How to Set Up Amazon FSx for Windows File Server
For organizations looking to use Amazon Web Services to get highly available storage for their Windows applications with full Server Message Block (SMB) support, AWS FSx for Windows File Server is the platform’s native option. Typical use cases are client-mapped drives, file shares for application integrations, and user home directories.
In this guide, we’ll go through the steps required to set up Amazon FSx for Windows File Server.
What is Amazon FSx for Windows File Server?
Even though SMB file shares are typically used within Windows enterprise environments, it is also possible to use AWS FSx for Windows File Server to provide file systems for Linux and macOS.
Amazon FSx for Windows File Server provides high levels of throughput and IOPS and consistent sub-millisecond latency. Performance can be further improved for end-users by using Amazon FSx File Gateway. This tool optimizes access to FSx file shares from on-premises environments by maintaining a local cache of frequently accessed data.
Data stored on the file system is automatically encrypted at rest, with encryption keys stored in the AWS Key Management Service (AWS KMS). Data in transit is also automatically encrypted using SMB Kerberos session keys, a standard component of the SMB protocol. Overall, AWS FSx for Windows File Server provides enough options to help your organization meet its regulatory requirements (ISO, HIPAA, and so on).
When choosing high availability options, there are two possible choices, just like for most AWS services:
- Single Availability Zone (AZ) file systems provide a 99.5% Service Level Agreement (SLA) within a single availability zone.
- Multi-AZ file systems provide a 99.99% SLA across multiple availability zones.
SSD and HHD storage options are available for all deployments, and the chosen throughput capacity will determine baseline network speeds and costs (the greater the capacity, the greater the throughput, the greater the cost). You can calculate your Amazon FSx for Windows File Server and architecture costs on the AWS website.
Once provisioned, access to the SMB file share is made from within the Amazon Virtual Private Cloud (VPC), peered VPCs, or from on-premises networks connected using AWS Direct Connect. AWS FSx file systems are also backed up using Microsoft’s Windows Volume Shadow Copy Service (VSS), and there are also daily automatic backups on Amazon S3 storage for high durability.
AWS FSx for Windows File Server requires a directory service: It’s integrated with Windows Server Active Directory (either AWS-managed or self-managed) to allow a familiar experience for managing NTFS access control lists (ACLs). Thanks to the integration with Active Directory, Distributed File System (DFS) namespaces can also be used to organize multiple file systems under a single namespace.
Additionally, if your organization is looking to move data from on-premises environments to AWS FSx for Windows server, then AWS DataSync can be used to migrate that data.
Amazon FSx for Windows File Server prerequisites
To provision FSx for Windows, an AWS subscription is required. You’ll also need an Amazon VPC and an Amazon EC2 instance running Windows Server in the VPC.
As we previously explained, Amazon FSx works with Microsoft’s Active Directory to perform user authentication and access control. You’ll join your Amazon FSx file system to an Active Directory service while creating it. This Active Directory can either be an AWS-managed AD or a ‘self-hosted’ one (the likely choice if you already have an enterprise network with AD).
If you’re using a self-hosted Active Directory service, connectivity between AD and its DNS servers must be enabled to the Amazon VPC. In addition, a service account with delegated permissions to join computers to the domain is required.
How to set up Amazon FSx for Windows File Server
Now you understand the prerequisites for FSx for Windows, let’s look at how to set it up.
Creating an Amazon FSx for Windows File Server
To create an AWS FSx for Windows files system, start by logging into the AWS portal and search for FSx.
Select Create File System, then select Amazon FSx for Windows File Server.
On the configuration screen, you can choose the details of your deployment. First of all, select a name for the files system, the availability configuration, the storage type (HDD storage or SSD storage), and storage capacity. Note that the throughput capacity is determined based on the storage capacity that you provided for your file system.
Next, configure the network integration options. Here, you can choose to deploy Amazon FSx for Windows File Server into the same VPC as your AWS-managed AD (or one that is connected using VPC peering). If you have selected a Multi-AZ configuration, then you will be asked to provide a preferred and standby subnet. However, a Single-AZ configuration only requires one subnet.
To manage access toAmazon FSx for Windows File Server, an integration with an Active Directory service is required. If you already have an Active Directory on your network, then select Self-Managed Microsoft Active Directory.
Here, you can enter the prerequisite information that you already have, including domain information plus the service account created with delegated permissions to join computers to the domain. In this example, we will be using AWS Managed Microsoft AD.
Here, data at rest encryption will use the AWS platform-managed key by default, but you have the option to select a different key if needed.
Next, you’ll find optional configuration options for auditing, DNS names, and backups. Once you’re done going through these settings, click Next.
When provisioning is completed, your FSx file system will be available to use. Note that you must wait for the status to change to ‘Available’ to get started.
Accessing Amazon FSx file system from Windows Server
To access the file system from Windows Server, you must first ensure that your workstation is joined to the same AD domain and that DNS resolution is working correctly. You must also ensure that any security groups applied to the server or file system allow connectivity.
Once this has been confirmed, get the file system name from the AWS portal. In this example, it’s amznfsxeeqgpvv1.petridemo.net, but you may configure a more friendly alias if you want to.
Using this DNS name, you will be able to use a UNC path to access the file system or map a drive.
By default, a single Windows file share named ‘Share‘ is created. That folder and its subfolders are accessible to your compute instances via the Server Message Block (SMB) protocol.
To manage shared files on the FSx for Windows File System, you can use the ‘Shared Folders‘ (fsmgmt.msc) Windows tool.
You can use this Shared Folders tool to create, update or remove shared folders, and manage shared permissions.
Summary
Amazon FSx for Windows File Server provides a great option for migrating data and enterprise applications to the AWS cloud, all while retaining access to the familiar administration tools for managing SMB shares in a Windows environment. Provisioning and migrating data to Amazon FSx for Windows File server is pretty straightforward, and the AWS service provides scalable capacity and performance while reducing the overhead of managing the underlying AWS infrastructure.
Related article: