Overview of Groove Server functionality
Published: May 12, 2010
Microsoft® Groove® Server 2010 is a Windows-based software package that provides comprehensive services for managing Microsoft SharePoint® Workspace. Groove Server 2010 contains two components: Groove Server 2010 Manager and Groove Server 2010 Relay, each of which runs on a Windows server on an enterprise network.
For information about whether to include Groove Server in a SharePoint Workspace 2010 deployment, see Plan for SharePoint Workspace 2010.
SharePoint Workspace 2010 enables information workers anywhere in the world to synchronize or share content via a virtual workspace on their local computers. SharePoint Workspace 2010 users who are connected to a SharePoint site can bring library documents and lists to a workspace on their local computers for online or offline work, and then synchronize back to SharePoint Server when they are finished. With or without a SharePoint connection, SharePoint Workspace 2010 users can also create shared Groove workspaces where they can interact with team members to assemble information, discuss plans, schedule meetings, track results, write reports, store files, and converse through online chat or instant messages. Team members can perform tasks online or offline, and then synchronize their work with other users when they are online. When a project is finished, any member can easily archive work in a SharePoint library or list by using a SharePoint workspace that connects to the SharePoint site.
To sustain communications among peers in the dynamic and increasingly diverse conditions of today's networks, Microsoft-hosted services support SharePoint Workspace clients. In a managed environment where Groove workspaces are in use, enterprises can install Groove Server Manager and Relay to host and manage these collaboration services onsite. Groove Server provides organizations with a centralized management system for deploying and managing SharePoint Workspace according to enterprise requirements and existing infrastructure.
The Groove Server Manager component of Groove Server facilitates administrative management of SharePoint Workspace clients, including the deployment of policies that help secure client communications and user collaboration. The Groove Server Relay component provides dedicated data store-and-forwarding, message delivery efficiencies, device presence detection, and other services which enable timely information exchange regardless of corporate firewalls, variable communication links, internet traffic conditions, or client online/offline status.
By comparison, in an unmanaged environment, once SharePoint Workspace is installed and a client account is created, users are free to publish their contact information and communicate with whomever they choose, unhindered by centralized usage policies and other corporate security measures. Public Relay servers handle cross-firewall communication, offline work, and message distribution for these users.
SharePoint Workspace and supporting servers employ a suite of proprietary and public protocols that enable PC communications in a wide range of network settings. The Microsoft protocol Web site provides information about these and other Microsoft Office protocols at: http://go.microsoft.com/fwlink/p/?LinkID=162294&clcid=0x409.
The following sections summarize the capabilities of the Groove Server Manager and Relay applications:
In this article:
Groove Server Manager functionality
Groove Server 2010 Manager is a Web-based application for managing SharePoint Workspace clients. The Manager application runs on an Internet Information Services (IIS) server, backed by a SQL Server, installed at an enterprise site. From a Groove Server Manager administrative Web site, administrators can oversee SharePoint Workspace users who are members of a management domain. Administrators add SharePoint Workspace user information to the pre-configured management domain either by integrating the domain with an existing Active Directory forest or by using the Manager server interface to manually enter the information. Administrators can set and distribute SharePoint Workspace usage policies, assign users to Relay servers, schedule user account backups, and monitor user activity from the Manager server interface. The Manager server also supports automatic SharePoint Workspace account configuration and restoration.
Managed SharePoint Workspace clients communicate with the Groove Server Manager Web site through a separate interface. Managed clients poll the management server periodically (generally, every 5 hours) for updates to member identity information, policies, and Relay server assignments, and to report statistics. This periodic contact is the primary mechanism by which all information is transferred between Manager servers and SharePoint Workspace clients. Groove Server Manager does not initiate client communications. However, Manager servers do contact Relay servers to convey managed user Relay assignments.
The administrative interface enables administrators to perform the following tasks for a management domain:
Define administrator roles.
Groove Server Manager provides a Role-based Access Control option to enable a master administrator to assign designated administrators to roles, such as member administration or reports administration.
Define SharePoint Workspace usage and security policies.
Policies include automatic backup of managed client accounts, workspace creation restrictions, and listing of user contacts in an enterprise-based SharePoint Workspace directory to enable authorized SharePoint Workspace users to find each other easily and safely.
