In a corporate environment, among old-fashioned system administrators, there is an opinion that the most secure and flexible messenger is Openfire. But, unfortunately, the main advantage of this product is it's free. When we speak about real tasks, the program solves it either not good enough, or skips it due to lack of necessary tools.
It looks like people do not know about other products that do the same tasks but successfully: own server, secured messages, traffic encryption, a non-public messenger that does not depends on cloud services; media calls and file exchange, support for various operating systems and mobile devices; decent integration with other software used in a company.
Our company has been deploying and configuring corporate messengers in different companies for 18 years. Year after year we are dealing with misunderstandings from administrators, technical directors, and IT managers of various levels in this field.
Corporate messenger? Use Openfire! It's free and has everything! Administrators told me, and I saw it on the forums. Jabber forever! A lot of clients for all OS, unlimited options, flexibility, open-source, security, and blah-blah-blah.
After years of work, we build the list that we share with our current and future customers to save time and not repeat the same mistakes.
The article describes issues that people face when using Openfire corporate server and its client application Spark.
Our main work product — MyChat secure messenger. It also works on the open protocol, but this is not XMPP. That is why we tell about Openfire and compare it with MyChat — to show how it should work. In this article, we review the latest version of Openfire 4.7.0 (x64) from 01.19.2022 and MyChat corporate messenger 8.14.4 from 02.01.2022.
- Openfire + Java + XMPP = is it good?
- Huge traffic consumption, redundant protocol
- Restoring admin's password in Openfire
- Issues with localization
- No options to delete messages
- Issues with Cyrillic when logging into Active Directory
- Common tree-like contact list
- File transfering: pain and suffering
- How to connect to Openfire from different devices simultaneously
- No read statuses for private messages and conferences
- Multi-user conferences in Openfire
- No system of rights and restrictions
- Installing Openfire server on Windows
- Spark Client for Openfire
- Spark 3.0.0 beta
- iOS + Android + Openfire?
- Voice and video calls
- No technical support from a vendor
- Comparing Openfire with MyChat corporate messenger
- Recommendations on switching to MyChat
1. Openfire + Java + XMPP = is it good?
So, OpenFire is a server written on Java that works XMPP (Jabber) protocol. Nothing's wrong with that, right? Java is a cross-platform technology, and you can run a server on any operating system. Jabber is an open protocol. There are numerous applications for any supported OS.
Due to the fact that Java consumes a lot of operating memory be ready to load 2 gigabytes per 800 online users. It's approximately 2-3 megabytes per user online. The calculation is not precise because memory consumption increases non-linear: from high to low. Expect this scenario as it's impossible to make any optimizations. Be attentive when launching Openfire at the same time as other services on one physical or virtual server.
If you can handle increased traffic consumption by a server, a zoo of client applications that work on XMPP protocol is going to add some stress to your life. We tested the latest versions of Miranda, Pidgin, QIP Infium, Pandion, Psi, Conversations, Adium, Vacuum-IM, and, finally, Spark of the two latest versions (official client for Openfire).
All these applications serve one purpose but make mistakes own way. If your company works not only on Windows but Linux, macOS, Android, and iOS (show me a person without a phone), you probably need to install different client applications on different systems' various interfaces.
Besides, you won't get the full set of features for your Openfire server, because all these applications implement XMPP features partially, or with your own special vision. That's logical because these are completely different free software products and they don't oblige to anyone.
Spark is the strongest out of all other clients. It is an official application for Openfire but there is a fly in the ointment too.
First. It consumes memory a lot. If you want to deploy the program on a terminal server, expect troubles.
Actually, there are no surprises. Spark is written on Java, so it occupies memory as crazy. The funny thing is that a new beta version consumes memory 9 times more than the native application of MyChat Client can do more tasks and work faster:
If you have a terminal server then using Spark on it is a bad idea. Use MyChat in a terminal. You will save memory, increase performance, and get more features for work.
Second. No versions for mobile platforms. You will have to use a third-party product.
