|
Independent Evaluations of Networking Products and Tools |
|
Corporate Instant Messaging IBM Lotus Sametime let us communicate everything we wished via IM. It integrated well with other IM products, was easy to use, was highly scalable and gave us excellent security. Messaging has come a long way from the early days of rudimentary chat programs, the DOS and Windows “NET SEND” command and the NetWare “SEND” command. The ideal corporate IM environment lets your users communicate anything and everything they choose, from simple typed messages to documents to video. It should tell employees which colleagues are available for an impromptu meeting and which don’t wish to be disturbed. The ideal IM environment must offer impenetrable security that thwarts intrusion attempts as well as IM-borne malware. It must be nimble and responsive, intuitive to use and administer and integrate seamlessly with other IM products and IM protocols, such as AOL Instant Messenger (AIM). Ideally, it safely archives IM sessions for later easy retrieval by an auditor, is highly scalable, exhibits rock-solid reliability and uses network resources frugally. The ideal IM environment integrates with either or both Windows Active Directory and Lightweight Directory Access Protocol (LDAP) for grouping and authenticating users. It additionally has VoIP capabilities. The ideal IM platform makes holding meetings via IM as productive as – or even better than – meeting face to face. To see which IM tool is best for the enterprise, we invited vendors to send their products to our Alabama lab. We received Extensible Communications Platform (XCP) 5.2 from Jabber, Lotus Sametime 7.5.1 from IBM and Openfire Enterprise Edition 3.2 from Jive Software. We downloaded Gordano Messaging Services (GMS) 5.0 from Gordano’s FTP site and Mirador Instant Messaging for Windows 3.0 from Serial Scientific International’s (SSI’s) Web site, and we accessed WebEx’s AIM Pro Business Edition via the Internet (See “How We Did It”). IBM Lotus Sametime earned our Clear Choice award for its superior messaging, high level of integration with other applications, ease of use, scalability and excellent security. Quite nearly as excellent and carrying a much lower price tag is Jabber’s XCP. Cisco’s WebEx AIM Pro is a great choice if you prefer to outsource server operations and your users have reliable Internet connections. IBM Lotus Sametime Sametime is a feature-rich environment, we found, for network-based collaboration and conferencing. It consists of the Sametime Server software and client-based Sametime Connect software. Users can message each other via Sametime Connect, a Web browser or from within Lotus Notes. Sametime Connect can also be launched directly and easily from within Microsoft Office and Outlook. All these points of entry worked well in the lab. Sametime’s messaging interoperated seamlessly via IBM-supplied gateways with AOL Instant Messenger, GoogleTalk and XCP. Setting up these gateways merely involved installing the software on Internet-accessible servers and, in the case of AOL, installing a digital certificate to authorize the IM traffic. Sametime’s security used 128-bit encryption for data privacy, and users were authenticated against Lightweight Directory Access Protocol (LDAP) or, if we specified, Lotus Domino servers. Our Sametime hacking attacks, which included robot password crackers and, for eavesdropping, protocol analyzers, were futile. Sametime also kept IM-borne spyware and spam from annoying our users. Furthermore, IBM says it will soon change its encryption method to be FIPS-140 compliant. Its reliance on LDAP or Domino for user authentication made administering Sametime simplicity itself. For example, we only had to publish the Sametime server’s name, set up policies to allow or disallow file transfers, specify which users couldn’t use the AOL gateway, specify the number of days to save IM transcripts and set a maximum image size for IM-transmitted screen captures. Additionally, Sametime gave us the ability to search the IM archive by date or user for auditing purposes. In our stress tests, Sametime never used more than 8% of the available bandwidth, which made it nearly as resource-frugal as Jabber’s XCP. IBM uses Sametime internally and claims that it needs only four servers to support its 380,000 worldwide employees, who send 5 million messages each day. Sametime’s set of features is rich yet nonetheless child’s play to use, mostly because IBM thoughtfully added user-oriented conveniences to Sametime. For example, Sametime changes a user’s “presence” automatically to “in a meeting” when the user’s Notes or Outlook calendar indicates there is a meeting scheduled. When a user is away from their PC for a specifiable period of time, Sametime automatically marks the user’s “presence” as Away. And Sametime adds a system tray icon that makes changing “presence” quick and painless. Sametime’s “presence” concept, in addition to denoting that a user is Away, Busy or In A Meeting, reveals geographic location data so users know the time zone colleagues are physically working. It even lets users specify they are Available to some users but Busy to others. Going beyond text messaging to share documents, images and even video is easy in Sametime, and it integrates with VoIP to make switching from typed messages to a phone