%3CLINGO-SUB%20id%3D%22lingo-sub-1204496%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1204496%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome!%20I%20hope%20we%20will%20see%20this%20for%20%3CSTRONG%3EAzure%20Files%3C%2FSTRONG%3E%20too.%20Any%20news%20on%20that%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3B%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1204976%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1204976%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3Byes%20the%20plan%20is%20to%20bring%20it%20to%20Azure%20Files%20too.%20Makes%20perfect%20sense%20there%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205418%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205418%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3Bgood%20move%20forward.%20Has%20the%20architecture%20also%20being%20designed%20to%20allow%20for%20SSL-offloading%20in%20DMZ%20(which%20obviously%20breaks%20the%20client-SSL%20there)%2C%20and%20reestablishing%20to%20the%20backend%20winserver%20using%20a%20new%2Fdifferent%20and%20NOT%20user-specific%20certificate%20(so%20the%20SMB%20authentication%20itself%20doesn't%20rely%20on%20the%20certificate%20identity)%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205439%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205439%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F572742%22%20target%3D%22_blank%22%3E%40thorsten_rood%3C%2FA%3E%26nbsp%3BThis%20is%20more%20a%20QUIC%20question%2C%20so%20I'm%20leery%20of%20speaking%20out%20of%20turn.%20I'd%20recommend%20talking%20to%20their%20experts%2C%20and%20I'll%20try%20to%20find%20out%20here%20with%20the%20Windows%20QUIC%20team.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAll%20SMB%20authentication%20still%20happens%20normally%20within%20the%20TLS%20tunnel%20(as%20if%20it%20was%20a%20VPN)%20so%20SMB%20is%20not%20relying%20on%20cert-based%20identity%20or%20auth%20-%20it%20will%20still%20use%20NTLM%20or%20Kerberos%20(with%20KDC%20proxy).%20This%20model%20is%20just%20swapping%20out%20the%20transport%2C%20SMB%20is%20unchanged.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205463%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205463%22%20slang%3D%22en-US%22%3E%3CP%3Ethank%20you%20Ned.%20so%20maybe%20(as%20you%20said%20it's%20decoupling%20transport%20authN%20from%20file%20authN)%20we%20might%20trial%20around%20breaking%20and%20reestablishing%20the%20transport%20as%20described%20using%20existing%20offloading%20ADCs.%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205484%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205484%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F572742%22%20target%3D%22_blank%22%3E%40thorsten_rood%3C%2FA%3E%26nbsp%3BSee%2C%20you%20already%20know%20more%20than%20I%20do%20about%20this%20%3AD%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1206038%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1206038%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EVery%20good!%20When%20will%20this%20be%20available%3F%26nbsp%3B%20Will%20this%20be%20available%20on%20server%202019%3F%20I%20have%20a%20windows%20server%202019%20with%20AZF%20sync%20agent%20installed%20I%20want%20to%20offer%20my%20remote%20users%20mappings%20to%20my%20on-premise%20domain%20joined%20server%202019%20that%20syncs%20with%20AzF.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ET%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1206649%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1206649%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3B%2C%20I%20can't%20wait%20for%20this.%20We%20at%20GE%20are%20in%20the%20middle%20of%20a%20large%20legacy%20DC%20to%20Azure%20migration%20and%20this%20would%20be%20very%20useful.%20If%20you%20need%20a%20guinea%20pig%20to%20test%20this%20out%20please%20let%20me%20know.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1207419%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1207419%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F119308%22%20target%3D%22_blank%22%3E%40John%20Steskal%3C%2FA%3E%26nbsp%3BThat's%20great%20to%20hear!