Slashdot Mirror
Internal Instant Messaging Client / Server Combo?
strongmantim writes "I manage an internal help desk (25-30 people) for a medium-large company in the healthcare industry. We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo. Transmission of Protected Health Information is a sensitive issue, so the server has to be able to log any conversations that occur. It is preferred that the client not support outside protocols such as AIM, MSN, Yahoo, etc.; if it does, I will have to promulgate and enforce yet one more policy that my techs not connect to them. All of the computers that will connect run Windows XP. The system should be scalable up to ~100 people (in case we decide to include our entire office in the roll-out). Hardware and OS for the server are not an issue. Oh, and one more thing: It has to be free. Suggestions?"
The question is which client and which server, and that I don't know. You should be able to lock it down by not allowing anyone to change its preferences.
--Sam
Use the encryption capabilities in Pidgin.
http://pidgin.im/
You can setup a SILC server.
That's what we used to use in a company I worked for and it worked quite nice.
You're looking for a jabber server and client.
I work for a credit card company, and we use ejabberd on the server end of things.
You probably have some jabber only client options, but those will still be able to connect to other jabber servers like Google Chat.
Live with it, because any IM server worth using is going to have _some_ public servers.
I'll leave the logging up to you, ejabberd can do it, but our company decided that the security issues involved with storing the logs were much worse then not having the logs.
(Having stored, unencrypted, card data for any length of time is something that, on the very optimistic (good luck with the auditor) side requires a great deal of security. And just encrypting the drive it's sitting on doesn't really do away with more then half of that. Health data should be as much of a nightmare, but maybe not.)
http://www.igniterealtime.org/projects/openfire/index.jsp
Works very well. Meets all your reqirements. Client supports Mac, Win and Linux but is a resource hog. It's jabber though so you can use many clients.
I've always found that IRC is pretty handy as a help service, most Linux distros host live help chat on it. Many other FOSS solutions seem to use it as well, such as VLC, OpenOffice.org, etc. I'm not sure how exactly one would go about setting up a server, but I can't imagine it would cost much of anything and it shouldn't be too difficult to set up. There is a pretty good wiki about it, it should have all the relevant links you could need for finding out how to do it. Cheers.
It's jabber based. Free as in beer for both the client and server.
Lets us save logs of all chat sessions between employees, lets employees also save chat if they want to. Lets us do some filtering, overall a pretty good client/server.
http://www.coversant.net/
Oh, and I HAVE gotten Digsby to connect to the server, as well as trillian.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
It sounds like your network, which contains confidential medical records, is connected to the internet.
So I have just one question: Dear God, why?
openfire is a jabber based FOSS server.
we use it with AD integration. I haven't implemented it yet, but they have plugins supporting full message transcript.
Spark is the client from the same company and it is jabber only.
If I remember correctly, openfire alos supports being a proxy for all other (most?) IM protocol's so even if someone gets a copy of AIM or whathave you on you network, there server can still log the transcript.
Easy to set up, free and robust.
*or* ... ...
Number 3
The health care company isn't american and understands that being OPEN isn't a bad thing. Americans have a problem with that concept.
Quartz Extreme and Core Image. Are there any other real reasons to spend all that money on generic hardware?
I wrote about this some time ago, right here.
/. address should be fine).
The short and simple answer, that should fully meet your needs, is to install jabberd2, configure it as needed (should have a logging module/plugin somewhere), and then to use Miranda IM with only the XMPP components as the client. Miranda is very easy to customize; if you don't want a protocol you simply don't include the relevant DLL.
Note: the links on that page are dead, namely the ones to the MSI installer package that I built. If you have a need for it, feel free to drop me an e-mail (the
Exodus is fairly simple to setup and administer. Zimbra provides much more than just Instant Messaging; we use it mainly for Zimlets and Collaboration; but the IM feature of Zimbra with auto-logging is very useful and sophisticated as well.
If you keep throwing chairs, one day you'll break windows....
It has an intuitive/simple web interface for administration, and meets your logging needs and more. It can also support many gateways such as AIM, MSN, GADU-GADU, Yahoo! etc - But you don't have to enable them if you don't want them. I use this with the PSI IM client http://psi-im.org/ - A cross-platform Jabber IM client for MAC OSX, Linux and Windows. Check it out at: http://www.igniterealtime.org/projects/openfire/index.jsp
Windows is not the answer.