conversation (multiple-party, if you like) completely transparent. Sametime’s Web conferencing automatically captures details of who attended a meeting and a transcript of the meeting. It offers breakout sessions within the overall Web conference, and users can tell Sametime to switch to “off the record” mode to prevent anyone from saving information they’ve typed but don’t want attributed to them. The Sametime server software, which requires that Lotus Domino be already installed, runs on AIX, i5/OS, Linux (Red Hat and SUSE), Solaris and Windows Server 2000 and 2003. Extending Sametime with custom programming to integrate, for example, with an in-house-written application is easy through its well-documented programming interface. With less than a day’s programming, we added Sametime awareness via “presence” and contact names to a Visual Basic program. Sametime’s copious printed documentation is clear and comprehensive, and even includes a Sametime for Dummies booklet. Installation took less than an hour. Jabber Extensible Communications Platform (XCP) XCP had an impressive range of features, scaled extremely well in a linear fashion and integrated well with other IM environments such as AOL Instant Messenger (via Jabber’s AIM Gateway) and Lotus Sametime (via a Sametime gateway). XCP consists of a Connection Manager, Jabber Session Manager and Core Router. Client connections, gateways, and server-to-server connections go through Connection Managers. The Jabber Session Manager processes sessions for individual clients as well as presence and roster data. All components communicate through Core Router(s). The server software runs on Windows Server 2000 and 2003, Red Hat Linux and Sun Solaris. Jabber’s platform authenticates users rigorously. XCP exhibits excellent security with respect to both authentication and confidentiality. Using Simple Authentication and Security Layer (SASL; see RFC 4422), XCP verifies the identity of each client. Because the XCP server validates (“stamps”) sender addresses, a hacker can’t spoof addresses to seemingly insert himself into the XCP environment. And Transport Layer Security (TLS; see RFC 4346) ensures no eavesdropping of messages occurs. XCP even blocked spyware and IM spam. XCP’s security was unassailable in our tests. It stores registration, authentication, user lists, vCard and offline message data in an Oracle database, which your IT department supplies, and XCP can access user data stored in Lightweight Directory Access Protocol (LDAP) or Active Directory (AD) repositories as well. We tested the Oracle storage option, which was easy to set up and use. XCP uses XML within the Extensible Messaging and Presence Protocol (XMPP) to send and receive messages. We were able to efficiently and easily exchange messages and files, including video, through XCP’s IM environment. XCP’s VoIP integration, which let us switch from keyboard to voice and back again, also worked well. Because GoogleTalk is also based on XMPP, XCP clients can send and receive messages to and from GoogleTalk clients without needing a separate gateway. XCP communicated with AIM, via the included SIP/SIMPLE gateway, and GoogleTalk seamlessly in our tests. We found XCP’s browser-based administrative console intuitive to navigate and responsive. We used it to authorize users and groups to use the AIM gateway, monitor the running of Connection Managers and specify the severity level of XCP syslog entries. Simulating an audit, we searched XCP’s message archive by date and user to examine the content of IM sessions. Jabber claims that a single XCP server, configured with a pool of Connection Managers for controlling client/server sessions and linked to a single Oracle server, can support 2 million subscribers and 100,000 concurrent sessions with a latency of less than 0.29 seconds. Our stress tests, which subjected XCP to a barrage of messages from a simulated 1,000 clients, showed XCP used a meager 6% to 7% of available bandwidth. An XCP user can set his or her “presence,” which displays next to each contact name, to Available, Away or Do Not Disturb. Launching an XCP-based Web conference in the lab was a breeze. XCP interfaced easily with Adobe Acrobat Connect Professional, Cisco Unified MeetingPlace and WebEx. For mobile users, Jabber offers a client module for RIM Blackberry users, which also worked well. XCP comes with a comprehensive programming interface for customers wanting to customize or extend XCP’s capabilities. The clear, easy-to-follow soup-to-nuts documentation is in printed form, and installation is a snap. WebEx AIM Pro Business Edition WebEx (purchased by Cisco last March) maintains IM servers that users can connect to via a browser-based client module over the Internet. From anywhere on the Internet, you can log into WebEx AIM Pro Business Edition and chat with other employees or business partners. WebEx handled all the messy details of server operation, such as monitoring utilization and ensuring the servers were up and running. While this can be a big advantage for customers who like to outsource server operations, it unfortunately can also be a disadvantage. We had to trust WebEx to make its IM services always available and safely make backup copies of our IM session archives. Your Internet connection must be alive and well to use WebEx AIM Pro Business Edition. To