Unsolved
2 Posts
0
404
Is it possible to disable SMB3 encryption on the share
I'm not familiar with the data domain so am posting this on behalf of our customer.
I have a customer that has an appliance that exports data to his datadomain. Recently, there was an update that enabled SMB3 encryption, which now means these exports to the data domain are encrypted. There is nothing wrong there, and reading on the internet that is one of the benefits of SMB3. However, it also says that SMB3 encryption can result in a 30% drop in read performance and 50% in write performance.
The exports from the appliance are now taking 10 times longer. The appliance that generates the data cannot have it's SMB settings changed but reading on the net, it seems it's the client that asks if encrypting is available to the target device. If it is, then data is sent encrypted.
My question is, is there a way that SMB3 encryption can be disabled on the data domain (ideally on just that share he has configured) so that when the export starts, it doesn't try to encrypt data and we are hoping the exports will go a lot quicker.
Scaler_Len
2 Posts
0
July 27th, 2023 04:00
Might be answering my own question but Google Bard came back with this. If someone could confirm these are the steps, that would be awesome.
Yes, it is possible to disable SMB3 encryption on a Dell Data Domain. However, it is not recommended, as SMB3 encryption provides a significant security improvement over SMB2 and SMB1. If you do decide to disable SMB3 encryption, you should be aware of the security risks involved.
To disable SMB3 encryption on a Dell Data Domain, you can follow these steps:
Once you have disabled SMB3 encryption, you will need to restart the Data Domain for the changes to take effect.
Here are some of the security risks involved in disabling SMB3 encryption:
If you are concerned about the security risks of disabling SMB3 encryption, you should consult with your IT security team.