Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internal Instant Messaging Client / Server Combo?

Posted by kdawson on from the this-message-is-being-recorded dept.

strongmantim writes "I manage an internal help desk (25-30 people) for a medium-large company in the healthcare industry. We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo. Transmission of Protected Health Information is a sensitive issue, so the server has to be able to log any conversations that occur. It is preferred that the client not support outside protocols such as AIM, MSN, Yahoo, etc.; if it does, I will have to promulgate and enforce yet one more policy that my techs not connect to them. All of the computers that will connect run Windows XP. The system should be scalable up to ~100 people (in case we decide to include our entire office in the roll-out). Hardware and OS for the server are not an issue. Oh, and one more thing: It has to be free. Suggestions?"

22 of 360 comments (clear)

  1. Jabber is what you need by osssmkatz · · Score: 4, Insightful

    The question is which client and which server, and that I don't know. You should be able to lock it down by not allowing anyone to change its preferences.

    --Sam

    1. Re:Jabber is what you need by craagz · · Score: 5, Informative

      Openfire.. so easy you will be surprised. I've just come off a successful implementation at our workplace.
      hack out the pidgin plugins. Pidgin Portable 2.5.5 is around 23MB and I removed all languages except English, plugins of everything except Jabber. Compressed it and 8MB.

      --
      My Blog | Badsh
    2. Re:Jabber is what you need by Tweezer · · Score: 4, Insightful

      What the hell are you smoking? I find answers like this to be way over simplified. Just setup a Debian box in an hour. Really? That is a bit naive. I have to ask you. Do you actually get your production servers setup in an hour? I don't know about you, but it takes me at least an hour or two to rack mount a new server, get it cabled, verify the redundant power is done correctly and get everything labeled properly. Then you have to get the OS loaded, app loaded etc. After all that, you need to be sure backups are setup and working properly, do some tests. After all this is HIPPA related and he needs to make sure it's working correctly, not to mention something like this will become a mission critical app in short period of time, because other people will come to rely on it . I could easily see after the release of something like this, other departments putting the use of the IM system into policy and procedures, because it's all logged. For example some manager says he will approve purchase requisitions over the IM system as it's all logged. I assume you've tested the log recovery from a backup and are confident you will be able to restore yesterday's log 7 years from now. And then document the whole thing. You do document things I hope. Even if you are the only admin, you need to document in case you are unavailable during an emergency. If you don't you aren't doing the job properly. I find a proper server takes more like 16-24 man hours.

    3. Re:Jabber is what you need by johnkzin · · Score: 4, Insightful

      The problem with Jabber/XMPP is that ... it doesn't satisfy the "not used externally" part. Jabber is the basis of GoogleTalk, and several individual IM services.

      But, that's a questionable goal of the request anyway. Any one of his coworkers can connect to AIM/Yahoo/GoogleTalk right now. If he doesn't want that happening, he can't just say "we said 'no no bad coworker'" and expect that this makes things all good and happy. If he wants to ensure that coworkers aren't going to connect to external IM services, he needs to block those IM services at the border (firewalls and/or routers).

      In my opinion, he should block all IM traffic (Yahoo, AIM, MSN, IRC, ICB, ICQ, XMPP/Jabber, Simple, and the others (look at what pidgin supports, find out what ports those chat/IM services use, block all of them)) at the border, and then require legitimate external users to use a VPN to access the internal Jabber server. If there are remote offices, then either those workers would need to VPN in to the site that hosts the Jabber server ... or each site should have its own Jabber server, and then the Jabber servers would all talk to each other via VPN.

      That's how I'd set it up. Block every chat/IM protocol/port at the border (and at the border of each remote office). Set up a Jabber server at the central and at each remote office. Link the Jabber servers to each other via VPN/tunnel/etc.. Go from there.

  2. Pidgin by Shikaku · · Score: 4, Informative

    Use the encryption capabilities in Pidgin.

    http://pidgin.im/

  3. SILC by Zapotek · · Score: 5, Informative

    You can setup a SILC server.
    That's what we used to use in a company I worked for and it worked quite nice.

