SMB over QUIC: Files Without the VPN

Published Mar 02 2020 12:01 AM 87.7K Views
Microsoft

Update 8/17/2021: this is all available now, come and get it! https://aka.ms/smboverquic 

 

Hi folks, Ned Pyle guest-posting today about SMB over QUIC, a game-changer coming to Windows, Windows Server, and Azure Files. In today’s world, SMB file share access for mobile users requires expensive & complex VPNs. Departments trying to use Azure Files often find their ISP has blocked port 445. Even though users are just as likely to be deskless and organizations are doing more hybrid computing than ever, SMB hasn’t kept up.

 

That’s all changing with SMB over QUIC.

 

QUIC is an IETF-standardized protocol that replaces TCP with a web-oriented UDP mechanism that theoretically improves performance and congestion, but still tries to maintain TCP’s reliability & broad applicability. Unlike TCP, QUIC is always encrypted and requires TLS 1.3 with certificate authentication of the tunnel.

 

1.png

 

QUIC’s already in use in Windows 10 through the Edge browser and other apps. With SMB over QUIC – I don’t have a clever marketing name for this yet :) – QUIC becomes the transport, optionally replacing TCP/IP and RDMA, as well as a tunnel securing all SMB payloads with encryption, even if SMB encryption is not enabled, all while multiplexing over port 443 to an enlightened share. An admin will be able to opt-in to this new capability by deploying a Windows Server at the edge of the network, installing a certificate trusted by clients, then enabling the QUIC option. Or enable it on their Azure Files instance.

 

We have two design imperatives for SMB over QUIC:  

 

  1. Secure: Prevent man-in-the-middle and spoofing by malicious parties as well as guarantee no sniffing of that sweet file payload or allowing any user credentials onto the Internet. The entire SMB conversation – negotiate capabilities, authentication, authorization, message bodies – all occur inside the QUIC layer, just like if the user was in an IPSEC or VPN tunnel. Yes, it even blankets NTLM challenges.

  2. Simple: The user experience for SMB over QUIC can’t change from their corpnet/LAN/branch office experience, it’s too expensive to retrain users. So, we don’t add extra UI or command-line arguments to the client experience – their updated Windows 10 machines will simply try TCP and RDMA like always, but then wait briefly and try QUIC too. This means if they can get faster perf on a local network with RDMA or unencrypted TCP, they will. And if they are travelling or an admin mandates QUIC, they can get that instead. All seamless to the end user and their apps.

Here’s a quick (heh) demo of the user experience. Spoiler alert: a user probably can’t tell anything changed except that SMB now works when I’m at a hotel for Microsoft Ignite.

 

 

The question I always get at this point is: when is this coming? I don’t have a good answer yet, but as we get firmer, I'll get more details out there. This is a key technology for Azure Files and Windows Server edge computing, as well as our mobile strategy, so all I can say is that it’s coming. As you can see from the demo, we’re far along. Check back at the ITOpsTalk.com and FileCab blogs for more details and info on Insider Previews this year. We are working with third parties to offer up this choice in other mobile platforms as well – you should be asking your vendors what their plans are.

 

I hope you’ve enjoyed learning about this new feature, I think it’s a real game changer. If you have questions, hit me up on twitter or DM me on TechCommunity.

 

