Companies covering multiple geographic areas using WAN links to interconnect several branches and headquarters. Thus the acceleration of desktop applications, while ensuring the safety becomes absolutely critical to the success of the company in order to fight against latency, slow response time and potential threats introduced by WAN. Citrix Branch Repeater helps you achieve this goal, among others, a specialized protocol acceleration for Windows network systems and Microsoft Outlook.
The Branch Repeater (6.1 and higher) is now equipped with a feature to compression on SMB signed and encrypted MAPI traffic resulting in lower latency and better user experience for essential office activities as file sharing, Outlook mail synchronization and more.
With the introduction of this feature, we no longer need to compromise on network security (ie signature and disable encryption) to achieve optimization benefits WAN on SMB and MAPI protocols. Moreover, it is transparent to the servers and the feature-ie customers can be used without configuration changes in clients and servers.
What are signed and encrypted MAPI SMB?
signature and encryption are used to prevent man-in-the-middle attacks and respond. Windows Vista and Windows 7 use SMB signed to protect access to shared files and printers on the network. Similarly, Microsoft Outlook 07 and Microsoft Outlook 2010 use encrypted MAPI to communicate with Microsoft Exchange for protection against attacks. Both SMB and require MAPI session key exchange occurs between the server and the client for signing and encryption, respectively. This exchange of session key is performed using NTLM or Kerberos authentication mechanism.
Branch Repeater has support for decrypting, followed by compression or decompression as it is a side BR BR client or server side and then eventually encrypt traffic for SMB signed and encrypted MAPI. This support is now available for both NTLM and Kerberos mechanisms.
How to configure SMB Branch Repeater for signed and encrypted MAPI optimization?
Branch Repeater uses the concept of 'Delegate user' to intercept the exchange of session keys between the client and the server and have access to the session key. Steps Branch Repeater devices for SMB signed and encrypted MAPI optimization are listed below with an illustration:
Step 1. user Configuration delegate in the current directory on the domain controller.
Step 2. Add BR server side Windows domain.
Step 3. Add the delegate user credentials BR server side.
Step 4. Configuring BR server side and client side BR as secure partners by building a secure tunnel between the two devices.
you can see that this easy -to-configure feature ensures a faster response time in the most commonly used desktop applications-and thus enables higher productivity.
0 Komentar