Administration and Management

Administration

With Amazon FSx for NetApp ONTAP, you can use both native Amazon Web Services and NetApp management tools to set up, manage, and monitor your file systems. You can manage your file systems using the Amazon Web Services Management Console, Amazon Web Services Command Line Interface, and Amazon Web Services SDK, as well as NetApp Cloud Manager and ONTAP’s REST API.

Data migration

Amazon FSx for NetApp ONTAP fully supports NetApp SnapMirror replication, allowing you to quickly, easily, and efficiently migrate from on-premises ONTAP deployments into the Amazon Web Services Cloud with a few clicks. You can configure SnapMirror to replicate your files, file metadata, and file system configuration, in a matter of minutes.

Point-in-time, instantaneous cloning

Amazon FSx for NetApp ONTAP supports NetApp’s FlexClone feature, enabling you to create a clone of the volumes in your file system instantaneously with the click of a button. A clone is a point-in-time, writable copy of its parent volume that shares data blocks with its parent, which means the clone consumes no storage for data shared with its parent, taking up minimal incremental space in your file system.

As an example, if you are running a database workload and would like to test a database operation prior to executing it against your production database, you can test the operation by creating a clone of your database, running the operation against the clone to validate that it works as expected, and then deleting the clone when you’re done with your test.

Accessibility

Multi-protocol: NFS, SMB, and iSCSI

Amazon FSx for NetApp ONTAP provides access to shared file storage over all versions of the Network File System (NFS) and Server Message Block (SMB) protocols, and also supports multi-protocol access (i.e. concurrent NFS and SMB access) to the same data. As a result, you can access Amazon FSx for NetApp ONTAP from virtually any Linux, Windows, or macOS client.

Amazon FSx for NetApp ONTAP also provides shared block storage over the iSCSI protocol.

Access from Amazon Web Services compute services

Amazon FSx for NetApp ONTAP provides shared storage for up to thousands of simultaneous clients running in Amazon EC2, Amazon ECS, Amazon EKS, Amazon WorkSpaces, and Amazon AppStream 2.0 instances.

Performance and Scale

Performance

Amazon FSx for NetApp ONTAP is designed to deliver fast, predictable, and consistent performance. It provides multiple GB/s of throughput per file system, and hundreds of thousands of IOPS per file system. To get the right performance for your workload, you can choose a throughput level for your file system and scale this throughput level up or down at any time.

You can also create read replicas of your data to scale the performance of read-heavy workloads to tens of GB/s of throughput.

Low-latency access

Amazon FSx for NetApp ONTAP is built to deliver consistent sub-millisecond latencies when accessing data on SSD storage, and tens of milliseconds of latency when accessing data in capacity pool storage. It provides fast, consistent performance for latency- and performance-sensitive workloads.

Support for high performance database workloads

With sub-millisecond latencies and scalability to up to hundreds of thousands of IOPS per file system, Amazon FSx for NetApp ONTAP enables you to provide highly-available shared file storage for your high-performance database workloads. It also supports common database features such as application-consistent snapshots (using NetApp SnapCenter), FlexClone (a data cloning feature), Continuously Available (CA) SMB shares, and Instant File Initialization.

Storage scalability

Each Amazon FSx for NetApp ONTAP file system can scale to petabytes in size, allowing you to store virtually unlimited data in a single namespace.

Cost Optimization

Elastic capacity pool tiering

Each Amazon FSx for NetApp ONTAP file system has two storage tiers: primary storage and capacity pool storage. Primary storage is provisioned, scalable, high-performance SSD storage that’s purpose-built for the active portion of your data set. Capacity pool storage is a fully elastic storage tier that can scale to petabytes in size and is cost-optimized for infrequently-accessed data. Amazon FSx for NetApp ONTAP automatically tiers data from SSD storage to capacity pool storage based on your access patterns, allowing you to achieve SSD levels of performance for your workload while only paying for SSD storage for a small fraction of your data. Capacity pool storage automatically grows and shrinks as you tier data to it, providing elastic storage for the portion of your data set that grows over time without the need to plan or provision capacity for this data.

Amazon FSx for NetApp ONTAP also gives you the flexibility to choose from a range of tiering policies to define how the data in each of your volumes is tiered to and from capacity pool storage. See the Amazon FSx documentation for more information on the tiering policies for Amazon FSx for NetApp ONTAP.

Compression and deduplication

Amazon FSx for NetApp ONTAP includes all of ONTAP’s storage efficiency and cost-savings features, including compression and deduplication. These features automatically reduce the storage consumption on your file system storage and your file system backups, typically a 65% savings for general-purpose workloads. See the Amazon FSx documentation for more information on the typical storage savings from compression and deduplication.

Flexible storage management

With Amazon FSx for NetApp ONTAP, each volume you create is thin provisioned, meaning that it only consumes storage capacity from your file system for the data stored in the volume. You set the size for each volume to limit the amount of data that a volume can store, and you can also increase or decrease the size of a volume at any time. You can also apply user / group quotas to your volumes to further manage how much capacity your users and applications are consuming.

Flexible throughput and IOPS selection

Amazon FSx for NetApp ONTAP offers multiple throughput capacity levels that you can choose from, allowing you to cost-optimize for the performance your workloads require. You can also optionally provision higher levels of IOPS as needed, independently from the storage and throughput capacity of your file system, allowing you to pay only for the IOPS you need.

Pricing

With Amazon FSx, you pay only for the resources you use.

