Amazon FSx for Windows File Server
Windows User Guide

Deploying Multi-AZ File Systems

Each Amazon FSx for Windows File Server file system resides in a particular Availability Zone (AZ), which you specify during creation. Amazon FSx automatically replicates file system data within the AZ, and ensures high availability within the AZ by detecting and addressing component failures. For workloads that require Multi-AZ redundancy to tolerate temporary AZ unavailability, you can create multiple file systems in separate AZs, keep them in sync, and configure failover between them.

Amazon FSx fully supports the use of the Microsoft Distributed File System (DFS) for file system deployments across multiple AZs to get Multi-AZ availability and durability. Using DFS Replication, you can automatically replicate data between two file systems. Using DFS Namespaces, you can configure one file system as your primary and the other as your standby, with automatic failover to the standby if the primary becomes unresponsive. In the following topics, you can find a description of how to set up and use DFS Replication and DFS Namespaces failover across AZs with Amazon FSx.

Prerequisites for using DFS Replication

  • Setup your security groups as described in Step 8 of Getting Started with Amazon FSx.

  • Create two Amazon FSx file systems in different AZs within an AWS Region. For more information on creating your file systems, see Step 3: Write Data to Your File Share.

  • Ensure that both file systems are in the same AWS Directory Service for Microsoft Active Directory.

  • After the file systems are created, note their file system IDs for later on.

Setting Up DFS Replication

You can use DFS Replication to automatically replicate data between two Amazon FSx file systems. This replication is bidirectional, meaning that you can write to either file system and the changes are replicated to the other.

Important

You cannot use the DFS Management GUI in the Microsoft Windows Administrative Tools (dfsmgmt.msc) to configure DFS Replication on your Amazon FSx for Windows File Server file system.

To set up DFS Replication (scripted)
  1. Begin the process of managing DFS by launching your instance and connecting it to the Microsoft Active Directory where you joined your Amazon FSx file systems. To do this, choose one of the following procedures from the AWS Directory Service Administration Guide:

  2. Connect to your instance as an Active Directory user that is a member of both the file system administrators group (AWS Delegated FSx Administrators in AWS Managed AD, and Domain Admins or the custom group you specified during creation for file system administration in your self-managed Microsoft AD), as well as a group that has DFS administration permissions delegated to it (AWS Delegated Distributed File System Administrators in AWS Managed AD, and Domain Admins or another group to which you’ve delegated DFS administration permissions in your self-managed AD). For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide for Windows Instances.

  3. Download this FSx-DFSr-Setup.ps1 PowerShell script.

  4. Open the Start menu and enter PowerShell. From the list of matches, choose Windows PowerShell.

  5. Run the PowerShell script with the following specified parameters to establish DFS Replication between your two file systems:

    • The names of the DFS Replication group and folder

    • The local path to the folder that you want to replicate on your file systems (for example, D:\share for the default share that comes included with your Amazon FSx file system)

    • The DNS names of the primary and standby Amazon FSx file systems you created in the prerequisite steps

    FSx-DFSr-Setup.ps1 -group Group -folder Folder -path ContentPath -primary FSxFileSystem1-DNS-Name -standby FSxFileSystem2-DNS-Name
To set up DFS Replication (step by step)
  1. Begin the process of managing DFS by launching your instance and connecting it to the Microsoft Active Directory where you joined your Amazon FSx file systems. To perform this action, choose one of the following procedures from the AWS Directory Service Administration Guide:

  2. Connect to your instance as an Active Directory user that is a member of both the file system administrators group (AWS Delegated FSx Administrators in AWS Managed AD, and Domain Admins or the custom group you specified during creation for file system administration in your self-managed Microsoft AD), as well as a group that has DFS administration permissions delegated to it (AWS Delegated Distributed File System Administrators in AWS Managed AD, and Domain Admins or another group to which you’ve delegated DFS administration permissions in your self-managed AD). For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide for Windows Instances.

