Supplemental NFS Datastore Option in AWS

10/09/2024 Contributors

After VMware Cloud is ready and connected to AWS VPC, you must deploy Amazon FSx ONTAP into a newly designated VPC rather than the original connected or existing default VPC.

To start, deploy an additional VPC in the same region and availability zone where SDDC resides, and then deploy Amazon FSx ONTAP into the new VPC. Configuration of an SDDC group in the VMware Cloud console enables the networking configuration options required to connect to the newly designated VPC where FSx ONTAP will be deployed.

Deploy FSx ONTAP in the same Availably Zone as VMware Cloud on AWS SDDC.

You cannot deploy FSx ONTAP in the Connected VPC. Instead, you must deploy it in a new, designated VPC and then connect the VPC to a VMware Managed Transit Gateway (vTGW) via SDDC groups.

Step 1: Create Amazon FSx ONTAP in a new, designated VPC

To create and mount the Amazon FSx ONTAP file system, complete the following steps:

Open the Amazon FSx console at https://console.aws.amazon.com/fsx/ and choose Create file system to start the File System Creation wizard.
On the Select File System Type page, select Amazon FSx ONTAP and then click Next. The Create File System page appears.

For the creation method, choose Standard Create.

Figure showing input/output dialog or representing written content

The datastore sizes vary quite a bit from customer to customer. Although the recommended number of virtual machines per NFS datastore is subjective, many factors determine the optimum number of VMs that can be placed on each datastore. Although most administrators only consider capacity, the amount of concurrent I/O being sent to the VMDKs is one of the most important factors for overall performance. Use performance statistics from on-premises to size the datastore volumes accordingly.

In the Networking section for Virtual Private Cloud (VPC), choose the appropriate VPC and preferred subnets along with the route table. In this case, Demo- FSxforONTAP-VPC is selected from the dropdown menu.

Make sure this is a new, designated VPC and not the connected VPC.

By default, FSx ONTAP uses 198.19.0.0/16 as the default endpoint IP address range for the file system. Make sure that the Endpoint IP address range does not conflict with the VMC on the AWS SDDC, associated VPC subnets and on-premises infrastructure. If you are unsure, use a non-overlapping range with no conflicts.

Figure showing input/output dialog or representing written content

In the Security & Encryption section for the encryption key, choose the AWS Key Management Service (AWS KMS) encryption key that protects the file system's data at rest. For the File System Administrative Password, enter a secure password for the fsxadmin user.
In the Default Storage Virtual Machine Configuration section, specify the name of the SVM.

As of GA, four NFS datastores are supported.

In the Default Volume Configuration section, specify the volume name and size required for datastore and click Next. This should be an NFSv3 volume. For Storage Efficiency, choose Enabled to turn on the ONTAP storage efficiency features (compression, deduplication, and compaction). After creation, use the shell to modify the volume parameters using volume modify as follows:

Setting	Configuration
Volume guarantee (Space Guarantee Style)	None (thin provisioned) – set by default
fractional_reserve (fractional-reserve)	0% – set by default
snap_reserve (percent-snapshot-space)	0%
Autosize (autosize-mode)	grow_shrink
Storage efficiency	Enabled – set by default
Autodelete	volume / oldest_first
Volume Tiering Policy	Snapshot only – set by default
try_first	Autogrow
Snapshot policy	None

Setting

Configuration

Volume guarantee (Space Guarantee Style)

None (thin provisioned) – set by default

fractional_reserve (fractional-reserve)

0% – set by default

snap_reserve (percent-snapshot-space)

Autosize (autosize-mode)

grow_shrink

Storage efficiency

Enabled – set by default

Autodelete

volume / oldest_first

Volume Tiering Policy

Snapshot only – set by default

try_first

Autogrow

Snapshot policy

None

Use the following SSH command to create and modify volumes:

Command to create new datastore volume from shell:

volume create -vserver FSxONTAPDatastoreSVM -volume DemoDS002 -aggregate aggr1 -size 1024GB -state online -tiering-policy snapshot-only -percent-snapshot-space 0 -autosize-mode grow -snapshot-policy none -junction-path /DemoDS002

Note: The volumes created via shell will take few minutes to show up in the AWS Console.