Take a look at MyChat again, it supports all the platforms — Windows/Linux/macOS, iOS/Android, and browser versions.
2. Huge traffic consumption, redundant protocol
The quote from the IBM website: "Perhaps, the main disadvantage of the protocol is that transferred information is redundant, as more than 70% XMPP traffic consists of presence status messages".
Another problem can be the impossibility to transfer non-modified binary data via this protocol. File transfer requires additional protocols.
This is not a problem for a network with gigabit network interfaces. But when you face the task when you need to connect people with external phones to a corporate chat, traffic becomes a crucial point. And it's expensive.
MyChat has no issues with traffic. First of all, its protocol is more economical and built on JSON. Secondly, all messages are compressed by GZIP, and besides a server and client decide if there is any point in doing so. For example, if a message is too short, compression is not effective.
A simple example of average server work:
11 days of work, 60 users, 5 conferences, almost 3 000 messages, 28 megabytes of traffic in total. There is nothing to argue about.
3. Restoring admin's password in Openfire
There is no proper way for restoring or replacing a lost admin's password (admin/admin). You have to edit XML settings files or work with utilities such as phpMyAdmin to edit a database with the help of SQL scripts.
MyChat does not have issues like this at all. You always have an option to enter Admin Panel via MyChat Client token, for example, to change an administrator's password, open Admin Panel directly on the server, or use password restore options.
4. Issues with localization
When changing the language to English, Openfire acts weirdly. We changed our computer system and browser language to English and set the region to the USA to make screenshots in the English interface but that did not help, and the interface is displayed both in Russian and English. Somehow the program knows we are not from the USA :) People recommend editing plugin source texts (!) and compiling everything on your own.
5. No options to delete messages
This is a big issue that is not solved in Openfire. There are a lot of reasons for deleting messages in a corporate environment: when sent incorrectly, or for conscious deleting of confidential data. Yes, such a task is complicated. This technology must be supported both by the server and client application on all operating systems, and messages should be deleted from the history, and then synchronized as is done in the older version of MyChat in 2017.
Generally, this is an unsolved issue because it deals with XMPP. It is possible to make a protocol extension, but nobody is going to support it, and consequently, features won't work.
6. Issues with Cyrillic when logging into Active Directory
A traditional problem in Openfire. Perhaps, the developers think that domain logins can only be in ASCII.
MyChat does not have an issue like that, and it works with a domain via LDAP as Openfire does. Besides, the program supports several domains at the time, transparent authorization, etc.
7. Common tree-like contact list
Let's start with MyChat first. Later we will explain why. Imagine a company that uses several domains, 400-500 employees, various OU, nesting departments, and detailed information about people (names, phone numbers, photos, positions, email, etc.).
Open domain integration, connect, import users with departments on the server. A common contact list forms automatically with any level of nesting.
One button, Carl!
Moreover, there is a scripting engine for adding more features.
What does Openfire offer?
Manual forming for a contact list with one nesting level. Importing from a domain is chaotic. No style for displaying users in the chat. If you have a domain display name — it's enough.
Why not make it as it is done in MyChat? Names, surnames, internal phones, emails, domain logins — whatever you want. Do you want a nickname with a work position or a full name? Yes, please. Notice, you do not have to change anything in user accounts. No server restart is needed too :)
And yes, two domains need two servers that are possible to link. Openfire can't handle several separate domains.
Openfire periodically loses connection with Active Directory. It's not a big deal, but stability is still most wanted, especially when the developers claimed that synchronization is available. And when changing a password for a user in AD, then after some time it stops connecting to Openfire. Coincidence? (с)
8. File transfer: pain and suffering
It is hard to set up a file transfer in Openfire. It is impossible to send files via attachments or the icon above. When sending via attachments, the chat shows a message about failure. Using the button is also not helpful — the result is dev/null :)
Besides, the port TCP 7777 for file transfer is busy by the Openfire server and checked by Telnet:
It does not work in Spark, and it won't work in any other client compatible with Jabber (Miranda, PSI, or Pandion) because transfer options are not compatible with each other. This information is for those who believe that "there are a lot of Jabber clients, choose whatever you want and everything will work just fine".
