- EC2 Image Builder: Build your golden VM images on AWS - Wed, Jan 19 2022
- Configuring DFS Namespaces for Amazon FSx for Windows file servers - Fri, Jan 7 2022
- AWS Systems Manager Session Manager: Securely connect EC2 instances - Wed, Dec 22 2021
- Amazon FSx for Windows File Server: Provides a fully managed Windows file server, backed by a fully native Windows file system
- Amazon FSx for Lustre: Used for workloads that require fast storage, such as high-performance computing
Prerequisites
- Create a security group with rules that will allow traffic to the FSx file system from the resources that need to reach it.
- Ensure there's an AWS Managed Microsoft AD or self-managed AD that is up and running, to be used for the file system's Windows authentication.
- If you're planning to access the Amazon FSx file system from your on-prem network, you will need a VPN or AWS Direct Connect to the FSx file system's VPC.
Create a file system
Navigate to AWS FSx console and click File systems.
Click Create file system.
Creating a file system
You are prompted to select the file system you want. Select Amazon FSx for Windows File Server and click Next.
Selecting the FSx for Windows File Server file system option
Under the File system details section, specify the following:
- File system name: Specify a name for your file system to make it easier to find and manage.
- Deployment type: Specify the type of Availability Zone (AZ) in which you want to deploy it. A multi-AZ ensures data availability in the event an AZ is inaccessible. Single-AZ offers two options: Single-AZ 2 is the latest Single-AZ FSx deployment type and leverages cost-optimized HDD storage; Single-AZ 1 supports the use of Microsoft Distributed File System Replication (DFS-R).
- Storage type: Specify the type of storage you want to use for this file system, either SSD or HDD.
- Storage capacity: Specify the amount of data that can be stored on the file system.
- Throughput capacity: Set the sustained speed at which the file server hosting your file system can serve data. All file systems can burst to higher speeds for periods of time. You can either select the recommended throughput capacity, which is picked based on the storage capacity that you provided for your file system, or you can customize the throughput capacity.
Specifying File system details
Under the Network & security section, specify the following:
- VPC: The VPC in which the file system will be created.
- VPC Security Groups: Specify the security group created earlier.
- Preferred Subnet and Standby Subnet: Specify the subnets on which you would like to provision the file system.
Configuring file system network and security
In the Windows authentication section, specify whether to use AWS Managed Microsoft AD or Self-managed Microsoft AD to provide user authentication and access control for your file system. In this article, I will be using an AWS Managed AD.
Configuring file system Windows authentication
In the Encryption section, specify an encryption key to encrypt your data at rest. Amazon FSx encrypts data in transit using SMB Kerberos session keys when you access your file system from compute instances that support the server message block (SMB) protocol, version 3.0 or newer.
Specifying file system encryption key
In the Access section, you can enable access to Amazon FSx from DNS names other than the default that Amazon FSx creates by registering DNS aliases for your Amazon FSx for Windows file server file systems.
Note: To access your file system using a DNS alias, you must also configure service principal names (SPN) and update or create a DNS CNAME record for the file system and DNS alias.
In the Backup and maintenance section, specify whether to enable the daily automatic backup, its window, for how long to retain it, and the weekly maintenance window within which any patching or maintenance task will be performed.
Configuring backup and maintenance
Finally, specify the tags to assign to this AWS resource and click Next. You are redirected to the summary page, where you can see your entire configuration. Click Create file system.
Access the file system
Once the file system is created, navigate to Network & security, and copy the DNS name. Then open the file explorer window and paste the DNS name in the search bar, using two backslashes \\ before it. For example: \\AmazonFSxDNSName. By default, the FSx share name is share.
Subscribe to 4sysops newsletter!
Conclusion
In this article, I explained how to create a fully managed Windows file server on AWS using Amazon FSx. If you have any further questions, please ask in the comments below.
