Request for Proposals: Jabber.org XMPP Service
This document defines a request for proposals to provide the software that runs the jabber.org IM service, one of the central nodes on the XMPP network.
The XMPP service offered at jabber.org is the original and longest-running XMPP service on the Internet. In the beginning, the jabber.org service served as the development testbed for the jabberd server project. After the release of jabberd 1.0 in May 2000, the jabber.org service became more stable and thus more popular with end users. The userbase has continued to grow, from perhaps 500 users in late 1999 to over 500,000 users in April 2009. Clearly the service is no longer experimental, and considerable attention is needed to maintain an acceptable level of functionality and performance.
Currently the service runs the ejabberd 2.x server software, which was chosen by the jabber.org admin team in early 2006 through a private discussion process without a public RFP. This team is a group of volunteers from the XMPP developer and operator community, loosely coordinated by Peter Saint-Andre, who is also executive director of the XMPP Standards Foundation (XSF). Although the jabber.org IM service is primarily hosted on a machine owned by the XSF, the jabber.org service is not an official XSF service (see http://blog.xmpp.org/index.php/2009/04/xmpporg-and-jabberorg-rough-consensus-and-running-code/ for details). After three years of good experience with the ejabberd codebase, the jabber.org admin team has decided to issue a public RFP so that it can determine in an objective manner whether to keep using ejabberd or perhaps to use one of the codebases that has emerged since the switch from jabberd 1.x to ejabberd in early 2006.
Our objectives in offering this service include the following:
- Provide a stable, accessible service to the Internet community for instant messaging, groupchat, alerts and notifications, file transfer, voice and video chat, and other forms of real-time communication.
- Gain operational experience with a live service to validate our work on XMPP technologies.
- Deploy not only implementations of the core XMPP RFCs but also important extensions developed by the XSF.
- Deploy our services in the most secure fashion possible to us.
- Where possible, encourage the development and use of free or open-source software (FOSS) solutions.
This Request for Proposals (RFP) defines the jabber.org team’s needs regarding XMPP server software for the jabber.org IM service. The team shall run such software on hardware owned by the XSF, hosted in a data center operated by US Secure Hosting Center located in Iowa, USA. Software packages related to ancillary functions such as SOCKS5 Bytestreams proxies, STUN/TURN servers for NAT traversal, and databases for information storage are out of scope for this RFP.
The team expects the negotiated contract for services to last for one (1) year beginning in September 2009, with an option to extend the contact for one (1) additional year without the need to publish a new RFP.
The jabber.org IM service is in many ways the flagship XMPP server on the Internet. Therefore it is expected that its software shall comply fully with RFC 3920 and RFC 3921, to track the modifications to those core protocols in the form of rfc3920bis and rfc3921bis, and to implement the “core server” protocols defined in the yearly compliance levels published by the XSF (most recently, XEP-0243).
In addition to these core features, the jabber.org IM service has long hosted a popular multi-user chat service at conference.jabber.org, which implements the protocol defined in XEP-0045. The jabber.org team must continue to offer this service, including archiving of logged conversations for appropriate chatrooms at <http://logs.jabber.org/>.
The XSF continues to define extensions to XMPP for enhanced functionality. To prove these extensions in the form of running code, the team would strongly prefer to host software that supports certain extensions. At present the preferred extensions are:
- The HTTP binding for XMPP defined in XEP-0124 and XEP-0206.
- The publish-subscribe extension, including the “personal eventing protocol” profile thereof, defined in XEP-0060 and XEP-0163.
The server must support the Jabber Component Protocol XEP-0114 so that the jabber.org team can deploy add-on services on other machines.
As mentioned, the jabber.org IM service has over 500,000 users, with typically 15,000 online at any one time. To service this userbase, the XSF has in the past solicited in-kind donations of appropriate hardware. The machine that currently hosts the jabber.org IM service (”hermes”) was donated by HP in early 2008; the machine is an HP ProLiant D385 G2 with dual 2.8 GHz Opteron CPUs and 16GB of RAM. The jabber.org team is of the opinion that this machine should be sufficient to meet its needs for the duration of the contract. However, the team is open to clustering the XMPP service across other machines under its control, or offloading non-core XMPP services (e.g., multi-user chatrooms) onto other machines in the future. However, the server software should be able to handle at least 1 million registrations and 30,000 concurrent connections on the above mentioned hardware configuration (single server).
Because the jabber.org domain is a significant node on the XMPP network, it federates with a large number of other domains. Typically the jabber.org IM service has open 3,500 or more server-to-server connections with other domain at any one time. This number is only expected to grow.
The jabber.org IM service has traditionally been the preferred target for abusive and excessive traffic, the first place where inexperienced developers test their alpha-quality code, and the witness to various strange phenomena not normally seen at other XMPP services. Any solution deployed at the jabber.org IM service needs to be flexible, stable, secure, and hardened against intentional or inadvertent denial of service attacks.
The jabber.org IM service has long used PostgreSQL for storage of user account information, including offline messages and vCards. The infrastructure team would strongly prefer not to migrate to a new database or modify its existing schema if at all possible.
For security reasons, the machine that hosts the jabber.org IM service is kept clean of extraneous services that might open unnecessary vulnerabilities, including web and email servers. It is strongly preferred that such extraneous services will not be required in order to offer complete XMPP functionality.
The machine that hosts the jabber.org IM service runs the Debian GNU/Linux operating system (currently 4.0.1 stable). The infrastructure team would strongly prefer to continue Debian on its machines. This includes the current 4.0.1 stable version and future stable releases. All software provided by the Vendor should be tested and confirmed to run on Debian.
The transition to the new software should be handled by the jabber.org admin team. The vendor should provide comprehensive documentation in English on the migration and configuration process of the user database and the setup of the different modules such as MUC.
For privacy and security reasons, the jabber.org team prefers not to allow access to its production machines except to members of the team. Access may be allowed in order to migrate the jabber.org IM service to a new software solution (if necessary), but ongoing support should be handled using standard industry practices such as issue reporting, feature requests, and normal communication mechanisms (e.g., phone, email, or IM support). Relevant support parameters should be clearly agreed upon by both the jabber.org team and the supporting organization, including expected response times, issue tracking software used, and preferred communication methods.
At this time the jabber.org team has no budget to pay for commercial software or for support contracts related to the deployment of open-source software. In lieu of financial compensation, the team can offer in-kind sponsorship of the service’s ongoing operations, including appropriate publicity at the high-profile jabber.org website, which receives millions of hits a month.
If you would like to submit a proposal, or if you have any questions about the proposal process, please contact Peter Saint-Andre <firstname.lastname@example.org>, preferably in PDF format. Please ensure that your submission describes your organization and its proposed solution, addresses all functional, performance, integration, and support requirements, and describes the prices associated with your solution (to be used as input to decisions about in-kind sponsorship). Please submit your proposal no later than July 1, 2009. The jabber.org admin team shall make its decision by the close of business on August 14, 2009. The engagement shall begin in September 2009.