With a "bunch of jabber clients", the situation is so terrible that there is nothing to comment on.
Attempting to transfer files between Spark of different versions:
Sending messages does not work, the program "freezes" and does not show any diagnostic messages:
However, it worked in some cases, but it was in Miranda :)
9. How to connect to Openfire from different devices simultaneously
Or, in other words — multilogins. You never think about how it works when launching Telegram on a desktop and your phone simultaneously.
But it is complicated on the technical side. But it's all clear for a final user.
But Openfire has another problem again: with one account, it is impossible to write from two different devices. More precisely, you can log in, but only the account which logged last will get the messages. As a result, the message does not reach both devices, but only one.
Synchronization? Never heard of it.
MyChat multilogins work perfectly, since v.8.2.
10. No read statuses for private messages and conferences
Well, just no. 2022, Viber, Whatsapp, Telegram, Signal... This is a regular feature, I have no idea how you can work without it.
MyChat has this feature. And not only in private dialogues, but in conferences too.
This feature works reliably.
11. Multi-user conferences in Openfire
Let's be clear, Openfire has them:
They are not very convenient, there's not much you can do with them, but it's better than nothing. With a few of XMPP features, but still.
The only problem is that users will have to enter this conference on their own, there is almost nothing to configure. For example, logout prohibition, and automatic login by user groups, as it has been done in MyChat.
Rights are configured individually for each conference:
But there are almost none, so the process is simple:)
But you can add a non-existent as a moderator:
It is not very clear how the system understands who is the moderator of the conference, because Openfire does not have a system of rights and restrictions.
12. No system of rights and restrictions
Looks like Ignite Realtime do not know about user roles, groups of rights, and restrictions. Either a regular user or root. It turns out that if you need to send files and private messages to one group of users, and not to the other, then it will not work. Or you pick up a file, Intellij Idea, or source code, and do what you need. Yes, this is open source.
OK, again — user rights are not Openfire's strongest part of Openfire.
MyChat has rights groups, with a tree-like structure. You can customize any aspect of the program. There are more than two and a half hundred rights and permissions. If you want to forbid exiting the program — one checkmark. Allow must-read broadcast — another checkmark (do not bother, this super feature is not available in Openfire and is not expected in the future).
Permissions are applied on the fly, you don't even need to reconnect applications.
Even the nuances of the administrators' work can be configured. For example, give a young Padawan to read the system logs, and allow a security officer to check the messaging logs. In order not to break or bend something in the server settings. Allow deputy administrator everything except rights management.
13. Installing Openfire server on Windows
I intentionally moved this excellent procedure to the end of the article, because it is simply impossible to do serious enterprise-level software this way. And I'll show you why.
Download a 90 MB installer of the latest version of Java Runtime Environment (JRE x64, it is important because the OpenFire distributional file is also x64) from the Java official website.
Openfire won't install without it. OK:
A reminder from Oracle that says if we use Java for commercial purposes, you should pay:
Skip this step, install JRE, and re-install Openfire.
The installer without digital signature in 2022.
Ok, move on. Standard installation, license agreement, folder selection, launch at the end of the installation, everything is as usual:
The server launched as a service via TCP port 9090 (http://localhost:9090/setup/index.jsp), a browser opens the settings wizard for choosing language:
We chose English, and our whole system is in English, but somehow it decides to display the interface in russian. Weird. The page design is kind of adaptive, but not really:
Unfortunately, there is no Help to find the definition of "Property encryption key". Skip it and move on.
Select embedded database because we install the server from the very start and it's too soon for an external database.
Use default profile settings, but it's not clear how to use domain users and regular ones, or several domains at the time.
And this weird unchecked box:
"Security" again. It means, by default, the Openfire database saves passwords publicly (!), and is not hashed. Moreover, a user must know how modern his client application is, and whether can it work with hashed passwords.
