Reference: Microsoft virtualization cost saving whitepaper, the ROI tool and training
The referenced white paper presents case studies of Microsoft customers including:
and examines how virtualization technology simplifies their IT infrastructure, streamlines IT processes, and ultimately reduces the total cost of ownership. Also included is information based on Microsoft's experience as below:
In my view, strategies in general to relatively quickly reduce IT infrastructure and support costs with virtualization solutions are, not in a particular order, to:
To transform existing IT into a hybrid environment mixed with physical and virtualized computing resources, server virtualization (i.e. server consolidation) often is where it starts. Running multiple instances in a single physical machine is not a new concept and many of us have already experienced with some host virtualization solutions like Virtual PC and Virtual Server.
To realize what your organization can benefit from Microsoft virtualization solutions,
Essentially, first identify your best candidates for server consolidation with this free downloadable tool, Microsoft Assessment and Planning (MAP) Solution Accelerator. With its agent-less inventory, performance data gathering, and auto-generated proposal and report generation capabilities, MAP lets you conduct network-wide readiness assessments so you can quickly and efficiently determine the right servers to target for Hyper-V. After determined how many servers to consolidate, you can use the free Microsoft HyperGreen Tool to figure out how much energy you’ll save and the environmental impact of those savings. Simply plug in the number of servers you are going to consolidate, and HyperGreen generates a report detailing your reductions in kilowatts, money and CO2 emissions. And use the Microsoft Integrated Virtualization ROI Tool to estimate your return on investment in Microsoft virtualization solutions, including server, desktop and management. As our customers have shown, the results can be transformational.
Hyper-V, the virtualization capability comes with Windows Server 2008, is just finally released. The final version number is 18016. This is the complete Hyper-V RTM package for Windows Server 2008 x64. It includes the Hyper-V Server components for Full and Core installations. In addition, is contains the Windows Server 2008 Hyper-V Management components for Full installations. Notice once installed, this package is permanent and cannot be uninstalled.
If upgrading from Hyper-V RC0, RC1 Escrow, RC1 or RTM Escrow, you will not need to recreate your virtual machines or network settings. All virtual machine information will simply persist once the upgrade is complete. However, saved-state files and online snapshots are not supported during the upgrade. Integration Components are specific to the build of Hyper-V. New Integration Components (ICs) must be installed for your supported guest operating systems. Hyper-V RTM Integration Components for all supported Windows Operating Systems are provided using the ‘Action’ à ‘Insert Integration Services Setup Disk’ action.
New customers and partners can download Hyper-V at http://www.microsoft.com/hyper-v. Customers who have deployed Windows Server 2008 should receive Hyper-V from Windows Update beginning July 8. Here are some essential bookmarks on Hyper-V:
· Microsoft Virtualization web site
· Microsoft Virtualization Team Blogs
· Windows Server 2008 and Virtualization
Microsoft Assessment and Planning (MAP) Toolkit 3.1 is to help accelerate planning and deployment of virtualization solutions. More information is available at http://www.microsoft.com/map. The logo-qualified hardware and software for Windows Server 2008 and Hyper-V are available at http://www.windowsservercatalog.com.
One key benefits of Virtualization is the ability to offer more with less. Many of us first visualized virtualization through previously called server consolidation and now Server Virtualization, by running multiple server incidences on a single physical machine. The case studies of business values and infrastructure optimization brought by virtualization are well documented and available and not repeated here. What I personally see IT Pros must also keep in mind is in production not all resources can and will be virtualized. Even in a highly virtualized infrastructure, there are and will be still some physical machines needed to create the environment for all virtualized resources to run with. Without a physical world, virtualization has no meaning. Physical and virtual resources are to co-exist to make either distinguishable from each other. Going forward, we should expect and will have a heterogeneous infrastructure mixed with physical and virtualized computing resources. The essence of virtualization therefore is not just about those virtualized, but the ability to transparently manage resources regardless if they are virtualized or not. I encourage those who are serious in carrying out infrastructure optimization by virtualization to pay close attention to the development of System Center family of solutions, and particularly System Center Virtual Machine Manager (SCVMM) 2008 to gain a holistic and strategic view of managing virtualization.
This series was delivered by a team of IT Pro Evangelists including: Kevin Remde, Matt Hester, Chris Avis, Chris Henley, and Yung Chou a while ago. Still the information is relevant to get yourself well informed on the technologies, the solutions, and how to get your IT environment strategically aligned and integrated with virtualization. To facilitate learning Microsoft virtualization technologies, I have also made a number of free eBooks and posters available including Windows Server 2008 R2, Understanding Microsoft Virtualization Solutions, Active Directory and Hyper-V. Additionally, there are also free trainings of virtualization technologies and software evaluation copies of System Center 2012 available.
