Openfire Administration A Practical Stepbystep Guide To Rolling Out A Secure Instant Messaging Service Over Your Network Mayank Sharma

Openfire Administration A Practical Stepbystep
Guide To Rolling Out A Secure Instant Messaging
Service Over Your Network Mayank Sharma download
https://ebookbell.com/product/openfire-administration-a-
practical-stepbystep-guide-to-rolling-out-a-secure-instant-
messaging-service-over-your-network-mayank-sharma-1659474
Explore and download more ebooks at ebookbell.com

Here are some recommended products that we believe you will be
interested in. You can click the link to download.
Open Fire Understanding Global Gun Cultures Charles Fruehling
Springwood Editor
https://ebookbell.com/product/open-fire-understanding-global-gun-
cultures-charles-fruehling-springwood-editor-50677640
Open Fire Amber Lough
https://ebookbell.com/product/open-fire-amber-lough-46890806
Battle Boy 01 Open Fire Carter Charlie
https://ebookbell.com/product/battle-boy-01-open-fire-carter-
charlie-167576658
Food From The Fire The Scandinavian Flavours Of Openfire Cooking
https://ebookbell.com/product/food-from-the-fire-the-scandinavian-
flavours-of-openfire-cooking-35527696

Openfire Administration
A practical step-by-step guide to rolling out a secure
Instant Messaging service over your network
Mayank Sharma
BIRMINGHAM - MUMBAI

Openfire Administration
Copyright © 2008 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, without the prior written
permission of the publisher, except in the case of brief quotations embedded in
critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of
the information presented. However, the information contained in this book is sold
without warranty, either express or implied. Neither the author, Packt Publishing,
nor its dealers or distributors will be held liable for any damages caused or alleged to
be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all the
companies and products mentioned in this book by the appropriate use of capitals.
However, Packt Publishing cannot guarantee the accuracy of this information.
First published: August 2008
Production Reference: 1180808
Published by Packt Publishing Ltd.
32 Lincoln Road
Olton
Birmingham, B27 6PA, UK.
ISBN 978-1-847195-26-5
www.packtpub.com
Cover Image by Vinayak Chittar (vinayak.chittar@gmail.com)
[FM-2]

Credits
Author
Mayank Sharma
Reviewer
Stefan Reuter
Senior Acquisition Editor
David Barnes
Development Editor
Ved Prakash Jha
Technical Editors
Usha Iyer
Gagandeep Singh
Copy Editor
Sumathi Sridhar
Editorial Team Leader
Akshara Aware
Project Manager
Abhijeet Deobhakta
Project Coordinator
Lata Basantani
Indexer
Monica Ajmera
Proofreader
Dirk Manuel
Production Coordinator
Shantanu Zagade
Cover Work
Shantanu Zagade
[FM-3]

About the Author
Mayank Sharma is a contributing editor at SourceForge, Inc's Linux.com. He
also writes a monthly column for Packt Publishing. Mayank has contributed several
technical articles to IBM developerWorks where he hosts a Linux Security blog.
When not writing, he occasionally teaches courses on Open Source topics at the
Indian Institute of Technology, Delhi, as Industry Expert.
In memory of my grandfather H. C. Sharma and grandmother
Shyma Sharma.
Thanks to my mom Shashi and dad Rakesh for laying down
tough standards, and younger brother Shashank for his valuable
suggestions and technical support.
Gratitude to Ved Prakash Jha for his guidance and advice, to Lata
Basantani for managing and scheduling the book, to Usha Iyer
and Gagandeep Singh for editing, to Stefan Reuter for his technical
insights, and to the wonderful developers and community members
of Openfire for developing and supporting such a wonderful project
[FM-4]

About the Reviewer
Stefan Reuter is a key contributor to the igniterealtime community, the home of
Spark and Openfire. He is also the lead developer of the Asterisk-Java library and
the Asterisk-IM plugin for Openfire. After several years in the enterprise architecture
group of a major European bank Stefan is now working as an independent
consultant on Java and VoIP projects for various international customers.
[FM-5]

Table of Contents
Preface 1
Chapter 1: Introduction 7
IM In The Enterprise? 8
But Will IM Work for "Me"? 8
Why Roll Your Own IM Server? 10
What To Look for In An IM Server? 11
Is Openfire The Right IM Server for Me? 12
Summary 15
Chapter 2: Installing and Using Openfire 17
Preparing Your System 17
Linux Users Get Your Cuppa! 18
Meet The Protagonists 18
The Actual Install-Bit 19
Running Openfire on Linux/Unix 20
Installing and Running under Windows 21
Openfire as a Windows Service 22
Fuse Life into Openfire 22
Using The Server 25
Installing The Spark Client 25
Tuning In With Spark 26
Configuring Other IM Clients 28
MirandaIM 28
Kopete 30
Pidgin 31
Summary 32
Chapter 3: Fine-Tuning Openfire 35
Get To Know Your Server 35
Vital Statistics 36
Server Cache and Properties 39

Table of Contents
[ ii ]
Policing and Tuning The Server 42
Curb Indiscriminate Registration 42
Resolving Resource Conflicts 44
Handling Offline Users 45
Nurturing The Server 46
Talk to Users 47
Extending with Plugins 48
Message of The Day 49
Summary 49
Chapter 4: Organizing Users 51
Adding Users 51
Editing And Deleting Users 52
Temporarily Suspend Users 53
Organizing Users into Groups 54
Editing and Deleting Groups 55
Pre-populating Rosters 57
Scenario #1: See The Members of Your Department 58
Scenario #2: Accounting Reports to The Board 59
Scenario #3: Everyone Wants IT on Their List 60
Scenario #4: Everyone on Everyone's List...Automatically 60
Summary 61
Chapter 5: Hooking up With a Directory Service 63
Adding Users Via OpenLDAP 64
Adding Users via Active Directory 69
Editing the config File 71
Summary 74
Chapter 6: Effectively Managing Users 75
Searching for Users with the Search Plugin 76
Searching for Users from Within The Admin Interface 78
Get Email Alerts via IM 79
Broadcasting Messages 81
Setting up the Plugin 82
Using The Plugin 83
Managing User Clients 84
Private Data Storage 89
Importing/Exporting Users 90
Using The Plugin 91
askstatus 94
recvstatus 94
substatus 95
Summary 95

