How to secure Microsoft file sharing in an MSAD environment over SMB3 using Bloombase StoreSafe


In this video, we will demonstrate how to configure Bloombase with MSAD and secure Microsoft Windows Storage Server over SMB3 Bloombase provides data-at-rest encryption by acting as storage firewall in between client and Windows Storage Server Windows Server 2019 is used as the Storage Server Create a shared folder which needs to be secured by Bloombase Configure the share to allow SMB3 encryption or data access encryption Domain controller is configured on Windows Server 2019 Add Bloombase hostname and IP address on DNS Manager Create a new user which will be used as delegated user Add service principal names to delegated user Trust this user for delegation to any service with Kerberos Access Bloombase admin console Configure DNS Setup time and make sure it is sync with other servers (DC, storages, clients) Access Bloombase Web Management Console Configure user authenticator Input all details of the domain Input service principal name and its respective delegated user password Configure physical storage Input all details of the backend share Configure virtual storage Select file for mode and SMB for protocol Choose physical storage that will be used as backend storage Select privacy for protection type Choose the encryption key Choose the encryption algorithm Give access control to appropriate user Start the virtual storage Enable SMB3 encryption on Bloombase Login to client machine with a user that has access to virtual storage Access Bloombase virtual share Create a file on Bloombase virtual share Confirm SMB3 encryption between Bloombase and Client At the backend Windows Storage, file has been seamlessly encrypted by Bloombase Confirm SMB3 encryption between Bloombase and Windows Storage Server

Leave a Reply

Your email address will not be published. Required fields are marked *