|
Enterprise-Strength Instant Messaging By Richard Grigonis
I often joke that the only real change in my work environment over the last ten years has been the appearance of instant messaging. But there's much truth in jest. The ability to instantly create what is essentially a private chat room (at no cost) is a seductive power, and IDC estimates corporate IM-related expenditures are expected to grow from $133 million in 2002 to $1.1 billion by 2005. Total IM usage will soar from the present 65 million workers to more than 255 million, in that same timeframe. In fact, Gartner Group predicts that IM will surpass email as the preferred mode of communications by 2006 (for another viewpoint, see Editor's Eye: "What's Really Going to Happen with IM.")
IM messaging is now everywhere. On Net-linked PCs, of course - both wired and wireless; on cell phones as well, where it may exploit the now-ubiquitous SMS for communication between IM "proxy server" and wireless handset, or work within the WAP framework. As handsets become more powerful, screens larger, user interfaces more powerful, and as IP is extended to the handset in unadulterated form, pure IM-over-IP may begin to push SMS out of the network.
And yet - there's still no universal IM standard, though the IETF's SIP for Instant Messaging and Presence Leveraging Extensions (SIMPLE) protocol, promoted by IBM and Microsoft, is a contender, as is the Extensible Messaging and Presence Protocol (XMPP), an open standard proposed by the developers of Jabber, an XML-based IM application.
At present, however, the triumvirate ruling the IM universe consists of AOL, Microsoft and Yahoo!, each offering their own proprietary technologies. Friends and partners outside your company inevitably use different IM software than you do, so you may find yourself running all of the known IM clients in the universe, unless you perhaps install something like IM Auditor from FaceTime Communications (Foster City, CA - 650-574-1600, www.facetime.com) which can capture, store, monitor, and retrieve all IM messages sent and received from any IM network.
While all of us have had a jolly good time with IM public networks (and they've become integral to our business operations, complementing email, fax and telephony), the fact remains that these freebie IM systems offer little if any security, and there's no ability to monitor, record or audit employee conversations. IM systems allow file transfers, and lo and behold, worms have appeared that infect users via IM.
Now, however, both AOL and Yahoo! offer more secure enterprise versions of their clients, and Microsoft has announced its plans for the MSN Messenger Connect for Enterprises service, to appear shortly. So, first, let's examine the offerings of the Big Three:
AOL
AOL's (Dulles, VA - 703-265-1000, www.aol.com) Enterprise AIM service is compatible with the consumer AIM offering (indeed, the client software is the same), but more sophisticated abilities are transparently added-on. Based on technology from FaceTime, Enterprise AIM can restrict use of instant messaging by all or part of your staff, guarantee user identity, work with existing virus checkers, support centralized management, and maintain logging and auditing services to copy and store messages to and from all or select users for subsequent auditing by keyword patterns, date ranges, and names.
A principal component in Enterprise AIM is the AIM Enterprise Gateway, which, when deployed onsite, acts as a proxy between users inside the corporate firewall and those on the public AIM network, enabling enterprises to manage and control employee usage of AIM services. Enterprise users can still communicate both with employees inside an enterprise or with partners and customers outside the organization. Now, however, messages between employees are routed locally of the LAN rather than sent over the external IM network. Thus, AIM conversations within the enterprise stay behind the corporate firewall.
The Gateway allows administrators to configure the connection type (SOCKS 4/5), host name and port to connect users to the AIM network. It can interoperate with or without an existing enterprise Proxy server (SOCKS 4/5 or HTTPS). The Gateway also provides Identity Management Services (IMS) that enable administrators to control access, routing, and permissions; plus Archive and Audit Services that monitor AIM usage, log and audit messages, and help you create reports.
The AIM Enterprise Gateway server can support up to 10,000 users. It runs on Microsoft Windows 2000 Advanced Server or Red Hat Linux 7.1.
Optional features include Private Domain Services that allow an enterprise to create friendly Screen Names that follow the conventional form: user@company.com and Federated Authentication that enables an enterprise (not AOL) to manage user Screen Names from the corporate directory and authenticate those AIM users against the directory. This means that Yours Truly can sign on with a real name (e.g., "Richard Grigonis") rather than "RichGrig1253," or whatever, but AIM users outside the company will see the user name as the email address: rgrigonis@cmp.com.
