Accessing data: supported clients and environments - FSx for ONTAP
Supported clientsSupported environmentsMounting volumes

Accessing data: supported clients and environments

You can access your Amazon FSx file systems using a variety of supported clients and methods in both the AWS Cloud and on premises environments.

Supported clients

FSx for ONTAP file systems support accessing data from a wide variety of compute instances and operating systems. It does this by supporting access using the Network File System (NFS) protocol, (v3, v4.0, and v4.1), Server Message Block (SMB) protocol, and the Internet Small Computer Systems Interface (iSCSI) protocol.

The following AWS compute instances are supported for use with FSx for ONTAP:

Once mounted, FSx for ONTAP file systems appear as a local directory or drive letter over NFS and SMB, providing fully managed, shared network file storage that can be simultaneously accessed by up to thousands of clients. iSCSI LUNS are accessible as block devices when mounted over iSCSI.

Supported access environments

Following, you can find information about how to access your FSx for ONTAP file systems.

Amazon VPC enables you to launch AWS resources into a virtual network that you've defined. This virtual network closely resembles a traditional network that you'd operate in your own data center, with the benefits of using the scalable infrastructure of AWS. For more information, see What is Amazon VPC in the Amazon Virtual Private Cloud User Guide.

Accessing Amazon FSx for NetApp ONTAP file systems from within the same VPC and AWS account

When you create your Amazon FSx for NetApp ONTAP file system, you select the Amazon VPC in which it is located. All SVM's and volumes associated with the Amazon FSx for NetApp ONTAP file system are also located in the same VPC. When the file system and the client mounting the storage virtual machine (SVM) volume are located in the same VPC and AWS account, you can mount a volume using the SVM's DNS name and volume junction or SMB share, depending on the client. For more information, see Mounting FSx for ONTAP volumes.

You can achieve better performance and avoid data transfer charges between Availability Zones by accessing an SVM volume using a client that is located in the same Availability Zone as the file system's preferred subnet. To identify a file system's preferred subnet, in the Amazon FSx console, choose File systems, then choose the ONTAP file system whose volume you are mounting, and the preferred subnet is displayed in the Preferred subnet panel.

VPC peering

FSx for ONTAP supports the use of Transit Gateway, AWS Direct Connect or AWS VPN to access your file systems from peered networks over NFS and SMB.

A VPC peering connection is a networking connection between two VPCs. This type of connection enables you to route traffic between them using private Internet Protocol version 4 (IPv4) addresses. You can use VPC peering to connect VPCs within the same AWS Region or between different AWS Regions. For more information on VPC peering, see What is VPC peering? in the Amazon VPC Peering Guide.

Using AWS Direct Connect, you can access your file system over a dedicated network connection from your on premises environment. Using AWS VPN, you can access your file system from your on premises environment over a secure and private tunnel. For more information about AWS Direct Connect, see What is AWS Direct Connect? in the AWS Direct Connect User Guide. For more information on setting up AWS VPN connections, see VPN connections in the Amazon VPC User Guide.

Access from peered networks

This section describes how to access Amazon FSx for NetApp ONTAP file systems from peered networks.

Access NFS, SMB, or the ONTAP CLI and REST API from peered networks

The endpoints used for accesing Amazon FSx for NetApp ONTAP over NFS or SMB, or for administering file systems using the ONTAP CLI or REST API, are floating IP addresses that are created in the VPC route tables you associate with your file system. These IP addresses are within an EndpointIpAddressRange that you can specify when creating a file system. By default, Amazon FSx chooses an IP address range for you from within the 198.19.0.0/16 IP address range.

To access these floating IP address endpoints from a peered network, you need to configure your peered network to route traffic destined to your file system's EndpointIpAddressRange to the VPC in which your file system is created. Alternatively, if you are using NetApp Global File Cache or NetApp FlexCache for remote office caching, both of these technologies communicate with your FSx for ONTAP file system using your file system's inter-cluster endpoint, which is not a floating IP address. As a result, you don't need to configure Transit Gateway if all of your clients are accessing Amazon FSx using one of these caching technologies.

For example, to configure routing using AWS Transit Gateway, use the following procedure.

To configure routing using AWS Transit Gateway

  1. Open the Amazon FSx console at https://console.aws.amazon.com/fsx/.

  2. Choose the FSx for ONTAP file system for which you are configuring access from a peered network.

  3. In Network & security> copy the Endpoint IP address range.

    The file system's Network & security tab in the Amazon FSx console, showing the Endpoint IP address range value to copy.

