Architecture

This page describes the architectural choices that affect your Filestore instances.

Permissions

A Filestore instance consists of a single NFS file share with configurable export settings and default Unix permissions. For more information about these settings and how they affect access, see Access Control.

Encryption

Filestore automatically encrypts your data at rest. The durable storage behind each Filestore instance is encrypted with system-defined keys that users cannot control.

When you delete a Filestore instance, Google discards the encryption information used by the instanced, rendering the data irretrievable as per the description in Data deletion on Google Cloud. Once the data is deleted, this process is irreversible.

For more information on encryption, see the following:

If you need more control over the keys that protect your data, you can also use customer-managed encryption keys (CMEK) for Filestore. For details, see Encrypt data with custom encryption keys.

Networking

For information about Filestore networking requirements, see Networking.

Reliability

Basic and High Scale instances

Basic and High Scale tier Filestore instances are zonal resources that feature in-zone storage redundancy to protect your data against equipment failure. However, if a zone goes down due to an outage or data center maintenance, the instances that reside in that zone become unavailable for the duration that the zone is down.

You can create Basic and High Scale tier instances to any zone that's up and running even if there's one or more zone failures in the region.

Enterprise instances

Enterprise tier Filestore instances are regional resources. In the event of a zone failure, Enterprise tier instances continue to serve data and accept new writes, making the zone failure transparent to clients. Also, Filestore adopts the strict consistency policy required by NFS. When a client writes data, Filestore doesn't return an acknowledgment until the change is persisted so that subsequent reads return the correct data, even during a zone failure.

During a zone failure, the Filestore Cloud Console or API operations may be unavailable for a few hours. Enterprise instances do not experience NFS data access interruptions, but you may experience some performance degradation until the zone recovers. Also, you can't create an Enterprise instance in a region experiencing zone failures.

Zone failure identification

You can check for zone failures on the Google Cloud Status Dashboard.