Here is the scenario – You are an IT Admin for a business that is large enough or handles data of a particular type such that you have to worry about security more than the average Joe. Furthermore, you get audited from time to time. However, people want an IM (Instant Messenger) solution and… they want to be able to talk to their friends on AIM and ICQ and Yahoo, etc… and management rather than just killing the idea says “Fine… Mrs. IT Person – you go figure it out…”
After a bit of digging via the worlds most useful IT Encyclopedia — GOOGLE — you discover there are a Myriad of option for IM — but the list narrows as you start realizing that most don’t meet the following security and operational requirements:
- No File Sharing
- All messages must be audited and stored for XYZ period of time
- All messages must be encrypted/secure from eavesdropping
- You users must login using their already corporately managed Microsoft Active Directory Credentials
- Your users want access to AIM, ICQ, etc… which also must be audited if they are using these accounts from work
- Your users want access to corporate IM from their mobile device
That is an exhausting list. Luckily, there is one solution out there that is incredibly slick… AND it meets all of these requirements… AND… it just so happens to be COMPLETELY FREE.
Enter OpenFire Chat Server – it is going to make you look like an IT Superhero to your colleagues and to the budgeting department (you, know, if those folks actually pay attention to IT :)… more and more they do these days.) Yes, it runs on Linux. But it is very lightweight, and if you are in a Microsoft environment and have an under worked server with a decent amount of storage and some extra ram (running at least Server 2008 R2), you can convert that machine into a Hyper-V host and build your Chat server in virtual at little or no direct cost. You can also use old or cheap hardware if your organization just isn’t ready to virtualize something. This is worth jumping on the Linux bus for :).
If you still aren’t fully persuaded, OpenFire does have a Windows Distribution now available. Based on the experience I have had in the past with running software developed on Linux, for Linux then ported to Windows… I suggest you stick with Linux. It might be absolutely fine on Windows (I didn’t try it), but my general experience with getting other Linux-ported software to run on Windows has not been pleasant.
Required Knowledge:
1. A bit of Networking – Particularly some understanding of DNS/Firewalls/Public and Private IP addressing
2. A bit of Linux – I don’t walk through how to install Ubuntu in this article and I do some but not much hand-holding. This might be a bit much to take on as your first Linux Project but perhaps not!
3. A bit of Windows Server – We are going to be connecting our OpenFire server to our Active Directory network – You need to know your way, at least a little bit, around a Windows Domain Controller
Other Pre-Requisites:
Before you go any further, you need to make sure all of the proper ports are open between your Active Directory Domain Controller and your Openfire IM server. You can see which ports are needed for AD traffic here: What ports on the firewall should be open between Domain Controllers and Member Servers?
You are ROOT on a Linux server and/or are building a fresh one. I am using Ubuntu 13.10. You need to have LAMP installed if you are not installing Ubuntu from scratch and you need to know the MySQL root user password. If you are building from scratch you can set all of this up during OS install.
You are a domain admin, or have access to someone that is, who can setup an LDAP user account for you in your windows domain (just a regular user account) and who can look up or provide some values for you.
If your IM server is going to be available over the WAN (not just on your local network, but over the internet as well) and you plan on using a Public DNS record for it. You should have that setup already.
Okay, lets get started!