In this chapter, you will look at file storage related operations. There are going to be a collection of videos wherein you will understand about file storage in general, and then specific to the slides that are given about how do you manage file storage will be discussed. In this video, let me give you a quick overview about file storage. When you go to File Storage, you'll see File Systems and Mount Targets. To understand the idea, let us say you have a VCN created. A VCN is a regional resource, remember? When you create a VCN, you give a CIDR for the private IP ranges. If you have multiple availability domains, your VCN is obviously spanning across the entire region in all availability domain. Considering we create regional subnets, every subnet spans across all the ADs. I will take an example of two subnets being provisioned. I will call this as Subnet 1 with the CIDR of 10.0.1.0/24, and a second subnet, as Subnet 2 with the CIDR of 10.0.2.0/24. As decided earlier, it could be a multi-AD region wherein there could be multiple ADs within the region and the subnets span across all of them because they are regional subnets. When you have subnets provisioned, you also have the ability to create compute instances such a way they get a VNIC from a particular subnet. Here is an example of compute Instance 1, and the compute Instance 2, which have been provided by having a VNIC in the respective subnet as shown in the diagram. Every subnet would have a security list associated with it. It is possible you use the same security list for all subnets or you create a separate security list. The way security lists are created and used is that, you create Ingress Egress Rule for traffic that is to be allowed inbound and outbound of VNICs. To ensure it is simpler to understand, I will give the securities lemming, inline with the subnet naming. If I create security List 2 and security List 1 and define Ingress Egress rules, and associate the security list to the respective subnets, all VNICs in this subnet will follow the rules in the security list. All VNICs in this subnet will follow the rules in this security list. Now this is a standard Compute Instance provisioning that we have seen. When you look at file storage as a service. File storage is an implementation of NFS based storage that you can access, and for NFS, you use normal Ethernet network to access it and it is a private access only that is allowed. Unlike objects storage, which you will see in a later video, which you can use public URLs to access it, file storage is only private access only VCN specific access is available, and for block storage, we know it is AD specific resources that can access them, whereas file storage can be accessed from any AD. Also from outside the VCN, provided you have private connectivity in the form of VCN peering or on-premise connectivity in the form of a VPN FastConnect, you can access it from anywhere. Because file storage is accessed with the private endpoint, this endpoint that you have for file storage is called as a mount target. Fundamentally, what happens is pretty simple. When you provision file storage, the storage is provisioned from storage servers. If I say file storage servers are available, similar to block storage, it is an AD specific service wherein, within an AD, it is automatically replicated and kept. But since you can access it with private connectivity, accessibility can be from outside the AD also. Now, if you are using a file storage in OCI, you need a mount target to be provisioned. Such a mount target gets provisioned in a subnet of your choice. If I call this as Mount 1 and my file service is exposed using the mount target, through which compute instances will access the file storage using the mount target IP address: file system name. I will show you how you do that in a later video. Now, not only is a mount target required, the security list which is associated with the subnet in which the mount target is provisioned, should allow incoming traffic from wherever the computers are, whether it is from the same subnet, another subnet or from your on-premise. The security list should support it and the source computer from where the file system is accessed, that security list should allow egress traffic to be allowed. It is very important you configure your VCN security list to allow this traffic to be allowed both for the subnet in which you implement the mount target, as well as the subnets in which you have your compute instances which are going to access it. If not using security list, you could also use the feature of network security groups to specifically give that VNIC specific port to be opened up. Now, since file storage is an AD specific functionality wherein the data is replicated and kept within an AD, when a compute instance that is provisioned in the same AD as the file system accesses it, it will get low-latency whereas if you are accessing it from outside the AD, from another AD or from your on-premise, the network latency will also be applicable. As a result, file storage is a functionality available which gives you the ability not only to provision file systems, but also gives you the ability to have a shared file system which can be accessed from multiple compute instances from different ADs. As a result, if you have an enterprise application which needs to be highly available in multiple ADs, maybe you are using a load balancer and front ending it provide high availability of application access. With the block storage, you cannot share block volumes across ADs. With file storage, such applications get access to a shared file system accessible from anywhere with private connectivity. That is where it becomes a differentiator from block storage. With this an overview about file storage, important specifications are given. We will see more about operations of file storage as we go into further videos.
