copebit’s recent project involved deploying AWS FSx for ONTAP for a client, incorporating reusable Terraform modules, Windows Active Directory integration, a site-to-site VPN, and the use of NetApp BlueXP. This blog post further explores the integration of AWS Backup for cross-account and cross-region data protection, detailing how this multi-faceted approach has enhanced the client’s data storage and security.

1. Client’s Requirements and Goals


The client, a small-scale enterprise, needed a robust, secure, and efficient file storage solution with:

  • Enhanced security and scalability.
  • Improved file access for Windows laptop users.
  • Effective and cost-efficient file management.

copebit’s Solution Approach

AWS FSx for ONTAP was chosen as the ideal solution, offering high efficiency, security, and the potential for significant cost savings.

bluexp ontap overview

2. Solution Design and Planning

Core Focus Areas

Our strategy centered on:

  1. Security and Privacy: Creating a highly secure and private network.
  2. Performance and Scalability: Managing increasing data volumes effectively.
  3. Cost-Efficiency: Optimizing storage to reduce costs.

Architectural Overview

An architecture integrating AWS FSx for ONTAP within a secure network was developed.

3. Implementation with Terraform

Using Terraform for Infrastructure as Code

Terraform was chosen for:

  • Automated, consistent deployments.
  • Efficient version control of infrastructure changes.

Creating Reusable Terraform Modules

Modules were developed for:

  1. Network Setup: Defining VPCs, subnets, and security groups.
  2. FSx for ONTAP Configuration: Customizing FSx instance setup.
  3. Active Directory Integration: Managing AWS-hosted Windows Active Directory services.
ontap volumes

4. Site-to-Site VPN Integration

Connecting On-Premises to AWS VPCs

  • An S2S VPN connected the client’s on-premises network to AWS VPCs in Frankfurt, unifying their network infrastructure.

5. AWS FSx for ONTAP Deployment

Optimizing File Storage

  • The SMB protocol was implemented for file sharing.
  • ONTAP’s deduplication and compression features were configured, achieving a 50% reduction in storage costs.
ontap filesystems
bluexp ontap volumes summary

6. Windows Active Directory Integration

Simplifying Access for Windows Users

  • Windows laptops were configured to authenticate against the AWS-hosted Active Directory, enhancing user access management.
windows shares

7. NetApp BlueXP for ONTAP Management

Centralized Management with BlueXP

  • NetApp BlueXP was used for centralized management of AWS-based ONTAP systems, streamlining administration and monitoring.
bluexp volumes 1

8. Integrating AWS Backup

Cross-Account and Cross-Region Data Protection

  • AWS Backup was integrated to provide cross-account and cross-region backup capabilities for the data stored on ONTAP.
  • This integration ensured robust data protection, enabling disaster recovery and adherence to compliance requirements.

9. Security and Compliance

Ensuring Data Protection

  • Advanced security measures, including encryption and regular audits, were employed to safeguard data.

10. Client Benefits and Operational Impact

Enhanced Performance and Cost Savings

  • Users experienced improved file access and sharing.
  • Deduplication led to significant storage cost reductions.
  • Cross-account and cross-region backups enhanced data security and availability.

11. Leveraging copebit’s Expertise

Strategic and Technical Deployment

  • Our deep knowledge in AWS and Terraform was pivotal in customizing and securing this multifaceted deployment.
  • Ongoing support and optimization advice ensured the client’s infrastructure remained efficient and scalable.


This blog post comprehensively covers copebit’s implementation of AWS FSx for ONTAP with Terraform, Windows Active Directory, NetApp BlueXP, and AWS Backup, showcasing our capability to deliver a secure, efficient, and cost-effective cloud storage solution.

Key Technical Highlights

  • Reusable Terraform Modules: Facilitated an automated, scalable infrastructure setup.
  • S2S VPN: Enabled seamless on-premises to AWS connectivity.
  • AWS FSx for ONTAP: Provided secure file storage with a 50% cost reduction.
  • Windows Active Directory Integration: Streamlined access for Windows users.
  • NetApp BlueXP Management: Centralized control of AWS-based ONTAP systems.
  • AWS Backup Integration: Ensured cross-account and cross-region data protection.
  • copebit’s Expertise: Delivered a well-architected, secure, and efficient cloud solution.

Marco Kuendig

Marco Kuendig

Marco is a managing partner at copebit. He got seven AWS certifications. He has spent three years in Australia and has worked with AWS and DevOps technologies for the last 6 years.