karniv0re's Journal: You Can Chat in Hell

Back in late November of 2015, I was tasked with coming up with an instant messenger solution that our partners could use to communicate with our operators. That sounds pretty simple. Everyone uses IM and has for over 20 years. And Slack and HipChat are massively popular.

Here's where they start throwing wrenches into my plan. Any third party server is not allowed. Law does not want our conversations stored on third party servers, and security doesn't either. So that scratched off my obvious answer. We use Sametime as a company, and there is an external option for that, but security also denied that stating that then an external user would have visibility to the entire company and could potentially IM, say, our CEO. Ok, so there goes that too.

You know where I'm going next with this, right? Roll our own XMPP server, of course!

Ahh, XMPP. I have had a fondness for it since Google Talk came out. An open protocol that seems to work pretty well and has a lot of users. Ok, so we have a starting point. Now what.

Well, the next step was to figure out how easy it would be to host a server. We basically have 3 options. There's ejabberd, an Erlang-based server that's been around the longest. I like it, but we don't have a lot of Erlang developers (which is sad, because I also like Erlang. So it goes). There's Prosody, which is kind of a KISS model written in Lua. I liked it too, but it wasn't very Enterprisey. Then there's Openfire. Java-based? Check. Plugin architecture? Check. Mature? Very!

Openfire looked very intriguing when I started looking at it. Of course, being enterprisey, it's a lot heavier than something like Prosody. Which means it has a steeper learning curve. But you take the good with the bad.

So I pitched my idea to Legal. They said we have to archive messages for a certain time period, which I can do with this server. It can archive to Oracle. Perfect. Then I talked with security. My initial solution was to use Strophe.js to connect directly to Openfire. They put the kabosh on that when they saw that users would be unauthenticated in our DMZ. I walked away from that meeting a little perplexed. After educating myself on our architecture a little more, I dug around for a SiteMinder module. There was none. But, there is a webchat interface called Fastpath. It allows you to run helpdesk operations. That's my ticket. Because then they would be operating within our standing operating procedures, just like any other app.

This thing is ugly, and hasn't been given a good enhancement in about 10 years. So now I take that challenge on. More to come on that.

Once I overcame the architectural hurdles, then I had to start working with our infrastructure teams. This required an ungodly amount of requests. Oracle, server planning, application IDs, Linux guys, Apache rules, change management... I think I worked with just about every team in the company to get this done.

I've made a lot of progress though over the last month and I'm ready to go to production next week. I AM STOKED. I've been saving a cigar for just such an occasion. But next comes the hard part. I will need to start developing on this decade-old code. I have a user-request to add group chat, which is not at all what this thing is meant for. But even before that, I need to fix security issues and add SiteMinder integration. I don't think any of this is going to be a walk in the park. On the other hand though, it does sound fun! And I'm giving back to open source, which I love doing.

I'm omitting a lot of the trials and tribulations I went through when setting this all up, but I'll probably just put that in some internal documentation.

I'm just ready for a cigar.