Thebitstreamer

La gestione di Vista è stata estremamente tormentata e molte cose sono apparse e poi scomparse nell’alternarsi delle release.

Una di quelle che ricordo maggiormente mi colpi fu la modalità di security Castle, vi riporto qui (in inglese) quanto riportato nel Privacy Statement delle pre-release di Windows Vista:

Castle

What This Feature Does:
The “castle” feature allows users to have the networking functionality of the domain, including roaming the user’s profile, machine trust and having a consistent user identity throughout the network. The main difference with Castle is that users do not have to setup a dedicated machine, such as a domain controller, to maintain the trust and identity relationship. It also makes it easy to share and access files on those computers. Each computer on the same subnet can discover and join an existing castle. Or, the user can create a Castle. To join an existing castle, you must know the login credentials of an administrator account already part of the castle. Only non-blank passwords can grant access. This helps ensure only authorized computers join the castle (use of strong passwords for administrator accounts is highly recommended). When a computer joins a castle, the accounts on that computer will be added to the list of accounts accessible from any computer in the castle. User specific data (e.g. their password, access rights, and preferences) will be replicated on each computer in the castle and kept in sync. In addition, the newly joined computer will inherit and respect all policies from the Castle.

Information Collected, Processed, or Transmitted:
To help standalone computers find the available castles on the subnet, the machines in the Castle send a broadcast a beacon containing the Castle’s name. Be aware that if you share a subnet with other people (e.g. your neighbor when using a cable modem without a hardware router/firewall) they may be able to see the name of your castles. In this case only choose castle names you are comfortable sharing with others. When joining a castle, the credentials you enter will be sent using security technology (NTLM) to other computers in the castle.

Use of the Information:
Broadcasting the name of each castle makes it easy to discover what castles are available on the subnet. When joining a castle, the credentials help ensure only authorized computers join the castle.

Choice/Control:
The user must initiate joining a castle using the user interface provided. Whether the user’s computer is able to join a castle depends on whether an administrator of a computer already part of the castle has provided the user with the appropriate credentials. When a castle is formed, a beacon containing the castle name will be broadcast. In this release there is no easy way to disable the beacon. A mechanism to disable the beacon will be added in a future release.

Important Information:
The Internet Connection Firewall (ICF) is enabled by default in this software. Therefore, if you create a Castle, it will send out the beacon, but because ICF is enabled, other computers running this software that have the firewall enabled won’t see the beacon.

Sostanzialmente si tratta di una modalità peer-to-peer simile al Workgroup che molti di voi ben conoscono con la differenza che i profili utente e le policy vengono replicate in ciascun membro del Castello.

Col numero di computer costantemente in aumento all’interno delle nostre case la possibiltà di poter portare il proprio account con se unitamente ad un minimo di amministrazione centralizzata è sicuramente una feature che migliora la sicurezza delle reti casalinghe ed offre una esperieza di utilizzo consistente.

Probabilmente il motivo principale per cui tale modalità è stata eliminata da Vista non risiede tanto nella problematica tecnologica, già ampiamente implementate e testata sulle piattaforme server con ben altri numeri, ma nel cogliere l’oppurtinità di business quando tutti i pezzi erano in campo.

Ora che Windows Home Server è stato introdotto sul mercato, che prodotti come One Care inizino ad utilizzare policy di sicurezza comune a tutti i PC controllati non è difficile pensare che gli utenti siano pronti al concetto di Castle. Speriamo che non venga accantonato anche questa volta.

del.icio.us tags: windows 7, castle, feature, networking