%20If%20your%20TAM%20wants%20to%20arrange%20a%20call%20with%20me%20about%20details%20or%20feedback%2C%20I'm%20sure%20we%20could%20spare%2030%20min%20for%20GE%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1207428%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1207428%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F573051%22%20target%3D%22_blank%22%3E%40TT-XX-TT%3C%2FA%3E%26nbsp%3BHi.%20I%20don't%20have%20official%20timelines%20and%20platforms%20yet%2C%20but%20the%20goal%20is%20the%20next%20version%20of%20Windows%20Server%20%26amp%3B%20Azure%20Files.%20There%20is%20a%20possibility%20of%20backport%20to%20some%20flavor%20of%20WS2019%20but%20nothing%20officially%20in%20plan.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1212084%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1212084%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%3A%20You%20refer%20to%20this%20once%20as%20%22QUIC%20over%20SMB%22%20%E2%80%94%20I%20assume%20that's%20a%20typo%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1212117%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1212117%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F575480%22%20target%3D%22_blank%22%3E%40lfaraone-dbx%3C%2FA%3E%26nbsp%3BDoh!%20I%20will%20fix%2C%20thank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1183449%22%20slang%3D%22en-US%22%3ESMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1183449%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20folks%2C%20%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fnerdpyle%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3ENed%20Pyle%3C%2FA%3E%20guest-posting%20today%20about%20%3CSTRONG%3ESMB%20over%20QUIC%3C%2FSTRONG%3E%2C%20a%20game-changer%20coming%20to%20Windows%2C%20Windows%20Server%2C%20and%20Azure%20Files.%20In%20today%E2%80%99s%20world%2C%20SMB%20file%20share%20access%20for%20mobile%20users%20requires%20expensive%20%26amp%3B%20complex%20VPNs.%20Departments%20trying%20to%20use%20Azure%20Files%20often%20find%20their%20ISP%20has%20blocked%20port%20445.%20Even%20though%20users%20are%20just%20as%20likely%20to%20be%20deskless%20and%20organizations%20are%20doing%20more%20hybrid%20computing%20than%20ever%2C%20SMB%20hasn%E2%80%99t%20kept%20up.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThat%E2%80%99s%20all%20changing%20with%20SMB%20over%20QUIC.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FQUIC%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EQUIC%3C%2FA%3E%20is%20an%20IETF-standardized%20protocol%20that%20replaces%20TCP%20with%20a%20web-oriented%20UDP%20mechanism%20that%20theoretically%20improves%20performance%20and%20congestion%2C%20but%20still%20tries%20to%20maintain%20TCP%E2%80%99s%20reliability%20%26amp%3B%20broad%20applicability.%20Unlike%20TCP%2C%20QUIC%20is%20%3CEM%3Ealways%3C%2FEM%3E%20encrypted%20and%20requires%20TLS%201.3%20with%20certificate%20authentication%20of%20the%20tunnel.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%221.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F172145iD74F1B0592F57480%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%221.png%22%20alt%3D%221.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EQUIC%E2%80%99s%20already%20in%20use%20in%20Windows%2010%20through%20the%20Edge%20browser%20and%20other%20apps.%20With%20SMB%20over%20QUIC%20%E2%80%93%20I%20don%E2%80%99t%20have%20a%20clever%20marketing%20name%20for%20this%20yet%20%3A)%3C%2Fimg%3E%20%E2%80%93%20QUIC%20becomes%20the%20transport%2C%20optionally%20replacing%20TCP%2FIP%20and%20RDMA%2C%20as%20well%20as%20a%20tunnel%20securing%20all%20SMB%20payloads%20with%20encryption%2C%20even%20if%20SMB%20encryption%20is%20not%20enabled%2C%20all%20while%20multiplexing%20over%20port%20443%20to%20an%20enlightened%20share.%20An%20admin%20will%20be%20able%20to%20opt-%3CSTRONG%3E%3CEM%3Ein%20%3C%2FEM%3E%3C%2FSTRONG%3Eto%20this%20new%20capability%20by%20deploying%20a%20Windows%20Server%20at%20the%20edge%20of%20the%20network%2C%20installing%20a%20certificate%20trusted%20by%20clients%2C%20then%20enabling%20the%20QUIC%20option.%20Or%20enable%20it%20on%20their%20Azure%20Files%20instance.