Amazon FSx for Windows File Server makes it easy for you to launch and scale reliable, performant, and secure shared file storage for your applications and end users. With Amazon FSx, you can launch highly durable and available file systems that can span multiple availability zones (AZs) and can be accessed from up to thousands of compute instances using the industry-standard Server Message Block (SMB) protocol. It provides a rich set of administrative and security features, and integrates with Microsoft Active Directory (AD). To serve a wide spectrum of workloads, Amazon FSx provides high levels of file system throughput and IOPS and consistent sub-millisecond latencies.
Built on Windows Server
Amazon FSx is built on Windows Server, providing a rich set of administrative features that include end-user file restore, user quotas, and Access Control Lists (ACLs). With Windows Server's native support for the SMB protocol, Windows-based applications have access to fully-compatible shared file storage. And since SMB file shares can also be accessed from Linux and MacOS, any application or user can access the storage regardless of operating system. To control user access, Amazon FSx integrates with your on-premises Microsoft Active Directory as well as with Amazon Web Services Microsoft Managed AD.
By supporting the SMB protocol, Amazon FSx can connect your file system to Amazon EC2, Amazon ECS, VMware Cloud on Amazon Web Services, Amazon WorkSpaces, and Amazon AppStream 2.0 instances. Amazon FSx supports all Windows versions starting from Windows Server 2008 and Windows 7, and current versions of Linux and MacOS. Amazon FSx also supports on-premises access via Amazon Direct Connect, and access from multiple VPCs, accounts, and regions using VPC Peering. Amazon FSx File Gateway provides efficient, low-latency on-premises access with a local cache for frequently accessed file data.
Because Amazon FSx is a fully managed service, it makes it simple to launch and scale reliable, performant, and secure shared file storage in the cloud. In minutes, you can easily create Amazon FSx file systems that span multiple AZs by using the Amazon Web Services Management Console, Amazon Web Services CLI, or Amazon Web Services SDK. Amazon FSx sets up and provisions file servers and storage volumes, replicates data, manages failover and failback, and eliminates much of the need for administrative overhead. Amazon FSx also takes care of Windows Server software updates.
Performance and scale
Amazon FSx is designed to deliver fast, predictable, and consistent performance. Amazon FSx provides multiple GB/s of throughput per file system, hundreds of thousands of IOPS per file system, and consistent sub-millisecond latencies for file operations. To get the right performance for your workload, you can choose a throughput level for your file system and scale this throughput level up or down at any time.
Amazon FSx provides storage of up to 64 TB per file system. You can use DFS Namespaces to create shared common namespaces spanning multiple Amazon FSx file systems to scale out storage and throughput to virtually unlimited levels.
Security and compliance
All Amazon FSx file system data is automatically encrypted at rest and in transit. Encryption of data at-rest uses keys managed with Amazon Key Management Service (Amazon KMS). Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. You can also choose to enforce encryption of data in-transit on all connections to your file systems for compliance needs. Amazon FSx automatically encrypts data-in-transit using SMB Kerberos session keys, when accessed from compute instances that support SMB protocol 3.0 or newer. This includes all Windows versions starting from Windows Server 2012 and Windows 8, and all Linux clients with Samba client version 4.2 or newer.
Amazon FSx supports identity-based authentication over SMB through Microsoft Active Directory (AD). When creating your Amazon FSx file system, you join it to your Microsoft AD -- either an Amazon Managed Microsoft AD or your self-managed Microsoft AD. Your users can then use their existing AD-based user identities to authenticate themselves and access the Amazon FSx ﬁle system, and to control access to individual ﬁles and folders.
Amazon FSx supports Windows Access Control Lists (ACLs) for fine-grained file and folder access control. For network-level access control, you can use Amazon Virtual Private Cloud (Amazon VPC) security groups to control access to your Amazon FSx resources. Amazon FSx is integrated with Amazon Identity and Access Management (IAM) to control the actions that your Amazon IAM users and groups can take on specific Amazon FSx resources. Amazon FSx integrates with Amazon CloudTrail to monitor and log administration actions. Amazon FSx also offers user storage quotas to monitor and control user-level storage consumption.
