This page describes the architectural choices that affect your Filestore instances.
A Filestore instance consists of a single NFS file share with configurable export settings and default Unix permissions. For more information about these settings and how they affect access, see Access Control.
Filestore automatically encrypts your data before it travels outside of the instance to the underlying durable storage layer. The durable storage behind each Filestore instance is encrypted with system-defined keys that users cannot control. Also, Google distributes Filestore data across multiple physical disks in a manner that users do not control.
When you delete a Filestore instance, Google discards the cipher keys, rendering the data irretrievable as per the description in Data deletion on Google Cloud. Once the data is deleted, this process is irreversible.
For more information on encryption, see the following:
For information about Filestore networking requirements, see Networking.
Basic and High Scale instances
Basic and High Scale tier Filestore instances are zonal resources that feature in-zone storage redundancy to protect your data against equipment failure. However, if a zone goes down due to an outage or data center maintenance, the instances that reside in that zone become unavailable for the duration that the zone is down.
You can create Basic and High Scale tier instances to any zone that's up and running even if there's one or more zone failures in the region.
Enterprise tier Filestore instances are regional resources. In the event of a zone failure, Enterprise tier instances continue to serve data and accept new writes, making the zone failure transparent to clients. Also, Filestore adopts the strict consistency policy required by NFS. When a client writes data, Filestore doesn't return an acknowledgment until the change is persisted so that subsequent reads return the correct data, even during a zone failure.
During a zone failure, the Filestore Cloud Console or API operations may be unavailable for a few hours. Enterprise instances do not experience NFS data access interruptions, but you may experience some performance degradation until the zone recovers. Also, you can't create an Enterprise instance in a region experiencing zone failures.
Zone failure identification
You can check for zone failures on the Google Cloud Status Dashboard.