homepage

CIFS

Brought to you by Visuality Systems

 

What is CIFS?

The Common Internet File System (CIFS) is a protocol that provides access to files, folders and other shareable network resources like printers.

What can a CIFS client do?

A CIFS client application can read, write, edit and even remove files on a remote server. CIFS clients can communicate with any servers that are configured to receive CIFS client requests.

When has CIFS been introduced?

Microsoft implemented CIFS in the 1990s with the release of Windows 95. CIFS is based on the Server Message Block (SMB) protocol developed by Barry Feigenbaum at IBM in the 1980s.

CIFS transport layer

SMB was originally designed to run over NetBIOS / NetBEUI transport (typically implemented with NetBIOS Frames – NBF, NetBIOS over IPX/SPX, or NetBIOS over TCP/IP – NBT) in order to regulate local file access in a network file system.

CIFS first steps

Microsoft then merged CIFS with LAN Manager, incorporating both client and server. The client sends a request and the server responds enabling data exchange with authenticated computers.

CIFS and network management

CIFS was initially introduced for file sharing but later it has been used for network management and other network services to support a growing need for privilege separation and scale of use.

Operating systems supporting CIFS

Various versions of CIFS have been released over time in order to adapt the protocol to various operating systems:

DOS

The original model was simply for file-sharing in a NETBIOS environment and it basically worked by specifying directory and file names to be shared, eventually with one password per share.

Windows NT

A concept of grouping computers into domains was developed. Such terms as DC (Domain Controller), PDC (Primary Domain Controller) and Domain Membership were first introduced.

Windows 2000

This is the first operating system supporting Active Directory through modified open protocols. The concept of active domain implies central points of authority. Several domains can exist, with fewer limits to the domain size.

From SMB1 to SMB2

CIFS / SMB1.0 was used in Windows 2000, Windows XP, Windows Server 2003 and Windows Server 2002 R2. The need to:

1. increase the scale of sharing files

2. boost performance to support compound requests

3. enhance larger reads and writes

4. strengthen security and robustness using HMAC SHA-256 – Message Authentication Code – instead of MD5 – for signature and data integrity

represented a radical change. Since Microsoft wanted to mark off a justified perception of CIFS as buggy, the updated protocol was renamed SMB2.

SMB 2.0, integrated in Windows Vista and Windows Server 2008, was much more durable than SMB1. Version SMB2.1 in Windows 7 and Windows Server 2008 R2 made improvements in file leasing, ensured large MTU support and Branch Cache.

SMB3 and higher

SMB 3.0, used with Windows 8 and Windows Server 2012, introduced SMB multi-channeling, SMBDirect, and transparent failover that improved performance and scaling-out. It includes more features for back-up, security and management, SQL Server, PowerShell and more. It also introduced security enhancements like end-to-end encryption and a new AES based signing algorithm.

With SMB 3.02 Microsoft introduced the option to completely disable CIFS/SMB1 support

in Windows 8.1 and Windows Server 2012 R2, including the actual removal of the related binaries. Even if it’s not the default configuration, Microsoft recommended disabling the older version of the protocol in scenarios where it is useless, like Hyper-V over SMB.

SMB 3.1.1 was introduced with Windows 10 and Windows Server 2016. SMB3.1.1 supports AES-128-GCM (in addition to AES-128-CCM) for encryption and includes SHA-512 hash for pre-authentication integrity check. In addition, SMB 3.1.1 forces secure negotiation when connecting to clients that use SMB2 and higher.

Conclusion

If you are looking to achieve scalability, best performance, high availability and, last but not least, overall security in your CIFS / SMB assets, then you should update all of them to the latest SMB version.

 

This site is brought to you by Visuality Systems – The SMB Protocol Experts.