    1. Re:SILC by hgesser · · Score: 5, Informative

      This post was rather short, but I think it is one of the best suggestions. I played a bit with SILC some years ago: From a user's view it looks a lot like an IRC client, so users can talk to one another privately or join a channel to meet with several other users. What's most important is: It meets all the criteria,
      - it encrypts all communication
      - it is no multi-protocol thing, i.e. you cannot connect to other services.
      I can't remember whether you can run connections to several silc servers at the same time, but if so, that's at least better than having to restrict a program that can connect everywhere. Even though I haven't heard much of silc lately, the software is still actively developed. The last release is from March 19, 2009.

  4. Jabber. by Mercury · · Score: 4, Informative

    You're looking for a jabber server and client.

    I work for a credit card company, and we use ejabberd on the server end of things.

    You probably have some jabber only client options, but those will still be able to connect to other jabber servers like Google Chat.

    Live with it, because any IM server worth using is going to have _some_ public servers.

    I'll leave the logging up to you, ejabberd can do it, but our company decided that the security issues involved with storing the logs were much worse then not having the logs.

    (Having stored, unencrypted, card data for any length of time is something that, on the very optimistic (good luck with the auditor) side requires a great deal of security. And just encrypting the drive it's sitting on doesn't really do away with more then half of that. Health data should be as much of a nightmare, but maybe not.)

  5. Openfire by Anonymous Coward · · Score: 5, Informative

    http://www.igniterealtime.org/projects/openfire/index.jsp

    Works very well. Meets all your reqirements. Client supports Mac, Win and Linux but is a resource hog. It's jabber though so you can use many clients.

  6. You're doing it wrong by SoapBox17 · · Score: 5, Insightful

    It is preferred that the client not support outside protocols such as AIM, MSN, Yahoo, etc.; if it does, I will have to promulgate and enforce yet one more policy that my techs not connect to them.

    It sounds like your network, which contains confidential medical records, is connected to the internet.
    So I have just one question: Dear God, why?

    1. Re:You're doing it wrong by Yvanhoe · · Score: 4, Informative

      Why not ? I worked in an army lab that does that. One screen, one keyboard, one mouse, two PCs, a KVM switch.

      --
      The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
  7. Citadel groupware server has all of the above by IGnatius+T+Foobar · · Score: 4, Informative

    You definitely want to try out the Citadel groupware server. Even if you don't need it for its mail system, address book, calendar, etc... it's got a built in XMPP (Jabber) service that integrates nicely across the entire environment. It also logs all of the instant messages sent through it. Each user can review their own logs too, which is nice. And you have the ability to journal everything that comes through the system, perhaps to an external archiving service (this feature was built with industries like yours in mind, where anything that gets read by anyone *must* be archived).

    And it's free software ... GPL 3, to be exact.

    --
    Tired of FB/Google censorship? Visit UNCENSORED!
  8. Re:FOSS? One Word: Bullshit. by drawfour · · Score: 4, Informative

    FOSS? Where did he say FOSS? He never said FOSS.

    Nice job reading. I quote from the Ask Slashdot itself:

    We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo

    He didn't say it HAD to be FOSS, but if possible, he would like it.

  9. Re:Not another one by harryk · · Score: 5, Informative

    I agree.

    The OpenFire Jabber server is rock solid and integrates with LDAP, has the ability to log conversations and generally speaking is very elegant and easy to maintain.

    We also use the Spark client, which is made available by the same group.

    Very solid setup if you ask me.

    --
    think before you write, it'll save me moderator points.
  10. We ran this. by Allnighterking · · Score: 4, Informative

    At a company I left recently I installed Openfire and our supported IM client was their spark client (however despite my ex-bosses rants a lot of clients ended up being used by employee's) Spark works really well. Openfire is rock solid. It runs on Linux or Windows (better on Linux less server load). Without a hitch. Live upgrades work, and if you use mysql as the DB backend you can have auto failover. SSL 3 and TLS are supported as well.

    --

    I'm sorry, I'm to tired to be witty at the moment so this message will have to do.

