Over the years, I observed repeatedly that the most valuable Notes applications -- from the customers' perspective -- are those that are domain-specific, that have a highly contextualized nature. These applications are generally far beyond simple "information sharing." They were targeted, focused applications that include the content and flow of real business processes....At the same time, I observed a completely different (and parallel) dynamic occurring among end users themselves. Aside from their use of Notes for enterprise collaboration applications, their use of Notes for e-mail was intensive and rapidly growing -- by personal choice and necessity. Why? Because e-mail allows them to quickly and effortlessly connect to other people with whom they needed to work, whether within or outside of their own organization. Meanwhile, I had also noticed that my own family was making use of "edge of the network" capabilities. My 15-year-old son often played Quake on his home PC.... Quake utilizes every available cycle of computation on the PC in order to help team members coordinate visually (in 3D) with one another toward their shared goal, and team members communicate with one another using live text chat. What an amazing collaborative application: they strategized, planned moves, coordinated their activities. And it struck me: here was a perfect combination of "end user control" and "domain-specific context" that led to a rich, spontaneous, meaningful interaction. Why can't PC technology also facilitate high-value interpersonal interactions in the business world? Is e-mail the best that we can do in business? This was the inspiration for Groove -- a product that would provide a small group of people with a context as rich as the Web in an environment as spontaneous as e-mail on devices as rich and powerful as the PC. With the advent of new storage and data analysis technologies, companies are centralizing and protecting their data and applications more than ever. Why would P2P technology appeal to them?
In general, server- or center-based systems are really good at aggregating and distributing content, at tracking status and usage, at managing transactions. Peer- or edge-based systems are really good at direct, personal communications and interaction. Used together, as is easily accomplished in Groove, the combination has amazing potential that neither alone fulfills. It's also interesting to note that while companies may be centralizing and protecting their data, they are organizing themselves in a much more decentralized manner by moving from vertically integrated structures to much more adaptive organizations where significant aspects of the business are outsourced, and where suppliers, partners and customers are far more integrated in the product or service creation. Technology is key to supporting this more dynamic organizational structure, and one of the highest priorities is reducing the cost of coordination across a company's value chain. Decentralized businesses require more decentralized technologies that better support the way work is actually getting done across organization and company boundaries. We believe Groove addresses these needs. Is P2P really robust enough for serious enterprise use?
I assume that by 'robust' you mean things like scalable, extensible, secure, manageable. In Groove's case, these are actually strengths of the product, not a weakness that must be overcome. So, yes, it is robust enough. But I think I understand the premise of your question: a lot of the peer-to-peer applications people know about are consumer-oriented with no immediately obvious business applicability, and which have been the cause of some concern regarding corporate security and bandwidth management. But, again, the question then almost answers itself. Napster is not and was never intended to be a business application, and therefore was not designed with the kind of robustness. That is not a problem with Napster, it is an issue of appropriate design. For what Napster is supposed to do, it is appropriately designed. There is no shortage of examples of poorly designed applications that use a traditional centralized infrastructure. So, rather than ask about the robustness of peer in general, it is perhaps more useful to think of the application type and how well the architectural model lends itself to the success and robustness of that application. In the case of inter-personal communication, Groove's architecture seems to fit the bill. P2P has been touted as the next wave of computing and a number of big names have either gotten into the field or are moving in that direction. What does Groove have and/or do that will give the company a competitive advantage over its competitors?
Most industry watchers have categorized peer computing three ways: distributed content management, distributed computing cycles, and person-to-person collaboration. Groove Networks is fairly well-recognized as the leader in the peer collaboration space -- from both a technological and an in-market perspective. As far as the 'big names' that you allude to are concerned, there's been a lot more activity on the content and cycles areas, and not so much on the collaborative side. Furthermore, we work fairly closely with some of the names in question. It is also important to point out that neither Groove Networks nor any of the competition that you allude to base their competitive value proposition on peer computing itself. That is, we keep a much closer eye on competitors whose products or services try to solve the same types of business problems that Groove solves. It doesn't matter if those solutions are peer-based, Web-based, client/server-based, etc. In interviews, you speak of firewalls as a hindrance rather than a help. But the concept of corporate users sharing portions of their hard drives with the outside world may scare IT executives -- and will definitely worry security folks. What makes you think you are going to get others to see it your way?
