Apple working with enterprise partners to enhance Bonjour, Apple TV

By Daniel Eran Dilger

In response to complaints from higher education, Apple is working with hardware partners and the internet community to extend Bonjour "zero config" networking to better scale across large networks and enhance the enterprise credentials of Apple TV

Say hello to my little networking protocol

In the early days of networking personal computers, Apple developed AppleTalk as a fully automatic networking system that allowed users to connect Macs together to share documents and peripherals such as expensive laser printers.

After the Internet Protocol gained widespread adoption among companies and home users in the 1990s, Apple began work on translating some of the innovative features of AppleTalk to the Internet's TCP/IP.

Originally named Rendezvous until Apple was sued over the name, the Multicast DNS technology (now called Bonjour) enabled devices on a network to advertise shared files, printers and other services that other devices could access automatically.

Without Bonjour, users would need to know the IP address of devices, or require a central administrator to maintain a DNS list of printers and other services that systems on the network could consult.

Bonjour is particularly useful for shared devices (such as printers or Apple TVs used with AirPlay) or shared services (file servers such as Time Capsule and shared iTunes libraries or iPhoto albums, Screen Sharing and Remote Disc) that can be set up for casual or temporary use, particularly in environments where, for example, students could find and setup access to a printer without needing to know anything about details of the network.

Améliorer Bonjour

Apple's efforts to create the Bonjour standard were led by Stuart Cheshire. The standard was implemented as an open specification, allowing other manufacturers to develop compatible implementations, such as the Linux Avahi project. Apple also developed a free implementation for Windows users, and broadly licensed Bonjour to printer makers.

According to a report by NetworkWorld, Cheshire addressed an Internet Engineering Task Force meeting earlier this week, noting that Apple recognized the growing pains large organizations were experiencing with Bonjour.

Cheshire said Apple had originally "targeted Bonjour at home networks, but over the last 10 years Multicast DNS - what Apple calls Bonjour - has become very popular."

He added, "every network printer uses Bonjour. TiVo, home video recorders and cameras use it. iPads and iPhones use it, and we are starting to get a lot of demand from customers that they won't be able to print from iPads to a printer in the next building."

One problem with Bonjour is that it relies upon local MDNS broadcasts, which are intended to only work within the local subnet. Client devices shout out messages that other members of the network can listen for, but these broadcasts do not cross the local router, so they only work between devices.

This prevents these network messages from being needlessly echoed across an entire campus, but it also creates issues for users in environments where wireless users may be segregated into a separate network from wired devices like printers or AirPlay devices. Because Bonjour doesn't bridge subnets by default, the two sets of devices can't see each other.

There are ways to allow Bonjour to work across large, complex networks, but many of the solutions currently being used are not optimal. IP multicast can be enabled to allow Bonjour messages to spread between subnets, but many organizations disable this for security or performance reasons.

Cheshire noted that a variety of vendors, including Aerohive, Aruba, Cisco, Ruckus and Xirrus, have been selling Bonjour proxy devices to relay multicast DNS messages across subnets, but that these often cause new problems, including multicast flooding.

Apple had developed support for Wide Area Bonjour (DNS-SD) to work around some of these problems, but Cheshire stated, "the software that already exists in Apple Bonjour and Linux Avahi has some wide-area capabilities. We have some tools to build with, but we have not put it together right. The question is whether there is interest in the IETF to step in and do it better."

Wide Area Bonjour is used by Apple to deliver Back To My Mac, a feature that provides secured remote access to a user's local services across the Internet. BTMM requires users to sign in with their iCloud account, as the remote Bonjour information is relayed through Apple's servers.

Several networking vendors have expressed an interest in working together on extensions to the open standard. Kerry Lynn of the IEEE standards body was quoted as saying, "we need to build something that's scalable, usable and deployable. It needs to enable DNS-based service discovery across lots of links. It needs to work with both local and global use. And it needs to be scalable in terms of network traffic."

The report also cited Thomas Narten of IBM, who said "there's a recognition of the problem and a willingness to work on it. We have to figure out how best to get to a solution. The universities are hurting; they're seeing this problem for real."

Progress on the ITEF's extensions to Bonjour's underlying technology are expected to be announced in March at the groups next meeting. The project is working under the apparently unintentionally suggestive name MDNSext.

Apple TV in the enterprise

In addition to extending the Bonjour protocol to better support large networks, Apple has also been petitioned to enhance its Apple TV "hobby" by the Educause Higher Ed Wireless Networking Admin Group.

The group has specifically asked Apple to support WPA2-Enterprise WiFi authentication on Apple TV, something the company already supports on Macs and other iOS devices (Apple TV internally uses iOS, so it likely just lacks a user interface to configure the authentication method).

It also asks Apple to add Enterprise-level support for authentication, authorization, and accounting (AAA) in its devices. AAA refers to tools used in managing access to network devices, enforcing security policies and auditing their usage by users.

"Providing support for Bonjour and Airplay Technologies on enterprise networks would benefit both our institutions and Apple by allowing Apple device owners the ability to use their devices as teaching and research aids, increasing the utility of and desirability of those devices," the petition notes.

"We would be happy to collaborate with Apple in improving the support for these devices in our environments."

The change.org petition was signed by by 761 people from a wide variety of education organizations around the world.

Last month, Apple added "support for configuring advanced network options on Apple TV" to its Configurator app used to manage iOS devices in schools and businesses.