, and one more thing: It has to be free. Suggestions?"
The question is which client and which server, and that I don't know. You should be able to lock it down by not allowing anyone to change its preferences.
--Sam
Use the encryption capabilities in Pidgin.
http://pidgin.im/
You can setup a SILC server.
That's what we used to use in a company I worked for and it worked quite nice.
You're looking for a jabber server and client.
I work for a credit card company, and we use ejabberd on the server end of things.
You probably have some jabber only client options, but those will still be able to connect to other jabber servers like Google Chat.
Live with it, because any IM server worth using is going to have _some_ public servers.
I'll leave the logging up to you, ejabberd can do it, but our company decided that the security issues involved with storing the logs were much worse then not having the logs.
(Having stored, unencrypted, card data for any length of time is something that, on the very optimistic (good luck with the auditor) side requires a great deal of security. And just encrypting the drive it's sitting on doesn't really do away with more then half of that. Health data should be as much of a nightmare, but maybe not.)
http://www.igniterealtime.org/projects/openfire/index.jsp
Works very well. Meets all your reqirements. Client supports Mac, Win and Linux but is a resource hog. It's jabber though so you can use many clients.
Company-Wide Instant Messaging with Jabberd by Oktay Altunergil
http://www.onlamp.com/pub/a/onlamp/2005/10/06/jabberd.html
-- A cat is no trade for integrity!
Open Fire is a wonderful Open Source server for jabber. I used it in a similar situation a few years back. There are many jabber clients- I'm sure you can find one that meets your needs.
I've always found that IRC is pretty handy as a help service, most Linux distros host live help chat on it. Many other FOSS solutions seem to use it as well, such as VLC, OpenOffice.org, etc. I'm not sure how exactly one would go about setting up a server, but I can't imagine it would cost much of anything and it shouldn't be too difficult to set up. There is a pretty good wiki about it, it should have all the relevant links you could need for finding out how to do it. Cheers.
This tutorial describes how to set up and run an UnrealIRCD server on OpenSuSE 10.2 and Fedora Core 6. It also shows how to install Anope IRC services. Anope is a set of Services for IRC networks that allows users to manage their nicks and channels in a secure and efficient way, and administrators to manage their network with powerful tools.
Its FOSS, you can setup SSL, and it should be fairly easy to log/manage. With the tools available each person would be setting up their own chat room (just by naming it) and logging should be a snap.
At our work the IT guys wanted to set up an IM network for similar reasons. They went with Jabber, and one of the jabber only clients (Coccinella, I think). They have it run through SSL, and set to log. They let some of us (the smart ones) use pidgin if we want multi-protocol clients. It works well and is tied into our Active Directory for accounts via LDAP.
It's jabber based. Free as in beer for both the client and server.
Lets us save logs of all chat sessions between employees, lets employees also save chat if they want to. Lets us do some filtering, overall a pretty good client/server.
http://www.coversant.net/
Oh, and I HAVE gotten Digsby to connect to the server, as well as trillian.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
It sounds like XMPP (also called jabber) is what you need. XMPP is an open standard for instant messaging, and there are free/open source implementations for both clients and servers. One option for servers is jabberd. One option for a client is Pidgin (which runs in Windows and Linux).
Spark + openfire.
I implemented these with Active directory authentication.
Highly recommended, sure a couple quirks here n there with the advanced functions of the client, but for the basic features of needing to chat, and log... its the best i know of.
It sounds like your network, which contains confidential medical records, is connected to the internet.
So I have just one question: Dear God, why?
I would recommend Openfire. It is a Jabber / XMMP implementation from Jive Software, and is open source (GPL).
See http://www.igniterealtime.org/
I can say from experience that it is fairly easy to administer, is multi-platform, and scales nicely. It has a rather nice size of plugins and should meet compliance standards.
Navicula hydraulica plena anguilarum est. Omnes castelli tuus nostri sunt. Ed elli avea del cul fatto trombetta.
I would suggest to use IRC too, the setup is easy. There is alot of guide and freeware availiable for download now days to even run the server on windows.
I used a Program called openfire/spark. It's client/server based and completely Free. It's OSS and very powerful. It uses the jabber protocol and it worked well for our company of over 200+ people. http://www.igniterealtime.org/projects/spark/index.jsp
I'm not aware of any instant messaging client that integrates nicely with Active Directory other than Office Communicator (hell, it extends the schema), which definitely fails in the "FOSS" department.
I believe Jabber has LDAP support, however I'm not sure if there is any sort of "corporate address book" functionality built in.
openfire is a jabber based FOSS server.
we use it with AD integration. I haven't implemented it yet, but they have plugins supporting full message transcript.
Spark is the client from the same company and it is jabber only.
If I remember correctly, openfire alos supports being a proxy for all other (most?) IM protocol's so even if someone gets a copy of AIM or whathave you on you network, there server can still log the transcript.
Easy to set up, free and robust.
I literally pasted the article title (sans "Ask slashdot: ") into google, and the first 4 results are free client/server packages of which some have already suggested. There also appears to be someone else asking this same question to some other forum, with attached answer...
I realized ask slashdot has been for years now less about questions for geeks than kids wanting someone else to do their homework, but when did ask slashdot replace google search?
SoapBox Server from Coversant is probably your best bet. It's a stable platform, source is available.
http://www.coversant.com/
*or* ... ...
Number 3
The health care company isn't american and understands that being OPEN isn't a bad thing. Americans have a problem with that concept.
Quartz Extreme and Core Image. Are there any other real reasons to spend all that money on generic hardware?
I wrote about this some time ago, right here.
/. address should be fine).
The short and simple answer, that should fully meet your needs, is to install jabberd2, configure it as needed (should have a logging module/plugin somewhere), and then to use Miranda IM with only the XMPP components as the client. Miranda is very easy to customize; if you don't want a protocol you simply don't include the relevant DLL.