- Ned Pyle

43 Comments
%3CLINGO-SUB%20id%3D%22lingo-sub-1204496%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1204496%22%20slang%3D%22en-US%22%3E%3CP%3EAwesome!%20I%20hope%20we%20will%20see%20this%20for%20%3CSTRONG%3EAzure%20Files%3C%2FSTRONG%3E%20too.%20Any%20news%20on%20that%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3B%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1204976%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1204976%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F19218%22%20target%3D%22_blank%22%3E%40Jonas%20Back%3C%2FA%3E%26nbsp%3Byes%20the%20plan%20is%20to%20bring%20it%20to%20Azure%20Files%20too.%20Makes%20perfect%20sense%20there%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205418%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205418%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3Bgood%20move%20forward.%20Has%20the%20architecture%20also%20being%20designed%20to%20allow%20for%20SSL-offloading%20in%20DMZ%20(which%20obviously%20breaks%20the%20client-SSL%20there)%2C%20and%20reestablishing%20to%20the%20backend%20winserver%20using%20a%20new%2Fdifferent%20and%20NOT%20user-specific%20certificate%20(so%20the%20SMB%20authentication%20itself%20doesn't%20rely%20on%20the%20certificate%20identity)%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205439%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205439%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F572742%22%20target%3D%22_blank%22%3E%40thorsten_rood%3C%2FA%3E%26nbsp%3BThis%20is%20more%20a%20QUIC%20question%2C%20so%20I'm%20leery%20of%20speaking%20out%20of%20turn.%20I'd%20recommend%20talking%20to%20their%20experts%2C%20and%20I'll%20try%20to%20find%20out%20here%20with%20the%20Windows%20QUIC%20team.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAll%20SMB%20authentication%20still%20happens%20normally%20within%20the%20TLS%20tunnel%20(as%20if%20it%20was%20a%20VPN)%20so%20SMB%20is%20not%20relying%20on%20cert-based%20identity%20or%20auth%20-%20it%20will%20still%20use%20NTLM%20or%20Kerberos%20(with%20KDC%20proxy).%20This%20model%20is%20just%20swapping%20out%20the%20transport%2C%20SMB%20is%20unchanged.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205463%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205463%22%20slang%3D%22en-US%22%3E%3CP%3Ethank%20you%20Ned.%20so%20maybe%20(as%20you%20said%20it's%20decoupling%20transport%20authN%20from%20file%20authN)%20we%20might%20trial%20around%20breaking%20and%20reestablishing%20the%20transport%20as%20described%20using%20existing%20offloading%20ADCs.%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1205484%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1205484%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F572742%22%20target%3D%22_blank%22%3E%40thorsten_rood%3C%2FA%3E%26nbsp%3BSee%2C%20you%20already%20know%20more%20than%20I%20do%20about%20this%20%3AD%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1206038%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1206038%22%20slang%3D%22en-US%22%3E%3CP%3EHi%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EVery%20good!%20When%20will%20this%20be%20available%3F%26nbsp%3B%20Will%20this%20be%20available%20on%20server%202019%3F%20I%20have%20a%20windows%20server%202019%20with%20AZF%20sync%20agent%20installed%20I%20want%20to%20offer%20my%20remote%20users%20mappings%20to%20my%20on-premise%20domain%20joined%20server%202019%20that%20syncs%20with%20AzF.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%2C%3C%2FP%3E%3CP%3E%3CBR%20%2F%3ET%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1206649%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1206649%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3B%2C%20I%20can't%20wait%20for%20this.%20We%20at%20GE%20are%20in%20the%20middle%20of%20a%20large%20legacy%20DC%20to%20Azure%20migration%20and%20this%20would%20be%20very%20useful.%20If%20you%20need%20a%20guinea%20pig%20to%20test%20this%20out%20please%20let%20me%20know.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1207419%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1207419%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F119308%22%20target%3D%22_blank%22%3E%40John%20Steskal%3C%2FA%3E%26nbsp%3BThat's%20great%20to%20hear!%20If%20your%20TAM%20wants%20to%20arrange%20a%20call%20with%20me%20about%20details%20or%20feedback%2C%20I'm%20sure%20we%20could%20spare%2030%20min%20for%20GE%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1207428%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1207428%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F573051%22%20target%3D%22_blank%22%3E%40TT-XX-TT%3C%2FA%3E%26nbsp%3BHi.%20I%20don't%20have%20official%20timelines%20and%20platforms%20yet%2C%20but%20the%20goal%20is%20the%20next%20version%20of%20Windows%20Server%20%26amp%3B%20Azure%20Files.%20There%20is%20a%20possibility%20of%20backport%20to%20some%20flavor%20of%20WS2019%20but%20nothing%20officially%20in%20plan.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1212084%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1212084%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%3A%20You%20refer%20to%20this%20once%20as%20%22QUIC%20over%20SMB%22%20%E2%80%94%20I%20assume%20that's%20a%20typo%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1212117%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1212117%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F575480%22%20target%3D%22_blank%22%3E%40lfaraone-dbx%3C%2FA%3E%26nbsp%3BDoh!