Amazon FSx for NetApp ONTAP FAQs

General

Amazon FSx for NetApp ONTAP is a storage service that allows customers to launch and run fully managed ONTAP file systems in the cloud. ONTAP is NetApp’s file system technology that provides a widely adopted set of data access and data management capabilities. Amazon FSx for NetApp ONTAP provides the familiar features, performance, and APIs of on-premises NetApp file systems with the agility, scalability, and simplicity of a fully managed AWS service. 

Amazon FSx for NetApp ONTAP provides simple, scalable, and feature-rich shared file storage that you can access from virtually any client or workstation running in AWS or on-premises. Using this service, you can easily launch and run shared file storage and leverage ONTAP’s widely-used data access and data management capabilities with a few clicks.

If you are building a cloud-native application in AWS, Amazon FSx for NetApp ONTAP provides simple, scalable, high performance, and feature-rich file storage that makes it easy to build, test, and run cloud-native applications. It offers powerful features like multi-protocol access to data over the NFS, SMB, and iSCSI protocols, instant data cloning, cross-region replication, and quality of service capabilities—enabling you to quickly and easily experiment and optimize how your applications use data.

If you are storing your application data in network-attached storage (NAS) on-premises today, with Amazon FSx for NetApp ONTAP you can migrate your data to AWS and enjoy the agility, scalability, resiliency, and security of running your application in AWS without giving up any of the NAS capabilities you’re used to.

Amazon FSx for NetApp ONTAP also supports hybrid workflows between AWS and on premises. You can back up, archive, or replicate data from your on-premises file servers to Amazon FSx for NetApp ONTAP to simplify business continuity and meet your data retention and disaster recovery requirements. If you have data in an on-premises NetApp file system that you want to access or process from AWS with low latency, you can also configure Amazon FSx for NetApp ONTAP as an in-cloud cache for your on-premises data by using NetApp FlexCache. When used as a cache, Amazon FSx provides low-latency access to your on-premises data sets from AWS compute instances.

Amazon FSx for NetApp ONTAP is designed to support a broad spectrum of Linux, Windows, and macOS workloads and applications, including IT and line-of-business applications, databases (such as SAP HANA, Oracle DB, Oracle RAC, and Microsoft SQL Server), home directories, big data and analytics, electronic design automation (EDA), and media processing.

If you have data on premises, you can use Amazon FSx for NetApp ONTAP to simplify business continuity by configuring simple and secure backup, archive, and replication between your on-premises file servers and Amazon FSx. You can also use Amazon FSx for NetApp ONTAP as cache on AWS of your on-premises data to accelerate cloud bursting workloads running in AWS.

You can access your data from Linux, Windows, or macOS instances running on Amazon EC2, Amazon ECS, Amazon EKS, VMware Cloud on AWS, Red Hat OpenShift Service on AWS, Amazon WorkSpaces, and Amazon AppStream 2.0. You can also use Amazon FSx for NetApp ONTAP as an external datastore for VMware Cloud on AWS Software Defined Data Centers (SDDCs).

To use Amazon FSx for NetApp ONTAP, you must have an AWS account. If you do not already have an AWS account, you can sign up for an AWS account.

Once you have created an AWS account, you can get started by creating a file system via the AWS Management Console, the AWS Command Line Interface (AWS CLI), and Amazon FSx API (and various language-specific SDKs). You can also create a file system using NetApp BlueXP.

A file system is the primary resource in Amazon FSx (also known as an ONTAP cluster). You specify the SSD storage capacity and throughput capacity for your file system, and choose an AWS Virtual Private Cloud (VPC) in which your file system is created. Each file system has an administrative endpoint that you can optionally use to manage your data using the ONTAP CLI or ONTAP REST API.

