Administrator Guide

ManualsBrandsDell ManualsStorageDell Compellent FS8600

391

392

393

394

395

396

397

398

399

400

Enable or Disable SMB Message Signing

To help prevent attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. SMB2

protocol 3.1.1 dialect adds pre-authentication integrity, cipher negotiation, AES-128-GCM cipher, and cluster dialect fencing. Pre-

authentication integrity improves protection from an attacker in tampering with SMB2’s connection establishment and authentication of

messages. The cipher can be negotiated during connection establishment. In addition to AES-128-CCM cipher used at SMB 3.0.x,

Windows 10 (and Windows Server 2016) added AES-128-GCM cipher in SMB 3.1.1. The GCM mode offers a significant performance gain.

Steps

1. In the Storage view, select a FluidFS cluster.

2. Click the File System tab.

3. In the File System view, select Client Accessibility.

4. Click the Protocols tab.

5. In the SMB Protocol panel, click Edit Settings.

The Edit Settings dialog box opens.

6. Enable or disable required message signing:

• To enable required message signing, select the SMB Signing Enforcement checkbox.

• To disable required message signing, clear the SMB Signing Enforcement checkbox.

7. Click OK.

Enable or Disable SMB Message Encryption

SMBv3 adds the capability to make data transfers secure by encrypting data in flight. This encryption protects against tampering and

eavesdropping attacks.

Steps

1. In the Storage view, select a FluidFS cluster.

2. Click the File System tab.

3. In the File System view, select Client Accessibility.

4. Click the Protocols tab.

5. In the SMB Protocol panel, click Edit Settings.

The Edit Settings dialog box opens.

6. Enable or disable message encryption:

• To enable message encryption, select the SMB Encryption Enforcement checkbox.

• To disable message encryption, clear the SMB Encryption Enforcement checkbox.

7. Click OK.

Viewing and Disconnecting SMB Connections

You can view active and idle SMB client connections and disconnect individual SMB connections.

Display SMB Connections

To display active and idle SMB connections:

Steps

1. In the Storage view, select a FluidFS cluster.

2. Click the File System tab.

3. In the File System view, select Client Activity.

4. Click the Sessions tab.

5. In the Sessions Display Filter panel, use the All Protocols drop-down list to display the SMB and NFS connections.

6. Display the SMB connections:

• To limit the display to SMB connections, select SMB from the drop-down list in the Protocol filter.

• To limit the display to active SMB connections, select None from the drop-down list in the Session idle more than filter.

• To limit the display to idle SMB connections, select a value from the drop-down list in the Session idle more than filter.

FluidFS Administration

391