Note: the links on that page are dead, namely the ones to the MSI installer package that I built. If you have a need for it, feel free to drop me an e-mail (the
--
So who is hotter? Ali or Ali's Sister?
If you really want heavy AD integration, you probably fall into the grasp of Microsoft Office Communications Server. You can absolutely forget free in that case, though.
FOSS side, I'm fairly sure that at least some degree of LDAP integration is possible, though it has been a while since last I checked.
Exodus is fairly simple to setup and administer. Zimbra provides much more than just Instant Messaging; we use it mainly for Zimlets and Collaboration; but the IM feature of Zimbra with auto-logging is very useful and sophisticated as well.
If you keep throwing chairs, one day you'll break windows....
Do it as a web (intranet) server application in PHP&MySQL. Install WAMP and write it. It will be much easier to maintain. It will be available by the address, say, 192.168.15.10 . So what?
Can you imagine installing a client on a 100 work stations? Upgrading? Been there. Thank you very much.
I imagine that, in the end, your solution will involve Jabber and XMPP in some way.
It has an intuitive/simple web interface for administration, and meets your logging needs and more. It can also support many gateways such as AIM, MSN, GADU-GADU, Yahoo! etc - But you don't have to enable them if you don't want them. I use this with the PSI IM client http://psi-im.org/ - A cross-platform Jabber IM client for MAC OSX, Linux and Windows. Check it out at: http://www.igniterealtime.org/projects/openfire/index.jsp
Windows is not the answer.
Windows is the question.
The answer is "NO."
+ssh for secure communictions
+Sessions logged on the server.
+Each person can talk to other people in private - just like "IM"
+IRC client lists who is logged in - presence awareness #1
+IRC clients configured to auto idle after X minutes - presence awareness #2
+Scalable past 100 users
+Permanent channels can be created for each team.
+DCC for file transfer.
+Depending on the IRC client, ascii emoticons can probably be converted to gif animations.
Maybe ?? http://www.unrealircd.com/
Or is IRC not the protocol you are looking for?
Openfire (which has been suggested above) has AD integration. I run it at my school (with 900+ students/staff) and manage all the logins with the central AD server. Easy to set up and configure too.
Obviously, this, or something like it, is one of your main concerns (though you might not be American). I have thought some time ago that ktalkd was interesting because it was NOT designed to be large enterprise wide. It was a simple easy to used talk protocol, with a secured option. The client was ktalk, but it was for 1.0 and 2.0. It seems to me that something like this is really what you want, with an enforced port (code it in), combined with a firewall on that port. that approach would take care of the mistakes. Obviously, crackers could get by, but then again.....
I prefer the "u" in honour as it seems to be missing these days.
FOSS? Where did he say FOSS? He never said FOSS. He said 'free'. Most likely free as in beer. What company _isn't_ looking for free software? My guess would be they just don't consider this essential and don't want to waste a shitload of money on it.
TELEPHONES!
Anybody want my mod points?
You know, I had the exact same issue this guy is having and, guess what - google gave me that exact answer (Openfire).
Of course, I used MirandaIM because I knew Miranda had Jabber support and it's a decent little client, but yeah, another vote for both Openfire and "just fucking google it next time".
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Haven't had your coffee yet, dear?
Did you even look first? Jabber has been around for years now, and sounds like it'd be ideal. Technologically it is similar to email in principle. It's an open standard, so there are many clients and servers to choose from (I'm a fan of ejabberd myself.)
Any policies you like, such as connecting to other servers or protocols, logging, encryption, whatever can all be enforced from your server.
Open source.
Cross platform.
Cool name.
Teamed with Openfire, golden
BTW -and don't take this wrong- if you really are at a HMO/HCP, you should have policies in place that prevent IM to the Internet already in place. There's this thing called HIPAA, don't you know?
Sig this!
Hey look, another Ask Slashdot that should have been Ask Google! Wow! You never see those on here or anything. Maybe this could have been an Ask Freshmeat if they still want a solution from OSDN.
Boooooo. It's not a rumour, you do suck. Perhaps you should stop pissing in your Cheerios every morning and realize that perhaps he wanted a professional or experienced opinion.
That sinking feeling deep in your gut when you KNOW you screwed up bad summed up with: {head desk} {head desk}
Is it really too hard to go and see people in person?
This is a perfect use case for AltME, which is set up specifically for running your own private, secure server, that logs all messages. It is very easy to install, set up and to maintain (I've been running servers with no problems for a few years now).
You definitely want to try out the Citadel groupware server. Even if you don't need it for its mail system, address book, calendar, etc... it's got a built in XMPP (Jabber) service that integrates nicely across the entire environment. It also logs all of the instant messages sent through it. Each user can review their own logs too, which is nice. And you have the ability to journal everything that comes through the system, perhaps to an external archiving service (this feature was built with industries like yours in mind, where anything that gets read by anyone *must* be archived).
... GPL 3, to be exact.
And it's free software
Tired of FB/Google censorship? Visit UNCENSORED!
We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo.
(emphasis mine)
Nice job reading. I quote from the Ask Slashdot itself:
He didn't say it HAD to be FOSS, but if possible, he would like it.
There are a couple of commercial products which will handle the job. I'm most familiar with the Barracuda IM Firewall. For about $2k, you'll get everything you've listed - full logging of conversations and file xfers, plenty of capacity, integrated client, plus a few other nice features like keyword administrator notification & message blocking, LDAP integration, and reporting.
The biggest feature you might appreciate is its ability to BLOCK the public IM protocols. The larger models also connect to the public IM networks, so you can log & apply policy to those conversations on a per-user basis. Some people _insist_ on bypassing IT policies, so allowing those folks to connect in a way you control might make both you and them happier.