Yes, Amazon FSx for NetApp ONTAP Single-AZ file systems are SAP-certified for scale-up SAP HANA workloads, including S/4HANA, Business Suite on HANA, BW/4HANA, Business Warehouse on HANA, and Data Mart Solutions on HANA. With FSx for ONTAP, you can simplify and accelerate your SAP HANA workloads in AWS by leveraging ONTAP’s data management features (such as snapshots, clones, and SnapMirror replication) to quickly and easily manage your SAP HANA databases. For more information, see SAP HANA on AWS with Amazon FSx for NetApp ONTAP documentation.

From a Linux instance, you can access your data using the standard Linux mount command and the DNS name associated with the volume. From a Windows instance, use the “Map Network Drive” feature to map a drive letter (e.g., Z:) to a file share in your file system. From a macOS instance, use the “Connect to Server” feature to connect to a DNS name associated with your file system. See the Amazon FSx documentation for example mount commands.

Once mounted from any client, you can work with the files and directories in your file system just like you would with a local file system.

Amazon FSx for NetApp ONTAP provides access to shared file storage over all versions of the Network File System (NFS) and Server Message Block (SMB) protocols, and also supports multi-protocol access (i.e. concurrent NFS and SMB access) to the same data.

Amazon FSx for NetApp ONTAP also provides shared block storage over the iSCSI and NVMe-over-TCP protocols.

If you are using file storage built on NetApp ONTAP today, you can use NetApp SnapMirror to quickly and efficiently copy your data and configuration into Amazon FSx for NetApp ONTAP over AWS Direct Connect or VPN. If you are migrating from a non-NetApp file system, you can use any standard copy tool (e.g., rsync, Robocopy) or NetApp CloudSync to migrate data into FSx for ONTAP.

You can also use AWS Snowball to migrate your data to AWS without using Direct Connect or VPN. See the Migrating to Amazon FSx for NetApp ONTAP blog post for more information on the migration options above.

You should use a Multi-AZ file system if your application needs storage that’s highly available and durable across AZs in the same AWS Region. FSx for ONTAP Multi-AZ file systems provide a simple storage solution for workloads that need resiliency across AZs in the same AWS Region. Single-AZ file systems are built for use cases that need storage replicated within an AZ but do not require resiliency across AZs, such as development and test workloads or storing secondary copies of data that is already stored on-premises or in other AWS Regions. Single-AZ file systems are cost-optimized for these use cases by only replicating data within an AZ.

Please refer to the Choosing an Amazon FSx file system page for more details on the difference between the different Amazon FSx file storage offerings.

Please refer to Regional Products and Services for details of Amazon FSx for NetApp ONTAP service availability by region. 

Scale and performance

Each Amazon FSx for NetApp ONTAP file system has two storage tiers: primary storage and capacity pool storage. Primary storage is provisioned, high-performance SSD storage that’s purpose-built for the active portion of your data set. Capacity pool storage is a fully elastic storage tier that can scale to petabytes in size and is cost-optimized for infrequently-accessed data. Amazon FSx for NetApp ONTAP automatically transitions data between storage tiers based on your access patterns, allowing you to reduce your storage costs and store virtually unlimited data in a file system. Capacity pool storage automatically grows/shrinks as you tier data to it, providing elastic storage for the portion of your data set that grows over time.

Capacity pool storage is a fully elastic storage tier that automatically grows/shrinks as you tier data to it, providing elastic storage for the portion of your data set that grows over time. You do not need to provision storage for data in your file system's capacity pool.

When you create a file system, you specify an amount of SSD storage capacity for the active portion of your data set. You can also grow the capacity of your SSD tier of your file system – while continuing to use it – at any time by clicking “Update storage capacity” in the Amazon FSx console, or by calling “update-file-system” in the AWS CLI/API. Learn more about managing storage capacity in the Amazon FSx documentation.

There is virtually no limit to how much data you can store in a single file system.

