Media Lab Upload Virtual Host via Smb

Accessing SMB file shares remotely with Amazon FSx for Windows File Server

With remote work becoming the norm, customers oftentimes need a primal repository for files that tin can be accessed from anywhere to enable collaboration and provide highly durable storage. For ease of use and increased productivity, customers are looking for shared file access that can be mounted equally a network drive using built-in Windows, macOS, Linux, and iOS tools. They too want a repository that is searchable and follows a standard file system architecture. Common employ cases include dwelling house directories, user and departmental shares, and even media workloads where loftier throughput and depression latency is a requirement.

Amazon FSx for Windows File Server (Amazon FSx) is a fully managed, highly available, and scalable file storage solution built on Windows Server that uses the Server Message Block (SMB) protocol. It allows for Microsoft Active Directory integration, data deduplication, and fully managed backups, amidst other critical enterprise features.

In this blog, I walk through creating a highly available, fully managed file share accessible from personal devices using a virtual individual network (VPN).

Overview of solution

For the solution in this blog post, I create an AWS Managed Microsoft AD using AWS Directory Service to let for hallmark and authorization to admission my file shares, an Amazon FSx file organisation to host the file shares, and an AWS Client VPN endpoint and gateway to enable remote access. To ensure high availability, each component is spread over ii AWS Availability Zones. Amazon FSx also supports creating file systems linked to an existing, on-premises Active Directory directly without the need to migrate identities over to an AWS Managed Microsoft AD.

The preceding compages diagram depicts the solution outlined in this tutorial, with each service involved spread beyond two Availability Zones to ensure a highly available file share that can be accessed at any time.

Tutorial

In this blog, I do the following:

• Configure an Amazon Virtual Private Cloud (Amazon VPC) – this provides an isolated network for your Amazon FSx deployment.
• Create an AWS Managed Microsoft AD using AWS Directory Service. An Agile Directory is required for Amazon FSx to allow access to the file share, and is used to connect to the VPN.
• Create an Amazon FSx for Windows File Server file system – this creates the file system that acts equally a primal repository.
• Create an AWS Client VPN endpoint – this enables VPN access to the Amazon VPC.
• Connect to the VPN from a personal device (macOS, Microsoft Windows, or iOS).
• Mountain a file share (macOS, Microsoft Windows, or iOS).

Prerequisites

For this tutorial, you lot should have the following prerequisites:

• An AWS account

Configure Amazon VPC for AWS Managed Microsoft Ad and Amazon FSx

Commencement, I create a new Amazon VPC for my Amazon FSx deployment.

Create a new Amazon VPC

1. Log in to the Amazon VPC console.
2. Select Your VPCs in the sidebar, then Create VPC.
3. Name your Amazon VPC and enter an IPv4 CIDR block of 10.0.0.0/xvi. Then choose Create.

Add subnets

To create a solution across multiple Availability Zones, and to logically separate each attribute of my architecture, I create six subnets – 2 for AWS Managed Microsoft AD, ii for Amazon FSx for Windows File Server, and ii for Client VPN endpoints.

1. Select Subnets in the sidebar, then Create Subnet.
2. As shown in the following screenshot, for Proper noun tag, enter Microsoft AD ane. Select the Amazon VPC y'all just created, and select an Availability Zone. Set a CIDR block of ten.0.1.0/24.
3. Every bit shown in the following screenshot, repeat the preceding step, with subnets named Microsoft Ad 2, FSx ane, FSx 2, VPN 1, and VPN 2, using different CIDR blocks for each. Microsoft AD two, VPN ii, and FSx 2 should be in a different Availability Zone than Microsoft Advertising 1, VPN one, and FSx one. In my example, Microsoft Advertisement 1, VPN 1, and FSx 1 are in united states of america-west-2a, while Microsoft Advertizing ii, VPN 2, and FSx ii are in us-west-2b.

Create AWS Managed Microsoft AD

In this stride, I create a new AWS Managed Microsoft AD. To use a cocky-managed Agile Directory, y'all can follow the instructions here.