  4. Add a route to Transit Gateway that routes traffic destined for this IP address range to your file system's VPC. For more information, see Working with transit gateways in the Amazon VPC Transit Gateways.

  5. Confirm that you can access your FSx for ONTAP file system from the peered network.

Note

DNS records for the management, NFS, and SMB endpoints are only resolvable from within the same VPC as the file system. In order to mount a volume or connect to a management port from another network, you need to use the endpoint's IP address. Theese IP addresses do not change over time.

Access over iSCSI from peered networks

AWS Transit Gateway isn't required when accessing data over iSCSI. You can use VPC peering, Transit Gateway, AWS Direct Connect, AWS VPN to access the iSCSI port using it's IP address. You do not need to configure any additional routing.

Mounting FSx for ONTAP volumes

You access the data in FSx for ONTAP by mounting a volume on your client. The commands in this section use the DNS name or the IP address of the SVM in which the volume is created to mount or attach a volume. You can find the SVM's DNS name and IP address in the Amazon FSx console by choosing ONTAP > Storage virtual machines, or on the Storage virtual machine tab in the File system details page for the file system. Or, you can find them in the response of the DescribeStorageVirtualMachines API operation.

Mounting ONTAP volumes to Linux clients

We recommend that SVM volumes to which you are attaching Linux clients have a security style setting of UNIX or mixed. For more information, see Managing FSx for ONTAP volumes.

To mount an ONTAP volume on a Linux client

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Create or select an Amazon EC2 instance running Amazon Linux 2 that is in the same VPC as the file system.

    For more information on launching an EC2 Linux instance, see Step 1: Launch an instance in the Amazon EC2 User Guide for Linux Instances.

  3. Connect to your Amazon EC2 Linux instance. For more information, see Connect to your Linux instance in the Amazon EC2 User Guide for Linux Instances.

  4. Open a terminal on your EC2 instance using secure shell (SSH), and log in with the appropriate credentials.

  5. Create a directory on the EC2 instance for mounting the SVM volume as follows:

    sudo mkdir /fsx

  6. Mount the volume using the following command.

    sudo mount -t nfs svm-dns-name:/volume-junction-path /fsx

    The following example uses sample values.

    sudo mount -t nfs svm-01234567890abdef0.fs-01234567890abcdef1.fsx.us-east-1.amazonaws.com:/vol1 /fsx

    You can also use the SVM's IP address SVM instead of its DNS name.

    sudo mount -t nfs 198.51.100.1:/vol1 /fsx

Using /etc/fstab to mount automatically on instance reboot

To automatically remount your FSx for ONTAP volume when an Amazon EC2 Linux instance reboots, use the /etc/fstab file. The /etc/fstab file contains information about file systems. The command mount -a, which runs during instance start-up, mounts the file systems listed in /etc/fstab.

Note

FSx for ONTAP file systems do not support automatic mounting using /etc/fstab on Amazon EC2 Mac instances.

Note

Before you can update the /etc/fstab file of your EC2 instance, make sure that you already created your FSx for ONTAP file system. For more information, see Creating FSx for ONTAP file systems.

To update the /etc/fstab file on your EC2 instance

  1. Connect to your EC2 instance:

    • To connect to your instance from a computer running macOS or Linux, specify the .pem file for your SSH command. To do this, use the -i option and the path to your private key.

    • To connect to your instance from a computer running Windows, you can use either MindTerm or PuTTY. To use PuTTY, install it and convert the .pem file to a .ppk file.

    For more information, see the following topics in the Amazon EC2 User Guide for Linux Instances:

  2. Create a local directory that will be used to mount the SVM volume.

    sudo mkdir /fsx

  3. Open the /etc/fstab file in an editor of your choice.

  4. Add the following line to the /etc/fstab file. Insert a tab character between each parameter. It should appear as one line with no line breaks. 

    svm-dns-name:volume-junction-path /fsx nfs nfsver=version defaults 0 0

    You can also use the IP address of volume's SVM. The last three parameters indicate NFS options (which we set to default), dumping of file system and filesystem check (these are typically not used so we set them to 0).

  5. Save the changes to the file.

  6. Now mount the file share using the following command. The next time the system starts, the folder will be mounted automatically. 

    sudo mount /fsx
sudo mount svm-dns-name:volume-junction-path

Your EC2 instance is now configured to mount the ONTAP volume whenever it restarts.

Attaching ONTAP volumes to Microsoft Windows clients

This section describes how to access data in your FSx for ONTAP file system with clients running the Microsoft Windows operating system. Review the following requirements, regardless of the type of client you are using.