%20I%20will%20fix%2C%20thank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1220135%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1220135%22%20slang%3D%22en-US%22%3E%3CP%3EHow%20about%20a%20name%20like%20most%20wrapped%20protocols%2C%20SoQUIC%20(So%20Quick)%3F%20O.o%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1220664%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1220664%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F578500%22%20target%3D%22_blank%22%3E%40Nellson%3C%2FA%3E%26nbsp%3B%3Ao%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1363893%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1363893%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ned.%20It's%20been%20about%204%20weeks%20since%20your%20last%20update%20and%20some%20customers%20want%20to%20use%20this%20functionality%20now.%20They%20are%20in%20WFH%20status%20and%20need%20access%20to%20their%20Azure%20File%20Share.%20They%20have%20a%20S2S%20VPN.%20Most%20of%20the%20major%20ISPs%20in%20their%20area%20block%20access%20to%20port%20445.%20Do%20you%20have%20a%20new%20availability%20date%20or%20a%20suggestion%20of%20alternative%20access%20methods%20that%20are%20available%20today%3F%20I%20would%20think%20this%20would%20have%20a%20high%20priority%20like%20WVD.%20Thanks%2C%20Bruce%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1364727%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1364727%22%20slang%3D%22en-US%22%3E%3CP%3EHi.%20I%20hear%20you%20and%20I%20wish%20I%20could%20make%20this%20go%20faster%20-%20the%20SMB%20over%20QUIC%20feature%20is%20basically%20done.%20But%20it%20relies%20on%20several%20components%20of%20the%20Windows%20OS%20being%20completed%2C%20and%20it%20is%20tied%20to%20the%20Windows%20ship%20cycle.%20I%20don't%20have%20control%20over%20any%20of%20these%20things.%20Note%20that%20is%20just%20around%20Win10%20-%20Azure%20Files%20supporting%20QUIC%20is%20another%20beast%20on%20its%20own%20schedule%20and%20it's%20not%20near%20ready.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERight%20now%20VPN%20to%20AF%20is%20their%20only%20solution%2C%20either%20site%20to%20site%20or%20(probably%20better%20for%20home-based%20users)%20point%20to%20site%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fstorage%2Ffiles%2Fstorage-files-configure-p2s-vpn-windows%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fstorage%2Ffiles%2Fstorage-files-configure-p2s-vpn-windows%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1365102%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1365102%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20honest%20reply%20-%20this%20makes%20it%20easier%20for%20me%20as%20a%20partner%20to%20give%20the%20customers%20what%20to%20expect.%20We'll%20go%20for%20VPN%20at%20the%20moment.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDo%20you%20think%20we'll%20see%20Azure%20AD%20authentication%2Fintegration%20for%20Azure%20Files%20some%20day%3F%20And%20I'm%20not%20talking%20Azure%20AD%20Domain%20Services%20integration%2C%20I%20mean%20direct%20Azure%20AD%20integration%3F%20Even%20though%20I%20think%20OneDrive%2FSharePoint%20is%20the%20way%20to%20go%2C%20we%20see%20customers%20asking%20for%20this.%20But%20maybe%20technology%20wise%2C%20this%20is%20not%20where%20Microsoft%20is%20heading%20but%20rather%20pointing%20at%20other%20solutions%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1365604%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1365604%22%20slang%3D%22en-US%22%3E%3CP%3ENo%20sweat%2C%20I%20try%20to%20be%20real%20%3A).%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ERe%3A%20AAD%20integration%20and%20Azure%20Files%20future%20integration%2C%20I%20don't%20have%20any%20real%20insights%20on%20the%20plan%20there.%20I%20suggest%20emailing%26nbsp%3B%3CA%20href%3D%22mailto%3AAzureFiles%40microsoft.com%2C%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EAzureFiles%40microsoft.com%2C%3C%2FA%3E%26nbsp%3Byou'll%20get%20to%20that%20PM%20team%20and%20they%20might%20have%20some%20questions%20for%20you%20or%20feedback%20they'd%20like%20to%20gather.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1377195%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1377195%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20will%20be%20nice.%20Really%20makes%20me%20want%20to%20consider%20using%20Windows%20as%20a%20file%20server%20over%20others.%20I%20have%20been%20debating%20for%20a%20while%2C%20so%2C%20thanks%20for%20the%20hand!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1630763%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1630763%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EVery%20nice!