Learn an IT concept in 10 easy steps.
Here's how it works: We give you a little background about the concept, a glossary to look up related terms, some outside reading, and a self-assessment quiz. You spend as much (or as little) time as you like moving through the ten steps and exploring the concept.
Directions: Read steps 1-9 and their related links. In step 10, use the glossary to look
up any terms you do not know. When you're done, take a quiz to see how much you've learned!
1. What is instant messaging?
Instant messages are basically a chat room for two and conversations flow rather like a
telephone conversation; even during peak Internet usage periods, the delay is rarely more than a
second or two. In addition to allowing the user to send either text or voice messages, many instant
messaging services permit the sharing of Web links, images, sounds, streaming content and files.
Most instant messaging applications also permit group chats.
Instant messaging falls into a category of IT called groupware, meaning programs that
help people work together collectively while located remotely from each other.
2. What is EIM?
EIM is an abbreviation for "enterprise instant messaging." Instant messaging applications are
generally categorized as either being public or enterprise. AOL's instant messenger
(AIM), Yahoo Messenger and Microsoft .NET Messenger are examples of public IM services. Anyone on
the Internet can sign up, download the software and begin messaging.
Sun ONE Instant Messaging, IBM Lotus Instant Messaging & Web Conferencing (formerly called
Sametime) and Microsoft Office Live Communications Server 2003 (formerly called Greenwich) are
examples of enterprise IM services. Access to the IM server is restricted and security precautions,
such as encryption, are put in place to protect the enterprise network.
Jabber, an initiative to produce an open source XML-based instant messaging platform, is a
relatively new player in the enterprise IM field. The advantages to Jabber are that it's free, it
can be housed on a company's server and it can be isolated from the public Jabber network.
3. How does instant messaging work?
Most instant messaging systems work the same way. When you launch the application, the messaging
client attempts to connect to the messaging server. The messaging server verifies your username and
password and logs the client on.
Once it's logged on, the client sends the server its IP address, the port number that's been
assigned to the IM service and the names of everyone on the user's contact list. The server creates
a temporary session file that contains the connection information and checks to see who on the
contact list is also logged on.
When the server finds contacts who are logged on, it sends a message back to your client with
their connection information and sends your connection information to the contacts. As soon as all
the connection information has been sent and acknowledged, instant messaging can begin. The
connection process generally takes about ten seconds.
The question that prompts debate about how instant messaging should be implemented in the
enterprise is, "Who controls the server?" In public IM systems, the service provider (AOL, for
example) controls the server. This is not acceptable to many CIOs who would prefer to have control
of the IM server themselves.
4. Who is using instant messaging?
According to the research firm Gartner, as recently as the first financial quarter of 2002, few
businesses understood the importance of instant messaging as it relates to the enterprise. IM was
thought of as a vehicle for social interaction and many businesses frowned upon its use, simply
because it was seen as a threat to worker productivity.
End users, however, saw the benefit of being able to communicate in real time with their
co-workers and began what industry experts call a "grass roots" effort to bring instant messaging
into the corporate fold. They found the presence awareness IM contact lists provided useful.
Instant messaging filled a communications niche somewhere between that provided by the telephone
and e-mail. Because employees could see who was online and who was not, they could ask a quick
question of someone who was available and not waste time waiting for a telephone call to be
returned or an e-mail to be answered. They pointed out that instant messaging was a cost-effective
alternative to travel, Web conferencing could met their communication needs just as nicely as a
business trip and IMing a co-worker in another country was much less expensive than telephoning
As more IT departments become convinced of the value of IM as a business communications tool and
begin looking for ways to exert control, implement security measures and integrate instant
messaging with other groupware components, unmanaged IM use in the enterprise is likely to become a
thing of the past.
5. Are all EIM systems alike?
No. Right now, instant messaging is the Wild West of the Internet; it does not have a protocol.