Table of Contents
[ iii ]
Chapter 7: Connecting to Other Services 97
Why Connect via Openfire? 98
The Openfire Gateway 98
Controlling Access 100
Scenario #1: Enabling Yahoo! Messenger for All Users 101
Scenario #2: Enabling IRC for IT and Devs 103
Scenario #3: Enabling Experimental Google Talk for Some Users 105
Using A Gateway 106
Keeping An Eye on The Gateway 108
Connecting to VoIP 109
Summary 112
Chapter 8: Playing Big Brother 113
Monitoring and Filtering Content 114
Auditing Messages 116
Setting up a Message Audit Policy 117
Reading Raw Audit Logs 118
Advanced Archiving Settings 120
Searching Archives 122
Light-Weight Third-Party Archiving Apps 124
Using Open Archive 124
Summary 126
Chapter 9: Large-scale Openfire 127
Enabling Database Support in Openfire 127
Setting up MySQL 128
Setting up PostgreSQL 130
Troubleshooting Database Errors 130
Monitoring the Database 131
Scaling Openfire 135
Setting up Clustering 135
Of Caches and Clustering 137
Tips for Optimizing the Cluster 138
Scaling with Connection Managers 139
Deploying Connection Managers 139
Step 1: Configure the Openfire Server 140
Step 2: Configure the Connection Manager 140
Step 3: Run The Connection Manager 141
Summary 142
Chapter 10: Communication Across Multiple Locations 143
Linking Two Branches 144
Why Use DynDNS 144
Setting up Server-to-Server Communications 145

Table of Contents
[ iv ]
About Remote Networks, Firewalls, and Port Forwarding 146
Checking Connectivity on the Port 147
Adding Users from Remote Network 148
Monitoring Remote Connections 148
Establishing Secure Server-to-Server Communication 149
The Road Warrior 150
File Transfer Across Servers 151
Summary 152
Chapter 11: Running an Online Helpdesk 153
Installing Fastpath and Webchat 153
Creating a Helpdesk 156
Global Settings 157
Workgroup Settings 158
Diversifying Workgroups with Queues 158
Creating Queues 158
Adding Routing Rules 160
Rule Book for Routing Rules 160
Adding Members to Queues 161
Configuring The Helpdesk 162
Canned Responses 163
Offline Settings 164
Chat Transcript 165
Putting the Helpdesk Online 166
Design a Contact Form 167
Review Images and Text 168
Upload the HTML 170
Monitoring Sessions, Reports, and Usage Statistics 172
Snooping Super Users 173
Chat Archives 174
The Agent's Perspective 177
Summary 181
Appendix A: Using Spark 183
Getting Started 183
Chatter Away 186
Spark Plugins 190
Summary 192
Appendix B: Group Chat 193
Group Chat Settings 193
Designing a Room 194
General Room Characteristics 195

Table of Contents
[ v ]
User Permissions 196
Occupant Behaviour 197
Putting the Checklist to Test 197
Room 1: A Locked down "boardroom" 198
Room 2: A Free-for-all "Lounge" 199
Room 3: A Restricted "Sales HQ" Room for Sales-Related
Discussions 200
Using Spark for Conferencing 200
Impromptu Multi-User Discussions 201
Summary 203
Appendix C: Prepare for Roll Out 205
Identify the Required Objects and their Properties 206
Plan the Deployment Process 207
Instant Messaging – Best Practices 207
User responsibilities 208
Audit Servers and Logs 209
Summary 210
Index 211

Preface
Openfire is a free, open-source and full featured Jabber-based Instant
Messaging server.
This book is a functional step-by-step, easy to follow reference guide that explains
how to use Openfire can be used to develop a secure instant messenger network.
Each chapter will tell you how to add features to your IM.
This book is a guide to setting up Openfire, tweaking it, and customizing it to
build a secure and feature-rich alternative to consumer IM networks. The features
covered include details about setting up the server, adding and handling users and
groups, updating, and extending the service with plug-ins, connecting with users on
external IM networks, connecting with external voice over IP solutions and more,
with user-friendly instructions and examples so that you can easily set up your
IM network.
The book deals with several features of Openfire to streamline communication
within an enterprise and beyond. It shows how to configure Openfire to allow only
secured connections. It then explains how Openfire complements other existing
services running on your network. Managing and fostering IM as a real-time
collaboration and communication tool is what this book is about.
What This Book Covers
Chapter 1 introduces you to the importance and benefits of instant messaging over
traditional communication methods. It also deals with benefits of hosting one's own
EIM server. It then talks about Openfire real-time collaboration server.
In Chapter 2 you will learn how to install and configure the fully functional Openfire
server environment for both Windows and Linux.

Preface
[ 2 ]
After reading Chapter 3 , you should be well equipped to run and administer an
Openfire server in a single-office organization. You'll learn how to manage the
administration console and some common network admin tasks.
Chapter 4 deals with the user organization in groups and populating the user's
contact list in a variety of ways.
Chapter 5 shows how to sync your directory service with your Openfire server.
Based on the directory service information, Openfire will let you migrate the users'
contact information and other details, and use it to populate their profiles, as well as
create groups.
Chapter 6 explores several ways of effectively administrating users irrespective of
the size of the organization. You will learn how to import user data into their roster
lists from any XMPP server to Openfire, and use tools that'll help members of the
organization broadcast messages to their peers based on preset company rules.
Chapter 7 covers the Gateway plugin that allows access to a variety of IM services
including Yahoo! Messenger, IRC, ICQ, MSN Messenger, AOL Instant Messenger,
and so on. Apart from just enabling access to these gateways, the plugin lets you
configure several aspects of the service including restricting gateway access to all
users or a particular group of users. It also covers how you can hook up Openfire to
your Asterisk VoIP server.
Chapter 8 talks about uses and ways to archive conversations using iBall plugin.
The chapter also deals with the Monitoring Service plugin's archived conversation
searching interface. Some freely available archiving options are also discussed
including Open Archieve.
Chapter 9 covers in detail the two ways in which a server can be configured to
distribute loads—by forming a cluster of Openfire nodes, and by delegating
connection managers to make connections to clients. This chapter also covers installing
and deploying connection managers in both Windows and Linux environments.
Chapter 10 looks at how users can connect and interact with users on remote Openfire
servers. Server-to-server communication is a very powerful feature of Openfire and
it enables users who move between multiple Openfire servers to stay connected with
each other easily.
In Chapter 11 we have a look at installing and configuring the plugins and using them
to create an online helpdesk with several queues to manage a couple of products. It
also talks about online chat facility using the Fastpath plugin. The last section of the
chapter illustrates what a Fastpath session feels like to a user and the various tools
(transferring calls, user history, personal canned responses, and so on) at his or her
disposal to enable him or her to service the users better.