  3. Open the Start menu and enter PowerShell. From the list of matches, choose Windows PowerShell.

  4. If you don't have DFS Management Tools installed already, install them on your instance with the following command.

    Install-WindowsFeature RSAT-DFS-Mgmt-Con
  5. From the PowerShell prompt, create a DFS Replication group and folder with the following commands.

    $Group = "Name of the DFS Replication group" $Folder = "Name of the DFS Replication folder" New-DfsReplicationGroup –GroupName $Group New-DfsReplicatedFolder –GroupName $Group –FolderName $Folder
  6. Determine the Active Directory computer name associated with each file system with the following commands.

    $Primary = "DNS name of the primary FSx file system" $Standby = "DNS name of the standby FSx file system" $C1 = (Get-ADObject -Filter "objectClass -eq 'Computer' -and ServicePrincipalName -eq 'HOST/$Primary'").Name $C2 = (Get-ADObject -Filter "objectClass -eq 'Computer' -and ServicePrincipalName -eq 'HOST/$Standby'").Name
  7. Add your file systems as members of the DFS Replication group that you created with the following commands.

    Add-DfsrMember –GroupName $Group –ComputerName $C1 Add-DfsrMember –GroupName $Group –ComputerName $C2
  8. Use the following commands to add the local path (for example, D:\share) for each file system to the DFS Replication group. In this procedure, file system 1 serves as the primary member, meaning that its contents initially are synced to the other file system.

    $ContentPath1 = "Local path to the folder you want to replicate on file system 1" $ContentPath2 = "Local path to the folder you want to replicate on file system 2" Set-DfsrMembership –GroupName $Group –FolderName $Folder –ContentPath $ContentPath1 –ComputerName $C1 –PrimaryMember $True Set-DfsrMembership –GroupName $Group –FolderName $Folder –ContentPath $ContentPath2 –ComputerName $C2 –PrimaryMember $False
  9. Add a connection between the file systems with the following command.

    Add-DfsrConnection –GroupName $Group –SourceComputerName $C1 –DestinationComputerName $C2

Within minutes, both file systems should begin synchronizing the contents of the ContentPath specified preceding.

Setting up DFS Namespaces For Failover

You can use DFS Namespaces to treat one file system as your primary, and the other as your standby. This allows you to configure automatic failover to the standby if the primary becomes unresponsive. DFS Namespaces enables you to group shared folders on different servers into a single Namespace, where a single folder path can lead to files stored on multiple servers. DFS Namespaces are managed by DFS Namespace servers, which direct compute instances mapping a DFS Namespace folder to the appropriate file servers.

To set up DFS Namespaces for failover (GUI)
  1. If you don't already have DFS Namespace servers running, you can launch a pair of highly available DFS Namespace servers using the setup-DFSN-servers.template AWS CloudFormation template. For more information on creating an AWS CloudFormation stack, see Creating a Stack on the AWS CloudFormation Console in the AWS CloudFormation User Guide.

  2. Connect to one of the DFS Namespace servers launched in the previous step as a user in the AWS Delegated Administrators group. For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide for Windows Instances.

  3. Open the DFS Management console. Open the Start menu and run dfsmgmt.msc. Doing this opens the DFS Management GUI tool.

  4. Choose Action, then New Namespace, and enter the computer name of the first DFS Namespace server that you launched for Server and choose Next.

  5. For Name, enter the namespace you're creating (for example, corp).

  6. Choose Edit Settings and set the appropriate permissions based on your requirements. Choose Next.

  7. Keep the default Domain-based namespace option selected, keep the Enable Windows Server 2008 mode option selected, and choose Next.

    Note

    Windows Server 2008 mode is the latest available option for Namespaces.

  8. Review the namespace settings and choose Create.

  9. With the newly created namespace selected under Namespaces in the navigation bar, choose Action, then Add Namespace Server.

  10. For Namespace server, enter the computer name of the second DFS Namespace server that you launched.

  11. Choose Edit Settings, set the appropriate permissions based on your requirements, and choose OK.

  12. Choose Add, enter the UNC name of the file share on the primary Amazon FSx file system (for example \\fs-0123456789abcdef0.example.com\share) for Path to folder target, and choose OK.