The factors I think need to be weighed are 1) the cost of your time 2) the cost of a HIPPA violation, and 3) your ability to set up something bulletproof (no offense intended - I wouldn't trust myself to do it right the first time!)
Disclaimer: I used to work for Barracuda a couple of years ago. Some of their technology is crap, but the IM firewall is IMHO one of the best things they've ever released.
WiredRed makes an IM client/server called e/pop. It can integrate with ADS and settings are hardwired into the binary which is deployed to all clients. Therefore no worries that a user can change anything b/c only clients with the option enabled (again, in the binary) to change stuff can even see the available settings. It is not free though. If I recall correctly the price is about $15 per user. Because they make their own server it can work in private networks but the last I saw (4 years ago) they didn't use Jabber.
this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
Your point is that he's wasting your time? You probably shouldn't have replied then. My boo stands.
That sinking feeling deep in your gut when you KNOW you screwed up bad summed up with: {head desk} {head desk}
I also recommend Ignite Realtime's Openfire. I have run it since Jive owned an Enterprise version of it (~2005) and all I can say is that it's rock solid.
It can run the server under either Windows or *NIX, offers integrated or external Database Server options, can be deployed to your website via Fasthpath to offer online chat services and offers several client options.
The best part of it is that it's easy to learn and deploy. A definite must to check out.
Unless you are looking for massive scalability (as in: 500 users in a single chat room), Jabber / XMPP can handle everything better than IRC. There are things like automagic contact lists (have everyone in your department on the list, centrally administrated), working encryption, publish-subscribe ... and of course the XMPP standard is easy to extend, as it's XML based.
gotcha.
That sinking feeling deep in your gut when you KNOW you screwed up bad summed up with: {head desk} {head desk}
I agree.
The OpenFire Jabber server is rock solid and integrates with LDAP, has the ability to log conversations and generally speaking is very elegant and easy to maintain.
We also use the Spark client, which is made available by the same group.
Very solid setup if you ask me.
think before you write, it'll save me moderator points.
I have a program called RiseOp (wwww.RiseOp.com) that fits your problem. It is a highly secure, private communication system supporting IM, Chat, VoIP and file transfer among other services. It is fully decentralized, and very safe in that all members use public key crytography to personally encrypt and sign all communication. It scales very well, is user friendly and easy to manage - the organization structure of your company is mirrored in the program itself. IM me riseop@live.com on MSN if you have any questions.
Secure Internet Live Conferencing, or SILC is what you need (or might want to look at anyway:). Pidgin can be used as the client.
At a company I left recently I installed Openfire and our supported IM client was their spark client (however despite my ex-bosses rants a lot of clients ended up being used by employee's) Spark works really well. Openfire is rock solid. It runs on Linux or Windows (better on Linux less server load). Without a hitch. Live upgrades work, and if you use mysql as the DB backend you can have auto failover. SSL 3 and TLS are supported as well.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
Perhaps he also wanted some insights from people who have been in similar situations?
There is a big difference between a website found on google and a testimonial from someone who's done it.
OpenFire, as many others have noted, is an open source jabber server, that's highly extensible, and already has support for the logging you require (via the monitoring plugin).
The same group also has a web based client, SparkWeb, that you can lock down to your OpenFire installation. You can also lock down OpenFire, so that it only supports your official client. One of the nice things about a web client is you don't have to deploy to 100 desktops. You just send out a link. :)
Bonjour is great, but what you've suggested doesn't meet his needs at all. One of the stated requirements is that there MUST be centralized logging of all conversations, and what you've proposed is direct client-to-client chats with no centralized server.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Set up a policy if you really have to but wanting to block services is just a waste of time and doesn't add anything to your security unless you have totally incompetent personnel or fully locked down computers. Otherwise they'll start using web clients or simply work around firewall blocks or the like - which at the end might cause more security issues than the usage of the service in the first place.
It's much better to invest this time to educate your people and teach them why it's a bad idea to use MSN.
Lots of companies set up ridiculous firewall rules and think that they are safe - not knowing that the overkill is causing exactly the opposite of what they want to achieve. People don't like to be locked down if they don't understand why.
I had a similar problem to solve in the (small) company that I work for. We ended up with Openfire and Pidgin. This is not safe from the outside but better than what our big mother company did. They force everyone onto Sametime and have their system locked down like no tomorrow - which ends up in people using a multitude of services and wasting a lot of time to work their ways around the firewall to be able to use MSN, Facebook, Jabber & Co.
While I know what I have to deal with and act accordingly, teach the people that they please stay away from insecure services on their work PC the mother company trusts in their rules and unintentionally provokes insecurity.
Security never works against the people, only with the people.
I support a 7-site network with ~80 PCs. I use the Spark client because it comes packaged as an MSI--easy to push out via Group Policy. I also have a batch file which creates an initial settings file for the users the first time they sign in.
Initially we had an internal (old junker box) linux server which was only accessible from the internal network and everyone had Jabber IDs of user@customer.local. We recently switched to user@customer.tld so people could access it from their iPhones and Windows Mobile phones using the Palringo client.
ejabberd on linux has nice LDAP integration with Active Directory on Windows. You could also use the OpenFire server which is made by the same people that make Spark. It has a free version and a commercial version IIRC.
There's no place like
...would be Pandion. It only supports XMPP/Jabber, so you wouldn't have to worry about outside clients quite as much(Gtalk could still be a problem, but IMOA an easily solvable one). The major benefit of using Pandion is that it "automatically encrypts your connection to XMPP servers." Considering the sensitive nature of the data that will be transfered via your IM system, this is a major benefit. It's also extensible through the use of plugins. Hope this helps.
You can firewall it off from outside nets and there are tons of free clients that don't support other protocols. Logging is easy too.
