This page shows you how to back up data for disaster recovery using Filestore backups. To learn more about backups, common use cases, and best practices, see Backups.
Supported tiers
The following table shows the Filestore service tiers
that support backups, encryption, and related restore
operations:
| Tier | Backups support | restoretonew instance | restoretoexisting instance | restoretosource instance | CMEK support | 
|---|---|---|---|---|---|
| Basic HDD | Yes | Yes | Yes | Yes | No | 
| Basic SSD | Yes | Yes | Yes | Yes | No | 
| Zonal | Yes | Yes | No | No | Yes | 
| Regional | Yes | Yes | No | No | Yes | 
| Enterprise | Yes | Yes | No | No | Yes | 
Before you begin
- Install - gcloud.
- Update - gcloud components:- gcloud components update
- Ensure that the account you are using has either the Cloud Filestore Editor role, or the Project Owner or Project Editor basic role. For more information about roles and permissions for Filestore, see Access Control, IAM permissions, or About supported protocols. 
Back up a file share
Filestore backups don't include file locks and certain instance-specific information. The following table shows what information backups preserve and what information they don't:
| Preserved | Not preserved | 
|---|---|
| Instance ID | Description | 
| Tier of the source instance | Location | 
| Capacity | Network | 
| File share name | IP address | 
| Creation time | |
| IP-based access controls | |
| File locks | |
| Lock state | |
| Snapshots | 
Backup chains and encryption
A backup chain is a collection of backups that reference the same source instance. Even if stored in a region separate from the source, a backup chain is collectively located in its own bucket and region, and, if applicable, each backup in the chain is encrypted using the same CMEK. All service tiers support multiple backup chains.
When creating a backup chain encrypted with CMEK, consider the following limitations:
- CMEK support is not available for basic HDD and basic SSD backups. 
- A single CMEK is applied to the bucket where the backup chain is stored and cannot be combined or replaced. 
For more information see Customer-managed encryption keys and Backups.
Create a backup
You can create a backup of a file share using one of the following methods:
Console
- Go to the Filestore instances page
- Click the Filestore instance that you want to create a backup of.
- Click the Backups tab.
- Click Create backup.
- For Backup ID, type a name for the backup.
- For Region, select the Google Cloud region where you want the backup to be located.
- Optional: Add a description.
- Optional: Click Add label to add labels to the backup.
- Click Create.
gcloud
Run the following gcloud filestore backups create
command in a terminal window on your local machine. The --kms-key flag is
optional:
  gcloud filestore backups create BACKUP-NAME \
  --instance=INSTANCE-NAME \
  --file-share=FILE-SHARE-NAME \
  --instance-zone=ZONE \
  --region=BACKUP-LOCATION \
  --kms-key=projects/KMS-PROJECT/locations/KMS-LOCATION/keyRings/KEYRING/cryptoKeys/CRYPTO-KEY
where:
- BACKUP-NAME is the name you want to give the backup.
- INSTANCE-NAME is the name of the Filestore instance to back up.
- FILE-SHARE-NAME is the name of the file share on the Filestore instance.
- ZONE is the zone where the Filestore instance is located.
- BACKUP-LOCATION is the region where the backup will be stored. If a region is not indicated, the backup is created in the same region as the Filestore instance.
- KMS-PROJECT is the project name where the KMS key resource is stored.
- KMS-LOCATION is the region of the KMS key resource.
- KEYRING is the name of the key ring.
- CRYPTO-KEY is the KMS key resource.
Example
The following command creates a backup of file share vol1 on the Filestore
instance nfs-server, which is located in zone us-central1-c. The backup is
named mybackup, is located in region asia-east2, and has an associated
encryption key that will encrypt the instance when restored:
  gcloud filestore backups create mybackup \
  --instance=nfs-server \
  --file-share=vol1 \
  --instance-zone=us-central1-c \
  --region=asia-east2 \
  --kms-key=projects/purple-project/locations/us-central1/keyRings/filestore-keyring/cryptoKeys/filestore-key
List, view, update, and delete backups
Filestore backups can be listed, viewed, updated, and deleted.
