Helpful Links

Buy Microsoft Vista Today

Dec

22

Designing app-centric sharing for SkyDrive, part 2 of 2: Rebuilding permissions

One of the biggest changes we made to the recent SkyDrive release was how we deal with permissions on files and folders. Making these underlying changes to our service without impacting customers is a bit like replacing the engines on an airplane while it’s flying. The technical challenges were tremendous, but the end result is a system that allows far more flexibility in how you share your files and photos. This post was authored by David Nichols, Software Development Lead for our Storage system, and discusses the technical challenges in making app-centric sharing possible.

-Omar Shahine, Group Program Manager, SkyDrive.com

Our latest releases of SkyDrive include a major revision to our sharing system that lets you give other people permission to see—or even edit—your documents and photos. These releases involved a lot of work in both our front-end web system, which implements the user interface to SkyDrive.com, and our back-end file system, designed to provide persistent storage for your documents and photos. You can also see this capability in SkyDrive for Windows Phone and iPhone in the form of “view-only” and “view and edit” link sharing. Along the way we had several design challenges, and in this post we’ll look at three of them: Sharing your data with people who don’t use Windows Live, sharing your data from anywhere in your file tree, and finding the files that people have shared with you.

Share your data with anyone

Social networks were still new when we first designed SkyDrive. Facebook wasn’t available outside of universities; MySpace was in its heyday; the idea of integration between networks was a long way off. We expected the sharing patterns to be either sharing with a specific list of contacts in Windows Live or with Messenger buddies. In particular, it was awkward to share with someone who doesn’t have a Windows Live account. The solution to this problem lies in the way we represent sharing permission for files and folders.

Every file or folder in SkyDrive has an optional “access control list” that shows who’s allowed to read or edit the file or folder. You can apply permissions at the folder level (which means that everything inside the folder has the same set of permissions), or you can apply different permissions to individual items inside the folder. This is similar to how enterprise systems (such as Microsoft Windows) track permission information, but our system has a twist.

In addition to being able to hold entries such as “user x” or “buddies of user y,” our system can also hold “token-based” access items. A token is just a string of random (and thus unguessable) bits. If you know the bits, you can gain whatever access the token gives you. We embed these tokens in URLs and send them out in the invitation email when you share a file. When the recipient clicks the link in the invitation, they either get direct access to the file, or get the option to add their Windows Live ID to the access list for the file.

Here’s an example of how this works

Let’s say that Alice wants to share her famous fried okra recipe with Bob, Carol, and David. She knows their email addresses but only has a Windows Live ID for Carol, who is one of her Messenger buddies. Alice uses the Share dialog on the file “Fried Okra.docx” and enters the email addresses for Bob, Carol, and David. After sending the invitation, the access list for “Fried Okra.docx” looks something like this:

Who	Access	Comment
Token 23 (the real ones are longer)	Read	‘bob@contoso.com’
carol@hotmail-example.com (a Windows Live ID)	Read
Token 51	Read	david@contoso.com

Bob gets an email with the token URL, and simply uses it to read the document. As long as he saves the email, he can continue to use that URL (unless Alice changes her mind, see below). Carol uses the URL and logs in with her Windows Live ID. By doing so, not only can she see the document, but it shows up on her “Shared With Me” list whenever she uses SkyDrive. David has a Windows Live ID that Alice didn’t know about, so when he uses the URL, he’s able to substitute his actual Windows Live ID for the token and also see the okra recipe in his “Shared With Me” list. At this point, the access looks like this:

Who	Access	Comment
Token 23 (the real ones are longer)	Read	‘bob@contoso.com’
carol@hotmail-example.com (a Windows Live ID)	Read
david@live-example.com	Read	david@contoso.com

Why the comments? Their purpose is to help with revocation. Say Alice has a change of heart about sharing and wants to remove access from Bob and Carol. When she goes to edit access for the document, she needs to see something more informative than “Token 23.” Because the system remembered the original recipients the tokens were intended for, Alice can chose the correct items to remove from the access list. Once the token has been revoked, the URL in Bob’s saved email will stop working.

