# Managing FSx for ONTAP file systems
A file system is the primary Amazon FSx resource, analogous to an on-premises ONTAP cluster. You specify the solid state drive (SSD) storage capacity and throughput capacity for your file system, and choose a virtual private cloud (VPC) in which to create the file system. Each file system has a management endpoint that you can use to manage resources and data with the ONTAP CLI or REST API.
## File system resources
An Amazon FSx for NetApp ONTAP file system is composed of the following primary resources:
+ The physical hardware of the file system itself, which includes the file servers and storage media.
+ One or more highly-available (HA) file server pairs, which host your storage virtual machines (SVMs). First-generation file systems and Multi-AZ second-generation file systems have one HA pair, and second-generation Single-AZ file systems have up to 12 HA pairs. Each HA pair has a storage pool called an aggregate. The collection of aggregates across all HA pairs makes up your SSD storage tier.
+ One or more SVMs that host the file system volumes and have their own credentials and access management.
+ One or more volumes that virtually organize your data and are mounted by your clients.
The following image illustrates the architecture of a first-generation FSx for ONTAP file system with one HA pair, and the relationship between its primary resources. The FSx for ONTAP file system on the left is the simplest file system, with one SVM and one volume. The file system on the right has multiple SVMs, with some SVMs having multiple volumes. File systems and SVMs each have multiple management endpoints, and SVMs also have data access endpoints.
![\[The architecture of FSx for ONTAP file systems\]](http://docs.aws.amazon.com/fsx/latest/ONTAPGuide/images/ontap-file-system-structure.png)
When creating an FSx for ONTAP file system, you define the following properties:
+ **Deployment type** – The deployment type of your file system (Multi-AZ or Single-AZ). Single-AZ file systems replicate your data and offer automatic failover within a single Availability Zone. First-generation Single-AZ file systems support one HA pair. Second-generation Single-AZ file systems support up to 12 HA pairs. Multi-AZ file systems provide added resiliency by also replicating your data and supporting failover across multiple Availability Zones within the same AWS Region. First-generation and second-generation Multi-AZ file systems both support one HA pair.
**Note**
You can't change your file system's deployment type after creation. If you want to change the deployment type (for example, to move from Single-AZ 1 to Single-AZ 2), you can back up your data and restore it on a new file system. You can also migrate your data with NetApp SnapMirror, with AWS DataSync, or with a third-party data copying tool. For more information, see [Migrating to FSx for ONTAP using NetApp SnapMirror](migrating-fsx-ontap-snapmirror.md) and [Migrating to FSx for ONTAP using AWS DataSync](migrate-files-to-fsx-datasync.md).
+ **Storage capacity** – This is the amount of SSD storage, up to 192 tebibytes (TiB) for first-generation file systems, 512 TiB for second-generation Multi-AZ file systems, and 1 pebibyte (PiB) for second-generation Single-AZ file systems.
+ **SSD IOPS** – By default, each gigabyte of SSD storage includes three SSD IOPS (up to the maximum supported by your file system configuration). You can optionally provision additional SSD IOPS as needed.
+ **Throughput capacity** – The sustained speed at which the file server can serve data.
+ **Networking** – The VPC and subnets for the management and data access endpoints that your file system creates. For a Multi-AZ file system, you also define an IP address range and route tables.
+ **Encryption** – The AWS Key Management Service (AWS KMS) key that's used to encrypt the file system data at rest.
+ **Administrative access** – You can specify the password for the `fsxadmin` user. You can use this user to administer the file system by using the NetApp ONTAP CLI and REST API.
You can manage FSx for ONTAP file systems by using the NetApp ONTAP CLI or REST API. You can also set up SnapMirror or SnapVault relationships between an Amazon FSx file system and another ONTAP deployment (including another Amazon FSx file system). Each FSx for ONTAP file system has the following file system endpoints that provide access to NetApp applications:
+ **Management** – Use this endpoint to access the NetApp ONTAP CLI over Secure Shell (SSH), or to use the NetApp ONTAP REST API with your file system.
+ **Intercluster** – Use this endpoint when setting up replication using NetApp SnapMirror or caching using NetApp FlexCache.
For more information, see [Managing FSx for ONTAP resources using NetApp applications](managing-resources-ontap-apps.md) and [Replicating your data using NetApp SnapMirror](scheduled-replication.md).
# Creating file systems
This section describes how to create an FSx for ONTAP file system using the Amazon FSx console, AWS CLI, or the Amazon FSx API. You can create a file system in a virtual private cloud (VPC) that you own, or in a VPC that another AWS account has shared with you. There are considerations when creating a Multi-AZ file system in a VPC in which you are a participant. These considerations are explained in this topic.
By default, when you create a new file system from the Amazon FSx console, Amazon FSx automatically creates a file system with a single storage virtual machine (SVM) and one volume, allowing for quick access to data from Linux instances over the Network File System (NFS) protocol. When creating the file system, you can optionally join the SVM to an Active Directory to enable access from Windows and macOS clients over the Server Message Block (SMB) protocol. After your file system is created, you can create additional SVMs and volumes as needed.
## To create a file system (console)
This procedure uses the **Standard create** creation option to create an FSx for ONTAP file system with a configuration that you customize for your needs. For information about using the **Quick create** creation option to rapidly create a file system with a default set of configuration parameters, see [Create an Amazon FSx for NetApp ONTAP file system](getting-started.md#getting-started-step1).
1. Open the Amazon FSx console at [https://console.aws.amazon.com/fsx/](https://console.aws.amazon.com/fsx/).
1. On the dashboard, choose **Create file system**.
1. On the **Select file system type** page, for **File system options**, choose **Amazon FSx for NetApp ONTAP**, and then choose **Next**.
1. In the **Creation method** section, choose **Standard create**.
1. In the **File system details** section, provide the following information:
+ For **File system name - optional**, enter a name for your file system. It's easier to find and manage your file systems when you name them. You can use a maximum of 256 Unicode letters, white space, and numbers, plus these special characters: \$1 - = . \$1 : /
+ For **Deployment type** choose **Multi-AZ 2**, **Single-AZ 2**, **Multi-AZ 1**, or **Single-AZ 1**.
+ **Multi-AZ** file systems replicate your data and support failover across multiple Availability Zones in the same AWS Region. Multi-AZ 1 is a first-generation FSx for ONTAP file system. Multi-AZ 2 is a second-generation file system. They both support one high-availability (HA) pair.
+ **Single-AZ** file systems replicate your data and offer automatic failover within a single Availability Zone. Single-AZ 1 is a first-generation FSx for ONTAP file system that supports one HA pair. Single-AZ 2 is a second-generation file system that supports up to 12 HA pairs. For more information, see [Managing high-availability (HA) pairs](HA-pairs.md).
For more information about deployment types, see [Availability, durability, and deployment options](high-availability-AZ.md).
**Note**
You can't change your file system's deployment type after creation. If you want to change the deployment type (for example, to move from Single-AZ 1 to Single-AZ 2), you can back up your data and restore it on a new file system. You can also migrate your data with NetApp SnapMirror, with AWS DataSync, or with a third-party data copying tool. For more information, see [Migrating to FSx for ONTAP using NetApp SnapMirror](migrating-fsx-ontap-snapmirror.md) and [Migrating to FSx for ONTAP using AWS DataSync](migrate-files-to-fsx-datasync.md).
+ For **SSD storage capacity**, enter the storage capacity of your file system, in gibibytes (GiB). Enter any whole number in the range of 1,024–1,048,576 GiB (up to 1 pebibyte [PiB]).