Preface
[ 3 ]
Appendix A offers a quick look at Spark (its features, tools, and plugins), the official
Openfire client. This appendix takes a look at the pre-installed and available plugins
that give Spark the ability to spell check messages, control indiscriminate file
transfers, and translate messages into a variety of languages among other features
while bouncing it between users.
We have explored comprehensive group chat mechanisms of Openfire in
Appendix B. We have broken down Openfire's group chat options into three
broad subheads—general room characteristics, user permissions, and occupant
behavior. We have looked at each of these in detail, and tried to understand their
individual functions and then put them to test. We have then explored Openfire's
flexibility with impromptu multiuser discussions.
In Appendix C, we've broadly looked at what goes on behind the scenes in selecting
an IM server, planning the deployment, and making sure the server maintains a
100% uptime. We've also looked at the various decisions you'll have to make as the
admin, and brainstorm with the management and other departments to maximize
productivity and add flexibility to the system
Who is This Book For
This book is for System Administrators who want to set up an in-house enterprise
IM system using Openfire.
The reader will need experience in managing servers on any operating system.
Conventions
In this book, you will find a number of styles of text that distinguish between
different kinds of information. Here are some examples of these styles, and an
explanation of their meaning.
Code words in text are shown as follows: "This file will be under the webchat folder
under your application server."
Any command-line input and output is written as follows:
type openfire_mysql.sql | mysql openfire;
New terms and important words are introduced in a bold-type font. Words that you
see on the screen, in menus or dialog boxes for example, appear in our text like this:
"To set some gateway-specific settings, click the Options slider button".

Preface
[ 4 ]
Important notes appear in a box like this.
Tips and tricks appear like this.
Reader Feedback
Feedback from our readers is always welcome. Let us know what you think about
this book, what you liked or may have disliked. Reader feedback is important for us
to develop titles that you can get the most out of.
To send us general feedback, simply drop an email to feedback@packtpub.com,
making sure to mention the book title in the subject of your message.
If there is a book that you need and would like to see us publish, please
send us a note in the SUGGEST A TITLE form on www.packtpub.com or
email suggest@packtpub.com.
If there is a topic that you have expertise in, and you are interested in either writing
or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer Support
Now that you are the proud owner of a Packt book, we have a number of things to
help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our contents, mistakes
do happen. If you find a mistake in one of our books—maybe a mistake in text or
code—we would be grateful if you would report this to us. By doing this you can
save other readers from frustration, and help to improve subsequent versions of
this book. If you find any errata, report them by visiting http://www.packtpub.
com/support, selecting your book, clicking on the let us know link, and entering
the details of your errata. Once your errata are verified, your submission will be
accepted and the errata added to the list of existing errata. The existing errata can be
viewed by selecting your title from http://www.packtpub.com/support.

Preface
[ 5 ]
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media.
At Packt, we take the protection of our copyright and licenses very seriously. If
you come across any illegal copies of our works in any form on the Internet,
please provide the location address or website name immediately so we can pursue
a remedy.
Please contact us at copyright@packtpub.com with a link to the suspected
pirated material.
We appreciate your help in protecting our authors, and our ability to bring you
valuable content.
Questions
You can contact us at questions@packtpub.com if you are having a problem with
some aspect of the book, and we will do our best to address it.

Introduction
Like it or not, instant messaging in the enterprise is here to stay. But rather than being
on the back foot, it's time for all corporations, both big and small, to come forth and
embrace this technology. Similar to how you look at half a glass of water—half-empty
or half-full—Instant Messaging, or IM for short, can be perceived to have a positive or
negative impact on productivity depending on the way you look at it. When you
wake up to the importance of IM, you'll notice that, if properly managed, IM can
increase connectivity within the realm of your business and have a positive impact
on productivity.
This book is about managing and fostering IM as a real-time collaboration and
communication tool. It's not about the 'why', although why IM is important, but
rather it is about the 'what' and 'how'—what IM offers and how you can use it to
your advantage.
Most people who use the Internet have been exposed to IM. Like email, IM is a
user-centric technology. It offers something you want to use by addressing a basic
human need—the need to communicate. There are dozens of public IM services:
companies ranging from the leading software developer, Microsoft, to the leading
web application developers, Yahoo and Google, offer free IM services. To make
sure you use them, they also develop IM clients that work across platforms—from
Microsoft Windows, Apple MacOSX, and Linux, to handheld devices like your
mobile phone and PDA.
While you may be using IM to discuss weekend plans to pick up your aunt from
across town, or kill time discussing the latest movie with a bunch of friends, IM also
holds the potential to eliminate conversation blues in your workplace. Ever thought
your boss was inaccessible? Wondered how to communicate your ideas to all of the
members of your team without wasting time organizing a group meeting? IM is the
key to all of these problems. In this chapter, we will discuss:
The problems with using IM in an enterprise
The advantages of IM over email and telephone
•
•

Introduction
[ 8 ]
The benefits of hosting your own Enterprise Instant Messaging (EIM) server
instead of using one of the free public ones
Some of the features to look for in a EIM solution
Openfire's features
IM In The Enterprise?
Now that companies are beginning to acknowledge the issue of employees
using IM during company hours, they face a difficult choice. Blocking IM also
stops employees from using it as a means to communicate with clients or other
employees. Thankfully, several organizations aren't opting for this "easy" way out.
In my personal experience, more and more companies are trying not to curb the
proliferation of IM, but are rather taking steps to manage its use—looking for ways
to oversee and control IM.
Let's take a short history lesson so that you will know how it all began and will be
able to get things in perspective. When enterprises woke up to the benefits of IM,
they also felt the need to control its use, and they ran into a void. IM was a public
service. There wasn't any business-grade IM software that would provide the
security and legal compliance expected from enterprise software. This void was
filled in 1998, when IBM launched the first "Enterprise Instant Messaging" (EIM)
software, called IBM Lotus Sametime. Microsoft quickly followed suit, first in haste
with Microsoft Exchange Instant Messaging, and more properly later with Microsoft
Office Live Communications Server.
Today, EIM is a multi-billion dollar business.
But Will IM Work for "Me"?
Like any Internet user I use IM daily. Like most, I use it to stay in touch with my
friends, but every day for the past four years I've also been using IM to communicate
with my editors over at Linux.com. Even this book was vetted out with Packt editors
over IM.
While you might be impressed by the IDC figures and how IM works for
"me", neither means anything if IM doesn't work for "you". IM is about
communication—instant, real-time, communication. But of course, IM isn't
the only real-time collaboration tool available. In addition to the telephone,
the other digital communication tool you have access to is email.
•
•
•