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20two%20design%20imperatives%20for%20SMB%20over%20QUIC%3A%20%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CSTRONG%3ESecure%3A%3C%2FSTRONG%3E%20Prevent%20man-in-the-middle%20and%20spoofing%20by%20malicious%20parties%20as%20well%20as%20guarantee%20no%20sniffing%20of%20that%20sweet%20file%20payload%20or%20allowing%20any%20user%20credentials%20onto%20the%20Internet.%20The%20entire%20SMB%20conversation%20%E2%80%93%20negotiate%20capabilities%2C%20authentication%2C%20authorization%2C%20message%20bodies%20%E2%80%93%20all%20occur%20inside%20the%20QUIC%20layer%2C%20just%20like%20if%20the%20user%20was%20in%20an%20IPSEC%20or%20VPN%20tunnel.%20Yes%2C%20it%20even%20blankets%20NTLM%20challenges.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ESimple%3A%3C%2FSTRONG%3E%20The%20user%20experience%20for%20SMB%20over%20QUIC%20can%E2%80%99t%20change%20from%20their%20corpnet%2FLAN%2Fbranch%20office%20experience%2C%20it%E2%80%99s%20too%20expensive%20to%20retrain%20users.%20So%2C%20we%20don%E2%80%99t%20add%20extra%20UI%20or%20command-line%20arguments%20to%20the%20client%20experience%20%E2%80%93%20their%20updated%20Windows%2010%20machines%20will%20simply%20try%20TCP%20and%20RDMA%20like%20always%2C%20but%20then%20wait%20briefly%20and%20try%20QUIC%20too.%20This%20means%20if%20they%20can%20get%20faster%20perf%20on%20a%20local%20network%20with%20RDMA%20or%20unencrypted%20TCP%2C%20they%20will.%20And%20if%20they%20are%20travelling%20or%20an%20admin%20mandates%20QUIC%2C%20they%20can%20get%20that%20instead.%20All%20seamless%20to%20the%20end%20user%20and%20their%20apps.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EHere%E2%80%99s%20a%20quick%20(heh)%20demo%20of%20the%20user%20experience.%20Spoiler%20alert%3A%20a%20user%20probably%20can%E2%80%99t%20tell%20anything%20changed%20except%20that%20SMB%20now%20works%20when%20I%E2%80%99m%20at%20a%20hotel%20for%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fignite%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Ignite%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%3CDIV%20class%3D%22video-embed-center%20video-embed%22%3E%3CIFRAME%20class%3D%22embedly-embed%22%20src%3D%22https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Fsrc%3Dhttps%253A%252F%252Fwww.youtube.com%252Fembed%252FZTrNSIBWgMM%253Ffeature%253Doembed%26amp%3Bdisplay_name%3DYouTube%26amp%3Burl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DZTrNSIBWgMM%26amp%3Bimage%3Dhttps%253A%252F%252Fi.ytimg.com%252Fvi%252FZTrNSIBWgMM%252Fhqdefault.jpg%26amp%3Bkey%3Db0d40caa4f094c68be7c29880b16f56e%26amp%3Btype%3Dtext%252Fhtml%26amp%3Bschema%3Dyoutube%22%20width%3D%22200%22%20height%3D%22112%22%20scrolling%3D%22no%22%20title%3D%22YouTube%20embed%22%20frameborder%3D%220%22%20allow%3D%22autoplay%3B%20fullscreen%22%20allowfullscreen%3D%22true%22%3E%3C%2FIFRAME%3E%3C%2FDIV%3E%3CP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20question%20I%20always%20get%20at%20this%20point%20is%3A%20%3CEM%3Ewhen%20is%20this%20coming%3F%20%3C%2FEM%3EI%20don%E2%80%99t%20have%20a%20good%20answer%20yet%2C%20but%20as%20we%20get%20firmer%2C%20I'll%20get%20more%20details%20out%20there.%20This%20is%20a%20key%20technology%20for%20Azure%20Files%20and%20Windows%20Server%20edge%20computing%2C%20as%20well%20as%20our%20mobile%20strategy%2C%20so%20all%20I%20can%20say%20is%20that%20it%E2%80%99s%20coming.%20As%20you%20can%20see%20from%20the%20demo%2C%20we%E2%80%99re%20far%20along.%20Check%20back%20at%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fitops-talk-blog%2Fbg-p%2FITOpsTalkBlog%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3EITOpsTalk.com%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Ffilecab%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EFileCab%3C%2FA%3E%20blogs%20for%20more%20details%20and%20info%20on%20Insider%20Previews%20this%20year.%20We%20are%20working%20with%20third%20parties%20to%20offer%20up%20this%20choice%20in%20other%20mobile%20platforms%20as%20well%20%E2%80%93%20you%20should%20be%20asking%20your%20vendors%20what%20their%20plans%20are.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20hope%20you%E2%80%99ve%20enjoyed%20learning%20about%20this%20new%20feature%2C%20I%20think%20it%E2%80%99s%20a%20real%20game%20changer.