Enterprise instant messengers make the grade

Few things in life are more frustrating than not being able to contact someone you need to talk to right away. If there’s one reason behind the success of IM in business, it’s that you have one more way to get through. Presence indicators show who’s online and who’s not, and just a click on a contact list makes brief exchanges faster and easier than picking up the phone. No wonder IM has spread like wildfire and free IM services from AOL, Yahoo, and MSN have joined the list of technologies that captured users at home and followed them to the office.

Unfortunately, public IM services, which are easy and effective for home use, are worrisome for enterprise IT. Even if an organization can live without centrally administered buddy lists, public IM can open up dangerous security holes in a corporate network. Because message traffic is sent unencrypted, public systems can be hacked, identities can be spoofed, and conversations can be intercepted by packet-sniffing worms. Any company that wants both IM and secure communications should consider adopting an enterprise IM solution.

We tested four solutions in this roundup — Lotus Instant Messaging and Web Conferencing 3.1, Microsoft Live Communications Server 2003, Novell GroupWise Messenger 1.0, and Jabber XCP (Extensible Communications Platform) 2.7 — and found that enterprise IM solutions provide the security, manageability, and auditing capabilities that companies need. And they also include features, ranging from transaction logging to document collaboration, that will support business processes in the enterprise. All four of these products enhance security through full encryption of traffic streams, providing the ultimate protection for traffic that traverses public data links. Each integrates with directory services such as Active Directory, LDAP, and RADIUS, giving administrators the ability to control user population and privileges, and allowing users to share a central contact list across the organization.

The solutions also allow administrators to create and manage a central archive of messages and conversations, providing the auditing capabilities necessary, for example, to ensure accountability or comply with Securities and Exchange Commission (SEC) requirements or Health Insurance Portability and Accountability Act (HIPPA) responsibilities.

The IM products from IBM Lotus, Microsoft, and Novell also integrate with their respective collaboration platforms. If you’ve committed to a particular vendor’s groupware, very likely you’ll be best served by their enterprise IM solution. On the other hand, there are other options to consider depending on whether you want application sharing or whiteboarding with IM, and what flavor of directory services runs in your infrastructure.

IBM Lotus Instant Messaging and Web Conferencing

IBM Lotus Instant Messaging and Web Conferencing (formerly called Sametime) is an old friend to many Lotus Notes and Domino users. Over the years, Sametime enabled people to have spontaneous communications or scheduled online meetings through the Notes client. In our testing of Version 3.1, this update works almost as well when removed from Lotus’ groupware applications. With the flexibility to connect users outside the enterprise (a feature shared by the other products in this roundup), better security and usability, and well-rounded platform support, this solution merits serious consideration for enterprises with assorted e-mail and application servers.

Lotus Instant Messaging and Web Conferencing runs on top of Domino, which adds a few setup steps, but nothing arduous. Testing in a Microsoft Windows 2000 Server environment, we started by installing and configuring Domino 6.0.3 followed by the Lotus Instant Messaging application server. With dialogs prompting us most of the way, Lotus IM was running within an hour.

Managing the Lotus IM server was straightforward using the Lotus Instant Messaging Administration Tool (an HTML- and XML-based application). We had no trouble connecting to Domino and LDAP directories and then specifying access privileges for employees listed. Similarly, we manually added new users, monitored different services (such as Web meeting and audio/video), and charted user activity levels.

Although dated in appearance, the Lotus IM client functioned well. With but a few clicks, we created buddy lists by department and saw who was available to chat.

All IM sessions and everyday tasks such as creating meeting invitations open in new windows, eating up valuable screen space. But balancing this annoyance, the product’s IP audio and video components are H.323-compliant, which allows Lotus users to communicate with partners running Microsoft NetMeeting. In addition, Version 3.1 introduces file sharing, but allows you to send only one file to one person at a time.

Lotus’s product has good security and privacy capabilities. Users are authenticated when they access the product; and Lotus provides the option to password-protect meetings and restrict invitees to a preselected group. Data encryption for both meetings and chats protects against unauthorized viewing.

We also saved chats as a text file locally for our informal reference. And Lotus can log chats at the server and save transcripts to a text file or Domino database, if you need an official record, such as might be required by financial institutions. As in other IM products, we easily changed our online status so we wouldn’t be interrupted.

In addition to adhering to multimedia and meeting services standards, Lotus IM supports SIP (Session Initiation Protocol) and SIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions). But to connect to MSN or AOL communities, the Lotus IM Gateway (SIP Connector) must be configured on a separate server from Lotus IM.

Administrators will also need to go through the same firewall and proxy server configuration exercises as with the other products; however, one SIP Connector will service multiple Lotus IM servers. But SIP isn’t perfected, as some of Lotus’s client functions are unavailable, such as file transfer and group chatting. That said, connecting with external users takes nothing more then entering their e-mail address.

A few architecture points caught our attention. A Lotus IM server may be located in your datacenter’s DMZ (demilitarized zone), so that external users can access the server without breaching your corporate network. Conversely, the Lotus IM client, using HTTP tunneling on port 80, permits employees to connect to a Lotus IM server over the Internet, letting businesses maintain tight firewall rules without impeding collaboration with clients or partners.

