Enterprise IMs

Enterprise instant messaging systems have evolved into a core business application. We tested seven; find out which one has the best security and fullest feature set.

September 10, 2004

15 Min Read
Network Computing logo

After putting our seven contestants through the wringer, we awarded our Editor's Choice to WiredRed's e/pop Professional for its superior security capabilities, user interface, reporting and features. All the products we tested, however, are excellent solutions.

Our tests were performed using a dual 2.4-GHz Xeon server with 2 GB of RAM. We ran Windows 2000 Server when possible, except with the Microsoft (Windows 2003 Server) and Jabber (Red Hat 9) products. We used PCs running Windows XP Pro for clients. Our directory of choice was Active Directory, but we tested any of the special integration the groupware products had with their respective directories.

Send Me a Message

All the IM products we tested work similarly. An IM server is at the heart--all communications and presence information go through it. Client software or a Java applet connects the user to the IM server and authenticates him against a directory. With the applet approach, the end user doesn't install any software, but he may need a certain version of Java for it to work. Some vendors also support the creation of IM-only users inside their software suite or support user registration. Data also can be stored in an external database, such as Oracle. Once connected, the user appears on everyone's contact list and can receive messages. The central server can be configured to log all conversations, which helps you comply with Sarbanes-Oxley data-retention rules.Five of the products we tested--the exceptions were Microsoft's and Novell's--support broadcast IM. All products support private chat rooms, which we define as more than two participants in a conversation. We were pleased with IBM's public chat capabilities. We planned and set up meetings through a Web interface, specifying access rights and start and end times. None of the other products can schedule meetings. Sun and IBM provide the best moderator capabilities--we selected which users could speak or invite guests.

Access control was disappointing. Most of the products let you place limits on user capabilities, such as file transfers, screen sharing and broadcast IMs. However, for setting up walls between users and groups, our seven contestants were sadly lacking. The products from WiredRed and Novell are the only two that offer this capability out of the box. But Novell's user-capability controls are limited. Jabber's product can be configured to provide the same level of user control as that found with the products from Novell and WiredRed, but Jabber requires assistance from its professional services team, and this costs extra and it isn't mentioned in the documentation. As a result, Jabber got a zero grade in this category.

We paid close attention to the user interfaces for both the clients and the management server. Microsoft had the friendliest client--it's the same one used to connect to MSN, so it makes sense that it would be user-friendly. We especially liked the "search for contacts" feature, which lets you search for user name, e-mail address, company name or IM server. The client has clearly labeled buttons for adding contacts, sending messages and engaging collaboration features. We also found Jabber's client easy to use; a user's contact list and the entire user directory are separated by clickable tabs.

However, Jabber's management interface leaves much to be desired. The new Web interface is an improvement over editing XML files by hand, but the configuration screens are long and cryptic. The text formatting isn't consistent either, which makes it hard to differentiate between sections and subsections. WiredRed's e/pop has a unique format for displaying messages--it looks more like e-mail than a chat room. Novell's product relies on eDirectory. If you're not familiar with it, managing GroupWise Messenger will be confusing.

All the products except Novell's can authenticate against Active Directory. IBM's product can do the same, but still requires Domino. Novell's solution runs off eDirectory, which gives it a couple of nifty access-control features. Sun's product can use the Sun Java System Directory Server in addition to LDAP and AD. IBM Lotus Instant Messaging works with a Domino server and integrates with Lotus Notes.Obviously, an enterprise IM system that ties directly into your existing groupware will be more desirable. Groupware integration means one login name, one directory, additional collaboration features, a possible price reduction and one less support contract to worry about. IBM, Microsoft, Sun and Novell all offer IM as part of a groupware system.

E/pop was the most security-conscious product we tested. We could set up walls between specific users and groups, a feature generally lacking among our test products. These virtual walls don't hold up in public chat rooms, just IMs and private rooms. However, we were disappointed with the user controls, which are turned on or off in the executable rather than being dictated by the server. If you want to modify a user capability, you must give the user a new e/pop executable. You can prevent the end user from modifying these, but we found inflexibility in this model, especially when we wanted to update capability policies. WiredRed says it will move this control to the server in the next release.

E/pop includes a number of interesting features including a spellchecker, thesaurus and reply macros. We could add autoreply buttons into a message, letting the respondent answer simple questions with predetermined responses--not as sophisticated as the polling capabilities of IBM's or Sun's products, but it works on a small scale.

We were able to browse the entire user directory. In addition to a predefined list dictated by the server, users can create their own contact lists, LDAP groups can be added to personal contact lists and be updated automatically as needed. We sent messages, alerts and chat requests to individual users as well as entire groups, even the complete user directory.