share files, especially video streams, you’ll need reasonably fast Internet links (512 kb/sec or better). Moreover, if some employees of your company lack Internet connections – perhaps they’re insulated from public access for security purposes – they won’t be able to use WebEx AIM Pro Business Edition. WebEx AIM Pro Business Edition works closely with WebEx’s other offerings, such as the vendor’s primary product, Web-based conferencing. Launching a WebEx conference session from within the IM client took just one mouse click. WebEx AIM Pro Business Edition integrated with our Outlook calendars and address books to know, for example, when a person was in a meeting or otherwise away from his or her desk. From within a messaging session, we could easily share documents and even video clips. It also supports switching instantly from a messaging session to a VoIP-based phone conversation. Via WebEx-maintained gateway servers, WebEx AIM Pro Business Edition gave us seamless access to AOL Instant Messenger users. We particularly appreciated WebEx’s tools for batch uploading of user and group data from our Active Directory (AD) tree, and we could use our Outlook address books to initiate WebEx AIM Pro Business Edition sessions just as if the contacts were already in WebEx AIM Pro. WebEx maintains message archives that administrators can search and download to ensure compliance with applicable laws. Security consists of 128-bit SSL encryption, for confidentiality, as well as password-challenge authentication by WebEx. The WebEx IM servers automatically scan messaging traffic for viruses, worms and other malware. They also block IM-based spam – unsolicited messaging sessions initiated from outside your network. WebEx’s online documentation is clear and comprehensive, and installation of the client module is a snap – no server installation needed. Openfire Enterprise Edition Jive Software’s Openfire Enterprise Edition (formerly called CrossFire) is a commercial version of the open source Openfire server software. The Enterprise Edition – which requires Java 5 support and typically runs on Windows XP/2000/2003, Linux, Solaris and Macintosh OS X – adds to the open source version such features as a Web client, SIP softphone, more sophisticated reporting, better client management, message bookmarking and message archiving. The commercial version also sports what Jive Software terms Spark Skinning, which gives users the ability to customize the look and feel of the chat client, and Fastpath, which automatically routes chat requests to the next available agent. Fastpath impressed us as we used it to transfer chat sessions, invite others to join a chat, set up canned responses and maintain a chat history. Administering Openfire was a painless process. We viewed statistics on active users and conversations, monitored group chat rooms and searched through message archives by date, user, and keywords. We were even able to create what Jive Software calls chat bookmarks, which tells users about each chat room’s purpose and subject matter. We applied these bookmarks, at our option, to individual users, groups or all users. Openfire uses a published database schema and includes an embedded database. We used the schema to connect Openfire to Oracle, and Jive Software says you can also use MySQL, SQL Server, Postgres, DB2 or Sybase Adaptive Server. Openfire is XMPP-based and interoperates with other IM environments, such as XCP and GoogleTalk, with ease. Openfire also includes a public gateway software module so your users can have messaging sessions with, for example, AOL Instant Messaging users. Openfire’s Java underpinning limits its performance and scalability. Our stress tests revealed that, while Openfire’s network utilization was less than 10%, it consumed considerable server CPU (from 40% to 70%). We extrapolated from our stress tests to conclude one Openfire server is able to handle up to 30,000 user connections. Openfire’s security relies on the security provisions within XMPP (primarily TLS), and the Openfire server makes certificate management a simple affair. With a little programming and setup effort, we linked Openfire to an LDAP server and to Active Directory. Jive Software says Openfire can also use native Windows or Unix PAM authentication. Jive Software’s “presence” flag, which appears in the Web client’s contact list, tells you if another person is currently online, offline or typing. The IM Web client is a snap to navigate and use, and the bookmarks make finding the right chat room a breeze. We found Openfire best suited for the sort of Web-based customer interaction best exemplified by Web page links that say, “Click now to chat with an agent.” For example, in one test, we used Openfire’s Fastpath to efficiently route chat requests to a pool of agents waiting for customer queries. It’s less useful for intra-company employee conferencing and collaboration. To its credit, however, Openfire did integrate with Microsoft Outlook’s calendar, and its VoIP integration let us turn a messaging session into a phone call with a single mouse click. Its online documentation is comprehensive but lacking in detail with respect to some server operations. Installation takes just a few minutes. Gordano Messaging Services (GMS) GMS is a suite of well-integrated software components from which you can pick