Configuring AWS DataSync transfers with an SMB file server
With AWS DataSync, you can transfer data between your Server Message Block (SMB) file server and one of the following AWS storage services:
To set up this kind of transfer, you create a location for your SMB file server. You can use this as a transfer source or destination.
Providing DataSync access to SMB file servers
DataSync connects to your file server using the SMB protocol and authenticates with credentials that you provide it.
Supported SMB versions
By default, DataSync automatically chooses a version of the SMB protocol based on negotiation with your SMB file server.
You also can configure DataSync to use a specific SMB version, but we recommend doing this only if DataSync has trouble negotiating with the SMB file server automatically. (DataSync supports SMB versions 1.0 and later.)
See the following table for a list of options in the DataSync console and API:
Console option | API option | Description |
---|---|---|
Automatic |
|
DataSync and the SMB file server negotiate the highest version of SMB that they mutually support between 2.1 and 3.1.1. This is the default and recommended option. If you instead
choose a specific version that your file server doesn't
support, you may get an |
SMB 3.0.2 |
|
Restricts the protocol negotiation to only SMB version 3.0.2. |
SMB 2.1 |
|
Restricts the protocol negotiation to only SMB version 2.1. |
SMB 2.0 |
|
Restricts the protocol negotiation to only SMB version 2.0. |
SMB 1.0 |
|
Restricts the protocol negotiation to only SMB version 1.0. |
Required permissions
You must provide DataSync a user with the necessary rights to mount and access your SMB file server's files, folders, and file metadata. This can be a local user on your file server or a domain user in your Microsoft Active Directory.
If you provide a user in your Active Directory, the user must be a member of an Active Directory group with one or both of the following user rights (depending the metadata that you want DataSync to copy):
User right | Description |
---|---|
Restore files and directories
( |
Allows DataSync to copy object ownership, permissions, file metadata, and NTFS discretionary access lists (DACLs). This user right is usually granted to members of the Domain Admins and Backup Operators groups (both of which are default Active Directory groups). |
Manage auditing and security log
( |
Allows DataSync to copy NTFS system access control lists (SACLs). This user right is usually granted to members of the Domain Admins group. |
If you want to copy Windows ACLs and are transferring between an SMB file server and another storage system that uses SMB (such as Amazon FSx for Windows File Server or FSx for ONTAP), the users that you provide DataSync must belong to the same Active Directory domain or have an Active Directory trust relationship between their domains.
Required authentication protocols
Your SMB file server must use NTLM authentication for DataSync to access it. DataSync can't access an SMB file server that uses Kerberos authentication.
DFS Namespaces
DataSync doesn't support Microsoft Distributed File System (DFS) Namespaces. We recommend specifying an underlying file server or share instead when creating your DataSync location.
Creating your SMB transfer location
Before you begin, you need an SMB file server that you want to transfer data from.
-
Open the AWS DataSync console at https://console.aws.amazon.com/datasync/
. -
In the left navigation pane, expand Data transfer, then choose Locations and Create location.
-
For Location type, choose Server Message Block (SMB).
You configure this location as a source or destination later.
-
For Agents, choose the DataSync agent that can connect to your SMB file server.
You can choose more than one agent. For more information, see Using multiple DataSync agents.
-
For SMB Server, enter the Domain Name System (DNS) name or IP address of the SMB file server that your DataSync agent will mount.
Note
You can't specify an IP version 6 (IPv6) address.
-
For Share name, enter the name of the share exported by your SMB file server where DataSync will read or write data.
You can include a subdirectory in the share path (for example,
/path/to/subdirectory
). Make sure that other SMB clients in your network can also mount this path.To copy all the data in the subdirectory, DataSync must be able to mount the SMB share and access all of its data. For more information, see Required permissions.
-
(Optional) Expand Additional settings and choose an SMB Version for DataSync to use when accessing your file server.
By default, DataSync automatically chooses a version based on negotiation with the SMB file server. For information, see Supported SMB versions.
-
For User, enter a user name that can mount your SMB file server and has permission to access the files and folders involved in your transfer.
For more information, see Required permissions.
-
For Password, enter the password of the user who can mount your SMB file server and has permission to access the files and folders involved in your transfer.
-
(Optional) For Domain, enter the Windows domain name that your SMB file server belongs to.
If you have multiple domains in your environment, configuring this setting makes sure that DataSync connects to the right SMB file server.
-
(Optional) Choose Add tag to tag your SMB location.
Tags are key-value pairs that help you manage, filter, and search for your locations. We recommend creating at least a name tag for your location.
-
Choose Create location.
-
Use the following command to create an SMB source location.
aws datasync create-location-smb \ --server-hostname
smb-server-address
\ --useruser-who-can-mount-share
\ --domainwindows-domain-of-smb-server
\ --passworduser-password
\ --agent-arnsdatasync-agent-arns
\ --subdirectorysmb-export-path
The
that you provide for thesmb-export-path
--subdirectory
parameter should be a path that's exported by the SMB server. Specify the path by using forward slashes; for example,/path/to/folder
. Other SMB clients in your network should be able to access this path.DataSync automatically chooses the SMB version that it uses to read from an SMB location. To specify an SMB version, use the optional
Version
parameter in the SmbMountOptions API operation.
This command returns the Amazon Resource Name (ARN) of the SMB location, similar to the ARN shown following.
{ "LocationArn": "arn:aws:datasync:us-east-1:111222333444:location/loc-0f01451b140b2af49" }