Windows domain authentication

• Microsoft Windows file servers using signed SMB or signed SMB2/3 for file sharing to Microsoft Windows clients.

• Microsoft Internet Information Services (IIS) web servers running HTTP or HTTP-based web applications such as SharePoint 2007.

For details, go to Optimizing in a Secure Windows Environment and the SteelHead Deployment Guide - Protocols.

RiOS supports end-to-end Kerberos authentication for these secure protocols:

Remember, if you configure the server-side SteelHead to support end-to-end Kerberos authentication, you can join it to the domain in Active Directory integrated mode to support other clients that might be using NTLM authentication. This configuration can provide flexible and broad support for multiple combinations of Windows authentication types in use within the Active Directory environment.

RiOS protects authentication credentials for delegate and replication users by storing them in the secure vault. The secure vault contains sensitive information about your appliance configuration.

You must unlock the secure vault to view, add, remove, or edit any replication or delegate user configuration details that are stored on the SteelHeads. The system initially locks the secure vault on a new appliance with a default password known only to RiOS. This lock allows the appliance to automatically unlock the vault during system start up. You can change the password, but the secure vault does not automatically unlock on start up. RiOS also locks the secure vault on a SteelHead that is upgraded to RiOS 9.0 and later.

For details, see Unlocking the secure vault.

Windows 7 clients with RiOS 9.0 and later can use Kerberos authentication for maximum security. Kerberos authentication does not require delegation mode configuration, but you must configure both NTLM authentication (either transparent mode or delegation mode) along with Kerberos authentication (if desired).