Tuesday, July 14, 2020

FSx for Windows File Service


FSx for Windows File Service
-         https://docs.aws.amazon.com/fsx/latest/WindowsGuide/what-is.html
-         Amazon FSx for Windows File Server provides fully managed, highly reliable, and scalable file storage that is accessible over the industry-standard Server Message Block (SMB) protocol
-         It is built on Windows Server, delivering a wide range of administrative features such as user quotas, end-user file restore, and Microsoft Active Directory (AD) integration
-         It offers single-AZ and multi-AZ deployment options, fully managed backups, and encryption of data at rest and in transit. You can optimize cost and performance for your workload needs with SSD and HDD storage options; and you can scale storage and change the throughput performance of your file system at any time. Amazon FSx file storage is accessible from Windows, Linux, and MacOS compute instances and devices running on AWS or on premises
-         REGIONAL. Primary and StandBy in different AZs.
-         Can be used on both Windows and Linux (as opposed to EFS – Linux only). Linux clients need to install CIFS plugin
-         Fileserver – network location for shared disc access
-         For Windows – need to join AD for authentication
-         Server MessageBlock (SMB) – network protocol for providing access to files; used mostly in Windows environments – Windows Files Server making file shares w clients
-         Common Internet Files System (CIFS) – version of SMB. Need CIFS client to run on Linux
-         Not for high performance computing, durable storage
-         For business-critical applications: home directories
-         Fully managed Windows File Service: SMB, NTFS, AD; uses SDD for storage
-         32G – 64 TiB
-         Good for: RM/ERP/.NET apps, Data analytics, media workflow, s/w build environment, MS SQL Server
-         Auto-backups into S3 once a day during the 30 min maintenance window, kept for 7 days. Within AZ. Can schedule manual.
-         When system is deleted – auto backups removed, manual retained
-         StandBy server – in another AZ. Failover within 30 sec
-         No automatic failover for Linux clients, only for Windows
-         Data always encrypted at rest – AWS KMS or customer’s key
-         In-transit encryption – use SMB3.0 or higher
-         Windows Shadow Copies – periodic point-in-time snapshots, stored in S3, included in backups of system
-         Manual backups – can be automated off CloudWatch events with Cron/Scheduled events to trigger a Lambda function with proper IAM role to initiate an FSx for Windows Server backup.
-         DFS Namespaces – Windows Distributed File Systems – group multiple file systems into one folder structure. Can be used to do combine 64 TiB FSx systems
-         Migrating data
          §  Create EC2, register it w the local on-premise AD (same AD as the local file storage is with)
          §  RoboCopy tool copies files and metadata
          §  Uses DFS to “burst” custom data onto the cloud
          §  Can do across accounts (VPS Peering / Transit G/w) OR regions
          §  Access via an ENI (DNS/IPv4). ENI Sec Group should allow for inbound:
                  §  TCP/UDP 445 (SMB)
                  §  TCL 135 (RPC – remote procedure call)
                  §  TCP/UDP 1024-65535 – ephemeral ports
                  §  Systems from which to migrate 
                  §  Outbound – to Sec Group of AWS Managed AD to which file systems need to join


No comments:

Post a Comment