%20If%20you%20have%20questions%2C%20hit%20me%20up%20on%20%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fnerdpyle%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Etwitter%3C%2FA%3E%20or%20DM%20me%20on%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fnotes%2Fcomposepage%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3ETechCommunity%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E-%20Ned%20Pyle%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1183449%22%20slang%3D%22en-US%22%3E%3CP%3ESMB%20over%20QUIC%20is%20coming%20to%20Windows%2C%20Windows%20Server%2C%20and%20Azure%20Files.%20Learn%20more%20about%20this%20replacement%20for%20TCP%2FIP%20and%20see%20a%20demo%20of%20how%20it%20will%20improve%20your%20organization's%20mobile%20and%20hybrid%20cloud%20computing%20experience.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1183449%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Ened%20pyle%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1220135%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1220135%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20about%20a%20name%20like%20most%20wrapped%20protocols%2C%20SoQUIC%20(So%20Quick)%3F%20O.o%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1220664%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1220664%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F578500%22%20target%3D%22_blank%22%3E%40Nellson%3C%2FA%3E%26nbsp%3B%3Ao%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1363893%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1363893%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ned.%20It's%20been%20about%204%20weeks%20since%20your%20last%20update%20and%20some%20customers%20want%20to%20use%20this%20functionality%20now.%20They%20are%20in%20WFH%20status%20and%20need%20access%20to%20their%20Azure%20File%20Share.%20They%20have%20a%20S2S%20VPN.%20Most%20of%20the%20major%20ISPs%20in%20their%20area%20block%20access%20to%20port%20445.%20Do%20you%20have%20a%20new%20availability%20date%20or%20a%20suggestion%20of%20alternative%20access%20methods%20that%20are%20available%20today%3F%20I%20would%20think%20this%20would%20have%20a%20high%20priority%20like%20WVD.%20Thanks%2C%20Bruce%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1364727%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1364727%22%20slang%3D%22en-US%22%3E%3CP%3EHi.%20I%20hear%20you%20and%20I%20wish%20I%20could%20make%20this%20go%20faster%20-%20the%20SMB%20over%20QUIC%20feature%20is%20basically%20done.%20But%20it%20relies%20on%20several%20components%20of%20the%20Windows%20OS%20being%20completed%2C%20and%20it%20is%20tied%20to%20the%20Windows%20ship%20cycle.%20I%20don't%20have%20control%20over%20any%20of%20these%20things.%20Note%20that%20is%20just%20around%20Win10%20-%20Azure%20Files%20supporting%20QUIC%20is%20another%20beast%20on%20its%20own%20schedule%20and%20it's%20not%20near%20ready.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERight%20now%20VPN%20to%20AF%20is%20their%20only%20solution%2C%20either%20site%20to%20site%20or%20(probably%20better%20for%20home-based%20users)%20point%20to%20site%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fstorage%2Ffiles%2Fstorage-files-configure-p2s-vpn-windows%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fstorage%2Ffiles%2Fstorage-files-configure-p2s-vpn-windows%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1365102%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1365102%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20honest%20reply%20-%20this%20makes%20it%20easier%20for%20me%20as%20a%20partner%20to%20give%20the%20customers%20what%20to%20expect.%20We'll%20go%20for%20VPN%20at%20the%20moment.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20think%20we'll%20see%20Azure%20AD%20authentication%2Fintegration%20for%20Azure%20Files%20some%20day%3F%20And%20I'm%20not%20talking%20Azure%20AD%20Domain%20Services%20integration%2C%20I%20mean%20direct%20Azure%20AD%20integration%3F%20Even%20though%20I%20think%20OneDrive%2FSharePoint%20is%20the%20way%20to%20go%2C%20we%20see%20customers%20asking%20for%20this.