If you want free, open, secure and cross-platform, then it's definitely XMPP/Jabber. No surprise there - open protocol, plenty of servers and clients to choose from - it really is good. From your description, you'll almost certainly want that.
However, For all-Microsoft shops with AD and Exchange, a pretty decent option is Office Communicator (+ the corresponding Server). It doesn't really have many advantages as an IM, but it does integrate with Outlook, Exchange and SharePoint (from shared address book, to minor bits such as auto-setting your status to "Busy - in a meeting" when you have a meeting scheduled on your Outlook calendar, and storing conversation logs in Outlook mailboxes, which indexes them for search). It's also pretty good for conferences. Still, main feature there is that integration - on its own, it's hardly worth the bother. And, of course, it's not free (in any definition of the word), and the protocol, while SIP-based, is not without proprietary quirks.
Citadel can do IM and whole lot more and it only takes about 20 minutes to set up using the Easy Install script. Once up, it will keep running with zero maintenance. It is definitely the lazy man's groupware system and it can handle tens of thousands of users per server.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
The problem with using a firewall to block AIM for example is that you can actually use AIM over port 80 which may or may not be a critical port for some users. Block port 80 and you lose all HTTP connections(except for HTTPS).
Openfire rocks, on windows I suggest you use Pandion as a stable client...
Install Bonjour for windows, already installed to your system if you installed iTunes. Otherwise download for free at:
http://www.apple.com/downloads/macosx/apple/windows/bonjourforwindows.html
then, use Pidgin for IM.
Best part, it server less, no need dedicated server for running at network.
As to where the parent post "should" have asked his question, the parent post asked an intelligent question on a forum that harbours a lot of people who can provide a good answer in under a minute. Slashdot.
There are lots and lots of applications like Jabber, Openfire and whatnot about. And yes, if you want you can create a great big (useless) list of them by Googling for a few minutes. And then what? What are the pros and cons of each app? Where can you find comparative tests? Are those tests any good? Has anyone got practical experience with the app? Any show-stoppers that aren't immediately apparent?
The point about most questions like this is that people who already know the answer consider them "easy". People who don't know the answer consider them hard, and will have to expend a lot of time finding out. Time that's wasted if you could simply have eliminated 90% of the options by asking. That's why you ask. At least if you'd rather get some useful work done instead of being the umpteeth person researching the same wheel.
It's a compliment to Slashdot that people ask such questions, and they do that because they even tend to get useful answers. It shows that Slashdot has value apart from serving as a forum for inane bickering.
If you already have office / exchange, Office Communicator is exactly the product you're looking for. (http://office.microsoft.com/en-us/communicator/FX101729051033.aspx) It's not free, but with volume licensing it's fairly inexpensive.
Hikery.net - The best hiking site ever. Made by yours truly.
Healthcare IT policy?
HAH.
Sorry buddy, that's just funny. Usually the only "policy" is "we want it cheap, we want it now, and the doctors get to decide", or something roughly approximating it in result.
The only actual 'policy' in most small/medium hospitals is "we don't change anything, even if we have to, unless the regulators say so". Ergo, you've got 15-year-old Windows with an ugly 17-year-old application port running on a single disk.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Encrypted communications, logging, and as it is an IM firewall, you can also use it to prevent users from logging into external services.
Oh, you're not stuck, you're just unable to let go of the onion rings.
Honestly? Just block outgoing connections to oscar.aol.com and the other IM services. If you want to be really paranoid, you can even block outgoing XMPP to make sure that people will only connect with the internal server.
However, as has been said, XMPP is the only reasonable way to go.
If you want to avoid paying for licenses, you have the choice between XMPP, IRC, Bonjour (Apple).
Bonjour is server-less and ad-hoc, which is great if you don't have the infrastructure in place for a central server. At an office building you do, so I think you get a worthless feature at not inconsiderable inconvenience. Bonjour is free as in beer (but I'm not sure whether that extends to business use, so check), but not FOSS.
IRC excels at providing an open chat-room, but one-on-one conversations are less well supported. There's no persistent contact handle, no good presence announcement and even the identity check has to be run as a separate service (NickServ).
XMPP allows you to sign up everyone with their own internal account (employee@xmpp.company.com), and if you need to you can tell the xmpp.company.com server not to forward any connections from or to outside servers.
All conversation over the server can be logged. You may want to put a policy in place to forbid direct (peer-to-peer) connection as that is harder to log, or end-to-end encryption via OTR messaging.
For a client, I'd recommend Pidgin (which you can recompile without the AOL/MSN/Yahoo libraries, or just leave it in and block the servers), though Psi (XMPP only) isn't half bad either.
I can recommend the voip server and client from mizutech http://www.mizu-softphone.com./ It has built in encyption capable for handling up to 10000 client. Unfortunately it is not free.
Install jabberd2 with mysql backend and PSI for the client. Then ask me nicely for my roster scripts that ensure that all users see all users, grouped nicely etc..
Block 5269 to your jabber server and make sure your users do not have direct internet access and they can't use the server or the clients to talk to anyone outside your server then.
We use an in house IRC server with all IRC traffic blocked at the firewall...
Goofy, Geeky Gifts and More!
Hello,
Zimbra is a good platform that we use for a company with just over 3000 users. The open source edition may do what you need. We currently use the fully loaded version with paid for support because it has "active-sync" support etc. however you maybe able to get the most from the FOSS edition.
Thanks for the recommendation. I wish that people who don't like a story wouldn't visit it and clutter the story with negative comments.
This is the exact attitude that pushes people away from FOSS in the first place.
It is almost impossible to get a real answer from people with experience when all you get in return is "RTFM n00b."
R'ing TFM does not always give you practical information or experience. Especially since there are quite a lot of people out there who are great at writing software but cannot write a manual to save their life. Either it is too technical and boasts about all of the incredible feats of writing the program with very little usability information, or overly verbose about how the program works with very little usability information.
Google does not have all of the answers. It has a wealth of information, but sometimes no answers.
OpenFire is the tool we used at the last shop I worked at - for exactly this. (it's a java-based server and will run on many server types including but hardly restricted to most Linux distros and Windows) They've got some great commercial tools as well.
for something requiring more technical workings of the software - jabber2 and ejabberd both are superior - but take more configuration.
For clients - there's the Spark client also from IGN software - which works well enough. otherwise a wide variety of opensource clients support Jabber/XMPP. You can firewall out the ports externally to lock people into being able to only sign into the local net as well, easily enough.
note: I currently do not work for anyone so I do not speak for any agency.
I don't know about plain LDAP but I had serious trouble getting OpenFire to work with Active Directory. It integrated fine on the server side but single sign-on for the clients never worked. It seemed like it works great for 95% of people but for certain setups it's just impossible to get right. It's highly dependent upon your DNS setup, although I can't think of anywhere our DNS would be different from the norm. I also got in a little trouble because my users aren't all in cn=users but based on testing I don't think that was where the issue was.
I tried for a long time to get SSO working and eventually I had to just roll it out with separate user accounts. I suppose I could have paid for support but if I was going to do that I would have just bought one of the Windows-based enterprise IM packages that's out there.
Other than that it's been great. I was using Psi for a client but I can't seem to get it to alert people consistently. I (and the users) want something that will pop up the message and take focus no matter what. But Psi seems to be erratic in this regard.
I (together with some friends) hacked up a rather powerful chatroom at http://www.iwannachat.net/
It seems to fit your criteria except that it is not "free" in either sense, but we don't have any concrete plans for commercialization of the thing, and I believe it should be possible for us to license the code to you for zero cost.
It's not an IM per-se, but we have dozens of active users and it's working quite well as an inclusive chatroom for a relatively small group of people. It started as (and is still) a hobby project, so most advanced features are not properly documented, but I'll be happy to show you more on request.
Leave a reply if interested. I can point you to a room of active users if you wish to see more than a rather "empty" demo room.
Don't quote me on this.
You should try PinkNotes Plus (www.pnp4.com)
As the guy has very specific needs with very strict requirements and exchange, perhaps Jabber.com products (now part of Cisco) are the way to go.
http://www.jabber.com/CE/JabberHome2
It is still XMPP, not a byte of non standard thing.
Doesn't it come as a component of the Exchange server?
Bark less. Wag more.
You will find plenty of testimonials if you Google for them.
So why not take it a step further and close down Slashdot.org?
After all, the articles on slashdot are not written by slashdot staff but borrowed of the web so anything on here can be found via Google. Most websites also have a comment section so the trollish comments can be found not only on Slashdot.org
So get over yourself, some people here may actually try to learn from the experience of others.
Don't like a story? Don't fucking reply!
Everyone who buys Wild Hunt will receive 16 specially prepared DLCs absolutely for free, regardless of platform.
Cisco Unified Presence Server, aka Cisco Personal Communicator. It's an IM client / server, it's also for a VoIP phone system so it does much more, and it's probably way too expensive for what you want to do... or maybe not.
I'm like a superhero, but with no powers or motivation.
I work for a Health Care company and we (IT) use Spark. You can find it here. I'm not sure of cost as my internal proxy won't let me access the site, but it works well. www.igniterealtime.org/projects/spark/index.jsp
IRC supports encrypted connections now?
I don't know. When my workplace demoed it, it certainly didn't, which was one of the reasons that we dropped it after the trial; but it certainly might in other cases, depending on exactly what sort of "Software Assurance" you have, what version of Office you are running on desktops(yes, Communications Server has CALs), what version of exchange, and so on.
Speaking as someone who provides IT for clinical departments at a (American) teaching hospital. FOSS is not evil, or verboten. My employers, and the people I support, are more interested in results than methods, they just want to know that someone (even if it's us) will take responsibility for the system.
We used IRC for a corporate 'ask the ceo' thing. The nice thing with IRC is the ability to easily write your own bot code for moderation, information, whatever. The drawback is the lack of formal accounts. That's easily addressed though...
You can do clientless access on a web site using CGI::IRC. Tie this into your own authentiction (ldap with active directory, for example), and you have a solution that already leverages your existing infrastructure. That's exactly what we did above. Lock down the ircd to only allow connections from the CGI::IRC host if you don't want people using their own clients.
Jabber can likely be used the same way, but I don't have any experience around that.
Do you generally make a point of walking into stores that sell things you don't like for the express purpose of complaining to the management that you don't like them?
Nobody is forcing you to be exposed to his inadequacy. It's perfectly possible for you to just toodle on by without ever having to set foot in this thread.
Your time was wasted not because of anything he did but because you chose to waste it.
I think that says more about your own sense of inadequacy than it says about any displayed inadequacy on the part of the original topic.
"It is possible to commit no errors and still lose. That is not a weakness. That is life." -Peak Performance
I have seen mIRC used in situations even more secure than the one you describe.
there are 2 kinds of people. those who divide people into 2 kinds, and those who don't.
We've had stability issues but we're running an older version and haven't gotten around to upgrading yet.
Logging is pretty easy.
I don't know about SSO in it's truest form, I assume you mean that after the user logs into the workstation, that they don't have to also login to the IM client. I never worked with that at all.
As for using the same user account to log in to both the workstation (XP I assume?) as well as the IM client, I had that working in about 5 minutes.
If it's not working, it's probably more to do with your ldap authentication than with either server.
Are you able to perform lookups from the CLI on the Jabber server? I would check that. Assuming that you can, the OpenFire server has a couple of tests that it can perform to help troubleshoot.
