Administering FSx for Windows file systems - Amazon FSx for Windows File Server
Amazon FSx file system statusUsing the Amazon FSx CLI for PowerShellMaintenance window

Administering FSx for Windows file systems

Amazon FSx provides a wide range of administrative capabilities that help you easily manage and grow your Amazon FSx for Windows File Server file systems to meet changing workload and user requirements, and your organizations regulatory and compliance needs. The following is a list of some of the file system configurations that you can manage using the AWS Management Console, AWS CLI and API, the Amazon FSx CLI for remote management on PowerShell, and native Microsoft Windows Server graphical interfaces.

  • Storage capacity

  • Storage type

  • SSD IOPS

  • Throughput capacity

  • DNS aliases

  • Data deduplication

  • Shadow copies

  • Storage quotas

  • File access auditing

  • File shares

The following sections provide information about the file system administrative features and setting that are available to you. We've included guidance to help you determine which options are best for your situation, and best practices where applicable.

Topics

Amazon FSx file system status

You can view the status of an Amazon FSx file system by using the Amazon FSx console, the AWS CLI command describe-file-systems, or the API operation DescribeFileSystems.

File system status Description

AVAILABLE

The file system is in a healthy state, and is reachable and available for use.

CREATING

Amazon FSx is creating a new file system.

DELETING

Amazon FSx is deleting an existing file system.

UPDATING

The file system is undergoing a customer-initiated update.

MISCONFIGURED

The file system is in an impaired state due to a change in your Active Directory environment. Your file system is either currently unavailable or at risk of losing availability, and backups may not succeed. For information on restoring availability, see File system is in a misconfigured state.

MISCONFIGURED_UNAVAILABLE

The file system is currently unavailable due to a change in your Active Directory environment. For information on restoring availability, see File system is in a misconfigured state.

FAILED

  • When creating a new file system, Amazon FSx was unable to create the new file system.

  • The file system is unavailable.

  • The file system has failed and Amazon FSx can't recover it.

  • Amazon FSx is unable to create backups.

Using the Amazon FSx CLI for PowerShell

This chapter describes how to access the Amazon FSx CLI for remote management on PowerShell to perform file system administrative tasks for FSx for Windows file systems. You can also use the Microsoft Windows–native graphical user interface (GUI) to perform some administrative tasks.

The Amazon FSx CLI for remote management on PowerShell enables file system administration for users in the file system administrators group. To start a remote PowerShell session on your FSx for Windows File Server file system, you first need to meet the following prerequisites:

  • Be able to connect to a Windows compute instance that has network connectivity with your FSx for Windows File Server file system.

  • Be logged into the Windows compute instance as a member of the file system administrators group. If you are using AWS Managed Microsoft AD, that is the AWS Delegated FSx Administrators group. If you are using a self-managed Microsoft Active Directory, that is the Domain Admins group or the custom group that you specified for administration when you created your file system. For more information, see Best practices for self-managed Active Directory.

  • Your file system's VPC security group inbound rules allow traffic on port 5985.

The Amazon FSx CLI for remote management on PowerShell uses the following security features:

  • User credentials are authenticated using Kerberos authentication.

  • Management session communications between the connected client and file system are encrypted using Kerberos.

You have two options to run remote management CLI commands on your Amazon FSx file system:

  • You can establish a long-running Remote PowerShell session and run the commands inside the session.

  • You can use the Invoke-Command to run a single command or a single block of commands without establishing a long-running Remote PowerShell session.

If you want to set and pass variables as parameters to the remote management command, you will need to use Invoke-Command.

Note

For Multi-AZ file systems, you can only use the Amazon FSx CLI for Remote Management while the file system is using its preferred file server. For more information, see Availability and durability: Single-AZ and Multi-AZ file systems.

You need to use the file system's Windows Remote PowerShell Endpoint to access the Remote PowerShell. The remote administration endpoint has the format of amznfsxctlyaa1k.ActiveDirectory-DNS-name, for example, amznfsxctlyaa1k.corp.example.com. You can find the endpoint name by using the AWS Management Console in the File system details page on the Network & security tab. Use the AWS CLI describe-file-systems command to view the RemoteAdministrationEndpoint property returned in the response.

You can use the Get-Command cmdlet to retrieve information about the cmdlets, functions, and aliases available in PowerShell. For more information, see the Microsoft Get-Command documentation.

You can also run Amazon FSx CLI for remote management CLI on PowerShell commands on your file system using the Invoke-Command cmdlet, using the following syntax:

PS C:\Users\delegateadmin> Invoke-Command -ComputerName amznfsxctlyaa1k.corp.example.com -ConfigurationName FSxRemoteAdmin -scriptblock { fsx-command}

For instructions on how to start a long-lived Remote PowerShell session on your FSx for Windows File Server files system, see Starting an Amazon FSx remote PowerShell session

File system maintenance window

Amazon FSx for Windows File Server performs routine software patching for the Microsoft Windows Server software that it manages. The maintenance window specifies the day of the week and the time of day when this maintenance process begins. You can specify the start period of the maintenance window during file system creation. If you do not specify one, a 30-minute default maintenance start window is assigned. The duration of the maintenance window depends on multiple factors, including the scope of the maintenance, and the process of synchronizing any file read and write activity that occurs during maintenance between the primary and secondary servers for Multi-AZ file systems. For more information, see Failing over process.

FSx for Windows File Server lets you adjust the start time of your maintenance window to accommodate your workload and operational requirements. You can move the start time of your maintenance window as frequently as required, provided that a maintenance window start time is scheduled at least once every 14 days. If a patch is released and you haven’t scheduled a maintenance window within 14 days, FSx for Windows File Server proceeds with maintenance on the file system to ensure its security and reliability. For more information about how to adjust the start time of your file system's maintenance window, see Changing the weekly maintenance window.

While patching is in progress, expect your Single-AZ file systems to be unavailable, typically for less than 20 minutes. Multi-AZ file systems remain available and automatically fail over and fail back between the preferred and the standby file servers. For more information, see Failing over process. Because patching for Multi-AZ file systems involves failing over and failing back between the file servers, any file read and write activity occuring during this time must be synchronized between the preferred and the standby file servers. To reduce patching time, we recommend scheduling your maintenance window during idle periods when there's minimal load on your file system.

Note

To ensure data integrity during maintenance activity, Amazon FSx for Windows File Server completes any pending write operations to the underlying storage volumes hosting your file system before maintenance begins.