You can increase the amount of storage capacity as needed at any time after you create the file system. For more information, see [Managing storage capacity](managing-storage-capacity.md).
+ For **Provisioned SSD IOPS**, you have two options to provision the number of IOPS for your file system:
+ Choose **Automatic** (the default) if you want Amazon FSx to automatically provision 3 IOPS per GiB of SSD storage.
+ Choose **User-provisioned** if you want to specify the number of IOPS. You can provision a maximum of 200,000 SSD IOPS per file system.
**Note**
You can increase your provisioned SSD IOPS after you create the file system. Keep in mind that the maximum level of SSD IOPS your file system can achieve is also dictated by your file system's throughput capacity even when provisioning additional SSD IOPS. For more information, see [Impact of throughput capacity on performance](performance.md#impact-throughput-cap-performance) and [Managing storage capacity](managing-storage-capacity.md).
+ For **Throughput capacity**, you have two options for determining your throughput capacity in megabytes per second (MBps):
+ Choose **Recommended throughput capacity** if you want Amazon FSx to automatically choose the throughput capacity based on the amount of storage capacity that you chose.
+ Choose **Specify throughput capacity** if you want to specify the amount of throughput capacity. If you choose this option, a **Throughput capacity** dropdown appears and is populated based on the deployment type that you chose. You can also choose the number of HA pairs (up to 12). For more information, see [Managing high-availability (HA) pairs](HA-pairs.md).
Throughput capacity is the sustained speed at which the file server that hosts your file system can serve data. For more information, see [Amazon FSx for NetApp ONTAP performancePerformance](performance.md).
1. In the **Networking** section, provide the following information:
+ For **Virtual Private Cloud (VPC)**, choose the VPC that you want to associate with your file system.
+ For **VPC Security Groups**, you can choose a security group to associate with your file system's network interface. If you don't specify one, Amazon FSx will associate the VPC's default security group with your file system.
+ (Multi-AZ only) For **Preferred subnet**, choose any value from the list of available subnets. Also choose a **Standby subnet** for the standby file server.
+ (Single-AZ only) For **Subnet**, choose any value from the list of available subnets.
+ (Multi-AZ only) For **VPC route tables**, specify the VPC route tables to create your file system's endpoints. Select all VPC route tables associated with the subnets in which your clients are located. By default, Amazon FSx selects your VPC's default route table. For more information, see [Accessing data from outside the deployment VPC](supported-fsx-clients.md#access-from-outside-deployment-vpc).
**Note**
Amazon FSx manages these route tables for Multi-AZ file systems using tag-based authentication. These route tables are tagged with `Key: AmazonFSx; Value: ManagedByAmazonFSx`. When creating FSx for ONTAP Multi-AZ file systems using CloudFormation we recommend that you add the `Key: AmazonFSx; Value: ManagedByAmazonFSx` tag manually.
+ For **Network type**, select either **IPv4** (for only IPv4 support) or **Dual-stack** (for both IPv4 and IPv6 support). You can change the network type of an existing file system at any time. For more information, see [Changing network typeTo change a file system's network type (console)](manage-network-type.md#change-network-type).
**Note**
If you intend to create an FSx for ONTAP file system that uses dual-stack mode, you must first assign an Amazon-provided IPv6 CIDR block to your VPC and subnets. For more information, see [Add IPv6 support for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6-add.html) in the *Amazon Virtual Private Cloud User Guide*.
+ (Multi-AZ only) **Endpoint IPv4 address range** specifies the IPv4 address range in which the endpoints to access your file system are created.
You have three options for the endpoint IPv4 address range:
+ **Unallocated IPv4 address range from your VPC** – Amazon FSx chooses the last 64 IP addresses from the VPC’s primary CIDR range to use as the endpoint IPv4 address range for the file system. This range is shared across multiple file systems if you choose this option multiple times.
**Note**
This option is grayed out if any of the last 64 IP addresses in a VPC's primary CIDR range are in use by a subnet. In this case, you can still choose an in-VPC address range (that is, a range that's not at the end of your primary CIDR range or a range that's in a secondary CIDR of your VPC) by choosing the **Enter an IP address range** option.
+ **Floating IPv4 address range outside your VPC** – Amazon FSx chooses a 198.19.x.0/24 address range that isn't already used by any other file systems with the same VPC and route tables.
+ **Enter an IPv4 address range** – You can provide a CIDR range of your own choosing. The IPv4 address range that you choose can either be inside or outside the VPC’s IP address range, as long as it doesn't overlap with any subnet.
**Note**
Do not choose any range that falls within the following CIDR ranges, as they are incompatible with FSx for ONTAP:
0.0.0.0/8
127.0.0.0/8
198.19.0.0/20
224.0.0.0/4
240.0.0.0/4
255.255.255.255/32
+ (Multi-AZ and dual-stack only) **Endpoint IPv6 address range** specifies the IPv6 address range in which the endpoints to access your file system are created. You have two options for the endpoint IPv6 address range:
+ **Unallocated IPv6 address range from your VPC** – Amazon FSx chooses a block of 1024 available IPv6 addresses from one of the VPC’s IPv6 CIDR ranges to use as the endpoint IPv6 address range for the file system.
+ **Enter an IPv6 address range** – You can provide an IPv6 CIDR range of your own choosing. The IPv6 address range that you choose can either be inside or outside the VPC’s IPv6 address range, as long as it doesn't overlap with any subnet.
1. In the **Encryption** section, for **Encryption key**, choose the AWS Key Management Service (AWS KMS) encryption key that protects your file system's data at rest.
1. For **File system administrative password**, enter a secure password for the `fsxadmin` user. Confirm the password.
You can use the `fsxadmin` user to administer your file system using the ONTAP CLI and REST API. For more information about the `fsxadmin` user, see [Managing file systems with the ONTAP CLI](managing-resources-ontap-apps.md#fsxadmin-ontap-cli).
1. In the **Default storage virtual machine configuration** section, provide the following information:
+ In the **Storage virtual machine name** field, provide a name for the storage virtual machine. You can use a maximum of 47 alphanumeric characters, plus the underscore (\$1) special character.
+ For **SVM administrative password**, you can optionally choose **Specify a password** and provide a password for the SVM's `vsadmin` user. You can use the `vsadmin` user to administer the SVM using the ONTAP CLI or REST API. For more information about the `vsadmin` user, see [Managing SVMs with the ONTAP CLI](managing-resources-ontap-apps.md#vsadmin-ontap-cli).
If you choose **Don't specify a password** (the default), you can still use the file system's `fsxadmin` user to manage your file system using the ONTAP CLI or REST API, but you can't use your SVM's `vsadmin` user to do the same.
+ For **Volume security style**, choose between **Unix (Linux)** and ** NTFS** for the volume. For more information, see [Volume security style](managing-volumes.md#volume-security-style).
+ In the **Active Directory** section, you can join an Active Directory to the SVM. For more information, see [Working with Microsoft Active Directory in FSx for ONTAP](ad-integration-ontap.md).
If you don't want to join your SVM to an Active Directory, choose **Do not join an Active Directory**.
If you want to join your SVM to a self-managed Active Directory domain, choose **Join an Active Directory**, and provide the following details for your Active Directory:
+ The NetBIOS name of the Active Directory computer object to create for your SVM. The NetBIOS name cannot exceed 15 characters.
+ The fully qualified domain name of your Active Directory. The domain name cannot exceed 255 characters.
