Openfire Enterprise Solution

Openfire Openfire Support
1

Hello all,

I would like ask the following questions in regards to designing/creating an Openfire Enterprise Solution.

My Solution Requirements

Create a highly secure, highly available Openfire enterprise XMPP messaging solution that spans over many non trusted Active Directory domains, which requires very little manual central Admin Console BAU work.

Discounted Solution

I had a look at the following excellent product, but sadly it is not secure enough for my requirements -> https://igniterealtime.org/projects/openfire/plugins/restapi/readme.html

The REST API Plugin provides the ability to manage Openfire by sending an REST/HTTP request to the server. This plugin’s functionality is useful for applications that need to administer Openfire outside of the Openfire admin console.”

My Initial Solution Design

The solution I’m currently designing consists of the following features, but I’d like your Openfire SME input into the feasibility of my idea/s:

My solution will consist of Openfire v4.02 with:

  1. The brand new MS SQL** 2016 backend database running within the server’s Memory (and not from disk), which will provide ‘Always Encrypted’** and ‘Row-Level
    Security’     security coverage. https://www.microsoft.com/en-au/cloud-platform/sql-server and https://blogs.technet.microsoft.com/dataplatforminsider/2016/06/01/sql-server-20 16-is-generally-available-today/

  2. The corporate Service Desk staff will put the requesting user/s into their desired Chat Rooms, along with their desired internal Chat Room Access Controls via placing the user’s Active Directory object into the corresponding Windows Security group.

  3. A scheduled PowerShell script will regularly parse these security groups and insert/remove the user/s into the corresponding Chat SQL database Tables.

  4. To overcome Openfire’s caching functionality and allow Chat BAU management via accessing the Chat database directly rather than thru the Chat ‘Admin Console’, how can one totally turn off Openfire caching? The following articles mentions how to do it on individual items, but not how I turn the entire caching functionality off in one go? https://www.google.com.au/url?url=https://community.igniterealtime.org/docs/DOC- 1673&rct=j&frm=1&q=&esrc=s&sa=U&ved=0ahUKEwiT9siMqLjOAhXLjZQKHbmmDPAQFggUMAA&usg =AFQjCNEE7z8wqeDlj7B8ofg-3x5x-JvLJw

  5. How can one enable Openfire DMUC (Distributed Multi User Chat **Rooms) via using an existing Plug-in or via ‘somehow’ implementing an **Extended Stanza Addressing (ESA) solution?

  6. How can one utilize the XMPP-Ping feature that is mentioned with http://xmpp.org/extensions/xep-0199.html to assist with Chat troubleshooting, etc…?

  7. Lastly, I was planning on using the same ‘Always On’ database HA is Microsoft use within their new ‘Skype for Business’ product (https://technet.microsoft.com/en-us/library/jj205248.aspx), but sadly I can’t, as this has solution requires all the SQL servers to be a member of the same AD domain, which is not the case in my scenario. Therefore, what multi AD domain Chat database HA solution would you recommend?

Cheers,

Cosmo