Share your files without moving them

The old sharing system for SkyDrive was optimized for the way we expected people to use the system at the time. SkyDrive was used mostly for sharing photos, so we wanted to make it as simple as possible to share an album at a time. We understood that tracking what was shared and what wasn’t could get complex, so we limited the possible “sharable things” to top-level albums in someone’s SkyDrive.

As we added support for storing, editing and finding Office documents, we realized that this simple sharing model wouldn’t capture the sharing patterns our users needed. As Tony East mentioned in his post Designing app-centric sharing for SkyDrive, part 1 of 2: Complexity of “simple,” the ability to share shouldn’t depend on file organization. You should be able to point to any file, anywhere, and share it without moving it.

The problem with this lay in an early decision to store file access information in a different service than the SkyDrive backend. Until this release, the access lists for folders were stored in our contacts and relationships system, ABCH. While this made sense in light of the scenarios at the time, the new sharing model was going to cause scaling issues, because every shared file in SkyDrive would require data in ABCH.

To get the access lists back in SkyDrive, we needed a data migration. Data migrations are quite complicated in large scale on-line systems, because the user data is partitioned across many servers in our data centers. Both SkyDrive and ABCH partition the users across servers, but we use different patterns to do so. So while Alice and Bob’s data might be on the same server in SkyDrive, their data is likely on different servers in ABCH.

We know how to do this: start up a set of migration tasks in our job system, have them examine each user individually, and then move that user’s data. Because we’re moving data from one system to another, this can take as long as few months to complete. To speed up the effective migration speed, we used a local-to-SkyDrive pass that tweaked our internal data format to support on-demand migration. As soon as this was done, we were ready to support the new features. If a user edits sharing on an existing folder, we bring the data for that folder over right away. In the meantime, our migration job is moving all the data, whether it’s changed or not.

Find what’s shared with you

Another feature of our sharing system that’s different from conventional file systems is the “Shared With Me” list. While you can save all the invitation emails you get that are letting you know about files your friends have shared, we’ve found that it’s great if the system can manage this list for you. Because we partition our file data on servers by the user who owns the data, this isn’t trivial to do. If ten people share files with Alice, the access lists for those files are on ten different servers out of hundreds in our system, so there’s no one good place to go to for the list. To solve this problem, our implementation builds on our full-text indexing system, so let’s take a look at that.

Full-text systems work by taking documents in the system and finding all the words in each. From this, they create “inverted indices,” which have words and the corresponding list of documents that contain those words. For example, there might be an entry like “okra: 1,7,107,243,512,514,…” and another, “recipe: 3,56,107,201,512,703,…” which means that the word “okra” appears in the first, seventh, 107st, 243^rd, etc. documents, and that “recipe” appears in the third, 56^th, 107^th, 201^st, etc. documents. To find all documents with “okra” and “recipe”, we take the intersection of the two lists (which is easy, since they’re in order), and discover that the 107^th and 512^th documents contain both words.

For SkyDrive, we have a full-text index of all documents in the system. However, we can’t let people see all the documents in a search result, only the ones they are allowed to view. To do this, we index the Windows Live IDs of the allowed viewers onto the documents as well. In addition to the word entries above, we add special strings to the documents that get indexed much like the words do, but which encode the permission data. For example, the string “VIEWER=carol@hotmail-example.com” would mean that Carol has view permission for a specific document. Then the inverted index gets an entry like “VIEWER=carol@hotmail-example.com: 39, 107, 762, …” When Carol searches for “okra recipe,” we change the query to “okra recipe VIEWER=carol@hotmail-example.com.” So Carol gets document 107 back, but not document 512, which she isn’t allowed to read.

With this index, an obvious way to implement “Shared With Me” is to search for the documents Carol is allowed to read. This isn’t exactly right, but it’s close. First, we want to exclude documents that she owns, because we’re showing them elsewhere. Second, we need to include photos, which normally aren’t in the full- text index. Finally, we don’t really want all the files Carol has access to, but only the files or folders where someone explicitly added Carol. If Alice shares a folder with 100 documents, we want only the folder to show up in Shared With Me, not all 100 of the contained documents. If she shares a single spreadsheet, we want to show it too.