Session List
Regardless your role and responsibilities, session 1 TechNet Webcast: Virtualization in a Nutshell is the one you absolutely do not want to miss. This session gives you an overview of all Microsoft virtualization solutions, so you get the big picture and know the context of a solution. You will know “Why virtualize?” and “Why Microsoft?” This session is to advance and facilitate your understanding on virtualization in general, and help you recognizing a virtualization opportunity when it presents itself.
Technorati Tags: webcast ,virtualization Windows Live Tags: webcast ,virtualization WordPress Tags: webcast ,virtualization
(This is a reposting with validated links of a previously published post at http://aka.ms/yungchou)
One key focus of an App-V solution is the ability to run multiple versions of application software within the same OS instance without the concern of conflicts among those versions. To quickly prove the concept, I prototyped a solution with 2 virtual machines based on Hyper-V. Here are the configurations:
Notice the above configurations are simply what I used for rapid prototyping to demonstrate the capabilities. They are not recommendations, nor best practices.
Server Side
On the DC, I installed App-V 4.5 Management Server and imported all already sequenced applications. (See Figure 1.) Security groups for each sequenced applications were created in Active Directory Users and Computers as well. (See Figure 2.) When testing, I would add a test account into a target security group, for instance appvOffice97, followed by logging in the client machine to verify the connectivity and application streaming. The process is not complicated at all. However it is very easy to make operational mistakes and practice does very much so make perfect here.
Figure 1. App-V Management Server Console with Sequenced Applications Already Imported
Figure 2. Security Groups for Accessing Sequenced Applications
Client Side
On the domain Vista SP1 desktop, I logged in as local admin to install the App-V 4.5 client and verify the connectivity. App-V 4.5 by default uses port 322 to stream and there were times I used telnet to make sure the port is open. Make sure to set up Windows Firewall accordingly. when connectivity had been verified, I then switched user and logged in using a test account. By default, App-V refreshes during use login time. This can be customize on the server under Provider Policies of the App-V Management Server console. Once logged in, all authorized App-V applications are listed in the client console. (See Figure 3.)
Figure 3. Sample List of Applications to Authorized User offered by App-V Client
How to sequence an application and import it into App-V Management Server is beyond the scope of this posting and to be demonstrated in upcoming screencasts. Here Figure 4 and Figure 5 show the user experience when multiple versions of Office suite were deployed using App-V to the desktop. Some may prefer to place the icons on the desktop or in folders with specific heading, etc. These settings are customizable in the osd file of a sequenced application.
Figure 4. Multiple Versions of Office Suite Deployed by App-V 4.5 to Vista Desktop
Figure 5. Running Access 97 and Access 2000 Deployed by App-V 4.5
©2008 Microsoft
This blog explains how a Groove 2007 client behaves differently from a Groove 3.x client on the replication of a workspace.
Upon a client's acceptance of a Groove workspace invitation, the current content of the workspace is replicated via a Groove cloud to the client's end. I am referring a Groove cloud as the network infrastructure required to establish Groove connectivity between two Groove clients either directly or with Groove Server Relay. This is when every workspace member gets an initial copy of a workspace replicated to ones local Groove device when first joining a workspace. Where a new workspace member to acquire an initial copy of a workspace in Groove 2007 is different form that in Groove 3.x however.
Groove 2007 has a flexible scheme of workspace replication. (See the Groove 2007 protocol slide.) All the members who were online at the time when a workspace invitation was created can carry out workspace replication. For instance, let's assume when Alice created a workspace invitation using Groove 2007 both Bob and Chuck were online as well. Alice subsequently sent the invitation to Dee via Groove infrastructure as show in the screen capture. In this scenario, when Dee accepts the workspace invitation sent from Alice, either one of the three (namely Alice, Bob, and Chuck) can carry out the workspace replication to Dee's Groove device since all 3 were online when the invitation was created. In other words, after sent out the invitation, if Alice becomes offline, the replication can still proceed with a connection between Bob and Dee, or Chuck and Dee if available. When Bob or Chuck is sending a copy of the workspace to Dee, a Groove alert will appear on the sending Groove device indicating a workspace is being sent on Alice's behalf. Notice the invitation needs to be sent via Groove infrastructure. In other words, one who is invited has a Groove identity already (so the invited's public key is readily available), also the invitation must not require confirmation so no user intervention is necessary and all operations can be fully automated. From Groove PKI's perspective, these requirements make sense and are obvious.
