Communication & Collaboration
Get into the Groove: Solutions for Secure and Dynamic Collaboration
Yung Chou
At a Glance:
- What is Groove?
- Teaming up across boundaries
- Groove 2007 architecture
In today's global economy, your project teams may be spread across departments, offices, time zones—even continents. And thanks to rapid advances in computing technology and the
proliferation of broadband Internet and mobile devices, you face increasing expectations of service quality and availability. More than ever before you're likely to be working with people you've never met in person. At the same time, you need to work with team members in context and without worrying about the underlying complexities of secure communication and data synchronization.
Microsoft® Office Groove 2007 is a new collaboration tool in the 2007 Microsoft Office system that enables teams to collaborate dynamically, effectively, and with advanced security, even when team members work for different organizations, work remotely, or need to work offline. I'll introduce you to Office Groove 2007 and explain the architectural underpinnings that make it an ideal tool for dynamic team collaboration.
The Office Groove platform includes both decentralized client software (Office Groove 2007) for information worker productivity and centralized services (Office Groove Server 2007) for traversing network boundaries efficiently, enforcing IT management, and integrating data with other server-based systems. This article will cover only the Office Groove 2007 client software and the Office Groove Server Relay. Look for future coverage of the deployment capabilities of Office Groove Server Manager and the integration capabilities of Office Groove Server Data Bridge.
Office Groove 2007 is the client software that enables individuals to work as teams within collaborative virtual workspaces. Office Groove 2007 enables teams to accomplish collaborative tasks, even when team members work for different organizations, work remotely, or need to work offline.
Office Groove Server 2007 gives IT organizations enterprise-class server software and tools for deploying, managing, and integrating Office Groove 2007 clients across the enterprise. Among the components included in Office Groove Server 2007 is the Office Groove Server Relay. Office Groove Server Relay provides a store-and-forward service that automatically routes encrypted data changes between Office Groove 2007 clients when they can't connect directly. Also included are the Office Groove Server Manager and the Office Groove Server Data Bridge. I'll discuss those more in a future article.
Individual workers can use the Office Groove 2007 client software to form a team by creating workspaces, adding tools and data, and inviting other Groove users to join the workspace as team members.
As team members collaborate in a workspace, Office Groove 2007 works in concert with Office Groove Server Relay to keep each team member's copy of the workspace synchronized, even if no two users are online concurrently. The data within each Groove workspace is always protected by 192-bit Advanced Encryption System (AES) encryption, whether it's stored on a team member's local disk, being transferred between client workspaces on the network, or being temporarily stored on Office Groove Server Relay.
Collaboration Anytime, Anywhere
Using Office Groove 2007
From a user's perspective, Office Groove 2007 client software consists of five key elements: the launchbar, the workspace, tools, presence and communication, and alerts. The launchbar is the starting point for using Groove and provides easy access to a user's workspaces and contacts.
A Groove workspace (see Figure 1) is where you share information and work with others on a specific task or project. A workspace is intended for a small group of approximately 2 to 50 members. Common projects and tasks executed in a Groove workspace might include document reviews, project-specific meetings, threaded discussions, reviewing and sharing published content, tracking tasks or issues, and collecting or aggregating structured data.
Figure 1** The Groove Desktop **(Click the image for a larger view)
Tools are applications that can be added to workspaces for sharing and manipulating structured and unstructured data. Structured data is captured with tools like the Groove InfoPath® Forms tool and the Groove Forms tool; unstructured data includes items such as documents, discussion threads, and images. Two new tools available in Office Groove 2007 include the SharePoint® Files tool for synchronizing files between a Groove workspace and a SharePoint document library and the InfoPath Forms tool for importing InfoPath solutions into Groove.
Presence and communication functionality includes built-in member presence awareness, workspace chat, messaging, and integration with Microsoft Office Communicator 2005 and 2007. Alerts are text and audio notifications of events and activities that direct user attention to the relevant events and activities in a workspace.
Teaming Up Across Boundaries
You don't need special network or domain privileges to create a new workspace or accept an invitation to join an existing workspace. Any user can create a workspace and send an invitation with Groove instant messaging or e-mail to prospective members. Furthermore, any Groove user can accept an invitation, join the workspace, become a team member, share information, and collaborate on a project without IT or network affiliations with other Groove members. This functionality is what enables dynamic team collaboration, even if team members are from different organizations or share no common infrastructure.
When you send a workspace invitation, you don't even have to worry whether the recipient is an existing Office Groove 2007 user. Recipients who don't already have Office Groove 2007 installed on their computer can be invited via an e-mail message and will be prompted to download a free trial version of Groove.
When you join a workspace, a copy of the workspace is transmitted over the network and stored on your computer. Office Groove 2007 can receive an initial copy of the workspace from any member who is online when the workspace invitation is created if the invitation is sent via Groove messaging. After the transmission is completed and a locally stored copy of a workspace is ready, you can enter the workspace and begin working with other members.
