- EC2 Image Builder: Build your golden VM images on AWS - Wed, Jan 19 2022
- Configuring DFS Namespaces for Amazon FSx for Windows file servers - Fri, Jan 7 2022
- AWS Systems Manager Session Manager: Securely connect EC2 instances - Wed, Dec 22 2021
Microsoft Distributed File System (DFS) Namespaces is mainly used to gather multiple file shares under a certain directory structure, enabling users to access different file shares from different file systems without having to access every file share separately.
DFS has been used for a long time to consolidate Windows Server file shares, and the same can be done with Amazon FSx for Windows Server file systems.
Prerequisites
- Create an AWS-managed Microsoft AD or ensure there's an AD that is reachable by the AWS resources that will be created in this post.
- Create a Windows Server EC2 instance that acts as a Namespaces server.
- Join the EC2 instance to the AD (optional).
Create Amazon FSx file systems
Navigate to the Amazon FSx console.
Navigate to File systems, and click Create file system.
Create a file system
You will be redirected to the Select file system type screen. Select Amazon FSx for Windows File Server as the file system type.
Provide the following information about your file system:
Add your network and security settings.
Ensure that the security group attached to the FSx share allows incoming traffic from the EC2 instance that acts as the Namespaces server security group.
Windows authentication: Specify whether you use an AWS-managed AD or a self-managed AD. In this article, we use the first option, which we can specify from the drop-down list, as in the following screenshot. If you want to use the latter, you have to make sure that your AD domain controller and DNS server are reachable from the FSx subnets and that the required permissions have been delegated to the service account. If your AD has multiple sites, then ensure that your FSx subnets are associated with one specific site.
Also, you will have to specify a KMS encryption key, which is used to encrypt the data at rest. In this case, I chose the default.
The rest of the configuration settings are optional, but it is best practice to configure them:
Auditing: Generate audit logs for files and folders on which you have enabled audit controls. It can also log attempts to access file shares.
Access: You can list any custom DNS names that you want to associate with the file system.
Backup and Maintenance: You can choose to enable or disable backups for this share. If enabled, you can configure the frequency and maintenance windows in which the backup can take place.
Tags: Any metadata you would like to pass about the resource you're creating.
Click Next.
On the Summary page, verify your configuration.
Click Create file system.
Repeat the process for as many file systems as you would like to create.
Enable DFS Namespaces
Connect to the EC2 instance created earlier to enable DFS Namespaces on it.
Open Server Manager.
Click Manage > Add Roles and Features. This opens the Add roles and features wizard.
Select Role-based or feature-based installation and click Next.
Select the server and click Next.
Under the Server Roles section, select File and Storage Services > File and iSCSI services > DFS Namespaces.
Then follow the Next > Next > Finish approach.
Create a DFS Namespace
Open the DFS Management Console.
Under DFS Management in the left pane, right-click Namespaces and select New Namespace.
A new wizard is opened, where you need to specify the server that will act as a Namespace server. Click Browse, and specify the server name.
On the next screen, specify the Namespace name.
To change the local path of the Namespace shared folder and modify the folder permissions, click Edit Settings and make the required changes on the screen that is displayed.
On the next screen, you need to specify the namespace type. If you joined the namespace to AD, select Domain-based namespace. Otherwise, select Stand-alone namespace.
On the next screen, you can review the settings you've specified in the wizard so far, and click Create.
Add Amazon FSx for Windows file server shares to the namespace
Before adding the Amazon FSx for Windows file server shares, you need to get the DNS name of the file systems you created. To get them, go to the file system you created on the Amazon FSx console, click it, and copy the DNS name from under the Network & security section.
Now go to the Namespace server DFS Management console, right-click the namespace you just created, and click New Folder.
Specify a name for the folder, then click Add. Paste the DNS name of the file system you want to browse for the share. Select the share to map the folder you're creating to that share.
Repeat the same process for all the other shares you would like to map to a folder.
Connect to the namespace
To connect to the namespace, open File Explorer and navigate to the namespace.
Once accessed, you can view the different shares consolidated under the namespace.
Conclusion
In this article, we've gone through how to configure DFS Namespaces for Amazon FSx for Windows file servers where you can consolidate all the different file shares under a particular namespace. If you’ve got any further questions, please mention them in the comments.
Subscribe to 4sysops newsletter!
DISCLAIMER: This article represents my own viewpoints and not of my employer, Amazon Web Services.