This step-by-step guide explains how to configure DFS Namespaces for Amazon FSx for Windows file servers.

Microsoft Distributed File System (DFS) Namespaces is mainly used to gather multiple file shares under a certain directory structure, enabling users to access different file shares from different file systems without having to access every file share separately.

DFS has been used for a long time to consolidate Windows Server file shares, and the same can be done with Amazon FSx for Windows Server file systems.

Prerequisites ^

  • Create an AWS-managed Microsoft AD or ensure there's an AD that is reachable by the AWS resources that will be created in this post.
  • Create a Windows Server EC2 instance that acts as a Namespaces server.
  • Join the EC2 instance to the AD (optional).

Create Amazon FSx file systems ^

Navigate to the Amazon FSx console.

Navigate to File systems, and click Create file system.

Create a file system

Create a file system

Create a file system

You will be redirected to the Select file system type screen. Select Amazon FSx for Windows File Server as the file system type.

Create a file system 1

Create a file system 1

Provide the following information about your file system:

FSx file system details

FSx file system details

Add your network and security settings.

FSx network security

FSx network security

Ensure that the security group attached to the FSx share allows incoming traffic from the EC2 instance that acts as the Namespaces server security group.

Windows authentication: Specify whether you use an AWS-managed AD or a self-managed AD. In this article, we use the first option, which we can specify from the drop-down list, as in the following screenshot. If you want to use the latter, you have to make sure that your AD domain controller and DNS server are reachable from the FSx subnets and that the required permissions have been delegated to the service account. If your AD has multiple sites, then ensure that your FSx subnets are associated with one specific site.

Also, you will have to specify a KMS encryption key, which is used to encrypt the data at rest. In this case, I chose the default.

FSx Windows authentication encryption

FSx Windows authentication encryption

The rest of the configuration settings are optional, but it is best practice to configure them:

Auditing: Generate audit logs for files and folders on which you have enabled audit controls. It can also log attempts to access file shares.

Access: You can list any custom DNS names that you want to associate with the file system.

Backup and Maintenance: You can choose to enable or disable backups for this share. If enabled, you can configure the frequency and maintenance windows in which the backup can take place.

Tags: Any metadata you would like to pass about the resource you're creating.

Click Next.

On the Summary page, verify your configuration.

Click Create file system.

Repeat the process for as many file systems as you would like to create.

Enable DFS Namespaces ^

Connect to the EC2 instance created earlier to enable DFS Namespaces on it.

Open Server Manager.

Click Manage > Add Roles and Features. This opens the Add roles and features wizard.

Select Role-based or feature-based installation and click Next.

Select the server and click Next.

Under the Server Roles section, select File and Storage Services > File and iSCSI services > DFS Namespaces.

Then follow the Next > Next > Finish approach.

Create a DFS Namespace ^

Open the DFS Management Console.

Under DFS Management in the left pane, right-click Namespaces and select New Namespace.

Create a namespace

Create a namespace

A new wizard is opened, where you need to specify the server that will act as a Namespace server. Click Browse, and specify the server name.

Specify the Namespace server

Specify the Namespace server

On the next screen, specify the Namespace name.

Specify the Namespace name

Specify the Namespace name

To change the local path of the Namespace shared folder and modify the folder permissions, click Edit Settings and make the required changes on the screen that is displayed.

Specify Namespace settings

Specify Namespace settings

On the next screen, you need to specify the namespace type. If you joined the namespace to AD, select Domain-based namespace. Otherwise, select Stand-alone namespace.

Specify Namespace type

Specify Namespace type

On the next screen, you can review the settings you've specified in the wizard so far, and click Create.

Add Amazon FSx for Windows file server shares to the namespace ^

Before adding the Amazon FSx for Windows file server shares, you need to get the DNS name of the file systems you created. To get them, go to the file system you created on the Amazon FSx console, click it, and copy the DNS name from under the Network & security section.

Now go to the Namespace server DFS Management console, right-click the namespace you just created, and click New Folder.

Add a share to the namespace

Add a share to the namespace

Specify a name for the folder, then click Add. Paste the DNS name of the file system you want to browse for the share. Select the share to map the folder you're creating to that share.

Map the folder to the target

Map the folder to the target

Repeat the same process for all the other shares you would like to map to a folder.

Mapped shares to Namespace folders

Mapped shares to Namespace folders

Connect to the namespace ^

To connect to the namespace, open File Explorer and navigate to the namespace.

Navigate to the namespace

Navigate to the namespace

Once accessed, you can view the different shares consolidated under the namespace.

Access shared folders mapped to the namespace

Access shared folders mapped to the namespace

Conclusion ^

In this article, we've gone through how to configure DFS Namespaces for Amazon FSx for Windows file servers where you can consolidate all the different file shares under a particular namespace. If you’ve got any further questions, please mention them in the comments.

Subscribe to 4sysops newsletter!

DISCLAIMER: This article represents my own viewpoints and not of my employer, Amazon Web Services.