BTW - is this an OpenLDAP server or AD?
think before you write, it'll save me moderator points.
http://en.wikipedia.org/wiki/WASTE might work, it was developed by Nullsoft for internal communications and file sharing, is encrypted, and has no central server.
I thought I was going to be the savior, but bioborg beat me to it. Waste is great. Not the prettiest program, but definitely great.
'Those are my principles. If you don't like them, well. .
twitter.com/scld
I'm the Senior SysAdmin for a large datacenter in Florida. We currently employ over 50 people in our building. We recently migrated from Pidgin+OTR(Encryption) to OpenFire+Spark with ActiveDirectory Integration. I had the server installed and pulling down a list of accounts from the AD server in a matter of minutes. The server has worked flawlessly for us for months and has tons of options. It supports the ability to either allow or lock out 'other' clients(AIM,YIM,etc). This coupled with ACL or Firewall restrictions will ensure that your users are ONLY using the Spark client. It also has chatrooms built into it which you can force your users into when they log on. It's pretty neat stuff.. oh.. it supports SSL connections, and will provide LiveChat for your website as well. It also support logging of all chat conversations if you have a need for that. The only downside that I've run into.. there's a bug on the linux client that has to be fixed manually(associated with the tray icon not showing up). The Windows client has a tendency to run slightly slow. While I read that it runs slow under Windows, in practicality I have not received even one complaint regarding the use of Spark. Oh.. while there is a history in the Spark client, it shows it all as one realllly long page so it's a little clunky having to hunt through your own personal chat history. Look no further. OpenFire+Spark is your answer.
We have OCS deployed at 7 locations worldwide... It works wonderfully for this sort of application, as well we can do Livemeetings /screen sharing if we need to collaborate with a tech in North America and Europe.
Server: Jabber
Client: Pidgin
Jabber is mature, it doesn't crash and it works. Pidgin is multi platform and looks consistant across those platforms. We did have a couple of users who are Trillium holdouts.
It works great. We've just had to work on educating our users a bit in regards to what should be sent via internal IM and what's cool to be sent via AIM.
Yes Francis, the world has gone crazy.
Another vote for OpenFire. I am the IT manager at a healthcare facility and I have implemented this successfully. The latest version was very easy to setup and integrate with Active Directory. It has been working like a champ for almost 8 months now. I also enabled the web client and Red5 video plugin for video chat. This saved us quite a bit of cash in travel fees since we have numerous clinics spread out over the area. We did not eliminate traveling (nothing beats face-to-face time). Instead we do weekly video meetings and monthly travel.
Jive server worked like a charm for my company for years. My users loved the Pandion client and were very disappointed when we migrated to GTalk.
I keep forgetting my place. Jesus is for losers. Why do I still play to the crowd?
You will need at least one Edir Server and they can be the same box ( I Think, it might work with ldap ) and from there you are off and running.
It supports complete logging and log search ability ( by user or full text ), the client supports no other protocols it supports SSL has both linux and windows clients.
It is VERY light weight on both the server and client side.
Hey KID! Yeah you, get the fuck off my lawn!
Openfire and the server, Spark is the client. http://igniterealtime.org./ We use it in healthcare where I work and it's pretty solid. Archiving is an optional module and works well.
I had serious trouble getting OpenFire to work with Active Directory
That would be the case for two reasons:
1. SSO is not LDAP. You can, in theory, use an LDAP directory to provide the settings for SSO, but it's not SSO. Off the top of my head, you need a gina to do all of the SSO-stuff for you.
2. Microsoft's implementation of LDAP is non-standard. It's very quirky outside of the very simplest LDAP operations. To which the legions of Microsoft domain admins will cry out "What?! He doesn't know what he's talking about!" To which I reply, you don't work with LDAP. You are an Active Directory admin. The two are not the same thing.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Well, in my experience I have used Openfire and Jabber (via ebox). Both are easy to install and use. Ebox is a bit harder, but if you don't already have a server with SSO, it is the best option in my opinion. I have scaled both at companies with ~200 employees.
Word of warning though, I only use communications internally, have not tried to connect either solution via Internet (only as corporate intranet), though it is possible.
For the client, I find Pandion works best on XP clients, if you do not need other protocols as MSN, Yahoo, etc.
Did I just say that??
http://www.igniterealtime.org/index.jsp We've had good luck with this combo.
1st, fix your firewall to disallow *all* outgoing ports.
2nd, open up the ports that are needed.
I've seen one company disallow DNS to external addresses and force everyone to use the internal web proxy.
Now, you don't care that they connect to external IM servers because you've blocked them.
Set up an internal server recommended here with internal clients pointing at it.
If you're worried about installing a client that might be able to connect externally and you haven't already blocked that possibility, you're doing it wrong.
Consider this another vote for SILC. We have many teams of devs here and one of the larger ones implemented their own SILC server and we use it all the time whenever we have to discuss issues related to their area. Works nice in conjunction with pidgin since I think for now that is the only cross platform client for it.
Echoing what tbuskey said, it does seem as though you should already have something in place that blocks nonessential outgoing ports (firewall) and if you really do have as strict of requirements as you say, something like an 8e6 device that blocks outgoing access to undesirable servers running on ports 80 and 443. If this is the case, you should have no trouble keeping your users from connecting to external servers. If either of these aren't true and you choose an open source XMPP client that does only XMPP, you could modify the program by either hard coding in your server address or by having it ask a network service (DNS or similar) where the XMPP server is. No options = no problems.
One additional oversight you are making is that the asker is the only one who might benefit from having this question asked and answered publicly. I happen to also be in a position where we are thinking about deploying an internal-only IM for a small business. I have already Googled the topic and have learned a bit about Jabber, but happen to have not put the time into it yet to go poring through each of the different implementations to find the one that best fits our needs.