In Groove 3.x, on the other hand, a client upon accepting an invitation will acquire a copy of the workspace from the one who created the invitation. (See the Groove v.3 protocol slide.)Consider the scenario. If Peter created a workspace invitation using Groove v3.x and sent the invitation to Rita. Peter's copy of the workspace becomes the source of the content to be replicated to Rita's Groove device once Rita accepts the invitation. If Peter is offline when the invitation is processed by Rita, Groove can not proceed with the workspace replication since the source of the content (i.e. the local copy of workspace associated with an invitation, here Peter's copy) is not available.
Notice there are triggers to default the workspace replication behaviors back to those in Groove v.3 . Some are briefly discussed earlier. Sending an invitation as a (grv) file, inviting via email, inviting to a v3.x workspace, and requiring acceptance confirmation are among those.
Groove is a highly integrated solution and understanding the fundamentals is essential to appreciate how and oftentimes why Groove works in a particular way. For those who are interested, there is much readily available information included in my Groove resource page and some previous postings.
John Baker is one of the IT Evangelists in our team. He is a seasoned IT Pro with a wealth of knowledge in Windows infrastructure and a recognized expert in Group Policy and System Center family solutions. For many of us been in his events, we know we always learn something new from him while also getting a good laugh. A 12-part screencast fever on Windows Vista which he is just starting is a great supplement to the book, Windows Vista Step by Step and a quick way to review the fundamentals of Vista and establish a baseline understanding of Windows Operating System as well.
As stated in Microsoft Windows Server product roadmap, a server release update is expected 2 years after a major release. Windows Server 2008 was released in 2008. So the next server release update should be in by 2010 as Windows Server 2008 R2 (or Release 2) and a reviewers guide is available. In Microsoft product release cycle, an update release integrates the previous major release with the latest service pack, selected feature packs, and new functionality. And because an update release is based on the previous major release, customers can incorporate it into their environment without any additional testing beyond what would be required for a typical service pack. Any additional functionality provided by an update would be optional and thus not affect application compatibility or require customers to recertify or retest applications.
In Windows Server 2008 R2, Terminal Services is renamed to Remote Desktop Services (RDS). RDS introduces the new Remote Desktop Connection Broker – an expansion of the Session Broker in Windows Server 2008 – which provides the administrator with a unified experience for setting up user access to both Virtual Desktop Infrastructure (VDI) and traditional session-based remote desktops. Together with Hyper-V and System Center Virtual Machine Manager, the Remote Desktop Connection Broker enables a VDI solution. The Remote Desktop Connection Broker it complements shared RDS infrastructure components in Windows Server 2008, such as Remote Desktop Web Access or Remote Desktop Gateway. Windows Server 2008 R2 also introduces a series of platform enhancements for remote desktop users – such as support for multiple physical monitors, redirection of multimedia and 3D content, including Vista Aero, and enhanced, bi-directional audio support. To follow the development of RDS, this Team Blog is good place to start.
This renaming is not just about getting a new name for Terminal Services, a technology we have been using for a long time. This is more about fundamentally validating, aligning, and integrating Terminal Services with emerging paradigm like virtualization infrastructure as shown below.
We know it is critical to have a management solution in place while introducing and transforming existing IT infrastructure into a heterogeneous environment in which physical and virtualized computing resources including data, storage, application, servers, desktops, networks, and peripherals are managed seamlessly and transparently. Terminal Services is Presentation Virtualzation and we should and need to manage it just like other virtualiztion solutions.
This is a follow-up on Keith Combs' posting, Setting up your laptop to run SCVMM 2008. I have a demo environment configured with working Application Virtualization (App-V) 4.5 and Presentation Virtualization (i.e. Terminal Services) solutions. Now with SCVMM added, I can demo the management of IT infrastructure with physical and virtual computing resources, which is in my view the most critical piece of a virtualization solution.
