Global Site
Displaying present location in the site.
July 31st, 2025
Machine translation is used partially for this article. See the Japanese version for the original article.
Introduction
We tried building an HA cluster using the Amazon FSx for Windows File Server (hereinafter called "FSx for Windows File Server") on Amazon Web Services (hereinafter called "AWS"). FSx for Windows File Server is a file server that can be used on Windows Amazon EC2 instances (hereinafter called "EC2 instances").
This time, we will build an HA cluster using FSx for Windows File Server as shared storage (location of taking over the data) between servers.
If you are considering building a shared storage type HA cluster on Linux environment, please refer to the "
We Tried Building an HA Cluster Using Amazon Elastic File System (Linux)" article.
Contents
1. What is FSx for Windows File Server?
FSx for Windows File Server is a file server that can be accessed using the SMB protocol from Windows EC2 instances, providing consistent sub-millisecond latency for access.
Previously, HA cluster configurations using Amazon EBS Multi-Attach were available as shared storage on Windows environments, but they were restricted to single-AZ configuration. FSx for Windows File Server supports Multi-AZ deployment, wherein data is automatically replicated between AZs. This enables continued operations in the healthy AZ even during AZ failures, thereby achieving high availability.
By deploying in Multi-AZ configuration, if a failure occurs in the preferred AZ, AWS automatically initiates a failover to the standby AZ, usually completing within 30 seconds.
[Reference] What is FSx for Windows File Server?
2. HA Cluster Configuration
This time, we will build an HA cluster based on VIP control and use MinIO as the target application for the HA cluster. FSx for Windows File Server uses the SMB protocol to perform exclusive control even when accessed simultaneously from multiple servers. So basically, data corruption due to simultaneous access does not occur. Therefore, we will configure it so that FSx for Windows File Server can always be accessed from both server1 and server2, which constitute the HA cluster, without using EXPRESSCLUSTER for access control.
3. HA Cluster Building Procedure
We will explain the procedure for building an HA cluster. The installation steps for MinIO mentioned in the following explanation can be omitted if MinIO is not used.
3.1 Preparing for Building an HA Cluster
3.1.1 VPC Settings
Create a VPC in advance. The VPC configuration is as follows.
-
VPC-1 (VPC ID : vpc-1234abcd)
- -CIDR : 10.0.0.0/16
- -Subnets
- ■Subnet-A1 (Subnet ID:sub-1111aaaa) : 10.0.10.0/24
- ■Subnet-A2 (Subnet ID:sub-2222aaaa) : 10.0.110.0/24
- ■Subnet-B1 (Subnet ID:sub-1111bbbb) : 10.0.20.0/24
- ■Subnet-B2 (Subnet ID:sub-2222bbbb) : 10.0.120.0/24
- ■
- -RouteTables
- ■Main (Route table ID:rtb-00000001)
- -10.0.0.0/16 -> local
- -0.0.0.0/0 -> igw-1234abcd (Internet Gateway)
- -172.16.0.1/32 -> eni-1234abcd (ENI ID of server1)
- -
- ■Route-A (Route table ID:rtb-0000000a)
- -10.0.0.0/16 -> local
- -0.0.0.0/0 -> nat-1234abcd (NAT gateway 1)
- -172.16.0.1/32 -> eni-1234abcd (ENI ID of server1)
- -
- ■Route-B (Route table ID:rtb-0000000b)
- -10.0.0.0/16 -> local
- -0.0.0.0/0 -> nat-5678efgh (NAT gateway 2)
- -172.16.0.1/32 -> eni-1234abcd (ENI ID of server1)
- -
- ■
- -
3.1.2 Setting the AWS Directory Service for Microsoft Active Directory
To use FSx for Windows File Server, Microsoft Active Directory is required. This time, we will use AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD (hereinafter called "Microsoft AD"). Please refer to the following steps to create Microsoft AD.
[Reference] Getting started with AWS Managed Microsoft AD
This time, we will create Microsoft AD with the following configuration. After creation, servers for the HA cluster will be joined to the Microsoft AD domain. Please take notes the Microsoft AD Admin password as it will be registered with EXPRESSCLUSTER later.