Command to modify volume parameters which are not set by default:

volume modify -vserver FSxONTAPDatastoreSVM -volume DemoDS002 -fractional-reserve 0
volume modify -vserver FSxONTAPDatastoreSVM -volume DemoDS002 -space-mgmt-try-first vol_grow
volume modify -vserver FSxONTAPDatastoreSVM -volume DemoDS002 -autosize-mode grow

Figure showing input/output dialog or representing written content

During initial migration scenario, the default snapshot policy can cause datastore capacity full issues. To overcome it, modify the snapshot policy to suit the needs.

Review the file system configuration shown on the Create File System page.
Click Create File System.

Repeat the previous steps to create more storage virtual machines or file systems and the datastore volumes according to the capacity and performance requirements.

To learn about Amazon FSx ONTAP performance, see Amazon FSx ONTAP performance.

Step 2: Create SDDC group

After the file systems and SVMs have been created, use VMware Console to create an SDDC group and to configure VMware Transit Connect. To do so, complete the following steps and remember that you must navigate between the VMware Cloud Console and the AWS Console.

Log into the VMC Console at https://vmc.vmware.com.
On the Inventory page, click SDDC Groups.
On the SDDC Groups tab, click ACTIONS and select Create SDDC Group. For demo purposes, the SDDC group is called FSxONTAPDatastoreGrp.
On the Membership grid, select the SDDCs to include as group members.
Verify that “Configuring VMware Transit Connect for your group will incur charges per attachment and data transfers” is checked, then select Create Group. The process can take a few minutes to complete.

Step 3: Configure VMware Transit connect

Attach the newly created designated VPC to the SDDC group. Select the External VPC tab and follow the instructions for attaching an External VPC to the group. This process can take 10-15 minutes to complete.
Click Add Account.
1. Provide the AWS account that was used to provision the FSx ONTAP file system.
2. Click Add.

Back in the AWS console, log into the same AWS account and navigate to the Resource Access Manager service page. There is a button for you to accept the resource share.

Figure showing input/output dialog or representing written content

As part of the external VPC process, you’ll be prompted via the AWS console to a new shared resource via the Resource Access Manager. The shared resource is the AWS Transit Gateway managed by VMware Transit Connect.

Click Accept resource share.
Back in the VMC Console, you now see that the External VPC is in an associated state. This can take several minutes to appear.

Step 4: Create transit gateway attachment

In the AWS Console, go to the VPC service page and navigate to the VPC that was used for provisioning the FSx file system. Here you create a transit gateway attachment by clicking Transit Gateway Attachment on the navigation pane on the right.
Under VPC Attachment, make sure that DNS Support is checked and select the VPC in which FSx ONTAP was deployed.
Click Create transit gateway attachment.
Back in the VMware Cloud Console, navigate back to SDDC Group > External VPC tab. Select the AWS account ID used for FSx and click the VPC and click Accept.

This option may take a several minutes to appear.
Then in the External VPC tab in the Routes column, click the Add Routes option and add in the required routes:
- A route for the floating IP range for Amazon FSx ONTAP floating IPs.
- A route for the newly created external VPC address space.

Step 5: Configure routing (AWS VPC and SDDC) and security groups

In the AWS Console, create the route back to the SDDC by locating the VPC in the VPC service page and select the main route table for the VPC.
Browse to the route table in the lower panel and click Edit routes.
In the Edit routes panel, click Add route and enter the CIDR for the SDDC infrastructure by selecting Transit Gateway, and the associated TGW ID. Click Save changes.
Next step is to verify that the security group in the associated VPC is updated with the correct inbound rules for the SDDC Group CIDR.
Update the inbound rule with the CIDR block of the SDDC infrastructure.

Verify that the VPC (where FSx ONTAP resides) route table is updated to avoid connectivity issues.

Update the security group to accept NFS traffic.

This is the final step in preparing the connectivity to the appropriate SDDC. With the file system configured, routes added, and security groups updated, it’s time to mount the datastore(s).

Step 6: Attach NFS volume as a datastore to SDDC cluster

After the file system is provisioned and the connectivity is in place, access VMware Cloud Console to mount the NFS datastore.

In the VMC Console, open the Storage tab of the SDDC.
Click ATTACH DATASTORE and fill in the required values.

NFS server address is the NFS IP address which can be found under the FSx > Storage virtual machines tab > Endpoints within AWS console.
Click ATTACH DATASTORE to attach the datastore to the cluster.
Validate the NFS datastore by accessing vCenter as shown below:

Supplemental NFS Datastore Option in AWS

Creating your file...