• United States



by Michael Dortch

P2P not quite ready for the enterprise

Mar 16, 200110 mins
CSO and CISOData and Information Security

RFG believes peer-to-peer (P2P) networking is becoming, but is not yet, an enterprise-class solution, and may never suit some enterprises. Nonetheless, IT executives should watch developments in P2P networking, and begin experimenting with it when the time is ripe, perhaps by implementing instant messaging (IM) selectively and cautiously within their enterprise networks.

Business Imperatives:

  • P2P networking’s support for direct communications and information sharing among network clients can be a significant adjunct to server-based networking. IT executives should look at P2P technologies from Groove Networks, Sun Microsystems, and other vendors, to begin deciding if and where it might fit in their enterprise networks.
  • P2P networking faces some key obstacles as it evolves, including security concerns, a lack of standards and uncertain industry adoption. IT executives should move forward cautiously with any pilot deployments, to make sure they do not get saddled with technologies that are marginalized by industry developments or insufficiently interoperable with other key solutions.
  • IM can be viewed as a “light” version of P2P networking, especially with support for sharing files, links to Web sites, and other resources. IT executives should look for constituencies and areas in their enterprises where IM can be helpful, separately or as part of a larger P2P development or deployment effort.

P2P networking has been around for years in multiple forms. For example, IBM has touted Advanced Peer-to-Peer Networking (APPN) for connecting mainframes to local area networks (LANs) since the mid-1990s. Today, P2P is gaining increasing currency as the Internet increasingly links more and more computers and enterprise networks.

At its heart, P2P turns every networked client into a mini-server as well. With P2P, all intermediating servers have to do is manage the lists of authorized, registered clients. Communications such as messaging and file-sharing can take place directly among the clients.

A Troy, NY company known as Buddyusa, Inc. offers a software product called Aimster. Aimster supports encrypted, private file searching and sharing among users of instant messaging (IM). Integration with America Online’s AOL Instant Messaging (AIM) is supported currently, with support for ICQ, Microsoft Network (MSN), and Yahoo! Messenger coming soon. The product currently supports the AOL File System and the open source Gnutella file system, with support for Microsoft Networking also coming soon, according to Aimster.

Aimster is a succinct example of what Napster, the legally troubled P2P-based online music exchange service, hath wrought. Aimster also demonstrates one set of reasons why IT executives who have not already done so should begin soon to delve deeper into P2P networking and its subset, IM. P2P and IM appear poised to wreak significant changes on the networked computing landscape, even as they offer some promise to enterprise IT executives and the users they support.

Aimster, unlike Napster, imposes some controls over file access and exchange. It also supports exchange of any file type, not just the music files that got Napster into such trouble. Such freedom of choice among file types creates opportunities for users to exchange copyrighted or otherwise unauthorized materials, but P2P vendors attempting to provide business solutions are taking steps to reduce the risks. Aimster, for example, supports file sharing only between users who are known to one another via AIM “buddy lists.” Buddyusa claims that this approach not only avoids copyright infringement, but also reduces the risks of spam and viruses, since all users exchanging files are known to each other.

Internet-based P2P networking is already at work on many computing problems. A well-known example is a project focused on the search for extraterrestrial life (SETI). The SETI Institute conducts the SETI@home project in conjunction with the University of California at Berkeley. Volunteer PC owners download from SETI@home screen-saver software that users those users’ computers when their systems are otherwise idle. The software aggregates these available processing cycles and adds them to resources being used to look for radio signals that might come from someplace other than Earth.

IT executives at enterprises conducting computing-intensive initiatives could use such an approach to harness hundreds or thousands of client systems across their own networks. This might reduce or eliminate the need to buy or burden additional servers. Companies such as Distributed Science and Entropia already offer software that helps link computers together over the Internet or corporate intranets, to turn networked PCs into distributed computing platforms for commercial and research applications. Such networks are being used today to test and measure Web site performance and quality of service (QoS), increasingly important issues at enterprises conducting e-business.

P2P is also gaining support among proven, enterprise-class software and hardware vendors. Sun, for example, recently announced Jxta, a P2P technology Sun is proposing as a de facto and eventual industry standard. Bill Joy, Sun’s chief scientist, is leading Project Jxtapose, an “incubator” designed to foster development and support of JXTA, at Sun and elsewhere. On Mar. 6, Sun announced plans to acquire InfraSearch, a privately held California-based developer of P2P searching technologies. Another P2P software developer, OpenCola, recently received $13 million in second-round financing.

