Internal Instant Messaging Client / Server Combo? 360
strongmantim writes "I manage an internal help desk (25-30 people) for a medium-large company in the healthcare industry. We're looking for an internal, secure, FOSS (if possible) instant messaging / presence awareness client and server combo. Transmission of Protected Health Information is a sensitive issue, so the server has to be able to log any conversations that occur. It is preferred that the client not support outside protocols such as AIM, MSN, Yahoo, etc.; if it does, I will have to promulgate and enforce yet one more policy that my techs not connect to them. All of the computers that will connect run Windows XP. The system should be scalable up to ~100 people (in case we decide to include our entire office in the roll-out). Hardware and OS for the server are not an issue. Oh, and one more thing: It has to be free. Suggestions?"
Jabber is what you need (Score:5, Insightful)
The question is which client and which server, and that I don't know. You should be able to lock it down by not allowing anyone to change its preferences.
--Sam
Re:Pidgin (Score:3, Insightful)
I love Pidgin, but that doesn't fit the "does not support outside protocols" criteria.
We use soapbox (Score:4, Insightful)
It's jabber based. Free as in beer for both the client and server.
Lets us save logs of all chat sessions between employees, lets employees also save chat if they want to. Lets us do some filtering, overall a pretty good client/server.
http://www.coversant.net/ [coversant.net]
Oh, and I HAVE gotten Digsby to connect to the server, as well as trillian.
You're doing it wrong (Score:5, Insightful)
It sounds like your network, which contains confidential medical records, is connected to the internet.
So I have just one question: Dear God, why?
wtf (Score:1, Insightful)
I literally pasted the article title (sans "Ask slashdot: ") into google, and the first 4 results are free client/server packages of which some have already suggested. There also appears to be someone else asking this same question to some other forum, with attached answer...
I realized ask slashdot has been for years now less about questions for geeks than kids wanting someone else to do their homework, but when did ask slashdot replace google search?
Re:FOSS? One Word: Bullshit. (Score:2, Insightful)
Number 3
The health care company isn't american and understands that being OPEN isn't a bad thing. Americans have a problem with that concept.
Re:Pidgin (Score:3, Insightful)
You don't even need to do this. All the protocols are dynamically loaded (AFAIK, this is the case on Windows as well).
Just remove the files for the unsupported protocols & block all jabber communications with the outside through the firewall (gmail for instance uses jabber).
BTW, suggesting he hack the source instead of providing him with a client that meets his criteria is only useful if there are no free Windows clients that meet his needs. Since there are, at best you are telling him to use closed-source free (as in beer) software. At worst, he'll resort to closed-source non-free software.
If there are no open-source alternatives, offer to create him one by a fixed-cost contract, cause my guess would be that they are more concerned with recurring per-seat license costs than just paying $1000 one time up-front.
Re:Jabber is what you need (Score:1, Insightful)
Openfire
Re:Jabber. (Score:4, Insightful)
Actually, the whole point is that they CAN NOT. Hippa mandates that they do not do that. It would be possible for somebody to copy/paste into the wrong window. For that, it would certainly lead to a firing, and possible jailing. I have consider doing a talk for kopete with an enforced port (via code). It sounds like that is exactly what is needed, though a secured jabberd would cut it.
We use Exodus and Zimbra (Score:4, Insightful)
Exodus is fairly simple to setup and administer. Zimbra provides much more than just Instant Messaging; we use it mainly for Zimlets and Collaboration; but the IM feature of Zimbra with auto-logging is very useful and sophisticated as well.
OPENFIRE - FOSS Jabber (XMPP) server (Score:3, Insightful)
Re:FOSS? One Word: Bullshit. (Score:3, Insightful)
FOSS? Where did he say FOSS? He never said FOSS. He said 'free'. Most likely free as in beer. What company _isn't_ looking for free software? My guess would be they just don't consider this essential and don't want to waste a shitload of money on it.
Re:Not another one (Score:3, Insightful)
You know, I had the exact same issue this guy is having and, guess what - google gave me that exact answer (Openfire).
Of course, I used MirandaIM because I knew Miranda had Jabber support and it's a decent little client, but yeah, another vote for both Openfire and "just fucking google it next time".
Re:Not another one (Score:2, Insightful)
Hey look, another Ask Slashdot that should have been Ask Google! Wow! You never see those on here or anything. Maybe this could have been an Ask Freshmeat if they still want a solution from OSDN.
Boooooo. It's not a rumour, you do suck. Perhaps you should stop pissing in your Cheerios every morning and realize that perhaps he wanted a professional or experienced opinion.
Re:Jabber is what you need (Score:3, Insightful)
If you go that route, you could instead install Xming on the clients and run the jabber client locally, on the jabber server. Kind of high overhead, but full and complete control.
Each department could have their own eJabber server, so granularity would be rather fine.
Re:Not another one (Score:2, Insightful)
Re:wtf (Score:4, Insightful)
Blocking outside services is a waste of time (Score:3, Insightful)
Set up a policy if you really have to but wanting to block services is just a waste of time and doesn't add anything to your security unless you have totally incompetent personnel or fully locked down computers. Otherwise they'll start using web clients or simply work around firewall blocks or the like - which at the end might cause more security issues than the usage of the service in the first place.
It's much better to invest this time to educate your people and teach them why it's a bad idea to use MSN.
Lots of companies set up ridiculous firewall rules and think that they are safe - not knowing that the overkill is causing exactly the opposite of what they want to achieve. People don't like to be locked down if they don't understand why.
I had a similar problem to solve in the (small) company that I work for. We ended up with Openfire and Pidgin. This is not safe from the outside but better than what our big mother company did. They force everyone onto Sametime and have their system locked down like no tomorrow - which ends up in people using a multitude of services and wasting a lot of time to work their ways around the firewall to be able to use MSN, Facebook, Jabber & Co.