So, I open the article, and start reading the comments hoping for some knowledgeable colleagues who have already gone through this to share their experiences and wisdom. Unfortunately, I get people like you, wasting my time. You could have skipped this article as a topic you aren't interested instead.
Google is great for a search engine, but doesn't always provide the experienced advice one seeks.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
You know, I enjoy reading both these questions and the answers. Sure, there are the occasional trollish responses that are unfriendly and uninformative, but usually there is at least one poster who adds something to the conversation that I genuinely didn't know/realize/have the background to appreciate. And that's why I keep reading /.
Mon chien, il n'a pas du nez. Comment scent-il? TrÃs mauvais!
I set up OpenFire for a financial svc company (a bank). SSL, full AD integration with SSO, made a little widget to display who was available on the intranet.
The AD bit took a while to set up, but once I got that sussed, it was really great.
Microsoft Office Communicator is integrated with Exchange, but doesn't actively "log" chat sessions, you have to email the conversation to yourself. I'd say Lotus SameTime is probably the closest thing I know of that would achieve what you're trying to do.
Get an Xserve with OS X server software, it has a built in Jabber based IM service. You can chose to federate it with other servers, such as gmail etc.
Don't know what clients it requires on the windows side, but we are a Mac shop, and it gives us state-wide audio/video capabilities.
Rock solid too.
If you don't know what AltaVista is (was), get off my lawn.
OK, this isn't really about which app to set up, but I work for a very large bank, and I work from home. The standard is Office Communicator. While there are things I really don't like about the setup (no tabs, I can't log coversations automatically), there are things I do really like. I'm not trying to sell you on it as a solution, but there are features you could look for in other solutions.
a. Everyone has their standard login assigned to them... I don't have to chat with people's made-up logins. It's their full name, not some goofy nickname.
b. Integration with calendars. If someone is in a meeting, it shows their status as such. Integrates with Out of Office reminders, and you can set notes on your account too. Very handy.
c. The ability to add people to a conversation, having a virtual conference... couple that with...
d. The ability to screen share via a communicator session. Invaluable. You don't have to start up a livemeeting (although, you can do that too from Communicator), you can just quickly share your app/desktop with one or more people.
e. Although I can't log conversations, I can email them to myself. Good for referencing back to. However, being able to log everything would be much much better. I've lost conversations due to network glitches/closing the window accidentally.
Communicator may not fit the bill, but it does have some nice features for use in the workplace. Consider some of them in whatever you do choose.
My beliefs do not require that you agree with them.
CommuniGate Pro is not FOSS and my opinion is biased as I have business interest in this platform. However I do believe it is the best solution to this problem and many others despite not being "Free". It is available on most any platform you would want to run it on, supports Linux (not just specific distros) and has implemented enough RFCs to be regarded as a comprehensive communications operating system. The Flash client "Pronto!" has IM auto-archive. There is a PKI built in permitting the actual storage of the archives to be automatically encrypted by the rules engine on the storage device.
Full Documentation
http://www.communigate.com/communigatepro/default.html
Jabber Server
http://www.communigate.com/communigatepro/XMPP.html
Stored message encryption
http://www.communigate.com/communigatepro/PKI.html#SMIMERules
Pronto! Flash client
http://www.communigate.com/communigatepro/Pronto.html
Live Demo
http://talktoip.com/ (use sign-up link to get a full running demo account)
MirandaIM is the only piece of software I miss from my distant Windows days.
Pidgin is OK, but Miranda was awesome.
factor 966971: 966971
Communicator.
I know it won't be popular with this group, but don't mod down for that. A good IT person will consider all options.
Why communicator?
Given the industry, there are specific regulations that may apply. Possibly SOX/PCI/HIPPA. I know that Communicator does fine with SOX and PCI, if setup right.
But I'll admit there may be FOSS that do meet those requirements, I just can't speak to those.
Those who can, do.
Yep - I second this. I have an Openfire/Spark setup here at work integrating with a Windows 2003 AD environment. Straight-up SSO doesn't work, meaning the person has to enter their password, but it does notice when people change passwords and it does match AD passwords perfectly. Sure, it's mildly inconvenient, but not catastrophically so.
ugh. Spark client sucks IMHO. Pidgin works much better.
WASTE... has no central server.
the server has to be able to log any conversations that occur
(Aside from being the complete opposite of what's being asked for here, it is an acceptable chat system...)
I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
You can set Jabber up so it doesn't federate with other servers and you can also set it up to not allow non-SSL connections. I have Apple's iChat Server solution which is basically a Jabber server with a nice management interface (although for your specifics you might have to delve a bit deeper), it integrates in my directory and if you want also Active Directory. There are clients for all platforms and as I said, you can set it up entirely how you want it.
If you're looking for something else, look for HL7-enabled clients/servers which is a standard that can communicate with modalities even though some of those platforms don't have any interface for any type of chat client. It also integrates in workflow software etc. Apache's Camel and Mina projects are something to look for if you want to implement that, if you want to combine it with your DICOM-compatible PACS and/or RIS see DCM4CHEE
Custom electronics and digital signage for your business: www.evcircuits.com
Tonic is purely peer-to peer and discovers everyone on your broadcastable subnet.
http://r2.com.au/software.php?page=2&show=tonic
I do love a good self-fulfilling prophecy. Thank you, AC.
Fancy pointing out these LDAP "issues"?
I've migrated a metric crapload of LDAP apps from OpenLDAP, Sun LDAP and BT X.500 to Active Directory and AD/AM (aka AD-LDS) and haven't found a single issue with the LDAP interfacing apart from where apps were relying on non-RFC features in the original LDAP servers.
Your anecdote != data.
