Control

In a network comprising of end-user computing devices, the span of control plays an important
role. Most of the other issues in P2P architecture stem from the issue of control. The span of control can
result in a network that is totally decentralized without any central control, to one that is centralized and
one or more servers maintain the necessary information to run the applications in a more efficient fashion.
Control influences aspects such as predictable performance with service levels, reliability, overhead,
liability, and security.

P2P and grid computing

Grid Computing P2P Computing

Most grid nodes act primarily as a server Each node acts both as a client and a server
Grid offers direct access to resources in remote Access to resources is random without any
and targeted sites specific target
Grid has pre-determined registered clients and No distinction between clients and servers, peers
servers and not registered and enter and exit at random
Services are reliable and guaranteed Services are only partially reliable and guaranteed
Security is assured for each participating node Security is not guaranteed to a participating node
Resource monitoring, allocation and scheduling is No central control and relies primarily on self-
done centrally organization

This table highlights the differences between P2P and grid computing illustrates these challenges. P2P
computing on a big scale, like that employed by applications like Seti@Home, takes an organization far
beyond its boundaries.

A business has certain performance expectations that it needs to meet . To meet its performance
requirements, every business needs to control resources so that those resources can be employed as per
the business needs. In information systems terminology, one may talk about Service Level Agreements
(SLAs) for the resources. To ensure that the employed resources meet the SLAs implies that a business
should be able to control the resources through some means. A decentralized collection of computing
devices with inherent heterogeneity amongst the nodes, and the dynamic constitution of the pool, poses
the significant co-ordination and control burden.

The only way to establish and maintain control of end-users’ devices is to communicate the service level
requirements to them, and motivate them to meet these by means of a rewards system. For example,
Jarraya and Laurent propose a P2P-based storage application running on the Internet where users are
rewarded for offering storage space on their computers. Some grid-computing applications like
SETI@Home induce participation for philanthropic reasons since the organization running SETI@Home
is a non-profit organization working for the betterment of the human race. SETI@Home has a
recognition-based reward system. SETI@Home does not have any control over the enduser computing
devices. Issues related to rewarding or paying the end-users range from assigning a fair value to the
resources used on an end-user computing device, payment mechanisms, cost of acquiring and running a
comparable big computer in-house, etc. Additional cost items like the transaction costs of dealing with
thousands of end-users whose computing devices are being used also needs to be considered. These end-
users will need to be serviced for problems ranging from application faults on their computers, unpaid
credits for work done, etc.

Security and Liability

Associated with ensuring SLAs and the desirability/inclination to control the end-user equipment
is the question of security and liability. Several security challenges arise due to the increased complexity
that is introduced when computers are allowed to connect directly to other computers and to share
resources such as files and CPU time [6]. Polluted files and indices can propagate quickly through the
network thereby destroying content and compromising search and even host machines [26]. This can
compromise corporate networks and lead to all kinds of security breaches. If corporate data is stored
outside the organizational boundary on multiple computers, even with encryption and other precautions it
can be accessed by today’s sophisticated hackers. Perceptions about lack of security arise from lack of
trust that is associated with most machines in the node population and an inability to pinpoint
accountability. Lack of trust may also arise from lack of control. On the end-user side, vulnerabilities in
the P2P application that is running on the end-user machine can lead to security breaches. Once a breach
occurs, the trust between the business and end-users may be severely damaged. The greater the diversity
of the platforms on which the application runs, the greater is the probability that one or more versions of
the application destined for different platforms may be vulnerable through zero-day attacks and/or
undocumented vulnerabilities. Liability and accountability are of concern also. A business may not want
to be held liable for issues related to damage of the end-user equipment, violation of privacy due to bugs
in application, etc. The other side of the security and liability coin relates to the end-user liability in case
data is stolen from the end-user computer through a hack attack, backdoor, Trojan, or corrupted results
are deliberately sent back to the business, etc. The use of P2P applications may cause unwarranted costs
as in the case of Skype. In Skype, a computer on the organization’s network might function as a super
node thereby routing calls in and out of the organization’s network. It will, in this case, eat up Internet
bandwidth, even when no one in the organization’s network is a direct participant in the call.

P2P Business Models for Organizations

There are several applications based on the P2P architecture that can benefit business
organizations, however the adoption of P2P applications by businesses has been low. P2P has been
thriving in consumer-oriented application space mainly through filesharing and media streaming
applications.

In the business world, applications such as private file-sharing networks like Groove, Grouper, PiXPO,
and Qnext that can be used to establish virtual communities, and where users can collaborate and interact
with each other, exist, but again their uptake has been limited. Within businesses, grid computing is
extensively used in areas like oil exploration, risk analysis, protein folding and so forth, however it does
not utilize end-user computers. Even at its peak (around 2002), applications based on P2P architecture did
not become mainstream in the business sector. In order to provide a path for the uptake of P2P
applications, a set of business models are presented based on the dimensions of scope and control.