Windows is the question.
The answer is "NO."
FOSS? Where did he say FOSS? He never said FOSS. He said 'free'. Most likely free as in beer. What company _isn't_ looking for free software? My guess would be they just don't consider this essential and don't want to waste a shitload of money on it.
You know, I had the exact same issue this guy is having and, guess what - google gave me that exact answer (Openfire).
Of course, I used MirandaIM because I knew Miranda had Jabber support and it's a decent little client, but yeah, another vote for both Openfire and "just fucking google it next time".
+1 IDisagreeSoHeMustBeATrollOrAnAstroturferOrAShill
Hey look, another Ask Slashdot that should have been Ask Google! Wow! You never see those on here or anything. Maybe this could have been an Ask Freshmeat if they still want a solution from OSDN.
Boooooo. It's not a rumour, you do suck. Perhaps you should stop pissing in your Cheerios every morning and realize that perhaps he wanted a professional or experienced opinion.
That sinking feeling deep in your gut when you KNOW you screwed up bad summed up with: {head desk} {head desk}
You definitely want to try out the Citadel groupware server. Even if you don't need it for its mail system, address book, calendar, etc... it's got a built in XMPP (Jabber) service that integrates nicely across the entire environment. It also logs all of the instant messages sent through it. Each user can review their own logs too, which is nice. And you have the ability to journal everything that comes through the system, perhaps to an external archiving service (this feature was built with industries like yours in mind, where anything that gets read by anyone *must* be archived).
... GPL 3, to be exact.
And it's free software
Tired of FB/Google censorship? Visit UNCENSORED!
Nice job reading. I quote from the Ask Slashdot itself:
He didn't say it HAD to be FOSS, but if possible, he would like it.
Your point is that he's wasting your time? You probably shouldn't have replied then. My boo stands.
That sinking feeling deep in your gut when you KNOW you screwed up bad summed up with: {head desk} {head desk}
I also recommend Ignite Realtime's Openfire. I have run it since Jive owned an Enterprise version of it (~2005) and all I can say is that it's rock solid.
It can run the server under either Windows or *NIX, offers integrated or external Database Server options, can be deployed to your website via Fasthpath to offer online chat services and offers several client options.
The best part of it is that it's easy to learn and deploy. A definite must to check out.
gotcha.
That sinking feeling deep in your gut when you KNOW you screwed up bad summed up with: {head desk} {head desk}
IMO, an "educated" opinion from a technical crowd is in any way better than a simple Google query. I don't know, for example, how Google could possibly have a differentiated answer to the pros and cons of particular clients.
I agree.
The OpenFire Jabber server is rock solid and integrates with LDAP, has the ability to log conversations and generally speaking is very elegant and easy to maintain.
We also use the Spark client, which is made available by the same group.
Very solid setup if you ask me.
think before you write, it'll save me moderator points.
At a company I left recently I installed Openfire and our supported IM client was their spark client (however despite my ex-bosses rants a lot of clients ended up being used by employee's) Spark works really well. Openfire is rock solid. It runs on Linux or Windows (better on Linux less server load). Without a hitch. Live upgrades work, and if you use mysql as the DB backend you can have auto failover. SSL 3 and TLS are supported as well.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
Perhaps he also wanted some insights from people who have been in similar situations?
There is a big difference between a website found on google and a testimonial from someone who's done it.
Bonjour is great, but what you've suggested doesn't meet his needs at all. One of the stated requirements is that there MUST be centralized logging of all conversations, and what you've proposed is direct client-to-client chats with no centralized server.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Set up a policy if you really have to but wanting to block services is just a waste of time and doesn't add anything to your security unless you have totally incompetent personnel or fully locked down computers. Otherwise they'll start using web clients or simply work around firewall blocks or the like - which at the end might cause more security issues than the usage of the service in the first place.
It's much better to invest this time to educate your people and teach them why it's a bad idea to use MSN.
Lots of companies set up ridiculous firewall rules and think that they are safe - not knowing that the overkill is causing exactly the opposite of what they want to achieve. People don't like to be locked down if they don't understand why.
I had a similar problem to solve in the (small) company that I work for. We ended up with Openfire and Pidgin. This is not safe from the outside but better than what our big mother company did. They force everyone onto Sametime and have their system locked down like no tomorrow - which ends up in people using a multitude of services and wasting a lot of time to work their ways around the firewall to be able to use MSN, Facebook, Jabber & Co.
