Amazon FSx for NetApp ONTAP Features

Overview

Amazon FSx for NetApp ONTAP is a storage service that allows you to launch and run fully managed NetApp ONTAP file systems in the AWS Cloud. It provides the familiar features, performance, capabilities, and APIs of NetApp file systems with the agility, scalability, and simplicity of a fully managed AWS service.

Amazon FSx for NetApp ONTAP offers high-performance file storage that’s broadly accessible from Linux, Windows, and macOS compute instances via the industry-standard NFS, SMB, iSCSI, and NVMe-over-TCP protocols. It enables you to use ONTAP’s widely adopted data management capabilities, like snapshots, clones, and replication, with the click of a button. In addition, it provides low-cost storage capacity that’s fully elastic and virtually unlimited in size, and supports compression and deduplication to help you further reduce storage costs.

Administration and Management

With Amazon FSx for NetApp ONTAP, you can use both AWS-native and NetApp management tools to set up, manage, and monitor your file systems. You can manage your file systems using the AWS Management Console, AWS Command Line Interface, and AWS SDK, as well as NetApp BlueXP and ONTAP’s REST API.

Amazon FSx for NetApp ONTAP fully supports NetApp SnapMirror replication, allowing you to quickly, easily, and efficiently migrate from on-premises ONTAP deployments into the AWS Cloud with a few clicks. You can configure SnapMirror to replicate your files, file metadata, and file system configuration, in a matter of minutes.

Amazon FSx for NetApp ONTAP supports NetApp’s FlexClone feature, enabling you to create a clone of the volumes in your file system instantaneously with the click of a button. A clone is a point-in-time, writable copy of its parent volume that shares data blocks with its parent, which means the clone consumes no storage for data shared with its parent, taking up minimal incremental space in your file system.

As an example, if you are running a database workload and would like to test a database operation prior to executing it against your production database, you can test the operation by creating a clone of your database, running the operation against the clone to validate that it works as expected, and then deleting the clone when you’re done with your test.

Accessibility

Amazon FSx for NetApp ONTAP provides access to shared file storage over all versions of the Network File System (NFS) and Server Message Block (SMB) protocols, and also supports multi-protocol access (i.e. concurrent NFS and SMB access) to the same data. As a result, you can access Amazon FSx for NetApp ONTAP from virtually any Linux, Windows, or macOS client.

Amazon FSx for NetApp ONTAP also provides shared block storage over the iSCSI and NVMe-over-TCP protocols.

Amazon FSx for NetApp ONTAP provides shared storage for up to thousands of simultaneous clients running in Amazon EC2, Amazon ECS, Amazon EKS, VMware Cloud on AWS, Amazon WorkSpaces, and Amazon AppStream 2.0 instances.

Performance and Scale

Amazon FSx for NetApp ONTAP is designed to deliver fast, predictable, and consistent performance. It provides up to tens of GB/s of throughput per file system, and millions of IOPS per file system. To get the right performance for your workload, you choose a throughput level for your file system and scale this throughput level up or down as needed. You can also choose the number of high-availability file server pairs for your Single-AZ file systems, and add file server pairs at any time.

Amazon FSx for NetApp ONTAP is built to deliver consistent sub-millisecond latencies when accessing data on SSD storage, and tens of milliseconds of latency when accessing data in capacity pool storage. It provides fast, consistent performance for latency- and performance-sensitive workloads.
 

Each Amazon FSx for NetApp ONTAP file system scales to petabytes in size, allowing you to store virtually unlimited data in a single namespace.

Amazon FSx for NetApp ONTAP Single-AZ file systems allow you to parallelize your high-performance workloads by creating file systems with multiple file server pairs. And, if you later need more performance than your existing HA pairs can offer, you can add new HA pairs over time. Scale-out file systems deliver the performance of multiple file systems in one by automatically spreading customers’ workloads across multiple file servers.

