Enterprise IM top 10

Today's enterprise IM products offer a lot of advantages over using a public IM network by itself. Some products manage the use of public IMs, while others offer a proprietary solution. But not all of them can comply with SEC and HIPAA regulations, and not all encryption schemes are equal, as covered in our story, IM still not secure. Compare the features below to find your best fit.

Product Name		Brief Description		Key Features
Akonix L7		• A gateway that integrates with IBM Lotus Sametime • Archives and encrypts public IM activity, decrypting it when a report is run • Aggregates IM conversations and presents them to CRM, ERP, network detection systems, etc., through C++ API • Sits at the edge of the network (behind the firewall) and plugs into public IMs for more granular management • No desktop component • L7 Enforcer makes sure all conversations go through the gateway, which works by proxy • No other gateways can see public IM traffic		• Over 10,000 users can talk on a single box because L7 is built on C++, not Web-server technology (which allows roughly 2,500 users, according to Akonix) • Maps screen names to corporate network names • Audit trail logs all incoming and outgoing activity in detail; very granular criteria for types of messages to store • Can archive to relational databases or custom data repositories and generate SEC-compliant reports • NASD compliant • For HIPPA compliance, Akonix claims L7 is the only gateway that can check content for information patterns that match variables such as Social Security number, patient records, and other confidential information, and ensure that information doesn't leave the network via IM • Integrates with Active Directory, Mixed Mode Active Directory, and LDAP • Very granular permissions by real domain network names, groups of users, custom groups of users, individual domains, multiple domains, whole enterprise, or external screen names • Seems to have the most flexible filters and permissions • Scans downloads for viruses   More information from vendor
AOL AIM Enterprise Gateway		• Currently in beta • Developed with FaceTime • Sits behind the firewall and acts as a proxy • Can route internally only or hook up with public AIM network of 180 million users		• Can encrypt and decrypt for auditing and logging • Logs all conversations to Oracle or SQL data stores • Configurable data retention • Blocks features by user, group, or enterprise • Logs keywords or groups of keywords • Tells employees whether they can talk to non-encrypted parties • Has basically the same (Windows, Palm, wireless) client as AIM • Customization kit not ready • No end-to-end encryption or encrypted clients yet (enterprise or public)   More information from vendor
Bantu Messenger		• Optional interface connects with MSN, Yahoo, and AOL • Choice of SSL version for compatibility with existing certificates or proprietary encryption that indicates whether a session is secure or not • Back end runs on Linux or Win 32 • Client runs on any browser with a Java Virtual Machine • Applet never downloads to the client PC, but runs in a Java sandbox, where it can't reach local controls and leaves no code residue		• Connects to all public IM networks when server starts up, or at will. • Users have to say they're "away" on all networks--can't pick and choose • No file transfers allowed, but users can cut and paste content • XML-based archiving tool can log by criteria such as whether a person is online, but there are no filters for particular content or postmortem analysis • Has alerting mechanism--currently used to bring people into WebEx sessions for application sharing • Posts warnings when not secure • Requires a Web browser that supports Java and JavaScript • Customizable look and feel • Stores data based on users involved, not keywords • IT configures destination of files and manages storage • Date/time stamp • Logging mechanism meets requirements of both SEC and HIPPA • Doesn't integrate with directory services to inherit roles and permissions, but it's been deployed using NT domain authentication, TruePass, LDAP events, etc. • Encryption for the internal network happens at the desktop   More information from vendor
e-Vantage Solutions Enterprise Instant Messenger (EIM)		• Proprietary IM can interface with public IMs • Messaging bus developed by Deutschbank is strongly grounded in financial services • Separate IM Sentry product is a firewall and proxy for IT monitoring • Separate customer service window creates auditable IM between help desk and Web site visitors		• Desktop or browser-based clients • Local or hosted servers • Toolkit for custom front-ends • Auditing and message tracking, custom real-time alerts, keyword searches, newsfeeds • Group broadcasts and net meetings • Time stamping • Can disable archiving by service, groups, users, or chat rooms • SEC- and HIPPA-compliant • Can use its own permissions and access system, Active Directory, or LDAP • Filters on buddy name, internal user, external user, IP address, and user actions, such as file transfers • Encryption occurs at both desktop and server   More information from vendor
FaceTime Communications Suite		• FaceTime built much of AIM Enterprise Gateway and has a rare legal agreement with AOL to connect enterprises with the AIM network • No end-to-end encryption with the public networks because the networks don't have it at their ends yet • AOL won't have encrypted clients until first quarter 2003, even in its enterprise product		• Because the public IMs don't have end-to-end encryption, the strongest security available for their use is with companies that have agreements with the public IMs • FaceTime's Instant Messaging Director platform allows IT to apply all rules on all the IM networks, route within the network, and warn of unsecured connections outside • Virus scanning, keyword searches, support for relational databases, and exporting to third party e-mail compliance systems and archives • Integrates with directory services • Meets SEC and HIPAA standards • Granular access and network controls • Maps corporate user IDs to IM screen names • Filters on keywords at the user level   More information from vendor