This procedure assumes that the client and the file system are located in the same VPC and AWS account. If the client is located on-premise, or in a different VPC, AWS account or AWS Region, you've set up AWS Transit Gateway or a dedicated network connection using AWS Direct Connect or a private, secure tunnel using AWS Virtual Private Network. For more information, see Access from peered networks.

We recommend that you attach volumes to your Windows clients using the SMB protocol.

Prerequisites

To access an ONTAP storage volume using a Microsoft Windows client, you have to satisfy the following prerequisites:

To attach an ONTAP volume on a Windows client using SMB

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Create or select an Amazon EC2 instance running Microsoft Windows that is in the same VPC as the file system, and joined to the same Microsoft Active Directory as the volume's SVM.

    For more information on launching an instance, see Step 1: Launch an instance in the Amazon EC2 User Guide for Windows Instances.

    For more information about joining an SVM to an Active Directory, see Managing FSx for ONTAP storage virtual machines.

  3. Connect to your Amazon EC2 Windows instance. For more information, see Connecting to your Windows instance in the Amazon EC2 User Guide for Windows Instances.

  4. Open a command prompt.

  5. Run the following command. Replace the following:

    • Replace Z: with any available drive letter.

    • Replace DNS_NAME with the DNS name or the IP address of the SMB endpoint for the volume's SVM.

    • C$ is the default SMB share at the root of the SVM's namespace. If you’ve created any SMB shares in your SVM, you can provide the SMB share name to mount instead of C$. For more information about creating SMB shares, see Creating SMB shares. 

    net use Z: \\DNS_NAME\C$

    The following example uses sample values.

    net use Z: \\corp.example.com:\new_share

    You can also use the IP address of the SVM instead of its DNS name.

    net use Z: \\198.51.100.5:\new_share

Attaching ONTAP volumes to an EC2 Mac instance using SMB

This section describes how to access data in your FSx for ONTAP file system with clients running the macOS operating system. Review the following requirements, regardless of the type of client you are using.

This procedure assumes that the client and the file system are located in the same VPC and AWS account. If the client is located on-premise, or in a different VPC, AWS account or AWS Region, you've set up AWS Transit Gateway or a dedicated network connection using AWS Direct Connect or a private, secure tunnel using AWS Virtual Private Network. For more information, see Access from peered networks.

We recommend that you attach volumes to your Mac clients using the SMB protocol.

To mount an ONTAP volume on a Mac client using SMB

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. Create or select an Amazon EC2 Mac instance running the macOS that is in the same VPC as the file system.

    For more information on launching an instance, see Step 1: Launch an instance in the Amazon EC2 User Guide for Linux Instances.

  3. Connect to your Amazon EC2 Mac instance. For more information, see Connect to your Linux instance in the Amazon EC2 User Guide for Linux Instances.

  4. Open a terminal on your EC2 instance using secure shell (SSH), and log in with the appropriate credentials.

  5. Create a directory on the EC2 instance for mounting the volume as follows:

    sudo mkdir /fsx

  6. Mount the volume using the following command.

    sudo mount -t smbfs filesystem-dns-name:/smb-share-name mount-point

    The following example uses sample values.

    sudo mount -t smbfs svm-01234567890abcde2.fs-01234567890abcde5.fsx.us-east-1.amazonaws.com:/C$ /fsx

    You can also use the SVM's IP address instead of its DNS name.

    sudo mount -t smbfs 198.51.100.10:/C$ /fsx

    C$ is the default SMB share that you can mount to see the root of the SVM's namespace. If you’ve created any Server Message Block (SMB) shares in your SVM, provide the SMB share names instead of C$. For more information about creating SMB shares, see Creating SMB shares.

Attaching ONTAP volumes using iSCSI

You can use FSx for ONTAP for your iSCSI block storage needs. iSCSI clients connect to LUNs using the SVM's iSCSI endpoint. Before attempting to use the procedures described in the following sections, you need to use the NetApp ONTAP CLI to set up an iSCSI LUN. For more information about setting up and managing LUNs using the NetApp ONTAP CLI, see Setting up and managing LUNs for FC and iSCSI in the NetApp ONTAP 9 Documentation Center.

iSCSI port on an FSx for ONTAP file system SVM, and it's DNS name and IP address in the Amazon FSx console.

