Step 4: Building file servers

Author: Dean Suzuki (Last Updated: 8/23/20)

Abstract

Up to this point, you have deployed a secure network infrastructure, and Active Directory. In this step, you will deploy Windows file services so that you users can have a location to store their files (e.g. project shares, home folders, etc.). AWS provides a fully managed, native Windows file serving service called Amazon FSx for Windows File Server. With Amazon FSx for Windows File Server, AWS creates Windows file servers and fully manages the hardware and software for our customers. Customers don’t have to worry about patching and backing up the file servers or monitoring and repairing the hardware if any issues arise.

Amazon FSx for Windows File Server provides a broad set of capabilities:

  • Encryption in transit and at rest

  • High availability within an availability and across availability zones

  • Compliance certifications (ISO, SOC, PCI-DSS, HIPAA)

  • Active directory support

  • Microsoft Distributed File System (DFS) support

  • Data deduplication

  • Automated backups and support of Microsoft shadow copies

  • Automated patching and maintenance

  • User quotas support

  • Windows NTFS and share level permissions support

  • Support for SMB multichannel

For more information on AWS Directory service, please visit our developers guide.

At the end of this step, you will have deployed Windows file services into your environment using Amazon FSx for Windows File Server. In the lab, you will create an Amazon FSx for Windows File Server in a single-AZ since it takes less time to provision. However, the diagram illustrates that you could have instead created a mullti-AZ file system but it would take longer to provision.

Prerequisites

This lab builds upon the prior steps.

Section 1: Creating an Amazon FSx for Windows File Server file system

The first step to creating a Windows file servers is create an Amazon FSx for Windows File Server file system. In this lab, you will create an Amazon FSx for Windows File Server file system.

  1. Login to the AWS Console and in the Find Services search box, type FSX to go to the Amazon FSx console.
  2. Make sure you are using the “N.Virginia” region by checking the label in the upper right corner of the screen.
  3. Select the Create file system button.
  4. Select the Amazon FSx for Windows File Server as the file system type.
  5. Press Next.
  6. For File system name, enter a name that describes the usage for the file system (e.g. Projects).
  7. For deployment type, select Single-AZ. Click the Info link to learn more about the options. With Multi-AZ, Amazon FSx for Windows File Server does a block level replication of your file system data to another availability zone (AZ) to give you higher availability. With Single-AZ and Multi-AZ, Amazon FSx for Windows File Server also replicates your data within an availability zone. For production workloads, you would typically select Multi-AZ. However for the lab purposes, we will select Single-AZ to reduce the amount of time required to create the resources.
  8. For storage type, select SSD.
  9. For Storage capacity, enter 32 GiB. This value sets the file system size. At this time, the size can range from 32 GB to 64 TB. Please note that if you need more storage space than 64TB that you can combine multiple file systems to scale as high as you need.
  10. For Throughput capacity, Amazon FSx recommends a throughput based upon the storage capacity that you selected. However, you can override and specify a desired throughput ranging from 8MB/s to 2GB/s per file system. Select Specify throughput capacity and select 16 MB/s. Note, if you need a higher throughput than 2GB/s, there are strategies to combine multiple file systems to get higher throughput.
  11. In the Network & security section,

    • For the Virtual Private Cloud (VPC), select the VPC that you created earlier (e.g. “WinVPC-VPCStack”)

    • For VPC Security Group, leave the default option which allows members of the group to communicate.

    • For Preferred subnet, select the private subnet (e.g. Private subnet 1A).

  12. In Windows authentication section, notice that Amazon FSx for Windows File Server can support AWS Managed Microsoft AD or a Self-managed Microsoft AD. Self-managed Microsoft AD can be your on-premises Active Directory or Active Directory running on EC2 instances in AWS.

    • Amazon FSx for Windows File Server uses Active Directory users and groups to secure the file system with NTFS and share level permissions (just like a normal Windows file server).

    • To learn about Self-managed Microsoft Active Directory options, select Self-managed Microsoft AD. Click the Info link to learn more about this option. With Self-managed Microsoft AD, you would specify your AD domain name, the DNS IP addresses, a service account, and a Delegated file system administrators group. This group will be given Amazon FSx permissions.

    • For the lab, select AWS Managed Microsoft AD and then select corp.example.com.

  13. In the Encryption section, note that Amazon FSx for Windows File Server can use AWS KMS to encrypt data at rest.

  14. In the Backup and Maintenance section,

    • Note that you can specify the daily automatic backup window time and the retention period for the automatic daily backups which can range from 0 to 35 days. If you need to retain backups for a longer period of time, you can start a user-initiated backup where you control the retention period.

    • In this section, you also specify when the weekly maintenance window occurs.

    • Explore the options available.

    • Leave the default settings

  15. In the Tags section, you can specify tags that are attached to the file system.

  16. Press Next.

  17. Review the settings, press Create file system.

Note, it will take about 20 minutes to create a new file system. During this time, AWS is creating the Windows servers to support the file system, joining them to the domain, and allocating the storage. This is the good time to take a break. When the file system is ready, you will see the status as Available.

Congratulations!

In this step, you used Amazon FSx for Windows File Server to build a fully managed, native Windows file services.

In recap in this lab, you learned:

  • How to create AWS’s managed Windows file system service called Amazon FSx for Windows File Server that can be used to share store and share files.

  • The Amazon FSx for Windows File Server configuration options (availability (Single vs. Multi-AZ), size, storage type (HDD or SSD), throughput, and many more options)