With sub-millisecond latencies and scalability to up to millions of IOPS per file system, Amazon FSx for NetApp ONTAP provides highly-available shared file storage for your high-performance database workloads. It also supports common database features such as application-consistent snapshots (using NetApp SnapCenter), FlexClone (a data cloning feature), Continuously Available (CA) SMB shares, and Instant File Initialization.

Cost Optimization

Each Amazon FSx for NetApp ONTAP file system has two storage tiers: primary storage and capacity pool storage. Primary storage is provisioned, scalable, high-performance SSD storage that’s purpose-built for the active portion of your data set. Capacity pool storage is a fully elastic storage tier that can scale to petabytes in size and is cost-optimized for infrequently-accessed data. Amazon FSx for NetApp ONTAP automatically tiers data from SSD storage to capacity pool storage based on your access patterns, allowing you to achieve SSD levels of performance for your workload while only paying for SSD storage for a small fraction of your data. Capacity pool storage automatically grows and shrinks as you tier data to it, providing elastic storage for the portion of your data set that grows over time without the need to plan or provision capacity for this data.

Amazon FSx for NetApp ONTAP also gives you the flexibility to choose from a range of tiering policies to define how the data in each of your volumes is tiered to and from capacity pool storage. See the Amazon FSx documentation for more information on the tiering policies for Amazon FSx for NetApp ONTAP.

Amazon FSx for NetApp ONTAP includes all of ONTAP’s storage efficiency and cost-savings features, including compression and deduplication. These features automatically reduce the storage consumption on your file system storage and your file system backups, typically a 65% savings for general-purpose workloads. See the Amazon FSx documentation for more information on the typical storage savings from compression and deduplication.

With Amazon FSx for NetApp ONTAP, each volume you create is thin provisioned, meaning that it only consumes storage capacity from your file system for the data stored in the volume. You set the size for each volume to limit the amount of data that a volume can store, and you can also increase or decrease the size of a volume at any time. You can also apply user / group quotas to your volumes to further manage how much capacity your users and applications are consuming.

Amazon FSx for NetApp ONTAP offers multiple throughput capacity levels that you can choose from, allowing you to cost-optimize for the performance your workloads require. You can also optionally provision higher levels of IOPS as needed, independently from the storage and throughput capacity of your file system, allowing you to pay only for the IOPS you need.

With Amazon FSx, you pay only for the resources you use.

You are billed for the amount of SSD storage you provision (per GB-mo), and you are billed for capacity pool storage and backup storage based on the storage space consumed (per GB-mo).

You are billed for the amount of throughput capacity you provision for your file systems (per MBps-mo), and are billed per-request for requests to/from capacity pool storage (per read and write operation).

You are billed for file systems based on the storage capacity (per GB-mo), SSD IOPS (per IOPS-mo), and throughput capacity (per MBps-mo) that you provision.

Storage and throughput capacity are billed per second, ensuring that you only pay for resources for the period of time when you’re using them.

Availability and Data Protection

Amazon FSx offers a multiple availability (AZ) deployment option, designed to provide continuous availability to data, even in the event that an AZ is unavailable. Multi-AZ file systems include an active and standby file server in separate AZs, and any changes written to disk in your file system are synchronously replicated across AZs to the standby. During planned maintenance, or in the event of a failure of the active file server or its AZ, Amazon FSx automatically fails over to the standby so you can resume file system operations without a loss of availability to your data.  

To enable end-users to easily undo changes and compare file versions, Amazon FSx for NetApp ONTAP supports restoring individual files and folders to previous versions using NetApp Snapshots. 

Amazon FSx for NetApp ONTAP supports NetApp SnapMirror, a replication technology that you can use to replicate data between two ONTAP file systems. You can configure automatic NetApp SnapMirror replication of your data to another Amazon FSx for NetApp ONTAP file system, including a file system in another AWS Region. If needed, you can fail over your applications and users to use the other Amazon FSx for NetApp ONTAP file system. With SnapMirror, you can configure replication with a Recovery Point Objective (RPO) of as low as 5 minutes, and a Recovery Time Objective (RTO) in single-digit minutes. You can configure SnapMirror using the ONTAP CLI or REST API.