-
AWS Directory Service for Microsoft Active Directory
- -Directory DNS name : test.msad.local
- -VPC : VPC-1
- -Subnets : Subnet-A2, Subnet-B2
- -Admin password : xxxxxx
- -
The security group for Microsoft AD is automatically created on the AWS side. The default settings allow all communications originating from the same VPC CIDR range as Microsoft AD for access to Microsoft AD. For more details, please refer to the following.
3.1.3 FSx for Windows File Server Settings
Create an FSx for Windows File Server. Please refer to the following steps for the creation process.
This time, we will create an FSx for Windows File Server with the following configuration. By setting the deployment type to Multi-AZ, if a failure occurs in the AZ of the preferred subnet, AWS will automatically fail over to the AZ of the standby subnet.
-
FSx for Windows File Server
- -File system name : test-fsx
- -Deployment type : Multi-AZ
- -SSD storage capacity : 32GiB
- -VPC : VPC-1
- -Preferred subnet : Subnet-A2
- -Standby subnet : Subnet-B2
- -Windows authentication : AWS Managed Microsoft Active Directory
- -AWS Managed Microsoft Active Directory : test.msad.local
- -
Set the security group of FSx for Windows File Server to allow communication with Microsoft AD. For details, please refer to the following.
Please note down the DNS name of the created FSx for Windows File Server (amznfsxXXXXXXXX.test.msad.local) as it will be used later to access the file server. If you are using the DNS alias feature of FSx for Windows File Server, replace the subsequent "amznfsxXXXXXXXX.test.msad.local" with the DNS name set in the DNS alias.
For checking the operation, access the DNS name of FSx for Windows File Server from servers for the HA cluster that has joined the Microsoft AD domain via Explorer. Upon access, you can find a shared folder named "share".
\\amznfsxXXXXXXXX.test.msad.local
If you want to use a folder other than the "share" folder as a shared folder, please refer to the following.
[Reference] Creating, updating, removing file shares
3.1.4 MinIO Settings
Install MinIO on servers for the HA cluster.
For the installation procedure, please refer to the following.
[Reference] MinIO Object Storage for Windows
Please specify an arbitrary location for the installation destination of MinIO. This time, we install to "C:\minio". After installation, check the operation of MinIO on each server. Start the MinIO service so that it refers to the DNS name of the FSx for Windows File Server.
- >C:\minio\minio.exe --config-dir C:\minio\config server \\amznfsxXXXXXXXX.test.msad.local\share --console-address :9090
After checking the operation of MinIO, stop the MinIO service on each server.
- >taskkill /F /IM minio.exe
3.2 Building an HA Cluster Based on VIP Control
In this verification, we are using EXPRESSCLUSTER X 5.2 (Internal Ver. Windows: 13.21).
The configuration of EXPRESSCLUSTER is as follows.
-
EXPRESSCLUSTER
- -Cluster properties
- ■Account
- -User Name : test.msad.local\Admin
- -Password : xxxxxx *The Admin password set when creating Microsoft AD
- -
- ■
- -Failover group (failover)
- ■AWS Virtual IP resource (awsvip)
- -IP address : 172.16.0.1
- -
- ■Script resource (script_minio)
- -Start Script : Script to start MinIO
- -Stop Script : Script to stop MinIO
- -Tuning->Start->Normal Return Value : 0
- -Tuning->Stop->Normal Return Value : 0
- -Tuning->Exec User : test.msad.local\Admin
- -
- ■
- -Monitors
- ■AWS Virtual IP monitor resources (awsvipw)
- ■Custom monitor resource (genw_fsx)
- -Wait Time to Start Monitoring : 0 seconds
- -Monitor Timing : Always
- -genw.bat:Describe a script to check the connection to FSx for Windows File Server on port 445/tcp
- -Exec User : test.msad.local\Admin
- -
- ■Custom monitor resource (genw_minio)
- -Monitor Timing : Active
- -Target Resource : script_minio
- -genw.bat:Describe a script to monitor the startup status of MinIO
- -Exec User : test.msad.local\Admin
- -
- ■User mode monitor resources (userw)
- ■
- -
3.2.1 Registering Group Resources
In EXPRESSCLUSTER's failover group, we register two group resources: AWS Virtual IP resource and script resource.
