SMB File Shares: A Primer


Image Source

File sharing is an essential part of our daily activities. You can share files between two network nodes, between a client and a server or between two nodes of different networks. All multi-user environments require a file sharing protocol, no matter which type of sharing you need.

The SMB application layer network layer protocol is mostly used with the Windows operating system. This article reviews the features, benefits and use cases of this protocol. 

What Is SMB?

Server Message Block (SMB) is a client-server protocol used to share access to resources, like files, serial ports, or printers. SMB is also responsible for interprocess communication over a network. The SMB protocol can communicate with any server program that receives SMB client requests through the use of NetBIOS or over TCP/IP. 

SMB work enables you to mount a file share directly on different operating systems like Linux, Windows, or macOS. The protocol is compatible with both on-premise and cloud environments. In addition, SMB grants access to security features like AES based signing and end-to-end encryption.

SMB vs CIFS

Common Internet File System (CIFS) is a network files system protocol that provides shared access to files in a network. CIFS is a specific implementation of the SMB protocol, created by Microsoft. Most people consider CIFS and SMB to be the same thing. These protocols are interchangeable, for example, a client speaking CIFS can communicate with a server speaking SMB and the other way round.

However, there are some differences in performance and implementation tuning. Things like file locking, mass modification of files, performance over LAN/WAN are handled differently.

Which one should I use?

Most modern storage systems do not use CIFS anymore, they use SMB 2 or SMB 3. SMB 2 is the standard protocol for Windows operating systems since the release of the Vista version. SMB 3 is an integral part of Windows 8 and Windows Server 2012.

SMB 2 and SMB 3 are massive upgrades over the CIFS. Many storage architects consider file sharing with CIFS to be a thing of the past. The obvious choice for modern organization is the SMB protocol.

SMB Use Cases

  • File storage for Hyper-V—Hyper-V is a Windows Virtual Machine (VM) feature. Hyper-V can store virtual machine files like Virtual Hard Disk (VHD) files, configuration, and snapshots over the SMB 3.0 protocol. You can use Hyper-V for both clustered file servers and stand alone file servers together with shared file storage for the cluster.
  • SQL Server over SMB—you can store user database files on SMB file shares with the SQL Server. This is supported for standalone SQL servers and SQL Server 2008 R2. Future versions of SQL Server will add support for system databases and clustered SQL servers.
  • Storage for end-user data—the SMB 3.0 protocol improves end-user applications by reducing application latencies and protecting data from eavesdropping attacks.

SMB Direct: Benefits and Considerations

SMB Direct is an extension of the SMB technology used for file operations. SMB Direct is used by Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016. The extension also supports network adapters that support Remote Direct Memory Access (RDMA). Network adapters with RDMA can function at full speed with very low latency, while using very little CPU power. 

Additional features of SMB Direct include:

  • Increased throughput—leverages the full throughput of high speed networks to transfer large volumes of data at high speed.
  • Low CPU utilization—SMB Direct uses less CPU cycles when transferring data over the network. This results in more available power for server applications.
  • Low latency—low latency of SMB Direct enables remote file server workloads, and resembles local storage by providing fast responses to network requests.

SMB Direct Multichannel

The SMB Multichannel feature detects RDMA capabilities of network adapters. After detecting RDMA capabilities in an adapter, SMB creates multiple RDMA connections for that single session. As a result, SMB can leverage the low latency, high throughput, and low CPU utilization of RDMA network adapters. Moreover, SMB Multichannel offers fault tolerance if you are using multiple RDMA interfaces.

SMB Direct considerations

Consider the following options when working with SMB Direct:

  • Use SMB Direct in a failover cluster—failover clustering supports using multiple networks for client access, along with network adapters that support RSS (Receive Side Scaling) and RDMA. Make sure that the cluster networks used for client access are suitable for SMB Direct. 
  • Use SMB Direct on the Hyper-V—SMB Direct can support Hyper-V over SMB and provide storage to a VM that uses the Hyper-V storage stack. However, network adapters that support RDMA are not exposed directly to a Hyper-V client. When you connect an RDMA network adapter to a virtual switch, the virtual network adapters from the switch will not support RDMA.
  • Disabling SMB Multichannel, also disables SMB Direct— the client cannot use SMB Direct if you disable SMB Multichannel since you will not be able to detect if the network adapter supports RDMA.

SMB Encryption

Encryption provides protection to data transferred over SMB, and prevents eavesdropping on untrusted networks. SMB Encryption requires additional costs for dedicated software or hardware. 

SMB encryption has no requirements for WAN accelerators or Internet Protocol security (IPsec). You can configure SMB encryption for the entire file server or on a per share basis. You should consider encrypting SMB data when communicating over untrusted networks to avoid man-in-the-middle attacks.

How to enable SMB encryption

Using with Windows PowerShell

  1. Type the following script on the server to enable SMB encryption for an individual file share

    Set-SmbShare –Name -EncryptData $true

  2. Type the following script on the server to enable SMB encryption for an entire file server

    Set-SmbServerConfiguration –EncryptData $true

  3. Type the following script to create a new encrypted SMB file share

    New-SmbShare –Name -Path –EncryptData $true

Using Server Manager

  • Open File and Storage Services in the Server Manager
  • Click on Shares to open the page of Shares management
  • Right-click on the share you want to encrypt and then select Properties.
  • Select Encrypt data access on the settings page of the share
  • The remote file access to this share is now encrypted

Conclusion

The SMB file sharing protocol was originally developed for Windows, but you can also use it on other operating systems like Unix and Mac OS X. To use SMB on other platforms you need a software implementation called Samba. Windows, Mac, and Unix computers can share files, folders, and printers by using the Samba software. This is useful for Windows-based office networks where there are developers who refuse to use Windows.

Author Bio

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.