The answer to these problems is to index all the shared files or folders with a second index field which tracks exactly the documents and folders that got explicitly shared. This field is only on the shared items, not on files contained within folders, and doesn’t include the document owner. Our search is then for “SHARED-WITH=carol@hotmail-example.com,” which gives us exactly what we want.

Moving forward

Our changes in the system are a big step forward in our ability to support our sharing scenarios, but we know we aren’t done yet. As we collect feedback from you, we’ll continue to evolve how the sharing system works. With this work, we think we’re in a good spot to move forward rapidly.

David Nichols

Software Development Lead, SkyDrive.com

Dec

21

Managing Your Desktop Virtualization Infrastructure

Category: Vista News | Leave a Comment

Over the past year I have talked about lots of different aspects of Microsoft Desktop Virtualization and have highlighted the benefits of our end-to-end stack. As I’ve previously discussed, Microsoft Desktop Virtualization takes a unique approach because we recognize and have heard from our customers that one size does not fit all. It’s easy for companies to be tempted to jump to the latest trend or technology without first thinking about how it will help their business. After all, it is fun to be the person with the latest gadget or be the one who identifies a new technology that will help the business. New technologies are the things that keep IT staff excited about their jobs and challenge them to be better than they are today.

However, once new technologies are discovered, it’s a good idea for IT to move their mindset from “cool and new for ME” to “cool, new, AND benefits my ORGANIZATION” – the point being that the new technology should help solve business challenges faced today and ones expected in the future. Additionally, it should be understood that not every product fits a business’s needs while others might provide a great value. This is why when thinking about implementing Microsoft Desktop Virtualization solutions it’s important to understand how the different layers and the associated solutions can be used independently or together to address specific needs. Once you’ve done this and identified the right desktop virtualization solutions for your business need, you’ll want to think about your management strategy as it becomes a key to broad scale success.

Microsoft’s Desktop Virtualization products offer superior manageability through close integration with the Microsoft System Center family of products – products many customers already own – which enables IT departments to easily deploy, monitor and manage virtual applications and assets the same way they manage physical assets. This single platform can help deploy and manage RDS Sessions, Microsoft VDI VMs, App-V applications and MED-V workspaces, thus avoiding the need to stand up a dedicated management infrastructure for each environment. Microsoft is recognized as a leader within Gartner’s 2011 Magic Quadrant for PC Configuration Life Cycle Management (PCCLM) Tools.* We believe this placement affirms Microsoft System Center as a stable product and frontrunner amongst the industries top competitors. According to the Magic Quadrant references, managing physical and virtual desktop environments is an important emerging requirement of PCCLM tools.

Now you may be wondering, what are the components of System Center that work with Microsoft Desktop Virtualization products and result in effective management? Let me provide a brief overview of the three main components: System Center Configuration Manager, System Center Virtual Machine Manager, and System Center Operations Manager.

System Center Configuration Manager is the foundational component needed for IT departments to help support new devices that have entered their environment. Many of times these devices are ones that were never intended to be used in an existing environment and IT departments are being pushed to become more flexible in the way they deliver solutions for these devices. System Center Configuration gives them the ability to manage and protect corporate assets on an array of devices through a unified solution that includes full lifecycle management for virtual applications and virtual machines that run locally or are hosted in the datacenter. It also now provides a self-service portal that allows users to self-provision applications for both physical and virtual desktops.
System Center Virtual Machine Manager enables IT Professionals to configure and deploy new virtual machines and centrally manage the virtual server infrastructure for VDI, RDS session hosts, App-V and Configuration manager management servers from one console. It does this through its multi-hypervisor support including Hyper-V and end-to-end capabilities such as planning, deploying and managing the virtual machines. Additionally, it provides increased server utilization and higher availability through dynamic resource optimization across multiple virtualization platforms.
System Center Operations Manager enables IT departments to monitor their desktop virtualization environment through numerous views showing state, health and performance. With deep application insights for .NET applications and end-user performance, alerts and diagnostic information are provided to help identify and quickly fix any discovered availability, performance, configuration or security issues across different systems and workloads. This ultimately leads to the ability to cut uptime, which results in the cost reduction of management.

