The latest version of the StableBit DrivePool 2.0 BETA now has a new feature, remote control.
Download it here: http://stablebit.com/DrivePool/Download
This one check box fires up the remote control system and allows you to effortlessly and securely connect and manage other computers that are running StableBit DrivePool 2.0 on your local network, and vice versa.
With remote control, it’s now possible to manage your pool from multiple computers on your local network. You can even have many copies of StableBit DrivePool running on different computers and manage them all from one central location. It’s up to you to decide how you want to use this feature.
Managing a Remote Computer
We’ve tried to make things as simple as possible, so as soon as you enable remote control, StableBit DrivePool will quickly enumerate all the other computers on your local private network that have StableBit DrivePool installed (and remote control enabled).
You can then just select the computer that you want to manage from a drop down list, in the new computers bar that will appear.
After selecting the destination computer, in a few moments the management UI will log you into the remote computer.
The fact that you’re managing a remote computer is indicated by the pulsing blue bar at the top.
The connection is very fast, encrypted and authentication is done using standard Windows services (NTLM via. SSPI).
StableBit DrivePool doesn’t use terminal services for this, and it’s actually possible to connect to the same computer from more than one locations at the same time. All the connected management UIs will be completely synchronized.
Logging in as a Different User
If you already have an account on the destination computer, and that account is an Administrator, the connection just works. There is no need to enter your user name or password.
But if you don’t have an account on that computer, or your account is not a member of the built-in Administrators group then StableBit DrivePool will prompt you for a user name and password.
Don’t worry about entering your credentials, we never store or send them in the clear and we use standard Microsoft APIs to protect your credentials.
You should recognize this prompt, it’s a standard Windows authentication prompt.
If you don’t choose the option to remember your credentials, then you will be prompted for them again the next time that you restart StableBit DrivePool.
If you do select the Remember my credentials check box, then we will encrypt your password and store it in the Credential Manager provided by Windows. This is done using the standard Credential Management API, in order to secure your stored credentials.
Limitations
When you’re connected to a remote copy of StableBit DrivePool, then you can do almost everything that you can on your local copy, including toggling Remote Control on and off. Obviously, if you turn it off on the remote computer, then you won’t be able to re-connect to it again after disconnecting.
There are a few things that you can’t do remotely, activating a license or performing an application update will require you to log in locally into that computer.
Licensing
Licensing is pretty straightforward with remote control.
In order to create a pool on a computer, you will need to activate a license on the computer that the pool is being created on.
But if you just want to use a copy of StableBit DrivePool exclusively for remote controlling other machines on your LAN, then that copy doesn’t require activation.
How it Works
Now that I’ve described how the new feature can be used, let’s get a little technical and talk a bit about how this all works in terms of networking and security.
Networking
The new remote control layer in StableBit DrivePool consists of 3 parts, in terms of networking:
- Discovery.
- Keep-alive.
- Remoting.
Discovery
In order to discover other machines running StableBit DrivePool on the local network, DrivePool will send out multicast UDP packets to a particular multicast group / port combination. Any copies of DrivePool on the LAN (with remote control enabled) will pick these up and remember the machine that sent them as a potential candidates to connect to.
In addition, when you shut down your computer, a special shutdown message is sent to inform everyone that the computer is shutting down and it should be removed from the list of available remote control targets.
The multicast packets themselves are tiny, they only contain the DrivePool identifier, a 2 byte packet type and an optional 4 byte TCP port number that will be used later to establish a secure connection with this computer. This keeps network congestion to a minimum.
Keep-alive
Keep-alive is the process of ensuring that a remote computer is still online and is able to accept remote connections.
After discovery is complete, the keep-alive system will probe the destination for the keep-alive port. The port will typically be 27525, but can change in case that port is already in use by another application.
Once the keep-alive port is found, we verify that it belongs to StableBit DrivePool by issuing a simple ping / pong using UDP.
The keep-alive system will then periodically ping all the remote computers that we know about to make sure that they’re still online.
Remoting
Remoting is the process of connecting to the remote StableBit DrivePool service. The remote server is actually running on a secure .NET remoting  TCP channel, so we didn’t re-invent the wheel here. The TCP port is typically 27525, but it can change if that port is already in use.
The system knows the actual port from the Discovery process, as described above.
Firewall
StableBit DrivePool will automatically configure the Windows Firewall for remote control to function. It will add the appropriate inbound rules when Remote Control is enabled, and will remove them when Remote Control is disabled, or the StableBit DrivePool service is not running. The rules are limited to Private networks and will not allow remote control to function over networks designated as Public. When you connect your computer to a new network, Windows asks you whether it’s a private or public network.
If you have an external firewall, or a third party software firewall, then you may need to instruct them to allow TCP / UDP traffic from the DrivePool.Service.exe and DrivePool.UI.exe processes, typically on port 27525.
Security
StableBit DrivePool uses a secure .NET Remoting TCP channel to communicate all of its UI synchronization. This means that authentication is provided using the standard network authentication system in Windows (SSPI), and no user names / passwords are ever sent in the clear over the network.
All communications is also encrypted by .NET Remoting.
As I’ve mentioned earlier, in order to connect to a remote computer, the account that is connecting must be a user on the remote computer, and that user must be part of the built-in Administrators group.
StableBit DrivePool 1.3 BETA
That wraps up the topic of remote control, I think the system turned out to be fast, simple and secure. It’s also very easy to use.
Before I wrap up, let me just mention that the StableBit DrivePool 1.3 BETA for the Windows Home Server 2011 is going final soon. There will (most likely) be just one more public BETA released in a few days, then a final release one or two weeks after that.
This was probably the longest BETA that we’ve had for a single release, but I think it’s finally ready to be called a release final.
Until next time.