Provisioning Amazon FSx for Windows File Server

Common requirements for running Windows workload includes, the use of Active Directory for identification and Windows Access Control Lists for fine-grained control over access to folders and files. The enterprise applications typically rely on storage that provides full Windows file system (NTFS file system) compatibilities.  

Amazon FSx for Windows File Server fits all of these requirements and more. It was designed from the ground up to work with your existing Windows applications and environments, making lift-and-shift of your Windows workloads to the cloud super-easy. You get a native Windows file system backed by fully-managed Windows file servers.

Amazon FSx for Windows File Server provides fully-managed, highly reliable, and scalable file storage that is accessible over the industry-standard “Server Message Block (SMB)” protocol. It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration.Amazon FSx for Windows File Server offers the following options:

• Single-AZ or Multi-AZ Deployment
• Fully Managed Backups
• Encryption at Rest & Encryption in Transit
• SSD and HDD Storage Options

You can optimize cost and performance for your workload needs as well as you can scale storage and change the throughput performance of your file system at any time. Amazon FSx file storage is accessible from Windows, Linux, and macOS compute instances and devices running on AWS or on-premises.

Let’s look at a few other salient features of Amazon FSx for Windows File Server, they are very important to consider for running Widows workload on AWS:

Accessibility & Protocol Support: Amazon FSx for Windows File Server allows accessing shares from Amazon Elastic Compute Cloud (EC2) instances, Amazon WorkSpaces virtual desktops, Amazon AppStream 2.0 applications, and VMware Cloud on AWS. Versions 2.0 through 3.1.1 of SMB are supported, making it suitable for running Windows versions starting from Windows 7 and Windows Server 2008, and current versions of Linux (via Samba). Built-in Active Directory integration makes it easy to integrate with your existing enterprise environment.

Performance and Tunability: Amazon FSx for Windows File Server is designed to deliver consistent, sub-millisecond latency. You can set the file system size and throughput (in megabytes per second) independently, with plenty of latitude in each dimension. File systems can be as big as 64 TB and can deliver up to 2,048 MB/second of throughput.

Management: As a fully managed service, your data is stored in the redundant form within an AWS Availability Zone. This removes the worries about attaching and formatting additional storage devices, updating Windows Server, or recovering from hardware failures. Incremental file-system consistent backups are taken automatically every day, with the option to take additional backups when needed.

Security: To ensure enterprise-grade security, Amazon FSx for Windows File Server provides multiple levels of access control and data protection. File system endpoints are created within Virtual Private Clouds (VPCs) and access is governed by Security Groups. Access to folders and files is controlled by Windows ACLs; administrative functions access is controlled by IAM roles, with administrative activities logged to AWS CloudTrail for audit purposes. Data encryption (using KMS keys) in transit and at rest gives you more control over encryption for compliance and regulatory purposes. The service is PCI-DSS compliant and can be used to build HIPAA-compliant applications.

Multi-AZ Deployment: Amazon FSx for Windows File Server allows you to create file systems in distinct AWS Availability Zones, and can use Microsoft DFS to set up automatic replication and failover between them. You can also use Microsoft DFS Namespaces to create shared, common namespaces that span multiple file systems and provide up to 300 PB of storage.

With enough theory, let’s get our hands dirty with Amazon FSx for Windows File Server provisioning. 

Step-1: First of all let’s confirm we have Active Directory with a Domain Controller in the VPC subnet where we plan to create our file system’s endpoints.

Step-2: Let’s create an EC2 instance in the same subnet for the testing purpose.

Step-3: Now we will create file system, go to Amazon FSx Console, and click Create file system.

From given file system options, we will select Amazon FSx for Windows File Server and click on Next button.

Next we specify name, size, optional throughput, and other parameters for our new file system, and click Review summary to proceed.

On another browser tab we can verify that the security group for the file system is configured to allow connections from my EC2 instance on the desired ports (135, 445, and 55555):

Next after reviewing the settings and the estimated monthly costs, and click Create file system. The file system starts out in the Creating status and transitions to Available in few minutes.

Now we can verify that our file system is created as per our configurations.

Let copy the DNS name of our file-system from the Network & Security tab.

Step-4: Let’s map our FSx file-system on EC2 instance created earlier for test purpose. Login to EC2 instance and open Explorer, and Map my file system (a shared named share is created automatically).

One file-system is mapped we can use it like any other share. Each file system includes one share (named share) automatically. We can connect to the file system and create additional shares using the standard Windows tools and wizards:

Step-5: Amazon FSx for Windows File Server file-system backed-up daily in specified back-up window. These backups are retained for 35 days. We can manually take backup whenever required. Go to AWS Amazon FSx for Windows File Server console and select “Create backup” option from “Action” drop-down of file-system. 

Credit: Images and content courtesy to AWS blog, AWS website and Unsplash.