Author: Dean Suzuki (Last Updated: 8/23/20)
Up to this point, you have deployed a secure network infrastructure, and Active Directory. In this step, you will deploy Windows file services so that you users can have a location to store their files (e.g. project shares, home folders, etc.). AWS provides a fully managed, native Windows file serving service called Amazon FSx for Windows File Server. With Amazon FSx for Windows File Server, AWS creates Windows file servers and fully manages the hardware and software for our customers. Customers don’t have to worry about patching and backing up the file servers or monitoring and repairing the hardware if any issues arise.
Amazon FSx for Windows File Server provides a broad set of capabilities:
Encryption in transit and at rest
High availability within an availability and across availability zones
Compliance certifications (ISO, SOC, PCI-DSS, HIPAA)
Active directory support
Microsoft Distributed File System (DFS) support
Automated backups and support of Microsoft shadow copies
Automated patching and maintenance
User quotas support
Windows NTFS and share level permissions support
Support for SMB multichannel
For more information on AWS Directory service, please visit our developers guide.
At the end of this step, you will have deployed Windows file services into your environment using Amazon FSx for Windows File Server. In the lab, you will create an Amazon FSx for Windows File Server in a single-AZ since it takes less time to provision. However, the diagram illustrates that you could have instead created a mullti-AZ file system but it would take longer to provision.
This lab builds upon the prior steps.
The first step to creating a Windows file servers is create an Amazon FSx for Windows File Server file system. In this lab, you will create an Amazon FSx for Windows File Server file system.
In the Network & security section,
For the Virtual Private Cloud (VPC), select the VPC that you created earlier (e.g. “WinVPC-VPCStack”)
For VPC Security Group, leave the default option which allows members of the group to communicate.
For Preferred subnet, select the private subnet (e.g. Private subnet 1A).
In Windows authentication section, notice that Amazon FSx for Windows File Server can support AWS Managed Microsoft AD or a Self-managed Microsoft AD. Self-managed Microsoft AD can be your on-premises Active Directory or Active Directory running on EC2 instances in AWS.
Amazon FSx for Windows File Server uses Active Directory users and groups to secure the file system with NTFS and share level permissions (just like a normal Windows file server).
To learn about Self-managed Microsoft Active Directory options, select Self-managed Microsoft AD. Click the Info link to learn more about this option. With Self-managed Microsoft AD, you would specify your AD domain name, the DNS IP addresses, a service account, and a Delegated file system administrators group. This group will be given Amazon FSx permissions.
For the lab, select AWS Managed Microsoft AD and then select corp.example.com.
In the Encryption section, note that Amazon FSx for Windows File Server can use AWS KMS to encrypt data at rest.
In the Backup and Maintenance section,
Note that you can specify the daily automatic backup window time and the retention period for the automatic daily backups which can range from 0 to 35 days. If you need to retain backups for a longer period of time, you can start a user-initiated backup where you control the retention period.
In this section, you also specify when the weekly maintenance window occurs.
Explore the options available.
Leave the default settings
In the Tags section, you can specify tags that are attached to the file system.
Review the settings, press Create file system.
Note, it will take about 20 minutes to create a new file system. During this time, AWS is creating the Windows servers to support the file system, joining them to the domain, and allocating the storage. This is the good time to take a break. When the file system is ready, you will see the status as Available.
In this step, you used Amazon FSx for Windows File Server to build a fully managed, native Windows file services.
In recap in this lab, you learned:
How to create AWS’s managed Windows file system service called Amazon FSx for Windows File Server that can be used to share store and share files.
The Amazon FSx for Windows File Server configuration options (availability (Single vs. Multi-AZ), size, storage type (HDD or SSD), throughput, and many more options)