Organizations that want to run Windows applications on the cloud are commonly looking for network file storage that’s fully compatible with their applications and their Windows environments. For example, enterprises use Active Directory for identification and Windows Access Control Lists for fine-grained control over access to folders and files, and their applications typically rely on storage that provides full Windows file system (NTFS file system) compatibility.
Amazon FSx for Windows File Server
Amazon FSx for Windows File Server fits all of these needs, and more. It was designed from the ground up to work with your existing Windows applications and environments, making lift-and-shift of your Windows workloads to the cloud super-easy. You get a native Windows file system backed by fully-managed Windows file servers, accessible via the widely adopted SMB (Server Message Block) protocol. Built on SSD storage, Amazon FSx for Windows File Server delivers the throughput, IOPS, and consistent sub-millisecond performance that you (and your Windows applications) expect.
Here are the most important things to know:
Accessibility & Protocol Support – You can access your shares from Amazon Elastic Compute Cloud (EC2) instances, Amazon WorkSpaces virtual desktops, Amazon AppStream 2.0 applications, and VMware Cloud on AWS. Versions 2.0 through 3.1.1 of SMB are supported, allowing you to use Windows versions starting from Windows 7 and Windows Server 2008, and current versions of Linux (via Samba). Active Directory integration is built in, allowing you to easily integrate with your existing enterprise environment.
Performance and Tunability – Amazon FSx for Windows File Server delivers consistent, sub-millisecond latency. You can set the file system size and throughput (in megabytes per second) independently, with plenty of latitude in each dimension. File systems can be as big as 64 TB, and can deliver up to 2,048 MB/second of throughput.
Management – Your file systems are fully managed and data is stored in redundant form within an AWS Availability Zone. You don’t have to worry about attaching and formatting additional storage devices, updating Windows Server, or recovering from hardware failures. Incremental file-system consistent backups are taken automatically every day, with the option to take additional backups when needed.
Security – You get multiple levels of access control and data protection. File system endpoints are created within Virtual Private Clouds (VPCs) and access is governed by Security Groups. Windows ACLs are used to control access to folders and files; IAM roles are used to control access to administrative functions, with administrative activities logged to AWS CloudTrail. Your data is encrypted in transit and (using a KMS key that you can control) at rest. The service is PCI-DSS compliant and can be used to build HIPAA-compliant applications.
Multi-AZ Deployment – You create file systems in distinct AWS Availability Zones, and can use Microsoft DFS to set up automatic replication and failover between them. You can also use Microsoft DFS Namespaces to create shared, common namespaces that span multiple file systems and provide up to 300 PB of storage.
Creating a File System
Amazon FSx for Windows File Server is easy to use. I start by confirming that I have a Active Directory with a Domain Controller in the VPC subnet (subnet-009a1149) where I plan to create my file system’s endpoints:
For testing purposes, I also have an EC2 instance running Windows in the same subnet:
I open the Amazon FSx Console, and click Create file system:
I choose my file system option:
I specify a name, size, optional throughput, and other parameters for my new file system, and click Review summary to proceed:
On another browser tab I verify that the security group for the file system is configured to allow connections from my EC2 instance on the desired ports (135, 445, and 55555):
On the next page I review the settings and the estimated monthly costs, and click Create file system. My file system starts out in the Creating status and transitions to Available in minutes:
I can see an overview at a glance:
And I can click the Network & Security tab to get the DNS name for my file system:
I copy the DNS name, hop over to my EC2 instance, open Explorer, and Map my file system (a shared named share is created automatically):
Then I can use it like any other share (I’m sure that your use case is better than mine, but perhaps not as historically significant):
Each file system includes one share (named share) automatically. I can connect to the file system and create additional shares using the standard Windows tools and wizards:
File-system consistent backups are made daily during the backup window for the file system, and are retained for up to 35 days, as specified when the file system was created. I can also make backups on an as-needed basis:
Amazon FSx for Windows File Server is available now and you can start using it today in the US East (N. Virginia), US East (Ohio), US West (Oregon), and Europe (Ireland) Regions, with expansion to other Regions planned for the coming months. Pricing is based on the amount of storage and throughput that you configure.