While I know what I have to deal with and act accordingly, teach the people that they please stay away from insecure services on their work PC the mother company trusts in their rules and unintentionally provokes insecurity.
Security never works against the people, only with the people.
I support a 7-site network with ~80 PCs. I use the Spark client because it comes packaged as an MSI--easy to push out via Group Policy. I also have a batch file which creates an initial settings file for the users the first time they sign in.
Initially we had an internal (old junker box) linux server which was only accessible from the internal network and everyone had Jabber IDs of user@customer.local. We recently switched to user@customer.tld so people could access it from their iPhones and Windows Mobile phones using the Palringo client.
ejabberd on linux has nice LDAP integration with Active Directory on Windows. You could also use the OpenFire server which is made by the same people that make Spark. It has a free version and a commercial version IIRC.
There's no place like
If you want free, open, secure and cross-platform, then it's definitely XMPP/Jabber. No surprise there - open protocol, plenty of servers and clients to choose from - it really is good. From your description, you'll almost certainly want that.
However, For all-Microsoft shops with AD and Exchange, a pretty decent option is Office Communicator (+ the corresponding Server). It doesn't really have many advantages as an IM, but it does integrate with Outlook, Exchange and SharePoint (from shared address book, to minor bits such as auto-setting your status to "Busy - in a meeting" when you have a meeting scheduled on your Outlook calendar, and storing conversation logs in Outlook mailboxes, which indexes them for search). It's also pretty good for conferences. Still, main feature there is that integration - on its own, it's hardly worth the bother. And, of course, it's not free (in any definition of the word), and the protocol, while SIP-based, is not without proprietary quirks.
Sametime? Run far far away. It is the most bloated client I've ever used for any chat protocol, it crashes frequently enough and when it does it will sometimes prevent the user from rejoining a group chat, requiring a new one be made and everyone move over. There isn't a way for people to join a group chat on their own accord and must be invited, nor is there a way to auto accept invites. Any time you need to copy/paste a chat log it must be manually edited so it becomes even remotely readable and some of the GUI settings work contradictory to what you'd expect (like disabling smileys, it just does not work).
As to where the parent post "should" have asked his question, the parent post asked an intelligent question on a forum that harbours a lot of people who can provide a good answer in under a minute. Slashdot.
There are lots and lots of applications like Jabber, Openfire and whatnot about. And yes, if you want you can create a great big (useless) list of them by Googling for a few minutes. And then what? What are the pros and cons of each app? Where can you find comparative tests? Are those tests any good? Has anyone got practical experience with the app? Any show-stoppers that aren't immediately apparent?
The point about most questions like this is that people who already know the answer consider them "easy". People who don't know the answer consider them hard, and will have to expend a lot of time finding out. Time that's wasted if you could simply have eliminated 90% of the options by asking. That's why you ask. At least if you'd rather get some useful work done instead of being the umpteeth person researching the same wheel.
It's a compliment to Slashdot that people ask such questions, and they do that because they even tend to get useful answers. It shows that Slashdot has value apart from serving as a forum for inane bickering.
I can recommend the voip server and client from mizutech http://www.mizu-softphone.com./ It has built in encyption capable for handling up to 10000 client. Unfortunately it is not free.
Thanks for the recommendation. I wish that people who don't like a story wouldn't visit it and clutter the story with negative comments.
This is the exact attitude that pushes people away from FOSS in the first place.
It is almost impossible to get a real answer from people with experience when all you get in return is "RTFM n00b."
R'ing TFM does not always give you practical information or experience. Especially since there are quite a lot of people out there who are great at writing software but cannot write a manual to save their life. Either it is too technical and boasts about all of the incredible feats of writing the program with very little usability information, or overly verbose about how the program works with very little usability information.
Google does not have all of the answers. It has a wealth of information, but sometimes no answers.
I don't know about plain LDAP but I had serious trouble getting OpenFire to work with Active Directory. It integrated fine on the server side but single sign-on for the clients never worked. It seemed like it works great for 95% of people but for certain setups it's just impossible to get right. It's highly dependent upon your DNS setup, although I can't think of anywhere our DNS would be different from the norm. I also got in a little trouble because my users aren't all in cn=users but based on testing I don't think that was where the issue was.