Staying in Sync
If a workspace member changes content in the workspace, a "delta" is created, representing a logical unit of workspace synchronization. The tool used to make changes determines what a delta contains. For example, a delta could be drawing a line in the Sketchpad tool (a shared whiteboard application that can be added to a Groove workspace), changing an entry on a calendar, adding a member to the workspace, or the binary differentials between a changed file and the previous version.
When a delta is created by a user, Groove first updates the user's local copy of the workspace, then sends the delta to the rest of the members for execution in their local copies of the workspace. When all members' copies of the workspace have introduced the delta, the workspace is synchronized. Though each member keeps a delta log locally with the associated workspace, Groove includes built-in logic to conclude that, after a delta has been executed by all members, the delta can then be deleted from the log.
If you are online, changes are synchronized in near real-time. If you're offline when deltas are executed by other workspace members, those deltas are sent to queues in your designated Office Groove Server Relay. The deltas are then consumed whenever you reconnect to a network and can establish a connection with the Office Groove Server Relay. In this way, all members' copies of the workspace can be updated or synchronized regardless of the network status of any single user at the time a delta is sent. Above all, once a member saves a change to a workspace, Office Groove 2007 and Office Groove Server Relay carry out the transmission of the delta and subsequent synchronization automatically and transparently to all members.
Factors such as how long a member has been offline, how much has changed in the workspace, how much network bandwidth is available, and how many members are online affect the time and computing resources Office Groove 2007 needs to automatically synchronize a workspace.
If a member has not entered a workspace for 21 days, Office Groove 2007 will no longer synchronize that workspace for the member. This design decision is based on the assumption that it is more efficient to simply re-invite the user and get a fresh copy of the workspace as opposed to synchronizing 21 days of data with unpredictable amounts and intricate data dependencies developed over time. To avoid this scenario, it's a good practice to leave Office Groove 2007 running while connected to the Internet whenever possible so Groove can synchronize soon after changes are introduced and keep the workspace content updated at all times.
If necessary, a workspace manager can uninvite a member from the workspace. To protect the privacy of the workspace, this action will consequently delete the workspace stored locally on the uninvited member's computer and generate a new workspace-specific encryption key for distribution to all remaining workspace members. If an uninvited member is online, deletion of the associated workspace occurs as soon as the uninvite message is received. If the user is offline, the uninvite message is queued at the designated Office Groove Server Relay and dequeued and executed the next time the user connects.
Data Transmission Details
The way Office Groove 2007 transmits data is in some ways similar to making a phone call. When Alice calls Bob, for instance, if Bob answers, a logical phone-to-phone connection is established. If the call is not answered, Alice might leave a voice message that Bob can hear the next time he dials into his voice message box.
Office Groove 2007 will always try first to initiate a direct client-to-client connection between users. The direct connection is carried out by a proprietary protocol, Simple Symmetric Transmission Protocol (SSTP), using TCP port 2492. This client-to-client connection is bidirectional and transmits data asynchronously with near real-time performance. If a connection on port 2492 is blocked or the endpoint client is not reachable on the network, the sender client automatically transmits messages to the recipient's designated Office Groove Server Relay, which queues up the messages to be consumed whenever the recipient reconnects (see Figure 2).
Figure 2** Client-to-Client and Client-to-Relay Communication Models **
These two different connections—client-to-client and client-to-relay—do not necessarily imply a performance discrepancy that will be noticed by users. In most corporate network configurations, both connections offer a similar user experience.
A client-to-client connection is preferred, yet may not be allowed or available. A client-to-relay connection, using outbound connections from the client to the Office Groove Server Relay, is often the least common denominator. The client can initiate connections to the Office Groove Server Relay using one of three available ports and protocols: SSTP/:2492, SSTP/:443, and SSTP encapsulated in HTTP/:80. The client will automatically try each protocol/port combination in order. Office Groove 2007 can HTTP POST to the user's Office Groove Server Relay to publish the presence information and can HTTP GET to consume inbound messages and deltas. In addition, Groove clients can HTTP POST to an intended recipient's Office Groove Server Relay for outbound messages and deltas.
No matter which of the three connection types clients use, data is always encrypted and digitally signed to ensure confidentiality and integrity. At the same time, with HTTP encapsulations, Office Groove 2007 can communicate across firewalls and beyond any organizational boundaries.
Presence Awareness
Office Groove 2007 subscribes to presence information from all contacts in the contact store. The store is the superset of your contact list (visible from the launchbar) plus all workspace members. While it is true that when you have a contact in your contact list you subscribe to that person's presence, you also subscribe to his presence if he is not in your contact list, but is in a workspace with you. In other words, subscribing to presence occurs automatically when you learn of someone, either through workspace membership, or by adding to contacts.