This is 2022. OK, I don't know, so I skip this box and move on.
Configuring admin's account:
Creators probably do not know how to use a hyphen instead of minus signs.
Why two fields to repeat a password if you can check it via the icon?
What happens if I specify an incorrect admin's email address or make a typo? Or don't even specify it at all?
Ok, skip this step too, and…
Press the button "Back" in a browser, and it works?
There is nothing optimistic in "It appears". But the guide for reinstalling the server does not feel good. OK, go to the admin's console and enter login and password admin/admin:
It works, it let us to the admin's panel. The interface is awful, only the bravest administrator can look at it after dealing with text XML setting files.
Bouncing text:
No text style:
6 (!!!) pages of text properties for editing variables. Why create a convenient interface, and let the administrator suffer instead, am I right?
The minimum screen resolution to use the admin's panel without a horizontal scrolling line is 1860 horizontal pixels. Sure, let's add a FullHD monitor to system requirements.
How can it be if I just logged into the admin's panel 20 minutes ago?
A user's profile almost has no properties unlike MyChat where you can find a lot of these fields, and it is possible to make custom fields (for future use or domain import):
The registration date is an outdated feature. But I registered on February 6, 2022. And I am online. Openfire thinks differently.
OK, again, a user profile is not the strongest side of Openfire.
Basically, when creating a user, you can specify only 4 fields and one checkbox — an administrator or regular user:
14. Spark Client for Openfire
Download the latest available Spark version 2.9.4 from November 15, 2020. Without JRE (one and the same developer for the server and client application). Right here, on the download page, you see a distributional file with or without JRE. But it does not work for the server though:
Another step on a rake:
The Openfire client is 32-bit. They forgot to mention it on the download page. Sure, we are very excited to go through these jungles and install JRE TWO times in a row, x32 and x64.
Download the x32 variant via Java interpreter, and launch the Spark installer again. Obviously, no digital signature:
Spark wants to install into Program Files:
It makes sense after it requested elevated privileges at the start :) This is the wrong solution. Users do not have the right to install the software in Program files on their client computers.
No automatic domain installation because MSI package is not provided, unlike MyChat. But on the other side, it's very unlikely that Spark will be updated in the near future as the last update was almost 15 months ago.
If it updates, will the administrators manage to update 400 computers manually?
Logging in to the server:
At least we tried. Very friendly interface. Obviously, the server search must work but it doesn't. MyChat finds all the servers in a local network, names, parameters, and versions. It can check the connection.
The port is correct. The server works.
Oh, we need to enter a domain manually. Hooray!
A lot of windows to open a conference:
Sending files does not work. Why display this information as a separate message?
Traditionally, it is possible to send messages to yourself, they are duplicated in the chat:
But the photo is not displayed even though I downloaded it.
Setting up a tree-like contact list is a mystery. But it is possible to add users to a contact list manually:
Or do it on the server but without nesting, only group/users and nothing more.
Design is worth mentioning.
I am trying to download a photo to a profile and get the message that my photo is not square, and I have to reduce its size to 64x64:
However, the program accepted the photo.
15. Spark 3.0.0 beta
Honestly, I am disappointed that there are no convenient and pleasantly-looking clients for Jabber on Windows. Perhaps, it's because companies such as Google developed their own clients. There was a cool MDC, but, unfortunately, it's abandoned. The source code is available, but nobody wants to continue the work.
There was a hope that the third version of Spark is much better. But, unfortunately, that's not the truth.
All the troubles started after downloading the distributional file:
Spark installer still does not have a digital signature.
A lot of bugs compared to previous Spark versions, you do not even have to search for them:
16. iOS + Android + Openfire?
There are third-party applications for Android, but nothing is convenient for iPhone.
MyChat supports these mobile platforms, and Huawei too. PUSH messages and video calls are provided.
17. Voice and video calls
If you read all the manuals, and edit XML in Vim with closed eyes, then you have no problems with setting up calls in Openfire.
But honestly, there are no integrated calls in Openfire. Only some questionable solutions that use the internet (e.g. Jitsi).