Amazon FSx for NetApp ONTAP provides consistent, sub-millisecond latencies for data stored on SSD storage, and tens of milliseconds of latency for data stored on capacity pool storage. Your file system can scale up to tens of GB/s and millions of IOPS. See the Amazon FSx performance documentation for more information. Each gigabyte of SSD storage includes 3 disk IOPS, and you can provision additional IOPS as needed.

Every Amazon FSx for NetApp ONTAP file system has a throughput capacity that you configure when the file system is created and that you can change at any time. This throughput capacity determines the baseline and burst network speeds that are supported by the file servers powering your cluster. When you create a file system, Amazon FSx recommends a throughput capacity for you, or you can select your desired throughput capacity. For more information, please see the Performance documentation user guide.

Amazon FSx updates the throughput capacity of your file system by switching out the file servers powering your file system to meet the new throughput capacity configuration. File systems will experience an automatic failover and failback during this process, which typically takes a few minutes to complete. The failover and failback processes are completely transparent to NFS, SMB, and iSCSI clients, allowing your workloads to continue running without interruption or manual intervention.

Availability and durability

Amazon FSx for NetApp ONTAP file systems are highly available and durable across AWS Availability Zones (AZs), and are designed to provide continuous availability to data even in the event that an AZ is unavailable. For Multi-AZ file systems, each file system is powered by two file servers in separate AZs, each with its own storage. For Single-AZ file systems, each file system is powered by one or more file server pairs in the same AZ.

For both deployment types, Amazon FSx automatically replicates your data across your file servers to protect it from component failure, continuously monitors for hardware failures, and automatically replaces infrastructure components in the event of a failure. File systems automatically fail over and back as needed (typically within 60 seconds), and clients automatically fail over and back with the file system.

Amazon FSx automatically performs a failover in the event of a loss of availability to an active file server. This can be caused by a failure of the active file server (or, for Multi-AZ file systems, a failure in the active file server’s AZ). For file systems with multiple file server pairs, each file server pair independently performs a failover in the event of a loss of availability to the active file server within a file server pair. Amazon FSx will also temporarily fail over to the standby file server during planned maintenance or if you change your file system’s throughput capacity.  

To protect against accidental deletion / modification of files by end users, you can configure periodic “snapshots” (point-in-time images of your data, stored within your file system) to allow end users to easily undo file changes and compare file versions. Linux and macOS end users can view snapshots in the “.snapshot” directory at the root of their file system. Windows end users can view snapshots in the “Previous Versions” tab of Windows Explorer (when right-clicking on a file or folder). You can set and change the snapshot .schedule for your file system using the ONTAP CLI and REST API.

Amazon FSx for NetApp ONTAP offers a native backups feature, designed to support archival, data retention, and compliance needs. Backups are a crash-consistent and secondary, offline copy of a volume in your file system. Amazon FSx backups are incremental, which means that only the changes after your most recent backup are saved, thus saving on backup storage costs by not duplicating data. By default, Amazon FSx takes an automatic backup of your volumes each day during a backup window that you specify. You can create additional backups at any time using the AWS Console, AWS CLI, or Amazon FSx API. Backups for both Multi-AZ and Single-AZ file systems are stored across multiple AZs to achieve high durability.

You first enable Amazon FSx To learn more, visit the as a protected service in AWS Backup. You can then configure backups of your Amazon FSx for NetApp ONTAP volumes via the AWS Backup Console, API, or CLI. You can create both scheduled and on-demand backups of your volumes via AWS Backup and restore these backups as new volumes on your Amazon FSx for NetApp ONTAP file systems. You can add Amazon FSx for NetApp ONTAP volumes to your backup plans in the same way as other AWS resources, either by specifying the ARN or by tagging the volume for protection in the backup plan. AWS Backup documentation.

Amazon FSx for NetApp ONTAP supports NetApp SnapMirror, a replication technology that you can use to replicate data between two ONTAP file systems. You can configure automatic NetApp SnapMirror replication of your data to another Amazon FSx for NetApp ONTAP file system, including a file system in another AWS Region. If needed, you can fail over your applications and users to use the other Amazon FSx for NetApp ONTAP file system. With SnapMirror, you can configure replication with a Recovery Point Objective (RPO) of as low as five minutes, and a Recovery Time Objective (RTO) in single-digit minutes. You can configure SnapMirror using the ONTAP CLI or REST API.