You are billed for the amount of SSD storage you provision (per GB-mo), and you are billed for capacity pool storage and backup storage based on the storage space consumed (per GB-mo).You are billed for the amount of throughput capacity you provision for your file systems (per MBps-mo), and are billed per-request for requests to/from capacity pool storage (per read and write operation).

You are billed for file systems based on the storage capacity (per GB-mo), SSD IOPS (per IOPS-mo), and throughput capacity (per MBps-mo) that you provision.

Storage and throughput capacity are billed per second, ensuring that you only pay for resources for the period of time when you’re using them.

Availability and Data Protection

Multi-AZ deployments

Amazon FSx offers a multiple availability (AZ) deployment option, designed to provide continuous availability to data, even in the event that an AZ is unavailable. Multi-AZ file systems include an active and standby file server in separate AZs, and any changes written to disk in your file system are synchronously replicated across AZs to the standby. During planned maintenance, or in the event of a failure of the active file server or its AZ, Amazon FSx automatically fails over to the standby so you can resume file system operations without a loss of availability to your data.  

Snapshots and file restore

To enable end-users to easily undo changes and compare file versions, Amazon FSx for NetApp ONTAP supports restoring individual files and folders to previous versions using NetApp Snapshots. 

Cross-region replication

Amazon FSx for NetApp ONTAP supports NetApp SnapMirror, a replication technology that you can use to replicate data between two ONTAP file systems. You can configure automatic NetApp SnapMirror replication of your data to another Amazon FSx for NetApp ONTAP file system, including a file system in another Amazon Web Services Region. If needed, you can fail over your applications and users to use the other Amazon FSx for NetApp ONTAP file system. With SnapMirror, you can configure replication with a Recovery Point Objective (RPO) of as low as 5 minutes, and a Recovery Time Objective (RTO) in single-digit minutes. You can configure SnapMirror using the ONTAP CLI or REST API.

Automated backups

To help ensure that your data is protected, FSx ONTAP automatically takes highly durable daily backups of every volume in your file system. Backups are incremental relative to one another and crash-consistent. You can take additional backups of your volumes at any point.

Write-once-read-many (WORM) protection

Amazon FSx for NetApp ONTAP fully supports SnapLock, an ONTAP feature that allows you to prevent accidental or malicious attempts at modification or deletion of data. To ensure immutability of data, you can transition files on a SnapLock volume to a WORM state for a retention period you specify, and you can also place legal holds to retain data indefinitely until the hold is removed. You can use SnapLock to meet regulatory compliance, secure your data against ransomware attacks, and achieve your organization's data retention goals.

Hybrid Workflow Support

On-premises caching

Amazon FSx for NetApp ONTAP fully supports NetApp’s Global File Cache and FlexCache solutions, which you can deploy on premises to provide low-latency access for your most frequently-read data to on-premises clients and workstations.

Backup and disaster recovery to Amazon Web Services

You can back up, archive, or replicate data from your on-premises file servers to Amazon FSx for NetApp ONTAP to simplify business continuity and meet your data retention and disaster recovery requirements.

Cloud bursting

If you have data in an on-premises NetApp file system that you want to access or process from Amazon Web Services with low latency, you can configure Amazon FSx for NetApp ONTAP as an in-cloud cache for your on-premises data by using NetApp FlexCache. When used as a cache, Amazon FSx provides low-latency access to your on-premises data sets from Amazon Web Services compute instances. See the Amazon FSx documentation for more info. 

Security and Compliance

Network isolation

You access your Amazon FSx for NetApp ONTAP file system from the Amazon VPC it’s associated with, or any network that you peer with your VPC. You can configure firewall settings and control network access to your file systems using Amazon VPC Security Groups and VPC Network ACLs. You can also optionally use ONTAP export policies to configure which clients can read and write to the volumes in your file system.

Resource-level permissions

Amazon FSx for NetApp ONTAP is integrated with Amazon Web Services Identity and Access Management (IAM). This integration means that you can control the actions your Amazon Web Services IAM users and groups can take to manage your file systems, storage virtual machines, and volumes (such as creating and deleting file systems). You can also tag your Amazon FSx for NetApp ONTAP resources and control the actions that your IAM users and groups can take based on those tags.

Identity-based authentication

Amazon FSx for NetApp ONTAP supports identity-based authentication over NFS or SMB if you join your file system to an Active Directory (AD). Your users can then use their existing AD-based user identities to authenticate themselves and access the file system, and to control access to individual files and folders.

Encryption

All Amazon FSx for NetApp ONTAP file system data is automatically encrypted at-rest using keys managed with Amazon Key Management Service. Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. FSx for NetApp ONTAP supports Kerberos-based encryption in transit if you join your file system to an Active Directory. 

Logging and auditing

Amazon FSx for NetApp ONTAP integrates with Amazon CloudTrail to monitor and log administrative actions made in the Amazon FSx for NetApp ONTAP console, API, and CLI.

File access auditing

Amazon FSx for NetApp ONTAP supports auditing end-user access to your files and folders using ONTAP’s native audit logging capabilities. If you enable audit event logging, ONTAP will record file access events to a log file that you specify in your file system. You can then read that log file using applications such as Windows Event Viewer.

Amazon Amazon FSx for NetApp ONTAP also fully supports ONTAP’s FPolicy feature with Amazon Web Services Partner solutions to monitor for file access events.

Antivirus

Amazon FSx for NetApp ONTAP fully supports ONTAP’s “vscan” feature, which you can use with Amazon Web Services Partner antivirus applications to automatically scan new files as they’re written to your file system.