%20But%20maybe%20technology%20wise%2C%20this%20is%20not%20where%20Microsoft%20is%20heading%20but%20rather%20pointing%20at%20other%20solutions%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1365604%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1365604%22%20slang%3D%22en-US%22%3E%3CP%3ENo%20sweat%2C%20I%20try%20to%20be%20real%20%3A).%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERe%3A%20AAD%20integration%20and%20Azure%20Files%20future%20integration%2C%20I%20don't%20have%20any%20real%20insights%20on%20the%20plan%20there.%20I%20suggest%20emailing%26nbsp%3B%3CA%20href%3D%22mailto%3AAzureFiles%40microsoft.com%2C%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzureFiles%40microsoft.com%2C%3C%2FA%3E%26nbsp%3Byou'll%20get%20to%20that%20PM%20team%20and%20they%20might%20have%20some%20questions%20for%20you%20or%20feedback%20they'd%20like%20to%20gather.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1377195%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1377195%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20will%20be%20nice.%20Really%20makes%20me%20want%20to%20consider%20using%20Windows%20as%20a%20file%20server%20over%20others.%20I%20have%20been%20debating%20for%20a%20while%2C%20so%2C%20thanks%20for%20the%20hand!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1630763%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1630763%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EVery%20nice!%20Hopefully%20Samba%20will%20adopt%20it%20as%20well%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2Fimages%2Femoticons%2Fstareyes_40x40.gif%22%20alt%3D%22%3Astareyes%3A%22%20title%3D%22%3Astareyes%3A%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E....and%20good%20graphics%2C%20it%20is%20clearly%20seen%20that%20in%20this%20chain%20%3CA%20href%3D%22https%3A%2F%2Fvpnwelt.com%2Fvpn-vorteile%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Evpn%20app%3C%2FA%3E%20and%20is%20not%20needed%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1663951%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1663951%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3Bany%20updates%20on%20this%20topic%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1670353%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1670353%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246543%22%20target%3D%22_blank%22%3E%40mafrank%3C%2FA%3E%26nbsp%3BGetting%20closer!%20A%20keen%20eye%20will%20note%20in%20the%20Windows%20Insiders%20and%20Windows%20Server%20Insiders%20that%20the%20SMB%20over%20QUIC%20client%20has%20started%20to%20appear%20in%20wire%20captures%20and%20SMB%20powershell%20has%20started%20to%20update.%20More%20to%20come.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1671766%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1671766%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3BAwesome%20-%20thanks%20for%20keeping%20us%20updated%20with%20the%20nitty%20gritty%20details%20on%20where%20in%20the%20release%20cycle%20you%20are.%20I'll%20enable%20this%20straight%20away%20once%20it%20hits%20public%20on%20all%20my%20Azure%20Files%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1671790%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1671790%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20great%20news.%20Is%20it%20possible%2Fplanned%20to%20open%20SMB%20over%20QUIC%20for%203rd%20party%20vendors%20like%20Netapp%20or%20proxy%20it%20via%20something%20like%20a%20QUIC%20gateway%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1675374%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1675374%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246543%22%20target%3D%22_blank%22%3E%40mafrank%3C%2FA%3E%26nbsp%3Bwe%20have%20been%20working%20with%20any%20partners%20interested%20in%20using%20SMB%20over%20QUIC%20and%20will%20have%20our%20annual%20plugfest%20soon%20to%20help%20them.%20I%20can't%20name%20names%20yet%20but%20I%20have%20watched%20a%20few%20partner%20demos%20of%20their%20SMB%20over%20QUIC%20recently%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Microsoft

Hi folks, Ned Pyle guest-posting today about SMB over QUIC, a game-changer coming to Windows, Windows Server, and Azure Files. In today’s world, SMB file share access for mobile users requires expensive & complex VPNs. Departments trying to use Azure Files often find their ISP has blocked port 445. Even though users are just as likely to be deskless and organizations are doing more hybrid computing than ever, SMB hasn’t kept up.

 

That’s all changing with SMB over QUIC.

 

QUIC is an IETF-standardized protocol that replaces TCP with a web-oriented UDP mechanism that theoretically improves performance and congestion, but still tries to maintain TCP’s reliability & broad applicability. Unlike TCP, QUIC is always encrypted and requires TLS 1.3 with certificate authentication of the tunnel.

 

1.png

 

QUIC’s already in use in Windows 10 through the Edge browser and other apps. With SMB over QUIC – I don’t have a clever marketing name for this yet :) – QUIC becomes the transport, optionally replacing TCP/IP and RDMA, as well as a tunnel securing all SMB payloads with encryption, even if SMB encryption is not enabled, all while multiplexing over port 443 to an enlightened share. An admin will be able to opt-in to this new capability by deploying a Windows Server at the edge of the network, installing a certificate trusted by clients, then enabling the QUIC option. Or enable it on their Azure Files instance.

 

We have two design imperatives for SMB over QUIC:  

 

  1. Secure: Prevent man-in-the-middle and spoofing by malicious parties as well as guarantee no sniffing of that sweet file payload or allowing any user credentials onto the Internet. The entire SMB conversation – negotiate capabilities, authentication, authorization, message bodies – all occur inside the QUIC layer, just like if the user was in an IPSEC or VPN tunnel. Yes, it even blankets NTLM challenges.

  2. Simple: The user experience for SMB over QUIC can’t change from their corpnet/LAN/branch office experience, it’s too expensive to retrain users. So, we don’t add extra UI or command-line arguments to the client experience – their updated Windows 10 machines will simply try TCP and RDMA like always, but then wait briefly and try QUIC too. This means if they can get faster perf on a local network with RDMA or unencrypted TCP, they will. And if they are travelling or an admin mandates QUIC, they can get that instead. All seamless to the end user and their apps.

Here’s a quick (heh) demo of the user experience. Spoiler alert: a user probably can’t tell anything changed except that SMB now works when I’m at a hotel for Microsoft Ignite.

 

 

The question I always get at this point is: when is this coming? I don’t have a good answer yet, but as we get firmer, I'll get more details out there. This is a key technology for Azure Files and Windows Server edge computing, as well as our mobile strategy, so all I can say is that it’s coming. As you can see from the demo, we’re far along. Check back at the ITOpsTalk.com and FileCab blogs for more details and info on Insider Previews this year. We are working with third parties to offer up this choice in other mobile platforms as well – you should be asking your vendors what their plans are.

 

I hope you’ve enjoyed learning about this new feature, I think it’s a real game changer. If you have questions, hit me up on twitter or DM me on TechCommunity.

 

- Ned Pyle

25 Comments
Frequent Contributor

Awesome! I hope we will see this for Azure Files too. Any news on that @Ned Pyle ?

Microsoft

@Jonas Back yes the plan is to bring it to Azure Files too. Makes perfect sense there 

Occasional Visitor

@Ned Pyle good move forward. Has the architecture also being designed to allow for SSL-offloading in DMZ (which obviously breaks the client-SSL there), and reestablishing to the backend winserver using a new/different and NOT user-specific certificate (so the SMB authentication itself doesn't rely on the certificate identity)?

Microsoft

@thorsten_rood This is more a QUIC question, so I'm leery of speaking out of turn. I'd recommend talking to their experts, and I'll try to find out here with the Windows QUIC team.

 

All SMB authentication still happens normally within the TLS tunnel (as if it was a VPN) so SMB is not relying on cert-based identity or auth - it will still use NTLM or Kerberos (with KDC proxy). This model is just swapping out the transport, SMB is unchanged.