Yes. The Amazon FSx SLA provides for a service credit if a customer's monthly uptime percentage is below our service commitment in any billing cycle.

Monitoring

You can monitor your Amazon FSx for NetApp ONTAP file system’s performance and storage capacity utilization with Amazon CloudWatch in the Amazon FSx console. Your file system emits CloudWatch metrics every minute detailing performance, storage, and infrastructure usage for your entire file system and for each of your volumes. These metrics are displayed in monitoring dashboards in the Amazon FSx console showing performance trends and storage utilization for your file system and your volumes. You can also create alarms using these metrics to alert you to when you are reaching resource utilization thresholds or are running low on available storage capacity in your file system or your volumes.

You can also monitor FSx for ONTAP using NetApp monitoring tools such as NetApp Cloud Insights and NetApp Harvest with Grafana.

You can monitor all Amazon FSx API calls using AWS CloudTrail, monitor all administrative actions to the ONTAP CLI and REST API using ONTAP audit logging, and monitor access to the files in your file system with ONTAP file access auditing.

You can enable and configure user storage quotas on your file system to monitor usage and allocate storage costs to individual teams, and to impose restrictions at a user-level in order to prevent any one user from storing a lot of data.

Security

Amazon FSx for NetApp ONTAP supports Microsoft Active Directory (AD) to integrate with your existing Windows environments. You can optionally join your file system to your organization’s AD, enabling your users to use their existing AD-based identities to authenticate and access Amazon FSx for NetApp ONTAP (over NFS or SMB).

Amazon FSx for NetApp ONTAP supports auditing end-user access to your files and folders using ONTAP’s native audit logging capabilities. If you enable audit event logging, ONTAP will record file access events to a log file that you specify in your file system. You can then read that log file using applications such as Windows Event Viewer. Amazon FSx for NetApp ONTAP also fully supports ONTAP’s FPolicy feature, which you can use to monitor for file access events using AWS Partner solutions.

Yes, Amazon FSx for NetApp ONTAP supports ONTAP’s “vscan” feature, enabling you to use any third-party anti-virus software (running on a VM you manage) to protect your data. See the Amazon FSx documentation for instructions on how to configure vscan.

Yes, Amazon FSx for NetApp ONTAP automatically encrypts all your file system’s data and backups at-rest using keys you manage through AWS Key Management Service (AWS KMS). Amazon FSx for NetApp ONTAP supports encrypting data in-transit using AWS Nitro-based encryption in select Regions, the IP security (IPsec) protocol, or Kerberos-based encryption in transit if your file system is joined to an AD. For more detail, please see the Encryption of data in-transit documentation.

Yes, Amazon FSx for NetApp ONTAP offers write-once-read-many (WORM) protection for data with SnapLock. You can protect files in a SnapLock volume by transitioning them to the WORM state preventing any modification or deletion for a specified retention period. Amazon FSx supports two modes of retention with SnapLock: Compliance and Enterprise. In Compliance mode, a file once transitioned to WORM cannot be modified or deleted by any user during their retention period. You should use SnapLock Compliance to meet regulatory compliance requirements such as SEC Rule 17a-4(f), or to protect your WORM data from ransomware. In Enterprise mode, you retain the flexibility for authorized users to selectively delete WORM files or the SnapLock volume at any time. You should use SnapLock Enterprise to improve your organization’s data integrity and internal compliance goals or to test retention settings before using SnapLock Compliance. To learn more about SnapLock on FSx for ONTAP, see Working with SnapLock.

