Security Testing and Evaluation Labs

Groove Networks: Groove Workspace, Groove Enterprise Management Server and Groove Enterprise Relay Server, Version 2.5

Groove's peer architecture enables direct computer-to-computer communication. Adding relay servers improved communication availability among occasionally connected users and through all network topologies. For applications that require integration with non-Groove systems and data, the Enterprise Integration Server automates secure, bi-directional information flow. The Enterprise Management Server provides organized control and administration for all users and servers.

Groove Workspace V2.0

Groove Workspace is a collaboration product that enables synchronous and asynchronous communication among a group of users. Groove Workspace enables organizations to extend critical business processes, projects and meetings across time, space and organizational boundaries. With Groove Workspace, people share activities and information in a secure environment, called a shared space, in which all content and communications are automatically authenticated, integrity protected, and encrypted. Information in shared spaces can be transmitted transparently through firewalls, proxies, and NAT devices. Shared spaces are available on and offline, giving users full control and management of their information.

With Groove Workspace, users interact with others in whatever way is most convenient or makes the most sense -- instant messaging, live voice, text chat, discussion, free-form drawing, file sharing, co-viewing and co-editing, and Web browsing are all included. In addition to those collaboration tools, Groove Workspace is a platform upon which customized applications can be developed.

Groove Enterprise Relay Server V2.0

The Groove Enterprise Relay Server is primarily a persistent message queuing service for users running Groove Workspace. It enables additional capabilities in Groove Workspace, such as asynchronous communication, firewall transparency, bandwidth optimization and WAN device presence. The Enterprise Relay Server allows IT managers within commercial and government environments to deploy and manage Groove relay capabilities within their network environment.

The Groove Enterprise Relay Server supports asynchronous communication across disparate locations, time zones and working hours. When all members of a Groove shared space are online, all gestures, content and activity are immediately shared among them. When some members are not connected to the network, online "sending" Groove members automatically forward their changes to the designated Groove Enterprise Relay Server for the offline "receivers," where they are queued for later forwarding to the recipient. When the offline user reconnects to the network and connects to the Relay Server, it automatically transmits all pending changes.

The Groove Enterprise Relay Server eases inter-enterprise, agency and department enterprise communications across security domains by traversing through firewalls, proxy, and NAT devices. The Enterprise Relay Server behaves as an HTTP proxy, automatically "wrapping" messages within HTTP, so they can pass easily through the firewall. This process, called "HTTP tunneling," allows users to transparently establish and conduct purposeful interaction without the intervention or assistance of network administrators. This relieves the IT manager of the burden of setting up and maintaining special purpose, secure extranets for cross-firewall domain business interaction.

The Groove Enterprise Relay Server improves the efficiency of communication over low-bandwidth Internet connections. In cases where a Groove Workspace user is connected through a slow communication link and needs to transmit large amounts of data to several users, Groove Workspace will send a single copy to the relay server, which will in turn, send multiple copies of the data to each user within the shared space.

The Groove Enterprise Relay Server supports WAN presence awareness without requiring user configuration. This is the ability of clients to log onto the Internet from any location and have their presence known to members of their shared spaces or other contacts. The presence service uses a "publish and subscribe" protocol to make other clients aware of online or offline status. This prevents users from having to know IP addresses or other settings to make their online status known to other clients and to begin communications.

Groove Enterprise Management Server V2.0

The Groove Enterprise Management Server provides IT managers with centralized services for administering the deployment and use of Groove within an enterprise, agency or department. These services include usage management and reporting, and device policy management.

Usage management and reporting services enable the distribution of Groove identities, licenses, and the setting and enforcement of user security policies, and provide a central console for and the monitoring usage of Groove usage through a browser-based console. These services let administrators easily track current domain members and to add and remove individuals from the management domain. Administrators can also monitor how Groove software is being used by domain members, including the number of shared spaces created, time spent in individual spaces and tools used, the amount of data in spaces. The content of a shared space itself is encrypted and unavailable to direct monitoring unless the administrator or a system proxy has been explicitly invited into that shared space.

Device policy management services centralize the dissemination and management of security policies for components and tools, as well as version upgrade policies for devices running Groove. These services enable administrators to set security policies to be applies to their managed users and devices. Policies include user security requirements (e.g., length and expiration of passphrases, use of personal identities on managed devices), component requirements, and mobile code (download and installation policies for all Groove components).

The Groove Enterprise Management Server also enables IT managers to create Groove identities directly from existing LDAP/Active Directory directories. In addition, with the Enterprise Management Server, administrators can easily provision users to Enterprise Relay Servers and monitor or adjust their relay usage.

Groove Enterprise Integration Server V2.0

With the Groove Enterprise Integration Server, authorized members of Groove shared spaces can securely access, share and work with the external data residing in an organization's company's centralized, server-based business systems (e.g., transactions records management, knowledge management, CRM, PRM). The Groove Enterprise Integration Server includes IT administration features and a rich set of APIs that allow enterprise developers to build integration solutions.

Integration is done with agent programs called bots. The Enterprise Integration Server provides several means to ease bot development. Developers can define deployable scripts to configure a bot run?time environment. Classes are provided to help with functions common to most bots. And bots can be written with common developer tools and languages like such as Visual Basic, JavaScript, VBScript and C++.

The Groove Enterprise Integration Server is easily deployable. It operates in all of the same network environments supported by Groove Workspace. In enables automated, bi-directional, tight integration with existing products and data, while honoring company, agency or department security and access models.

The Enterprise Integration Server is secure and customizable. It offers a single point of administration for defining what enterprise information is available to which Groove shared spaces, and which Groove users can access this information. The Enterprise Integration Server offers simple configuration of Enterprise Integration Server identities, as well as an auditing log for all bot interaction.