+ **DNS server IP addresses** – The IPv4 or IPv6 addresses of the Domain Name System (DNS) servers for your domain.
+ **Service account credentials** – Choose how to provide your service account credentials:
+ **Option 1**: AWS Secrets Manager secret ARN - The secret containing the username and password for a service account on your Active Directory domain. For more information, see [Storing Active Directory credentials using AWS Secrets Manager](self-managed-AD-best-practices.md#bp-store-ad-creds-using-secret-manager).
+ **Option 2**: Plaintext credentials
+ **Service account username** – The user name of the service account in your existing Microsoft Active Directory. Don't include a domain prefix or suffix. For example, for `EXAMPLE\ADMIN`, use only `ADMIN`.
+ **Service account password** – The password for the service account.
+ **Confirm password** – The password for the service account.
+ (Optional) **Organizational Unit (OU)** – The distinguished path name of the organizational unit to which you want to join your file system.
+ **Delegated file system administrators group** – The name of the group in your Active Directory that can administer your file system.
If you are using AWS Managed Microsoft AD, you need to specify a group such as AWS Delegated FSx Administrators, AWS Delegated Administrators, or a custom group with delegated permissions to the OU.
If you are joining to a self-managed AD, use the name of the group in your AD. The default group is `Domain Admins`.
1. In the **Default volume configuration** section, provide the following information for the default volume that is created with your file system:
+ In the **Volume name** field, provide a name for the volume. You can use up to 203 alphanumeric or underscore (\$1) characters.
+ (File systems with one HA pair only) For **Volume style**, choose either **FlexVol** or **FlexGroup**. FlexVol volumes are general-purpose volumes that can be up to 300 tebibytes (TiB) in size. FlexGroup volumes are intended for high-performance workloads and can be up to 20 PiB in size.
+ For **Volume size**, enter any whole number in the range of 20–314,572,800 mebibytes (MiB) for FlexVol volumes or 800 gibibytes (GiB)–2,400 TiB per HA pair for FlexGroup volumes. For example, a file system with 12 HA pairs would have a minimum volume size of 9,600 GiB and a maximum size of 20,480 TiB.
+ For **Volume type**, choose **Read-Write (RW)** to create a volume that is readable and writable or **Data Protection (DP)** to create a volume that is read-only and can be used as the destination of a NetApp SnapMirror or SnapVault relationship. For more information, see [Volume types](managing-volumes.md#volume-types).
+ For **Junction path**, enter a location within the file system to mount the volume. The name must have a leading forward slash, for example `/vol3`.
+ For **Storage efficiency**, choose **Enabled** to enable the ONTAP storage-efficiency features (deduplication, compression, and compaction). For more information, see [Storage efficiency](managing-storage-capacity.md#storage-efficiency).
+ For **Snapshot policy**, choose a snapshot policy for the volume. For more information about snapshot policies, see [Snapshot policies](snapshots-ontap.md#snapshot-policies).
If you choose **Custom policy**, you must specify the policy's name in the **custom-policy** field. The custom policy must already exist on the SVM or in the file system. You can create a custom snapshot policy with the ONTAP CLI or REST API. For more information, see [Create a Snapshot Policy](https://docs.netapp.com/us-en/ontap/data-protection/create-snapshot-policy-task.html) in the NetApp ONTAP Product Documentation.
1. In the **Default volume storage tiering** section, for **Capacity pool tiering policy**, choose the storage pool tiering policy for the volume, which can be **Auto** (the default), **Snapshot Only**, **All**, or **None**. For more information about capacity pool tiering policies, see [Volume tiering policies](volume-storage-capacity.md#data-tiering-policy).
For **Tiering policy cooling period**, if you have set storage tiering to either `Auto` and `Snapshot-only` policies.valid values are 2-183 days. A volume's tiering policy cooling period defines the number of days before data that has not been accessed is marked cold and moved to capacity pool storage.
1. In the **Default Volume SnapLock Configuration** section, for **SnapLock Configuration**, choose between **Enabled** and **Disabled**. For more information about configuring a SnapLock Compliance volume or a SnapLock Enterprise volume, see [Understanding SnapLock Compliance](snaplock-compliance.md) and [Understanding SnapLock Enterprise](snaplock-enterprise.md). For more information about SnapLock, see [Protecting your data with SnapLock](snaplock.md).
1. In **Backup and maintenance - *optional***, you can set the following options:
+ For **Daily automatic backup**, choose **Enabled** for automatic daily backups. This option is enabled by default.
+ For **Daily automatic backup window**, set the time of the day in Coordinated Universal Time (UTC) that you want the daily automatic backup window to start. The window is 30 minutes starting from this specified time. This window can't overlap with the weekly maintenance backup window.
+ For **Automatic backup retention period**, set a period from 1–90 days that you want to retain automatic backups.
+ For **Weekly maintenance window**, you can set the time of the week that you want the maintenance window to start. Day 1 is Monday, 2 is Tuesday, and so on. The window is 30 minutes starting from this specified time. This window can't overlap with the daily automatic backup window.
1. For **Tags - *optional***, you can enter a key and value to add tags to your file system. A tag is a case-sensitive key-value pair that helps you manage, filter, and search for your file system.
Choose **Next**.
1. Review the file system configuration shown on the **Create file system** page. For your reference, note which file system settings you can modify after the file system is created.
1. Choose **Create file system**.
## To create a file system (CLI)
+ To create an FSx for ONTAP file system, use the [create-file-system](https://docs.aws.amazon.com/cli/latest/reference/fsx/create-file-system.html) CLI command (or the equivalent [CreateFileSystem](https://docs.aws.amazon.com/fsx/latest/APIReference/API_CreateFileSystem.html) API operation), as shown in the following example.
**Note**
You can't change your file system's deployment type after creation. If you want to change the deployment type (for example, to move from Single-AZ 1 to Single-AZ 2), you can back up your data and restore it on a new file system. You can also migrate your data with NetApp SnapMirror, with AWS DataSync, or with a third-party data copying tool. For more information, see [Migrating to FSx for ONTAP using NetApp SnapMirror](migrating-fsx-ontap-snapmirror.md) and [Migrating to FSx for ONTAP using AWS DataSync](migrate-files-to-fsx-datasync.md).
```
aws fsx create-file-system \
--file-system-type ONTAP \
--storage-capacity 1024 \
--storage-type SSD \
--security-group-ids security-group-id \
--subnet-ids subnet-abcdef1234567890b subnet-abcdef1234567890c \
--ontap-configuration DeploymentType=MULTI_AZ_1,
ThroughputCapacity=512,PreferredSubnetId=subnet-abcdef1234567890b
```
After successfully creating the file system, Amazon FSx returns the file system's description in JSON format as shown in the following example.