For customers in the financial services industry, SnapLock on Amazon FSx for NetApp ONTAP provides added support for broker-dealers who must retain records in a non-erasable and non-rewritable format to satisfy regulatory requirements of SEC Rule 17a-4(f), SEC 18a-6(e), FINRA Rule 4511(c), and CFTC Regulation 1.31(c)-(d). You can retain files in a SnapLock volume for a retention period you specify and also place legal holds to retain data indefinitely until the hold is removed.

You can provide a notification to your regulator or “Designated Examining Authority (DEA)” of your choice to use Amazon FSx for NetApp ONTAP for electronic storage along with a copy of the Cohasset Assessment Report for FSx for ONTAP. For the purposes of these requirements, AWS is not a designated third party (D3P). Make sure to select a D3P and include this information in your notification to your DEA.

On-premises access

Yes, Amazon FSx for NetApp ONTAP Multi-AZ and Single-AZ file systems can be accessed from on-premises or from another VPC. 

Multi-AZ file systems can be accessed from on-premises using AWS VPN or Direct Connect with AWS Transit Gateway. You can also use Transit Gateway or VPC Peering to access file systems from another VPC (including a VPC in another AWS Region). If you are accessing your file system from clients outside of your file system’s VPC (e.g., from an on-premises network), you should use Transit Gateway or configure remote office caching for your data (using NetApp Global File Cache or NetApp FlexCache) to provide highly-available and low-latency access to your data. See the Amazon FSx documentation for more info.

Amazon FSx for NetApp ONTAP fully supports NetApp Global File Cache and NetApp FlexCache, which you can deploy on premises to provide low-latency access for your most frequently-read data. See the Amazon FSx documentation for more info.

If you have data in an on-premises NetApp file system that you want to access or process from AWS with low latency, you can configure Amazon FSx for NetApp ONTAP as a cache for your on-premises data by using NetApp FlexCache. See the Amazon FSx documentation for more info.

Reducing storage costs with compression and deduplication

Yes, Amazon FSx for NetApp ONTAP supports data compression and deduplication. These features reduce the amount of storage capacity that your data consumes, allowing you to consume less storage spaces in SSD, capacity pool, and backups storage. You can enable compression and deduplication for data in SSD storage. Storage savings from compression and deduplication in SSD storage is preserved when data is tiered to capacity pool storage. Storage efficiency is always enabled for backup data, regardless of your file system's storage efficiency configuration.

Typical storage savings

 
Compression only
Deduplication only
Compression + deduplication
General-purpose file shares
50%
30%
65%
Virtual servers and desktops
55%
70%
70%
Databases
65-70%
0%
65-70%
Engineering data
55%
30%
75%
Geoseismic data
40%
3%
40%

 

You can enable or disable compression and deduplication during file system creation or anytime thereafter using the AWS Management Console, AWS CLI, or the AWS SDK.

For most workloads, enabling compression and deduplication will not adversely impact file system performance.

In fact, for most workloads, compression increases overall performance. To provide fast reads and writes from RAM cache, FSx for ONTAP file servers are equipped with higher levels of network bandwidth on the front-end network interface cards (NICs) than is available between the file servers and storage disks. Since data compression reduces the amount of data sent between file servers and storage disks, for most workloads, you will see an increase in overall file system throughput capacity when using data compression. Increases in throughput capacity related to data compression will be capped once you saturate the front-end NIC of your file system. See the FSx for ONTAP documentation for more details on throughput performance when using data compression.

Reducing storage costs with automatic and intelligent storage tiering

When you create an Amazon FSx for NetApp ONTAP file system, you provision a level of SSD storage capacity. As you write data to your file system, your less frequently-accessed data is automatically transitioned to the capacity pool tier, a lower-cost storage tier that automatically grows and shrinks with the amount of data tiered to it. As a result, you only need to provision as much SSD storage as needed for the active portion of your data set, with the rest of your data stored in lower-cost capacity pool storage. Amazon FSx automatically and intelligently transitions data between storage tiers based on your access patterns, allowing you to achieve SSD levels of performance for your workload while only paying for SSD storage for a small fraction of your data.