Now let’s take a close look at a few key areas of desktop virtualization and see how the upcoming System Center 2012 Configuration Manager release in particular helps manage their products.

Application Virtualization (App-V): With multiple form factors entering workplaces with numerous network connection types and operating systems, one can imagine the significant complexities and challenges that arise when delivering applications to users. One desktop virtualization solution that helps address these challenges is App-V. It works with Configuration Manager 2012 to make the delivery of applications more seamless by taking management to the next level with a user-centric management focus. These two products together can serve as a point for application streaming and/or can also determine what format an application should be delivered in based on device and network. Additionally, this process allows administrators to create deployment rules to establish these relationships, while also being able to inventory virtual applications, meter the virtual application licenses, and deliver virtual applications as part of Operating System Deployment Task Sequences.
Microsoft Enterprise Desktop Virtualization (MED-V): In some work scenarios users may run multiple instances of Windows within a virtual machine on the same local device. There are typically two reasons for doing this – one for development and test scenarios and the other for application compatibility scenarios using MED-V. By working with Configuration Manger users can manage locally hosted virtual machines the same way they manage their existing PCs. The Configuration Manager allows users to bypass their dedicated MED-V infrastructure used to help migrate Windows XP machines to Windows 7, and rather use it deploy, update, inventory and provision software to the MED-V workspace. For more information, see the MED-V Deployment Whitepaper.
Server Hosted Desktop Virtualization: Microsoft’s virtualization platform is unique in that one platform delivers integrated management across VDI and RDS Sessions on a common, integrated infrastructure, and Configuration Manager helps manage them all in a unified interface. Both VDI and RDS Sessions deliver personal desktops, and with Configuration Manager it addresses these like a typical physical desktop by providing software update management, software distribution, hardware and software inventory, software metering and compliance settings management, while also randomizing those key management tasks to minimize virtual host disk impacts. Additionally, in the upcoming 2012 release, Configuration Manager will be able to identify whether a virtual desktop is pooled or personal. In a pooled scenario the virtual desktop is wiped and reset each time the user logs off, in a personal scenario, the user is assigned a specific virtual desktop that maintains its state. Understanding the differences, Configuration Manager 2012 will allow you to assign an application policy based on that attribute and recognize & record pooled virtual desktops appropriately

I hope that you found this helpful and learned a bit more about the Microsoft products offered to customers to help them manage their environment efficiently and effectively. If you would like to learn more about managing desktop virtualization with Microsoft System Center, I suggest reading this whitepaper. As always, please feel free to leave comments or questions below and for more information on Microsoft Desktop Virtualization please visit www.microsoft.com/DV.

*Gartner, Inc., Magic Quadrant for PC Configuration Life Cycle Management Tools, Terrence Cosgrove, January 4, 2011. Gartner does not endorse any vendor, product or service depicted in our research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Dec

21

Designing app-centric sharing for SkyDrive, part 1 of 2: Complexity of “simple”

Category: Vista News | Leave a Comment

A few weeks ago, we released an upgrade to SkyDrive.com that fundamentally changed the way you can share files and collaborate using SkyDrive. Omar Shahine gave a great overview in his blog post a couple of weeks ago, but I wanted to dive into deeper detail about how our new, simple app-centric sharing for Office documents and photos came about. Tomorrow, David Nichols will publish part 2, which will go into the technical challenges behind these changes.

Here is a quick video Omar made that covers some of the highlights in this post:

What was wrong with the old way?

SkyDrive has been an amazing service from the beginning. To give you some historical perspective: SkyDrive was originally designed for people to share files with other people on the Windows Live network. The first “app” on SkyDrive was a photo sharing experience that shipped in December 2008. Office Client and Web App integration followed in the summer of 2010. The way people share and collaborate has really changed over the past few years. Let’s take a look at some of the user scenarios that grew challenging with our old model:

If you want to share files, you need to organize things in a particular way. SkyDrive is about your stuff. And since everyone organizes their stuff their own way, we wanted to create a system that lets you share files no matter where they are on your SkyDrive. With our old model you had to create folders or documents in the root of your SkyDrive and give people permission to view or edit them.
Getting started collaborating on a document is challenging. Because the permission granularity was at the folder level, you needed to put your document in a folder, share that folder, and then your friends or colleagues needed to go to the folder and find and open the document. It was just too many steps.
You need to know your friend’s Windows Live ID. Our success rates for sharing were low because people have multiple email addresses or will come across a link in Facebook or LinkedIn. For example, I know Joe as joe@contoso.com, but his Windows Live ID is joe@hotmail.com. So in the past, I would share a link with Joe, and he would click on the link and be asked to sign in. He would sign in with his Windows Live ID and not have access to the item!