```
{
"FileSystem": {
"OwnerId": "111122223333",
"CreationTime": 1625066825.306,
"FileSystemId": "fs-0123456789abcdef0",
"FileSystemType": "ONTAP",
"Lifecycle": "CREATING",
"StorageCapacity": 1024,
"StorageType": "SSD",
"VpcId": "vpc-11223344556677aab",
"SubnetIds": [
"subnet-abcdef1234567890b",
"subnet-abcdef1234567890c"
],
"KmsKeyId": "arn:aws:kms:us-east-1:111122223333:key/wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
"ResourceARN": "arn:aws:fsx:us-east-1:111122223333:file-system/fs-0123456789abcdef0",
"Tags": [],
"OntapConfiguration": {
"DeploymentType": "MULTI_AZ_HA_1",
"EndpointIpAddressRange": "198.19.0.0/24",
"Endpoints": {
"Management": {
"DnsName": "management.fs-0123456789abcdef0.fsx.us-east-1.amazonaws.com"
},
"Intercluster": {
"DnsName": "intercluster.fs-0123456789abcdef0.fsx.us-east-1.amazonaws.com"
}
},
"DiskIopsConfiguration": {
"Mode": "AUTOMATIC",
"Iops": 3072
},
"PreferredSubnetId": "subnet-abcdef1234567890b",
"RouteTableIds": [
"rtb-abcdef1234567890e",
"rtb-abcd1234ef567890b"
],
"ThroughputCapacity": 512,
"WeeklyMaintenanceStartTime": "4:10:00"
}
}
}
```
**Note**
Unlike the process of creating a file system in the console, the `create-file-system` CLI command and the `CreateFileSystem` API operation don't create a default SVM or volume. To create an SVM, see [Creating storage virtual machines (SVM)](creating-svms.md); to create a volume, see [Creating volumes](creating-volumes.md).
## Creating FSx for ONTAP file systems in shared subnets
VPC sharing enables multiple AWS accounts to create resources into shared, centrally-managed virtual private clouds (VPCs). In this model, the account that owns the VPC (owner) shares one or more subnets with other accounts (participants) that belong to the same organization from AWS Organizations.
Participant accounts can create FSx for ONTAP Single-AZ and Multi-AZ file systems in a VPC subnet that the owner account has shared with them. For a participant account to create a Multi-AZ file system, the owner account also needs to grant Amazon FSx permission to modify route tables in the shared subnets on behalf of the participant account. For more information, see [Managing shared VPC support for Multi-AZ file systems](#maz-shared-vpc).
**Note**
It is the participant account’s responsibility to coordinate with the VPC owner to prevent the creation of any subsequent VPC subnets that will overlap with the in-VPC CIDR of the participant's file systems. If subnets do overlap, traffic to the file system can get interrupted.
### Shared subnet requirements and considerations
When creating FSx for ONTAP file systems into shared subnets, note the following:
+ The owner of the VPC subnet must share a subnet with a participant account before that account can create an FSx for ONTAP file system in it.
+ You can't launch resources using the default security group for the VPC because it belongs to the owner. Additionally, participant accounts can't launch resources using security groups that are owned by other participants or the owner.
+ In a shared subnet, the participant and the owner separately controls the security groups within each respective account. The owner account can see security groups that are created by the participants, but cannot perform any actions on them. If the owner account wants to remove or modify these security groups, the participant that created the security group must take the action.
+ Participant accounts can view, create, modify, and delete Single-AZ file systems and their associated resources in subnets that the owner account has shared with them.
+ Participant accounts can create, view, modify, and delete Multi-AZ file systems and their associated resources in subnets that the owner account has shared with them. Additionally, the owner account must also grant the Amazon FSx service permissions to modify route tables in the shared subnets on behalf of the participants account. For more information, see [Managing shared VPC support for Multi-AZ file systems](#maz-shared-vpc)
+ The shared VPC owner cannot view, modify, or delete resources that a participant creates in the shared subnet. This is in addition to the VPC resources that each account has different access to. For more information, see [Responsibilities and permissions for owners and participants](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html#vpc-share-limitations) in the Amazon VPC User Guide.
For more information, see [Share your VPC with other accounts](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html) in the Amazon VPC User Guide.
#### When sharing a VPC subnet
When sharing your subnets with participant accounts that will be creating FSx for ONTAP file systems in the shared subnets, you will need to do the following:
+ The VPC owner needs to use AWS Resource Access Manager to securely share VPCs and subnets with other AWS accounts. For more information, see [ Sharing your AWS resources](https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html#getting-started-sharing-orgs) in the AWS Resource Access Manager User Guide.
+ The VPC owner needs to share one or more VPCs with a participant account. For more information, see [Share your VPC with other accounts](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html) in the Amazon Virtual Private Cloud User Guide.
+ For participant accounts to create FSx for ONTAP Multi-AZ file systems, the VPC owner must also grant the Amazon FSx service permissions to create and modify route tables in the shared subnets on behalf of the participant accounts. This is because FSx for ONTAP Multi-AZ file systems use floating IP addresses so that connected clients can seamlessly transition between the preferred and standby file servers during a failover event. When a failover event occurs, Amazon FSx updates all routes in all route tables associated with the file system to point to the currently active file server.
#### Managing shared VPC support for Multi-AZ file systems
Owner accounts can manage whether or not participant accounts can create Multi-AZ FSx for ONTAP file systems in VPC subnets that the owner has shared with participants using the AWS Management Console, AWS CLI, and API, as described in the following sections.
**To manage VPC sharing for Multi-AZ file systems (console)**
Open the Amazon FSx console at [https://console.aws.amazon.com/fsx/](https://console.aws.amazon.com/fsx/).
1. In the navigation pane, choose **Settings**.
1. Locate the **Multi-AZ shared VPC settings** on the **Settings** page.
+ To enable VPC sharing for Multi-AZ file systems in VPC subnets that you share, choose **Enable route table updates from participant accounts**.
+ To disable VPC sharing for Multi-AZ file systems in all VPCs that you own, choose **Disable route table updates from participant accounts**. The confirmation screen is displayed.
**Important**
We strongly recommend that participant-created Multi-AZ file systems in the shared VPC are deleted before you disable this feature. Once the feature is disabled, these file systems will enter a `MISCONFIGURED` state and will be at risk of becoming unavailable.
1. Enter **confirm** and choose **Confirm** to disable the feature.
**To manage VPC sharing for Multi-AZ file systems (AWS CLI)**
1. To view the current setting for Multi-AZ VPC sharing, use the [describe-shared-vpc-configuration](https://docs.aws.amazon.com/cli/latest/reference/fsx/describe-shared-vpc-configuration) CLI command, or the equivalent [DescribeSharedVpcConfiguration](https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeSharedVpcConfiguration.html) API command, shown as follows:
```
$ aws fsx describe-shared-vpc-configuration
```
The service responds to a successful request as follows:
```
{
"EnableFsxRouteTableUpdatesFromParticipantAccounts": "false"
}
```
1. To manage the Multi-AZ shared VPC configuration, use the [update-shared-vpc-configuration](https://docs.aws.amazon.com/cli/latest/reference/fsx/update-shared-vpc-configuration) CLI command, or the equivalent [UpdateSharedVpcConfiguration](https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateSharedVpcConfiguration.html) API command. The following example enables VPC sharing for Multi-AZ file systems.
```
$ aws fsx update-shared-vpc-configuration --enable-fsx-route-table-updates-from-participant-accounts true
```
The service responds to a successful request as follows:
```
{
"EnableFsxRouteTableUpdatesFromParticipantAccounts": "true"
}
```
1. To disable the feature, set `EnableFsxRouteTableUpdatesFromParticipantAccounts` to `false`, as shown in the following example.
```
$ aws fsx update-shared-vpc-configuration --enable-fsx-route-table-updates-from-participant-accounts false
```
The service responds to a successful request as follows:
```
{
"EnableFsxRouteTableUpdatesFromParticipantAccounts": "false"
}
```
# Updating file systems
This topic explains which properties of an existing file system that you can update, and provides procedures to do so using the Amazon FSx console and CLI. You can update the following FSx for ONTAP file system properties using the Amazon FSx console, AWS CLI, and API:
+ **Automatic daily backups**. Turns automatic daily backups on or off, modifies the backup window and the backup retention period. For more information, see [Automatic daily backups](using-backups.md#automatic-backups).