P2P business application models

These business models for P2P applications exist at four distinct levels. By comparing these levels as akin
to intranet, extranet, and Internet for information sharing and brand them using the popular ecommerce
classification/terminology as business-to-employee, business-to-business, business-to-customer, and
consumer-to-consumer modes. As an organization moves from one level to another it expands the scope
of the node pool both in terms of diversity and geographical distribution. The scope expands from
completely internal, to partners, to completely external, leading to an increase in the complexity of issues
discussed earlier. As the scope moves from being completely internal to completely external, the level of
direct control that an organization can exert on the node pool diminishes and the organization needs to
resort to complex mechanisms to ensure performance.
Business to Employee
Business-to-employee (B2E) electronic commerce uses an intra business network which allows
companies to provide products and/or services to their employees. Typically, companies use B2E
networks to automate employee-related corporate processes.

Intensive and creative work is best done on desktop type machines, with good processing and storage
power, and ability to run an appropriate user interface. These desktops and other machines can be
centrally managed using technologies such as Microsoft Active Directory and Group Policies. This along
with system-level management utilities like Intel System Management allows a fine grained and low level
control of hardware and software on a machine. Routing, searching, and other resource co-ordination can
be done much more efficiently since the pool of computing devices is relatively static and deterministic.
As such, an organization should be able to use the resources on the employee end-user machines while
having a high level of control. This model would be ideal for most organizations to deploy their P2P
applications. Hence we can offer the following propositions:

Proposition 1: For most organizations, the way forward with P2P computing would be a B2E model
using employee desktops. A distributed model spread across thousands of enduser machines is most likely
to be infeasible for most practical business applications since, in the highly distributed model, sufficient
control for performance and liability (security) cannot be implemented with reasonable overhead.

Proposition 2: For business applications, a strong central control is desirable and recommended so that
reasonable SLAs can be ensured. This is most likely achievable with a strong central control that is
present in a B2E model. Strict central control ensures that issues of performance, end-user compensation,
business liability, end-user liability, and security are in a deterministic state at all times. Totally or highly
decentralized models are not desirable, though with a deterministic node population they can
implemented more effectively.

Business to Business
Business-to-business refers to business that is conducted between companies, rather than between
a company and individual consumer. The B2B P2P model can offer many of the same advantages as with
a B2E model such as a predictable and a static end-user computing node population, strong central
control, service level agreements, and security. For instance, who is responsible and liable if data is
compromised? Some of the issues may be easier to resolve since it can be assumed that all organizations
involved in the partnerships will exercise due diligence in maintaining and securing their computing
infrastructure, and contractual agreements can be signed between parties. Here utility pricing models and
emerging cloud computing pricing models may be used to compensate partners. There are some examples
of B2B P2P models that can be used for content distribution and distributed processing. An example of
content distribution involves Deloitte UK and ABG Professional Information. Deloitte UK aggregates
massive amounts of diverse regulatory information, corporate policies, and best practices, some of which
is generated internally and some of which comes from outside vendors like B2B provider ABG
Professional Information. It would be virtually impossible to maintain up-to-date versions of all of this
material on centralized servers. Deloitte and ABG deployed NextPage’s “content network,” a variety of
P2P technology that knits together servers within the company along with those of external providers to
create a virtual repository of information. The data is maintained and resides on servers at different
offices and even companies, but to the auditor at Deloitte, the information is all available from a single
web page interface and looks as if it all sits in one place. Another application involves sharing data on
proteins. This platform uses fully distributed P2P technologies to share specifications of peer-interaction
protocols and service components that is no longer centralized in a few repositories but gathered from
experiments in peer proteomics laboratories. Distributed or grid computing can be done using software
like Legion and Global ROME. In ROME, size of the network can be controlled. Each node runs a
ROME process that continually monitors the node’s workload to determine whether it is within bounds or
under/overloaded. Through a number of defined actions, extra nodes can be recruited into the network
structure to deal with overload and unnecessary nodes removed to deal with underload, thus optimizing
the size and therefore lookup cost of the network. Nodes that are not currently members of the structure
are held in a node pool on a machine designated as the bootstrap server. Global ROME (G-ROME), is
designed to provide an interconnection of multiple independent ROME-enabled P2P networks, thus
constructing a two-layered hierarchy of networks. The overlay network of G-ROME is used for node
discovery by the ROME bootstrap servers that need extra capacity not available locally to cope with their
ring’s workload. Since node utilization is monitored, cost metrics or revenue metrics may be used to
compensate partners in the B2B P2P network.