The challenge of simple vs. powerful

As we worked to design the new model, we really wanted to keep it simple while still providing great features for our power users. Some specific challenges were:

Sharing files shouldn’t depend on how they’re organized. While the model worked well enough for photos, it was way too hard to get started collaborating and taking advantage of our amazing Microsoft Office integration. We knew it was critical to separate organization from sharing.
Sharing folders works well for collections like photos, but for collaborating on documents you really need single file sharing. The bar here was email attachments. People have been sharing single files forever this way, and we wanted to create a system that was better.
Most people don’t understand “ACL math,” so keep it simple. Windows has an incredibly rich Access Control List (ACL) model. It allows you to have conditions that include inheritance of permissions and conditions that break the inheritance of permissions. These rich capabilities can result in complex sharing scenarios that may be desirable in enterprise scenarios, but often add an unhelpful amount of complexity for most people.
Optimize for sharing more broadly than just with people in the Windows Live network. People want to share files with another person. More and more, people have several different addresses which added friction to our old sharing model. When you shared a folder with another person using a specific email address, the recipient had to sign in to Windows Live using the matching email address or they couldn’t access the document.
We needed a more resilient and transparent sharing notification system, preferably email. Email is the way people have been sharing and collaborating with each other for a long time. That’s the way it should feel like. Power users should have a way to share directly with their social networks or get a link they can use the way they want.

The new SkyDrive sharing experience

SkyDrive lets you store and share your files—but it does more than that. We also provide rich experiences for important file types, specifically Office documents and photos. So when we talk about “app-centric sharing,” we mean that you don’t have to leave the context of what you’re doing or looking at to share.

Sharing single documents

With the new SkyDrive sharing model, you can easily share single documents to start collaborating. If I select any document in my SkyDrive, I can click “Share” and bring up the sharing dialog that Omar talked about in his blog post. But here’s the best part. Let’s say you’re using the Word Web App to write a blog post (!) and you want to send it out to the folks who need to review it. Instead of having to leave the context of Word, you can just click the File menu and choose “Share.” This brings up the—by now familiar—SkyDrive sharing dialog. Just choose the people you want to share with and get back to writing that blog post. Now that’s simple, app-centric sharing!

Sharing single photos and documents

This also works for photos and albums. If I’m browsing my albums and see one I want to share, in this case some shots I took with my new camera, I can use the new right-click menu on the album cover and share the entire album (folder) from there:

Maybe I want to see who I’ve already shared the album with, so I’ll open the album. Here’s what I see in the info pane:

I’ve already shared this album with my friends on Facebook, but I want to share it with Omar, so I just start typing his name. All of my Hotmail contact email addresses are available in the “To” line:

Note that when Omar clicks on the link, he can immediately view what I shared with him, even if he doesn’t have a Windows Live ID yet.

Quick side trip—Getting everyone’s addresses

SkyDrive sharing (and emailing from Hotmail) will be even more powerful if you connect your social networks to Windows Live. Thanks to some great work by our Connect team, you can connect your social networks to Windows Live by going here. This will ensure that you can share directly with your friends on your connected networks. If you’re connected to LinkedIn, you automatically get those email addresses. For Facebook, you need to do an import by clicking on the Facebook icon after you get connected. Below are the steps you need to follow to import your Facebook email addresses so you can share your files and folders with your friends. Note: You can only import the email addresses of friends that have shared their email address with you.

Connect Facebook to Windows Live by clicking here.
Go to http://profile.live.com/connect and click the Facebook logo.

Click the Facebook logo on this dialog box and follow the instructions.