Yeah right...
Most data is not information.
Most information is not knowledge.
Most knowledge is not wisdom.
From wisdom comes answers.
Ignoring for a moment that we are on /. :), when you consider the total cost of any such deployment over the long term, free is not possible. Your time costs money, one day you will leave and will require significant time to handover whatever solution you have implemented.
Free is not an option in any such decision, stop undervaluing yourself by perpetrating the myth to your managers that your experience and hard work is at zero cost to them!
Its not FOSS but it is pretty inexpensive and it is rock solid and scales very very well.
And since E-Directory will install and run on windows,linux,unix and damn near every other OS out there, it is a great option.
Hey KID! Yeah you, get the fuck off my lawn!
Communicator can be logged at the server level with the right configuration. It is a supported feature of the server.
I'd love to replace Communicator with FOSS, but Communicator does SSO, file transfer, AD integration and Outlook integration so that it can update your status according to your calendar. It even does a Mobile and Web client, though I haven't tried those. So far I haven't found anything FOSS that can match that.
Once a month or so I consider quitting my job and writing the code to do that.
B) Eliminate all the stupid users. This is frowned upon by society.
Many environments do not lend themselves to "4 (sic) hours of kicking the tires on some software" and then blogging about it. And you are indeed right, there are a lot of people who refuse to read FAQs, but that does not make legitimate questions any less legitimate.
The OP wanted a reliable answer from a reliable source, a community of fellow geeks, nerds, twerps, dweebies, grunts, krunks, dorks, and the like.
And, hey, while I am at it, I think I will throw in another famous response in FOSS forums: "write your own patch and submit it." Yeah, I have seen that one plenty of times to feature recommendations or requests.
A lot of FOSS developers forget that there are people using their software who are not programmers. FFS, you should be flattered. And while I understand you have to deal with a lot of dumb-asses who ask the same dumb-ass questions you have already put in your FAQ, but that is part of dealing with the customer. You do not like that? The hire Smykowski to act as the go-between for you and your customers, because it seems that dealing with them has depleted your people skills.
And therefore, frankly, good riddance to you and your software until you learn how to address your audience.
You can set up an IRC server with Pidgin (or other) clients, then firewall access to any external servers. You then have the option of running customized bots, having common chat rooms, and person to person chats.
We used this for internal communications in the networking group where I used to work. It had the added benefit of having a client that worked on a text Linux console in the server room. Of course the only bot we ran was one that interjected comments about local restaurants when we were deciding where to eat lunch. ;)
http://www.jivesoftware.com/
The Kruger Dunning explains most post on
Since you are talking health care, you also need to be in compliance. That requires not only logging, but encryption. While I can not make specific recommendations (I believe there are some good ones here) I would make sure that you can make encryption an integral part of this system. That would help make sure you are in compliance without having to add extra steps later in the process. Just food for thought. Most of the open source alternatives you get should be able to work nicely with PgP. Since you want the system to be closed, I would recommend setting up and using your own key server.
Open Source: Eroding the Digital Divide
Yeah, I wanted to have the client get the authentication from Windows (XP + AD on 2003) and then auto-login. It seemed like everything was happening correctly...from what I remember I had to generate matching kerberos keys on the Openfire server and the KDC and a special user account on the domain controller.
There's tons of logs from java, the server, and the client, and you can actually watch the packets as they go. But the problem was that everything looked good according to all of the forum threads. Getting official support and rebuilding the DC weren't options so I just used separate accounts with the same names. We don't have enough users that it's even an issue, though obviously doing it the right way would have been nice.
I do remember being able to get it that far. In my particular case auto-login was more important than using the same accounts, because my users aren't too savvy and I wanted to make it painless for them to IM each other. In spite of all this they still barely use it :D
Do you mean that the client software doesn't use a password at all? That's what I was trying to accomplish. And it seemed like it can be done but after a few days I stopped trying.
What I probably should do is grab the accounts from AD but then just save the password in the client.
It's very possible that I was mistaken and that SSO for Spark simply doesn't work with Active Directory. But I had done a bunch of reading and I was under the impression that not only was it possible but that a lot of people had it set up that way.
There are many threads like this one:
http://www.igniterealtime.org/community/thread/26839
Jabber should solve your needs. It is free and open. There are many client and server implementations. Almost every Jabber client and server supports SSL. There are servers that do server-side logging. You will want to prevent connection to external Jabber servers by use of a firewall rule. However, servers can exist on non-standard ports, and the only complete way to prevent access to that is to restrict the client's configuration (not sure which clients make that easy), and restrict your users from running software on their computers not installed by an administrator; you have to decide if it is worth being so Draconian.
Visit www.jabber.org a long list of servers and clients. Evaluate them to see which fit your needs. My recommendation for a client in Windows is Psi, as it is good, easy to use, flexible, and only talks to Jabber. I have experience with ejabberd and jabberd 1.x, and I've heard decent things about jabberd 2.x and Openfire; you'll need to evaluate them yourself to get the one that gives you the features you need.
I've migrated a metric crapload of LDAP apps
Yes, you've migrated them into ActiveDirectory, not another LDAP server.
Here's a little taste of the LDAP-like problems.
http://www.openldap.org/lists/openldap-software/200312/msg00240.html
As my original post states, you are an Active Directory admin. You have made the classic mistake of thinking the *very* limited LDAP functions in AD are similar to running an LDAP server.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Try BigAnt Instant Messenger for enterprise , its key features fulfill your requirements: 1. Using a Client/Server architecture and works with intranet, 2. Centralized logging of all conversations; 3. Encrypted data transfer; 4. Not support outside protocols such as AIM, MSN, Yahoo, etc More features: broadcast message, voice and video chat, built-in document management which makes the daily work more efficient and convenient. http://bigantsoft.com/