Chapter 1
[ 9 ]
I will not start a flame war here on which tool is the best, but rather will tell you how
it ends. When the dust settles on the 'IM versus email versus telephone' battle and
the purists retreat, there is only one option—to use all three tools together. Despite
the fact that each tool has advantages over the other, because this book is about IM,
let me just tell you what IM can do for you that email and telephone can't; at least not
with the same efficiency as IM:
IM is the coyote of communication: There's no faster means of
communication than IM. It's called "instant messaging" for a reason. Your
messages are delivered instantaneously. Also bear in mind that an IM can
carry pictures, documents, or anything else that you could have attached to
an email, with the same ease as a plain text message.
True interactivity with typing notifications: With IM, you don't have to wait
for your email to be read and replied to. As a journalist for Linux.com, speed
is very important to me. When working on a breaking news story, neither
my editors nor myself can afford to bounce emails to each other, sorting
clarifications or edits. Also, IM guarantees that your message has been read
and will be replied to. Emails do not come with such a guarantee. No other
form of digital communication offers the chance to communicate in real-time.
You can mark emails as important, and flag them for a response, but if you
need prompt action, there's no faster or more reliable way of communicating
than with an IM.
Less chance of misunderstanding: Because IM conversations are
instantaneous, the chance of being misunderstood is pretty low. With emails,
misunderstandings can linger for a while—at least until someone gets a
chance to explain. Because IM follows the natural flow of a conversation,
misunderstandings are quickly cleared up.
Better for brainstorming ideas: Because physical team meetings don't happen
at the drop of a hat, managers often resort to email for their brainstorming
sessions. But such emails suffer from a severe infection which is the biggest
known reason for reduced productivity—CC'itis. Also, long threads of email,
with multiple recipients, are difficult to follow and manage.
A true extension to your phone book: Email has an address book that lets you
manage your contacts, but an IM contact list goes a step further by binding
your list of contacts with the power of presence. IM uses a technology called
"presence awareness" to detect who is online, so that can see at a glance
whether the people with whom you want to communicate are online. Now,
can your phone do that?
•
•
•
•
•

Introduction
[ 10 ]
Knock-knock notification: IM's biggest benefit that'll affect you more than
any other feature is its unobtrusiveness. What helps you stay on top of things
is a little feature called notifications. These are alerts that let you know when
a contact wants to communicate with you, and notify you when someone
you'd like to chat with comes online.
Cheap: Several of the features mentioned above can be accomplished, to
some degree, with a telephone. The telephone offers true interactivity, and
is ideal for group meetings. But you surely run the risk of catching someone
at a "bad time" or of using an outdated contact list. The biggest concern for
most companies, however, is cost. If I were using traditional methods of
communication, I'd be bankrupt—there are several thousand miles and a
couple of time zones between me and my editors in the UK and US. IM helps
in keeping your communication—costs down, irrespective of whether you
work in a one-office home-office setup, or a multinational corporation.
Why Roll Your Own IM Server?
As I mentioned previously, the only way enterprises could safely allow IM
proliferation was if they could apply necessary control. Some companies decided to
apply "soft" control over public IM, by restricting, limiting, and pre-screening access.
Others opted for more concrete steps, looking for a greater degree of control and,
more importantly, privacy. These were the first users of EIMs.
By bringing the EIM infrastructure in-house, with an EIM server, a business can truly
manage IM sessions, completely eradicating concerns about security and privacy.
As with any good server application, an EIM system is also designed to function like
any other enterprise application, offering centralized management, and directory
and user integration with corporate directory systems such as Lightweight Directory
Access Protocol (LDAP).
Because an in-house EIM server is tailor-tweaked to fit an organization, it does offer
some level of customization not found with public IM. This allows a business to
integrate IM and its features with other enterprise applications, like corporate email,
intranet portals, ERP, and Supply Chain Management solutions and services such as
over-the-network telephony.
There's no denying the advantage of an in-house EIM solution, if you want to
effectively deploy, regulate, and be in charge of this new and useful means of
communication.
•
•

Chapter 1
[ 11 ]
What To Look for In An IM Server?
There's no dearth of IM systems available. As we'd like to keep things under control
and have decided to roll our own IM service, the next obvious question is: what
features should we look for in an EIM solution? Not all products are the same, but
like email, there are some features common to all and without which you wouldn't
call them an IM system.
In this section, we're not discussing those features that are common and obvious;
we're identifying the features that separate a good IM solution from an average one.
Understanding these features will help us select an ideal, cost-effective solution that
not only delivers now, but also grows as the company around it grows:
Authentication: Checking the credentials of the users is the foremost task of
a server of any kind. A good IM server should make the task of managing
users fairly simple. Rather than insisting on managing users themselves, an
IM server should be capable of interfacing with third-party authentication
systems, such as Directory Server. This also keeps things simple for your
employees who won't have to maintain more than one username and
password to access multiple services.
Security: Like all systems in the enterprise, ensuring security is a prime
concern. In the case of IM, security becomes all the more important
because of the nature of communication. You need an IM system that takes
security for messages pretty seriously as they fly across the network,. Some
commonly-used security features include secure sign-on, digital signatures,
and good ol' encryption.
Protection against infection: This feature of an IM system flows from another
feature—interoperability. Because a good IM system wouldn't discriminate
against users of a particular operating system, it has to make sure it doesn't
transmit virus-infected files between users. Having your IM system use a
third-party anti-virus product for scanning files before transmission is a
good idea.
Logging: Regulations in some sectors mandate keeping logs of all
communication, including IM. Even if it doesn't, monitoring conversations
or keeping logs isn't a bad idea. Not only does logging prevent users from
misusing the system but some IM systems also have features such as
on-the-fly keyword flagging that will alert the appropriate person in case
of misuse. If you are required to keep logs, then make sure that the system
keeps them in a format that's easily accessible.
•
•
•
•

Introduction
[ 12 ]
Extensibility: The features I've listed above are more or less what you need
an IM system to have. Some products are more feature-rich than others. You
need a system that offers you the basic set of features needed to get started
and then offers exotic ones as extensions or plugins. If you use other services,
you should also look for a system that plugs into those services if applicable.
Administration: Adding an IM server to the mix of existing network services
increases the administration load. You have to make sure that the IM system
doesn't get in your way too much, is easy to manage, and can run on its own,
once it's configured and operational.
Not too demanding system requirements: Finally, you have to weigh in what
the IM system brings to the table versus what it requires from you. Like
most server software, an IM server in itself doesn't require much. But as the
number of users using the service increase, the service exerts more pressure
on the physical hardware supporting it. Additionally, IM is an always-on
service; therefore, you are looking at a machine that can handle the load of
possibly hundreds of simultaneous users generating megabytes of logs.
Is Openfire The Right IM Server for Me?
It's been a long time since the days when IBM and Microsoft dominated the EIM
market. Now, there are a range of EIM platforms in addition to IBM Lotus Sametime
and Microsoft Office Live Communications Server. Some of the most popular ones
are ejabberd, jabberd2, Tigase, and Jabber XCP. According to Wikipedia, there are
about 90 million users using Jabber-based servers. Openfire is one such server.
Note: The protocol on which Openfire is based on is now formally called XMPP or
Extensible Messaging and Presence Protocol. It was formally known as Jabber, but
some people confuse this with the company of the same name (Jabber Inc.). In this
book, both terms are used interchangeably to refer to the protocol.
But what's so special about Openfire? There are many Jabber-based EIM servers
available on the market. Openfire, which is written in Java, implements most features
of XMP, according to Jabber's own website. As a product, Openfire is cross-platform,
and is also very easy to setup and administer.
Openfire has lots of features designed to streamline communication within an
enterprise. Some of Openfire's features, such as its secure design, are due to its well
respected Jabber protocol. Jabber uses Transport Layer Security (TLS) by default, and
will establish a secure connection if one is available. Openfire can be configured to
allow only secured connections.
•
•
•