There are two schools of thought when it comes to establishing an instant messaging protocol and
the Internet Engineering Task Force (IETF) is looking at both to try and create one Instant
Messaging and Presence Protocol (IMPP).
Industry leaders like Microsoft, IBM, Sun and Novell favor extending the Session Initiation
Protocol (SIP) into a new protocol called SIP for Instant Messaging and Presence Leveraging
Extensions (SIMPLE). The IETF developed SIMPLE as an extention to SIP for handling instant
messaging and presence awareness. SIP was originally developed for voice over IP, but has since
incorporated other functionality like Web conferencing, live video and other multimedia.
Hewlett-Packard, Intel and Sony are backing the eXtensible Messaging and Presence Protocol
(XMPP), an open source transport layer for XML data. Supporters of XMPP point out that it was
designed with instant messagingin mind, whereas SIMPLE was added onto SIP.
Because instant messaging is not standards-based, there is a lack of interoperability between
different IM services. As a result, it is not unusual for people to have two or three clients
running on one machine. This creates a number of challenges for IT departments, especially when it
comes to ensuring security and compliance with federal regulations, such as the Sarbanes-Oxley Act.
There are basically three ways a CIO or IT department canmanage instant messaging.
The first, and historically the most common, means of IM management is just shutting down the
default IM ports, which in theory prevents users from installing and using public IM services. This
is easier said than done, however. Yahoo Messenger, for example, was designed to prevent blocking
and will automatically attempt to connect to non-blocked port numbers, including port 23, which is
used for telnet and is rarely blocked. Most other public IM services allow the use of a proxy
server, so chances are, if an employee really wants to be able to use instant messaging, they will
find a way to get around blocked ports.
The second solution is for the IT department to use policy-based management techniques to
support one particular public IM service. By signing an acceptable use policy (AUP), the employee
indicates that they agree to the employer's stipulations about which IM service is allowed to be
used, what corporate screen name should be used and what kind of content is allowed to be shared in
an IM. Just as with Web surfing, violation of the AUP can be considered grounds for
The third solution is for the IT department to invest in an enterprise-class IM service, either
by outsourcing their instant messaging to a third-party service provider (some public IM services
now provide enterprise versions of their service for a fee), purchasing IM software that can reside
on their current communications server, or maintaining a dedicated IM server.
7. What should a CIO take into consideration when deciding whether or not to purchase EIM
First of all, the CIO needs to know what instant messaging will be used for within the
organization. This will help a great deal in determining what level of control is required and
that, in turn, will dictate what kind of instant messaging service a company needs.
Some small to medium-sized businesses, whose employees may use instant messaging to keep in
touch with their kids, might want to consider using policy-based management as an alternative to
investing in enterprise-class instant messaging.
If a CIO has concerns about privacy, security or compliance, however, then choosing one of
several types of EIM is the way to go.
For example, if IMs are going to be used to enhance customer support, then an enterprise-class
IM service like Lotus IM, which provides a gateway server to allow employees to safely connect with
public IM users, might be an appropriate choice.
On the other hand, if instant messaging is going to be used as an internal collaborative tool,
where sensitive information is being exchanged, then the CIO might want to set up an internal
Jabber IM server and limit IM use to within the company.
Some industries, such as health care and finance, have regulations about archiving
communications. If a business needs to comply with federal regulations, experts recommend they
consider maintaining a dedicated IM server.
The number one reason why CIOs are looking at enterprise-class instant messaging is security.
Experts predict that as IM becomes more accepted as a business tool, instant messaging will
increasingly be the targetof attack.
8. If I were a CIO, what should I look for when choosing between available EIM systems?
First you should look for a system that provides a way to manage users. Ideally, the user should
be able to log onto the system, including instant messaging, with one username and one password.
Second, you should look for a system that provides security features, such as secure sign-on,
digital signatures and encryption.
After you've addressed those two major concerns, experts recommend you consider asking yourself
10. Instant Messaging Words-to-Go Glossary