As we saw in Part Two of our weeklong guide on the fundamentals of enterprise instant messaging, businesses have a number of options to bring instant messaging under control. IT can layer a gateway solution on top of existing public IM, deploy a wholly in-house solution similar to how many large firms handle their e-mail, or leverage a hybrid solution.
Regardless of how the overall architecture, several features found in both gateways and standalone enterprise IM servers are crucial to firms’ successful implementation of business-grade instant messaging. Today’s article will explore those features with an eye to outlining key criteria that IT buyers need to keep in mind when deciding on an instant messaging solution.
The eternal challenge for IT executives is deciding whether to outsource or bring an enterprise solution in-house. That’s no less true in instant messaging, a space in which corporations are striving to come to terms with the technology’s spread into their businesses.
Fortunately, a number of the same features are available in enterprise instant messaging offerings in both the outsourced and in-house camps. Others are unique to one side or the other.
Understanding those features and appreciating the differences in product offered by business-grade IM vendors is critical to selecting an ideal, cost-effective solution for your enterprise — be it a smaller firm or a large-scale deployment in a Fortune 500 company.
Criteria to Consider
Before we look at what IM offerings are available, we should discuss some of the features that IT buyers should be looking for in an enterprise instant messaging system.
A primary consideration for IM applications is, quite naturally, making sure that the user logging on to your corporate IM system is who they claim to be. Many mechanisms can be used to ensure a user’s authenticity, although many Enterprise IM (EIM) systems and gateways choose to rely on an underlying authentication mechanism, such as directory services, rather than utilize their own authentication system.
If you have such a system, Microsoft’s Active Directory or Novell’s Directory Services, for example, make sure that the EIM system you implement can interface with them. This will negate the need for company employees using your IM system to maintain more than one username and password to access both the network and IM application.
With IM becoming such a popular communications tool, it’s reasonable to assume that conversations conducted via IM will, at some point, contain information that is company confidential — even if it’s just last month’s sales figures or the home telephone number of an executive. For this reason, you will need an IM system that provides security for messages as they are transmitted, even if all such transmissions will be within your network.
All of the EIM systems and gateways discussed in this article provide some level of security, though some offer more features than others. Commonly accommodated features include secure sign-on, digital signatures and encryption.
A widely used feature of IM solutions is the ability to transmit files between users. Just as with e-mail, you need to make sure that files you are receiving (or sending, for that matter) are virus-free.
Because of the overhead involved with creating anti-virus systems, many EIM providers plug into third-party anti-virus products. This means that in some cases, you might get anti-virus support without having to make an additional purchase.
One of the biggest concerns with allowing IM is that it is likely to be abused by employees, rather than used for business communications. For that reason, comprehensive logging is a key element to EIM systems and gateways. In some settings, the logging may even be necessary as part of regulatory requirements — this is true in industries like financial services.
If you have specific logging requirements, make sure that the EIM system you implement accommodates them. Be aware that not all logging systems are equal, and some offer much more detail than others — such as instantaneous keyword flagging of suspect phrases. Also consider what formats the logging information is available in. Most EIM systems support logging to a SQL database as well as a variety of other formats.
Also worth considering is whether your enterprise IM system’s logs can be integrated with your e-mail logs — making auditing simpler by combining the systems’ archives.
While all of the IM systems discussed here provide the basic IM functionality, some products are more feature-rich than others. Things to look for that you may not have considered are centralized administration of user lists, the ability to send broadcast messages to entire groups of users at a time — useful for communications from IT administrators, for instance — and advanced notification capabilities, including integration with wireless Short Messaging Service.
If you already use Web conferencing, look into whether your EIM offering provides similar capabilities. Other, more subtle features, may not be mission-critical, but they can add considerably to users’ IM experience. For instance, customizable presence states — which enable a user to indicate not only that they’re unavailable to receive messages, but to specify that they’re actually in a third-floor meeting — can make employees’ use of IM far easier and more effective.
It’s easy to think of IM as a lightweight network application, and generally, it is. But like with other enterprise applications, as the number of simultaneous users increases, demands on the servers and underlying infrastructure can balloon as well.
Continued on page two.
Continued from page one.
In a small LAN with an already underutilized server, loading the new IM software on may not have any noticeable effect on system performance. In a large organization with thousands of users, you may find it necessary to install multiple servers — in addition to licensing additional software necessary to plan and execute IM server deployment, troubleshoot bottlenecks, and maintain uptime.
Another crucial consideration is operating system support on both the server and client side. Because of the relative newness of the industry, not every enterprise IM solution is available on every common platform, and supports every common type of database or corporate directory. This is even more of a consideration on the client side, since the variety and configurations of operating systems in use on the desktop often tend to be greater than in the server room.