IBM Lotus Sametime		• Sametime claims to have been the first enterprise IM platform, with 7 million corporate users in 2002 • Instant Messaging Gateway supports SIP & SIMPLE standards, allowing encrypted messaging among separate SIP & SIMPLE communities • Contract with AOL lets users access AIM network with Lotus client, but internal and external messages are kept separate • Sametime Everyplace allows presence awareness and instant messaging on mobile phones and wireless PDAs		• Allows separate communities with different SIP & SIMPLE products to communicate securely • Supports Web conferencing, streaming audio and video, and whiteboarding. • "Contextual collaboration" lets you message persons from where their name appears in Office and other documents • Developer toolkits can embed collaboration in other Web and Windows apps • Chat-logging API allows choice of which chats to store, and where • Users can save chats in plain text for reference • There is no client, as such--Sametime encrypts from buddy list, browser, or wherever messaging is used, and at browser-interfaced server • Hosting option • Link Sametime servers for scalability and traffic reduction across WANs • Load balancing option • HTTP tunneling on port 80 allows access over the Internet • Stores all messages indefinitely • Although the audit trail meets SEC (but not HIPPA) requirements, additional features for SEC, HIPPA, and FDA compliance will have to come from partners such as FaceTime or Ikimbo • Tightly integrates with Active Directory, LDAP, Domino, or any IM system with an exposed API   More information from vendor
Ikimbo Agenda		• Interfaces with enterprise IM products to add presence of other users into complex business systems • Knows which people in given roles are available when something goes wrong, and ties those people into a real-time conversation with relevant documents, steps to follow, and decision options.		• Requires enterprise IM such as Sametime or Jabber • Integrates with enterprise application integration middleware • Products from companies such as WebMethods put the information in a database that Agenda accesses • For each hypothetical crisis, planners pre-define roles, rules, and outcomes for Agenda to administer • Runs on a server behind the enterprise firewall • Security based on network administration rights • No hosting option   More information from vendor
IM-Age Software IM-Policy Manager		• Only product in this group with real end-to-end encryption option with the public networks • Uses public IM clients, with management layer added • Can request correspondents download a small app to enable encryption at both ends • User decides whether to converse with unencrypted partners, or IT can enforce policy		• IT department can monitor whether employees are using encryption • User can offer unencrypted chat partners the encryption app or discontinue the conversation • Users can view, but not delete, their own IMs • Forward or broadcast sessions • Program function keys with text • Customize disclaimers for different roles • Fast setup--login script is added to Tivoli, SMS, or other system to control who can use IM • Uses MS IIS • Stores to any ADO-compliant database or IM-Age's data host • Users are automatically enrolled by login name (not by Active Directory or LDAP) • Captures data • Can store messages selectively • Departments can set up alerts for specific keywords • Posts warnings • Can block people, groups, or IM clients • Meets SEC and HIPAA requirements   More information from vendor
Jabber Messenger		• Commercial implementation of the open-source Jabber engine • Interoperates with open-source products • Can embed IM or attributes of IM (presence, availability, and authentication) in CRM, customer support apps, etc. • Used in enterprise, service, and carrier sector • Can talk to other Jabber clients via SSL, but no server-to-server encryption unless company has VPN • Two free Jabber servers and free client downloads make product very accessible to anyone		• Fast installation and minimal hardware • Several thousand servers are on the Jabber network • XML-based protocol can carry file transfers and videoconferences • Windows, DHTML, and JavaScript Web clients • Open-source clients are available for Mac, Linux, etc. • Can store messages indefinitely • From local message log you can save or delete messages • Can set up server to log all messages plus user connection and packet data • Can log to data store, such as Oracle, for SEC or HIPPA compliance • Reverts to store-and-forward model similar to e-mail when chat messages can't be delivered immediately • Integrates with directory services such as LDAP and MS ADS for authentication • No active filtering of messages, but provides hooks for third-party vendors • Can't stop individual files from being sent, but server can be configured to block all files • Applies encryption between client and server, and between Jabber servers through company VPN • Unencrypted at the server for archiving purposes   More information from vendor
WiredRed Software e/pop		• Proprietary IM built on WiredRed Real-Time Routing Architecture • Uses router server and secure pipes such as a VPN to communicate among branch offices		• Scalable engine supports presence, instant messaging, text chat, VoIP, application sharing, broadcast, and remote control over existing servers and domain controllers • Can send 1,000 IMs in 30 seconds because real-time engine is full multi-threaded and SMP-compatible server (rare), thus well-suited to global pop-up alerts • Can require password authentication • Can use Active Directory, LDAP, NT Domain, GroupWise, NDS, MS ADS, eDirectory, and the Audit & Reporting Server • Can see 10,000 users at once • IT can control security, auditing, logging, and features such as sending messages to a pager • Windows client on the desktop or browser-based Java client • Retains messages in inbox, sent, and deleted folders for each user • Audit & Reporting Server searches, archives, exports, and retrieves messages, presence information, and system events • Allows one- or two-way messaging • Filters key words and phrases for users, groups, or everyone in real-time • Send attachments to many recipients or embed images • Audit & Reporting add-on meets SEC and HIPAA requirements • SDK extends for legacy material • Encrypts at the desktop and the server   More information from vendor