and choose the IM features you want to deploy across your network. We tested GMS Instant Messaging (GMS IM), the cornerstone module, as well as GMS Collaboration, GMS Mail, GMS Anti-Spam and GMS Archive. These are optional modules that added conferencing, e-mail, avoidance of unacceptable topics and message storage to our IM environment. The suite runs on Windows NT/SP/2000, Solaris, AIX and Linux. GMS IM offers both a native Windows client and a Java-based client. Both have a similar look-and-feel, and both worked well in the lab. With each client, we opened chat sessions, sent messages, managed our contact lists and, via GMS Collaboration, worked on documents. with other users. Gordano’s “presence” flag, which appears in either client’s contact list, informs you whether a contact is online and, when used with Microsoft Outlook’s calendar, whether the person is in a meeting. GMS IM also shows location information based on IP address geolocation (i.e., knowing where particular IP addresses are located on a network). GMS IM lacks VoIP integration. In addition to directly launching the Windows or Java-based IM client to begin an IM session, a user can also start the Windows IM client from within Outlook or the Java IM client from within Gordano WebMail. Via GMS Archiver, GMS IM stored transcripts of our test IM sessions and, at our behest, e-mailed the transcript to all to session participants at the session’s conclusion. GMS administration is rudimentary. For example, the GMS console did not show us real-time traffic statistics that we could use to monitor IM activity. And we had to write a custom program to search the archives in order to audit for IM content. GMS IM used a moderate 9% to 12% of network bandwidth during our stress tests. GMS IM’s security consists of transaction (session) logging, which let us investigate IM hacking attempts by searching the logs for unauthorized users. Both GMS IM’s native Windows authentication and Active Directory authentication worked well in the lab. GMS IM also incorporates a virus filter and a spam filter, both of which thwarted our attempts to attack GMS IM. Gordano deliberately engineered GMS IM to not work with other IM environments such as AIM and GoogleTalk. The company says this approach helps its corporate customers keep employees from chatting with friends and family while at work. However, unless the company sets firewall rules against it, employees can of course still access AIM or GoogleTalk as separate, non-authorized applications. The online documentation is unremarkable, and installation takes less than an hour. Mirador IM (MIM) for Windows Geared especially toward Windows-centric companies, MIM consists simply of a server component that runs on Windows 2000/2003/XP Pro and a client component that runs on which Windows 98/ME/2000/XP. We used MIM’s central console to set up IM users and passwords, group users by department, search the IM archive by date and user and view current IM activity levels. The central console also let us configure clients, by individual user or group, to allow or disallow the ability to start a remote control session or a document collaboration session. We also could set a maximum message size. Using MIM for messaging is straightforward. A user clicks on another user’s contact list entry to initiate a chat, which MIM then establishes if the target’s “presence” flag is set to Available (other values are Busy and Offline). While in a chat session, a user can start MIM’s remote control feature or transfer files to other users, if these actions are authorized by the administrator. In addition to contact-based messaging, Mirador offers the ability to switch from messaging to VoIP-based conversations and a features the company terms co-browsing – the ability to distribute office documents or Web pages to other session participants and collaborate on changes to those documents. This worked well because Microsoft Office 2003 and later support online collaboration. We found MIM’s remote control feature especially useful in online training sessions. MIM’s network utilization was a mild 8% in our stress tests. MIM authenticates users against its own internally-maintained user list. MIM’s security features let us restrict the file types MIM can circulate, and MIM includes a message audit capability that helped reveal the contact names of people who attempted to compromise the IM environment. We could also limit the IP address ranges of MIM clients to ensure MIM access only by known-to-be-on-our-network users. For the sake of confidentiality, MIM uses Secure Sockets Layer (SSL) to encrypt messages. However, MIM lacked virus, spyware and SPIM filters. MIM’s online documentation is too brief, unfortunately, to guide administrators and users through all the product’s functions. Installation takes but a few minutes. Conclusion We unreservedly and heartily recommend IBM Lotus Sametime for IM in a corporate setting. It’s feature-rich, intuitive to use, highly scalable and platform-neutral. Jabber’s high-quality XCP is also worth investigating, especially for its lower pricing. If you want to put a “chat with an agent now” link on your company’s Web site, Jive Software’s Openfire may be just what the doctor ordered. With WebEx AIM Pro, you can outsource IM server operation and still get a full-featured IM environment.
