There are many powerful features related to storage in Windows Server 2016. The storage spaces direct and storage replica greatly extend the capabilities of what can be done in the world of Hyper-V, using Windows Server 2016. A less mentioned upgraded functionality contained in Windows Server 2016 is the SMB or Server Message Block protocol.
SMB 3.1.1 is the SMB version contained in Windows Server 2016 takes the advancements in SMB usage and storage to the next level in terms of performance and security.
In this post, we will look at Windows Server 2016 SMB 3.1.1 Features and Hyper-V Enhancements to see how this protocol version extends Windows Server 2016 in terms of security and performance and also the capabilities that SMB 3 opens up in general for enterprise datacenters running Hyper-V.
Windows Server 2016 SMB 3.1.1 Features and Improvements
There are many new featured improvements when it comes to what the SMB 3.1.1 protocol allows Windows Server 2016 to do in terms of security and performance.
First of all, let’s look at the security benefits to SMB 3.1.1.
With SMB 3.1.1, there is a new Pre-Authentication Integrity mechanism that provides improved protection from any sort of man-in-the-middle attacks that may try to alter an SMB connection establishment or authentication. The way this works is Pre-Authentication Integrity verifies all negotiations and session setup exchanges used by SMB with a strong cryptographic hash (SHA-512). The SMB signing mechanism that is used on top of SMB 3.1.1 protects users from attackers eavesdropping on packets.
There are also various encryption improvements contained in SMB 3.1.1 including the use of AES-128-GCM which performs better on today’s modern processors. The encryption algorithm negotiated is chosen with each SMB connection with options for the CCM and GCM variants of AES-128. This change in encryption algorithm can produce a 2X performance improvement when copying large files over encrypted SMB connections.
The SMB 3.1.1 also provides support for cluster rolling upgrade for Scale-Out File Servers or SOFS. This feature is known as Cluster Dialect Fencing. With this capability a single SMB server presents support for different maximum variants of SMB, depending on whether the SMB client is accessing clustered or non-clustered file shares.
Windows Server 2016 and Windows 10 can communicate with the older version of the Windows operating system. When it does, SMB version 3.0.2 or earlier versions are leveraged to maintain the legacy connectivity.
Technologies Made Possible by SMB 3
SMB 3 as mentioned was released with Windows Server 2012 and represented a major leap forward for the SMB protocol including the following features:
- SMB Transparent Failover
- SMB Scale-Out
- SMB Multichannel
- SMB Direct
- SMB Encryption
- VSS for SMB file shares
- SMB Directory Leasing
- SMB PowerShell
Let’s look at a select few of the above list that has been a game changer with being able to utilize the SMB protocol as a true enterprise ready file protocol.
SMB Transparent Failover
The SMB Transparent Failover mechanism allows bringing back the state of an SMB connection to an alternate node in the event of a node failure. This can lead to only brief pauses in I/O while another node assumes the I/O.
SMB Scale-Out
This may be one of the single most important SMB developments as it has led to the ability to have multiple nodes in a Failover Cluster configuration to access the same LUN at the same time. This technology was introduced as Cluster Shared Volumes in Windows Server 2008 R2 and effectively allows multiple hosts to read and write to the same volume at the same time. This was a game changer for Hyper-V in that it allows all the hosts in the Failover Cluster to be able to read and write to virtual machines on the same LUN.
Cluster Shared Volumes has led to another advancement called the Scale-Out File Server. This allows efficient scaling in large environments of the backend storage for applications such as SQL Server and Hyper-V. The Scale-Out File Server is a portion of what is known as the “Converged” configuration in Storage Spaces Direct configurations.
SMB Multichannel
The SMB Multichannel feature of SMB 3 allows for having no single point of failure by establishing multiple connections for a single SMB session. This is a feature that is configured automatically. The SMB 3 client automatically looks for additional paths to the SMB server.
SMB Direct
SMB Direct greatly enhances performance by bypassing the host processing resources to perform file copy operations. An RDMA network adapter is utilized which allows the SMB communication to bypass the host processing capabilities, access a special area in memory and perform the SMB operation. This is at almost no cost to the server in terms of processing resources.
Windows Server 2016 SOFS, Storage Spaces, and Hyper-V over SMB Storage
Windows Server 2016 which includes SMB 3.1.1 builds on the SMB 3 protocol that was introduced in Windows Server 2012. SMB 3, in general, makes many different types of technologies possible from a storage perspective.
Let’s look at the following:
- Scale-Out File Server
- Storage Spaces
- Hyper-V over SMB storage
Scale-out File Server
We have already mentioned SMB Scale-Out and the “Converged” configuration for Hyper-V Storage Spaces Direct made possible by SMB 3. The Scale-Out File Server or SOFS can also allow you to make better use of SAN or other storage in your environment. By placing a scale-out file server cluster in front of the SAN and using SMB3, the SoFS cluster nodes broker access to the SAN. This allows a much more cost-effective use of SAN storage since it allows all desired servers to have access to SAN storage without having a direct SAN connection to the storage array itself.
Storage Spaces
Storage spaces can be used in conjunction with a Scale-Out File Server cluster for backend storage if a SAN is not being utilized. You can have a cluster of file servers with cluster storage provisioned that by using SMB 3 storage provisioned, if you have a failure, you will have resiliency by default to the backend storage spaces storage.
Hyper-V Over SMB Storage
Another option when considering SMB3 storage as relates specifically to Hyper-V is using SMB 3 shares as the storage for your Hyper-V virtual machines. This allows organizations to have another storage option without having a SAN provisioned for Hyper-V storage. It is easy to configure as well. Instead of managing storage fabric and LUNS, you simply manage file share. For the configuration to work, it simply needs the correct permissions for the Hyper-V host’s computer account and the cluster account. You have to grant Full Control permissions at the share and NTFS permission level for the accounts mentioned to have the appropriate access for use as Hyper-V storage.
The permissions can easily be granted using the Failover Cluster Manager or by utilizing PowerShell. Once the share and NTFS permissions are configured correctly, you can simply point to the UNC path for storing virtual machine files. The share can store the virtual disks, configuration files, checkpoint files, and page files.
Concluding Thoughts
The SMB Protocol has been around for quite some time and has been the backbone of Windows Server communication since the outset. In the last few Windows Server releases, there have been major improvements to the SMB protocol. Starting in SMB 3, many capabilities were added to the protocol that formed the groundwork for many advanced storage features that are available with Windows Server 2016. As relates to Hyper-V, storage spaces direct, scale-out file server and storage replicas are all made possible by the enhancements starting with SMB3. Hyper-V environments are directly benefited by these and other technologies such as RDMA used by SMB Direct which is utilized in Storage Spaces Direct.
Follow our Twitter and Facebook feeds for new releases, updates, insightful posts and more.