About secure traffic authentication
The option to accelerate secured traffic is available for several protocols. When you enable secure traffic optimization, you’ll need to select an authentication method: NTLM or Kerberos. In either method, SteelHead, or WinSec Controller integrated with SteelHead, provides authentication end to end between client-side and server-side appliances, and server-side appliances and the Windows domain controller.
Disabled by default. Configure on server-side and client side appliances. Requires service restart.
NTLM authentication offers two modes: transparent and delegation. Transparent mode enables signed or encrypted packet optimization with transparent authentication. Delegation mode re-signs packets using Kerberos delegation. NTML authentication supports all Windows clients and servers that have NTLM enabled. If you choose this mode, you must join the server-side SteelHead to the Windows domain.
Kerberos authentication mode: we recommend you integrate WinSec Controller. Otherwise, you’ll need to configure Kerberos replication users.