Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

dynamox

11 Legend

 • 

20.4K Posts

 • 

87.4K Points

10090

January 5th, 2016 13:00

SMB Signing ?

Hello,

A few articles that i found on support website state that digitally signed communication is not supported by Data Domain. Is this still true ? Plans to add support for SMB signing ?

Thank you

PatrickBetts

1 Rookie

 • 

116 Posts

January 12th, 2016 12:00

Not many actually.  This is most likely due to the performance hit.  Some customer environments require it though.

DTG_K

5 Posts

January 6th, 2016 12:00

From what I've seen -it is supported in DDOS 5.5 and later - refer to the DD Admin guide to see how to enable SMB signing.  Note though that it is disabled by default because of the performance hit - this is noted in the admin guide (see below) as well as in various knowledgebase articles and Microsoft technet.

pg 230 of DDOS 5.5 Admin Guide:  "This feature is disabled by default because it degrades
performance. When enabled, SMB signing can cause a 29 percent (reads) to 50 percent
(writes) throughput performance drop, although individual system performance will vary."



PatrickBetts

1 Rookie

 • 

116 Posts

January 12th, 2016 12:00

Dynamox,

My apologies, it's not listed as customer viewable.  Here is the pertinent information:

On the DD OS version 5.2.4 you can configure SMB signing using the “server signing” CIFS option. There are three possible values for server signing:


Disabled, Auto, and Mandatory.


  • When server signing is set to Disabled, SMB signing is disabled. This is the default.
  • When server signing is set to Auto, SMB signing is offered but not enforced.
  • When server signing is set to Mandatory, SMB signing is required. Both computers in the SMB connection must have SMB signing enabled.


You can use these CLI commands to configure SMB signing:

#cifs option set "server signing" auto

Purpose: Sets server signing to automatic.

#cifs option set "server signing" mandatory

Purpose: Sets server signing to mandatory.

#cifs option reset "server signing"

Purpose: Resets server signing to the default (disabled).

As a best practice, whenever you need to change the SMB signing options, first disable and then enable (restart) the CIFS service using the following CLI commands:

#cifs disable

#cifs enable

dynamox

11 Legend

 • 

20.4K Posts

 • 

87.4K Points

January 12th, 2016 12:00

Patrick,

i am not authorized to view that KB.

PatrickBetts

1 Rookie

 • 

116 Posts

January 12th, 2016 12:00

dynamox,

Here is the current KB on SMB signing:

181357 : SMB Signing on Data Domain            
https://support.emc.com/kb/181357


Not public so I'm pasting the pertinent information:


On the DD OS version 5.2.4 you can configure SMB signing using the “server signing” CIFS option. There are three possible values for server signing:


Disabled, Auto, and Mandatory.

  • When server signing is set to Disabled, SMB signing is disabled. This is the default.
  • When server signing is set to Auto, SMB signing is offered but not enforced.
  • When server signing is set to Mandatory, SMB signing is required. Both computers in the SMB connection must have SMB signing enabled.


You can use these CLI commands to configure SMB signing:

#cifs option set "server signing" auto

Purpose: Sets server signing to automatic.

#cifs option set "server signing" mandatory

Purpose: Sets server signing to mandatory.

#cifs option reset "server signing"

Purpose: Resets server signing to the default (disabled).

As a best practice, whenever you need to change the SMB signing options, first disable and then enable (restart) the CIFS service using the following CLI commands:

#cifs disable

#cifs enable


dynamox

11 Legend

 • 

20.4K Posts

 • 

87.4K Points

January 12th, 2016 12:00

Thank you Patrick. How many customers do you talk to and see in the field actually enable SMB signing (and acknowledge substantial decrease in performance) ?

Was this post helpful?

View All

0 events found

No Events found!

Top