Optimizing SMB2/3

Enabling SMB3 on an appliance also enables support for the SMB3.02 dialect introduced by Microsoft in Windows 8.1 and Windows Server 2012 R2. SMB3.02 is only negotiated when systems of these operating system versions are directly connected. SMB3.02 is qualified with SMB3.02 signed and unsigned traffic over IPv4 and IPv6, and encrypted connections over IPv4 and IPv6. Authenticated connections between a server-side appliance and a domain controller are only supported over IPv4.

RiOS includes support for SMB3 traffic latency and bandwidth optimization for native SMB3 clients and servers.

Windows 8 clients and Windows 2012 servers feature SMB3, an upgrade to the CIFS communication protocol. SMB3 adds features for greater resiliency, scalability, and improved security. SMB3 supports these features:

• Encryption—If the SMB server and client negotiate SMB3 and the server is configured for encryption, all SMB packets are encrypted on the wire, except for when share-level encryption is configured. Share-level encryption marks a specific share on the server as being encrypted; if a client opens a connection to the server and tries to access the share, the system encrypts the data that goes to that share. The system does not encrypt the data that goes to other shares on the same server. Encryption requires that you enable SMB signing.

• New Signing Algorithm—SMB3 uses the AES-CMAC algorithm instead of the HMAC-SHA256 algorithm used by SMB2 and enables signing by default.

• Secure Dialect Negotiation—Detects man-in-the-middle attempts to downgrade the SMB 2/3 protocol dialect or capabilities that the SMB client and server negotiate. Secure dialect negotiation is enabled by default in Windows 8 and Server 2012. You can use secure dialect negotiation with SMB2 when you are setting up a connection to a server running Server 2008-R2.

– Allows an SMB client to retrieve hashes for a particular region of a file for use in branch cache retrieval, as specified in [MS-PCCRC] section 2.4.

– Uses remote direct memory access (RDMA) transports, when the appropriate hardware and network are available.

– Allows an SMB client to bind a session to multiple connections to the server. The system can send a request through any channel associated with the session, and sends the corresponding response through the same channel previously used by the request.

To optimize signed SMB3 traffic, you must enable SMB3 optimization on the client-side and server-side appliances.

For additional details on SMB 3.0 specifications, go to http://msdn.microsoft.com/en-us/library/cc246482.aspx.

RiOS supports SMB2 traffic latency optimization for native SMB2 clients and servers. SMB2 allows more efficient access across disparate networks. It is the default mode of communication between Windows Vista and Windows Server 2008. Microsoft modified SMB2 again (to SMB2.1) for Windows 7 and Windows Server 2008 R2.

• a vastly reduced set of opcodes (a total of only 18); in contrast, SMBv1 has over 70 separate opcodes. Note that use of SMB2 does not result in lost functionality (most of the SMB1 opcodes were redundant).

• general mechanisms for data pipelining and lease-based flow control.

• request compounding, which allows multiple SMB requests to be sent as a single network request.

• larger reads and writes, which provide for more efficient use of networks with high latency.

• caching of folder and file properties, where clients keep local copies of folders and files.

• improved scalability for file sharing (number of users, shares, and open files per server greatly increased).

Under Down-Negotiation, these configuration options are available. Complete the configuration on the client-side appliance.

Optimizes connections that are successfully negotiated down to SMB1 according to the settings under Optimization > Protocols: CIFS (SMB1). Enable this control on the client-side SteelHead.

RiOS bypasses down-negotiation to SMB1 when the client or the server is configured to use only SMB2/3 or the client has already established an SMB2/3 connection with the server. If the client already has a connection with the server, you must restart the client.

Down-negotiation can fail if the client only supports SMB2 or if it bypasses negotiation because the system determines that the server supports SMB2. When down-negotiation fails, bandwidth optimization is not affected.

Under Optimization, these configuration options are available. Complete the configuration on both the client-side and server-side appliances.

Performs SMB2 latency optimization in addition to the existing bandwidth optimization features. These optimizations include cross-connection caching, read-ahead, write-behind, and batch prediction among several other techniques to ensure low-latency transfers. RiOS maintains the data integrity, and the client always receives data directly from the servers. By default, SMB2 optimization is disabled.

To enable SMB2, both SteelHeads must be running RiOS 6.5 or later. After enabling SMB2 optimization, you must restart the optimization service.

Performs SMB3 latency optimization in addition to the existing bandwidth optimization features. This optimization includes cross-connection caching, read-ahead, write-behind, and batch prediction among several other techniques to ensure low-latency transfers. RiOS maintains the data integrity and the client always receives data directly from the servers. By default, SMB3 optimization is disabled.

To enable SMB3, both SteelHeads must be running RiOS 8.5 or later. After enabling SMB3 optimization, you must restart the optimization service.

You must upgrade both your server-side and client-side SteelHeads to RiOS 9.5 or later to enable DFS optimization. However, this box only needs to be checked on the client-side SteelHead.

If you have enabled or disabled SMB1, SMB2, or SMB3 optimization, you must restart the optimization service.