About Application Protocols, Authenticated Connections, and Domain Controllers : About secure traffic authentication
  
About secure traffic authentication
Several protocols support secure traffic acceleration. When enabling secure traffic optimization, you must choose an authentication method: NTLM or Kerberos. SteelHead, handles end-to-end authentication between the client-side and server-side appliances, as well as between the server-side appliance and the Windows domain controller.
By default, this feature is disabled. It needs to be configured on both the client-side and server-side appliances, and a service restart is required.
NTLM authentication has two modes: transparent and delegation. Transparent mode optimizes signed or encrypted packets with transparent authentication. Delegation mode re-signs packets using Kerberos delegation. NTML authentication supports all Windows clients and servers with NTLM enabled. If you choose this mode, you must join the server-side SteelHead to the Windows domain.
About Application Protocols, Authenticated Connections, and Domain Controllers
About Windows domain authentication
About Active Directory easy configuration