  13. Choose Add, enter the UNC name of the file share on the standby Amazon FSx file system (for example, \\fs-fedbca9876543210f.example.com\share) for Path to folder target, and choose OK.

  14. From the New Folder window, choose OK. The new folder is created with the two folder targets under your namespace.

  15. Repeat the last three steps for each file share that you want to add to your namespace.

To set up DFS Namespaces for failover (PowerShell)
  1. If you don't already have DFS Namespace servers running, launch a pair of highly available DFS Namespace servers using the setup-DFSN-servers.template AWS CloudFormation template. For more information on creating an AWS CloudFormation stack, see Creating a Stack on the AWS CloudFormation Console in the AWS CloudFormation User Guide.

  2. Connect to one of the DFS Namespace servers launched in the previous step as a user in the AWS Delegated Administrators group. For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide for Windows Instances.

  3. Open the Start menu and enter PowerShell. Windows PowerShell appears in the list of matches.

  4. Open the context (right-click) menu for Windows PowerShell and choose Run as Administrator.

  5. If you don't have DFS Management Tools installed already, install it on your instance with the following command.

    Install-WindowsFeature RSAT-DFS-Mgmt-Con
  6. If you don't already have an existing DFS Namespace, you can create one using the following PowerShell commands.

    $NSS1 = computer name of the 1st DFS Namespace server $NSS2 = computer name of the 2nd DFS Namespace server $DNSRoot = fully qualified Active Directory domain name (e.g. mydomain.com) $Namespace = Namespace name you want to use $Folder = Folder path you want to use within the Namespace $FS1FolderTarget = Share path to Folder Target on File System 1 $FS2FolderTarget = Share path to Folder Target on File System 2 $NSS1,$NSS2 | ForEach-Object { Invoke-Command –ComputerName $_ –ScriptBlock { mkdir “C:\DFS\${using:Namespace}”; New-SmbShare –Name ${using:Namespace} –Path “C:\DFS\${using:Namespace}” } } New-DfsnRoot -Path "\\${DNSRoot}\${Namespace}" -TargetPath "\\${NSS1}.${DNSRoot}\${Namespace}" -Type DomainV2 New-DfsnRootTarget -Path "\\${DNSRoot}\${Namespace}" -TargetPath "\\${NSS2}.${DNSRoot}\${Namespace}"
  7. To create a folder within your DFS Namespace, you can use the following PowerShell command. Doing this creates a folder that directs compute instances accessing the folder to your primary Amazon FSx file system by default.

    $FS1 = DNS name of primary FSx file system New-DfsnFolder –Path “\\${DNSRoot}\${Namespace}\${Folder}" -TargetPath “\\${FS1}\${FS1FolderTarget}” –EnableTargetFailback $True –ReferralPriorityClass GlobalHigh
  8. You can now add your standby Amazon FSx file system to the same DFS Namespace folder. Compute instances accessing the folder fall back to this file system if they can't connect to the primary Amazon FSx file system.

    $FS2 = DNS name of secondary FSx file system New-DfsnFolderTarget –Path “\\${DNSRoot}\${Namespace}\${Folder}" -TargetPath “\\${FS2}\${FS2FolderTarget}”

You can now access your data from compute instances using the DFS Namespace folder's remote path specified preceding. Doing this directs the compute instances to the primary Amazon FSx file system (and to the standby file system, if the primary is unresponsive).

For example, open the Start menu and enter PowerShell. From the list of matches, choose Windows PowerShell and run the following command.

net use Z: \\${DNSRoot}\${Namespace}\${Folder} /persistent:yes

Best Practices

To ensure high availability of your Multi-AZ file system deployment, we recommend that you pick nonoverlapping maintenance windows for the two Amazon FSx file systems in your Multi-AZ deployment. Doing this helps ensure that your file data continues to be available to your applications and users during system maintenance windows.

Note

In order to allow DFS Replication traffic to and from the file systems, be sure that you add VPC security group inbound and outbound rules as described in Amazon VPC Security Groups.