Meanwhile, early business P2P software developer Groove Networks, founded in 1997 by Lotus Notes creator Ray Ozzie, has raised more than $60 million in investment capital. The company signed up 100 business, consulting, and development partners less than 90 days after introduction of a Preview Edition of its software, available online at

P2P has the potential to deliver important benefits to enterprise networkers, beyond aggregated raw computing power. For example, a sufficiently robust, scalable, and secure P2P architecture could be a powerful adjunct to current data backup solutions. P2P can also help users protect one another from viruses and other attacks on their networks, and facilitate rapid sharing of anti-virus software and other protective tools. However, RFG believes that P2P application requirements should be carefully reviewed from a bandwidth consumption standpoint because of the potential negative impact that could occur across the enterprise network if adequate bandwidth is not available.

Network Associates’ subsidiary already offers Rumor, application-independent P2P software designed to aid sharing and distribution of anti-virus software and firewall configuration updates. Rumor also includes token-based file authentication to eliminate rogue files masquerading as security updates, as well as support for resumption of interrupted downloads.

P2P is also poised to help solve a problem facing increasing numbers of enterprise IT executives and network service providers: connections among thousands to millions of network clients, including non-PC devices. When combined with technologies ranging from IM to intelligent software agents, P2P can, according to its supporters, deliver more and better networking services to enterprise users, while reducing demands on traditional networking and computing infrastructures.

However, IT executives should realize that despite the ballyhoo, P2P for the enterprise is still in its infancy. There are no standards for quality of service (QoS) consistency, interoperability, or security, and many P2P applications can render current firewall implementations ineffective. IT executives may also find management tools for P2P networking unavailable or inadequate for some time to come.

In addition, enterprise bandwidth use and requirements, and who will pay for any increase in these, are significant unknowns overshadowing P2P’s potential importance. ISPs and other providers have already said publicly that bandwidth pricing might be affected by significant increases in use fostered by P2P adoption. There is also far too little real data to allow IT executives or others to predict P2P’s effects on bandwidth use with any certainty. Some ISPs are already tinkering with their pricing models in the hopes of curtailing “bandwidth hogs,” or users who consume large amounts of network capacity for long periods of time.

IT executives should focus on P2P architectures and solutions that do not materially increase bandwidth requirements or costs within their enterprises. IT executives may find that the above limitations make P2P most applicable and useful to their enterprises over private network connections, where QoS and cost issues are more manageable than over Internet links.

Despite the current limitations and risks, IT executives should keep careful track of P2P developments, especially among established enterprise IT providers such as Intel and Sun. Meanwhile, IT executives should be looking carefully at user groups within their enterprises where implementation of secure IM may make sense. Enterprise-oriented IM solutions are already available from Lotus via its Sametime product, and from Microsoft as part of its Exchange 2000 messaging solution. Novell also offers a business-oriented IM solution called Instant Me, which is integrated with AIM and Novell Directory Services (NDS).

Emerging companies other than Buddyusa are addressing the market for enterprise-class IM as well. Examples include 2Way Corp., Bantu, Ecocys Technologies, FaceTime Communications, and Planet Exchange. IT Executives should look carefully at developments at such companies for clues to the evolution of enterprise IM and P2P solutions, whether they decide to do business with such companies or not. Where IM is considered, IT executives may want to seek legal counsel to make sure IM does not bypass legal requirements for retention of corporate communications or financial data.

IT executives should also track development of standards-based IM and P2P solutions. Many current IM solutions are based on proprietary technologies, which may offer some performance or security advantages but risk incompatibility with other networked IT resources. A trade association known as IM Unified is focused on delivering interoperability among IM solutions, using Internet Engineering Task Force (IETF) standards as the foundation for such interoperability. Members include AT&T, Excite, MSN, Prodigy, and Yahoo!. One company notable in its absence from the group is AOL, which is still resisting industry pressure to open up the AIM architecture for greater interoperability with other IM solutions.

Finally, IT executives seeking to support wireless connectivity and users of non-PC devices should also be watching P2P developments closely. Several established and emerging P2P solution providers are already developing agent-based P2P solutions designed to ease integration of such connections into enterprise networks, especially in conjunction with support for the Wireless Access Protocol (WAP). However, IT executives should be extremely vigilant and fully test any wireless IM, P2P or other deployments thoroughly.

RFG believes that while IM and P2P technologies are not inevitable for every enterprise, they are poised to bring significant change, as well as significant benefit, to many enterprise and e-business networks and initiatives. IT executives should begin their explorations cautiously, by identifying constituents likely to benefit from IM or P2P deployments, then examining candidate solutions from incumbent vendors where possible. In addition, and especially where emerging vendors and solutions are concerned, IT executives should remain focused on business application requirements, interoperability, scalability, and standards when considering any IM or P2P deployment, no matter how much hype either technology receives. Michael Dortch is the Robert Frances Group’s Principal Analyst. He can be reached at 203-291-6900 or

© 2001 Robert Frances Group. All rights reserved.