Console
- To view a list of all backups in your current project: 
- To see details about a backup, click the backup ID. 
- To delete a backup: - Click the backup ID of the backup you want to delete.
- Click Delete.
- When prompted, type the backup ID.
- Click Delete.
 
gcloud
List all backups in your current project
To view a list of backups for your current project, run the backups list
command:
  gcloud filestore backups list
View information about a backup
To view information about a backup, run the backups describe
command:
  gcloud filestore backups describe BACKUP-NAME \
  --region=BACKUP-LOCATION
Where:
- BACKUP-NAME is the name of the backup whose information you want to view.
- BACKUP-LOCATION is the region where the backup is stored.
Update a backup
To update a backup, run the backups update
command:
gcloud filestore backups update BACKUP-NAME \ --region=BACKUP-LOCATION \ --description="NEW-DESCRIPTION" \ --update-labels=KEY=VALUE,...
Where:
- BACKUP-NAME is the name of the backup whose information you want to view.
- BACKUP-LOCATION is the region where the backup is stored. The region cannot be changed.
- NEW-DESCRIPTION is the description of the backup.
- KEY=VALUE,... is a list of KEY=VALUEpairs you want to update. If a label exists, its value is updated, otherwise a new label is created.
Delete a backup
To delete a backup, run the backups delete
command:
gcloud filestore backups delete BACKUP-NAME \ --region=BACKUP-LOCATION
Where:
- BACKUP-NAME is the name of the backup whose information you want to view.
- BACKUP-LOCATION is the region where the backup is stored.
Restore a file share
Before initiating a restore operation, we recommend pausing applications and
unmounting from the file system to reduce the risk of application errors. You
must then remount the file share after it is restored from a backup. All
outstanding file locks are revoked upon successful restoration. During
restoration, client READ and WRITE operations are paused.
Limitations
- Basic-tier backups can be restored to the source, a new instance, or to an existing instance. 
- If you want to restore a backup of a zonal, regional, or enterprise instance, you must create a new instance. 
- When creating a new instance to complete a backup - restoreoperation, the new instance must match the source instance's service tier and capacity range. For example, if the source was created using the zonal service tier with lower capacity range, the new instance must use the same service tier and capacity range.
- When restoring a backup, the new instance must use the same protocol as the source instance. 
Before you begin
When restoring a backup to an existing instance, if the backup and the instance use separate customer-managed encryption keys (CMEKs), you'll need to grant access to the backup's key from the target instance's project-level service account.
gcloud
Ensure you have the proper permissions such as the
roles/cloudkms.admin
role to run the following command:
 gcloud projects add-iam-policy-binding KMS_PROJECT_NUMBER \
     --member serviceAccount:service-TARGET_INSTANCE_PROJECT_NUMBER@cloud-filer.iam.gserviceaccount.com \
     --role roles/cloudkms.cryptoKeyEncrypterDecrypter
where:
- KMS_PROJECT_NUMBER is the project number where the key is located.
- TARGET_INSTANCE_PROJECT_NUMBER is the project number for the instance you want associated with the key.
For gcloud flag details, see the gcloud projects add-iam-policy-binding
page.
Restore to the source or an existing instance
You can restore a basic tier backup to the source instance or to a file share of an existing Filestore instance.
When restoring a backup to an existing Filestore instance, the capacity of the target instance must be greater than or equal to that of the original instance from which the backup was created. If the original instance has a greater capacity, you must first increase the target instance's capacity before attempting the restore operation.
If a backup restore to a basic HDD or basic SSD instance fails, the file share state remains unchanged.
If, once the operation begins, a backup restore to a zonal, regional, or enterprise instance fails, the file system resets to an empty state. Users are responsible for retrying the operation.
Console
- Go to the Filestore instances page
- Click the instance ID of the instance you want to restore a backup from.
- Click the Backups tab.
