Filestore overview

Filestore instances are fully managed file servers on Google Cloud that can be connected to Compute Engine VMs, GKE clusters, external datastores such as Google Cloud VMware Engine, and your on-premises machines. Once provisioned, you can scale the capacity of your instances according to need without any downtime.

Why Filestore?

Google Cloud offers three main types of data storage: block, file, and object storage.

As a type of file storage, Filestore supports multiple concurrent application instances accessing the same file system simultaneously. For Google Kubernetes Engine users, for example, this multiwriter access support offers a powerful alternative to block storage products, such as Persistent Disk, which support only single write access.

For more information, see the following resources:

Service tiers

Filestore offers multiple service tiers that vary in capacity, performance, and features. Each service tier is tailored for specific use cases:

  • Basic tiers: File sharing, software development, web hosting, basic AI.
  • Enterprise tier: Mission-critical workloads requiring high availability.
  • High Scale tier: HTC, batch compute, EDA, media rendering and transcoding, advanced AI, large data sets.

For details, see Service tiers.

Protocol support

Filestore uses the NFSv3 file system protocol on the Filestore instance and supports any NFSv3-compatible client.


Filestore instances can connect to any clients that are on the same VPC network, including Shared VPC networks. You can also connect to clients on remote networks, such as an on-premises machine, using Cloud VPN or Cloud Interconnect.


For information related to Filestore networking requirements, see the following resources:

Data protection

The following sections discuss Filestore instance data protection.

Encryption at rest

By default, Filestore automatically encrypts your data at rest. The durable storage behind each Filestore instance is encrypted with system-defined keys that are managed by Google.

When you delete a Filestore instance, Google discards the encryption information used by the instance, rendering the data irretrievable as per the description in Data deletion on Google Cloud.

If you need more control over the keys that protect your data, you can also use customer-managed encryption keys (CMEK) with Filestore.

For details, see Encryption at rest in Google Cloud.

Encryption in transit

Although NFSv3 does not encrypt data in transit, all in-transit data to and within Google Cloud is encrypted.

For details, see Encryption in Transit in Google Cloud.

Access control

You can control the level of access that a client has on Filestore instance data based on the client's IP address. IP-based access control rules for an instance can be created or modified during and after instance creation.

You can also control which Google Cloud users can create, edit, and view Filestore resources by using IAM permissions and roles.

Data recovery options

The following sections discuss Filestore instance data recovery options.


Filestore backups are point-in-time copies of a Filestore instance that includes all user data and some instance metadata. You can create a backup of an instance in any region and then use it to restore the instance in any region to an existing Filestore instance or a new instance.


A Filestore snapshot preserves the state of your Filestore instance data at the time that the snapshot is created. You can use snapshots to restore individual files or directories or completely revert your instance to the state of a snapshot.


The following sections discuss Filestore instance reliability.

Zonal instances

Basic and High Scale tier Filestore instances are zonal resources that feature in-zone storage redundancy to protect your data against equipment failure. However, if a zone goes down due to an outage or data center maintenance, the instances that reside in that zone become unavailable for the duration that the zone is down.

You can create Basic and High Scale tier instances to any zone that's up and running even if there's one or more zone failures in the region.

Regional instances

Enterprise tier Filestore instances are regional resources. In the event of a zone failure, Enterprise tier instances continue to serve data and accept new writes, making the zone failure transparent to clients. Also, Filestore adopts the strict consistency policy required by NFS. When a client writes data, Filestore doesn't return an acknowledgment until the change is persisted so that subsequent reads return the correct data, even during a zone failure.

During a zone failure, the Filestore Cloud Console or API operations may be unavailable for a few hours. Enterprise instances do not experience NFS data access interruptions, but you may experience some performance degradation until the zone recovers. Also, you can't create an Enterprise instance in a region experiencing zone failures.

Zone failure identification

You can check for zone failures on the Google Cloud Status Dashboard.

Next steps