Accessing your data from on-premises
FSx for OpenZFS supports the use of Amazon Direct Connect or Amazon VPN to access your file systems from your on-premises compute instances. Using Amazon Direct Connect, you access your file system over a dedicated network connection from your on-premises environment. Using Amazon VPN, you access your file system from your on-premises devices over a secure and private tunnel.
After you connect your on-premises environment to the VPC associated with your Amazon FSx file system, you can access your file system using its DNS name or a DNS alias. You do so just as you do from compute instances within the VPC. For more information about Amazon Direct Connect, see What is Amazon Direct Connect? in the Amazon Direct Connect User Guide. For more information on setting up Amazon VPN connections, see VPN connections in the Amazon VPC User Guide.
Accessing Multi-AZ file systems
Amazon FSx requires that you use Amazon Transit Gateway to access Multi-AZ file systems from an
on-premises network. In order to support failover across AZs for Multi-AZ file
systems, Amazon FSx uses floating IP addresses for the interfaces used for NFS endpoints. Because the NFS endpoints use floating IPs, you must use Amazon Transit GatewayEndpointIpAddressRange you specify
when creating your Multi-AZ file system. By default, the Amazon FSx API selects a CIDR block of 16 available addresses from within the VPC's CIDR ranges.
The floating IP addresses are used to enable a seamless transition of your clients to the
standby file system in the event a failover is required. For more information,
see Failover process for FSx for OpenZFS.
If you have a Multi-AZ file system with an EndpointIPAddressRange
that's outside your VPC's CIDR range, you need to set up additional routing
in your Amazon Transit Gateway to access your file system from peered or on-premises networks.
For information, see Configuring routing using
Amazon Transit Gateway.