Using Microsoft Distributed File System Replication - Amazon FSx for Windows File Server
File system maintenance windows and DFS ReplicationSetting up DFS ReplicationSetting up DFS Namespaces for failover
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Using Microsoft Distributed File System Replication

Note

To implement high availability for an FSx for Windows File Server, we recommend using Multi-AZ file systems. For more information about Multi-AZ deployment types, see Availability and durability: Single-AZ and Multi-AZ file systems

Amazon FSx supports the use of the Microsoft Distributed File System (DFS) for file system deployments across multiple Availability Zones (AZs) to get Multi-AZ availability and durability. Using DFS Replication, you can automatically replicate data between two file systems. Using DFS Namespaces, you can configure one file system as your primary and the other as your standby, with automatic failover to the standby if the primary becomes unresponsive.

Before using DFS Replication, take the following steps:

  • Set up your security groups as described in Step 8 of Getting Started with Amazon FSx.

  • Create two FSx for Windows File Server file systems in different Availability Zones within the same Amazon Web Services Region. For more information on creating your file systems, see Step 3. Write data to your file share.

  • Ensure that both file systems are in the same Amazon Directory Service for Microsoft Active Directory.

  • After the file systems are created, note their file system IDs for use later on.

Note

To allow DFS Replication traffic to and from the file systems, make sure that you add VPC security group inbound and outbound rules as described in Amazon VPC Security Groups.

In the following topics, you can find a description of how to set up and use DFS Replication and DFS Namespaces failover across Availability Zones with FSx for Windows File Server.

File system maintenance windows and DFS Replication

To help ensure high availability for your FSx for Windows file systems located in separate availability zones, we recommend that you set up non-overlapping maintenance windows for the two Amazon FSx file systems. Doing this helps ensure that your file data continues to be available to applications and users during system maintenance windows.

Setting up DFS Replication

You can use DFS Replication to automatically replicate data between two Amazon FSx file systems. This replication is bidirectional, meaning that you can write to either file system and the changes are replicated to the other.

Important

You can't use the DFS Management UI in the Microsoft Windows Administrative Tools (dfsmgmt.msc) to configure DFS Replication on your FSx for Windows File Server file system.

  1. Begin the process of managing DFS by launching your instance and connecting it to the Microsoft Active Directory where you joined your Amazon FSx file systems. To do this, choose one of the following procedures from the Amazon Directory Service Administration Guide:

  2. Connect to your instance as an Active Directory user that is a member of the file system administrators group. In Amazon Managed AD, this group is called Amazon Delegated FSx Administrators. In your self-managed Microsoft AD, this group is called Domain Admins or the custom name for the administrators group that you provided during creation.

    This user must also be a member of a group that has DFS administration permissions delegated to it. In Amazon Managed AD, this group is called Amazon Delegated Distributed File System Administrators. In your self-managed AD, this user must be a member of Domain Admins or another group to which you delegated DFS administration permissions.

    For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide.

  3. Download the FSx-DFSr-Setup.ps1 PowerShell script.

  4. Open the Start menu and enter PowerShell. From the list, choose Windows PowerShell.

  5. Run the PowerShell script with the following specified parameters to establish DFS Replication between your two file systems:

    • The names of the DFS Replication group and folder

    • The local path to the folder that you want to replicate on your file systems (for example, D:\share for the default share that comes included with your Amazon FSx file system)

    • The DNS names of the primary and standby Amazon FSx file systems you created in the prerequisite steps

    FSx-DFSr-Setup.ps1 -group Group -folder Folder -path ContentPath -primary FSxFileSystem1-DNS-Name -standby FSxFileSystem2-DNS-Name

  1. Begin the process of managing DFS by launching your instance and connecting it to the Microsoft Active Directory where you joined your Amazon FSx file systems. To do this, choose one of the following procedures from the Amazon Directory Service Administration Guide:

  2. Connect to your instance as an Active Directory user that is a member of the file system administrators group. In Amazon Managed AD, this group is called Amazon Delegated FSx Administrators. In your self-managed Microsoft AD, this group is called Domain Admins or the custom name for the administrators group that you provided during creation.

