Amazon FSx for Windows File Server Features

Overview

Amazon FSx for Windows File Server makes it easy for you to launch and scale reliable, performant, and secure shared file storage for your applications and end users. With Amazon FSx, you can launch highly durable and available file systems that can span multiple availability zones (AZs) and can be accessed from up to thousands of compute instances using the industry-standard Server Message Block (SMB) protocol. It provides a rich set of administrative and security features, and integrates with Microsoft Active Directory (AD). To serve a wide spectrum of workloads, Amazon FSx provides high levels of file system throughput and IOPS and consistent sub-millisecond latencies.

Benefits of Amazon FSx for Windows File Server

Amazon FSx is built on Windows Server, providing a rich set of administrative features that include end-user file restore, user quotas, and Access Control Lists (ACLs). With Windows Server's native support for the SMB protocol, Windows-based applications have access to fully-compatible shared file storage. And since SMB file shares can also be accessed from Linux and MacOS, any application or user can access the storage regardless of operating system. To control user access, Amazon FSx integrates with your on-premises Microsoft Active Directory as well as with AWS Microsoft Managed AD.

By supporting the SMB protocol, Amazon FSx can connect your file system to Amazon EC2, Amazon ECS, VMware Cloud on AWS, Amazon WorkSpaces, and Amazon AppStream 2.0 instances. Amazon FSx supports all Windows versions starting from Windows Server 2008 and Windows 7, and current versions of Linux and MacOS. Amazon FSx also supports on-premises access via AWS Direct Connect or AWS VPN, and access from multiple VPCs, accounts, and regions using VPC Peering or AWS Transit Gateway. Amazon FSx File Gateway provides efficient, low-latency on-premises access with a local cache for frequently accessed file data.

Because Amazon FSx is a fully managed service, it makes it simple to launch and scale reliable, performant, and secure shared file storage in the cloud. In minutes, you can easily create Amazon FSx file systems that span multiple AZs by using the AWS Management Console, AWS CLI, or AWS SDK. Amazon FSx sets up and provisions file servers and storage volumes, replicates data, manages failover and failback, and eliminates much of the need for administrative overhead. Amazon FSx also takes care of Windows Server software updates.
You can easily move your self-managed file systems to fully managed Windows storage on Amazon FSx in minutes with AWS DataSync. Integration with AWS DataSync automates and accelerates copying data over the internet or AWS Direct Connect, and copies your files together with file attributes and metadata.

Performance and scale

Amazon FSx for Windows File Server is designed to deliver fast, predictable, and consistent performance by providing multiple GB/s of throughput and hundreds of thousands of IOPS per file system. It is built on the latest AWS compute, disk, and networking technologies, providing fast, consistent sub-millisecond latencies for file operations with even lower latencies for frequently accessed data.

Amazon FSx for Windows File Server delivers up to 21 gigabytes per second (GB/s) of throughput and millions of IOPs for frequently-accessed cached data. For data accessed from persistent disk storage, FSx for Windows file systems delivers up to 12 GB/s and up to 350,000 IOPS. You can also enable data compression on your file system to help increase your effective throughput.

Amazon FSx for Windows File Server supports simultaneous access from up to thousands of clients so that you can deliver shared, high-performance file storage for users or applications at scale. And FSx for Windows supports SMB Multichannel, enabling you to get up to the full throughput and IOPS levels for your file system even for just a single client.

Administration and management

With Amazon FSx for Windows File Server, you have full flexibility and control over how you administer your file systems. You can manage your file systems using the AWS Management Console, AWS Command Line Interface (AWS CLI), and AWS SDK. You also have access to a rich set of Windows Server administrative features including end-user file restore, user quotas, and Access Control Lists (ACLs).

Amazon FSx for Windows File Server integrates with your on-premises Microsoft Active Directory or AWS Microsoft Managed AD to let you control user access; with AWS CloudTrail to let you monitor and log administration actions; with Amazon CloudWatch to let you monitor file system storage and performance; with AWS CloudFormation to let you model, provision, and manage file systems efficiently; with AWS Backup to let you create policy-driven backup plans; with Amazon Kendra to let you index and search documents stored on your file systems; and with Amazon ECS to enable persistent, shared storage for containerized applications.

Security and compliance

All Amazon FSx file system data is automatically encrypted at rest and in transit. Encryption of data at-rest uses keys managed with AWS Key Management Service (AWS KMS). Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. You can also choose to enforce encryption of data in-transit on all connections to your file systems for compliance needs. Amazon FSx automatically encrypts data-in-transit using SMB Kerberos session keys, when accessed from compute instances that support SMB protocol 3.0 or newer. This includes all Windows versions starting from Windows Server 2012 and Windows 8, and all Linux clients with Samba client version 4.2 or newer.

AWS has the longest-running compliance program in the cloud and is committed to helping customers navigate their requirements. Amazon FSx has been assessed to meet global and industry security standards. It complies with PCI DSS, ISO 90012700127017, and 27018), and SOC 1, 2, and 3, in addition to being HIPAA eligible. Amazon FSx for Windows File Server is also FedRAMP compliant. That makes it easier for you to verify our security and meet your own obligations. For more information and resources, visit our compliance pages. You can also go to the Services in Scope by Compliance Program page to see a full list of services and certifications.