+ **Weekly maintenance window**. Sets the day of the week and time that Amazon FSx performs file system maintenance and updates. For more information, see [Optimizing performance with Amazon FSx maintenance windows](maintenance-windows.md).
+ **File system administrative password**. Changes the password for the file system's `fsxadmin` user. You can use the `fsxadmin` user to administer your file system using the ONTAP CLI and REST API. For more information about the `fsxadmin` user, see [Managing file systems with the ONTAP CLI](managing-resources-ontap-apps.md#fsxadmin-ontap-cli).
+ **Amazon VPC route tables**. With Multi-AZ FSx for ONTAP file systems, the endpoints you use to access data over NFS or SMB and the management endpoints to access the ONTAP CLI, API, and NetApp Console use floating IP addresses in the Amazon VPC route tables that you associate with your file system. You can associate new route tables that you create with your existing Multi-AZ file systems—allowing you to configure which clients can access your data even as your network evolves. You can also disassociate (remove) existing route tables from your file system.
**Note**
Amazon FSx manages VPC route tables for Multi-AZ file systems using tag-based authentication. These route tables are tagged with `Key: AmazonFSx; Value: ManagedByAmazonFSx`. When creating or updating FSx for ONTAP Multi-AZ file systems using CloudFormation we recommend that you add the `Key: AmazonFSx; Value: ManagedByAmazonFSx` tag manually.
## To update a file system (console)
The following procedures provide you with instructions on how to make updates to an existing FSx for ONTAP file system using the AWS Management Console.
**To update automatic daily backups**
1. Open the Amazon FSx console at [https://console.aws.amazon.com/fsx/](https://console.aws.amazon.com/fsx/).
1. To display the file system details page, in the left navigation pane, choose **File systems**, and then choose the FSx for ONTAP file system that you want to update.
1. Choose the **Backups** tab in the second panel on the page.
1. Choose **Update**.
1. Modify the automatic daily backup settings for this file system.
1. Choose **Save** to save your changes.
**To update the weekly maintenance window**
1. Open the Amazon FSx console at [https://console.aws.amazon.com/fsx/](https://console.aws.amazon.com/fsx/).
1. To display the file system details page, in the left navigation pane, choose **File systems**, and then choose the FSx for ONTAP file system that you want to update.
1. Choose the **Administration** tab in the second panel on the page.
1. In the **Maintenance** pane, choose **Update**.
1. Modify when the weekly maintenance window occurs for this file system.
1. Choose **Save** to save your changes.
**To change the file system administrative password**
1. Open the Amazon FSx console at [https://console.aws.amazon.com/fsx/](https://console.aws.amazon.com/fsx/).
1. To display the file system details page, in the left navigation pane, choose **File systems**, and then choose the FSx for ONTAP file system that you want to update.
1. Choose the **Administration** tab.
1. In the **ONTAP administration** panel, choose **Update** under **ONTAP administrator password**.
1. In the **Update ONTAP administrator credentials** dialog box, enter a new password in the **ONTAP administrative password** field.
1. Use the **Confirm password** field to confirm the password.
1. Choose **Update credentials** to save your change.
**Note**
If you receive an error stating that the new password does not meet the password requirements, you can use the [https://docs.netapp.com/us-en/ontap-cli-9141/security-login-role-config-show.html#description](https://docs.netapp.com/us-en/ontap-cli-9141/security-login-role-config-show.html#description) ONTAP CLI command to view the password requirement settings on the file system. For more information, including instructions on how to change password setting, see [Updating the `fsxadmin` account password fails](updating-admin-password.md).
**To update VPC route tables on Multi-AZ file systems**
1. Open the Amazon FSx console at [https://console.aws.amazon.com/fsx/](https://console.aws.amazon.com/fsx/).
1. To display the file system details page, in the left navigation pane, choose **File systems**, and then choose the FSx for ONTAP file system that you want to update.
1. For **Actions**, choose **Update file system > Update route tables**. Or, in the **Network & security** panel, choose **Manage** next to the file system's **Route tables**.
1. In the **Manage route tables** dialog box. do one of the following:
+ To associate a new VPC route table, select a route table from the **Associate new route tables** dropdown list, and then choose **Associate**.
+ To disassociate an existing VPC route table, select a route table from the **Current route tables** pane, and then choose **Disassociate**.
1. Choose **Close**.
## To update a file system (CLI)
The following procedure illustrates how to make updates to an existing FSx for ONTAP file system using the AWS CLI.
1. To update the configuration of an FSx for ONTAP file system, use the [update-file-system](https://docs.aws.amazon.com/cli/latest/reference/fsx/update-file-system.html) CLI command (or the equivalent [UpdateFileSystem](https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html) API operation), as shown in the following example.
```
aws fsx update-file-system \
--file-system-id fs-0123456789abcdef0 \
--ontap-configuration AutomaticBackupRetentionDays=30,DailyAutomaticBackupStartTime=01:00, \
WeeklyMaintenanceStartTime=1:01:30,AddRouteTableIds=rtb-0123abcd, \
FsxAdminPassword=new-fsx-admin-password
```
1. To disable automatic daily backups, set the `AutomaticBackupRetentionDays` property to 0.
```
aws fsx update-file-system \
--file-system-id fs-0123456789abcdef0 \
--ontap-configuration AutomaticBackupRetentionDays=0
```
# Managing high-availability (HA) pairs
Each FSx for ONTAP file system is powered by one or more high-availability (HA) pairs of file servers in an active-standby configuration. In this configuration, there is a preferred file server that actively serves traffic and a secondary file server that takes over if the active server is unavailable. FSx for ONTAP first-generation file systems are powered by one HA pair, which delivers up to 4 GBps of throughput capacity and 160,000 SSD IOPs. FSx for ONTAP second-generation Multi-AZ file systems are powered by one HA pair as well, and they deliver up to 6 GBps of throughput capacity and 200,000 SSD IOPS. FSx for ONTAP second-generation Single-AZ file systems are powered by up to 12 HA pairs, which can deliver up to 72 GBps of throughput capacity and 2,400,000 SSD IOPS (6 GBps of throughput capacity and 200,000 SSD IOPS per HA pair).
When you create your file system from the Amazon FSx console, Amazon FSx recommends the number of HA pairs that you should use based on your desired SSD storage. You can also manually choose the number of HA pairs based on your workload and performance requirements. We recommend that you use a single HA pair if your file system requirements are satisfied by up to 6 GBps of throughput capacity and 200,000 SSD IOPs, and multiple HA pairs if your workloads need higher levels of performance scalability.
Each HA pair has one aggregate, which is a logical set of physical disks.
**Note**
You can add HA pairs to second-generation Single-AZ file systems. For more information, see [Adding high-availability (HA) pairs](adding-HA-pairs.md). Otherwise, you can migrate data between file systems (with different HA pairs) using SnapMirror, AWS DataSync, or by restoring your data from a backup to a new file system.
# Adding high-availability (HA) pairs
FSx for ONTAP file systems are composed of one or more HA pairs of file servers. First-generation file systems and second-generation Multi-AZ file systems support one HA pair whereas second-generation Single-AZ file systems support up to 12 HA pairs. You can also add more HA pairs after creating a second-generation Single-AZ file system (up to the maximum of 12). Adding HA pairs isn't disruptive and typically takes only a few minutes to complete.