Chapter 1
[ 13 ]
While the basic version of the server is available free of cost, an enterprise version,
which can be bought for a fee, has features suitable for a large multi-office
corporation. Openfire will suit a wide range of enterprises, from home office
set-ups to large multi-site enterprises, as it is dual-licensed under GPL along with a
commercial extension.
As we'll see in the course of this book, the free GPL'd version is no dumb cousin
and has a variety of features that you'd need in an IM server, such as centralized
administration of user lists, the ability to broadcast messages to entire groups,
and customizable presence states, and tops it all off with a secure feature-rich
client. Openfire is designed to complement other existing services running on your
network. So, for example, it can plug into a directory server for authenticating users,
or into an Asterisk setup for telephony.
Here's a list of some of Openfire's features:
1. Standards compliant.
2. Easy to install.
3. Works with multiple external databases in addition to a built-in one:
Openfire can work with several databases including MySQL, PostgreSQL,
Oracle, MS SQLServer, and IBM DB2. Its own embedded database is
powered by HSQLDB.
4. Can interface with OpenLDAP or Active Directory.
5. Cross-linked, easy to navigate web-based front-end: Irrespective of what
setting you are trying to tweak, the interface provides you with lots of
information and offers you various options to choose from. For example, if
you want to change how Openfire handles offline messages, the server offers
you various permutations to store, bounce, or drop messages. The interface is
also cross-linked, which allows you quicker access to relevant portions of the
configuration. For example, in the "Server Information" section, along with a
list of ports in use, Openfire has a link to the "Security Settings" section from
where you can edit the security settings of the ports.
6. Easy to create and manage user groups: These user groups can be shared to
easily pre-populate new users' contact lists with the right people.
7. Custom audit policy: Openfire can audit IM traffic on the server and
save the data to XML files. Audit policy settings allow control over how
auditing occurs.
8. Group chat and room administration: You can easily create and manage chat
rooms. Options allow control over room moderation, maximum occupancy,
presence information, and more. The group chat room summary page allows
you to view and edit current chat rooms and create new ones.

Introduction
[ 14 ]
9. Act as a gateway to other public networks: Gateway settings allow you to
authorize individual client applications so that only clients that have been
audited for proper security are allowed on your network.
10. Lots of security options: Security settings allow you to control who your
users can and can't talk to. Client control allows you to determine which
features are enabled in users' IM clients, such as enabling file transfer,
message broadcasting, or group chat.
11. Has a secure client: The developers of Openfire also make available a free
and open-source client called Spark. Spark is written in Java and is designed
to make full use of Openfire's security features.
12. Extend with plugins: A host of plugins are available for functionality such as
importing and exporting data and exposing presence data as a web service.
Plugins can be fully administered from inside the Openfire administration
console. Even the Spark client can learn new tricks with plugins.
13. Advanced Reporting tools: Openfire has advanced reporting tools, which
include statistics on active users, conversations, group chat rooms, packet
counts and more. With the enterprise edition, you can generate reports for
preset time frames or enter specific dates to narrow results. Openfire reports
can also be exported as a PDF file.
14. Client control: Openfire Enterprise lets you control the features that are
enabled in users' IM clients (for Spark and other clients), such as enabling
file transfer, message broadcasting, or group chat. You can also control the
version of Spark deployed by users from inside the administration console.
15. Distribute Loads: When deployed in a large enterprise, Openfire has a
couple of tricks up its sleeve to distribute and manage loads with other
Openfire servers.
16. Run an online helpdesk: With Openfire's Fastpath service you can establish
a communication link with users outside your network. This can be used for
something as simple as communicating with visitors to your website or as
comprehensive as an online helpdesk.
This is just a brief round-up of Openfire's features to get you excited about the
book. Again the book is not written to show off Openfire. Instead it's designed to
help you setup a usable instant messaging workhorse of a server to kick out any
communication blues and enhance the productivity of anyone using the system.

Chapter 1
[ 15 ]
Summary
There's no denying the importance of instant messaging in the modern office. The
question in front of the management is not whether to use IM or to block it, but
rather how to control it. In this chapter, we've looked at some of the benefits of using
IM over "traditional" communication methods such as the telephone and email.
We've also discussed the benefits of hosting our own EIM server instead of using one
of the free public ones.
After analyzing some of the features to look for in a EIM solution, we've decided to
use the Openfire real-time collaboration server. The server is dual-licensed under
the open source GPL and a commercial license. It supports instant messaging, group
chat and VoIP and uses the only widely adopted open protocol for RTC, XMPP
(also called Jabber). Openfire is incredibly easy to setup and administer, but offers
rock-solid security and performance.
In subsequent chapters of this book, we'll setup Openfire, tweak it, and customize
it until we have a more secure and feature-rich alternative to other consumer
IM networks.

Installing and Using Openfire
So, I've teased you with the advantages and usefulness of Openfire. You've popped
in the red pill. Now let's begin our climb down the rabbit hole.
The Openfire instant messaging server is very easy to install. In fact, it's totally
newbie-proof. So much so, that unlike other complex server software, even if you've
never setup up Openfire before, you'll be able to get it up and running on your first
try. If you're sceptical, by the time we are done with this short chapter, we'll have
ourselves a fully-functional Openfire server that'll register users and connect
with clients.
In this chapter, we will cover:
Pre-requisites for Openfire installation
Installing and running Openfire on Linux/Unix
Installing and running Openfire on Windows
Installing Instant Messaging clients
Preparing Your System
Openfire is a cross-platform server and can be installed under Linux, Solaris, Mac,
or Windows operating system environments. Openfire reserves its enormity for its
users. When it comes to system requirements, Openfire is very suave and a perfect
gentleman who has very moderate demands.
You don't need to spend much time preparing your system for installing Openfire.
Just pick out the environment you're comfortable with—Windows or one of the
popular Linux distributions such as Fedora, Debian, or Ubuntu, and you're good to
go. You don't have to run around getting obscure libraries or worry about
mismatched versions.
•
•
•
•