%20Hopefully%20Samba%20will%20adopt%20it%20as%20well%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2Fimages%2Femoticons%2Fstareyes_40x40.gif%22%20alt%3D%22%3Astareyes%3A%22%20title%3D%22%3Astareyes%3A%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3E....and%20good%20graphics%2C%20it%20is%20clearly%20seen%20that%20in%20this%20chain%20%3CA%20href%3D%22https%3A%2F%2Fvpnwelt.com%2Fvpn-vorteile%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Evpn%20app%3C%2FA%3E%20and%20is%20not%20needed%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1663951%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1663951%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3Bany%20updates%20on%20this%20topic%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1670353%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1670353%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246543%22%20target%3D%22_blank%22%3E%40mafrank%3C%2FA%3E%26nbsp%3BGetting%20closer!%20A%20keen%20eye%20will%20note%20in%20the%20Windows%20Insiders%20and%20Windows%20Server%20Insiders%20that%20the%20SMB%20over%20QUIC%20client%20has%20started%20to%20appear%20in%20wire%20captures%20and%20SMB%20powershell%20has%20started%20to%20update.%20More%20to%20come.%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1671766%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1671766%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3BAwesome%20-%20thanks%20for%20keeping%20us%20updated%20with%20the%20nitty%20gritty%20details%20on%20where%20in%20the%20release%20cycle%20you%20are.%20I'll%20enable%20this%20straight%20away%20once%20it%20hits%20public%20on%20all%20my%20Azure%20Files%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1671790%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1671790%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20great%20news.%20Is%20it%20possible%2Fplanned%20to%20open%20SMB%20over%20QUIC%20for%203rd%20party%20vendors%20like%20Netapp%20or%20proxy%20it%20via%20something%20like%20a%20QUIC%20gateway%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1675374%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1675374%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F246543%22%20target%3D%22_blank%22%3E%40mafrank%3C%2FA%3E%26nbsp%3Bwe%20have%20been%20working%20with%20any%20partners%20interested%20in%20using%20SMB%20over%20QUIC%20and%20will%20have%20our%20annual%20plugfest%20soon%20to%20help%20them.%20I%20can't%20name%20names%20yet%20but%20I%20have%20watched%20a%20few%20partner%20demos%20of%20their%20SMB%20over%20QUIC%20recently%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1828617%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1828617%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3BAny%20update%20on%20when%20this%20will%20be%20previewing%20with%20Azure%20Files%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1829811%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1829811%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F849265%22%20target%3D%22_blank%22%3E%40EricNiemiec%3C%2FA%3E%26nbsp%3Bas%20soon%20as%20I%20can%20make%20it%20happen%20but%20I%20don't%20have%20a%20date%20yet%2C%20sorry.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1842401%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1842401%22%20slang%3D%22en-US%22%3E%3CP%3EThe%20next%20step%20would%20then%20to%20manage%20multipathing%20over%20QUIC%20gateways.%20QUIC%20gateways%20would%20have%20to%20be%20protocol%20aware%20(SMB%2C%20NFS%2C%20MS-SQL%20%3F..)%20%2C%20....%20Looks%20like%20reinventing%20the%20wheel%20at%20app%20level%20when%20Multipath%20TCP%20deals%20with%20these%20questions%20at%20network%20level%20in%20an%20app%2Fprotocol%20agnostic%20fashion%20for%20LAN%20and%20WAN%20scenarios.%20It%E2%80%99s%20time%20to%20wake-up!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1945908%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1945908%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3BNine%20months%20have%20passed%2C%20%22baby%22%20should%20be%20due%20right%20about%20now%3F%26nbsp%3B%3CIMG%20class%3D%22lia-deferred-image%20lia-image-emoji%22%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Fhtml%2Fimages%2Femoticons%2Fhappyface_40x40.gif%22%20alt%3D%22%3Ahappyface%3A%22%20title%3D%22%3Ahappyface%3A%22%20%2F%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2000718%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2000718%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3B%2C%20do%20you%20have%20any%20date%20for%20availability%20yet%3F%3C%2FP%3E%3CP%3EAnother%20question%3A%20What%20are%20the%20plans%20to%20secure%20access%20to%20those%20fileshares%20in%20combination%20with%20conditional%20access%3F%20I%20assume%20coporations%20will%20not%20simply%20allow%20quic%20to%20fileshares%20without%20an%20extra%20layer%20of%20identity%20checks.%20I%20could%20see%20sth.%20like%20AzureAD%20Application%20proxy%20in%20front%20of%20those%20fileshares%20but%20is%20this%20the%20direction%20you%20are%20heading%20to%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3CP%3EChristian%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2001148%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2001148%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F426686%22%20target%3D%22_blank%22%3E%40christianlehrer%3C%2FA%3E%26nbsp%3B%2C%20very%20good%20question.%20This%20is%20where%20%22QUIC%20gateways%22%20come%20in%20and%20blow-up%20the%20naive%20model%20of%20SMB%20over%20QUIC%20over%20the%20Internet.