To help ensure that your data is protected, FSx ONTAP automatically takes highly durable daily backups of every volume in your file system. Backups are incremental relative to one another and crash-consistent. You can take additional backups of your volumes at any point.

Amazon FSx for NetApp ONTAP fully supports SnapLock, an ONTAP feature that allows you to prevent accidental or malicious attempts at modification or deletion of data. To ensure immutability of data, you can transition files on a SnapLock volume to a WORM state for a retention period you specify, and you can also place legal holds to retain data indefinitely until the hold is removed. You can use SnapLock to meet regulatory compliance, secure your data against ransomware attacks, and achieve your organization's data retention goals.

Hybrid Workflow Support

Amazon FSx for NetApp ONTAP fully supports NetApp’s Global File Cache and FlexCache solutions, which you can deploy on premises to provide low-latency access for your most frequently-read data to on-premises clients and workstations.

You can back up, archive, or replicate data from your on-premises file servers to Amazon FSx for NetApp ONTAP to simplify business continuity and meet your data retention and disaster recovery requirements.

If you have data in an on-premises NetApp file system that you want to access or process from AWS with low latency, you can configure Amazon FSx for NetApp ONTAP as an in-cloud cache for your on-premises data by using NetApp FlexCache. When used as a cache, Amazon FSx provides low-latency access to your on-premises data sets from AWS compute instances. See the Amazon FSx documentation for more info. 

Security and Compliance

You access your Amazon FSx for NetApp ONTAP file system from the Amazon VPC it’s associated with, or any network that you peer with your VPC. You can configure firewall settings and control network access to your file systems using Amazon VPC Security Groups and VPC Network ACLs. You can also optionally use ONTAP export policies to configure which clients can read and write to the volumes in your file system.

Amazon FSx for NetApp ONTAP is integrated with AWS Identity and Access Management (IAM). This integration means that you can control the actions your AWS IAM users and groups can take to manage your file systems, storage virtual machines, and volumes (such as creating and deleting file systems). You can also tag your Amazon FSx for NetApp ONTAP resources and control the actions that your IAM users and groups can take based on those tags.

Amazon FSx for NetApp ONTAP supports identity-based authentication over NFS or SMB if you join your file system to an Active Directory (AD). Your users can then use their existing AD-based user identities to authenticate themselves and access the file system, and to control access to individual files and folders.

All Amazon FSx for NetApp ONTAP file system data is automatically encrypted at-rest using keys managed with AWS Key Management Service (AWS KMS). Data is automatically encrypted before being written to the file system, and automatically decrypted as it is read. FSx for NetApp ONTAP supports Kerberos-based encryption in transit if you join your file system to an Active Directory. FSx for NetApp ONTAP also provides encryption of data in-transit between Amazon EC2 Nitro-based compute instances in select Regions.

Amazon FSx for NetApp ONTAP integrates with AWS CloudTrail to monitor and log administrative actions made in the Amazon FSx for NetApp ONTAP console, API, and CLI.

AWS has the longest-running compliance program in the cloud and is committed to helping customers navigate their requirements. Amazon FSx has been assessed to meet global and industry security standards. It complies with PCI DSS, ISO 9001, 2700127017, and 27018), and SOC 1, 2, and 3, in addition to being HIPAA eligible. That makes it easier for you to verify our security and meet your own obligations. For more information and resources, visit our compliance pages. You can also go to the Services in Scope by Compliance Program page to see a full list of services and certifications.

Amazon FSx for NetApp ONTAP supports auditing end-user access to your files and folders using ONTAP’s native audit logging capabilities. If you enable audit event logging, ONTAP will record file access events to a log file that you specify in your file system. You can then read that log file using applications such as Windows Event Viewer.

Amazon Amazon FSx for NetApp ONTAP also fully supports ONTAP’s FPolicy feature with AWS Partner solutions to monitor for file access events.

Amazon FSx for NetApp ONTAP fully supports ONTAP’s “vscan” feature, which you can use with AWS Partner antivirus applications to automatically scan new files as they’re written to your file system.