Attach an Amazon FSx for NetApp ONTAP iSCSI LUN on a Linux client

This procedure describes how to attach an FSx for ONTAP LUN on a Linux client. To use this procedure, you must have first set up an iSCSI LUN on your FSx for ONTAP file system as described in Setting up and managing LUNs for FC and iSCSI in the NetApp ONTAP 9 Documentation Center.

Note

Make sure the security group for your EC2 Linux instance allows the iSCSI protocol.

To attach an iSCSI LUN on a Linux client

  1. Log on to your Linux client.

  2. To access the NetApp ONTAP CLI, establish an SSH session on the management port of the FSx for ONTAP file system where the LUN is located, for more information, see Managing file systems with the NetApp ONTAP CLI. You can also connect to the management port of the SVM where the LUN is located, for more information, see Managing SVMs using the NetApp ONTAP 9.9.1 CLI.

  3. Discover the LUNs that exist in the file system or SVM, depending on which endpoint you have established the SSH connection. 

    FSxId0123456789abcdef8::> lun show
Vserver     Path                 State    Mapped   Type   Size
---------   ---------------      -------  ------   -----  ------
svm01       /vol/vol1/MyLunName  online   unmapped linux     4GB

  4. Create a new initiator group (igroup). Use igroups to control which hosts have access to specific LUNs. When you bind an igroup to a portset, a host in the igroup can access the LUNs only by connecting to the target ports in the portset. For more information, see lun igroup create in the NetApp ONTAP 9.9.1 CLI command reference. Use the following command: 

    FSxId0123456789abcdef8::> igroup create -igroup MyIG -ostype linux -protocol iscsi -vserver svm01 -initiator iqn.initiator.for.your.client

  5. Map the LUN to the igroup you just created using the following command.

    FSxId0123456789abcdef8::> lun map -vserver svm01 -volume vol1 -lun MyLunName -igroup MyIG

  6. Verify the mapping:

    FSxId0123456789abcdef8::> lun mapping show

  7. Retrieve the iscsi data interface IP address on the SVM.

    FSxId0123456789abcdef8::> network interface show -role data
Vserver    Logical                 Status      Network             Current                Current   Is
            Interface               Admin/Oper  Address/Mask        Node                   Port      Home
---------   ---------------         ----------- -----------------   ------------------     --------- ------
svm01
            iscsi_1                 up/up       172.31.20.161/20    FsxId0123456789abcdef1 01e0e     true
            iscsi_2                 up/up       172.31.41.87/20     FsxId0123456789abcdef1 02e0e     true
            nfs-smb-management_1    up/up       198.19.255.95/20    FsxId0123456789abcdef1 01e0e     true
3 entries were displayed.
FSxId0123456789abcdef8::>

  8. On your Linux client, discover the target:

    [ec2-user@ip-172.31.22.200 ~]$ sudo iscsiadm -m discovery -t sendtargets -p 172.31.20.161
172.31.20.161:3260,1030 iqn.1992-08.com.hetapp:sn.e0eac84906ba11ecabd7112118508572:vs.3
172.31.41.87:3260,1029 iqn.1992-08.com.hetapp:sn.e0eac84906ba11ecabd7112118508572:vs.3

  9. Log in to the target:

    [ec2-user@ip-172.31.22.200 ~]$ sudo iscsiadm -m node -T iqn.initiator.for.your.client:vs.3 --login
Logging in to [iface: default, target: iqn.initiator.for.your.client, portal: 172.31.20.161:3260] (multiple)
Logging in to [iface: default, target: iqn.initiator.for.your.client, portal: 172.31.41.87:3260] (multiple)
Login to [iface: default, target: iqn.initiator.for.your.client, portal: 172.31.20.161:3260] successful
Login to [iface: default, target: iqn.initiator.for.your.client, portal: 172.31.41.87:3260] successful

  10. Discover the block devices:

    [ec2-user@ip-172.31.22.200 ~]$ lsblk
NAME            MAJ:MIN  RM  SIZE  RO  TYPE  MOUNTPOINT
sda                8:0     0    4G   0  disk
sdb                8:16    0    4G   0  disk
nvme0n1          259:0     0    8G   0  disk
\_nvme0n1p1      259:1     0    8G   0  port /
 \_nvme0n1p128   259:2     0    1M   0  port

  11. Create a host partition using the following commands.

    [ec2-user@ip-172.31.22.200 ~]$ sudo fdisk /dev/sdb options n,p,#number, w device-partition
[ec2-user@ip-172.31.22.200 ~]$ lsblk

  12. Create your file system and mount it:

    [ec2-user@ip-172.31.22.200 ~]$ sudo mkfs.ext4 /dev/sdb1
[ec2-user@ip-172.31.22.200 ~]$ mkdir iscsi
[ec2-user@ip-172.31.22.200 ~]$ sudo mount -t ext4 /dev/sdb1 isci

Mounting FSx for ONTAP from Amazon Elastic Container Service

You can access your Amazon FSx for NetApp ONTAP file systems from an Amazon Elastic Container Service (Amazon ECS) Docker container on an Amazon EC2 Linux or Windows instance.

