hamburger icon close icon

Protect Your Data with Amazon FSx for NetApp ONTAP

IT operations are growing increasingly complex, making it more challenging to cost-effectively manage and protect data that can span across different regions and exist in hybrid and multicloud storage environments. The latest introduction of AWS FSx has aimed to solve this particular challenge.

Amazon FSx for NetApp ONTAP provides the capabilities to solve these data protection challenges, from creating cost-effective backups and disaster recovery operations, to governing data to help you address regulatory and security requirements.

Read on as we cover:

What Is FSx for ONTAP?

In collaboration with NetApp, AWS has launched FSx for ONTAP, a new cloud-based managed shared file and block storage service that brings the best of both worlds to their customers.

As a native AWS service, FSx for ONTAP has several tight integrations with other AWS services, including billing and monitoring, making it really easy to get started within the AWS ecosystem. In addition, with the level of enterprise-grade features and capabilities that FSx for ONTAP brings to the table, customers can now find simpler solutions to solve and simplify complex storage and data management challenges.

Customers can take FSx for ONTAP into use by accessing it directly from the AWS Console or via NetApp BlueXP Console, the centralized control portal for all cloud-based NetApp services that gives customer access to additional functionalities such as hybrid and multicloud data management and replication.

The familiar ONTAP data management operating system makes this the perfect way for long-time NetApp users to step into the cloud, and established AWS users will find the added benefits provide features that go beyond other AWS offering:

  • Unified storage access with NFS/SMB and iSCSI support
  • High availability across multi-AZs
  • Data protection and disaster recovery features
  • Cost-cutting storage efficiencies
  • GUI, ONTAP API, or RESTful API access and control via both BlueXP Console and AWS tooling

How FSx for ONTAP Provides Data Protection Capabilities

The data protection challenge is about more than keeping data safe from accidental deletion or corruption, it’s about making sure your business remains reliable. FSx for ONTAP has some powerful tools at its disposal to help you make sure that’s the case.


The built-in NetApp Snapshot™ technology within FSx for ONTAP is a quick and consistent way to create local thin copies of your storage volumes. Snapshot copies serve as backups and in disaster recovery operations. They are also leveraged in use cases of data migration, data sharing, and data cloning.

An FSx for ONTAP data volume snapshot can be created instantly, and at any point in time. This gives the ability to easily restore the volume to a previous state and recover in case of data loss. NetApp snapshots are block-based and incremental, saving only data changes, and therefore can be performed instantly and without extra costs, leveraging the state-of-the-art NetApp Write Anywhere File Layout (WAFL) technology.

Block-Level Back Up

Traditional backup solutions usually work by performing file-level copies of data. In practice, this means that it can take up to several days to complete a single full dataset backup. This long backup window significantly increases the risk of failure due to factors such as network connectivity loss, open files, missing permissions, and many other issues. That makes it difficult for IT teams to meet any demanding recovery time objective (RTO) and recovery point objective (RPO) requirements.

FSx for ONTAP’s backup technology leverages ONTAP’s backup architecture to speed up the backup window by creating block-level, incremental forever backups. This results in backups and restores that are performed much faster than the traditional file-level backups and can preserve ONTAP storage efficiencies end-to-end.

The NetApp SnapMirror® replication tool is available out-of-the-box with FSx for ONTAP and managed using BlueXP Console to operate FSx for ONTAP clusters and volumes. This feature allows replication relationships to be established across different AWS regions, with NetApp ONTAP on-premises environments, and with other ONTAP environments residing on public cloud providers.

Picture 1SnapMirror Replication Relationship in BlueXP Console

When FSx for ONTAP customers implement their backup strategy, they can take advantage of several features and benefits such as:
  • Encryption in-transit and at-rest for all backups and restores
  • Independent, and may be restored to any FSx for ONTAP file system
  • The fastest restore time possible
  • Incremental forever
  • Minimal and cost-efficient backup storage consumption

Disaster Recovery

When a disaster takes place, you need to be able to recover quickly and efficiently, with no data loss. FSx for ONTAP provides a straightforward method to seamlessly failover, failback, and restore your data, even in the case of region-wide failures.

BlueXP Console is the focal point for all your FSx for ONTAP operation. Using it you can leverage these SnapMirror capabilities:

  • Automatically and incrementally sync up your main data set with the DR copy on a scheduled basis
  • Manage failover, failback, and the reverse-resync from the secondary copy to the source necessary after failback
  • Reduce costs by up to 90% using ONTAP storage efficiencies and tiering cold data automatically to Amazon S3

Data Governance with Cloud Data Sense

While the main purpose of FSx for ONTAP is to provide file sharing capabilities to customer environments, there are a lot more functionalities at their disposal. Customers who start provisioning their FSx for ONTAP data volumes using the BlueXP Console portal, or introducing existing FSx for ONTAP systems created through AWS management tools into BlueXP Console, will quickly be drawn to one of those opt-in features: NetApp Cloud Data Sense.

Cloud Data Sense is an AI-driven data mapping and data governance technology which can help organizations address their approach to data privacy regulations such as GDPR and CCPA.

Cloud Data Sense technology is enabled in any given FSx for ONTAP data volume, providing insights and visibility into the datasets that contain sensitive and personal identifiable information (PII). With a comprehensive search functionality, this enables data to be classified and helps to locate any hidden PIIs datasets so you can better decide how they need to be protected.

Picture1-Sep-07-2021-08-36-28-00-PMEnabling Data Sense and other services using BlueXP Console

Data Security

The security of your data and ensuring best practices is at the heart of the FSx for ONTAP service.

When provisioning environments using BlueXP Console, it leverages the built-in AWS-managed data encryption with the possibility for customers to select their own AWS KMS managed encryption key. This approach gives customers full control over the level of encryption throughout the cluster and its volumes lifecycle.

One of the key benefits of FSx for ONTAP is the built-in AWS integrations and the multiprotocol support, making it the first and only AWS service capable of supporting all versions of NFS, SMB, and iSCSI. The access control methods built in each protocol are enabled and customized as part of the setup process, such as the NFS export policies or integration with Microsoft Active Directory (AWS-managed or self-managed AD) for SMB/CIFS and NFS.

It is also worth noting that the underlying methods that AWS native services have to control and secure data are also enabled by default in FSx for ONTAP. Two great examples are AWS security groups and IAM policies. Customers have full control over the AWS region and VPC network where FSx for ONTAP clusters and data volumes are attached to. When combined with AWS IAM roles and policies, it gives customers a very fine, powerful and granular way to secure the access to the data.


As we covered these different data protection capabilities, it is clear that there is a lot more than meets the eye in the new Amazon FSx for NetApp ONTAP service. In addition to the top-notch cloud file sharing and block storage features, it gives organizations an integrated data management platform with a vast array of services that can be used to accelerate their digital strategy and positively transform their daily data governance processes.

FSx for ONTAP rises to the data protection challenges and, in addition provides many other advanced enterprise-grade features such as the multi-AZ high availability, Kubernetes and container services integration, replication across multiple AWS global regions (including GovCloud), lifecycle management, and much more.

With native AWS integrations and multiprotocol support out-of-the-box, FSx for ONTAP is a great storage option for AWS-based architectures and, by leveraging the BlueXP Console control plane and its APIs, complex hybrid and multicloud scenarios.

Click here for a step-by-step walkthrough on how to set up your own FSx for ONTAP environment with BlueXP Console.

Blog-Banner-CTA-Amazon FSx-700X100-Request a Demo


Product Marketing Lead

Principal Architect & Technology Advisor