Filestore overview

Filestore instances are fully managed file servers on Google Cloud that can be connected to a number of client types:

Once provisioned, you can scale the capacity of your instances according to need without any downtime.

Why Filestore?

Google Cloud offers three main types of data storage: block, file, and object storage.

As a type of persistent file storage, Filestore supports multiple concurrent application instances accessing the same file system simultaneously.

For Google Kubernetes Engine users, for example, Filestore provides multiple reader, multiple writer access, letting you mount your GKE PersistentVolumes as read-write by many nodes.

Filestore offers a versatile alternative to block storage products, such as Persistent Disk, which support only limited options for multiple writer access to a disk.

When compared to object storage, such as Cloud Storage FUSE, while that product does offer some file system semantics, it lacks some of the more robust characteristics of file storage provided by Filestore. Some examples of capabilities supported by Filestore and not Cloud Storage FUSE include the following:

  • POSIX compliance
  • Hard links and file locking
  • Concurrency control for multiple writes on the same object

For more information, see the following resources:

Service tiers

Filestore offers multiple service tiers that vary in capacity, performance, and features. Each service tier is tailored for specific use cases:

  • Basic tier: File sharing, software development, web hosting, basic AI.
  • Regional tier: Mission-critical workloads requiring high availability.
  • Enterprise tier: Mission-critical workloads requiring high availability.
  • Zonal tier: HPC, batch compute, EDA, media rendering and transcoding, advanced AI, large data sets.

For details, see Service tiers.

Protocol support

Filestore supports the following file system protocols:

  • NFSv3
    • Available in all service tiers
    • Supports bidirectional communication between the client and server
  • NFSv4.1

Each protocol is best suited to specific use cases.

For help understanding which protocol may be right for you, see About supported protocols.

Connectivity

Filestore instances can connect to any clients that are on the same VPC network, including Shared VPC networks. You can also connect to clients on remote networks, such as an on-premises machine, using Cloud VPN or Cloud Interconnect.

Networking

For information related to Filestore networking requirements, see the following resources:

Data protection

The following sections discuss Filestore instance data protection.

Encryption at rest

By default, Filestore automatically encrypts your data at rest. The durable storage behind each Filestore instance is encrypted with system-defined keys that are managed by Google.

When you delete a Filestore instance, Google discards the encryption information used by the instance, rendering the data irretrievable as per the description in Data deletion on Google Cloud.

If you need more control over the keys that protect your data, you can also use customer-managed encryption keys (CMEK) with Filestore.

For details, see Encryption at rest in Google Cloud.

Encryption in transit

Although NFSv3 does not encrypt data in transit, all in-transit data to and within Google Cloud is encrypted.

For details, see Encryption in Transit in Google Cloud.

Access control

You can control the level of access that a client has on Filestore instance data based on the client's IP address. IP-based access control rules for an instance can be created or modified during and after instance creation.

You can also control which Google Cloud users can create, edit, and view Filestore resources by using IAM permissions and roles.

Data recovery options

The following sections discuss Filestore instance data recovery options.

Backups

Filestore backups are point-in-time copies of a Filestore instance that includes all user data and some instance metadata. You can create a backup of an instance in any region and then use it to restore the instance in any region to an existing Filestore instance or a new instance.

Snapshots

A Filestore snapshot preserves the state of your Filestore instance data at the time that the snapshot is created. You can use snapshots to restore individual files or directories or completely revert your instance to the state of a snapshot.

Reliability

The following sections discuss Filestore instance reliability.

Zonal instances

Basic- and zonal-tier Filestore instances are zonal resources that feature in-zone storage redundancy to protect your data against equipment failure. However, if a zone goes down due to an outage or data center maintenance, the instances that reside in that zone become unavailable for the duration that the zone is down.

You can create basic- and zonal-tier instances to any zone that's up and running even if there's one or more zone failures in the region.

Regional instances

Regional and enterprise-tier Filestore instances are regional resources. In the event of a zone failure, these instances continue to serve data and accept new writes, making the zone failure transparent to clients. Also, Filestore adopts the strict consistency policy required by NFS. When a client writes data, Filestore doesn't return an acknowledgment until the change is persisted so that subsequent reads return the correct data, even during a zone failure.

During a zone failure, operations through the Google Cloud console or to the Filestore API may be unavailable for a few hours. These instances don't experience NFS data access interruptions, but you may experience some performance degradation until the zone recovers. Also, you can't create a regional or enterprise instance in a region experiencing zone failures.

Zone failure identification

You can check for zone failures on the Google Cloud Status Dashboard.

What's next