While I know what I have to deal with and act accordingly, teach the people that they please stay away from insecure services on their work PC the mother company trusts in their rules and unintentionally provokes insecurity.
Security never works against the people, only with the people.
Go easy on the "should" will you? (Score:5, Insightful)
As to where the parent post "should" have asked his question, the parent post asked an intelligent question on a forum that harbours a lot of people who can provide a good answer in under a minute. Slashdot.
There are lots and lots of applications like Jabber, Openfire and whatnot about. And yes, if you want you can create a great big (useless) list of them by Googling for a few minutes. And then what? What are the pros and cons of each app? Where can you find comparative tests? Are those tests any good? Has anyone got practical experience with the app? Any show-stoppers that aren't immediately apparent?
The point about most questions like this is that people who already know the answer consider them "easy". People who don't know the answer consider them hard, and will have to expend a lot of time finding out. Time that's wasted if you could simply have eliminated 90% of the options by asking. That's why you ask. At least if you'd rather get some useful work done instead of being the umpteeth person researching the same wheel.
It's a compliment to Slashdot that people ask such questions, and they do that because they even tend to get useful answers. It shows that Slashdot has value apart from serving as a forum for inane bickering.
Thanks for the recommendation. (Score:3, Insightful)
Re:Not another one (Score:5, Insightful)
This is the exact attitude that pushes people away from FOSS in the first place.
It is almost impossible to get a real answer from people with experience when all you get in return is "RTFM n00b."
R'ing TFM does not always give you practical information or experience. Especially since there are quite a lot of people out there who are great at writing software but cannot write a manual to save their life. Either it is too technical and boasts about all of the incredible feats of writing the program with very little usability information, or overly verbose about how the program works with very little usability information.
Google does not have all of the answers. It has a wealth of information, but sometimes no answers.
Re:Go easy on the "should" will you? (Score:5, Insightful)
Re:Apple Bonjour for Windows + Pidgin (Score:3, Insightful)
And will not comply with the OP's logging requirements...
Re:Not another one (Score:5, Insightful)
You will find plenty of testimonials if you Google for them.
So why not take it a step further and close down Slashdot.org?
After all, the articles on slashdot are not written by slashdot staff but borrowed of the web so anything on here can be found via Google. Most websites also have a comment section so the trollish comments can be found not only on Slashdot.org
So get over yourself, some people here may actually try to learn from the experience of others.
Don't like a story? Don't fucking reply!
Re:Jabber is what you need (Score:3, Insightful)
This looks like a good spot to reply. :-)
At my work, we allow two IM programs, Pidgin and Trillian. Both are wide open, however all conversations are logged via Postini. My company (a financial firm) took the opposite route, rather than block a whole bunch of programs and port #s, we allow just about every form of internet communication and log it all.
So far, it's worked out fairly well. Users respect that the company respects their ability to not be "Big Brothered" to death by allowing everything but making them aware that it's all logged.
As far as IM clients go...what type of phone system do you have? If it's a Cisco system, you can look at Presence Server (CUPS) which has a built-in IM client and various other very nice to have options...just a thought.
Re:Jabber is what you need (Score:4, Insightful)
What the hell are you smoking? I find answers like this to be way over simplified. Just setup a Debian box in an hour. Really? That is a bit naive. I have to ask you. Do you actually get your production servers setup in an hour? I don't know about you, but it takes me at least an hour or two to rack mount a new server, get it cabled, verify the redundant power is done correctly and get everything labeled properly. Then you have to get the OS loaded, app loaded etc. After all that, you need to be sure backups are setup and working properly, do some tests. After all this is HIPPA related and he needs to make sure it's working correctly, not to mention something like this will become a mission critical app in short period of time, because other people will come to rely on it . I could easily see after the release of something like this, other departments putting the use of the IM system into policy and procedures, because it's all logged. For example some manager says he will approve purchase requisitions over the IM system as it's all logged. I assume you've tested the log recovery from a backup and are confident you will be able to restore yesterday's log 7 years from now. And then document the whole thing. You do document things I hope. Even if you are the only admin, you need to document in case you are unavailable during an emergency. If you don't you aren't doing the job properly. I find a proper server takes more like 16-24 man hours.
Re:Jabber is what you need (Score:4, Insightful)
The problem with Jabber/XMPP is that ... it doesn't satisfy the "not used externally" part. Jabber is the basis of GoogleTalk, and several individual IM services.
But, that's a questionable goal of the request anyway. Any one of his coworkers can connect to AIM/Yahoo/GoogleTalk right now. If he doesn't want that happening, he can't just say "we said 'no no bad coworker'" and expect that this makes things all good and happy. If he wants to ensure that coworkers aren't going to connect to external IM services, he needs to block those IM services at the border (firewalls and/or routers).
In my opinion, he should block all IM traffic (Yahoo, AIM, MSN, IRC, ICB, ICQ, XMPP/Jabber, Simple, and the others (look at what pidgin supports, find out what ports those chat/IM services use, block all of them)) at the border, and then require legitimate external users to use a VPN to access the internal Jabber server. If there are remote offices, then either those workers would need to VPN in to the site that hosts the Jabber server ... or each site should have its own Jabber server, and then the Jabber servers would all talk to each other via VPN.
That's how I'd set it up. Block every chat/IM protocol/port at the border (and at the border of each remote office). Set up a Jabber server at the central and at each remote office. Link the Jabber servers to each other via VPN/tunnel/etc.. Go from there.
Re:Go easy on the "should" will you? (Score:2, Insightful)
+1 for OpenFire+Spark (FOSS) (Score:2, Insightful)