Mounting on an Amazon ECS Linux container

  1. Create an ECS cluster using the EC2 Linux + Networking cluster template for your Linux containers. For more information, see Creating a cluster in the Amazon Elastic Container Service Developer Guide.

  2. Create a directory on the EC2 instance for mounting the SVM volume as follows:

    sudo mkdir /fsxontap

  3. Mount your FSx for ONTAP volume on the Linux EC2 instance by either using a user-data script during instance launch, or by running the following commands: 

    sudo mount -t nfs svm-ip-address:/vol1 /fsxontap

  4. Mount the volume using the following command:

    sudo mount -t nfs nfsvers=NFS_version svm-dns-name:/volume-junction-path /fsxontap

    The following example uses sample values.

    sudo mount -t nfs nfsvers=4.1 svm-01234567890abdef0.fs-01234567890abcdef1.fsx.us-east-1.amazonaws.com:/vol1 /fsxontap

    You can also use the SVM's IP address SVM instead of it's DNS name.

    sudo mount -t nfs nfsvers=4.1 198.51.100.1:/vol1 /fsxontap

  5. When creating your Amazon ECS task definitions, add the following volumes and mountPoints container properties in the JSON container definition. Replace the sourcePath with the mount point and directory in your FSx for ONTAP file system. 

    {
    "volumes": [
        {
            "name": "ontap-volume",
            "host": {
                "sourcePath": "mountpoint"
            }
        }
    ],
    "mountPoints": [
        {
            "containerPath": "containermountpoint",
            "sourceVolume": "ontap-volume"
        }
    ],
    .
    .
    .
}

Mounting on an Amazon ECS Windows container

  1. Create an ECS cluster using the EC2 Windows + Networking cluster template for your Windows containers. For more information, see Creating a cluster in the Amazon Elastic Container Service Developer Guide.

  2. Add a domain-joined Windows EC2 instance to the ECS Windows cluster and map an SMB share.

    Launch an ECS optimized Windows EC2 instance that is joined to your Active Directory domain and initialize the ECS agent by running the following command. You can also pass the information in a script to the user-data text field. 

    <powershell>
Initialize-ECSAgent -Cluster windows-fsx-cluster -EnableTaskIAMRole
</powershell>

  3. Create an SMB global mapping on the EC2 instance so that you can map your SMB share to a drive. Replace the values below netbios or DNS name for your FSx file system and share name. The NFS volume vol1 that was mounted on the Linux EC2 instance is configured as a CIFS share fsxontap on the FSx file system. 

    vserver cifs share show -vserver svm08 -share-name fsxontap

                                      Vserver: svm08
                                        Share: fsxontap
                     CIFS Server NetBIOS Name: FSXONTAPDEMO
                                         Path: /vol1
                             Share Properties: oplocks
                                               browsable
                                               changenotify
                                               show-previous-versions
                           Symlink Properties: symlinks
                      File Mode Creation Mask: -
                 Directory Mode Creation Mask: -
                                Share Comment: -
                                    Share ACL: Everyone / Full Control
                File Attribute Cache Lifetime: -
                                  Volume Name: vol1
                                Offline Files: manual
                Vscan File-Operations Profile: standard
            Maximum Tree Connections on Share: 4294967295
                   UNIX Group for File Create: -

  4. Create the SMB global mapping on the EC2 instance using the following command:

    New-SmbGlobalMapping -RemotePath \\fsxontapdemo.fsxontap.com\fsxontap -LocalPath Z:

  5. When creating your Amazon ECS task definitions, add the following volumes and mountPoints container properties in the JSON container definition. Replace the sourcePath with the mount point and directory in your FSx for ONTAP file system. 

    {
    "volumes": [
        {
            "name": "ontap-volume",
            "host": {
                "sourcePath": "mountpoint"
            }
        }
    ],
    "mountPoints": [
        {
            "containerPath": "containermountpoint",
            "sourceVolume": "ontap-volume"
        }
    ],
    .
    .
    .
}