AWS Storage Blog
Windows home directories made easy with Amazon FSx
Managing file servers and Network Attached Storage (NAS) file systems, serving file shares and home directories, can result in significant administrative overhead and complexity. The file systems require patching and maintenance on a scheduled basis. When file systems are hosted on physical infrastructure, it can become even more time consuming and costly when scaling out capacity is required. Amazon FSx for Windows File Server (Amazon FSx) removes that administrative overhead.
Amazon FSx provides a fully managed native Microsoft Windows file system that enables you to share your user home directories and user file shares to end users. Those end users can be authenticated to Microsoft Active Directory on Amazon EC2, Amazon WorkSpaces, Amazon AppStream 2.0, and VMs running in VMware Cloud on AWS. They can also be authenticated to Microsoft Windows compute instances running on-premises connected over AWS Direct Connect or AWS VPN using the SMB protocol (figure 1). Built on Windows Server, Amazon FSx provides shared Windows file systems that are highly available and durable storage with integration to Microsoft Active Directory and supports Windows ACLs.
In this post, I walk you through using Amazon FSx to provide user home directories and file shares without the overhead of setting up, managing, and backing up Windows File Servers. Amazon FSx includes automatic durable daily backups and support for end users to restore individual files and folders to previous versions using Windows shadow copies. You’re able to provision an Amazon FSx file system in minutes. Moreover, you can provide access to thousands of end users by mounting home directories on-premises over the use of AWS Direct Connect or AWS VPN.
Figure 1: reference architecture connecting a Windows client to an Amazon FSx file system over AWS Direct Connect
How do I set up an Amazon FSx home directory file share?
First, you must create the Amazon FSx file system. Do this with an AWS account that has permissions necessary to create an Amazon FSx file system from the AWS Management Console. Follow Amazon FSx documentation for detailed steps. When you provision your file system for hosting your home directories, create the capacity of the file system and baseline throughput according to your file system’s requirements. When provisioning an Amazon FSx file system, a recommended throughput capacity setting is based off of your chosen storage capacity. If you need more throughput capacity, choose Specify throughput capacity and then choose a value.
If you’re migrating existing home directory shares to an FSx for Windows File Server, AWS DataSync supports Amazon FSx with SMB file share support as a transfer mechanism. This enables you to migrate your data from your existing on-premises or EC2 Windows File Servers to Amazon FSx for Windows File Server file systems. It also enables you to securely move large amounts of data into and out of Amazon FSx. Jeff Bar recently published a blog post on how to setup and configure DataSync to transfer data into an FSx for Windows File Server file system.
Amazon FSx provides a Domain Name Service (DNS) name for every file system using DNS integrated with Microsoft Active Directory. To look up the DNS name of the Amazon FSx file system, open the Amazon FSx Console and select the file system you created in the Create a file system section. Click the Network & Security tab (figure 2). Then copy the DNS name of the file system.
Figure 2: Amazon FSx file system DNS name
Next, connect to your Windows instance as a user that is a member of the file system administrators group. Open the Shared Folders GUI tool from the Windows Start menu and run fsmgmt.msc
(figure 3). From the Action menu, select Connect to another computer and enter the Domain Name System (DNS) name of your Amazon FSx file system. Once connected, create a new file share for the root home directory folder.
Figure 3: Shared Folders GUI
Open up Active Directory Users and Computers (figure 4). Select all the users that you would like to set up a home folder and right-click and select Properties. From here, go to the profile tab and set the home folder path. Provide a path to the Amazon FSx file system and root home directory folder you created in the previous step in the format\\fs-012345678901234567.myad.com\<FolderName>\%username%
and click Apply.
Figure 4: Active Directory Users and Computers
When a user logs into a Microsoft Windows domain joined instance, they have a drive mapped to their home directory folder (figure 5).
Figure 5: Windows Explorer
Summary
In this post, we reviewed how FSx for Windows File Server fully managed native Windows file systems can be used to host user home directories and user file shares. We walked through the steps to create and map a user home directory from and FSx for Windows File Server file system when they log into a Windows instance. Now that you are serving your user home directories from Amazon FSx, you no longer need to patch and maintain file server infrastructure since this overhead is taken care of. Stay tuned for a future follow-up blog post where I’ll cover in depth migrating file share’s to an Amazon FSx for Windows File Server file system using AWS DataSync.
If you have any questions, please leave a comment. As always, thank you for reading!