Last, but by no means least, in our list of important considerations is the administration model. Managing any IM system will add to your administrative workload, but the more flexible, centralized, powerful and intuitive the administrations tools, the easier your IM system will be to implement.It pays in time and effort to consider an upfront integration of your IM administration with the same way that an enterprise administers its e-mail controls and privileges. Otherwise, IT staff will be forced to configure the same sorts of controls multiple times for the same user.
Common Enterprise IM Solutions
Now that we have looked at some of the important considerations in buying an enterprise IM solution, it’s time to take a quick look at a handful of the offerings available today.
It should be pointed out that this is, by no means, a comprehensive list of EIM systems available. (Indeed, for a more thorough treatment, check out the InstantMessagingPlanet product guide.) Instead, this list is aimed at covering a cross-section of the space, to better give the IT buyer a sample of what’s out there.
IBM Lotus Instant Messaging & Web Conferencing
Formerly known as Lotus Sametime, Version 3 of IBM’s Lotus Instant Messaging offering is a full-featured IM and Web conferencing system. The product comes with its own directory system for authentication, but it can also plug into other LDAP-compliant directory services systems to provide single sign-on capability. Version 3 also includes an IM gateway that allows separate organizations using Lotus IM to communicate with each other securely.
Pricing runs at $38 per registered user or $25,700 per processor for unlimited extranet use. There are no licensing minimums and so the product offers a viable solution for even the smallest business. There are no requirements to be using Notes or any other Lotus products. The current version supports Windows server platforms and clients.
The next version, 3.1 (to be announced later this summer) will also include support for Unix and Linux platforms. One of the more notable features of IBM Lotus Instant Messaging, from an IM point of view, is that it can be used to communicate with AOL IM users.
Sun ONE Instant Messaging
Sun ONE IM is a real-time messaging and collaboration product that boasts all of the features you would expect from an enterprise-level IM system and then some. As well as basic IM functionality you get Web conferencing, broadcast level messaging and user configurable client lists. As you would expect, there is a great deal of cross product compatibility with other Sun offerings including interfaces with Sun ONE Portal Server and Sun ONE Calendar Server.
Strong management facilities include features like the ability to prevent users from closing the client interface, user access controls and message archiving within a fully searchable database system. In addition, message conversion API’s allow for integration with third party products such as content vetting and anti-virus solutions.
Client support is some of the broadest available and includes Windows 2000, Sun Solaris 9 and 8, Apple Mac OS 10.1, Microsoft Windows 98, NT, 2000, and XP and Red Hat Linux 7.2 or later. Server support includes Sun Solaris 9 and 8, Microsoft Windows 2000 and Red Hat Linux 7.2 or later. Pricing starts at $30 per user with a tiered volume discount.
Sigaba Secure IM
A relative newcomer to the world of EIM, Sigaba Secure IM places a great deal of emphasis on its comprehensive security features, which include integrity checking, end-to-end encryption, and digital signatures for portions of a message or entire conversations. Sigaba supplies “adapters” to plug into NDS and Active Directory or you can choose to use the built-in authentication system. Anti-virus scanning for attachments is achieved via a plug-in for McAfee antivirus.
From a client perspective Sigaba IM offers both IM and chat capability with multiple person conversations. Support for attachments goes along with other standard features such as groupings within user lists, messaging within groups, user muting and user warning. Central management is performed through configuration files. Server support includes Red Hat Linux and Windows NT/2000/2003.
Aimed primarily at the financial services, healthcare and government sectors Sigaba IM comes in at $68,000 for a 1,000 user license. Other licensing models, including a two-year license agreement are available.
Effusia Business Messenger
Targeting businesses in the 25 to 500-user range, Effusia Business Messenger from Liquid Communication Systems is a full-featured, stand-alone IM system offering SSL encryption, administrative control of contact lists, broadcast messaging, invitation-only meetings, drag-and-drop file transfer between users, offline messaging and server-side message logging (optionally to an SQL database but to rolling XML logs by default).
Pricing is based on number of concurrent users. Users are free to install as many Effusia Consoles (the client software) as they like, but may only have the licensed number of users logged in at any given time. Pricing ranges from $40 per user for a 10-user license to $12 per user at 500 users. Currently Effusia has its own user database and authentication system, though a representative for the company says that it will be including an LDAP (and Active Directory)-based plug-in in the next upgrade.
e/pop from WiredRed software comes in two versions — a Professional client and a Basic client. The main differences between the two are that the “pro” client offers application sharing and remote control, which the company says makes it a valuable tool in IT support situations. e/pop also has a Java-based client and a one-way IM client called e/pop Alert designed for corporate broadcasting.
Continued on page three.
Continued from page two.
e/pop’s strengths lie in its strong attention to security, excellent logging capabilities and content vetting. The e/pop client has also has some cool features including a spell check and a message expiration capability.
Licensing costs are dependent on the number of client licenses, but examples of what WiredRed calls its most popular small business packages work out at around $40 per user. This includes the e/pop server software and the client software and access licenses. Server support is confined to Microsoft operating systems. System requirements from a hardware perspective are modest with the minimum processor requirement of a 486.
