Dell VNX5800 VNX Series: Introduction to SMB 3.0 Support - Page 19

system-level (where encryption is set in the registry of the CIFS server), and all share access would require encryption. There is no configuration needed at the client-level. SMB encryption is not the same as Data at Rest Encryption (DARE) and will not encrypt data on disk. SMB encryption only encrypts data during transmission over the network. Once the data arrives at the destination, it is decrypted before it is saved to disk. Encryption settings To support the SMB 3.0 protocol, VNX has two new values added to the registry of the CIFS server: EncryptData and RejectUnencryptedAccess. Setting the EncryptData value enables encryption on all shares on the CIFS server. By default, the EncryptData value is disabled. Setting the RejectUnencryptedAccess value prevents clients that do not support encryption from establishing a session to the share. Instead, the client receives an ACCESS_DENIED message after the failed attempt. Disabling the RejectUnencryptedAccess value gives pre-SMB 3.0 clients the ability to access encrypted shares. By default, the RejectUnencryptedAccess value is enabled. To configure these parameters on the registry of the CIFS server, do the following steps: 1. Open the Registry Editor (regedit.exe) on a computer. 2. Select File > Connect Network Registry. 3. Type the hostname or IP Address of the CIFS server and click Check Names. When the server is recognized, click OK to close the window. 4. You can edit the parameters under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Pa rameters as shown in Figure 12. EMC VNX Series: Introduction to SMB 3.0 Support 19