Email notifications with links that work

When I click on “Share” in this case, Omar receives an email from me in his inbox. This means that Omar will know that I’m the one who sent him the link. No more fishing through junk mail to find the link. You even get a copy in your “Sent items” folder in Hotmail so you see exactly what you shared and when you shared it.

Also, if for some reason your message doesn’t get through, you can look in your Hotmail “Sent items” folder and see the mail that was sent. You can even forward the mail to other people.

Changing permissions

Now I see that Omar can view the photos:

But I want to let Omar add some of his own photos to this folder, so I’m going to change his permission to “Can edit” using the dropdown.

If I want to remove either permission, I just use the ‘delete’ icon to the right of the permission. Overall, this lets you grant and revoke permissions in a granular way.

Straightforward sharing means no “ACL math”

The easiest way to think about SkyDrive permissions is to think about parents and children and the way children inherit certain traits from their parents. Each folder can have a set of permissions (though they are private by default). Each folder can also have “children” (subfolders and files) which inherit permissions from their parent. As you set permissions on things, the action is additive. So let’s say that I shared a folder with Omar, Mike and Dave, and then shared a document in that same folder with Sarah. At that point, Mike, Omar, Dave and Sarah can all see that file. But only Mike, Omar and Dave can see the other files in the folder. We make this clear in the UI by showing where the permission came from, along with a handy link to navigate to the folder where that permission is set so you can easily change the permission.

I’ll go back to my blog post example. I gave Omar permission to my “Blog Posts” folder so he could see all the drafts. I have a subfolder under “Blog Posts” where I keep screen shots for the blog post called, surprisingly, “Screen Shots.” My friend Piero has a fantastic eye, and I want him to take a look at the screen shots before I publish. Omar has permission to the parent folder, and by way of inheritance Omar can automatically also see and edit the contents in the subfolder “Screen Shots.” His permissions to the child folder derived from the parent, “Blog Posts” folder.

The UI shows who can do what for each folder or file that you select, so you always know who can view and edit your stuff.

Our magic links

Earlier I mentioned the email mismatch problem. It used to be hard to share with Omar if I only knew his Microsoft address but not his Windows Live ID. Now, our links sent in email and shared on social networks contain a token to let the recipient view the document, so that it works no matter which email address I send it to, even if the recipient doesn’t have a Windows Live ID. While I can restrict it to a specific email address for really sensitive stuff, the predominant case is that the intended recipient gets the link and clicks on it. David Nichols’ post tomorrow will dive more deeply into how the tokens work.

Other ways to share

Publish to your connected social networks

The sharing dialog also lets you quickly share folders and files with your friends on social networks. Want to share that photo album? Have a Word document with a great recipe you want to share? Need your friends to take a look at your resume on LinkedIn? Now you can.

Get a link (for power users)

The other great way to share is to use our “Get a link” feature. This allows you to create a reusable link that you can include for your own scenario. In addition to standard “view” and “edit” enabled links, you can also make a document public and discoverable. Simply click “Get a link” for any of these types and copy the link.

You can revoke these links just like any others you create by clicking the delete icon in the info pane.

We are really excited about the new sharing model and the powerful collaboration scenarios it unlocks. Be sure to read David Nichols’ post tomorrow for Part 2.

Tony East
Lead Program Manager, SkyDrive.com

« go back — keep looking »

Join Our Mailing List!

Get The latest Information, News, Tips
and More Sent Straigt to Your Inbox - Educate yourself
and Those Around You.

Join The Community
Categories
- Blog Carnival (RSS) (1)
- Buy Microsoft Vista (RSS) (1)
- Computer Products (RSS) (2)
- Uncategorized (RSS) (2)
- Vista Features (RSS) (3)
- Vista News (RSS) (2761)
- Vista Problems (RSS) (7)
- Vista Resources (RSS) (1)
- Vista Reviews (RSS) (3)
- Vista Talk (RSS) (1)
- Vista Tips (RSS) (8)
- Vista Updates (RSS) (1)
- Vista Usability (RSS) (2)

Helpful Links

Buy Microsoft Vista Today

Recent Post

Archives

Access Your computer From Anywhere

Dec

22