High-performance file storage
Cloud Filestore is a managed file storage service for applications that require a filesystem interface and a shared filesystem for data. Filestore gives users a simple, native experience for standing up managed Network Attached Storage (NAS) with their intelHUB Compute Engine and Kubernetes Engine instances. The ability to fine-tune Filestore’s performance and capacity independently leads to predictably fast performance for your file-based workloads.
Cloud Filestore offers low latency for file operations. For workloads that are latency sensitive, like content management systems, databases, random i/o, or other metadata intensive applications, Filestore provides high IOPS with minimal variability in performance.
With Cloud Filestore, you pay a predictable price for predictable performance. Users independently pick the IOPS and the storage capacity you need with Filestore, which enables you to tune your filesystem for a particular workload. The performance you experience for a particular workload will be consistent over time.
Cloud Filestore is a fully managed, NoOps service that is integrated with the rest of the intelHUB Cloud portfolio. You can easily mount Filestore file shares on Compute Engine VMs. Filestore is also tightly integrated with Kubernetes Engine so your containers can reference the same shared data.
|Max read throughput||100 MB/s (1 TB), 180 MB/s (10+ TB)||700 MB/s|
|Max write throughput||100 MB/s (1 TB), 120 MB/s (10+ TB)||350 MB/s|
|Max capacity per share||63.9 TB||63.9 TB|
|Typical customer availability||99.9%||99.9%|
You can easily mount Cloud Filestore file shares on Compute Engine instances, enabling visual effects artists to collaborate on the same file share. As rendering workflows typically run across fleets (“render farms”) of compute machines, all of which mount a shared filesystem, Filestore and Compute Engine can scale to meet your job’s rendering needs.
Many on-premises applications require a filesystem interface to data. As these applications continue to migrate to the cloud, Filestore can support a broad range of enterprise applications that need a shared filesystem.
Web content management
Web developers creating websites and blogs that serve file content to their audience will find it easy to integrate Filestore with web software like WordPress, Prestashop and Magento.
Graphic design, video and image editing, and other media workflows use files as an input and files as the output. Filestore helps creators access shared storage to manipulate and produce large files.
Users across your organisation probably need to access and share common data sets. You can host file content in Cloud Filestore and enable shared access to that data.
When you create a Cloud Filestore instance, the fileshare for that instance has default Unix permissions of rwxr-xr-x, octal notation 755. These permissions mean that on a Cloud Filestore instance, only root users on connected clients have read/write access to the fileshare. Other users have only read access by default, but client root users can change permissions and owners.
Configuring access on a fileshare
When mounting a Cloud Filestore fileshare on a client, you can use options for the mount command and settings in the /etc/fstab file to determine whether the mounted fileshare is writable and if files can be executed on it. After mounting the fileshare, you can use standard Linux commands like chmod, and setfacl to set file and fileshare permissions.
Setting consistent permissions
We strongly recommend that you set consistent permissions for each user on all clients that connect to the same Cloud Filestore instance, because of an issue that occurs when:
- A fileshare is mounted on more than one client, and
- A user has root permission on one client but not the others
The user can upload a file with the setuid bit set from the client where they have root access, which then allows them to execute the file as root on any other client where they have at least read permission. This is because the setuid bit allows a user to execute a file using the permissions of the file owner, in this case root.
IAM roles and permissions
You grant access to Cloud Filestore operations by using Cloud Identity and Access Management (IAM) roles.
IAM permissions only control access to Cloud Filestore operations, like creating a Cloud Filestore instance. Access to operations on the Cloud Filestore fileshare, like read or execute, are determined by Linux permissions.
Using Cloud Filestore roles
You can use the Cloud Filestore Editor and Cloud Filestore Viewer roles to grant Cloud Filestore permissions to users. If you prefer, you can also use primitive roles for this purpose.
Use the following table to see the Cloud Filestore permissions associated with Cloud Filestore roles.
|Permission||Action||Cloud Filestore Editor role||Cloud Filestore Viewer role|
|file.locations.get||Get information about a specific location supported by this service.||Y||Y|
|file.locations.list||List information about the supported locations for this service.||Y||Y|
|file.instances.create||Create a Cloud Filestore instance.||Y|
|file.instances.update||Update a Cloud Filestore instance.||Y|
|file.instances.delete||Delete a Cloud Filestore instance.||Y|
|file.instances.get||Get details about a specific Cloud Filestore instance.||Y||Y|
|file.instances.list||List the Cloud Filestore instances in the project.||Y||Y|
|file.operations.get||Get the status of a Cloud Filestore instance operation.||Y||Y|
|file.operations.list||List Cloud Filestore instance operations.||Y||Y|
|file.operations.cancel||Cancel a Cloud Filestore instance operation.||Y|
|file.operations.delete||Delete a Cloud Filestore instance operation.||Y|
Using primitive roles
Cloud Filestore permissions are also associated with the IAM primitive roles of owner, editor, and viewer. You can use these roles in addition to the Cloud Filestore roles to grant Cloud Filestore permissions to users.