Create new directory

1. Log in to the Directory Service panel.
2. Select Prepare directory. Select a directory type of Microsoft Advert, then Next.
3. As shown in the following screenshot, cull your Active Directory Edition. For this tutorial, I utilize the Standard Edition. Side by side, define a Directory DNS proper name (for instance, example.com). If yous'd like, add a Directory NetBIOS name. Next, add an Admin password, and brand a note of it.

   

4. Under VPC, select your new Amazon VPC, and under Subnets, choose the subnets you created for the AWS Managed Microsoft AD. This is shown in the following screenshot:

   

5. Click Next, review your directory, and then click Create directory. This tin can have 20–45 minutes. In the directory details, note the DNS addresses and save them for later on.

Create Customer VPN endpoint

To admission the file share, you must set upward a VPN connection. This consists of three parts: creating a server certificate, creating a Client VPN endpoint, and creating a DHCP pick prepare.

Create the server certificate

1. Follow the instructions here to create a server certificate using the OpenVPN like shooting fish in a barrel-rsa tool.
2. Once you accept created the certificate, navigate to the AWS Certificate Manager (ACM) console.
3. If this is your first time using ACM, click on get started underneath Provision Certificate, then Import a certificate. If y'all accept used ACM earlier, yous should take the selection to import a certificate on the dashboard.
4. Commencement, import the server document. Open up the ca.crt, server.crt, and server.central that you made with easy-rsa in a text editor. Copy and paste the contents of server.crt into the certificate torso field, the contents of server.key into the certificate private key field, and the contents of ca.crt into the certificate chain field. Click Next.
5. Optionally, add together tags. Click review and import, then import:

Create Client VPN endpoint

1. Navigate dorsum to the Amazon VPC panel. In the sidebar, select Client VPN Endpoints. Cull Create Client VPN Endpoint and give the endpoint a proper name of VPN Endpoint. Afterward, enter a CIDR range of 10.254.0.0/xvi.
2. Under Server certificate ARN, select the server document that was imported.
3. For authentication options, select Apply user-based hallmark, and so Active Directory hallmark. Cull the Active Directory made in the last section.
4. Select if you want to log connection details. Check Enable DNS Servers and enter the DNS addresses from the AWS Managed Microsoft Ad. Enable split-tunnel, choose the Amazon VPC, and select the VPN security group. Click Create Client VPN Endpoint.
5. Select the endpoint, then choose Download Client Configuration.

Attach Client VPN endpoint to Amazon VPC Subnets

1. Select Subnets in the sidebar. Find and note the subnet IDs for VPN 1 and VPN 2.
2. Go back to Client VPN Endpoints, select the endpoint that was just created, and click on the Associations Click Create. Select the subnets that Amazon FSx was deployed to, and the subnet ID for VPN 1.
3. Repeat the clan process with the subnet ID for VPN 2.
4. To allow ingress from the VPN connections, go to Authorizations, select Allow Ingress and enter the Amazon VPC CIDR as the destination network. Click Add authorisation dominion:

Create DHCP options set

The steps in the section enable devices not tied to an Active Directory to connect to the Amazon FSx file arrangement using its DNS name. If the devices connecting already use Active Directory for DNS resolution, yous tin can skip this step.

1. Click on DHCP options sets in the sidebar. Click create, and so name the options set Active Directory DHCP. For domain name, enter your Active Directory domain, and add together the DNS addresses from the AWS Managed Microsoft Ad.
2. Click Create.
3. Navigate to the Amazon VPC details, and click Actions, so Edit DHCP options prepare.
4. Select Active Directory DHCP, and click Save.

Creating Amazon FSx for Windows File Server file share

In this section, nosotros create the Amazon FSx for Windows File Server file arrangement and file share that will host our files inside the Amazon VPC.

1. Navigate to the Amazon FSx panel.
2. Select Create File System, and select Amazon FSx for Windows File Server.
3. Name your file arrangement, cull your storage type, and your storage chapters. Leave the throughput capacity at the recommended setting.
4. Choose the Amazon VPC that was created in the "Configure an Amazon VPC" department, and leave the security group as default.
5. Choose FSx 1 equally the preferred subnet, and FSx 2 equally the standby subnet.
6. Choose the AWS Managed Microsoft Advert created in the "Create AWS Managed AD" section. Click Next and review your settings, and then select create file system.
7. Once the file system is finished creating, access the details and note the DNS name:

Mounting Amazon FSx file share

In this section, I cover connecting your device to your VPC via your AWS Client VPN endpoint, then I go through mounting your Amazon FSx file share. AWS Client VPN supports whatsoever OpenVPN-supported VPN client, merely I utilize the AWS client.