Each volume in your Amazon FSx for NetApp ONTAP file system has a tiering policy associated with it, which determines how the data within that volume is transitioned to and from capacity pool storage. You can choose from one of four tiering policies (by default, all volumes created with the AWS Console use the “Auto” tiering policy):

  • Auto – Data is automatically transitioned to and from the capacity pool tier based on your access patterns.
  • Snapshot-only – Only data associated with previous versions of your files (i.e. data associated with a Snapshot of your volume) is transitioned to the capacity pool tier.
  • All – All data is transitioned to the capacity pool tier soon after it’s written to the volume.
  • None – Tiering to capacity storage is disabled

If you’ve selected a tiering policy of “Auto” or “Snapshot-only”, you can also optionally specify a minimum cooling period (between 2 and 183 days), which specifies how long a given portion of your data should have been inactive before it becomes a candidate to transition to capacity pool storage.

All files in your volumes can be transitioned to capacity pool storage, regardless of size. With Amazon FSx for NetApp ONTAP, data is transitioned to and from capacity pool storage at the block level, rather than at the file level—giving you the cost benefit of capacity pool storage even if only a fraction of a given file is infrequently-accessed.

Amazon FSx does not limit to the percentage of your data that you can tier to capacity pool storage. We recommend that you store the frequently-accessed portion of your data set on SSD storage to achieve the best-possible performance. Industry research and customer analysis shows that on average 20% of files are actively used and 80% are infrequently accessed.

Administration

Yes, you can create one or multiple storage virtual machines and volumes per file system, allowing you to set up and configure your file system in the same way you’d configure an ONTAP cluster on-premises.

A storage virtual machine (SVM) is an isolated file server with its own administrative credentials and endpoints for administering and accessing data. When you access data on Amazon FSx for NetApp ONTAP, your clients and workstations access the endpoint for the SVM in which the data is stored. Amazon FSx automatically creates a default SVM on your file system for you when you create a file system using the AWS Console.

Each SVM is a virtual resource, meaning that the SVMs in your file system share your file system’s storage and throughput capacity. Because each SVM is an isolated file server, if you have multiple users or groups who need access to administer data on Amazon FSx, you can create a separate SVM for each user or group so that they can independently administer their data. You can also configure quality of service (QoS) policies within your file system to limit the amount of throughput and IOPS that individual workloads can drive, ensuring that individual workloads don’t interfere with the other users and groups on the same file system. You can create additional SVMs on your file system at any time using the AWS Console, AWS CLI, or Amazon FSx SDK.

Volumes are isolated data containers in which your files, directories, or iSCSI LUNs or NVMe namespaces are stored. Volumes are thin provisioned, meaning that they only consume storage capacity for the data stored in them. Each volume is associated with one of the SVMs in your file system.

You can create volumes using the AWS Console, AWS CLI, the Amazon FSx API, or using NetApp BlueXP. You can also use your file system’s or SVM’s administrative endpoint to create, update, and delete volumes using the ONTAP CLI or ONTAP REST API.

You set the size for each volume to limit the amount of data that a volume can store, and you can also increase or decrease the size of a volume at any time. Although each volume has a set size, volumes are thin provisioned—meaning that they only consume storage capacity for the data stored in them.

Amazon FSx is a fully-managed service, so all of the file storage infrastructure is managed for you. When you use Amazon FSx, you avoid the complexity of deploying and maintaining complex file system infrastructure.

To create, view, and delete file systems, SVMs, volumes, and backups, you can use the AWS Console, the AWS CLI, the Amazon FSx API, or NetApp BlueXP.

To access additional ONTAP features, such as SMB shares, snapshots, or SnapMirror, you can use the ONTAP remote management CLI or the ONTAP REST API. For more information, see Accessing the ONTAP CLI and REST API in the Amazon FSx for NetApp ONTAP documentation.