Here's how I did it. My Lenovo T61P expanded with 8 GB RAM was installed with Windows Server 2008 with Hyper-V enabled. In Hyper-V Manager, I have already had a demo environment, contoso.corp, with a number of virtual machines (VMs) in place. I added to the domain a VM running Windows Server 2008, and installed SCVMM 2008 Server and Admin Console in the VM. I then joined the parent partition to the contoso domain. At this point, there were two options to add the parent partition in SCVMM 2008:
Notice if the host is to be added as one on a perimeter network, install SCVMM local agent on the parent partition and created a security file for encryption. The security file needs accessible from SCVMM admin console. I tried both and in either way, once my parent partition had been added as a host, all VMs running on the parent partition including the VM running SCVMM became manageable from SCVMM Admin Console. In essence, SCVMM was on a child partition while managing the Hyper-V parent (or root) partition in my laptop. Very interesting configuration, it is indeed.
Notice I made no additional effort in optimizing the performance or hardening the security. My objective here is to realize the capabilities with minimal operational requirements. Below I have documented the screenflows and will probably do a screencast later on this as well.
Very straightforward processes and uneventful operations, I consider these installations are. Understanding the architecture is perhaps much more pertinent for prototyping this solution. Basically, run Hyper-V in the laptop and SCVMM in a VM. Join the parent partition to the domain where SCVMM is in. Install SCVMM local agent on the parent partition and from SCVMM admin console add the parent partition as a host in perimeter. Here want to thank Keith sine his posting saved me some research time.
In this screencast, I talked about the deployment options available in Groove and how to relate Groove infrastructure, Groove and SharePoint integration, and the associated collaboration model with Microsoft's vision. To see it in full screen, double-click the display area.
Silverlight 2.0 has been just been released. Here's a teleconference playback. Silverlight 2 delivers a wide range of new features and tools that enable designers and developers to better collaborate while creating more accessible, more discoverable and more secure user experiences.
Personally I have seen so much richness brought to my Web experience by Silverlight. For content deliveries, I have been using it to publish screencasts and the sound and video just have so much better performance and quality. If you have not already experienced Silverlight, you need to check out tafiti which uses both Microsoft Silverlight and Live Search to deliver richer experiences on the Web and explore the increasing specialization of search. It is a very interesting concept and experiment.
This post is to provide a quick reference of the installation flow of Microsoft System Center Application Virtualization (App-V) 4.5 Management Server. The steps to configure the server, import applications, and validate the settings are not included in this post and to be discussed in a screencast currently in development and soon to be published in this blog. The presented screen flow was captured during an installation of an App-V Management Server on a Windows Server 2008 Enterprise version with a machine name, App-V, and a local instance of Microsoft SQL 2005 SP2 on a virtual machine based on Hyper-V.
For those who have previously worked on SoftGrid 4.x infrastructure, the installation of App-V Management Server appears very familiar and uneventful. The RTSPS port shown in screen 10 is by default set to 322. If you are putting in place a brand new virtualization infrastructure, do take time to review the 4.5 documentation and plan it out. Particularly the content location where the App-V packages are placed as shown in screen 13. Once the packages are put in place and working, it is error prone and can be tedious to validate the content location in all packages, should the content location be later changed.
To get the latest information of Microsoft Application Virtualization, reference the following:
Do the following steps in your target Windows Server 2008 x64 box.
To get the sidebar,
Now to get the Aero, assuming your graphic card is sufficient
Then spend the next hour to add/remove all the gadgets you like/dislike, which is the fun part. After all is done, here's what a Windows Server 2008 desktop may look like.
Groove Home Page for General Info
System Requirements
Microsoft Office Groove 2007 User's Guide
Groove Server TechCenter
Groove Case Studies
Groove Blog
Groove Server 2007 Manager Installation Screen Flow
Groove Server 2007 Relay Installation Screen Flow
Groove TechNet Articles
Get into the Groove: Solutions for Secure and Dynamic Collaboration
Building an Emergency Operations Center on Groove and SharePoint
Essential Groove Client Operations
A follow-up of this posting with screencast is available.
Event subscription has been one of the most requested server features by sys admins. Combined with task scheduling, this is a cost-effective and customizable tool to get a consolidated view of monitored activities and events in target servers, and timely issue alerts. In Windows Server 2008 subscribing and forwarding events with triggers to send out alerts can be done very easily as the following:
1. Create a subscription from Event Viewer.
2. Configure the subscription based on your requirements. The shown configuration settings are for demonstration and not necessarily recommended.
Select Computers
Select Events
Advanced settings
Make sure clicking User and Password and providing the user credentials.
3. Once configured, the subscription is listed as ready. Right-click to start running the task.
4. Now the subscribed events will be listed under the Forward Events log. Notice a subscribed event may take some time to show up in the log after it has occurred at a targeted server. If user credentials and minimizing the latency are specified, the forwarding should happen within a minute or so.