E/pop's reporting and auditing components blew us away. Unlike the other products, which leave message reporting and auditing up to the purchaser, e/pop includes an extensive search-and-retrieval tool that lets you search by user, keyword, group or time. We created multiple administrators in the audit server and restricted individual admins to searches on select groups.E/pop Professional 3, starts at $39.80 per user. WiredRed Software, (888) 665-EPOP, (858) 715-0970. www.wiredred.com

Sun's enterprise IM product is part of the larger Sun Java System suite. When you use the full Java System, you can integrate IM with calendaring, e-mail and Web portals. Sun's ability to control user capabilities, such as permitting broadcasted IMs or entering chat rooms, is top-notch. These capabilities are set and dictated using an Identity Server, which means users cannot get around limitations and policy updates happen instantaneously. When we altered a user's capabilities to disallow broadcasting IMs, he was denied the capability. Identity Server isn't for the faint of heart; as with Novell's eDirectory, it's difficult to learn. We had to figure out what policies did, what templates were and how they interacted with each other, and hope not to blow it up.

Sun's client software is a Java applet launched from the browser or Java Web Start. We found the latter surprisingly quick and we liked the interface. Sun uses a tabbed IM window: When an IM chat begins, a window is created and all new IMs occur in an adjacent tab.

Like WiredRed's, Microsoft's and Novell's products, Sun offers advanced collaboration features. Sun leaves out remote control and screen sharing, but offers superior moderator capabilities in chat rooms. We could specify at group or user level who had permission to enter chats, read only, write or administer, and our moderator could screen and approve or reject messages from the audience. Polls are available as well, though these are limited to multiple choice or short answer. We preferred IBM's polling to Sun's. A newsboard feature let us post messages, pictures and Web links to various news channels.

We also liked Sun's offline operation capabilities. The server stores any alerts sent while the user is disconnected and displays them on next login. Users can also forward alerts to pagers, SMS or e-mail. We set offline messages as well. We had a user set his status to "on the road," and his message was visible to all after signing off.If you have the portal server installed, users get additional functionality. The portal displays the user's contact list on the main page. Users also can search their old IM logs, and calendar events can be sent as an instant message.

Sun Java System Instant Messaging, starts at $100 per seat for Java Enterprise System. Sun Microsystems, (800) 555-9SUN, (650) 960-1300. www.sun.com

Microsoft's IM product for Exchange wass poor. The Live Communications Server (LCS) is a new rewrite--and it shows. For starters, LCS uses SIP for message communications. IBM was the only other vendor that used SIP. The client software, Windows Messenger, is a triple protocol application. It can communicate with LCS via SIP, the old Exchange protocol and MSN. This could be useful if you need to migrate people from MSN or Exchange to LCS.

LCS only runs on Windows 2003 server and requires Active Directory. Users in AD must have SIP enabled, which requires modifying the schema. However, with that pain, you do get a gain. This lets administrators take advantage of Windows Group Policies for limiting capabilities. The options for access limits come with detailed instructions and documentation. But there are still some limitations: LCS cannot broadcast messages, and it lacks public chat rooms, moderator capabilities and polling. It also can't set up walls between users. Message logging does not include built-in viewing tools, so you'll have to write custom queries yourself against the SQL database.

Despite these pitfalls, LCS is easy to manage and use. The management interface has extensive documentation describing each user capability control. And we liked the privacy features of the client software. If someone tries to add you to his or her contact list, you can approve or deny this. The user's status doesn't appear on your contact list until you're approved. Jabber's is the only other product to offer this feature. LCS's collaboration features are quite extensive, with support for whiteboards, remote control and application sharing. Only WiredRed's and IBM's products match LCS when it comes to collaboration capabilities.Microsoft Office Live Communications Server 2003, $733 per server and $25 per client access license. Microsoft Corp., (800) 642-7676, (425) 882-8080. www.microsoft.com

Novell's client lacks features. It gets points, though for its integration with eDirectory. Shops that aren't running eDirectory or the GroupWise suite may want to skip this product. Although GroupWise Messenger is part of the GroupWise suite, you don't need to purchase the full GroupWise license for every user. Likewise, you don't need to have the GroupWise Client installed on the end user's machine. You must have eDirectory installed with ConsoleOne to manage and use Messenger, however.

EDirectory let us perform role-based administration for groups of users and set up walls between users. It does not give you control over user capabilities--not that there are many to begin with. The client interface is too basic. The lack of file transfers is irritating--you have to go back to e-mail. And Messenger doesn't support broadcast messages, public chat rooms, moderation, polling, or screen sharing.

Novell GroupWise Messenger, included with GroupWise, starts at $130 per user; $69 per user (upgrade). Novell, (800) 453-1267, (781) 464-8000. www.novell.com

The good news is that the IBM Lotus messaging suite has many great features and capabilities. Its public chat rooms and polls are better than those of the other products we tested, plus IBM offers the most collaboration features. The service requires a Domino server, and IBM includes a stripped down, IM-only Domino server. Users can search the Domino user database to add contacts and groups. Plus you can set up Lotus so that users authenticate against an external LDAP directory, but you still need to install Domino.The bad news is access control. User services can only be turned on or off globally, not by user or group. And you cannot create walls between users. Finally, the reporting engine is nonexistent, except for public meeting rooms. Finally, IBM's product costs more than all the others. The only exception is for Notes/Domino/WebSphere Portal users, who can get the product for free.