What about MyChat? Voice and video calls, screen sharing, WebRTC technology. Everything is ready to work right after installation on various operating systems and devices. Even in a browser.
Own TURN server for working with NATs.
Calls work in LAN without an internet connection and do not consume too much traffic as algorithms adapt to bandwidth automatically. No echoes or other unnecessary sounds.
18. No technical support from a vendor
A quote from the official forum. Openfire provides support via several volunteers. You may find someone on a paid basis. This is the reality of open-source free software. Nobody owes you anything when something gets broken or needs maintenance.
MyChat support service consisting of developers themselves is always ready to help.
19. Comparing Openfire with MyChat corporate messenger
We compare the latest version of Openfire 4.7.0 (x64) from January 19, 2022, and MyChat version 8.14.4 from February 1, 2022.
| № | Ability | Openfire | MyChat |
|---|---|---|---|
| Installation, uninstallation and update system | |||
| 1.1 | Installer | Yes | Yes |
| 1.2 | Uninstaller | Yes | Yes |
| 1.3 | Automatic Installation | No | Yes |
| 1.4 | Automatic updating system | No | Yes |
| 1.5 | Automatic updating and saving of all the data when installing the latest version over the old one | Yes | Yes |
| 1.6 | Portable version | No | Yes |
| Network settings | |||
| 2.1 | Work in large networks | Yes | Yes |
| 2.2 | Work in complex networks and via the Internet | Yes | Yes |
| 2.3 | Guaranteed message delivery | Yes | Yes |
| 2.4 | Work in terminal sessions | Yes, huge traffic consumption | Yes |
| 2.5 | Traffic encryption | Yes, but not supported by all clients | Yes |
| 2.6 | Work in very bad networks (satellite connection, "long" pings) | Depends on client application | Yes |
| Default functions | |||
| 3.1 | Private messages | Yes | Yes |
| 3.2 | Message statuses (received, seen) | No | Yes |
| 3.3 | Text conferences | Yes | Yes |
| 3.4 | Notifications with a return receipt | No | Yes |
| 3.5 | Common Bulletin board | No | Yes |
| 3.6 | File transfer | Depends on client application | Yes |
| 3.7 | Images transfer | Depends on client application, sent as a file | Yes |
| 3.8 | Automatic backlight for links in a text | Yes | Yes |
| 3.9 | Messages history view | Yes | Yes |
| 3.10 | Event sound notification | Yes | Yes |
| 3.11 | Personal contact list | Yes | Yes |
| 3.12 | Sending messages and files to offline users | Yes | Yes |
| 3.13 | Graphic smileys | Yes, but not emoji | Yes |
| 3.14 | Voice calls | No | Yes |
| 3.15 | Video calls | No | Yes |
| 3.16 | Screen sharing | No | Yes |
| 3.17 | Multi-logins | Yes, but messages are sent to one account only | Yes |
| 3.18 | PUSH service for Android/iOS devices | No | Yes |
| 3.19 | Message history synchronization from the server | No | Yes |
| Active Directory integration | |||
| 4.1 | MSI package to deploy users via Group Policy | No | Yes |
| 4.2 | User transparent authorization | No | Yes |
| 4.3 | Importing users from the Windows domain | Yes, limited | Yes |
| 4.4 | Support for any amount of various domains | No | Yes |
| 4.5 | Collaboration between common and domain users | Yes | Yes |
| 4.6 | Login under domain users in MyChat applications for other operating systems: Android/iOS/Linux/macOS/WEB | No | Yes |
| Appearance configuration | |||
| 5.1 | GUI languages | Yes | Yes, UNICODE |
| 5.2 | Appearance customization | Yes | Yes |
| 5.3 | Font changing | Yes | Yes |
| Administration | |||
| 6.1 | Centralized configuration of user rights and restrictions | Yes, very limited | Yes |
| 6.2 | User Groups | Yes | Yes |
| 6.3 | Obscene words filter | No | Yes |
| 6.4 | IP, MAC, Hardware ID filters | No | Yes |
| 6.5 | Anti-spam and anti-flood filters | No | Yes |
| 6.6 | User management system | Yes, limited | Yes |
| 6.7 | Detailed reference information about users (Full name, email, phone numbers, date of birth, photo, etc.) | Yes, but the number of fields is small | Yes |
