we have safe internal messaging - do you?

We have been rolling out internal instant messaging at the Big Green N for a few months now in a grass roots/guerilla technique. It has been a rousing success.

One of the major risks of using the publicly available tools (Yahoo, GTalk, MSN) is that all your corporate data is flowing over the public internet. Unencrypted and ready to be analyzed by the purveyors of those networks. Any reasonably company should realize that putting corporate data over an insecure public network is akin to letting competitors have a peek at your future product strategy.
This is not sensible.
When an organization has awareness of all avenues of communication their employees can use they can relax knowing that collaboration is still occurring, but within the rules defined by the organization. No public virus laden spam-bots sending messages, annoying your employees, while not denying the edge that instant messaging and presence notification provides.

One of the initiatives I have taken upon myself while under the N has been to roll out secure internal instant messaging. The major requirements of the system was for it to be open (as in standards), extensible (as in the programmable sense), architecturally compliant (Java & Oracle), scalable and finally - easy to administrate and use (less end user training and better cross-company adoption).

After some digging I had narrowed the choices down to leveraging the XMPP (nee Jabber) protocol. At it's core is simple XML messaging but it has innumerable design wins and can be integrated with one of the bigger IM clients we had internally: GTalk.
This left me to find a software implementation of XMPP. There are a few out there but the one that caught my eye was a commercial/open source hybrid from (one of my favorite companies of late) Jive Software's Openfire.

Openfire has an extensible core that utilizes modules to expand the functionality. It has a great architectural design and the newest version adds clustering for the ultimate in scalability; on top of all the great XMPP features such as federation. In fact, the Enterprise edition they sell is just a module on top of the open source core. It was to this core that I sent a simple SQL fix to remedy a small Oracle issue - it's in the current release ... I love that.
Their client software Spark is a Java implementation that works very well in a corporate environment in terms of ease of use and functionality.

It took a few hours of playing with the system to realize we had a winner. The administration interface is clean and the implementation is fairly comprehensive with respect to the XMPP feature set. It has some well thought out integration into our Active Directory (AD) back-end and we can easily manage groups on the client side by making changes to AD instead of having to make changes in two places. Awesome from a management perspective. Additionally, from an HR/on-boarding viewpoint the central management provided by AD/LDAP integration makes it much easier to introduce new employees to the virtual workspace. New workers are instantly part of their new groups within Spark and can ask questions of their co-workers in an quick and informal manner.

I have now done three upgrades of the system and the upgrade steps are:
1) un-tar new codebase
2) stop old server
3) re-link new codebase to symlink
4) start new server
5) enjoy the glow of well behaved self-upgrading infrastructure

Openfire and it's Java client - Spark - are a great pair of tools for those considering an inexpensive secure instant messaging network. It has a small server footprint and requires few resources. Great for any size shop.

A short post script: Openfire does have the ability to act as a gateway to the other public instant messaging networks should you still want to allow your people to remain in contact with "the outside world". They might just resort to online tools such as meebo.com if you try and close them off completely.