Lotus Instant Messaging and Web Conferencing 6.5.1, $48.50 per user. IBM, (800) IBM-4YOU. www.ibm.com

Rhombus is relatively new to this market and its product offers fewer features than the others. It lacks collaboration capabilities, its chat room features aren't spectacular and it has limited access-control options. The moderators for public rooms can only change the room's topic--they cannot screen content or ban users. You can search and pull data from the directory, though you lose group information in the process. Messages and alerts can be sent to offline users and stored until next login. Admins can search the IM archives only by date and user name of one or two participants. But Rhombus wins out on price--it's the cheapest of the products we tested. Rhombus says it usually targets small groups (fewer than 2,000 users), and we believe the product would fit nicely in that space.

Rhombus IM 3.2.3, starts at $995 (20 users). Rhombus Technologies, (866) 316-4297. www.rhombusim.com

Despite its last place finish, Jabber's product is quite good. Its client interface is excellent, its privacy features are better than the others and it has good contact-list management. You can see LDAP groups in the client, as well as create your own contact list and give people custom names. Jabber suffers on the back end, however. This latest version has a Web configuration interface. This is a welcome change, but the interface is still slightly confusing. Options are presented as a long list of radio buttons, check boxes and submenus. Setting up authentication against Active Directory involves several pages of instructions. You can get professional services to give server-dictated user capability blocking and setting up walls between users, but it will make the price higher.Jabber Extensible Communications Platform 3.1: Jabber Messenger (client), starts at $18 per registered user. Jabber, (303) 308-3231. www.jabber.com

Michael J. DeMaria is an associate technology editor based at Network Computing's Syracuse University's Real-World Labs®. Write to him at [email protected].

Once a mere plaything for Web addicts, Instant Messaging has evolved into a core business application. The advantages are clear: A reduction in telephone costs, tighter data security through improved oversight of employee communications, and immediate employee contact are just a few of the business reasons for adopting enterprise IM.

Setting up your own enterprise-ready IM solution makes sense. You archive all communications, and control security policies and service availability. An internal IM system also can work with your databases and authentication directories. Some of the enterprise IM products we tested supplement and work with groupware offerings. New messaging standards XMPP and SIMPLE (SIP for Instant Messaging Presence Leveraging Extensions) offer further infrastructure integration, which is particularly important since the Sarbanes-Oxley Act added data retention to its rule book. Knowing what information your employees are communicating to those outside the company and being able to log and store that information may be vital.

We tested products from IBM Lotus, Jabber, Microsoft, Novell, Sun Microsystems, Rhombus Technologies and WiredRed Software. Most offer some form of collaboration, such as screen sharing and multiparty chats. All proved uniformly excellent, but WiredRed's e/pop earned our Editor's Choice award for its security capabilities, extensive collaboration features and built-in auditing.No technology can be considered truly legit until it sets off an old-fashioned standards fight. For IM, there are two competing protocols and one spoiler.

The first is SIMPLE (SIP for Instant Messaging and Presence Leveraging Extensions). This protocol is an extension of SIP (Session Initiation Protocol), which is commonly used for VoIP. IBM and Microsoft have committed to using SIP. IBM's SIMPLE product, formally known as Sametime Instant Messaging, is the market leader. However, Windows Messenger 5, which can be installed on just about every desktop PC sold today, is also sticking with SIP. Vendors like SIP because it eases VoIP and video and Web conferencing. The hope is that you'll be able to integrate your VoIP and IM solutions completely. A user could place a purely VoIP call to a co-worker's phone using a computer with speakers and microphone. Proponents argue that SIP makes the most sense for these app. Critics claim SIMPLE is a misnomer, arguing that the protocol is complex and hard to implement.

On the other side of the line is XMPP (Extensible Messaging and Presence Protocol), formerly known as the Jabber protocol. XMPP passes information around using XML. Proponents say that it's simpler and more straightforward than SIP. They also point out that much of what SIP promises is not available and won't be for many years. With XMPP, though, you can get standardized IM today. And SIMPLE's supporters are still working out issues solved long ago in XMPP. This protocol doesn't have as many big vendors behind it, but it has grassroots support from many in the open-source community.

Then there's the hybrid approach. Transparent gateways encapsulate SIP traffic into XMPP, letting you take advantage of both.


EII Suites

your browser
is not Java

Welcome toNETWORK COMPUTING's Interactive Report Card, v2. To launch it, click on the Interactive Report Card ® icon

above. The program components take a few moments to load.

Once launched, enter your own product feature weights and click the Recalc button. The Interactive Report Card ® will re-sort (and re-grade!) the products based on the new category weights you entered.

Click here for more information about our Interactive Report Card ®.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights