EasyManuals Logo
Home>EMC>Storage>Unity Family

EMC Unity Family User Manual

EMC Unity Family
70 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #47 background imageLoading...
Page #47 background image
In SMB1, enabling signing significantly decreases performance, especially when going
across a WAN. There is limited degradation in performance with SMB2 and SMB3
signing as compared to SMB1. The performance impact of signing will be greater when
using faster networks.
Configure SMB signing with GPOs
Table 13 on page 47 explains the GPOs available for SMB1 signing.
Note
For SMB2 and SMB3, each version has a GPO for each side (server-side and client-
side) to enable the Digitally sign communications (always) option. Neither server-side
nor client-side has a GPO to enable the Digitally sign communications (if client agrees)
option.
Table 13 SMB1 signing GPOs
GPO name What it controls Default setting
Microsoft network server:
Digitally sign communications
(always)
Whether the server-side SMB
component requires signing
Disabled
Microsoft network server:
Digitally sign communications
(if client agrees)
Whether the server-side SMB
component has signing
enabled
Disabled
Microsoft network client:
Digitally sign communications
(always)
Whether the client-side SMB
component requires signing
Disabled
Microsoft network client:
Digitally sign communications
(if server agrees)
Whether the client-side SMB
component has signing
enabled
Enabled
You can also configure SMB signing through the Windows Registry. If a GPO service is
not available, such as in a Windows NT environment, the Registry settings are used.
Configure SMB signing with the Windows Registry
Registry settings affect only the individual server or client that you configure. Registry
settings are configured on individual Windows workstations and servers and affect
individual Windows workstations and servers.
Note
The following Registry settings pertain to Windows NT with SP 4 or later. These
Registry entries exist in Windows Server, but should be set through GPOs.
The server-side settings are located in: HKEY_LOCAL_MACHINE\System
\CurrentControlSet\Services\lanmanserver\parameters\
Note
For SMB2 and SMB3, each version has a Registry key for each side (server-side and
client-side) to enable the requiresecuritysignature option. Neither server-side nor
client-side has a Registry key to enable the enablesecuritysignature option.
Communication Security
Protocol (SMB) encryption and signing 47

Table of Contents

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the EMC Unity Family and is the answer not in the manual?

EMC Unity Family Specifications

General IconGeneral
BrandEMC
ModelUnity Family
CategoryStorage
LanguageEnglish

Related product manuals