  11. Re:Not another one by Gerzel · · Score: 4, Interesting

    Perhaps he also wanted some insights from people who have been in similar situations?

    There is a big difference between a website found on google and a testimonial from someone who's done it.

  12. Go easy on the "should" will you? by golodh · · Score: 5, Insightful
    @Anonymous Coward

    As to where the parent post "should" have asked his question, the parent post asked an intelligent question on a forum that harbours a lot of people who can provide a good answer in under a minute. Slashdot.

    There are lots and lots of applications like Jabber, Openfire and whatnot about. And yes, if you want you can create a great big (useless) list of them by Googling for a few minutes. And then what? What are the pros and cons of each app? Where can you find comparative tests? Are those tests any good? Has anyone got practical experience with the app? Any show-stoppers that aren't immediately apparent?

    The point about most questions like this is that people who already know the answer consider them "easy". People who don't know the answer consider them hard, and will have to expend a lot of time finding out. Time that's wasted if you could simply have eliminated 90% of the options by asking. That's why you ask. At least if you'd rather get some useful work done instead of being the umpteeth person researching the same wheel.

    It's a compliment to Slashdot that people ask such questions, and they do that because they even tend to get useful answers. It shows that Slashdot has value apart from serving as a forum for inane bickering.

    1. Re:Go easy on the "should" will you? by damona · · Score: 5, Insightful

      ... And for those of us who already know the answer, this is a good opportunity to find out whether there's something new we should be looking at too.

  13. Re:Not another one by LoadWB · · Score: 5, Insightful

    This is the exact attitude that pushes people away from FOSS in the first place.

    It is almost impossible to get a real answer from people with experience when all you get in return is "RTFM n00b."

    R'ing TFM does not always give you practical information or experience. Especially since there are quite a lot of people out there who are great at writing software but cannot write a manual to save their life. Either it is too technical and boasts about all of the incredible feats of writing the program with very little usability information, or overly verbose about how the program works with very little usability information.

    Google does not have all of the answers. It has a wealth of information, but sometimes no answers.

  14. Re:Not another one by atraintocry · · Score: 4, Informative

    I don't know about plain LDAP but I had serious trouble getting OpenFire to work with Active Directory. It integrated fine on the server side but single sign-on for the clients never worked. It seemed like it works great for 95% of people but for certain setups it's just impossible to get right. It's highly dependent upon your DNS setup, although I can't think of anywhere our DNS would be different from the norm. I also got in a little trouble because my users aren't all in cn=users but based on testing I don't think that was where the issue was.

    I tried for a long time to get SSO working and eventually I had to just roll it out with separate user accounts. I suppose I could have paid for support but if I was going to do that I would have just bought one of the Windows-based enterprise IM packages that's out there.

    Other than that it's been great. I was using Psi for a client but I can't seem to get it to alert people consistently. I (and the users) want something that will pop up the message and take focus no matter what. But Psi seems to be erratic in this regard.

  15. Re:Not another one by Skylinux · · Score: 5, Insightful

    You will find plenty of testimonials if you Google for them.

    So why not take it a step further and close down Slashdot.org?
    After all, the articles on slashdot are not written by slashdot staff but borrowed of the web so anything on here can be found via Google. Most websites also have a comment section so the trollish comments can be found not only on Slashdot.org

    So get over yourself, some people here may actually try to learn from the experience of others.

    Don't like a story? Don't fucking reply!

    --
    Everyone who buys Wild Hunt will receive 16 specially prepared DLCs absolutely for free, regardless of platform.
  16. Re:Not another one by jwilson27 · · Score: 5, Informative

    Another vote for OpenFire. I am the IT manager at a healthcare facility and I have implemented this successfully. The latest version was very easy to setup and integrate with Active Directory. It has been working like a champ for almost 8 months now. I also enabled the web client and Red5 video plugin for video chat. This saved us quite a bit of cash in travel fees since we have numerous clinics spread out over the area. We did not eliminate traveling (nothing beats face-to-face time). Instead we do weekly video meetings and monthly travel.