Let me first address an inaccuracy in your question. With Groove, you don't share a portion of your hard drive generally with the outside world -- rather, you share a highly-controlled and limited set of information with an explicit set of people, all the while using an encrypted communications channel. Second, to more directly address your question, there is a whole community of business people who act upon their feelings every day. When a businessperson finds that a firewall is keeping him or her from quickly and conveniently performing a job function, he or she almost always finds a way around the firewall. Usually, that means e-mail or a phone call. Maybe an overnight delivery of a document, or a fax. We've yet to meet a customer who isn't already aware of this, and who doesn't recognize that this kind of (natural! unavoidable!) end user behavior is a security risk and is terribly inefficient. The problem has been that centralized systems are not as accessible as the phone, e-mail and the fax, so even if server-based collaborative alternatives exist that perfectly respect firewalls, regular in-the-trenches people will more often than not resort to means that bypass the firewalls and the server-based systems. So the firewall solves one problem -- unauthorized access -- but leaves another unresolved. In that light, Groove and peer computing SOLVE that "in practice" security problem, and our IT customers are the first to recognize this. Now, if Groove solved that problem but did so at the expense of other security issues -- user authentication, data encryption, virus protection, access control -- then, yes, of course there would be resistance, from IT and business people alike. But we find that customers buy Groove BECAUSE of its security strengths, not in spite of perceived security shortcomings. Can you give us a sort of play-by-play of an actual Groove session in which the tool is being used by one of your customers, say a pharmaceutical firm?
Sure. Say a group of pharmaceutical researchers are working together with a university lab and an independent clinical research organization. Think of all the things that the members of this project need to do to work on the project: they plan, they share documents, they have conversations, they schedule reviews and meetings, they brainstorm, they address and resolve problems as they come up, they handle exceptions or surprises, they invite new participants for a short amount of time for consultation or approval, they make decisions on next steps. Groove tools for these activities might include voice and text-based chat, shared whiteboards, document sharing tools, a group calendar, markup tools, access to a document management or knowledge management repository, shared web browsing. In some instances throughout the project, the value of Groove will be as a convenient means of securely sharing content. In other instances, the value will come from the collaborative activities that occur around that content. And in other instances, the value will come from the ability to push content created or modified in Groove back into centralized systems. How in particular are you addressing the security concerns about P2P?
Groove automatically authenticates each member of a shared space. All content and activity among members is fully encrypted (currently 192-bit RC4) on each member's own machine and as it crosses the wire. Also, when a member of a shared space adds new function by installing a new component, Groove will automatically check to make sure the component is signed and/or that it comes from a trusted source. In fact, most of our customers (IT audiences especially) seem to appreciate that Groove solves their security/firewall issue rather elegantly. In a web-based scenario, there are generally two ways that companies use to share content and function with outside parties (e.g., with a customer, a partner, a supplier, a contractor). One way is that I can set up an extranet on a third-party (ASP) server, to which the outside party and I have access (probably password-protected). For most companies, this arrangement is either unacceptable, or is only acceptable for low-value information or interactions, since it leaves potentially sensitive corporate data "in the clear," and on a server on the Internet that is subject to attack (e.g., hacking, denial of service, rogue administrators). The other option is generally to set up an internal server as an extranet, which requires fairly extensive design, development, and deployment tasks on the part of IT in collaboration with one or more business units, not to mention content management and maintenance of access control. What this alternative provides in terms of security, it lacks in "speed to action" and adaptability on the part of its end users, and cost minimization in terms of IT personnel resources. Groove, on the other hand, allows for end-to-end security (all content encrypted on disk on both sides of a firewall, and encrypted on the wire as it travels across the unsecure Internet), and allows members to easily set up a shared space on an as-needed basis without any burden on IT. How do you deal with being so well known? Is your notoriety a benefit or a drawback or both?
Well, it's not like I am recognized in the supermarket. Earlier on in the history of Groove Networks, connections within the industry were definitely helpful. I can already see, though, that interest has really begun to shift away from me personally and towards the product and the possibilities it unleashes. They are buying Groove because we address a particular pain point of theirs. So the notoriety might help us get inside a door we might otherwise not have walked through, but 30 seconds after we're inside that door the conversation appropriately shifts to the product, and the value we provide. What are your thoughts on the virus that struck Gnutella several months ago? Some say that it demonstrates some of the vulnerabilities in P2P.
I think that's a red herring. Putting aside the virus question for a moment, it is hard to think of a business application in which I would want to share files with any one of many millions of people. What would be the point? Now, there are some things that I can easily imagine in a business context: say, working together on a project with one of my key suppliers. Is there an appropriately designed peer architecture to support that type of interaction? Certainly. Is it robust? Yes. Does it respect my security policies and requirements? Yes. Some critics have questioned the model of allowing free downloads of Groove. Can you explain how this makes sense and how it might actually boost sales over time rather than cut into them?
Groove is an Internet product that is used by individuals. Groove is clearly not an "eyeballs" play, but individual usage begets business usage begets enterprise licenses. It seems that NOT providing a preview client would be the target of criticism.