Consider the following points when adding HA pairs to your file system:
+ Adding HA pairs to your file system introduces new file servers with their own storage (or aggregate). The new HA pairs have the same throughput capacity and storage capacity as your file system's existing HA pairs. For example, assume that your file system has two HA pairs with a total of 12 GBps of throughput capacity and 2 tebibytes (TiB) of SSD storage. If you add one new HA pair, then your file system will have 18 GBps of throughput capacity and 3 TiB of SSD storage.
+ To benefit from the additional performance of the new HA pairs, you need to move some of your existing volumes to the new HA pairs and remount clients to connect to them. For more information, see [Balancing workloads across HA pairs](monitor-workload-balance.md).
+ You can't modify your file system's throughput capacity, SSD storage capacity, or provisioned SSD IOPS when adding HA pairs or while an update to add HA pairs is in progress.
+ You can't remove HA pairs after you add them. We recommend scaling the throughput capacity of your file system if you need more performance temporarily (assuming that your file system isn't at the highest throughput capacity). This increases the throughput capacity of your file system's existing HA pairs.
+ The iSCSI protocol is available on file systems that have six or fewer high-availability pairs (HA pairs). The NVMe/TCP protocol is available on second-generation file systems that have six or fewer HA pairs. For more information, see [Accessing your FSx for ONTAP data](supported-fsx-clients.md).
+ When you add new HA pairs to your file system, the NVMe cache is enabled by default for the new file system nodes. We recommend disabling it for throughput-heavy workloads. For more information, see [Managing the NVMe cache](nvme-cache.md).
**To add HA pairs**
1. Open the Amazon FSx console at [https://console.aws.amazon.com/fsx/](https://console.aws.amazon.com/fsx/).
1. To display the file system details page, in the left navigation pane, choose **File systems**, and then choose the FSx for ONTAP file system that you want to update.
1. On the **Summary** panel, for **Number of HA pairs**, choose **Update**.
1. From the **HA Pairs** dropdown, select the number of HA pairs that you want to add to your file system.
1. Choose the **Update** button.
After you add HA pairs, it's important to rebalance your existing data to ensure that your I/O remains evenly distributed across your file system's HA pairs. For more information, see [Balancing workloads across HA pairs](monitor-workload-balance.md).
# Balancing workloads across HA pairs
If you have a file system with multiple high-availability (HA) pairs, then its throughput and storage are spread across each of your HA pairs. FSx for ONTAP automatically balances your files as they are written to your file system, but your workload data and I/O are no longer balanced once you add HA pairs. Additionally, in rare cases, your workload data or I/O could become unbalanced across your file system's existing HA pairs, which can impact your workload's overall performance. If your workload is ever imbalanced, you can rebalance it across each of your file system’s HA pairs (and their commensurate file servers and *aggregates*—the storage pools which make up your primary storage tier).
**Topics**
+ [Primary storage utilization balance](#primary-storage-balance)
+ [File server and disk performance utilization imbalance](#server-disk-imbalance)
+ [Mapping CloudWatch dimensions to ONTAP CLI and REST API resources](#map-dimensions-to-resources)
+ [Rebalancing clients](#rebalancing-clients)
+ [Rebalancing volumes](#rebalancing-volumes)
## Primary storage utilization balance
Your file system’s primary storage capacity is divided evenly among each of your HA pairs in storage pools called aggregates. Each HA pair has one aggregate. We recommend that you maintain an average utilization no higher than 80% for your primary storage tier on an ongoing basis. For file systems with multiple HA pairs, we recommend that you maintain an average utilization of up to 80% for every aggregate.
Maintaining 80% utilization ensures there is free space for new incoming data, and maintains a healthy overhead for maintenance operations which can temporarily claim free space on your aggregates.
If you notice that your aggregates are imbalanced, you can either increase your file system’s primary storage capacity (commensurately increasing the storage capacity of each aggregate), or you can move your volumes between aggregates. For more information, see [Moving volumes between aggregates](moving-fg-volumes.md).
## File server and disk performance utilization imbalance
Your file system’s total performance capabilities (such as the network throughput, file server to disk throughput and IOPS, and disk IOPS) is divided evenly among your file system’s HA pairs. We recommend that you maintain an average utilization below 50% (and a maximum peak utilization below 80%) for all performance limits on an ongoing basis—this goes for both the overall utilization of your file system’s file server resources across all HA pairs, as well as on a per-file server basis.
If you notice that your file server performance utilization is imbalanced—and the file servers on which your workload is imbalanced have an ongoing utilization of over 80%—you can use the ONTAP CLI and REST API to further diagnose the cause of performance imbalance and remediate it. Following is a table of possible imbalance indicators and next steps for further diagnosis.
| If your file system's... | Then... |
| --- | --- |
| File server disk throughput or file server disk IOPS are imbalanced | You may be experiencing I/O hotspotting on a subset of HA pairs (a subset of your volumes containing an outsized amount of data being accessed) which can limit your workload's overall performance because it's bottlenecked against a subset of HA pairs. For each highly-utilized file server, check the most-utilized volumes to see which volumes have the most activity within an aggregate. For more information on this procedure, see [Rebalancing volumes](#rebalancing-volumes). |
| Network throughput is imbalanced, but your file server disk throughput, file server disk IOPS, or disk IOPS are not imbalanced | Your data is evenly-distributed across HA pairs, but your clients are not. For the file servers which have more network throughput utilization than others, check the top clients for each file server, then rebalance those clients by unmounting any volumes from those clients and remounting them using a different endpoint on a different HA pair. For more information on this procedure, see [Rebalancing clients](#rebalancing-clients). |
## Mapping CloudWatch dimensions to ONTAP CLI and REST API resources
Your second-generation file system has Amazon CloudWatch metrics with the `FileServer` or `Aggregate` dimension. In order to further diagnose cases of imbalance, you need to map these dimension values to specific file servers (or *nodes*) and aggregates in the ONTAP CLI or REST API.
+ For file servers, each file server name maps to a file server (or node) name in ONTAP (for example, `FsxId01234567890abcdef-01`). Odd-numbered file servers are preferred file servers (that is, they service traffic unless the file system has failed over to the secondary file server), while even-numbered file servers are secondary file servers (that is, they serve traffic only when their partner is unavailable). Because of this, secondary file servers will typically show less utilization than preferred file servers.
+ For aggregates, each aggregate name maps to an aggregate in ONTAP (for example, `aggr1`). There is one aggregate for every HA pair, meaning aggregate `aggr1` is shared by file servers `FsxId01234567890abcdef-01` (the active file server) and `FsxId01234567890abcdef-02` (the secondary file server) in an HA pair, aggregate `aggr2` is shared by file servers `FsxId01234567890abcdef-03` and `FsxId01234567890abcdef-04`, and so on.
You can view the mappings between all aggregates and file servers using the ONTAP CLI.
1. To SSH into the NetApp ONTAP CLI of your file system, follow the steps documented in the [Using the NetApp ONTAP CLI](managing-resources-ontap-apps.md#netapp-ontap-cli) section of the *Amazon FSx for NetApp ONTAP User Guide*.
```
ssh fsxadmin@file-system-management-endpoint-ip-address
```
1. Use the [storage aggregate show](https://docs.netapp.com/us-en/ontap-cli-9131/storage-aggregate-show.html) command, specifying the `-fields node` parameter.