To schedule a task for sending out alerts upon the arrival of a subscribed event,
1. Start Task Scheduler from the Administrative Tools.
2. Configure the task based on your requirements. The shown configuration settings are for demonstration and not necessarily with recommended.
3. Once configured, the task is listed as ready. Right-click to start running the task.
Many of you attended my launch events seeing the virtualization demos running on Hyper-V of Windows Server 2008 from my HP Compaq 6910P laptop wrote me showing a strong interest to try it yourselves. To run Hyper-V, you want to first make sure your hardware can support the technology by reviewing the Windows Server catalog. And for staying up with Microsoft virtualization technology, Microsoft virtualization site and Windows Virtualization Team Blog are great resources.
Ways to deploy retail and volume license copies of Office 2008 are different. Information on how to deploy Office 2008 is available here. Notice you cannot deploy retail versions of Office across an organization from a central location. To deploy Office 2008 centrally, your organization must have a volume license.
The process is fairly straightforward. I have captured the screen flow and make it available here. Groove Server 2007 Relay installation screen flow is published as well.
Social bookmark is a simple concept: save and share in Internet your favorite bookmarks which can be filtered by tags you specify.
Windows Server 2008 has Rights Management Services (RMS, which is a server add-on feature) as an installable role and seamlessly integrated into the OS. Further Information Rights Management (IRM, which is the client ability to comply with what is set to be enforced by RMS) can be enabled in SharePoint Central Admin (after installing RMS client on the SharePoint box) by pointing SharePoint to a RMS server in Central Admin Operations and also granting IIS App Pool ID and AD RMS Service Group access right to server certificate web services on the CA box required by RMS. The operations are straightforward as discussed in my webcast.
When adding a SharePoint file tool in a Groove workspace, the documents downloaded from an IRM-enabled SharePoint document library are still embedded with set usage policies. Groove does not translate SharePoint permissions, nor the usage policy embedded in an IRM-enabled document regardless it is from SharePoint or not. As far as documents in a Groove workspace are concerned, Groove is a secure transport. As far as Groove is concerned, all documents are bits and bytes. It is up to the file system at an end point to, as appropriate, invoke an associated application to open a file. The transition of a file from Groove to a local file system is transparent to a user. With RMS-aware application like Office 2007, IRM will kick in and the usage policy is for sure enforced at file opening time based on individual’s license acquired form RMS server.
The net is IRM is transparent to Groove. IRM is enforced at file opening time regardless where it is from or if it is placed in Groove or not.
Web is one of the main areas of technological innovation in Windows Server 2008. IIS 7.0 set up is with a modular design to include more than 40 installable features. IIS 7.0 setup allows installing only those needed feature modules as to deploy a thin, task specific server with minimized footprint and attack surface.
In Windows Server 2003, IIS 6.0 is installed and secure with only static files are served by default. ISAPI extensions and CGI components are disabled to begin with and not functional until explicitly enabled, as opposed to IIS 5.0 (of Windows 2000) in which all features were installed and enabled by default. Nonetheless, the CGI feature, for instance, of IIS 6.0 is always installed regardless. The implication is if a software update for CGI becomes available, an IIS 6.0 server will need to apply this update, despite CGI is not enabled. Architecturally this suggests that IIS 6.0 installation remains monolithic since disabled feature are still installed, loaded into memory, consuming CPU, and requiring patching and updates. IIS 7.0, on the other hand, is fully modularized with only selected features are installed. Those disabled components are not installed, require no patching, and need no updates.
There are two ways, streaming and progressive download, for delivering media content in Internet today.
· To stream media is to simply open a pipe between a client and a server and push down data. This method allows a user viewing or listening to the received media content before the media file itself is completely downloaded. Streaming is suitable for viewing large media files without the need to download the entire file. One important advantage of this approach is the actual media source is hidden.
The streaming solution for Windows Server 2008 is Windows Media Services (WMS) 2008 with new features and it is a free download. There is a new built-in cache/proxy plug-in to configure a Windows Media server either as a cache/proxy server or a reverse-proxy server. The Windows Media Services is also a supported installation option for Server Core installations of Windows Server 2008. The article, 934518, details how to install Windows media services in Windows Server 2008.
· Progressive download on the other hand is to push an amount of content down to a client for processing. The drawback of this method is a client may be viewing only part of the entire download content as to waste the bandwidth for downloading that was not viewed.
