Administrator Guide

ManualsBrandsDell ManualsCompellent (SCStorage SCv2000

421

422

423

424

425

426

427

428

429

430

Enable or Disable AES-Based Encryption for an SMB Share

Encryption requires SMBv3 or later. If you are using SMB versions earlier than v3, access to encryption-enabled shares will be denied.

About this task

This procedure enables or disables Advanced Encryption Standard (AES)-based encryption on an SMB share.

Steps

1 In the Storage view, select a FluidFS cluster.

2 Click the File System tab.

3 In the File System view, select SMB Shares.

4 In the SMB Shares panel, select an SMB share and click Edit Settings.

The Edit Settings dialog box opens.

5 Click Advanced.

6 In the AES-based Encryption eld, select or clear the Enable checkbox.

7 Click OK.

Enable or Disable SMB Message Signing

To help prevent attacks that modify SMB packets in transit, the SMB protocol supports the digital signing of SMB packets. SMB2 protocol

3.1.1 dialect adds pre-authentication integrity, cipher negotiation, AES-128-GCM cipher, and cluster dialect fencing. Pre-authentication

integrity improves protection from an attacker in tampering with SMB2’s connection establishment and authentication of messages. The

cipher can be negotiated during connection establishment. In addition to AES-128-CCM cipher used at SMB 3.0.x, Windows 10 (and

Windows Server 2016) added AES-128-GCM cipher in SMB 3.1.1. The GCM mode oers a signicant performance gain.

1 In the Storage view, select a FluidFS cluster.

2 Click the File System tab.

3 In the File System view, select Client Accessibility.

4 Click the Protocols tab.

5 In the SMB Protocol panel, click Edit Settings.

The Edit Settings dialog box opens.

6 Enable or disable required message signing:

• To enable required message signing, select the SMB Signing Enforcement checkbox.

• To disable required message signing, clear the SMB Signing Enforcement checkbox.

7 Click OK.

Enable or Disable SMB Message Encryption

SMBv3 adds the capability to make data transfers secure by encrypting data in ight. This encryption protects against tampering and

eavesdropping attacks.

1 In the Storage view, select a FluidFS cluster.

2 Click the File System tab.

3 In the File System view, select Client Accessibility.

4 Click the Protocols tab.

5 In the SMB Protocol panel, click Edit Settings.

The Edit Settings dialog box opens.

6 Enable or disable message encryption:

• To enable message encryption, select the SMB Encryption Enforcement checkbox.

• To disable message encryption, clear the SMB Encryption Enforcement checkbox.

FluidFS Administration

425