Assign SharePoint Workspace users to Relay servers.
At least one Relay server must be registered with the Manager server. Administrators register onsite relay servers with a domain via the Manager server administrative Web site. If multiple Relay servers are installed onsite, administrators can provision managed users with a sequence of Relay servers, to provide Relay server redundancy and fallback.
Assemble SharePoint Workspace users into an administrative management domain.
The integration of an onsite Active Directory forest with the Manager server enables the automatic import of user information to a management domain. If Active Directory is not available, users can be added to the management domain manually, from the Manager server administrative Web site.
Automatically configure managed user accounts on SharePoint Workspace computers.
If the Manager server is integrated with an Active Directory database and configured to use automatic account configuration, once SharePoint Workspace is installed on user computers, managed SharePoint Workspace users can set up their accounts by starting SharePoint Workspace and setting a log-in password. No entry of a configuration code is required.
Generate SharePoint Workspace event and activity reports.
Groove Server Relay functionality
Groove Server 2010 Relay is a server application that enables administrators to manage onsite Relay services. Supported by an onsite Manager server. Relay servers provide the same cross-firewall navigation, store-and-forward services, device discovery, and transmission efficiencies as hosted services, but in an in-house managed environment. In-house administrators can help secure Relay server communications and ensure server availability. For example, IT managers can locate Relay servers throughout a private network if necessary, and install redundant servers to provide failover.
Whenever possible, SharePoint Workspace transmits data directly from peer to peer, sending out individual packets of data from one SharePoint Workspace user to another. However, when firewalls and proxy devices block this direct communication, Groove Server Relay facilitates communications. When data is addressed to a peer that cannot be reached directly (because the user is offline, for example), the Relay server’s store-and-forward service enables otherwise inaccessible peers to receive timely data. When a large amount of data must be sent from one SharePoint Workspace user to multiple users, Groove Server Relay fans out data transmission. This process distributes data more economically and reduces the amount of data that an individual user sends over the network.
Any of the data types transmitted by SharePoint Workspace clients can be transported or stored by Groove Server Relay, including the following:
Workspace and contact information, addressed to a specific device, identity, and workspace (device-targeted messages).
Instant messages and workspace invitations, addressed to a specific identity (identity-targeted messages).
Groove Server Relay only accepts SharePoint Workspace client and Manager server transmissions. It does not initiate these transmissions. SharePoint Workspace clients and Manager servers connect to Relay servers to deposit and receive messages and data.
Groove Server Relay runs as a Windows service on a Windows server. Administrators manage Relay servers through the Groove Relay Control Panel item, the administrative Web interface, and the Manager server with which the Relay server cooperates. Administrators set up the Manager-Relay server association by registering installed Relay servers from the Manager server administrative Web interface. From this same interface, administrators can assign registered Relay servers to managed SharePoint Workspace users.
When a SharePoint Workspace client contacts the assigned Relay server for the first time, a key exchange occurs between the client device and the Relay server, which provides initial user authentication. The client has then registered with the designated Relay server. Client keys are stored in a Relay server database. SharePoint Workspace clients are always assigned to specific Relay servers. They are never directed to a Relay server at random. A key exchange is always required. In an enterprise environment, administrators assign users to a Relay server by using the Groove Server Manager application, which runs on a separate server from the Relay.
The following list describes key aspects of Relay server functionality.
Relay servers operate between SharePoint Workspace clients, facilitating communications when direct transmission is not possible. Relay servers enable message transmission under these conditions in three stages, accepting messages from SharePoint Workspace clients, storing messages temporarily, and then dispatching messages when their target clients contact the Relay server for updates. Messages are dispatched to recipients over the same client port that was used for the initial Relay contact, and the Relay server uses whatever protocols are necessary to allow messages through the ports that are open on the recipient’s network.
Each SharePoint Workspace user has an assigned Relay server or sequence of Relay servers, which is noted in the user’s identity (contact or vCard) information. When a SharePoint Workspace user sends a message across the Internet to a SharePoint Workspace contact that cannot be accessed directly, the SharePoint Workspace client seeks the Relay server that is specified in the intended recipient’s contact information. It then contacts the target relay and deposits the message in a queue associated with the recipient. When the intended recipient next contacts the assigned Relay server for updates, it retrieves the message from the queue.
