No doubt about it: Enterprises that choose to support instant messaging (IM) are faced with a host of security and privacy challenges. Ignoring the technology will not help, as a rapidly growing number of employees are already using IM. That's where FaceTime Communications's IM Auditor comes into play. The enterprise-grade server software monitors, archives, and analyzes IM traffic, as well as enforces IM security and complies with legal requirements (e.g., HIPAA and SEC) for instant message storage. The product distinguishes itself by doing this through a comprehensive and well-organized management tool set. And, to further sweeten the deal, IM Auditor supports the IM clients employees are most likely already using.
FaceTime follows the typical enterprise software business model and takes suite approach to it IM offerings. IM Director represents the core technology, although other products use the technology without requiring IM Director. IM Director operates inside the firewall and, as a product, takes responsibility for portals and collaborative applications. IM Auditor is built on the IM Director technology and also operates inside a firewall. It is responsible for monitoring and recording IM activity (primarily the conversations) to meet IM security and archiving requirements. A third product, IM Guardian operates outside the firewall (usually in a DMZ) and is designed for network and IM application protection. Other modules in the suite include IM Call Center and IM Presence Manager.Installation With Forethought
Installing IM Auditor is not difficult, but some planning should go into its configuration. FaceTime's documentation is quite good at emphasizing and illustrating the various options, including failover and clustered and distributed configurations. IM Auditor installs on Windows 2000 or 2003 servers, requires MSMQ (Microsoft Message Queuing) and a database storage system (it supports MS SQL Server 2000 or Oracle 9i).
Because performance is vital in enterprise IM environments, for the most part, IM Auditor should be installed on a dedicated machine (one that is separate from the database and actual IM server). IM Auditor has two modes for operation, the recommended one being as a proxy server (i.e., clients use this server's address). An alternate mode uses network DNS to reroute public network instant messages to IM Auditor.
As a proxy server, IM Auditor uses SOCKS for public network IM traffic and SIP for traffic from Microsoft Live Communications Server. We worked with the SOCKS connections, using the wizard-driven installation, and found the process to be very smooth. A false start of our own making on the database connection (when using Microsoft SQL Server 2000, we didn't calculate correct database size and were surprised by how much storage is required for IM archiving) highlighted the importance of planning ahead. IM Auditor can also be configured for direct routing from an IM server (e.g., Microsoft Exchange and Reuters Messaging) using a FaceTime connector.
In short, there is nothing in the IM Auditor setup that is not expected in the enterprise environment.Authentic Administration
The Web-based administration module, IM Auditor Manager, provides some of the best organized tools we've seen, in terms of content, layout, and user interface as they apply to server configuration, ongoing monitoring, and user management.
We found IM Auditor exceptionally strong in user management (importing, grouping, and permissions). User information can be entered manually (including user self-registration) as well as from information imported through external sources (primarily LDAP-capable network directories but also from text files). IM Auditor provides the right kind of tools to handle thousands of users (and their buddies) without requiring thousands of administrative hours.Client Support
One the advantages of the IM Auditor's approach is that users may continue using their favorite public network IM client (e.g., those from AOL, MSN, Yahoo, and ICQ). This latest version of IM Auditor completes support for most of the "add-on" capabilities of IM, such as video, audio, and file attachments. Note that feature support depends on the client/public network. Also new in this version is a spim (IM spam) filter that is a model of simplicity: Any message not from an IM Auditor system or an employee/user ID (or user buddy list) will automatically be challenged to enter a reply; if there is no reply, the message is dumped. Although we were not able to perform a stress test feature, we did not receive any spim during the time of testing the concept seems solid.The Business End
The business end of a product like IM Auditor is the ability to monitor, archive, and analyze IM traffic (for the most part, the conversations). In real time, IM Auditor does a limited amount of traffic monitoring and can block "restricted phrases," such as profanity or business code words. Less immediately, IM Auditor can generate e-mail alert messages for problems with IM traffic and restricted phrases.
The management of restricted phrases and the review of IM conversations, both key functions, are helped by IM Auditor's extensive use of roles. For example, the roles Global Reviewers, Group Supervisors, and Employees can share the workload (and some of the responsibility). Each role has limits on what can be reviewed and what it can do. For example those with an Employees role may view their own transcripts but cannot edit them. IM Auditor provides more than adequate tools to search, filter, and annotate the conversations under review.
IM Auditor's reporting features are relatively flexible, covering IM usage by top users, group usage, and network usage with a range of dates and conditions. Some reports also generate graphs. Summaries can be generated for daily and weekly conversations, and IM conversations can be easily exported via e-mail to corporate e-mail compliance software.The Control Costs
The pricing structure for IM Auditor may seem steep (at $7,500 per server it translates to about $10 per user), but it is in line with the going rate for this type of product. In addition, in the enterprise environment, IM Auditor may be only one piece of an IM infrastructure, making IM support costly overall. Support is becoming necessary, however, as ignoring or banning IM (which is akin to sitting on the tracks and waiting to be hit by the train) will be neither as cost-effective nor as strategic as being proactive with IM applications and strategic IM use.
Supporting the aggressive use of IM is where companies, like FaceTime, and their product suites are distinguishing themselves.
As a scalable enterprise-level tool, FaceTime IM Auditor is on the mark when it comes to IM management. Its range of tools and features comply with privacy and security requirements. Our testing experience found the software to be a top product in a rapidly growing field.
Pros: Designed for complex and demanding enterprise
environments, including failover; Superior tools for data entry and
management of users/buddies.
Cons: Lack of a Linux or Unix version may be a disadvantage in some corporate settings.
Article courtesy of ServerWatch