Amazon FSx supports identity-based authentication over SMB through Microsoft Active Directory (AD). When creating your Amazon FSx file system, you join it to your Microsoft AD -- either an AWS Managed Microsoft AD or your self-managed Microsoft AD. Your users can then use their existing AD-based user identities to authenticate themselves and access the Amazon FSx file system, and to control access to individual files and folders.

Amazon FSx supports Windows Access Control Lists (ACLs) for fine-grained file and folder access control. For network-level access control, you can use Amazon Virtual Private Cloud (Amazon VPC) security groups to control access to your Amazon FSx resources. Amazon FSx is integrated with AWS Identity and Access Management (IAM) to control the actions that your AWS IAM users and groups can take on specific Amazon FSx resources. Amazon FSx integrates with AWS CloudTrail to monitor and log administration actions. Amazon FSx also offers user storage quotas to monitor and control user-level storage consumption.

You access your Amazon FSx file system from your Amazon VPCs. You can configure firewall settings and control network access to your Amazon FSx file systems using Amazon VPC Security Groups and VPC Network ACLs.

Amazon FSx supports auditing end-user access to your files, folders, and file shares using Windows event logs. Logs are published to Amazon CloudWatch Logs or streamed to Amazon Kinesis Data Firehose, enabling you to view and query logs on CloudWatch Logs, archive logs in Amazon S3, trigger Lambda functions to take reactive actions, or perform post-processing on AWS Partner solutions such as Splunk and Datadog. 

Availability and durability

To ensure high availability and durability, Amazon FSx automatically replicates your data within an Availability Zone (AZ) it resides in (which you specify during creation) to protect it from component failure, continuously monitors for hardware failures, and automatically replaces infrastructure components in the event of a failure. Amazon FSx offers single AZ and multi-AZ deployment options for your Windows file-based workloads.

Amazon FSx offers a multiple availability (AZ) deployment option, designed to provide continuous availability to data, even in the event that an AZ is unavailable. Multi-AZ file systems include an active and standby file server in separate AZs, and any changes written to disk in your file system are synchronously replicated across AZs to the standby. During planned maintenance, or in the event of a failure of the active file server or its AZ, Amazon FSx automatically fails over to the standby so you can resume file system operations without a loss of availability to your data.

High Availability (HA) Microsoft SQL Server is typically deployed across multiple database nodes in a Windows Server Failover Cluster (WSFC), with each node having access to shared file storage. With support for Continously Available (CA) file shares, Amazon FSx enables you to provide highly-available shared file storage for these clusters.

Data protection

To help ensure that your data is protected, Amazon FSx automatically takes highly durable, file-system consistent daily backups to S3. Amazon FSx uses the Volume Shadow Copy Service (VSS) to make your backups file system-consistent. You can take additional backups of your file system at any point.

To enable end-users to easily undo changes and compare file versions, Amazon FSx supports restoring individual files and folders to previous versions using Windows shadow copies.

To meet enterprise compliance and data protection requirements, Amazon FSx is integrated with AWS Backup allowing you to create scheduled, policy-driven backup plans for your Amazon FSx file systems.

To provide additional layers of data protection and meet business continuity, disaster recovery, and compliance requirements, you can copy your Amazon FSx file system backups across AWS Regions, AWS accounts, or both.

Cost-effectiveness

Amazon FSx provides two types of storage – Hard Disk Drives (HDD) and Solid State Drives (SSD) – enabling you to optimize cost and performance to meet your workload needs. HDD storage is designed for a broad spectrum of workloads, including home directories, user and departmental shares, and content management systems. SSD storage is designed for the highest-performance and most latency-sensitive workloads, including databases, media processing workloads, and data analytics applications.

You pay only for the resources you use, with no minimum commitments, licensing costs, or up-front fees. You are billed hourly for your Amazon FSx file systems, based on your configured storage capacity (priced per GB-month), your level of SSD IOPS above the default 3 IOPS that are included for every GB of SSD storage (per IOPS-mo), and your throughput capacity (priced per MBps-month). You are billed hourly for your backup storage (priced per GB-month). For more details, see the Amazon FSx pricing page.

You can enable data deduplication and compression to automatically reduce costs associated with redundant data by storing duplicated portions of your dataset only once. Typical savings average 50-60% for general purpose file shares, 30-50% savings for user documents, and 70-80% savings for software development data sets.

Amazon FSx offers user quotas to monitor and control user-level storage consumption on your file systems for use cases such as cost allocation across teams and limiting storage consumption on a user-level.

Amazon FSx for Windows File Server offers multiple throughput capacity levels that you can choose from, allowing you to cost-optimize for the performance your workloads require. You can also optionally provision higher levels of IOPS as needed, independently from the storage and throughput capacity of your file system, allowing you to pay only for the IOPS you need.