Architecture

This page describes the architectural choices that affect your Filestore instances.

Permissions

A Filestore instance consists of a single NFS file share with configurable export settings and default Unix permissions. For more information about these settings and how they affect access, see Access Control.

Encryption

At rest

By default, Filestore automatically encrypts your data at rest. The durable storage behind each Filestore instance is encrypted with system-defined keys that are managed by Google.

When you delete a Filestore instance, Google discards the encryption information used by the instance, rendering the data irretrievable as per the description in Data deletion on Google Cloud. Once the data is deleted, this process is irreversible.

If you need more control over the keys that protect your data, you can also use customer-managed encryption keys (CMEK) for Filestore. For details, see Encrypt data with custom encryption keys.

For more information, see Encryption at rest in Google Cloud.

In transit

Although NFSv3 does not encrypt data in transit, all in-transit data to and within Google Cloud is encrypted.

For more information, see Encryption in Transit in Google Cloud.

Networking

For information about Filestore networking requirements, see Networking.

Reliability

Basic and High Scale instances

Basic and High Scale tier Filestore instances are zonal resources that feature in-zone storage redundancy to protect your data against equipment failure. However, if a zone goes down due to an outage or data center maintenance, the instances that reside in that zone become unavailable for the duration that the zone is down.

You can create Basic and High Scale tier instances to any zone that's up and running even if there's one or more zone failures in the region.

Enterprise instances

Enterprise tier Filestore instances are regional resources. In the event of a zone failure, Enterprise tier instances continue to serve data and accept new writes, making the zone failure transparent to clients. Also, Filestore adopts the strict consistency policy required by NFS. When a client writes data, Filestore doesn't return an acknowledgment until the change is persisted so that subsequent reads return the correct data, even during a zone failure.

During a zone failure, the Filestore Cloud Console or API operations may be unavailable for a few hours. Enterprise instances do not experience NFS data access interruptions, but you may experience some performance degradation until the zone recovers. Also, you can't create an Enterprise instance in a region experiencing zone failures.

Zone failure identification

You can check for zone failures on the Google Cloud Status Dashboard.