You access your Amazon FSx file system from your Amazon VPCs. You can configure firewall settings and control network access to your Amazon FSx file systems using Amazon VPC Security Groups and VPC Network ACLs.
Amazon FSx supports auditing end-user access to your files, folders, and file shares using Windows event logs. Logs are published to Amazon CloudWatch Logs or streamed to Amazon Kinesis Data Firehose, enabling you to view and query logs on CloudWatch Logs, archive logs in Amazon S3, trigger Lambda functions to take reactive actions, or perform post-processing on Amazon Web Services Partner solutions such as Splunk and Datadog.
Availability and durability
To ensure high availability and durability, Amazon FSx automatically replicates your data within an Availability Zone (AZ) it resides in (which you specify during creation) to protect it from component failure, continuously monitors for hardware failures, and automatically replaces infrastructure components in the event of a failure. Amazon FSx offers single AZ and multi-AZ deployment options for your Windows file-based workloads.
Amazon FSx offers a multiple availability (AZ) deployment option, designed to provide continuous availability to data, even in the event that an AZ is unavailable. Multi-AZ file systems include an active and standby file server in separate AZs, and any changes written to disk in your file system are synchronously replicated across AZs to the standby. During planned maintenance, or in the event of a failure of the active file server or its AZ, Amazon FSx automatically fails over to the standby so you can resume file system operations without a loss of availability to your data.
High Availability (HA) Microsoft SQL Server is typically deployed across multiple database nodes in a Windows Server Failover Cluster (WSFC), with each node having access to shared file storage. With support for Continuously Available (CA) file shares, Amazon FSx enables you to provide highly-available shared file storage for these clusters.
To help ensure that .your data is protected, Amazon FSx automatically takes highly durable, file-system consistent daily backups to S3. Amazon FSx uses the Volume Shadow Copy Service (VSS) to make your backups file system-consistent. You can take additional backups of your file system at any point. Easy file-level restores (Microsoft Windows shadow copies)
To enable end-users to easily undo changes and compare file versions, Amazon FSx supports restoring individual files and folders to previous versions using Windows shadow copies.
To meet enterprise compliance and data protection requirements, Amazon FSx is integrated with Amazon Backup allowing you to create scheduled, policy-driven backup plans for your Amazon FSx file systems.
Amazon FSx provides two types of storage – Hard Disk Drives (HDD) and Solid State Drives (SSD) – enabling you to optimize cost and performance to meet your workload needs. HDD storage is designed for a broad spectrum of workloads, including home directories, user and departmental shares, and content management systems. SSD storage is designed for the high-performance and latency-sensitive workloads, including databases, media processing workloads, and data analytics applications.
You pay only for the resources you use, with no minimum commitments, licensing costs, or up-front fees. You are billed hourly for your Amazon FSx file systems, based on your configured storage capacity (priced per GB-month) and throughput capacity (priced per MBps-month). You are billed hourly for your Amazon FSx file systems, based on your configured storage capacity (priced per GB-month), your level of SSD IOPS above the default 3 IOPS that are included for every GB of SSD storage (per IOPS-mo), and your throughput capacity (priced per MBps-month). For more details, see the Amazon FSx pricing page.
You can enable data deduplication and compression to automatically reduce costs associated with redundant data by storing duplicated portions of your dataset only once. Typical savings average 50-60% for general purpose file shares, 30-50% savings for user documents, and 70-80% savings for software development data sets.
Amazon FSx offers user quotas to monitor and control user-level storage consumption on your file systems for use cases such as cost allocation across teams and limiting storage consumption on a user-level.
Amazon FSx for Windows File Server offers multiple throughput capacity levels that you can choose from, allowing you to cost-optimize for the performance your workloads require. You can also optionally provision higher levels of IOPS as needed, independently from the storage and throughput capacity of your file system, allowing you to pay only for the IOPS you need.