Sametime
IBM developed Sametime so that Lotus shops could provide instant, anytime access to people and information throughout the enterprise. Sametime offers useful capabilities such as presence awareness, IM, and Web conferencing. Version 7.5 introduces support for LDAP for AD domains, integration with Microsoft Office Outlook 2003 and Microsoft SharePoint technologies, and support for Research in Motion, Nokia, and Windows Mobile handheld devices. Earlier versions of Sametime required IBM Domino servers so you might need to perform extensive testing in non-Domino environments. However, if you do run a Lotus messaging environment, Sametime might be your best option for real-time messaging.
In its native environment, Sametime uses the Domino server for directory services, security, and replication, so it runs with the same level of security and reliability as Lotus Domino email servers. The user must authenticate using his or her network username and password when the Sametime Connect client opens. Once authenticated, users can communicate with anybody on the network, or they can set up Web conferences with external users, as Figure 2 shows.
Native integration with the Lotus Domino directory service makes adding contacts to the Sametime Connect client easy. Because the Sametime server uses the Domino directory, there's no need to add users to the system. Implementation of Sametime focuses on the configuration of the server networking components, such as the Session Initiation Protocol (SIP) gateway, and deciding which features to enable for the end user.
Security, Stability, and Scalability. Sametime uses Lotus Domino directory, security, and replication services and has a highly available Domino architecture. Multiple Sametime servers connect to scale the solution and reduce traffic across WANs.
Live Communication Server
Microsoft's Live Communication Server 2005 is the likely IM choice for organizations that implement AD. Similar to Microsoft Exchange Server, Live Communication Server modifies the forest and domain schema to add custom attributes to AD users. Live Communication Server provides a wizard that lets you enable IM for individuals or groups of users and lets you set which server the IM client will connect to. A separate wizard helps administrators configure archiving, remote access, public IM connectivity, and federation services.
The Live Communication Server 2005 Archiving Service stores a copy of all IM traffic for organizations that need to comply with government or corporate regulations or to conduct usage analysis. You can set archive settings at user level or globally for the entire AD, as Figure 3 shows.
The public IM connectivity options let you exert granular control over real-time messages sent to recipients outside the AD forest. If you want to allow users to communicate with MSN, AOL, and Yahoo! IM servers, you must explicitly authorize each user or user group for public IM connectivity. However, the option for controlling IM traffic to and from clients other than those three is missing from Live Communication Server 2005. To exert this control on your network, you'll need to employ firewall and software installation restrictions through Group Policy.
For the end user, Live Communication Server 2005 eliminates the need to configure the Microsoft Office Communicator IM client. Because Live Communication Server adds attributes to the AD schema, the IM settings become part of the user account. When launching Communicator for the first time, end users need to enter only their SIP ID, which is typically their email address, and the client will automatically connect to the proper Live Communication Server. If you need to control certain settings for the client, such as video calls, computer-to-phone calls, and file transfers, you can use Group Policy to push out the changes.
Communicator also integrates with Microsoft Office System 2003 applications, allowing you to easily send email or share applications for instant collaboration. The end user can also send files using the IM client. The recipient will receive a message stating that the sender attached a file, and he or she can open or save the attachment directly from the IM client.
Security, Stability, and Scalability. Live Communication Server 2005 is completely integrated with AD for authentication and authorization. It has a two-tiered architecture, in which Live Communication Server server pools are connected to a separate, shared Microsoft SQL Server database to deliver a highly available and stable IM infrastructure. Although the standard edition consists of one standalone server and a Microsoft SQL Server Desktop Engine (MSDE) database, the enterprise edition offers additional front-end servers to handle larger loads, while all user data remains in a central SQL Server database.
Akonix A-Series Appliances
Although this IM solution can't be directly compared to the other three IM software-based server products, I believe no IM review would be truly complete without mentioning the IM security appliances from Akonix Systems. The Akonix A-Series of devices are hardware-based IM gateways that run the AkOS hardened OS designed specifically for real-time messaging environments. Each appliance controls access to public and internal IM by applying security policies using Akonix L7 Enterprise software and ensures compliance to those policies via L7 Enforcer. The Management Console, which Figure 4 shows, provides access to both components.
By leveraging strategic partnerships with the developers of the leading IM clients such as AOL, Yahoo!, IBM, Microsoft, and Jabber, Akonix A-Series appliances let you securely use any IM client you choose. Akonix appliances also work with open-source IM clients, such as Sun Java IM and Jabber XCP. The L7 Enforcer software protects your organization from users who try to bypass your enterprise IM policies by installing a client locally. Akonix products work as gateways between the Internet and the enterprise network, so all IM traffic is filtered and logged before it leaves the network. For internal messaging, the gateway automatically routes the traffic to the recipient, bypassing the need for the messages to reach a public IM server such as Yahoo! or MSN. Note that the appliance acts as a message router; it doesn't provide traditional IM server functions.
To integrate with your existing network, L7 Enterprise connects with standard LDAP directories such as AD, Novell Directory Services, and Lotus Domino. L7 Enterprise uses LDAP queries to allow you to select which fields the gateway imports to so that you can apply permissions or filter content. For example, you can restrict IM traffic to only internal users for the Research department or allow file attachment capabilities only to the Sales and Marketing departments. L7 Enterprise maps the user to IM sessions by requiring users to provide their username and password before sending or receiving messages. The gateway then logs the IM activity for that user.
The A-Series appliances have an IM traffic-filter that blocks users from sending proprietary or offensive information. The filtering engine performs similar to the Email Rules option found in Outlook 2003, providing context-specific options for blocking or allowing IM features or content. The ASeries appliances include the Sophos Antivirus engine and can integrate with Symantec Norton Antivirus to scan messages allowed by the gateway filters. To prevent propagation of malicious code, the antivirus engine can recognize multiple instant messages sent with encoded URLs and queue those messages for delivery. The gateway sends a message to the user notifying him or her of a potential attack and requires the user to correctly answer a simple question (e.g., what is 2 plus 3?) before the security filter allows the messages to continue.
Security, Stability, and Scalability. The Akonix appliance's dynamically updating and customizable policies work with standard LDAP directories to authenticate communication. The A6000 Gateway supports more than 50,000 concurrent connections, and multiple gateways can be clustered locally or distributed among locations.
