Windows domain authentication
This section describes how to configure a SteelHead to optimize in an environment where there are:
• Microsoft Windows file servers using signed SMB or signed SMB2/3 for file sharing to Microsoft Windows clients.
• Microsoft Exchange Servers providing an encrypted MAPI communication to Microsoft Outlook clients.
• Microsoft Internet Information Services (IIS) web servers running HTTP or HTTP-based web applications.
For details, go to Knowledge Base article
S25759.
Kerberos trust authentication, as an alternative to creating and using a specific Kerberos replication user, is useful in trust models with split resource and management Active Directory domains such as Office 365 or other managed service providers.
A set of domain health status commands help to troubleshoot identifying, diagnosing, and reporting possible problems with a SteelHead within a Windows domain environment. For details, see
Checking domain health.
A set of GUI widgets help simplify the SteelHead configuration necessary to optimize traffic in a secure environment.
SteelHeads support end-to-end Kerberos authentication for these secure protocols:
• SMB signing
• SMB2/3 signing
• Encrypted MAPI/Outlook Anywhere
• HTTP
SteelHeads protect authentication credentials for delegate and replication users by storing them in the SteelHead secure vault. The secure vault contains sensitive information about your SteelHead configuration.
You must unlock the secure vault to view, add, remove, or edit any replication or delegate user configuration details that are stored on the SteelHeads. The system initially locks the secure vault on a new SteelHead with a default password known only to RiOS. This lock allows the SteelHead to automatically unlock the vault during system start up. You can change the password, but the secure vault doesn’t automatically unlock on start up.