Availability and durability - FSx for ONTAP

Availability and durability

Amazon FSx for NetApp ONTAP file systems are highly available and durable across AWS Availability Zones, and are designed to provide continuous availability to data even in the event that an Availability Zone is unavailable. Each file system is powered by two file servers in separate Availability Zones, each with its own storage. Amazon FSx automatically replicates your data across Availability Zones to protect it from component failure, continuously monitors for hardware failures, and automatically replaces infrastructure components in the event of a failure. File systems automatically fail over and back as needed (typically within 60 seconds), and clients automatically fail over and back with the file system.

Amazon FSx for NetApp ONTAP also offers a native backups feature, designed to support archival, data retention, and compliance needs. A backup is a secondary, offline copy of a volume in your file system. Amazon FSx backups are crash-consistent and are also incremental, which means that only the changes after your most recent backup are saved, thus saving on backup storage costs by not duplicating data. By default, Amazon FSx takes an automatic backup of your volumes each day during a backup window that you specify. You can create additional backups at any time using the AWS Management Console, AWS Command Line Interface, or Amazon FSx API.

Failover process for FSx for ONTAP

File systems automatically fail over from the preferred file server to the standby file server if any of the following conditions occur:

  • The preferred file server undergoes planned maintenance.

  • The preferred file server becomes unavailable.

  • An Availability Zone outage occurs.

When failing over from one file server to another, the new active file server automatically begins serving all file system read and write requests. When the resources in the preferred subnet are available, Amazon FSx automatically fails back to the preferred file server in the preferred subnet. A failover typically completes in less than 60 seconds from the detection of the failure on the active file server to the promotion of the standby file server to active status. Failback to the original Multi-AZ configuration also completes in less than 60 seconds, and only occurs once the file server in the preferred subnet is fully recovered.

When failing over from one file server to another, the new active file server automatically begins serving all file system read and write requests. After the resources in the preferred subnet are available, Amazon FSx automatically fails back to the preferred file server in the preferred subnet. Because the endpoint IP address that clients use to access data over NFS or SMB remains the same, failovers are transparent to Linux, Windows, and macOS applications, which resume file system operations without manual intervention.

Working with file systems

Subnets

When you create a VPC, it spans all the Availability Zones (AZs) in the Region. Availability Zones are distinct locations that are engineered to be isolated from failures in other Availability Zones. After creating a VPC, you can add one or more subnets in each Availability Zone. The default VPC has a subnet in each Availability Zone. Each subnet must reside entirely within one Availability Zone and cannot span zones.

When you create a Multi-AZ file system, you specify two subnets, one for the preferred file server, and one for the standby file server. The two subnets you choose must be in different Availability Zones within the same AWS Region.

For in-AWS applications, we recommend that you launch your clients in the same Availability Zone as your preferred file server to reduce cross-AZ data transfer costs and minimize latency.

File system elastic network interfaces

When you create an Amazon FSx file system, Amazon FSx provisions an elastic network interface (ENI) in each of the subnets that you associate with your file system. The network interface allows your client to communicate with the FSx for ONTAP file system. The network interfaces are considered to be within the service scope of Amazon FSx, despite being part of your account's VPC.

Warning

You must not modify or delete the elastic network interfaces associated with your file system. Modifying or deleting the network interface can cause a permanent loss of connection between your VPC and your file system.

Following is a summary of the subnet, elastic network interface, and IP address resources for FSx for ONTAP file systems:

  • Number of subnets: 2

  • Number of elastic network interfaces: 2

  • Number of IP addresses per ENI: 1 + the number of SVMs in the file system

Important

Amazon FSx doesn't support accessing file systems from, or exposing file system to the public Internet. If an Elastic IP address, which is a public IP address reachable from the Internet, gets attached to a file system's elastic network interface, Amazon FSx automatically detaches it.