```
::> storage aggregate show -fields node
aggregate node
------------------------------- -------------------------
aggr1 FsxId01234567890abcdef-01
aggr2 FsxId01234567890abcdef-03
aggr3 FsxId01234567890abcdef-05
aggr4 FsxId01234567890abcdef-07
aggr5 FsxId01234567890abcdef-09
aggr6 FsxId01234567890abcdef-11
6 entries were displayed.
```
## Rebalancing clients
After adding HA pairs or if you’re experiencing I/O imbalance across file servers (specifically with network throughput utilization), you can rebalance your clients. If you’re rebalancing clients after adding HA pairs, you can skip to [Remounting clients](#remounting-clients). Otherwise, you should first identify high-traffic clients you want to move to rebalance your workload I/O.
If you're experiencing I/O imbalance across file servers (specifically with Network throughput utilization), high I/O clients may be the cause. To identify high-traffic clients, use the ONTAP CLI.
**Identify high-traffic clients**
1. To SSH into the NetApp ONTAP CLI of your file system, follow the steps documented in the [Using the NetApp ONTAP CLI](managing-resources-ontap-apps.md#netapp-ontap-cli) section of the *Amazon FSx for NetApp ONTAP User Guide*.
```
ssh fsxadmin@file-system-management-endpoint-ip-address
```
1. To view the highest-traffic clients, use the [statistics top client show](https://docs.netapp.com/us-en/ontap-cli-9131/statistics-top-client-show.html) ONTAP CLI command. You can optionally specify the `-node` parameter to only view the top clients for a specific file server. If you are diagnosing imbalance for a specific file server, use the `-node` parameter, replacing `node_name` with the name of the file server (for example, `FsxId01234567890abcdef-01`).
You can optionally add the `-interval` parameter, providing the interval over which to measure (in seconds) before each report is output. Increasing the interval (for example, to the maximum 300 seconds) provides a longer-term sample for the amount of traffic driven to each volume. The default is `5` (seconds).
```
::> statistics top client show -node FsxId01234567890abcdef-01 [-interval [5,300]]
```
In the output, the top clients are shown by their IP address and port.
```
*Total Total
Client Vserver Node Ops (Bps)
------------------ --------- ------------------------- ------ ---------
172.17.236.53:938 svm01 FsxId01234567890abcdef-01 2143 140443648
172.17.236.160:898 svm02 FsxId01234567890abcdef-01 812 53215232
```
**Remounting clients**
+ You can rebalance clients to other HA pairs. To do so, unmount the volume from the client and remount it using the DNS name for the SVM’s NFS/SMB endpoint—this returns a random endpoint corresponding to a random HA pair.
We recommend you re-use the DNS name, but you have the option to explicitly choose which HA pair a given client mounts. To guarantee that you are mounting a client to a different endpoint, you can instead specify a different endpoint IP address than the one that corresponds to the file server that is experiencing high traffic. You can do so by running the following command:
```
::> network interface show -vserver svm_name -lif nfs_smb_management* -fields address,curr-node
vserver lif address curr-node
--------- -------------------- ------------ -------------------------
svm01 nfs_smb_management_1 172.31.15.89 FsxId01234567890abcdef-01
svm01 nfs_smb_management_3 172.31.8.112 FsxId01234567890abcdef-03
2 entries were displayed.
```
According to the example output for the `statistics top client show` command, client `172.17.236.53` is driving high traffic to `FsxId01234567890abcdef-01`. The output of the `network interface show` command indicates this is the address `172.31.15.89`. To mount to a different endpoint, select any other address (in this example, the only other address is `172.31.8.112`, corresponding to `FsxId01234567890abcdef-03`).
## Rebalancing volumes
If you're experiencing I/O imbalance across your volumes or aggregates, you can rebalance volumes in order to redistribute your I/O traffic across your volumes.
**Note**
If you're experiencing storage utilization imbalance across your aggregates, there is generally not any performance impact unless the high utilization is coupled with I/O imbalance. While you can move volumes between aggregates to balance storage utilization, we recommend only moving volumes if you are seeing a performance impact, as moving volumes can have adverse impact on performance if you don't also consider the I/O driven to each volume you're considering moving.
1. To SSH into the NetApp ONTAP CLI of your file system, follow the steps documented in the [Using the NetApp ONTAP CLI](managing-resources-ontap-apps.md#netapp-ontap-cli) section of the *Amazon FSx for NetApp ONTAP User Guide*.
```
ssh fsxadmin@file-system-management-endpoint-ip-address
```
1. Use the [statistics volume show](https://docs.netapp.com/us-en/ontap-cli-9131/statistics-volume-show.html) ONTAP CLI command to view the highest-traffic volumes for a given aggregate, with the following changes:
+ Replace *aggregate\$1name* with the aggregate’s name (for example, `aggr1`).
+ You can optionally add the `-interval` parameter, providing the interval over which to measure (in seconds) before each report is output. Increasing the interval (for example, to the maximum 300 seconds) provides a longer-term sample for the amount of traffic driven to each volume. The default is `5` (seconds).
```
::> statistics volume show -aggregate aggregate_name -sort-key total_ops [-interval [5,300]]
```
Depending on the interval you chose, it can take up to 5 minutes to show data. The command shows all volumes in the aggregate, along with the amount of traffic being driven to each aggregate.
```
*Total Read Write Other Read Write Latency
Volume Vserver Aggregate Ops Ops Ops Ops (Bps) (Bps) (us)
---------- ------- --------- ------ ---- ----- ----- --------- ----- -------
vol1__0007 svm1 aggr1 4078 4078 0 0 267255808 0 1092
vol1__0005 svm1 aggr1 4078 4078 0 0 267255808 0 1086
vol1__0003 svm1 aggr1 4077 4077 0 0 267223040 0 1086
vol1__0001 svm1 aggr1 4077 4077 0 0 267239424 0 1087
vol1__0008 svm1 aggr2 2314 2314 0 0 151650304 0 1112
vol1__0006 svm1 aggr2 2144 2144 0 0 140509184 0 1104
vol1__0002 svm1 aggr2 2183 2183 0 0 143065088 0 1106
vol1__0004 svm1 aggr2 2183 2183 0 0 143065088 0 1103
```
The volume statistics are shown on a per-constituent basis (for example, `vol1__0015` is the 15th constituent for FlexGroup `vol1`). You can see from the example output, the constituents for `aggr1` are more highly-utilized than the constituents for `aggr2`. To balance traffic between aggregates, you can move the constituent volumes between aggregates so that traffic is more evenly distributed.
1. If you have added new HA pairs, then you should move existing volumes to new aggregates. For more information, see [Moving volumes between aggregates](moving-fg-volumes.md).
# Managing the NVMe cache
The NVMe cache is enabled by default on your second-generation file system. If your second-generation file system has a throughput-heavy workload, you can disable the NVMe cache to improve performance. The following procedure explains how to enable, disable, and validate your file system's NVMe cache.
**To manage the NVMe cache**
1. SSH into your ONTAP file system. For more information, see [Using the NetApp ONTAP CLI](managing-resources-ontap-apps.md#netapp-ontap-cli).
```
ssh fsxadmin@file-system-management-endpoint-ip-address
```
1. Use the [https://docs.netapp.com/us-en/ontap-cli-9131/system-node-external-cache-modify.html](https://docs.netapp.com/us-en/ontap-cli-9131/system-node-external-cache-modify.html) ONTAP CLI commnd. Choose **true** to enable the NVMe cache or **false** to disable it.
