Looking for some information on SMB3. If I use it to encrypt data in motion is it an all or nothing? Can it be setup so clients that support SMB3 will access it encrypted and clients that only support SMB2 can also access data on the shares unencrypted?
The smb3 encryption feature can be enabled two different ways - at the SVM level or share level. If applied at the SVM level it will require that all clients accessing SMB shares on the CIFS server be capable of negotiating encryption. This is a global setting that effectively requires its use. The second method by which it can be enabled is on a per share basis. If you have a mixed environment that contains clients who do and do not support SMB Encryption, this provides the most flexibility to using SMB encryption. This approach of both per SVM or per share is how Microsoft implemented the feature when the released SMB3.