Net Results Lotus Sametime 7.5.1 Score: 4.9 Company: IBM Corporation www.ibm.com/lotus/sametime Cost: $56.75 per user Pros: Feature-rich, secure, well-integrated with other applications, such as Microsoft Office Cons: Pricey
Extensible Communications Platform (XCP) 5.2 Score: 4.6 Company: Jabber, Inc. (303) 308-3231 www.jabber.com Cost: $35 per user Pros: AIM- and GoogleTalk-interoperable, secure, scalable Cons: Needs to integrate better with Outlook and other mail readers
Openfire Enterprise Edition 3.2 Score: 3.4 Company: Jive Software www.jivesoftware.com Cost: $15 per user Pros: Excellent “chat with an agent now” IM environment Cons: Not highly scalable
Gordano Messaging Suite (GMS) 5.0 Score: 3.2 Company: Gordano, Ltd. www.gordano.com Cost: GMS Instant Messaging $450 (25 users), GMS Collaboration $950 (25 users), GMS Mail $450 (25 users) and GMS Archive $1,110 (25 users) Pros: “Presence” includes geographic location, good integration with Outlook Cons: Not interoperable with other IM environments (by design)
Mirador Instant Messenger for Windows 3.0 Score: 2.9 Company: Serial Scientific International www.e-securion.com Cost: Starting at $335 for 10 users Pros: Excellent remote-control tool, switches easily between IM and VoIP conversations Cons: Windows-centric, documentation too brief
WebEx AIM Pro Business Edition Score: 4.5 Company: Cisco Systems www.webex.com Cost: $5 per user per month (subscription) Pros: Internet-based IM service (if you prefer outsourcing), good Active Directory integration, good security Cons: Internet-based IM service (if you have slow or unreliable Internet links or if you dislike outsourcing)
How We Did It We evaluated each product’s messaging capabilities, responsiveness, ease of use and ability to integrate with other IM products and protocols, such as AOL Instant Messenger (AIM). We wanted the products to integrate with Windows Active Directory and Lightweight Directory Access Protocol (LDAP). Message archival, for auditing purposes, was a key criterion. To gauge security, we measured each products’ ability to identify and thwart the sending of malware to IM clients, and we tested the products' abilities to securely identify and authenticate users appropriately. We tested any special features a product might offer, as well as VoIP and presence capabilities. We also looked for scalability, reliability, low network resource consumption, ease of installation and the quality of the documentation. Virtually all our testing took place across 512 kb/s frame relay, T1 and T3 WAN links. The testbed network consisted of six Fast Ethernet subnet domains routed by Cisco routers. Our lab's 50 clients used computing platforms that included Windows NT/98/2000/2003/ME/XP/Vista, Red Hat Linux and Macintosh OS X. The relational databases on the network were Oracle 8i, IBM DB2 Universal Database, Sybase Adaptive Server 12.5 and Microsoft SQL Server 2000. The network also contained three Web servers (Microsoft IIS, Netscape Enterprise Server and Apache), three e-mail servers (Exchange, Notes and Sendmail) and two file servers (Windows 2003 Advanced Server and Netware). A Compaq Proliant ML570 computer with four 900 Mhz CPUs, 2G bytes RAM and 135G-byte hard disks, running Windows 2000 Advanced Server, Windows 2003 Advanced Server and, at other times, Red Hat Enterprise Linux, was our test platform for all the products’ server components. We tested XCP on Red Hat Linux (vendor recommendation) and all the other products’ server components on Windows Server. Copyright by Network World Inc. Reprinted from Network World.
Scorecard
Scoring key: 5: Exceptional; 4: Very Good; 3: Average; 2: Below Average; 1: Consistently subpar
Copyright by Network World Inc. Reprinted from Network World.
|