Device presence is required first, though, before user awareness can be established. Device presence indicates that a user is logged into an Office Groove 2007 account on a particular computer, and the computer's IP address is transmitted to the user's designated Office Groove Server Relay. Device awareness within a subnet is achieved with LAN Device Presence Protocol (DPP), a proprietary protocol that provides discovery and online status of devices without the need of a server. LAN DPP works only within a subnet, however.
Device presence on a WAN requires a connection to an Office Groove Server Relay (see Figure 3). A user publishes device presence to his designated Office Groove Server Relay, and any contacts subscribing to the user's presence can connect to the relay and consume that device presence information automatically. WAN presence cannot occur without a relay being contacted. Once you receive another contact's device presence, you can go directly to that second contact to establish awareness.
Figure 3** Groove User Presence Awareness **
Conflict Resolution
Because Office Groove 2007 employs a decentralized model for collaboration, data conflicts can occur from time to time and are handled differently based on the tool and data type. Whenever a user is online, Office Groove 2007 will synchronize the local copy of a workspace automatically with other members. But when a user is offline and making changes to a workspace, other online and offline members may be making changes as well. When reconnected to a network, the Office Groove 2007 client will identify the dependencies and serialize the changes, as applicable.
If there are conflicts, such as two people modifying the same data while offline, for example, Office Groove 2007 ensures that no data is lost, and that all users have the same view of the data. Many tools have discrete deltas, making conflicts in structured data very uncommon. For instance, Alice and Bob both respond to a discussion item at the same time. Regardless of network status, no conflict will occur since each entry is a self-contained transaction within the associated discussion thread.
For unstructured data such as documents, it is possible to create a conflict. One user may stay offline for an extended period after modifying a file. During this period, other members working online may have made changes and synchronized the file several times. In this case, Office Groove 2007 warns the user that there is a conflict on the document and automatically creates a copy of the file. Each file is titled with a name identifying the member whose changes are causing a conflict. At this point, user intervention is required to reconcile the conflict, and the points of conflict should be clear.
Roles and Permissions
Office Groove 2007 includes a built-in, roles-based permissions framework that affords content safeguards to workspace creators within the decentralized nature of a Groove workspace. In Office Groove 2007, a role is an access control mechanism for permitting users to perform tasks in a workspace and activities with individual tools. There are three built-in roles: manager, participant, and guest. By default, workspace creators are managers and those invited to workspaces are participants. Default permissions for each role can be changed by a manager. A manager can invite others as managers and a member's role can be changed by a manager.
The tool permissions associated with a role are customizable as well. The workspace rights and tool permissions associated with a role can therefore be configured at a workspace manager's discretion. This role-based model in Office Groove 2007 is an effective way of controlling access. Figure 4 illustrates some of the default permissions.
Figure 4 Default Permissions by Role in Office Groove 2007
| Groove Feature | Manager Role | Participant Role | Guest Role |
| Workspace | Invite, Uninvite, Add tools, Delete tools, Delete workspaces | Invite, Add tools | None |
| Calendar | View, Add, Edit, Delete all entries | View all entries; Add, Edit, Delete own entries | View all entries |
| Discussion | View, Create, Edit, Delete all documents | View all documents; Create, Edit, Delete own documents | View all documents |
| Files | View, Add, Modify, Delete files and folders; Modify permissions and download settings | View, Add, Modify files and folders; Delete own files | View files and folders |
| Pictures | View, Add, Rename, Delete | View, Add, Rename | View |
| Notepad | View, Create, Edit, Delete | View, Create, Edit, Delete | View |
| Sketchpad | View, Create, Edit, Delete | View, Create, Edit, Delete | View |
Conclusion
This article has given you a high-level overview of the decentralized, hybrid architecture employed by Office Groove 2007 and Office Groove Server 2007 to enable dynamic team collaboration. From an IT administrator's point of view, Office Groove 2007 and Office Groove Server Relay allow teams to work together efficiently both within and across organizational boundaries, both on and off the network, without compromising data security or significantly increasing server infrastructure costs.
To learn more, visit the Office Groove 2007 Web site at microsoft.com/office/preview/programs/groove and the Office Groove Server 2007 Web site at microsoft.com/office/preview/servers/grooveserver. And there's no better way to learn about Groove than getting your hands dirty and testing it out for yourself. Sign up for the beta program today at microsoft.com/office/preview/beta.
Yung Chou is a Technology Specialist for Microsoft Office Groove. He is both a Microsoft Certified Systems Engineer (MCSE) and a Certified Information Systems Security Professional (CISSP).
© 2008 Microsoft Corporation and CMP Media, LLC. All rights reserved; reproduction in part or in whole without permission is prohibited.