HAQM FSx for Windows File Server Features

With HAQM FSx for Windows File Server, you have full flexibility and control over how you administer your file systems. You can manage your file systems using the AWS Management Console, AWS Command Line Interface (AWS CLI), and AWS SDK. You also have access to a rich set of Windows Server administrative features including end-user file restore, user quotas, and Access Control Lists (ACLs).

HAQM FSx for Windows File Server integrates with your on-premises Microsoft Active Directory or AWS Microsoft Managed AD to let you control user access; with AWS CloudTrail to let you monitor and log administration actions; with HAQM CloudWatch to let you monitor file system storage and performance; with AWS CloudFormation to let you model, provision, and manage file systems efficiently; with AWS Backup to let you create policy-driven backup plans; with HAQM Kendra to let you index and search documents stored on your file systems; and with HAQM ECS to enable persistent, shared storage for containerized applications.

All HAQM FSx file system data is automatically encrypted at rest and in transit. Encryption of data at-rest uses keys managed with AWS Key Management Service (AWS KMS). Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. You can also choose to enforce encryption of data in-transit on all connections to your file systems for compliance needs. HAQM FSx automatically encrypts data-in-transit using SMB Kerberos session keys, when accessed from compute instances that support SMB protocol 3.0 or newer. This includes all Windows versions starting from Windows Server 2012 and Windows 8, and all Linux clients with Samba client version 4.2 or newer.

AWS has the longest-running compliance program in the cloud and is committed to helping customers navigate their requirements. HAQM FSx has been assessed to meet global and industry security standards. It complies with PCI DSS, ISO 9001, 27001, 27017, and 27018), and SOC 1, 2, and 3, in addition to being HIPAA eligible. HAQM FSx for Windows File Server is also FedRAMP compliant. That makes it easier for you to verify our security and meet your own obligations. For more information and resources, visit our compliance pages. You can also go to the Services in Scope by Compliance Program page to see a full list of services and certifications.

HAQM FSx supports identity-based authentication over SMB through Microsoft Active Directory (AD). When creating your HAQM FSx file system, you join it to your Microsoft AD -- either an AWS Managed Microsoft AD or your self-managed Microsoft AD. Your users can then use their existing AD-based user identities to authenticate themselves and access the HAQM FSx file system, and to control access to individual files and folders.

HAQM FSx supports Windows Access Control Lists (ACLs) for fine-grained file and folder access control. For network-level access control, you can use HAQM Virtual Private Cloud (HAQM VPC) security groups to control access to your HAQM FSx resources. HAQM FSx is integrated with AWS Identity and Access Management (IAM) to control the actions that your AWS IAM users and groups can take on specific HAQM FSx resources. HAQM FSx integrates with AWS CloudTrail to monitor and log administration actions. HAQM FSx also offers user storage quotas to monitor and control user-level storage consumption.

You access your HAQM FSx file system from your HAQM VPCs. You can configure firewall settings and control network access to your HAQM FSx file systems using HAQM VPC Security Groups and VPC Network ACLs.

HAQM FSx supports auditing end-user access to your files, folders, and file shares using Windows event logs. Logs are published to HAQM CloudWatch Logs or streamed to HAQM Kinesis Data Firehose, enabling you to view and query logs on CloudWatch Logs, archive logs in HAQM S3, trigger Lambda functions to take reactive actions, or perform post-processing on AWS Partner solutions such as Splunk and Datadog. 

To ensure high availability and durability, HAQM FSx automatically replicates your data within an Availability Zone (AZ) it resides in (which you specify during creation) to protect it from component failure, continuously monitors for hardware failures, and automatically replaces infrastructure components in the event of a failure. HAQM FSx offers single AZ and multi-AZ deployment options for your Windows file-based workloads.

HAQM FSx offers a multiple availability (AZ) deployment option, designed to provide continuous availability to data, even in the event that an AZ is unavailable. Multi-AZ file systems include an active and standby file server in separate AZs, and any changes written to disk in your file system are synchronously replicated across AZs to the standby. During planned maintenance, or in the event of a failure of the active file server or its AZ, HAQM FSx automatically fails over to the standby so you can resume file system operations without a loss of availability to your data.

High Availability (HA) Microsoft SQL Server is typically deployed across multiple database nodes in a Windows Server Failover Cluster (WSFC), with each node having access to shared file storage. With support for Continously Available (CA) file shares, HAQM FSx enables you to provide highly-available shared file storage for these clusters.

To help ensure that your data is protected, HAQM FSx automatically takes highly durable, file-system consistent daily backups to S3. HAQM FSx uses the Volume Shadow Copy Service (VSS) to make your backups file system-consistent. You can take additional backups of your file system at any point.

To enable end-users to easily undo changes and compare file versions, HAQM FSx supports restoring individual files and folders to previous versions using Windows shadow copies.

To meet enterprise compliance and data protection requirements, HAQM FSx is integrated with AWS Backup allowing you to create scheduled, policy-driven backup plans for your HAQM FSx file systems.

To provide additional layers of data protection and meet business continuity, disaster recovery, and compliance requirements, you can copy your HAQM FSx file system backups across AWS Regions, AWS accounts, or both.

HAQM FSx provides two types of storage – Hard Disk Drives (HDD) and Solid State Drives (SSD) – enabling you to optimize cost and performance to meet your workload needs. HDD storage is designed for a broad spectrum of workloads, including home directories, user and departmental shares, and content management systems. SSD storage is designed for the highest-performance and most latency-sensitive workloads, including databases, media processing workloads, and data analytics applications.

You pay only for the resources you use, with no minimum commitments, licensing costs, or up-front fees. You are billed hourly for your HAQM FSx file systems, based on your configured storage capacity (priced per GB-month), your level of SSD IOPS above the default 3 IOPS that are included for every GB of SSD storage (per IOPS-mo), and your throughput capacity (priced per MBps-month). You are billed hourly for your backup storage (priced per GB-month). For more details, see the HAQM FSx pricing page.

You can enable data deduplication and compression to automatically reduce costs associated with redundant data by storing duplicated portions of your dataset only once. Typical savings average 50-60% for general purpose file shares, 30-50% savings for user documents, and 70-80% savings for software development data sets.

HAQM FSx offers user quotas to monitor and control user-level storage consumption on your file systems for use cases such as cost allocation across teams and limiting storage consumption on a user-level.

HAQM FSx for Windows File Server offers multiple throughput capacity levels that you can choose from, allowing you to cost-optimize for the performance your workloads require. You can also optionally provision higher levels of IOPS as needed, independently from the storage and throughput capacity of your file system, allowing you to pay only for the IOPS you need.