%20Otherwise%2C%20for%20internal%20datacenter%2C%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FMultipath_TCP%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EMultipath%20TCP%3C%2FA%3E%20provides%20a%20far%20more%20comprehensive%2C%20and%20versatile%20solution%20to%20resilience%2C%20scalability%20and%20network%20awareness.%20.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2167382%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2167382%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3EIs%20there%20a%20private%20preview%20for%20this%2C%20yet%3F%26nbsp%3B%20Not%20that%20you%20need%20help%2C%20but%20I%20can%20get%20customers%20for%20trials....%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2167521%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2167521%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F942032%22%20target%3D%22_blank%22%3E%40RussellDespain%3C%2FA%3E%26nbsp%3BRussell%20old%20pal!%20%3AD%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'm%20not%20allowed%20to%20talk%20about%20dates%20yet%20but...%20news%20is%20coming%20soon.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2167802%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2167802%22%20slang%3D%22en-US%22%3E%3CP%3E2021%20should%20be%20an%20amazing%20year%2C%20because%20it%20will%20be%20possible%20to%20compare%20several%20approaches%20to%20Multipathing%20for%20SMB%20and%20NFS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20in%20mind%26nbsp%3Baccording%20to%20different%20use%20cases%2C%20comparing%3A%3C%2FP%3E%3CP%3E-%26nbsp%3BSMB%20over%20QUIC%20on%20Windows%20with%20multipathing%20managed%20by%20SMB%20Mutli-channel%3C%2FP%3E%3CP%3E-%20SMB%20(w%2Fo%20Multi-channel)%20over%20Multipath%20TCP%20(on%20Linux%2C%20iOS%2C%20Android%2C%20MacOS)%3C%2FP%3E%3CP%3E-%20NFS%204.1%20with%20Session%20Trunking%3C%2FP%3E%3CP%3E-%20NFS%204%20w%2Fo%20Session%20Trunking%20but%20over%20Multipath%20TCP%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ein%20follow-up%20to%20some%20early%20%3CA%20href%3D%22https%3A%2F%2Fpacketpushers.net%2Fmultipathing-nfs4-1-kvm%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Elinear%20scalability%20experiments%3C%2FA%3E%26nbsp%3Bperformed%20by%20Martin%20Houry%20during%20his%20internship%20in%202016.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%2C%20I%20would%20be%20useful%20that%20you%20share%20too%20your%20point%20of%20view%20according%20to%26nbsp%3Bthe%20current%20IETF%20WG%20discussions%20about%20Multipathing%20requirements%20support%20for%20QUIC%20(aka%20MP-QUIC%2C%20MPQUIC%2C%20...)%20and%20especially%20about%20SMB%20Multi-channel%20requirements%20both%20in%20LAN%20and%20WAN%20scenarios.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20same%20exact%20question%20applies%20also%20for%20NFS%20Session%20Trunking%20to%20either%20use%20Multipath%20QUIC%20(when%20defined%20and%20implemented)%20and%2For%20Multipath%20TCP%20(once%20implemented%20on%20Windows).%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAccording%20to%20me%2C%20one%20a%20the%20key%20learning%20is%20the%20upper%20layer%20knows%20the%20application%20needs%20and%20the%20lower%20layer%20may%20%22knows%22%20the%20network%20capabilities.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThat's%20where%20new%20APIs%20to%20manage%20these%20traffic%20engineering%20questions%20would%20be%20required%20and%20protocol%20implementation%20should%20become%20extensible%20and%20no%20longer%20monolithic%20(e.g%20MS%20tcpip%20stack%2C%20lwIP%2C%20...).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20can%20share%20on%20this%20topics%20the%20excellent%20research%20currently%20in%20progress%20at%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fpluginized-protocols.org%2Ftcp%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fpluginized-protocols.org%2Ftcp%2F%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2170072%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2170072%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F216884%22%20target%3D%22_blank%22%3E%40Olivier%20Hault%3C%2FA%3E%26nbsp%3B%20Howdy.%20Thanks%20for%20sharing%20all%20this.%20From%20the%20SMB%20side%2C%20we%20reply%20on%20the%20MS%20QUIC%20team%20here%20in%20Windows%20for%20much%20of%20the%20transport%20story%20specific%20capabilities%20(the%20same%20way%20we%20do%20for%20TCP)%2C%20so%20I'd%20definitely%20recommend%20engaging%20with%20them%20directly.%20They%20are%20very%20eager%20for%20feedback%2C%20we%20work%20with%20their%20PMs%20and%20lead%20Devs%20constantly.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThat%20said%20so%2C%20I%20still%20want%20your%20feedback%20on%20the%20SMB%20aspects%20and%20if%20the%20SMB%20over%20QUIC%20implementation%20needs%20further%20options%20for%20you%20to%20use%20it%20(for%20example%2C%20a%20proxy%20gateway%2Fforwarder%20you%20mentioned%20before%20is%20part%20of%20our%20roadmap).%20We%20do%20support%20SMB%20multichannel%20in%20QUIC%20scenarios%2C%20we%20also%20support%20the%20new%20SMB%20compression%20options%2C%20but%20there%20is%20plenty%20of%20SMB%20over%20QUIC%20v2%20work%20in%20my%20roadmap%20and%20I've%20love%20your%20thoughts%20on%20populating%20it.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI'm%20going%20to%20read%20these%20links%20you%20shared%2C%20they%20look%20very%20interesting.%20Thanks!