Ref: https://learn.cantrill.io/courses/1820301/lectures/41301508

• Summary:
• Contents:

FSx for Windows File Server - Key Concepts

• 🔧 Fully-managed, native Windows file system in AWS
  • Unit of consumption: file shares → file servers are hidden (AWS-managed)
    • File shares contain Windows folders and files
    • Much less admin overhead vs hosting Windows file server in e.g. EC2 instances
  • Access via Server Message Block (SMB) protocol OR Windows New Technology File System (NTFS) protocol
    • Standard in Windows environments
    • 💡 In contrast, Amazon EFS used for shared file systems in Linux EC2 instances. Files/directories there are accessed with NW File System (NFS) protocol
• ❗ Key features (learn for exam)
  • Designed for Windows environments
    • User store/authentication via MS Active Directory (AD) → either AWS Directory Service running in AWS-managed AD mode OR self-managed on-prem AD
    • Windows permission model for files & folders
    • Support for MS’s Distributed File System (DFS) → allows grouping Windows file shares together to scale out
    • Access via SMB/NTFS protocols
  • Uses Volume Shadow-copy Service (VSS)
    • Volume shadow copies provide file-level versioning
    • End-user self-service → Allows user-driven restores
      • 💡 User can right-click on a file, see previous versions, and initiate a restore. No need to engage a system administrator nor AWS for this.
• Other features
  • On-demand and automatic/scheduled backups
  • Supports file de-duplication
  • Encryption
    • At-rest via KMS
    • In-transit can be enforced
  • Highly performant → Can scale according to requirements
    • 💡 Current numbers: 8MB/s-2GB/s, 100k-1million IOPS, <1ms latency
  • ❗ Although designed for Windows environments, FSx Windows file shares CAN be mounted on Linux EC2 instances!

FSx for Windows File Server - Example Architecture

• WorkSpaces instances use FSx for file system needs
• In this example, user store for both FSx and WorkSpaces hosted with an AWS-managed Windows AD in Directory Service (but it could have been an on-prem MS AD)
• File shares accessed via SMB
  • Can access via standard Windows path notation: \\\\<domain-name>\\<dir1>\\…
    • 💡 <dir1> is the file share (catpics in the example above)
  • File shares can be accessed by WorkSpaces instances, or on-prem users