The following process occurs every time that a SharePoint Workspace user (UserA) sends a message or workspace update to a peer (UserB) through the Relay server:
SharePoint Workspace UserA sends an instant message or a workspace update to a Relay server associated with UserB.
The Relay server queues the message for SharePoint Workspace UserB.
SharePoint Workspace UserB contacts the Relay server to collect messages.
The Relay server authenticates UserB and returns User A’s instant message or workspace update to UserB.
If the message is an instant message or workspace invitation, it is deposited on the first device found that UserB is logged into. If the message is a workspace update, it is deposited on the device specified in the Relay server queue entry.
The following figure illustrates the message flow between SharePoint Workspace users at two different sites, with the Relay server acting as an intermediary between two protected LAN endpoints that are separated by firewalls that block direct communications between the endpoints.
Relay message flow
Groove Server Relay provides store-and-forward services to collect and forward messages for SharePoint Workspace clients regardless of their connection state. Messages are held in queues until the Relay server is contacted by the SharePoint Workspace clients to whom the messages are targeted. This asynchronous communication enables continued operations among SharePoint Workspace collaborators even when some peers are offline.
Ideally, SharePoint Workspace communicates with other clients and Relay servers by using its preferred and most efficient protocol - Simple Symmetric Transfer Protocol (SSTP) over port 2492. To support the transmission of SharePoint Workspace messages across firewalls that block port 2492 but allow HTTP traffic over port 80, Groove Server Relay encapsulates SSTP commands and messages in an HTTP data stream. Encapsulating SSTP involves wrapping each SSTP transmission, together with additional header information, in the body of an HTTP message. The additional header information supports compliance with SSTP delivery semantics. In this manner, SSTP messages reach target clients over port 80. Similarly, if firewalls block these ports but allowing traffic over port 443, Relay servers can transmit SSTP messages using the HTTP Connect method to enable communications over port 443.
Device presence detection
Groove Server Relay uses WAN Device Presence Protocol (DPP) to determine the SharePoint Workspace online status and the list of active Internet Protocol (IP) addresses for a SharePoint Workspace client device. This device presence (or ‘awareness’) service uses a publish-and-subscribe approach to inform SharePoint Workspace users of the online/offline presence of listed contacts and workspace members.
SharePoint Workspace expedites communications when transmitting large amounts of data or when transmitting over a slow network link, by directing a single copy of the data to a Relay server for replication and distribution to recipients. This process, sometimes described as message fan out, is typically engaged when a SharePoint Workspace user adds a file to a workspace, sends a workspace invitation, or updates a workspace with multiple members.
The SharePoint Workspace client starts the optimization process by grouping messages according to the Relay server that is assigned to each of the recipients. The client then determines whether messages should be fanned out, based on an algorithm that involves the capabilities of the sender’s computer, the number of recipients, the amount of data being sent, and the sender’s line speed, among other factors. If fan out is merited, the client sends a single copy to each of the identified Relay servers. Each Relay server functions like a multi-cast router, distributing copies of the message to each of the recipients that it serves. This process, sometimes described as multi-drop fan out, improves the efficiency of transmissions and minimizes bandwidth usage.
When a message is addressed to multiple recipients, SharePoint Workspace may send a single copy of a message to the sender’s assigned Relay server which then groups copies of the message by recipient Relay server and distributes message copies to those Relay servers. In this process, sometimes described as single-hop fan out, messages are sent to and stored on a recipient’s assigned Relay server, or if that Relay server is down, messages are stored on the sending client device.
When the fan out process is not used, SharePoint Workspace sends a single message addressed to multiple recipients just as it would send multiple messages to multiple recipients, issuing separate transmissions for each copy of the message, whether a Relay server is called for or not.
Scalability and redundancy
Multi-Relay installations enable more scalable Relay services for a large client base and provide redundancy if there is equipment failure. By using the Manager server Web interface, administrators can assign multiple Relay servers to a management domain and prioritize them for use by domain members. When a SharePoint Workspace client sends data to a domain member that has access to multiple Relay servers, the client attempts delivery to the first Relay server in the series, and if the server is down, it attempts delivery to the next Relay server in the series, and so on.