Connecting to AWS Client VPN

To access the Amazon FSx share, we demand to connect our device to our Amazon VPC through the AWS Customer VPN endpoint.

macOS/Microsoft Windows

1. Download and install the AWS Customer VPN for your operating system.
2. Once installed, create a contour by clicking on File, then Manage Profiles, then Add Profile.
3. Choose a display name, and select the VPN configuration file downloaded from the AWS VPN console. Click Add Contour.
4. Click Connect. When prompted for a user name and password, enter admin and the password that was entered when creating the Active Directory.

iOS

1. Download the OpenVPN Connect awarding from the App Store.
2. Before transferring the configuration file to an iOS device, you lot must edit it. Open up the configuration file in a text editor, and find the line that includes remote <Endpoint URL>. Before the URL, add *. so that the line looks like this:

Save the configuration file, and transfer it to your iOS device using either iTunes sync or saving the file to a cloud storage service and importing it via the share menu. This is shown in the post-obit screenshot:

Note: Yous may demand to find OpenVPN in the More menu.

3. Enter your user name, and click add. When prompted by iOS, let OpenVPN to add VPN configurations.
4. In the Profiles carte du jour, select the OpenVPN contour that was imported. Enter your user name and countersign, and click okay to connect.

Mounting Amazon FSx file share

The following steps show you how to mount your Amazon FSx file share on macOS, Microsoft Windows, and iOS.

macOS

1. Open a new Finder window. In the status bar, click on Go then Connect to server.

   

2. In the connexion window, enter <Amazon FSx DNS URL>/share. When prompted, enter your administrator credentials.

Microsoft Windows

1. In a new File Explorer window, click on Network, then Map Network Drive.
2. Select a drive letter, and enter \\<Amazon FSx DNS URL>\share.

   

3. Check Connect using different credentials, so click Finish.
4. When prompted, enter your administrator credentials as admin@<Active Directory domain>:

iOS

1. Open the Files app, and tap on the three dots in the peak-correct corner.
2. When prompted, tap Connect to Server:

   

3. Enter smb://<Amazon FSx DNS URL>/share, so tap Connect. When prompted, enter your administrator credentials.

Cleaning upward

To avert incurring future charges, delete all resource created:

Amazon FSx File System

From the Amazon FSx panel, select the file arrangement that was created in the "Creating Amazon FSx for Windows File Server file share" department. Click on the Actions menu, then Delete file arrangement. Choose non to create a terminal backup, and type the file organization ID to ostend deletion. Finally, click on Delete file system (again).

AWS Managed Microsoft Advertisement

From the Directory Service console, select the radio button adjacent to the directory that was created in the "Create AWS Managed Microsoft AD" section. Under Actions, click Delete directory. Type in the name of the directory (e.g. corp.fsxvpc.com), so click Delete.

Amazon VPC

From the Amazon VPC console, select the VPC created in the "Configure Amazon VPC for AWS Managed Microsoft AD and Amazon FSx" department. Click Deportment, Delete VPC, then Delete VPC once again. This removes all subnets, gateways, endpoints, network interfaces, security groups, and route tables created within this AWS VPC.

Conclusion

In this weblog, I outlined the process involved in creating a highly available file share accessible from personal devices using AWS Client VPN and Amazon FSx for Windows File Server. Past completing this walkthrough, you created a file share accessible from home, the office, or on the get. This enables a primal repository with flexible bandwidth and capacity for everything from documents to high-resolution video files. From hither, y'all can add users and groups to your Agile Directory, migrate files to your new share using AWS DataSync, or create additional VPN endpoints in different Regions for lower latency via VPC Peering.

Thanks for reading this weblog post on creating a remotely accessible file share using Amazon FSx for Windows File Server. If you take any comments or questions, please don't hesitate to leave them in the comments section.

goldendrad1990.blogspot.com

Source: https://aws.amazon.com/blogs/storage/accessing-smb-file-shares-remotely-with-amazon-fsx-for-windows-file-server/