Windows 7 Milestone 1 (build 6519) has leaked to the Internet almost a month now and one of the features that seems to be in it, caught my attention. It's the "Homegroup" feature, that was codenamed "Castle". Beta testers that have been around long enough remember this feature as left out of Windows Vista.
What This Feature Does:
The "castle" feature allows users to have the networking functionality of the domain, including roaming the user's profile, machine trust and having a consistent user identity throughout the network. The main difference with Castle is that users do not have to setup a dedicated machine, such as a domain controller, to maintain the trust and identity relationship. It also makes it easy to share and access files on those computers. Each computer on the same subnet can discover and join an existing castle. Or, the user can create a Castle. To join an existing castle, you must know the login credentials of an administrator account already part of the castle. Only non-blank passwords can grant access. This helps ensure only authorized computers join the castle (use of strong passwords for administrator accounts is highly recommended). When a computer joins a castle, the accounts on that computer will be added to the list of accounts accessible from any computer in the castle. User specific data (e.g. their password, access rights, and preferences) will be replicated on each computer in the castle and kept in sync. In addition, the newly joined computer will inherit and respect all policies from the Castle.
Information Collected, Processed, or Transmitted:
To help standalone computers find the available castles on the subnet, the machines in the Castle send a broadcast a beacon containing the Castle's name. Be aware that if you share a subnet with other people (e.g. your neighbor when using a cable modem without a hardware router/firewall) they may be able to see the name of your castles. In this case only choose castle names you are comfortable sharing with others. When joining a castle, the credentials you enter will be sent using security technology (NTLM) to other computers in the castle.
Use of the Information:
Broadcasting the name of each castle makes it easy to discover what castles are available on the subnet. When joining a castle, the credentials help ensure only authorized computers join the castle.
The user must initiate joining a castle using the user interface provided. Whether the user's computer is able to join a castle depends on whether an administrator of a computer already part of the castle has provided the user with the appropriate credentials. When a castle is formed, a beacon containing the castle name will be broadcast. In this release there is no easy way to disable the beacon. A mechanism to disable the beacon will be added in a future release.
In my opinion this might be the next step in Active Directory below the Windows Home Server and specifically targeted at the SOHO (Small Office / Home Office) and home environments. The technology reminds me of Groove a lot and makes my torrent-loving heart beat faster.
From what I read it's a peer 2 peer based successor to the workgroup, with a twist. In contrast to a workgroup in a homegroup you can have a roaming profile.
The Windows Home Server audience might be a targeted group of people. The way the Homegroup install screen is filled suggests the feature is targeted at home users, but I guess these folks will rapidly encounter the limit of the homegroup: Big files. Windows Home Server features are targeted at media sharing already and is all about sharing big files. Although a mediocre Powerpoint file might reach 100MB it's really nothing compared to a 5GB HD movie file.
Despite it's name this might also be an interesting feature for tiny businesses in the SOHO (Small Office / Home Office) segment. To a big group of business users Active Directory is about their roaming profile and Windows Backup. The Group policies are the toys of the Systems Administrator. (when one is available, but most of the time there's no-one to manage the basement or kitchen cupboard based server) Due to the way the server is perceived it is usually more of a Single Point of Failure (SPoF) than a business asset.
Pros and cons
A Homegroup, consisting of two or three client computers synchronizing data with their big drives (500GB is common nowadays) gives end users:
- the ability to use the same credentials on each computer,
- the ability to have their settings on each computer, or
- the ability to have distributed copies of their data on each computer.
(When one of the computers is a laptop, you can even benefit from offline storage.)
- having to pay for a server,
- without having to pay for an administrator or server support contract, or
- figure the server product out for themselves.
The biggest drawback to the homegroup seems to be its scalability. My guess is you'd saturate your networking infrastructure when you use more than ten client computers in a workgroup. The synchronization traffic would definitely be huge, unless Microsoft uses torrent technology to seed the data and Block level synchronization technology like DFS-R.
Another drawback would be power consumption. To benefit from distributed data, the data first needs to be distributed. Two machines in each homegroup need to be turned on and connected to the network for data flow.
Current Active Directory solutions
Currently Active Directory features can be found in the following shapes:
Windows Server can be used to provide Domain Controller functionality to a networking environment. Since Windows 2000 Server this functionality is called Active Directory Services. Active Directory is Microsoft fully fledged LDAP directory service, providing authentication and authorization services to connected clients and member servers.
Windows Essential Business Server
Targeted at medium size business Windows Essential Business Server is a specially targeted combination of roles on three to four Windows Servers. Windows Essential Business Server features Active Directory, but since the product is still in development it's still unsure which limitations will be in place.
Windows Small Business Server
Windows Small Business Server is a special one-server implementation of several popular roles, specifically targeted at small businesses. Roles included are Active Directory, Exchange Server, SQL Server (Premium only) and ISA Server (Premium only). Windows Small Business Server is limited to 75 users and cannot handle trust relations to other Active Directory domains or forests.
Windows Home Server
Windows Home Server is designed to save your a** in your home network by automatically making backups of connected clients and sharing all your favorite data through an extendable framework of add-ins. Windows Home Server is the only Active Directory based solution today that allows Home editions of Windows to become part of it.
Application Mode / Lightweight Services
Last but not least is the Active Directory Application Mode (ADAM) or Active Directory Lightweight Services (ADLS) which can be run on Windows Servers, Windows XP and Windows Vista (unsupported). It provides data storage and retrieval for directory-enabled applications, without the dependencies that are required for the Active Directory Service. ADAM provides much f the same functionality as Active Directory, but it does not require the deployment of domains or domain controllers. You can run multiple instances of ADAM concurrently on a single computer, with an independently managed schema for each ADAM instance.
ADAM has a couple of features that are not available in Active Directory, but these are primarily usable for testing purposes.
The preliminary homegroup feature of Windows 7 might be very appealing to business users that grow beyond the limits of one system, but cannot afford to buy a server yet. The benefits of the server-less domain outweigh the disadvantages by far, as long as Microsoft implements the feature well enough.
The homegroup feature is definitely in line with what looks like Microsofts effort to get everybody familiar with the concepts of Active Directory. I guess Microsoft understands well enough that CIOs are confronted by their colleagues to implement home features in the corporate network.
Windows 7 ‘HomeGroup’: rebirth of Longhorn ‘Castle’?
Windows “Longhorn” Pre-Release Privacy Statement
In Soviet Russia, Windows 7 finds you
The Windows 7 onslaught continues…
Windows 7 already getting features cuts and becomes Vista "plus"
The Windows 7 Report: Build 6519.winmain.071220-1525 (Milestone 1)
Windows 7 M1: Nothing to get excited about
Windows 7 M1 build shows up on various torrent sites
Windows 7 M1, now playing in a theater near you
Windows 7, 2011, Nah…
Counting to (Windows) 7
Windows 7 Gets An Unofficial Blog
How simple things help
A man's home (network) is his Castle
[PPT] Introducing the “Longhorn” Identity System
Windows Home Server Brings It All Together
Wikipedia on Active Directory
Comparing ADAM to Active Directory