IBM offers multiple ways to extend Lotus Instant Messaging and Web Conferencing. For example, we used one of the Lotus IM client’s toolkits to embed (with a few lines of HTML code) presence awareness and chat into Web pages. With the C++, COM, and Java Toolkits, you can include Lotus Instant Messaging services (including log-in, awareness, and instant messaging) in Microsoft Office or custom applications.

All in all, IBM Lotus Instant Messaging and Web Conferencing 3.1 works well with Notes or most Web browsers. We liked the smooth transition from chat to application sharing or whiteboard sessions. Moreover, the range of application development tools offers customization options not typically found.

Microsoft Live Communications Server 2003

Like IBM Lotus, Instant Messaging and Web Conferencing, Microsoft Live Communications Server (LCS) is a multimedia platform that holds the promise of text, voice, video, and whiteboard communications combined with application sharing. For an enterprise looking to bring far-flung workers together in a variety of rich-media ways, LCS offers maximum flexibility — if the far-flung infrastructure is up to the task.

LCS can be set up as a stand-alone service or as part of a “prescient” Microsoft architecture in combination with Exchange and SharePoint Portal Server. With these servers in place, collaboration through office productivity applications is possible. The entire suite is not required for LCS, however. It can be installed as a stand-alone server application, but it does require Microsoft Active Directory. If your organization has built its network on Active Directory, then LCS is a simple, five-minute initial install. If your network is based on another directory, such as LDAP, then you will have to install Active Directory, which might add considerable time to set up.

Once installed, LCS offers encryption with either NTLM (NT LAN Manager) or Kerberos encryption provided through a TLS (Transport Layer Security) or MTLS (Mutually Authenticated TLS). LCS also supports full logging and archiving, making it a reasonable choice for organizations concerned with the requirements of HIPAA and the SEC.

Administrators manage LCS through standard Windows console interfaces, interfaces as familiar to administrators as command-line interfaces such as IOS. In fact, when it came time to make changes, the LCS interface was easier to navigate was the XML file of Jabber — XML files are flexible and powerful, but come at a high ease-of-use price.

Live Communications Server users connect to the system with the Windows Messenger client, which is similar to, but not the same as the MSN Messenger client. Beginning a text chat, video or voice call, whiteboard session, or file transfer is a matter of a mouse click or two, and application sharing is only slightly more complex.

The requirements of rich media transport over networks make taking advantage of the full LCS feature list tricky for users in remote or SOHO offices. Using SIP/SIMPLE for transport, LCS requires routers and firewalls that are SIP-compliant and provide plug-and-play NAT. Network administrators trying to work around the SIP requirements should, at the least, be prepared to open ports 1863 through 1900 for inbound traffic, though the NAT issue will remain a challenge for voice and video calls.

These issues are not unique to LCS, being common to SIP deployments for VoIP or video conferencing. They are significant, though, and until router and firewall vendors are able to come together with application publishers and standards bodies to agree on solutions, SIP deployments will be a major problem for many enterprises.

If an organization is already using Microsoft networking and rich media messaging, then LCS is the obvious choice. It leads the pack in messaging media options and integrates almost instantly with other Microsoft server applications. Groups that have built on other networking platforms have a harder decision, since LCS installation and management will be trivial compared to the infrastructure that will have to be put in place to support it.

Novell GroupWise Messenger

In the great groupware battles of the ’90s, Novell entered GroupWise in the three-way race for first place with Microsoft’s Exchange and Lotus Notes. GroupWise Messenger is the IM application in Novell’s groupware platform, and it provides basic text messaging in surprisingly flexible ways.

First, although GroupWise Messenger is only sold with GroupWise, it doesn’t require that GroupWise actually be installed for Messenger to run. For that matter, GroupWise Messenger doesn’t require NetWare — there is a fully functional version available on the Windows platform. We decided for a variety of reasons to install GroupWise Messenger along with GroupWise on a Netware 6.5 platform, but other options exist for organizations that need specific configurations.

Although GroupWise Messenger will install and run under Windows, the eDirectory integration under Windows is poorly documented. The installation process simply assumes that an eDirectory (Novell eDirectory 8.5.1 or NDS eDirectory 8.78 or later) tree is running or that the administrator has gained experience in setting up a tree from other sources. The tree is critical for messaging functions and must be logically visible to all clients. The software generates an RSA key pair on install, so the process of running a self-signed SSL server is invisible to the administrator.

Once installed, GroupWise Messenger provides server logs with three levels of verbosity for error confirmation and debugging. The product supports message archiving, so HIPAA- and SEC-regulated companies can demonstrate compliance.

GroupWise Messenger’s client is the simplest of the three we looked at, providing basic text messaging with few frills or distractions. This text-only messenger doesn’t support file transfers or rich media. Contacts can be sorted or placed in folders, but there are no rules about notifications or actions when users come online. One nice touch is a dialogue that asks whether the user wants to save the chat each time a Messenger window is closed.

GroupWise Messenger is less developed than Lotus IM and Microsoft LCS. Novell, however, is in the middle of a beta cycle for a new version that will leverage the company’s extensive investments in Linux by running on both Red Hat and SuSE Linux distributions. The new version will support a GAIM (GNU AIM) client and offer features like multiple media types, whiteboarding, and application sharing.