    This user must also be a member of a group that has DFS administration permissions delegated to it. In Amazon Managed AD, this group is called Amazon Delegated Distributed File System Administrators. In your self-managed AD, this user must be a member of Domain Admins or another group to which you delegated DFS administration permissions.

    For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide.

  3. Open the Start menu and enter PowerShell. From the list, choose Windows PowerShell.

  4. If you don't have DFS Management Tools installed already, install them on your instance with the following command.

    Install-WindowsFeature RSAT-DFS-Mgmt-Con

  5. From the PowerShell prompt, create a DFS Replication group and folder with the following commands.

    $Group = "Name of the DFS Replication group"
$Folder = "Name of the DFS Replication folder"

New-DfsReplicationGroup –GroupName $Group
New-DfsReplicatedFolder –GroupName $Group –FolderName $Folder

  6. Determine the Active Directory computer name associated with each file system with the following commands.

    $Primary = "DNS name of the primary FSx file system"
$Standby = "DNS name of the standby FSx file system"

$C1 = (Get-ADObject -Filter "objectClass -eq 'Computer' -and ServicePrincipalName -eq 'HOST/$Primary'").Name
$C2 = (Get-ADObject -Filter "objectClass -eq 'Computer' -and ServicePrincipalName -eq 'HOST/$Standby'").Name

  7. Add your file systems as members of the DFS Replication group that you created with the following commands.

    Add-DfsrMember –GroupName $Group –ComputerName $C1
Add-DfsrMember –GroupName $Group –ComputerName $C2

  8. Use the following commands to add the local path (for example, D:\share) for each file system to the DFS Replication group. In this procedure, file system 1 serves as the primary member, meaning that its contents initially are synced to the other file system.

    $ContentPath1 = "Local path to the folder you want to replicate on file system 1"
$ContentPath2 = "Local path to the folder you want to replicate on file system 2"
                
Set-DfsrMembership –GroupName $Group –FolderName $Folder –ContentPath $ContentPath1 –ComputerName $C1 –PrimaryMember $True
Set-DfsrMembership –GroupName $Group –FolderName $Folder –ContentPath $ContentPath2 –ComputerName $C2 –PrimaryMember $False

  9. Add a connection between the file systems with the following command.

    Add-DfsrConnection –GroupName $Group –SourceComputerName $C1 –DestinationComputerName $C2

Within minutes, both file systems should begin synchronizing the contents of the ContentPath specified preceding.

Setting up DFS Namespaces for failover

You can use DFS Namespaces to treat one file system as your primary, and the other as your standby. By doing this, you can configure automatic failover to the standby if the primary becomes unresponsive. DFS Namespaces enables you to group shared folders on different servers into a single Namespace, where a single folder path can lead to files stored on multiple servers. DFS Namespaces are managed by DFS Namespace servers, which direct compute instances mapping a DFS Namespace folder to the appropriate file servers.

  1. If you don't already have DFS Namespace servers running, launch a pair of highly available DFS Namespace servers using the setup-DFSN-servers.template Amazon CloudFormation template. For more information on creating an Amazon CloudFormation stack, see Creating a Stack on the Amazon CloudFormation Console in the Amazon CloudFormation User Guide.

  2. Connect to one of the DFS Namespace servers launched in the previous step as a user in the Amazon Delegated Administrators group. For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide.

  3. Open the DFS Management console. Open the Start menu and run dfsmgmt.msc. Doing this opens the DFS Management GUI tool.

  4. For Action, choose New Namespace, and enter the computer name of the first DFS Namespace server that you launched for Server and choose Next.

  5. For Name, enter the namespace you're creating (for example, corp).

  6. Choose Edit Settings and set the appropriate permissions based on your requirements. Choose Next.

  7. Keep the default Domain-based namespace option selected, keep the Enable Windows Server 2008 mode option selected, and choose Next.

    Note

    Windows Server 2008 mode is the latest available option for Namespaces.