```
::> system node external-cache modify -node * -is-enabled [true|false]
```
1. Use the [https://docs.netapp.com/us-en/ontap-cli-9131/system-node-external-cache-show.html](https://docs.netapp.com/us-en/ontap-cli-9131/system-node-external-cache-show.html) ONTAP CLI command to check if the NVMe cache is enabled or disabled.
```
::> system node external-cache show -node * -fields is-enabled
```
The NVMe cache is enabled or disabled on a per-node basis. When you add new high-availability (HA) pairs to your file system, each new node has the same default behavior of a new file system's nodes. Therefore, the NVMe cache would be enabled for any new nodes on a file system even if the existing nodes have it disabled. For more information, see [Adding high-availability (HA) pairs](adding-HA-pairs.md).
# Managing network type
When you create an FSx for ONTAP file system, you must specify a network type, which must be one of the following options:
+ `IPv4` allows your file system to communicate using only Internet Protocol version 4 (IPv4).
+ `Dual-stack` allows your file system to communicate using both Internet Protocol version 6 (IPv6) and IPv4.
You can change the network type of an existing FSx for ONTAP file system at any time using the Amazon FSx Management Console, AWS CLI, AWS API, or one of the AWS SDKs. For example, if your subnets support both IPv4 and IPv6 addressing, you can update your existing file system from IPv4-only to dual-stack mode, You can also update your dual-stack file system to IPv4-only.
## Using dual-stack mode
You should use dual-stack mode if you need to access and manage your Amazon FSx file systems natively from IPv6 clients. By configuring your Amazon FSx file system to use dual-stack addressing, you can access your file data from IPv6 clients, as well as IPv4 clients, in the same Amazon VPC, in another AWS account's VPC, or in your on-premises network. For example, with an Amazon FSx file system configured to use dual-stack, you can have existing IPv4 clients and new IPv6 clients accessing your file data stored on your file system.
By default, Amazon FSx and Amazon VPC use the IPv4 addressing protocol. So as a prerequisite to using IPv6, you must first assign an Amazon-provided IPv6 Classless Inter-Domain Range (CIDR) block to your VPC and subnets before you can use IPv6 with your Amazon FSx file systems. For information on enabling IPv6 for your VPC, see [Add IPv6 support for your VPC](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-migrate-ipv6-add.html) in the *Amazon Virtual Private Cloud User Guide*.
When creating FSx for ONTAP file systems set to dual-stack mode, you can specify the IPv6 address range, in addition to the existing IPv4 address range, in which the endpoints to access your file system will be created. By default, Amazon FSx chooses a block of 1024 IP addresses from one of the VPC's IPv6 CIDR ranges to use as the endpoint IPv6 address range for the file system.
## Changing network type
You can modify a file system's network type using the Amazon FSx console, the AWS Command Line Interface (AWS CLI), or the Amazon FSx API.
### To change a file system's network type (console)
1. Open the Amazon FSx console at [https://console.aws.amazon.com/fsx/](https://console.aws.amazon.com/fsx/).
1. Navigate to **File systems**, and choose the FSx for ONTAP file system that you want to change the network type for.
1. For **Actions**, choose **Update network type**. Or, in the **Network & security** panel, choose **Manage** next to the file system's **Network type**.
The **Update network type** window appears.
1. For **Desired network type**, choose either **IPv4** or **Dual-stack**.
+ If you choose `IPv4`, no further configuration is required.
+ If you choose `Dual-stack`, specify the IPv6 address range that your file system endpoints will use:
+ **Unallocated IPv6 address range from your VPC** – Amazon FSx chooses an available /118 IP address range from one of the VPC's IPv6 CIDR ranges to use as the endpoint IPv6 address range for the file system.
+ **Enter an IPv6 address range** – You can provide an IPv6 CIDR range of your own choosing. The IP address range that you choose can either be inside or outside the VPC’s IP address range, as long as it doesn't overlap with any subnet.
1. Choose **Update**.
### To modify a file system's network type (CLI)
+ To modify a file system's network type, use the [update-file-system](https://docs.aws.amazon.com/cli/latest/reference/fsx/update-file-system.html) CLI command (or the equivalent [UpdateFileSystem](https://docs.aws.amazon.com/fsx/latest/APIReference/API_UpdateFileSystem.html) API operation), as shown in the following example.
```
aws fsx update-file-system \
--file-system-id fs-0123456789abcdef0 \
--network-type DUAL
```
# Monitoring file system details
You can view detailed configuration information for your FSx for ONTAP file system using the Amazon FSx console, the AWS CLI, and the API and supported AWS SDKs.
**To view detailed file system information:**
+ **Using the console** – Choose a file system to view the **File systems** detail page. The **Summary** panel shows the file system's ID, life cycle status, deployment type, SSD storage capacity, throughput capacity, provisioned IOPS, Availability Zones, and creation time.
The following tabs provide detailed configuration information and editing for properties that can be modified:
+ Network & security – Displays the following file system administration information:
+ Default Amazon VPC
+ Amazon VPC route tables associated with a Multi-AZ file system
+ File system's network type (IPv4-only or dual-stack)
+ Endpoint IPv4 or IPv6 address range
+ The AWS Key Management Service (AWS KMS) key ID
+ Monitoring & performance – Displays CloudWatch alarms you've created, and metrics and warnings for the following categories:
+ Summary – high level summary of file system activity metrics
+ File system storage capacity
+ File server and disk performance
For more information, see [Monitoring with Amazon CloudWatch](monitoring-cloudwatch.md).
+ Administration – Displays the following file system administration information:
+ The DNS names and IP addresses of the file system's management and inter-cluster endpoints.
+ The ONTAP administrator username.
+ The option to update the ONTAP administrator password.
+ List of the file system's SVMs
+ List of the file system's volumes
+ Backup settings – change the file system's automatic daily backup setting.
+ Updates – shows the status of user initiated updates made to the file system's configuration.
+ Tags – view, edit, add, remove tag Key:Value pairs.
+ **Using the CLI or API **– Use the [describe-file-systems](https://docs.aws.amazon.com/cli/latest/reference/fsx/describe-file-systems.html) CLI command or the [DescribeFileSystems](https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystems.html) API operation.
## FSx for ONTAP file system status
You can view the status of an Amazon FSx file system by using the Amazon FSx console, the AWS CLI command [describe-file-systems](https://docs.aws.amazon.com/cli/latest/reference/fsx/describe-file-systems.html), or the API operation [DescribeFileSystems](https://docs.aws.amazon.com/fsx/latest/APIReference/API_DescribeFileSystems.html).
| File system status | Description |
| --- | --- |
| AVAILABLE | The file system has been successfully created and is available for use. |
| CREATING | Amazon FSx is creating a new file system. |
| DELETING | Amazon FSx is deleting an existing file system. |
| MISCONFIGURED | The file system is in a misconfigured but recoverable state. |
| FAILED | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/fsx/latest/ONTAPGuide/viewing-file-system.html) |
# Deleting file systems
You can delete an FSx for ONTAP file system using the Amazon FSx console, the AWS CLI, and the Amazon FSx API and SDKs.
**To delete a file system:**
+ **Using the console** – Follow the procedure described in [Cleaning up resources](getting-started.md#getting-started-step3).
+ **Using the CLI or API** – First delete all the volumes and SVMs on your file system. Then use the [delete-file-system](https://docs.aws.amazon.com/cli/latest/reference/fsx/delete-file-system.html) CLI command or the [DeleteFileSystem](https://docs.aws.amazon.com/fsx/latest/APIReference/API_DeleteFileSystem.html) API operation.