Moreover, thanks to AOL partnerships with wireless carriers, mobile employees can also use their wireless devices that support the Short Messaging Service, the Wireless Application Protocol (WAP) or embedded clients to connect with AIM.
One can also use the Developer Access Package and Certified Developer Program to adapt AIM to other applications.
Soon AIM will offer VeriSign-powered security enhancements to the AIM client so that enterprise users can send and receive encrypted text messages (for an additional subscription charge)
AIM Enterprise licenses range from $34 to $40 per user.
MICROSOFT
Microsoft's (Redmond, WA - 425-882-8080, www.microsoft.com) Enterprise IM offering, MSN Messenger Connect, should be released around the time you read this. MSN Messenger Connect is a subscription service ($24 annually per user with volume discounts available) that integrates with Windows 2000, the Active Directory API, existing Exchange 2000 IM services and Microsoft SQL Server 2000. All conversations (such as transactions with customers) are logged to an SQL Server database, which is searchable. These logging and auditing capabilities are made possible through Microsoft is partnering with FaceTime and IMlogic, and were done so that financial institutions could comply with Securities and Exchange Commission rules for customer transactions over IM.
Microsoft's service also provides management and administration of user identities and IM namespaces for contact names within organizations.
Sometime in the future, MSN Messenger Connect will integrate into the Windows Server product family, code-named "Greenwich." This future offering will offer real-time voice, video, data collaboration and presence management. It will also likely support the SIP/SIMPLE standards (already supported in Windows Messenger). A hosted IM service based on an early version of Greenwich has already appeared: Reuters Messaging.
YAHOO!
The Yahoo! Messenger Enterprise Edition from Yahoo! (Sunnyvale, CA - 866-267-7946, www.yahoo.com) is a hosted service that interoperates with the existing Yahoo network. Users are authenticated against any corporate LDAP-based directory (such as those from Novell and Sun), and one's email address is used as the screen name "presence." Users can link their corporate ID to a Yahoo ID to preserve their pre-existing contacts (the appropriate presence information will show up in both environments).
The use of unsanctioned IM clients can be blocked and the system can force the use of virus checkers. Interestingly, Yahoo's IM system uses free 128-bit Secure Socket Layer (SSL)-based encryption. When IMing someone, part of the message window can display a photo and contact information of the other person. On the buddy list, the area normally devoted to stock market information and news can instead be replaced by your company's own portal, with links to a phone/email directory, etc.
Existing logging tools can be leveraged for auditing of inbound/outbound messages (the system supports client-side logging). Indeed, Messenger Enterprise Edition integrates with various products from BEA, Oracle, Sun, and TIBCO.
Namespace functionality allows administrators to enable/disable user IDs from the central corporate directory. Admins can also enable/disable various functions, such as file transfer.
The cost is $30 per user with volume discounts.
The Other Guys
The Big Three may capture headlines, but to obtain necessary technology they've in many cases partnered with companies already playing in the Enterprise IM space. Some of these companies specialize in tailoring secure IM systems to specific types of enterprises (e.g., financial).
ASYNCHRONY SOLUTIONS
Asynchrony Solutions (St. Louis, MO - 314-678-2200, www.asolutions.com) makes the Envoke product, a secure IM platform designed from the ground up to U.S. Department of Defense (DoD) specifications. Indeed, Envoke was originally the core of the Defense Collaboration Tool Suite (DCTS), and has now become commercialized.
Interestingly, Envoke is really an integration product. What Envoke does is to allow an individual through an Envoke window to see people, places and events on various other collaboration platforms, such as CUSeeMe, Lotus Sametime, Microsoft NetMeeting, etc. It also happens to be an instant messaging system on the portal, but the key benefit is its integration abilities. Therefore, Envoke can easily integrate into legacy enterprise IP infrastructures.
Envoke travels over HTTPS, which is the same security system used for credit card transactions. Any communication or file transfer can be logged. The organization can add, delete and modify user controls and passwords.