[ 18 ]
But like any hard-working gentleman, Openfire has a thing for caffeine, so make sure
you have Java on your system. No need to run to the kitchen—this isn't the Java in
the cupboard. Openfire is written in the Java programming language, so it'll need a
Java Runtime Environment (JRE) installed on your system. A JRE creates a simple
(breathable, so to say) environment for Java applications to live and function in. It's
available as a free download and is very easy to install.
If you're installing under Windows, just skip to the "Installing Under
Windows" section later in the chapter.
Linux Users Get Your Cuppa!
Sun's Java Runtime Environment is available as a free download from Sun's website
(http://www.java.com/en/download/linux_manual.jsp) or it can also be
installed from your distribution's software management repositories. Users of RPM-
based systems can safely skip this section because the Openfire installer for their
distribution already includes a JRE.
On the other hand, users of Debian-based systems such as Ubuntu will have to
install the JRE before installing Openfire. Thanks to the popular apt-get package
management system, there isn't much to installing the JRE.
Because Sun's JRE isn't free and is also not an open source software,
most Linux distributions make the JRE package available in their
non-free tree. If the following command doesn't work, check out the
detailed installation instructions for your specific distribution, at
https://jdk-distros.dev.java.net.
Open a console and issue the following command:
$ sudo apt-get install sun-java6-jre
Now the apt-get system will automatically fetch, install, and activate the JRE
for you!
Meet The Protagonists
This chapter is about making sure that you have no trouble installing one file. This
one file is the Openfire installer and it is available in multiple flavors. The four
flavors we're concerned with aren't as exotic as Baskin Robbins' 31 flavors but that
doesn't make the decision any easier.

Chapter 2
[ 19 ]
The Openfire project releases several installers. The four flavors we're concerned
with are:
Openfire-3.5.2-1.i386.rpm: RPM package for Fedora Linux and other
RPM-based variants
Openfire_3.5.2_all.deb: DEB package for Debian, Ubuntu Linux and
their derivates
Openfire_3_5_2.tar.gz: Compressed "tarball" archive that'll work on any
Linux distribution
Openfire_3_5_2.exe: Openfire installer for Windows
Openfire 3.5.2 is the latest version available at the time of writing this
chapter. There will quite likely be a newer version available when you
visit the website after/while reading this chapter.
We'll cover installing Openfire from all of these files, so that you may use Openfire
from your favorite Linux distribution or from within Windows. Just to reiterate here,
the Windows installer and the RPM Linux installer both bundle the JRE, while the
other other versions do not.
The Actual Install-Bit
Alright, so you have the Java JRE setup and you've downloaded the Openfire
installer. In this section, we'll install Openfire server from the various versions we
discussed in the last section.
Let's first install from the source tarball.
The first step when dealing with .tar.gz source archive is to extract the files. Let's
extract ours under /tmp and then move the extracted directory under /opt.
# tar zxvf openfire_3_5_2.tar.gz
# mv openfire /opt
Now we'll create a non-priviledged user and group for running Openfire.
# groupadd openfire
# useradd -d /opt/openfire -g openfire openfire
Next, we'll change ownership of the openfire/directory to the newly-created user
and group.
# chown -R openfire:openfire /opt/openfire
•
•
•
•

[ 20 ]
Believe it or not, that's it! You've just installed Openfire server. Surprised? Get ready
for more. It gets even simpler if you install using the precompiled RPM or DEB
binaries. In the case of RPM, Openfire is installed under /opt/openfire and in case
of the DEB file, Openfire resides under /etc/openfire.
On RPM-based systems such as Fedora and its derivates (as root), use:
# rpm -ivh openfire-3.5.2-1.i386.rpm
On DEB-based systems such as Debian, Ubuntu, and so on, use:
$ sudo dpkg -i openfire_3.5.2_all.deb
Voila! You're done. Now, who thought my "installing Openfire is totally
newbie-proof" comment was an exaggeration?
Running Openfire on Linux/Unix
So, we now have Openfire on our favourite Linux distribution, whichever
distribution this may be. Now it's time to fire it up and get going. Depending on how
you installed Openfire, the procedure to start it varies a little.
If you've installed Openfire from the RPM or DEB, you'll be pleased to know that
the Openfire developers have already done most of the hard work for you. These
binaries contain some custom handling for the RedHat/Debian-like environments.
You can start and stop Openfire just like any other service on your system:
# /etc/init.d/openfire start
Starting Openfire:
You can also view the other options available:
# /etc/init.d/openfire
Usage /etc/init.d/Openfire {start|stop|restart|status|condrestart|reload}
On the other hand, if you've installed Openfire using the .tar.gz archive, you can
start and stop Openfire using the bin/openfire script in your Openfire installation
directory. First, change to the user that owns the /opt/openfire directory:
# su - openfire
# cd /opt/openfire/bin/
# ./openfire start
Starting Openfire

Chapter 2
[ 21 ]
And now you have Openfire up and running!
If you are using a firewall, which you most probably are, make sure to
forward traffic on ports 5222 and 5223 (for SSL) which clients use for
connecting with the Openfire server. Also forward traffic on port 7777 for
file transfer.
Linux users can skip the next section on installing Openfire under
Windows and move directly to the section that discusses the preliminary
Openfire setup.
Installing and Running under Windows
Installing Openfire under Windows isn't all that different from installing under
Linux. One big difference is that the Openfire installer for Windows includes a JRE.
This saves you the trouble of obtaining and installing one yourself, but adds to the
size of the Openfire installer.
The process is pretty simple. Download the Windows Openfire installer to any
convenient location and double-click it. This launches the Openfire installer wizard
which first displays a license agreement and, upon agreeing to their terms, asks
standard Windows installation questions, such as the directory you want to install
Openfire under, and its start menu entry.
The installer creates the directory, copies the files, and you're done! You have just
successfully installed Openfire server.
Once you have installed Openfire, a shortcut to a graphical launcher will be added
under the Start Menu, as for any other Windows application. By default, it's
accessible via Start | Programs | Openfire | Openfire Server.

