Windows Peer-to-Peer Networking
Windows Peer-to-Peer Networking is a developer platform to create peer-to-peer applications for computers running Windows XP. The long-term goal of Windows Peer-to-Peer Networking is the following:
To enable people to communicate securely and share information with one another without a dependence on centralized servers, but to work even better when servers are present.
Windows Peer-to-Peer Networking is included with Windows XP Service Pack 2 (SP2). To install it after Windows XP SP2 is installed, do the following:
1. | Click Start, click Control Panel, and then click Add or Remove Programs. |
2. | Click Add/Remove Windows Components. |
3. | In Components, click Networking Services (but do not select its check box), and then click Details. |
4. | Select the Peer-to-Peer check box, and then click OK. |
5. | Click Next, and then follow the instructions in the wizard. |
For computers running Windows XP with Service Pack 1 (SP1), you can install Windows Peer-to-Peer Networking with the Advanced Networking Pack for Windows XP, a free download.
The design of Windows Peer-to-Peer Networking incorporates the following principles:
| • | Secure |
| • | Scalable |
| • | Distributed |
| • | Serverless |
| • | Robust in the face of failure and/or attack |
| • | Self-tuning |
| • | Self-repairing |
How these design principles were achieved in described throughout this paper.
Windows Peer-to-Peer Networking Scenarios
Windows Peer-to-Peer Networking enables or enhances the following scenarios:
| • | Real-Time Communications (RTC)
| ||||||
| • | Collaboration
| ||||||
| • | Content Distribution
| ||||||
| • | Distributed Processing
|
Windows Peer-to-Peer Networking and DNS
Another point of contrast between client/server and peer-to-peer networking is the use of the Domain Name System (DNS). Server computers are typically registered in DNS so that client computers can resolve a name to the IP address of the server computer. Client computers are typically not registered in DNS for the following reasons:
| • | Many client computers have transient connectivity; they connect for unpredictable amounts of time and can be assigned a new IP address for each connection. |
| • | Client computers do not have shared resources and do not respond to requests for resources. Therefore, other computers do not need to resolve the names of client computers. DNS address records for client computers are not necessary. |
Peer computers, on the other hand, have resources to share. However, they still have transient connectivity. Peer computers could use DNS dynamic update to register their names, however, very few DNS servers on the Internet support DNS dynamic update. To be successful for peer-to-peer networking, peer computers must not rely on the existing DNS infrastructure. Therefore, there must be a mechanism to resolve peer names to their addresses that does not rely on DNS. For Windows Peer-to-Peer Networking, this mechanism is Peer Name Resolution Protocol (PNRP) and is described in the "Name Resolution and Peer Discovery with PNRP" section of this article.
Windows Peer-to-Peer Networking Security
In a peer environment, there are no centralized servers with security databases or that can provide typical security services such as authentication and authorization. For example, in an Active Directory domain, domain controllers provide authentication services using Kerberos. In a serverless peer environment, the peers must provide their own authentication.
For Windows Peer-to-Peer Networking, authentication is provided using self-signed certificates, some of which are formatted as X.509 certificates. Although one usually thinks of X.509 certificates in relation to a public key infrastructure (PKI) that contains a hierarchy of certification authorities (CAs), self-signed certificates are certificates that are created by each peer. Peer networking allows any node to act as a CA and removes the requirement that the root certificate to be deposited in each peer's trusted root store. Each peer generates the public key/private key pair and the certificate that is signed using the private key. The self-signed certificate is used for authentication and to provide information about the peer entity. Like X.509 authentication, peer networking authentication relies upon a chain of certificates tracing back to a public key that is trusted.
For more information about authentication for Windows Peer-to-Peer Networking, see the "Grouping" section of this article.