SMB 3.0 (Server Message Block 3.0)
What is SMB 3.0 (Server Message Block 3.0)?
SMB 3 (Server Message Block 3.0) is a protocol that provides a way for a computer's client applications to read and write to files from a server in a computer network. SMB 3.1.1 is the latest version.
SMB 3 is built in for Windows 8, 10, and 11 as well as Windows Server 2012, 2016, and 2022. Other devices may also share files using SMB 3, such as network-attached storage (NAS) devices, printer/scanners or macOS clients. Some Microsoft technologies use SMB 3 to serve files to clients, such as Active Directory Group Policy, Windows System center and printer sharing. Some services use SMB to store and access their data files, such as Hyper-V and Microsoft SQL Server.
Since it is easy to configure and use, SMB 3 is used in many small, medium and large enterprises. SMB works best on a protected corporate LAN environment. It is not good practice to directly expose a SMB file share to the internet. While SMB 3 can be secured, it is generally not considered compatible with zero trust principles. Because of this, many organizations are replacing SMB shares with internet-capable file synchronization tools, such as Box, Dropbox, Google Drive and Microsoft OneDrive.
SMB is a file-level storage solution. This means it stores files with metadata in a folder and file directory structure. In high-performance computing (HPC), such as computer clusters or virtual machine storage, SMB may not offer enough performance. In these situations, a block level storage solution may be better.
What are SMB 3 features?
SMB 3 has several notable features:
- SMB signing lets the server and client mutually authenticate and prove they are who they claim to be. This can protect against attackers setting up rogue servers that intercept traffic.
- SMB encryption protects traffic between the server and client. This prevents eavesdropping.
- SMB direct allows supported networks adaptors to have Remote Direct Memory Access (RDMA) capability. This can reduce latency and CPU usage. If supported by both client and server, SMB direct can greatly increase performance.
- SMB multichannel allows multiple connections between a server and client simultaneously. This can improve network utilization and overall performance.
- SMB compression compresses data as it is sent over the network. This can increase effective file transfer capacity and lessen network congestion.
- SMB Scale Out allows a cluster of servers to serve a file share. This balances a network load for automatic failover.
What is the history of SMB 3?
Microsoft originally introduced SMB 3.0 with Windows Server 2012 as SMB 2.2. It was renumbered to 3.0 to reflect the additions in the new release compared to the previous version, 2.1. Microsoft added SMB encryption, SMB direct and SMB multichannel among other improvements.
SMB 3.02 was introduced with Windows Server 2012 R2 and Windows 8.1. It offered performance improvements over version 3.0.
SMB 3.1.1 was introduced with Windows Server 2016 and Windows 10. It improved SMB encryption and authentication allowing for better performance while using these features. It also allows Windows 10 clients to use SMB direct.
New Windows versions have continued to introduce security and performance improvements without increasing the SMB version number.
SMB 3 and Samba
Samba is an open source implementation of SMB clients and server. It allows non-Windows operating systems to share files over SMB. As of Samba version 4.2, it supports SMB 3.1.1. Not all the advanced features of SMB are supported by Samba, though.
SMB 3 vs NFS
Network file system (NFS) is a file-level storage protocol similar to SMB. NFS is primarily used by Linux and Unix. An implementation for NFS is available for Windows operating systems, but it is not user friendly to set up and use.
NFS is not encrypted by default while SMB is. All other things being equal, NFS has better performance for transferring many small files; SMB has better performance transferring large files.
SMB 3 vs. CIFS
CIFS (Common Internet File System) is an early dialect of the SMB protocol that is now considered obsolete. While the terms SMB and CIFS are still occasionally used interchangeably, the latter refers specifically to a single early implementation of SMB. Most data storage systems today use the more robust and newer SMB 2.0 and 3.0 file-sharing protocols, which were major upgrades over CIFS.
What are SMB 3 advantages and disadvantages?
SMB 3 has several advantages and disadvantages.
SMB 3 advantages
- Low cost. SMB 3 is built-in to Windows and has a free open source implementation. For just the cost of a server or NAS, users can have a basic file server set up on a LAN.
- Easy to use. SMB is easy to set up and configure. This can allow an administrator to quickly make a new file share.
- Active Directory integration. File shares can have permissions set through Active Directory groups, allowing for fine-grained file access control.
- Advanced cluster features. With load balancing features and automatic failover, SMB is suitable for high-availability use.
SMB 3 disadvantages
- Not Internet hardened. While generally considered secure, it is not good practice to expose a SMB server to the internet. They should be protected behind a firewall and access to the server should be tunneled through another service such as QUIC or a VPN.
- Old versions are not secure. SMB 1 is unencrypted and unauthenticated and should no longer be used. There are also known attacks against SMB 2. An attacker could exploit a poorly configured SMB 3 server to downgrade the SMB version and intercept traffic.
- Not high performance. SMB is considered fine for client network connections up to 1 Gbps. On network links higher than that the overhead of encryption and signing can severely impact performance. High-speed links between servers using SMB can require careful configuration to get the best performance. SMB is not recommended for high-performance clustered environments.
Learn the differences between NFS vs SMB vs CIFS: file storage protocols and see how Windows Server 2022 storage features address security and speed.