Use the following table to see the Cloud Filestore permissions associated with primitive roles.
|Permission||Action||Project Owner role||Project Editor role||Project Viewer role|
|file.locations.get||Get information about a specific location supported by this service.||Y||Y||Y|
|file.locations.list||List information about the supported locations for this service.||Y||Y||Y|
|file.instances.create||Create a Cloud Filestore instance.||Y||Y|
|file.instances.update||Update a Cloud Filestore instance.||Y||Y|
|file.instances.delete||Delete a Cloud Filestore instance.||Y||Y|
|file.instances.get||Get details about a specific Cloud Filestore instance.||Y||Y||Y|
|file.instances.list||List the Cloud Filestore instances in the project.||Y||Y||Y|
|file.operations.get||Get the status of a Cloud Filestore instance operation.||Y||Y||Y|
|file.operations.list||List Cloud Filestore instance operations.||Y||Y||Y|
|file.operations.cancel||Cancel a Cloud Filestore instance operation.||Y||Y|
|file.operations.delete||Delete a Cloud Filestore instance operation.||Y||Y|
If the predefined IAM roles don’t meet your needs, you can define custom role with permissions that you specify. To support this, IAM offers custom roles. When you create custom roles for Cloud Filestore, make sure that you include both resourcemanager.projects.get and resourcemanager.projects.list so that the role has permission to query project resources. Otherwise, the console won’t function correctly for Cloud Filestore.
A Cloud Filestore instance consists of a single NFS fileshare with fixed export settings and default Unix permissions.
You must create a Cloud Filestore instance in the same project and VPC network as any clients that connect to it. All internal IP addresses in the selected VPC network can connect to the Cloud Filestore instance.
If you are using a VPC network other than the default network, you might need to create firewall rules to enable communication with Cloud Filestore instances.
You can’t use a legacy network with Cloud Filestore instances. If necessary, create a new VPC network.
IP address range
Each Cloud Filestore instance must have an IP address range associated with it. The IP address range must be from within the internal IP address ranges (10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16) and have a block size of 29. Examples of valid Cloud Filestore instance IP address ranges are 10.0.3.0/29 and 172.31.0.0/29.
You can assign the IP address range if there’s a specific one you want to use, otherwise Cloud Filestore picks a random range to use from within the internal IP address ranges. If the range is already in use, the service tries again until it finds one that is free. If you assign an IP address range, make sure it doesn’t overlap with any existing subnets in the VPC network that the Cloud Filestore instance uses, or with the IP address ranges assigned to any other existing Cloud Filestore instances in that network.
Cloud Filestore network peering
The first time you create a Cloud Filestore instance, Cloud Filestore also creates a peered network to enable network connectivity between clients in your project and the Cloud Filestore instance. The peered network has a machine-generated name similar to filestore-peer-123456789012.
Storage size units
Cloud Filestore defines 1 gigabyte (GB) as 10243 bytes and 1 terabyte (TB) as 10244 bytes. These units are also known as gibibytes (GiB) and tebibytes (TiB).
Availability and Recovery
In cases of recoverable errors that require intelHUB to restart a Cloud Filestore instance, the instance should be available again within two minutes. A Cloud Filestore instance is unavailable if the zone it resides in is down.
Learn about expected average performance and recommended performance settings for Cloud Filestore.
The following table shows expected performance as a function of the Cloud Filestore instance tier and size. Performance should scale linearly with the size of the instance for any instance size not explicitly mentioned here.
|Tier||Size (TB)||Read (Tput)||Read (IOPS)||Write (Tput)||Write (IOPS)|
|Standard||1||100 MB/s||600||100 MB/s||1000|
|Standard||10+||180 MB/s||1000||120 MB/s||5000|
|Premium||2.5+||700 MB/s||30000||350 MB/s||25000|
Performance of any given instance may vary from the numbers reported above due to a variety of issues, such as use of caching on the client or server, the Compute Engine machine type used for the client VM instance, and the workload being tested.
Recommended client machine type
We recommend having a Compute Engine machine type of n1-standard-8 or better for the client VM instance. This allows the client to achieve approximately 16Gbps read bandwidth for cache-friendly workloads.
Linux client mount options
We recommend using the default NFS mount options, especially using a hard mount and having the rsize and wsize options set to 1 MB, to achieve the best performance on Linux client VM instances. For more information on NFS mount options, see nfs.
Supported NFS versions
Cloud Filestore uses NFSv3 on the Cloud Filestore instance and supports any NFSv3-compatible client.
Regions and Zones
Cloud Filestore instances live in zones within regions. A region is a specific geographical location where you can run your resources. Each region is subdivided into several zones. For example, the us-central1 region in the central United States has zones us-central1-a, us-central1-b, us-central1-c, and us-central1-f.
To decrease network latency, we recommend creating a Cloud Filestore instance in a region and zone that is close to where you plan to use it. For example, if you plan to access the instance from Asia, then you should create it in one of the asia-east1 zones. Similarly, you will get the best performance by mounting Cloud Filestore volumes on clients in the same region, although you can mount a Cloud Filestore fileshare on a client in any region.
Cloud Filestore is available in the following regions and zones:
|Region Name||Region Description||Zones|
Cloud Filestore offers two service tiers, standard and premium.
The standard tier offers moderate performance of approximately 120 megabytes (MB) per second read/write throughput. The premium tier offers increased performance of approximately 240 MB per second read/write throughput.
The minimum fileshare size is 1 terabyte (TB) for a Standard tier instance and 2.5 TB for a Premium tier instance. The maximum fileshare size for either tier is 63.9 TB.
Want To Know More
Need further information or require a quotation?
All calls are recorded for security, training and quality purposes
0330 2233 409
Our lines are open Monday to Friday from 9am to 5.30pm. Dialling an 0330 number costs the same to dial as a call to a geographic (local) number. They cost the same to call from a landline or mobile and are included in mobile call packages.
Where am I calling?
You are calling our Network Operations Centre based in London, United Kingdom.
Just so you know, we are not able to accept telesales or telemarketing calls and can't be transferred.