| 6.8 | View message logs on the server | Yes, but the number of fields is small | Yes |
| Operating systems | |||
| 7.1 | Windows | Yes | Yes |
| 7.2 | Android | No native | Yes |
| 7.3 | iOS | No native | Yes |
| 7.4 | Linux | No native | Yes |
| 7.5 | macOS | No native | Yes |
| 7.6 | WEB | No | Yes |
| Additional abilities | |||
| 8.1 | User network status "free", "busy", "away" | Yes | Yes |
| 8.2 | Scripting language to write simple programs which extend chat abilities | No | Yes |
| 8.3 | Integration with external services | Yes | Yes (1С, phpBB, REST, php, C#, Delphi, Python, etc.) |
| 8.4 | User search system | Yes, limited | Yes |
| 8.5 | Tree-like contact list that is common for the whole network with an unlimited nesting level | No | Yes |
| 8.6 | Account manager for several users who work on the same program | Yes | Yes |
| 8.7 | User ignore system | No | Yes |
| 8.8 | Plug-in system to extend program abilities | Yes | Yes |
| 8.9 | Company department list | No | Yes |
| 8.10 | Company work position list with the sorting "superiors from above" in the contact list | No | Yes |
| 8.11 | Built-in forum | No | Yes |
| 8.12 | Task management | No | Yes, Kanban |
| 8.13 | Website chat | No | Yes |
| 8.14 | Distrib Maker | No | Yes |
| 8.15 | Inviting users into chat via email or link without registration and application installation | No | Yes |
| Technical support | |||
| 9.1 | Built-in Help system | No, one page on the forum | Yes |
| 9.2 | Community support forum | Yes | Yes |
| 9.3 | Developers support via email | No | Yes |
| 9.4 | Additional reference information, articles about the program use on the website, blog, etc. | No | Yes |
| 9.5 | Developers support via Skype, Viber, Telegram, WhatsApp | No | Yes |
| 9.6 | Premium technical support | No | Yes |
| 9.7 | Paid improvements for a messenger | No | Yes |
3. Recommendation regarding switching to MyChat
Why? Openfire messenger is only suitable for companies that do not need mobile applications. The program development is too slow; there is no versions for Android/iOS.
The main disadvantage is the absence of the centralized server and system for user management. No calls and a reliable system for storing and synchronizing message history. You can set up something but there is no ready solution "out of the box". No technical support for the Jabber server and clients because this software is developed by different people. That means no convenient compatibility. Issues with client applications for Android/IOS.
How to switch to MyChat? For small companies and budget-limited organizations such transfer from Nassi to MyChat is a logical move. It is completely free. The default license of MyChat up to 20 online users is free, with no trial period. MyChat updates are free too.
For organizations with a limited budget, it is a good decision. You can save money on licenses and the administrator salary. You can always upgrade to a commercial license.
Prices. The commercial version is for those who have more than 20 employees in a team/ The client applications are free. One concurrent connection costs $6. One year of updates is included in the license price. Programs that are purchased individually is MyChat Guest and Distrib Maker for custom setup files and the Quiz bot.
Decent support service. We provide support during the business day via email and popular messengers. Our official support forum.
How long you've been working? MyChat enterprise messenger development started in 2004. During this time we developed voice and video calls, applications for all popular OS, Kanban project management, internal forum and file server. We implemented integrations with 1C, Telegram, phpBB, Asterisk, TurboSMS, and popular programming languages. Updates are stably released up to 12 times a year.
More than half a million real users from Ukraine, Belarus, Kazakhstan, USA, Canada, Australia, India, Poland, Great Britain, etc.
| < <<<===== | =====>>> > |
|---|
