SMB over QUIC

[MUSIC] Hey folks, Ned Pyle here again. Today, I’m going to talk about a new option coming to Windows server and Windows client, it’s called QUIC and it’s for the SMB protocol. What it will allow you to do is take your mobile users, your hybrid users, your traveling Internet users, and instead of using a VPN, tunnel your SMB traffic over this QUIC protocol which is a UDP, TLS, highly secure, easily firewall traversing protocol. But still get all your regular SMB goodness, the experience of mapping drives and everything, it won’t change a bit. So I’m going to go to a quick demo right now and show you how this works. A little demo environment here, I have just some files lying around, I’m going to map a drive here.

00:58 - I’ve got a VM running inside of Azure, running as an Azure IaaS VM here in the US West 2 data center. I’ll go ahead and put in some credentials that would ordinarily work just fine against that machine, and try to map a drive to it using Windows Explorer’s Drive Mapping dialog which would be using SMB. So I’m tempted to connect and it’s sitting here and it’s not going to be able to connect because it can’t use SMB over the Internet, not reliably. So my Internet experience there is just not very good, it just acted like my password was no good, that’s not particularly helpful. So now I’ve turned on QUIC and I’m going to map a drive to that same exact machine using those same exact credentials.

01:48 - But now this time instead of using TCP and SMB to connect over the Internet, I’m using QUIC port 443 to contain all of my SMB traffic, including that authentication against that machine, and you can see on my network capture there I’ve already connected. You can see Explorer has now mapped the drive and opened it up. So that exact same machine and my exact same client are now working just fine over the web using SMB with no problems of bumping into port 445 being blocked, or firewalls not allowing SMB traffic to work because I’m entirely encapsulated inside of QUIC UDP traffic. If I open up a file here, you can see it’s actually just working fine, you can see that traffic is moving along using what appears to be UDP. It’s entirely encrypted there’s no way to look at these and see any contents of it.

02:43 - But actually inside of all that is your old favorite SMB2 protocol, I just can’t see it because it’s not actually on the wire in the row. So that was the demo on QUIC with SMB. For more information, there’s a URL somewhere on the screen right now and you’d be able to look at that, learn more about where this is available, and when we will give it to you. See you later. .