Geek Answers Handbook

AWS EFS from Windows Server 2012

Has anyone ever gotten Windows Server to connect to an AWS EFS volume using the Windows NFS 4.1 client? I know that it is not supported, but wonders if anyone made it (or through another client or utility?)

We have a requirement that Windows Server delete files on that NFS (ideally EFS), where the folder on this volume can be polled from an RHEL-based application. This application does not support S3, otherwise we will use this

Tks

+6
source share
4 answers

No, It is Immpossible. AWS specifically states that this is not possible in their documentation.

For instance,

Using Amazon EFS with Microsoft Windows Amazon EC2 instances is not supported. AWS EFS setup docs

A more technical explanation of why this is not possible here:

Reject Share NFS supports the concept of denial of access to resources, primarily used by Windows clients for users, to prevent others from accessing a specific file that was opened. Amazon EFS does not support this and returns the NFS error NFS4ERR_NOTSUPP for any OPEN commands that specify a deny share value other than OPEN4_SHARE_DENY_NONE. Linux NFS clients use nothing but OPEN4_SHARE_DENY_NONE. AWS Link

I was not able to find third-party clients that would circumvent this.

+3
source

I used a workaround. In my case, I just need access to the EFS share in the EC2 instance for the Windows 2016 server. Speed ​​/ bandwidth were not a problem.

I deployed an instance of t2.nano Linux / Ubuntu, installed the EFS share on this instance, and then installed the SMB share on the linux instance to serve the mounted EFS file system over the network.

After that, there was just a redirection of the network folder to disk in the EC2 instance of the Windows 2016 server.

Setting up the SMB share on a Linux / Ubuntu instance is pretty straight forward, as described in the Ubuntu docs here .

+4
source

Starting with the NFSv4.1 client made by people at CITI @University of Michigan , with a few relatively minor changes, you can get a working connection to the AWS EFS file system.

As @kafka points out: AWS EFS denies / fails when any client specifies an access OPEN4_SHARE_DENY_NONE value other than OPEN4_SHARE_DENY_NONE . Fortunately, CITI people discovered this as a possible problem and added a definition that when commenting would use OPEN4_SHARE_DENY_NONE only for the deny share value.

Once this definition is commented out, you need to recompile it for your system - it is relatively trivial if you use the Visual Studio and WDK versions specified in the readme file. One of them was that the self-signed certificate process should not use an outdated root agency certificate (since it is only 512-bit). Use certreq .

I am working to bring this knowledge into the CITI code plugin on Github . (I'm sure you either solved your problem or moved on, but good luck to the people who landed here from Google!)

+4
source

Amazon recently (November 2018) launched: Amazon FSx for Windows File Server

You can use Fsx for the Windows file system.

0
source

More articles:


All Articles