COMMUNICATOR
Communicator (White Plains, NY - 914-872-2800, www.communicatorinc.com) has long provided a secure corporate end-to-end IM service, called Hub IM. Like other enterprise-strength IM systems, Communicator doesn't use a common server the way consumer IM systems to, and they won't let users adopt the aliases they use in consumer IM databases; instead, users are verified against their corporate directory.
Communicator recently scored a major coup when a user base of over 50,000 spread out among eight major Wall Street firms and other institutional money management organizations decided to contract for Communicator's enterprise instant messaging and identity management services (called Hub ID) through 2006. Instead of eight totally separate systems, Communicator's "gated community" federated directories approach compels users to identify themselves through the Wall Street consortium's single portal, Bond.Hub. Communicator's approach to identity management will serve as the prototype for the Liberty Alliance specification and the company has announced that Hub ID will be the first Liberty compliant service in production and in use in an inter-enterprise environment.
Communicator Hub IM can be used either as a stand-alone application or in a web browser. Pricing begins at $50 per user, per year.
IBM/LOTUS
The Lotus Software Group at IBM (Cambridge, MA - 617-577-8500, www.lotus.com) offers the Sametime product family, which adds IM to the Notes/Domino portfolio.
A Sametime system consists of the Sametime server, the Sametime Connect client and the developer toolkits. The server provides manages information flow between the Sametime Connect clients, including text messaging, streaming audio and video, a shared whiteboard and shared applications. The Sametime Connect client is used by employees as the actual vehicle for IMing and collaboration. The developer toolkits can be used to embed realtime collaboration into various web- and Windows-based applications.
Three other components further extend Sametime's capabilities by enhancing scalability and enabling connectivity with Sametime users outside a company's LAN: The Sametime IM Gateway securely connects users to other instant messaging communities. The Enterprise Meeting Server allows companies to host and administer enterprise-wide web conference environments. Finally, with Sametime Everyplace, the presence awareness and instant messaging capabilities of Sametime can be extended to users with mobile phones and wireless PDAs.
Last year IBM started shipping SIMPLE support in Sametime version 3.0, which allows Sametime administrators to link of their IM communities. Sametime also allows connectivity with AOL AIM users.
IMLOGIC
IM Manager from IMlogic (Boston, MA - 617-757-7740, www.imlogic.com) needs no new client configuration deployment or changes to the desktop, since it supports all major public IM networks and enterprise IM servers including AOL, MSN, Yahoo!, Microsoft Exchange 2000 IM, and Lotus Sametime. It maps employee IM screen names to corporate identities and can identify specific employee or workgroup usage of IM. Companies can leverage their existing LDAP directories to identify and define users and groups. Managers can control employee access to IM, block file transfers and/or disable IM networks from corporate use.
IM Manager stores IM Messages in a searchable archive and satisfies accepted compliance and audit procedures. IM Manager has been field tested to 50,000 seats in global Fortune 100 companies.
JABBER
Jabber's (Denver, CO - 303-308-3231, www.jabber.com) Enterprise IM is based on the open-source, extensible XML-based Jabber protocol for realtime message and presence exchange between two points on the Internet. Jabber's protocol is being proposed as an IM standard under the moniker XMPP. Jabber's asynchronous IM platform is decentralized - a Jabber server can be run anywhere, and if security needs arise a server can be isolated from the public Jabber network.
WIREDRED
WiredRed Software (San Diego - 858-715-0970, www.wiredred.com) has risen to challenge the IM competition with e/pop 3.0. WiredRed's offering supports rich text formatting, embedded hyperlinks, file attachments, spell checking, pictures, sounds alarms, and flashing. A message macro feature allows you to design common message templates for often-used types of communications (e.g. memos). Message macros can be invoked by simply selecting the recipients and clicking the message macro button of your choice. Desktop shortcuts can be created to access message macros and a global system-wide hotkey can be used to access a message macro while using other applications.
An instant button feature allows for one-click replies to instant messages.
WiredRed's e/pop is based on their Real-Time Routing Architecture, a secure, two-way communication platform, which also provides the foundation for e/pop Real-Time Software Development Kit (SDK). WiredRed has more than 3,000 corporate installations and hundreds of universities and local, state and federal government agencies.
|