Server Message Block (SMB) file systems use authenticated encryption to protect against interception or tampering when data is transmitted between ECS instances and NAS file systems.
Usage notes
- Operating systems supported by compute nodes
On the compute nodes, you must use operating systems that support SMB 3.0 or later. The following table lists the operating systems.
Type Version Windows Server - Windows Server 2012 R2 Datacenter 64-bit (Chinese version) and later
- Windows Server 2012 R2 Datacenter 64-bit (English version) and later
Alibaba Cloud Linux - Alibaba Cloud Linux 4.19.34 and later
- Alibaba Cloud Linux 3
Red Hat Red Hat Enterprise Linux 7.5 64-bit and later CentOS CentOS 7.6 64-bit and later Ubuntu Ubuntu 18.04 64-bit and later Debian Debian 10.2 64-bit and later SUSE Linux SUSE Linux Enterprise Server 12 SP2 64-bit and later OpenSUSE openSUSE Leap 42.3 64-bit and later CoreOS CoreOS 4.19.43 and later - Permissions for in-transit encryption
Anonymous users are not allowed to use the in-transit encryption feature. Only Active Directory (AD) users can use this feature after they mount SMB file systems.
- Performance loss during transmission encryption
Compared with a file system for which you disable transmission encryption, a file system for which you enable transmission encryption can be accessed with a 10% more delay and 10% less IOPS.
Enable in-transit encryption
| Parameter | Description |
|---|---|
| Enable In-transit Encryption | Select Yes to enable in-transit encryption for the SMB file system. |
| Deny Access from Non-encrypted Clients | Configure the types of compute nodes that can access the SMB file system.
|