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2248050%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2248050%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Ned%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20conditional%20access%20figure%20into%20this%20in%20any%20way%3F%20For%20example%2C%20I%20would%20prefer%20that%20a%20work-from-home%20employee%20only%20be%20able%20to%20connect%20to%20the%20file%20server%20on%20his%20work%20laptop%2C%20and%20one%20that%20is%20also%20%22compliant%22.%26nbsp%3B%20In%20that%20scenario%20there%20would%20need%20to%20be%20more%20than%20just%20a%20username%20and%20password%20required%20to%20connect%20(otherwise%20the%20user%20could%20potentially%20connect%20from%20his%20personal%20laptop%2C%20etc.).%20I%20would%20guess%20this%20sort%20of%20scenario%20could%20work%20by%20requiring%20Microsoft%20Intune%20enrollment%20of%20the%20client%20device%20for%20device%20compliance%20checks%20(as%20is%20already%20possible)%20and%20leverage%20Azure%20conditional%20access.%20There%20would%20need%20to%20be%20some%20communication%20between%20Intune%20%2F%20Azure%20and%20the%20on-premises%20Windows%20server%2C%20letting%20the%20server%20know%20the%20device%20the%20user%20is%20connecting%20from%20is%20compliant%20before%20allowing%20the%20user%20to%20connect%20to%20SMB.%20With%20Azure%20conditional%20access%2C%20over%20course%2C%20many%20other%20things%20could%20be%20%22checked%22%20in%20addition%20to%20device%20compliance%2C%20such%20as%20location%20client%20is%20trying%20to%20connect%20from.%20For%20example%2C%20we%20may%20want%20to%20limit%20connections%20to%20only%20those%20inside%20the%20United%20States%20and%20Canada.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2249371%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2249371%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F375699%22%20target%3D%22_blank%22%3E%40ffmike%3C%2FA%3E.%26nbsp%3BThis%20is%20a%20great%20point%20we've%20started%20thinking%20about%20(but%20don't%20have%20a%20schedule%20for%20yet%3B%20still%20just%20noodling).%20I'd%20love%20to%20pick%20your%20brain%20on%20this%20in%20a%20month%20or%20so%2C%20hear%20what%20your%20org%20would%20like%20to%20see.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2370962%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2370962%22%20slang%3D%22en-US%22%3E%3CP%3ENice%20to%20see%20some%20%3CA%20href%3D%22https%3A%2F%2Fwww.bestkoditips.com%2Fbest-iptv-service-providers%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Eupdates%3C%2FA%3E%20on%20this%20topic.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2379469%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2379469%22%20slang%3D%22en-US%22%3E%3CP%3EHello%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F52778%22%20target%3D%22_blank%22%3E%40Ned%20Pyle%3C%2FA%3E%26nbsp%3BI%20am%20not%20sure%20if%20I%20understood%20the%20design%202%20correctly.%26nbsp%3B%3CBR%20%2F%3E%3CBR%20%2F%3EIf%20I%20have%20a%20Windows%202022%20LTSC%20it%20seems%20the%20SMB%20over%20QUIC%20firewall%20settings%20are%20disabled%20(incoming)%20by%20default%20for%20Domain%20Network%20%2F%20Private%20Network.%3CBR%20%2F%3EIs%20this%20correct%2C%20and%20if%20so%2C%20why%3F%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20checked%20that%20Windows%2010%2021H1%20has%20no%20SMB%20over%20QUIC%20predefined%20firewall%20rules%2C%20so%20I%20can%20only%20assume%20it%20will%20be%20a%20thing%20in%20Windows%2010%2021H2%20just%20as%20with%20Server%202022%20is%2021H2.%3CBR%20%2F%3E%3CBR%20%2F%3ELet's%20assume%20the%20client%20and%20server%20both%20support%20QUIC%3CBR%20%2F%3E-%20do%20I%20need%20to%20actively%20configure%20the%20firewall%20for%20same%20domain%20or%20same%20subnet%20%2F%20private%20(see%20above)%3C%2FP%3E%3CP%3E-%20will%20QUIC%20be%20used%20for%20SMB%20preferably%20over%20TCP%20or%20SMBDirect%20(I%20am%20not%20sure%20if%20this%20is%20used%20in%20Client%2FServer%2C%20the%20only%20scenario%20I%20connect%20it%20to%20is%20something%20like%20ScaleOut-FS)%3C%2FP%3E%3CP%3E-%20If%20a%20client%20%2F%20server%20SMB%20transfer%20uses%20QUIC%2C%20does%20this%20make%20SMB%20encryption%20(e.g.%20configured%20via%20Server%20Manager%20or%20WAC)%20obsolete%3F%3C%2FP%3E%3CP%3E-%20If%20a%20client%20%2F%20server%20SMB%20transfer%20uses%20QUIC%20how%20does%20this%20affect%20SMB%20Multichannel%20as%20I've%20learnt%20some%20basics%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fstorage%2Ffiles%2Fstorage-files-smb-multichannel-performance%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ESMB%20Multichannel%20performance%20-%20Azure%20Files%20%7C%20Microsoft%20Docs%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%20in%20advance%20for%20your%20time%20on%20elaborating%20my%20questions%2C%20a%20docs%20or%20a%20new%20article%20for%20more%20details!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2381247%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2381247%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20will%20all%20be%20made%20clear%20in%20a%20few%20weeks%20with%20some%20announcements%20and%20docs.