I tried for a long time to get SSO working and eventually I had to just roll it out with separate user accounts. I suppose I could have paid for support but if I was going to do that I would have just bought one of the Windows-based enterprise IM packages that's out there.
Other than that it's been great. I was using Psi for a client but I can't seem to get it to alert people consistently. I (and the users) want something that will pop up the message and take focus no matter what. But Psi seems to be erratic in this regard.
And will not comply with the OP's logging requirements...
--- Users are like bacteria -> Each one causing a thousand tiny crises until the host finally gives up and dies.
You will find plenty of testimonials if you Google for them.
So why not take it a step further and close down Slashdot.org?
After all, the articles on slashdot are not written by slashdot staff but borrowed of the web so anything on here can be found via Google. Most websites also have a comment section so the trollish comments can be found not only on Slashdot.org
So get over yourself, some people here may actually try to learn from the experience of others.
Don't like a story? Don't fucking reply!
Everyone who buys Wild Hunt will receive 16 specially prepared DLCs absolutely for free, regardless of platform.
I agree, Openfire Server with Spark as the IM client will satisfy your requirements. It is a solid, extensible instant messaging server that should meet all your requirements.
:-). It has easy installs for both Windows and Linux - definitely give it a try.
What is nice about Openfire is that it allows you to centralize the management and security a lot, which gives you a lot of control in information-sensitive situations like this. It has integration with an existing LDAP/AD server if you want to keep your authentication policy centralized on your LDAP server if you have one. Likewise, you can force all users to use SSL for secure messaging if you want.
Likewise, I was working with the open source version over the last couple weeks (I setup a test environment for our company), and based on the menu options it appears that message auditing also is included (I didn't try it), so you can log all your conversations as you would like. I knew they had this feature before in their paid version, but it looks like they made it available in their open source version.
Finally, if you ever grow and need support, you can get it from their list of service providers. And it's free
Good luck!
Openfire Server
Spark XMPP Client
http://en.wikipedia.org/wiki/WASTE might work, it was developed by Nullsoft for internal communications and file sharing, is encrypted, and has no central server.
I'm the Senior SysAdmin for a large datacenter in Florida. We currently employ over 50 people in our building. We recently migrated from Pidgin+OTR(Encryption) to OpenFire+Spark with ActiveDirectory Integration. I had the server installed and pulling down a list of accounts from the AD server in a matter of minutes. The server has worked flawlessly for us for months and has tons of options. It supports the ability to either allow or lock out 'other' clients(AIM,YIM,etc). This coupled with ACL or Firewall restrictions will ensure that your users are ONLY using the Spark client. It also has chatrooms built into it which you can force your users into when they log on. It's pretty neat stuff.. oh.. it supports SSL connections, and will provide LiveChat for your website as well. It also support logging of all chat conversations if you have a need for that. The only downside that I've run into.. there's a bug on the linux client that has to be fixed manually(associated with the tray icon not showing up). The Windows client has a tendency to run slightly slow. While I read that it runs slow under Windows, in practicality I have not received even one complaint regarding the use of Spark. Oh.. while there is a history in the Spark client, it shows it all as one realllly long page so it's a little clunky having to hunt through your own personal chat history. Look no further. OpenFire+Spark is your answer.
Another vote for OpenFire. I am the IT manager at a healthcare facility and I have implemented this successfully. The latest version was very easy to setup and integrate with Active Directory. It has been working like a champ for almost 8 months now. I also enabled the web client and Red5 video plugin for video chat. This saved us quite a bit of cash in travel fees since we have numerous clinics spread out over the area. We did not eliminate traveling (nothing beats face-to-face time). Instead we do weekly video meetings and monthly travel.
You will need at least one Edir Server and they can be the same box ( I Think, it might work with ldap ) and from there you are off and running.
It supports complete logging and log search ability ( by user or full text ), the client supports no other protocols it supports SSL has both linux and windows clients.
It is VERY light weight on both the server and client side.
Hey KID! Yeah you, get the fuck off my lawn!
Fancy pointing out these LDAP "issues"?
I've migrated a metric crapload of LDAP apps from OpenLDAP, Sun LDAP and BT X.500 to Active Directory and AD/AM (aka AD-LDS) and haven't found a single issue with the LDAP interfacing apart from where apps were relying on non-RFC features in the original LDAP servers.
Your anecdote != data.
Yeah right...