Ipswitch Instant Messaging
If all you want is basic IM capability with not too many frills, then Ipswitch Software‘s Instant Messaging product could be the one you for you. Although it has good levels of security and logging functionality, it lacks some of the more collaborative tools found in other IM products.
Pricing is some of the most aggressive around at $695 per server with unlimited clients, but support on both the server and client sides is restricted to Windows operating systems.
In addition to the slew of hosted enterprise IM vendors, there are also a number of major players offering proxies that businesses run on their networks to authorize, monitor, and manage employees use of the public IM networks, like AIM/ICQ, MSN Messenger, and Yahoo! Messenger. Typically, solutions require little in the way of infrastructure investment; annual licensing fees run upwards of $24 to near $50 per user, with volume discounts.
Since 1999, FaceTime has been offering enterprise IM solutions starting with IM-based call center applications and later moving into the IM gateway space. There, Foster City, Calif.-based FaceTime has proven itself one of the driving forces in the industry — signing a number of major financial institutions to its client roster. Furthermore, America Online turned to FaceTime to provide the technology underlying its own enterprise IM gateway (see below.)
FaceTime offers separate products for IM blocking and monitoring, logging, and full-fledged management for employees’ use of the public instant messaging networks. Its products integrate with corporate directories such as Microsoft Active Directory, Lotus Notes Domino, Sun ONE Directory Server, and Novell Directory Server.
In addition to formalized partnerships with AOL, Microsoft and Yahoo! to apply management controls to their IM traffic, FaceTime also has agreements to support a wide range of third-party IM systems popular in financial services, such as Communicator Inc.’s HubIM system, Reuters Messaging, and Lotus Instant Messaging.
Entering the IM gateway market with a bang in 2001, IMlogic has captured a marquee list of customers like Merrill Lynch, Bear Sterns and Stifel Nicolaus for its gateway solution. Like FaceTime, IMlogic manages public instant messaging traffic — provisioning IM capabilities to some, limiting access by others, and blocking unauthorized users, at the discretion of corporate IT.
It similarly offers support for major enterprise IM systems like Lotus Instant Messaging and integration with LDAP directories.
IMlogic also brings to the table a close relationship with Microsoft. As a result, its IM Manager application will integrate with the software giant’s “Greenwich” Real-Time Communications Server, and IM and presence platform slated to ship later this year. IM Manager also has been named as Microsoft’s technology partner enabling companies using Greenwich to communicate with external users of the MSN Messenger network.
Competitors tend to point to the fact that Akonix doesn’t have formal relationships with AIM, MSN Messenger or Yahoo! Messenger for management of their IM traffic.
But the San Diego-based IM gateway vendor has close ties with Microsoft’s Internet security group — the gateway vendor is also a Microsoft business partner — and in November, began offering integration with Microsoft ISA Server 2000. It also is partnered with Check Point Software: it’s Check Point OPSEC Certified and integrated with Check Point FireWall-1.
In addition from such well-known allies in the infrastructure security space, Akonix also has boasts relationships with compliance and storage firms like Iron Mountain, Zantaz, Persist and Legato — at least one of which is potentially already in use at businesses in heavily regulated industries.
Despite the lack of formal messaging relationships with the Big Three public IM vendors, strong relationships in the security field and a growing client base are proving their own testaments to Akonix’s effectiveness.
In addition to third-party gateway providers like Akonix, IMlogic and FaceTime, the major forces in public IM also have launched their own proxy-based services. Unlike those three vendors, however, the solutions from America Online, MSN and Yahoo! police only their own, single IM network — making these offerings ideal for businesses that have standardized on one public instant messaging client.
The chief value of the solutions is that each provides for federated authentication and namespace control — enabling IT staffs to create firstname.lastname@example.org identities for employees that ensure that IM users representing themselves as company employees, are, in fact, who they claim to be.
At a lower price point than its rivals, Microsoft provides little more in its Connect for MSN Messenger gateway, opting instead to rely on partners like IMlogic to provide logging and more advanced features.
Yahoo! offers integration between its Yahoo! Messenger Enterprise Edition and other applications that businesses might use, such as WebEx Internet conferencing and BEA Systems’ WebLogic Workshop. As with MSN, advanced logging services are handled through the product’s integration with partners like FaceTime or IMlogic. Yahoo! Messenger Enterprise Edition runs on Microsoft Windows 98/NT/2000, and requires SunONE Web Server (with support for BEA WebLogic Server coming soon.) Corporate directory and portal integration requires SunONE LDAP, Microsoft Active Directory or Yahoo! PortalBuilder 4.5.
AOL’s AIM Enterprise Gateway recently added LDAP compatibility to its product and support for linking the Gateway to other enterprise apps via a Java API. The product supports Intel-based Red Hat Linux and Windows 2000 Server/Advanced Server platforms and Oracle 9i and Microsoft SQL Server 2000 databases.