Discover how to deploy managed file servers leveraging Amazon FSx for Windows Server with VMware Cloud on AWS. This article walks you through the reference architecture for setting up a shared storage scenario for your virtual machines.
Storage within an SDDC is delivered to virtual machine workloads in the form of virtual disks attached to each VM. While this is ideal for the specific storage requirements of each VM, it does not lend itself to providing “shared storage” which can be leveraged from multiple VMs. One solution to this problem is to use a network-based storage presentation which can be accessed by any VM.
This reference architecture demonstrates how to do so. It highlights the recommended production topology for deploying managed file servers leveraging Amazon FSx for Windows File Server with VMware Cloud on AWS.
Amazon FSx for Windows File Server offers a managed shared file storage service for Windows or other devices which support the “Server Message Block” (SMB) protocol. It offers the advantages of a fully managed Windows server configured to deliver the required storage capacity with performance and scale. The data is encrypted at rest (and in transit for clients supporting SMB protocol v3) and is backed up daily to S3. The service uses identity-based authentication to control access to data which, in the case of this reference architecture, is provided by AWS Directory Service.
To simplify client consumption of the shared data within the SDDC, File Server VMs are deployed which mount the unique FSx share name in the format of \<uniqueFS-ID\> of the FSx share, followed by the organization’s domain name and the share name (which would look something like this: `\\fs-012345678901234567.example.com\share`). The File Server VMs then present the shares in a local, domain user-friendly way in the format of `\\example.com\share`.
As the SMB traffic must pass between the SDDC and the attached Customer VPC over the Elastic Network Interface, we need to allow the flows on both the AWS security group controlling the VPC, and the SDDC Compute Gateway firewalls. This allows the SDDC File Servers to access the data from the FSx shares. Local access to the SDDC File Servers will be across the Compute Gateway and can be controlled by the Compute Gateway firewall if the connection is from outside the SDDC, or by the Distributed Firewall (DFW) for clients inside the SDDC.