Filestore overview

Filestore instances are fully managed file servers on Google Cloud that can be connected to a number of client types:

• Compute Engine VMs
• Google Kubernetes Engine (GKE) clusters
• External datastores such as Google Cloud VMware Engine
• On-premises machines
• Cloud Run services

Once provisioned, you can scale the capacity of your instances according to need without any downtime.

Why Filestore?

Google Cloud offers three main types of data storage: block, file, and object storage.

As a type of persistent file storage, Filestore supports multiple concurrent application instances accessing the same file system simultaneously.

For Google Kubernetes Engine users, for example, Filestore provides multiple reader, multiple writer access, letting you mount your GKE PersistentVolumes as read-write by many nodes.

Filestore offers a versatile alternative to block storage products, such as Persistent Disk, which support only limited options for multiple writer access to a disk.

When compared to object storage, such as Cloud Storage FUSE, while that product does offer some file system semantics, it lacks some of the more robust characteristics of file storage provided by Filestore. Some examples of capabilities supported by Filestore and not Cloud Storage FUSE include the following:

• POSIX compliance
• Hard links and file locking
• Concurrency control for multiple writes on the same object

For more information, see the following resources:

• Compare the relative advantages of block, file, and object storage.
• Review the storage options for HPC workloads in Google Cloud.
• Learn more about Filestore support for GKE.
• Learn more about the limitations of Cloud Storage FUSE.
• Learn about storage options and access modes for GKE clusters.

Service tiers

Filestore offers multiple service tiers that vary in capacity, performance, and features. Each service tier is tailored for specific use cases:

• Zonal tier: Optimized for HPC, batch compute, media rendering, and localized workloads requiring high throughput and low latency.
• Regional tier: Designed for mission-critical workloads requiring continuous availability and regional resilience.
• Multishares for GKE (Enterprise): Optimized for GKE workloads that require high availability and multishares.
• Basic tiers (legacy): Suitable for basic file sharing and software development.

For details, see Service tiers.

Protocol support

Filestore supports the following file system protocols:

Protocol	Supported service tiers	Highlights
NFSv3	All service tiers	Supports bidirectional communication between the client and server. Supports VPC Network Peering, private services access, and Private Service Connect.
NFSv4.1	zonal, regional, and enterprise service tiers	Supports client and server authentication, message integrity checks, and in-transit data encryption. Supports VPC Network Peering, private services access, and Private Service Connect.

For help understanding which protocol may be right for you, see About supported protocols.

Connectivity

Filestore instances can connect to any clients that are on the same VPC network, including Shared VPC networks. You can also connect to clients on remote networks, such as an on-premises machine, using Cloud VPN or Cloud Interconnect.

Networking

For information related to Filestore networking requirements, see the following resources:

• Filestore networking and IP resource requirements
• Configure NFS ports on client VMs
• Configure firewall rules
• Create an instance on a Shared VPC network in service projects
• Supported file system protocols

Performance

Custom performance lets you define the performance settings for your Filestore instances independently of the specified capacity. This means you can optimize your Filestore instances for your workload requirements and scale your file shares to meet the demands of your applications without resizing the capacity.

Note: Custom performance is available for regional and zonal service tiers.

For details on performance settings, limits, and testing see performance.

Data protection

The following sections discuss Filestore instance data protection.

Encryption at rest

By default, Filestore automatically encrypts your data at rest. The durable storage behind each Filestore instance is encrypted with system-defined keys that are managed by Google.

When you delete a Filestore instance, Google discards the encryption information used by the instance, rendering the data irretrievable as per the description in Data deletion on Google Cloud.

If you need more control over the keys that protect your data, you can also use customer-managed encryption keys (CMEK) with Filestore.

For details, see Encryption at rest in Google Cloud.

Encryption in transit

While NFSv3 does not encrypt data in transit, the NFSv4.1 protocol supports in-transit data encryption using Kerberos (krb5p). Additionally, all in-transit data to and within Google Cloud is encrypted.

For details, see the following resources:

• Benefits of NFSv4.1
• Encryption in Transit in Google Cloud

Access control

You can control the level of access that a client has on Filestore instance data based on the client's IP address. IP-based access control rules for an instance can be created or modified during and after instance creation.

You can also control which Google Cloud users can create, edit, and view Filestore resources by using IAM permissions and roles.

Data recovery options

The following sections discuss Filestore instance data recovery options.

Backups

Filestore backups are point-in-time copies of a Filestore instance that includes all user data and some instance metadata. You can create a backup of an instance in any region and then use it to restore the instance in any region to an existing Filestore instance or a new instance.

Snapshots

A Filestore snapshot preserves the state of your Filestore instance data at the time that the snapshot is created. You can use snapshots to restore individual files or directories or completely revert your instance to the state of a snapshot.

Reliability

Filestore offers several features to ensure the reliability and availability of your data.

Zonal reliability

Zonal and Basic tier instances are zonal resources with in-zone storage redundancy. If the zone fails due to an outage or maintenance, these instances become unavailable until the zone is restored.

Even if one or more zones in a region fail, you can still create new Zonal or Basic instances in any zone that remains operational.

Regional reliability

Regional and Enterprise tier instances are regional resources.

They provide transparent failover during zone failures, continuing to serve data and accept writes. Filestore uses a strict consistency policy, acknowledging writes only after they are persisted to ensure data integrity during zone failures.

While NFS data access continues without interruption, operations through the Google Cloud console or the Filestore API might be unavailable for several hours during a zone failure. You might also experience some performance degradation until the zone recovers. Note that you cannot create new regional or enterprise instances in a region while it is experiencing a zone failure.

Instance replication

For enhanced disaster recovery, Filestore offers instance replication. This feature lets you asynchronously replicate data from a source instance to a standby instance in a different region. In the event of a regional outage, you can promote the standby instance to continue serving data.

Instance replication is supported for the Zonal, Regional, and Enterprise tiers.

Zone failure identification

You can monitor for zone failures on the Google Cloud Status Dashboard.

What's next

• Learn more about Filestore's service tiers to decide which service tier is right for you.
• See the regions that support Filestore.
• Compare the relative advantages of block, file, and object storage.
• Review the storage options for HPC workloads in Google Cloud.