Post to Twitter |
Comments (7) |
Views (23060) |
This video TIP will demonstrate how to disable SMB signing within a CIFS environment. The Citrix WanScaler optimizes the Microsoft CIFS protocol, this protocol which was designed for a LAN environment has a very high overhead and is bandwidth intensive. CIFS deployed over a WAN environment may provide unpredictable performance and user experience.
SMB signing digitally signs the CIFS protocol between two Micosoft servers. When SMB signing is enabled then the WanScaler cannot inspect the signed CIFS traffic. One must note, that even with SMB enabled the WanScaler will acccelerate layer 4 TCP traffic and some performance improvement will be seen. If an administrator wishes to experience the high gains of actually optimizing CIFS you must disable SMB.
Comments (7)
Aug 04, 2008
Anonymous says:
Won't this have an effect on the security of the internal network. If "SMB signi...Won't this have an effect on the security of the internal network. If "SMB signing" is disabled, won't anyone with a network sniffer be able to see the files downloaded in cleartext ?
Aug 04, 2008
Anonymous says:
you can even see the traffic when signing is enabled.signing does not mean encry...you can even see the traffic when signing is enabled.signing does not mean encryption it is just message integrity which means MIM cannot change the content of the SMB packet.
Sep 22, 2008
Anonymous says:
Why does the article say "When SMB signing is enabled then the WanScaler cannot ...Why does the article say "When SMB signing is enabled then the WanScaler cannot inspect the signed CIFS traffic.". Surely, if there is no encryption, then WanScaler should be able to inspect the signed CIFS traffic.
Sep 22, 2008
Anonymous says:
For an signed SMB connection the client and the server need to sign every packe...For an signed SMB connection the client and the server need to sign every packet so that the receiver is convinced it came from the right source/machine. Since we don't have the same keys to generate the signature, we won't be able to sign as the client or the server for the read ahead requests that we generate. If we can't do that we can not do Read Ahead and hence no acceleration on the signed packet. This is a very good exercise for really digging into the protocol, signatures and acceleration. Any other topics that you wish to see me blog about?
Aug 04, 2008
Anonymous says:
The article should be adjusted to say you are disabling SMB signing. It reads as...The article should be adjusted to say you are disabling SMB signing. It reads as if you are disabling SM, which is mis-leading.
"One must note, that even with SMB signing enabled the WanScaler will acccelerate layer 4 TCP traffic and some performance improvement will be seen. If an administrator wishes to experience the high gains of actually optimizing CIFS you must disable SMB signing.
Sep 17, 2008
Andrew Storrs says:
+1+1
Sep 18, 2008
Amos Gregory says:
Hi Andrew, thanks for the comment. I noticed that you post on quite a few blogs ...Hi Andrew, thanks for the comment. I noticed that you post on quite a few blogs related to Citrix topics.
Add Comment