■AWS Virtual IP resource (awsvip)
The AWS Virtual IP resource realizes switching of the connection destination by rewriting the route table. Set "172.16.0.1" for the virtual IP address. Please refer to the following for detailed setting instructions.
[Reference]
Documentation - Setup Guides
Documentation - Setup Guides- Linux > Cloud > Amazon Web Services
> EXPRESSCLUSTER X 5.2 for Windows HA Cluster Configuration Guide for Amazon Web Services
■Script resource (script_minio)
The script resource executes any script on servers for the HA cluster when the resource is started or stopped. This time, the script starts and stops MinIO. Describe the script to start/stop MinIO in the start script (start.bat) and stop script (stop.bat) of the script resource (e.g. script_minio).
Start Script (start.bat)
start C:\minio\minio.exe --config-dir C:\minio\config server \\amznfsxXXXXXXXX.test.msad.local\sharetasklist | find "minio" > NUL 2>&1 exit /b %errorlevel%
Stop Script(stop.bat)
tasklist | find "minio" > NUL 2>&1
if errorlevel 1 exit /b 0
taskkill /F /IM minio.exe
exit /b %errorlevel%
Press the [Tuning] button, enter "0" for the "Normal Return Value" for both the start script and the stop script, and select "test.msad.local\Admin" for "Exec User".
3.2.2 Registering Monitor Resources
For the monitor resources, register two custom monitor resources to monitor FSx for Windows File Server and MinIO respectively. In custom monitor resource, monitoring is performed using any scripts.
■Custom monitor resource (genw_fsx)
In genw_fsx, it monitors whether it can connect to FSx for Windows File Server via port 445/tcp.
The failover from the preferred AZ to the standby AZ of FSx for Windows File Server is usually completed within 30 seconds. This time, to prevent EXPRESSCLUSTER from detecting the file server access unavailability during FSx for Windows File Server failover as an anomaly, we will set the "Interval" and the "Retry Count" to the default values of 60 seconds and 1 time, respectively.
Since FSx for Windows File Server is always accessible from servers for the HA cluster, select "Always" as the "Monitor Timing" and set the "Wait Time to Start Monitoring" to 0 seconds.
Register a script in genw.bat to monitor whether FSx for Windows File Server can connect via the 445/tcp port.
An example of the script is as follows.
- *Please note that the following script is an example and not guaranteed to work.
rem ***************************************
rem * genw.bat *
rem ***************************************
rem Domain name for FSx for Windows File Server
set fsxdomain='amznfsxXXXXXXXX.test.msad.local'
rem A command to check the connection to FSx for Windows File Server on port 445/tcp
set command="Test-NetConnection %fsxdomain% -Port 445 -InformationLevel Quiet"
for /f "usebackq delims=" %%i in (`powershell -Command %command%`) do set ret=%%i
if "%ret%" == "True" (
set exitcode=0
) else if "%ret%" == "False" (
set exitcode=1
)
exit /b %exitcode%
■Custom monitor resource (genw_minio)
In genw_minio, it monitors whether the MinIO service is running.
Select "active" for the "Monitor Timing", and specify the script resource that controls MinIO (e.g. script_minio) as the "Target Resource".
Register a script in genw.bat to monitor the startup status of MinIO.
An example of the script is as follows.
- *Please note that the following script is an example and not guaranteed to work.
tasklist | find "minio" > NUL 2>&1
exit /b %errorlevel%
4. Checking the Operation
From the Cluster WebUI, check that the failover group has started normally on server1.
Connect to MinIO using the virtual IP address (172.16.0.1) and create a bucket (e.g. test).
Upload a text file (e.g. test.txt) to the bucket.
To check the failover operation, manually move the failover group to server2.
After checking that the failover group has started on server2, connect to MinIO again using the virtual IP address (172.16.0.1). It is successful if you can refer to the text file created before manual failover.
Conclusion
This time, we tried building an HA cluster using FSx for Windows File Server.
Please refer to this article when using FSx for Windows File Server as shared storage of servers for HA cluster placed in Multi-AZ.
If you consider introducing the configuration described in this article, you can perform a validation with the trial module of EXPRESSCLUSTER. Please do not hesitate to contact us if you have any questions.