%20But%20for%20your%20four%20last%20questions%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E-%20We%20will%20take%20care%20of%20it%20automatically%3C%2FP%3E%0A%3CP%3E-%20No%3C%2FP%3E%0A%3CP%3E-%20We%20won't%20double%20encrypt%20by%20default%20but%20you%20can%20override%20this%20if%20you%20want%3C%2FP%3E%0A%3CP%3E-%20MC%20still%20works%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2385561%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2385561%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20Ned%20for%20the%20timely%20and%20brief%20response.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1183449%22%20slang%3D%22en-US%22%3ESMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1183449%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSTRONG%3EUpdate%208%2F17%2F2021%3A%20this%20is%20all%20available%20now%2C%20come%20and%20get%20it!%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Fsmboverquic%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Faka.ms%2Fsmboverquic%3C%2FA%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%20folks%2C%20%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fnerdpyle%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ENed%20Pyle%3C%2FA%3E%20guest-posting%20today%20about%20%3CSTRONG%3ESMB%20over%20QUIC%3C%2FSTRONG%3E%2C%20a%20game-changer%20coming%20to%20Windows%2C%20Windows%20Server%2C%20and%20Azure%20Files.%20In%20today%E2%80%99s%20world%2C%20SMB%20file%20share%20access%20for%20mobile%20users%20requires%20expensive%20%26amp%3B%20complex%20VPNs.%20Departments%20trying%20to%20use%20Azure%20Files%20often%20find%20their%20ISP%20has%20blocked%20port%20445.%20Even%20though%20users%20are%20just%20as%20likely%20to%20be%20deskless%20and%20organizations%20are%20doing%20more%20hybrid%20computing%20than%20ever%2C%20SMB%20hasn%E2%80%99t%20kept%20up.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThat%E2%80%99s%20all%20changing%20with%20SMB%20over%20QUIC.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FQUIC%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EQUIC%3C%2FA%3E%20is%20an%20IETF-standardized%20protocol%20that%20replaces%20TCP%20with%20a%20web-oriented%20UDP%20mechanism%20that%20theoretically%20improves%20performance%20and%20congestion%2C%20but%20still%20tries%20to%20maintain%20TCP%E2%80%99s%20reliability%20%26amp%3B%20broad%20applicability.%20Unlike%20TCP%2C%20QUIC%20is%20%3CEM%3Ealways%3C%2FEM%3E%20encrypted%20and%20requires%20TLS%201.3%20with%20certificate%20authentication%20of%20the%20tunnel.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%221.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F172145iD74F1B0592F57480%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%221.png%22%20alt%3D%221.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EQUIC%E2%80%99s%20already%20in%20use%20in%20Windows%2010%20through%20the%20Edge%20browser%20and%20other%20apps.%20With%20SMB%20over%20QUIC%20%E2%80%93%20I%20don%E2%80%99t%20have%20a%20clever%20marketing%20name%20for%20this%20yet%20%3A)%3C%2Fimg%3E%20%E2%80%93%20QUIC%20becomes%20the%20transport%2C%20optionally%20replacing%20TCP%2FIP%20and%20RDMA%2C%20as%20well%20as%20a%20tunnel%20securing%20all%20SMB%20payloads%20with%20encryption%2C%20even%20if%20SMB%20encryption%20is%20not%20enabled%2C%20all%20while%20multiplexing%20over%20port%20443%20to%20an%20enlightened%20share.%20An%20admin%20will%20be%20able%20to%20opt-%3CSTRONG%3E%3CEM%3Ein%20%3C%2FEM%3E%3C%2FSTRONG%3Eto%20this%20new%20capability%20by%20deploying%20a%20Windows%20Server%20at%20the%20edge%20of%20the%20network%2C%20installing%20a%20certificate%20trusted%20by%20clients%2C%20then%20enabling%20the%20QUIC%20option.%20Or%20enable%20it%20on%20their%20Azure%20Files%20instance.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20have%20two%20design%20imperatives%20for%20SMB%20over%20QUIC%3A%20%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3E%3CSTRONG%3ESecure%3A%3C%2FSTRONG%3E%20Prevent%20man-in-the-middle%20and%20spoofing%20by%20malicious%20parties%20as%20well%20as%20guarantee%20no%20sniffing%20of%20that%20sweet%20file%20payload%20or%20allowing%20any%20user%20credentials%20onto%20the%20Internet.%20The%20entire%20SMB%20conversation%20%E2%80%93%20negotiate%20capabilities%2C%20authentication%2C%20authorization%2C%20message%20bodies%20%E2%80%93%20all%20occur%20inside%20the%20QUIC%20layer%2C%20just%20like%20if%20the%20user%20was%20in%20an%20IPSEC%20or%20VPN%20tunnel.%20Yes%2C%20it%20even%20blankets%20NTLM%20challenges.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3CLI%3E%3CSTRONG%3ESimple%3A%3C%2FSTRONG%3E%20The%20user%20experience%20for%20SMB%20over%20QUIC%20can%E2%80%99t%20change%20from%20their%20corpnet%2FLAN%2Fbranch%20office%20experience%2C%20it%E2%80%99s%20too%20expensive%20to%20retrain%20users.%20So%2C%20we%20don%E2%80%99t%20add%20extra%20UI%20or%20command-line%20arguments%20to%20the%20client%20experience%20%E2%80%93%20their%20updated%20Windows%2010%20machines%20will%20simply%20try%20TCP%20and%20RDMA%20like%20always%2C%20but%20then%20wait%20briefly%20and%20try%20QUIC%20too.%20This%20means%20if%20they%20can%20get%20faster%20perf%20on%20a%20local%20network%20with%20RDMA%20or%20unencrypted%20TCP%2C%20they%20will.%20And%20if%20they%20are%20travelling%20or%20an%20admin%20mandates%20QUIC%2C%20they%20can%20get%20that%20instead.%20All%20seamless%20to%20the%20end%20user%20and%20their%20apps.%3CBR%20%2F%3E%3CBR%20%2F%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EHere%E2%80%99s%20a%20quick%20(heh)%20demo%20of%20the%20user%20experience.