Occasional Visitor

thank you Ned. so maybe (as you said it's decoupling transport authN from file authN) we might trial around breaking and reestablishing the transport as described using existing offloading ADCs. ;)

Microsoft

@thorsten_rood See, you already know more than I do about this :D 

Occasional Visitor

Hi

 

Very good! When will this be available?  Will this be available on server 2019? I have a windows server 2019 with AZF sync agent installed I want to offer my remote users mappings to my on-premise domain joined server 2019 that syncs with AzF.

 

Regards,


T

Occasional Contributor

@Ned Pyle , I can't wait for this. We at GE are in the middle of a large legacy DC to Azure migration and this would be very useful. If you need a guinea pig to test this out please let me know.  

Microsoft

@Steskalj That's great to hear! If your TAM wants to arrange a call with me about details or feedback, I'm sure we could spare 30 min for GE ;)

Microsoft

@TT-XX-TT Hi. I don't have official timelines and platforms yet, but the goal is the next version of Windows Server & Azure Files. There is a possibility of backport to some flavor of WS2019 but nothing officially in plan.

Visitor

@Ned Pyle: You refer to this once as "QUIC over SMB" — I assume that's a typo? 

Microsoft

@lfaraone-dbx Doh! I will fix, thank you

Occasional Visitor

How about a name like most wrapped protocols, SoQUIC (So Quick)? O.o

 

Microsoft

@Nellson :o

Hi Ned. It's been about 4 weeks since your last update and some customers want to use this functionality now. They are in WFH status and need access to their Azure File Share. They have a S2S VPN. Most of the major ISPs in their area block access to port 445. Do you have a new availability date or a suggestion of alternative access methods that are available today? I would think this would have a high priority like WVD. Thanks, Bruce

Microsoft

Hi. I hear you and I wish I could make this go faster - the SMB over QUIC feature is basically done. But it relies on several components of the Windows OS being completed, and it is tied to the Windows ship cycle. I don't have control over any of these things. Note that is just around Win10 - Azure Files supporting QUIC is another beast on its own schedule and it's not near ready. 

 

Right now VPN to AF is their only solution, either site to site or (probably better for home-based users) point to site https://docs.microsoft.com/en-us/azure/storage/files/storage-files-configure-p2s-vpn-windows

 

 

 

 

Frequent Contributor

@Ned Pyle Thanks for the honest reply - this makes it easier for me as a partner to give the customers what to expect. We'll go for VPN at the moment.

 

Do you think we'll see Azure AD authentication/integration for Azure Files some day? And I'm not talking Azure AD Domain Services integration, I mean direct Azure AD integration? Even though I think OneDrive/SharePoint is the way to go, we see customers asking for this. But maybe technology wise, this is not where Microsoft is heading but rather pointing at other solutions?

Microsoft

No sweat, I try to be real :). 

 

Re: AAD integration and Azure Files future integration, I don't have any real insights on the plan there. I suggest emailing AzureFiles@microsoft.com, you'll get to that PM team and they might have some questions for you or feedback they'd like to gather.

Occasional Visitor

This will be nice. Really makes me want to consider using Windows as a file server over others. I have been debating for a while, so, thanks for the hand!

Occasional Visitor

Very nice! Hopefully Samba will adopt it as well :stareyes:

....and good graphics, it is clearly seen that in this chain vpn app and is not needed

Established Member

@Ned Pyle any updates on this topic?

Microsoft

@mafrank Getting closer! A keen eye will note in the Windows Insiders and Windows Server Insiders that the SMB over QUIC client has started to appear in wire captures and SMB powershell has started to update. More to come. :)

Frequent Contributor

@Ned Pyle Awesome - thanks for keeping us updated with the nitty gritty details on where in the release cycle you are. I'll enable this straight away once it hits public on all my Azure Files :)

Established Member

@Ned Pyle Thanks for the great news. Is it possible/planned to open SMB over QUIC for 3rd party vendors like Netapp or proxy it via something like a QUIC gateway?

Microsoft

@mafrank we have been working with any partners interested in using SMB over QUIC and will have our annual plugfest soon to help them. I can't name names yet but I have watched a few partner demos of their SMB over QUIC recently :)