Windows Server 2008 has IIS7 to deliver progressive download solution. Actually IIS7 HTTP progressive download includes features similar to those in media streaming. IIS7 Media Pack Bit Rate Throttling module 64-bit and 32-bit versions are available for download. IIS7 Bit Rate Throttling implements a dynamic per-file throttling capability to automatically detect encoded the bit rate of each file, sending the first few seconds at the highest data rate possible, and then throttling the rest of the file download based on the encoded bit rate. This saves network bandwidth while preserving the fast start-up experience for the end user.
In addition to TechNet IIS, an excellent resource to find out more about the media delivery solutions and IIS7 in general is the official Microsoft IIS site. The Microsoft IIS team is very actively sharing experiences and forming a community. Both are must-have bookmarks.
Yes, it is happening. Ecma Office Open XML Document Format appears to win approval as an ISO/IEC Standard. And ISO and IEC have approved Office Open XML document format standard. Open XML offers great opportunities in the areas of file and data management, data recovery, interoperability with line-of-business systems, and the long-term preservation of documents. The separation of Open XML markup, schemas, and data makes it possible to report information from various applications and systems without translating the information first.
Why IT decision makers care about Open XML? Here are media briefings and a technical discussion on Microsoft Office 2007 Open XML File Formats.
I have recently met many with the same questions on Groove and thought here to share my answers. If you woudl like to know more technical information about Groove, recommend starting with my TechNet article, J
to get a technical overview, followed by reviewing the content at
Groove Advisor and Groove Tech Center
Groove Advisor is closely monitored by Microsoft Groove product group and many seasoned Groove veterans. It is a great resource to find out more on Groove.
When deploying Groove Server on site, does one need to deploy both Groove Server Manager and Groove Server Realy?
For a Groove Server Relay to be associated with a Groove Server Manager (which is the root CA of a Groove Domain) and serve Groove accoutns issued by this Groove Server Manager, one will need to, from the Realy, request a certificate from the Groove Server Manager as required by Groove PKI. Operationally this can be done from Groove Server Manager console when setting up a Relay Set, or Groove Server Realy configuration applet. Either way, one will need to have an admin access to an intended Groove Server Relay. Not to mention, it is my undersatnding for an on-site Groove server deployment, Microsoft Product Support and Services supports only when both Groove Server Manager and Groove Server Relay are deployed.
Does a Groove Server keep all workspaces for all clients?
Not at all. All Groove workspace content are replicated and stored at the client side. For instance, if three are 10 members in a workspace, there are total 10 copies of the content and each member has a copy of the workspace encrypted and stored locally. Groove can and will automatically sync workspace content for a member when a client-to-client or a client-to-relay connection is established. Groove Server Realy holds message queues for assigned users to temporarily store Groove messages (deltas, IM, etc.) when applicable, i.e. a client-to-client connection is not establishable, while a client-to-relay conneciton is. And these temporarily stored messages are permanently deleted once consumed by an intended recipient when connecting to the Relay. Groove Server Manager, on the other hand, provides a web interface for administering a Groove domain and stores only account configuration data in an associated SQL backend.
How can a Groove user back up all files in all workspaces?
While highlighting a workspace in Groove Launchbar, right-click and Save As, and Archive. This will save the content of a workspace by default at Groove Workspace Archives in a user’s Domument folder.To know more about Groove’s backup options, please review this whitepaper.
Should a Groove Server Relay be accessible from Internet? Which ports does it use?
Yes. Groove Realy Server is to provide a rendezvous point such that a sender and an intended recipient can exchange messages (here all Groove data are considered as messages) without the need to be on line at the same time, or within the same (IT) organizational boundary.
A Groove client can establish a connection with a Groove Server Relay (which never initiates a connection to client) via the following ports, in order of preference,
· 2492, if open, with SSTP (Simple Symmertric Transmission Protocol) (See 917165)
· 443, if open with connection to proxy is allowed, with SSTP (Notice Groove uses SSTPon 443 and not SSL as described by 917165)
· 80 with HTTP
So, at least opening port 80 is necessary.Notice port 80 is also iused by a client to contact Groove Server Manager, when applicable.For more information, review Groove Security Architecture and Planning and Architecture for Office Groove Server 2007.
Putting A Groove Relay with no interface to Internet means that the Realy will relay traffic in only Intranet, in such case IPsec and domain/server isolation can take care of the network/connection security while AD and NTFS can manage access control, SharePoint in this scenario is the right and best solution for all intranet only collaboration.
Yung Chou on Hybrid Cloud - Site Home - TechNet Blogs