%20Spoiler%20alert%3A%20a%20user%20probably%20can%E2%80%99t%20tell%20anything%20changed%20except%20that%20SMB%20now%20works%20when%20I%E2%80%99m%20at%20a%20hotel%20for%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fignite%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Ignite%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3C%2FP%3E%3CDIV%20class%3D%22video-embed-center%20video-embed%22%3E%3CIFRAME%20class%3D%22embedly-embed%22%20src%3D%22https%3A%2F%2Fcdn.embedly.com%2Fwidgets%2Fmedia.html%3Fsrc%3Dhttps%253A%252F%252Fwww.youtube.com%252Fembed%252FZTrNSIBWgMM%253Ffeature%253Doembed%26amp%3Bdisplay_name%3DYouTube%26amp%3Burl%3Dhttps%253A%252F%252Fwww.youtube.com%252Fwatch%253Fv%253DZTrNSIBWgMM%26amp%3Bimage%3Dhttps%253A%252F%252Fi.ytimg.com%252Fvi%252FZTrNSIBWgMM%252Fhqdefault.jpg%26amp%3Bkey%3Db0d40caa4f094c68be7c29880b16f56e%26amp%3Btype%3Dtext%252Fhtml%26amp%3Bschema%3Dyoutube%22%20width%3D%22200%22%20height%3D%22112%22%20scrolling%3D%22no%22%20title%3D%22YouTube%20embed%22%20frameborder%3D%220%22%20allow%3D%22autoplay%3B%20fullscreen%22%20allowfullscreen%3D%22true%22%3E%3C%2FIFRAME%3E%3C%2FDIV%3E%3CP%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20question%20I%20always%20get%20at%20this%20point%20is%3A%20%3CEM%3Ewhen%20is%20this%20coming%3F%20%3C%2FEM%3EI%20don%E2%80%99t%20have%20a%20good%20answer%20yet%2C%20but%20as%20we%20get%20firmer%2C%20I'll%20get%20more%20details%20out%20there.%20This%20is%20a%20key%20technology%20for%20Azure%20Files%20and%20Windows%20Server%20edge%20computing%2C%20as%20well%20as%20our%20mobile%20strategy%2C%20so%20all%20I%20can%20say%20is%20that%20it%E2%80%99s%20coming.%20As%20you%20can%20see%20from%20the%20demo%2C%20we%E2%80%99re%20far%20along.%20Check%20back%20at%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fitops-talk-blog%2Fbg-p%2FITOpsTalkBlog%22%20target%3D%22_blank%22%3EITOpsTalk.com%3C%2FA%3E%20and%20%3CA%20href%3D%22https%3A%2F%2Faka.ms%2Ffilecab%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EFileCab%3C%2FA%3E%20blogs%20for%20more%20details%20and%20info%20on%20Insider%20Previews%20this%20year.%20We%20are%20working%20with%20third%20parties%20to%20offer%20up%20this%20choice%20in%20other%20mobile%20platforms%20as%20well%20%E2%80%93%20you%20should%20be%20asking%20your%20vendors%20what%20their%20plans%20are.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20hope%20you%E2%80%99ve%20enjoyed%20learning%20about%20this%20new%20feature%2C%20I%20think%20it%E2%80%99s%20a%20real%20game%20changer.%20If%20you%20have%20questions%2C%20hit%20me%20up%20on%20%3CA%20href%3D%22https%3A%2F%2Ftwitter.com%2Fnerdpyle%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3Etwitter%3C%2FA%3E%20or%20DM%20me%20on%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fnotes%2Fcomposepage%22%20target%3D%22_blank%22%3ETechCommunity%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E-%20Ned%20Pyle%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1183449%22%20slang%3D%22en-US%22%3E%3CP%3ESMB%20over%20QUIC%20is%20coming%20to%20Windows%2C%20Windows%20Server%2C%20and%20Azure%20Files.%20Learn%20more%20about%20this%20replacement%20for%20TCP%2FIP%20and%20see%20a%20demo%20of%20how%20it%20will%20improve%20your%20organization's%20mobile%20and%20hybrid%20cloud%20computing%20experience.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1183449%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENed%20Pyle%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%20Server%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2809999%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2809999%22%20slang%3D%22en-US%22%3E%3CP%3ENed%2C%20your%20August%20says%20this%20is%20all%20available%20now%2C%20but%20I'm%20still%20not%20seeing%20this%20option%20on%20Azure%20Files%20-%20what%20am%20I%20missing%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2811022%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2811022%22%20slang%3D%22en-US%22%3E%3CP%3EHI%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F128%22%20target%3D%22_blank%22%3E%40Mike%20Crowley%3C%2FA%3E.%20It's%20available%20in%20Windows%20Server%202022%20Datacenter%3A%20Azure%20Edition%20preview%20but%20SMB%20over%20QUIC%20is%20not%20available%20in%20Azure%20Files%20yet.%20It%20will%20be%20some%20time%20before%20it%20is%20there%2C%20long%20enough%20that%20I%20don't%20have%20an%20ETA%20to%20share%20from%20that%20team.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2969450%22%20slang%3D%22en-US%22%3ERe%3A%20SMB%20over%20QUIC%3A%20Files%20Without%20the%20VPN%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2969450%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20all%2C%3C%2FP%3E%3CP%3EI%20find%20the%20technology%20highly%20exciting.%20What%20I%20can't%20read%20exactly%20from%20the%20current%20documentations%20so%20far%3A%3C%2FP%3E%3CP%3EIs%20there%20a%20dependency%20that%20the%20Windows%20client%20must%20be%20joined%20or%20hybrid%20joined%20in%20onPrem%20AD%3F%3C%2FP%3E%3CP%3EOr%20is%20it%20sufficient%20if%20the%20client%20is%20only%20joined%20in%20Azure%20AD%20and%20the%20user%20has%20a%20hybrid%20identity%20with%20a%20valid%20Kerberos%20token%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Aug 17 2021 03:18 PM
Updated by: