Server Message Block (SMB) file systems use authenticated encryption to protect against interception or tampering when data is transmitted between ECS instances and NAS file systems.
Usage notes
Operating systems supported by compute nodes
On the compute nodes, you must use operating systems that support SMB 3.0 or later. The following table lists the operating systems.
Type
Version
Windows Server
Windows Server 2012 R2 Datacenter 64-bit (Chinese version) and later
Windows Server 2012 R2 Datacenter 64-bit (English version) and later
Alibaba Cloud Linux
Alibaba Cloud Linux 2 (kernel version: 4.19.34 and later)
Alibaba Cloud Linux 3
Red Hat
Red Hat Enterprise Linux 7.5 64-bit and later
CentOS
CentOS 7.6 64-bit and later
Ubuntu
Ubuntu 18.04 64-bit and later
Debian
Debian 10.2 64-bit and later
SUSE Linux
SUSE Linux Enterprise Server 12 SP2 64-bit and later
OpenSUSE
openSUSE Leap 42.3 64-bit and later
CoreOS
CoreOS 4.19.43 and later
Permissions for encryption in transit
Anonymous users are not allowed to use the encryption in transit feature. Only Active Directory (AD) users can use this feature after they mount SMB file systems.
Performance loss
Compared with a file system for which you disable encryption in transit, a file system for which you enable encryption in transit can be accessed with a 10% more latency and 10% less IOPS.
Enable encryption in transit
You can enable encryption in transit for an SMB file system only if you use the access control list (ACL) for the SMB file system. The following table describes the parameters that you can specify to enable the feature.
Parameter | Description |
Enable Encryption in Transit | Select Yes to enable encryption in transit for the SMB file system. |
Deny Access from Non-encrypted Clients | Configure the types of compute nodes that can access the SMB file system.
|
For more information, see Features.