[ 22 ]
When you start the launcher for the first time and click on the Start button
(refer to the previous screenshot), Openfire will display the message Admin
console listening at http://127.0.0.1:9090. Use the Launch Admin button to start
the web interface. It will automatically open your web browser to the correct URL to
finish setting up the server.
Openfire as a Windows Service
If you're not a big fan of graphical interfaces, you can also control Openfire from the
Windows command-line as a standard Windows service.
You'll find an Openfire-service.exe file in the 'bin' directory of the installation.
You can use this executable file to install and control the Openfire service.
From a console window, you can run the following commands:
* To install the service:
Openfire-service /install
* To uninstall the service:
Openfire-service /uninstall
* To start the service after installation:
Openfire-service /start
* To stop the service:
Openfire-service /stop
You can also use the Services tool in the Windows Control Panel to start and
stop the service.
If you install the Openfire service, you should use that to start and stop
Openfire instead of using the graphical launcher under your start menu.
Fuse Life into Openfire
Now we're on the final leg of our journey. This last step is common to both Windows
and Linux environments. We've installed Openfire and it's up and running. Now
we need to fuse life into it, which is a colorful way of saying that we need to tweak
certain settings and point it to our network.

Chapter 2
[ 23 ]
We must tweak these settings from Openfire's Web interface, which runs on
port 9090. To access it, launch your browser, and in the address bar enter
your IP address followed by a colon and 9090. For example, if the Openfire
server is running on a machine with the IP address 192.168.2.5, then the server
interface is at http://192.168.2.5:9090. If you are on the same machine on
which you've installed Openfire, you can also use http://localhost:9090 or
http://127.0.0.1:9090. Windows users can also launch the web browser using
the Launch Admin option from the graphical launcher in their Start Menu.
Linux users can check their IP address by running the
ifconfig command
The first time you launch the interface, it'll take you through a brief five-step setup
process asking questions about the default language and configuring some server
settings. It'll also ask you about the database connection to use. Openfire can work
with several databases, including MySQL, PostgreSQL, Oracle, Microsoft SQL
Server, and IBM DB2. You can also use Openfire's embedded database, which is
powered by HSQLDB. For this last option choose the Embedded Database
(refer to the following screenshot) option when prompted.
We'll cover Openfire using an external database later in this book.

[ 24 ]
One of the things for which you need the database is storing user information for
authentication. But if you have a directory server running on your network, Openfire
can obtain authentication information from either OpenLDAP or Active Directory.
As we haven't setup a directory server yet, for the moment we'll entrust user
management to Openfire. When we're asked to select a user and group system to
use, we'll select the Default Option to store users and groups in the embedded
server database.
Hooking up Openfire with a directory service will be handled later in
the book.
The network settings of the Openfire server involve picking up a domain name for
the server and altering the admin console secure and non-secure ports. The interface
already includes default values for all of these fields based on the network settings
of the machine. If you're not sure what they mean, it is a good idea to leave them to
their default values.
If you plan to connect users from two Openfire servers in multiple
locations with server-to-server communication, as explained in Chapter
10, please choose a DNS-resolvable name.
Finally, we'll seal the configuration with a password and provide an email address
for the default admin user. On future visits to the server interface, you'll have to use
the admin username and the password you've specified to log in to the Openfire
server. When it's all done, you'll see a Setup Complete! message (see the
screenshot below).

Chapter 2
[ 25 ]
You can now log in to your server using the Login to the admin console button on
the page, to see the following screenshot.
Using The Server
We now have the server up and running. But how do users connect to the server?
Or for that matter, where are the users? Well, let me introduce you to some instant
messaging clients.
Installing The Spark Client
Installing the client in both Linux and Windows is a walk in the park. Remember
that, like the server, Spark is also a Java application. But you don't have to worry
about installing Java for Spark, because versions for all platforms of the client
include the JRE.

[ 26 ]
On your chosen Linux distribution, download the Spark tarball and extract its
contents under a standard location, such as /opt.
$ cd /tmp
$ tar zxvf spark_2_5_8.tar.gz
$ mv Spark/ /opt/
Now simply navigate to the newly-extracted directory and run the client by issuing
the following commands:
$ cd /opt/Spark/
$ ./Spark
Look ma, no installation!
Let's move on to Windows now. Download the Spark installer for Windows and
double-click on it to launch the installer. Like any other Windows application, you
need to select the destination directory, the Start Menu entry, and decide whether to
create desktop and quick launch icons. When it has completed the installation, the
installer gives you the option to launch the client. Use it!
Tuning In With Spark
Now that we've installed Spark, it's time to use it to connect to our server. Before you
do so, please remember to keep two things handy:
1. The name of the server: We specified this in the web interface when we
setup Openfire. It's listed under Server Information in the web-based
administration console.
2. The IP address of the server: You should already know this. The key to
running a successful network application is to remember the IP addresses
of the machines running those services. You can find the IP address of the
machine running Openfire using the ifconfig command under Linux and
ipconfig under Windows.

Chapter 2
[ 27 ]
To create a new user with Spark, launch the client and click on Accounts. In the
pop-up window enter a Username, and lock it with a Password (as shown in the
previous screenshot). In the Server field, enter the IP address of the Openfire server
and click on the Create Account button. When your account is created, Spark will
display a pop-up box saying so.
By default, Openfire allows users to create accounts from IM clients. This
isn't always a good policy and you can easily take away this power from
the users. We'll cover this in a later chapter.
Now that we've created an account, let's log on to the server. Like most things with
Openfire, this is easily done. To log in, launch Spark and, in the space provided,
enter your username, password, and the IP address of the Openfire server.
Optionally you may also choose to let Spark remember your password by selecting
the Save Password checkbox. Now click the Login button and you're logged in.

[ 28 ]
Configuring Other IM Clients
There's no dearth of multi-protocol instant messaging clients
(see http://en.wikipedia.org/wiki/Comparison_of_instant_messaging_
clients) nor is there any shortage of Jabber clients (see http://www.jabber.org/
software/clients.shtml). Not that I am complaining. It's just that I can't
hand-hold you through the process of using your favorite IM client to connect to
your Openfire server. Honestly though, and by now I am sure you'll trust me when I
say this, there's hardly anything to it.
Just keep these three bits of information handy and you can configure just about
any client:
1. The username and password of the user.
2. The name of the server as specified in the administration console.
3. The IP address of the server running Openfire.
To demonstrate, I'll configure three of my favorite multi-protocol clients under
Windows and Linux—MirandaIM (Windows), Kopete (Linux:KDE), and Pidgin
(Linux:GNOME).
MirandaIM
MirandaIM implements protocols as plugins, so while installing it please make sure
you select the Jabber protocol for installation. When it's running, MirandaIM sits in
the system tray close to the clock in the bottom right-hand side of your Windows
system tray. Right-click on its icon in this system tray and navigate to Main Menu |
Options. Scroll down to the Network tab and select the Jabber option. This divides
the right-side pane into two sections. In the Jabber section, enter your Username,
Password (see the following screenshot), and the name of the Openfire server. In the
Expert section, select the Manually specify connection host checkbox and enter the
IP address of the server in the host entry.