  8. Review the namespace settings and choose Create.

  9. With the newly created namespace selected under Namespaces in the navigation bar, choose Action, then Add Namespace Server.

  10. For Namespace server, enter the computer name of the second DFS Namespace server that you launched.

  11. Choose Edit Settings, set the appropriate permissions based on your requirements, and choose OK.

  12. Choose Add, enter the UNC name of the file share on the primary Amazon FSx file system (for example \\fs-0123456789abcdef0.example.com\share) for Path to folder target, and choose OK.

  13. Choose Add, enter the UNC name of the file share on the standby Amazon FSx file system (for example, \\fs-fedbca9876543210f.example.com\share) for Path to folder target, and choose OK.

  14. From the New Folder window, choose OK. The new folder is created with the two folder targets under your namespace.

  15. Repeat the last three steps for each file share that you want to add to your namespace.

  1. If you don't already have DFS Namespace servers running, launch a pair of highly available DFS Namespace servers using the setup-DFSN-servers.template Amazon CloudFormation template. For more information on creating an Amazon CloudFormation stack, see Creating a Stack on the Amazon CloudFormation Console in the Amazon CloudFormation User Guide.

  2. Connect to one of the DFS Namespace servers launched in the previous step as a user in the Amazon Delegated Administrators group. For more information, see Connecting to Your Windows Instance in the Amazon EC2 User Guide.

  3. Open the Start menu and enter PowerShell. Windows PowerShell appears in the list of matches.

  4. Open the context (right-click) menu for Windows PowerShell and choose Run as Administrator.

  5. If you don't have DFS Management Tools installed already, install it on your instance with the following command.

    Install-WindowsFeature RSAT-DFS-Mgmt-Con

  6. If you don't already have an existing DFS Namespace, you can create one using the following PowerShell commands.

    $NSS1 = computer name of the 1st DFS Namespace server
$NSS2 = computer name of the 2nd DFS Namespace server

$DNSRoot = fully qualified Active Directory domain name (e.g. mydomain.com)
$Namespace = Namespace name you want to use
$Folder = Folder path you want to use within the Namespace
$FS1FolderTarget = Share path to Folder Target on File System 1
$FS2FolderTarget = Share path to Folder Target on File System 2

$NSS1,$NSS2 | ForEach-Object { Invoke-Command –ComputerName $_ –ScriptBlock { mkdir “C:\DFS\${using:Namespace}”;
New-SmbShare –Name ${using:Namespace} –Path “C:\DFS\${using:Namespace}” } }

New-DfsnRoot -Path "\\${DNSRoot}\${Namespace}" -TargetPath "\\${NSS1}.${DNSRoot}\${Namespace}" -Type DomainV2
New-DfsnRootTarget -Path "\\${DNSRoot}\${Namespace}" -TargetPath "\\${NSS2}.${DNSRoot}\${Namespace}"

  7. To create a folder within your DFS Namespace, you can use the following PowerShell command. Doing this creates a folder that directs compute instances accessing the folder to your primary Amazon FSx file system by default.

    $FS1 = DNS name of primary FSx file system
New-DfsnFolder –Path “\\${DNSRoot}\${Namespace}\${Folder}" -TargetPath “\\${FS1}\${FS1FolderTarget}” –EnableTargetFailback $True –ReferralPriorityClass GlobalHigh

  8. Add your standby Amazon FSx file system to the same DFS Namespace folder. Compute instances accessing the folder fall back to this file system if they can't connect to the primary Amazon FSx file system.

    $FS2 = DNS name of secondary FSx file system
New-DfsnFolderTarget –Path “\\${DNSRoot}\${Namespace}\${Folder}" -TargetPath “\\${FS2}\${FS2FolderTarget}”

You can now access your data from compute instances using the DFS Namespace folder's remote path specified preceding. Doing this directs the compute instances to the primary Amazon FSx file system (and to the standby file system, if the primary is unresponsive).

For example, open the Start menu and enter PowerShell. From the list, choose Windows PowerShell and run the following command.

net use Z: \\${DNSRoot}\${Namespace}\${Folder} /persistent:yes