6

Has anyone ever got Windows Server to connect to an AWS EFS volume using the Windows NFS 4.1 client? I am aware it is unsupported but wondering if anyone had done it (or via another client or utility?)

We have a requirement for a Windows Server to drop files onto an NFS volume (ideally EFS) where a folder on that volume can be polled from a RHEL based application. That app doesnt support S3 else we'd use that

Tks

JoeShmoe
  • 275
  • 4
  • 12

4 Answers4

7

Starting from the NFSv4.1 client made by folks at CITI @ University of Michigan, with a few relatively minor changes, you can get a working connection to an AWS EFS filesystem.

As @kafka points out: AWS EFS disallows / fails when any client specifies a share deny value other than OPEN4_SHARE_DENY_NONE. Luckily the CITI folks discovered this as a possible problem and added a definition that, when commented out, will only ever use OPEN4_SHARE_DENY_NONE for the share deny value.

Once this definition is commented out, then you need to recompile it for your system – relatively trivial if you use the versions of Visual Studio and WDK that the readme specifies. One gotcha was that the self-signed certificate process needs to not use the outdated Root Agency certificate (since it's only 512-bit). Use certreq instead.

I'm working on collecting this knowledge into a fork of the CITI code at Github. (I'm sure you either solved your problem or moved on, but good luck to those folks who landed here from Google!)

davemyron
  • 2,483
  • 3
  • 24
  • 33
4

I used a workaround. In my case I just needed access to the EFS share on a Windows 2016 Server EC2 instance. Speed / throughput weren't exactly a concern.

I spun up a t2.nano Linux/Ubuntu instance, mounted the EFS share on that instance and then setup a SMB share on the linux instance to serve the mounted EFS file system over the network.

After that it was just a matter of mapping the network folder to a drive on the Windows 2016 server EC2 instance.

Setting up a SMB share on a Linux/Ubuntu instance is pretty straight forward as described in the Ubuntu docs here.

memorydump85
  • 71
  • 2
3

No it is not supported. AWS specifically state that it is not possible in their documentation.

For example,

Using Amazon EFS with Microsoft Windows Amazon EC2 instances is not supported.AWS EFS setup docs

A more technical explanation of why this is not possible here:

Deny share NFS supports the concept of a share deny, primarily used by Windows clients for users to deny others access to a particular file that has been opened. Amazon EFS does not support this, and returns the NFS error NFS4ERR_NOTSUPP for any OPEN commands specifying a share deny value other than OPEN4_SHARE_DENY_NONE. Linux NFS clients do not use anything other than OPEN4_SHARE_DENY_NONE. AWS document reference

I have not managed to find any third party clients which will workaround this.

Community
  • 1
  • 1
kafka
  • 553
  • 6
  • 19
  • 4
    It's not *supported* by AWS. This doesn't mean it's not *possible*. In fact, I'm running Windows Server 2012 R2 on EC2 and connecting to EFS using a version of the NFSv4.1 client made by folks at the University of Michigan (http://citi.umich.edu/projects/nfsv4/windows/). I'm updating my fork of the code on Github to include what changes had to be made (just commenting out a `#define` to handle the `OPEN4_SHARE_DENY_NONE` requirement of EFS). It'll be at https://github.com/contentfree/ms-nfs41-client. (I certainly have no idea yet if it's *production* grade, but…) – davemyron Oct 07 '17 at 20:47
0

Amazon has recently (Nov 2018) launched: Amazon FSx for Windows File Server

You can use Fsx for Windows File System.

Hooman Bahreini
  • 14,480
  • 11
  • 70
  • 137