Chapter 2
[ 29 ]
If you're registering a new user at this stage, click on the Register new user button. If
you've already registered, just click on OK to save the settings. Finally, double-click
on the icon in the system tray and from the MirandaIM interface, navigate to the
Status drop-down menu and select Online.
Although MirandaIM is great, it lacks the level of depth in implementing the Jabber
protocol as compared to dedicated Jabber clients for Windows such as Exodus
(http://code.google.com/p/exodus/), Pandion (http://www.pandion.be/
screenshots/), and Psi (http://psi-im.org/).

[ 30 ]
Kopete
To add an account in Kopete, right-click on its icon in the taskbar and select
Configure. In the pop-up configuration window, click on the New button to bring up
the Add Account wizard. Select the Jabber protocol and move on to the next step.
If you want to add a new account, click on the Register New Account button. Here,
enter the IP address of your Openfire server in the Jabber server field, the desired user
name in the form username@server name (for example msharma@example.com), and
a Password for the account, before clicking on the Register button (see the previous
screen capture). Kopete will let you know if the registration was successful or if an
error occured.

Chapter 2
[ 31 ]
You'll be returned to step two of the account registration process. Here, enter the
Jabber ID (username@server name) and password of the user. Under the Connection
tab, select the option Override default server information and in the Server field,
enter the IP address of your Openfire server. Now proceed to the last step and click
on Finish to exit the setup process. You should now be logged in.
Pidgin
Pidgin not only supports multiple protocols but is multi-platform as well. In addition
to Linux, it also runs on Windows. The instructions for setting up Pidgin under
Linux and Windows are the same.
You can add accounts in Pidgin using the Accounts window, which is under
Accounts | Manage. Click on the Add button at the bottom of the window to bring
up the Add Account window. Under the Basic tab, select the XMPP protocol, and
enter your screen name, which is your username on the Openfire server. Enter the
name of your server in the Domain field, and your Password (see the previous
screenshot). Now switch over to the Advanced tab and in the Connect server text
box, enter the IP address of your Openfire server.

[ 32 ]
If you want to create this user on the server, make sure you select the Create this
new account on the server checkbox at the bottom of the window. Click on Save.
If you're creating a new user, Pidgin will now ask you to enter a name and email
address for the new user. Enter these details and click on the Register button. Pidgin
will indicate whether the registration was successful.
On the other hand, if the user already exists, after saving your account details,
you'll be passed back to the Accounts window. Close the window and head over to
Accounts | Enable accounts and select the account that you want to log into.
You can also monitor the clients currently logged on to the system from the Openfire
admin interface. Head over to Sessions | Active Sessions | Client Sessions. Here
you will see a list of all the users currently logged on to the system, with their IP and
client information, similar to what is shown in the screenshot below.
Touch down! We're at the bottom of our rabbit hole. When I first got here, unlike
Dorothy, I wasn't confused; I felt elated. I hope you feel the same.
Summary
In this chapter, we've prepared an environment for Openfire, and installed and
configured the server on both Windows and Linux. From installing the Java Runtime
Environment to launching and tweaking the server, we've covered all the steps it
takes to have to a fully-functional Openfire server.
It sounds like a lot of work, but if you get down to listing the steps, there aren't
many. The whole process doesn't take more than half-an-hour. Credit must be given
to the Openfire developers, not only for packaging the server for multiple Linux
distributions and operating systems, but also for taking the load off the users who
are setting it up.

Chapter 2
[ 33 ]
The server we've setup in this chapter will work for most enterprises. Depending on
their current system landscape, some large corporations might want to hook up their
directory services with Openfire or use an external database to hold Openfire's data.
We'll get to these scenarios in due course, and while they are important options, they
are by no means necessary.
In the next chapter, we'll roam around the Openfire admin interface, tweaking the
server to our liking as we move forward.

Fine-Tuning Openfire
In the previous chapter, we setup Openfire, installed and configured some IM clients,
used these to add some users, and logged into our IM server. Basically, we've done
what 70% of IM users would be happy with. But we've barely scratched the surface
of Openfire. Our setup is too liberal, too raw. Although this is a book on running the
Openfire server, we haven't even looked around the web administrator interface yet.
In this chapter, we'll run around the interface, and get a feel for things as we tweak
our server to the liking. In this chapter, we will cover:
Details about the server and server ports
Server cache and its properties
Policing and tuning the server
Curbing indiscriminate registration
Handling offline users
Resolving resource conflicts
Updates
Sending administrative messages
Extending with plugins
Get To Know Your Server
Openfire has a simple and straightforward administration console. It's divided into
several tabs with each tab housing multiple configuration options. From within
these you can tweak every aspect of the server and integrate it with existing network
services. The other aspect of running a server is being able to monitor its activity. The
interface is also designed to provide you with visual feedback at a glance to help you
keep tabs on the server and gauge its performance.
•
•
•
•
•
•
•
•
•

Fine-Tuning Openfire
[ 36 ]
Vital Statistics
When you log in into the server, you're presented with basic details about the
server—what version of Openfire are you running, where is it installed, what
platform are you running it on, how long has it been running, what's the version of
Java powering the server, how much memory is it consuming, and so on (see the
following screenshot).
On this page, you can also see the ports Openfire uses, and their purposes (refer to
the following screenshot).

Chapter 3
[ 37 ]
Like other parts of the server, these ports are also configurable. Remember
the default secured (9091) and unsecured (9090) ports for accessing the server
administration console? To change them from their default values, click on the Edit
Properties button beneath the Server Ports listing.
In the page that opens (refer to the previous screenshot), Openfire lets you change
the value of any setting. Because we are concerned only with the administration
console ports, we'll alter only these and leave the rest as-is.
Once you're done making the changes, click on the Save Properties button to save
the changes. You'll have to restart the server for the changes to take effect. If you've
changed the administration console port, make sure that you use the new port
number when logging into the console.
Please make sure that you note down the port numbers somewhere that
you can find them easily. This is all the more important when you change
the port number of the administration console. If you forget this, you will
not be able to log in into the administration console!

Random documents with unrelated
content Scribd suggests to you:

Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.
More than just a book-buying platform, we strive to be a bridge
connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.
Join us on a journey of knowledge exploration, passion nurturing, and
personal growth every day!
ebookbell.com

Openfire Administration A Practical Stepbystep Guide To Rolling Out A Secure Instant Messaging Service Over Your Network Mayank Sharma

More Related Content

Similar to Openfire Administration A Practical Stepbystep Guide To Rolling Out A Secure Instant Messaging Service Over Your Network Mayank Sharma (20)

Recently uploaded (20)

Openfire Administration A Practical Stepbystep Guide To Rolling Out A Secure Instant Messaging Service Over Your Network Mayank Sharma