Name of tool: AIM Enterprise Gateway V.2.0
Company name: America Online
Price: 60-day evaluation free, pricing varies (approx. $20 per seat up to 2500 seats)
Platforms supported: Linux Red Hat and Windows Server 2000 running Microsoft SQL Server or Oracle 9i with appropriate service packs Strom-meter:
** = Very tough to install and use but has some value Key features Pros:
Valuable proxy for AIM clients in the corporate setting to monitor and control messages Cons:
Setup is painful, particularly with SQL Server and the crypto features Description:
The brave new world of IM -- instant messaging -- is upon us. The technology that has been adopted as the defacto teenage communications media is now firmly entrenched in corporate America. The only question is what are you going to do about it?
IM makes it easy to chat, but it is a means of communication that can't easily be recorded and screened. This is a problem for several reasons: First, you offer viruses another gateway to your network. Second, your company may have policies in place that prevent unrecorded conversations with clients, such as brokerage firms. Finally, you may wish to limit IM to people on the internal network and prevent the outside world from sending messages to your staff.
You could just keep your digital head in the sand and allow your users to use IM freely. Or you could block all IM traffic at your corporate firewall, which probably isn't going to win you any votes either. A better course of action is to install a tool to control and monitor IM. One such product is AOL's AIM Enterprise Gateway.
The gateway has its problems, though. Its documentation is severely lacking and assumes familiarity with crypto, database administration and directory services. While it works on both Linux and Windows 2000 Servers, it does require some effort to get going. It is also more of a AIM proxy server than a gateway, and you'll have to adjust each user's AIM client configuration to point to the machine running your gateway before you can take advantage of its features. To encourage people to use the gateway, you'll probably also want to block port 5190 (the standard AIM port) at your firewall. This is all several days of work at best.
On the Linux side, you'll need Red Hat 7.2 and Oracle 9i Version 188.8.131.52. On the Windows side you'll need either Windows 2000 Server or Advanced Server with Service Pack 3 and either Oracle or SQL Server 2000. The database is used to store the message traffic recorded by the gateway, along with other information required by the program. You'll also want to make sure that the AIM Gateway machine itself is protected properly, as it can be a vulnerable point of entry on your corporate network if it isn't.
Still, once you get it running you'll find several nice features. You can record all or selected IM conversations that originate from within your network. You can add disclaimer messages (telling them that their messages are being recorded) to every conversation at selected times as well. You can also support encrypted conversations, once you install the crypto features (these are new to Version 2.0). To enable the crypto features, you need to be running the Windows 5.2 AIM client -- no other clients will currently support encrypted conversations. Finally, the gateway integrates with various directory servers, although I didn't test this but saw that it could also be an effort to get working properly.
I would recommend that corporations that already have a significant AIM culture consider this product, despite its flaws, and be prepared to step up some of their support efforts to deal with managing AIM. If you haven't gotten involved yet in AIM, I would consider some of the open-source products, such as Jabber, that might be more manageable and cost less to support.
**** = Very cool, very useful
*** = Hey, not bad. One notch below very cool.
** = A tad shaky to install and but has some value.
* = Don't waste your time. Minimal real value.
About the author
David Strom is the technology editor for VARBusiness magazine. He has tested hundreds of computer products over the past two decades working as a computer journalist, consultant and corporate IT manager. Since 1995 he has written a weekly series of essays on Web technologies and marketing called Web Informant. You can send him e-mail at firstname.lastname@example.org.
For more information on this topic, visit these resources:
- Ask the Expert: The security implications of using IM through a dedicated port
- Web Security Tip: Prevent hackers from sneaking in through IM
- News & Analysis: IM putting enterprises at risk to viruses, attack
This was first published in August 2003