Security for Groove Server Relay
Updated: April 1, 2008
Applies To: Groove Server 2007
Groove Server 2007 Relay is designed to address key concerns of security-conscious IT departments. Relay servers use public key cryptography for initial authentication of devices and users via its primary protocol (SSTP), and for authentication of transactions received from Groove Manager via SOAP. Browser access to inbound port 8010 is password-secured by basic authentication, with Base64 encoding of the password (Groove Relay does not currently support Secure Socket Layer, SSL, encryption of the data received over the connection; therefore the port is restricted to localhost access by default). In addition, the administrative interface port (8010) and the port used for SOAP transactions with Groove Manager (8009) can both be secured by restricting access to these ports to a specific network interface card.
Other security features are built in to Groove relay servers, including:
Device authentication when dequeueing device-targeted data (including Groove workspace and contact information) from the relay server.
User account authentication when dequeueing identity-targeted data (including Groove instant messages and invitations) from the relay server.
Server authentication when dequeueing both device-targeted and identity-targeted data.
Groove stores the public key certificate of each relay server to which it is provisioned. Groove clients are provisioned with relay servers via a Groove Manager for managed accounts or a Microsoft provisioning server for unmanaged accounts. Groove uses the public key of the designated primary (or Home) relay to initiate secure registration of the new account’s identity and device(s). Henceforth, communication between the Groove account and its relay server is authenticated and secured.
When a Groove user account registers with a relay server, the account establishes a shared secret key with the relay server that provides a mutually authenticated link for all relay-to-client communication. The secret key is shared solely with that user account over the life of the account and prevents unauthorized dequeuing from the relay.
Groove data is strongly encrypted end-to-end and Groove Relay is not party to the encryption keys used to secure Groove data. Therefore, data that is temporarily stored on the relay server cannot be accessed. Groove Relay can access only the message header information that is needed to properly route enqueued data to authenticated dequeuing devices (or a target device's relay server in the case of single-hop fanout).