- Locate the backup you want to restore from and click (...) More actions.
- Click Restore backup.
- Choose a target instance to restore:
- If restoring the source instance, click Source instance.
- If restoring to another existing instance, click Other existing instance.
- Click Select instance.
- Select the target instance where you want the restored backup to reside and click Select.
 
 
- Click Restore and a confirmation dialog appears.
- Click the acknowledgement checkbox.
- Enter the name of the backup in the input field and click Restore.
 
gcloud
To restore a Filestore file share to an existing instance, run the
instances restore
command:
  gcloud filestore instances restore INSTANCE-NAME \
  --source-backup=BACKUP-NAME \
  --source-backup-region=BACKUP-LOCATION \
  --file-share=FILE-SHARE-NAME \
  --zone=INSTANCE-LOCATION
Where:
- INSTANCE-NAME is the name of the existing Filestore instance to restore the file share to.
- BACKUP-NAME is the name of the backup to restore from.
- BACKUP-LOCATION is the region where the backup is located.
- FILE-SHARE-NAME is the name of the file share to restore to.
- INSTANCE-LOCATION is the zone that the Filestore instance is located.
Example
The following command restores mybackup, which is located in region
asia-east2, to file share vol1 on Filestore instance
myinstance, which is located in zone us-central1-c:
  gcloud filestore instances restore myinstance \
  --source-backup=mybackup \
  --source-backup-region=asia-east2  \
  --file-share=vol1 \
  --zone=us-central1-c
Restore to a new instance
When a backup is restored to a new Filestore instance, the capacity of the new file share must be greater than or equal to the capacity of the backup. For zonal, regional, and enterprise tier instances, the capacity of the new file share must be greater than or equal to the capacity of the source share.
You must use the same service tier as the source backup.
Console
- In the Google Cloud console, go to the Filestore instances page. 
- Click Backups. 
- Click the name of the backup you want to restore from. 
- Click Restore. 
- Click New instance. 
- Configure the new instance by following the instructions on the page. For details, see Creating instances. 
- Click Restore. 
gcloud
To restore a Filestore file share to a new instance, run the
instances create command:
  gcloud filestore instances create INSTANCE-NAME \
  --zone=ZONE \
  --tier=TIER \
  --file-share=name=FILE-SHARE-NAME,capacity=FILE-SHARE-CAPACITY,source-backup=SOURCE-BACKUP-NAME,source-backup-region=SOURCE-BACKUP-LOCATION \
  --network=name=VPC-NETWORK,reserved-ip-range=RESERVED-IP-ADDRESS
Where:
- INSTANCE-NAME is the name you want to give to the new Filestore instance.
- ZONE is the zone where the Filestore instance resides.
- TIER is the service tier you want to use. This should be the same as the source backup.
- FILE-SHARE-NAME is the name you specify for the NFS file share that is served from the instance.
- FILE-SHARE-CAPACITY is the capacity you want for the file share.
- SOURCE-BACKUP-NAME is the name of the backup to restore from.
- SOURCE-BACKUP-LOCATION is the region where the backup is located.
- VPC-NETWORK is the name of the VPC network you want the instance to use.
- RESERVED-IP-ADDRESS is the IP address range for the Filestore instance.
For gcloud flag details, see Creating instances.
Example
The following command creates a new Filestore instance myinstance-restored
located in zone us-central1-c on network default. Backup mybackup
located in region asia-east2 is restored on file share vol1 of
myinstance-restored with a 2TiB capacity:
  gcloud filestore instances create myinstance-restored \
  --zone=us-central1-c \
  --tier=zonal \
  --network=name=default \
  --file-share=name=vol1,capacity=2TiB,source-backup=mybackup,source-backup-region=asia-east2
What's next
- Learn how to schedule backups using Cloud Scheduler.
- Learn more about backups, common use cases, and best practices.
- Learn about backups pricing.
- Learn how to set up alerts for low disk space and low backups quota.
- Learn about backups-related known issues.